22. apache www serverApache is a free clone of httpd, a www server. It serves web files to browsers, both over the LAN and over the Internet. You will install apache to allow anonymous http access to files in /home/ftp. This allows users to see the same files whether they use a http browser, or plain old ftp. You can create your HOME pages, and test them, before sending them to your ISP for 24 hour availability. If you are running a web server for internal documents, this server will be for generally public documents (like the quality manual), to be accessed from user's PC's on the LAN (or remotely, where you design access into your networks). Private documents will need additional configuration, or a blocking gatway bridge (firewall) that prevents connection for unrecognised PC's and all proxy servers, who would fetch files for unknown PC's. If your read the docs, you can reconfigure apache to serve different document trees from different IP addresses, eg your LAN IP_ADDR and your Internet IP_ADDR. Normally, you want all document trees to be the same, regardless of how the caller connected. |
http://www.apache.org is their home page, where you will find the source to download. I got arache-1.0.2.tar.gz. You might also find it elsewhere, eg ftp.ast.cam.ac.uk.
tar -zxf apache-1.0.2.tar.gz -C /usr/src cd /usr/src/apache-1.0.2This creates the directory /usr/src/apache-1.0.2 and the files in it.
After installing the files it becomes clear that /usr/local/etc/httpd is a supported installation directory, for some files (eg all files). ie: it is an alias for apache-1.0.2
I decided to keep /usr/local/etc/http as the base dir, but you might like to relocate it. This is easilly done, just edit the httpd.conf file(s).
Clearly /tmp/pkg_ftp is NOT a suitable installation location, because traditionally things in /tmp get deleted. After testing in /tmp/pkgs_ftp you could move the package into /usr/src/apache-1.02, and re-set the httpd link. If /tmp and /usr/src are on the same partition, the mv command will be very quick and safe, otherwise use mc to relocate the files.
You can even pick which disk the files go onto, for performence reasons, or simplicity. The /usr/local/etc/httpd link is a convenience, that saves editing Makefiles and config files. The files apprear to be there, but are actually at the other end of the symbolic link pointer(s).
# Remember usage: cp [something_real] [new_copy] # Remember usage: ln [something_real] [new_fake] # Remember usage: ln -s [something_real] [new_fake] # Remember no check on whether [something real] exists or not! ln -s /usr/src/apache-1.02 /usr/src/apache ln -s /usr/src/apache /usr/local/etc/httpd
You can easily move it around, and you can easily switch to a test version and back, by replacing that link.
# switch from 1.02 to 1.03 to test new release ln -sf /usr/local/apache-1.03 /usr/src/apache ln -sf /usr/local/apache-1.02 /usr/src/apache # and backEditing access.conf is another way of changing these parameters.
ln -s /etc/apache_
By default configuration, apache treats /usr/local/etc/httpd/htdocs as the root directory for www pathnames. You can change it in the configuration file, or make it point to what you want. Some configurations use /etc/apache as a simpler prefix, adjust accordingly.
ln -sf /usr/local/etc/htdocs /home/ftp
Apache will now run (if you compile it and start it, see rc.local). There is no other VITAL configuration to be done, but you should familiarise yourself with the configuration files, and make a few cosmetic changes.
You don't have to do this (I didn't), but some people like it to be /etc/httpd/. If you have to, you can make them happy with:
ln -sf /usr/local/etc/httpd /etc/httpd
Don't get confused, pick one directory as the 'true' location. I chose /usr/local/etc/httpd because that was what I found in the makefile, but the next release might be something else, one of:
Make all the other links point to that location (or phase them out). That location points to the real physical location, eg /hdc2/apache/apache-1.0.2
The physical location can be relocated, anytime you need to reorganise your disks, by keeping the 'one true' location, as a link to _physical_. ie
# /usr/lib/apache -> /hdc2/apache/apache-1.0.2
If you need to conform to some-elses configuration, you make their location exist as a link pointing to yours (/etc/httpd breaks Linux FSSTND, but is very catchy). You might also wish to seperate the source from the binaries. I wasn't bothered.
odd location ideal location current package location /etc/httpd -> /usr/lib/apache -> /hdc2/spache/apache-1.0.2
The files are not oversize, so there is not no benefit from separating the source from the binaries. Other packages may have a 'make install' that copies the binaries to /usr/bin, configuration files to /etc, log files to /var/log, and leaves the source (and .o) files to be deleted.
There isn't a Makefile in the top directory, you will have to look in each subdir (ie apache-1.0.2/src). You don't need to be root to compile it, but you do to start it (because port 80 is a reserved port, that only root can listen on).
Installation is simple but not immediate. You have options to control how http will access your machine, and where files go. These are controlled by text files, not just the binary, so compile it to be sure you can.
The text configuration files are in the apache/conf directory.
I made the following change to ./src/Configuration:
# For SunOS 4 #AUX_CFLAGS= -DSUNOS4 # For Linux -m486 ONLY IF YOU HAVE 486 BINARY SUPPORT IN KERNEL AUX_CFLAGS= -DLINUX
This took less than a second and created a new Makefile and modules.c
This took about 3 minutes, and produced zero warnings.
My ISP server does not allow FTP access to WWW areas (except for me to create my own pages). This is a pain in the neck, as I have to create web pages for each dir, instead of saying, ok ftp and look around.
I intend to set up my server differently, where /home/ftp is visible to browsers.
If you install the RedHat package, you get something different, but by following these instructions, you will be able to choose exactly what you want.
This makes it easy to switch to and from a different version of apache, or to 'install' the binaries and delete the source files. Use the command:
ln -s /usr/local/apache-1.0.2/. /usr/local/etc/httpdThis means that the ./cgi-bin/. scripts will be taken from there, as well as the ./conf/. files and ./logs/. files etc.
ln -s /home/ftp /usr/local/etc/httpd/htdocs -or- ln -s /home/ftp /usr/local/apache-1.0.2/htdocs
htdocs is the 'apparent' root of the www directories. Files in this directory are visible over the www. You don't have to create the link, you could edit conf/access.conf instead.
By removing this directory, and creating a link to the /home/ftp directory, apache will think that /home/ftp is the root of visible pages. If you wish, you can collect www files into a www subdir.
cd /home/ftp mkdir www chown gps /home/ftp/www chmod 755 /home/ftp/wwwYou should create /home/ftp/index.html as a "welcome to this machine" page. If apache doen't find an index.html, it generates one, as a ftp style list of files in the directory.
Your URL's will be relative, but when people keep bookmarks, they will appear as http://host.isp.com/www/my_page.html. If you later decide to make www the root directory for httpd, you can simply create www/www as a symbolic link to '.', until everybody updates their bookmarks (forever).
The chown gps, is simply to allow a specific user to control the www directory. 755 or 777 doesn't matter to httpd, as it should never write there, it just depends on your local users - ie grant yourself access by chown or chgrp.
My ISP gives me a root directory that looks like /trix from some angles, so to confuse myself even more I mimic it just in case!.
cd /home/ftp ln -s . trix cd /home/ftp/wwwThis allows me to use the same pathnames in page-hit counters, quoting /trix/index.html as the page name. It's easier than thinking.
Don't do this until you need to:
Files in this $HOME/public_html will be available as http://trix/ gps/filename. Note that they won't be available over ftp, unless you do something.
mkdir -p /home/ftp/www/gps chown gps /home/ftp/www/gps ln -s /home/ftp/www/gps /home/gps/public_html -or- ln -s /home/ftp /home/gps/public_html
The ftp daemon uses chroot to prevent itself from accessing files outside of /home/ftp. This is why /home/ftp/etc/passwd exists - the real /etc/passwd is not available, and programs (eg ls) need it for user names.
A symbolic link link within /home/ftp to outside, won't work! (for ftp) It will get interpreted as though /home/ftp was root '/', staying inside /home/ftp and not what you intended.
Apache doesn't use chroot, instead it does it's own protection, from straying, by STARTING in the htdocs directory. Any symbolic links encountered will get followed within the system as a whole, and not be constrained. Don't use
ln -s / /home/ftp/root # No, NoUnless you want apache to allow browsing of all of your system! Note that standard file permissions still apply, and apache is supposed to run as a plain user, however this is still a head start to many hackers, who can search your system for weaknesses and hints.
You should scan your machine for any symbolic links in /home/ftp/www and also in /home/username/public_html, to make sure that someone isn't exporting /. (They still have acces permissions of the 'nobody' user, but the less they know, the harder it is to crack).
To use chroot, (to be sure that users don't go outside /home/ftp), you would chroot /home/ftp and start httpd. Very few people would do this, as it (usually) involves creating copies or links of the libc.so files, and anything that the cgi uses.
The conf directory appears as /usr/local/apache-1.0.2/conf/. and /usr/local/etc/httpd/conf/.
You want to copy and edit all the -dist files making several changes, to match your system. Keep all the /usr/local/etc pathnames as they are, but change details like the webmaster email address, and so on. (Actually that's the only change you need to make, and if you don't people will soon find a way to you via postmaster, root, or whatever you put in your pages.
cd /usr/local/etc/httpd/conf/. cp -p access.conf-dist access.conf vi access.conf ... etc ...
ServerAdmin webmaster@trix.dircon.co.uk ServerRoot /usr/local/etc/httpd (unchanged) # BindAddress * -or- only allow LAN access not Internet access ErrorLog (you decide) # ServerName (leave commented out for the default) # CacheNegociatedDocs (would effect your page hit count!)
DocumentRoot /usr/local/etc/httpd/htdocs UserDir public_html (or www in users home dir)
Remember to run newaliases after adding the following entry. You could also alias it to postmaster, to yourself.
webmaster: gps
This tells the server how to handle files, eg those in ftp like browsing. You can allow apache to recognise DOS truncated filenames by editing the following line:
text/html html htm
Edit rc.local to call /usr/local/etc/httpd/conf/rc.apache, and create rc.apache, so that the following is run every time you boot:
echo "Starting Apache ..." /usr/local/etc/httpd/src/httpd -f /usr/local/etc/httpd/conf/httpd.confRun rc.apache now to see that is is correct, (don't reboot).
So far this has been keeping everything in /usr/local/etc/http. By doing so, all the pre-supplied config files needed vary little editing. If /usr/local/etc/http is a symb-link to /usr/src/apache/ you can easily switch versions and sets of configuration files.
Now that you have something that works, you may wish to start again, and do it completely differently. This time you decide where the files will go, and what they are called. It is no more work to prepare customised config files, that adapt apache to your system, than it is to adopt those files unchanged, and adapt your file system to apache.
At this point you have a dozen options, all of which make sense for different reasons. Write down what you want, and make apache conform to that. Try to figure out what the Linux FSSTND is, and how you may prefer to have things a non standard way. Do you want all log files and config files together? or in /var/log.
Re-reading this, I think I'll check with ReadHat and Debian, then use something like /etc/Apache, and /home/ftp, or links to that effect.
Don't forget about SSL, the secure sockets layer, which can be plugged into apache, to feed authenticated and encrypted connections (which will be slower because the client isn't supposed to cache the pages).