Typically Apache is run as the httpd service
- Typically configuration files are at ...
- /etc/httpd/...
- Default file serving directory is ...
- /var/www/html
| |
- Related
- Linux
- Setting Up Password Protected Web Pages
- Virtual Hosting
- Elsewhere
|
Fancy Indexing, customizing directory file listings
# cat .htaccess
Options +Indexes
<IfModule mod_autoindex.c>
IndexOptions FancyIndexing NameWidth=*
AddDescription "GZIP tar archive" .tgz .tar.gz
AddDescription "RedHat Package" .rpm
AddDescription "Debian Package" .deb
IndexIgnore RCS CVS *,v *,t .DS_Store *.log
IndexIgnore .??* RCS CVS *,v *,t .DS_Store
</IfModule> |
Elsewhere |
Error page instead of Index Page for root folders
In some versions of Linux, Apache is preconfigured to disable
Indexes for the root folder. Often the directive in NOT in
httpd.conf but in welcome.conf# pwd
/etc/httpd
# diff conf.d/welcome.conf
7,10c7,10
< <LocationMatch "^/+$">
< Options -Indexes
< ErrorDocument 403 /error/noindex.html
< </LocationMatch>
---
> #<LocationMatch "^/+$">
> # Options -Indexes
> # ErrorDocument 403 /error/noindex.html
> #</LocationMatch>
2 GByte file limitation
Apache does not handle serving files larger than 2 GBytes. If Options Indexes is
enabled, large files will simply not show in the list.
- Allegedly an upcoming release may soon support large files.
But wait! Should it? Apache is suited well for serving web pages.
Web pages typically are comprised of small files to allow quick download and viewing.
Files larger than a GByte should use something other than Apache as means of distribution.
Web browsers also do not handle large file downloads well (file size > 2 GBytes).
Transfering large files is really the domain of low-level operating system functions.
Modern operating systems allow mounting remote volumes and interacting
with very large files at the file system level.
- NFS works well for non-windows systems
- SMB (Samba) works well for Windows systems
- other?
|
|
Related |
Preventing unresolved ServerName at startup
You may need tweak httpd.conf
so that ServerName is set (i.e. ServerName dev) before running
/etc/rc.d/init.d/httpd restart
Apache 2.0.X (now the default with RH 8.0) may not have cgi enabled by
default. To test ...
- http://localhost/cgi-bin/test-cgi
.../httpd.conf tweaks to enable default directory
<Directory "/usr/local/apache2/htdocs">
Options Indexes FollowSymLinks ExecCGI
AllowOverride None
Order allow,deny
Allow from all
</Directory>
# To use CGI scripts outside of ScriptAliased directories:
# (You will also need to add "ExecCGI" to the "Options" directive.)
AddHandler cgi-script .cgi
AddHandler cgi-script .pl
- Restricting Access - denying requests based on origin
Limit page access to local 192.168.*.* network ...
<Directory "/var/www/html/phpMyAdmin/">
# AllowOverride None
# Options ExecCGI Indexes
Order allow,deny
Allow from 192.168
# AddHandler cgi-script .pl
# AddHandler cgi-script .cgi
</Directory>
Secure Serving - enabling https support
| Typically Apache standard install (e.g. RedHat CD) is already set up for
this. However, the mod_ssl RPM must also be present for Apache to properly
handle https requests (typically using port 443). Classic symptom of this is connection failed
messages. Note - unless additional certificate setup is performed, secure pages
will generate a unknown certificate a warning prompt with most web browsers. |
# yum list \*mod_ssl\*
...
Available Packages
mod_ssl.i386 1:2.0.52-38.ent.centos update
...
# rpm -qa > now; diff rpm.txt now
149d148
< httpd-suexec-2.0.52-32.ent.centos4
162a162,163
> httpd-suexec-2.0.52-38.ent.centos4.2
> mod_ssl-2.0.52-38.ent.centos4.2
313d313
< httpd-2.0.52-32.ent.centos4
326a327,328
> distcache-1.4.5-6
> httpd-2.0.52-38.ent.centos4.2
# chkconfig --list > now; diff chkconfig.txt now
14a15
> dc_server 0:off 1:off 2:off 3:off 4:off 5:off 6:off
36a38
> dc_client 0:off 1:off 2:off 3:off 4:off 5:off 6:off
# pwd
/etc/httpd/conf.d
# rcsdiff ssl.conf
88c88,93
< <VirtualHost _default_:443>
---
> <VirtualHost *:443>
>
> # this is also default if domain is not matched below
> ServerName www.missioncitydesign.com
> DocumentRoot /public/mcd
250a256,259
> # Ok, SSL needs different IP address/domain, unlike standard port 80 hosted sites.
> # Secondly, likely the IP address in the certificate must be the actual
> # public world routable IP address, so using NAT addressed virtual SSL
> # host will probably cause a certificate warning. |
- The Art of Secure Key Registration
# cd /etc/httpd/conf/ssl.scr
# openssl req -new -nodes -keyout private.key -out public.csr
US
California
Santa Clara
ZAP TECHNOLOGIES
IT Staff
secure.zaptech.com
support@zaptech.com
password
# openssl rsa -in private.key -des3 -out private_hash.key
# rm private.key
# cat public.csr
Submit key to a key registrat like Verisign.
Await their email with the contents to use when creating a public_20030821.crt file
# vi public.crt_20030821 extended name reminds us when this certificate expires
# vi .../httpd.conf
edit SSLCertificateFile
edit SSLCertificateKeyFile
# service httpd restart
password
#
Stay tuned for details about how to setup a custom Certificate Authority server. |
- Elsewhere
|
Apache - Virtual Hosting
This particularly powerful configuration of Apache allows a single system to
act like several completely seperate web servers. This is a very economical
solution for ISP's to provide hosting for multiple customers with a single
machine. The setup of this is a bit tricky.
Apache - ProxyPass and other fun
Recent versions of Apache offer a built in pass through feature.
This pass through feature can be configured to trap certin URL's
and spawn requests to other serivices (e.g. ftp, http, ssh, ...) and then
feed the response to the second request back to the original requestor.
This is quite handy
to allow Tomcat service (typically lives on port 8080) to be invoked
when a certain request is made to httpd (typically lives on port 80).
Typically ProxyPass adjustments are the only proxy
directives that need to be altered for most situations -
ALL other proxy directives should remain off. |
|
# diff -r1.1 httpd.conf
238c241
< #LoadModule proxy_module modules/libproxy.so
---
> LoadModule proxy_module modules/libproxy.so
303c306
< #AddModule mod_proxy.c
---
> AddModule mod_proxy.c
986,988c1245,1262
< #<IfModule mod_proxy.c>
< #ProxyRequests On
---
> <IfModule mod_proxy.c>
> # Other proxy directives seem to work fine when ProxyRequests Off.
> # Indeed, the only reason to enable ProxyRequests is to provide
> # an open Proxy to the public. Once an open proxy is discovered
> # by others, it will inevidably be followed by a storm of requests
> # that will waste bandwidth. Bandwidth loss typically becomes
> # severe enough to affect responsiveness of services on the open
> # proxy server. Therefore, if ProxyRequests in enabled, it is
> # best to limit its use to a known and trusted network.
> ProxyRequests Off
>
> # .../devpanther/ <- http://devpanther.local.zaptech.org/
> ProxyPass /devpanther/ http://192.168.1.226/
>
> # .../kt/ <- http://devpanther.local.zaptech.org/kt/
> ProxyPass /kt/ http://192.168.1.226/kt/
>
> # .../public/ <- http://devx.local.zaptech.org/rescue/
> ProxyPass /public/ http://192.168.1.221/rescue/
1014c1288
< #</IfModule>
---
> </IfModule>
|
Apache - Test an http server using just telnet!
$ telnet google.com
GET / HTTP/1.1
Host: www.google.com
[ blank return ]
...
Apache - Legacy
Linux versions before RedHat Linux 7.3 used slightly different configuration
conventions. For the most part little has changed and older information may still be
handy when maintaining a legacy system.
The default directory Apache serves web pages from is ...
- /home/httpd/html
You may want to peruse the configuration files ...
- /etc/httpd/conf/srm.conf
(has most of the neeto bits)
- /etc/httpd/conf/access.conf
- /etc/httpd/conf/httpd.conf
|
