Let's set the minimum attributes necessary for work, for this we open the file for editing /etc/httpd/conf/httpd.conf
Apache can work with one of three available multiprocessor modules (mpm):
- prefork- one process per request, the most frequently used module;
- worker- multiple processes with multiple threads each;
- event- a new experimental version of the standard worker multiprocessor module.
To view information about modules, run:
# httpd -V | grep "Server MPM"
Configuration example for Apache 2.4
ServerLimit 256
StartServers 20
MinSpareServers 20
MaxSpareServers 20
MaxRequestWorkers 256
MaxConnectionsPerChild 4000
Set MaxRequestWorkers to ServerLimit.
Sample configuration for Apache 2
In the section
StartServers 5
MinSpareServers 10
MaxSpareServers 10
MaxClients 30
ServerLimit 30
StartServers- the number of started processes, calculate as (Total Memory - Memory for Server, MySQL, Memcache, etc.) / process size... For example, 64Gb - 32Gb / 0.256Gb = 125 processes maximum.
MinSpareServers- the minimum number of idle processes.
MaxSpareServers— maximum amount idle processes.
MaxClients- process limit.
ServerLimit- set to the same value as MaxClients.
It is imperative to approach the calculation of MaxClients, since setting a low value may increase the number of web server service denials per client request. Installation too of great importance can lead to swapping and a significant increase in the response time of the web server.
When using a single-tier and a two-tier vtb server configuration, the limits are set in different ways. By serving the generated pages to a lighter vtb server (for example, nginx), the limits can be lowered. Specific values are calculated individually for each web server.
Keepalive
When a page is requested from a web server, the browser sends many requests to download CSS styles, images, etc. Using KeepAlive allows you to request a page and its accompanying files within a single connection.
- Turn on KeepAlive, for this the line Keepalive off replace with KeepAlive On.
- MaxKeepAliveRequests set it to 100.
- KeepAliveTimeout most often it is set in the range of 2 - 10. We recommend setting 5 seconds.
Concepts: configuration, directives. Configuration files, directives. Basic configuration directives. Server processes. Controlling access to directories and files.
Configuration (lat.configuratio - mutual arrangement) - a special logical and methodological technique, a mental technique for synthesizing diverse knowledge, different ideas about the same object.
Directives, w. (from Latin directio - direction). General guidance given by a superior body to a subordinate (a server for workstation etc.) .
A configuration file is a file with a fairly simple format. Each line is a keyword and one or more arguments. For simplicity, most lines contain only one argument. Anything following the # symbol is a comment and is ignored.
Apache is configured by changing service files in the / etc / httpd / conf / directory. The main configuration file of the web server is httpd.conf. Configuration directives can be placed in various files, which are included in the main Include construct filename.conf.
If the location of any file or directory in the configuration file is specified implicitly (explicit location starts at the root of the file system - with the "/" character) Apache uses the directory specified in the ServerRoot directive to determine the real location of the target.
Description of Apache modules and configuration directives
Directives can be used at the following levels:
A server configuration level - the directive can be used only in the main configuration file.
V level
D level
H level of .htaccess files - the directive is allowed to be used in .htaccess files in places where they are allowed by the server.
At any point, using the filename parameter in a directive denotes an absolute (starting with "/") or a file path relative to the ServerRoot directory.
CORE - web server core (main Apache module)
AccessConfig filename
Sets the location of the configuration file. The system default configuration file is conf / access.conf; it is recommended to set / dev / null to cancel reading this file.
AccessFileName file file ...
Sets the names of the access files used for setting the configuration on the fly by default - .htaccess.
AddModule module module ... [A]
Activates a dynamically loadable module supplied as a separate library file.
AddModule module module ...
Activates a dynamically loadable module supplied as a separate library file or compiled into the main httpd module.
AllowOverride param param ...
Sets the rules by which Apache uses the .htaccess internal file directives;
None - ignores;
All - uses all directives;
Options - allows you to use Options and XBitHack;
Indexes - directives for managing directory indexing;
FileInfo - directives for managing file types and their handlers;
AuthConfig - directives for accessing the Auth * directories;
Limit - directives allow / deny / order.
AuthName realm
AuthType type
Used to specify how a username and password is requested and transmitted for accessing website directories. Most often they use Basic, less often Digest and others.
BindAddress address [A]
Sets the address where Apache will accept connections. You can use hostname, IP address, or *.
ClearModuleList [A]
The directive clears the list of loaded modules. After this directive, you need to use the AddModule directives to work with the required modules.
ContentDigest on | off
Enables or disables the forwarding of MD5 hash data. Calculated for all transmitted pages and is not cached.
CoreDumpDirectory dirname [A]
Directs Apache to the directory where the core dump files generated on crash errors will be saved.
DefaultType mimetype
Sets the MIME type to send to clients if Apache cannot determine the type via the mime.types file or AddType directives. By default, it is set to text / plain.
It unites a group of directives that define Apache's behavior when accessing documents located in this directory. Allowed to use name masks - symbols *,? by shell rules. When using a mask, a tilde ~ is placed in front of the name.
Defines a group of directories specified by a regular expression and sets the rules for Apache to work with directories and files of this group.
DocumentRoot dirname
Tells the server the location of the root of the directory tree below which the web server data structure is located.
ErrorDocument filename | string | URL
In case of an error, it redirects to the specified pages. You can also set a comment to the situation that has arisen, which must begin with a single quotation mark. Example:
ErrorDocument 500 http://foo.example.com/cgi-bin/tester
ErrorDocument 404 /cgi-bin/bad_urls.pl
ErrorDocument 401 /subscription_info.html
ErrorDocument 403 "Sorry can" t allow you access today "
ErrorLog filename
The name of the error log file. If the parameter string begins with (/), then the path to the file must be specified from ServerRoot; if it starts with (|), then error messages are passed to the specified command on standard input. In particular, in this way, for example, you can implement saving the log directly in the SQL DBMS or save them immediately compressed, transferring, for example, to gzip. Apache version 1.3 and later prints messages to syslog by default, if the system supports this feature; but this can be disabled using the syslog: facility.
File access control. Sections
Same as
It has to do only with starting Apache and forking processes in the environment and with the rights of the corresponding given name.
HostNameLookups on | off | double
Controls the ability to determine the hostname of a visitor by reverse DNS. It works slowly and is considered disabled by default. Double indicates that the hostname should be further checked against the IP address of the requesting host.
IdentityCheck on | off
Enabling RFC1413 authentication. Enabling the function will significantly increase the server access time.
Indicates that directives placed inside a block formed by a pair of directives
Include filename [A]
The directive allows you to include configuration files in the server configuration.
KeepAlive on | off [A]
Allows the client to sequentially request multiple files without breaking the TCP connection.
KeepAliveTimeout sec [A]
Specifies the time (in seconds) before the TCP connection breaks, which Apache will wait for the next request from the client.
Allows you to specify which HTTP method (for example, GET or POST) are placed inside
The following methods can be used: GET, POST, PUT, DELETE, CONNECT, OPTIONS, TRACE, PATCH, PROPFIND, PROPPATCH, MKCOL, COPY, MOVE, LOCK, UNLOCK.
Listen port [A]
Forces Apache to listen on the specified addresses and ports. For example, to make the server listen on ports 80 and 8000, use:
To make Apache work on different interfaces with the specified port numbers, use:
Listen 192.170.2.1:80
Listen 192.170.2.5:8000
ListenBacklog length [A]
The maximum length of the connection processing queue.
Details in the apache-manual :)
Details in the apache-manual
Lockfile filename [A]
The directive sets the path to the lockfile.
LogLevel emerg | alert | crit | error | warn | notice | info | debug
Sets the level of information content of the protocol (server log-file). It is recommended to use at least crit level.
MaxClients count [A]
The directive sets a limit on the number of simultaneous requests to the server. In fact, this number cannot exceed the number of child processes on the server, which by default cannot be more than 256. To fix the situation, edit the HARD_SERVER_LIMIT in httpd.h and compile it.
MaxKeepAliveRequest count [A]
Allows the client to sequentially request the specified number of files without breaking the TCP connection if KeepAlive is enabled. If the parameter is set to 0, then Apache will terminate the connection only given the KeepAliveTimeout parameter.
MaxRequestsPerChild count [A]
The directive sets a limit on the number of requests that an individual child process can handle. If MaxRequestsPerChild is set to 0, the number of requests is unlimited.
MaxSpareServers count [A]
The directive sets the desired maximum number of inactive server processes. The directive is useless if using the Microsoft Windows version of Apache.
MinSpareServers count [A]
The directive sets the desired minimum number of inactive server processes. The directive is useless if using the Microsoft Windows version of Apache.
NameVirtualHost port [A]
Specifies that requests to the given port-name should be separated by the name of the host being accessed (the "Host:" HTTP header). Allows you to define multiple virtual hosts for one IP address.
Options param param ...
Determines the settings for Apache actions for the specified content. All possible settings are described in detail in the apache-manual. Commonly used: Indexes - enables displaying the contents of the directory if an index file is not found in it (the DirectoryIndex directive); ExecCGI - enables the placement of executable files (cgi, perl scripts) in this directory; Includes - includes the ability to place SSI files in the directory. Each installation is supported by the corresponding module using it and may not work if the required module is not loaded. Each Options directive is considered to be in addition to the already known Options defined for parent directories. Each setting can be followed by a + or - prefix to "enable / disable" it in this context.
PidFile filename [A]
The directive sets the name of the file into which the server writes the process ID.
Specifies a port for Apache - a number between 0 and 65535 (remember that some ports may be used by other protocols, see / etc / servises). The standard port for the http protocol is 80.
require userid | groupid | valid-user | file-owner | group-owner [A]
Determines which users have access to the directory.
Require user userid - only these users have access
Require group group-name [group-name] - all users of these groups
Require valid-user - all valid users.
ResourceConfig filename [A]
The server reads further directives from this file after reading httpd.conf. The file name is set relative to ServerRoot. Can be disabled: ResourceConfig / dev / null
RLimitCPU max | sec [max | sec] [A]
RLimitMEM max | bytes [max | bytes] [A]
RLimitNPROC max | count [max | count] [A]
Satisfy any | all [A]
Determines the access policy if Allow and Require are used at the same time. Used when access to the area is limited by name / password and client address. In this case, by default ("all"), the client is required to pass verification at the address and enter the correct username and password. In the case of the "any" parameter, the client will gain access if he entered the correct name and password or passed the host restriction. It can be used to restrict access through a password, but allow clients from a specific address without a password.
ScoreBoardFile filename [A]
The directive is required to specify the file name used by the server for communication between child and parent processes. You can find out if this file is required by starting Apache and seeing if it created a file with the given name. If so, then you need to make sure that it is only used by one copy of Apache.
SendBufferSize bytes [A]
Set the TCP buffer size.
ServerAdmin email
Sets the email address that the server shows to the client in error messages.
ServerAlias hostname
Sets an alternate virtual hostname.
ServerName hostname
The directive sets the server name; used in link building. If no name is given, the server will try to get it from its own IP address.
ServerPath path
The directive sets the inherited pathname for the host.
ServerRoot path [A]
Sets the directory where the server lives. Usually contains subdirectories conf / and logs /. The paths for other configuration files are built relative to this directory.
ServerSignature on | ff | mail
Configures the line at the bottom of the server-generated document. Disabled by default, On - shows the server version and ServerName of the virtual host, Email adds a mailto: link to ServerAdmin
ServerTokens Minimal | OS | Full [A]
Controls the header sent to the client by the server describing the server's OS and compiled modules.
ServerType standalone | inetd [A]
Determines how the server is started by the system. inetd - Launched from the inetd system process. standalone is like a daemon process.
StartServers count [A]
Sets the number of child processes to spawn at startup. The number still changes dynamically depending on the load, there is usually no reason to change this parameter.
The time Apache will wait: receiving a GET request, receiving TCP packets on POST and PUT requests, a pause between ACKs when sending TCP packets in responses.
UseCanonicalName on | off
Forces Apache to generate the names of the pages it creates using the SERVER_NAME values with SERVER_PORT.
User username
Sets the userid by which the server will respond to requests. To use the directive, the server must be running as root.
Directives placed inside a block formed by a pair of directives
mod_env - sets and passes variables for processing in CGI / SSI files
PassEnv variable [variable] ...
Pass an environment variable (eg HOME) to handlers.
SetEnv variable value
Writes the specified value to the specified environment variable.
UnsetEnv variable [variable] ...
Resets a variable, which makes it impossible to read it from handlers.
mod_setenvif - using conditionals to set environment variables
BrowserMatch regex env-variable [= value]] ... [A]
Uses the transmitted regular expression as a filter for the User-Agent header from the client browser. On a successful hit, initializes the variable with the given value. If only the name of a variable is specified, it is initialized with the number 1. If a variable is specified with a preceding "!" - the variable is reset.
BrowserMatchNoCase regex env-variable [= value]] ... [A]
Acts the same as BrowserMatch, except for case differences between the passed User-Agent value and the regular expression filter used.
SetEnvIf attribute regex env-variable [= value]] ... [A]
The action performed by the directive is completely similar to BrowserMatch, but instead of User-Agent any other header can be used: Remote_Host; Remote_Addr; Remote_User; Request_Method; Request_URI; Referer
SetEnvIfNoCase attribute regex env-variable [= value]] ... [A]
The difference from SetEnvIf is the same as BrowserMatchNoCase from BrowserMatch above.
mod_unique_id - generates a unique UNIQUE_ID environment variable
The variable is generated randomly from the server IP address, the number of the running process, timestamps and additional internal counters.
The variable is intended for use in compound documents when it is impossible to track the same request with other methods.
mod_mime - designed to determine the mime type of the file when transferring it to the client
AddCharset charset extension ...
For the specified file extensions, tells Apache to pass the given charset when responding to the client.
AddEncoding MIME-enc extension ...
For the specified file extensions, tells Apache to transfer the file using the desired MIME encoding.
AddHandler handler-name extension ...
Tells Apache that files with these extensions should be passed to a specific handler. The handler can be both internal (cgi-sript and others), and external, described earlier by the Action directive.
AddLanguage MIME-lang extension ...
Establishes a link between file extensions and the language code passed in the response.
AddType MIME-type extension ...
Updates the MIME-type table with a new mapping of file extensions and MIME code to respond to the client.
DefaultLanguage MIME-lang
Sets the response language to always be passed if this cannot be done by other means.
ForceType MIME-type
Forces a response with the given MIME type in the directory to which this directive belongs.
RemoveEncoding extension ...
Removes the MIME encoding code in the response for files with these extensions.
RemoveHandler extension ...
Tells Apache not to run handlers for files with these extensions.
RemoveType extension ...
Resets the MIME type in the client's response to the default MIME type
SetHandler handler
Forces the call of this handler for all files to which this directive is assigned.
TypesConfig filename [A]
Specifies the location of the MIME type mapping table. The default is conf.mime.types
mod_mime_magic - a module that uses complex rules to determine the MIME type of the file transmitted in the response
MimeMagicFile filename
Activates the action of the module using the specified file on the given document area of the web server or on all documents available to Apache.
mod_negotiation - ensuring the negotiation of transmitted data types between the client and the server
CacheNegotiatedDocs [A]
Enables caching of documents with negotiable content on intermediate proxy servers and the client computer.
LanguagePriority MIME-lang ... [A]
Determines the priority of the languages used in the response to the client, when it is not possible to determine or find the document language requested by the client.
mod_alias - allows you to arrange documents in the directories of the web server in a more arbitrary way
Alias URL-path filesystem-path
Tells Apache that documents located "below" this URL should be searched "below" this location in file system.
AliasMatch URL-regexp filesystem-path
Defines more complex rules for finding data in the file system based on the results of matching URLs with regular expressions.
Redirect URL-path URL
Returns the specified response code (302 by default) in response to a request for the URL path and "below" located documents and redirects the client to a different URL. The status can be specified as a number or symbolically: permanent (301), temp (302), seeother (303), gone (410). For response code 410, the response URL must be omitted.
RedirectMatch URL-regexp URL
Similar to Redirect, using a specified regular expression rather than an exact match to compare the passed URL.
RedirectTemp URL-path URL
Similar to Redirect using 302 response code.
RedirectPermanent URL-path URL
Similar to Redirect using 301 response code.
ScriptAlias URL-path filesystem-path
It works similarly to Alias, but automatically sets the launch of the cgi-handler handler for all files inside the target directory.
ScriptMatch URL-regexp filesystem-path
Similar to ScriptAlias, with regular expression validation of URL.
mod_rewrite - managing the location of documents on the server
In a short collection of descriptions of Apache directives, it is difficult to describe the tasks solved by this complex module. As a guide to action, it is best to use the special apache-manual sections "Module mod_rewrite URL Rewriting Engine" and "URL Rewriting Guide". The easiest way to learn how to use this module is by considering specific problems and their solutions using it.
There is a single main (parent) process that is responsible for creating child processes, which in turn listen for connections and process client requests. Apache always tries to keep a few idle server processes ready to handle incoming requests, so clients don't have to wait for new child processes to be forked before their request is served. The directives StartServers, MinSpareServers, MaxSpareServers, and MaxClients regulate how the parent process creates child processes to serve requests.
In general, Apache is very self-contained, so for most websites there is no need to change these directives from the defaults.
For sites that need to serve more than 256 concurrent requests, MaxClients may need to be increased, and for sites located on servers with limited memory, MaxClients may need to be decreased to avoid causing the server to swap memory to disk. and back), which will lead to severe slowdowns.
Choosing modules is one of the most important steps in ensuring good security for your Apache Web server. There is one good rule of thumb for us: less is more. To use the functionality we need and provide good security, the following modules should be included:
httpd_core - Apache kernel, required with every Apache installation.
mod_access - Control access to server directories based on client IP address or hostname.
mod_auth - Required to authorize users using text files.
mod_dir - Required to search for index files: "index.html", "default.html", etc.
mod_log_config - Provides logging of requests sent to the server. mod_mime - Contains directives to facilitate the organization of various MIME types on the server.
All other Apache modules must be turned off. We can safely turn them off, because we don't need them. By disabling unneeded modules, we prevent an attacker from exploiting a vulnerability found in one of these modules.
It is also worth noting that two Apache modules (mod_autoindex and mod_info) are the most dangerous. The first module allows automatic indexing of the directory and is enabled by default. To see how it works, enter, for example, http: // server_name / icons / and if there are no index files in this directory, then the contents of the entire directory will be displayed. The second module, mod_info, should never be accessible over the Internet because it exposes the entire configuration of the Apache Web server.
The next question is how to compile modules. It seems to me that the static method is the best (codes are embedded in executable files), rather than the dynamic method (codes are collected at the time the program is launched). By choosing a static method, we also eliminate the need for another module, mod_so.
Independent work: Working with MySQL database server. Creation of tables. Inserting, retrieving and updating data in a database.
Laboratory work No. 12. Installing and configuring the Apache web server.
Independent work: Working with MySQL database server.
Professional development always focuses on its own tools - this is a guarantee of reliable and efficient fulfillment of obligations. Own hosting and servers for various purposes in the range of demanded configurations expand the scope of tasks to be solved, increase the security and confidentiality of developments.
Native HTTP: Apache, PHP, MySQL
The Apache web server has been a strong leader since the last century because it provides fast, reliable and secure operation. A physical machine and server running Linux or Windows is the foundation, HTTP is an add-on, although in essence it is a data transfer protocol. A Windows machine can be used as a server, but the Linux family is preferred.
Apache on Windows is a local version used on a single machine to duplicate development resources hosted on external servers. Setting on is acceptable, but not very popular. Configuring Apache on CentOs gives more options and is used to organize servers in local and global networks.
It is believed that Apache servers serve more than 50% of all active web resources, the rest is accounted for by similar products from Microsoft, Sun, etc. Actually, a physical server and its operating system can be anything. The HTTP server is installed on a ready-made platform and works in parallel with other applications on it. Apache is considered native to the entire Linux family, but in each case it has its own peculiarities.
Freeness, simplicity, reliability distinguish Linux systems and their applications. It doesn't matter which one you use: installing and configuring Apache on Ubuntu isn't much different from CentOs, Debian, or FreeBSD. Often the saturation of one or another plays a role. operating system additional software.
The Linux family is small in terms of the number of "relatives" on the line of one or another core of the system. The differences are more social in nature - in the sense of the attachment of developers to the formulation and implementation of the capabilities of the operating system.
In reality, in order to solve a specific task of raising hosting, it is necessary to decide on the necessary functionality, the required performance, conceptual priorities and a specific choice of a Linux representative, or to focus on Windows Server.
Shifting the priorities of local development
Difficulty assessing the role global network in the development of programming, but it is easy to notice the real shift in the center of gravity: local applications began to be executed as a web resource. Just write a program for a local computer - these are drivers, antiviruses, small projects with simple functionality. The programming language ... VBA, although you can use C / C ++ or C #.
Any information project is a web resource in local network of the company, which can be partially accessible from the global network, for example, to coordinate the actions of employees outside the office who are on the road or on a business trip.
MySQL, PHP, Apache: setting up for a local use case is a completely different dynamic of the application, the required functionality. Modern companies, regardless of size, number of employees, and field of activity, seriously consider Internet programming, both local and global.
In this case, the local can be distributed: the company's offices can be located anywhere, but this is not the Internet, but a distributed local network of the company.
MySQL, PHP, Apache setting in local form:
- easily duplicated across network computers;
- provides the ability to dynamically change the active component or compare it with a sample to evaluate hacking attempts;
- gives a reason to develop a security system that is devoid of the risk of being attacked by classical network methods.
Considering that MySQL and Apache are services on Windows, and PHP code is plain text processed by a tool (PHP interpreter) called at the right time by an HTTP server, then the level of mutability, portability and portability of the code will be much higher. than local development tools.
Preparing to Install Apache
Back in the early days, the Unix operating system defined the unspoken principles of loyalty. Since then, everything that was done for Unix-like systems was automatically translated to other platforms. Configuring Apache on Windows is straightforward, but serious tasks require a good deal of skill and detailed understanding of the HTTP server configuration.
First of all you need to download latest version server (today it is version 2.4.33 dated 03/17/2018) from the official website in zip archive format. It should be borne in mind initially that server versions are numerous and are offered on many third-party resources, so it is important to choose an official implementation hosted on a trusted web resource.
Previously, it was popular to install a server using a special installer. It is now common practice to simply deploy a zip archive. It is easier and makes it possible to understand the essence of the configuration process, which is very important and subsequently allows you to optimize the server for the required load and functionality.
Editing the configuration file
Server configuration is determined by a set of configuration files located in the conf folder. The main Apache configuration file is httpd.conf.
In the overwhelming majority of cases, it is necessary to make changes to the main file, to clarify the contents of the files responsible for ssl and virtual hosts. The rest of the settings are usually made in the process as problems arise or tasks are solved. Primarily further settings related to the optimization of Apache or the expansion of its capabilities.
To successfully start the server, it is enough to edit only one line (in order - 38th) - and the Apache configuration is completed.
In the previous versions of the server configuration, it was required to make numerous edits for the real situation, but now there is a "universal" variable SRVROOT. It is worth specifying its correct value (the path to the server location), and everything will work right away.
Server hosting procedure
The location of the server must be carefully considered. Apache itself is interesting, but when equipped with PHP and MySQL, it is doubly interesting. It's better when everything related to web development is in one place. You can agree to the default paths, but modern programming not so ideal in its implementation, so you will have to keep your finger on the pulse unambiguously and often. In addition, when choosing a convenient location, all initialization and configuration files, as well as logs on the operation of installed products, will be available.
The downloaded Apache official zip file should be deployed to the location of your choice, separating the tool and work. V this example the C: \ SCiA folder is a tool (Apache24, PHP, MySQL, ...), and the SCiB folder is the work of, in fact, sites that are created, maintained or upgraded.
As a result of the first stage of work, only the bin, cgi-bin, conf, error, ... subfolders with all their contents get into the C: \ SCiA \ Apache24 folder.
Editing the hosts file
The second step is to properly configure hosts file- an indication of which IP addresses are on this computer mapped to what names. If only one site will be developed or maintained on a computer, then nothing can be changed.
Base IP - 127.0.0.1 usually always points to localhost. The hosts working file is located at c: \ Windows \ System32 \ drivers \ etc and looks like below.
To put the hosts file in the right place, you need to use the command line in administrator mode. You can prepare the correct contents of the file anywhere in the file system of your computer, but you can write it to the address c: \ Windows \ System32 \ drivers \ etc only with a tool that has administrator rights. Across command line this is the easiest way to do it.
Installing Apache Server
It couldn't be easier. It is enough to run the command line as administrator and go to the C: \ SCiA \ Apache24 folder. Since this is the way to Windows system then forward slashes are used. In a specific case, the path may be different. But if you can somehow experiment with the name of the folder for the location of the holy trinity - Apache, PHP and MySQL, then changing the folder names for each of them is impractical.
In this case, the server archive is deployed in the C: / SCiA / Apache24 folder, therefore, you need to write the command in the bin folder:
- httpd.exe -k install
The server will test the configuration file and install itself. Most likely, there will be minor errors, but if you edit the configuration file correctly, then all errors will be minor and can be quickly fixed.
Window (1) command line - service installation, window (2) - list of services in which the server appeared, window (3) - source file index.html, located at C: / SCiB / localhost / www, window (4) - the result of the server.
In this example, a mistake was deliberately made: instead of setting the value of the SRVROOT variable, numerous edits were made "the old fashioned way": everything was manually changed. This is not the best solution. Before applying knowledge, you should familiarize yourself with the current version of the product. As a rule, things change rapidly, and knowledge should be applied "with knowledge and understanding of the current situation."
Zip file deployment practice
Modern sites are not always written on site management systems. There is a lot of manual labor. The problem of transferring the site to another hosting caused good decision- zip archive. Collapsed content in one place, deployed - in another.
Having an installer is good practice, but the dynamics of modern information technologies does not give time to write beautiful installations. Installing via zip deployment is modern, practical, and convenient. In this case, the Apache configuration is limited to changing the configuration files.
When installing the server, it is important to specify:
- Where is he located;
- where is the web resource (localhost);
- using ssl;
- virtual hosts.
The last position is relevant when it is supposed to develop or maintain several resources on the server at once. For a real developer, this is a must-have decision: even if he provides the operation of one site, it will not be superfluous to have a fallback.
Gentlemen's sets
The ease of deploying the zip archive is obvious, Apache (installation and configuration) is just two to three clicks. However, the result when installers were popular was equivalent. The developer simply spent more time developing the next version of his product. Installing a server, server language, and database is essentially just a bunch of files, starting services, a hosts file, and default paths in the operating system variable path.
The appearance of Denver and similar gentlemen's kits of the developer was a revolutionary step in the direction of simplicity and convenience, but make no mistake. Revolution and programming are absolutely incompatible things. The first is a child of the conflict and its stormy solution, the second is a serious matter that requires absolute calmness, punctuality, accuracy, consistency, attentiveness, safety, reliability.
Configuring the Apache server is a serious procedure that needs to be taken very carefully and everything should be done so that tomorrow you can change and clarify something.
In most cases, the development of web resources is a rather lengthy process in which the requirements for services (Apache, PHP, MySQL, ...) change quickly, but there is always time to understand the next task and its optimal solution... But this is not a reason to go about the gentlemen's sets. Time passes, but the gentleman does not change, this is a much more weighty argument than the Denver declaration - it is simple, fast and affordable.
Several sites - one server
Configuring Apache 2.4 for a single host is an unnecessary luxury. Despite its compact design, this server bears a huge weight of responsibility for more than half of the active web resources of the Internet. In addition, not all resources have a representative part and are visible on the network.
The server can be used as a database, as an information transfer point, as a filter, as a parser, as a working mechanism in a more global information process... As a result, configuring Apache virtual hosts is almost always required.
One server can support as many web resources as you want, for this you need to remove the comment from line 501 in the httpd.conf file:
- # Include conf / extra / httpd-vhosts.conf
and describe all the required hosts in a file
- extra \ httpd-vhosts.conf.
It may be necessary to clarify which ports and IP the server is listening to, but this is a separate topic, for the first time you can limit yourself to what is.
It should be noted that in the example, for the convenience of describing real virtual web resources (and there are many of them), the (DOCROOT) variable is introduced with the path to shared folder all web resources accessible through the installed server.
Apache SSL configuration is available in a similar way. In the httpd.conf file, you just need to leave "as is" lines 524 through 531, which are responsible for the operation of SSL.
The simplicity and complexity of Apache
The days when setting up a server was really difficult are long gone. Configuring Apache today is a very simple procedure that does not require any special skills from the developer.
Three simple steps:
- expand the archive;
- change the configuration file;
- install the server.
As a result, Apache is fully functional. If you do not take into account the intricacies of the server operation at maximum load or perform local development on a Windows computer, additional knowledge is not required.
Difficulties can arise on Linux systems. Significantly different understanding of the file system, user and group rights, as well as the organization of the process of interaction with other applications require a developer to have greater competence and understanding of how Linux computers work.
Configuring Apache on any Linux system opens up much more possibilities for the developer and gives access to the local network and the Internet. Traditionally, a Windows computer is a local workstation with an internal server. Linux computer - and a local network node or point in the Internet space.
Professional development environment
Apache is a fundamental building block of the Internet space that can be easily configured, used, and the backbone of a company.
This logic assumes the presence of at least one server on the network on CentOS, Ubuntu, FreeBSD, Windows workstations. It is optimal to have two Linux servers (primary and secondary), Apache configuration for a local computer in Windows environment. In the event of a virus attack or an unforeseen situation, the auxiliary server will replace the main one, and the main one - for repair and restoration. You can replace the local Apache installation on a workstation (under Windows) from the archive.
This trivial solution can be refined and supplemented in real practice. The size of the company's information flows can determine the desired configuration and the required number of servers. Actually, Apache is designed to work under load, but nothing prevents you from distributing the responsibilities of one server over several. A solution that takes into account the specifics of a particular company is always more promising than adapting a third-party option.
Earlier in our Linux Fundamentals series, we covered the basics of working with the Apache web server. It is the world's most widely used web server on the Internet (as of July 2015, Apache had 38%, IIS had 26%, and Nginx had 15%). Therefore, the more you know about it and understand how it works, the more success you will achieve when hacking it.
Today we'll go over the basics of configuring an Apache server. As we wrote earlier, configuring and configuring almost all applications in Linux or Unix is done through config files which are plain text. Apache is no exception here. Therefore, in this article we will focus on the apache2.conf configuration file located in the / etc / apache2 directory.
Step 1. Start Apache2
Let's start by running Apache2. We will do this through the Kali graphical shell by going to Applications -> Kali Linux-> System Services -> HTTP -> apache2 start as shown in the screenshot below.
Or run it through the command line by typing the following command in the terminal
Kali> service apache2 start
This starts the Apache2 daemon, and from now on, the web server should be serving our content on the internet.
Step 2. Check server health
To check if our Apache server is running, let's just navigate to localhost or 127.0.0.1 in the browser. If you see the page as in the screenshot below, then it means that the server is working fine!
Step 3. Open the config file
To configure Apache, we need to go to the / etc / apache2 directory.
Kali> cd / etc / apache2
Let's display a list of all files in this directory:
Kali> ls -l
As you can see, there are several files and subdirectories in this directory. For now we are only interested in the apache2.conf file, but note that we have a ports.conf file and a sites_available folder that we will need a little later, and there are several other configuration files and folders.
We can open apache2.conf in any text editor, but here we'll be using Leafpad. The file can be opened by simply typing in the console:
Kali> leafpad /etc/apache2/apache2.conf
As you can see, this command opens a text file with all the configuration information for our Apache web server. To set up the server, we will now try to acquaint you with all the key points of this file.
Step 4. ServerRoot
Let's scroll down, skip all comments and find line # 70, where the global settings section begins. Here we see the ServerRoot settings. This is the top of the directory tree where the Apache server stores all server-related files. Line # 84 defines ServerRoot. We can simply uncomment this line if we want to set / etc / apache2 as the ServerRoot. We recommend that you do this.
Step 5. Timeout
In the next section, we have the variables that define the parameter values: Timeout, KeepAlive, MaxKeepAliveRequests and KeepAliveTimeout.
- Timeout: This is the time during which the server must fulfill the user's request. Its default value is 300, which means that the server must process each request within 300 seconds or 5 minutes. This is definitely too long and can be set to 30 seconds.
- Keepalive: This means the server stays alive (keeps the connection) for multiple requests from the same client. The default is On. This means that clients do not need to create a new connection for every request to our server. This approach saves server resources.
- MaxKeepAliveRequests: This value defines the maximum number of seconds allowed between requests received from an established connection with one client. If we set this value to 0, then the amount of time is not limited.
- KeepAliveTimeout: This is the amount of time between requests to determine if the connection is still alive (established).
We suggest that you leave all the default values, except for the "Timeout" parameter. Each situation is different and you may need to change these defaults in order to tailor server performance to your environment.
Step 6. Apache2 user and groups
Let's scroll down a few lines in apache2.conf again until we get to line # 177. Here we can set the Apache2 user and groups. Note the comment on line # 177. It states that we can set these variables in the envvars file (environment variables). We'll leave this question for future articles, but for now, just keep in mind that both User and Group are variables that come from / etc / apache2 / envvars.
Finally, the last section, which is of great importance to Apache security, starts at line # 193. This section ensures that web clients cannot access the .htaccess and .htpasswd files.
Step 7. Logging
The next section describes how Apache manages the logs.
In the first subsection, we refer to the HostNameLookups parameter. This directive tells Apache2 if it should perform DNS lookups when it logs established connection... With the default "Off", Apache2 performs much better.
Step 8. Available sites
Now let's take a look at the site_available directory (accessible sites) and, most importantly, at the file that is in it by default. It is often referred to as the default Virtual Hosts file. Open this file by typing in the console:
Kali> leafpad / etc / apache2 / site_available / default
As you can see, there are three critical areas in this file. The first line defines which port the web server is listening on. It is defined here that it listens to any interface on port 80 (*: 80). The second line defines the address Email, to which you need to send notifications in case of problems with the server. By default, there is an address if you are system administrator, then you can enter your email address here. The third element may be the most important - the DocumentRoot. It determines where the content for this virtual host will be placed, the default is / var / www. We suggest that you leave everything as it was defined by the developers.
Step 9. Ports
Finally, we can go even lower in the apache2.conf file to line # 248 - "include port.conf". This directive simply tells Apache to go into the port.conf file to find the ports it should be listening on.
Apache is a web server.
Config files
By default, all configuration files are stored in the "conf" folder.
httpd.conf is main config file apache server. For the changes made to this file to take effect, you need to restart the apache server.
In the "extra" folder (inside the "conf" folder) there are additional config files... If necessary, they can be connected inside the main configuration file.
Configuration File Syntax
There should be only one directive on one line. The \ (backslash) character can be used as the last character of a line to indicate that the directive continues on the next line. There must be no other whitespace after the \ character except the end-of-line character.
The directive and its arguments are separated by a space. The arguments themselves are also separated by spaces. If the argument contains spaces, it must be enclosed in quotation marks.
Directives are not case-sensitive, while arguments, on the contrary, are sensitive.
A line that begins with a # (hash) character is considered a comment and is ignored. A comment cannot be located on the same line as a directive.
Whitespace inserted before the directive is ignored, so it can be used to insert indentation to make the code easier to read. Blank lines are also ignored.
Modules
A module is just a plug-in file that allows you to add additional functionality. All plugins are located in the "modules" folder by default.
Modules allow you to use directives that are not part of the Apache web server core.
.htaccess
Htaccess is an additional configuration file for the Apache web server and similar servers. It allows you to customize functionality for individual directories without changing the main configuration file, since access to it is most often denied.
The .htaccess file only affects the directory in which it resides and its child directories. Htaccess file can be placed in any directory. The directives of this file affect all files in the current directory and in all its subdirectories (unless these directives are overridden by the directives of the underlying .htaccess files).
Changes made to the .htaccess file do not require a server restart.
If any error was made in the .htaccess file, for example, a directive or directive value is incorrectly written, the server will return an error: Error 500.
Htaccess file uses the same syntax as Apache config files.
You can see which directives can be located inside the .htaccess file in the directory of directives in the "Context" of a particular directive.
