Optimize, Secure and faster your apache

[mits]

[Apache parameter to be considered:]

Apache parameter to be considered:

Timeout, this timeout is the amount of time apache will wait between successful writes of data before closing the connection.

Timeout
Apache Default 1200
Recommend 15

KeepAlive, this option if set to on will use the same apache child to fetch data for a website such as images, therefore there is no need to call upon another apache child for each image thus increasing site loading speed.

KeepAlive
Apache Default On
Recommend On

maxKeepAliveRequests, this is the number of items that may be requested by an apache child on KeepAlive, if you have a page with many images then setting this too low will case problems.

maxKeepAliveRequests
Apache Default 100
Recommend 64

KeepAliveTimeout, this is the amount of time an Apache child doing a KeepAlive request will sit doing nothing, if set low you will notice allot more spare Apache children available for requests.

KeepAliveTimeout
Apache Default 15
Recommend 1

MinSpareServers, this is the min amount of idle Apache child processes, if all your children are doing something then Apache will continue to spawn children until there are the amount you set in MinSpareServers free for requests.

MinSpareServers
Apache Default 5
Recommend 10

MaxSpareServers, this is the max amount of idle Apache child processes allowed, if there is more than this amount of apache children idle they will be killed off.

MaxSpareServers
Apache Default 10
Recommend 15

StartServers, the number of Apache child processes to be started when the Apache server is restarted.

StartServers
Apache Default 5
Recommend 15

MaxClients, this is the number of Apache child processes that will be allowed, if your apache constantly causes the server to start using swap then lower this number, I recommend for most servers to set this at 8 divided by amount of memory in MB.

MaxClients
Apache Default 256
Recommend 8/Ram in MB (e.g... 8/1024 = 128Max Clients for 1GB ram)

MaxRequestsPerChild, I find this to be one of the most sensitive Apache settings, to low and you will kill your server with load, to high and you can get memory errors... Unlike some people I recommend never setting this to 0, or a number above 1000, some servers with low amounts of ram may benefit from this being set low while others who have got high load but lots of ram may benefit from having this high. This option is the number of requests an Apache child will be allowed before it is killed off and another one takes its place.

MaxRequestsPerChild
Apache Default 0
Recommend 64

Ref: http://httpd.apache.org/docs/1.3/mod/core.html
Ref: WebhostignTalk.com

HostNameLookups Off

Turning HostNameLookups off provides better performance, as this ensures Apache will not try to resolve any IP addresses. It also slightly decreases the possibility of spoofing attacks.

ServerTokens Prod
ServerSignature Off

By default Apache will give out information about its version and configuration. Using ServerTokens Prod will only give out the string "Apache"; the less information someone can get about your server, the more secure it is likely to be. In versions of Apache prior to 2.0.44, ServerSignature could leak the version of your server, so we turn that off. In more recent versions this is controlled by the ServerTokens directive.

Thanks,

[Basic settings]

Configuring Apache

# =================================================
# Basic settings
# =================================================
ServerType standalone
ServerRoot "/usr/local/apache"
PidFile /usr/local/apache/logs/httpd.pid
ScoreBoardFile /usr/local/apache/logs/httpd.scoreboard
ResourceConfig /dev/null
AccessConfig /dev/null

# =================================================
# Performance settings
# =================================================
Timeout 300
KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 15
MinSpareServers 5
MaxSpareServers 10
StartServers 5
MaxClients 150
MaxRequestsPerChild 0

# =================================================
# Apache's modules
# =================================================
ClearModuleList
AddModule mod_log_config.c
AddModule mod_mime.c
AddModule mod_dir.c
AddModule mod_access.c
AddModule mod_auth.c

# =================================================
# General settings
# =================================================
Port 80
User apache
Group apache
ServerAdmin admin@abc.com
UseCanonicalName Off
ServerSignature Off
HostnameLookups Off
ServerTokens Prod
<IfModule mod_dir.c>
    DirectoryIndex index.html
</IfModule>
DocumentRoot "/www/vhosts"

# =================================================
# Access control
# =================================================
<Directory />
    Options None
    AllowOverride None
    Order deny,allow
    Deny from all
</Directory>
<Directory "/www/vhosts/www.testdom.com">
    Order allow,deny
    Allow from all
</Directory>
<Directory "/www/vhosts/www.test1.net">
    Order allow,deny
    Allow from all
</Directory>

# =================================================
# MIME encoding
# =================================================
<IfModule mod_mime.c>
    TypesConfig /usr/local/apache/conf/mime.types
</IfModule>
DefaultType text/plain
<IfModule mod_mime.c>
    AddEncoding x-compress Z
    AddEncoding x-gzip gz tgz
    AddType application/x-tar .tgz
</IfModule>

# =================================================
# Logs
# =================================================
LogLevel warn
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
ErrorLog /usr/local/apache/logs/error_log
CustomLog /usr/local/apache/logs/access_log combined

# =================================================
# Virtual hosts
# =================================================
NameVirtualHost *
<VirtualHost *>
   DocumentRoot "/www/vhosts/www.testdom.com"
   ServerName "www.testdom.com"
   ServerAlias "www.e-bank.lab"
   ErrorLog logs/www.testdom.com/error_log
   CustomLog logs/www.testdom.com/access_log combined
</VirtualHost>
<VirtualHost *>
   DocumentRoot "/www/vhosts/www.test1.net"
   ServerName "www.test1.net"
   ErrorLog logs/www.test1.net/error_log
   CustomLog logs/www.test1.net/access_log combined
</VirtualHost>

[lazyidiot]

I would really appreciate if any of you give a detailed tutorial/how-to on mod_rewrite module for apache. Ive tried to read stuff on that, but, the stuff what I found was either too heavy or too light for a moderate user like me. So, if you create a good and easy to understand how-to for that, it would really be helpful or non-noob and non-guru folks like me.

[mits]

well lazyidiot,
 I will surely post that how to once I will have some research on it but meanwhile for you I could request you to check the wonderful docs at below metioned URL and update me your view about this docs:

http://forum.modrewrite.com/viewforum.php?f=12

thx

[sysconfig]

[Setup a Virtual Domain]

Setup a Virtual Domain

NameVirtualHost *
<VirtualHost *>
  DocumentRoot /web/example.com/www
  ServerName www.example.com
  ServerAlias example.com
  CustomLog /web/example.com/logs/access.log combined
  ErrorLog /web/example.com/logs/error.log
</VirtualHost>

Include another conf file

Include /etc/apache/virtual-hosts/*.conf

Hide apache version info

ServerSignature Off
ServerTokens Prod

Custom 404 Error message

ErrorDocument 404 /404.html

Create a virtual directory (mod_alias)

Alias /common /web/common

Perminant redirect (mod_alias)

Redirect permanent /old http://example.com/new

Create a cgi-bin

ScriptAlias /cgi-bin/ /web/cgi-bin/

Process .cgi scripts

AddHandler cgi-script .cgi

Add a directory index

DirectoryIndex index.cfm index.cfm

Turn off directory browsing

Options -Indexes

Turn on directory browsing

<Location /images>
  Options +Indexes
</Location>

Create a new user for basic auth (command line)

htpasswd -c /etc/apacheusers

Apache basic authentication

AuthName "Authentication Required"
AuthType Basic
AuthUserFile /etc/apacheusers
Require valid-user

Only allow access from a specific IP

Order Deny,Allow
Deny from all
Allow from 127.0.0.1

Only allow access from your subnet

Order Deny,Allow
Deny from all
Allow from 176.16.0.0/16

mod_rewrite

Turn on the rewrite engine

RewriteEngine On
Redirect /news/123 to /news.cfm?id=123
RewriteRule ^/news/([0-9]+)$ /news.cfm?id=$1 [PT,L]
Redirect www.example.com to example.com
RewriteCond %{HTTP_HOST} ^www\.example\.com$ [NC]
RewriteRule ^(.*)$ http://example.com$1 [R=301,L]

Nice howto but one thing is missing 1st have you compile apache with mod_rewrite module

like e.g:

./configure --prefix=/usr/local/apache --enable-module=rewrite --enable-shared=rewrite --enable-module=proxy   --enable-shared=proxy && make && make install

hi,

Please check the below mentioend URL for Howto on apache server-status

http://forums.linuxwebadmin.info/index.php/topic,72.0.html

Upgrade Apache, The newest stable version contains several performance enhancements

Disable ExtendedStatus unless you're actually debugging. Same goes for mod_info   

In httpd.conf, set "MaxClients 230" or higher for busier web sites. This allows more httpd daemons to run simultaneously and avoids clogging up the process queue.
  Cause: Don't increase MaxClients to greater than your available RAM! Figure betwee 2 - 8 MB per client. 230 clients may require roughly 1 GB availableRAM.

Make sure your web pages and CGI pages are browser cache friendly

Avoid using SSI tags.

Consider using mod_gzip or mod_deflate for Apache 2, or even pre-compressing static pages on disk