Apache Setting up a Web (httpd) server

Apache Apache is the utility used by Linux servers to provide Web services (http services). It is the most popular Web server utility in use on the Internet. Developed and maintained by ASF (Apache Software Foundation), a non- profit organization founded in 1999.

Intro Apache is a server that responds to requests from Web browsers (or clients) for web content. Client browser sends request to apache server by entering domain name in URL box. Apache server responds to request with content from requested page. Client displays content from server on terminal screen.

Intro (cont) Apache server is oblivious to content of web page. Uses external modules to increase flexibility and to allow individual components to be compiled separately from the primary package. These modules are called DSOs (Dynamic Shared Modules)

Prerequisites httpd apr (apache portable runtime) apr-util Optional Packages httpd-manual – apache manual Webalizer – web server log analyzer Mod_perl – secure sockets layer extension Php – embedded php scripting language, including IMAP and LDAP support Mrtg – mrtg traffic monitor Net-snmp and net-snmp-utils – snmp – required for MRTG

Starting Apache /sbin/chkconfig httpd on /sbin/service httpd start After making configuration changes to Apache, gracefully restart without interrupting users currently using the web server as follows: /sbin/service httpd graceful

Terms Apache – the name of a server that runs the http daemon. Serves web content and http. Daemon is named httpd. An apache server is the same as the apache process. An apache child process exists to handle incoming client requests. Apache typically uses TCP port 80; https uses TCP port 443. If you are running a firewall, you must open these ports.

Starting Apache 1.Add the following lines to the /etc/httpd/conf/httpd.conf configuration file: ServerName domainname or ServerName IP_address For example: frontdesk mstockbauer.com

Starting Apache 2.ServerAdmin Specifies the address that the server displays on error pages 3. ServerSignature Specifies that you want an link on error pages 4.After saving these changes to the configuration file, restart the httpd. /etc/sbin httpd graceful These lines provide an address for web pages that are not found on the server.

Testing Apache Open browser and enter domain name in URL box. Also try entering the IP address of the web server in the URL box of your browser. Content is placed in /var/www/html subdirectory. Default opening page is /var/www/html/index.html

System-config-httpd Can also be used to set up httpd. /etc/httpd/conf/httpd.conf contains many informational comments that will be overwritten the first time you run this utility. Be sure to rename this file BEFORE ever running system-config-httpd.

System-config-httpd Tabs: Main, Virtual Hosts, Server, Performance Tuning. Each field corresponds to a directive in the /etc/httpd/conf/httpd.conf file.

Main tab Establish a FQDN as the name of the server, an address for the server administrator, and ports and addresses that apache listens on for requests.

Virtual Hosts Allows you to establish default settings for Apache and set up virtual hosts. Virtual hosts allow one instance of Apache to respond to requests directed to multiple IP addresses or hostnames as though it were multiple servers. Each IP address or hostname can provide different content and be configured differently.

Server Tab Can specify the pathname of the Lock directive, the PID file, and the directory that Apache uses to store core dumps.

Performance Tuning Tab Control the maximum number of connections that Apache allows (MaxClients), the number of seconds after which a connection will disconnect (Timeout), the max number of requests allowed per connection (MaxRequestsPerChild), and whether to allow persistent connections (KeepAlive)

File System Layout Binaries,scripts, and modules are stored in /usr/sbin/httpd, /usr/sbi/apachect, /usr/bin/htpassewd, /usr/sbin/rotatelogs, /etc/httpd/modules Configuration files: /etc/httpd/conf/httpd.conf, /etc/httpd/conf/magic, etc. Logs: /var/log/httpd/access_log, /var/log/httpd/error_log, /var/log/httpd/ssl_*_log

File system Web documents: –/var/www/cgi-bin – holds cgi scripts –/var/www/error – holds default error docs –/var/www/icons – icons used for directories –/var/www/manual Document root - /var/www/html by default. Can be changed..htaccess files – contains config directives and can appear in any directory in the document root hierarchy. Location is critical – directives apply to all files in the hierarchy rooted at the directory containing the.htaccess file.

Configuration Directives Lines in a configuration file that control some aspect of Apache –Keyword values –If value has spaces, must enclose in “” /etc/httpd/conf/httpd.conf – most important file. Holds global directives. An include directive can incorporate contents of another file into config file

Configuration Directives.htaccess – local directives can also appear in.htaccess file Pathnames – when absolute pathname is used in configuration directive, directive uses that pathname without modification. If relative pathname is used, apache prepends to the name the value specified by the ServerRoot directive (/etc/httpd by default)

Directives You May Want to Modify in /etc/httpd/conf/httpd.conf Listen [IP address:]portnumber –Specifes IP address and port that httpd will listen on. If no IP address or , httpd will listen on all NICs. Must have at least one Listen directive or Apache won’t work –To change to 8080, Listen 8080 Now, each request to the server must include a port number ( or kernel will return a connection refused. –Use multiple Listen directives to cause Apache to listen on multiple IP addresses and ports. Listen 80 Listen :8080 Listen :443

Directives You May Want to Modify in /etc/httpd/conf/httpd.conf ServerAdmin -address –Sets the address displayed on error pages. ServerName fqdn[:port] –Specifies server’s name and the port it listens on. Fqdn must be able to be resolved by DNS and may differ from the hostname of the system running the Server. ServerName

Directives You May Want to Modify in /etc/httpd/conf/httpd.conf DocumentRoot dirname –Points to the root of the directory hierarchy that holds the server’s content. Dirname is the absolute pathname of the directory at the root of the directory hierarchy that holds the content apache serves. Do NOT use a trailing slash. Default is /var/www/html DocumentRoot /home/www

Directives You May Want to Modify in /etc/httpd/conf/httpd.conf UserDir dirname | disabled | enabled users –Allows users to publish content from their home directories –Dirname is the name of a directory that, if it appears in a local user’s home directory apache publishes to the web. Disabled prevents content from being published from user directories, enabled causes the home directories of specified users to be displayed. –To go to the page in a browser, displays the index.html file in jdoe’s public_html directory. –Default in RHEL is public_html, Fedora – none, Red Hat - disabled

Directives You May Want to Modify in /etc/httpd/conf/httpd.conf DirectoryIndex filename [filename….] –Specifies which file to display when a user asks for a directory. Filename is the name of the file that apache serves. When a client specifies a directory location (no file name), this specifies which files apache should look for DirectoryIndex index.php index.html index.htm index.shtml – Uses UserDir of public_html and DirectoryIndex of index.htm –.var extension denotes a content-negotiated document that allows apache to serve the apache manual and other documents in one of several languages as specified by client.

Contexts and Containers Contexts – 4 locations that define where a configuration directive can appear. –Server config – can appear in httpd.conf only, but not inside or containers. –Virtual host – can appear in container within httpd.conf only –Directory – Can appear inside,, and containers –.htaccess – can appear in.htaccess files only Directives in files incorporated with an Include directive are part of the context they are included in and must be allowed in that context.

Containers Containers (special directives) are directives that group other directives. Delimited by XML-style tags. …. …

Some Commonly Used Containers … –Applies directives to directories within specified directory hierarchies. Directory is an absolute pathname specifying the root of the directory hierarchy that holds the directories the directives in the container apply to. Deny from alldenies all clients Allow from allows AllowOverride All.htaccess files override

Some Commonly Used Containers … –Applies directives to specifed ordinary files …. –Applies directives if a specified module is loaded. … –Limits access-control directives to speciied HTTP methods.

Some Commonly Used Containers … –Limits access-control directies to all except specified HTTP methods. … –Applies directives to specified URIs … –Applies directives to matched URIs.. –Applies directives to a specified virtual host

Advanced Directives: Control Processes MaxClients x– specifies the max number of child processes that apache runs at one time. If max are all used, apache issues “Server Too Busy” error. 150 is typical MaxRequestsPerChild x – specifies the max number of requests a child process can serve during its lifetime. Dies after completion. Set x to 0 to not set a limit. BY limiting the life of processes, this can prevent memory leaks from consuming too much memory. Can hurt performance.

Advanced Directives: Control Processes MaxSpareServers x – specifies the maximum number of idle processes apache keeps running to serve requests as they come in. DO not set too high. RedHat default 20 MinSpareServers x – specifies the min number of idle processes. Increase this value for busy sites only. Default is 5. StartServers – specifies the number of child processes that Apache starts with.

Advanced Directives: Networking Directives HostnameLookups On|off|double – specifies whether apache puts a client’s hostname or its IP address in the logs –On – performs DNS reverse name resolution to display host names –Off – logs IP addresses –Doube – displays both

Advanced Directives: Networking Directives Timeout x – specifies the number of seconds that apache waits for network operations to complete. Default is 300, RedHat – 120 UseCanonicalName On|Off|DNS –Specifies the method the server uses to identify itself; important when server has more than one name and needs to redirect. On – uses value of ServerName directive Off – uses name and port from incoming request DNS – reverse DNS on IP of incoming request

Advanced Directives: Logging Directives ErrorLog filename – specifies where apache sends error messages. Default: logs/error_log LogLevel – specifies the level of error messages that apache logs. Default – warn –Options: Emerg, alert, crit, error, warn, notice, info, debug

Directives that Control Content AddHandler – creates a mapping between fielname extensions and a builtin apache handler. –AddHandler cgi-script.cgi Tells apache to process files with.cgi extension with the cgi-script handler (related to loaded modules) Alias – maps a URI to a directory or file

Directives that Control Content ErrorDocument code action - specifies the action apache takes when the specified error occurs. ErrorDocument 403 “Sorry, access is forbidden” IndexOptions – specifies how apache displays directory listings. ServerRoot directory – specifies the root directory for server files (not content)

Directives that Control Content ServerTokens Prod|Major|Minor|Min|OS|Full –specifies the server information that apache returns to a client –OS – name of OS and complete version –Prod – apache –Major – major release number –Minor – major and minor release numbers –Minimal – complete version apache/2.2.0 –Full – Same as OS, plus names and versions on group modules Default is Full, Red Hat OS – change this to reveal as little as possible

Directives that Control Content ServerSignature On|Off| –Adds a line to server-generated pages On – turns signature line on with server version as specified by ServerTokens Off – turns signature line off – adds a mailto: link

Configuration Directives Group – sets the GID of the processes that run the servers Include – loads directives from files LoadModule – loads a module Options – controls server features by directory ScriptAlias – maps a URI to a directory or file and declares the target to be a server (CGI) script

Configuration DIrectives User – sets the UID of the processes that run the servers –Apache must start as root to listen on a privileged port. Child processes run as nonprivileged users. Do not set user to root or 0.

Security Directives Allow from All | host xxx | env=var –Specifies which clients can access specified content AllowOverride All|None|directive-class –Specifies the class of directives that are allowed in.htaccess files Deny from All | host | env=var –Specifies which clients are not allowed to access specified content Order Deny,Allow | Allow,Deny –Specifies default access and order in which directives are evaluated

The RedHat httpd.conf file 3 sections –Global Environment – controls the overal functioning of the apache server –Main Server Configuration – configures the deault server and provides default configuration information for virtual hosts –Virtual Hosts – configures virtual hosts

Global Environment ServerTokens OS –causes apache to return name and complete version number of apache ServerRoot “/etc/httpd” –Pathname apache prepends to relative filenames - directives in the IfModule container are only executed if the specified module is loaded.

MPMs Multiprocessing Modules – –Prefork – apache module holds directives that control the functioning of apache when it starts and as it runs – StartServers 8 MinSpareServers 5 MaxSpareServers 20 ServerLimit 256 MaxClients 256 MaxRequestPerCHild 4000

Global Environment Listen –Fedora – does not specify an IP address –RHEL – specifies –listen on all network interfaces. LoadModule – several Include Red Hat Test page –no index.html

Main Server Configuration ServerAdmin, ServerName – change to useful values DocumentRoot /var/www/html –only modify if you want to put content in another location DIrectoryIndex index.php index.html …

Virtual Hosts All lines in this section are commented out by default. Virtual hosts provide for one instance of apache to respond to requests directed to multiple IP addresses or hostnames as though it were multiple servers. Each IP address or hostname can be configured differently.

Virtual Hosts 2 types of Virtual hosts: –Host-by-name – relies on FQDN the client uses in its request to appache –Host-by-IP – examines th3e IP address the host resolves as and responds according to that match ServerName intranet.example.com DocumentRoot /usr/local/www ErrorLog /ar/log/httpd/intra.error_log Order deny, allow Deny from all Allow from

Redirects Apache can respond to a request for a URI by asking the client to request a different URI. This is called a redirect. The redirect directive can establish an explicit redirect that sends a client to a different page when a web site is moved or can add / when user neglects to terminate directory with /

UseCanonicalName The ServerName directive and the UseCanonicalName directive are both important when a server has more than one name and needs to perform a redirect. For example, a server named zach.example.com with alias has ServerName set to When client specifies a URI such as zach.example.com/dir (no ending /), apache has to perform a redirect to deterine the URI of the requested directory. When USeCanonicalName is on, apache uses the value of the ServerName and returns With UseCanonicalName set to off, apache uses the name from the incoming request and returns zach.example.com/dir/

Multiviews Multiviews is a way to represent a page in different ways, most commonly in different languages. Using request headers, a browser can request a specific language from a server.

Troubleshooting To test apache: –Open browser to (locally) or (from a remote system) –If Connection refused error, Check to make sure that port 80 isn’t blocked by a firewall and check that the server is running Try to connect with telnet 80www.example.com Service httpd configtest –checks syntax of apache configuration files /sbin/service httpd status – checks to ensure that the httpd server is running

Modules Apache is a skeletal program that relies on external modules, called dynamic shared objects (DSOs).

CGI Scripts CGI (Common Gateway Interface) allows external application programs to interface with web servers. Any program can be a CGI program if it runs in real time and relays its output to the requesting client. Shell scripts, Perl, Python, and PHP are the most commonly used CGI programs. The most common way to handle CGI programs is to put a CGI program in the cgi-bin directory and enable its execution from that directory only

Mod_ssl SSL, implemented by mod_ssl, allows aclient to verify the identity of a server and it enables secure 2-way communication between a client and a server. SSL is used on web pages that require passwords, credit card numbers, etc. Apache uses https for ssl communications (port 443) /etc/httpd/conf.d/ssl.conf configures mod_ssl.

Authentication Modules and.htaccess User authentication directives are commonly placed in a.htaccess file. AuthUserFile /var/www/.htpasswd AuthGroupFile /dev/null AuthName “Browser dialog box query” AuthType Basic Require valid-user

Scripting Modules Apache can process content before serving it to a client. Scripting modules can work with scripts that are embedded in html documents. Scripting modules manipulate content before Apache serves it to a client.

Webalizer: Analyzes Web Traffic Webalizer creates a directory at /var/www/usage and a cron file. Once a day, the cron file generates usage data and puts it in the usage directory. MRTG – Monitors Traffic Codes –Multi Router Traffic Grapher is an open- source application that graphs statistics available through SNMP.