CSUF LogoCSUF Site Navigation
optics.csufresno.edu

F12 Apache/MySQL/PHP Services & Applications Apache Server

Department of Electrical and Computer Engineering
Associate Professor Gregory R. Kriehn
Forums
Wiki
F12 Apache Web Server

The Apache web server has got to be the easiest server-based package I have ever set up on a Linux server (unlike the beast known as samba). It typically takes about 5 minutes for me to get Apache up, running, and serving web pages correctly. Hats off (Fedoras off?) to the developers, because they have done an excellent job in their coding, implementation, documentation, etc.

The master configuration file for Apache is found in /etc/httpd/conf/httpd.conf. The file is extensively documented, meaning that it is very, very easy to just read through the file and set the appropriate options as you scroll through it. Some of the more important options that need to be made include:
ServerAdmin [user]@[domain].[name]
ServerName [host].[domain].[name]:80
DocumentRoot "/var/www/html"

<Directory />
     Options FollowSymLinks
     AllowOverride None
</Directory>

<Directory "/var/www/html">
     Options FollowSymLinks
     AllowOverride All
     Order allow,deny
     Allow from all
</Directory>
The first line sets the e-mail address where problems with the server should be e-mailed. The address appears on some server-generated pages, such as error documents. The second line sets the fully qualified domain name and port number that the server uses to identify itself. The third line sets the directory where web pages will actually served from. /var/www/html is the default directory for Fedora Core distributions. Next, we change the default permissions for Apache. I have set the "AllowOverride All" option because I need to be able to setup certain web pages that first request a valid username and password, such as the networking page. See the .htaccess settings section below for details. Additional settings include:
<IfModule mod_userdir.c>
    UserDir www
</IfModule>

<Directory /home/*/www>
    AllowOverride All
    Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
</Directory>
The biggest change to note is the setting of the user directory to "www" ("UserDir www"), which allows for local users to create their own web pages within a ~/www directory. This means that "www" is appended to a user's home directory if a ~[user] request is received. For example, I keep the vast majority of my web files in a /home/kriehn/www directory, with additional subdirectories under it. The Linux Systems Administration - Fedora Core Notes page, for example, is stored in /home/kriehn/www/fedora/fedora.html, meaning that Apache will allow access to this page if you type in the name of the server, in addition to the location where the local user's page is kept, based upon the ~[user] rule. So, access to the fedora.html page is granted with the following web address:

http://optics.csufresno.edu/~kriehn/fedora/fedora.html

A caveat to this is that SELinux must be set up properly to allow access to home directories. See the SELinux page for details under HTTPD Service. Some view this setup as a security hole, since it confirms the presence of a username on the system, but I have a program called blockhosts that only allows for 3 failed logins from a remote IP address before shutting the offending party out of the server's login process for 3 months. It also has the added benefit of very quickly shutting down script kiddies. blockhosts is discussed in detail in the blockhosts
page.

Sometimes I like to have symlinks present in my ~/www directory that point to other files that may be updated on a regular basis, like my vitae vitae.pdf, but as an added security precaution, I only allow for Apache to access the symlinked file if it also owned by me (the "SymLinksIfOwnerMatch" option). This prevents me from, say, linking to a file owned by root and allowing the file to be accessed by the world via Apache. Basically, it is a nice guard against stupidity.

Directory Override Settings

There are some additional overrides that I have setup for my server with regard to phpMyAdmin, Joomla Administration, my Fedora Repository, etc. For instance, the phpmyadmin and administrator subdirectories need to be password protected, but people need to be able to browse through the directory stucture of the Kriehn Repository:
<Directory "/var/www/html/joomla/administrator">
  AllowOverride All
  Order allow,deny
  Allow from all
</Directory>

<Directory "/var/www/html/fedora">
  AllowOverride All
  Options Indexes SymLinksIfOwnerMatch
  Order allow,deny
  Allow from all
</Directory>

<Directory "/var/www/html/teaching/ece71/CONFIDENTIAL">
  AllowOverride All
  Options Indexes SymLinksIfOwnerMatch
  Order allow,deny
  Allow from all
</Directory>

<Directory "/var/www/html/testing">
  AllowOverride All
  Order allow,deny
  Allow from all
</Directory>
Alias Settings

I use an alias for MediaWiki, so the root Wiki directory appears to be coming from http://optics.csufresno.edu/wiki even though it is located in http://optics.csufresno.edu/mediawiki/index.php. To add an alias list the alias directory first, followed by the actual directory the web page is located:
Alias /wiki /var/www/html/mediawiki/index.php
.htaccess Settings

A .htacces file can be used to password protect a given directory or directory stucture. To protect a directory, create a .htaccess file in the directory you are interested in protecting:
AuthUserFile /[path]/[to]/[protected]/[directory]/.htpasswd
AuthName "[Title for Protected Directory]"
AuthType Basic
Require valid-user
Save and exit. Then create a user and password file (typically .htpasswd) in the same directory the .htaccess file is located:
~> cd /[path]/[to]/[protected]/directory]
~> htpasswd .htpasswd [user]
Hit Enter, and you will be prompted for a password. Now, whenever a user attempts to access the given directory via the web, he or she will first be prompted for a valid username and password based upon what was just created in the .htpasswd file. Easy as can be!

Restart the httpd daemon:

Finally, restart the httpd daemon:
~> sudo service httpd restart
You should see the daemon successfully stop and restart:
Stopping httpd:                                            [  OK  ]
Starting httpd:                                            [  OK  ]
Apache is now ready to serve web pages.

Change Ownership of /var/www/html/


I find it easiest to change the ownership of everything located in /var/www/html/ to apache.apache so that Apache has permissions to read and write to the files located in the directory, as necessary:
~> sudo chown -R apache.apache /var/www/html/*
~> sudo chown -R apache.apache /var/www/html/*.*
Backups

As mentioned earlier, the base page (index.html) on my web server is located under /var/www/html. Most of my web pages, however, are located in a local ~/www directory that is backed up on an hourly, daily, weekly, and monthly basis. It would be nice to backup the /var/www directory as well, so let's do so now. First, create a ~/linux/backups/www directory:
~> mkdir -p ~/linux/backups/www
Open up the /etc/cron.daily/backups-daily file that was created under the Backups & rync page, and add the following lines:
# Backup the contents of /var/www/ to /home/[user]/linux/backups/www:
rsync -avz --delete /var/www/ /home/[user]/linux/backups/www >> /var/log/rsync/backup-daily-www.log
chown [user].[user] -R /home/[user]/linux/backups/www
I like to place these lines above the rsync command that performs the backup of my home directory so that /var/www is backed up to /home/[user] before /home[user] is backed up to the remote NFS server. Please note that "/var/log/rsync/backup-daily-www.log" should be on the same line as the rsync command, and replace [user] with your username. Save and exit.

Next add the following to the /etc/logrotate.d/backups file:

/var/log/rsync/backup-daily-www.log {
        notifempty
        weekly
        missingok
        rotate 4
}
This will setup log rotation for the log file. Save and exit. The nice thing about backing up /var/www instead of just /var/www/html is that all of the usage statistics are backed up as well, in addition to local cgi scripts, or personalized error pages.

MIME Types

As a final note, if you want Apache to serve specific files a certain way, the configuration file to edit is /etc/mime.types. For example, when someone wants to download one my Animated Backgrounds for Enlightenment (See the Enlightenment pages), I want a Save as window to appear so that the file is automatically saved when someone clicks on .edj link. Therefore, I have added edj (along with sys and inf) to the application/octet-stream line in /etc/mime.types. The line now reads:
application/octet-stream        bin dms lha lzh exe class so dll img iso edj inf sys
That is pretty much it. Save and exit, and restart the httpd daemon:
~> sudo service httpd restart
You should see the daemon successfully stop and restart:
Stopping httpd:                                            [  OK  ]
Starting httpd:                                            [  OK  ]
Serve those web pages!

References

http://httpd.apache.org/docs/2.2/
http://www.cs.dal.ca/studentservices/faq/tutorials/web_sites/htaccess.shtml