Apache HTTP Server Comfigure:
www.linuxhomenetworking.com
Managing the Apache Server
Managing Apache's httpd daemon is easy to do, but the procedure
differs between Linux distributions. Here are some things to keep in
mind.
- Firstly, different Linux distributions use different daemon
management systems. Each system has its own set of commands to do
similar operations. The most commonly used daemon management systems are
SysV and Systemd.
- Secondly, the daemon name needs to be known. In this case the name of the daemon is httpd.
Armed with this information you can know how to:
- Start your daemons automatically on booting
- Stop, start and restart them later on during troubleshooting or when a configuration file change needs to be applied.
For more details on this, please take a look at the "Managing Daemons" section of Chapter 6 "
Installing Linux Software"
Note: Remember to configure your daemon to start automatically upon your next reboot.
Configuring DNS For Apache
Remember that you will never receive the correct traffic unless you
configure DNS for your domain to make your new Linux box Web server the
target of the DNS domain's www entry. To do this, refer to Chapter 18, "
Configuring DNS", or Chapter 19, "
Dynamic DNS".
DHCP and Apache
As you remember, if your Internet connection uses DHCP to get its IP
address, then you need to use dynamic DNS to get the correct Internet
DNS entry for your Web server. If your Web server and firewall are
different machines, then you probably also need to set up port
forwarding for your Web traffic to reach the Web server correctly.
(Chapter 19, "
Dynamic DNS", explains port forwarding, as well.).
DHCP on your protected home network is different. In the book's
sample topology, the web server lives on the 192.168.1.0 home network
protected by a firewall. The firewall uses NAT and port forwarding to
pass Internet traffic on to the web server. Remember that the IP address
of your web server can change if it gets its IP address using DHCP.
This could cause your firewall port forwarding, not Dynamic DNS, to
break.
In this case I recommend that your web server on the 192.168.1.0
network uses a fixed, or static IP address that is outside of the range
of the DHCP server to prevent you from having this problem.
General Configuration Steps
The configuration file used by Apache is
/etc/httpd/conf/httpd.conf in Redhat / Fedora distributions and
/etc/apache*/httpd.conf
in Debian / Ubuntu distributions. As for most Linux applications, you
must restart Apache before changes to this configuration file take
effect.
Where To Put Your Web Pages
All the statements that define the features of each web site are
grouped together inside their own <VirtualHost> section, or
container, in the httpd.conf file. The most commonly used statements, or
directives, inside a <VirtualHost> container are:
- servername: Defines the name of the website managed by
the <VirtualHost> container. This is needed in named virtual
hosting only, as I'll explain soon.
- DocumentRoot: Defines the directory in which the web pages for the site can be found.
By default, Apache searches the DocumentRoot directory for an index,
or home, page named index.html. So for example, if you have a servername
of www.my-site.com with a DocumentRoot directory of /home/www/site1/,
Apache displays the contents of the file /home/www/site1/index.html when
you enter in your browser.
Some editors, such as Microsoft FrontPage, create files with an
.htm extension, not .html. This isn't usually a problem if all your HTML
files have hyperlinks pointing to files ending in .htm as FrontPage
does. The problem occurs with Apache not recognizing the topmost
index.htm page. The easiest solution is to create a symbolic link (known
as a shortcut to Windows users) called index.html pointing to the file
index.htm. This then enables you to edit or copy the file index.htm with
index.html being updated automatically. You'll almost never have to
worry about index.html and Apache again!
This example creates a symbolic link to index.html in the /home/www/site1 directory.
[root@bigboy tmp]# cd /home/www/site1
[root@bigboy site1]# ln -s index.htm index.html
[root@bigboy site1]# ll index.*
-rw-rw-r-- 1 root root 48590 Jun 18 23:43 index.htm
lrwxrwxrwx 1 root root 9 Jun 21 18:05 index.html -> index.htm
[root@bigboy site1]#
The l at the very beginning of the index.html entry signifies a link and the -> the link target.
The Default File Location
By default, Apache expects to find all its web page files in the
/var/www/html/ directory with a generic DocumentRoot statement at the
beginning of httpd.conf. The examples in this chapter use the /home/www
directory to illustrate how you can place them in other locations
successfully.
File Permissions And Apache
Apache will display Web page files as long as they are world
readable. You have to make sure you make all the files and
subdirectories in your DocumentRoot have the correct permissions.
It is a good idea to have the files owned by a nonprivileged user
so that Web developers can update the files using FTP or SCP without
requiring the root password.
To do this:
- Create a user with a home directory of /home/www.
- Recursively change the file ownership permissions of the /home/www directory and all its subdirectories.
- Change the permissions on the /home/www directory to 755,
which allows all users, including the Apache's httpd daemon, to read the
files inside.
[root@bigboy tmp]# useradd -g users www
[root@bigboy tmp]# chown -R www:users /home/www
[root@bigboy tmp]# chmod 755 /home/www
Now we test for the new ownership with the ll command.
[root@bigboy tmp]# ll /home/www/site1/index.*
-rw-rw-r-- 1 www users 48590 Jun 25 23:43 index.htm
lrwxrwxrwx 1 www users 9 Jun 25 18:05 index.html -> index.htm
[root@bigboy tmp]#
Note: Be sure to FTP or SCP new files to your web server as
this new user. This will make all the transferred files automatically
have the correct ownership.
If you browse your Web site after configuring Apache and get a
"403 Forbidden" permissions-related error on your screen, then your
files or directories under your DocumentRoot most likely have incorrect
permissions. Appendix II, "Codes, Scripts, and Configurations," has a
short script that you can use to recursively set the file permissions in
a directory to match those expected by Apache. You may also have to use
the Directory directive to make Apache serve the pages once the file
permissions have been correctly set. If you have your files in the
default /home/www directory then this second step becomes unnecessary.
Security Contexts For Web Pages
Fedora Core 3 introduced the concept of security contexts as part of
the Security Enhanced Linux (SELinux) definition. (See Appendix I,
"Miscellaneous Linux Topics," for details.) A Web page may have the
right permissions, but the Apache httpd daemon won't be able to read it
unless you assign it the correct security context or daemon access
permissions. Context-related configuration errors will give "403
Forbidden" browser messages, and in some cases, you will get the default
Fedora Apache page where your expected Web page should be.
When a file is created, it inherits the security context of its
parent directory. If you decide to place your Web pages in the default
/var/www/ directory, then they will inherit the context of that
directory and you should have very few problems.
The context of a file depends on the SELinux label it is given.
The most important types of security label are listed in Table 20-1.
Or Other System For Server
Chapter 26. Apache HTTP Server Configuration
Red Hat Enterprise Linux provides version 2.0 of the Apache HTTP Server. If you want to migrate an
existing configuration file by hand, refer to the migration guide at
/usr/share/doc/httpd-<ver>/migration.html
or the
Red Hat Enterprise Linux Reference Guide for details.
If you configured the Apache HTTP Server with the
HTTP Configuration Tool in previous versions of Red Hat Enterprise Linux
and then performed an upgrade, you can use the
HTTP Configuration Tool to migrate the configuration file
to the new format for version 2.0. Start the
HTTP Configuration Tool, make any changes to the
configuration, and save it. The configuration file saved will be
compatible with version 2.0.
The
HTTP Configuration Tool allows you to
configure the
/etc/httpd/conf/httpd.conf
configuration file for the Apache HTTP Server. It does not use the old
srm.conf or
access.conf
configuration files; leave them empty. Through the graphical interface,
you can configure directives such as virtual hosts, logging
attributes, and maximum number of connections.
Only modules provided with Red Hat Enterprise Linux can be configured with
HTTP Configuration Tool. If additional
modules are installed, they can not be configured using this tool.
The
httpd and
redhat-config-httpd RPM packages need to be installed
to use the
HTTP Configuration Tool. It also requires the
X Window System and root access. To start the application, go to the
=>
=> =>
or type the command
redhat-config-httpd at a shell prompt (for example, in
an XTerm or GNOME Terminal).
 | Caution |
|---|
| | Do not edit the /etc/httpd/conf/httpd.conf
configuration file by hand if you wish to use this tool. The
HTTP Configuration Tool generates this file after you save your
changes and exit the program. If you want to add additional modules or
configuration options that are not available in HTTP Configuration Tool,
you cannot use this tool.
|
The general steps for configuring the Apache HTTP Server using the
HTTP Configuration Tool are as following:
- Configure the basic settings under the Main
tab.
- Click on the Virtual Hosts tab and configure
the default settings.
- Under the Virtual Hosts tab, configure the
Default Virtual Host.
- If you want to serve more than one URL or virtual host, add the
additional virtual hosts.
- Configure the server settings under the
Server tab.
- Configure the connections settings under the Performance
Tuning tab.
- Copy all necessary files to the DocumentRoot
and cgi-bin directories.
- Exit the application and select to save your settings.
Use the
Main tab to configure the basic server
settings.
Enter a fully qualified domain name that you have the right to use in
the
Server Name text area. This option corresponds
to the
ServerName
directive in
httpd.conf. The
ServerName directive sets the hostname of the Web
server. It is used when creating redirection URLs. If you do not define
a server name, the Web server attempts to resolve it from the IP address of the
system. The server name does not have to be the domain name resolved
from the IP address of the server. For example, you might want to set
the server name to www.example.com when your server's real DNS name
is actually foo.example.com.
Enter the email address of the person who maintains the Web server in
the
Webmaster email address text area. This option
corresponds to the
ServerAdmin
directive in
httpd.conf. If you configure
the server's error pages to contain an email address, this email address
will be used so that users can report a problem by sending email to the
server's administrator. The default value is root@localhost.
Use the
Available Addresses area to define the
ports on which the server will accept incoming requests. This option
corresponds to the
Listen
directive in
httpd.conf. By default, Red Hat
configures the Apache HTTP Server to listen to port 80 for non-secure Web
communications.
Click the
Add button to define additional ports
on which to accept requests. A window as shown in
Figure 26-2 will appear. Either choose the
Listen
to all addresses option to listen to all IP addresses on the
defined port or specify a particular IP address over which the server
will accept connections in the
Address field. Only
specify one IP address per port number. If you want to specify more than
one IP address with the same port number, create an entry for each IP
address. If at all possible, use an IP address instead of a domain name
to prevent a DNS lookup failure. Refer to
http://httpd.apache.org/docs-2.0/dns-caveats.html
for more information about
Issues Regarding DNS and
Apache.
Entering an asterisk (*) in the
Address field is
the same as choosing
Listen to all addresses.
Clicking the
Edit button in the
Available Addresses frame shows the same window as
the
Add button except with the fields populated
for the selected entry. To delete an entry, select it and click the
Delete button.
 | Tip |
|---|
| | If you set the server to listen to a port under 1024, you must be root to
start it. For port 1024 and above, httpd can be
started as a regular user.
|
