Apache HTTP Server

Kh

oa

CN

TT

1/26

PH

ẠM

VĂ

N T

ÍNH

01-2

004

Apache HTTP ServerApache HTTP Server

Kh

oa

CN

TT

2/26

PH

ẠM

VĂ

N T

ÍNH

01-2

004

Starting and Stopping httpd Starting and Stopping httpd

• The httpd RPM installs the /etc/rc.d/init.d/httpd script, which can be accessed using the /sbin/service command.

• To start the server, as root type:

/sbin/service httpd start

• To stop the server, as root type:

/sbin/service httpd stop

• The restart option is a shorthand way of stopping and then starting the Apache HTTP Server. To restart the server, as root type:

/sbin/service httpd restart

• After editing the httpd.conf file, however, it is not necessary to explicitly stop and start the server. Instead, use the reload option. To reload the server configuration file, as root type:

/sbin/service httpd reload

Kh

oa

CN

TT

3/26

PH

ẠM

VĂ

N T

ÍNH

01-2

004

Configuring Apache Configuring Apache

• The Apache HTTP Server configuration file is /etc/httpd/conf/httpd.conf. The httpd.conf file is well-commented and mostly self-explanatory.

• If configuring the Apache HTTP Server, edit /etc/httpd/conf/httpd.conf and then either reload, restart, or stop and start the httpd process

• Before editing httpd.conf, first make a copy the original file. Creating a backup makes it easier to recover from mistakes made while editing the configuration file.

• Next look in the Web server's error log, /var/log/httpd/error_log. The error log may not be easy to interpret, depending on the level of experience.

Kh

oa

CN

TT

4/26

PH

ẠM

VĂ

N T

ÍNH

01-2

004

Where To Put Your Web PagesWhere To Put Your Web Pages

•The Default File Location: /var/www/html/ •File Permissions And Apache•Apache will display Web page files as long as they are world readable. You have to make sure you make all the files and subdirectories in your DocumentRoot have the correct permissions. It is a good idea to have the files owned by a nonprivileged user so that Web developers can update the files using FTP or SCP without requiring the root password.

•Create a user with a home directory of /home/www. •Change the permissions on the /home/www directory to 755, which allows all users, including the Apache's httpd daemon, to read the files inside.

•[root@bigboy tmp]# useradd -g users www•[root@bigboy tmp]# chown -R www:users /home/www•[root@bigboy tmp]# chmod 755 /home/www

Kh

oa

CN

TT

5/26

PH

ẠM

VĂ

N T

ÍNH

01-2

004

Named Virtual Hosting ExampleNamed Virtual Hosting Example

Kh

oa

CN

TT

6/26

PH

ẠM

VĂ

N T

ÍNH

01-2

004

Configure Virtual Hosting on Multiple IPsConfigure Virtual Hosting on Multiple IPs

Kh

oa

CN

TT

7/26

PH

ẠM

VĂ

N T

ÍNH

01-2

004

Configuration Directives in httpd.confConfiguration Directives in httpd.conf

• ServerRoot ServerRoot /etc/httpdThe ServerRoot is the top-level directory which contains the server's files. Both the secure server and the non-secure server set the ServerRoot directive is set to "/etc/httpd".

• PidFile PidFile /var/run/httpd.pidPidFile names the file where the server records its process ID (PID). By default the PID is set in /var/run/httpd.pid.

• Timeout Timeout 300Timeout defines, in seconds, the amount of time that the server will wait for receipts and transmissions during communications. Timeout is set to 300 seconds by default.

• KeepAlive Keepalive off KeepAlive sets whether the server will allow more than one request per connection. By default Keepalive is set to off. If Keepalive is set to on and the server becomes very busy, the server can quickly spawn the maximum number of child processes. In this situation, the server will slow down significantly.

Kh

oa

CN

TT

8/26

PH

ẠM

VĂ

N T

ÍNH

01-2

004


• MaxKeepAliveRequests MaxKeepAliveRequests 100 This directive sets the maximum number of requests allowed per persistent connection.MaxKeepAliveRequests is set to 100 by default, which should be appropriate for most situations.

• KeepAliveTimeout KeepAliveTimeout 15KeepAliveTimeout sets the number of seconds the server will wait after a request has been served before it closes the connection. KeepAliveTimeout is set to 15 seconds by default.

• MaxClients MaxClients 150MaxClients sets a limit on the total number of server processes, or simultaneously connected clients, that can run at one time. The main purpose of this directive is to keep a runaway Apache HTTP Server from crashing the operating system.

Kh

oa

CN

TT

9/26

PH

ẠM

VĂ

N T

ÍNH

01-2

004


• Listen Listen 192.168.1.2:80The Listen command identifies the ports on which the Web server will accept incoming requests. By default, the Apache HTTP Server is set to listen to port 80 for non-secure Web communications and (in the /etc/httpd/conf.d/ssl.conf which defines any secure servers) to port 443 for secure Web communications.

• User User apacheThe User directive sets the user name of the server process and determines what files the server is allowed to access. By default User is set to apache.

• Group Group apacheSpecifies the group name of the Apache HTTP Server processes. By default Group is set to apache.

• ServerAdmin ServerAdmin [email protected] the ServerAdmin directive to the email address of the Web server administrator. By default, ServerAdmin is set to root@localhost.

Kh

oa

CN

TT

10/2

6P

HẠ

M V

ĂN

TÍN

H01

-200

4


• ServerName ServerName www.hcmuaf.edu.vn:80 Use ServerName to set a hostname and port number (matching the Listen directive) for the server. The ServerName does not need to match the machine's actual hostname. For example, the Web server may be www.example.com but the server's hostname is actually foo.example.com. The value specified in ServerName must be a valid Domain Name Service (DNS) name that can be resolved by the systemServerName www.example.com:80

• DocumentRoot DocumentRoot /var/www/html The DocumentRoot is the directory which contains most of the HTML files which is served in response to requests. The default DocumentRoot for both the non-secure and secure Web servers is the /var/www/html directory. For example, the server might receive a request for the following document:

http://example.com/foo.html The server looks for the following file in the default directory: /var/www/html/foo.html

Kh

oa

CN

TT

11/2

6P

HẠ

M V

ĂN

TÍN

H01

-200

4


• Directory Each <Directory ></Directory> block configures access information for the named directory (or directories) and its subdirectories. The first block sets the default permissions for all directories:

<Directory /> Options FollowSymLinks AllowOverride None</Directory>

• OptionsThe Options directive controls which server features are available in a particular directory. For example, under the restrictive parameters specified for the root directory, Options is set to only FollowSymLinks. No features are enabled, except that the server is allowed to follow symbolic links in the root directory.

Kh

oa

CN

TT

12/2

6P

HẠ

M V

ĂN

TÍN

H01

-200

4


Values for the Options directive can be a space-delimited list of one or more of the following:

• All — Enables all options except MultiViews. All is the default Option.

• ExecCGI — Enables execution of CGI scripts.• FollowSymLinks — Enables the server to follow symbolic

links in this directory.• Indexes — Instructs the server to return a formatted listing of

a directory for which no directory index, such as index.html, exists.

• MultiViews — Enables MultiView searches. If the server receives a request for a resource that does not exist, for example, /docs/resource, then the server scans the directory for all files named resource.*, if any, assigns them the same media types and content encodings they would have had if the client had asked for one of them by name, chooses the best match to the client’s requirements, and returns that document.

Kh

oa

CN

TT

13/2

6P

HẠ

M V

ĂN

TÍN

H01

-200

4


• None — Disables all special directory features in this directory and its subdirectories.

• SymLinksIfOwnerMatch — Instructs the server to follow only those symbolic links for which the target file or directory has the same UID as the link.

• AllowOverride AllowOverride None|AllThe AllowOverride directive sets whether or not any Options can be overridden by the declarations in an .htaccess file. By default, both the root directory and the DocumentRoot are set to allow no .htaccess overrides.

• Order Order allow,deny The Order directive controls the order in which allow and deny directives are evaluated. The server is configured to evaluate the Allow directives before the Deny directives for the DocumentRoot directory.

Kh

oa

CN

TT

14/2

6P

HẠ

M V

ĂN

TÍN

H01

-200

4


• Allow Allow from allAllow specifies which requester can access a given directory. The requester can be all, a domain name, an IP address, a partial IP address, a network/netmask pair, and so on. The DocumentRoot directory is configured to Allow requests from all, meaning everyone has access.

• DenyDeny works just like Allow, except it specifies who is denied access. The DocumentRoot is not configured to Deny requests from anyone by default.

• Disable autoindex for the root directory, and present as default Welcome page if no other index page is present.<LocationMatch "^/$> Options -Indexes ErrorDocument 403 /error/noindex.html</LocationMatch>

Kh

oa

CN

TT

15/2

6P

HẠ

M V

ĂN

TÍN

H01

-200

4


• UserDir UserDir public_htmlUserDir is the name of the subdirectory within each user's home directory where they should place personal HTML files which are served by the Web server. This directive is set to disable by default.

• The name for the subdirectory is set to public_html in the default configuration. For example, the server might receive the following request:

• http://example.com/~username/foo.html The server would look for the file:

• /home/username/public_html/foo.html

• Users' home directories must be set to 0711. The read (r) and execute (x) bits must be set on the users' public_html directories (0755 will also work).

• Files that will be served in users' public_html directories must be set to at least 0644.

Kh

oa

CN

TT

16/2

6P

HẠ

M V

ĂN

TÍN

H01

-200

4


• DirectoryIndexDirectoryIndex index.shtml index.html index.htm

home.html home.htm index.phpThe DirectoryIndex is the default page served by the server when a user requests an index of a directory by specifying a forward slash (/) at the end of the directory name for example: http://example/this_directory/.

• HostnameLookups HostnameLookups OffHostnameLookups can be set to on, off . If HostnameLookups set to on, the server automatically resolves the IP address for each connection. Resolving the IP address means that the server makes one or more connections to a DNS server, adding processing overhead. To conserve resources on the server, HostnameLookups set to off by default.

Kh

oa

CN

TT

17/2

6P

HẠ

M V

ĂN

TÍN

H01

-200

4


• ErrorLog ErrorLog /var/logs/error_logErrorLog specifies the file where server errors are logged. By default, this directive is set to /var/log/httpd/error_log.

• LogLevelLogLevel sets how verbose the error messages in the error logs are. LogLevel can be set (from least verbose to most verbose) to emerg, alert, crit, error, warn, notice, info or debug. The default LogLevel is warn.

• RedirectWhen a webpage is moved, Redirect can be used to map the file location to a new URL. The format is as follows:

• Redirect /<old-path>/<file-name> http://<current-domain>/<current-path>/<file-name> In this example, any requests for <file-name> at the old location is automatically redirected to the new location.

Kh

oa

CN

TT

18/2

6P

HẠ

M V

ĂN

TÍN

H01

-200

4


• Alias Alias /manual "/var/www/manual“Alias /tuyensinh "/var/www/tuyensinh"

The Alias setting allows directories outside the DocumentRoot directory to be accessible. Any URL ending in the alias automatically resolves to the alias' path

• ErrorDocumentErrorDocument 402 http://www.example.com/subscription_info.htmlThe ErrorDocument directive associates an HTTP response code with a message or a URL to be sent back to the client. By default, the Web server outputs a simple and usually cryptic error message when an error occurs. The ErrorDocument directive forces the Web server to instead output a customized message or redirects the client to a local or external URL

• VirtualHost<VirtualHost> and </VirtualHost> tags create a container outlining the characteristics of a virtual host. The <VirtualHost> container accepts most configuration directives.

Kh

oa

CN

TT

19/2

6P

HẠ

M V

ĂN

TÍN

H01

-200

4

Setting Up Virtual Hosts Setting Up Virtual Hosts

• We want cofigure 2 websites: www.small.com and www.big.com to share 1 IP address 203.1.40.1

NameVirtualHost 203.1.40.1 <VirtualHost 203.1.40.1>

ServerAdmin [email protected] /www/small/ServerName www.small.com ErrorLog logs/small-error_log

</VirtualHost>

<VirtualHost 203.1.40.1> ServerAdmin [email protected] /www/big/ServerName www.big.com ErrorLog logs/big-error_log

</VirtualHost>

Kh

oa

CN

TT

20/2

6P

HẠ

M V

ĂN

TÍN

H01

-200

4

Authentication Authentication

the basics of password protecting a directory on your server:

• You'll need to create a password file. This file should be placed somewhere not accessible from the web. For example, you might want to put the password file(s) in /usr/local/apache/

• To create the file, use the htpasswd utility that came with Apache. This be located in the bin directory of wherever you installed Apache. To create the file, type:

# htpasswd -c /usr/local/apache/password.conf userA New password: mypassword Re-type new password: mypassword Adding password for user userA

• If htpasswd is not in your path, of course you'll have to type the full path to the file to get it to run. It's located at /usr/bin/htpasswd

Kh

oa

CN

TT

21/2

6P

HẠ

M V

ĂN

TÍN

H01

-200

4

AuthenticationAuthentication

• you'll need to configure the server to request a password and tell the server which users are allowed access. You can do this either by editing the httpd.conf file or using an .htaccess file. For example, if you wish to protect the directory /var/www/html/secret, you can use the following directives, either placed in the file /usr/local/apache/htdocs/secret/.htaccess, or placed in httpd.conf inside a <Directory /var/www/html/secret> section.

<Directory /var/www/html/secret>AuthType Basic AuthName "Restricted Files" AuthUserFile /usr/local/apache/password.conf require user userA

Kh

oa

CN

TT

22/2

6P

HẠ

M V

ĂN

TÍN

H01

-200

4

Letting more than one person inLetting more than one person in

• If you want to let more than one person in, you'll need to create a group file that associates group names with a list of users in that group. The format of this file is pretty simple, and you can create it with your favorite editor. The contents of the file will look like this:

GroupName: rbowen dpitts sungo rshersey

• That's just a list of the members of the group in a long line separated by spaces.

• To add a user to your already existing password file, type:

htpasswd /usr/local/apache/password.conf dpitts

• Now, you need to modify your .htaccess file to look like the following:

• AuthType Basic AuthName "By Invitation Only" AuthUserFile /usr/local/apache/password.conf AuthGroupFile /usr/local/apache/passwd/groups require group GroupName

Kh

oa

CN

TT

23/2

6P

HẠ

M V

ĂN

TÍN

H01

-200

4

Protect Web Page Directories With PasswordsProtect Web Page Directories With Passwords

1) Use Apache's htpasswd password utility to create username/password combinations independent of your system login password for Web page access.

[root@bigboy tmp]# htpasswd -c /etc/httpd/conf/.htpasswd peter New password: Re-type new password: Adding password for user peter [root@bigboy tmp]# [root@bigboy tmp]# htpasswd /etc/httpd/conf/.htpasswd paul New password: Re-type new password: Adding password for user paul [root@bigboy tmp]#

2) Make the .htpasswd file readable by all users.

[root@bigboy tmp]# chmod 644 /etc/httpd/conf/.htpasswd

Kh

oa

CN

TT

24/2

6P

HẠ

M V

ĂN

TÍN

H01

-200

4


3) Create a .htaccess file in the directory to which you want password control with these entries.

AuthUserFile /etc/httpd/conf/.htpasswd AuthGroupFile /dev/null AuthName EnterPassword AuthType Basic require user peter

Remember this password protects the directory and all its subdirectories. The AuthUserFile tells Apache to use the .htpasswd file. The require user statement tells Apache that only user peter in the .htpasswd file should have access. If you want all .htpasswd users to have access, replace this line with require valid-user. AuthType Basic instructs Apache to accept basic unencrypted passwords from the remote users' Web browser.

Kh

oa

CN

TT

25/2

6P

HẠ

M V

ĂN

TÍN

H01

-200

4


4) Set the correct file protections on your new .htaccess file in the directory /home/www.

[root@bigboy tmp]# chmod 644 /home/www/.htaccess

5) Make sure your /etc/httpd/conf/http.conf file has an AllowOverride statement in a <Directory> directive for any directory in the tree above /home/www. In this example below, all directories below /var/www/ require password authorization.

<Directory /home/www/*> AllowOverride AuthConfig </Directory>

Kh

oa

CN

TT

26/2

6P

HẠ

M V

ĂN

TÍN

H01

-200

4

Chú ýChú ý

• Để cấm Apache sử dụng Symbolic Links buộc phải khai báo:</Directory /var/www/html >

Options None…….

</Directory>

• Để Apache chỉ sử dụng Symbolic Links nếu chủ nhân của Liên kết giống như chủ nhân của thư mục/Files gốc:</Directory /var/www/html >

Options SymLinksIfOwnerMatch…….</Directory>

• Ví dụ:/var/www/program : chủ nhan là roottrong /var/www/html tao liên kết:ln –sd /var/www/program /var/www/html/program nếu chủ nhân của toàn bộ /var/www/html là apache thì không truy xuất vào www.xxx.com/program được. Muốn truy xuất thành công phải đổi chủ nhân cho /var/www/program thành Apache

Technology

Apache HTTP Server