Apache

From Network Security Wiki
Jump to navigation Jump to search


Intro

Source: vogella.com

  • Apache remained the most widely used web server software, estimated to serve 46% of all active websites and 43% of the top million websites.
  • The name was widely believed to be a pun on 'A Patchy Server' (since it was a set of software patches).
  • When Apache is running, its process name is sometimes httpd, which is short for "HTTP daemon."

Basics

  • List the available modules of the Apache HTTP server
apache2 -l
  • Main configuration file for the Apache Http server
/etc/apache2/apache2.conf
  • The error log of Apache is located in the
/var/log/apache2/error.log
grep MaxClients /var/log/apache2/error.log

Multi-Processing-Module

Apache HTTP can run in different modes. MPM modes determine how the web requests of users are answered.

  • The selected mode is compiled into the server and can be checked with:
sudo apachectl -V | grep -i mpm


  • Configuration for the event mpm is stored in below file:

Configure only the module which your server is using.

/etc/apache2/mods-available/mpm_event.conf

htaccess

  • One major application of this file is to redirect an URL to other URL’s.
  • You should avoid using .htaccess files completely if you have access to httpd main server config file.
  • Using .htaccess files slows down your Apache http server.
   Ambox notice.png     This section needs verification and rework.
  • The following .htacess file reroutes http://vogella.com to http://www.vogella.com.
  • It also redirect access to a certain webpage (/articles/SpringFramework/article.html) to another webpage via a 301 redirect.
  • The 301 redirect will tell search engines that this side has moved and is the recommended way to move webpages.
RewriteEngine on
RewriteCond %{HTTP_HOST} !^www\.vogella\.de$
RewriteRule ^(.*)$ http://www.vogella.com/$1 [L,R=301]
redirect 301 /articles/SpringFramework/article.html http://www.vogella.com/tutorials/SpringDependencyInjection/article.html

Using modules

Apache Http supports the usage of modules. To enable modules use the a2enmod command

a2enmod rewrite

Other modules Supporting php and wordpress

sudo apt-get install libapache2-mod-fcgid
sudo apt-get install php5-cgi

Afterwards activate the corresponding modules:

sudo a2enmod fastcgi
sudo a2enmod proxy
# required for wordpress blog
sudo a2enmod rewrite

Gzip compression

  • To optimize the download time of your webpages you can turn on gzip compression.
  • This requires the Apache module "mod_deflate":
a2enmod deflate
/etc/init.d/apache2 restart
  • The compression can be activated in the default configuration file for this module located in /etc/apache2/mods-available/deflate.conf or via the ".htaccess" file.
# compress all text & html:
AddOutputFilterByType DEFLATE text/plain
AddOutputFilterByType DEFLATE text/html
AddOutputFilterByType DEFLATE text/xml
AddOutputFilterByType DEFLATE text/css
AddOutputFilterByType DEFLATE application/xml
AddOutputFilterByType DEFLATE application/xhtml+xml
AddOutputFilterByType DEFLATE application/rss+xml
AddOutputFilterByType DEFLATE application/javascript
AddOutputFilterByType DEFLATE application/x-javascript

VirtualHost Examples

Source: apache.org

  • Running several name-based web sites on a single IP address
# Ensure that Apache listens on port 80
Listen 80
<VirtualHost *:80>
    DocumentRoot "/www/example1"
    ServerName www.example.com

    # Other directives here
</VirtualHost>

<VirtualHost *:80>
    DocumentRoot "/www/example2"
    ServerName www.example.org

    # Other directives here
</VirtualHost>
  • Name-based hosts on more than one IP address

The server has two IP addresses. On one (172.20.30.40), we will serve the "main" server, server.example.com and on the other (172.20.30.50), we will serve two or more virtual hosts.

Listen 80

# This is the "main" server running on 172.20.30.40
ServerName server.example.com
DocumentRoot "/www/mainserver"

<VirtualHost 172.20.30.50>
    DocumentRoot "/www/example1"
    ServerName www.example.com

    # Other directives here ...
</VirtualHost>

<VirtualHost 172.20.30.50>
    DocumentRoot "/www/example2"
    ServerName www.example.org

    # Other directives here ...
</VirtualHost>
  • Serving the same content on different IP addresses (such as an internal and external address)
<VirtualHost 192.168.1.1 172.20.30.40>
    DocumentRoot "/www/server1"
    ServerName server.example.com
    ServerAlias server
</VirtualHost>
  • Running different sites on different ports
Listen 80
Listen 8080

<VirtualHost 172.20.30.40:80>
    ServerName www.example.com
    DocumentRoot "/www/domain-80"
</VirtualHost>

<VirtualHost 172.20.30.40:8080>
    ServerName www.example.com
    DocumentRoot "/www/domain-8080"
</VirtualHost>

<VirtualHost 172.20.30.40:80>
    ServerName www.example.org
    DocumentRoot "/www/otherdomain-80"
</VirtualHost>

<VirtualHost 172.20.30.40:8080>
    ServerName www.example.org
    DocumentRoot "/www/otherdomain-8080"
</VirtualHost>
  • IP-based virtual hosting

The server has two IP addresses (172.20.30.40 and 172.20.30.50) which resolve to the names www.example.com and www.example.org respectively.

Listen 80

<VirtualHost 172.20.30.40>
    DocumentRoot "/www/example1"
    ServerName www.example.com
</VirtualHost>

<VirtualHost 172.20.30.50>
    DocumentRoot "/www/example2"
    ServerName www.example.org
</VirtualHost>
  • Mixed port-based and ip-based virtual hosts

The server machine has two IP addresses (172.20.30.40 and 172.20.30.50) which resolve to the names www.example.com and www.example.org respectively. In each case, we want to run hosts on ports 80 and 8080.

Listen 172.20.30.40:80
Listen 172.20.30.40:8080
Listen 172.20.30.50:80
Listen 172.20.30.50:8080

<VirtualHost 172.20.30.40:80>
    DocumentRoot "/www/example1-80"
    ServerName www.example.com
</VirtualHost>

<VirtualHost 172.20.30.40:8080>
    DocumentRoot "/www/example1-8080"
    ServerName www.example.com
</VirtualHost>

<VirtualHost 172.20.30.50:80>
    DocumentRoot "/www/example2-80"
    ServerName www.example.org
</VirtualHost>

<VirtualHost 172.20.30.50:8080>
    DocumentRoot "/www/example2-8080"
    ServerName www.example.org
</VirtualHost>
  • Mixed name-based and IP-based vhosts
Listen 80
<VirtualHost 172.20.30.40>
    DocumentRoot "/www/example1"
    ServerName www.example.com
</VirtualHost>

<VirtualHost 172.20.30.40>
    DocumentRoot "/www/example2"
    ServerName www.example.org
</VirtualHost>

<VirtualHost 172.20.30.40>
    DocumentRoot "/www/example3"
    ServerName www.example.net
</VirtualHost>

# IP-based
<VirtualHost 172.20.30.50>
    DocumentRoot "/www/example4"
    ServerName www.example.edu
</VirtualHost>

<VirtualHost 172.20.30.60>
    DocumentRoot "/www/example5"
    ServerName www.example.gov
</VirtualHost>
  • You enable or disable virtual hosts with the following command.

Enable the vhost

sudo a2ensite vogella.conf

Disable the vhost

sudo a2dissite www.vogella.com

After enabling sites you have to reload Apache:

sudo service apache2 reload

Custom Logging

Enabled different logs for multiple virtual hosts

<VirtualHost *:80>
  ServerName www.foo.com
  DocumentRoot /var/www/www.foo.com/htdocs

  CustomLog /var/log/apache/www.foo.com-access.log combined
  ErrorLog /var/log/apache/www.foo.com-error.log
</VirtualHost>

<VirtualHost *:80>
  ServerName mail.foo.com
  DocumentRoot /var/www/mail.foo.com/htdocs

  CustomLog /var/log/apache/mail.foo.com-access.log combined
  ErrorLog /var/log/apache/mail.foo.com-error.log
</VirtualHost>

Troubleshooting

  • Debug virtual host configuration
apachectl -S 
  • If Apache is not listening to custom port mentioned by Listen directive in conf file from sites-enabled:
sudo nano /etc/apache2/ports.conf
Listen 8080


References





blog comments powered by Disqus