This document provides an overview of installing and configuring the Apache HTTP server on Linux and Windows platforms. It discusses setting up virtual hosts and directories, securing pages with passwords, customizing error messages, and using modules to add functionality like PHP, Perl, and CGI scripting. The tutorial demonstrates the Apache configuration files and directives for tasks like process control, module management, and empowering web developers.

1. Apache Street Smarts For the
Systems Management Professional
By Michael E. Dobe
ESM Services, Inc.
Network Security 1999
New Orleans, LA

2. Introduction:
The Need For Training
Proficiency with the installation and operation of the
Apache HTTP server is as important today as skill
in traditional areas such as NIS, NFS, and Perl.
– Need For Day-to-Day Proficiency: As businesses port
applications to the Web there is an increase in the frequency and
complexity of requests for HTTP server support from more savvy
users and developers. Web Security also becomes a day-to-day
support issue.
– Resume Building: In the last few years, support for HTTP servers
has become an obligatory bullet on the resumes of UNIX and NT
professionals.

3. Tutorial Objectives
• Through discussion and demonstrations this
tutorial gives you the tools you need to stay ahead
of the Apache knowledge curve
• You will gain proficiency with the basics of
Apache installation, configuration and support on
the Linux and Win32 platforms
• We will also point you to a number of lesser-
known gotchas of Apache administration on the
UNIX and Windows NT platforms

4. Overview
Starting with an overview of setting up Apache on Linux and
NT and ending with a review of available sources for
current information, this tutorial covers a wide gamut of
configuration issues from modules and directives to
performance monitoring and security.
Setup CGI
Confi
g
Module Current FP
Info Extensio
s
Directive ns
s
Security Tuni
ng SSL

5. Welcome to Your New Job:
Sysadmin For GRSL
• You Have Just Been Hired By General Republic
Savings and Loan of Baltimore, MD
• The Many Hats You Wear:
– UNIX Systems Admin, Windows NT Systems Admin
and Web Services
• Your User Base:
– Wide Range of Needs
– Intranet Publishing For Workgroups
– Internet Presence Supported By Web Development
Consultants External to the Firm

6. Your Presence on the Internet
• GRSL Has a New CIO Who Loves Linux, But
Who Doesn’t Want to Change Too Much All at
Once
• The Company Has Just Hired Consultants To
Develop Custom Banking Applications For the
External Web Site
• You Successfully Make the Case that the Internet
Presence Should Run on RH Linux (6.0) With
Apache

7. Your Test Intranet Site and
Developer Workstations
• Large Installed Base of Windows NT on
Corporate Network. Existing Intranet on IIS,
Workstations Using PWS
• Company Seeks to Standardize on One Web
Server Technology
• You Convince the CIO to Run a Test Intranet
Server on Windows NT Server
• Also Get the Green Light To Test Using Apache
as a Replacement for Personal Web Server on Win
98 Stations for Your Developers

8. Rolling Up Your Sleeves and Jumping
In: Linux Installation
• Each Comes as Source Code or Pre-Compiled
Binary (RPM for RH Linux 6.0)
• Default RH Linux Installation Gives You apache-
1.3.6-7
– Default is standalone server (Note: Running Apache
out of inetd is not recommended for servers anticipating
heavy loads.)
– Loads at boot time via rc scripts
– Parent Process Runs as root
– Child Processes Run as nobody
– Use ps to verify that it is running

9. HTTP Process Control on Linux:
Stopping and Restarting Your Server
• Linux stores pid at /var/run/httpd.pid
– kill -TERM `cat /var/run/httpd.pid`
– To Restart /usr/sbin/httpd &
• Can Use GUI Interface, e.g. Comanche
– Comanche RPM Available (Need itcl and rcs)
– Part of Apache GUI Project
– http://comanche.com.dtu.dk/comanche/
– Demonstration of GUI (/usr/bin/comanche)
• Command-Line Tool: apachectl

10. Working With Support Programs
For Apache: Setting Up apachectl
– Install Apache Source Tree Using
apache_1.3.6.src.rpm
– Support Files Will Be Found In:
/usr/src/redhat/SOURCES/apache_1.3.6/src/support
– Copy to /usr/bin (or somewhere else in your path)
– Edit Config to Reflect Your Local Setup

11. Demo of HTTP Process Control
on Linux: apachectl
• Program to stop and start the http server
• Run with following options: start | stop |
restart | fullstatus | status | graceful |
configtest | help
• Demo: Try start, stop, restart and configtest
• We’ll Return Later to fullstatus and status

12. Rolling Up Your Sleeves and Jumping In:
Win32 Installations
• Visit Apache Site at http://www.apache.org/
• Download apache-1.3.9 For Win32
• Run the Installation Program
• Launch from command line, start menu
• Option to Run as a Windows Service

13. Rolling Up Your Sleeves and Jumping In:
Win32 Process Control on NT
• Note: Running Win32 Apache as a Service is
Recommended
• Install As A Service From the Start Menu?
• Try apache –i –n Apache
• Apache Running as Service Allow you to Stop and
Start Using Control Panel/Services or Using
NET START APACHE
NET STOP APACHE

14. More on Win32 HTTP Process Control:
Apache on Windows 98
• Can Kill Win32 Version of Apache Using Ctrl C
at Apache console or at the command line using
apache -k shutdown
• Can Restart From Command Line or Start Menu
• Win32 stores pid by default at:
C:Program FilesApache GroupApachelogshtttp.pid
Could script this with apachectl
• Can Also Use Comanche on Win32
• Win32 Comanche Demo

15. Working With Config Files and
Basic Directives (Linux & Win32)
• Linux: /etc/httpd has conf, logs and
modules
• Win32: C:/Program Files/Apache
Group/Apache/
• Config files include httpd.conf, srm.conf
and access.conf, each of which contains sets
of directives (configuration parameters)

16. Running One Config File
• Win 32 (Version 1.3.9) Has Only One Config File
• Default RH 6.0 Install Gives You all three files:
httpd.conf, srm.conf and access.conf
• Apache Server Allows You to Consolidate Everything Into
httpd.conf
• You Need to Add the Following to the end of httpd.conf to
make this work
AccessConfig /dev/null
ResourceConfig /dev/null
• For Demonstration Purposes, We Will Stick With the
Default RPM Install on RH Linux 6.0

17. Working With Config Files on
Linux: httpd.conf
httpd.conf Contains Directives That Allow
You to Configure:
– Basic Server Configuration Parameters
– Caching
– Virtual Hosts
– Support for Modules (Enable and Disable)

18. Directives Demo #1 (httpd.conf): Virtual
Hosts and Virtual Directories for Your Site
• Business Needs: Two Banking Divisions With
Different Host Names Need to Be on the Same
Server; Both Divisions Need to Provide Access to
Some (But Not All) of the Same Content
• Technical Solution:
– Configure Virtual Hosts
– Configure Virtual Directories
(Note on Virtual Directories: Without DNS Need to Set
UseCanonicalName off)

19. Working With Config Files on
Linux: srm.conf
• /etc/httpd/conf/srm.conf contains directives
that allow you to configure:
– name space that users see of your http server,
e.g. DocumentRoot and UserDir
– server settings which affect how requests are
serviced, and how results should be formatted,
e.g. Alias, ScriptAlias and ErrorDocument
– In apache-1.3.9 for Win32, These Directives
are all in httpd.conf

20. Directives Demo #2 (srm.conf): Customizing
Error Messages For Your Site
• Business Need: You Want to Help People
Locate Content on Your Site that May Have
Moved
• Technical Solution: Customize Message for
404 Error Message in srm.conf to Include a
Link to Your Search Page

21. Working With Config Files on
Linux: access.conf
• /etc/httpd/conf/access.conf Contains
Directives That Allow You to Configure:
– server settings which affect which types of
services are allowed, and in what circumstances
– Set Up Default Directory Restrictions
– Follow Up With More Detailed Configuration
– In apache-1.3.9 for Win32, These Directives
are in httpd.conf

22. Directives Demo #3 (access.conf): Password
Protection of Pages, Authentication on RH 6.0
• Business Need: Provide Customers With
Access to Value Added Web Services
• Technical Solution:
– Role of access.conf directives
– Use of htaccess mechanism

23. Directives Demo #3 Continued (access.conf):
Password Protection/User Authentication on RH 6.0
• More Support Files: Working With htaccess and
htpasswd
• Need to Go Beyond Default Authentication
Mechanisms?
• Support For Additional Authentication Databases
Using Modules: mod_auth_dbm, mod_auth_db,
mod_auth_msql, mod_auth_pg95, mod_auth_dbi,
mod_auth_external.c, mod_auth_kerb,
mod_auth_ldap

24. Modules and Apache’s Design
• Modules are Programs That Extend The
Power of the Apache HTTP Server
• The HTTP Server Was Kept Small
Intentionally
• Because Apache is Open Source Software,
You Can Write Your Own Modules to
Accomplish Your Organizations Web Goals

25. Finding Apache Modules
• Apache Project Maintains a Web-based Modules
Registry and an ftp directory For Modules at
http://modules.apache.org/
• Modules Come With You Distribution in the src
Directory
• Module Documentation Included With Manual
• Refer to Writing Apache Modules With Perl and C
(Stein & MacEachern) For Information About
Rolling Your Own

26. Working With Modules on RH
Linux: Starting With the Defaults
• What Modules are Supported By Default
With the rpm distribution?
• Run the Command /usr/sbin/httpd -l
Compiled-in modules:
http_core.c
mod_so.c
• Gotcha: Modules Still Need to Be Loaded in
httpd.conf to be Available At Run-Time
With, Even With DSO

27. Support For Additional Modules
Apache on RH 6.0: Using DSO
• DSO = Dynamic Shared Object
• Remember the apachectl options status and
fullstatus? Need to Have Support For mod_status
For This To Work
• Mod_so is Compiled Into Apache rpm By Default
• No need to Recompile Apache to Use mod_status,
because mod_so is running
• Mod_so and DSO Documented at:
http://127.0.0.1/manual/mod/mod_so.html
http://127.0.0.1/manual/dso.html

28. Recompiling Apache For
Additional Modules
• Need to Edit Configuration file in
/usr/src/redhat/SOURCES/apache_1.3.6/src
• Uncomment Lines With Modules You
Want
• Run configure From
/usr/src/redhat/SOURCES/apache_1.3.6/
• Run make and make install From
/usr/src/redhat/SOURCES/apache_1.3.6/src

29. Difference in Module Support:
Out-of-Box Linux (RPM) and Default Compile
• RPM: Run the Command /usr/sbin/httpd -l
Compiled-in modules:
http_core.c
mod_so.c
• From Source:
Run the Command /usr/local/apache/bin/httpd -l
Compiled-in modules:
http_core.c, mod_env.c, mod_log_config.c, mod_mime.c,
mod_negotiation.c, mod_status.c, mod_include.c
mod_autoindex.c, mod_dir.c, mod_cgi.c, mod_asis.c,
mod_imap.c, mod_actions.c, mod_userdir.c, mod_alias.c,
mod_access.c, mod_auth.c, mod_setenvif.c

30. More Useful Apache Modules
• Controlling Your Server’s Responses:
– mod_proxy: control access to Internet sites
– mod_rewrite: remap URLs on the fly
• Enabling Robust Server-Side Scripting:
– mod_fastcgi: better performance than mod_cgi
– mod_perl: perl interpreter in the apache executable
– mod_php: apache support for PHP scripting
• Anticipating Common (Re-) Configuration Issues
• Limitations on the Win32 Platform: Still Beta
Quality Code

31. Out-of-Box Win32
• Win32 Can Be Installed on Win95/98, NT Workstation 4.0
or NT Server 4.0 (NT Server Version 1.3+)
• Source Comes With Distribution, But to Compile You
Must Have a Compiler Installed
• Documentation Recommends Using Visual C++
• Running it on NT Server Means It Can Run as Service,
Which is More Efficient
• Soon Find You Need Unix-Like Features:
– More Robust Command Line Tools
– Remote Management Capabilities

32. Apache Win32 Admin: Adding
Robust Command Line Tools
• Free Option: Cygnus GNU Tools
- User and Developer Tools
- Available From http://www.cygnus.com
(Also included with Apache, The Definitive Guide)
• Commercial Option: MKS Toolkit
– Contains Visual Tools as Well as Command
Line: Visual Pax, Visual Diff, GUI port of vi
– Comes With Extensive Documentation

34. Apache Win32 Admin: Adding
Remote Management
• Free Option: Virtual Network Computing
– Available from
http://www.uk.research.att.com/vnc/
• Commercial Options:
– pcANYWHERE
– Timbuktu
• Using VNC, You Can Manage Linux and
NT From the Same PC Workstation

37. Making Good Use of Apache
Directives on Win32
• Core Directives Covered For Linux Also Apply to
Win32
• Excellent Listing of Modules and Directives in
Appendix A of Apache Server For Windows, Little
Black Book (Holden & Keller)
• Business Need: To Test The Power of Win32
Apache as a Development Platform
• Technical Solution for Adding Ability For
Dynamic Web Content: mod_cgi, mod_php and
mod_perl

38. Empowering Your Developers: Apache
Web Development Environment
• Server-Side Scripts With CGI and Perl Supported
on Both Linux and Win32
• Linux and Win32 Support For PHP as Well
• Kick It Up a Notch With mod_perl
• First Step: Getting Perl Running On Your System
– RH Linux 6.0 - Default Perl Installation (5.005_03) Use
the RPM to Update
– On Win32 Active State Distribution
http://www.activestate.com/

39. Web Programming Support: The
Common Gateway Interface on Win32
• The Binary Distribution of Apache 1.3.6
For Win32 has statically-linked mod_cgi
support (Try apache –l to Verify)
• Make sure the Script Alias is Set:
ScriptAlias /cgi-bin/ "C:/Program Files/Apache Group/Apache/cgi-bin/"
• Test Simple Script Called variables.pl in
DOS Box, Then Run Through CGI
Interface

40. Web Programming Support: PHP
on Apache for Win32
• Get Windows Binary From a Local Mirror
http://www.php.net/download-php.php3
• Win32 Installation Documentation:
http://www.php.net/manual/install-windows95-nt.php3
• Win32 Config Documentation:
http://www.php.net/manual/config-apache-nt.html
• Note: PHP Win32 Works With IIS 3 and 4, PWS,
and Apache 1.3.X

41. Win32 PHP For Windows98:
The Details
• Set up a PHP3 Directory and Move the Contents
of the Archive There, Use c:php3
• Copy php3.ini-dist to c:windowsphp3.ini
– Set extension_dir = c:php3
• Add/Modify The Following Directives in
httpd.conf
– ScriptAlias /php3/ "c:/php3/"
– AddType application/x-httpd-php3 .php3
– AddType application/x-httpd-php3 .phtml
– Action application/x-httpd-php3 "/php3/php.exe"
• Test with test.php3

42. Web Programming Support: SSI and
CGI on Linux
• With RH Linux 6.0 Support For mod_include and
mod_cgi is Enabled Through DSO
• Make Sure That httpd.conf Contains These
Directives Uncommented:
LoadModule includes_module modules/mod_include.so
AddModule mod_include.c
LoadModule cgi_module modules/mod_cgi.so
AddModule mod_cgi.c
• Example using mod_cgi: Simple CGI Variables
Query (Command Line and Browser)

43. Web Programming Support: Kicking
It Into High Gear With mod_perl
• Get Source and Compile mod_perl
http://perl.apache.org/dist/
• Enable DSO Support
• Configure mod_perl as a mod_cgi replacement
• Tap Into the Wealth of mod_perl-based modules
for Apache
http://www.perl.com/CPAN/modules/by-module/Apache

44. MS Technologies and Apache:
apache::ASP
• Apache::ASP Available From CPAN
(Comprehensive Perl Archive Network)
http://www.perl.com/CPAN/modules/by-module/Apache/
• This Only Supports Perl Scripting for
ActiveX, To Use VBScript or JScript
You Will Need ChiliSoft’s ASP
Technology (http://www.chilisoft.com/)

45. Empowering Your Users: Challenges of
Content Management For Your Web Presence
• Allowing Windows Users to Access a
Linux Server
– Manage From the Server Side: Samba vs. FP
2000 Extensions
– Manage From the Client Side: FTP Clients vs.
PC-NFS
• Allowing UNIX Users to Access a PC
Server? FTP? Your Internal Users are on
NT Workstations.

46. MS Technologies and Apache:
FrontPage 2000 Extensions
• Extensions, installation script and
Apache patch:
http://msdn.microsoft.com/workshop/languages/fp/2000/
unixfpse.asp
• Installing the FP 2000 Extensions using
fp_install.sh
– Gotcha: Need to Set AllowOverride All for document root
– Installs SERK and Admin Tools in /usr/local/frontpage/
– Modification to srm.conf allows _vti_bin scripting

48. Using FrontPage 2000 Extensions
• Administering the Extensions
• SERK Installed Along With Extensions:
http://127.0.0.1/SERK/inunix.htm
(Need to Create Alias or Move to Doc Root)
• Demo of Command Line Admin Utility:
/usr/local/frontpage/version4.0/bin/fpsrvadm.exe
• HTML Interface Also Available
http://127.0.0.1/admin/fpadmin.htm

49. FrontPage 2000 Extensions: Upside
and Downside
• What the Extensions Offer Your Users
– Elimination of Need For FTP
– Ease of Update and Integration With MS Office
• Risks Associated With the Extensions Install
Script:
– Changes Permissions For Document Root
(Option to Do This Later is Offered)
– Modifies Config Files (here srm.conf)

50. Roll Your Own Apache Binary With
Support For FrontPage 2000 Extensions
• Big Gotcha! With The FP Patched Version
of Apache, Problems With Support For
Default Modules Not Compiled In
• Suggest Compiling Your Own Patched
Version of Apache to Avoid Removing
Support For Modules You Are Using
• FrontPage module support documented in
SERK (Server Extension Resource Kit)

51. Class Break
Take 15 Minutes

52. Everyday Troubleshooting Hints
• Working With Logs: Access Logs, Error
Logs and Changing Log Formats
• Some Statistics-Generating Programs You
Might Use
• Testing Your Server
• Fixing SSI and CGI Problems
• Win32-Specific Issues
• Unix-Specific Issues

53. Performance Monitoring
• Using mod_status via apachctl
• Log File Analysis: Webalizer Example
• SNMP and Apache:
– Running an Open Source Pinger
• SPONG: Son of Pong
http://www.edsgarage.com/projects/spong/index.html
– Plugging Your Apache Server Into Commercial
Network Management Tools

54. Performance Tuning:
Some Things to Consider
• Hardware Issues
• Configuration Tuning: Directives That Can
Slow You Down (Reverse DNS Lookups,
etc.)
• Compile-Time Options You May Want to
Revisit
• Issues With Large Sites: Adding Processes,
etc.

55. Web Security, Some First Steps
• Your Boss Asks You To Help With an Web
Server Security Appendix to the GRSL Operations
Manual. Some Considerations Include:
– Preventing A Break-In and What To Do If You're
Hacked
– Authentication on the Web: more on htaccess,
directories and databases
– Tips for Securing Apache (Among Others: CGI Risks,
suEXEC, CGIWrap)
– After the Break-in: Damage Control, Getting Up and
Running Again and Making Sure It Doesn't Happen
Again

56. Securing Your Web Transactions:
SSL on the Apache Platform
• Many Options You Have in Securing the GRSL External
Web Site: Commercial Options (Stronghold, etc.), Apache-
ssl, mod_ssl
• We Will Use mod_ssl Because it is Free and Runs as a
Module (Get mod_ssl-2.3.11-1.3.6.tar.gz from
http://www.modssl.org/)
• Could Also Use Apache-ssl: Free and the Authors focus on
“reliability, security and performance, rather than features
and bells and whistles” (Adam Laurie)
– Redhat FTP Site Has an SRPM for apache-ssl at:
ftp://ftp.redhat.com/contrib/libc6/SRPMS/
– Alternatively You Can Get Apache-ssl from a Mirror Site (See
http://www.apache-ssl.org/)

57. Securing Your Web Transactions:
Other SSL Options
• Could Also Use Apache-ssl: Free and the Authors
focus on “reliability, security and performance,
rather than features and bells and whistles” (Adam
Laurie)
– Redhat FTP Site Has an SRPM for apache-ssl at:
ftp://ftp.redhat.com/contrib/libc6/SRPMS/
– Alternatively You Can Get Apache-ssl from a Mirror
Site (See http://www.apache-ssl.org/)
• Commercial Options: Red Hat Secure Server,
Stronghold, etc.

58. Mod_ssl Installation and Configuration:
First Steps
• Need to Get and Install SSLeay, So Go To:
ftp://ftp.psy.uq.oz.au/pub/Crypto/SSL
• Next Unpack and Compile SSLeay
• Gotcha: Where Is Perl Installed? Read the
Install File, There is a Fix!
• Need to Get and Install OpenSSL, Go To:
http://www.openssl.org/source/
• Next Unpack and Compile OpenSSL

59. Mod_ssl Installation/Configuration:
Rebuilding Apache
• Delete Apache Source Tree and Reinstall
• Expand the mod_ssl Archive Into Your redhat/SOURCES
Directory at the Same Level as apache_1.3.6 Directory
• Run The Following:
$ ./configure --with-apache=../apache_1.3.6 --with-ssl=/usr/src/openssl-0.9.4
$ cd ../apache_1.3.6
$ SSL_BASE=/usr/src/openssl-0.9.4 ./configure ... --enable-module=ssl
$ make
$ make certificate TYPE=test
$ make install

60. Digital Certificates and
Signatures
• In the Apache Source Tree You Now Have
A PEM-encoded X.509 certificate signing
request file
File called conf/ssl.csr/server.csr
Send this file to a Real CA for Signing
• Certificate Authorities (CA)

61. Running Apache With SSL
• Starting the Server With SSL
[root@apache bin]# ./apachectl sslstart
Apache/1.3.6 mod_ssl/2.3.11 (Pass Phrase Dialog)
Some of your private key files are encrypted for security reasons.
In order to read them you have to provide us with the pass phrases.
Server apache.clioweb.net:443
Enter pass phrase:
Ok: Pass Phrase Dialog successful.
./apachectl sslstart: httpd started
[root@apache bin]#
• Browsing the Site (Demo)

62. Summary
• Through discussion and demonstrations
tutorial gave you the tools you need to stay
ahead of the Apache knowledge curve.
• You have gained an understanding of the
basics of Apache support and a number of
lesser-known "gotchas" of Apache
administration on the UNIX and Windows
NT platforms.

63. Where to Get More Information
on Apache
• Web Sites
• E-Mail Lists
• Print Media: Books and Magazines
• User Groups and Support Organizations
• Conferences

64. General Apache Web Sites
• The Apache Group:
http://www.apache.org
• Builder.com’s Maximum Apache:
http://builder.com/Servers/Apache/ss01.html
• Apache RTFM Site:
http://www.jlk.net/apache/

65. Security-Related Web Sites
• SSLeay and SSLapps FAQ
http://www2.psy.uq.edu.au/~ftp/Crypto/
• “Linux Apache SSL PHP/FI frontpage
mini-HOWTO” by Marcus Faure
– PHP, FrontPage, SSL
http://www.redhat.com/mirrors/LDP/HOWTO/mini/Apache+SSL+PHP+f
p.html

66. E-Mail Lists and Newsgroups
• Apache Week Mailing List
http://www.apacheweek.com
• Dotslash Notification Service
http://www.dotslash.org/
• Tech Republic’s Admin Republic
http://www.techrepublic.com/
• Newsgroups:
comp.infosystems.www.servers.unix
comp.infosystems.www.servers.ms-windows

67. Print Media: Books/Magazines
• O’Reilly Web Series
– Apache, The Definitive Guide (Laurie & Laurie)
– Web Performance Tuning (Killelea)
– Web Security and Commerce (Garfinkel & Spafford)
• Apache Server Administrator’s Handbook by
Mohammed J. Kabir (IDG Books)
• Apache Server For Windows, Little Black Book by
Greg Holden and Matthew Keller (Coriolis Press)

68. Support Organizations
• Local Linux on NT User Groups
• Laurie and Laurie Point to:
– A.B. Enterprises
http://www.futurefx.com
- C2Net Software, Inc.
http://www.c2.net
- UK Web
http://www.ukweb.com
- Zyzzyva Enterprises
http://www.zyzzyva.com/

69. Conferences
• O’Reilly Open Source Conference
– http://conference.oreilly.com/
• SANS
– http://www.sans.org/
• USENIX
– http://www.usenix.org/

70. Contact Information
• ESM Services Has a Web Site at:
http://www.esm.com
• To Contact the Instructor, Send E-Mail to:
dobe@esm.com