INFO 321 Server Technologies II - PowerPoint PPT Presentation

Info 321 server technologies ii l.jpg
Download
1 / 146

  • 388 Views
  • Updated On :
  • Presentation posted in: Pets / Animals

INFO 321 Server Technologies II. 1. Apache. Apache is synonymous with a web server app, but the Apache HTTP Server is just one project of the ten-year-old Apache Software Foundation (ASF) There are dozens of Foundation projects

Related searches for INFO 321 Server Technologies II

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.

Download Presentation

INFO 321 Server Technologies II

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Info 321 server technologies ii l.jpg

INFO 321Server Technologies II

Weeks 5-6

1


Apache l.jpg

Apache

Apache is synonymous with a web server app, but the Apache HTTP Server is just one project of the ten-year-old Apache Software Foundation (ASF)

There are dozens of Foundation projects

They state “We consider ourselves not simply a group of projects sharing a server, but rather a community of developers and users.”

Material from http://httpd.apache.org/ and notes by Dr. Randy Kaplan

Weeks 5-6

2


Overview l.jpg

Overview

This set of notes is divided into these sections

Web Server functionality

Choosing a web server

Installing Apache

Running Apache

Virtual Hosting

Authentication

Indexing

Alias and Redirect

Proxying


Web server functionality l.jpg

Web Server functionality

Weeks 5-6

4


Web server protocols l.jpg

Web Server protocols

The main purpose of a web server is to handle HTTP and related protocols

DNS

FTP

HTTPS

Gopher, Telnet, etc. are also possible

For more info on these protocols, see the chapter 2 notes for INFO 330

Weeks 5-6

5


Web server protocols6 l.jpg

Web Server protocols

DNS uses UDP as its transport layer protocol

Connectionless, unreliable

The other protocols use TCP for transport

Connection oriented between host computers

Reliable

All protocols work by passing text messages back and forth

Weeks 5-6

6


Web server wish list l.jpg

Web Server Wish List

Run fast

Handle lots of requests with minimal hardware

Support multitasking

Deal with more than one request at a time

Need to maintain workload without shutting the server down

Authenticate requestors

Weeks 5-6

7


Web server wish list8 l.jpg

Web Server Wish List

Respond to errors in the messages it gets, and tell what is going on

Negotiate a style and language of response with the requestor

Support a variety of formats

Run as a proxy server

Be secure

Weeks 5-6

8


What does a web server do l.jpg

What Does a Web Server Do?

Translate a URL into a file name or a program name

If a file – return the file over the Internet

If a program – run the program, and send the output back over the Internet

URL = Uniform Resource Locator

Has three parts –<scheme>://<host>/<path>

Weeks 5-6

9


How does apache work l.jpg

How Does Apache Work?

Runs under a suitable multitasking operating system

Binary is called httpd under Unix

Binary is called apache.exe under Win32

Each copy of httpd or apache.exe has its attention directed at a web site

For our purposes, the web site is a directory

Weeks 5-6

10


Apache and tcp ip l.jpg

Apache and TCP/IP

A computer has a connection to the outside world, called an interface

Identify interface by a socket or port number

The server decides how to handle different requests because the four byte (32 b) IPv4 address that leads the request to its interface is followed by a two byte (16 b) port number

Weeks 5-6

11


Apache and tcp ip12 l.jpg

Apache and TCP/IP

Requests arrive on an interface for a number of different services offered by the server using different protocols

Network News Transfer Protocol (NNTP)

Simple Mail Transfer Protocol (SMTP)

Domain Name Service (DNS)

HTTP (WWW)

Weeks 5-6

12


Apache and tcp ip13 l.jpg

Apache and TCP/IP

Different services attach to different ports

NNTP: port number 119

SMTP: port number 25

DNS: port number 53

HTTP: port number 80

Weeks 5-6

13


Apache and tcp ip14 l.jpg

Apache and TCP/IP

UNIX/Linux

Port numbers below 1024 can only be used by the superuser (root)

Prevents other users from running programs masquerading as standard services

Win32

Under Win32 there is currently no security directly related to port numbers and no superuser

Weeks 5-6

14


How does apache work15 l.jpg

How Does Apache Work?

Idling state –

Listens to the IP addresses specified in its config files (important foreshadowing…)

When a request appears –

Apache receives it and analyzes the headers

Applies the rules in the config file

Takes the appropriate action

Weeks 5-6

15


How http clients work l.jpg

How HTTP Clients Work

When a URL (beginning http://) is sent to a browser,

The browser reads ‘http:’ and determines it should be using the HTTP protocol to communicate with web servers

A name server (DNS) is contacted to translate the host name in a URL to an IP address

Weeks 5-6

16


Apache and domain servers l.jpg

Apache and Domain Servers

It is the role of the DNS (Domain Name Server) to translate a computer’s telephone number (IP address) into a human readable (and memorable) name

Weeks 5-6

17


Dns errors l.jpg

DNS Errors

Suppose Apache is given a URL which does not have a trailing /

Apache will add a trailing / and try to access the URL again (called redirection)

Then use DNS to resolve the IP address

Weeks 5-6

18


Handling multiple web sites l.jpg

Handling Multiple Web Sites

The utility ifconfig binds IP addresses to physical interfaces (e.g. Ethernet ports)

ifconfig also allows binding multiple IP addresses to a single interface

A client can switch from one IP address to another while maintaining service

This is known as IP Aliasing

Weeks 5-6

19


Choosing a web server l.jpg

Choosing a web server

Weeks 5-6

20


Why choose apache l.jpg

Why choose Apache?

Apache has been the dominant web server app since 1996

Open source enables its source code to be examined by thousands of eyes

Substantially more reliable

Apache is extensible

Apache is freeware

Weeks 5-6

21


Other choices l.jpg

Other choices

Other web server apps include

Microsoft IIS or PWS

Google GWS

Lighttpd

Zeus ZWS

nginx

Sun (includes Netscape and Netsite variants)

Weeks 5-6

22


Apache market share l.jpg

Apache market share

Apache has been the leading web server since March 1996, but is losing ground

According to Netcraft surveys

In November 2005, Apache supported 71 percent of domains, more than 50% ahead of Microsoft IIS (20.2 percent) (N=74.6 million)

By June 2009, Apache had 47.12%, versus Windows (IIS and PWS) had 24.80% of the 238 million domains reporting

Weeks 5-6

23


Apache as in indian l.jpg

Apache as in Indian?

“The name 'Apache' was chosen from respect for the Native American Indian tribe of Apache (Indé), well-known for their superior skills in warfare strategy and their inexhaustible endurance.” (Apache FAQ)

Weeks 5-6

24


Apache version platforms l.jpg

Apache version & platforms

Apache is on version 2.2.17 (released Oct 19, 2010) and changes slowly

Most Linux distributions are a little behind the current release

Old releases (2.0.x and 1.3.x) are maintained

Apache runs on 32-bit Windows flavors, UNIX/Linux, and even NetWare (!)

Weeks 5-6

25


Installing apache l.jpg

Installing Apache

Weeks 5-6

26


Apache prereqs l.jpg

Apache prereqs

To install Apache, you need:

An Internet connection helps

Disk space – 50 MB to install, about 10 MB to run, depending on options

An ANSI-C compiler, such as the GNU C compiler (GCC) from the Free Software Foundation (FSF)

The Windows version can obtained in .exe form

Weeks 5-6

27


Apache prereqs28 l.jpg

Apache prereqs

Accurate time keeping such as the ntpdate or xntpd programs

Some parts of HTTP are based on time of day, so some form of NTP support is needed

Perl5 is needed for a few options

The utilities apr and apr-utilneed to be version 1.2

Upgrade them separately if needed, but they are included with Apache source code

Weeks 5-6

28


Overview apache install l.jpg

Overview – Apache install

Download

$ lynx http://httpd.apache.org/download.cgi

Extract

$ gzip -d httpd-NN.tar.gz

$ tar xvf httpd-NN.tar

$ cd httpd-NN

Configure

$ ./configure --prefix=PREFIX

Weeks 5-6

29


Overview apache install30 l.jpg

Overview – Apache install

Compile

$ make

Install

$ make install

Customize

$ vi PREFIX/conf/httpd.conf

Test

$ PREFIX/bin/apachectl -k start

Weeks 5-6

30


Overview apache install31 l.jpg

Overview – Apache install

NN must be replaced with the current version number (e.g. 2.2.17)

PREFIX must be replaced with the file system path under which the server should be installed

If PREFIX is not specified, it defaults to /usr/local/apache2

Weeks 5-6

31


Download l.jpg

Download

Most UNIX/Linux users will want to download Apache and compile it locally

After download, use PGP to verify the download’s integrity, e.g.

% pgp -ka KEYS

% pgp apache_1.3.24.tar.gz.asc

This verifies against the MD5 or PGP message digest ASCII file

Weeks 5-6

32


Extract l.jpg

Extract

This set of steps decompresses the tarball, extracts the tarball, and changes to the source code directory

$ gzip -d httpd-NN.tar.gz

$ tar xvf httpd-NN.tar

$ cd httpd-NN

Notice this is using the tar command we saw in the Backup section

Weeks 5-6

33


Configure l.jpg

Configure

Now things get messy!

The basic configure script, if you’re using the default PREFIX, can be run using

$ ./configure

The configure script allows you to select which features are active on your host

You can also change where specific files are installed, for example

Weeks 5-6

34


Apache architecture l.jpg

Apache architecture

Apache is a modular server

This implies that only the most basic functionality is included in the ‘core’ server

Even core functionality can be disabled

Extended features are available through modules which can be loaded into Apache

Weeks 5-6

35


Apache architecture36 l.jpg

Apache architecture

By default, a base set of modules is included in the server at compile-time

If the server is compiled to use dynamically loaded modules, then modules can be compiled separately and added at any time using the LoadModule directive

Otherwise, Apache must be recompiled to add or remove modules

Weeks 5-6

36


Some types of module status l.jpg

Some types of module status

Base

A module having "Base" status is compiled and loaded into the server by default

Extension

A module with "Extension" status is not normally compiled and loaded into the server; to enable the module and its functionality, you need to change the server build configuration files and re-compile Apache

External

Modules which are not included with the base Apache distribution ("third-party modules") may use the "External" status

Weeks 5-6

37


Apache architecture38 l.jpg

Apache architecture

Apache terminology note:

Features are implemented by modules, which are installed or not with your copy of Apache

Once installed, they can be enabled or disabled to allow them to run or not

Dozens of modules are enabled by default, so you’d have to explicitly disable them

The most dangerous one is --disable-http

Weeks 5-6

38


Apache architecture39 l.jpg

Apache architecture

Likewise, many modules are disabled by default, so you have to enable them explicitly

For example, --enable-ssl enables support for SSL/TLS provided by mod_ssl

Be very careful, misspelled features are ignored, without error message!

--enable-sssl will do nothing

Weeks 5-6

39


Configure script vs file l.jpg

Configure script vs. file

KEY POINT: Apache has a configure script which enables modules

./configure

And a configuration file (or several) which contain directives

PREFIX/conf/httpd.conf

Both are very important and powerful tools, but are completely separate!

Weeks 5-6

40


Configure41 l.jpg

Configure

The general syntax for enabling and disabling is

--disable-FEATURE

Do not include FEATURE; This is the same as --enable-FEATURE=no

--enable-FEATURE[=ARG]

Include FEATURE; the default value for ARG is yes

Weeks 5-6

41


Configure42 l.jpg

Configure

Less often used enabling options include

--enable-MODULE=shared

The corresponding module will be build as a DSO (dynamically shared) module; will be enabled if you use the --enable-mods-shared option

--enable-MODULE=static

By default, enabled modules are linked statically; you can force this explicitly

Weeks 5-6

42


Packages l.jpg

Packages

The configure script can invoke packages, which are typically third party features

--with-PACKAGE[=ARG]

Use the package PACKAGE; the default value for ARG is yes

Often these tell where to find specific libraries or databases

Weeks 5-6

43


Environment variables l.jpg

Environment variables

The configure script can also set environment variables

These mostly describe what C compiler or flags to use, or the location of compile libraries

Weeks 5-6

44


Configure summary l.jpg

./configure summary

So the Apache configure script controls which modules are enabled or not

When an ISP tells you they support SSL, Perl, etc., they are implying which modules they installed (if they’re using Apache)

Weeks 5-6

45


Build and install l.jpg

Build and Install

$ make

$ make install

These are the traditional Unix commands to build and install an app

They’ll take a while, especially make, since it includes compiling all the source code

Weeks 5-6

46


Customize l.jpg

Customize

The file PREFIX/conf/httpd.confis a customization focal point for Apache

Apache is configured by placing directives in plain text configuration files

Apache configuration files contain one directive per line

httpd.conf is the main file, but other config files can be linked from it via an Include directive

Weeks 5-6

47


Apache configuration l.jpg

Apache configuration

Webmaster’s main control over Apache is through the config file

The webmaster has 412 directives at their disposal

We’ll get to this soon…

No, not all of them 

Weeks 5-6

48


Apache directory structure l.jpg

Apache directory structure

First steps

In Apache, what exactly is a “web site”

A web site is a directory somewhere on the server

Every Apache web site directory contains at least three (and maybe a fourth) subdirectories

INFO 321

Weeks 5-6

49


Apache directory structure50 l.jpg

Apache directory structure

Regardless of OS, a site directory has

conf

Contains the important configuration file httpd.conf

htdocs

Contains the HTML documents, images, data and other files to be served up to the site’s clients

These directories and subdirectories, the web space, are accessible to anyone on the Web

INFO 321

Weeks 5-6

50


Apache directory structure51 l.jpg

Apache directory structure

logs

Contains the log files – history of accesses and errors

cgi-bin

Contains CGI scripts that are needed

If you don’t use scripts (CGI) you don’t need this directory

INFO 321

Weeks 5-6

51


Running apache l.jpg

Running Apache

Weeks 5-6

52


Running apache from the command line l.jpg

Running Apache from the Command Line

If the conf subdirectory is not the default location (it usually is not), you need to tell Apache where it is

httpd –d /usr/wwww/APACHE3/example.site


When apache is started l.jpg

When Apache is started

It sits and waits in the background, waiting for a client’s request to arrive

After all, it’s a server app!

When a request arrives, Apache attempts to respond to it or generates an error and places this in the log file


Configuration file l.jpg

Configuration File

Apache has a default configuration file

This file covers almost every option that Apache supports

It is quite complicated

It is better, at least in the beginning, to create your own, simpler configuration file


Firing up the server l.jpg

Firing up the server

Suppose we have a web site contained in a folder named 321

The command to run Apache hosting this web site would be –

httpd –d /usr/local/apache2/htdocs/321

If you will use this command a lot it is good idea to create a script file that contains it


If all goes well l.jpg

If all goes well …

Look in /usr/local/apache2* for the new executables

* Or wherever your PREFIX is

Use ls –l to see the timestamps

INFO 321

Weeks 5-6

57


Killing apache l.jpg

Killing Apache

To kill Apache, you must kill the main process and all of its children

One way to accomplish this is to get all processes with the name httpd

ps awlx | grep httpd

And then kill all of the poor innocent helpless processes –

killall httpd


Killing the server l.jpg

Killing the server …


Killing the server gracefully l.jpg

Killing the server … gracefully

A utility (program) is supplied with Apache called apachectl (= Apache control?)

It can be used to start and stop Apache and perform other utility operations


Apachectl l.jpg

apachectl

Syntax is

/usr/local/apache2/bin apachectl (start|stop|restart|fullstatus|status| graceful|configtest|help)

start  start httpd

stop  stop httpd

restart  restart httpd if running


Apachectl62 l.jpg

apachectl

/usr/local/apache2/bin apachectl (start|stop|restart|fullstatus|status| graceful|configtest|help)

fullstatus  dumps a full status screen

status  dumps a short status screen

graceful  do a graceful restart or start if not running

configtest  do a configuration syntax test

help  display command listing


Default problems l.jpg

Default Problems

If you get the message –

fopen: No such file or directory

httpd: could not open error log file …

Then to httpd.conf add the line –

Errorlog logs/error_log


Default problems64 l.jpg

Default Problems

If Apache still fails to start, and you get a message in /logs/error_log:

… No such file or directory.: could not open mime types …

In the httpd.conf file add the line –

TypesConfig conf/mime.types


Default problems65 l.jpg

Default Problems

If Apache still fails to start, and you get this message in the /log/error_log file –

fopen: no such file or directory

httpd: could not log pid to file …

In httpd.conf you need to add the line –

PIDFile logs/httpd.pid


A small but complete httpd conf l.jpg

A Small But Complete httpd.conf

user webroot

Group webgroup

ServerName myServerName

DocumentRoot /usr/local/apache2/htdocs/

# to fix common problems, uncomment these

#ServerRoot /usr/local/apache2/htdocs

#ErrorLog logs/error_log

#PIDFile logs/httpd.pid

#TypesConfig conf/mime.types


A complete minimal file l.jpg

A Complete Minimal File


Testing to see the server l.jpg

Testing to See the Server

In a command line, type

telnet myServerName 80

Response should be –

Trying to connect to 192.168.2.223

Connected to myServerName.my.domain

Escape character is ‘^]’


Testing to see the server69 l.jpg

Testing to See the Server

Type –

GET / HTTP/1.0 <CR><CR>

You should see –

HTTP/1.0 200 OK

Sat, 28 Jan 2006 23:49 GMT

Server: Apache/1.3

Connection: close

Content-Type: text/html


Httpd conf directives l.jpg

httpd.conf Directives

ServerName

Gives the hostname of the server to use when creating redirection URLs

DocumentRoot

Directory from which Apache will serve files

Default: /usr/local/apache2/htdocs


Httpd conf directives71 l.jpg

httpd.conf Directives

ServerRoot

Where conf and logs can be found

Default: /usr/local/etc/httpd

ErrorLog

The name of the file to which the server will log any errors it encounters

Default: Errorlog logs/error_log


Httpd conf directives72 l.jpg

httpd.conf Directives

PIDFile

Allows the location of the file containing the PID to be changed

Default: logs/httpd.pid

TypesConfig

Path and filename to find the mime.types file if it is not in the default location

Default: conf/mime.types


Httpd conf directives73 l.jpg

httpd.conf Directives

LoadModule

Links in the specified object file or library

Adds the module structure to the list of active modules

AddModule

Enables a module that has been compiled into Apache but is not in use


Virtual hosting l.jpg

Virtual Hosting

Weeks 5-6

74


Virtual hosts l.jpg

Virtual Hosts

Let’s make the following assumptions –

We run a business that has been running a web site

We are ready to expand and have a need for more than one web site

As our business has grown we need to set up an Intranet for employees

The existing web server (Extranet) is for customers


Virtual hosts76 l.jpg

Virtual Hosts

Two approaches

Approach 1

Run a single copy of Apache

Maintain two web sites as virtual sites

Approach 2

Run two copies of Apache

Each copy maintains a single site

Allows optimization of Apache to a web site


Name based virtual hosts l.jpg

Name-based Virtual Hosts

Preferred method of managing virtual hosts

Takes advantage of the ability of HTTP 1.1 compliant browsers

Browser supports host header – specifies the name of the site they want to access


Sample config file l.jpg

Sample Config File

User webuser

Group webgroup

NameVirtualHost 192.168.123.2

<VirtualHost www.MyCompany.com>

ServerName www.MyCompany.com

ServerAdmin webmaster@MyCompany.com

DocumentRoot /usr/local/apache2/site1.virtual/htdocs/extranet

ErrorLog /usr/local/apache2/site1.virtual/htdocs/logs/error_log

TransferLog /usr/local/apache2/site1.virtual/htdocs/logs/access_log

</VirtualHost>

<VirtualHost intranet.MyCompany.com>

ServerName intranet.MyCompany.com

ServerAdmin webmaster@MyCompany.com

DocumentRoot /usr/local/apache2/site2.virtual/htdocs/intranet

ErrorLog /usr/local/apache2/site2.virtual/htdocs/logs/error_log

TransferLog /usr/local/apache2/site2.virtual/htdocs/logs/access_log

</VirtualHost>

Key directive

Tells Apache that requests to the IP will be subdivided by name


Namevirtual host l.jpg

NameVirtual Host

Key directive tells Apache that requests to that IP number will be subdivided by name

The ServerName directive provides a name for Apache to return to the client

NameVirtualHost allows you to specify –

IP addresses of your name-based virtual host

A port number can be added if necessary


Namevirtualhost l.jpg

NameVirtualHost

If an IP address is added it needs to match the IP address at the top of a <VirtualHost> block

A ServerName directive must be included

The ServerName directive must be followed by a registered name


Resolving a virtual host l.jpg

Resolving a Virtual Host

When Apache receives a request to a named host –

The <VirtualHost> blocks are scanned for a match of the IP address declared with a NamedVirtualHost directive to find one that includes the requested servername


Ip based virtual hosts l.jpg

IP-Based Virtual Hosts

Because the web is primarily IP addressed based, it makes sense to be able to do IP-based virtual hosting

The next config file accomplishes this style of virtual hosting


Ip based virtual hosting l.jpg

IP-Based Virtual Hosting

User webuser

Group webgroup

<VirtualHost www.MyCompany.com>

ServerName www.MyCompany.com

ServerAdmin webmaster@MyCompany.com

DocumentRoot /usr/local/apache2/site1.virtual/htdocs/extranet

ErrorLog /usr/local/apache2/site1.virtual/htdocs/logs/error_log

TransferLog /usr/local/apache2/site1.virtual/htdocs/logs/access_log

</VirtualHost>

<VirtualHost intranet.MyCompany.com>

ServerName intranet.MyCompany.com

ServerAdmin webmaster@MyCompany.com

DocumentRoot /usr/local/apache2/site2.virtual/htdocs/intranet

ErrorLog /usr/local/apache2/site2.virtual/htdocs/logs/error_log

TransferLog /usr/local/apache2/site2.virtual/htdocs/logs/access_log

</VirtualHost>


Ip based virtual hosting84 l.jpg

IP-Based Virtual Hosting

What’s Different?

No NameVirtualHost directive

Need ServerName directive


Mixed name ip based virtual hosts l.jpg

Mixed Name/IP-Based Virtual Hosts

In this case some of our virtual web sites will be accessed via name and others will be access via IP addresses

A useful approach when wanting to set up a web site for testing and limited exposure

The typical user will have no need to access a web site by IP address


Mixed name ip based virtual hosts86 l.jpg

Mixed Name/IP-Based Virtual Hosts

User webuser

Group webgroup

NameVirtualHost 192.168.123.2

<VirtualHost www.MyCompany.com>

ServerAdmin webmaster@MyCompany.com

DocumentRoot /usr/local/apache2/site1.virtual/htdocs/extranet

ErrorLog /usr/local/apache2/site1.virtual/htdocs/logs/error_log

TransferLog /usr/local/apache2/site1.virtual/htdocs/logs/access_log

</VirtualHost>

<VirtualHost intranet.MyCompany.com>

ServerAdmin webmaster@MyCompany.com

DocumentRoot /usr/local/apache2/site2.virtual/htdocs/intranet

ErrorLog /usr/local/apache2/site2.virtual/htdocs/logs/error_log

TransferLog /usr/local/apache2/site2.virtual/htdocs/logs/access_log

</VirtualHost>

<VirtualHost 192.168.123.3>

ServerName test-new.MyCompany.com

ServerAdmin webmaster@MyCompany.com

DocumentRoot /usr/local/apache2/site3.virtual/htdocs/new-test

ErrorLog /usr/local/apache2/site3.virtual/htdocs/logs/error_log

TransferLog /usr/local/apache2/site3.virtual/htdocs/logs/access_log

</VirtualHost>


Authentication l.jpg

Authentication


Authentication88 l.jpg

Authentication

Client sends username and password to Apache

Apache determines if the user is a valid one for access to the web site

Access to a site or database can be controlled precisely by the web master


Authentication89 l.jpg

Authentication

Can also be given to groups

Groups can be given or denied access as a whole

Let’s make the following assumption –

Bill and Ben are the group directors in our business

Betsy and Mike are in the group staff

Password will be “password” for all


Authentication90 l.jpg

Authentication

User webuser

Group webgroup

NameVirtualHost 192.168.123.2

<VirtualHost www.MyCompany.com>

ServerAdmin webmaster@MyCompany.com

DocumentRoot /usr/local/apache2/site1.virtual/htdocs/extranet

ErrorLog /usr/local/apache2/site1.virtual/htdocs/logs/error_log

TransferLog /usr/local/apache2/site1.virtual/htdocs/logs/access_log

</VirtualHost>

<VirtualHost intranet.MyCompany.com>

ServerAdmin webmaster@MyCompany.com

DocumentRoot /usr/local/apache2/site2.virtual/htdocs/intranet

ErrorLog /usr/local/apache2/site2.virtual/htdocs/logs/error_log

TransferLog /usr/local/apache2/site2.virtual/htdocs/logs/access_log

<Directory DocumentRoot /usr/local/apache2/site2.virtual/htdocs/intranet>

AuthType Basic

AuthName darkness

AuthUserFile /usr/local/apache2/validUsers/intranetUsers

AuthGroupFile /usr/local/apache2/validGroups/intranetGroups

Require valid-user

</Directory>

</VirtualHost>


Authentication91 l.jpg

Authentication

Let’s examine the new part in detail:

<Directory DocumentRoot /usr/local/apache2/site2.virtual/htdocs/intranet>

AuthType Basic

AuthName darkness

AuthUserFile /usr/local/apache2/validUsers/intranetUsers

AuthGroupFile /usr/local/apache2/validGroups/intranetGroups

Require valid-user

</Directory>


Authentication92 l.jpg

Authentication

AuthType Basic –

Turns on authentication (a key directive), and specifies the type thereof (Basic, not MD5)

Requires AuthName, AuthUserFile, and AuthGroupFile to be specified as well

AuthName directive

Gives the name of the realm in which users’ names and passwords are valid

If more than one, enclose in quotes (“”)


Authentication93 l.jpg

Authentication

AuthUserFile directive

Contains usernames and encrypted passwords

AuthGroupFile directive

Contains the correspondence between users and groups


Authentication passwords l.jpg

Authentication – Passwords

Passwords are managed by the Apache utility htpasswd

Find the source for this utility in the support subdirectory of the Apache directory tree

Compiled with –

make htpasswd


Htpasswd l.jpg

htpasswd

Once compiled we can ask it for some help

htpasswd -?

This will return (as usual) the use of the command and the options supported in the command line


Htpasswd96 l.jpg

htpasswd

Usage:

htpasswd [-cmdps] passwordfile username

htpasswd –b[cmdps] passwordfile username password

-c Create a new file

-m Force MD5 encryption of the password

-d Force CRYPT encryption of the password (default)

-p Do not encrypt the password – plaintext

-s Force SHA encryption of the password

-b Use the password from the command line rather than prompting for it


Htpasswd97 l.jpg

htpasswd

Example –

htpasswd –m –c /usr/local/apache2/validUsers/intranetUsers bill

Once this command is entered you will be prompted for the password twice

You might have a look in the password file to see what was entered there

If you use the –c option on an existing password file, a new one will be created without warning, so be careful when using this option


Other approaches to control access l.jpg

Other approaches to control access

Apache provides directives to control access precisely

These include –

Allow

Deny

Order


Allow from directive l.jpg

Allow from directive

allow from host host … directory, .htaccess

Controls access to a directory

Host can be one of the following –

all – all hosts are allowed access

A partial domain name

Hosts whose names match or end in this string are allowed access

A full IP address

Used to restrict to subnets

1 – 3 bytes of the IP are used

Network/netmask pair

Network CIDR specification (some number of bits)


Allow from env directive l.jpg

Allow from env directive

Controls access by the existence of a named environment variable, for example

BrowserMatch ^KnockKnock/2.0 let_me_in

<Directory /docroot>

order deny, allow

deny from all

allow from env=let_me_in

</Directory>


Allow from env directive101 l.jpg

Allow from env directive

BrowserMatch ^KnockKnock/2.0 let_me_in

This is a directive that sets an environment variable, let_me_in

The pattern to be matched to set the environment variable is ^KnockKnock/2.0


Deny from directive l.jpg

Deny from directive

Controls access by host, such as:

deny from host host

Where host can be one of the following –

all

all hosts are denied access

A partial domain name

all hosts whose name match or end in this string are denied access

A full IP address

the first one to three bytes are denied access, for subnet restriction

A network/netmask pair

network a.b.c.d and netmask w.x.y.z are denied access


Deny from env directive l.jpg

Deny from env directive

Controls access by the existence of a named environment variable, for example

BrowserMatch ^BadRobot/0.9 go_away

<Directory /docroot>

order allow, deny

allow from all

deny from env=go_away

</Directory>


Order directive l.jpg

Order directive

Usage

order ordering

The ordering argument is one word

Controls the order in which the foregoing allow or deny directives are applied

If two order directives apply to the same host, the last one to be evaluated prevails


Order directive105 l.jpg

Order directive

Ordering

deny,allow

Deny directives are evaluated for allow directives (default)

allow,deny

The allow directives are evaluated before the denys. The user will still be rejected if a deny is encountered


Order directive106 l.jpg

Order directive

Ordering

mutual-failure

Hosts that appear on the allow list and do not appear on any deny list are allowed to access


Order directive examples l.jpg

Order directive examples

allow from all

Lets everyone in

allow from 123.156

deny from all

Denys everyone except those whose IP addresses happen to begin with 123.156

Allow is applied last


Order directive examples108 l.jpg

Order directive examples

order allow,deny

allow from 123.156

deny from all

The whole site is closed

Deny is applied last


Indexing l.jpg

Indexing


Indexing110 l.jpg

Indexing

An index provides a listing of the files that are in a web site

If no file like index.html is prepared then Apache will prepare its own rudimentary index to access the web site

It is also possible to use Apache to create better indices


Indexing111 l.jpg

Indexing

The directive (in the config file) IndexOption makes Apache create an index on the fly

The index will be displayed when there is no file index.html


Indexing example l.jpg

Indexing - Example

Config File

Turn on indexing


Indexing page created l.jpg

Indexing (Page Created)


Indexing114 l.jpg

Indexing

The directive for indexing is quite complex (lots of options) but it deserves to be examined as it provides valuable functionality

Assume the latest version of Apache

IndexOptions [+|-]option [[+|-]option] …


Indexing115 l.jpg

Indexing

Options

DescriptionWidth

FancyIndexing

FoldersFirst

IconHeight

IconWidth

NameWidth

ScanHTMLTitles

SuppressColumnSorting

SuppressDescription

SuppressHTMLPreamble

SuppressLastModified

SuppressSize

TrackModified

IndexOrderDefault

ReadmeName

FancyIndexing

IndexIgnore

AddIcon

AddAlt

AddDescription

DefaultIcon

AddIconByType

AddAltByType

AddIconBy Encoding

AddAltbyEncoding

HeaderName


Indexing116 l.jpg

Indexing

With so many options, which ones are important or more useful?


Indexing117 l.jpg

Indexing

The effect of most of these options is apparent from its name

DescriptionWidth

FancyIndexing

FoldersFirst

IconHeight

IconWidth

NameWidth

ScanHTMLTitles

SuppressColumnSorting

SuppressDescription

SuppressHTMLPreamble

SuppressLastModified

SuppressSize

TrackModified


Indexing118 l.jpg

Indexing

IndexOrderDefault

This option is used to specify the ordering of the entries in the index. You can specify ascending, descending, by name, date, size, and description

ReadmeName

The ReadmeName is the name of the file that will be appended to the end of the index listing

HeaderName

Inserts a header, read from a file, at the top of the page


Indexing119 l.jpg

Indexing

These options deal with specifying the icons that are displayed with index entries and the alternate text that is used

AddIcon

AddAlt

AddDescription

DefaultIcon

AddIconByType

AddAltByType

AddIconBy Encoding

AddAltbyEncoding


Alias and redirect l.jpg

Alias and Redirect


Redirection l.jpg

Redirection

Two directives allow requests to be shunted around your file system

Directives

Alias

Redirect

These directives allow HTML files to be moved around a file server


Alias directive l.jpg

Alias Directive

Alias

A legitimate purpose of the ALIAS directive is to be able to logically place files around the server

File could also be placed on other servers

In this way, files can be maintained by their owners


Alias directive123 l.jpg

Alias Directive

Alias

Useful directive

Store documents elsewhere

Demonstration

Create a new directory

/usr/local/apache2/htdocs/somewhere_else

Put a file named lost.txt in this directory with the contents

I am somewhere else

Add the following line to the conf file

Alias /somewhere_else /usr/local/apache2/htdocs/somewhere_else


Alias directive124 l.jpg

Alias Directive

If you now access this directory via the browser (as a named directory off of the root) you will see the following –

Index of /somewhere_else

. Parent Directory

. lost.txt


Alias directive125 l.jpg

Alias Directive

Use –

Alias url_path directory_or_filename

Map a user’s resource URL to its physical location in the file system


Aliasmatch l.jpg

AliasMatch

Use –

AliasMatch regex directory_or_filename

Like ScriptAliasMatch

Takes a regular expression as the first argument otherwise it works like Alias


Redirect directive l.jpg

Redirect Directive

Use –

Redirect [status] url-path url

Maps an old URL to a new one; the new URL is returned to the client

The client attempts to access the information again using the new URL, for example –

Redirect /service http://foo2.bar.com/service

If the user requests http://myserver/service/foo.txt it will be told to access http://foo2.bar.com/service/foo.txt


Redirect directive128 l.jpg

Redirect Directive

If no status argument is given, the status is temporary

The status argument can be used to return HTTP status codes

Status –

permanent

Returns a redirect status of 301 indicating the resource has moved permanently

temp

Returns a redirect status of 302 indicating the resource has move temporarily

seeother

Returns a status 303 indicating the resource has been replaced

gone

Returns a status 410 indicating the resource has been permanently removed


Redirectmatch directive l.jpg

RedirectMatch Directive

Use –

RedirectMatch regex url

Uses a regular expression to specify the resource to be redirected


Proxying l.jpg

Proxying


Proxying131 l.jpg

Proxying

Don’t connect a busy web site straight to the web – Why?

Better performance

Cache popular web pages

Distribute requests among a number of servers

Give the bad guys more defended ground to get past

Give local users protected by a firewall access to the Internet


Proxying132 l.jpg

Proxying

Security

Keep the the bad guys out of the network

To do this, keep the network hidden behind a firewall

Doing this shuts off access to the Internet

A proxy server is used to create access to the Internet


Proxying133 l.jpg

Proxying

As with other functionality with Apache, directives in the .conf file specify proxy functionality

In this capacity, Apache is acting as an agent to send user’s requests out to the Internet


Proxy directives l.jpg

Proxy Directives

A new site will be created named proxy

This site has three subdirectories –

cache

proxy

real


Sample config l.jpg

Sample Config

User webuser

Group webgroup

ServerName www.myCompany.com

Port 8000

ProxyRequests on

CacheRoot /usr/local/apache2/proxy/cache

CacheSize 1000


Sample config136 l.jpg

Sample Config

ProxyRequests on

Turns proxy serving on

CacheRoot /usr/local/apache2/proxy/cache

Sets the directory to contain cache files

Must be writable by Apache

CacheSize 1000

Specifies the size of the cache area in KB


Setup l.jpg

Setup

Cache directory

Needs to be set up carefully

Owner = webuser

Group = webgroup

The browser must be told you are going to access the web via a proxy

To do this you specify the IP address of the proxy server and the port 8000


Setup138 l.jpg

Setup

Proxy setting panel from Firefox (see Tools > Options > Advanced > Network tab, Settings)


Proxy simulation l.jpg

Proxy Simulation

Four elements needed to test the proxy server functionality

A browser configured to access the web via proxy

A firewall (real or imaginary)

Copy of Apache running the proxy

Copy of Apache running the website


Proxy simulation140 l.jpg

Proxy Simulation

One copy of Apache will run with the Proxy configuration file

User webuser

Group webgroup

ServerName www.myCompany.com

Port 8000

ProxyRequests on

CacheRoot /usr/local/apache2/proxy/cache

CacheSize 1000

Since we are simulating this on a single computer, we will use port 8000 as the port to receive proxy requests


Proxy simulation141 l.jpg

Proxy Simulation

The web server will use the following configuration (we are simulating a site out on the web by running Apache as a web server)

Config for the web site

User webuser

Group webgroup

ServerName www.myCompany.com

Listen www.myCompany.com:80

DocumentRoot /usr/local/apache2/real/htdocs


Proxy simulation142 l.jpg

Proxy Simulation

In /etc/hosts we place the following entry –

192.168.124.1www.myCompany.com

This simulates DNS registration for www.myCompany.com

Notice this domain will be on a different subnet than the one we have been using


Proxy simulation143 l.jpg

Proxy Simulation

Next we need to configure the Ethernet interface for the simulation

We will use the following commands –

ifconfig eth0 192.168.123.2

ifconfig eth0 192.168.123.3 alias netmask 0xFFFFFFFF

ifconfig eth0 192.168.124.1 alias


Proxy simulation144 l.jpg

Proxy Simulation

Start a copy of Apache for each of the config files and sites

At this point you can fire up your configured browser and enter the URL

http://192.168.124.1

You should see the site’s web page displayed

But how do you know the site is being proxy served?


Proxy simulation145 l.jpg

Proxy Simulation

Go to the browser and reconfigure to NOT use a proxy

Now, enter the URL again

http://192.168.124.1

You should get a network error


References l.jpg

References

Apache Web Server

Apache FAQ

Web server 2.2 documentation

The configure script

apache.conf directives index

Netcraft web server survey

Apache Week (online periodical)

Weeks 5-6

146


  • Login