Installing Apache Software



Similar documents
Web Server: Principles and Configuration Web Programming 8) Web Server

Created by : Ashish Shah, J.M. PATEL COLLEGE UNIT-5 CHAP-1 CONFIGURING WEB SERVER

APACHE. An HTTP Server. Reference Manual

Systems Integration On Free Software

Introduction to Apache and Global Environment Directives. S.B.Lal Indian Agricultural Statistics Research Institute, New Delhi

C:\www\apache2214\conf\httpd.conf Freitag, 16. Dezember :50

The course will be run on a Linux platform, but it is suitable for all UNIX based deployments.

Securing the Apache Web Server

How To Configure Apa Web Server For High Performance

Basic Apache Web Services

Apache2 Configuration under Debian GNU/Linux. Apache2 Configuration under Debian GNU/Linux

Installing an SSL certificate on the InfoVaultz Cloud Appliance

The Web Server. Instructor: Yi-Shin Chen Office: EECS Office Hour: Tu. 1-2PM, Th. 3-4pm

Real Vision Software, Inc.

Apache. Apache. Something odd happening. Modularity 10/02/2014. We talked about it in CSCI110 Now it s time for you to configure an Apache web server

ITools Manager User Guide

Apache 2.2 on Windows: A Primer

Apache & Virtual Hosts & mod_rewrite

ITOOLS USER S GUIDE Chapala Street. Santa Barbara, CA PH: FAX: info@tenon.com

Implementing HTTPS in CONTENTdm 6 September 5, 2012

APACHE WEB SERVER. Andri Mirzal, PhD N

RED HAT SECURE WEB SERVER 3.0 DEVELOPER EDITION FOR COBALT NETWORKS SERVERS

1. Configuring Apache2 Load Balancer with failover mechanism

User s guide. APACHE SSL Linux. Using non-qualified certificates with APACHE SSL Linux. version 1.3 UNIZETO TECHNOLOGIES S.A.

Installing and Configuring Apache

Eth0 IP Address with Default Gateway Settings:

Technical specification

SVNManager Installation. Documentation. Department of Public Health Erasmus MC University Medical Center

Internet Appliance INTERNETpro Enterprise Stack : Performance & failover testing

Web Hosting for Fame and Fortune. A Guide to using Apache as your web-server solution

High Availability Configuration of ActiveVOS Central with Apache Load Balancer

1Intro. Apache is an open source HTTP web server for Unix, Apache

CO Web Server Administration and Security. By: Szymon Machajewski


Redatam+SP REtrieval of DATa for Small Areas by Microcomputer

Configuring Apache HTTP Server With Pramati

Web Server Administration. Chapter 19

Apache Usage. Apache is used to serve static and dynamic content

WebBridge LR Integration Guide

TECHNICAL NOTE Stormshield Network Firewall AUTOMATIC BACKUPS. Document version: 1.0 Reference: snentno_autobackup

Security Correlation Server Quick Installation Guide

Greenstone Documentation

1. When will an IP process drop a datagram? 2. When will an IP process fragment a datagram? 3. When will a TCP process drop a segment?

Red Hat JBoss Core Services Apache HTTP Server 2.4 Apache HTTP Server Installation Guide

SecuritySpy Setting Up SecuritySpy Over SSL

User Guide Zend Server Community 4.0.3

What will be supplied with chemoventory package?

httpd Apache Web Server

DEPLOYMENT GUIDE Version 1.1. Deploying F5 with Oracle Application Server 10g

Setting up an Apache Web Server for Greenstone 2 Walkthrough

Using RADIUS Agent for Transparent User Identification

Rails Application Deployment. July Philly on Rails

Setup a Virtual Host/Website

WEB2CS INSTALLATION GUIDE

The only skill required really is to locate and edit text-files with a text-editor like Notepad.

Installing and Configuring Apache

CA Nimsoft Monitor. Probe Guide for Apache HTTP Server Monitoring. apache v1.5 series

mod_auth_pubtkt a pragmatic Web Single Sign-On solution by Manuel Kasper, Monzoon Networks AG mkasper@monzoon.net

Virtual Host (Web Server)

PassBy[ME] - Bugzilla integration on

TECHNICAL NOTE. Technical Note P/N REV 03. EMC NetWorker Simplifying firewall port requirements with NSR tunnel Release 8.

CC ICT-SUD. Setting up and integrate Apache, MySQL and PHP on a Linux system

DEPLOYMENT GUIDE Version 1.0. Deploying the BIG-IP LTM with Apache Tomcat and Apache HTTP Server

This section describes how to use SSL Certificates with SOA Gateway running on Linux.

Apache HTTP Server. Implementation Guide. (Version 5.7) Copyright 2013 Deepnet Security Limited

Web Server Management: Running Apache 2.2 under Linux

GL254 - RED HAT ENTERPRISE LINUX SYSTEMS ADMINISTRATION III

Implementing Reverse Proxy Using Squid. Prepared By Visolve Squid Team

Enterprise Reporting Server v3.5

Getting the software The Apache webserver can be downloaded free from the Apache website :

Host your websites. The process to host a single website is different from having multiple sites.

Using the VCDS Application Monitoring Tool

Setting Up SSL From Client to Web Server and Plugin to WAS

ViMP 3.0. SSL Configuration in Apache 2.2. Author: ViMP GmbH

APACHE HTTP SERVER 2.2.8

PROXY SETUP WITH IIS USING URL REWRITE, APPLICATION REQUEST ROUTING AND WEB FARM FRAMEWORK OR APACHE HTTP SERVER FOR EMC DOCUMENTUM EROOM

Configuring Remote HANA System Connection for SAP Cloud for Analytics via Apache HTTP Server as Reverse Proxy

How to setup HTTP & HTTPS Load balancer for Mediator

Enterprise Knowledge Platform

What's new in httpd 2.2?

Witango Application Server 6. Installation Guide for OS X

Oracle HTTP Server powered by Apache

Configuring Secure Socket Layer HTTP

Matlab Web Server Installation and Configuration Guide

Installing Rails 2.3 Under CentOS/RHEL 5 and Apache 2.2

Security Correlation Server Quick Installation Guide

Integration Guide. SafeNet Authentication Service. SAS Using RADIUS Protocol with Apache HTTP Server

Table of Contents. Related Topics

Apache (2) als Reverse Proxy für Outlook Web Access

The Virtual Private Server Handbook

Spectrum Technology Platform Version Tutorial: Load Balancing Spectrum Spatial Services. Contents:

Implementing a Weblogic Architecture with High Availability

(n)code Solutions CA A DIVISION OF GUJARAT NARMADA VALLEY FERTILIZERS COMPANY LIMITED P ROCEDURE F OR D OWNLOADING

Running Multiple Shibboleth IdP Instances on a Single Host

F-Secure Messaging Security Gateway. Deployment Guide

Welcome to Apache the number one Web server in

MassTransit 6.0 Enterprise Web Configuration for Macintosh OS 10.5 Server

Configuring MassTransit for the Web Using Apache on Mac OS 10.2 and 10.3

HTTP 1.1 Web Server and Client

How To Run Nrpe On Nagios On Windows 7.5 (Windows) On A Linux Computer On A Windows 7 (Windows 7) On An Ubuntu Computer On An Ipad Or Ipad (Windows 8) On Your Pc

Transcription:

Web Server Web Server Is a software application that uses the HyperText Transfer Protocol. Running on computer connected to Internet. Many Web Server software applications: Public domain software from Apache Commercial applications from Microsoft, Oracle, Netscape and others. Web Server may provide access to Content and responds to requests received from Web browsers. Apache Software Freely available web server software Has undergone years of testing and development Most Unix web servers are build with Apache software Configuring Apache 1-1 Installing Apache Software Check if Apache is installed and running? Process httpd is running Check out http://localhost for responding In class Exercise Is apache web server installed on your wkstation? Is httpd running? Is httpd://localhost working? See a testpage? Give another name: www.xxx.yyy.zzz Configuring Apache 1-2 1

Install the Package on Linux Use rpm Get the distribution CD and find the rpm file for apache. Use rpm with install option and rpm file name Enable httpd to start automatically during startup Use chkconfig or other to make links to boot process #chkconfig list httpd #chkconfig level 35 httpd on #chkconfig list httpd Reboot or manually start the daemon httpd #/etc/init.d/httpd start Configuring Apache 1-3 Installing Apache If OS does not include Apache, download it first http:/www.apache.org Binaries are listed by operating system, select one that is appropriate to your OS Download the tar and extract it Configuring Apache 1-4 2

Configuring Apache Server Locate Configuration file httpd.conf /etc/apache on Solaris /etc/httpd/conf on Red Hat Note: If you don t know where the file is, use find command. #find / -name httpd.conf print Customize httpd.conf Pre configured, ready to run Make small changes to reflect the ServerAdmin Default is root@localhost Change it to the administrator s email address ServerName Can be determined automatically Change it to name/ip address and port explicitly Configuring Apache 1-5 Configuring Apache on Solaris Start daemon # /etc/init.d/apache start ps ef grep httpd More than one httpd are running. Test it In netscape, Enter http://localhost It worked! test page will show up. Put data Create files under default DocumentRoot /var/apache/htdocs Or Change DocumentRoot directive Configuring Apache 1-6 3

Understanding an httpd.conf File We will focus on directives Global environment directives Main server directives Virtual host directives Modules must be loaded before the directives they provide can be used in the configuration. Loading Dynamic Shared Objects (DSO) Use LoadModule directive List modules compiles into Apache %httpd l Only http_core.c and mod_so.c have to be compiled into the executables, other modules can be loaded dynamically. LoadModule specify the.so file AddModule specify the source file Order is critical Configuring Apache 1-7 Understanding an httpd.conf File Basic Configuration Directives Email address of the web server administrator ServerAdmin Hostname returned to clients ServerName Avoid using real server name. Define CNAME in DNS For example: www.csl.mtu.edu UseCanonicalName Used to build self-referencing URL If on, ServerName will be used If off, the value that came in the query from client is used. ServerRoot Important files used by httpd. Port Default is 80 Configuring Apache 1-8 4

Managing the Swam Handle multiple connections A swarm of server processes starts at boot time. See the output of ps ef grep httpd Spare processes will be started if all persistent httpd processes become busy. Five directives to control the processes MinSpareServers - # of minimum idle processes Allow burst requests On Solaris, default is 5 MaxSaperServers - # of maximum idle processes Prevents too many idle servers. On Solaris, default is 10 The excess idle servers are killed. Configuring Apache 1-9 Managing the Swam StartServers - # of daemons started at boot time MaxClients Maximum number of client connections that can be services simultaneously. On Solaris, default is 150. Upper limit HARD_SERVER_LIMIT is 256. MaxRequestsPerChild Number of client request a child process can handle before it must terminate. On Solaris default is 0. Should be zero unless there are some special situation like memory leak. Owner of the httpd child processes? On Solaris, the owner is nobody:nobody UID:GID should provide the least possible system privileges. Configuring Apache 1-10 5

Defining Where Things Are Stored Create container to limit scope of various configuration directives <Directory pathname> Ends with </Directory> <Location document> Documents are specific to web server. Can contain multiple files or dirs to display a screenful of information that response to a web query. Ends with </Location> <Files filename> Filename can contain wildcards * or?. Filename can be interpreted as a regular expression. Ends with </Files> Configuring Apache 1-11 Defining Where Things Are Stored Some Directives Alias Alias /icons/ /var/apache/icons/ Access of www.wrotethebook.com/icons is mapped to www.wrotethebook.com/var/apache/icons ScriptAlias ScriptAlias /cgi-bin/ /var/apache/cgi-bin/ Httpd grants this directory execution privileges. UserDir Personal user web pages Has you set up yours on CS web server? On Solaris, default is public_html. Create a public_html in the home dirs Access it www.***.***/~usercount Can use full path to map to another area. Configuring Apache 1-12 6

Defining Where Things Are Stored Some Directives (Cont) PidFile Store process ID ScoreBoardFile Store process status DirectoryIndex DocumentRoot is prepended to every request. DirectoryIndex is appended to any request that doesn t end in a filename http:/www.wrotethebook.com -> http:/www.wrotethebook.com/index.html If the DirectoryIndex file is not found in the directory, httpd sends the client a listing of the directory if the configuration allows. Configuring Apache 1-13 Creating a Fancy Index IndexOptions IndexIgnore HeaderName display at the top ReadmeName display at the bottom AddIconByEncoding based on MIME encoding type AddiconByType bases on MIME filetype AddIcon based on its extension DefaultIcon Configuring Apache 1-14 7

Performance Tuning Directives KeepAlive This directive enables the use of persistent connection Server waits to see if the client has additional requests before it closes the connection. KeepAliveTimeout Number of seconds to wait for the next request from the same client on the same connection. Default is 15 seconds. MaxkeepAliveRequests Default is 100 0 means no limitation. TimeOut The number of seconds before receives and sends time out. Default is 5 minutes Need to be large enough Disable KeepAlive will require a new connection for each request. Configuring Apache 1-15 Performance Tuning Directives BrowserMatch Reduce performance For the sake of Compatibility Handle old version of browser Disable keepalive HostnameLookups Enable: Log hostnames as well as IP address Overhead of DNS name lookups Get a more readable file Disable Enhance server performance Configuring Apache 1-16 8

Logging Configuration Directives Logging configuration ErrorLog Define the path of the error log Monitor the log regularly or on real time» tail f filename LogLvel Eight levels: debug, info, notice, warn, error, crit, alert, emerg Default level is warn right amount of info in most cases Configuring Apache 1-17 Logging Configuration Directives LogFormat Define the format of log file entries Conforms to the Common Log Format (CFL) standard, so log analyzer can be used Includes a layout and a label» LogFormat %h %u %t \ %r\ %>s %b common» LogFormat {User-agent} agent CustomLog Bind the label of LogFormat with a file CustomLog /var/apache/logs/access_log combined CustomLog /var/apache/logs/agent_log agent Configuring Apache 1-18 9

Logging Configuration Directives Using conditional logging Log when certain status codes are returned Log browser name only if the browser requests a service that is not implemented in your server Status code 501:Not implementation %501{user-agent}I %!200,302,304{Referer}i Configuring Apache 1-19 Proxy Servers and Caching What are proxy servers? Servers that sits between a client application, such as a Web browser, and a real server. Two main purposes: Improve Performance It saves the results of all requests for a certain amount of time and sends back the result to client from its cache if not expired or updated since then.» Reduce network traffic» Reduce user s wait time, improve response time» Relieve network bandwidth bottleneck Major online services such as Compuserve and America Online employ array of proxy servers. Filter Requests Prevent to access certain set of web sites. Increate network security Configuring Apache 1-20 10

Options that control Caching CacheNegotiateDocs Allow caching ProxyRequests Turn your server into a proxy server ProxyVia Enables or disable the use of Via: headers, which aid in tracking where cached paged came from CacheRoot The directory where cached web pages are written CacheSize Maximum size of the cache in kilobytes CacheGcInterval Time interval at which the server prunes the cache. NoCache Defines a list of servers whose pages you do not want to cache. Configuring Apache 1-21 Multi-homed Server Options Web servers with more than one IP address are said to be multi-homed Which address it should listen to for incoming server requests? Listen Specifies addresses and port in addition to the default port and address. listen 192.168.1.1:80 Listen 216.180.25.168:443 Configuring Apache 1-22 11

Defining Virtual Hosts Use Virtual Host directives to hosts multiple web sites. For example, on crab.wrotethebook.com, host two web site fish.edu and mammal.com <VirtualHost www.fish.edu> DocumentRoot /var/apache/fish Servername www.fish.edu </VirtualHost> <VirtualHost www.mammal.edu> DocumentRoot /var/apache/mammals Servername www.mammals.edu </VirtualHost> Configuring Apache 1-23 Web Server Security Protect the integrity of the information Access controls defined in httpd.conf Host level User level Unix file permissions Read permission for all files Execution permission for some files CGI and SSI potential security threat.» Buffer overflow» Passing shell commands Control executable files One Location Review the CGI files Limit the use of some SSI commands Configuring Apache 1-24 12

Web Server Security Controlling Server Options <Directory /> Options FollowSymLinks AllowOverride None </Directory> <Directory "/var/apache/htdocs"> Options Indexes FollowSymLinks MultiViews AllowOverride None Order allow,deny Allow from all </Directory> <Directory "/var/apache/icons"> Options Indexes MultiViews AllowOverride None Order allow,deny Allow from all </Directory> Configuring Apache 1-25 Web Server Security The directive Options has several possible setting All ExecCGI FollowSymLinks More places that documents are stored and more the check for permission. Includes IncludesNOEXEC Indexes Exposes a listing of the directory contents. MultiViews None SymLinksIfOwnerMatch Configuring Apache 1-26 13

Web Server Security Directory-level Configuration Controls Access control information for each directory Enable it: AccessFileName.htaccess Limit the control given to individual s directories AllowOverride ALL NONE Individual directive Configuring Apache 1-27 Web Server Security Defining Access Controls from host level Example: <Directory /var/apache/htdocs/internal > order deny,allow Deny from all Allow from wrotethebook.com </Directory> Three access control directives Order Deny from Allow from Configuring Apache 1-28 14

Web Server Security Access Controls at User level Example: <Directory /var/apache/htdocs/internal/accounting > AuthName Accounting AuthType Basic AuthUserFile /etc/apache/http.passwords AuthGroupFile /etc/apache/http.groups Require hdqtrs rec bill pay order deny,allow Deny from all </Directory> Create the password file using htpasswd command Create the group file using any text editor Require group/valid-user Configuring Apache 1-29 Web Server Security Improved user authentication Standard module mod_auth stores user authentication data in flat file that are searched sequentially. Two modules use database mod_auth_db, uses Berkeley DB database mod_auth_dbm, uses Unix DBM database Example, On Solaris <Directory /var/apache/htdocs/internal/accounting > AuthName Accounting AuthType Basic AuthDBMUserFile /etc/apache/http.passwords AuthDBMGroupFile /etc/apache/http.groups Require hdqtrs rec bill pay order deny,allow Deny from all Allow from Limit> </Directory> Use dbmanage to manage password. Configuring Apache 1-30 15

Web Server Security Basic authentication Clear text Digest authentication Not send password Compare chksum, using MD5 default Configuring Apache 1-31 Web Server Security Setting file-level access controls File container Example <Files ~ ^\.ht > Order allow,deny Deny from all </Files> Setting Document-level access controls Document name from a URL Example <Location /server-status> SetHandler serve-status Order all,deny Deny from all Allow from wrotethebook.com </Files> Configuring Apache 1-32 16

Web Server Security Still there are two weakness in the traditional Web security model How to protect the data on the wire? How to authenticate the server for client? Use Secure Socket Layer (SSL) protocol SSL uses public key cryptography for strong authentication and to negotiate session encryption When SSL is uses, the exchange of data between the client and server is encrypted and protected. Configuring Apache 1-33 17

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information