Difference between revisions of "Apache"

From CSE330 Wiki
Jump to: navigation, search
(Subversion: Moving the Subversion section to Subversion)
(Enabling UserDir in RHEL)
Line 163: Line 163:
  
 
Find the line that says
 
Find the line that says
UserDir disabled
+
 
 +
<source lang="apache">UserDir disabled</source>
 +
 
 
and change it to
 
and change it to
UserDir disabled root
+
 
 +
<source lang="apache">UserDir disabled root</source>
  
 
Additionally, find the line that says
 
Additionally, find the line that says
#UserDir public_html
+
 
 +
<source lang="apache">#UserDir public_html</source>
 +
 
 
and uncomment it; that is, remove the # so that you have
 
and uncomment it; that is, remove the # so that you have
UserDir public_html
+
 
 +
<source lang="apache">UserDir public_html</source>
  
 
This tells Apache that the directory containing each user's html files is a subdirectory of their home directory called public_html.
 
This tells Apache that the directory containing each user's html files is a subdirectory of their home directory called public_html.

Revision as of 04:51, 31 March 2013

This page describes how to set up a web server on a Linux machine. If you are unfamiliar with using Linux from the command line, you should read the Linux guide first.

XKCD Comic: permanence

What is a web server?

A web server is software that listens for connections to your machine, and when a connection is receive, processes the request and responds with the appropriate information. Most web servers listen on port 80, which is reserved for the purpose, and use the HTTP protocol.

For example, when you visit this wiki, you are sending a request over the internet to some machine that is probably located somewhere in EIT (the user seldom knows exactly where the machine is located). The web server receives your request, and it processes the data you sent. Finally, the server prepares a response (the web page), and sends it back to you.

SSH Server

When connecting as an administrator to your machine over the internet or intranet, you will most likelly be using ssh (secure shell). SSH access requires that the sshd daemon is running in your machine.

By default, SSH is preinstalled on your EC2 instance. If you are not using an EC2 instance, simply install it from yum or apt.

SSH Keys

Normally, you can SSH into your machine with one of two ways: you can use traditional username/password authentication, or you can use a public/private key pair. A public/private key pair is generally considered to be more secure, but it requires that you always have access to your private key file when you want to log into your remote machine. By default, EC2 instances allow only public/private key pair authentication. You can enable password-based authentication by changing the PaswordAuthentication option in /etc/ssh/sshd_config to yes:

PasswordAuthentication yes

If possible, however, you should restrict yourself to using private and public keys.

Adding SSH Users

If you want to log into your EC2 instance using your own account rather than the default ec2-user or ubuntu account that Amazon made for you, you need to do some additional configurations.

If you are using keys, you need to associate your private key with the user on the server. To do this, run the following commands:

$ sudo su # you need to be root in order to access another user's directory
$ cd /home/myUserName/
$ sudo mkdir .ssh
$ sudo cp /home/originalUserName/.ssh/authorized_keys .ssh   # originalUserName should be ec2-user in the Amazon Linux AMI or ubuntu in Ubuntu Server 12.04 LTS
$ sudo chmod 700 .ssh
$ sudo chmod 600 .ssh/authorized_keys
$ sudo chown -R myUserName:myUserGroup .ssh   # myUserGroup is probably the same as myUserName; for example, if the username were alice, you could run: sudo chown -R alice:alice .ssh
$

You should now be able to log into your server using your custom username with SSH keys!

IMPORTANT: From here on out it is recommended that you always login as your user account instead of ec2-user or ubuntu. Previous versions of the Amazon EC2 cloud created an account named "root", instead of the default account ec2-user or ubuntu. If you really want to login as root, you can set the password for that account by typing: sudo passwd root. As explained below, it is not recommended to use the root account or allow ssh connections with that username. It is advisable to use the account you created instead of the root account (or ec2-user or ubuntu) for security reasons. Additionally, the act of requiring you to type "sudo" in order to run commands as root serves as a reminder that the command you are typing in should be examined carefully.

SSH Server Configurations

The configuration files for SSH are in /etc/ssh. You can modify the files to affect SSH permissions, among other things. For example, it is always a good idea to disable root access over ssh. This could be done by editing /etc/ssh/sshd_config and setting

PermitRootLogin no

Caution: Disabling root access over SSH for your EC2 instance should only be done after setting up an additional user account and adding that account to the sudoers list.

For more detail on editing files on the command line, see the Linux guide.

You will need to restart the server for changes to take effect:

$ sudo service ssh restart   # if that doesn't work, try: sudo /etc/init.d/sshd restart
ssh stop/waiting
ssh start/running, process 1443
$

Apache

Apache is the industry standard web server for Linux distributions. It is highly configurable and has a wide range of modules ready for different needs.

XKCD Comic: server_attention_span

Installing Apache

In yum, Apache is distributed under the package name httpd (for hypertext transfer protocol daemon). In apt, it is distributed under the name apache2. Use the package manager associated with your distribution to install Apache. (For more information on how to use yum and apt, see the Linux guide.)

When Apache is installed through apt, the HTTP Daemon will be automatically to added as a startup item. If you are using the Amazon AMI, you need to run this command to add Apache as a startup item:

$ sudo /sbin/chkconfig --levels 235 httpd on # RHEL only
$

In RHEL, all Apache configurations are stored in /etc/httpd/conf/httpd.conf. Debian takes a more modular approach, having separate directories for each type of configuration, all located in /etc/apache2/. For more detail on Debian's approach, see http://www.control-escape.com/web/configuring-apache2-debian.html

Apache Directives

You define your settings for Apache using directives. Some of the directives you will likely encounter include:

  • DocumentRoot: The path to the directory where the top level web files are going to be stored.
  • IfModule: The following block would be included if specified module exists.
  • User: Which user apache2 will run as.
  • Group: Which group will have group access to default web files.
  • AccessFileName: The name of the access file (that specifies user names/passwords and other limitations to files/directories).
  • ErrorLog: Where any errors will be written.
  • Include: Include some other files.
  • LogFormat: How to write a log message.
  • ErrorDocument: Files to display for some HTTP errors (500, 404, 402 etc.).
  • Alias: Map a directory URL to some other location on your filesystem. Requires that the Alias module be loaded.

.htaccess Files

You can also specify some Apache configurations without delving into the master configuration file. To do this, put a file named .htaccess in any directory that Apache is serving. All directives in it will be interpreted as if they were in a Directory directive in the master configuration file.

VERY IMPORTANT: The directory containing .htaccess must not have the AllowOverride None directive in the master configuration file in order for .htaccess to be read. In Debian, AllowOverride None is enabled by default! The Apache configuration file you need to edit in Debian is /etc/apache2/sites-available/default (remove the AllowOverride None located on line 11).

Directory Directive

Use the Directory directive to assign other directives to a specific directory. For example:

<Directory /var/www/>
	Options Indexes FollowSymLinks 
	AllowOverride None
	Order allow,deny
	allow from all
	RedirectMatch ^/$ /apache2-default/
</Directory>

This sets options for the /var/www directory.

  1. The Options directive says that:
    1. If no index page is present in a directory, display a directory index page instead
    2. Apache will follow symbolic links in the directory
  2. AllowOverride None says that .htaccess files cannot alter the Apache options in this directory and all sub-directories
  3. Order allow,deny and Allow from all specifies that anybody is allowed to access this server via HTTP.

Note that this directory is actually the root directory of the web server.

Enabling the UserDir Module

The UserDir module lets you access files for any user on the server with a ~, e.g., http://ec2-xxx-xxx-xxx-xx.compute-1.amazonaws.com/~paul/

This module comes installed, but not activated by default.

Enabling UserDir in Debian

If you are using a Debian-based distribution for your server (like Ubuntu Server 12.04 LTS), simply run the following command to enable the module:

$ sudo a2enmod userdir
Enabling module userdir.
To activate the new configuration, you need to run:
  service apache2 restart
$

Then restart Apache for the changes to take effect. Now, all users will be able to store their own personal web site in public_html inside their home directory.

To make sure everything is working, create a test file in your home directory under public_html, and then point your browser to it: http://ec2-xxx-xx-xx-xxx.compute-1.amazonaws.com/~yourUserName/hello.txt

Note: The UserDir configuration file, which already has all the correct settings, is located at /etc/apache2/mods-available/userdir.conf

Enabling UserDir in RHEL

If you are using an RHEL-based distribution for your server (like the Amazon AMI), you need to edit the master Apache configuration file.

Open /etc/httpd/conf/httpd.conf in your favorite text editor. For more information on command-line text editors, refer to the Linux guide.

Find the line that says

UserDir disabled

and change it to

UserDir disabled root

Additionally, find the line that says

#UserDir public_html

and uncomment it; that is, remove the # so that you have

UserDir public_html

This tells Apache that the directory containing each user's html files is a subdirectory of their home directory called public_html.

You may also need to change the permissions of your user directory and your public_html directory to allow Apache to read and execute inside them. To do this, run the following commands:

$ sudo chmod o+x /home/myUserName
$ sudo chmod o+rx /home/myUserName/public_html
$

Finally, restart Apache.

Remapping UserDir

If you want to change the name of the UserDir web server root from public_html to something else like .html, follow these instructions.

  1. Rename your public_html to .html
    • The "." in front of the directory name means that the directory is a hidden one. You will not see it with the normal "ls" command. Use "ls -a" to see hidden files as well.
  2. Edit the UserDir configuration file.
    • In RHEL, edit the master Apache configuration file at /etc/httpd/conf/httpd.conf
    • In Debian, edit the UserDir configuration file at /etc/apache2/mods-available/userdir.conf
  3. Find the line that reads UserDir public_html and change it to UserDir .html/
  4. Restart Apache.

Apache Logs

Apache creates two log files: one for all access attempts to your server, and one for errors. The locations of these log files are:

  • Debian:
    • Access Log: /var/log/apache2/access.log
    • Error Log: /var/log/apache2/error.log
  • RHEL:
    • Access Log: /var/log/httpd/access_log
    • Error Log: /var/log/httpd/error_log

You might find it helpful to see access and errors appear "live" in your terminal window as they are created. To do this, you can use the tail -f command. Since the log files have strict permissions, you will need to also use sudo. Example on Debian:

$ sudo tail -f /var/log/apache2/error.log

Virtual Hosts

Virtual Hosts are used to run multiple Apache web servers from the same machine. Virtual hosts can listen for connections on different ports and/or different hostnames, serving completely different web sites to each. For example:

<VirtualHost cse330.dyndns.org>
	ServerAdmin webmaster@localhost
	ServerName cse330.dyndns.org
	DocumentRoot /home/www/cse330/
	ErrorLog /var/log/httpd/error_log
	LogLevel warn
	CustomLog /var/log/apache2/access_log combined
	ServerSignature On
</VirtualHost>

This configuration enables any requests that use a host name of cse330.dyndns.org will use /home/www/cse330 as the root document directory. Make sure that the DocumentRoot directory exists and is readable by the httpd process. In RHEL, Apache runs as the apache user. In Debian, it runs as the www-data user.

It is good practice to put raw server configuration files in /etc/httpd/sites-available in RHEL or /etc/apache2/sites-available in Debian. To activate a site, create a symlink from the configuration in sites-available to a sibling directory called sites-enabled. In Debian, these directories are already set up for you, and Debian Apache even provides the a2ensite and a2dissite commands to create or destroy the symlinks! In RHEL, you have to do this by hand.

Restarting Apache and Testing

Whenever you make changes to the Apache configuration files, you will need to restart Apache for the changes to take effect. There are several different ways to restart Apache; they all functionally do (almost) the same thing, so choose your favorite:

$ sudo /usr/sbin/apachectl restart   # works on both Debian and RHEL
$ sudo apachectl restart    # if /usr/sbin is in your PATH (which it is by default in Debian, but not RHEL)
$ sudo /etc/init.d/httpd restart   # on RHEL
$ sudo /etc/init.d/apache2 restart   # on Debian
$ sudo /sbin/service httpd restart   # on RHEL
$ sudo /usr/sbin/service apache2 restart   # on Debian
$ sudo service httpd restart    # on RHEL
$ sudo service apache2 restart    # on Debian

If you're torn for which version is the "best" to use, the commands involving apachectl (think "Apache Control") are written by the Apache folks themselves. This has a couple advantages:

  • They show you errors in the startup process (if there are any)
  • They give you the option to perform a "soft" restart; that is, a restart that allows any pending connections to complete. To perform a soft restart, use graceful: sudo apachectl graceful

In my anecdotal experience, the apachectl commands are also faster than the service or init.d commands.

To make sure everything is working, create a test file in your home directory under public_html, and then point your browser to it: http://ec2-xxx-xx-xx-xxx.compute-1.amazonaws.com/~yourUserName/hello.txt