Apache Webserver

Apache - Part 1

Installing the Apache webserver is pretty straightforward. Do not use Apache 2.x, but instead rely on Apache 1.3.x. See the php.org website why. (The Apache 2 architecture is just not safe enough for php in production environments).

Stopping the webserver:

[root@1038 bin]# pwd
/www/bin
[root@1038 bin]# ./apachectl stop
./apachectl stop: httpd stopped

And starting it:

[root@1038 bin]# ./apachectl start
./apachectl start: httpd started

N.B.: the Flexserver computer comes with Plesk 7 reloaded installed by default. This control panel program in turn uses Apache 2 in combination with php. Bad!

Also note that the compile and build operations for Apache 3.3.33 have resulted in an httpd.conf file which does not contain a ClearModuleList directive. According to serveral postings on the web, this is actually okay:

PHP works with many different web servers in many different ways, but by far the most popular way to run PHP is as an Apache module with Apache 1.3.x. Full installation instructions for all the different ways to install PHP can be found in the PHP documentation. Here, I cover the Apache module installation.” (…)

“Note that in many default httpd.conf files you will find AddModule lines. These really aren't necessary. They are only needed if you have a ClearModuleList directive somewhere in your httpd.conf file. I would suggest simply deleting the ClearModuleList directive and deleting all your AddModule lines. The idea behind ClearModuleList/AddModule is to make it possible to reorder already loaded modules in case module order is an issue. With most modules, the order that they are loaded – which governs the order they are called – is not important. And further, most binary distributions of Apache ship with most modules compiled as dynamically loadable modules, which means that if order is an issue for some reason, you can simply change the order of the LoadModule calls to fix it.”

http://www.cnop.net/article.php?story=20041002040920660

“Changes with Apache 1.3.23”	(...)
“* Prevent an Apache module from being loaded or added twice due
     to duplicate LoadModule or AddModule directives (or a missing
     ClearModuleList directive).
     [William Rowe, Brian Pane <bpane@pacbell.net>]

http://www.opensource.apple.com/darwinsource/10.1.4/apache-650/apache/src/CHANGES

Default Server

You can use a special kind of virtual server which handles any requests not handled by the standard virtual servers. This is the Default Server. I ran into trouble when trying to configure this Devault Server through Webmin. My Default Server did not follow symbolic links, even though I had configured it to.

So I have simply adjusted to global configuration by editing httpd.conf to allow symbolic links:

<Directory />
    Options FollowSymLinks
    AllowOverride None
</Directory>

20051012 Changed default settings for creating alias websites

In Webmin, “Virtualmin Virtual Servers” > “Server Settings and Templates” >
“Server Templates”, I have changed the setting “Create alias websites by” from “Creating Redirect virtual host” to ”Adding ServerAlias to parent”.

Motivation

You can have two kinds of aliasing in Webmin. On the Apache side of things they are the following directives:

  • Redirect: literally redirects the browser to an new url.
  • ServerAlias: the domain name seems to be mapped to the directory structure of the “real” domain name (which is probably what you usually want).

Domain Name for your Moodle Installation

If you're using applications such as Moodle, be sure to tell them your domain name is not the parent domain name, but rather the Server Alias is. For Moodle, you do this in the /config.php file:

Change:

$CFG->wwwroot   = 'http://maartenskliniek.solin.nl';

Into:

$CFG->wwwroot   = 'http://www.e-learning-maartenskliniek-rde.nl';

Apache - Part 2

I have made the following (non-trivial, security related) changes to httpd.conf:

<Directory />
    Options SymLinksIfOwnerMatch
    AllowOverride None
</Directory>
 
[...]
 
<Directory "/www/htdocs">
 
#
# This may also be "None", "All", or any combination of "Indexes",
# "Includes", "FollowSymLinks", "ExecCGI", or "MultiViews".
#
# Note that "MultiViews" must be named *explicitly* --- "Options All"
# doesn't give it to you.
# [DELETED Indexes, O.S.]
#
    Options SymLinksIfOwnerMatch MultiViews
 
#
# This controls which options the .htaccess files in directories can
# override. Can also be "All", or any combination of "Options", "FileInfo", 
# "AuthConfig", and "Limit"
#
    AllowOverride None
 
#
# Controls who can get stuff from this server.
#
    Order allow,deny
    Allow from all
</Directory>

Added MIME type 20050129

To fix some IE-CSS related problems (hint: hover), I have added a mime type to the Global mime types list located in /www/conf/mime.types:

text/x-component	htc

See http://www.xs4all.nl/~peterned/csshover.html, and http://www.hoeben.net/node/view/33 how this relates to IE-CSS hover-problems.

Adding subdomains

20050223

To add a subdomain that is just an alias for your full domain, use the ServerAlias directive.

<VirtualHost 213.193.214.124:80>
ServerName solin.nl
ServerAlias www.solin.nl onderwijs.solin.nl www.onderwijs.solin.nl
DocumentRoot /home/solin/public_html
ErrorLog /home/solin/logs/error_log
CustomLog /home/solin/logs/access_log common
ScriptAlias /cgi-bin/ /home/solin/cgi-bin/
<Directory /home/solin/public_html>
Options -Indexes IncludesNOEXEC FollowSymLinks
</Directory>
</VirtualHost>

User friendly urls through mod_rewrite: Apache 1.3x

20060218

The module mod_rewrite.so promises user friendly urls. To install the module, I have followed the advice posted here:

http://www.mailarchives.org/list/apache-httpd-users/msg/2003/13765

Here, it says to do a ./configure and ./make:

./configure --prefix=/www --enable-module=so --enable-module=rewrite --enable-shared=rewrite

After the subsequent ./make, the mod_rewrite.so can be found in the directory /usr/src/apache_1.3.33/src/modules/standard/mod_rewrite.so. Copy the file to /www/modules/mod_rewrite.so and add the following line to httpd.conf:

LoadModule rewrite_module modules/mod_rewrite.so

Now, restart the webserver, and you should be good to go.

Installing modules, such as mod_rewrite, for Apache 2.x

Installing mod_rewrite under Debian (where I use Apache 2 instead of 1.3x) is even easier. This site explains it all: Managing Apache2 modules the Debian way.

Debian has two directories:

  • /etc/apache2/mods-available
  • /etc/apache2/mods-enabled

To enable a module, you need to symlink some files. This is what the Debian tool a2enmod does for you. For instance, to install mod_rewrite, simply type in:

a2enmod rewrite

Then, restart Apache and you're good to go!

/etc/init.d/apache2 force-reload

By the way, Webmin does not display the loaded Apache modules correctly! Just forget about trying to enable Apache modules through Webmin.

Securing a web directory with Apache

First, make a password file and type in a password for a user:

[root@1038 public_html]# htpasswd -cm /etc/phpMyAdmin_auth_file onno
New password:
Re-type new password:
Adding password for user onno

Leave out the -c parameter if you're using the same password file twice (c = create).

Then, restrict access to a directory by specifying the following directives for a given directory:

<Directory /home/solin/public_html/phpMyAdmin>
   Options -Indexes IncludesNOEXEC Includes FollowSymLinks
   AuthType Basic
   AuthName "Access Restricted"
   AuthUserFile /etc/phpMyAdmin_auth_file
   Require user onno
</Directory>

Don't forget to disable the allow from all and AllowOverride All directives:

#allow from all
#AllowOverride All

Generating SSL Certificates, SSL CSRs and Installing Certificates

First of all, make sure you've got the OpenSSL library (comes with Apache2 by default).

Now, Ubuntu has a tool called apache2-ssl-certificate which you can use to generate a certificate for testing purposes.

For a guide to the real deal, a signed certificate, look here: Ubuntu: Certificates.

What it comes down to is this:

  • Generate a server key (if you don't already have one) and put it in a standard directory: /etc/ssl/private/server.key
openssl genrsa -des3 -out server.key 1024
  • Using the pass phrase for the server key, generate a CSR (Certificate Signing Request). Send this file to your CA (Certificate Authority, e.g. Verisign).

Please note: the following command will prompt you for some data. When you see: Common Name (eg, your name or your server's hostname), enter the exact domain name that you want to secure. For instance, if you have a specific subdomain that must be secured, provide the complete url for the subdomain (minus the protocol). E.g.: tech.solin.eu.

openssl req -new -key server.key -out server.csr
  • Copy the certificate file you receive from your CA to a standard directory: /etc/ssl/certs/your_certificate.crt
  • Add the directories to your website's configuration file:
SSLEngine on
SSLCertificateFile /etc/ssl/certs/your_certificate.crt
SSLCertificateKeyFile /etc/ssl/private/server.key
  • It may also be necessary to copy over some 'root' or 'intermediary' certificates from the CA:
SSLEngine on
SSLCertificateFile /etc/ssl/certs/your_certificate.crt
SSLCertificateKeyFile /etc/ssl/private/server.key
SSLCertificateChainFile /etc/ssl/certs/AddTrustExternalCARoot.crt
SSLCertificateChainFile /etc/ssl/certs/UTNAddTrustServerCA.crt
SSLCertificateChainFile /etc/ssl/certs/PositiveSSLCA.crt
  • Restart the webserver (you can no longer do this through Webmin, because you'll need to provide the pass phrase): /etc/init.d/apache2 restart

Setting up SSL

To actually use ssl on Apache, you first need to make a few slight adjustments. This is explained here: Setting up SSL: Ubuntu and Apache 2.

Log File Rotation Requires Manual Restart

The default log file rotation for Apache requires a restart of the server. This means you have to restart the server manually, since you'll have to provide the pass phrase. You can circumvent this problem by using another log file rotation method. See Piped logging program to rotate Apache logs.

In /etc/apache2/apache2.conf add:

CustomLog "|/usr/sbin/rotatelogs /var/log/apache2/access.log 604800" common 
ErrorLog "|/usr/sbin/rotatelogs /var/log/apache2/error.log 604800"

And then in /etc/apache2/sites-available/your_site.conf:

<VirtualHost *:80>
  [...]
  ErrorLog "|/usr/sbin/rotatelogs /home/your_site/logs/error_log 604800"
  CustomLog "|/usr/sbin/rotatelogs /home/your_site/logs/access_log 604800" combined
  [...]
</VirtualHost>

The number at the end represents the rotation time, here 7 days.

Avoiding the default website

If you make a typo in site's subdomain, chances are you'll be “redirected” to the first website of the webserver. For instance, if *.solin.nl points to our webserver where 1xmyclient.nl is the first website, “nonexistentsubdomain.solin.nl” will “redirect” to 1xmyclient.nl.

To avoid this, simply create a virtualhost called 000aaa.solin.nl which contains an index.html file stating something like “Website not found. Perhaps you made a typing error?”.

See also this wiki.

Apache - on your localhost

Subdomains

The following worked for me under Ubuntu 11.10, using the default Apache2 installation. This solution uses virtual hosts.

Add the subdomain to /etc/hosts. E.g.:

127.0.0.1 localhost
127.0.0.1 testclient.localhost
#127.0.1.1 my-computer

UPDATE: in a recent version of 12.04, a line 127.0.1.1 my-computer was automatically added to the hosts file. Comment out this line!

Modify etc/apache2/ports.conf to explicitly name your localhost ip address:

NameVirtualHost 127.0.0.1:80
Listen 80

In all your virtualhosts, add the localhost ip address, the port and the servername directive.

/etc/apache2/sites-available/default:

<VirtualHost 127.0.0.1:80>
  ServerAdmin webmaster@localhost
  ServerName localhost
  # ... etc

/etc/apache2/sites-available/testclient:

<VirtualHost 127.0.0.1:80>
    DocumentRoot /home/onno/testclient.localhost/public_html/
    ServerName testclient.localhost

    <Directory /home/onno/testclient.localhost/public_html/>
        Options Indexes FollowSymLinks MultiViews +Includes
        AllowOverride None
        Order allow,deny
        allow from all
    </Directory>
</VirtualHost>

Of course, don't forget to symlink from sites-enabled to sites-available and restart the webserver after you're done configuring.

Symlinks to Other Partitions

If apache is on one partition, and your websites are on another partition, you can still use symlinks. There are two things to take into account though.

  1. Include the FollowSymLinks directive in your virtual host's configuration file (i.e. the site in the sites-available directory).
  2. Make sure that every directory that is part of the symlinked path is readable and executable.

As an example I have a SOLINDATA partition on my local machine containing a php directory. This partition is accessed through /media/SOLINDATA. My /etc/apache2/sites-available directory is on another partition. So, I had to do:

sudo chmod -R 755 /media

Apache 2.4 (Ubuntu 13.10)

There are a few minor changes from Apache 2.2 (Ubuntu 12.04 LTS) to Apache 2.4 (Ubuntu 13.10).

  • All configuration files in the sites-available directory must now end in .conf
  • You now need a “Require all granted” directive

Here's an example configuration file called etc/apache2/sites-available/jeelo.conf:

<VirtualHost *:80>

  DocumentRoot /home/onno/php/jeelo/public_html
  ServerName jeelo

  <Directory /home/onno/php/jeelo/public_html/>
    Order allow,deny
    Allow from all
    Require all granted
  </Directory>

</VirtualHost>

Don't forget to make a symlink in etc/apache2/sites-enabled and do add your ServerName to /etc/hosts.

php Files Are Downloaded as Text Files

Add this to apache2.conf:

AddType application/x-httpd-php .php

And make sure there is no .htaccess file in your webroot which overwrites anything related to php. For instance, in one of my projects, I found this inside the .htaccess file of a customer's virtualhost:

# inside .htaccess file:
AddHandler application/x-httpd-php55 .php 

URL Rewriting with Mod Rewrite

URL Rewriting for Beginners is an excellent tutorial on this topic.

Here's an example I'm using for Moodle, which allows the user to go directly to mymoodlesite.com/moodle-as-an-lms instead of having to use mymoodlesite.com/mod/page/view.php?id=99998. The browser's address bar will show the user-friendly url as well.

RewriteEngine On    # Turn on the rewriting engine
RewriteRule    ^moodle-as-an-lms/?$    /mod/page/view.php?id=99998    [NC,L]
RewriteRule    ^support-requests/?$    /mod/page/view.php?id=99999    [NC,L]

NC: Non Case-sensitive L: Do no apply any other rewrite rules after having applied the current one

Add www

RewriteEngine On    # Turn on the rewriting engine
RewriteCond %{HTTP_HOST} !^www\.
RewriteRule ^(.*)$ http://www.%{HTTP_HOST}/$1 [R=301,L]

This can be used in combination with other rules listed below this one.

Keep The Original Query String

QSA: Query String Append - keeps the original query string and appends it to the new one.

RewriteRule    ^language-learning/?$    /mod/page/view.php?id=161    [QSA,NC,L]

For example, if your incoming url is: myhost.com/language-learning?keyword=french then the resulting url will be: myhost.com/mod/page/view.php?id=161&keyword=french (though the browser will still display the original query string in the address bar).

Redirect to Completely New URL

RewriteEngine on
RewriteRule ^mastersinlean.trainertops.com$ mastersinlean.trainertops.nl [R=301,NC,L]
RewriteCond %{HTTP_HOST} ^mastersinlean.trainertops.nl$
RewriteRule ^(.*)$ http://trainingen.mastersinlean.com/$1 [R=301,L]

Personal Tools