OpenSkillIndex← back to search
claude-codedevops

Claude-skill-registry apache

Apache HTTP Server 配置

install
source · Clone the upstream repo
git clone https://github.com/majiayu000/claude-skill-registry
Claude Code · Install into ~/.claude/skills/
T=$(mktemp -d) && git clone --depth=1 https://github.com/majiayu000/claude-skill-registry "$T" && mkdir -p ~/.claude/skills && cp -r "$T/skills/data/apache" ~/.claude/skills/majiayu000-claude-skill-registry-apache && rm -rf "$T"
manifest: skills/data/apache/SKILL.md
tags
#server#apache#httpd#web#vhost#reverse-proxy
source content

Apache 配置

概述

Apache HTTP Server 配置、虚拟主机、模块管理等技能。

基础管理

服务控制

# CentOS/RHEL
systemctl start httpd
systemctl stop httpd
systemctl restart httpd
systemctl reload httpd

# Ubuntu/Debian
systemctl start apache2
systemctl stop apache2
systemctl restart apache2
systemctl reload apache2

# 配置测试
apachectl configtest
httpd -t

配置文件

# CentOS/RHEL
/etc/httpd/conf/httpd.conf
/etc/httpd/conf.d/*.conf

# Ubuntu/Debian
/etc/apache2/apache2.conf
/etc/apache2/sites-available/
/etc/apache2/sites-enabled/

# 日志
/var/log/httpd/                     # CentOS
/var/log/apache2/                   # Ubuntu

模块管理

# Ubuntu/Debian
a2enmod rewrite                     # 启用模块
a2dismod rewrite                    # 禁用模块
a2ensite example.conf               # 启用站点
a2dissite example.conf              # 禁用站点

# CentOS/RHEL
# 编辑 /etc/httpd/conf.modules.d/
httpd -M                            # 列出已加载模块

虚拟主机

基于域名

<VirtualHost *:80>
    ServerName example.com
    ServerAlias www.example.com
    DocumentRoot /var/www/example
    
    <Directory /var/www/example>
        Options -Indexes +FollowSymLinks
        AllowOverride All
        Require all granted
    </Directory>
    
    ErrorLog ${APACHE_LOG_DIR}/example-error.log
    CustomLog ${APACHE_LOG_DIR}/example-access.log combined
</VirtualHost>

HTTPS 配置

<VirtualHost *:443>
    ServerName example.com
    DocumentRoot /var/www/example
    
    SSLEngine on
    SSLCertificateFile /etc/ssl/certs/example.crt
    SSLCertificateKeyFile /etc/ssl/private/example.key
    SSLCertificateChainFile /etc/ssl/certs/chain.crt
    
    # SSL 优化
    SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
    SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256
    SSLHonorCipherOrder off
    
    Header always set Strict-Transport-Security "max-age=31536000"
</VirtualHost>

# HTTP 重定向
<VirtualHost *:80>
    ServerName example.com
    Redirect permanent / https://example.com/
</VirtualHost>

反向代理

基础代理

# 启用模块
# a2enmod proxy proxy_http

<VirtualHost *:80>
    ServerName api.example.com
    
    ProxyPreserveHost On
    ProxyPass / http://127.0.0.1:3000/
    ProxyPassReverse / http://127.0.0.1:3000/
    
    # 超时设置
    ProxyTimeout 300
</VirtualHost>

负载均衡

# 启用模块
# a2enmod proxy_balancer lbmethod_byrequests

<Proxy "balancer://mycluster">
    BalancerMember http://192.168.1.10:8080
    BalancerMember http://192.168.1.11:8080
    ProxySet lbmethod=byrequests
</Proxy>

<VirtualHost *:80>
    ServerName app.example.com
    ProxyPass / balancer://mycluster/
    ProxyPassReverse / balancer://mycluster/
</VirtualHost>

URL 重写

基础重写

# 启用模块
# a2enmod rewrite

<Directory /var/www/html>
    RewriteEngine On
    
    # 强制 HTTPS
    RewriteCond %{HTTPS} off
    RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
    
    # 去除 www
    RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
    RewriteRule ^ https://%1%{REQUEST_URI} [L,R=301]
    
    # 前端路由(SPA)
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule ^ index.html [L]
</Directory>

.htaccess

# /var/www/html/.htaccess
RewriteEngine On

# 隐藏 .php 扩展名
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME}\.php -f
RewriteRule ^(.*)$ $1.php [L]

# 防盗链
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^https?://(www\.)?example\.com [NC]
RewriteRule \.(jpg|jpeg|png|gif)$ - [F]

安全配置

基础安全

# 隐藏版本信息
ServerTokens Prod
ServerSignature Off

# 禁用目录列表
<Directory /var/www>
    Options -Indexes
</Directory>

# 安全头
Header always set X-Content-Type-Options "nosniff"
Header always set X-Frame-Options "SAMEORIGIN"
Header always set X-XSS-Protection "1; mode=block"

访问控制

# IP 限制
<Directory /var/www/admin>
    Require ip 192.168.1.0/24
</Directory>

# 基础认证
<Directory /var/www/private>
    AuthType Basic
    AuthName "Restricted Area"
    AuthUserFile /etc/apache2/.htpasswd
    Require valid-user
</Directory>

# 创建密码文件
# htpasswd -c /etc/apache2/.htpasswd username

常见场景

场景 1:PHP 配置

<VirtualHost *:80>
    ServerName example.com
    DocumentRoot /var/www/html
    
    <FilesMatch \.php$>
        SetHandler "proxy:unix:/var/run/php/php-fpm.sock|fcgi://localhost"
    </FilesMatch>
    
    <Directory /var/www/html>
        AllowOverride All
        Require all granted
    </Directory>
</VirtualHost>

场景 2:限流

# 启用模块
# a2enmod ratelimit

<Location /api>
    SetOutputFilter RATE_LIMIT
    SetEnv rate-limit 400
</Location>

场景 3:日志格式

LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %D" combined_time
CustomLog ${APACHE_LOG_DIR}/access.log combined_time

故障排查

问题排查方法
配置错误
apachectl configtest
403 Forbidden检查目录权限、SELinux
500 Internal Error查看 error.log
模块未加载
httpd -M
检查模块
性能问题检查 MPM 配置、连接数