- Summary
JavaScriptファイル自体を gzip で圧縮して読み込ませれば良い.
<script type="text/javascript" src="prototype.js.gz"></script>
RewriteEngine on RewriteCond %{HTTP_USER_AGENT} ".*Safari.*" [OR] RewriteCond %{HTTP:Accept-Encoding} !gzip RewriteRule (.*)\.jgz$ $1\.js [L] AddType "text/javascript;charset=UTF-8" .jgz AddEncoding gzip .jgz
- Summary
サーバ鍵のファイルにパスフレーズを埋め込んでおくことで,
Apacheの起動時にパスフレーズの入力がスキップすることが可能.
# cd /usr/local/apache/conf/ssl.key
# cp -p server.key server.key.org
# openssl rsa -in server.key.org -out server.key
# cd /usr/local/apache/conf/ssl.key/
# openssl rsa < server.key > server.key.out
read RSA key
Enter PEM pass phrase: (パスフレーズを入力)
writing RSA key
# mv server.key server.key.org
# mv server.key.out server.key
- 他の方法
パスフレーズを出力するスクリプトを作成して,
SSLPassPhraseDialog を利用する方法も可能とのこと.
- Reference
Noah System Labs - LINUX のツボ - ツボその16 Apache + mod_ssl
http://www.ns-labs.com/linux/tsubo16.html
株式会社エスロジカル - 技術ドキュメント OpenSSL : mod_sslサーバー証明鍵にパスフレーズを埋め込む
http://www.slogical.co.jp/tech/openssl_modssl_serverkey_pass.html
[Apache-Users 3772] Re: SSL付でApacheを自動起動する方法
http://mm.apache.or.jp/pipermail/apache-users/2004-March/003962.html
Apache HTTP Server - mod_ssl
http://httpd.apache.org/docs/2.0/mod/mod_ssl.html#sslpassphrasedialog
- Summary
互角.
- Reference
ITmedia エンタープライズ - 2006-08-25 - LAMP vs. LAMP─ mod_perlとmod_phpのパフォーマンス比較
http://www.itmedia.co.jp/enterprise/articles/0608/25/news053.html
NewsForge - 2006-07-18 - LAMP vs. LAMP
http://programming.newsforge.com/article.pl?sid=06/07/18/1934200
- Reference
Web屋のネタ帳 - 2006-08-16 - DNSラウンドロビンとmod_proxy_balancerによるWebサイトの負荷分散 (案)
http://neta.ywcafe.net/000631.html
@IT - Apache 2.2でWebサイトをパフォーマンスアップ! (3/3)
http://www.atmarkit.co.jp/flinux/special/apache22/apache03.html
YappoLogs - 2005-12-02 - Apache 2.2.0 のロードバランス機能(mod_proxy_balancer)を使いこなす
http://blog.yappo.jp/yappo/archives/000352.html
naoyaのはてなダイアリー - 2005-12-02 - Apache 2.2.0 + mod_proxy_balancer
http://d.hatena.ne.jp/naoya/20051205/1133782641
cyano - 2006-02-04 - mod_proxy_balancerで中〜大規模サーバー運用するときの勘所 - (1) mod_proxy_balancerの設定編
http://www.onflow.jp/blog/archives/2006/02/mod_proxy_balan.html
Techknow Movable Type - 2004-10-11 - Apache 2.0 + mod_proxy によるリバース・プロキシの構築
http://www.sixapart.jp/movabletype/developers/naoya/archives/2004/10/apache_20_mod_p.html
qwikWeb:Integrating Mailing List and WikiWikiWeb(Wiki) - Apache下での利用
http://qwik.jp/qwikweb/UseWithApache.html
- Reference
Index of /dist/httpd/docs
http://www.apache.org/dist/httpd/docs/
2nd life - 2006-08-22 - Apache のドキュメントを htmlhelp で
http://d.hatena.ne.jp/secondlife/20060822/1156246560
- Summary
WebDAVの脆弱性をつく攻撃によって,一行が長すぎるログが記録される.
このログ以降,awstatsが解析できない.
[2003-05-25-1]とも関連有り.
- access_logに残るログ
192.0.2.10 - - [11/Aug/2006:18:34:51 +0900] "SEARCH /\x90\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1 … \x90\x90\x90\x90\x90\x90\x90" 414 271 "-" "-"
- access_logに414エラーのログを記録しない
httpd.conf
LogFormat "%h %l %u %t \"%!414r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
- Summary
Basic 認証はユーザ名,パスワードがプレーンテキストで送信される.
Digest 認証でパスワードの暗号化が行える.
Digest 認証を利用するには,サーバ,クライアント双方が対応している必要がある.
- Digest 認証の設定時の注意点
.htdigest 作成時の realm と AuthNameが一致している必要がある.
- 手順
1. モジュールの準備
# a2enmod auth_digest
2. .htdigest の作成
| ユーザ名 | username |
| realm | Please input ID,Password |
% htdigest -c .htdigest "Please input ID,Password" username
New password: xxxxxxxx
Re-type new password: xxxxxxxx
3. .htaccess の作成,又は httpd.conf の編集
AuthType Digest AuthName "Please input ID,Password" AuthDigestFile /path/to/.htdigest Require valid-user Order deny,allow Deny from all Allow from example.com example.org
AuthType Digest AuthName "Please input ID,Password" AuthDigestFile /path/to/.htdigest Require valid-user Satisfy any Order deny,allow Deny from all Allow from 192.168.0.0/24
- ブラックリストのルール
Got Root : mod_security rules
http://www.gotroot.com/mod_security+rules
- マニュアルの和訳
ModSecurity 1.9-Stable-rev1マニュアル
http://hp.vector.co.jp/authors/VA027424/mod_security/v_1_9_stable_ja_.html
- Reference
ModSecurity (mod_security) - Open Source Web Application Firewall
http://www.modsecurity.org/
Secure Your Apache With mod_security | HowtoForge - Linux Howtos and Tutorials
http://www.howtoforge.com/apache_mod_security
株式会社ソフテック - mod_securityでWebサーバを守る(第1回)
http://www.softek.co.jp/Sec/mod_security1.html
- via
GIGAZINE - トラックバックスパムよけにも使える「mod_security」
http://gigazine.net/index.php?/news/comments/20060713_mod_security/
- Reference
なんとなく◎ - CGI 出力キャッシュ
http://sunos.saita.ma/dccache.html
- via
オレンジニュース - 2006-06-15
http://secure.ddo.jp/~kaku/tdiary/20060615.html#p13
- Summary
mod_cache + mod_disk_cache を利用した apache2 のパフォーマンス改善とその効果 [2006-02-28-6] では,
mod_disk_cache の使用前後を比較し,その効果は証明されたが,以下のエラーが発生するようになった.
Directory index forbidden by rule: /path/to/public_html/foo/
今度は,mod_cache + mod_mem_cache を利用することにした.
- /etc/apache2/mods-available/mem_cache.conf
MCacheSize は kByte単位.
<IfModule mod_cache.c> <IfModule mod_mem_cache.c> CacheEnable mem / MCacheSize 4096 MCacheMaxObjectCount 100 MCacheMinObjectSize 1 MCacheMaxObjectSize 2048 </IfModule> </IfModule>
# a2enmod cache
# a2enmod mem_cache
# apache2ctl configtest
# apache2ctl restart
% ab -n 100 -c 10 http://xight.org/test/static
This is ApacheBench, Version 2.0.40-dev <$Revision: 1.4502 $> apache-2.0
Copyright (c) 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
Copyright (c) 1998-2002 The Apache Software Foundation, http://www.apache.org/
Benchmarking xight.org (be patient).....done
Server Software: Apache
Server Hostname: xight.org
Server Port: 80
Document Path: /test/static
Document Length: 119 bytes
Concurrency Level: 10
Time taken for tests: 2.615437 seconds
Complete requests: 100
Failed requests: 0
Write errors: 0
Total transferred: 43800 bytes
HTML transferred: 11900 bytes
Requests per second: 38.23 [#/sec] (mean)
Time per request: 261.544 [ms] (mean)
Time per request: 26.154 [ms] (mean, across all concurrent requests)
Transfer rate: 16.06 [Kbytes/sec] received
Connection Times (ms)
min mean[+/-sd] median max
Connect: 10 25 9.7 26 60
Processing: 36 224 44.5 230 304
Waiting: 26 136 65.5 136 269
Total: 62 250 44.8 259 333
Percentage of the requests served within a certain time (ms)
50% 259
66% 265
75% 267
80% 271
90% 291
95% 311
98% 325
99% 333
100% 333 (longest request)
mod_cache + mod_mem_cache 使用後 (PHPへのアクセス)
% ab -n 100 -c 10 http://xight.org/test/dynamic
This is ApacheBench, Version 2.0.40-dev <$Revision: 1.4502 $> apache-2.0
Copyright (c) 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
Copyright (c) 1998-2002 The Apache Software Foundation, http://www.apache.org/
Benchmarking xight.org (be patient).....done
Server Software: Apache
Server Hostname: xight.org
Server Port: 80
Document Path: /test/dynamic
Document Length: 1011 bytes
Concurrency Level: 10
Time taken for tests: 2.532703 seconds
Complete requests: 100
Failed requests: 0
Write errors: 0
Total transferred: 125500 bytes
HTML transferred: 101100 bytes
Requests per second: 39.48 [#/sec] (mean)
Time per request: 253.270 [ms] (mean)
Time per request: 25.327 [ms] (mean, across all concurrent requests)
Transfer rate: 48.17 [Kbytes/sec] received
Connection Times (ms)
min mean[+/-sd] median max
Connect: 10 24 5.9 24 38
Processing: 36 216 43.1 223 271
Waiting: 33 134 61.2 136 267
Total: 60 241 43.9 247 303
Percentage of the requests served within a certain time (ms)
50% 247
66% 253
75% 263
80% 263
90% 279
95% 291
98% 295
99% 303
100% 303 (longest request)
- /etc/apache2/mods-available/disk_cache.conf
<IfModule mod_cache.c> <IfModule mod_disk_cache.c> CacheRoot "/var/cache/apache2/disk_cache" CacheSize 524288 CacheEnable disk / CacheDirLevels 4 CacheDirLength 5 </IfModule> </IfModule>
# mkdir /var/cache/apache2/disk_cache
- mod_cache と mod_disk_cache の有効化
# a2enmod cache
# a2enmod disk_cache
# apache2ctl configtest
# apache2ctl restart
% ab -n 100 -c 10 http://xight.org/test/static
This is ApacheBench, Version 2.0.40-dev <$Revision: 1.4502 $> apache-2.0
Copyright (c) 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
Copyright (c) 1998-2002 The Apache Software Foundation, http://www.apache.org/
Benchmarking xight.org (be patient).....done
Server Software: Apache
Server Hostname: xight.org
Server Port: 80
Document Path: /test/static
Document Length: 119 bytes
Concurrency Level: 10
Time taken for tests: 104.65314 seconds
Complete requests: 100
Failed requests: 0
Write errors: 0
Total transferred: 43800 bytes
HTML transferred: 11900 bytes
Requests per second: 0.96 [#/sec] (mean)
Time per request: 10406.532 [ms] (mean)
Time per request: 1040.653 [ms] (mean, across all concurrent requests)
Transfer rate: 0.40 [Kbytes/sec] received
Connection Times (ms)
min mean[+/-sd] median max
Connect: 11 1039 2724.4 30 21007
Processing: 46 9083 8619.9 6165 30877
Waiting: 38 5708 7523.9 3087 27202
Total: 116 10122 9075.1 6263 30907
Percentage of the requests served within a certain time (ms)
50% 6263
66% 12234
75% 15935
80% 18918
90% 27164
95% 27222
98% 30892
99% 30907
100% 30907 (longest request)
mod_cache + mod_disk_cache 使用後 (HTMLへのアクセス)
% ab -n 100 -c 10 http://xight.org/test/static
This is ApacheBench, Version 2.0.40-dev <$Revision: 1.4502 $> apache-2.0
Copyright (c) 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
Copyright (c) 1998-2002 The Apache Software Foundation, http://www.apache.org/
Benchmarking xight.org (be patient).....done
Server Software: Apache
Server Hostname: xight.org
Server Port: 80
Document Path: /test/static
Document Length: 119 bytes
Concurrency Level: 10
Time taken for tests: 2.551448 seconds
Complete requests: 100
Failed requests: 0
Write errors: 0
Total transferred: 43800 bytes
HTML transferred: 11900 bytes
Requests per second: 39.19 [#/sec] (mean)
Time per request: 255.145 [ms] (mean)
Time per request: 25.514 [ms] (mean, across all concurrent requests)
Transfer rate: 16.46 [Kbytes/sec] received
Connection Times (ms)
min mean[+/-sd] median max
Connect: 11 24 8.9 26 42
Processing: 36 218 43.8 230 266
Waiting: 28 130 65.2 128 266
Total: 52 243 44.8 255 295
Percentage of the requests served within a certain time (ms)
50% 255
66% 261
75% 265
80% 267
90% 277
95% 284
98% 293
99% 295
100% 295 (longest request)
% ab -n 100 -c 10 http://xight.org/test/dynamic
This is ApacheBench, Version 2.0.40-dev <$Revision: 1.4502 $> apache-2.0
Copyright (c) 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
Copyright (c) 1998-2002 The Apache Software Foundation, http://www.apache.org/
Benchmarking xight.org (be patient).....done
Server Software: Apache
Server Hostname: xight.org
Server Port: 80
Document Path: /test/dynamic
Document Length: 1011 bytes
Concurrency Level: 10
Time taken for tests: 122.299908 seconds
Complete requests: 100
Failed requests: 0
Write errors: 0
Total transferred: 125500 bytes
HTML transferred: 101100 bytes
Requests per second: 0.82 [#/sec] (mean)
Time per request: 12229.991 [ms] (mean)
Time per request: 1222.999 [ms] (mean, across all concurrent requests)
Transfer rate: 1.00 [Kbytes/sec] received
Connection Times (ms)
min mean[+/-sd] median max
Connect: 15 1222 3040.3 24 21007
Processing: 36 10810 9137.5 9190 36141
Waiting: 33 5607 5397.5 3218 21047
Total: 56 12032 9438.8 9487 36160
Percentage of the requests served within a certain time (ms)
50% 9487
66% 15184
75% 18169
80% 18399
90% 24175
95% 36120
98% 36160
99% 36160
100% 36160 (longest request)
mod_cache + mod_disk_cache 使用後 (PHPへのアクセス)
% ab -n 100 -c 10 http://xight.org/test/dynamic
This is ApacheBench, Version 2.0.40-dev <$Revision: 1.4502 $> apache-2.0
Copyright (c) 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
Copyright (c) 1998-2002 The Apache Software Foundation, http://www.apache.org/
Benchmarking xight.org (be patient).....done
Server Software: Apache
Server Hostname: xight.org
Server Port: 80
Document Path: /test/dynamic
Document Length: 1011 bytes
Concurrency Level: 10
Time taken for tests: 6.392257 seconds
Complete requests: 100
Failed requests: 0
Write errors: 0
Total transferred: 125500 bytes
HTML transferred: 101100 bytes
Requests per second: 15.64 [#/sec] (mean)
Time per request: 639.226 [ms] (mean)
Time per request: 63.923 [ms] (mean, across all concurrent requests)
Transfer rate: 19.09 [Kbytes/sec] received
Connection Times (ms)
min mean[+/-sd] median max
Connect: 16 59 297.9 27 3007
Processing: 114 266 59.1 266 492
Waiting: 68 230 72.4 222 388
Total: 168 326 308.0 295 3317
Percentage of the requests served within a certain time (ms)
50% 295
66% 311
75% 337
80% 347
90% 386
95% 416
98% 524
99% 3317
100% 3317 (longest request)
効果覿面!
- 注意
CacheDirLevels * CacheDirLength <= 20 で無いとエラーが発生する.
Syntax error on line XXX of /etc/apache2/mods-enabled/disk_cache.conf:
CacheDirLevels*CacheDirLength value must not be higher than 20
しばらく動作させると以下のエラーが発生し,閲覧が不可能になる場合がある.
apache を再起動するとおさまるように見えるが,原因不明.
[Wed Mar 01 08:06:10 2006] [error] [client XXX.XXX.XXX.XXX] Directory index forbidden by rule: /path/to/public_html/foo/
- Reference
Apache HTTP サーバ - mod_cache
http://httpd.apache.org/docs/2.2/ja/mod/mod_cache.html
Apache HTTP サーバ - mod_mem_cache
http://httpd.apache.org/docs/2.2/ja/mod/mod_mem_cache.html
Apache HTTP サーバ - mod_disk_cache
http://httpd.apache.org/docs/2.2/ja/mod/mod_disk_cache.html
j-lab - ApacheConf2
http://ns.jk.to/zwiki/ApacheConf2
- Summary
ネットワークの速度がボトルネックになっている場合には,
動的にコンテンツ圧縮を行うことでパフォーマンスを上げることが可能.
動的に圧縮を行うため,CPU等のリソースは通常の転送時以上に消費する.
Apache1.x では mod_gzip を用いたが,Apache2.x では mod_deflate を用いる.
- /etc/apache2/mods-available/deflate.conf を作成
# mod_deflate <IfModule mod_deflate.c> AddEncoding x-compress Z AddEncoding x-gzip gz tgz DeflateCompressionLevel 9 #AddOutputFilterByType DEFLATE text/html text/plain text/xml DeflateFilterNote Input instream DeflateFilterNote Output outstream DeflateFilterNote Ratio ratio LogFormat '%h %l %u %t "%r" %{outstream}n/%{instream}n (%{ratio}n%%)' deflate <Directory /> # Filter SetOutputFilter DEFLATE # Netscape 4.x BrowserMatch ^Mozilla/4 gzip-only-text/html # Netscape 4.06-4.08 BrowserMatch ^Mozilla/4\.0[678] no-gzip # MSIE masquerades as Netscape, but it is fine BrowserMatch \bMSIE !no-gzip !gzip-only-text/html # Don't compress images and binary files SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)$ no-gzip dont-vary SetEnvIfNoCase Request_URI \.pdf$ no-gzip dont-vary SetEnvIfNoCase Request_URI \.(?:exe|t?gz|zip|bz2|sit|rar|7z)$ no-gzip dont-vary </Directory> </IfModule>
CustomLog /var/log/apache2/deflate.log deflate# a2enmod deflate
# apache2ctl restart
- mod_deflate が有効になっているかどうかのチェック
w3m と gunzip を利用して簡単にチェックが可能.
% w3m -dump_source http://example.com/ | gunzip
- Summary
.asx などのメディアファイルがテキストとして表示されてしまう.
原因は,レスポンスの Content-Type が text/plane になっているため.
- 解決方法
/etc/mime.types にメディアタイプを追加する.
video/x-ms-asf asf asx
apache の再起動.
# apachectl restart
- Reference
Mozilla Japan ナレッジベース - メディアファイルなど一部のコンテンツが表示されず、文字の固まりになってしまう
http://www.mozilla-japan.org/kb/solution/2046
- Reference
Port80 Software - HTTP Analysis Tools for Testing
http://www.port80software.com/support/p80tools
- via
@IT - mod_deflateによるコンテンツの圧縮転送 (1/3)
http://www.atmarkit.co.jp/flinux/rensai/apache2_04/apache04c.html
1. あるディレクトリ内でSSL通信のみ許可する
SSL通信以外のアクセスの場合,HTTP Error 403 Fobbidenを返す.
.htaccessに以下を記述
SSLRequireSSL
RewriteEngine On RewriteCond %{SERVER_PORT} !^443$ RewriteRule ^/path/to/(.*)?$ https://%{HTTP_HOST}/path/to/$1 [L,R]
RewriteEngine On RewriteCond %{SERVER_PORT} !^443$ RewriteRule ^/path/to/file.php(.*)?$ https://%{HTTP_HOST}/path/to/file.php [L,R]
- Reference
nemuiDoc: DebianでWebDAVサーバ
http://sugi.nemui.org/wiki/Debian%A4%C7WebDAV%A5%B5%A1%BC%A5%D0
- Summary
同時に256を超えるリクエストに応答する必要があるサイトでは,MaxClientsを増やす.
メモリが少ないサイトでは,スラッシングを防ぐためにMaxClientsを減らす.
MaxSpareServers, MinSpareServersの値を大きくするということは避けたほうが良いらしい.
- Reference
Apache Performance Tuning - Apache HTTP Server
http://httpd.apache.org/docs/2.0/ja/misc/perf-tuning.html
prefork - Apache HTTP サーバ
http://httpd.apache.org/docs/2.0/ja/mod/prefork.html
- Reference
Perl Cheat Sheet
http://juerd.nl/site.plp/perlcheat
Perl Cheat Sheet
http://ali.as/devel/cheatsheet.html
Perl Cheat Sheet
http://goldenink.com/perl/perlcheat.html
PHP Cheat Sheet
http://www.ilovejackdaniels.com/php/php-cheat-sheet/
JavaScript Cheat Sheet
http://www.ilovejackdaniels.com/javascript/javascript-cheat-sheet/
CSS Cheat Sheet
http://www.ilovejackdaniels.com/css/css-cheat-sheet/
mod_rewrite Cheat Sheet
http://www.ilovejackdaniels.com/cheat-sheets/mod_rewrite-cheat-sheet/
Vim Commands Cheat Sheet
http://bullium.com/support/vim.html
Cheat Sheet Roundup
http://www.petefreitag.com/item/455.cfm
- mod_rewriteを利用
# For spambot <IfModule mod_rewrite.c> RewriteEngine On RewriteCond %{HTTP_REFERER} ^$ RewriteCond %{REMOTE_HOST} marunouchi\.tokyo\.ocn\.ne\.jp$ RewriteCond %{HTTP_USER_AGENT} "^Mozilla/4.0 \(compatible; MSIE 6\.0; Windows 98\)$" RewriteCond %{SERVER_PROTOCOL} ^HTTP/1\.0$ RewriteRule .* - [F,L] </IfModule>
# For spambot <IfModule mod_rewrite.c> RewriteEngine On RewriteOptions inherit RewriteCond %{HTTP_REFERER} ^$ RewriteCond %{REMOTE_HOST} marunouchi\.tokyo\.ocn\.ne\.jp$ [OR] RewriteCond %{REMOTE_HOST} tokyo-ip\.dti\.ne\.jp$ [OR] RewriteCond %{REMOTE_HOST} odn\.ad\.jp$ [OR] RewriteCond %{REMOTE_HOST} tky\.mesh\.ad\.jp$ [OR] RewriteCond %{REMOTE_HOST} ap\.gmo-access\.jp$ RewriteCond %{HTTP_USER_AGENT} "^Mozilla/4\.0 \(compatible; MSIE 6\.0; Windows 98\)$" RewriteCond %{SERVER_PROTOCOL} ^HTTP/1\.0$ RewriteRule .* - [F,L] </IfModule>
RewriteEngine On RewriteOptions inherit
- Reference
MODULE.JP - 「自信を持ってApacheを操るために」スライド公開
http://module.jp/blog/internet_week_2005T16.html
Internet Week 2005
http://internetweek.jp/
- via
cl.pocari.org - 2005-12-09 - 「自信を持って Apache を操るために」スライド公開
http://cl.pocari.org/2005-12-09-1.html