Apache HTTP Server Cookbook (Gabriel Canepa) (Z-Library)

📄 File Format: PDF

💾 File Size: 3.3 MB

📖 Read Online ⬇️ Download

Registered users can read the full content for free

Register as a Gaohf Library member to read the complete e-book online for free and enjoy a better reading experience.

📄 Page 1

(This page has no text content)

📄 Page 2

Apache HTTP Server Cookbook i Apache HTTP Server Cookbook

📄 Page 3

Apache HTTP Server Cookbook ii Contents 1 How to install the Apache web server 1 1.1 Installing Apache and utilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 1.2 Checking running status of Apache . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 1.3 Serving your first website with Apache . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 1.4 Wrapping up . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 2 Apache Configuration Tutorial 7 2.1 Inspecting the Apache configuration file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 2.2 Apache modules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 2.3 Configuration directives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 2.4 Basic authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 2.5 Directives in action . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 2.6 Basic security considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 2.7 Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 3 Name-based Virtual Host Configuration 15 3.1 Reviewing the Apache configuration file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 3.2 Defining virtual hosts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 3.3 Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18 3.4 Limiting bandwidth . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19 3.5 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20 4 mod_rewrite: Redirecting and rewriting URLs 21 4.1 Introducing regular expressions (regexs) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 4.2 Introducing RewriteRule and RewriteCond . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22 4.3 Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22 4.4 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28 5 Apache SSL / TLS Support 29 5.1 Introducing SSL and TLS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29 5.2 Apache and TLS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29 5.3 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33

📄 Page 4

Apache HTTP Server Cookbook iii 6 Apache URL rewrite example 35 6.1 Redirecting to a new resource in the same server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35 6.2 Redirecting to a resource moved to another server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36 6.3 Serve browser-dependent content . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37 6.4 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39

📄 Page 5

Apache HTTP Server Cookbook iv Copyright (c) Exelixis Media P.C., 2016 All rights reserved. Without limiting the rights under copyright reserved above, no part of this publication may be reproduced, stored or introduced into a retrieval system, or transmitted, in any form or by any means (electronic, mechanical, photocopying, recording or otherwise), without the prior written permission of the copyright owner.

📄 Page 6

Apache HTTP Server Cookbook v Preface The Apache HTTP Server, colloquially called Apache, is the world’s most used web server software. Originally based on the NCSA HTTPd server, development of Apache began in early 1995 after work on the NCSA code stalled. Apache played a key role in the initial growth of the World Wide Web, quickly overtaking NCSA HTTPd as the dominant HTTP server, and has remained most popular since April 1996. In 2009, it became the first web server software to serve more than 100 million websites. Apache is developed and maintained by an open community of developers under the auspices of the Apache Software Foundation. Most commonly used on a Unix-like system (usually Linux), the software is available for a wide variety of operating systems besides Unix, including eComStation, Microsoft Windows, NetWare, OpenVMS, OS/2, and TPF. Released under the Apache License, Apache is free and open-source software. As of November 2015, Apache was estimated to serve 50% of all active websites and 37% of the top servers across all domains. (Source: https://en.wikipedia.org/wiki/Apache_HTTP_Server/) In this ebook, we provide a compilation of Apache HTTP Server tutorials that will help you get started with this web server. We cover a wide range of topics, from installing the server and performing a basic configuration, to configuring Virtual Hosts and SSL support. With our straightforward tutorials, you will be able to get your own projects up and running in minimum time.

📄 Page 7

Apache HTTP Server Cookbook vi About the Author Gabriel Canepa is a Linux Foundation Certified System Administrator (LFCS-1500-0576-0100) and web developer from Villa Mercedes, San Luis, Argentina. He works for a worldwide leading consumer product company and takes great pleasure in using FOSS tools to increase produc- tivity in all areas of his daily work. When he’s not typing commands or writing code or articles, he enjoys telling bedtime stories with his wife to his two little daughters and playing with them, the great pleasure of his life.

📄 Page 8

Apache HTTP Server Cookbook 1 / 39 Chapter 1 How to install the Apache web server In this example we will show how to install the Apache web server in CentOS 7.2 and Ubuntu 14.04.3 using the command line. According to recent reports, Apache continues to keep the lead in the number of websites and Internet-facing machines when compared to other web servers, such as Microsoft’s IIS or Nginx. Such has been the case for a long time, and that is why the skill of knowing how to install, configure, and leverage Apache is on the rise everywhere. In other words, by acquiring Apache skills you will learn how to use the number one server on the Internet. 1.1 Installing Apache and utilities Perhaps the first thing that we need to note is that the package that includes Apache has different names in CentOS (httpd) and Ubuntu (apache2). The good news is that in both cases, the package is included in the repositories that are configured when the operating system is installed. For that reason, you do not need to make any modifications to the repositories in order to install Apache. In addition, we will install an extra package named apache2-utils and httpd-tools in Ubuntu and CentOS, respectively. This package includes tools that will be useful to benchmark Apache, manage basic and digest authentication to web pages, and resolve IP addresses to host names in the logs, among other things. However, before you proceed please keep in mind that installing packages require administrative privileges, so you will need to run the following commands either as root (in CentOS) or using sudo (in Ubuntu). With that in mind, let us proceed with the installation. In CentOS, type yum update && yum install httpd httpd-tools -y and press Enter. In Ubuntu, do sudo apt-get update && apt-get install apache2 apache2-utils -y The package management system (yum or apt-get) will take care of installing all necessary dependencies required by the web server. 1.2 Checking running status of Apache Once the installation completes, we need to check whether the web server has been automatically started. Typically, that is the case in Ubuntu but not in CentOS. To check the running status of Apache in Ubuntu, type

📄 Page 9

Apache HTTP Server Cookbook 2 / 39 service apache2 status In Fig. 1.1 you can see the expected output when the web server is running. Otherwise, if it is stopped (as we forced it to using sudo service apache2 stop which is also shown in the image) you will need to run sudo service apache2 start to restart it. By now, you can safely ignore the AH00558 error message as it refers to an aspect of the web server configuration that we will cover in the next tutorial of the Apache series. Figure 1.1: Checking the running status of Apache in Ubuntu In CentOS, you will use systemctl (the system and service manager tool) to verify the status of Apache: systemctl status httpd Fig. 1.2 shows the expected output when the web server is running and when it is not.

📄 Page 10

Apache HTTP Server Cookbook 3 / 39 Figure 1.2: Using systemctl to check Apache’s status in CentOS Last but not least, we need to ensure that the web server is started automatically the next time the system boots. In Ubuntu, the installation process by default will configure it to start after a reboot whereas in CentOS, you will need to start it by hand: systemctl start httpd and enable it for future reboots: systemctl enable httpd This ensures that Apache will be started by systemd each time the machine boots. In Ubuntu, you can also get more information about Apache (web traffic statistics, server load and uptime, percentage of CPU usage, number of requests currently being processed, to name a few examples) using apachectl status In CentOS this command is aliased to systemctl status httpd so you will not get more details than those shown in Fig. 1.2). 1.3 Serving your first website with Apache After you have successfully installed Apache and got it running, it is time to look into serving web pages. Although we will discuss this further in later articles, you need to know that Apache not only is used as a standalone server (that is, to store a single website or application), but also to run several sites (also known as virtual hosts) at the same time. For the time being, it is sufficient to indicate the place where the web server stores pages and see how it returns them upon a request performed by a client - all in the context of a standalone server. To see Apache in action for the first time, launch a web

📄 Page 11

Apache HTTP Server Cookbook 4 / 39 browser and point it to the IP address of the machine where Apache is running, as shown in Fig. 1.3 (192.168.0.29 is a CentOS and 192.168.0.30 is Ubuntu). Figure 1.3: Apache test page in CentOS and Ubuntu If you cannot see the test page after starting Apache in CentOS and your web browser says it can’t establish a connection to the web server, please check the following: • Did you misspell the IP address in the browser’s URL bar? • Is firewalld, the default firewall in CentOS 7 allowing http traffic? You can check #2 as follows: Type firewall-cmd --add-services=http then

📄 Page 12

Apache HTTP Server Cookbook 5 / 39 firewall-cmd --add-services=http --permanent and hit Enter. Then try to access the web server by IP as explained earlier. To replace this default test page by one of ours, create a simple html file and save it as index.html in /var/www/html. You can use the following example if you want: <!DOCTYPE html> <html> <head> <meta charset=utf-8 /> <title>Your first page served by Apache</title> </head> <body> <h1>Check out the Apache series in SystemCodeGeeks.com!</h1> <img src="https://systemcodegeeks.javacodegeeks.netdna-cdn.com/wp-content/ ←↩ uploads/2016/01/SystemCodeGeeks-logo.png" /> </body> </html> The result can be seen in Fig. 1.4: Figure 1.4: Your first web page served by Apache Next, feel free to create other subdirectories under /var/www/html and more html pages, and hyperlinks between them. Congratulations! You have already taken your first step towards mastering Apache.

📄 Page 13

Apache HTTP Server Cookbook 6 / 39 1.4 Wrapping up In this tutorial we have explained how to install Apache, the most used server used by websites and Internet-facing computers, in CentOS 7 and Ubuntu 14.04. In addition, we showed you how to replace the default test page with a custom one. In the next articles of this series, we will discuss in greater depth the capabilities of Apache. Stay tuned.

📄 Page 14

Apache HTTP Server Cookbook 7 / 39 Chapter 2 Apache Configuration Tutorial In the first article of this series we introduced you to Apache. If you took the time to read the introduction, you will have noticed that it is the number one server powering websites and Internet-facing computers - and there are plenty of good reasons for that. In this guide we will discuss one of those reasons: its easiness of configuration and seamless integration with server-side scripting languages such as PHP in the context of a standalone web server. In this type of setup, Apache is used to serve a single domain or application, as opposed to running several sites off a single system (also known as virtual hosting, the topic of our next tutorial). Note: The configuration syntax and directives of Apache have changed a bit from version 2.2 to 2.4. In addition, some well- known directives in version 2.2 have been deprecated in 2.4. If you followed the steps in the previous tutorial, you should have installed the latest version of the web server (2.4 at the time of this writing). As you can see in Fig. 2.1, you can verify the Apache version in CentOS with httpd -v and in Ubuntu using apache2 -v Figure 2.1: Viewing the installed Apache version

📄 Page 15

Apache HTTP Server Cookbook 8 / 39 2.1 Inspecting the Apache configuration file As you can already tell based on the first article, the only difference between the Apache installations in CentOS and Ubuntu is the package name. Thus, it is to be expected that the main configuration file be named differently (httpd.conf in CentOS and apache2.conf in Ubuntu) and located in a different place in each distribution (/etc/httpd/conf/ and /etc/ apache2/, respectively). Regardless of the distribution, the main configuration file contains the configuration directives that give the server its instructions. You will use this file to configure system-wide settings for the web server, and additional files to set up virtual hosts (but again, we will expand more on that last topic in the next guide). It is important to note that you should understand and familiarize yourself with the directives in the configuration file before making changes that can potentially affect the operation of the web server. 2.2 Apache modules You can easily extend the web server’s operation by using independent, separate pieces of software called modules that provide specific functionality. Some modules come built-in with Apache, while others can be installed using your distribution’s package management system and enabled to integrate with the web server. Although we will discuss modules in later guides of this series, it is important to have this definition in mind before we dive into the configuration directives. You will see the reason in a minute. 2.3 Configuration directives The following directives are listed in the main configuration file. All of them (and many, many more!) are explained thoroughly in the Apache 2.4 configuration docs online at https://httpd.apache.org/docs/current/. If you want or need to read the Apache documentation offline, you can install the package httpd-manual in CentOS: yum install httpd-manual and apache2-doc in Ubuntu: sudo apt-get install apache2-doc You can then access the docs through a web browser (https://server/manual, where server must be replaced with the hostname or the IP address of the machine). This tool can come in handy if at a given time you cannot access the Internet to check the same resource online. Directive Description Example ServerRoot The directory tree where the server’s configuration, error, and log files are kept. Example Listen The IP and port where Apache is bound. The default is listening on port 80 of all network interfaces, although it is more secure to specify a single IP address. Listen 192.168.0.100:80 User Group The name of the user/group to run the web server as. It is usually good practice to create a dedicated user and group for running Apache, as it is the case with most system services. You can also use the UID and the GID instead of the username and groupname, although it is not common to do so. User apache Group apache

📄 Page 16

Apache HTTP Server Cookbook 9 / 39 ServerAdmin The system administrator’s email address. Problems with the server will be sent to this address. ServerAdmin root@ localhost ServerName The hostname and port that the server uses to identify itself. ServerName www.example. com:80 DocumentRoot The root directory where web pages and directories will be stored by default. Although all requests are taken made to this directory, you can create symbolic links to point to other locations. DocumentRoot "/var/www/ html" ErrorLog The location of the error log file ErrorLog "logs/error_log" LogLevel Controls the verbosity of messages logged to ErrorLog. Possible values include: debug, info, notice, warn, error, crit, alert, emerg When a particular level is specified, messages from higher levels (indicated by the numbered list above) will be logged as well. LogLevel warn Directory Used to enclose a group of directives that will apply only to the named directory and all its contents. <Directory /> AllowOverride none Require all denied </Directory> Files Use to limit the scope of the enclosed directives by filename instead of by directory. Wildcards and other regular expressions are allowed. <Files "restricted.html"> #Insert here directives that apply only to restricted.html </Files> IfModule Used to specify directives that are only applied if a specific module is present. <IfModule mod_rewrite.c> RewriteEngine on </ IfModule> Include Includes other existing configuration files. If an absolute path is not used, it is relative to the ServerRoot directory. Include conf/ssl.conf IncludeOptional Similar to the Include directive, with the only difference is that it is ignored if there are no matches instead of causing an error (as it is the case with Include). IncludeOptional sites- enabled/*.conf To view the values of a certain directive quickly from the command line instead of opening the configuration file, you can use grep as follows. Let’s say we want to find out what is the directory where Apache is expecting web pages and directories to be stored by default. Yes, you guessed it right - that information is provided by the value of the DocumentRoot directive: grep -i documentroot /etc/httpd/conf/httpd.conf or grep -i documentroot /etc/apache2/apache2.conf in CentOS and Ubuntu, respectively. As we said before, these and all of the Apache directives are well documented in the project’s website and through the httpd- manual and apache2-doc packages. If you click on the Directives link at the top of the page (see Fig. 2.2):

📄 Page 17

Apache HTTP Server Cookbook 10 / 39 Figure 2.2: The Directives page you will be taken to the complete list of directives available in the current version of Apache. Choose any directive (we will use Include as example) and click on the link to be redirected to the detailed description. Pay attention to the highlighted area in Fig. 2.3 below: Figure 2.3: Context of an Apache directive Each directive has a Context, or in other words, a place where it is valid and has meaning to the operation of the web server. In the case of Include, the description indicates that it can only be used in the system-wide server configuration, inside a virtual host definition, and within Directory tags. If you attempt to use it in a different place or inside the wrong set of tags (such as inside IfModule or Files), the web server will complain about it by refusing to restart correctly. 2.4 Basic authentication Another set of directives, not outlined in the table above as they are not typically present out of the box in the configuration file, are those related with authentication and authorization. These settings allow to grant access to resources after a user has entered valid credentials. Although there are other authentication mechanisms, we will only cover basic authentication in this guide (which consists of username and password) for brevity. Please be aware that this method sends the password from the server to the client unen- crypted, so it should not be used with sensitive data (in a later tutorial we will introduce more secure options). You can refer to the Authentication and Authorization page of the documentation for further details. To create a password for user jdoe (which does not necessarily have to exist as a system user) and store them securely in a new password file named passwds inside /etc/httpd/conf or /etc/apache2 (in CentOS and Ubuntu, respectively), follow these steps (don’t forget to use sudo to gain administrative privileges and to change the path to the file to /etc/apache2/ passwds if you’re using Ubuntu):

📄 Page 18

Apache HTTP Server Cookbook 11 / 39 Step 1 - Create the file with htpasswd, the tool that is used to manage basic authentication credentials. Use the -c option to indicate that we are creating a non-existent file: htpasswd -c /etc/httpd/conf/passwds jdoe Step 2 - Choose a new password for jdoe and enter it twice when you are prompted to do so. Step 3 - Change ownership of the file to the user Apache is running as and set its permissions to 600: In CentOS: chown apache:apache /etc/httpd/conf/passwds chmod 600 /etc/httpd/conf/passwds In Ubuntu: chown www-data:www-data /etc/apache2/passwds chmod 600 /etc/apache2/passwds Let’s take a look at what the contents of the file looks like in Fig. 2.4 (username and encrypted password are separated by a colon): Figure 2.4: The Apache passwords file In the following section you will see how to use these credentials to authenticate user jdoe and authorize him to access a resource served by Apache. If you want to add other users to the same file, use htpasswd as explained earlier, only omitting the -c switch since the file now exists (no need to create a different one). 2.5 Directives in action To put into practice all of what we have discussed so far, let us work with and modify the example given in the first article of this series. You will recall that we created a simple page named index.html inside /var/www/html. This directory, as you have learned in this guide, is of special importance as it is the default DocumentRoot. Let’s picture the following scenario. We need to serve a file named restricted.html (also located inside /var/www/ html) but only allow user jdoe to access such file after entering his password. Other files present inside DocumentRoot must be accessible to all users without authentication. Of course, this approach assumes this file exists in that directory already. If not, you can use the following example (open with your preferred text editor and save as restricted.html): <!DOCTYPE html> <html> <head> <meta charset=utf-8 /> <title>Restricted file</title> </head>

📄 Page 19

Apache HTTP Server Cookbook 12 / 39 <body> <h1>Restricted file</h1> <img src="https://files.softicons.com/download/folder-icons/dellios-system-icons-by- ←↩ dellustrations/png/128/restricted.png" /> </body> </html> To accomplish our goal, let’s open the Apache configuration file and add the following Directory block: <Directory /var/www/html> <Files restricted.html> AuthType Basic AuthName "SystemCodeGeeks - Restricted file" AuthBasicProvider file AuthUserFile /etc/apache2/passwds Require user jdoe </Files> </Directory> Now restart Apache: In CentOS: systemctl restart httpd In Ubuntu: service apache2 restart And browse to https://server/restricted.html (where, again, you will need to replace server with the hostname or IP address of your server) as shown in Fig. 2.5: Figure 2.5: Browsing to the restricted page If you do not enter valid credentials, you will get the following error message:

📄 Page 20

Apache HTTP Server Cookbook 13 / 39 Figure 2.6: Without valid credentials, a restricted resource cannot be accessed Otherwise, you will be able to see the page: Figure 2.7: With valid credentials, the resource can be accessed Congratulations! You have configured your Apache web server to serve content based on user basic authentication.