====== Apache Webserver ====== =====Apache - Part 1===== Installing the Apache webserver is pretty straightforward. Do not use Apache 2.x, but instead rely on Apache 1.3.x. See the php.org website why. (The Apache 2 architecture is just not safe enough for php in production environments). Stopping the webserver: [root@1038 bin]# pwd /www/bin [root@1038 bin]# ./apachectl stop ./apachectl stop: httpd stopped And starting it: [root@1038 bin]# ./apachectl start ./apachectl start: httpd started N.B.: the Flexserver computer comes with Plesk 7 reloaded installed by default. This control panel program in turn uses Apache 2 in combination with php. Bad! Also note that the compile and build operations for Apache 3.3.33 have resulted in an httpd.conf file which does //not// contain a //ClearModuleList// directive. According to serveral postings on the web, this is actually okay: "PHP works with many different web servers in many different ways, but by far the most popular way to run PHP is as an Apache module with Apache 1.3.x. Full installation instructions for all the different ways to install PHP can be found in the PHP documentation. Here, I cover the Apache module installation." (...) "Note that in many default httpd.conf files you will find AddModule lines. These really aren't necessary. They are only needed if you have a ClearModuleList directive somewhere in your httpd.conf file. **I would suggest simply deleting the ClearModuleList directive and deleting all your AddModule lines.** The idea behind ClearModuleList/AddModule is to make it possible to reorder already loaded modules in case module order is an issue. With most modules, the order that they are loaded -- which governs the order they are called -- is not important. And further, most binary distributions of Apache ship with most modules compiled as dynamically loadable modules, which means that if order is an issue for some reason, you can simply change the order of the LoadModule calls to fix it." http:%%//%%www.cnop.net/article.php?story=20041002040920660 “Changes with Apache 1.3.23” (...) “* Prevent an Apache module from being loaded or added twice due to duplicate LoadModule or AddModule directives (or a missing ClearModuleList directive). [William Rowe, Brian Pane ]” [[http://www.opensource.apple.com/darwinsource/10.1.4/apache-650/apache/src/CHANGES|http://www.opensource.apple.com/darwinsource/10.1.4/apache-650/apache/src/CHANGES]] ====Default Server==== You can use a special kind of virtual server which handles any requests not handled by the standard virtual servers. This is the Default Server. I ran into trouble when trying to configure this Devault Server through Webmin. My Default Server did not follow symbolic links, even though I had configured it to. So I have simply adjusted to global configuration by editing httpd.conf to allow symbolic links: Options FollowSymLinks AllowOverride None ====20051012 Changed default settings for creating alias websites==== In Webmin, "Virtualmin Virtual Servers" > "Server Settings and Templates" > \\ "Server Templates", I have changed the setting //"Create alias websites by" //from //"Creating Redirect virtual host" //to "//Adding ServerAlias to parent".// ===Motivation=== You can have two kinds of aliasing in Webmin. On the Apache side of things they are the following directives: *Redirect: literally redirects the browser to an new url. *ServerAlias: the domain name seems to be mapped to the directory structure of the "real" domain name (which is probably what you usually want). ===Domain Name for your Moodle Installation=== If you're using applications such as Moodle, be sure to tell them your domain name is //not// the parent domain name, but rather the Server Alias is. For Moodle, you do this in the ''**/config.php**'' file: Change: $CFG->wwwroot = 'http://maartenskliniek.solin.nl'; Into: $CFG->wwwroot = 'http://www.e-learning-maartenskliniek-rde.nl'; ===== Apache - Part 2 ===== I have made the following (non-trivial, security related) changes to //httpd.conf//: Options SymLinksIfOwnerMatch AllowOverride None [...] # # This may also be "None", "All", or any combination of "Indexes", # "Includes", "FollowSymLinks", "ExecCGI", or "MultiViews". # # Note that "MultiViews" must be named *explicitly* --- "Options All" # doesn't give it to you. # [DELETED Indexes, O.S.] # Options SymLinksIfOwnerMatch MultiViews # # This controls which options the .htaccess files in directories can # override. Can also be "All", or any combination of "Options", "FileInfo", # "AuthConfig", and "Limit" # AllowOverride None # # Controls who can get stuff from this server. # Order allow,deny Allow from all ===Added MIME type 20050129=== To fix some IE-CSS related problems (hint: //hover//), I have added a mime type to the Global mime types list located in ''**/www/conf/mime.types**'': text/x-component htc See [[http://www.xs4all.nl/~peterned/csshover.html|http://www.xs4all.nl/~peterned/csshover.html]], and [[http://www.hoeben.net/node/view/33|http://www.hoeben.net/node/view/33]] how this relates to IE-CSS hover-problems. ====Adding subdomains==== //20050223// To add a subdomain that is just an alias for your full domain, use the ''**ServerAlias**'' directive. ServerName solin.nl ServerAlias www.solin.nl onderwijs.solin.nl www.onderwijs.solin.nl DocumentRoot /home/solin/public_html ErrorLog /home/solin/logs/error_log CustomLog /home/solin/logs/access_log common ScriptAlias /cgi-bin/ /home/solin/cgi-bin/ Options -Indexes IncludesNOEXEC FollowSymLinks ====User friendly urls through mod_rewrite: Apache 1.3x ==== //20060218// The module ''**mod_rewrite.so**'' promises user friendly urls. To install the module, I have followed the advice posted here: [[http://www.mailarchives.org/list/apache-httpd-users/msg/2003/13765|http://www.mailarchives.org/list/apache-httpd-users/msg/2003/13765]] Here, it says to do a ./configure and ./make: ./configure --prefix=/www --enable-module=so --enable-module=rewrite --enable-shared=rewrite After the subsequent ./make, the ''**mod_rewrite.so**'' can be found in the directory ''**/usr/src/apache_1.3.33/src/modules/standard/mod_rewrite.so**''. Copy the file to ''**/www/modules/mod_rewrite.so**'' and add the following line to httpd.conf: LoadModule rewrite_module modules/mod_rewrite.so Now, restart the webserver, and you should be good to go. ====Installing modules, such as mod_rewrite, for Apache 2.x ==== Installing mod_rewrite under Debian (where I use Apache 2 instead of 1.3x) is even easier. This site explains it all: [[http://http://www.ducea.com/2006/05/30/managing-apache2-modules-the-debian-way/|Managing Apache2 modules the Debian way]]. Debian has two directories: * /etc/apache2/mods-available * /etc/apache2/mods-enabled To enable a module, you need to symlink some files. This is what the Debian tool ''**a2enmod**'' does for you. For instance, to install mod_rewrite, simply type in: a2enmod rewrite Then, restart Apache and you're good to go! /etc/init.d/apache2 force-reload By the way, **Webmin** does not display the loaded Apache modules correctly! Just forget about trying to enable Apache modules through Webmin. ====Securing a web directory with Apache==== First, make a password file and type in a password for a user: [root@1038 public_html]# htpasswd -cm /etc/phpMyAdmin_auth_file onno New password: Re-type new password: Adding password for user onno Leave out the -c parameter if you're using the same password file twice (c = create). Then, restrict access to a directory by specifying the following directives for a given directory: Options -Indexes IncludesNOEXEC Includes FollowSymLinks AuthType Basic AuthName "Access Restricted" AuthUserFile /etc/phpMyAdmin_auth_file Require user onno Don't forget to disable the ''allow from all'' and ''AllowOverride All'' directives: #allow from all #AllowOverride All ====Generating SSL Certificates, SSL CSRs and Installing Certificates ==== First of all, make sure you've got the OpenSSL library (comes with Apache2 by default). Now, Ubuntu has a tool called ''apache2-ssl-certificate'' which you can use to generate a certificate for testing purposes. For a guide to the real deal, a signed certificate, look here: [[https://help.ubuntu.com/8.04/serverguide/C/certificates-and-security.html|Ubuntu: Certificates]]. What it comes down to is this: * Generate a server key (if you don't already have one) and put it in a standard directory: ''/etc/ssl/private/server.key'' openssl genrsa -des3 -out server.key 1024 * Using the pass phrase for the server key, generate a CSR (Certificate Signing Request). Send this file to your CA (Certificate Authority, e.g. Verisign). Please note: the following command will prompt you for some data. When you see: ''Common Name (eg, your name or your server's hostname)'', enter the exact domain name that you want to secure. For instance, if you have a specific subdomain that must be secured, provide the complete url for the subdomain (minus the protocol). E.g.: ''tech.solin.eu''. openssl req -new -key server.key -out server.csr * Copy the certificate file you receive from your CA to a standard directory: ''/etc/ssl/certs/your_certificate.crt'' * Add the directories to your website's configuration file: SSLEngine on SSLCertificateFile /etc/ssl/certs/your_certificate.crt SSLCertificateKeyFile /etc/ssl/private/server.key * It may also be necessary to copy over some 'root' or 'intermediary' certificates from the CA: SSLEngine on SSLCertificateFile /etc/ssl/certs/your_certificate.crt SSLCertificateKeyFile /etc/ssl/private/server.key SSLCertificateChainFile /etc/ssl/certs/AddTrustExternalCARoot.crt SSLCertificateChainFile /etc/ssl/certs/UTNAddTrustServerCA.crt SSLCertificateChainFile /etc/ssl/certs/PositiveSSLCA.crt * Restart the webserver (you can no longer do this through Webmin, because you'll need to provide the pass phrase): ''/etc/init.d/apache2 restart'' === Setting up SSL === To actually use ssl on Apache, you first need to make a few slight adjustments. This is explained here: [[http://www.tc.umn.edu/~brams006/selfsign_ubuntu.html|Setting up SSL: Ubuntu and Apache 2]]. === Log File Rotation Requires Manual Restart === The default log file rotation for Apache requires a restart of the server. This means you have to restart the server manually, since you'll have to provide the pass phrase. You can circumvent this problem by using another log file rotation method. See [[http://httpd.apache.org/docs/2.0/programs/rotatelogs.html|Piped logging program to rotate Apache logs]]. In ''/etc/apache2/apache2.conf'' add: CustomLog "|/usr/sbin/rotatelogs /var/log/apache2/access.log 604800" common ErrorLog "|/usr/sbin/rotatelogs /var/log/apache2/error.log 604800" And then in ''/etc/apache2/sites-available/your_site.conf'': [...] ErrorLog "|/usr/sbin/rotatelogs /home/your_site/logs/error_log 604800" CustomLog "|/usr/sbin/rotatelogs /home/your_site/logs/access_log 604800" combined [...] The number at the end represents the rotation time, here 7 days. ==== Avoiding the default website ==== If you make a typo in site's subdomain, chances are you'll be "redirected" to the first website of the webserver. For instance, if *.solin.nl points to our webserver where 1xmyclient.nl is the first website, "nonexistentsubdomain.solin.nl" will "redirect" to 1xmyclient.nl. To avoid this, simply create a virtualhost called 000aaa.solin.nl which contains an index.html file stating something like "Website not found. Perhaps you made a typing error?". See also [[http://en.gentoo-wiki.com/wiki/Apache2/Virtual_Hosts#Avoiding_the_default_website|this wiki]]. ===== Apache - on your localhost ===== ==== Subdomains ==== The following worked for me under Ubuntu 11.10, using the default Apache2 installation. This solution uses virtual hosts. Add the subdomain to ''/etc/hosts''. E.g.: 127.0.0.1 localhost 127.0.0.1 testclient.localhost #127.0.1.1 my-computer UPDATE: in a recent version of 12.04, a line ''127.0.1.1 my-computer'' was automatically added to the hosts file. Comment out this line! Modify ''etc/apache2/ports.conf'' to explicitly name your localhost ip address: NameVirtualHost 127.0.0.1:80 Listen 80 In all your virtualhosts, add the localhost ip address, the port and the servername directive. ''/etc/apache2/sites-available/default'': ServerAdmin webmaster@localhost ServerName localhost # ... etc ''/etc/apache2/sites-available/testclient'': DocumentRoot /home/onno/testclient.localhost/public_html/ ServerName testclient.localhost Options Indexes FollowSymLinks MultiViews +Includes AllowOverride None Order allow,deny allow from all Of course, don't forget to symlink from sites-enabled to sites-available and restart the webserver after you're done configuring. ==== Symlinks to Other Partitions ==== If apache is on one partition, and your websites are on another partition, you can still use symlinks. There are two things to take into account though. - Include the ''FollowSymLinks'' directive in your virtual host's configuration file (i.e. the site in the ''sites-available'' directory). - Make sure that every directory that is part of the symlinked path is readable and executable. As an example I have a SOLINDATA partition on my local machine containing a ''php'' directory. This partition is accessed through /media/SOLINDATA. My ''/etc/apache2/sites-available'' directory is on another partition. So, I had to do: sudo chmod -R 755 /media ===== Apache 2.4 (Ubuntu 13.10) ===== There are a few minor changes from Apache 2.2 (Ubuntu 12.04 LTS) to Apache 2.4 (Ubuntu 13.10). * All configuration files in the sites-available directory must now end in .conf * You now need a "Require all granted" directive Here's an example configuration file called ''etc/apache2/sites-available/jeelo.conf'': DocumentRoot /home/onno/php/jeelo/public_html ServerName jeelo Order allow,deny Allow from all Require all granted Don't forget to make a symlink in ''etc/apache2/sites-enabled'' and do add your ServerName to ''/etc/hosts''. ===== php Files Are Downloaded as Text Files ===== Add this to apache2.conf: AddType application/x-httpd-php .php And make sure there is no .htaccess file in your webroot which overwrites anything related to php. For instance, in one of my projects, I found this inside the .htaccess file of a customer's virtualhost: # inside .htaccess file: AddHandler application/x-httpd-php55 .php ===== URL Rewriting with Mod Rewrite ===== [[https://www.addedbytes.com/articles/for-beginners/url-rewriting-for-beginners/|URL Rewriting for Beginners]] is an excellent tutorial on this topic. Here's an example I'm using for Moodle, which allows the user to go directly to ''mymoodlesite.com/moodle-as-an-lms'' instead of having to use ''mymoodlesite.com/mod/page/view.php?id=99998''. The browser's address bar will show the user-friendly url as well. RewriteEngine On # Turn on the rewriting engine RewriteRule ^moodle-as-an-lms/?$ /mod/page/view.php?id=99998 [NC,L] RewriteRule ^support-requests/?$ /mod/page/view.php?id=99999 [NC,L] NC: Non Case-sensitive L: Do no apply any other rewrite rules after having applied the current one ==== Add www ==== RewriteEngine On # Turn on the rewriting engine RewriteCond %{HTTP_HOST} !^www\. RewriteRule ^(.*)$ http://www.%{HTTP_HOST}/$1 [R=301,L] This can be used in combination with other rules listed below this one. ==== Keep The Original Query String ==== QSA: Query String Append - keeps the original query string and appends it to the new one. RewriteRule ^language-learning/?$ /mod/page/view.php?id=161 [QSA,NC,L] For example, if your incoming url is: ''myhost.com/language-learning?keyword=french'' then the resulting url will be: ''myhost.com/mod/page/view.php?id=161&keyword=french'' (though the browser will still display the original query string in the address bar). ==== Redirect to Completely New URL ==== RewriteEngine on RewriteRule ^mastersinlean.trainertops.com$ mastersinlean.trainertops.nl [R=301,NC,L] RewriteCond %{HTTP_HOST} ^mastersinlean.trainertops.nl$ RewriteRule ^(.*)$ http://trainingen.mastersinlean.com/$1 [R=301,L]