Diferencia entre revisiones de «Apache HTTP Server»
De TechShareRoom wiki
Más acciones
Sin resumen de edición |
Sin resumen de edición |
||
| Línea 68: | Línea 68: | ||
MaxRequestWorkers 120 | MaxRequestWorkers 120 | ||
MaxConnectionsPerChild 2000 | MaxConnectionsPerChild 2000 | ||
</syntaxhighlight> | |||
<syntaxhighlight lang="bash" copy> | |||
/etc/php/8.3/fpm/pool.d/www.conf | |||
</syntaxhighlight> | |||
<syntaxhighlight lang="bash" copy> | |||
pm = dynamic | |||
pm.max_children = 35 | |||
pm.start_servers = 5 | |||
pm.min_spare_servers = 5 | |||
pm.max_spare_servers = 15 | |||
pm.max_requests = 500 | |||
</syntaxhighlight> | |||
Optimización extra: | |||
<syntaxhighlight lang="bash" copy> | |||
a2enmod deflate | |||
a2enmod expires | |||
a2enmod headers | |||
</syntaxhighlight> | |||
MYSQL: | |||
<syntaxhighlight lang="bash" copy> | |||
sudo nano /etc/mysql/mysql.conf.d/mysqld.cnf | |||
</syntaxhighlight> | |||
<syntaxhighlight lang="bash" copy> | |||
[mysqld] | |||
# 🔥 RAM usage control | |||
innodb_buffer_pool_size = 900M | |||
innodb_buffer_pool_instances = 1 | |||
# Logs (mejor estabilidad que velocidad pura) | |||
innodb_flush_log_at_trx_commit = 2 | |||
sync_binlog = 0 | |||
# Connections | |||
max_connections = 60 | |||
thread_cache_size = 16 | |||
# Query cache (si usas MySQL moderno → pequeño, solo compatibilidad) | |||
query_cache_size = 32M | |||
query_cache_type = 1 | |||
# Tables + performance | |||
table_open_cache = 400 | |||
table_definition_cache = 400 | |||
# Temp tables | |||
tmp_table_size = 64M | |||
max_heap_table_size = 64M | |||
# Slow queries (útil para optimizar WP + MediaWiki) | |||
slow_query_log = 1 | |||
slow_query_log_file = /var/log/mysql/slow.log | |||
long_query_time = 2 | |||
</syntaxhighlight> | </syntaxhighlight> | ||
Revisión del 21:05 22 feb 2026
Hardening
- Quitar exposición de versión
Cambiar en:
/etc/apache2/conf-available/security.confServerTokens Prod
ServerSignature Off- Securizar SSL
Cambiar en:
nano /etc/apache2/mods-available/ssl.confSSLCipherSuite HIGH:!aNULL:!MD5:!3DES
SSLProtocol -all +TLSv1.2 +TLSv1.3
SSLStaplingCache shmcb:${APACHE_RUN_DIR}/ssl_stapling(128000)
SSLHonorCipherOrder onActivar módulos:
a2enmod rewrite ssl headers http2
systemctl restart apache2- Activar HSTS y más mejoras:
Abrir:
/etc/apache2/sites-available/tu-sitio-le-ssl.confDentro del bloque:
<VirtualHost *:443>
Añade esto:
Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
Header always set X-Content-Type-Options "nosniff"
Header always set X-Frame-Options SAMEORIGIN
Header always set X-XSS-Protection "1; mode=block"Reinicia apache
a2enmod headers
systemctl reload apache2Optimización para 3GB de RAM
nano /etc/apache2/mods-available/mpm_event.confStartServers 2
MinSpareThreads 25
MaxSpareThreads 75
ThreadLimit 64
ThreadsPerChild 20
MaxRequestWorkers 120
MaxConnectionsPerChild 2000/etc/php/8.3/fpm/pool.d/www.confpm = dynamic
pm.max_children = 35
pm.start_servers = 5
pm.min_spare_servers = 5
pm.max_spare_servers = 15
pm.max_requests = 500Optimización extra:
a2enmod deflate
a2enmod expires
a2enmod headersMYSQL:
sudo nano /etc/mysql/mysql.conf.d/mysqld.cnf[mysqld]
# 🔥 RAM usage control
innodb_buffer_pool_size = 900M
innodb_buffer_pool_instances = 1
# Logs (mejor estabilidad que velocidad pura)
innodb_flush_log_at_trx_commit = 2
sync_binlog = 0
# Connections
max_connections = 60
thread_cache_size = 16
# Query cache (si usas MySQL moderno → pequeño, solo compatibilidad)
query_cache_size = 32M
query_cache_type = 1
# Tables + performance
table_open_cache = 400
table_definition_cache = 400
# Temp tables
tmp_table_size = 64M
max_heap_table_size = 64M
# Slow queries (útil para optimizar WP + MediaWiki)
slow_query_log = 1
slow_query_log_file = /var/log/mysql/slow.log
long_query_time = 2Vulnerabilidades
- apache2buddy
curl -O https://raw.githubusercontent.com/richardforth/apache2buddy/master/apache2buddy.pl
chmod +x apache2buddy.pl
./apache2buddy.pl- Nikto
sudo apt install nikto
nikto -h https://techshareroom.com