Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Networking

A-Z

advertisement 
Apache Configuration
Directives can be classified as
 Global – apply to Apache execution
 Server Specific – apply to server
 Virtual Host Specific – apply to virtual hosts
Directives can also be classified as





Core – in all Apache installations
MPM – in an OS-native installation
Base – provided by modules included in Apache by default
Extension – part of a module that is optional
Experimental – use at your own risk
Main configuration file: httpd.conf
Virtual host configuration:
 Can be defined in section of httpd.conf ***
…or…
 Can be placed in .htaccess file in virtual host home directory, with directive in
https.conf: AllowOverride all|none [not all directives permitted in .htaccess]#
Directives:
 Listen[Server]
 Defines IP and/or port where Apache listens.
 E.g. Listen 80
 Listen 143.238.1.1:80
 Listen 143.239.1.1.8080
 DocumentRoot[Server, Virtual Host]
 Defines the root directory where web pages should reside.
 E.g. DocumentRoot “C:/websites/atlanticferries”
 DirectoryIndex[Server, Virtual Host, Directory, .htaccess]
 DirectoryIndex index.html index.htm
 DirectoryIndex index.html /cgi-bin/list.pl
 ServerName[Server, Virtual Host]
 Specifies server name(optional port no) that Apache uses to identify itself.
 E.g. ServerName www.atlanticferries.com
1
Configuring Log Files:
 ErrorLog[Server, Virtual Host]
 Specifies name/location of error logfile
 E.g. ErrorLog /etc/apache_error_log
 LogLevel[Server, Virtual Host]
 Adjusts the verbosity of the messages recorded in the error logs.
 E.g. LogLevel warn
 [levels are: emerg, alert, crit, error, warn, notice, info, debug]
 CustomLog[Server, Virtual Host]
 Specifies name & format of logfile for http requests, with optional nickname
 E.g. CustomLog /logs/connect_logfile “%h %u %t %r %s” mylogformat
 Logformat[Server, Virtual Host]
 Specifies format of logfile for http requests, with optional nickname
 E.g. LogFormat “%a %u %B %t %r %s” mynewlogformat
Running Scripts[Script Alias Directive]
Server-side scripting is commonly supported so as to provide dynamic websites.
Scripting languages of various styles exist:
 ColdFusion Markup Language (*.cfm)
 Java via JavaServer Pages (*.jsp)
 JavaScript using Server-side JavaScript (*.ssjs)
 PHP (*.php)
 Perl (*.pl)
The modern Apache approach is to provide optional modules [e.g. mod_perl,
mod_php] for many of these scripting languages, These modules, if loaded, will
handle processing of the relevant script.
CGI Scripts
Prior to the development of such languages, early scripting was done using a
combination of C programs, (Unix) shell scripts and Perl scripts. This combination of
approaches was referred to as the Common Gateway Interface (CGI), and is still
employed in websites to this day. A CGI script will be stored in a file, the first line of
which specifies how the file contents are to be interpreted. For example, the following
first line of a CGI script states that the file contains a shell script, to be executed by
the bash shell:
♯! /bin/bash
An alternative first line of a file might state that it contains a Perl script, to be
2
executed by the Perl interpreter:
♯!/usr/local/bin/perl
CGI Directory [ScriptAlias Directive]
By convention, Apache stores all CGI scripts in a directory named cgi-bin. The
location of this directory should be specified with an appropriate ScriptAlias directive
within the htttpd configuration file:
e.g. ScriptAlias /cgi-bin/ “C:/xampp/apache/cgi-bin/”
e.g. ScriptAlias /cgi-bin/ /usr/local/apache2/cgi-bin/
Then, for example, if a script is invoked from a HTML form:
<form action= “/cgi-bin/processform.cgi” method=”POST”>
A request is made for the file /cgi-bin/processform.cgi to Apache which looks for it in the
directory /usr/local/apache2/cgi-bin and then executes it.
MIME Types [AddType & Action Directives]
MIME [Multipurpose Internet Mail Extensions] types are identifiers used to identify
file types, such as text, image, audio, etc. While originally designed for mail, MIME
has been extended to the Web in general. When a Web server is handling a file, either
for direct manipulation or for transfer to a client, it needs to identify the file type so
that he correct handling application can be chosen.
MIME types have the format type/subtype, and examples are:
 text/plain
 text/html
 text/xml
 image/jpeg
 image/gif
 video/mpeg
 application/pdf
 application/zip
The definition of supported MIME types is stored in a file [default location:
/conf/mime.types], which uses the file extension to determine its type and
identifies the handler application(s). If it cannot determine the file type, it assigns it
the default type, test/plain. [Note that, if the optional mime-magic module is
loaded, it looks inside the file to determine its type]
Editing the mime-types File [AddType & Action Directives]
If you need to add a type, it is done using the AddType directive, as in:
AddType mime-type extension
e.g. AddType application/x-httpd-php .php
which adds a line to the file.
3
Similarly, you can instruct Apache to run a particular script when it receives a request
for a file type, using the Action directive:
Action mime-type script
e.g. to handle all requests for png images with a CGI script:
Action image/png /cgi-bin/processPNG.cgi
Or, you can create an action for PHP using the MIME type created above as follows:
Action application/x-httpd-php /php/php.exe
In this case, /php/ must have been defines as a script directory using the ScriptAlias
directive.
Configuring Directories [Options, AllowOverride, Order, Allow, Deny Directives]
Directories are used in Apache for organizing both the server components and the
individual virtual hosts. Both the access to, and the features of, directories can and
should be controlled.
Directory Access
A general rule is that Apache should not have any more access to a directory than is
absolutely necessary. A further general rule is that access to a directory applies to
subdirectories, etc, unless specifically refused by a directive.
To achieve control, a default directory is normally defined with minimal access
permission for Apache:
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
This defines a top-level directory [from which all others inherit], which allows
Apache to follow symbolic links, but it cannot process a .htaccess configuration file.
Other directories can then have specific directive applied to them using the template:
<Directory dirpath>
Directives
</Directory>
e.g. <Directory /usr/local/apaches/htdocs>
An example of this might be:
<Directory /usr/local/apache/htdocs/secret>
Order Deny, Allow
Allow from cs.ucc.ie
Deny from all
</Directory>
4
which will deny access to the directory from all clients except those originating from
the domain cs.ucc.ie. Note that Deny is evaluated before Allow, thereby achieving
the desired result.
When using the Deny or Allow directives, they take the form
Allow from identifier
Deny from identifier
where Identifier can take the form
 All
 Domain-Name [cs.ucc.ie]
 IP Address [143.239.1.17]
 Partial IP Address [143.239]
Directory Features
In addition to enabling access, we may also want to control features of a directory,
using the Options directive, as in: Options features
where features take the form:
 All
 ExecCGI
 FollowSymLinks
 Includes
 Indexes
 None
 SymLinksIfOwnerMatch
Using Directives with Files [Order, Allow, Deny Directives]
You can restrict access to files in the same way you restrict access to directories,
using the Files directive:
<Files filename>
Directives
</Files>
You can specify wildcards in the filename option:
<Files *.gif>
The Directives, which control file access, can include Allow, Deny and Order.
Apache Modules
Since the release of Apache2, the design of the software has been modular, where
each module supports a particular feature – and can be omitted if that feature is not
required. Modules can be base (enabled by default), extension (enabled by choice
5
when installing Apache) or external (provided by third parties). The latter two
categories of software module can either be compiled statically (compiled with
Apache; adding or removing involves recompiling the Apache software) or
dynamically (they are Dynamically Shared Objects – DSO – that require a
LoadModule directive in httpd.conf in order to be loaded).
Some useful extension modules include:
PHP [mod_php]
 a scripting modules for dynamic data-driven websites
Secure Socket Layer (SSL) [mod_ssl]
 a connection on Port 443 that uses the HTTPS protocol, not HTTP.
Information transmitted between Apache and the browser is encrypted, with
the server holding a digital certificate, issues by a certification authority, that
verifies its identity; uses a library OpenSSL that must also be installed.
Perl [mod_perl]
 executes Perl CGI scripts, employed for text/file manipulation; run much
faster than Perl scripts executed as CGI scripts.
Python [mod_python]
 another scripting language employed for text/file manipulation; objectoriented,
comparable to Perl & java..
Security Tips
Update Regularly
 Update Apache with each new release, particularly those relating to security
issues.
Restrict Access to Apache Directory [Unix]
 Create Apache directory as root, with root permissions. Do not allow writes to
Apache directory.
Don’t Run Apache as Root [Unix]
 You must start Apache as root. However, the User & Group directives in the
configuration file should switch to another dedicated account, one with fewer
privileges.
Monitor Server Requests
 Check logfiles regularly. Look out for suspicious requests, such as requests for
the passwd file or repeated requests from same user.
Use a Restricted Default Directory
 In httpd configuration file, specify Deny from All in default directory
<Directory />. Then use Allow directory to open up access to specific
directories.
6
Don’t Let Users See Your Files
 Don’t allow indexes in any directories unless specifically required (so that
users won’t try each file). Don’t set Options directive to Index in default
directory – only in directories where file browsing is required.
Limit CGI Scripts
 Limit the execution of CGI scripts to specific directories, such as cgi-bin.
Don’t place them in any other directory, unless you trust users who can
execute them. Ensure that any directory containing executable scripts is not
writeable to outside users.
Don’t Allow .htaccess Files
 Do all configuration in httpd.conf.
Use SSL for Important Communications
 Encrypt important communications
Apache From Source
Installing Apache WebServer on Unix
 from source
 from binaries
 from a package manager [RPM]
Installing Apache from Source Files
Step 1: Download
1.
2.
3.
4.
Download from httpd.apache.org
Select appropriate mirrorsite [choose default]
Choose required source file for download, e.g. httpd-2.2.17.tar.gz
Save to an appropriate directory, such as /usr/src
Step 2: Installation
After downloading:
1. Go to a Linux shell and login as the system administrator root:
sudo bash [become root]
2. Change to the download directory:
cd /usr/src
and check that the downloaded file httpd-2.2.17.tar.gz is there
3. Unpack the tarball:
7
gunzip –c httpd-2.2.17.tar.gz | tar –xf –
A new directory named httpd.2.2.17 is created that contains several
subdirectories with all the files unpacked from the tarball
4. Configure the installation [choosing where to install Apache]:
The default location is /usr/local/apache2, achieved by:
./configure
To locate the installation elsewhere, use the prefix option:
./configure --prefix=/software/apache2
5. Compile the source code programs using the make utility:
Make
6. Install the software:
make install
Apacheis now installed below the /usr/local/apache2 directory.
Step 3: Start
Assuming that you choose the default for the configure command, the
/usr/local/apaches2 directory will have a bin subdirectory that contains the
executables. In particular, it will contain the following:
httpd: this is the apache executable, and can be run directly with suitable
parameters
apachect1: this is a script that will start httpd executing, having done some
checking of the parameters; it is the standard way of starting apache.
To start apache using apachect1:
/usr/local/apache2/bin/apachectl start
By default, apachectl looks for the httpd executable in /usr/local/apache2/bin
directory. If you installed in non-standard directories, you should edit the apachectl
script and amend the line
HTTPD=’/usr/local/apache2/bin/httpd’
So that it contains the correct path to the httpd executable, e.g.
HTTPD=’software/apaches/bin/httpd’
8
Step 4: Test
To check that Apache is running, lookup all processes:
ps –A
and check if the list of processes includes some named httpd.
Stopping Apache
To stop Apache simply call this command:
/usr/local/apache2/bin/apachectl stop
Restarting Apache
To restart Apache just type in this command:
/usr/local/apache2/bin/apachectl restart
Installation Options
In Step2 above, we have seen that the configure command can have a prefix option
that determines where the Apache executables will be placed. In fact, the user can
determine the placement of all Apache files, using the enable-layout option. Its
format is enable-layout=LAYOUT, which states that the installation should take its
layout format from a file named LAYOUT. The default is layout.config.
./configure --prefix=/software/apache2 – enable-layout=LAYOUT
The default layout.config file contains:
<Layout Apcahe>
prefix:
exec_prefix:
bindir:
sbindir:
libdir:
libexecdir:
mandir:
<Layout>
/usr/local/apache2
$[prefix]
$[exec_prefix]/bin
$[exec_prefix].bin
$[exec_prefix].lib
$[exec_prefix]/modules
$[prefix]/man
Serving Multiple Websites
Hosting More Than One Website
User Home Pages [Directory-Based]
 group all websites under one controlling hostname
 e.g.
9
www.MyServer.com/~abc/siteone.html
www.MyServer.com/~cde/sitetwo.html
www.MyServer.com/xyz/newsite.html
 simple to implement by assigning a directory to each separate website
 home directory for each supported website can be automatically setup with UserDir
directive:
 e.g
UserDir /home/www/MyServer/users/
 this will take an incoming URL of www.MyServer.com/~abc/siteone.html and
redirect it to the page at /home/www/MyServer/users/abc/siteone.html [i.e. it
substitutes the URL for the tilde
 individual websites can be given some level of control with a .htaccess file
Use Separate Servers
 run more than one instance of Apache at the same time
 each could listen on the same IP/Port, but requests must include the “Host: …”
header of HTTP1.1 [see “Name-based Virtual Hosting” below]
 alternatively, each could on a separate IP number and port [see ”IP-based Virtual
Hosting” below]
 heavyweight solution, but considered useful for high-security systems [especially if
Apache instances run as different user/group identities]
IP-Based Virtual Hosting
 run only one instance of Apache but, for each hosted website, have it listen on a
separate IP number and port [i.e. on separate network cards or on a single network
card that has several IP numbers multiplexed]
 more efficient than having separate servers [since a common pool of processes is
effectively shared]
 can define the behaviour of virtual host in the configuration file
 e.g.
<VirtualHost IP>
ServerName www.MyServer.com
10
ServerAlias MyServer.com, *.MyServer.com
ServerAdmin webmaster@MyServer.com
DocumentRoot /home/www/MyServer
ErrorLog logs/MyServer_errors
TransferLog loga/MyServer_log
</VirtualHost>
Name-Based Virtual Hosting
 an instance of Apache could support multiple websites, each having its own
directory structure and configuration file
 all requests must have the “Host: …” header of HTTP1.1]
11
Related documents
reading
reading
Take Home (Midterm) Exam – Summer 2015 - Rose
Take Home (Midterm) Exam – Summer 2015 - Rose
Construction Check List for The Preserve, Delwood Point, and
Construction Check List for The Preserve, Delwood Point, and
Western Apache Ethnography and GIS Research Experience for
Western Apache Ethnography and GIS Research Experience for
Download
advertisement