Apache by linzhengnd



Setting up a Web (httpd) server
• Apache is the utility used by Linux servers
  to provide Web services (http services).
• It is the most popular Web server utility in
  use on the Internet.
• Developed and maintained by ASF
  (Apache Software Foundation), a non-
  profit organization founded in 1999.
• Apache is a server that responds to requests
  from Web browsers (or clients) for web content.
• Client browser sends request to apache server
  by entering domain name in URL box.
• Apache server responds to request with content
  from requested page.
• Client displays content from server on terminal
               Intro (cont)
• Apache server is oblivious to content of
  web page.
• Uses external modules to increase
  flexibility and to allow individual
  components to be compiled separately
  from the primary package. These
  modules are called DSOs (Dynamic
  Shared Modules)
• httpd
• apr (apache portable runtime)
• apr-util
Optional Packages
• httpd-manual – apache manual
• Webalizer – web server log analyzer
• Mod_perl – secure sockets layer extension
• Php – embedded php scripting language, including IMAP
  and LDAP support
• Mrtg – mrtg traffic monitor
• Net-snmp and net-snmp-utils – snmp – required for
           Starting Apache
• /sbin/chkconfig httpd on
• /sbin/service httpd start

After making configuration changes to
  Apache, gracefully restart without
  interrupting users currently using the web
  server as follows:
• /sbin/service httpd graceful
• Apache – the name of a server that runs
  the http daemon. Serves web content and
  http. Daemon is named httpd.
• An apache server is the same as the
  apache process. An apache child process
  exists to handle incoming client requests.
• Apache typically uses TCP port 80; https
  uses TCP port 443. If you are running a
  firewall, you must open these ports.
           Starting Apache
1. Add the following lines to the
   /etc/httpd/conf/httpd.conf configuration
     ServerName domainname
     ServerName IP_address

  For example:
  frontdesk mstockbauer.com
                   Starting Apache
2.  ServerAdmin marty.stockbauer@yahoo.com
    Specifies the e-mail address that the server displays
    on error pages
3. ServerSignature EMail
     Specifies that you want an e-mail link on error pages

4.    After saving these changes to the configuration file,
      restart the httpd.
      /etc/sbin httpd graceful

These lines provide an e-mail address for web pages that
    are not found on the server.
           Testing Apache
• Open browser and enter domain name in
  URL box. Also try entering the IP address
  of the web server in the URL box of your
• Content is placed in /var/www/html
  subdirectory. Default opening page is
• Can also be used to set up httpd.
  /etc/httpd/conf/httpd.conf contains many
  informational comments that will be
  overwritten the first time you run this utility.
  Be sure to rename this file BEFORE ever
  running system-config-httpd.
• Tabs: Main, Virtual Hosts, Server,
  Performance Tuning. Each field
  corresponds to a directive in the
  /etc/httpd/conf/httpd.conf file.
                Main tab
• Establish a FQDN as the name of the
  server, an email address for the server
  administrator, and ports and addresses
  that apache listens on for requests.
              Virtual Hosts
• Allows you to establish default settings for
  Apache and set up virtual hosts.
• Virtual hosts allow one instance of Apache
  to respond to requests directed to multiple
  IP addresses or hostnames as though it
  were multiple servers. Each IP address or
  hostname can provide different content
  and be configured differently.
               Server Tab
• Can specify the pathname of the Lock
  directive, the PID file, and the directory
  that Apache uses to store core dumps.
     Performance Tuning Tab
• Control the maximum number of
  connections that Apache allows
  (MaxClients), the number of seconds after
  which a connection will disconnect
  (Timeout), the max number of requests
  allowed per connection
  (MaxRequestsPerChild), and whether to
  allow persistent connections (KeepAlive)
           File System Layout
• Binaries,scripts, and modules are stored in
  /usr/sbin/httpd, /usr/sbi/apachect,
  /usr/bin/htpassewd, /usr/sbin/rotatelogs,
• Configuration files: /etc/httpd/conf/httpd.conf,
  /etc/httpd/conf/magic, etc.
• Logs: /var/log/httpd/access_log,
  /var/log/httpd/error_log, /var/log/httpd/ssl_*_log
                    File system
• Web documents:
   –   /var/www/cgi-bin – holds cgi scripts
   –   /var/www/error – holds default error docs
   –   /var/www/icons – icons used for directories
   –   /var/www/manual
• Document root - /var/www/html by default. Can
  be changed.
• .htaccess files – contains config directives and
  can appear in any directory in the document root
  hierarchy. Location is critical – directives apply
  to all files in the hierarchy rooted at the directory
  containing the .htaccess file.
      Configuration Directives
• Lines in a configuration file that control
  some aspect of Apache
  – Keyword values
  – If value has spaces, must enclose in “”
• /etc/httpd/conf/httpd.conf – most important
  file. Holds global directives.
• An include directive can incorporate
  contents of another file into config file
     Configuration Directives
• .htaccess – local directives can also
  appear in .htaccess file
• Pathnames – when absolute pathname is
  used in configuration directive, directive
  uses that pathname without modification.
  If relative pathname is used, apache
  prepends to the name the value specified
  by the ServerRoot directive (/etc/httpd by
Directives You May Want to Modify
    in /etc/httpd/conf/httpd.conf
• Listen [IP address:]portnumber
   – Specifes IP address and port that httpd will listen on. If no IP
     address or, httpd will listen on all NICs. Must have at
     least one Listen directive or Apache won’t work
   – To change to 8080,
       • Listen 8080
     Now, each request to the server must include a port number
     (www.example.com:8080) or kernel will return a connection
   – Use multiple Listen directives to cause Apache to listen on
     multiple IP addresses and ports.
       Listen 80
Directives You May Want to Modify
    in /etc/httpd/conf/httpd.conf
• ServerAdmin email-address
  – Sets the email address displayed on error
• ServerName fqdn[:port]
  – Specifies server’s name and the port it listens
    on. Fqdn must be able to be resolved by
    DNS and may differ from the hostname of the
    system running the Server.
  ServerName www.example.com:8080
Directives You May Want to Modify
    in /etc/httpd/conf/httpd.conf
• DocumentRoot dirname
  – Points to the root of the directory hierarchy
    that holds the server’s content. Dirname is
    the absolute pathname of the directory at the
    root of the directory hierarchy that holds the
    content apache serves. Do NOT use a
    trailing slash. Default is /var/www/html
  DocumentRoot /home/www
Directives You May Want to Modify
    in /etc/httpd/conf/httpd.conf
• UserDir dirname | disabled | enabled users
  – Allows users to publish content from their home
  – Dirname is the name of a directory that, if it appears
    in a local user’s home directory apache publishes to
    the web. Disabled prevents content from being
    published from user directories, enabled causes the
    home directories of specified users to be displayed.
  – To go to the page in a browser,
    http://www.name.com/~jdoe displays the index.html
    file in jdoe’s public_html directory.
  – Default in RHEL is public_html, Fedora – none, Red
    Hat - disabled
Directives You May Want to Modify
    in /etc/httpd/conf/httpd.conf
• DirectoryIndex filename [filename….]
  – Specifies which file to display when a user asks for a
    directory. Filename is the name of the file that apache
    serves. When a client specifies a directory location
    (no file name), this specifies which files apache
    should look for
    DirectoryIndex index.php index.html index.htm index.shtml
  – http://www.victoriacollege.edu/~marty
     • Uses UserDir of public_html and DirectoryIndex of index.htm
  – .var extension denotes a content-negotiated
    document that allows apache to serve the apache
    manual and other documents in one of several
    languages as specified by client.
      Contexts and Containers
• Contexts – 4 locations that define where a
  configuration directive can appear.
   – Server config – can appear in httpd.conf only, but not
     inside <Virtual Host> or <Directory> containers.
   – Virtual host – can appear in <Virtual Host> container
     within httpd.conf only
   – Directory – Can appear inside
     <Directory>,<Location>, and <Files> containers
   – .htaccess – can appear in .htaccess files only
• Directives in files incorporated with an Include
  directive are part of the context they are included
  in and must be allowed in that context.
• Containers (special directives) are
  directives that group other directives.
  Delimited by XML-style tags.
<Directory> …. </Directory>
<Location> …. </Location>
<VirtualHost> … </VirtualHost>
Some Commonly Used Containers
• <Directory directory> … </Directory>
  – Applies directives to directories within specified
    directory hierarchies. Directory is an absolute
    pathname specifying the root of the directory
    hierarchy that holds the directories the directives in
    the container apply to.
  <Directory /var/www/html/corp>
      Deny from all               denies all clients
      Allow from 192.168.10.      allows
      AllowOverride All           .htaccess files override
Some Commonly Used Containers
• <Files directory>… </Files>
  – Applies directives to specifed ordinary files
• <IfModule module-name> ….<IfModule>
  – Applies directives if a specified module is
• <Limit method …> …</Limit>
  – Limits access-control directives to speciied
    HTTP methods.
Some Commonly Used Containers
• <LimitExcept method> … </LimitExcept>
  – Limits access-control directies to all except
    specified HTTP methods.
• <Location URI> …</Location>
  – Applies directives to specified URIs
• <LocationMatch exp>… <LocationMatch>
  – Applies directives to matched URIs
• <VirtualHost addr[:port]…>..</VirtualHost>
  – Applies directives to a specified virtual host
    Advanced Directives: Control
• MaxClients x– specifies the max number of child
  processes that apache runs at one time. If max
  are all used, apache issues “Server Too Busy”
  error. 150 is typical
• MaxRequestsPerChild x – specifies the max
  number of requests a child process can serve
  during its lifetime. Dies after completion. Set x
  to 0 to not set a limit. BY limiting the life of
  processes, this can prevent memory leaks from
  consuming too much memory. Can hurt
    Advanced Directives: Control
• MaxSpareServers x – specifies the maximum
  number of idle processes apache keeps running
  to serve requests as they come in. DO not set
  too high. RedHat default 20
• MinSpareServers x – specifies the min number
  of idle processes. Increase this value for busy
  sites only. Default is 5. StartServers – specifies
  the number of child processes that Apache
  starts with.
 Advanced Directives: Networking

• HostnameLookups On|off|double –
  specifies whether apache puts a client’s
  hostname or its IP address in the logs
  – On – performs DNS reverse name resolution
    to display host names
  – Off – logs IP addresses
  – Doube – displays both
 Advanced Directives: Networking
• Timeout x – specifies the number of seconds
  that apache waits for network operations to
  complete. Default is 300, RedHat – 120
• UseCanonicalName On|Off|DNS
  – Specifies the method the server uses to identify itself;
    important when server has more than one name and
    needs to redirect.
     • On – uses value of ServerName directive
     • Off – uses name and port from incoming request
     • DNS – reverse DNS on IP of incoming request
   Advanced Directives: Logging
• ErrorLog filename – specifies where
  apache sends error messages. Default:
• LogLevel – specifies the level of error
  messages that apache logs. Default –
  – Options: Emerg, alert, crit, error, warn, notice,
    info, debug
 Directives that Control Content
• AddHandler – creates a mapping between
  fielname extensions and a builtin apache
  – AddHandler cgi-script .cgi
     • Tells apache to process files with .cgi extension
       with the cgi-script handler (related to loaded
• Alias – maps a URI to a directory or file
 Directives that Control Content
• ErrorDocument code action - specifies the
  action apache takes when the specified
  error occurs.
     • ErrorDocument 403 “Sorry, access is forbidden”
• IndexOptions – specifies how apache
  displays directory listings.
• ServerRoot directory – specifies the root
  directory for server files (not content)
 Directives that Control Content
• ServerTokens Prod|Major|Minor|Min|OS|Full
   – specifies the server information that apache returns to
     a client
   – OS – name of OS and complete version
   – Prod – apache
   – Major – major release number
   – Minor – major and minor release numbers
   – Minimal – complete version apache/2.2.0
   – Full – Same as OS, plus names and versions on
     group modules
• Default is Full, Red Hat OS – change this to
  reveal as little as possible
 Directives that Control Content
• ServerSignature On|Off|Email
  – Adds a line to server-generated pages
    • On – turns signature line on with server version as
      specified by ServerTokens
    • Off – turns signature line off
    • Email – adds a mailto: link
      Configuration Directives
• Group – sets the GID of the processes
  that run the servers
• Include – loads directives from files
• LoadModule – loads a module
• Options – controls server features by
• ScriptAlias – maps a URI to a directory or
  file and declares the target to be a server
  (CGI) script
     Configuration DIrectives
• User – sets the UID of the processes that
  run the servers
  – Apache must start as root to listen on a
    privileged port. Child processes run as
    nonprivileged users. Do not set user to root
    or 0.
           Security Directives
• Allow from All | host xxx | env=var
  – Specifies which clients can access specified content
• AllowOverride All|None|directive-class
  – Specifies the class of directives that are allowed in
    .htaccess files
• Deny from All | host | env=var
  – Specifies which clients are not allowed to access
    specified content
• Order Deny,Allow | Allow,Deny
  – Specifies default access and order in which directives
    are evaluated
    The RedHat httpd.conf file
• 3 sections
  – Global Environment – controls the overal
    functioning of the apache server
  – Main Server Configuration – configures the
    deault server and provides default
    configuration information for virtual hosts
  – Virtual Hosts – configures virtual hosts
        Global Environment
• ServerTokens OS
  – causes apache to return name and complete
    version number of apache
• ServerRoot “/etc/httpd”
  – Pathname apache prepends to relative
• <IfModule> - directives in the IfModule
  container are only executed if the specified
  module is loaded.
• Multiprocessing Modules –
  – Prefork – apache module holds directives that control
    the functioning of apache when it starts and as it runs
  – <IfModule prefork.c>
     • StartServers 8
     • MinSpareServers 5
     • MaxSpareServers 20
     • ServerLimit 256
     • MaxClients 256
     • MaxRequestPerCHild 4000
           Global Environment
• Listen
  – Fedora – does not specify an IP address
  – RHEL – specifies –listen on all
    network interfaces.
• LoadModule – several
• Include
• Red Hat Test page –no index.html
    Main Server Configuration
• ServerAdmin, ServerName – change to
  useful values
• DocumentRoot /var/www/html
  – only modify if you want to put content in
    another location
• <Directory>
• DIrectoryIndex index.php index.html …
             Virtual Hosts
• All lines in this section are commented out
  by default.
• Virtual hosts provide for one instance of
  apache to respond to requests directed to
  multiple IP addresses or hostnames as
  though it were multiple servers. Each IP
  address or hostname can be configured
                     Virtual Hosts
• 2 types of Virtual hosts:
   – Host-by-name – relies on FQDN the client uses in its request to
   – Host-by-IP – examines th3e IP address the host resolves as and
     responds according to that match

   <VirtualHost intranet.example.com>
     ServerName intranet.example.com
     DocumentRoot /usr/local/www
     ErrorLog /ar/log/httpd/intra.error_log
       <Directory /usr/local/www>
               Order deny, allow
               Deny from all
               Allow from 192.168.
• Apache can respond to a request for a
  URI by asking the client to request a
  different URI. This is called a redirect.
  The redirect directive can establish an
  explicit redirect that sends a client to a
  different page when a web site is moved
  or can add / when user neglects to
  terminate directory with /
• The ServerName directive and the UseCanonicalName
  directive are both important when a server has more
  than one name and needs to perform a redirect. For
  example, a server named zach.example.com with alias
  www.example.com has ServerName set to
  www.example.com. When client specifies a URI such as
  zach.example.com/dir (no ending /), apache has to
  perform a redirect to deterine the URI of the requested
  directory. When USeCanonicalName is on, apache uses
  the value of the ServerName and returns
  www.example.com/dir/. With UseCanonicalName set to
  off, apache uses the name from the incoming request
  and returns zach.example.com/dir/
• Multiviews is a way to represent a page in
  different ways, most commonly in different
  languages. Using request headers, a
  browser can request a specific language
  from a server.
• To test apache:
  – Open browser to http://localhost/ (locally) or
    http://domainname (from a remote system)
  – If Connection refused error,
     • Check to make sure that port 80 isn’t blocked by a firewall
       and check that the server is running
     • Try to connect with telnet www.example.com 80
• Service httpd configtest –checks syntax of
  apache configuration files
• /sbin/service httpd status – checks to ensure that
  the httpd server is running
• Apache is a skeletal program that relies on
  external modules, called dynamic shared
  objects (DSOs).
                CGI Scripts
• CGI (Common Gateway Interface) allows
  external application programs to interface with
  web servers. Any program can be a CGI
  program if it runs in real time and relays its
  output to the requesting client. Shell scripts,
  Perl, Python, and PHP are the most commonly
  used CGI programs.
• The most common way to handle CGI programs
  is to put a CGI program in the cgi-bin directory
  and enable its execution from that directory only
• SSL, implemented by mod_ssl, allows aclient to
  verify the identity of a server and it enables
  secure 2-way communication between a client
  and a server. SSL is used on web pages that
  require passwords, credit card numbers, etc.
• Apache uses https for ssl communications (port
• /etc/httpd/conf.d/ssl.conf configures mod_ssl.
    Authentication Modules and
• User authentication directives are
  commonly placed in a .htaccess file.
• AuthUserFile /var/www/.htpasswd
• AuthGroupFile /dev/null
• AuthName “Browser dialog box query”
• AuthType Basic
• Require valid-user
         Scripting Modules
• Apache can process content before
  serving it to a client. Scripting modules
  can work with scripts that are embedded in
  html documents. Scripting modules
  manipulate content before Apache serves
  it to a client.
 Webalizer: Analyzes Web Traffic
• Webalizer creates a directory at
  /var/www/usage and a cron file. Once a
  day, the cron file generates usage data
  and puts it in the usage directory.
• MRTG – Monitors Traffic Codes
  – Multi Router Traffic Grapher is an open-
    source application that graphs statistics
    available through SNMP.

To top