Web Server: Principles and Configuration Web Programming 8) Web Server



Similar documents
Installing Apache Software

Created by : Ashish Shah, J.M. PATEL COLLEGE UNIT-5 CHAP-1 CONFIGURING WEB SERVER

APACHE. An HTTP Server. Reference Manual

C:\www\apache2214\conf\httpd.conf Freitag, 16. Dezember :50

Apache 2.2 on Windows: A Primer

Basic Apache Web Services

Eth0 IP Address with Default Gateway Settings:

High Availability Configuration of ActiveVOS Central with Apache Load Balancer

Apache (2) als Reverse Proxy für Outlook Web Access

httpd Apache Web Server

Installing and Configuring Apache

The Web Server. Instructor: Yi-Shin Chen Office: EECS Office Hour: Tu. 1-2PM, Th. 3-4pm

Implementing HTTPS in CONTENTdm 6 September 5, 2012

Internet Appliance INTERNETpro Enterprise Stack : Performance & failover testing

Anexo II Ejemplos de ficheros de configuración de Apache Web Server

Securing the Apache Web Server

Installing an SSL certificate on the InfoVaultz Cloud Appliance

Virtual Host (Web Server)

The course will be run on a Linux platform, but it is suitable for all UNIX based deployments.

Installing and Configuring Apache

Instalación y configuración del servidor web Apache

Apache & Virtual Hosts & mod_rewrite

TODAY web servers become more and more

APACHE WEB SERVER. Andri Mirzal, PhD N

CC ICT-SUD. Setting up and integrate Apache, MySQL and PHP on a Linux system

McAfee epolicy Orchestrator: Creating an Apache HTTP Repository

Apache Usage. Apache is used to serve static and dynamic content

How To Configure Apa Web Server For High Performance

CO Web Server Administration and Security. By: Szymon Machajewski

Apache Web Server Complete Guide Dedoimedo

Apache2 Configuration under Debian GNU/Linux. Apache2 Configuration under Debian GNU/Linux

Real Vision Software, Inc.

Rails Application Deployment. July Philly on Rails

How to setup HTTP & HTTPS Load balancer for Mediator

Running Nginx as Reverse Proxy server

ViMP 3.0. SSL Configuration in Apache 2.2. Author: ViMP GmbH

SVNManager Installation. Documentation. Department of Public Health Erasmus MC University Medical Center

Tutorial d installation d APACHE / OPENSSL / PHP sous Windows

Host your websites. The process to host a single website is different from having multiple sites.

Enterprise Knowledge Platform

The Virtual Private Server Handbook

Setting up an Apache Web Server for Greenstone 2 Walkthrough

Magento Enterprise Edition White Paper!!"#$%&'()*&(+"'#(,-).#/."'(0%-(1/2$(,"-0%-3)*."("4%33"-."!

WEB2CS INSTALLATION GUIDE

Install Apache on windows 8 Create your own server

Setup a Virtual Host/Website

Maximizing Performance and Scalability with Magento Enterprise Edition

Maximizing Performance and Scalability with Magento Enterprise Edition

User s guide. APACHE SSL Linux. Using non-qualified certificates with APACHE SSL Linux. version 1.3 UNIZETO TECHNOLOGIES S.A.

WebBridge LR Integration Guide

Technical specification

The only skill required really is to locate and edit text-files with a text-editor like Notepad.

Web Hosting for Fame and Fortune. A Guide to using Apache as your web-server solution

The current version installed on your server is el6.x86_64 and it's the latest available.

Greenstone Documentation

1Intro. Apache is an open source HTTP web server for Unix, Apache

While are you still in Nagios working directory, create a new file for DNS servers monitoring

How To Use Ngnix (Php) With A Php-Fpm (Php-Fmm) On A Web Server (Php5) On Your Web Browser) On An Ubuntu Web Server On A Raspberry Web 2.5 (Net

1. When will an IP process drop a datagram? 2. When will an IP process fragment a datagram? 3. When will a TCP process drop a segment?


Apache 2.2 on QNX Neutrino 6.4.x OS Step-by-step installation manual

OAMP vs Rev3rse Rev3rse@revunix.tk January 2005

Apache HTTP Server. Implementation Guide. (Version 5.7) Copyright 2013 Deepnet Security Limited

Step-by-Step guide to setup an IBM WebSphere Portal and IBM Web Content Manager V8.5 Cluster From Zero to Hero (Part 2.)

What will be supplied with chemoventory package?

CTIS486 Midterm Solution 23/07/ Akgül

WebServer. Webserver. http http $: # - ;1< = '# 6 > 4? $, " 6789:

Web Server Administration. Chapter 19

Redatam+SP REtrieval of DATa for Small Areas by Microcomputer

To enable https for appliance

Web Server Management: Running Apache 2.2 under Linux

Configuring MassTransit for the Web Using Apache on Mac OS 10.2 and 10.3

Installing Rails 2.3 Under CentOS/RHEL 5 and Apache 2.2

HOW TO SETUP AN APACHE WEB SERVER AND INTEGRATE COLDFUSION

IBM HTTP Server: Migration to Apache User Experience

Bitrix Site Manager 9.x. Installation Guide

Managing Monitoring in Distributed Environments

Lesson 7 - Website Administration

1. Configuring Apache2 Load Balancer with failover mechanism

Virtual Host Continue

DEPLOYMENT GUIDE Version 1.0. Deploying the BIG-IP LTM with Apache Tomcat and Apache HTTP Server

Getting the software The Apache webserver can be downloaded free from the Apache website :

TECHNICAL NOTE Stormshield Network Firewall AUTOMATIC BACKUPS. Document version: 1.0 Reference: snentno_autobackup

Oracle HTTP Server powered by Apache

This section describes how to use SSL Certificates with SOA Gateway running on Linux.

Lab 3.4.2: Managing a Web Server

Parallels Panel. Administrator's Guide to Configuring Apache on Servers Running Parallels Plesk Panel 10. Revision 1.0

SecuritySpy Setting Up SecuritySpy Over SSL

How to: Install an SSL certificate

Apache Web Server Hardening

Transcription:

Web Server: Principles and Configuration Web Programming 8) Web Server Emmanuel Benoist Fall Term 2013-14 Introduction Presentation of Apache Principles of a Web Server Apache Installation Apache Configuration Network and Connexions File Handling Log Files Control Instructions Authorizations and Access Control Virtual Hosts Berner Fachhochschule Haute cole spcialise bernoise Berne University of Applied Sciences 1 State of the art Berner Fachhochschule Haute cole spcialise bernoise Berne University of Applied Sciences 2 What is APACHE? What are the servers of the internet? Developer Nov 2011 Percent Dec. 2011 Percent Change Apache 341,880,662 65.00% 362,267,922 65.22% 0.22 Microsoft 81,261,099 15.45% 82,521,809 14.86% -0.59 nginx 44,731,780 8.50% 49,143,289 8.85% 0.34 Google 17,749,748 3.37% 18,464,148 3.32% -0.05 (Source : http: //news.netcraft.com/archives/category/web-server-survey/) HTTP Deamon APACHE = a Patchy Server Great compatibility with HTTP/1.1 Very fast to execute Real Modularity of the configuration Possibility to have virtual servers Almost 70% of the servers in the world Possibility of a SSL server Multiplateforms : Unix, Windows, Mac-OS X, OS/2, Amiga,... Berner Fachhochschule Haute cole spcialise bernoise Berne University of Applied Sciences 3 Berner Fachhochschule Haute cole spcialise bernoise Berne University of Applied Sciences 4

How does a web server run? World Wide Web - Client Server Architecture A Server application (deamon) listens to a communication port standard port: 80 (< 1024 hence only root can access) URL = Request Files Master server: runs with root id; listens to port 80 Browser Server Slave servers: are lunched by the master and run with an other ID (default is nobody) HTML File = Response Treatment of a communication Client Server machine Resources 1. The master receves a connection on port 80, 2. it lunches the slave and transfer the communication canal 3. the slave treates the request(s) and send the response back PHP Servlets JSP Scripts... Berner Fachhochschule Haute cole spcialise bernoise Berne University of Applied Sciences 5 Web Server vs File System On a standard LAMPP server (XAMPP for linux) A request for the directory : / goes to : /opt/lampp/htdocs/ A request for the image : /img/logo.jpg goes to : /opt/lampp/htdocs/img/logo.jpg A request for the directory : / bie1/ goes to : /home/bie1/public html Request for / bie1/../../etc/passwd Bad Request Your browser sent a request that this server could not understand. Invalid URI in request GET /~bie1/../../etc/passwd HTTP/1.0 Berner Fachhochschule Haute cole spcialise bernoise Berne University of Applied Sciences 6 How to install Apache Server Download sources on the www.apache.org server Uncompress files in a temporary directory Read the documentation Run configure and Set up the configuration of your server Compile Configure your server (its httpd.conf file) Run the server and see the page : It Worked Or more simply: download and install XAMPP Apache/1.3.9 Server at localhost Port 80 Berner Fachhochschule Haute cole spcialise bernoise Berne University of Applied Sciences 7 Berner Fachhochschule Haute cole spcialise bernoise Berne University of Applied Sciences 8

Configure the server httpd.conf : network Configuration of the HTTP Deamon : httpd.conf Port, user ID, root of the server, timeouts, virtual servers, number of clients, etc. Virtual Hosts can be inculded or imported from separate files ServerName : name returned to the client (must be in the DNS); Port : port used by the master (80 for the standard configuration); BindAddress : Used to limit IP addresses (if more than one); Listen : replaces Port and BindAddress if more than one IP address; HostnameLookups : on or off, reserch of the name of the client; User and Group : user ID and group ID for slave processus; ServerAdmin : email of the administrator. Berner Fachhochschule Haute cole spcialise bernoise Berne University of Applied Sciences 9 http.conf : connections Timeout : maximum delay of a seponse (cgi, php, network access, nfs); Keepalive : on or off; Berner Fachhochschule Haute cole spcialise bernoise Berne University of Applied Sciences 10 http.conf : connections (Cont.) MaxKeepAliveRequests : number of requests for a connection; KeepAliveTimeout : maximum delay between two request in a connection; Server-Pool Size Regulation (MPM specific) StartServers: number of server processes to start MinSpareServers: minimum number of server processes which are kept spare MaxSpareServers: max nb of server processes which are kept spare MaxClients: max nb of server processes allowed to start MaxRequestsPerChild: max nb of requests a server process serves <IfModule prefork.c> StartServers 5 MinSpareServers 5 MaxSpareServers 10 MaxClients 150 MaxRequestsPerChild 0 </IfModule> Berner Fachhochschule Haute cole spcialise bernoise Berne University of Applied Sciences 11 Berner Fachhochschule Haute cole spcialise bernoise Berne University of Applied Sciences 12

httpd.conf : files ServerRoot : root directory of the server ServerRoot "/home/bie/" DocumentRoot : root directory of the files DocumentRoot "htdocs" or DocumentRoot "/home/bie/htdocs" UserDir : root of user home (corresponds to http://<server>/~<user>) UserDir www or UserDir public_html PidFile : where does httpd put its pid when started. <IfModule!mpm_netware.c> PidFile logs/httpd.pid </IfModule> Berner Fachhochschule Haute cole spcialise bernoise Berne University of Applied Sciences 13 Log files : access log File : /var/apache/logs/www.hes-be.ch transfer.log 128.173.188.78 - - [13/Apr/2000:13:39:12 +0200] "GET /portrait/facts.html HTTP/1.0" 200 17898 "http://www.hes-be.ch/portrait.html" "Mozilla/4.61 [en] (WinNT; U)" 128.173.188.78 - - [13/Apr/2000:13:39:13 +0200] "GET /portrait/navportrat/fachhochschulenn.gif HTTP/1.0" 200 180 "http://www.hes-be.ch/portrait/facts.html" "Mozilla/4.61 [en] (WinNT; U)" 216.35.116.65 - - [13/Apr/2000:14:25:35 +0200] "GET /page32/f.html HTTP/1.0" 404 276 "-" "Slurp.so/1.0 (slurp@inktomi.com; http://www.inktomi.com/slurp.html)" 147.87.65.34 - - [13/Apr/2000:14:37:41 +0200] "GET /~bie HTTP/1.0" 404 267 "-" "Mozilla/4.7 [en] (X11; I; SunOS 5.7 sun4u)" httpd.conf : Log files Log files ErrorLog : name of the file containing the log of errors ; ErrorLog logs/error_log LogLevel : Level of the message for the error log (debug, info, notice, warn, error, crit, alert, emerg) LogLevel warn LogFormat Defines a new format for log files LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \" %{User-Agent}i\"" combined LogFormat "%h %l %u %t \"%r\" %>s %b" common LogFormat "%{Referer}i -> %U" referer LogFormat "%{User-agent}i" agent CustomLog : name and format of access files CustomLog logs/access_log common Berner Fachhochschule Haute cole spcialise bernoise Berne University of Applied Sciences 14 Log files : error log File : /var/apache/logs/www.hes-be.ch error.log [Thu Apr 13 07:22:59 2000] [error] [client 204.123.13.65] File does not exist: /usr/local/www/apache/vhosts/www.hes-be.ch/data/f.html [Thu Apr 13 08:23:22 2000] [error] [client 62.53.27.209] File does not exist: /usr/local/www/apache/vhosts/www.hes-be.ch/data/e.html [Thu Apr 13 14:25:35 2000] [error] [client 216.35.116.65] File does not exist: /usr/local/www/apache/vhosts/www.hes-be.ch/data/page32/f.html Berner Fachhochschule Haute cole spcialise bernoise Berne University of Applied Sciences 15 Berner Fachhochschule Haute cole spcialise bernoise Berne University of Applied Sciences 16

File system Alias : enables to use a directory that is not under the document root Alias /icons/ /home/bie/webserver/icons/ Berner Fachhochschule Haute cole spcialise bernoise Berne University of Applied Sciences 17 Document types AddType : allows to tweak mime.type without editing it (useful for php) # since LAMPP 1.0RC1 AddType application/x-httpd-php.php.php3.php4 DefaultType : default type of an unknown file DefaultType text/plain AddEncoding : allows you to have browsers uncompress on the fly AddEncoding x-compress Z AddEncoding x-gzip gz tgz AddLanguage : to specifie the language of a document AddLanguage fr.fr AddLanguage he.he AddLanguage hr.hr Berner Fachhochschule Haute cole spcialise bernoise Berne University of Applied Sciences 19 Default DirectoryIndex : default index file (for instance index.html) FancyIndexing how to display a directory IndexOptions FancyIndexing VersionSort AddIconByType : Add icon to show for different mime type of file AddIconByType (TXT,/icons/text.gif) text/* AddIconByType (IMG,/icons/image2.gif) image/* Addicon : Tells wich icon to use for a filename extension AddIcon /icons/tar.gif.tar DefaultIcon : When no type is found DefaultIcon /icons/unknown.gif IndexIgnore : files that will not be displayed (e.g..toto toto ) IndexIgnore.??* *~ *# HEADER* README* RCS CVS *,v *,t Berner Fachhochschule Haute cole spcialise bernoise Berne University of Applied Sciences 18 Treatments Redirect : to redirect a directory to a server : /toto/ will be redirected to http://serv.toto.ch/ Redirect old-uri new-url AddHandler : allows to map file extensions to handlers AddHandler cgi-script.cgi AddHandler imap-file map Action : define media types that will execute a script whenever a matching file is called. Format: Action media/type /cgi-script/location Format: Action handler-name /cgi-script/location ErrorDocument : Customizable error response ErrorDocument 404 /missing.html ErrorDocument 404 /cgi-bin/missing_handler.pl ErrorDocument 402 http://some.other_server.com/subscibe_info.html Berner Fachhochschule Haute cole spcialise bernoise Berne University of Applied Sciences 20

Control on the operations Control on the operations (Cont.) Some orders are only valid for a specific directory <Directory dir name> orders </Directory> <Directory "/opt/lampp/htdocs"> Options Indexes FollowSymLinks ExecCGI Includes AllowOverride All Order allow,deny Allow from all </Directory> Or if a module was loaded (they are only valid for this module) <IfModule module name> orders </IfModule> <IfModule dir_module> DirectoryIndex index.html index.html.var index.php index.php3 index.php4 </IfModule> Or for files matching a specific regular expression <FilesMatch regexp> orders </FilesMatch> <FilesMatch "^\.ht"> Order allow,deny Deny from all </FilesMatch> Berner Fachhochschule Haute cole spcialise bernoise Berne University of Applied Sciences 21 Authorizations Options : what can we do This may be None, All, or any combination of Indexes, Includes, FollowSymLinks, ExecCGI, or MultiViews. Options Indexes FollowSymLinks MultiViews AllowOverride : what.htaccess files can override. AllowOverride None Berner Fachhochschule Haute cole spcialise bernoise Berne University of Applied Sciences 23 Berner Fachhochschule Haute cole spcialise bernoise Berne University of Applied Sciences 22 Access Control Order : what to test first Deny: Machines that are not allowed Allow: Machine that are allowed <Directory /home/*/public_html> AllowOverride FileInfo AuthConfig Limit Indexes Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec <Limit GET POST OPTIONS PROPFIND> Order allow,deny Allow from all </Limit> <LimitExcept GET POST OPTIONS PROPFIND> Order deny,allow Deny from all </LimitExcept> </Directory> <Files ~ "^\.ht"> Order allow,deny Deny from all </Files> Berner Fachhochschule Haute cole spcialise bernoise Berne University of Applied Sciences 24

Protection with password In the httpd.conf AccessFileName : name of the file for access control (in each directory) AccessFileName.htaccess File.htaccess AuthName Any_Name AuthType Basic AuthUserFile <absolute path>/.htpasswd AuthGroupFile <absolute path>/.htgroup <Limit GET POST> require group group1 group2 require user emmanuel jean </Limit> Protection with password (Cont.) File.htgroup group1 toto1 toto2 toto3 group2 titi1 titi2 File.htpasswd : generated by the program bin/htpasswd toto1:gzomft8jmjgsc toto2:fq3uzrln52/sw toto3:<coded password> titi1:<coded password> titi2:<coded password> emmanuel:<coded password> jean:<coded password> Berner Fachhochschule Haute cole spcialise bernoise Berne University of Applied Sciences 25 Vitrual Hosts Two domains for one server <VirtualHost www.smallco.com> ServerAdmin webmaster@mail.smallco.com DocumentRoot /groups/smallco/www ServerName www.smallco.com ErrorLog /groups/smallco/logs/error_log CustomLog logs/smallco.com-access_log common </VirtualHost> <VirtualHost www.baygroup.org> ServerAdmin webmaster@mail.baygroup.org DocumentRoot /groups/baygroup/www ServerName www.baygroup.org ErrorLog /groups/baygroup/logs/error_log CustomLog logs/baygroup.org-access_log common </VirtualHost> Berner Fachhochschule Haute cole spcialise bernoise Berne University of Applied Sciences 26 Virtual Hosts : in biel httpd.conf ### Section 3: Virtual Hosts # NameVirtualHost 147.87.65.7 Include vhosts/enigma.hta-bi.bfh.ch/vhost.conf Include vhosts/www.bfh.ch/vhost.conf Include vhosts/www.hes-be.ch/vhost.conf Include vhosts/www.abegg.bfh.ch/vhost.conf Include vhosts/www.hgkk.bfh.ch/vhost.conf Include vhosts/www.hta-bi.bfh.ch/vhost.conf Include vhosts/sims.hta-bi.bfh.ch/vhost.conf Include vhosts/webaccess.hta-bi.bfh.ch/vhost.conf Include vhosts/sun-file.hta-bi.bfh.ch/vhost.conf Berner Fachhochschule Haute cole spcialise bernoise Berne University of Applied Sciences 27 Berner Fachhochschule Haute cole spcialise bernoise Berne University of Applied Sciences 28

Virtual Hosts : in biel school of engineering (Cont.) Conclusion File : vhosts/enigma.hta-bi.bfh.ch/vhost.conf <VirtualHost 147.87.65.7> ServerName enigma.hta-bi.bfh.ch ServerAdmin sungroup@hta-bi.bfh.ch RewriteEngine On RewriteLogLevel 9 ErrorLog /var/apache/logs/enigma.hta-bi.bfh.ch_error.log CustomLog /var/apache/logs/enigma.hta-bi.bfh.ch_transfer.log combined RewriteLog /var/apache/logs/enigma.hta-bi.bfh.ch_rewrite.log DirectoryIndex index.html e.html AccessFileName.htaccess RewriteRule ^/icons/(.*) /usr/local/www/apache/icons/$1 [L] RewriteRule ^/(.*) /usr/local/www/apache/vhosts/enigma.hta-bi.bfh.ch/data/$1 [L] <Directory /usr/local/www/apache/vhosts/enigma.hta-bi.bfh.ch/data> Options Indexes FollowSymLinks AllowOverride None Order allow,deny Allow from all </Directory> </VirtualHost> Web Server Configuration Similar for Tomcat or other servers Matching of Request with Resource? Which Response must be given for a given file? Lots of possible configuration Virtual servers HTTPS servers (with double direction recognition) Integration of numerous modules mod access, mod actions, mod alias, mod asis, mod auth, mod auth anon, mod auth db, mod auth dbm,... Berner Fachhochschule Haute cole spcialise bernoise Berne University of Applied Sciences 29 Berner Fachhochschule Haute cole spcialise bernoise Berne University of Applied Sciences 30

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information