For almost all environments except Microsoft Windows, Apache is the to go to service for serving web pages. Alternatives include IIS and ngnix, but unless you have very special hosting requirements, knowing how to setup and maintain web hosting with Apache will cover all but the most demanding web server needs..
Fancy Indexing, customizing directory file listings [ edit ]
# cat .htaccess Options +Indexes <IfModule mod_autoindex.c> IndexOptions FancyIndexing NameWidth=* AddDescription "GZIP tar archive" .tgz .tar.gz AddDescription "RedHat Package" .rpm AddDescription "Debian Package" .deb IndexIgnore RCS CVS *,v *,t .DS_Store *.log IndexIgnore .??* RCS CVS *,v *,t .DS_Store </IfModule>
Error page instead of Index Page for root foldersIn some versions of Linux, Apache is preconfigured to disable Indexes for the root folder. Often the directive in NOT in httpd.conf but in welcome.conf
# pwd /etc/httpd # diff conf.d/welcome.conf 7,10c7,10 < <LocationMatch "^/+$"> < Options -Indexes < ErrorDocument 403 /error/noindex.html < </LocationMatch> --- > #<LocationMatch "^/+$"> > # Options -Indexes > # ErrorDocument 403 /error/noindex.html > #</LocationMatch>
2 GByte file limitation
|Apache does not handle serving files larger than 2 GBytes. If Options Indexes is
enabled, large files will simply not show in the list.
Preventing unresolved ServerName at startup
May need tweak httpd.conf so that ServerName is set before starting apache. Also check that /etc/sysconfig/network is correct.
# /etc/rc.d/init.d/httpd restart ... # cat /etc/sysconfig/network NETWORKING=yes NETWORKING_IPV6=no HOSTNAME=c5ip21.sf.zaptech.org GATEWAY=192.168.2.1
CGI errors only for some script files
# tail -f /var/log/httpd/error_log [...] [error] [client 192.168.2.100] (2)No such file or directory: exec of '/var/www/cgi-bin/13.py' failed [...] [error] [client 192.168.2.100] Premature end of script headers: 13.py
.../httpd.conf tweaks to enable default directory <Directory "/usr/local/apache2/htdocs"> Options Indexes FollowSymLinks ExecCGI AllowOverride None Order allow,deny Allow from all </Directory> # To use CGI scripts outside of ScriptAliased directories: # (You will also need to add "ExecCGI" to the "Options" directive.) AddHandler cgi-script .cgi AddHandler cgi-script .pl
Limit page access to local 192.168.*.* network ... <Directory "/var/www/html/phpMyAdmin/"> # AllowOverride None # Options ExecCGI Indexes Order allow,deny Allow from 192.168 # AddHandler cgi-script .pl # AddHandler cgi-script .cgi </Directory>
Secure Serving - enabling https support
|Typically Apache standard install (e.g. RedHat CD) is already set up for this. However, the mod_ssl RPM must also be present for Apache to properly handle https requests (typically using port 443). Classic symptom of this is connection failed messages. Note - unless additional certificate setup is performed, secure pages will generate a unknown certificate a warning prompt with most web browsers.||
# yum list \*mod_ssl\* ... Available Packages mod_ssl.i386 1:2.0.52-38.ent.centos update ... # rpm -qa > now; diff rpm.txt now 149d148 < httpd-suexec-2.0.52-32.ent.centos4 162a162,163 > httpd-suexec-2.0.52-38.ent.centos4.2 > mod_ssl-2.0.52-38.ent.centos4.2 313d313 < httpd-2.0.52-32.ent.centos4 326a327,328 > distcache-1.4.5-6 > httpd-2.0.52-38.ent.centos4.2 # chkconfig --list > now; diff chkconfig.txt now 14a15 > dc_server 0:off 1:off 2:off 3:off 4:off 5:off 6:off 36a38 > dc_client 0:off 1:off 2:off 3:off 4:off 5:off 6:off # pwd /etc/httpd/conf.d # rcsdiff ssl.conf 88c88,93 < <VirtualHost _default_:443> --- > <VirtualHost *:443> > > # this is also default if domain is not matched below > ServerName www.missioncitydesign.com > DocumentRoot /public/mcd 250a256,259 > # Ok, SSL needs different IP address/domain, unlike standard port 80 hosted sites. > # Secondly, likely the IP address in the certificate must be the actual > # public world routable IP address, so using NAT addressed virtual SSL > # host will probably cause a certificate warning.
Apache - Virtual Hosting
This particularly powerful configuration of Apache allows a single system to act like several completely seperate web servers. This is a very economical solution for ISP's to provide hosting for multiple customers with a single machine. The setup of this is a bit tricky.
|Apache - ProxyPass and other fun
Recent versions of Apache offer a built in pass through feature. This pass through feature can be configured to trap certin URL's and spawn requests to other serivices (e.g. ftp, http, ssh, ...) and then feed the response to the second request back to the original requestor. This is quite handy to allow Tomcat service (typically lives on port 8080) to be invoked when a certain request is made to httpd (typically lives on port 80).
Typically ProxyPass adjustments are the only proxy directives that need to be altered for most situations - ALL other proxy directives should remain off.
# diff -r1.1 httpd.conf 238c241 < #LoadModule proxy_module modules/libproxy.so --- > LoadModule proxy_module modules/libproxy.so 303c306 < #AddModule mod_proxy.c --- > AddModule mod_proxy.c 986,988c1245,1262 < #<IfModule mod_proxy.c> < #ProxyRequests On --- > <IfModule mod_proxy.c> > # Other proxy directives seem to work fine when ProxyRequests Off. > # Indeed, the only reason to enable ProxyRequests is to provide > # an open Proxy to the public. Once an open proxy is discovered > # by others, it will inevidably be followed by a storm of requests > # that will waste bandwidth. Bandwidth loss typically becomes > # severe enough to affect responsiveness of services on the open > # proxy server. Therefore, if ProxyRequests in enabled, it is > # best to limit its use to a known and trusted network. > ProxyRequests Off > > # .../devpanther/ <- http://devpanther.local.zaptech.org/ > ProxyPass /devpanther/ http://192.168.1.226/ > > # .../kt/ <- http://devpanther.local.zaptech.org/kt/ > ProxyPass /kt/ http://192.168.1.226/kt/ > > # .../public/ <- http://devx.local.zaptech.org/rescue/ > ProxyPass /public/ http://192.168.1.221/rescue/ 1014c1288 < #</IfModule> --- > </IfModule>
Apache - Test an http server using just telnet!
$ telnet google.com 80 GET / HTTP/1.1 Host: www.google.com [ blank return ] ...
Apache - Legacy
Linux versions before RedHat Linux 7.3 used slightly different configuration conventions. For the most part little has changed and older information may still be handy when maintaining a legacy system.