Apache Http Server

Installation and configuration

What is a Web server?
The primary function of a web server is to deliver
web pages on the request to clients using the
Hypertext Transfer Protocol (HTTP). This means
delivery of HTML documents and any additional
content that may be included by a document, such as
images, style sheets and scripts.

A user agent, commonly a web browser, initiates
communication by making a request for a specific
resource using HTTP and the server responds with
the content of that resource or an error message if
unable to do so.
2
Most common Web Servers
3
Product Vendor
Web Sites
Hosted
Percent
Apache Apache 409,185,675 61.45%
IIS Microsoft 97,385,377 14.62%
nginx NGINX, Inc. 73,833,173 11.09%
GWS Google 22,931,169 3.44%
2012
The Apache HTTP Server
First version is from 1995.
Developed and maintained by an open
community of developers under the
auspices of the Apache Software
Foundation.
Its available for a wide variety of operating
systems (Windows, Linux, OS X, ).
New versions constantly released (latest
stable version: 2.4.3 ).


4
Apache features
Apache supports a variety of features, many implemented
as compiled modules which extend the core functionality:

Virtual hosting to serve many Web sites using one IP
address
Bandwidth throttling
server-side programming language support (PHP, perl,
python,)
authentication schemes (mod_access, mod_auth,
mod_digest)
Transport Layer Security support (mod_ssl)
proxy module (mod_proxy)
URL rewriter (mod_rewrite)
custom log files (mod_log_config)
...

5
Apache installation
(Mandatory)Enter the following command to
install the Apache 2 web server:



(Recommended)To install its documentation:
6

apt-get install apache2


apt-get install apache2-doc

Apache installation
To know which apache version is installed
type the following command :



7

root@server:~# apachectl -V

Server version: Apache/2.2.16 (Debian)
Server built: Sep 9 2012 21:17:36
Server's Module Magic Number: 20051115:24
Server loaded: APR 1.4.2, APR-Util 1.3.9
Compiled using: APR 1.4.2, APR-Util 1.3.9
Architecture: 32-bit
Server MPM: Worker
threaded: yes (fixed thread count)
forked: yes (variable process count)
Server compiled with....
....
-D DEFAULT_ERRORLOG="logs/error_log"
-D AP_TYPES_CONFIG_FILE="mime.types"
-D SERVER_CONFIG_FILE="apache2.conf"


Apache-doc
This package provides the documentation for
Apache 2. For more details see the apache2 package
description.
http://packages.debian.org/squeeze/apache2-doc

The documentacion is located in html format in
/usr/share/doc/apache2-doc/manual/ and is
available in different languages. The installation
automatically creates an alias /manual for this
directory in our server.


8
Apache-doc
9
Apache-utils
Provides some add-on programs useful for any webserver. These include:

- ab (Apache benchmark tool)
- logresolve (Resolve IP addresses to hostname in logfiles)
- htpasswd (Manipulate basic authentication files)
- htdigest (Manipulate digest authentication files)
- dbmmanage (Manipulate basic authentication files in DBM format)
- htdbm (Manipulate basic authentication files in DBM format)
- rotatelogs (Periodically stop writing to a logfile and open a new one)
- split-logfile (Split a single log including multiple vhosts)

For more details see the apache2 package description.
http://packages.debian.org/squeeze/apache2-utils
10
Apache Configuration Options
In the default installation of Apache 2 on Debian, the main configuration is
located in the /etc/apache2/apache2.conf files, but Apache configuration
directives are loaded from files in a number of different locations, in a
specific order. Configuration files are read in the following order, with
items specified later taking precedence over earlier and potentially
conflicting options:

1. /etc/apache2/apache2.conf
2. Files with .load or .conf extensions in /etc/apache2/mods-
enabled/ directory.
3./etc/apache2/httpd.conf (Blank by default.)
4. /etc/apache2/ports.conf
5. Files within the /etc/apache2/conf.d/ directory.
6. Files within the /etc/apache2/sites-enabled/ directory.
7. .htaccess files in the directory.
11
Installation architecture


12
apache2.conf main configuration file

conf.d Files in this directory are included as part of the global server
configuration and will apply to all virtual hosts
envvars default environment variables for apache2ctl
httpd.conf User configuration. Empty by default
magic Data for mod_mime_magic which determines the MIME type
of files
mods-available directory with modules available
mods-enabled directory with modules currently enabled
ports.conf File with port configuration
sites-available directory with sites available
sites-enabled directory with sites currently enabled
Path to folder installation: /etc/apache2
Apache modules
Modules enhance the characteristics of core Apache http server. For
example:
mod_alias Provides for mapping different parts of the host filesystem
in the document tree and for URL redirection.
mod_auth_basic Provides basic authentication.

To disable a module (for instance mod_alias):

To enable a module:

13
a2dismod alias
a2enmod alias
Listen Directive
IP addresses and ports that the server listens to.
to make the server accept connections on both port 80 and
port 8000, use:


To make the server accept connections on two specified
interfaces and port numbers, use:
14
Listen 80
Listen 8000
Listen 192.170.2.1:80
Listen 192.170.2.5:8000
Syntax: Listen [IP-address:]portnumber [protocol]
Context: server config
ServerName Directive
The ServerName directive sets the request scheme, hostname and port
that the server uses to identify itself. This is used when creating
redirection URLs.

For example, if the name of the machine hosting the web server
is simple.example.com, but the machine also has the DNS
alias www.example.com and you wish the web server to be so
identified, the following directive should be used:



15
ServerName www.example.com:80
Syntax: ServerName [scheme://]fully-qualified-domain-
name[:port]
Context: server config, virtual host
DocumentRoot Directive
This directive sets the directory from which httpd will
serve files.
Unless matched by a directive like Alias, the server
appends the path from the requested URL to the document
root to make the path to the document. Example:



An access to http://127.0.0.1/index.html refers
to /usr/web/index.html.

16
DocumentRoot /usr/web
DocumentRoot Directive
The DocumentRoot should be specified without a
trailing slash.
17
Syntax: DocumentRoot directory-path
Default: DocumentRoot /usr/local/apache/htdocs
Context: server config, virtual host
ServerAdmin Directive
The ServerAdmin sets the contact address
that the server includes in any error
messages it returns to the client.

18
ServerAdmin [email protected]
Syntax: ServerAdmin email-address|URL
Context: server config, virtual host
DirectoryIndex Directive
The DirectoryIndex directive sets the list of
resources to look for, when the client requests an
index of the directory by specifying a / at the end
of the directory name.
19
DirectoryIndex index.html index.php index.jsp
Syntax: DirectoryIndex local-url [local-url] ...
Default: DirectoryIndex index.html
Context: server config, virtual host, directory,
.htaccess
<Directory> Directive
<Directory> and </Directory> are used to enclose a
group of directives that will apply only to the
named directory and sub-directories of that
directory. Any directive that is allowed in a
directory context may be used.

20
<Directory /usr/local/httpd/htdocs>
Options Indexes FollowSymLinks
</Directory>
Syntax: <Directory directory-path> ...
</Directory>
Context: server config, virtual host
Options Directive
The Options directive controls which server features are available in a
particular directory. Most important values are:

None none of the extra features are enabled

All All options except for MultiViews. This is the default setting.

ExecCGI Execution of CGI scripts using mod_cgi is permitted.

FollowSymLinks The server will follow symbolic links in this directory.

Indexes If a URL which maps to a directory is requested, and there is no
DirectoryIndex (e.g., index.html) in that directory, then mod_auto index will
return a formatted listing of the directory.

Multiviews The server is allowed to return the document that best matches
the users request




21
Options Directive
Other options are: IncludesNOEXEC,
SymLinksIfOwnerMatch. For more info see:
http://httpd.apache.org/docs/2.2/mod/core.html#options
22
<Directory /web/mysite>
Options Indexes
</Directory>
Syntax: Options [+|-]option [[+|-]option] ...
Default: Options All
Context: server config, virtual host, directory,
.htaccess
Options Directive
If multiple Options could apply to a directory, then the most
specific one is used and others are ignored; the options are not
merged. However if all the options on the Options directive are
preceded by a + or -symbol, the options are merged. Example:
23
<Directory /web/docs>
Options Indexes FollowSymLinks
</Directory>

<Directory /web/docs/spec>
Options Includes
</Directory>

<Directory /web/docs>
Options Indexes FollowSymLinks
</Directory>

<Directory /web/docs/spec>
Options +Includes -Indexes
</Directory>

only Includes will be set for the /web/docs/spec directory
the options FollowSymLinks and Includes are set for the /web/docs/spec directory
AllowOverride Directive
When the server finds an .htaccess file (as specified by AccessFileName) it needs to
know which directives declared in that file can override earlier configuration
directives. Most important values are:

None .htaccess files are completely ignored.

AuthConfig Allow use of the authorization directives.

FileInfo Allow use of the directives controlling document types

Options Allow use of the directives controlling specific directory features

Indexes Allow use of the directives controlling directory indexing

Limit Allow use of the directives controlling host access

All any directive is allowed

24
AllowOverride Directive
In the example above all directives that are neither
in the group AuthConfig nor Indexes cause an
internal server error.
25
AllowOverride AuthConfig Indexes
Syntax: AllowOverride All|None|directive-
type [directive-type] ...
Default: AllowOverride All
Context: directory
.htaccess file
.htaccess files (or "distributed configuration
files") provide a way to make configuration
changes on a per-directory basis. A file,
containing one or more configuration
directives, is placed in a particular
document directory, and the directives
apply to that directory, and all
subdirectories thereof.
26
Order Directive
The Order directive, along with the Allow and Deny directives,
controls a three-pass access control system.
Allow,Deny
1 all Allow directives are evaluated; at least one must match, or
the request is rejected.
2 all Deny directives are evaluated. If any matches, the request
is rejected.
3 any requests which do not match an Allow or a Deny directive
are denied by default.
Deny,Allow
1 all Deny directives are evaluated; if any match, the request is
denied unless (2) it also matches an Allow directive.
3Any requests which do not match any Allow or Deny
directives are permitted.
27
Order Directive
In the following example, all hosts in the apache.org domain are
allowed access; all other hosts are denied access.



All hosts in the apache.org domain are allowed access, except for
the hosts which are in the foo.apache.org subdomain, who are
denied access. All hosts not in the apache.org domain are denied
access.

28
Order Deny,Allow
Deny from all
Allow from apache.org
Order Allow,Deny
Allow from apache.org
Deny from foo.apache.org
Order Directive


29
Order Deny,Allow
Allow from apache.org
Deny from foo.apache.org
If the Order in the last example is changed to Deny,Allow, all
hosts from apache.org will be allowed access including those
from foo.apache.org
The presence of an Order directive can affect access to a part
of the server even in the absence of accompanying Allow and
Deny directives because of its effect on the default access state
<Directory /www>
Order Allow,Deny
</Directory>
will Deny all access to the /www directory because the
default access state is set to Deny.
Order Directive
Allow,Deny result Deny,Allow result
Match Allow only Request allowed Request allowed
Match Deny only Request denied Request denied
No match Default to second directive:
Denied
Default to second directive:
Allowed
Match both Allow & Deny Final match controls: Denied Final match controls: Allowed
30
Syntax: Order ordering
Default: Order Deny,Allow
Context: directory, .htaccess
Allow/Deny Directive
It affects which hosts can/cant access an area of the
server. the host can be specified in any of the following
formats:

A (partial) domain-name Allow from .net example.edu

A full IP address Deny from 10.1.2.3

A partial IP address Allow from 192.168.2

A network/netmask pair Allow from 10.1.0.0/255.255.0.0

A network/nnn CIDR specification Deny from 10.1.0.0/16
31
Enabling/disabling sites
a2ensite
Will create the correct symlinks in sites-enabled to allow the site
configured in sitefilename to be served
a2dissite
Will remove the symlinks from sites-enabled so that the site configured
in sitefilename will not be served
*Its mandatory to reload apache after making any change

32
root@myserver:~# a2dissite default
Site default disabled.
To activate the new configuration, you need to run:
service apache2 reload
root@myserver:~# a2ensite default
Enabling site default.
To activate the new configuration, you need to run:
service apache2 reload
root@myserver:~# service apache2 reload
[ ok ] Reloading web server config: apache2.
Apache Virtual Host
The term Virtual Host refers to the practice of
running more than one web site (such as
company1.ex.com and company2.ex.com) on a
single machine.
Virtual hosts can be "IP-based", meaning that
you have a different IP address for every web
site, or "name-based", meaning that you have
multiple names running on each IP address.
The fact that they are running on the same
physical server is not apparent to the end user.
33
Name-based Virtual Host
IP-based virtual hosts use the IP address of
the connection to determine the correct
virtual host to serve. Therefore you need to
have a separate IP address for each host.
With name-based virtual hosting, the server
relies on the client to report the hostname as
part of the HTTP headers. Using this
technique, many different hosts can share
the same IP address.
34
IP-based Virtual Host
IP-based virtual hosting is a method to
apply different directives based on the IP
address and port a request is received on.
Most commonly, this is used to serve
different websites on different ports or
interfaces.
35
NameVirtualHost Directive
The NameVirtualHost directive is a required directive if
you want to configure name-based virtual hosts.

With the NameVirtualHost directive you specify the IP
address on which the server will receive requests for the
name-based virtual hosts.
36
NameVirtualHost 111.22.33.44:80
Syntax: NameVirtualHost addr[:port]
Context: server config