Apache

From charlesreid1

Revision as of 22:44, 4 November 2010 by Admin (talk | contribs)

Installation

Dependencies

Apache does not have any dependencies, as of version 2.2.x.

Configure

I have configured Apache 2.0.63, 2.2.11, 2.2.15, and 2.2.16 using this configure line (or something similar): 

./configure \
 --prefix=/path/to/apache \
 --with-included-apr \
 --enable-mods-shared="all ssl cache proxy authn_alias mem_cache file_cache charset_lite dav_lock disk_cache mod_dav mod_dav_svn"

The long list of "mods-shared" is to enable shared modules to be built, for a variety of different things (e.g. mod_dav_svn allows for the apache server to serve as an SVN repository server. Go here for more information: http://httpd.apache.org/docs/2.0/mod/

httpd.conf Configuration File

The httpd.conf file contains directives used by Apache to determine various options, such as the location of the documents that are made public by the web server, which modules to include (e.g. PHP), the port(s) Apache will listen to, etc.

VirtualHosts http://httpd.apache.org/docs/2.0/vhosts/examples.html

Modules

PHP Module

When you install PHP, you can point configure to a build of Apache. When you type make and make install, it will modify your Apache httpd.conf configuration file to add the appropriate PHP module.

Once the PHP module has been added to the Apache configuration file, you will also have to add a few other things to your httpd.conf: 

AddHandler php5-script php  # <-- This line should be added automatically by PHP

# PHP module settings:
<IfModule php5_module>

    # Add php type handler
    AddType text/html       php

    # Make index.php a default file
    <IfModule dir_module>
        DirectoryIndex index.html index.php
    </IfModule>
</IfModule>

SVN Module

The Apache SVN module creates a way for an SVN server to serve an SVN repository through an Apache server.

Enabling/installing/configuring this module is covered by the RedBean SVN book http://svnbook.red-bean.com/en/1.0/ch06s04.html. It requires two modules to be loaded, mod_dav and mod_dav_svn, both enabled in the Apache httpd.conf configuration file. The guide is extremely extensive, so you should refer to it to get Apache set up with SVN.

Once you do, you can check out code from an svn repository by executing the command: 

$ svn checkout http://www.yoursite.com/svn/repository_name local_directory/

Python Module

SSL Module

SSL, secure socket layer, provides a secure way of communicating private information between a client, using their web browser, and the web server, running Apache.

To create secure Apache web sites, which are prefixed with https://, you can use the mod_ssl module, documented here: http://httpd.apache.org/docs/2.0/ssl/

In order to use mod_ssl, you need to install OpenSSL and configure with the arguments --enable-ssl --with-ssl=/path/to/open/ssl. You can set a whole bunch of different options, documented here: http://www.openssl.org/

You will need to sign your own certificate, since a signed SSL certificate will set you back a couple thousand dollars a year. This will cause all users using the Apache SSL webpage to see a warning, but that's a small price to pay, compared with the cost of a signed SSL certificate.

Other Interesting Apache Modules

One-Time Password Authentication Module https://code.google.com/p/mod-authn-otp/
Perl Apache module http://perl.apache.org/
Lisp Apache module http://www.fractalconcept.com/asp/Nge/sdataQIS9RqLLzSS9DM==/sdataQuvY9x3g$ecX

Security

Protecting Directories with .htaccess

NOTE: This method should only be used when you don't have access to the Apache server.

This section will give an example of how to password-protect a directory using an .htaccess file.

The .htaccess file normally allows you to make configuration changes that are specific to one directory. This is useful for, say, a company-run web hosting service, where someone else runs the apache host. You can make apache configuration changes without needing root access, or any access, to the underlying apache server.

To password-protect a directory, the .htaccess file will need to contain information about where the valid usernames and passwords are stored. 

AuthUserFile /path/to/.htpasswd 
AuthType Basic
AuthName "This is a login message"

The .htaccess file points to an .htpasswd file containing valid usernames and passwords. This .htpasswd file should not be in the web root. It should only be accessible via SSH (or, at most, by FTP). Also, if you don't like the name ".htpasswd", you can call it whatever you want, as long as your .htaccess is accurate. However, .htpasswd is the traditional naming convention.

If we want to allow any user in the .htpasswd file, we can add the line 

require valid-user

Otherwise, we can specify that only certain users are allowed access: 

require user charles

Being able to set authorization settings in an .htaccess file requires the Apache server has the following directive set in httpd.conf: 

AllowOverride AuthConfig


Protecting Directories with httpd.conf

NOTE: this method should only be used if you have root access to the Apache server.

In your httpd.conf apache configuration file, you can specify configuration settings for the entire server. However, you can also include directory-specific configuration settings, by putting them in a <Directory> block: 

<Directory /path/to/apache/htdocs/secret>
    # Directory-specific configurations go here
</Directory>

Next, the same stuff that went into the .htaccess files (above section) can go into the <Directory> block: 

<Directory /path/to/apache/htdocs/secret>
    AuthType Basic
    AuthName "Your login message goes here"
    AuthUserFile /path/to/.htpasswd
    Require valid-user
    # or,
    #Require user charles
</Directory>

In order for Apache to understand these Auth directives, the Auth module has to be turned on.


Using htpasswd

From the Apache website:

htpasswd encrypts passwords using either a version of MD5 modified for Apache, or the system's crypt() routine. Files managed by htpasswd may contain both types of passwords; some user records may have MD5-encrypted passwords while others in the same file may have passwords encrypted with crypt().

To create a .htpasswd file for the first time, you'll call the htpasswd program from the command line and use the -c flag: 

htpasswd -c /path/to/.htpasswd charles

This will prompt me to enter a password, will hash the password, and will store both in the file in the form username:********* (where ******** is the hashed password).

To create a username and password combination in an existing .htpasswd file, 

htpasswd /path/to/.htpasswd charles

Alternatively, you can specify a password on the command line (but be aware that someone could look through your history and find it): 

htpasswd /path/to/.htpasswd charles MySecretPassword

You can visit the above link to the Apache website for more details.

Retrieved from "https://charlesreid1.com/w/index.php?title=Apache&oldid=931"