208.1. Implementing a web server
208.1 Implementing a webserver
Weight:4
Description:Candidates should be able to install and configure a web server. This objective includes monitoring the server’s load and performance, restricting client user access, configuring support for scripting languages as modules and setting up client user authentication. Also included is configuring server options to restrict usage of resources. Candidates should be able to configure a web server to use virtual hosts and customize file access.
KeyKnowledgeAreas:
Apache 2.4 configuration files, terms and utilities
Apache log files configuration and content
Access restriction methods and files
mod_perl and PHP configuration
Client user authentication files and utilities
Configuration of maximum requests, minimum and maximum servers and clients
Apache 2.4 virtual host implementation (with and without dedicated IP addresses)
Using redirect statements in Apache’s configuration files to customize file access
TermsandUtilities:
access logs and error logs
.htaccess
httpd.conf
mod_auth_basic, mod_authz_host and mod_access_compat
htpasswd
AuthUserFile, AuthGroupFile
apachectl, apache2ctl
httpd, apache2
WhatisTheWebServer?
A Web server is a program that uses HTTP (Hypertext Transfer Protocol) to serve the files that form Web pages to users, in response to their requests, which are forwarded by their computers' HTTP clients. Dedicated computers and appliances may be referred to as Web servers as well.
There are some considerations in choosing a Web server include how well it works with the operating system and other servers, its ability to handle server-side programming, security characteristics, and the particular publishing, search engine and site building tools that come with it.
Leading Web servers include Apache (the most widely-installed Web server), Microsoft's Internet Information Server (IIS) and nginx (pronounced engine X) from NGNIX. Other Web servers include Novell's NetWare server, Google Web Server (GWS) and IBM's family of Domino servers.
Apache
The Apache HTTP Server Project is an effort to develop and maintain an open-source HTTP server for modern operating systems including UNIX and Windows. The goal of this project is to provide a secure, efficient and extensible server that provides HTTP services in sync with the current HTTP standards.
The Apache HTTP Server ("httpd") was launched in 1995 and it has been the most popular web server on the Internet since April 1996. It has celebrated its 20th birthday as a project in February 2015. The Apache HTTP Server is a project of The Apache Software Foundation. The current version of apache is version 2.0.
httpd.conf
Apache configuration file(s) are stored differently in different distributions, but they are mostly the same thing. There is one standard configuration file which might be broked to many pieces.
apache
Redhat / CentOS
Debian / Ubuntu
Package Name
httpd
apache2
Configuration Files Location
/etc/httpd
/etc/apache2
Configuration files are broken up in differently in Redhat or Debian :
apache on Ubuntu
ok.Lets install apache2 on ubuntu first:
the main configuration file httpd.conf:
Wow that is a big configuration file but it gives us good information about how apache include other directories and configuration files.
and see how 000-default.conf configuration file looks like:
apache on CentOS
In centOS there are some minor differences:
and the main configuration file in CentOS /etc/httpd/httpd.conf :
If want to load some thing we should put it in conf.d with ".conf" extention. No symbolic linking. So While in ubuntu we can enable / disable some thing with symbolic links, In centos we have to rename the configuration file and use any thing except ".conf" ath the end of file name to disable it.
You can see that the configuration files are the same although in ubuntu its some how classified but in centos all configurations have been wrapped up in one big file.
Another point is that in ubuntu apache service "apache2" is enabled and started right after installation but in centos we have to enable and start apache service "httpd" .
Some of common directives which we have to know are:
ServerRoot : Is what defines the base directory that all of configurations, modules, ... for our apache instance is configured to be. It can be changed but it needs to update specific links or directories with reference that start with /etc/httpd .
Listen: It can do two things for us. it allows us to define the port which apache service listen on(by default 80tcp). Also it allows us to bind a service to a specific IP Address on the system.
DocumentRoot: Determine the base directory that all contents are served from. bedefault it is
/var/www/. We can change it but if we have selinux enbaled in our system, there are some consideration about that .(beyond the scope of LPIC2, LPIC3)
to check if it works, use same html file below:
LogLevels : There are two log files by default which every site writes to. They are in
/var/log/apache2(ubuntu) or in/var/log/httpd(CentOS)Access Log: Contains all information about whose accessing the web sever, IP address , user agent and number of other things.
ErrorLog : Determines and displays errors that are related to files missing, or some one who tries to log in to secure directory with a wrong password
LogLevel can have several different values that we can set it for, debug, info, notice, warn, error, crit, alert, emerg \(default : warn\) it depends what we are doing.
All the thing we have seen till now were . Directives are lines ,(can be within a section ),in the configuration file that contains one or more values define our use in the configuration .
Directory Section: sections have directives in them that tell the site how to eather protect or display the type of content in any messages about what can be viewed or what cannot be viewed.
We can restrict access to directories with “Allow” and “Deny” options . Here is an example, This will make root dierctory secure:
Options “None” – This option will not allow users to enable any optional features.
Order deny, allow – This is the order in which the “Deny” and “Allow” directives will be processed. Here it will “deny” first and “allow” next.
Deny from all – This will deny request from everybody to the root directory, nobody will be able to access root director
Apache Modules
What has made apache web server so powerful and popular is its modules. Apache is designed modular and we can add or remove modules based on our needs.
apache deals with html files, so if we have used other languages like "php" we have to install required module.
installing php module
For demonstaration we use Ubuntu here. Lets search and install php module for apache:
congratulations, from now on we can use index.php in /var/www/ directory. Now lets do more investigation on how php module has became available:
In CentOS all available modules are exist in /etc/httpd/conf.modules.d folder.
these modules can be loaded if related ".conf" file exist in modules.conf.d :
because every ".conf" file is included by /etc/httpd//conf/httpd.conf file:
Now lets install php module on CentOS:
and the configuration files:
now we can put a php file in /var/www/html and chek it!
Installing Perl Module
First start with ubuntu:
after finishing installation:
as perl scripts are almost server side script (means they need to be processed on the server based on client condition and then turns back to the client) we need to make a directory to keep perl scripts inside:
and now add some confogurations to /etc/apache2/apache2.conf :
and then put perl script in /var/www/perl:
and check it out!
Now lets install Perl module on cetOS:
Ok as we mentioned above, perl scripts are processed in server side so we need to make a place for scripts an then configure httpd service to deal with:
and add bellow part to httpd.conf:
next we need to restart httpd service and then add a perl script like this to test:
a sample perl script could be like this:
check it out!
a2enmod , a2dismod
Apache provides easiest way to enable and disable apache modules by using simple commands.
a2dismod is an inbuilt script that disabling the given module from an apache configuration file by removing symlinks.
a2dismod [module name]
a2enmod is an inbuilt script that enabling the given module in apache configuration file by creating symlinks.
a2enmod [module name]
MPM Modules
MPM stands for Multi Processing Modules, actually Apache follows some mechanism to accept and complete web server requests. In practice, MPMs extend the modular functionality of Apache by allowing us to decide how to configure the web server to bind to network ports on the machine, accept requests from clients, and use children processes (and threads, alternatively) to handle such requests.
Apache offers three different MPMs to choose from, depending on our needs (Beginning with version 2.4):
prefork
worker
event
The prefork MPM uses multiple child processes without threading. Each process handles one connection at a time without creating separate threads for each. Without going into too much detail, we can say that you will want to use this MPM only when debugging an application that uses, or if our application needs to deal with, non-thread-safe modules like mod_php.
The worker MPM uses several threads per child processes, where each thread handles one connection at a time. This is a good choice for high-traffic servers as it allows more concurrent connections to be handled with less RAM than in the previous case.
Finally, the event MPM is the default MPM in most Apache installations for versions 2.4 and above. It is similar to the worker MPM in that it also creates multiple threads per child process but with an advantage: it causes KeepAlive or idle connections (while they remain in that state) to be handled by a single thread, thus freeing up memory that can be allocated to other threads. This MPM is not suitable for use with non-thread-safe modules like mod_php, for which a replacement such a PHP-FPM must be used instead.
To check the MPM used by our Apache installation use httpd -V (CentOS):
or apache2ctl -V (ubuntu):
Here we see how ubuntu mpm modules work:
as we have installed php module, apache server load prefork mpm. lets take alook at mpm_prefork.conf file:
now that we have a good back ground about mpm modules we can easily change mpm module either by removing or creating symbolic links in mods-enabled or we can use a2dismod mpm_prefork and a2enmod mpm_worker commands. But do not forget that php just works with prefork.
Using Authentication for security
Some times we want to limit access to a specific web directory in order to protect it against the outside world.In order to make a folder password protected we need a tool to generate username and passwords and that is seperate from system authentication. htpasswd is a tool and that is part of apache2-utils package which usually is installed. But before that we have to tell apache that a directory is password protected and then create credentials.
We use Ubuntu for this demonstartion, lets start with default site:
Lets add some parts in the default site:
Now it is time to create user name and password using htpasswd:
to add more users to existing file use htpasswd command without -C switch.
And finally we need to restart apache service inorder our changes take affect, for that we can weather use apache daemon special tool call apache2ctl or restart the service like always.
apache2ctl
apache2ctl is a part of apache2-utils and usually is installed with the main package, if not installe it:
Now lets creat sample index.html file inside /var/www/html/protected directory wich we defined in configuration file before:
and finally we used elinks to check the result elinks http://localhost/protected:
this was one way for protecting specific location in our web server and requiring basic authentication but there is another way which is using ".htaccess" file in a directory itself.
.htaccess
Alternative method to secure content of a directory is using htaccess file, which is simpler and need less modifications inside the main configuration file. The idea is using a seperate file called "htaccess" inside the directory which we need to be protected and then putting sort of configurations inside that (.htaccess). Then modify appache configuration file(apache2.conf / httpd.conf ) or our web site (000-default.conf) to let htaccess confoguaration be played.
Lets create second directory and create ".htaccess" file insude that:
Now lets configureour default web site confoguration file inorder to let setting inside ".htaccess" over ride main configs:
and finnaly restart the service and check it:
Redirection
Redirects are used whenever a site needs people requesting one address to be directed to another address. There are many situations where we may find ourselves in this position.
Moving to a Different Domain
Expanding to Capture Similar Domains
Creating a Persistent Experience In Spite of Page Name Changes
Forcing SSL
Redirect Methods:
Temporary Redirects : Temporary redirects are useful if our web content for a certain URL temporarily needs to be served out of a different location. For example, if we are performing site maintenance. Temporary redirects inform that browser that the content is temporarily located at a different location, but that they should continue to attempt to access the original URL.
Permanent Redirects : Permanent redirects are useful when our content has been moved to a new location forever.This is useful for when we need to change domains or when the URL needs to change for other reasons and the old location will no longer be used.This redirect informs the browser that it should no longer request the old URL and should update its information to point to the new URL.
How to Redirect in Apache
Apache can redirect using a few different tools. The simplest ways are accomplished with tools from the "mod_alias" module, but more extensive redirects can be created with "mod_rewrite".
Using the Redirect Directive
In Apache, we can accomplish simple, single-page redirects using the "Redirect" directive, which is included in the "mod_alias" module. This directive takes at least two arguments: the old URL and the new URL.
In its simplest form it would be like this:
This redirect instructs the browser to direct all requests for "http://localhost/protected" to "http://localhost/redirected". This is only for a single page, not for the entire site
If we want e to create a permanent redirect, we can do so in either of the following two ways:
As with the "Redirect" directive, you can specify the type of redirect by adding the redirect code before the URL location rules.
Using the RedirectMatch Directive
To redirect more than a single page, we can use the "RedirectMatch" directive, which allows us to specify directory matching patterns using regular expressions.This will allow us to redirect entire directories instead of just single files.
For example, if we wanted to match every request for something within the "/images" directory to a subdomain named "images.example.com", we could use the following:
RedirectMatch matches patterns in parenthesis and then references the matched text in the redirect using "$1", where 1 is the first group of text. Subsequent groups are given numbers sequentially.
Using mod_rewrite to Redirect
The most flexible, but complicated way to create redirect rules is with the module called "mod_rewrite". This is outside of the scope of this article , but you can learn it from here.
Apache Virtual Hosting
Apache is a very powerful, highly flexible and configurable Web server. One more feature of Apache is Virual hosting which allows us to host more than one website on a single Linux machine. Implementing virtual hosting with Apache web server can help us to save costs you are investing on our server maintenance and their administration.
Types of Virtual Host
There are two types of virtual hosting is available with Apache:
Name Based Virtual Hosting
With the name based virtual hosting we can host several domains/websites on a single machine with a single IP. All domains on that server will be sharing a single IP. It’s easier to configure than IP based virtual hosting, we only need to configure DNS of the domain to map it with its correct IP address and then configure Apache to recognize it with the domain names.
IP Based Virtual Hosting
With the IP based virtual hosting, we can assign a separate IP for each domain on a single server, these IP’s can be attached to the server with single NIC cards and as well as multiple NICs.
For demontration we use ubuntu, (in CentOS all the thing would be configured in one single httpd.conf file)
Simple Virtual directory in the defualt web site confoguration is like this:
"*" indicates that this virtual directory is listening to all ip addresses which are available on this server on port "80"
"ServerName" has been commented out but it could specifies which header should be serverd by this virtual directory as it is a default site it is used to serverd all kinds of requests if apropriate virtula directory hasn't been configured.
"DocumentRoot" is a defualt directory which is used as a defualt.
First lest create two directories with simple html file in each of them :
Lets add secondary ip address to the existing NIC:
and finally cheat on dns sever by configuring host file to resolve example1.com and example2.com :
then make sure every thing is okey by pinging example1.com(192.168.10.128) and example2.com(192.168.10.133).
Now lets go to available sites and configure two web sites configuration files like this(Name Based Virtual Hosting):
If we go to available web sites directory we would see that there is no link for example1 and example2 web sites.
a2ensite
a2ensite is a script that enables the specified site (which contains a <VirtualHost> block) within the apache2 configuration. It does this by creating symlinks within /etc/apache2/sites-enabled. Likewise, a2dissite disables a site by removing those symlinks. It is not an error to enable a site which is already enabled, or to disable one which is already disabled.
and lets disable default web site with a2dissite:
and its time to test it:
In CentOS most of configuration is done in httpd.conf file, and Virtual Hosting Configuration would be like this:
That's all!
Last updated