An Apache Web Server is a computer that stores information in html format.
An
organization would normally like to store company related information
that should be made available to its employees in a publicly accessible
location. One such method of doing this is to put up this information in
the form of html web pages so that employees and other related people
can browse through it whenever they need to.
An
organization that needs to have a presence on the internet needs to put
up information about itself in a location that is accessible to the
rest of the world. The company thus needs to register a domain name for
itself for eg, abc.com, host this domain on a DNS server and setup a web
server to host all information about itself in html format. The DNS
server performs the task of redirecting requests for abc.com to the
designated web server for the company.
There
are a number of web server softwares available with the various
operating systems for eg, IIS with Windows, Iplanet from Sun Solaris
etc. The most popular web server software is however the Apache web
server which accounts for almost 90% of the web server installations
worldwide. In fact Apache is so popular that there even exists a Windows
version of Apache.
The reasons for Apache being so popular are :
1. Being a Linux product it is free and open source.
2.
It supports SSL encryption at no extra cost (SSL is the secure sockets
layer implementation that creates an encrypted tunnel between the client
computer and the web site it is accessing thereby securing all
information flowing through that tunnel).
3.
Its virtual hosting capabilities. (Virtual hosting is a concept wherein
multiple web sites can be hosted on a single web server. This is
however a feature of all web server software packages).
To install and configure Apache on our Linux box we need the following rpm :
httpd-2.0.40-21
To configure apache :
Edit the file httpd.conf
[root@akhisar root]# vi /etc/httpd/conf/httpd.conf
ServerRoot "/etc/httpd" # Line No.56
# StartServers: number of server processes to start # Line No 103
# MinSpareServers: minimum number of server processes which are kept spare
# MaxSpareServers: maximum number of server processes which are kept spare
# MaxClients: maximum number of server processes allowed to start
# MaxRequestsPerChild: maximum number of requests a server process serves
<IfModule prefork.c>
StartServers 8
MinSpareServers 5
MaxSpareServers 20
MaxClients 150
MaxRequestsPerChild 1000
</IfModule> # Line No.114
# Listen: Allows you to bind Apache to specific IP addresses and/or
# ports, in addition to the default. See also the <VirtualHost>
# directive.
#
# Change this to Listen on specific IP addresses as shown below to
# prevent Apache from glomming onto all bound IP addresses (0.0.0.0)
#
#Listen 12.34.56.78:80
Listen 80 # Line No.157
# (Apache web server listens on tcp port 80, by default).
# Apache runs as the user apache and group apache for security reasons
User apache # Line No.251
Group apache # Line No.252
# ServerAdmin: Your address, where problems with the server should be
# e-mailed. This address appears on some server-generated pages, such
# as error documents. e.g. admin@your-domain.com
#
ServerAdmin root@localhost # Line No.259
# ServerName gives the name and port that the server uses to identify itself.
# This can often be determined automatically, but we recommend you specify
# it explicitly to prevent problems during startup.
#
# If this is not set to valid DNS name for your host, server-generated
# redirections will not work. See also the Use CanonicalName directive.
#
# If your host doesn't have a registered DNS name, enter its IP address here.
# You will have to access it by its address anyway, and this will make
# redirections work in a sensible way.
#
ServerName localhost:80 # Line No.273
# (You should enter the IP address of the web server,hostname,FQDN or just localhost)
# Location of the html web pages for the company web site
DocumentRoot "/var/www/html" # Line No.289
# Line Nos.338 to 343
# Controls who can get stuff from this server.
#
Order allow,deny
Allow from all
</Directory>
# Specifies the names that can be used for the index or home page of the web site
DirectoryIndex index.html index.html.var index.htm index.php # Line No.408
# (By default index.htm and index.php are not included, you will have to add them
# here if you have index pages with those extensions).
# Line Nos.952 to 972
# Allow server status reports, with the URL of http://servername/server-status
# [Change the ".your-domain.com" (for eg,lansmart.com) to match your domain to enable.
# You can also enter the subnet address of the network from which web requests will be
# made, for eg, 192.0.2.0/24]
# To access this html page open your web browser and type in the following URL:
# http://www.lansmart.com/server-status. This page will now be inaccessible to everyone with the
# exception of users connecting from the authorized subnet 192.0.2.0.
<Location /server-status>
SetHandler server-status
Order deny,allow
Deny from all
Allow from .your-domain.com
</Location>
# Allow remote server configuration reports, with the URL of
# http://servername/server-info (requires that mod_info.c be loaded).
#
Change the ".your-domain.com" (for eg,lansmart.com) to match your
domain to en# able. You can also enter your # subnet address here
eg,192.0.2.0/24
# To access this web page open up your web browser and type in the following URL
# http://www.lansmart.com/server-info
<Location /server-info>
SetHandler server-info
Order deny,allow
Deny from all
Allow from your-domain.com
</Location>
# Line No.1009 onwards
### Section 3: Virtual Hosts
NameVirtualHost 192.0.2.172
<VirtualHost 192.0.2.172>
ServerName www.lansmart.com
DocumentRoot /var/www/html/lansmart
</VirtualHost>
NameVirtualHost 192.0.2.173
<VirtualHost 192.0.2.173>
ServerName training.lansmart.com
DocumentRoot /var/www/html/training
</VirtualHost>
NameVirtualHost 192.0.2.171
<VirtualHost 192.0.2.171>
ServerName sales.lansmart.com
DocumentRoot /var/www/html/sales
</VirtualHost>
<VirtualHost 192.0.2.171>
ServerName tech.lansmart.com
DocumentRoot /var/www/html/tech
</VirtualHost>
<Directory "/var/www/html/lansmart">
AuthType Basic
AuthName Lansmart
AuthUserFile /etc/httpd/passwd
require valid-user
</Directory>
#
(Virtual Hosting as explained earlier is a means of configuring
multiple web sites on a single web server. This saves us the cost of
purchasing multiple computers or multiple network cards. Using just one
computer and one network card we can host multiple web sites. This is
especially made use of by web hosting providers. Virtual Hosting is of
two types,
a. Name based hosting
Here, all web sites hosted on the web server use the same IP address.
b. IP based hosting
With IP based hosting, all web sites hosted use a different IP address.
Let us consider a scenario in which our organization `Lansmart Technologies' needs to host two four web sites: www.lansmart.com, training.lansmart.com, sales.lansmart.com and tech.lansmart.com.
The first two sites, www.lansmart.com and training.lansmart.com should be IP based and the other two sites should be name based.
Steps to follow to configure your apache web server for the above scenario:
[ The hostname of our Apache web server is akhisar having an IP address 192.0.2.171 ]
akhisar is also hosting DNS server services for ‘Lansmart’.
Step 1 (For IP based hosting):
Create two virtual cards eth0:0 and eth0:1 having the IP addresses 192.0.2.172 and 192.0.2.173 respectively.
Step 2 : Configure your DNS server to support these hostnames (Forward and reverse lookup)
First configure the index file /etc/named.conf to support the domain lanmsart.com
(Refer to the chapter on DNS Server for this)
Configure the forward lookup file for lansmart.com (Refer to the chapter on DNS)
[root@akhisar root]# vi /var/named/lansmart.forward
akhisar A 192.0.2.171
www A 192.0.2.172
training A 192.0.2.173
(akhisar is the actual hostname of the web server computer having the IP address 192.0.2.171)
Configure the reverse lookup file (Refer to the chapter on DNS)
[root@akhisar root]# vi /var/named/lansmart.rev
171 PTR akhisar.lansmart.com.
172 PTR www.lansmart.com.
173 PTR training.lansmart.com.
Step 3 (For Name based hosting) :
Configure CNAME records for the hostnames sales.lansmart.com and tech.lansmart.com in the forward lookup file).
[root@akhisar root]# vi /var/named/lansmart.forward
akhisar A 192.0.2.171
sales CNAME akhisar.lansmart.com.
tech CNAME akhisar.lansmart.com.
Create the file /etc/resolv.conf with the necessary information on the DNS server and on each Linux DNS client host computer.
Test your DNS configuration with the nslookup and dig commands to make sure that everything is working as it should.
Step 4: Configure Apache Web server
Configure the httpd.conf file as shown above to support the virtual hosts.
Create the necessary folders (in the /var/www/html folder), lansmart, training, sales and tech, to store the html pages for the respective web sites. Create the index.htm and the rest of the html pages in these folders.
A sample index.htm file is shown below:
[root@akhisar root]# vi /var/www/html/lansmart/index.htm
<html>
<h1>
Welcome to Lansmart
</h1>
</html>
In the file httpd.conf,
the Virtual host sections define the name of the web site and the path
to the folder in which the html pages for that site are stored.
Both
IP based sites (www.lansmart.com & training.lansmart.com) will have
the line `NameVirtualHost <IP Address>' since they are running on
different IP addresses. The Name based site sales.lansmart.com will
also have the line `NameVirtualHost <IP Address>' since it is
running on a different IP address than the IP basedsites. However the
site tech.lansmart.com will not have the `NameVirtualHost' line as it is
running on the same IP address as sales.lansmart.com, i.e. 192.0.2.171.
(The Virtual host sections are written in XML).
Testing
Connect to the apache web server from a client computer, open up your web browser and test connectivity to all four web sites :
www.lansmart.com
training.lansmart.com
sales.lansmart.com
tech.lansmart.com
‘Web pages for all the four sites should open without any problem’.
Testing Authentication :
The
`Directory' section specifies the authentication to be used before
being granted access to the site. Here we configure authentication for
the site www.lansmart.com. This would require protecting the html pages
for this site (stored under /var/www/html/lansmart). AuthType specifies
the type of authentication being used, here the keyword `Basic'
specifies that username/password authentication is being used. Whenever a
request is made for www.lansmart.com an authentication window will open
up requiring the user to enter an authorized username/password
combination. `AuthName' is the heading that appears at the top of this authorization window. `AuthUserFile'
specifies the name and path to the file in which the authorized
usernames and password have been stored. We define this file to be `passwd' stored in /etc/httpd.
The keyword `require valid-user' will prevent non-authorized access to the web site www.lansmart.com.
The file `/etc/httpd/passwd' does not exist by default, it will have to be created.
[root@akhisar root]# cd /etc/httpd
[root@akhisar httpd]# touch passwd
Enter the authorized username and password combinations you require :
[root@akhisar httpd]# htpasswd -m passwd webuser
New password:
Re-type new password:
Adding 'password for user webuser
Here we create an authorized user called webuser and assign him a password.
Create additional authorized usernames/passwords if required.
Note
: The authorized usernames that we create need not be those of valid
users existing on the Linux web server computer. The names can be
fictitious unlike our Samba server configuration which requires valid
usernames for authentication.
Whenever
a user tries to access the web site www.lansmart.com an authentication
windows pops up asking for a valid username and password combination.
Here the user needs to enter the authorized username as `webuser' and the password assigned to that user.
No comments:
Post a Comment