~  CHAPTER 14:    SETTING UP YOUR WEB SERVER USING APACHE  ~

 

 

 

The apache server got its name by constantly having people submit patches to fix it up. 

So they called it a very patchy server or apache server.

You can get support at www.apache.org.

 

 

 

The Mechanics of HTTP

 

HTTP (HyperText Transfer Protocol) is of course, a significant portion of the foundation

for the WWW and Apache is the server implementation of the HTTP protocol.

 

 

Headers

 

•   When a Web client connects to a Web server, the client’s default method of making this

connection is to contact the server’s TCP port 80.  Along with each command comes a

request header including information about the client.  For example, when using Netscape

Navigator under Linux as a client, a Web server will receive the following information

from a client.

 

•   The first line contains the HTTP get command, which asks the server to fetch a file.  The

remainder of the information makes up the header, which tells the server about the client,

the kind of file formats the clients will accept, and so forth.  Many servers use this

information to determine what can and cannot be sent to the client, as well as for

 logging purposes.

 

•   Apache HTTP server under Red Hat 6.0, results in the following server response

headers:  You need the get and put commands.

 

 

Nonstandard Ports

 

The default port for HTTP requests is port 80, but you can also configure a Web server to

use a different (arbitrarily chosen) port that is not in use by another service.  This allows sites

to run multiple Web servers on the same host, each server on a different port.  Some sites use

this arrangement for multiple configurations of their Web servers, to support various types of

client requests.

 

 

 

======================================================================

 

linux14.html                                                    PAGE 2                                                       2002/07/19

 

 

 

Process Ownership and Security

 

Whenever a program (process) is started, it inherits the permissions of its parent process.  For example,

if you’re logged in as root, the shell in which you’re doing all your work has all the same rights as the

root user.

 

 

How Apache Processes Ownership

 

To do network setups, the Apache HTTP server must start with root permissions.  Specifically, it needs

to bind itself to port 80 so that it can listen for requests and accept connections.  Once it does this

Apache can give up its rights and run as a nonroot user, as specified in its configuration files.  By

default, this is the user nobody.

 

Security is especially important for sites that use CGI scripts.  By limiting the permissions of the Web

server, you decrease the likelihood that someone can send a malicious request to the server.

 

CAUTION:  In the event that you decide to allow CGI scripts on your server, pay strict attention

to how they are written.  Be sure it isn’t possible for input coming in over the network to make

the CGI script do something it shouldn’t.  Although there are no statistics on this, most successful

attacks on sites are typically possible because of improperly configured Web servers and/or

poorly written CGI scripts.

 

 

Compiling Apache

 

1.   The Apache HTTP server is a actually a core system with basic functionality that supports

dynamically loadable modules.  The modules perform tasks such as dynamic URL spelling

correction, URL rewriting, cookie tracking, and so on.

2.   For this example, we’ll stick with the default configuration:
3.   Begin by running the ./configure script that comes with Apache.
4.   Once it’s configured, run make
5.   Install Apache into the appropriate directory:

 

 

make^install

 

 

Make Sure Nobody is There!

 

One of the nicest features of Linux is the ability to start up and shut down system services

without needing to reboot.  This is easy to do in the Apache server.  To start Apache, use

this command:

 

/usr/local/apache/bin/apacheact1^start

 

 

======================================================================

 

linux14.html                                                    PAGE 3                                                       2002/07/19

 

 

 

Testing Your Installation

 

You can perform a quick test on your Apache installation using a default home page.  To do this,

start up the server (if necessary) using the command:

 

/usr/local/bin/apache/bin/apachetc1^start

 

 

 

Configuring Apache

 

Apache supports a rich set of configuration options that, unlike Sendmail, are sensible and easy to

follow.

 

Apache allows several common customizations.  After we step through creating a simple Web

page, we’ll see how we can make those common customizations in the Apache configuration files.

 

Creating a Simple Root-Level Page

 

If you like, you can start adding files to Apache right away in the /usr/local/apache/htdocs

directory for top-level pages.

 

 

Apache Configuration files

 

The configuration files for Apache are located in the /usr/local/apache/conf directory.  There

you will see the three files srm.conf, access.conf, and httpd.conf.

 

 

 

Common Configuration Changes

 

•   The default configuration settings work just fine right out of the box and need no modifications. 

Nevertheless, most site administrators will want to make the alterations described in this section.

•   Making Nobody Somebody.  Apache’s default user, nobody, allows Apache to run without

root permissions.  Of course, since other subsystems will use the nobody login as well, you

will want to limit their access to certain files.

•   Create a new user whose login is clearly intended for a specific group of files; for example,

www.  To accompany this login, you’ll want to create a group called www, as well.  For

the www login:

 

 

 

======================================================================

 

linux14.html                                                    PAGE 4                                                       2002/07/19

 

 

 

•   Set the shell setting to /bin/false so that users cannot log in to the account.
•   Set a password to * so that no one can use FTP to access the account.
•   Once the www account and group are created, edit the httpd.conf file so

that the entries for User and Group are set to www.  For example:

 

·        User www

·        Group www

 

 

 

Changing Host Names

 

 

•   It’s better to give a server a neutral name and then establish DNS CNAME entries or multiple

host name entries in the /etc/hosts file.

•   Server Administrator.  It’s often a good idea, for a couple of reasons, to use an e-mail for a

Web site’s administrator.  First, there may be more than one administrator.  Second, if the

current administrator leaves, you don’t want to have to make the rounds of all those Web

pages and change the name of the site administrator.

 

 

 

Basic Troubleshooting with Apache

 

The process of changing configurations can sometimes not work as smoothly as we’d like. 

The error log file is located in your logs directory.  If you installed Apache yourself using the

installation, this is in the /var/log/httpd directory.

 

The error_log file contains all of the errors that occur in Apache.

The easiest way to see the last 10 error messages is by using the tail command.

 

 

SUMMARY:

 

• Default user for Apache is “nobody”.
• Apache is located in /usr/lib (not user/local)
• find^/^-name^httpd.conf (finds the conf file, and it is a service because it has a d on the end.
• index.html is the default website apache looks for.
• access.conf (for backward compatibility), page 344
• Port 80 is used by Apache in httpd.conf
• Add these entries to httpd.conf:       
• User^apache & Group^apache
• .htaccess has the settings for Apache.