Apache Web Server

Published on June 2016 | Categories: Documents | Downloads: 76 | Comments: 0 | Views: 499
of 45
Download PDF   Embed   Report

Comments

Content

Apache Web Server

K.C. Sunil Babu

© 2010 Wipro Ltd - Confidential

Agenda
1 Introduction 2 Core enhancements in Apache 2.2 3 Components of httpd.conf 4 Installing Apache 5 Working with Apache

2

© 2010 Wipro Ltd - Confidential © 2009 Wipro Ltd - Confidential

Introduction

3

© 2010 Wipro Ltd - Confidential

Apache Web Server
 Apache is generally recognized as the world's most popular Web server  Originally designed for Unix servers and now ported to other NOS  The name "Apache" derives from the word "patchy" that the Apache developers used to describe early versions  Provides a full range of Web server features, including CGI, SSL, and virtual domains  Apache also supports plug-in modules for extensibility  Apache is reliable, free, and relatively easy to configure.  Apache is free software distributed by the Apache Software Foundation

4

© 2010 Wipro Ltd - Confidential © 2009 Wipro Ltd - Confidential

How does Apache Work
 Apache is a program that runs under a suitable multitasking operating system.  The binary is called httpd under Unix and apache.exe under Win32 and runs in the background  Each copy of httpd/apache that is started has its attention directed at a web site , which is, for practical purposes, a directory.

5

© 2010 Wipro Ltd - Confidential © 2009 Wipro Ltd - Confidential

Important Apache Directories
 conf - Contains the configuration file(s), of which httpd.conf is the most important.  htdocs - Contains the HTML scripts to be served up to the site's clients. This directory and those below it, the web space, are accessible to anyone on the Web and therefore pose a severe security risk if used for anything other than public data.  logs - Contains the log data, both of accesses and errors.  cgi-bin - Contains the CGI scripts. These are programs or shell scripts written by or for the webmaster that can be executed by Apache on behalf of its clients. It is most important, for security reasons, that this directory not be in the web space.

6

© 2010 Wipro Ltd - Confidential © 2009 Wipro Ltd - Confidential

Core Enhancements in Apache 2.2

7

© 2010 Wipro Ltd - Confidential

Core Enhancements in Apache 2.2
 Authn/Authz - The bundled authentication and authorization modules have been refactored. The new mod_authn_alias module can greatly simplify certain authentication configurations.  Caching - mod_cache, mod_disk_cache, and mod_mem_cache have undergone a lot of changes, and are now considered productionquality. htcacheclean has been introduced to clean up mod_disk_cache setups.  Configuration - The default configuration layout has been simplified and modularised. Configuration snippets which can be used to enable commonly-used features are now bundled with Apache, and can be easily added to the main server config.

8

© 2010 Wipro Ltd - Confidential © 2009 Wipro Ltd - Confidential

Core Enhancements in Apache 2.2
 Graceful Stop - The prefork, worker and event MPMs now allow httpd to be shutdown gracefully via the graceful-stop signal. The GracefulShutdownTimeout directive has been added to specify an optional timeout, after which httpd will terminate regardless of the status of any requests being served.  Proxying - The new mod_proxy_balancer module provides load balancing services for mod_proxy.  Regular Expression Library Updated - Perl Compatible Regular Expression Library (PCRE) is now included. httpd can be configured to use a system installation of PCRE by passing the --with-pcre flag to configure

9

© 2010 Wipro Ltd - Confidential © 2009 Wipro Ltd - Confidential

Core Enhancements in Apache 2.2
 Smart Filtering - mod_filter introduces dynamic configuration to the output filter chain. It enables filters to be conditionally inserted, based on any Request or Response header or environment variable, and dispenses with the more problematic dependencies and ordering problems.  Large File Support - httpd is now built with support for files larger than 2GB on modern 32-bit Unix systems. Support for handling >2GB request bodies has also been added.  Event MPM - The event MPM uses a separate thread to handle Keep Alive requests and accepting connections. Keep Alive requests have traditionally required httpd to dedicate a worker to handle it. This dedicated worker could not be used again until the Keep Alive timeout was reached.  SQL Database Support - mod_dbd, together with the apr_dbd framework, brings direct SQL support to modules that need it. Supports connection pooling in threaded MPMs.

10

© 2010 Wipro Ltd - Confidential © 2009 Wipro Ltd - Confidential

Components of httpd.conf

11

© 2010 Wipro Ltd - Confidential

Sections of httpd.conf
The configuration directives are grouped into three basic sections:  Directives that control the operation of the Apache server process as a whole (the 'global environment').  Directives that define the parameters of the 'main' or 'default' server, which responds to requests that aren't handled by a virtual host. These directives also provide default values for the settings of all virtual hosts.  Settings for virtual hosts, which allow Web requests to be sent to different IP addresses or hostnames and have them handled by the same Apache server process.

12

© 2010 Wipro Ltd - Confidential © 2009 Wipro Ltd - Confidential

Section 1: Global Environment
The directives in this section affect the overall operation of Apache, such as the number of concurrent requests it can handle or where it can find its configuration files • • • • • • ServerRoot PidFile Timeout KeepAlive MaxKeepAliveRequests KeepAliveTimeout

13

© 2010 Wipro Ltd - Confidential © 2009 Wipro Ltd - Confidential

Section 1: Global Environment Cont..
Server Pool Size Regulation Directives – MPM Specific (Multiprocessing Module) Below are the Worker MPM directives • StartServers • MaxClients • MinSpareThreads • MaxSpareThreads • ThreadsPerChild • MaxRequestsPerChild  Listen: - directive allows you to bind Apache to specific IP addresses and/or ports,.

14

© 2010 Wipro Ltd - Confidential © 2009 Wipro Ltd - Confidential

Section 1: Global Environment Cont..
Dynamic Shared Object Support (DSO) – Enables you to use the functionality of a module which was built as DSO This implies that DSO modules are actually avalable_before_they are used “LoadModule” directive enables apache to used DSO. Example: LoadModule access_module modules/mod_access.so LoadModule auth_module modules/mod_auth.so LoadModule auth_anon_module modules/mod_auth_anon.s

15

© 2010 Wipro Ltd - Confidential © 2009 Wipro Ltd - Confidential

Section 1: Global Environment Cont..
Loading configuration files from “config” directory Default director is - /etc/httpd/conf.d “Include” directive enables apache to load the configuration file Example: Include conf.d/*.conf Include /opt/apache/conf.d/*.conf “ExtendedStatus” directive controls apache to generate “full” status information or basic when “server-status” handler is called. Default is Off Example:
© 2010 Wipro Ltd - Confidential © 2009 Wipro Ltd - Confidential

16

Section 1I: Main Server Configuration
 The directives in this section set up the values used by the 'main’ server, which responds to any requests that aren't handled by a <VirtualHost> definition.  These values also provide defaults for any <VirtualHost> containers  All of the directives can also appear in <VirtualHost> containers in which case the default settings will be overridden for the Virtual host defined.  The sections covers many directives that can be used

17

© 2010 Wipro Ltd - Confidential © 2009 Wipro Ltd - Confidential

Section 1I: Main Server Configuration Cont..
The Directives that can be defined in this section are. Port – this defines to which port the standalone server listens Port 80 or Port 443 Note:- for ports <1023 httpd sould be run as “root” initially. SSL Support is defined as below <IfDefine SSL> Listen 80 Listen 443 </IfDefine>
18
© 2010 Wipro Ltd - Confidential © 2009 Wipro Ltd - Confidential

Section 1I: Main Server Configuration Cont..
User/Group – Use this directive if you want to run httpd as different user User www Group www ServerAdmin – Your address where the problem with the server to be e-mailed ServerAdmin [email protected] ServerName – allows you to se a hostname that is sent back to clients. This should be valid DNS name. ServerName www.new.host.name
© 2010 Wipro Ltd - Confidential © 2009 Wipro Ltd - Confidential

19

Section 1I: Main Server Configuration Cont..
DocumentRoot – The directory out of which you will serve your documents DocumentRoot “/var/www/htdpcs” Alternate way to define document root is with the use of “Directory” directive Example: with default restrictive set of permissions <Directory “/var/www/htdocs”> Options FollowSymLinks  used if indexing is enabled AllowOverride None  controls which options .htaccess file in dir can override Order Deny,Allow . controls who can get the stuff from the server
© 2010 Wipro Ltd - Confidential © 2009 Wipro Ltd - Confidential

20

Section 1I: Main Server Configuration Cont..
UserDir – The name of directory which is appended onto user’s home dir is a user request is received Userdir disabled/public_dir/public.html DirectoryIndex – Name of the file/files to use as a pre-written HTML directory index DirectoryIndex index.html AccessFileName – The name of the file to look for in each directory for access control information AccessFileName .htaccess
21
© 2010 Wipro Ltd - Confidential © 2009 Wipro Ltd - Confidential

Section 1I: Main Server Configuration Cont..
CacheNegotiatedDocs – By default, apache sends “no-cache” with each document that was negotiated based on content CacheNegotiatedDocs On/Off UseCannonicalName – used when apache needs to construct a self referencing URL . If off then access is thru hostname:port UseCanonicalName On/Off TypesConfig – describes where mime.types file is to be found TypesConfig conf/mime.ypes
22
© 2010 Wipro Ltd - Confidential © 2009 Wipro Ltd - Confidential

Section 1I: Main Server Configuration Cont..
DefaultType – specifies the default mime type the server uses if its unale to determine DefaultType text/plain HostNameLookUps – Logs the names of clients or the IP address HostNameLookUps On/Off ErrorLog – defines the error log file location ErrorLog logs/error_log

23

© 2010 Wipro Ltd - Confidential © 2009 Wipro Ltd - Confidential

Section 1I: Main Server Configuration Cont..
LogLevel – Controls number of messages to be logged into erro log LogLevel debug/info/notice/warn/alert/error/crit/emerg LogFormat – Defines the format of the log file LogFormat ‘%Y-%m-%d-%H_%M_%S 86400" common CustomLog – Defines the log format to be written in logs CustomLog logs/access_log common

24

© 2010 Wipro Ltd - Confidential © 2009 Wipro Ltd - Confidential

Section 1I: Main Server Configuration Cont..
ServerSignature - contains server version and virtual host name to server generated pages. ( error documents or ftp dir listing) ServerSignature On/Off/Email Aliases – includes a tailing / on fake name representing the real name. Alias /icons “/var/www/icons/” Script Alias - This controls which directories contain server scripts. ScriptAliases are essentially the same as Aliases, except that documents in the realname directory are treated as applications and run by the server when requested rather than as documents sent to the client
© 2010 Wipro Ltd - Confidential © 2009 Wipro Ltd - Confidential

25

Section 1I: Main Server Configuration Cont..
Redirect / Rewrite – Allows you to tell clients about the documents whcih used to exist in your server’s name space but do not anymore. Redirect oldurl newurl Other directives are RedirectMatch RewriteRule RewriteEngine RewriteRule ^/cfusion/(.*)$ https://%{HTTP_HOST}% {REQUEST_URI}
26
© 2010 Wipro Ltd - Confidential © 2009 Wipro Ltd - Confidential

Section 1I: Main Server Configuration Cont..
Directives controlling the display of server generated dir listing FancyIndexing – allows you to display fancy indexing or the standard IndexOptions FancyIndexing AddIcon* - This directive tells the server which icon to show for different file or filename extensions. AddIconByEncoding / AddIcon / AddIconByType
AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip

27

AddIconByType (TXT,/icons/text.gif) text/* AddIcon /icons/a.gif .ps .ai .eps
© 2010 Wipro Ltd - Confidential © 2009 Wipro Ltd - Confidential

Section 1I: Main Server Configuration Cont..
DefaultIcon – tell which icon to show for files which do not have icon explicitly set DefaultIcon /icons/unknown.gif AddDescription – allows you to add a short description after a file in server-generated indexes AddDescription "tar archive" .tar ReadmeName / HeaderName – is the name of the readme file the server will look for and header is the name of file whch should be prepended to directory indexes. ReadmeName README HeaderName HEADER
28
© 2010 Wipro Ltd - Confidential © 2009 Wipro Ltd - Confidential

Section 1I: Main Server Configuration Cont..
IndexIgnore – is a set of filenames which directory indexing should ignore and not include in the listing. IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t AddEncoding – allows you to have certain browsers uncompress the information on the fly AddEncoding x-gzip gz AddLanguage – Allows you to specify the language of the document AddLanguage en .en
29
© 2010 Wipro Ltd - Confidential © 2009 Wipro Ltd - Confidential

Section 1I: Main Server Configuration Cont..
LanguagePriority – allows you to give precedence to some languages LanguagePriority en fr de AddType – allows you t tweak mime.types without actually editing it AddType application/x-httpd-php3-source .phps AddHandler – allows you to map certain file extensions to “handlers”, actions unrelated to filetype. These can be built into the server of added with “Action” command. AddHandler cgi-script .cgi
30
© 2010 Wipro Ltd - Confidential © 2009 Wipro Ltd - Confidential

Section 1I: Main Server Configuration Cont..
MetaDir – specifies the name of the directory in which apache can find meta information files. These files contan additional HTTP headers to include when sending the document. MetaDir .web MetaSuffix – specifies the filename suffix for the file containing meta information MetaSuffix .meta

31

© 2010 Wipro Ltd - Confidential © 2009 Wipro Ltd - Confidential

Section 1I: Main Server Configuration Cont..
Customizable error response ( Apache Style) – Comes in three flavors 1) plain text ErrorDocument 500 "The server made a boo boo.” 2) local redirects ErrorDocument 404 /missing.html ErrorDocument 404 /cgi-bin/missing_handler.pl 3) external redirect ErrorDocument 402 http://some.other_server.com/subscription_info.html
32
© 2010 Wipro Ltd - Confidential © 2009 Wipro Ltd - Confidential

Section 1II:Virtual Hosts
If you want to maintain multiple domains / hostnames on your machine you can set up VirtualHost containers for them. NameVirtualHost – if you need name based virtual host then you need to mention at least one IP address NameVirtualHost 12.13.14.15:80 VirtualHost example - Almost any Apache directive may go into a VirtualHost container.
ServerAdmin [email protected]_domain.com DocumentRoot /www/docs/host.some_domain.com ServerName host.some_domain.com ErrorLog logs/host.some_domain.com-error_llog CustomLog logs/host.some_domain.com-access_log common
33
© 2010 Wipro Ltd - Confidential © 2009 Wipro Ltd - Confidential

Section 1II:Virtual Hosts
SSL Global Context All SSL configuration in this context applies both to main server and all SSL enabled virtual hosts Some mime types for downloading certificates and CLR’s

AddType application/x-x509-ca-cert .crt AddType application/x-pkcs7-crl .crl

34

© 2010 Wipro Ltd - Confidential © 2009 Wipro Ltd - Confidential

Section 1II:Virtual Hosts
Pass Phrase Dialog - Configure the pass phrase gathering process. The filter dialog program has to provide the passphrase in stdout “builtin” is internal terminal dialog SSLPassPhraseDialog builtin Inter-process session cache – Configure the SSL session cache. First either “none” or “dbm:/path/to/file” for the mechanism to use and second the expiring timeout. SSLSessionCache dbm:logs/ssl_scache SSLSessionCacheTimeout 300
35
© 2010 Wipro Ltd - Confidential © 2009 Wipro Ltd - Confidential

Section 1II:Virtual Hosts
Semaphore – configure the path to mutual expulsion semaphore the SSL engine uses internally for inter-process synchronization. SSLMutex file:logs/ssl_mutex Psedo Random number generator – PRNG – Configure one or more sources to seed the PRNG of the SSL library. The seed data should be on good random quality.
SSLRandomSeed SSLRandomSeed SSLRandomSeed SSLRandomSeed
36

startup builtin connect builtin startup file:/dev/urandom 512 connect file:/dev/random 512

© 2010 Wipro Ltd - Confidential © 2009 Wipro Ltd - Confidential

Section 1II:Virtual Hosts
Logging – The home of dedicated SSL protocol logfile Errors are duplicated in general error_log file. In addition SSL log levels can also be used. SSLLog logs/ssl_engine_log SSLLogLevel info SSL Engine Switch – enables or disables SSL on virtual host SSLEngine On/Off SSL Cipher Suite – Lists the ciphers that the client is permitted to negotiate
SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
37
© 2010 Wipro Ltd - Confidential © 2009 Wipro Ltd - Confidential

Section 1II:Virtual Hosts
SSL Server Certificate – This section allows to define the certificates, key pair and CA file SSLCertificateFile /etc/httpd/conf.d/ngmlx441.crt SSLCertificateKeyFile /etc/httpd/conf.d/ngmlx441.key SSLCACertificateFile /etc/httpd/conf.d/caponeCA.crt TrustedCAFile /etc/httpd/conf.d/caponeCA.crt Client Authetication type & depth – Types are none, optional, require and optional_no_ca. Depth is a number which specifies how deeply to verify the certificate issuer chain before deciding the validity of certificate.
SSLVerifyClient require SSLVerifyDepth 10
38
© 2010 Wipro Ltd - Confidential © 2009 Wipro Ltd - Confidential

Section 1II:Virtual Hosts
<VirtualHost ngmlx441:80> KeepAliveEnabled ON ServerName ngmlx441 RewriteEngine ON Options +FollowSymLinks RewriteRule ^/$ https://%{HTTP_HOST}/cfusion/ukhelpfiles/apps/register/dsp_register.cfm [L] RewriteRule ^/apps/register/dsp_register.cfm$ https://% {HTTP_HOST}/cfusion/ukhelpfiles/apps/register/dsp_register.cfm [L] RewriteRule ^/cfusion/(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} <IfModule mod_security.c> SecFilterEngine Off SecFilterScanPOST Off </IfModule> <VirtualHost ngmlx441:443> KeepAliveEnabled ON RewriteEngine ON ServerName ngmlx441 SSLEngine on KeepAliveEnabled ON SSLCipherSuite HIGH:MEDIUM SSLProtocol all SSLProxyEngine on SecureProxy ON SSLCertificateFile /etc/httpd/conf.d/ngmlx441.crt SSLCertificateKeyFile /etc/httpd/conf.d/ngmlx441.key SSLCACertificateFile /etc/httpd/conf.d/caponeCA.crt RewriteRule ^/$ https://%{HTTP_HOST}/cfusion/ukhelpfiles/apps/register/dsp_register.cfm [L] RewriteRule ^/apps/register/dsp_register.cfm$ https://% {HTTP_HOST}/cfusion/ukhelpfiles/apps/register/dsp_register.cfm [L]
© 2010 Wipro Ltd - Confidential © 2009 Wipro Ltd - Confidential

39

Installing Apache Web Server
When > Where >How

40

© 2010 Wipro Ltd - Confidential

Apache Installation
Download the source files appropriate to the OS. Binary files are also available for some OS. The site to download is ; http://httpd.apache.org/download.cgi Once downloaded you need to uncompress them which creates a new directory under the existing working directory with source files
gunzip -d httpd-2_0_NN.tar.gz tar xvf httpd-2_0_NN.tar

41

© 2010 Wipro Ltd - Confidential © 2009 Wipro Ltd - Confidential

Apache Installation
Configure your Server for Apache
Once the source files are received you need to tell the machine where to find everything by configuring the source files ./configure If you don’t want to accept defaults use prefix=PREFIX option. This specifies where the apache file have to be installed. Build Apache As with any source installation we need to build the installation make make install
42
© 2010 Wipro Ltd - Confidential © 2009 Wipro Ltd - Confidential

Working with Apache Web Server
When > Where >How

43

© 2010 Wipro Ltd - Confidential

Apache Control Interface
Apachectl is the frontend for Apache Server. It helps the administrator to control apache httpd demon. apachectl <command> Commands that are used are: 1. 2. 3. 4. 5. 6. 7. 8.
44

Start – starts the httpd demon Stop – stops the httpd demon Restart – restarts the httpd demon Fullstatus – displays full status report from mod_status Status – displays a brief status report Graceful – gracefull restarts the httpd demon Configtest – runs the configuration file syntax Startssl – starts the apache with SSL support
© 2010 Wipro Ltd - Confidential © 2009 Wipro Ltd - Confidential

Thank You
K. C. Sunil Babu
Technical Consultant [email protected] m

© 2010 Wipro Ltd - Confidential

Sponsor Documents

Or use your account on DocShare.tips

Hide

Forgot your password?

Or register your new account on DocShare.tips

Hide

Lost your password? Please enter your email address. You will receive a link to create a new password.

Back to log-in

Close