Apache Web Server



The Apache HTTP Server,  is a web server software. Apache supports a variety of features, many implemented as compiled modules which extend the core functionality. These can range from server-side programming language support to authentication schemes. Some common language interfaces support PerlPythonTcl, and PHP. Popular authentication modules include mod_access, mod_auth, mod_digest.  Virtual hosting allows one Apache installation to serve many different actual websites. 

Apache Package Included:

httpd => The core web server package.
httpd-manual => On-line manual for the web server.
mod_python => Allows the use of Python programs alongside the web server.
mod_perl => Supports the Perl programming language.
mod_ssl => Support for HTTPS, the encrypted version of HTTP.
hwcrypto => Provides the facility to use hardware cryptographic systems to boost the speed of HTTPS communications.
php => PHP provides another scripting language for the web server to replace CGI.
php-imap => Provides the hooks for PHP to use the IMAP protocol to talk to email systems.
php-ldap => Provides the hooks for PHP to perform lookups in LDAP directories.
php-pgsql => provides the hooks for PHP to work with PostgreSQL relational databases.
mod_auth_pgsql => Provides the facility to use a PostgreSQL database to do password lookups for access controls rather than the plain text les that are often used.
squid => Squid is a proxy caching server.
webalizer => Webalizer is a Web server log analysis program.

Confi guration hierarchy:


The /etc/httpd directory contains all the confi guration for the web server and is where the server looks for everything except the web pages themselves. The conf subdirectory is for the main confi guration le, httpd.conf. The conf.d directory is for extra elements of confi guration which can be automatically included in the server confi guration.


The logs symbolic link points into the /var/logs directory. An httpd subdirectory is used because there will typically be more than one log le in use at any time. This subdirectory holds them together. The modules symbolic link points into /usr/lib. Again, an httpd subdirectory is used to keep all the Apache libraries together. The libraries are called “modules” under Apache. The run symbolic link points to /var/run.

Initial document hierarchy:


The /var/www directory is the default location for les served by the web server.  The html directory is the basic website. Anything put here will appear on the website. The icons subdirectory contains the icons used in the automatically generated listings.

The /var/www directory tree is owned by root. Any changes to the website as the system currently stands need to be done by root.  A user and group have been created for the web server to run as.

$ grep apache /etc/passwd /etc/group
/etc/passwd:apache:x:48:48:Apache:/var/www:/sbin/nologin
/etc/group:apache:x:48:

To enable the web server (so that it gets started at system boot), use the chkcong command.


# chkconfig --list httpd
httpd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
# chkconfig httpd on
# chkconfig --list httpd
httpd 0:off 1:off 2:on 3:on 4:on 5:on 6:off

Virtual host:


There are (at least) three different ways that a single web server can host more than
one web site.

Multiple ports:


A web server can listen on more than the default port (number 80) and offer different web sites on each port. To identify a non-standard port, its number must follow the server name in the URL: http://www.dept.cam.ac.uk:port/some/path/here/. The receiving system uses the port number of the incoming query to distinguish between web sites.


Multiple addresses:




A single system need not have a single IP address. It can have many and each can have a different web site attached to it. This leads to two different server names appearing in standard URLs (i.e. there's no :port element in the URL) but the two server names correspond to the two different IP addresses of the system and correspond to different web sites. The receiving web server uses the destination IP address on the incoming query to distinguish web sites.

Multiple aliases:


Also known as name-based virtual hosting, this is the most common form of virtual hosting. The server only has a single IP address, but two different names in the DNS correspond to that address. So chalk.dept.cam.ac.uk and cheese.dept.cam.ac.uk both map on to the same IP address and therefore the same server.

Syntax summary: Virtual hosts

NameVirtualHost interface => This instructs the web server to run name-based virtual hosts on interface. If
the specied interface is * then all available interfaces are used.

<VirtualHost> => The VirtualHost section describes a single virtual host. Everything from the <VirtualHost interface> to </VirtualHost> sets parameters for a single virtual host. The interface specied must match one previously set up for namedbased virtual hosting by a NameVirtualHost command.

ServerName => This sets the name of the server for the virtual host. If a query's Host: header does not match this then the virtual host block will not be applied.

DocumentRoot => This command species where the server should look for its documents for the particular virtual host. This is where we get to split up our various hosts into different directories.

We do not need to restart our web server after each change to the conguration le. A rather faster mechanism is to cause it to reread its le to note changes. This is done by using the reload option on the startup script.

# /etc/init.d/httpd reload
Reloading httpd: [ OK ]
========================================================================

Create an Alias for content outside of the web root (/var/www/html)
     Alias /testalias1 /var/www/testalias1
     <Directory /var/www/testalias1>
AllowOverride Non
order allow,deny
allow from all
     </Directory>

========================================================================


Start Apache and continue to explore
 service httpd start
root     31324     1  0 10:17 ?        00:00:00 /usr/sbin/httpd
apache   31326 31324  0 10:17 ?        00:00:00 /usr/sbin/httpd
apache   31327 31324  0 10:17 ?        00:00:00 /usr/sbin/httpd
apache   31328 31324  0 10:17 ?        00:00:00 /usr/sbin/httpd
apache   31329 31324  0 10:17 ?        00:00:00 /usr/sbin/httpd
apache   31330 31324  0 10:17 ?        00:00:00 /usr/sbin/httpd
apache   31331 31324  0 10:17 ?        00:00:00 /usr/sbin/httpd
apache   31332 31324  0 10:17 ?        00:00:00 /usr/sbin/httpd
apache   31333 31324  0 10:17 ?        00:00:00 /usr/sbin/httpd

Note: Parent Apache runs as 'root' and can see the entire file system
Note: However, children processes run as 'apache' and can only see files/directories that 'apache:apache'
========================================================================
Virtual Hosts Configuration:


 Features:
  1. Ability to share/serve content based on 1 or more IP addresses
  2. Supports 2 modes of Virtual Hosts:
   a. IP Based - one site per IP address
   b. Host header names - multiple sites per IP address

Tasks:
  1. Create IP Based Virtual Hosts
   a. ifconfig eth0:1 192.168.75.210
   b. Configure the Virtual Host:

<VirtualHost 192.168.75.210>
ServerAdmin webmaster@linuxcbtserv4.linuxcbt.internal
ServerName site1.linuxcbt.internal
DocumentRoot /var/www/site1
<Directory /var/www/site1>
Order allow,deny
Allow from all
</Directory>
CustomLog logs/site1.linuxcbt.internal.access.log combined
ErrorLog logs/site1.linuxcbt.internal.error.log
</VirtualHost>

  c. Create: /var/www/site1 and content

 2. Create Name-based Virtual Hosts using the primary IP address
  a. /etc/httpd/conf/httpd.conf:
   NameVirtualHost 192.168.75.199:80

<VirtualHost 192.168.75.199:80>
ServerAdmin webmaster@linuxcbtserv4.linuxcbt.internal
ServerName site3.linuxcbt.internal
DocumentRoot /var/www/site3
<Directory /var/www/site3>
Order allow,deny
Allow from all
</Directory>
CustomLog logs/site3.linuxcbt.internal.access.log combined
ErrorLog logs/site3.linuxcbt.internal.error.log
</VirtualHost>
 ========================================================================
Apache with SSL Support


Features:
  1. Secure/Encrypted communications

 Requirements:
  1. httpd
  2. openssl
  3. mod_ssl
  4. crypto-utils (genkey) - used to generate certificates/private keys/CSRs
    a. also used to create a self-signed certificate

Tasks:
  1. Install the requirements
   a. mod_ssl - module for Apache, which provides SSL support
   yum -y install mod_ssl
    /etc/httpd/conf.d/ssl.conf - includes key SSL directives

   b. crypto-utils - provies /usr/bin/genkey

  2. Generate SSL usage keys using: genkey
   a. genkey site1  - creates text-gui interface

  3. Update /etc/httpd/conf.d/ssl.conf to reference the new keys (public/private)

  4. Restart the HTTPD server
   a. service httpd restart
   b. httpd -S

  5. Test HTTPS connectivity
   a. https://192.168.75.199

Note: For mutliple SSL sites, copy the: /etc/httpd/conf.d/ssl.conf file to distinct files, that match your distinct IP-based VHosts
========================================================================
Options to the startup script /etc/init.d/httpd

start => Starts the web server.
stop => Stops the web server.
restart => Stops and starts the web server.
condrestart => Stops and starts the web server if the PID le exists that suggests that the web server was started via this script, rather than just manually.
status => Indicates whether or not the web server is running.
fullstatus => This option does not run on Red Hat Linux.
reload => Causes a running web server to reread its conguration le(s) and to reopen its log les.
graceful => Equivalent to restart but politer.
configtest => Does not launch a web sever but forces it to parse the conguration le for syntactic validity.

No comments:

Post a Comment

Subscribe to: Posts (Atom)