View
219
Download
0
Category
Preview:
Citation preview
8/8/2019 Apache Ad Mini Start Ion
1/41
1
APACHE Web Server
Training Division
National Informatics Centre
New Delhi
8/8/2019 Apache Ad Mini Start Ion
2/41
2
Apache Web Server
Installation Download
Source Code
Binary Distribution
Options Starting, stopping and restarting
Configuration
httpd.conf
Modules MPM (Multi Process Modules)
Directives
Hosting More then one web sites.
8/8/2019 Apache Ad Mini Start Ion
3/41
3
Apache Installation..
8/8/2019 Apache Ad Mini Start Ion
4/41
4
Apache web server
Apache is a powerful and highly configurable
Wide variety of static pages
Wide variety of dynamic pages
Perl, php, java ,ruby
Available in Source code and in binary distribution
Source code can directly be download from
www.apache.org
Binary distribution. RPM
SuSE
8/8/2019 Apache Ad Mini Start Ion
5/41
5
Apache Installation Methods
Source Code Download source code and compile for specific
machine and operating system
Source code can be customized, rebuilt and then
reinstall it. Source code comes with a configuration scripts, which
can examines the system to determine the best way tobuilt apache for maximum performance.
Ready made binaries lag behind the current release.
Binaries easier to install & includes standard modules
8/8/2019 Apache Ad Mini Start Ion
6/41
6
Install Apache
download from www.apache.org decompress
gunzip filename.tar.gz
tar xvf filename.tar
Or
tar xvzf filename.tar.gz
Configuration ./configuration prefix=PREFIX
Build Make
begins actual compilation after configuration files created
make install moves all compile binaries and support files to default locations
8/8/2019 Apache Ad Mini Start Ion
7/41
7
Configuration options
# ./configure prefix=/usr/sbin/httpd \ several versions in different directory
>--enable-module=most \
Not "all" - avoid unneeded modules> --disable-module=auth_dbm \
support DSOs (dynamic shared objects)
> --enable-shared=max
8/8/2019 Apache Ad Mini Start Ion
8/41
8
modules
Mod_imap
Mod_rewriteMod_http
Mod_infoMod_env
Mod_headersMod_dir
Mod_expiresMod-cgi
Mod_dav_fsMod_autoindex
Mod_usertrackMod_davMod_auth
Mod_unique_idMod_auth_digestMod_alias
Mod_mimr_magicMod_auth_dbmMod_actions
Mod_cern_metaMod_auth_anonMod_accessAllMostDefault
./configure enable-module=all disable-rewrite disable-so
To compile the module as a DSO, add the option =shared.
8/8/2019 Apache Ad Mini Start Ion
9/41
9
Installation Locations
Installs run time data in DIR, pid, scoreboard andlock files
--runtimedir=/var/run
Installs program executables in DIR--libexecdir=/usr/lib
--cgidir=/var/www/cgi-bin
Installs the default apache startup web page into DIR--htdocsdir=/var/www/html
Installs icons in DIR--icondir=/var/www/icons
Installs configuration file such as httod.conf in DIR.--sysconfigdir=/etc/httpd/conf
Installs sys admin executables in DIR.--sbindir=/usr/sbin
Installs user executable file--bindir=/usr/bin
Installs architecture-dependent files.--exec-prifix=/etc/httpdInstall architecture-independent files.--prefix=/etc/httpd
8/8/2019 Apache Ad Mini Start Ion
10/41
10
Modules
Apache is a modular server. Only the most basicfunctionality is included in the core server. Extendedfeatures are available in various modules. During theconfiguration process, you must select which modulesto compile for use with your server
Core (httpd_core.c) statically linked into kernel, cannot be removed
available in all Apache servers
Standard
part of Apache distributions maintained by Apache Software Foundation
can be removed for security or performance
Third-party not part of distributions
8/8/2019 Apache Ad Mini Start Ion
11/41
11
Multi Processing Module(MPM)
Prefork MPM Server anticipate future demand by creating and
maintaining a pool of spare server in advance. ./configure with-mpm=prefork
Worker MPM Maintain a dynamic pool of processes, with each processcontaining a fixed number of threads.All threads in allprocesses are capable of answering any client requestreceived by the server.
./configure with-mpm=worker
Perchild MPM Maintain a static pool of process with each process
maintaining a dynamically changing threads. ./configure with-mpm=perchild
8/8/2019 Apache Ad Mini Start Ion
12/41
12
Run Apache Server
Manually % /usr/sbin/httpd f /etc/httpd/httpd.conf
rc script
Make a link in rc directory that points to the/etc/init.d/httpd file
Apachectl utility to control server
apachectl start checks if Apache running, if
not starts it
8/8/2019 Apache Ad Mini Start Ion
13/41
13
Apache options
Run syntax check for configuration file (without docroot)-T
Run syntax check for configuration file (with docroot)-t
List available configuration directives-L
List compiled in modules-l
List available command line options-h
Show compile number-V
Show version number-v
Process directive before reading configuration file-c directive
Process directive before reading configuration file-C directive
Specify an alternative initial ServerConfigFile-f file
Specify an alternative initial ServerRoot-d directory
Define a name for use in directive-D name
8/8/2019 Apache Ad Mini Start Ion
14/41
14
Apache Administration.
8/8/2019 Apache Ad Mini Start Ion
15/41
15
Basic configuration
What name it will have Server name is the name Apache uses in response
What network connections it will respond to
This is the IP address that Apache will receive HTTPrequests on.
Where the server configuration and log files will
go
Where the web site documents will reside
8/8/2019 Apache Ad Mini Start Ion
16/41
16
User and Group
When Apache is started by root it spawns one or morechild processes to handle clients. If User and Group areset, the children give up their root status and adopt theconfiguration identity instead.
Linux defines a special user and group nobody for
running unprivileged processes. User nobody defines Linux user that owns child processes
to handle user requests
Group nobody to change ownership of child processes tohandle user requests
Administrator can create his own private user and group groupadd g 999 httpd
useradd u 999 g httpd s /bin/false c web server user
8/8/2019 Apache Ad Mini Start Ion
17/41
17
How Server Listens for Connections
Listen The Listen directive tells the server to accept incomingrequests only on the specified port or address-and-portcombinations.
If only a port number is specified in the Listen directive,
the server listens to the given port on all interfaces. If an IP address is given as well as a port, the server will
listen on the given port and interface.
Multiple Listen directives may be used to specify anumber of addresses and ports to listen on. The server will
respond to requests from any of the listed addresses andports. Listen 80
Listen 8000
8/8/2019 Apache Ad Mini Start Ion
18/41
18
httpd.conf Port 80
User nobody Group nogroup
ServerAdmin your_e-mail_address
ServerRoot/var/www/html
ErrorLog/var/www/error/
TransferLog/var/www/error/
PidFile/var/run/ more directives:
Keep Alive, Spare Servers, Proxy, Cache, Virtual Servers, ...
DocumentRoot/home/httpd/htdocs/
UserDir public_html
DirectoryIndex index.html
AccessFileName .htaccess DefaultType text/plain
ScriptAlias/cgi-bin/ /home/httpd/cgi-bin/
more directives:
Icons, Language, Handlers, ... ?
8/8/2019 Apache Ad Mini Start Ion
19/41
19
httpd.conf Sections Global environment control operation of
the whole Apache server process
Main or default defines parameters of
default server not of virtual host
provides default settings default hosts
Virtual hosts settings for each virtualhosts
8/8/2019 Apache Ad Mini Start Ion
20/41
20
Apache Directives
Directives in the configuration files may apply to the entireserver, or they may be restricted to apply only to particulardirectories, files, hosts, or URLs. This document describeshow to use configuration section containers or .htaccessfiles to change the scope of other configuration directives.
general rules: case insensitive (not true for file/directory names)
comment lines begin with #
one directive per line
each line of these files consists of: directive data [data2 ... datan]
extra whitespace is ignored
8/8/2019 Apache Ad Mini Start Ion
21/41
21
Apache Core Directives Defines server behavior and configuration
options
Instructions to supply information
Directives originations
Core Directives compiled into executable and
always available
Other type supplied by add-on modules
Each directive associated with a module httpd.conf location of directives
Apache is modular! need directives for each
module loaded
8/8/2019 Apache Ad Mini Start Ion
22/41
22
Directive Scope and Context
General Server (server-level) directives apply toentire server
Container directives valid only in these
containers: , , or Virtual Host -for each virtual host to override
general server directives
.htaccess (per-directory) like those in
, disabled by AllowOverride
directive in httpd.conf
8/8/2019 Apache Ad Mini Start Ion
23/41
23
Container Directives
restricts the scope of the directives containedwith in it to the HTTP methodes specified. It is mostlyused with access control and authentication directives.
order deny,allow
deny from all
allow from 192.168
is allowed inside all containers except itself.
The opposite of , applies to the HTTP methods not specified in the methodlist.
8/8/2019 Apache Ad Mini Start Ion
24/41
24
Container Directives
Directive inside a container apply only to the directory and itssubdirectories.
options noneorder allow, deny
deny from all
options includes FollowSymLinks
AllowOverride FileInfo
Allow from all
8/8/2019 Apache Ad Mini Start Ion
25/41
25
Container Directives
is an alternative and preferred formto the tilde form of for specifying regular
expression instead of wildcard in the directory
specifications.
are similar to but matches files
instead directory.
SetHandler /cgi-bin/burn-gifs.cgi
8/8/2019 Apache Ad Mini Start Ion
26/41
26
Container Directives is an alternative and preferred form
to the tilde form of for specifying regularexpression instead of wildcards in the filesspecifications.
SetHandler /cgi-bin/process-image.cgi
operates in a similar manner to, but applies to a URL rather than a
physical file location.
SetHandler server-info>
8/8/2019 Apache Ad Mini Start Ion
27/41
27
Container Directive
allows additional hosts and websites to be defined alongside the main server host site.
Each virtual host can have its own name, IP address,
and error and access logs.
ServerName www.beta-complex.com
ServerAdmin troubleshooter@beta-compex.com
CustomerLog /logs/beta-comlex_log
ErrorLog /logs/beta-comples_log
DocumentRoot /home/www/beta-compex
8/8/2019 Apache Ad Mini Start Ion
28/41
28
Apache's Order for Containers
&
or &
8/8/2019 Apache Ad Mini Start Ion
29/41
29
Server-Level Directives Directives that make sense only at the server level must
be defined outside of any kind of container tag. They cannot be defined in a .htaccess file.
Name of the server
Port and IP address
e-mail of the administrator and error and access logServerName www.trng.nic.in
ServerAdmin infra@alha.nic.in
CustomeLog /log/access-log
DocumentRoot /home/www/alpha-complex
All of then can be set on ServerName www.trng.nic.in
ServerAdmin infra@alha.nic.in
CustomeLog /log/access-log
DocumentRoot /home/www/alpha-complex
Global scope
Local Scope
8/8/2019 Apache Ad Mini Start Ion
30/41
30
Server-Level Directives ServerName directive Apache must always know
hostname of server it is on ServerName www.mtsac.edu
ServerRoot directive directory where server lives
DocumentRoot directive lop level directory where
Apache serves files
ScriptAlias directive directory where executable
scripts are, e.g. /cgi-bin/
ErrorDocument - defines easier to read custom errorresponses
DefaultType redefine default MIME
8/8/2019 Apache Ad Mini Start Ion
31/41
31
Server-Level Directives
To improve server security, we can specify adefault set of highly restricted privileges, andthen only enable them again in specific places.
Options none
AllowOverride none
Order allow, deny
Deny from all
ThenAllow from all
8/8/2019 Apache Ad Mini Start Ion
32/41
32
Server-Level Directives
Options Controls which server features available in a particular
directory All enables all options , which is usually not desirable
ExecCGI permits execution of CGI scripts. This is required for any
kind of executable content to function. FollowSymLinks Files or directories referred to via symbolic links will
be followed.
Includes permits Server Side Includes.
IncludesNOEXEC disables #exec and #include of SSI scripts
Indexes if a URL maps to a directory , apache will create andreturn a formatted listing of the directory contents.
MultiViews this allows contents negotiation.
SymLinksIfOwnerMatch the server follow only sybmolic linksfor which the target file or directory is owned by thesame userID as the link.
8/8/2019 Apache Ad Mini Start Ion
33/41
33
Per-directory Directives
.htaccess apache allows the serverconfiguration to be supplemented with per-directory configuration files. It looks for filescalled .htaccess and treats them as if they were
in a container for that directory. When apache receives a URL that takes intoaccess to a directory for which overrides areenabled, the directory and every parent directory
are examined for the presence of a .htaccess file.Each on found is merged with any container defined for the same directory level.
8/8/2019 Apache Ad Mini Start Ion
34/41
34
Per-Directory Directives Controls how .htaccess files are handled,Defines which
directives override others. All enables all overrides.
None Disables all directives and prevents apache fromsearching for parent directory configuration files.
Authconfig Allows use of the authorization directives
provided by mod_auth and their equivelents in theother authentication modules.
FileInfo Allows use of directives controlling file typesand handle .
Indexes Enables the directives controlling the
appearance of directory indices as genrated byapache.
Limit Allows use of the allow, deny, and order mod_accessdirectives.
Options enables use of the options directives..
8/8/2019 Apache Ad Mini Start Ion
35/41
35
Conditional Configuration
Configuration files can contain sections that shouldonly be used under certain conditions. By enclosingsection of the configuration in or directives.
$httpd D UserRewrite
LoadModule rewrite_module libexec/mod_rewrite.so
Or
RewriteEngine onRewriteLog logs/rewrite.log
RewriteLogLevele 9
8/8/2019 Apache Ad Mini Start Ion
36/41
36
Hosting more than one web site User home pages
The simplest approach is to group all sites under onecontrolling host name.
User can maintain their own home pages withoutreconfiguring the server each time a new user added.
Users may use limited configuration by creating.htaccess files inside their directory.
Apache support this model with the UserDirdirective.
UserDir public_html http://www.trng.nic.in/~user1/colours.html will expand to
/home/user1/public_html/colours.html
8/8/2019 Apache Ad Mini Start Ion
37/41
37
Hosting more than one web site
Separate Servers By running more then one instance of Apache at
the same time.
Each instance is configured with a differenet IP
address and Port number. It consume more memory than a single instance,
and there is no sharing of resources.
Good when running an one secure and reliable
server and one testing server. Httpd f conf/server1.conf
Httpd f conf/server2.conf
8/8/2019 Apache Ad Mini Start Ion
38/41
38
Hosting more than one web site
IP-based virtual hosting Each web sites needs to have its own IP
address, therefore needs either mulitple network
interface or multiple IP addresses on one
interface. Allows multiple web sites to share the same
pool of server processes and configuration.
8/8/2019 Apache Ad Mini Start Ion
39/41
39
Hosting more than one web site
Named-based virtual hosting
Allows multiple web sites to share the same IP
address.
Supports hosting based on names.
8/8/2019 Apache Ad Mini Start Ion
40/41
40
User Home Directories Allow users to publish their own Web pages
Relative path directory that becomes
document root: userDir
Absolute path
Absolute with placeholder
Redirect requests for user home directories
8/8/2019 Apache Ad Mini Start Ion
41/41
41
User Home Directories cont. Enabling/Disabling Mappings
suExec
Enables users to run CGI programs under their
own directories rather than that of server
Configure Apache to use it
Request Redirection enables certaindirectories to be used by others
Recommended