Lesson 9. The Apache Web Server


Published on

  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Lesson 9. The Apache Web Server

  1. 1. Lesson 9. The Apache Web Server 9.1. The Apache Web Server Perhaps the second most1 popular network service available today is the world wide web. In today’s lesson we will configure the Apache web server. The Apache web server is produced by the ‘Apache Software Foundation’ (www.apache.org). The most recent release of Apache is version 2.0. Few sites have adopted version 2.0, however, since much add-in software only works with version 1.3. In this lesson, we will focus on version 1.3. 9.1.1. Configuring Apache Configuring Apache can be a complex process. Fortunately the default con- figuration is usually reasonable. The configuration for Apache is stored in the ‘httpd.conf’ file. The httpd.conf File Unfortunately, the ‘httpd.conf’ file has no fixed location. Some systems have it in ‘/etc/apache’, other systems have it elsewhere. Furthermore, older versions of Apache split the configuration into three files, the other two called ‘access.conf ’ and ‘srm.conf ’. There are a large number of options in the ‘httpd.conf ’ file, too many to cover here. A few of the more important appear in Table 9.1. In addition to these configuration options, it is possible to specify options specific to a particular directory of web pages. An example is given below <Directory /var/www> Options Indexes FollowSymLinks ExecCGI AllowOverride AuthConfig order allow, deny allow from all </Directory> The meaning of each of these configurtion options is described in Table 9.2. The ‘.htaccess’ File It is possible to cause Apache to require a username and password before allowing access to the contents of a directory. This is done by placing a file called 1 Email is arguably the most popular. 78
  2. 2. 9.1. The Apache Web Server 79 Option Description ServerType There are two possible servertypes, ‘standalone’ and ‘inetd’. Standalone servers are designed to be run continuously in the background processing web requests, whereas ‘inetd’ servers are invoked from inetd. Port Specifieswhich port number Apache should listen on. ServerAdmin Specifiesthe email address of the person responsible for the web site. MinSpareServers This option specifies the minimum number of apache pro- cesses that should be running at any one time. MaxSpareServers This option specifies the maximum number of apache pro- cesses that should be running at any one time. DocumentRoot This option specifies the location of the world wide web doc- uments. UserDir Specifies the name of a directory in a user’s home directory where personal web pages are stored. DirectoryIndex Sometimes a client will attempt to access a directory with- out specifying a filename. The DirectoryIndex option speci- fiesa number of filenamesthat are used when no filenameis given. Table 9.1. Configuration options in the ‘httpd.conf ’ file. Option Description Options The ‘Indexes’ option causes Apache to automatically generate a list of files in a directory when no specific file is requested, and no file in the directory has one of the DirectoryIndex names. If the ‘ExecCGI’ option were missing, Apache would not execute any CGI scripts in the directory. AllowOverride The options specifiedin the ‘httpd.conf ’ filefor a particular direc- tory can be overriden by a filecalled ‘.htaccess’ in that directory. The AllowOverride option specifies which options can be over- riden by the ‘.htaccess’ file.The ‘AuthConfig’option controls the ability to require a password to access a web page. order Definesthe order in which to process ‘allow’ and ‘deny’ options. allow from Specifiesa host or domain name, or a (partial) IP address which will be allowed access to the web pages in the directory. deny from Specifiesa host or domain name, or a (partial) IP address which will be denied access to the web pages in the directory. Table 9.2. Configuration options inside the ‘<Directory>’ section.
  3. 3. 80 Lesson 9. The Apache Web Server ‘.htaccess’ in the directory to which you wish to restrict access. The ‘.htaccess’ file contains configurationdirectives that override those given in the ‘httpd.conf ’ file.An example ‘.htaccess’ file appears below. AuthUserFile /usr/local/apache/etc/passwd AuthGroupFile /dev/null AuthName "The Secret Documents" AuthType Basic require valid-user The meaning of each of these options is described in Table 9.3. The HTPASSWD Command The ‘htpasswd’ command is used to create and modify the password file(s)used with Apache. The command $ htpasswd -c /etc/apache/passwd jdoe will prompt for a password and then create a new password file called ‘/etc/apache/passwd’ and add the user ‘jdoe’ with the specifiedpassword. Thereafter the command $ htpasswd /etc/apache/passwd jsmith will add a new user called ‘jsmith’ to the ‘/etc/apache/passwd’ file. 9.1.2. Virtual Websites It is common for a websites to be named after the company or organisation which created them. Some websites, however, do not receive many hits. It would be wasteful to dedicate a machine for such websites, when that machine could easily serve a number of these sites. The problem is how we can cause Apache to serve different web pages depending on which name was used to access the machine. There are two solutions to this problem. IP-Based Virtual Hosts With IP-based virtual hosts, the DNS is configuredto resolve each website name to a different IP address. IP aliasing is then used to allow a single machine to serve all of the websites. IP aliasing is a technique which enables a single network interface to have multiple IP addresses assigned to it.1 In this way, one machine could serve several web pages by determining which IP address was used to connect to it. For example, suppose we wish to configure our ethernet interface with a second IP address with netmask using IP aliasing. The following commands will do the trick: 1 The kernel must be configured to support IP aliasing, which is generally not the default.
  4. 4. 9.1. The Apache Web Server 81 Option Description AuthUserFile The location of a filecontaining usernames and passwords. This file is created and modified with the ‘htpasswd’ command. AuthGroupFile The location of a filecontaining group membership information. Access can be restricted to members of a particular group. AuthName The name of the authorization realm. Mulitple directories can share the same authorization realm. Once a user has logged in to a particular authorization realm, they can access any directory in the same authorization realm without needing to log in again. AuthType The type of authorisation used. Only ‘basic’ is available current- ly. (Some clients are able to use ‘Digest’ but others cannot) require Specifieswhich users can access the web pages in this directory. The ‘valid-user’ option means any user in the AuthUserFile. Access can be restricted to a particular user or users with something like require user janedoe johndoe Table 9.3. Configuration options in the ‘.htaccess’ file. $ ifconfig eth0:1 netmask broadcast $ route add -host dev eth0:1 Note that ‘eth0:1’ is used for the interface name. It is possible to configure the interface with several IP addresses using ‘eth0:2’, ‘eth0:3’ etc. Also note the use of the ‘-host’ option to ‘route’. Once this is accomplished, we need to configure Apache so that it will respond with different web pages based on the IP address used when the client connected to the Apache server. To do this, we use the ‘VirtualHost’ directive in the ‘httpd.conf ’ file.For example: <VirtualHost host.some_domain.com> ServerName host.some_domain.com ServerAdmin webmaster@host.some_domain.com DocumentRoot /var/www/host.some_domain.com ErrorLog /var/log/apache/host.some_domain.com-error.log TransferLog /var/log/apache/host.some_domain.com-access.log </VirtualHost> In the example we assume the name ‘host.some_domain.com’ is mapped to one of the IP addresses on our aliased ethernet interface. The ‘VirtualHost’ directive describes the configuration which is specific to that website. We have seen some of the options before. Those we haven’t are described in Table 9.4. Once this is done, the aliased interface can be used to serve a different set of
  5. 5. 82 Option Description ServerName The name used for the server. ErrorLog Specifiesa file where error messages should be logged. TransferLog Specifiesa file where transfers should be logged. Table 9.4. Configuration options in the ‘<VirtualHost>’ section. web pages. Unfortunately this scheme requires one IP address for each website, even though there is only one machine. This is not an efficient use of already scarce IP addresses. Name-Based Virtual Hosts Name-based virtual hosts are similar to IP-based virtual hosts with the excep- tion that they do not require an IP address for every website. The DNS is configured so that many names map to the same IP address. Apache is configured in a similar way to that used for IP-based virtual hosts. Unfortuneately, name-based virtual hosts only work with browsers that support HTTP 1.1 or above. To configurename-based virtual hosts, the ‘NameVirtualHost’ directive is used in the apache configuration, followed by the ‘VirtualHost’ directive we saw before. The ‘NameVirtualHost’ directive instructs Apache to serve multiple websites from the specified IP address. For example NameVirtualHost <VirtualHost> ServerName host.some_domain.com DocumentRoot /var/www/host.some_domain.com ServerAdmin webmaster@host.some_domain.com </VirtualHost> <VirtualHost> ServerName something.completely.different.net DocumentRoot /var/www/something.completely.different.net ServerAdmin webmaster@completely.different.net </VirtualHost> In this configuration,two names are mapped to the IP address, and the ‘NameVirtualHost’ directive instructs Apache to redirect requests coming in on that IP to the relevant virtual host. 9.2. Exercises 1. How could Apache be configured to deny access to its web pages from all machines in the ‘ug.cs.usyd.edu.au’ domain? You will need to ensure that your
  6. 6. 9.2. Exercises 83 ‘order’ directive is correct. Refer to the Apache website (httpd.apache.org) if you require more information. 2. How could Apache be configured to restrict access to group of users using the AuthGroupFile option? Further information on the syntax can be found on the Apache website. 3. What options, other than ‘Indexes’, ‘FollowSymLinks’, and ‘ExecCGI’, can be used with the ‘Options’ directive described in Table 9.2. 4. Suppose you are using IP aliasing (described in Section 9.1.2) and have config- ured your ethernet interface with the IP addresses and, using the netmask How would you configurethe ethernet inter- face with a third IP address, Further Reading Chapter 22 of E. Nemeth, G. Snyder, S. Seebass and T. Hein. Unix System Adminis- tration Handbook. Prentice Hall. 3rd Edition, 2001. The Apache Software Foundation. The Apache HTTP Server Project. URL http://httpd.apache.org/.