Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Apache HTTP Server


Published on

Cấu hình Apache server

Published in: Technology
  • Be the first to comment

Apache HTTP Server

  1. 1. <ul><li>Apache HTTP Server </li></ul>
  2. 2. <ul><li>Starting and Stopping httpd </li></ul><ul><li>The httpd RPM installs the / etc/rc.d/init.d/httpd script, which can be accessed using the /sbin/service command. </li></ul><ul><li>To start the server, as root type: </li></ul><ul><li>/sbin/service httpd start </li></ul><ul><li>To stop the server, as root type: </li></ul><ul><li>/sbin/service httpd stop </li></ul><ul><li>The restart option is a shorthand way of stopping and then starting the Apache HTTP Server. To restart the server, as root type: </li></ul><ul><li>/sbin/service httpd restart </li></ul><ul><li>After editing the httpd.conf file, however, it is not necessary to explicitly stop and start the server. Instead, use the reload option. To reload the server configuration file, as root type: </li></ul><ul><li>/sbin/service httpd reload </li></ul>
  3. 3. <ul><li>Configuring Apache </li></ul><ul><li>The Apache HTTP Server configuration file is / etc/httpd/conf/httpd.conf . The httpd.conf file is well-commented and mostly self-explanatory. </li></ul><ul><li>If configuring the Apache HTTP Server, edit / etc/httpd/conf/httpd.conf and then either reload, restart, or stop and start the httpd process </li></ul><ul><li>Before editing httpd.conf, first make a copy the original file. Creating a backup makes it easier to recover from mistakes made while editing the configuration file. </li></ul><ul><li>Next look in the Web server's error log, / var/log/httpd/error_log . The error log may not be easy to interpret, depending on the level of experience. </li></ul>
  4. 4. <ul><li>Where To Put Your Web Pages </li></ul><ul><li>The Default File Location: /var/www/html/ </li></ul><ul><li>File Permissions And Apache </li></ul><ul><li>Apache will display Web page files as long as they are world readable. You have to make sure you make all the files and subdirectories in your DocumentRoot have the correct permissions. It is a good idea to have the files owned by a nonprivileged user so that Web developers can update the files using FTP or SCP without requiring the root password. </li></ul><ul><li>Create a user with a home directory of /home/www . </li></ul><ul><li>Change the permissions on the /home/www directory to 755 , which allows all users, including the Apache's httpd daemon, to read the files inside. </li></ul><ul><li>[root@bigboy tmp]# useradd -g users www </li></ul><ul><li>[root@bigboy tmp]# chown -R www:users /home/www </li></ul><ul><li>[root@bigboy tmp]# chmod 755 /home/www </li></ul>
  5. 5. <ul><li>Named Virtual Hosting Example </li></ul>
  6. 6. <ul><li>Configure Virtual Hosting on Multiple IPs </li></ul>
  7. 7. <ul><li>Configuration Directives in httpd.conf </li></ul><ul><li>ServerRoot ServerRoot /etc/httpd The ServerRoot is the top-level directory which contains the server's files. Both the secure server and the non-secure server set the ServerRoot directive is set to &quot;/ etc/httpd &quot;. </li></ul><ul><li>PidFile PidFile /var/run/ PidFile names the file where the server records its process ID (PID). By default the PID is set in / var/run/ . </li></ul><ul><li>Timeout Timeout 300 Timeout defines, in seconds, the amount of time that the server will wait for receipts and transmissions during communications. Timeout is set to 300 seconds by default. </li></ul><ul><li>KeepAlive Keepalive off KeepAlive sets whether the server will allow more than one request per connection. By default Keepalive is set to off . If Keepalive is set to on and the server becomes very busy, the server can quickly spawn the maximum number of child processes. In this situation, the server will slow down significantly. </li></ul>
  8. 8. <ul><li>Configuration Directives in httpd.conf </li></ul><ul><li>MaxKeepAliveRequests MaxKeepAliveRequests 100 This directive sets the maximum number of requests allowed per persistent connection. MaxKeepAliveRequests is set to 100 by default, which should be appropriate for most situations. </li></ul><ul><li>KeepAliveTimeout KeepAliveTimeout 15 KeepAliveTimeout sets the number of seconds the server will wait after a request has been served before it closes the connection. KeepAliveTimeout is set to 15 seconds by default. </li></ul><ul><li>MaxClients MaxClients 150 MaxClients sets a limit on the total number of server processes, or simultaneously connected clients, that can run at one time. The main purpose of this directive is to keep a runaway Apache HTTP Server from crashing the operating system. </li></ul>
  9. 9. <ul><li>Configuration Directives in httpd.conf </li></ul><ul><li>Listen Listen The Listen command identifies the ports on which the Web server will accept incoming requests. By default, the Apache HTTP Server is set to listen to port 80 for non-secure Web communications and (in the /etc/httpd/conf.d/ssl.conf which defines any secure servers) to port 443 for secure Web communications. </li></ul><ul><li>User User apache The User directive sets the user name of the server process and determines what files the server is allowed to access. By default User is set to apache . </li></ul><ul><li>Group Group apache Specifies the group name of the Apache HTTP Server processes. By default Group is set to apache . </li></ul><ul><li>ServerAdmin ServerAdmin Set the ServerAdmin directive to the email address of the Web server administrator. By default, ServerAdmin is set to [email_address] . </li></ul>
  10. 10. <ul><li>Configuration Directives in httpd.conf </li></ul><ul><li>ServerName ServerName Use ServerName to set a hostname and port number (matching the Listen directive) for the server. The ServerName does not need to match the machine's actual hostname. For example, the Web server may be but the server's hostname is actually . The value specified in ServerName must be a valid Domain Name Service ( DNS ) name that can be resolved by the system ServerName </li></ul><ul><li>DocumentRoot DocumentRoot /var/www/html The DocumentRoot is the directory which contains most of the HTML files which is served in response to requests. The default DocumentRoot for both the non-secure and secure Web servers is the / var/www/html directory. For example, the server might receive a request for the following document: </li></ul><ul><li> </li></ul><ul><li>The server looks for the following file in the default directory: </li></ul><ul><li>/ var/www/html/foo.html </li></ul>
  11. 11. <ul><li>Configuration Directives in httpd.conf </li></ul><ul><li>Directory Each <Directory ></Directory> block configures access information for the named directory (or directories) and its subdirectories. The first block sets the default permissions for all directories: </li></ul><ul><li><Directory /> Options FollowSymLinks AllowOverride None </Directory> </li></ul><ul><li>Options The Options directive controls which server features are available in a particular directory. For example, under the restrictive parameters specified for the root directory, Options is set to only FollowSymLinks . No features are enabled, except that the server is allowed to follow symbolic links in the root directory. </li></ul>
  12. 12. <ul><li>Configuration Directives in httpd.conf </li></ul><ul><li>Values for the Options directive can be a space-delimited list of one or more of the following: </li></ul><ul><li>All — Enables all options except MultiViews. All is the default Option. </li></ul><ul><li>ExecCGI — Enables execution of CGI scripts. </li></ul><ul><li>FollowSymLinks — Enables the server to follow symbolic links in this directory. </li></ul><ul><li>Indexes — Instructs the server to return a formatted listing of a directory for which no directory index, such as index.html, exists. </li></ul><ul><li>MultiViews — Enables MultiView searches. If the server receives a request for a resource that does not exist, for example, /docs/resource, then the server scans the directory for all files named resource.*, if any, assigns them the same media types and content encodings they would have had if the client had asked for one of them by name, chooses the best match to the client’s requirements, and returns that document. </li></ul>
  13. 13. <ul><li>Configuration Directives in httpd.conf </li></ul><ul><li>None — Disables all special directory features in this directory and its subdirectories. </li></ul><ul><li>SymLinksIfOwnerMatch — Instructs the server to follow only those symbolic links for which the target file or directory has the same UID as the link. </li></ul><ul><li>AllowOverride AllowOverride None|All The AllowOverride directive sets whether or not any Options can be overridden by the declarations in an .htaccess file. By default, both the root directory and the DocumentRoot are set to allow no .htaccess overrides. </li></ul><ul><li>Order Order allow,deny The Order directive controls the order in which allow and deny directives are evaluated. The server is configured to evaluate the Allow directives before the Deny directives for the DocumentRoot directory. </li></ul>
  14. 14. <ul><li>Configuration Directives in httpd.conf </li></ul><ul><li>Allow Allow from all Allow specifies which requester can access a given directory. The requester can be all , a domain name , an IP address , a partial IP address, a n etwork/netmask pair, and so on. The DocumentRoot directory is configured to Allow requests from all, meaning everyone has access. </li></ul><ul><li>Deny Deny works just like Allow , except it specifies who is denied access. The DocumentRoot is not configured to Deny requests from anyone by default. </li></ul><ul><li>Disable autoindex for the root directory, and present as default Welcome page if no other index page is present. <LocationMatch &quot;^/$> Options -Indexes ErrorDocument 403 /error/noindex.html </LocationMatch> </li></ul>
  15. 15. <ul><li>Configuration Directives in httpd.conf </li></ul><ul><li>UserDir UserDir public_html UserDir is the name of the subdirectory within each user's home directory where they should place personal HTML files which are served by the Web server. This directive is set to disable by default. </li></ul><ul><li>The name for the subdirectory is set to public_html in the default configuration. For example, the server might receive the following request: </li></ul><ul><li>http:// /~ username /foo.html The server would look for the file: </li></ul><ul><li>/home/username/public_html/foo.html </li></ul><ul><li>Users' home directories must be set to 0711 . The read (r) and execute (x) bits must be set on the users' public_html directories (0755 will also work). </li></ul><ul><li>Files that will be served in users' public_html directories must be set to at least 0644 . </li></ul>
  16. 16. <ul><li>Configuration Directives in httpd.conf </li></ul><ul><li>DirectoryIndex DirectoryIndex index.shtml index.html index.htm home.html home.htm index.php The DirectoryIndex is the default page served by the server when a user requests an index of a directory by specifying a forward slash (/) at the end of the directory name for example: http:// example / this_directory /. </li></ul><ul><li>HostnameLookups HostnameLookups Off HostnameLookups can be set to on , off . If HostnameLookups set to on , the server automatically resolves the IP address for each connection. Resolving the IP address means that the server makes one or more connections to a DNS server, adding processing overhead. To conserve resources on the server, HostnameLookups set to off by default . </li></ul>
  17. 17. <ul><li>Configuration Directives in httpd.conf </li></ul><ul><li>ErrorLog ErrorLog /var/logs/error_log ErrorLog specifies the file where server errors are logged. By default, this directive is set to / var/log/httpd/error_log . </li></ul><ul><li>LogLevel LogLevel sets how verbose the error messages in the error logs are. LogLevel can be set (from least verbose to most verbose) to emerg , alert , crit , error , warn , notice , info or debug . The default LogLevel is warn . </li></ul><ul><li>Redirect When a webpage is moved, Redirect can be used to map the file location to a new URL. The format is as follows: </li></ul><ul><li>Redirect / <old-path> / <file-name> http:// <current-domain> / <current-path> / <file-name> In this example, any requests for < file-name > at the old location is automatically redirected to the new location. </li></ul>
  18. 18. <ul><li>Configuration Directives in httpd.conf </li></ul><ul><li>Alias Alias /manual &quot;/var/www/manual“ Alias /tuyensinh &quot;/var/www/tuyensinh&quot; The Alias setting allows directories outside the DocumentRoot directory to be accessible. Any URL ending in the alias automatically resolves to the alias' path </li></ul><ul><li>ErrorDocument ErrorDocument 402 The ErrorDocument directive associates an HTTP response code with a message or a URL to be sent back to the client. By default, the Web server outputs a simple and usually cryptic error message when an error occurs. The ErrorDocument directive forces the Web server to instead output a customized message or redirects the client to a local or external URL </li></ul><ul><li>VirtualHost <VirtualHost> and </VirtualHost> tags create a container outlining the characteristics of a virtual host. The <VirtualHost> container accepts most configuration directives. </li></ul>
  19. 19. <ul><li>Setting Up Virtual Hosts </li></ul><ul><li>We want cofigure 2 websites: and to share 1 IP address </li></ul><ul><li>NameVirtualHost <VirtualHost> ServerAdmin DocumentRoot /www/small/ ServerName ErrorLog logs/small-error_log </VirtualHost> <VirtualHost> ServerAdmin DocumentRoot /www/big/ ServerName ErrorLog logs/big-error_log </VirtualHost> </li></ul>
  20. 20. <ul><li>Authentication </li></ul><ul><li>the basics of password protecting a directory on your server: </li></ul><ul><li>You'll need to create a password file. This file should be placed somewhere not accessible from the web. For example, you might want to put the password file(s) in /usr/local/apache/ </li></ul><ul><li>To create the file, use the htpasswd utility that came with Apache. This be located in the bin directory of wherever you installed Apache. To create the file, type: </li></ul><ul><li># htpasswd -c /usr/local/apache/password.conf userA New password: mypassword Re-type new password: mypassword Adding password for user userA </li></ul><ul><li>If htpasswd is not in your path, of course you'll have to type the full path to the file to get it to run. It's located at /usr/bin/htpasswd </li></ul>
  21. 21. <ul><li>Authentication </li></ul><ul><li>you'll need to configure the server to request a password and tell the server which users are allowed access. You can do this either by editing the httpd.conf file or using an .htaccess file. For example, if you wish to protect the directory /var/www/html/secret , you can use the following directives, either placed in the file /usr/local/apache/htdocs/secret/.htaccess, or placed in httpd.conf inside a <Directory /var/www/html/secret > section. </li></ul><ul><li><Directory /var/www/html/secret> AuthType Basic AuthName &quot;Restricted Files&quot; AuthUserFile /usr/local/apache/password.conf require user userA </li></ul>
  22. 22. <ul><li>Letting more than one person in </li></ul><ul><li>If you want to let more than one person in, you'll need to create a group file that associates group names with a list of users in that group. The format of this file is pretty simple, and you can create it with your favorite editor. The contents of the file will look like this: </li></ul><ul><li>GroupName: rbowen dpitts sungo rshersey </li></ul><ul><li>That's just a list of the members of the group in a long line separated by spaces. </li></ul><ul><li>To add a user to your already existing password file, type: </li></ul><ul><li>htpasswd /usr/local/apache/password.conf dpitts </li></ul><ul><li>Now, you need to modify your .htaccess file to look like the following: </li></ul><ul><li>AuthType Basic AuthName &quot;By Invitation Only&quot; AuthUserFile /usr/local/apache/password.conf AuthGroupFile /usr/local/apache/passwd/groups require group GroupName </li></ul>
  23. 23. <ul><li>Protect Web Page Directories With Passwords </li></ul>
  24. 24. <ul><li>Protect Web Page Directories With Passwords </li></ul>
  25. 25. <ul><li>Protect Web Page Directories With Passwords </li></ul>
  26. 26. <ul><li>Chú ý </li></ul><ul><li>Để cấm Apache sử dụng Symbolic Links buộc phải khai báo: </Directory /var/www/html > Options None ……. </Directory> </li></ul><ul><li>Để Apache chỉ sử dụng Symbolic Links nếu chủ nhân của Liên kết giống như chủ nhân của thư mục/Files gốc: </Directory /var/www/html > Options SymLinksIfOwnerMatch ……. </Directory> </li></ul><ul><li>Ví dụ: /var/www/program : chủ nhan là root trong /var/www/html tao liên kết: ln –sd /var/www/program /var/www/html/program nếu chủ nhân của toàn bộ /var/www/html là apache thì không truy xuất vào được. Muốn truy xuất thành công phải đổi chủ nhân cho /var/www/program thành Apache </li></ul>