Difference between revisions of "Apache"

From CSE330 Wiki
Jump to navigationJump to search
(Created page with 'This page describes how to set up a web server on a Linux machine. If you are unfamiliar with using Linux from the command line, you should read the Linux guide first.…')
 
 
(76 intermediate revisions by 6 users not shown)
Line 1: Line 1:
This page describes how to set up a web server on a Linux machineIf you are unfamiliar with using Linux from the command line, you should read [[Linux|the Linux guide]] first.
+
''Apache'' is the industry standard web server for Linux distributionsIt is highly configurable and has a wide range of modules ready for different needs.
  
== SSH ==
+
{{XKCD
 +
|name=permanence
 +
|id=910
 +
}}
  
When connecting to your machine over the internet or intranet, you will most likelly be using ''ssh'' (secure shell).  SSH access requires that the ''sshd'' daemon is running in your machine.
+
== What is a web server? ==
  
By default, SSH is preinstalled on your EC2 instanceIf you are not using an EC2 instance, simply install it from yum or aptitude.
+
A web server is software that listens for connections to your machine, and when a connection is receive, processes the request and responds with the appropriate informationMost web servers listen on port 80, which is reserved for the purpose, and use the HTTP protocol.
  
=== SSH Keys ===
+
For example, when you visit this wiki, you are sending a request over the internet to some machine that is probably located somewhere in EIT (the user seldom knows exactly where the machine is located).  The web server receives your request, and it processes the data you sent.  Finally, the server prepares a response (the web page), and sends it back to you.
  
Normally, you can SSH into your machine with one of two ways: you can use traditional username/password authentication, or you can use a public/private key pair.  A public/private key pair is generally considered to be more secure, but it requires that you always have access to your private key file when you want to log into your remote machine.  By default, EC2 instances allow only public/private key pair authentication.  You can enable password-based authentication by changing the PaswordAuthentication option in ''/etc/ssh/sshd_config'' to '''yes''':
+
== Installing Apache ==
  
PasswordAuthentication yes
+
{{RequiredInstructions|content=
  
=== SSH Server Configuration ===
+
In yum, Apache is distributed under the package name '''httpd''' (for ''hypertext transfer protocol daemon'').  Use the package manager associated with your distribution to install Apache.  (For more information on how to use yum, see [[Linux#Repository-Based Package Managers|the Linux guide]].)
  
The configuration files for SSH are in ''/etc/ssh''. You can modify the files to affect SSH permissions, among other things. For example, it is always a good idea to disable root access over ssh. This could be done by editing ''/etc/ssh/sshd_config'' and setting 
+
For example:
  
PermitRootLogin no
+
<source lang="bash">
 +
$ sudo yum update
 +
$ sudo yum install httpd
 +
</source>
  
For more detail on editing files on the command line, see [[Linux#File Editors|the Linux guide]].
+
You'll need to run this command to add Apache as a startup item:
  
Note that you must restart the ssh process for this to take effect. Should that fail, rebooting your server should do the trick.
+
<source lang="bash">
 +
$ sudo /sbin/chkconfig --levels 235 httpd on
 +
</source>
  
'''Warning:''' Disabling root access over SSH for your EC2 instance should only be done after setting up an additional user account and adding that account to the sudoers list.
+
In RHEL, most Apache configurations are stored in ''/etc/httpd/conf/httpd.conf'' and others are located in the directory ''/etc/httpd/conf.d/''.
  
=== SSH Client Configuration ===
+
At this point, Apache has been installed, but is not yet running. To start the webserver, run this command:
  
==== Unix-Based Systems (including Mac OS X) ====
+
<source lang="bash">
 +
$ sudo /usr/sbin/apachectl start
 +
</source>
  
Mac OS X is based on BSD, a flavor of Unix.  As such, Mac OS X comes pre-built with all the tools you need to use SSH!  Simply fire up Terminal and enter the command
+
}}
  
ssh username@hostname
+
== Apache Directives ==
  
To use SSH with a key pair, use the command
+
You define your settings for Apache using ''directives''.  Some of the directives you will likely encounter include:
  
  ssh -i /path/to/key.pem username@hostname
+
* '''DocumentRoot:''' The path to the directory where the top level web files are going to be stored.
 +
* '''IfModule:''' The following block would be included if specified module exists.
 +
* '''User:''' Which user apache2 will run as.
 +
* '''Group:''' Which group will have group access to default web files.
 +
* '''AccessFileName:''' The name of the access file (that specifies user names/passwords and other limitations to files/directories).
 +
* '''ErrorLog:''' Where any errors will be written.
 +
* '''Include:''' Include some other files.
 +
* '''LogFormat:''' How to write a log message.
 +
* '''ErrorDocument:''' Files to display for some HTTP errors (500, 404, 402 etc.).
 +
* '''Alias:''' Map a directory URL to some other location on your filesystem.  Requires that the ''Alias'' module be loaded.
  
==== Non-Unix-Based Systems (including Microsoft Windows) ====
+
=== .htaccess Files ===
  
Unfortunately, using SSH with Windows is more complicatedIt is necessary to install an SSH client to support the connections. A widely used SSH client for Windows is PuTTYYou can download PuTTY from http://www.chiark.greenend.org.uk/~sgtatham/putty/
+
You can also specify some Apache configurations without delving into the master configuration fileTo do this, put a file named ''.htaccess'' in any directory that Apache is servingAll directives in it will be interpreted as if they were in a Directory directive in the master configuration file.
  
PuTTY is fairly simple and straight forward with one caveat: Amazon's .pem key pair files are not compatible with PuTTY keys. In order to convert ''.pem'' keys to a PuTTY ''.ppk'' privte key file, you should use the puttygen.exe utility available from the same page [http://www.chiark.greenend.org.uk/~sgtatham/putty/] as PuTTY.
+
'''VERY IMPORTANT:''' The directory containing ''.htaccess'' must not have the '''AllowOverride None''' directive in the master configuration file in order for '''.htaccess''' to be read.
Next select import under the conversions menu,load the amazon ''.pem'' key file and press the save private key button. Be sure to save the file in the directory where PuTTY looks for its keys.
+
=== Directory Directive ===
  
Copy and paste works similarly to the X Window System in Unix. You use the left mouse button to select text in the PuTTY window. The act of selection automatically copies the text to the clipboard: there is no need to press Ctrl-Ins or Ctrl-C or anything else. In fact, pressing Ctrl-C will send a Ctrl-C character to the other end of your connection (just like it does the rest of the time), which may have unpleasant effects. The only thing you need to do, to copy text to the clipboard, is to select it.
+
Use the Directory directive to assign other directives to a specific directory. For example:
  
To paste the clipboard contents into a PuTTY window, by default you click the right mouse button. If you have a three-button mouse and are used to X applications, you can configure pasting to be done by the middle button instead, but this is not the default because most Windows users don't have a middle button at all.
+
<source lang="apache">
 +
<Directory /var/www/>
 +
Options Indexes FollowSymLinks
 +
AllowOverride None
 +
Order allow,deny
 +
allow from all
 +
RedirectMatch ^/$ /apache2-default/
 +
</Directory>
 +
</source>
  
Also, here is a good PuTTY tutorial that you might find useful to get started: http://kb.mediatemple.net/questions/1595/Using+SSH+in+Putty+%28Windows%29
+
This sets options for the ''/var/www'' directory.
 +
# The '''Options''' directive says that:
 +
## If no index page is present in a directory, display a directory index page instead
 +
## Apache will follow symbolic links in the directory
 +
# '''AllowOverride None''' says that ''.htaccess'' files cannot alter the Apache options in this directory and all sub-directories
 +
# '''Order allow,deny''' and '''Allow from all''' specifies that anybody is allowed to access this server via HTTP.
  
=== SSHFS ===
+
Note that this directory is actually the root directory of the web server.
  
SSHFS is a filesystem client which allows secure mounting of remote file systems. While there are other ways to mount remote file systems, SSHFS has the advantage of being able to mount a file system located on any host that has an SSH daemon running without any host side installation or configuration. This means that you can easily access and edit your files using all of your local applications including IDEs.
+
== The UserDir Module ==
  
As you may have inferred from the name, the underlying implementation utilizes SSH File Transfer Protocol in combination with FUSE, a package now included in the kernel that allows unprivileged users to easily create their own file systems in userspace (see the wikipedia entry for more information [http://en.wikipedia.org/wiki/Filesystem_in_Userspace]).
+
{{RequiredInstructions|content=
  
To mount a share using password based authentication, the command is
+
The UserDir module lets you access files for any user on the server with a ~, e.g., http://ec2-xxx-xxx-xxx-xx.compute-1.amazonaws.com/~paul/
sshfs user@domain:/path/to/remote/directory /path/to/local/mountpoint
 
e.g. To mount the directory /home/joe/myfiles in the user ''joe'''s home directory for a machine with the domain schmoesfiles.org using SSHFS you would enter the command
 
sshfs joe@www.schmoesfiles.org:myfiles
 
  
Note that if you are using public key authentication, the command to mount the remote share is slightly different
+
This module comes installed, but not activated by default.
sshfs -o IdentityFile=/path/to/private/key user@domain:/path/to/remote/directory /path/to/local/mountpoint
 
  
To unmount the filesystem you can use the following command
+
=== Enabling UserDir in RHEL ===
fusermount -u /path/to/local/mountpoint
 
  
=== SFTP ===
+
If you are using an RHEL-based distribution for your server (like the Amazon AMI), you need to edit the master Apache configuration file.
  
Any server running an SSH server is also compatible with '''SFTP''' or Secure File Transfer Protocol(Compare to FTP, or File Transfer Protocol.)
+
Open ''/etc/httpd/conf.d/userdir.conf'' in your favorite text editorFor more information on command-line text editors, refer to [[Linux#File Editors|the Linux guide]].
  
You can use SFTP from the command line, or you can use any GUI file transfer client.  All FTP clients I have seen also support SFTP.  One popular FTP client is [http://www.filezilla-project.org/ Filezilla].
+
Find the line that says
  
== SUDO Users ==
+
<source lang="apache">UserDir disabled</source>
  
For security reasons, you should never SSH into your server as the root user.  Instead, you should use a normal user to whom you give '''sudo''' privileges.  (For more detail on sudo, see [[Linux#SUDO|the Linux guide]].)
+
and change it to
  
When you create an Amazon EC2 instance, the user you set up initially is already given SUDO privileges.  If you want to give more users SUDO privileges, use the command '''visudo''', which opens up the SUDO configuration file in the system's default text editor.  (Never edit the file ''/etc/sudoers'' directly!)  SUDO users are specified using lines similar to
+
<source lang="apache">UserDir disabled root</source>
  
alice  ALL=(ALL) ALL
+
Additionally, find the line that says
  
In this case, Alice can run any command as SUDO privileges on the computer.  For more detail on SUDO configuration, see http://www.linuxhelp.net/guides/sudo/
+
<source lang="apache">#UserDir public_html</source>
  
{{Stub}}
+
and uncomment it; that is, remove the # so that you have
  
 +
<source lang="apache">UserDir public_html</source>
  
[[Category:Module 1]]
+
This tells Apache that the directory containing each user's html files is a subdirectory of their home directory called public_html.
 +
 
 +
'''Note:''' Users need to manually create public_html.  It is not created automatically.
 +
 
 +
You may also need to change the permissions of your user directory and your public_html directory to allow Apache to read and execute inside them.  To do this, run the following commands:
 +
 
 +
<source lang="bash">
 +
$ sudo chmod o+x /home/<myusername>
 +
$ sudo chmod o+rx /home/<myusername>/public_html
 +
$
 +
</source>
 +
 
 +
Finally, [[#Restarting Apache and Testing|restart Apache]].
 +
 
 +
}}
 +
 
 +
=== Remapping UserDir ===
 +
 
 +
If you want to change the name of the UserDir web server root from '''public_html''' to something else like '''.html''', follow these instructions.  (You do not need to do this for the purposes of CSE 330; this serves as a reference.)
 +
 
 +
# Rename your '''public_html''' to '''.html'''
 +
#* The "." in front of the directory name means that the directory is a hidden one.  You will not see it with the normal "ls" command.  Use "ls -a" to see hidden files as well.
 +
# Edit the UserDir configuration file.
 +
#* In RHEL, edit the userDir configuration file at ''/etc/httpd/conf.d/userdir.conf''
 +
# Find the line that reads <code>UserDir public_html</code> and change it to <code>UserDir .html/</code>
 +
# [[#Restarting Apache and Testing|Restart Apache]].
 +
 
 +
== Apache Logs ==
 +
 
 +
Apache creates two log files: one for all access attempts to your server, and one for errors.  The locations of these log files are:
 +
 
 +
* '''Access Log:''' /var/log/httpd/access_log
 +
* '''Error Log:''' /var/log/httpd/error_log
 +
 
 +
You might find it helpful to see access and errors appear "live" in your terminal window as they are created.  To do this, you can use the [[Linux#Command Reference|tail -f]] command.  Since the log files have strict permissions, you will need to also use sudo.  Example:
 +
 
 +
<source lang="bash">
 +
$ sudo tail -f /var/log/httpd/access_log
 +
</source>
 +
 
 +
== Virtual Hosts ==
 +
 
 +
'''Virtual Hosts''' are used to run multiple Apache web servers from the same machine.  Virtual hosts can listen for connections on different ports and/or different hostnames, serving completely different web sites to each.  For example:
 +
 
 +
<source lang="apache">
 +
<VirtualHost cse330.dyndns.org>
 +
ServerAdmin webmaster@localhost
 +
ServerName cse330.dyndns.org
 +
DocumentRoot /home/www/cse330/
 +
ErrorLog /var/log/httpd/error_log
 +
LogLevel warn
 +
CustomLog /var/log/apache2/access_log combined
 +
ServerSignature On
 +
</VirtualHost>
 +
</source>
 +
 
 +
This configuration enables any requests that use a host name of ''cse330.dyndns.org'' will use ''/home/www/cse330'' as the root document directory.  Make sure that the DocumentRoot directory exists and is readable by the httpd process.  In RHEL, Apache runs as the '''apache''' user.
 +
 
 +
It is good practice to put raw server configuration files in ''/etc/httpd/sites-available''.  To activate a site, create a symlink from the configuration in ''sites-available'' to a sibling directory called ''sites-enabled''.
 +
 
 +
== Restarting Apache and Testing ==
 +
 
 +
Whenever you make changes to the Apache configuration files, you will need to restart Apache for the changes to take effect.  There are several different ways to restart Apache; they all functionally do (almost) the same thing, so choose your favorite:
 +
 
 +
<source lang="bash">
 +
$ sudo /usr/sbin/apachectl restart
 +
$ sudo apachectl restart    # if /usr/sbin is in your PATH (which it is *not* by default in RHEL)
 +
$ sudo /etc/init.d/httpd restart
 +
$ sudo /sbin/service httpd restart
 +
$ sudo service httpd restart
 +
</source>
 +
 
 +
If you're torn for which version is the "best" to use, the commands involving '''apachectl''' (think "Apache Control") are written by the Apache folks themselves.  This has a couple advantages:
 +
* They show you errors in the startup process (if there are any)
 +
* They give you the option to perform a "soft" restart; that is, a restart that allows any pending connections to complete.  To perform a soft restart, use ''graceful'': <code>sudo apachectl graceful</code>
 +
In my anecdotal experience, the '''apachectl''' commands are also faster than the '''service''' or '''init.d''' commands.
 +
 
 +
To make sure everything is working, create a test file in your home directory under public_html, and then point your browser to it: http://ec2-xxx-xx-xx-xxx.compute-1.amazonaws.com/~yourUserName/hello.txt
 +
 
 +
[[Category:Module 2]]

Latest revision as of 05:44, 10 January 2023

Apache is the industry standard web server for Linux distributions. It is highly configurable and has a wide range of modules ready for different needs.

XKCD Comic: permanence

What is a web server?

A web server is software that listens for connections to your machine, and when a connection is receive, processes the request and responds with the appropriate information. Most web servers listen on port 80, which is reserved for the purpose, and use the HTTP protocol.

For example, when you visit this wiki, you are sending a request over the internet to some machine that is probably located somewhere in EIT (the user seldom knows exactly where the machine is located). The web server receives your request, and it processes the data you sent. Finally, the server prepares a response (the web page), and sends it back to you.

Installing Apache

In yum, Apache is distributed under the package name httpd (for hypertext transfer protocol daemon). Use the package manager associated with your distribution to install Apache. (For more information on how to use yum, see the Linux guide.)

For example:

$ sudo yum update
$ sudo yum install httpd

You'll need to run this command to add Apache as a startup item:

$ sudo /sbin/chkconfig --levels 235 httpd on

In RHEL, most Apache configurations are stored in /etc/httpd/conf/httpd.conf and others are located in the directory /etc/httpd/conf.d/.

At this point, Apache has been installed, but is not yet running. To start the webserver, run this command:

$ sudo /usr/sbin/apachectl start

Apache Directives

You define your settings for Apache using directives. Some of the directives you will likely encounter include:

  • DocumentRoot: The path to the directory where the top level web files are going to be stored.
  • IfModule: The following block would be included if specified module exists.
  • User: Which user apache2 will run as.
  • Group: Which group will have group access to default web files.
  • AccessFileName: The name of the access file (that specifies user names/passwords and other limitations to files/directories).
  • ErrorLog: Where any errors will be written.
  • Include: Include some other files.
  • LogFormat: How to write a log message.
  • ErrorDocument: Files to display for some HTTP errors (500, 404, 402 etc.).
  • Alias: Map a directory URL to some other location on your filesystem. Requires that the Alias module be loaded.

.htaccess Files

You can also specify some Apache configurations without delving into the master configuration file. To do this, put a file named .htaccess in any directory that Apache is serving. All directives in it will be interpreted as if they were in a Directory directive in the master configuration file.

VERY IMPORTANT: The directory containing .htaccess must not have the AllowOverride None directive in the master configuration file in order for .htaccess to be read.

Directory Directive

Use the Directory directive to assign other directives to a specific directory. For example:

<Directory /var/www/>
	Options Indexes FollowSymLinks 
	AllowOverride None
	Order allow,deny
	allow from all
	RedirectMatch ^/$ /apache2-default/
</Directory>

This sets options for the /var/www directory.

  1. The Options directive says that:
    1. If no index page is present in a directory, display a directory index page instead
    2. Apache will follow symbolic links in the directory
  2. AllowOverride None says that .htaccess files cannot alter the Apache options in this directory and all sub-directories
  3. Order allow,deny and Allow from all specifies that anybody is allowed to access this server via HTTP.

Note that this directory is actually the root directory of the web server.

The UserDir Module

The UserDir module lets you access files for any user on the server with a ~, e.g., http://ec2-xxx-xxx-xxx-xx.compute-1.amazonaws.com/~paul/

This module comes installed, but not activated by default.

Enabling UserDir in RHEL

If you are using an RHEL-based distribution for your server (like the Amazon AMI), you need to edit the master Apache configuration file.

Open /etc/httpd/conf.d/userdir.conf in your favorite text editor. For more information on command-line text editors, refer to the Linux guide.

Find the line that says

UserDir disabled

and change it to

UserDir disabled root

Additionally, find the line that says

#UserDir public_html

and uncomment it; that is, remove the # so that you have

UserDir public_html

This tells Apache that the directory containing each user's html files is a subdirectory of their home directory called public_html.

Note: Users need to manually create public_html. It is not created automatically.

You may also need to change the permissions of your user directory and your public_html directory to allow Apache to read and execute inside them. To do this, run the following commands:

$ sudo chmod o+x /home/<myusername>
$ sudo chmod o+rx /home/<myusername>/public_html
$

Finally, restart Apache.

Remapping UserDir

If you want to change the name of the UserDir web server root from public_html to something else like .html, follow these instructions. (You do not need to do this for the purposes of CSE 330; this serves as a reference.)

  1. Rename your public_html to .html
    • The "." in front of the directory name means that the directory is a hidden one. You will not see it with the normal "ls" command. Use "ls -a" to see hidden files as well.
  2. Edit the UserDir configuration file.
    • In RHEL, edit the userDir configuration file at /etc/httpd/conf.d/userdir.conf
  3. Find the line that reads UserDir public_html and change it to UserDir .html/
  4. Restart Apache.

Apache Logs

Apache creates two log files: one for all access attempts to your server, and one for errors. The locations of these log files are:

  • Access Log: /var/log/httpd/access_log
  • Error Log: /var/log/httpd/error_log

You might find it helpful to see access and errors appear "live" in your terminal window as they are created. To do this, you can use the tail -f command. Since the log files have strict permissions, you will need to also use sudo. Example:

$ sudo tail -f /var/log/httpd/access_log

Virtual Hosts

Virtual Hosts are used to run multiple Apache web servers from the same machine. Virtual hosts can listen for connections on different ports and/or different hostnames, serving completely different web sites to each. For example:

<VirtualHost cse330.dyndns.org>
	ServerAdmin webmaster@localhost
	ServerName cse330.dyndns.org
	DocumentRoot /home/www/cse330/
	ErrorLog /var/log/httpd/error_log
	LogLevel warn
	CustomLog /var/log/apache2/access_log combined
	ServerSignature On
</VirtualHost>

This configuration enables any requests that use a host name of cse330.dyndns.org will use /home/www/cse330 as the root document directory. Make sure that the DocumentRoot directory exists and is readable by the httpd process. In RHEL, Apache runs as the apache user.

It is good practice to put raw server configuration files in /etc/httpd/sites-available. To activate a site, create a symlink from the configuration in sites-available to a sibling directory called sites-enabled.

Restarting Apache and Testing

Whenever you make changes to the Apache configuration files, you will need to restart Apache for the changes to take effect. There are several different ways to restart Apache; they all functionally do (almost) the same thing, so choose your favorite:

$ sudo /usr/sbin/apachectl restart
$ sudo apachectl restart    # if /usr/sbin is in your PATH (which it is *not* by default in RHEL)
$ sudo /etc/init.d/httpd restart
$ sudo /sbin/service httpd restart
$ sudo service httpd restart

If you're torn for which version is the "best" to use, the commands involving apachectl (think "Apache Control") are written by the Apache folks themselves. This has a couple advantages:

  • They show you errors in the startup process (if there are any)
  • They give you the option to perform a "soft" restart; that is, a restart that allows any pending connections to complete. To perform a soft restart, use graceful: sudo apachectl graceful

In my anecdotal experience, the apachectl commands are also faster than the service or init.d commands.

To make sure everything is working, create a test file in your home directory under public_html, and then point your browser to it: http://ec2-xxx-xx-xx-xxx.compute-1.amazonaws.com/~yourUserName/hello.txt