&& The Apache Web Server
------------------------:
The apache web server is the most widely used webserver on the
internet. It is a large program with a myriad of configuration options
and other tools.
GETTING HELP
The apache webserver has very detailed documentation which should
(eventually) help you out of any tight spots.
@@ http://httpd.apache.org/docs/2.2/
official documentation for apache version 2.2
* install documentation for apache2 on a debian style linux
>> sudo apt-get install apache2-doc
* show options which can be used with apache
>> man apache2
>> man apache ##(the same, for an older version)
INSTALLATION
* install apache version 2 on a debian-style linux
>> sudo apt-get install apache2
>> sudo aptitude install apache2 ##(the same)
* test the installation from the webserver computer itself
>> firefox 127.0.0.1
>> firefox localhost
* see what the status (running, stopped etc) of the webserver is
>> sudo apache2ctl status
LAMP INSTALLATION ....
* install Apache2 wth the MySQL database server and PHP on a 'debian' system
>> sudo tasksel install lamp-server
@@ http://www.ubuntugeek.com/how-to-install-apache2-webserver-with-phpcgi-and-perl-support-in-ubuntu-server.html
how to install apache2 with php and cgi but not mysql
SYMBOLIC LINKS
* make apache serve documents referenced by unix-style symbolic links
>> options followsymlinks
CGI CONFIGURATION
* execute all scripts in the folder as cgi scripts
>> ScriptAlias /cgi-bin/ /usr/local/apache2/cgi-bin/
* allow cgi execution of '.cgi' and '.pl' in a particular folder
----------------------------------------------------------------
Options +ExecCGI
AddHandler cgi-script .cgi .pl
,,,
* all cgi execution of all files in all user cgi-bin folders
------------------------------------------------------------
Options ExecCGI
SetHandler cgi-script
,,,
* a perl script to show all environment variables
-------------------------------------------------
#!/usr/bin/perl
print "Content-type: text/html\n\n";
foreach $key (keys %ENV) {
print "$key --> $ENV{$key}
";
}
,,,
PERL CGI SUPPORT ....
@@ http://slashdot.org
an example of a site using the apache perl module with the
web server and perl scripts
* install the perl-cgi module for apache
>> sudo aptitude install libapache2-mod-perl2
* create a cgi folder
>> sudo mkdir /home/www/cgi-bin
* add to the virtual host configuration
---------------------------------------
ScriptAlias /cgi-bin/ /home/www/cgi-bin/
Options ExecCGI
AddHandler cgi-script cgi pl
,,,
* test perl cgi support
-----------------------
cd /home/www/cgi-bin
sudo vim test.pl
#!/usr/bin/perl -w
print "Content-type: text/html\r\n\r\n";
print "Hello there!\n";
sudo chmod a+x test.pl
lynx http://yourserverip/cgi-bin/test.pl
,,,
PHP INSTALLATION ....
* install php5 to run with apache
>> sudo aptitiude install php5 libapache2-mod-php5
* install php4 to run with apache
>> sudo aptitiude install php4 libapache2-mod-php4
* load the php4 or 5 modules into apache
>> sudo a2enmod php5
>> sudo a2enmod php4
* test if the php installation worked swimmingly
>> sudo nano /var/www/testphp.php
>> add the line ''
>> lynx http://localhost/testphp.php
STARTING AND STOPPING THE SERVER
* restart the apache server
>> sudo apache2ctl restart
CONFIGURATION TOOLS
== some configuration tools
.. rapache - graphical configuration
..
MODULES
@@ http://127.0.0.1/doc/apache2-doc/manual/en/mod/index.html
the location of module documentation when apache2 documentation has
been installed in the webserver
@@ http://www.debian-administration.org/articles/136
how to enable a module
* show all loaded modules
>> apache2ctl -M
>> apachectl -M ##(the same for older version of apache)
>> httpd -M ##(for old versions of apache)
* show which modules are enabled
>> ls /etc/apache2/mods-enabled/
* load the php4 module into apache
>> sudo a2enmod php4; sudo apache2ctl restart
HTACCESS CONFIGURATION
To check if .htaccess files are actually being considered
put junk in them and restart the server.
* allow .htaccess files to have effect
>> AllowOverride all
* prevent the directives in '.htaccess' files from having any effect
>> AllowOverride None
GLOBAL CONFIGURATION
* show options for apache2 (which can be used with apache2ctl as well)
>> man apache2
* show where the global configuration file is
>> apache2ctl -V | grep SERVER_CONFIG_FILE
* show verbose information about the installation
>> apache2ctl -V
* edit the apache2 global configuration file
>> sudo nano /etc/apache2/apache2.conf
>> sudo vim /etc/apache2/apache2.conf ##(for the intrepid)
* change the default document root to '/home/www/'
>> DocumentRoot /home/www/
>> and the following tag
>>
>> ...
>>
* edit the configuration file for a virtual host
>> sudo vim /etc/apache2/sites-available/default
ALIASES
REDIRECTIONS
* place redirections in the ".htaccess" file
>> Redirect / http://www.site.com
* redirect any requests to '/msadc' to microsoft
>> redirect /msadc http://www.microsoft.com
* redirect any request to a 'cmd.exe' file to microsoft
>> RedirectMatch (.*)\cmd.exe$ http://www.microsoft.com$1
USING MOD REWRITE ....
@@ http://httpd.apache.org/docs/2.2/rewrite/rewrite_guide.html
solving specific problems using the rewrite module
@@ http://www.tutorio.com/tutorial/enable-mod-rewrite-on-apache
how to enable the rewrite module
* redirect filenames ending in ".txt.html" to the cgi script 'text2html.cgi'
>> RewriteRule ^(.*)\.txt\.html$ /cgi-bin/text2html.cgi?$1
For example a request to
>> www.server.org/path/file.txt.html
Is translated to
>> www.server.org/cgi-bin/text2html.cgi?path/file.txt.html
* redirect 'www.m.org' to 'www.m.org/cgi-bin/test.cgi?
>> RewriteRule ^$ /cgi-bin/test.cgi?$1
* allow editing of the '.htaccess' file (probably not a great idea)
>> RewriteRule ^htaccess$ /cgi-bin/edit.cgi?../htdocs/.htaccess
If the user makes a request to 'www.m.org/htaccess' she will be redirected to
'www.m.org/cgi-bin/edit.cgi?../htdocs/.htaccess. If the 'edit.cgi' script
allows editing of files, then this is one, extremely insecure way of update
the '.htaccess' file.
CONDITIONAL REDIRECTIONS ....
* redirect requests from 192.12.131.1 to the page 'about.html' .,,
SetEnvIf REMOTE_ADDR 192.12.131.1 REDIR="redir"
RewriteCond %{REDIR} redir
RewriteRule ^/$ /about.html
,,,
DENYING ACCESS
In some cases it is advisable to disallow any web-access to
a file on the web-server.
* deny access from anybody to a web-folder
>> deny from all
* forbidd access to all files with a '.cfg' filename extension
--------------------------------------------------------------
order allow,deny
deny from all
,,,
* forbid access for anyone to the file 'config.inc.php'
-------------------------------------------------------
order allow,deny
deny from all
,,,
ALLOW ACCESS BY IP ADDRESS
Allow connections only from the ip address 192.126.12.199 .,,
order allow deny
deny from all
allow from 192.126.12.199
,,,
USING BASIC AUTHENTICATION ....
@@ http://www.htpasswdgenerator.com/apache/htaccess.html
a simple introduction to the htaccess file
* create a password file for user 'jon' to use with basic authentication
>> htpasswd -c /path/to/passwordfile jon
* place the text 'restricted zone' in the title bar of the login box
>> AuthName "restricted zone"
* set a password for the file 'private.txt'
-------------------------------------------
AuthName "Users zone"
AuthType Basic
AuthUserFile /pub/home/your_login/.htpasswd
,,,
* require a password to access all files which end with "x.cgi"
---------------------------------------------------------------
AuthType Basic
AuthName "Password Protected"
AuthUserFile /home/users/www/.htpasswd
Require valid-user
,,,
* require a password to access all files which end with "x.cgi"
---------------------------------------------------------------
AuthType Basic
AuthName "Password Protected"
AuthUserFile /home/users/www/.htpasswd
Require valid-user
,,,
* require a password to access all files which end with 'cgi' or 'txt'
---------------------------------------------------------------
AuthType Basic
AuthName "Password Protected"
AuthUserFile /home/users/www/.htpasswd
Require valid-user
,,,
* require a password to access an entire folder
-----------------------------------------------
AuthName "Private zone"
AuthType Basic
AuthUserFile /pub/home/user/.htpasswd
require valid-user
,,,
This should be placed in a '.htaccess' file in the folder
which you wish to protect, or else in a tag in the
global configuration file.
LOG FILES
== log file tools
.. ip2host - substitute servernames for ip addresses in the log files
.. jdresolv - alternative to logresolv
.. logstalgia - access log visualizer
.. visitors - access log analyser
.. vlogger - log file rotator
* show the apache2 error log on a debian-style linux system
>> less /var/log/apache2/error.log
* look in configuration files to see where the error log file is
>> grep -sri errorlog /etc/apache2
MONITORING
== apache webserver monitoring tools
.. apachetop
..
LOAD TESTING
==
.. jmeter - load testing and metering
OTHER WEB SERVERS
== some alternatives to apache
.. mini-httpd - a small server with cgi
.. lighttpd - small server
.. cherokee - another one
.. nanoweb - web server written in php (!?)
.. nginx -
..
NOTES
* restart apache only if config works
>> alias restart='apache2ctl configtest && apache2ctl restart'
* List apache2 virtualhosts
>> /usr/sbin/apache2ctl -S 2>&1 | perl -ne 'm@.*port\s+([0-9]+)\s+\w+\s+(\S+)\s+\((.+):.*@ && do { print "$2:$1\n\t$3\n"; $root = qx{grep DocumentRoot $3}; $root =~ s/^\s+//; print "\t$root\n" };'
* Restart the web server gracefully
>> apache2ctl graceful
DOCUMENT-NOTES:
# this section contains information about the document and
# will not normally be printed.
# A small (16x16) icon image to identify the book
document-icon:
# A larger image to identify or illustrate the title page
document-image:
# what sort of document is this
document-type: book
# in what kind of state (good or bad) is this document
document-quality: just beginning
# work which has been carried out on this document
document-history:
@@ 2009
document begun, in a very rudimentary fashion.
@@ jan 29, 2010
adding some configuration information
# who wrote this
authors: mjbishop at fastmail dot fm
# a short description of the contents, possible used for doc lists
short-description: how to administer the apache web server
# the script which will be used to produce html (a webpage)
make-html: booktohtml.cgi
# the script which will produce 'LaTeX' output (for printing, pdf etc)
make-latex: booktolatex.cgi
* Watch for when your web server returns
>> watch -n 15 curl -s --connect-timeout 10 http://www.google.com/
* Analyse an Apache access log for the most common IP addresses
>> tail -10000 access_log | awk '{print $1}' | sort | uniq -c | sort -n | tail