apache configuration

Apache Http Server

Installation and configuration

What is a Web server?

The primary function of a web server is to deliver web pages on the request to clients using the Hypertext Transfer Protocol (HTTP). This means delivery of HTML documents and any additional content that may be included by a document, such as images, style sheets and scripts. A user agent, commonly a web browser, initiates communication by making a request for a specific resource using HTTP and the server responds with the content of that resource or an error message if unable to do so.

2

Most common Web Servers

3

Product Vendor Web Sites

Hosted Percent

Apache Apache 409,185,675 61.45%

IIS Microsoft 97,385,377 14.62%

nginx NGINX, Inc. 73,833,173 11.09%

GWS Google 22,931,169 3.44%

2012

The Apache HTTP Server

First version is from 1995.

Developed and maintained by an open community of developers under the auspices of the Apache Software Foundation.

Its available for a wide variety of operating systems (Windows, Linux, OS X, ).

New versions constantly released (latest stable version: 2.4.3 ).

4

Apache features

Apache supports a variety of features, many implemented as compiled modules which extend the core functionality: Virtual hosting to serve many Web sites using one IP address Bandwidth throttling server-side programming language support (PHP, perl, python,) authentication schemes (mod_access, mod_auth, mod_digest) Transport Layer Security support (mod_ssl) proxy module (mod_proxy) URL rewriter (mod_rewrite) custom log files (mod_log_config) ...

5

Apache installation

(Mandatory)Enter the following command to install the Apache 2 web server:

(Recommended)To install its documentation:

6

apt-get install apache2

apt-get install apache2-doc

Apache installation

To know which apache version is installed type the following command :

7

root@server:~# apachectl -V

Server version: Apache/2.2.16 (Debian)

Server built: Sep 9 2012 21:17:36

Server's Module Magic Number: 20051115:24

Server loaded: APR 1.4.2, APR-Util 1.3.9

Compiled using: APR 1.4.2, APR-Util 1.3.9

Architecture: 32-bit

Server MPM: Worker

threaded: yes (fixed thread count)

forked: yes (variable process count)

Server compiled with....

....

-D DEFAULT_ERRORLOG="logs/error_log"

-D AP_TYPES_CONFIG_FILE="mime.types"

-D SERVER_CONFIG_FILE="apache2.conf"

Apache-doc

This package provides the documentation for Apache 2. For more details see the apache2 package description.

http://packages.debian.org/squeeze/apache2-doc

The documentacion is located in html format in /usr/share/doc/apache2-doc/manual/ and is available in different languages. The installation automatically creates an alias /manual for this directory in our server.

8

Apache-doc

9

Apache-utils

Provides some add-on programs useful for any webserver. These include:

- ab (Apache benchmark tool)

- logresolve (Resolve IP addresses to hostname in logfiles)

- htpasswd (Manipulate basic authentication files)

- htdigest (Manipulate digest authentication files)

- dbmmanage (Manipulate basic authentication files in DBM format)

- htdbm (Manipulate basic authentication files in DBM format)

- rotatelogs (Periodically stop writing to a logfile and open a new one)

- split-logfile (Split a single log including multiple vhosts)

For more details see the apache2 package description.

http://packages.debian.org/squeeze/apache2-utils

10

Apache Configuration Options

In the default installation of Apache 2 on Debian, the main configuration is located in the /etc/apache2/apache2.conf files, but Apache configuration directives are loaded from files in a number of different locations, in a specific order. Configuration files are read in the following order, with items specified later taking precedence over earlier and potentially conflicting options: 1. /etc/apache2/apache2.conf 2. Files with .load or .conf extensions in /etc/apache2/mods-enabled/ directory. 3./etc/apache2/httpd.conf (Blank by default.) 4. /etc/apache2/ports.conf 5. Files within the /etc/apache2/conf.d/ directory. 6. Files within the /etc/apache2/sites-enabled/ directory. 7. .htaccess files in the directory.

11

Installation architecture

12

apache2.conf main configuration file

conf.d Files in this directory are included as part of the global server

configuration and will apply to all virtual hosts

envvars default environment variables for apache2ctl

httpd.conf User configuration. Empty by default

magic Data for mod_mime_magic which determines the MIME type

of files

mods-available directory with modules available

mods-enabled directory with modules currently enabled

ports.conf File with port configuration

sites-available directory with sites available

sites-enabled directory with sites currently enabled

Path to folder installation: /etc/apache2

Apache modules

Modules enhance the characteristics of core Apache http server. For example:

mod_alias Provides for mapping different parts of the host filesystem in the document tree and for URL redirection.

mod_auth_basic Provides basic authentication.

To disable a module (for instance mod_alias):

To enable a module:

13

a2dismod alias

a2enmod alias

Listen Directive

IP addresses and ports that the server listens to.

to make the server accept connections on both port 80 and port 8000, use:

To make the server accept connections on two specified interfaces and port numbers, use:

14

Listen 80

Listen 8000

Listen 192.170.2.1:80

Listen 192.170.2.5:8000

Syntax: Listen [IP-address:]portnumber [protocol]

Context: server config

ServerName Directive

The ServerName directive sets the request scheme, hostname and port that the server uses to identify itself. This is used when creating redirection URLs.

For example, if the name of the machine hosting the web server is simple.example.com, but the machine also has the DNS alias www.example.com and you wish the web server to be so identified, the following directive should be used:

15

ServerName www.example.com:80

Syntax: ServerName [scheme://]fully-qualified-domain-name[:port]

Context: server config, virtual host

DocumentRoot Directive

This directive sets the directory from which httpd will serve files.

Unless matched by a directive like Alias, the server appends the path from the requested URL to the document root to make the path to the document. Example:

An access to http://127.0.0.1/index.html refers to /usr/web/index.html.

16

DocumentRoot /usr/web

DocumentRoot Directive

The DocumentRoot should be specified without a trailing slash.

17

Syntax: DocumentRoot directory-path

Default: DocumentRoot /usr/local/apache/htdocs


ServerAdmin Directive

The ServerAdmin sets the contact address that the server includes in any error messages it returns to the client.

18

ServerAdmin [email protected]

Syntax: ServerAdmin email-address|URL


DirectoryIndex Directive

The DirectoryIndex directive sets the list of resources to look for, when the client requests an index of the directory by specifying a / at the end

of the directory name.

19

DirectoryIndex index.html index.php index.jsp

Syntax: DirectoryIndex local-url [local-url] ...

Default: DirectoryIndex index.html

Context: server config, virtual host, directory, .htaccess

Directive

and are used to enclose a group of directives that will apply only to the named directory and sub-directories of that directory. Any directive that is allowed in a directory context may be used.

20

Options Indexes FollowSymLinks

Syntax: ...


Options Directive

The Options directive controls which server features are available in a particular directory. Most important values are: None none of the extra features are enabled All All options except for MultiViews. This is the default setting. ExecCGI Execution of CGI scripts using mod_cgi is permitted. FollowSymLinks The server will follow symbolic links in this directory. Indexes If a URL which maps to a directory is requested, and there is no DirectoryIndex (e.g., index.html) in that directory, then mod_auto index will return a formatted listing of the directory. Multiviews The server is allowed to return the document that best matches the users request

21

Options Directive

Other options are: IncludesNOEXEC, SymLinksIfOwnerMatch. For more info see:

http://httpd.apache.org/docs/2.2/mod/core.html#options

22

Options Indexes

Syntax: Options [+|-]option [[+|-]option] ...

Default: Options All

Context: server config, virtual host, directory, .htaccess

Options Directive

If multiple Options could apply to a directory, then the most specific one is used and others are ignored; the options are not merged. However if all the options on the Options directive are preceded by a + or -symbol, the options are merged. Example:

23


Options Includes


Options +Includes -Indexes

only Includes will be set for the /web/docs/spec directory

the options FollowSymLinks and Includes are set for the /web/docs/spec directory

AllowOverride Directive

When the server finds an .htaccess file (as specified by AccessFileName) it needs to know which directives declared in that file can override earlier configuration directives. Most important values are: None .htaccess files are completely ignored. AuthConfig Allow use of the authorization directives. FileInfo Allow use of the directives controlling document types Options Allow use of the directives controlling specific directory features Indexes Allow use of the directives controlling directory indexing Limit Allow use of the directives controlling host access All any directive is allowed

24

AllowOverride Directive

In the example above all directives that are neither in the group AuthConfig nor Indexes cause an internal server error.

25

AllowOverride AuthConfig Indexes

Syntax: AllowOverride All|None|directive-type [directive-type] ...

Default: AllowOverride All

Context: directory

.htaccess file

.htaccess files (or "distributed configuration files") provide a way to make configuration changes on a per-directory basis. A file, containing one or more configuration directives, is placed in a particular document directory, and the directives apply to that directory, and all subdirectories thereof.

26

Order Directive

The Order directive, along with the Allow and Deny directives, controls a three-pass access control system. Allow,Deny 1 all Allow directives are evaluated; at least one must match, or the request is rejected. 2 all Deny directives are evaluated. If any matches, the request is rejected. 3 any requests which do not match an Allow or a Deny directive are denied by default. Deny,Allow 1 all Deny directives are evaluated; if any match, the request is denied unless (2) it also matches an Allow directive. 3Any requests which do not match any Allow or Deny directives are permitted.

27

Order Directive

In the following example, all hosts in the apache.org domain are allowed access; all other hosts are denied access.

All hosts in the apache.org domain are allowed access, except for the hosts which are in the foo.apache.org subdomain, who are denied access. All hosts not in the apache.org domain are denied access.

28

Order Deny,Allow

Deny from all

Allow from apache.org

Order Allow,Deny


Deny from foo.apache.org

Order Directive

29

Order Deny,Allow


Deny from foo.apache.org

If the Order in the last example is changed to Deny,Allow, all hosts from apache.org will be allowed access including those from foo.apache.org

The presence of an Order directive can affect access to a part of the server even in the absence of accompanying Allow and Deny directives because of its effect on the default access state

Order Allow,Deny

will Deny all access to the /www directory because the default access state is set to Deny.

Order Directive

Allow,Deny result Deny,Allow result

Match Allow only Request allowed Request allowed

Match Deny only Request denied Request denied

No match Default to second directive: Denied

Default to second directive: Allowed

Match both Allow & Deny Final match controls: Denied Final match controls: Allowed

30

Syntax: Order ordering

Default: Order Deny,Allow

Context: directory, .htaccess

Allow/Deny Directive

It affects which hosts can/cant access an area of the server. the host can be specified in any of the following formats: A (partial) domain-name Allow from .net example.edu A full IP address Deny from 10.1.2.3 A partial IP address Allow from 192.168.2 A network/netmask pair Allow from 10.1.0.0/255.255.0.0 A network/nnn CIDR specification Deny from 10.1.0.0/16

31

Enabling/disabling sites

a2ensite

Will create the correct symlinks in sites-enabled to allow the site configured in sitefilename to be served

a2dissite

Will remove the symlinks from sites-enabled so that the site configured in sitefilename will not be served

*Its mandatory to reload apache after making any change

32

root@myserver:~# a2dissite default

Site default disabled.

To activate the new configuration, you need to run:

service apache2 reload

root@myserver:~# a2ensite default

Enabling site default.

To activate the new configuration, you need to run:

service apache2 reload

root@myserver:~# service apache2 reload

[ ok ] Reloading web server config: apache2.

Apache Virtual Host

The term Virtual Host refers to the practice of running more than one web site (such as company1.ex.com and company2.ex.com) on a single machine.

Virtual hosts can be "IP-based", meaning that you have a different IP address for every web site, or "name-based", meaning that you have multiple names running on each IP address. The fact that they are running on the same physical server is not apparent to the end user.

33

Name-based Virtual Host

IP-based virtual hosts use the IP address of the connection to determine the correct virtual host to serve. Therefore you need to have a separate IP address for each host. With name-based virtual hosting, the server relies on the client to report the hostname as part of the HTTP headers. Using this technique, many different hosts can share the same IP address.

34

IP-based Virtual Host

IP-based virtual hosting is a method to apply different directives based on the IP address and port a request is received on. Most commonly, this is used to serve different websites on different ports or interfaces.

35

NameVirtualHost Directive

The NameVirtualHost directive is a required directive if you want to configure name-based virtual hosts.

With the NameVirtualHost directive you specify the IP address on which the server will receive requests for the name-based virtual hosts.

36

NameVirtualHost 111.22.33.44:80

Syntax: NameVirtualHost addr[:port]

Context: server config

apache configuration

Documents