Apache
From Linux & Open Source @ NUS
Contents |
Apache
About
The Apache HTTP server is developed by the Apache Team and is probably the most common webserver found on the net today.
./configure Options
Sample ./configure line:
./configure --prefix=/usr/apache --target=i686 --enable-so --enable-mods-shared="rewrite vhost-alias expires header mime-magic user-track auth-anon authz-dbm cern-meta unique-id dav dav-fs dav-lock ssl auth-digest authn-dbd" --with-ssl=/home/benchua/usr/
Some good configuration options to use when compiling Apache
- --enable-mods-shared
- allows you to specify all the modules you want compiled as shared (loadable from configuration file) in one line, so you won't have to do:
- $ ./configure --prefix=/some/dir --enable-so --enable-some-mod --enable-some-other-mod
- --enable-so
- allows the compilation of modules as shared in the first place. Shared modules are good when you want to selectively take out functionality from your webserver (eg. file-based authentication) without having to recompile.
- Modules are loaded like so:
LoadModule dav_module modules/mod_dav.so LoadModule dav_fs_module modules/mod_dav_fs.so LoadModule dav_lock_module modules/mod_dav_lock.so LoadModule auth_digest_module modules/mod_auth_digest.so
- A list of all provided Apache modules can be found here. Look at the Module Identifier string in each module section to find out what to put in the LoadModule directive.
- rewrite , --enable-rewrite
- Allows magic rewriting of incoming urls. Eg. you could transparently redirect all incoming urls of http://example.com/pictures/somepic.jpg into http://example.com/pictures/getpic.php?name=somepic.jpg.
- dav, --enable-dav
- dav-fs , --enable-dav-fs
- dav-loc, --enable-dav-lock
- These 3 in combination add WebDAV functionality to Apache.
- auth-digest, --enable-auth-digest
- Allows userid/password pairs used in authentication with the server to be done using MD5 hashes.
- Apache Basic authentication (enabled by default) sends userids and passwords in cleartext across the network,so if you're looking for something slightly more secure, use Digest
- ssl, --enable-ssl, --with-ssl=/path/to/ssl
- For even more security, use these options to enable SSL support in Apache.
Configuration files
httpd.conf
Some useful directives:
- ServerName
- If you're getting errors like:
httpd: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1 for ServerName
- Then set this directive (anywhere in httpd.conf).
... ServerName BigmetalServer ...
- Listen
- Use this when you want Apache to respond to a specific IP address or port.
- Eg.
... Listen 123.233.221.111:8080 ...
- means respond to only IP address 123.233.221.111 on port 8080, even if the box has multiple network interfaces with multiple IPs.
... Listen 80 ...
- means respond on port 80 on all interfaces
- DirectoryIndex
- Set the default file that Apache will look for and serve in a directory. The default is index.html, but you probably will need somefile.php if you're working with a PHP-based site.
- Multiple files extensions can be chained
... DirectoryIndex index.html index.php firstpage.pl ...
- FileMatch
- Use this directive to effect some control over the filetypes.
- The FileMatch directive takes a regular expression based on filenames that defines the filetypes to effect the rules on.
<FilesMatch "^\.ht">
Order allow,deny
Deny from all
Satisfy All
</FilesMatch>
- This section disallows any user from access files with names beginning with ".ht" (dot included, and escaped in regular expression string)
- Order {allow,deny|deny,allow}
- Defines the order and rules controlling access, usually to a <Directory> or <Files>
- Allow and Deny take either hostnames or IP addresses as parameters
- Eg.
... Order allow,deny Allow 127.0.0.1,137.132.0.0/16 Deny from all ...
- In this case, only the localhost (127.0.0.1) and hosts in the Class B 137.132.0.0 netblock can access this section while all others are denied. Default policy is Deny. Allow is evaluated first, and any host not explicitly matching those criteria are passed on to Deny.
- Eg.
... Order deny,allow Deny 127.0.0.1,137.132.0.0/16 Allow from all ...
- In this case, default policy is Allow. Any host explicitly matching the localhost or the Class B 137.132.0.0 netblock is Deny'(ie)d while the rest are Allow'ed.
Other config files
- Support for public_html in users' home directories
Include conf/extra/httpd-userdir.conf
- Support for WebDAV
Include conf/extra/httpd-dav.conf
- SSL Support
Include conf/extra/httpd-ssl.conf
You can also write your own custom configuration files for specific directories, for example, and have Apache load them when it starts
... Include conf/extra/custom.conf
