Wednesday, May 24, 2006
Apache Web server configuration guide
Apache is the most widely used Web server. The below is the configuration guide on unix platform.
Files created by apache
• /etc/httpd/conf/ – This directory contains all the apache configuration files
• /etc/rc.d/ -- This directory contains system startup scripts.
• /var/www – The default documents and web pages.
• /usr/share/man – The man pages for apache.
• /usr/sbin – The executable programs are placed here.
• /var/log/hhtpd – The Server log files are placed here.
Starting and Stopping the Apache Server
Starting
/etc/rc.d/init.d/httpd start
Stoping
/etc/rc.d/init.d/httpd stop
Restarting
/etc/rc.d/init.d/httpd restart
Monitoring the status
/etc/rc.d/init.d/httpd status
Runtime server configuration settings
we have to configure it as per out need. This run time configuration files are
httpd.conf
access.conf
srm.conf
Configuration Directives
• The runtime configuration is done with “Configuration Directives” in the above mentioned files.
• Configuration directives are used the tell the server about various information such as
* Location of files required for server.
* To enable or disable a particular facility.
Syntax for Configuration directive
directive option option ...
• The directives are specified one per line.
Special Directives
• The special directives are also called as “sections”
• The sections are similar to HTML tags
• The contains group of “configuration directives”
Syntax for Special Directives
directive option option
directive option opthin
All special directives are opened with <> tag and closed with tag.
Editing httpd.conf file
Most of the default settings can be left as it is.
The following list provides the directives that are very important.
ServerType Directive
This directive have two options
• Standalone
• inetd
Standalone Directive
Standalone is the most widely used in all web servers, The advantage of using this option is that the client do not have to refer the server for same web page again and again.if a particular web page is being viewed this is being cached by the browser, the user can revisit the page stored in the browser with out intervening the server.
Inetd Directive
Inetd is not widely used, it is slow when compared to standalone option.This option is used for security reason and configuration checking. For each and every request the server spawns its process.
ServerRoot Directive
This directive sets the absolute path to your server directory, It tells where to find all the resources and configuration files.
ServerRoot “/etc/httpd”
By default the server root is set to /etc/httpd directory. If you wish to create a separate configuration in different directory, you can mention that directory.
Port Directive
The Port directive indicates which port your server to run on. By default it is set to 80, which is standard HTTP port number. If you decide to run the server on any other port , the port number can be changed to your desire.
Port 80
User and Group Directives
This directive sets the UID and GID that the server will use to process requests. We should be careful while setting the UID. The UID should be set as a user with no privilege or less privilege.
The default set is
User apache
Group apache
By default the default user and group directive is apache.
ServerAdmin Directive
This should be set to the mail id of the webmaster, if any error occurs it will be mailed to webmasters email id.
ServerAdmin webmaster@drmcet.org
ServerName Directive
The ServerName directive sets the hostname the server will return to client if any request is made.
ServerName www.drmcet.org
DocumentRoot directive
Set it to the absolute path of your document tree. which is the top directory from which apache will serve files.
By default
DocumentRoot “/var/www/html”
If you wish to create your own html source in some other directory you can specify the path of that directory instead of /var/www/html as argument.
In older version of apache this directive is present in srm.conf
UserDir Directive
This directive defines the directory relative to a local user’s home directory where that user can put public HTML documents. It is relative because each user will have their own HTML directory.
The default setting for this directive is public_html. So each user will be able to create a directory called public_html under his home directory.HTML documents available under this directory can be viewed by http://servername/~username, where user name is the name of the particular user.
In older version of apache this directive is present in srm.conf.
UserDir public_html
DirectoryIndex directive
The DirectoryIndex directive indicates which file should be served as the index for a directory,
Multiple files can be specified as index because if any file is not found the next one will be tried.
DirectoryIndex index.html index.htm index.cgi index.shtml
In older version of apache this directive is present in srm.conf
.htaccess File
Almost any directive that appears in the configuration files can appear in an .htaccess file. This file is being called from httpd.conf by “AccessFileName” directive defined as
AccessFileName .htaccess
.htaccess file can override the httpd.conf ‘s configuration. In order to allow and not to allow we can specify a directive called AllowOverride.
An example:
Options Indexes Includes FollowSymLinks
AllowOverride None
Order allow, deny
Allow from all
Options directives
Options can be None, All, or any combination of Indexes, Includes, FollowSymLinks.
None
None of the available options are enabled for this directory.
All
All the available options are enables for this directory.
Indexes
This is an option which search for file options in DirectoryIndex directive.
FollowSymLinks
Allows access to directories that are symbolically linked to a document directory. This is usually a bad idea, and you should not set this for all the directories. You should set it reasonably.
AllowOverrides Directives
The AllowOverrides directives specify which options .htaccess files can override.
Options
The .htaccess file can add options not listed in the Options directive.
FileInfo
The .htaccess file can include directives for modifying document type information.
AuthConfig
The .htaccess file may contain authorization directives.
Limit
The .htaccess file may contain allow, deny, and order directives.
Authentication and Access Control
If you wish that your web site should be viewed only by selected users you can authenticate and authorize the particular user.
Access Restrictions with allow and deny
One of the simplest ways to provide access to a specific group of users is to restrict accesses based on IP address or hostnames. Apache uses allow and deny directives to accomplish this.
Both of these will take an address expression as a parameter.
• All -- can be used to affect all hosts.
• Host or Domain name which can either be a partially or a FQDN
Ex.
sys1.drmcet.org or drmcet.org
• An IP address which can be either full or partial
Ex.
10.10.10 or 10.10.10.25
• A network / Netmask pair such as 10.10.10.0/255.255.255.0
• A network address specified in CIDR format(Classless Internet Domain Routing)
Ex.
10.10.10.0/24
The default behavior of apache is to apply all the Deny directives first and then check the allow directives. If you want to change this order you can use the order statements, There are three different ways in which apache may interpret this statement.
• Order deny, allow – the deny directives are evaluated before allow. If a host is not specifically denied access it will be allowed to access the resource.(This is the default)
• Order allow, deny – all allow directives are evaluated before deny, if a host is not specifically
Allowed access, it will be denied access to the resources.
• Order mutual-failure – only host that are specified in an allow directive and at the same time do not appear in a deny directive will be allowed access.If a host does not appear in either directive it will not be granted access.
Example:
Options Indexes Includes FollowSymLinks
AllowOverride None
Order deny,allow
Allow from drmcet.org
Authentication
Authentication is the process of asking user name and password from the visitor. To get viewed the particular web page the user should have an account in the server.
In order to use a basic authentication you will need a file that lists which users are allowed to access the resources. This file is similar to /etc/passwd file which contains username and encrypted password.
htpasswd Command
To create a user file for Apache, use the htpasswd command. This is included with in the Apache package and it is located at /usr/bin/htpasswd.
To create a new file named “webusers” which will store the user accounts and add a user “user1” to that file , issue the following command
# htpasswd –c webuser user1
here
-c option will create a file named “webuser” .
This –c option should be issued only once while creating the file.
If you intend to add more user to that file just issue the following command
# htpasswd webuser user2
You can also create a groups file which has the following syntax.
Groupname: user1 user2 user3 user4
The first field is the name of the group, the next entries are the member list.
Example:
AuthType Basic
AuthName “Documentation”
AuthUserFile “webusers”
Require vaild-user
Virtual Hosting
One of the most popular service provided with the apache is to host a virtual domain or other wise called as virtual host. This is a complete web site with its own domain name, as if it where a standalone machine, but is is hosted on the same machine as other web sites.
Types of Virtual Hosting
1. Address Based
2. Name Based
Address-Based Virtual Hosts
Configure multiple virtual IP address on the server.
With each IP address you can make independent web sites. By configuring the httpd.conf file as follows.
ServerName www.abc.com
DocumentRoot /home/abc/www
TransferLog /home/abc/log/access_log
ErrorLog /home/abc/log/error_log
ServerName www.mce.com
DocumentRoot /home/mce/www
TransferLog /home/mce/log/access_log
ErrorLog /home/mce/log/error_log
The Directives that cannot be set in VirtualHost sections are as follows.
StartServers, MaxSpareServers, MinSpareServers, MaxRequestsPerChild, BindAddress, Listen, PidFile, TypesConfig, ServerRoot, and NameVirtualHost.
Name-Based Virtual Hosts
Name-based virtual hosts allow you to run more than one host on the same IP address. To accomplish this we have to add additional names to our DNS as CNAMEs(Canonical names).
When an client requests a document from your server, it sends with a request variable indicating the document. Based on this variable, the server determines from which of the virtual hosts it should serve content.
Name base virtual hosts require just one step more than IP address-based virtual hosts. You first need to indicate which IP address has the multiple DNS names on it. This is done with the NameVirtualHost directive.
NameVirtualHost 10.10.10.63
ServerName www.abt.com
DocumentRoot /home/abt/www
TransferLog /home/abt/log/access_log
ErrorLog /home/abt/log/error_log
ServerName www.mcet.com
DocumentRoot /home/mcet/www
TransferLog /home/mcet/log/access_log
ErrorLog /home/mcet/log/error_log
You need to have a section for each name on that address, setting the configuration for the name.
As with IP-based virtual hosts, you only need to set those configurations that need to be different for the host. You must set the ServerName directive because that is the only that distinguish one host from another.
Logging
Apache provides for logging just about any information you might be interested in from web accesses. There are two standard log files that are generated when you run your apache server.
access_log and error_log files. These log files are generated from the CustomLog and LogFormat directives.
Example:
LogFormat “%h %l %u %t \ “%r\” %.s %b” common
The following variables are available for LogFormat statements:
%a Remote IP address
%A Local IP address
%b Bytes sent
%f filename
%h Remote host
%H Request protocol
%l Remote logname
%m Request method
%P Process ID
%t Time
%r First line of request
%s Status
%u the remote user
%U The URL requested
Files created by apache
• /etc/httpd/conf/ – This directory contains all the apache configuration files
• /etc/rc.d/ -- This directory contains system startup scripts.
• /var/www – The default documents and web pages.
• /usr/share/man – The man pages for apache.
• /usr/sbin – The executable programs are placed here.
• /var/log/hhtpd – The Server log files are placed here.
Starting and Stopping the Apache Server
Starting
/etc/rc.d/init.d/httpd start
Stoping
/etc/rc.d/init.d/httpd stop
Restarting
/etc/rc.d/init.d/httpd restart
Monitoring the status
/etc/rc.d/init.d/httpd status
Runtime server configuration settings
we have to configure it as per out need. This run time configuration files are
httpd.conf
access.conf
srm.conf
Configuration Directives
• The runtime configuration is done with “Configuration Directives” in the above mentioned files.
• Configuration directives are used the tell the server about various information such as
* Location of files required for server.
* To enable or disable a particular facility.
Syntax for Configuration directive
directive option option ...
• The directives are specified one per line.
Special Directives
• The special directives are also called as “sections”
• The sections are similar to HTML tags
• The contains group of “configuration directives”
Syntax for Special Directives
directive option option
directive option opthin
All special directives are opened with <> tag and closed with tag.
Editing httpd.conf file
Most of the default settings can be left as it is.
The following list provides the directives that are very important.
ServerType Directive
This directive have two options
• Standalone
• inetd
Standalone Directive
Standalone is the most widely used in all web servers, The advantage of using this option is that the client do not have to refer the server for same web page again and again.if a particular web page is being viewed this is being cached by the browser, the user can revisit the page stored in the browser with out intervening the server.
Inetd Directive
Inetd is not widely used, it is slow when compared to standalone option.This option is used for security reason and configuration checking. For each and every request the server spawns its process.
ServerRoot Directive
This directive sets the absolute path to your server directory, It tells where to find all the resources and configuration files.
ServerRoot “/etc/httpd”
By default the server root is set to /etc/httpd directory. If you wish to create a separate configuration in different directory, you can mention that directory.
Port Directive
The Port directive indicates which port your server to run on. By default it is set to 80, which is standard HTTP port number. If you decide to run the server on any other port , the port number can be changed to your desire.
Port 80
User and Group Directives
This directive sets the UID and GID that the server will use to process requests. We should be careful while setting the UID. The UID should be set as a user with no privilege or less privilege.
The default set is
User apache
Group apache
By default the default user and group directive is apache.
ServerAdmin Directive
This should be set to the mail id of the webmaster, if any error occurs it will be mailed to webmasters email id.
ServerAdmin webmaster@drmcet.org
ServerName Directive
The ServerName directive sets the hostname the server will return to client if any request is made.
ServerName www.drmcet.org
DocumentRoot directive
Set it to the absolute path of your document tree. which is the top directory from which apache will serve files.
By default
DocumentRoot “/var/www/html”
If you wish to create your own html source in some other directory you can specify the path of that directory instead of /var/www/html as argument.
In older version of apache this directive is present in srm.conf
UserDir Directive
This directive defines the directory relative to a local user’s home directory where that user can put public HTML documents. It is relative because each user will have their own HTML directory.
The default setting for this directive is public_html. So each user will be able to create a directory called public_html under his home directory.HTML documents available under this directory can be viewed by http://servername/~username, where user name is the name of the particular user.
In older version of apache this directive is present in srm.conf.
UserDir public_html
DirectoryIndex directive
The DirectoryIndex directive indicates which file should be served as the index for a directory,
Multiple files can be specified as index because if any file is not found the next one will be tried.
DirectoryIndex index.html index.htm index.cgi index.shtml
In older version of apache this directive is present in srm.conf
.htaccess File
Almost any directive that appears in the configuration files can appear in an .htaccess file. This file is being called from httpd.conf by “AccessFileName” directive defined as
AccessFileName .htaccess
.htaccess file can override the httpd.conf ‘s configuration. In order to allow and not to allow we can specify a directive called AllowOverride.
An example:
Options Indexes Includes FollowSymLinks
AllowOverride None
Order allow, deny
Allow from all
Options directives
Options can be None, All, or any combination of Indexes, Includes, FollowSymLinks.
None
None of the available options are enabled for this directory.
All
All the available options are enables for this directory.
Indexes
This is an option which search for file options in DirectoryIndex directive.
FollowSymLinks
Allows access to directories that are symbolically linked to a document directory. This is usually a bad idea, and you should not set this for all the directories. You should set it reasonably.
AllowOverrides Directives
The AllowOverrides directives specify which options .htaccess files can override.
Options
The .htaccess file can add options not listed in the Options directive.
FileInfo
The .htaccess file can include directives for modifying document type information.
AuthConfig
The .htaccess file may contain authorization directives.
Limit
The .htaccess file may contain allow, deny, and order directives.
Authentication and Access Control
If you wish that your web site should be viewed only by selected users you can authenticate and authorize the particular user.
Access Restrictions with allow and deny
One of the simplest ways to provide access to a specific group of users is to restrict accesses based on IP address or hostnames. Apache uses allow and deny directives to accomplish this.
Both of these will take an address expression as a parameter.
• All -- can be used to affect all hosts.
• Host or Domain name which can either be a partially or a FQDN
Ex.
sys1.drmcet.org or drmcet.org
• An IP address which can be either full or partial
Ex.
10.10.10 or 10.10.10.25
• A network / Netmask pair such as 10.10.10.0/255.255.255.0
• A network address specified in CIDR format(Classless Internet Domain Routing)
Ex.
10.10.10.0/24
The default behavior of apache is to apply all the Deny directives first and then check the allow directives. If you want to change this order you can use the order statements, There are three different ways in which apache may interpret this statement.
• Order deny, allow – the deny directives are evaluated before allow. If a host is not specifically denied access it will be allowed to access the resource.(This is the default)
• Order allow, deny – all allow directives are evaluated before deny, if a host is not specifically
Allowed access, it will be denied access to the resources.
• Order mutual-failure – only host that are specified in an allow directive and at the same time do not appear in a deny directive will be allowed access.If a host does not appear in either directive it will not be granted access.
Example:
Options Indexes Includes FollowSymLinks
AllowOverride None
Order deny,allow
Allow from drmcet.org
Authentication
Authentication is the process of asking user name and password from the visitor. To get viewed the particular web page the user should have an account in the server.
In order to use a basic authentication you will need a file that lists which users are allowed to access the resources. This file is similar to /etc/passwd file which contains username and encrypted password.
htpasswd Command
To create a user file for Apache, use the htpasswd command. This is included with in the Apache package and it is located at /usr/bin/htpasswd.
To create a new file named “webusers” which will store the user accounts and add a user “user1” to that file , issue the following command
# htpasswd –c webuser user1
here
-c option will create a file named “webuser” .
This –c option should be issued only once while creating the file.
If you intend to add more user to that file just issue the following command
# htpasswd webuser user2
You can also create a groups file which has the following syntax.
Groupname: user1 user2 user3 user4
The first field is the name of the group, the next entries are the member list.
Example:
AuthType Basic
AuthName “Documentation”
AuthUserFile “webusers”
Require vaild-user
Virtual Hosting
One of the most popular service provided with the apache is to host a virtual domain or other wise called as virtual host. This is a complete web site with its own domain name, as if it where a standalone machine, but is is hosted on the same machine as other web sites.
Types of Virtual Hosting
1. Address Based
2. Name Based
Address-Based Virtual Hosts
Configure multiple virtual IP address on the server.
With each IP address you can make independent web sites. By configuring the httpd.conf file as follows.
ServerName www.abc.com
DocumentRoot /home/abc/www
TransferLog /home/abc/log/access_log
ErrorLog /home/abc/log/error_log
ServerName www.mce.com
DocumentRoot /home/mce/www
TransferLog /home/mce/log/access_log
ErrorLog /home/mce/log/error_log
The Directives that cannot be set in VirtualHost sections are as follows.
StartServers, MaxSpareServers, MinSpareServers, MaxRequestsPerChild, BindAddress, Listen, PidFile, TypesConfig, ServerRoot, and NameVirtualHost.
Name-Based Virtual Hosts
Name-based virtual hosts allow you to run more than one host on the same IP address. To accomplish this we have to add additional names to our DNS as CNAMEs(Canonical names).
When an client requests a document from your server, it sends with a request variable indicating the document. Based on this variable, the server determines from which of the virtual hosts it should serve content.
Name base virtual hosts require just one step more than IP address-based virtual hosts. You first need to indicate which IP address has the multiple DNS names on it. This is done with the NameVirtualHost directive.
NameVirtualHost 10.10.10.63
ServerName www.abt.com
DocumentRoot /home/abt/www
TransferLog /home/abt/log/access_log
ErrorLog /home/abt/log/error_log
ServerName www.mcet.com
DocumentRoot /home/mcet/www
TransferLog /home/mcet/log/access_log
ErrorLog /home/mcet/log/error_log
You need to have a section for each name on that address, setting the configuration for the name.
As with IP-based virtual hosts, you only need to set those configurations that need to be different for the host. You must set the ServerName directive because that is the only that distinguish one host from another.
Logging
Apache provides for logging just about any information you might be interested in from web accesses. There are two standard log files that are generated when you run your apache server.
access_log and error_log files. These log files are generated from the CustomLog and LogFormat directives.
Example:
LogFormat “%h %l %u %t \ “%r\” %.s %b” common
The following variables are available for LogFormat statements:
%a Remote IP address
%A Local IP address
%b Bytes sent
%f filename
%h Remote host
%H Request protocol
%l Remote logname
%m Request method
%P Process ID
%t Time
%r First line of request
%s Status
%u the remote user
%U The URL requested
# posted by singampuli @ 8:45 pm 
