Saturday, March 17, 2012




An Apache Web Server is a computer that stores information in html format. 
An organization would normally like to store company related information that should be made available to its employees in a publicly accessible location. One such method of doing this is to put up this information in the form of html web pages so that employees and other related people can browse through it whenever they need to.

An organization that needs to have a presence on the internet needs to put up information about itself in a location that is accessible to the rest of the world. The company thus needs to register a domain name for itself for eg, abc.com, host this domain on a DNS server and setup a web server to host all information about itself in html format. The DNS server performs the task of redirecting requests for abc.com to the designated web server for the company.

There are a number of web server softwares available with the various operating systems for eg, IIS with Windows, Iplanet from Sun Solaris etc. The most popular web server software is however the Apache web server which accounts for almost 90% of the web server installations worldwide. In fact Apache is so popular that there even exists a Windows version of Apache.

The reasons for Apache being so popular are :

1. Being a Linux product it is free and open source.

2. It supports SSL encryption at no extra cost (SSL is the secure sockets layer implementation that creates an encrypted tunnel between the client computer and the web site it is accessing thereby securing all information flowing through that tunnel).

3. Its virtual hosting capabilities. (Virtual hosting is a concept wherein multiple web sites can be hosted on a single web server. This is however a feature of all web server software packages).

To install and configure Apache on our Linux box we need the following rpm :
httpd-2.0.40-21

To configure apache :

Edit the file httpd.conf

[root@akhisar root]# vi /etc/httpd/conf/httpd.conf
                                          
ServerRoot "/etc/httpd"                                                  # Line No.56

# StartServers: number of server processes to start              # Line No 103
# MinSpareServers: minimum number of server processes which are kept spare
# MaxSpareServers: maximum number of server processes which are kept spare
# MaxClients: maximum number of server processes allowed to start
# MaxRequestsPerChild: maximum number of requests a server process serves
<IfModule prefork.c>
StartServers                   8
MinSpareServers             5
MaxSpareServers          20
MaxClients                  150
MaxRequestsPerChild 1000
</IfModule>                                                                       # Line No.114







# Listen: Allows you to bind Apache to specific IP addresses and/or
# ports, in addition to the default. See also the <VirtualHost>
# directive.
#
# Change this to Listen on specific IP addresses as shown below to
# prevent Apache from glomming onto all bound IP addresses (0.0.0.0)
#
#Listen 12.34.56.78:80

Listen 80                                                                         # Line No.157

# (Apache web server listens on tcp port 80, by default).

# Apache runs as the user apache and group apache for security reasons
User apache                                                                    # Line No.251
Group apache                                                                  # Line No.252

# ServerAdmin: Your address, where problems with the server should be
# e-mailed.  This address appears on some server-generated pages, such
# as error documents.  e.g. admin@your-domain.com
#

ServerAdmin root@localhost                                           # Line No.259

# ServerName gives the name and port that the server uses to identify itself.
# This can often be determined automatically, but we recommend you specify
# it explicitly to prevent problems during startup.
#
# If this is not set to valid DNS name for your host, server-generated
# redirections will not work.  See also the Use CanonicalName directive.
#
# If your host doesn't have a registered DNS name, enter its IP address here.
# You will have to access it by its address anyway, and this will make
# redirections work in a sensible way.
#
ServerName localhost:80                                                # Line No.273
# (You should enter the IP address of the web server,hostname,FQDN or just localhost)

# Location of the html web pages for the company web site
DocumentRoot "/var/www/html"                                          # Line No.289


# Line Nos.338 to 343
# Controls who can get stuff from this server.
#
    Order allow,deny
    Allow from all

</Directory>

# Specifies the names that can be used for the index or home page of the web site
DirectoryIndex index.html index.html.var index.htm index.php  # Line No.408
# (By default index.htm and index.php are not included, you will have to add them
#  here if you have index pages with those extensions).

# Line Nos.952 to 972

# Allow server status reports, with the URL of http://servername/server-status
# [Change the ".your-domain.com" (for eg,lansmart.com) to match your domain to enable.
# You can also enter the subnet address of the network from which web requests will be
#  made, for eg, 192.0.2.0/24]
# To access this html page open your web browser and type in the following URL:
# http://www.lansmart.com/server-status. This page will now be inaccessible to everyone with the
# exception of users connecting from the authorized subnet 192.0.2.0.

<Location /server-status>
    SetHandler server-status
    Order deny,allow
    Deny from all
    Allow from .your-domain.com
</Location>

# Allow remote server configuration reports, with the URL of
#  http://servername/server-info (requires that mod_info.c be loaded).
# Change the ".your-domain.com" (for eg,lansmart.com) to match your domain to en# able. You can also enter your # subnet address here eg,192.0.2.0/24
# To access this web page open up your web browser and type in the following URL
# http://www.lansmart.com/server-info
<Location /server-info>
    SetHandler server-info
    Order deny,allow
    Deny from all
    Allow from your-domain.com
</Location>

# Line No.1009 onwards
### Section 3: Virtual Hosts

NameVirtualHost 192.0.2.172
<VirtualHost 192.0.2.172>
ServerName www.lansmart.com
DocumentRoot /var/www/html/lansmart
</VirtualHost>

NameVirtualHost 192.0.2.173
<VirtualHost 192.0.2.173>
ServerName training.lansmart.com
DocumentRoot /var/www/html/training
</VirtualHost>

NameVirtualHost 192.0.2.171
<VirtualHost 192.0.2.171>
ServerName sales.lansmart.com
DocumentRoot /var/www/html/sales
</VirtualHost>

<VirtualHost 192.0.2.171>
ServerName tech.lansmart.com
DocumentRoot /var/www/html/tech
</VirtualHost>

<Directory "/var/www/html/lansmart">
AuthType Basic
AuthName Lansmart
AuthUserFile /etc/httpd/passwd
require valid-user
</Directory>

# (Virtual Hosting as explained earlier is a means of configuring multiple web sites on a single web server. This saves us the cost of purchasing multiple computers or multiple network cards. Using just one computer and one network card we can host multiple web sites. This is especially made use of by web hosting providers. Virtual Hosting is of two types,

a. Name based hosting
Here, all web sites hosted on the web server use the same IP address.

b. IP based hosting
With IP based hosting, all web sites hosted use a different IP address.

Let us consider a scenario in which our organization `Lansmart Technologies' needs to host two four web sites: www.lansmart.com, training.lansmart.com, sales.lansmart.com and tech.lansmart.com.
The first two sites, www.lansmart.com and training.lansmart.com should be IP based and the other two sites should be name based.

Steps to follow to configure your apache web server for the above scenario:

[ The hostname of our Apache web server is akhisar having an IP address 192.0.2.171 ]
akhisar is also hosting DNS server services for ‘Lansmart’.

Step 1 (For IP based hosting):
Create two virtual cards eth0:0 and eth0:1 having the IP addresses 192.0.2.172 and 192.0.2.173 respectively.

Step 2 : Configure your DNS server to support these hostnames (Forward and reverse lookup)

First configure the index file /etc/named.conf to support the domain lanmsart.com
(Refer to the chapter on DNS Server for this)

Configure the forward lookup file for lansmart.com (Refer to the chapter on DNS)

[root@akhisar root]# vi /var/named/lansmart.forward
                               akhisar       A    192.0.2.171
                               www       A    192.0.2.172
                               training   A    192.0.2.173


(akhisar is the actual hostname of the web server computer having the IP address 192.0.2.171)



Configure the reverse lookup file (Refer to the chapter on DNS)

[root@akhisar root]# vi /var/named/lansmart.rev
                              171        PTR    akhisar.lansmart.com.
                              172        PTR    www.lansmart.com.
                              173        PTR    training.lansmart.com. 

Step 3 (For Name based hosting) :
Configure CNAME records for the hostnames sales.lansmart.com and tech.lansmart.com in the forward lookup file).

[root@akhisar root]# vi /var/named/lansmart.forward

   akhisar      A          192.0.2.171
   sales      CNAME  akhisar.lansmart.com.
   tech       CNAME  akhisar.lansmart.com.


Create the file /etc/resolv.conf with the necessary information on the DNS server and on each Linux DNS client host computer.

Test your DNS configuration with the nslookup and dig commands to make sure that everything is working as it should.

Step 4: Configure Apache Web server
Configure the httpd.conf file as shown above to support the virtual hosts.
Create the necessary folders (in the /var/www/html folder), lansmart, training, sales and tech, to store the html pages for the respective web sites. Create the index.htm and the rest of the html pages in these folders.

A sample index.htm file is shown below:

[root@akhisar root]# vi /var/www/html/lansmart/index.htm
  <html>
  <h1>
   Welcome to Lansmart
  </h1>
  </html>

In the file httpd.conf, the Virtual host sections define the name of the web site and the path to the folder in which the html pages for that site are stored.
Both IP based sites (www.lansmart.com & training.lansmart.com) will have the line `NameVirtualHost <IP Address>' since they are running on different IP addresses. The Name based site sales.lansmart.com will also have the line `NameVirtualHost <IP Address>' since it is running on a different IP address than the IP basedsites. However the site tech.lansmart.com will not have the `NameVirtualHost' line as it is running on the same IP address as sales.lansmart.com, i.e. 192.0.2.171.
(The Virtual host sections are written in XML).


Testing
Connect to the apache web server from a client computer, open up your web browser and test connectivity to all four web sites :
www.lansmart.com
training.lansmart.com
sales.lansmart.com
tech.lansmart.com

‘Web pages for all the four sites should open without any problem’.

Testing Authentication :
The `Directory' section specifies the authentication to be used before being granted access to the site. Here we configure authentication for the site www.lansmart.com. This would require protecting the html pages for this site (stored under /var/www/html/lansmart). AuthType specifies the type of authentication being used, here the keyword `Basic' specifies that username/password authentication is being used. Whenever a request is made for www.lansmart.com an authentication window will open up requiring the user to enter an authorized username/password combination. `AuthName' is the heading that appears at the top of this authorization window. `AuthUserFile' specifies the name and path to the file in which the authorized usernames and password have been stored. We define this file to be `passwd' stored in /etc/httpd.

The keyword `require valid-user' will prevent non-authorized access to the web site www.lansmart.com.

The file `/etc/httpd/passwd' does not exist by default, it will have to be created.

[root@akhisar root]# cd /etc/httpd
[root@akhisar httpd]# touch passwd

Enter the authorized username and password combinations you require :

[root@akhisar httpd]# htpasswd -m passwd webuser
New password:
Re-type new password:
Adding 'password for user webuser

Here we create an authorized user called webuser and assign him a password.
Create additional authorized usernames/passwords if required.

Note : The authorized usernames that we create need not be those of valid users existing on the Linux web server computer. The names can be fictitious unlike our Samba server configuration which requires valid usernames for authentication.

Whenever a user tries to access the web site www.lansmart.com an authentication windows pops up asking for a valid username and password combination.

Here the user needs to enter the authorized username as `webuser' and the password assigned to that user.





No comments:

Post a Comment