Centos7 detailed interpretation of Apache2.4 httpd.conf configuration file

The default location of the Apache2.4.41 configuration file is /usr/local/apache2/conf/httpd.conf
Let's start with a detailed interpretation of the configuration of various variables in httpd.conf.
/usr/local/apache2/conf/httpd.conf, the specific file content is as follows

# #This is the main Apache HTTP Server configuration file, it contains the executable directives needed to configure the server. #Apache HTTP Server 2.4 documentation is available at http://httpd.apache.org/docs/2.4/zh-cn. #Note: Please visit the directive index page, every directive available in the standard Apache distribution is listed at the link below. They are described in a consistent format and there is a dictionary of terms. #http://httpd.apache.org/docs/2.4/zh-cn/mod/directives.html #Warning: Do not read this if you do not understand the configuration commands, read the above link first. #ServerRoot configuration log file name: If you need to configure the server's log file path, start with "/" (or "drive:/" for Win32) and the server will use that explicit path. #If the path is not set together with "/", the value of ServerRoot is the default value, which is displayed as, "logs/access_log" #Set ServerRoot to "/usr/local/apache2", the location of the log on the server is "/usr/local/apache2/logs/access_log". # #ServerRoot: The location where the Apache HTTP server is located. The server configuration, error messages, and log files are all saved in the root directory. . #Do not add "/" at the end of the directory path. If you indicate to put the ServerRoot on a non-local disk, make sure to add it in the Mutex directive (if using file-based mutex locks). #If you want to share the same ServerRoot for multiple httpd daemons, you need to make changes in the least PidFile in the following location. ServerRoot "/usr/local/apache2" #The location where the Apache HTTP server is installed, installed in the /usr/local/apache2 directory. #Mutex: Allows you to set the mutex mechanism and mutex file directory for a single mutex, or change the global default #Uncomment and change the directory if the mutex is file based, and the default mutex file directory is not on the local disk or is not suitable for some other reason. #Mutex default value: log #Listen: Allows you to bind Apache to a specific IP address/port instead of the default port. See the instructions for details. #Change it to a specific IP address and port as follows: #Prevent Apache from binding all IP addresses on the server. #For example: Listen 12.34.56.78:8080 This means that the http server can only be accessed through port 8080 under 12.34.56.78. Listen 8088 #Set the port individually, and all bound ips on the server can be used. Set the port to 8088, #Because another HTTP server is installed on the server, avoid conflict with port 80, and there is no need to change port 80 for normal installation. #Dynamic Shared Object (DSO) Support #In order to be able to use the functionality of modules built as DSOs, you need to place the corresponding "LoadModule" line at this location, and the instructions it contains are actually available _before_they. #Statically compiled modules (those listed by httpd -l) do not need to be loaded here. # example: #LoadModule foo_module modules/mod_foo.so LoadModule authn_file_module modules/mod_authn_file.so #LoadModule authn_dbm_module modules/mod_authn_dbm.so #LoadModule authn_anon_module modules/mod_authn_anon.so #LoadModule authn_dbd_module modules/mod_authn_dbd.so #LoadModule authn_socache_module modules/mod_authn_socache.so LoadModule authn_core_module modules/mod_authn_core.so LoadModule authz_host_module modules/mod_authz_host.so LoadModule authz_groupfile_module modules/mod_authz_groupfile.so LoadModule authz_user_module modules/mod_authz_user.so #LoadModule authz_dbm_module modules/mod_authz_dbm.so #LoadModule authz_owner_module modules/mod_authz_owner.so #LoadModule authz_dbd_module modules/mod_authz_dbd.so LoadModule authz_core_module modules/mod_authz_core.so #LoadModule authnz_ldap_module modules/mod_authnz_ldap.so LoadModule access_compat_module modules/mod_access_compat.so LoadModule auth_basic_module modules/mod_auth_basic.so #LoadModule auth_form_module modules/mod_auth_form.so #LoadModule auth_digest_module modules/mod_auth_digest.so #LoadModule allowmethods_module modules/mod_allowmethods.so #LoadModule file_cache_module modules/mod_file_cache.so #LoadModule cache_module modules/mod_cache.so #LoadModule cache_disk_module modules/mod_cache_disk.so #LoadModule cache_socache_module modules/mod_cache_socache.so #LoadModule socache_shmcb_module modules/mod_socache_shmcb.so #LoadModule socache_dbm_module modules/mod_socache_dbm.so #LoadModule socache_memcache_module modules/mod_socache_memcache.so #LoadModule socache_redis_module modules/mod_socache_redis.so #LoadModule watchdog_module modules/mod_watchdog.so #LoadModule macro_module modules/mod_macro.so #LoadModule dbd_module modules/mod_dbd.so #LoadModule dumpio_module modules/mod_dumpio.so #LoadModule buffer_module modules/mod_buffer.so #LoadModule ratelimit_module modules/mod_ratelimit.so LoadModule reqtimeout_module modules/mod_reqtimeout.so #LoadModule ext_filter_module modules/mod_ext_filter.so #LoadModule request_module modules/mod_request.so #LoadModule include_module modules/mod_include.so LoadModule filter_module modules/mod_filter.so #LoadModule substitute_module modules/mod_substitute.so #LoadModule sed_module modules/mod_sed.so #LoadModule deflate_module modules/mod_deflate.so LoadModule mime_module modules/mod_mime.so #LoadModule ldap_module modules/mod_ldap.so LoadModule log_config_module modules/mod_log_config.so #LoadModule log_debug_module modules/mod_log_debug.so #LoadModule logio_module modules/mod_logio.so LoadModule env_module modules/mod_env.so #LoadModule expires_module modules/mod_expires.so LoadModule headers_module modules/mod_headers.so #LoadModule unique_id_module modules/mod_unique_id.so LoadModule setenvif_module modules/mod_setenvif.so LoadModule version_module modules/mod_version.so #LoadModule remoteip_module modules/mod_remoteip.so #LoadModule proxy_module modules/mod_proxy.so #LoadModule proxy_connect_module modules/mod_proxy_connect.so #LoadModule proxy_ftp_module modules/mod_proxy_ftp.so #LoadModule proxy_http_module modules/mod_proxy_http.so #LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so #LoadModule proxy_scgi_module modules/mod_proxy_scgi.so #LoadModule proxy_uwsgi_module modules/mod_proxy_uwsgi.so #LoadModule proxy_fdpass_module modules/mod_proxy_fdpass.so #LoadModule proxy_wstunnel_module modules/mod_proxy_wstunnel.so #LoadModule proxy_ajp_module modules/mod_proxy_ajp.so #LoadModule proxy_balancer_module modules/mod_proxy_balancer.so #LoadModule proxy_express_module modules/mod_proxy_express.so #LoadModule proxy_hcheck_module modules/mod_proxy_hcheck.so #LoadModule session_module modules/mod_session.so #LoadModule session_cookie_module modules/mod_session_cookie.so #LoadModule session_crypto_module modules/mod_session_crypto.so #LoadModule session_dbd_module modules/mod_session_dbd.so #LoadModule slotmem_shm_module modules/mod_slotmem_shm.so #LoadModule ssl_module modules/mod_ssl.so #LoadModule lbmethod_byrequests_module modules/mod_lbmethod_byrequests.so #LoadModule lbmethod_bytraffic_module modules/mod_lbmethod_bytraffic.so #LoadModule lbmethod_bybusyness_module modules/mod_lbmethod_bybusyness.so #LoadModule lbmethod_heartbeat_module modules/mod_lbmethod_heartbeat.so LoadModule unixd_module modules/mod_unixd.so #LoadModule dav_module modules/mod_dav.so LoadModule status_module modules/mod_status.so LoadModule autoindex_module modules/mod_autoindex.so #LoadModule info_module modules/mod_info.so #LoadModule cgid_module modules/mod_cgid.so #LoadModule dav_fs_module modules/mod_dav_fs.so #LoadModule vhost_alias_module modules/mod_vhost_alias.so #LoadModule negotiation_module modules/mod_negotiation.so LoadModule dir_module modules/mod_dir.so #LoadModule actions_module modules/mod_actions.so #LoadModule speling_module modules/mod_speling.so #LoadModule userdir_module modules/mod_userdir.so LoadModule alias_module modules/mod_alias.so #LoadModule rewrite_module modules/mod_rewrite.so #If you want httpd to run as a different user or group, you must first run httpd as root and then it will switch.

User/Group: The name of the user/group that httpd runs as.

Generally, a separate user group and user are created to run the httpd service.

User www #The name of the user to run the httpd service as. Group www #The name of the user group to which the user belongs. #The 'main' server configuration #The directives in this section set values used by the 'main' server, which responds to any requests not handled by the server #Change the directives. You can change the contents later inside the container. The directives inside the container are now default values. #All of these directives may appear inside a container, in which case these default settings will be overridden by the defined virtual hosts. #ServerAdmin: Your address where server problems should be emailed. This address appears on some server-generated pages, such as error documents. For example admin@your-domain.com ServerAdmin xxx@gmail.com #ServerName provides the name and port that the server uses to identify itself. This name and port can usually be determined automatically, but we recommend that you specify it explicitly to prevent problems during startup. #If your server does not have a registered DNS name, enter its IP address here. #Note: The hostname cannot be specified arbitrarily. It must be a valid DNS name for your machine. You can use an IP address or domain name. When testing locally, you can use 127.0.0.1 or localhost #ServerName www.example.com:80 #Deny access to the entire file system of the server. You must explicitly allow access to the web content directory in the following other blocks. #The Directory statement is used to define access restrictions for directories #AllowOverride None means that the access control file under this directory is not allowed to change the configuration made here AllowOverride none Require all denied #Note: From now on, you must specifically allow specific features to be enabled. Therefore, if something does not work properly, make sure that feature is specifically enabled below. #DocumentRoot: The directory where your web documents are stored. By default, all web requests come from this directory, but symbolic links and aliases can be used to point to other locations. DocumentRoot "/usr/local/apache2/htdocs"

#Possible values for the Options directive are "None", "All" or any combination of the following: #Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews #"MultiViews" must be named explicitly, "Options All" cannot be used.

The Options directive is both complex and important. Please visit http://httpd.apache.org/docs/2.4/mod/core.html#options for more information.

Options Indexes FollowSymLinks #AllowOverride controls which directives can be placed in the .htaccess file. It can be "All", "None", or any combination of keywords: #AllowOverride FileInfo AuthConfig Limit AllowOverride None #Controls who can get content from this server. Require all granted #DirectoryIndex: Sets the file Apache will serve when a directory is requested. #Sets the default document for access, index.html index.php DirectoryIndex index.html #The following lines prevent web clients from viewing .htaccess and .htpasswd files.

Require all denied #ErrorLog: The location of the error log file. #If no ErrorLog directive is specified in the container, error messages related to this virtual host will be logged to the directory specified in ". #If no specific log location is specified, the default is "logs/error_log". ErrorLog "logs/error_log" #LogLevel: Controls the number of messages logged to error_log. #Available values are: debug, info, notice, warn, error, crit, alert, emerg. LogLevel warn #The following directives define some format nicknames for use with the CustomLog directive (see below). LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined LogFormat "%h %l %u %t \"%r\" %>s %b" common #You need to enable mod_logio.c to use %I and %O LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio #Location and format of the access log files (common log file format). #If no access log files are defined in the container, they will be logged here. #On the contrary, if you define per-access log files, transactions will be logged in them and not in this file. CustomLog "logs/access_log" common #If you wish to use log files with access rights, agent and referer information (combined log file format), you can use the following directive. #CustomLog "logs/access_log" combined #Redirects: Allows you to tell clients about documents that used to exist in the server's namespace but no longer do. The client will make a new request for the document at the new location. #For example: #Redirect permanent /foo http://www.example.com/bar #Aliases: Maps a web path to a file system path, and is used to access content that does not exist under the DocumentRoot. #For example: #Alias /webpath /full/filesystem/path #If /webpath/ has a trailing /, the server will require it to appear in the URL. You may also need to provide a section to allow access to file system paths. #ScriptAliases: Controls which directories contain server scripts. #ScriptAliases are essentially the same as Aliases, with the difference that documents in the target directory are treated as applications and run by the server when requested, rather than as documents sent to the client. #The same rules regarding trailing "/" apply to ScriptAlias directives and Aliases. #This is about how to configure virtual directories in apache2.4. ScriptAlias /cgi-bin/ "/usr/local/apache2/cgi-bin/" #ScriptSock: On threaded servers, specifies the path to the UNIX socket used to communicate with mod_cgid's CGI daemon. #Scriptsock cgisock #"/usr/local/apache2/cgi-bin" should be changed to where your ScriptAliased #CGI directory exists (if configured).

AllowOverride None Options None Require all granted #Avoid passing the HTTP_PROXY environment to CGIs on this or any proxy backend server that persists the 'httpoxy' flaw. #IProxy does not define the 'Proxy' request header and RequestHeader unset Proxy early is not listed by IANA #TypesConfig points to a file containing a list of mappings from file extensions to MIME types. TypesConfig conf/mime.types #AddType allows you to add or override a MIME configuration file specified in TypesConfig for a specific file type. #AddType application/x-gzip .tgz #AddEncoding allows you to have some browsers decompress information on the fly. NOTE: Not all browsers support this feature. #AddEncoding x-compress .Z #AddEncoding x-gzip .gz .tgz #If the AddEncoding directive above is commented out, then you should probably define these extensions to indicate the media type: AddType application/x-compress .Z AddType application/x-gzip .gz .tgz #AddHandler allows you to map certain file extensions to "handlers": #Actions that are not related to file type. They can either be built into the server or added with the Action directive (see below) #To use CGI scripts outside of ScriptAliased directories: #(You will also need to add "ExecCGI" to the "Options" directive.) #AddHandler cgi-script .cgi #For type mappings (negotiated resources): #AddHandler type-map var

Filters allow you to process content before sending it to the client.

#Parse .shtml files for Server Side Includes (SSI): #(You will also need to add "includes" to the "options" directive.) #AddType text/html .shtml #AddOutputFilter INCLUDES .shtml #The mod_mime_magic module allows the server to use various hints in the content of the file itself to determine its type. The MIMEMagicFile directive tells the module where the hint definitions are located. #MIMEMagicFile conf/magic #Customizable error responses come in three flavors: #1) Plain text 2) Local redirect 3) External redirect #Some examples: #ErrorDocument 500 "The server booed." #ErrorDocument 404 /missing.html #ErrorDocument 404 "/cgi-bin/missing_handler.pl" #ErrorDocument 402 http://www.example.com/subscription_info.html #MaxRanges: Return the entire resource or one of the special values "default", "none" or "unlimited", the maximum number of ranges in the request. The default is to accept 200 ranges. #MaxRanges unlimited #EnableMMAP and EnableSendfile: On systems that support this feature, files can be delivered using memory mapping or the sendfile syscall. #This can often improve server performance, but must be turned off from network mounted file systems services, or if support for these features is broken on your system. #Default: EnableMMAP On, EnableSendfile Off #EnableMMAP off #EnableSendfile on #Supplemental Configuration #The configuration files in the conf/extra/ directory can be included to add additional features or to modify the server's default configuration, or you can just copy their contents here and change them as needed. #Server Pool Management (MPM specific) #include conf/extra/httpd-mpm.conf #Multilingual Error Messages #include conf/extra/httpd-multilang-errordoc.conf #Fancy Directory Listings #include conf/extra/httpd-autoindex.conf #Language Settings #include conf/extra/httpd-languages.conf #User Home Directories #include conf/extra/httpd-userdir.conf #Real-time Information about Requests and Configuration #include conf/extra/httpd-info.conf #Virtual Hosts #include conf/extra/httpd-vhosts.conf #Local Access to the Apache HTTP Server Manual #include conf/extra/httpd-manual.conf #Distributed Authoring and Versioning (WebDAV) #include conf/extra/httpd-dav.conf #Various default settings #include conf/extra/httpd-default.conf #Configure mod_proxy_html to understand HTML4/XHTML1 Include conf/extra/proxy-html.conf

Include secure (SSL/TLS) connections #include conf/extra/httpd-ssl.conf Include NOTE: The following must be present to support startup without SSL on platforms that do not have a /dev/random equivalent but have a statically compiled mod_ssl. SSLRandomSeed startup builtin SSLRandomSeed connect builtin

Detailed explanation of the instructions under the container:
Options settings You can use Options to control some access feature settings under this directory
All directory features are enabled. This is the default state.
None All directory features are disabled.
FollowSymLinks allows the use of symbolic links, which will make it possible for the browser to access documents outside the document root directory (DocumentRoot)
SymLinksIfOwnerMatch Only allows access if the destination of the symbolic link and the symbolic link itself are owned by the same user. This setting will increase security
ExecCGI allows CGI programs to be executed in this directory
Indexes allows the browser to generate an index of all files in this directory, so that when there is no index.html (or other index file) in this directory, the list of files in this directory can be sent to the browser

The impact of the AllowOverride setting on the access control file for each directory
All Default value, which allows access control files to override system configuration
None The server ignores the settings of the access control file
Options allows the access control file to define directory options using the Options parameter
FileInfo allows access control files to be set using parameters such as AddType
AuthConfig allows access control files to use authentication mechanisms such as AuthName, AuthType, etc. for each user. This enables directory owners to protect directories with passwords and usernames.
Limit allows you to restrict the IP addresses and names of clients that access the directory.

The above detailed translation and explanation of the configuration of various variables in httpd.conf and the main structure of the Apache2.4.4 server configuration file. The most noteworthy part is that it defines access control permissions for subdirectories distributed in different directories.ApacheSome versions of compatibility.