Which Apache2 modules can I safely disable?_问答_开发者

These are my enabled mods:

alias auth_basic authz_default authz_groupfile authz_host authz_user autoindex deflate dir env mime negotiation php5 reqtimeout rewrite setenvif status

I'm attempting to reduce Apache's memory footprint as much as possible.

Can anyone guide 开发者_如何学Pythonme in the right direction as to which of these I absolutely need and which are optional? I plan on running Symfony, but I couldn't find any requirements about symfony to get it all working.

Well, you can start by disabling all auth / authz modules, unless you're going to have Apache do authentication work for you, in which case only enable the auth module that you're actually going to use.

You may not really need the autoindex module; you only need it if you'd like Apache to generate index files automatically.

deflate — you actually want that, so Apache can gzip-compress data before sending back to the client (dramatically reduces traffic).

reqtimeout — that's experimental. Not sure if you included it intentionally or not.

I recently read a webpage which details which Apache modules can be safely removed. He considers the most common use cases but you should always check afterwards and reenable what you do need:

This is the list of modules that the author left enabled:

core_module (static)
log_config_module (static)
logio_module (static)
version_module (static)
mpm_event_module (static)
http_module (static)
so_module (static)
auth_basic_module (shared)
authn_file_module (shared)
authz_host_module (shared)
authz_user_module (shared)
expires_module (shared)
deflate_module (shared)
headers_module (shared)
dir_module (shared)
mime_module (shared)
setenvif_module (shared)
rewrite_module (shared)
proxy_module (shared)
proxy_fcgi_module (shared)

The page contains details for CentOS and also Ubuntu server. I highly recommend reading the entire page as it contains details as to why certain packages were left or were disabled, as well as tips.

I only use: dir, php5, authz_host, mime, rewrite.

Disabling useless modules will save you a lot of resources.

I recomed you to disable one by one and restart the apache each time and test. Also note which modules you had at the begining in case of an error to be able to revert it back

I created a small python script to help you with it. Please have a look at https://github.com/zioalex/unused_apache_modules

This is what you can expect from it:

curl http://localhost/server-info > http_modules_test.txt
cat http_modules_test.txt| python find_unused_apache_mod.py

1
Module name mod_python.c
Configuration Phase Participation: 4
Request Phase Participation: 11
Current Configuration: 3

2
Module name mod_version.c
Configuration Phase Participation: 0
Request Phase Participation: 0
Current Configuration: 1

3
Module name mod_proxy_connect.c
Configuration Phase Participation: 0
Request Phase Participation: 0
Current Configuration: 0

To remove safely:
 ['mod_proxy_connect.c']
POPPED:  mod_proxy_connect.c

To KEEP:  ['mod_python.c', 'mod_version.c', 'mod_proxy_connect.c']

Comment out or disable all modules.

while fails $(apachectl configtest) # or apache2ctl configtest on debian
do
 if directive needed
  Add in the module that supplies the directive complained about.
 else
  delete directive
 fi
done

It is easier than commenting them out one by one, you end up with the minimum set. Do test afterwards that it all works, but I've used it as a process a few times with no major issues, but a configuration free module could in theory fail (if such a thing exists).

I dramatically shrunk my list of enabled modules from actions alias auth_basic auth_digest authn_file authz_default authz_groupfile authz_host authz_user autoindex cgi dav dav_fs dav_svn deflate dir env fcgid mime negotiation php5 proxy proxy_balancer proxy_connect proxy_http reqtimeout rewrite ruby setenvif ssl status suexec to a much lighter: authz_host deflate dir fcgid mime php5 rewrite.