&& The Apache Web Server
------------------------:
The apache web server is the most widely used webserver on the
internet. It is a large program with a myriad of configuration options
and other tools.
GETTING HELP
The apache webserver has very detailed documentation which should
(eventually) help you out of any tight spots.
@@ http://httpd.apache.org/docs/2.2/
official documentation for apache version 2.2
* install documentation for apache2 on a debian style linux
>> sudo apt-get install apache2-doc
* show options which can be used with apache
>> man apache2
>> man apache ##(the same, for an older version)
INSTALLATION
* install apache version 2 on a debian-style linux
>> sudo apt-get install apache2
>> sudo aptitude install apache2 ##(the same)
* test the installation from the webserver computer itself
>> firefox 127.0.0.1
>> firefox localhost
* see what the status (running, stopped etc) of the webserver is
>> sudo apache2ctl status
LAMP INSTALLATION ....
* install Apache2 wth the MySQL database server and PHP on a 'debian' system
>> sudo tasksel install lamp-server
@@ http://www.ubuntugeek.com/how-to-install-apache2-webserver-with-phpcgi-and-perl-support-in-ubuntu-server.html
how to install apache2 with php and cgi but not mysql
SYMBOLIC LINKS
* make apache serve documents referenced by unix-style symbolic links
>> options followsymlinks
CGI CONFIGURATION
* execute all scripts in the folder as cgi scripts
>> ScriptAlias /cgi-bin/ /usr/local/apache2/cgi-bin/
* allow cgi execution of '.cgi' and '.pl' in a particular folder
----------------------------------------------------------------
<Directory /usr/local/apache2/htdocs/somedir>
Options +ExecCGI
AddHandler cgi-script .cgi .pl
</Directory>
,,,
* all cgi execution of all files in all user cgi-bin folders
------------------------------------------------------------
<Directory /home/*/public_html/cgi-bin>
Options ExecCGI
SetHandler cgi-script
</Directory>
,,,
* a perl script to show all environment variables
-------------------------------------------------
#!/usr/bin/perl
print "Content-type: text/html\n\n";
foreach $key (keys %ENV) {
print "$key --> $ENV{$key}<br>";
}
,,,
PERL CGI SUPPORT ....
@@ http://slashdot.org
an example of a site using the apache perl module with the
web server and perl scripts
* install the perl-cgi module for apache
>> sudo aptitude install libapache2-mod-perl2
* create a cgi folder
>> sudo mkdir /home/www/cgi-bin
* add to the virtual host configuration
---------------------------------------
ScriptAlias /cgi-bin/ /home/www/cgi-bin/
<Directory /home/www/cgi-bin/>
Options ExecCGI
AddHandler cgi-script cgi pl
</Directory>
,,,
* test perl cgi support
-----------------------
cd /home/www/cgi-bin
sudo vim test.pl
#!/usr/bin/perl -w
print "Content-type: text/html\r\n\r\n";
print "Hello there!\n";
sudo chmod a+x test.pl
lynx http://yourserverip/cgi-bin/test.pl
,,,
PHP INSTALLATION ....
* install php5 to run with apache
>> sudo aptitiude install php5 libapache2-mod-php5
* install php4 to run with apache
>> sudo aptitiude install php4 libapache2-mod-php4
* load the php4 or 5 modules into apache
>> sudo a2enmod php5
>> sudo a2enmod php4
* test if the php installation worked swimmingly
>> sudo nano /var/www/testphp.php
>> add the line '<?php phpinfo(); ?>'
>> lynx http://localhost/testphp.php
STARTING AND STOPPING THE SERVER
* restart the apache server
>> sudo apache2ctl restart
CONFIGURATION TOOLS
== some configuration tools
.. rapache - graphical configuration
..
MODULES
@@ http://127.0.0.1/doc/apache2-doc/manual/en/mod/index.html
the location of module documentation when apache2 documentation has
been installed in the webserver
@@ http://www.debian-administration.org/articles/136
how to enable a module
* show all loaded modules
>> apache2ctl -M
>> apachectl -M ##(the same for older version of apache)
>> httpd -M ##(for old versions of apache)
* show which modules are enabled
>> ls /etc/apache2/mods-enabled/
* load the php4 module into apache
>> sudo a2enmod php4; sudo apache2ctl restart
HTACCESS CONFIGURATION
To check if .htaccess files are actually being considered
put junk in them and restart the server.
* allow .htaccess files to have effect
>> AllowOverride all
* prevent the directives in '.htaccess' files from having any effect
>> AllowOverride None
GLOBAL CONFIGURATION
* show options for apache2 (which can be used with apache2ctl as well)
>> man apache2
* show where the global configuration file is
>> apache2ctl -V | grep SERVER_CONFIG_FILE
* show verbose information about the installation
>> apache2ctl -V
* edit the apache2 global configuration file
>> sudo nano /etc/apache2/apache2.conf
>> sudo vim /etc/apache2/apache2.conf ##(for the intrepid)
* change the default document root to '/home/www/'
>> DocumentRoot /home/www/
>> and the following <Directory> tag
>> <Directory /home/www/>
>> ...
>> </Directory>
* edit the configuration file for a virtual host
>> sudo vim /etc/apache2/sites-available/default
ALIASES
REDIRECTIONS
* place redirections in the ".htaccess" file
>> Redirect / http://www.site.com
* redirect any requests to '/msadc' to microsoft
>> redirect /msadc http://www.microsoft.com
* redirect any request to a 'cmd.exe' file to microsoft
>> RedirectMatch (.*)\cmd.exe$ http://www.microsoft.com$1
USING MOD REWRITE ....
@@ http://httpd.apache.org/docs/2.2/rewrite/rewrite_guide.html
solving specific problems using the rewrite module
@@ http://www.tutorio.com/tutorial/enable-mod-rewrite-on-apache
how to enable the rewrite module
* redirect filenames ending in ".txt.html" to the cgi script 'text2html.cgi'
>> RewriteRule ^(.*)\.txt\.html$ /cgi-bin/text2html.cgi?$1
For example a request to
>> www.server.org/path/file.txt.html
Is translated to
>> www.server.org/cgi-bin/text2html.cgi?path/file.txt.html
* redirect 'www.m.org' to 'www.m.org/cgi-bin/test.cgi?
>> RewriteRule ^$ /cgi-bin/test.cgi?$1
* allow editing of the '.htaccess' file (probably not a great idea)
>> RewriteRule ^htaccess$ /cgi-bin/edit.cgi?../htdocs/.htaccess
If the user makes a request to 'www.m.org/htaccess' she will be redirected to
'www.m.org/cgi-bin/edit.cgi?../htdocs/.htaccess. If the 'edit.cgi' script
allows editing of files, then this is one, extremely insecure way of update
the '.htaccess' file.
CONDITIONAL REDIRECTIONS ....
* redirect requests from 192.12.131.1 to the page 'about.html' .,,
SetEnvIf REMOTE_ADDR 192.12.131.1 REDIR="redir"
RewriteCond %{REDIR} redir
RewriteRule ^/$ /about.html
,,,
DENYING ACCESS
In some cases it is advisable to disallow any web-access to
a file on the web-server.
* deny access from anybody to a web-folder
>> deny from all
* forbidd access to all files with a '.cfg' filename extension
--------------------------------------------------------------
<Files ~ "\.(cfg)$">
order allow,deny
deny from all
</Files>
,,,
* forbid access for anyone to the file 'config.inc.php'
-------------------------------------------------------
<Files config.inc.php>
order allow,deny
deny from all
</Files>
,,,
ALLOW ACCESS BY IP ADDRESS
Allow connections only from the ip address 192.126.12.199 .,,
order allow deny
deny from all
allow from 192.126.12.199
,,,
USING BASIC AUTHENTICATION ....
@@ http://www.htpasswdgenerator.com/apache/htaccess.html
a simple introduction to the htaccess file
* create a password file for user 'jon' to use with basic authentication
>> htpasswd -c /path/to/passwordfile jon
* place the text 'restricted zone' in the title bar of the login box
>> AuthName "restricted zone"
* set a password for the file 'private.txt'
-------------------------------------------
<Files private.txt>
AuthName "Users zone"
AuthType Basic
AuthUserFile /pub/home/your_login/.htpasswd
</Files>
,,,
* require a password to access all files which end with "x.cgi"
---------------------------------------------------------------
AuthType Basic
AuthName "Password Protected"
AuthUserFile /home/users/www/.htpasswd
<Files ~ "\.x\.cgi$">
Require valid-user
</Files>
,,,
* require a password to access all files which end with "x.cgi"
---------------------------------------------------------------
AuthType Basic
AuthName "Password Protected"
AuthUserFile /home/users/www/.htpasswd
<Files ~ "\.x\.cgi$">
Require valid-user
</Files>
,,,
* require a password to access all files which end with 'cgi' or 'txt'
---------------------------------------------------------------
AuthType Basic
AuthName "Password Protected"
AuthUserFile /home/users/www/.htpasswd
<Files ~ "\.(cgi|txt)$">
Require valid-user
</Files>
,,,
* require a password to access an entire folder
-----------------------------------------------
AuthName "Private zone"
AuthType Basic
AuthUserFile /pub/home/user/.htpasswd
require valid-user
,,,
This should be placed in a '.htaccess' file in the folder
which you wish to protect, or else in a <directory> tag in the
global configuration file.
LOG FILES
== log file tools
.. ip2host - substitute servernames for ip addresses in the log files
.. jdresolv - alternative to logresolv
.. logstalgia - access log visualizer
.. visitors - access log analyser
.. vlogger - log file rotator
* show the apache2 error log on a debian-style linux system
>> less /var/log/apache2/error.log
* look in configuration files to see where the error log file is
>> grep -sri errorlog /etc/apache2
MONITORING
== apache webserver monitoring tools
.. apachetop
..
LOAD TESTING
==
.. jmeter - load testing and metering
OTHER WEB SERVERS
== some alternatives to apache
.. mini-httpd - a small server with cgi
.. lighttpd - small server
.. cherokee - another one
.. nanoweb - web server written in php (!?)
.. nginx -
..
NOTES
* restart apache only if config works
>> alias restart='apache2ctl configtest && apache2ctl restart'
* List apache2 virtualhosts
>> /usr/sbin/apache2ctl -S 2>&1 | perl -ne 'm@.*port\s+([0-9]+)\s+\w+\s+(\S+)\s+\((.+):.*@ && do { print "$2:$1\n\t$3\n"; $root = qx{grep DocumentRoot $3}; $root =~ s/^\s+//; print "\t$root\n" };'
* Restart the web server gracefully
>> apache2ctl graceful
DOCUMENT-NOTES:
# this section contains information about the document and
# will not normally be printed.
# A small (16x16) icon image to identify the book
document-icon:
# A larger image to identify or illustrate the title page
document-image:
# what sort of document is this
document-type: book
# in what kind of state (good or bad) is this document
document-quality: just beginning
# work which has been carried out on this document
document-history:
@@ 2009
document begun, in a very rudimentary fashion.
@@ jan 29, 2010
adding some configuration information
# who wrote this
authors: mjbishop at fastmail dot fm
# a short description of the contents, possible used for doc lists
short-description: how to administer the apache web server
# the script which will be used to produce html (a webpage)
make-html: booktohtml.cgi
# the script which will produce 'LaTeX' output (for printing, pdf etc)
make-latex: booktolatex.cgi
* Watch for when your web server returns
>> watch -n 15 curl -s --connect-timeout 10 http://www.google.com/
* Analyse an Apache access log for the most common IP addresses
>> tail -10000 access_log | awk '{print $1}' | sort | uniq -c | sort -n | tail