Post on 26-Dec-2015
Apache
Setting up a Web (httpd) server
Apache
• Apache is the utility used by Linux servers to provide Web services (http services).
• It is the most popular Web server utility in use on the Internet.
• Developed and maintained by ASF (Apache Software Foundation), a non-profit organization founded in 1999.
Intro
• Apache is a server that responds to requests from Web browsers (or clients) for web content.
• Client browser sends request to apache server by entering domain name in URL box.
• Apache server responds to request with content from requested page.
• Client displays content from server on terminal screen.
Intro (cont)
• Apache server is oblivious to content of web page.
• Uses external modules to increase flexibility and to allow individual components to be compiled separately from the primary package. These modules are called DSOs (Dynamic Shared Modules)
Prerequisites
• httpd• apr (apache portable runtime)• apr-utilOptional Packages• httpd-manual – apache manual• Webalizer – web server log analyzer• Mod_perl – secure sockets layer extension• Php – embedded php scripting language, including IMAP
and LDAP support• Mrtg – mrtg traffic monitor• Net-snmp and net-snmp-utils – snmp – required for
MRTG
Starting Apache
• /sbin/chkconfig httpd on
• /sbin/service httpd start
After making configuration changes to Apache, gracefully restart without interrupting users currently using the web server as follows:
• /sbin/service httpd graceful
Terms
• Apache – the name of a server that runs the http daemon. Serves web content and http. Daemon is named httpd.
• An apache server is the same as the apache process. An apache child process exists to handle incoming client requests.
• Apache typically uses TCP port 80; https uses TCP port 443. If you are running a firewall, you must open these ports.
Starting Apache
1. Add the following lines to the /etc/httpd/conf/httpd.conf configuration file:
ServerName domainnameor
ServerName IP_address
For example:frontdesk mstockbauer.com
Starting Apache
2. ServerAdmin marty.stockbauer@yahoo.comSpecifies the e-mail address that the server displays on error pages
3. ServerSignature EMailSpecifies that you want an e-mail link on error pages
4. After saving these changes to the configuration file, restart the httpd./etc/sbin httpd graceful
These lines provide an e-mail address for web pages that are not found on the server.
Testing Apache
• Open browser and enter domain name in URL box. Also try entering the IP address of the web server in the URL box of your browser.
• Content is placed in /var/www/html subdirectory. Default opening page is /var/www/html/index.html
System-config-httpd
• Can also be used to set up httpd. /etc/httpd/conf/httpd.conf contains many informational comments that will be overwritten the first time you run this utility. Be sure to rename this file BEFORE ever running system-config-httpd.
System-config-httpd
• Tabs: Main, Virtual Hosts, Server, Performance Tuning. Each field corresponds to a directive in the /etc/httpd/conf/httpd.conf file.
Main tab
• Establish a FQDN as the name of the server, an email address for the server administrator, and ports and addresses that apache listens on for requests.
Virtual Hosts
• Allows you to establish default settings for Apache and set up virtual hosts.
• Virtual hosts allow one instance of Apache to respond to requests directed to multiple IP addresses or hostnames as though it were multiple servers. Each IP address or hostname can provide different content and be configured differently.
Server Tab
• Can specify the pathname of the Lock directive, the PID file, and the directory that Apache uses to store core dumps.
Performance Tuning Tab
• Control the maximum number of connections that Apache allows (MaxClients), the number of seconds after which a connection will disconnect (Timeout), the max number of requests allowed per connection (MaxRequestsPerChild), and whether to allow persistent connections (KeepAlive)
File System Layout
• Binaries,scripts, and modules are stored in /usr/sbin/httpd, /usr/sbi/apachect, /usr/bin/htpassewd, /usr/sbin/rotatelogs, /etc/httpd/modules
• Configuration files: /etc/httpd/conf/httpd.conf, /etc/httpd/conf/magic, etc.
• Logs: /var/log/httpd/access_log, /var/log/httpd/error_log, /var/log/httpd/ssl_*_log
File system
• Web documents: – /var/www/cgi-bin – holds cgi scripts– /var/www/error – holds default error docs– /var/www/icons – icons used for directories– /var/www/manual
• Document root - /var/www/html by default. Can be changed.
• .htaccess files – contains config directives and can appear in any directory in the document root hierarchy. Location is critical – directives apply to all files in the hierarchy rooted at the directory containing the .htaccess file.
Configuration Directives
• Lines in a configuration file that control some aspect of Apache– Keyword values– If value has spaces, must enclose in “”
• /etc/httpd/conf/httpd.conf – most important file. Holds global directives.
• An include directive can incorporate contents of another file into config file
Configuration Directives
• .htaccess – local directives can also appear in .htaccess file
• Pathnames – when absolute pathname is used in configuration directive, directive uses that pathname without modification. If relative pathname is used, apache prepends to the name the value specified by the ServerRoot directive (/etc/httpd by default)
Directives You May Want to Modify in /etc/httpd/conf/httpd.conf
• Listen [IP address:]portnumber– Specifes IP address and port that httpd will listen on. If no IP
address or 0.0.0.0, httpd will listen on all NICs. Must have at least one Listen directive or Apache won’t work
– To change to 8080,• Listen 8080
Now, each request to the server must include a port number (www.example.com:8080) or kernel will return a connection refused.
– Use multiple Listen directives to cause Apache to listen on multiple IP addresses and ports.
Listen 80Listen 192.168.1.1:8080Listen 192.168.1.2:443
Directives You May Want to Modify in /etc/httpd/conf/httpd.conf
• ServerAdmin email-address– Sets the email address displayed on error
pages.
• ServerName fqdn[:port]– Specifies server’s name and the port it listens
on. Fqdn must be able to be resolved by DNS and may differ from the hostname of the system running the Server.
ServerName www.example.com:8080
Directives You May Want to Modify in /etc/httpd/conf/httpd.conf
• DocumentRoot dirname– Points to the root of the directory hierarchy
that holds the server’s content. Dirname is the absolute pathname of the directory at the root of the directory hierarchy that holds the content apache serves. Do NOT use a trailing slash. Default is /var/www/html
DocumentRoot /home/www
Directives You May Want to Modify in /etc/httpd/conf/httpd.conf
• UserDir dirname | disabled | enabled users– Allows users to publish content from their home
directories– Dirname is the name of a directory that, if it appears
in a local user’s home directory apache publishes to the web. Disabled prevents content from being published from user directories, enabled causes the home directories of specified users to be displayed.
– To go to the page in a browser, http://www.name.com/~jdoe displays the index.html file in jdoe’s public_html directory.
– Default in RHEL is public_html, Fedora – none, Red Hat - disabled
Directives You May Want to Modify in /etc/httpd/conf/httpd.conf
• DirectoryIndex filename [filename….]– Specifies which file to display when a user asks for a
directory. Filename is the name of the file that apache serves. When a client specifies a directory location (no file name), this specifies which files apache should look forDirectoryIndex index.php index.html index.htm index.shtml
– http://www.victoriacollege.edu/~marty• Uses UserDir of public_html and DirectoryIndex of index.htm
– .var extension denotes a content-negotiated document that allows apache to serve the apache manual and other documents in one of several languages as specified by client.
Contexts and Containers
• Contexts – 4 locations that define where a configuration directive can appear. – Server config – can appear in httpd.conf only, but not
inside <Virtual Host> or <Directory> containers.– Virtual host – can appear in <Virtual Host> container
within httpd.conf only– Directory – Can appear inside
<Directory>,<Location>, and <Files> containers– .htaccess – can appear in .htaccess files only
• Directives in files incorporated with an Include directive are part of the context they are included in and must be allowed in that context.
Containers
• Containers (special directives) are directives that group other directives. Delimited by XML-style tags.
<Directory> …. </Directory>
<Location> …. </Location>
<VirtualHost> … </VirtualHost>
Some Commonly Used Containers
• <Directory directory> … </Directory>– Applies directives to directories within specified
directory hierarchies. Directory is an absolute pathname specifying the root of the directory hierarchy that holds the directories the directives in the container apply to.
<Directory /var/www/html/corp>Deny from all denies all clientsAllow from 192.168.10. allows 192.168.10.0AllowOverride All .htaccess files
override</Directory>
Some Commonly Used Containers
• <Files directory>… </Files>– Applies directives to specifed ordinary files
• <IfModule module-name> ….<IfModule>– Applies directives if a specified module is
loaded.
• <Limit method …> …</Limit>– Limits access-control directives to speciied
HTTP methods.
Some Commonly Used Containers
• <LimitExcept method> … </LimitExcept>– Limits access-control directies to all except
specified HTTP methods.
• <Location URI> …</Location>– Applies directives to specified URIs
• <LocationMatch exp>… <LocationMatch>– Applies directives to matched URIs
• <VirtualHost addr[:port]…>..</VirtualHost>– Applies directives to a specified virtual host
Advanced Directives: Control Processes
• MaxClients x– specifies the max number of child processes that apache runs at one time. If max are all used, apache issues “Server Too Busy” error. 150 is typical
• MaxRequestsPerChild x – specifies the max number of requests a child process can serve during its lifetime. Dies after completion. Set x to 0 to not set a limit. BY limiting the life of processes, this can prevent memory leaks from consuming too much memory. Can hurt performance.
Advanced Directives: Control Processes
• MaxSpareServers x – specifies the maximum number of idle processes apache keeps running to serve requests as they come in. DO not set too high. RedHat default 20
• MinSpareServers x – specifies the min number of idle processes. Increase this value for busy sites only. Default is 5. StartServers – specifies the number of child processes that Apache starts with.
Advanced Directives: Networking Directives
• HostnameLookups On|off|double – specifies whether apache puts a client’s hostname or its IP address in the logs– On – performs DNS reverse name resolution
to display host names– Off – logs IP addresses– Doube – displays both
Advanced Directives: Networking Directives
• Timeout x – specifies the number of seconds that apache waits for network operations to complete. Default is 300, RedHat – 120
• UseCanonicalName On|Off|DNS– Specifies the method the server uses to identify itself;
important when server has more than one name and needs to redirect.
• On – uses value of ServerName directive• Off – uses name and port from incoming request• DNS – reverse DNS on IP of incoming request
Advanced Directives: Logging Directives
• ErrorLog filename – specifies where apache sends error messages. Default: logs/error_log
• LogLevel – specifies the level of error messages that apache logs. Default – warn– Options: Emerg, alert, crit, error, warn,
notice, info, debug
Directives that Control Content
• AddHandler – creates a mapping between fielname extensions and a builtin apache handler.– AddHandler cgi-script .cgi
• Tells apache to process files with .cgi extension with the cgi-script handler (related to loaded modules)
• Alias – maps a URI to a directory or file
Directives that Control Content
• ErrorDocument code action - specifies the action apache takes when the specified error occurs.
• ErrorDocument 403 “Sorry, access is forbidden”
• IndexOptions – specifies how apache displays directory listings.
• ServerRoot directory – specifies the root directory for server files (not content)
Directives that Control Content
• ServerTokens Prod|Major|Minor|Min|OS|Full – specifies the server information that apache returns to
a client– OS – name of OS and complete version– Prod – apache– Major – major release number– Minor – major and minor release numbers– Minimal – complete version apache/2.2.0– Full – Same as OS, plus names and versions on
group modules• Default is Full, Red Hat OS – change this to
reveal as little as possible
Directives that Control Content
• ServerSignature On|Off|Email– Adds a line to server-generated pages
• On – turns signature line on with server version as specified by ServerTokens
• Off – turns signature line off• Email – adds a mailto: link
Configuration Directives
• Group – sets the GID of the processes that run the servers
• Include – loads directives from files• LoadModule – loads a module• Options – controls server features by
directory• ScriptAlias – maps a URI to a directory or
file and declares the target to be a server (CGI) script
Configuration DIrectives
• User – sets the UID of the processes that run the servers– Apache must start as root to listen on a
privileged port. Child processes run as nonprivileged users. Do not set user to root or 0.
Security Directives
• Allow from All | host xxx | env=var– Specifies which clients can access specified content
• AllowOverride All|None|directive-class– Specifies the class of directives that are allowed
in .htaccess files
• Deny from All | host | env=var– Specifies which clients are not allowed to access
specified content
• Order Deny,Allow | Allow,Deny– Specifies default access and order in which directives
are evaluated
The RedHat httpd.conf file
• 3 sections– Global Environment – controls the overal
functioning of the apache server– Main Server Configuration – configures the
deault server and provides default configuration information for virtual hosts
– Virtual Hosts – configures virtual hosts
Global Environment
• ServerTokens OS – causes apache to return name and complete
version number of apache
• ServerRoot “/etc/httpd” – Pathname apache prepends to relative
filenames
• <IfModule> - directives in the IfModule container are only executed if the specified module is loaded.
MPMs
• Multiprocessing Modules – – Prefork – apache module holds directives that control
the functioning of apache when it starts and as it runs– <IfModule prefork.c>
• StartServers 8• MinSpareServers 5• MaxSpareServers 20• ServerLimit 256• MaxClients 256• MaxRequestPerCHild 4000
</IfModule>
Global Environment
• Listen– Fedora – does not specify an IP address– RHEL – specifies 0.0.0.0 –listen on all
network interfaces.
• LoadModule – several
• Include
• Red Hat Test page –no index.html
Main Server Configuration
• ServerAdmin, ServerName – change to useful values
• DocumentRoot /var/www/html – only modify if you want to put content in
another location
• <Directory>
• DIrectoryIndex index.php index.html …
Virtual Hosts
• All lines in this section are commented out by default.
• Virtual hosts provide for one instance of apache to respond to requests directed to multiple IP addresses or hostnames as though it were multiple servers. Each IP address or hostname can be configured differently.
Virtual Hosts• 2 types of Virtual hosts:
– Host-by-name – relies on FQDN the client uses in its request to appache
– Host-by-IP – examines th3e IP address the host resolves as and responds according to that match
<VirtualHost intranet.example.com>ServerName intranet.example.comDocumentRoot /usr/local/wwwErrorLog /ar/log/httpd/intra.error_log
<Directory /usr/local/www>Order deny, allowDeny from allAllow from 192.168.
</Directory></VirtualHost>
Redirects
• Apache can respond to a request for a URI by asking the client to request a different URI. This is called a redirect. The redirect directive can establish an explicit redirect that sends a client to a different page when a web site is moved or can add / when user neglects to terminate directory with /
UseCanonicalName
• The ServerName directive and the UseCanonicalName directive are both important when a server has more than one name and needs to perform a redirect. For example, a server named zach.example.com with alias www.example.com has ServerName set to www.example.com. When client specifies a URI such as zach.example.com/dir (no ending /), apache has to perform a redirect to deterine the URI of the requested directory. When USeCanonicalName is on, apache uses the value of the ServerName and returns www.example.com/dir/. With UseCanonicalName set to off, apache uses the name from the incoming request and returns zach.example.com/dir/
Multiviews
• Multiviews is a way to represent a page in different ways, most commonly in different languages. Using request headers, a browser can request a specific language from a server.
Troubleshooting
• To test apache:– Open browser to http://localhost/ (locally) or
http://domainname (from a remote system)– If Connection refused error,
• Check to make sure that port 80 isn’t blocked by a firewall and check that the server is running
• Try to connect with telnet www.example.com 80
• Service httpd configtest –checks syntax of apache configuration files
• /sbin/service httpd status – checks to ensure that the httpd server is running
Modules
• Apache is a skeletal program that relies on external modules, called dynamic shared objects (DSOs).
CGI Scripts
• CGI (Common Gateway Interface) allows external application programs to interface with web servers. Any program can be a CGI program if it runs in real time and relays its output to the requesting client. Shell scripts, Perl, Python, and PHP are the most commonly used CGI programs.
• The most common way to handle CGI programs is to put a CGI program in the cgi-bin directory and enable its execution from that directory only
Mod_ssl
• SSL, implemented by mod_ssl, allows aclient to verify the identity of a server and it enables secure 2-way communication between a client and a server. SSL is used on web pages that require passwords, credit card numbers, etc.
• Apache uses https for ssl communications (port 443)
• /etc/httpd/conf.d/ssl.conf configures mod_ssl.
Authentication Modules and .htaccess
• User authentication directives are commonly placed in a .htaccess file.
• AuthUserFile /var/www/.htpasswd
• AuthGroupFile /dev/null
• AuthName “Browser dialog box query”
• AuthType Basic
• Require valid-user
Scripting Modules
• Apache can process content before serving it to a client. Scripting modules can work with scripts that are embedded in html documents. Scripting modules manipulate content before Apache serves it to a client.
Webalizer: Analyzes Web Traffic
• Webalizer creates a directory at /var/www/usage and a cron file. Once a day, the cron file generates usage data and puts it in the usage directory.
• MRTG – Monitors Traffic Codes– Multi Router Traffic Grapher is an open-
source application that graphs statistics available through SNMP.