Embed Size (px)
Citation preview
Apache Web Server
• Aim of this section – Introduce you to workings of the most common webserver – Give you a little experience in role of webmaster
• Configuring apache • Installing server • Setting access controls on files • etc
Apache
Apache
• Most common httpd daemon server –Just over 60% of market –Used as basis of some other products (e.g. IBM Websphere
application servers)
• Versions exist for Unix, Linux, and Windows –Windows version does differ in implementation detail
Apache
• www.apache.org • apachetoday.com
– URL still valid, but now swallowed up by “ServerWatch” • http://www.serverwatch.com/stypes/servers/index.php/15877
– Still has Apache tutorials
Apache versions
• 1.3.xx (currently 1.3.34) – The classic Apache, the one whose process structure is described
in these lectures. – Still widely used
• 2.x – A modernized threaded server structure – 2.2.x on Unix – 2.0.55 on Windows
January 2006 stats
Server Market Share No. of Sites(.com) domains Apache 67.38% 25,522,907 Microsoft-IIS 20.29% 8,371,612 Unknown 5.59% 3,115,393 Sun-ONE-Web-Server 2.07% 1,061,053 Zeus 0.75% 208,496 WebLogic 0.02% 7,846Oracle 0.01% 2,637 NCSA HTTPd 0.00% 315
Server
No. of Sites
Market Share
No. of Sites With .com domains
Apache
50,502,840
67.38%
25,522,907
Microsoft-IIS
15,208,775
20.29%
8,371,612
Unknown
4,186,054
5.59%
3,115,393
Sun-ONE-Web-Server
1,551,930
2.07%
1,061,053
Zeus
561,524
0.75%
208,496
WebLogic
13,601
0.02%
7,846
...
...
...
...
Oracle
8,280
0.01%
2,637
...
...
...
...
NCSA HTTPd
1,717
0.00%
315
Apache – Things you should know
Aspects of Apache (1)
• Processes– How does it work– Administrator controls resource usage
• Modules
– These determine the functionality of a particular server– Administrator chooses the necesary modules
• Access control
– Administrator can limit web-clients’ access to different resources
Aspects of Apache (2)• Logs
–Usefull data for usage pattern analysis and problem determination
• Virtual Hosts–An apache web server can serve several sites (by
pretending to be a diffrent server)• Mechanisms for dynamic page generation
–CGI, SSI, ...• How to configure
Apache Processes (Unix/Linux)
• Apache httpd CHIEF process monitoring port• Child processes:
– Pool of preforked processes each running apache
• The chief process keeps track of the childs (minimum and maximum nr of childs etc)
Apache Processes (Unix/Linux)
• Child processes (1.3)– Each child acts like a “serial server”– Each child has a maximum number of connections that can handle (one at a
time); ones it has dealt with that number it must terminate
Apache Processes (Unix/Linux)
• Child processes (2.x)– Each child acts like a “threaded server”– Each child deals a number of connections at a time
Apache Processes (Unix/Linux)
• Child processes– Client connections tipicaly contain a sequence of requests.– Usually Apache configured to “keep alive” connections
Apache Administrator role: performance
• Must set limits on processes in order to achieve acceptable performance levels from host computer– MaxClients, Memory Limits, Swapping, cacheing ...– MinSpareServers, MaxSpareServers ...
• Must set limits for actions of child processes– KeepAlive, MaxKeepAliveRequests, KeepAliveTimeout– Timeout– MaxRequestsPerChild
Apache Modules
• Apache Server– Core Component (serves simple static HTML)– Modules (implement optional features and extensions)
Modules• Standard Modules:
– mod_cgi, mod_env, mod_log_config, mod_mime, mod_negociation (core functionality)
– mod_status, mod_dir, mod_autoindex (information modules)– mod_access, mod_auth, mod_userdir, mod_alias (access control)– mod_imap, mod_include, mod_actions (extra processing)
• Optional modules:– mod_proxy, mod_rewrite, mod_speling
• Add-on modules– mod_perl, mod_php, etc ...
Apache Administrator role: modularity
• Must select the modules to be incorporated– Functionality– Security
• Config parameters for each module
Apache : access control
• Apache set-up must secure file-space against inapropriate web access (location, access controls, authorisation)
• Apache’s user– It has to be started by root (in order to gain control of port 80 < 1024)– Should imidiately switch to a non-priviledged user (apache)– If root is not available use own filespace and port above 1024
Apache : access control (cont)
• Basic controls (mod_access) allows restrictionsbased on IP address of the request
• General policies specified in conf files (<Directory> sections)• Overrides possible with .htaccess files (costly)• Authorization: 401 error requests auth. The server can check against text
files, dbm, sql– The browser must perform state maintenance– It can be basic (text files) or DBM
Apache administrator’s role: access
• Should edit main controls in httpd.conf• Can specify specific controls per directory in httpd.conf• Can enable htaccess for detailed controls
Apache : logs
• Two logs are normaly maintained: access and errors• Custom logs could be defined• Can grow fast: rotate!• Analyze!• Can decide to record host names instead of ip (costly)• Error log level should be set (from debug to emerg)• Log analysis tools available (free and comercial)
Apache : virtual hosts
• Better separate web applications runing on your server• NameBased or IP Based• First step is to properly set up DNS• Configuration file must identify the different hosts• HTTP 1.0 clients: no Host Header!
Apache : virtual host
• Configuring Apache:– NameVirtualHost– VirtualHostDirectives (for each host)
• Example using mod_proxy to forward the requests:
NameVirtualHost 86.34.230.27
<VirtualHost 86.34.230.27>
ServerAdmin [email protected]
ServerName 86.34.230.27
ProxyPass / http://proxy.internal/
ProxyPassReverse / http://proxy.internal/
TransferLog logs/direct_log
CustomLog logs/direct_log combined
</VirtualHost>
<VirtualHost 86.34.230.27>
ServerAdmin [email protected]
ServerName www.etronics.ro
ProxyPass / http://proxy.internal/test-site/
ProxyPassReverse / http://proxy.internal/test-site/
TransferLog logs/etronics_log
CustomLog logs/etronics_log combined
</VirtualHost>
