CMTS info

Helpful linux and DOCSIS/CMTS howtos and tips

Installing Apache httpd

1) Installation

To decompress simply execute:

gzip -d httpd-NN.tar.gz
tar xvf httpd-NN.tar
cd httpd-NN

Where NN is version number. To compile execute:

./configure
make
make install

By defult program installs itself in /usr/local/apache2 which can be changed with --prefix=newdir when running configure

./configure
2) Starting apache for the first time

In most cases after installation the server is ready to use. To start execute: 

/usr/local/apache2/bin/apachectl start

As seen in above example apachectl is used to controll httpd server. Apart from standard functions: start, stop and restart it has other usefull uses.

-l shows list of compiled modules
-L shows list of configuration directives(to be used in config files)
-S shows virtual hosts
-M shows list of loaded modules
-t checks configuration file syntax - remember to run befere restarting the daemon

In rare cases of apache not starting check the config file (-t option) than check apache logs /usr/local/apache2/logs and then syslog for errors. This server likes not to start and print no error messages on the console.

On this stage httpd serves data from /usr/local/apache2/htdocs . Some people may stop there.

3) Basic configuration

To specify different root directory for our www, for example /var/www, simply edit two directives in config file /usr/local/apache2/conf/httpd.conf

First one DocumentRoot - specifies root location for our webpage: 

DocumentRoot "/usr/local/apache2/htdocs"

Must be changed to: 

DocumentRoot "/var/www"

Next step is to grant access rights for the directory. Changing old directory directive is the easiest way:

<Directory "/usr/local/apache2/htdocs">

Is repalced with:

<Directory "/var/www">

For the changes to take place restart is needed.

/usr/local/apache2/bin/apachectl restart
4) User web directories

This will enable every user to have his/her own webpage on our server without need for per user configuration
Its as easy as uncommenting one line:

#Include conf/extra/httpd-userdir.conf

and restarting the daemon 

/usr/local/apache2/bin/apachectl restart

By default files from /home/some_user/public_html are served. To change the directory name to html simply edit extra/httpd-userdir.conf and replace lines containing "public_html" to "html":

UserDir public_html  
<Directory "/home/*/public_html">

is to be changed to:

UserDir html  
<Directory "/home/*/html">

It might be a good idea to disable creation of indexes (in case there is no index file). Simply edit above file and replace:

Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec

with

Options MultiViews SymLinksIfOwnerMatch IncludesNoExec

To cemplete restart the server. Next time someone tries to access directory without index file will see 403 error.

5) Virtual hosts (method 1 - name based)

Next usefull function is hosting several domains on same server. It can be acomplished in two ways:

First method uses domain names sent in http headers
Cons:
-not to be used with SSL
-ancient browsers are not compatible
-Dividing bandwidth between domains is harder
Pros:
-IP addresses conservation

To enable vhosts (both methods) uncomment line::

#Include conf/extra/httpd-vhosts.conf

WARNIG! Default domain is LOST - it must be specified again. Per directory configuration(access rights, options) are preserved.
Next edit file mentioned above. In main part there are two vhost configurations. First one is default - used when explicitly requested or when no other vhost matches.

DocumentRoot and ServerName directives are mandatory. First specifies root dir and second domain name. ServerAlias specifies more domain names matching vhost, using it is always a good idea. Assume we have two domains: example1.org and example2.org. Httpd must also serve pages when domains with ww, www and wwww prefixes are specified. Vhost configuration would be:

<VirtualHost *:80>
   DocumentRoot "/var/www"
   ServerName example1.org
   ServerAlias www.example1.org ww.example1.org wwww.example1.org
</VirtualHost>

<VirtualHost *:80>
   DocumentRoot "/var/www2"
   ServerName example2.org
   ServerAlias www.example2.org ww.example2.org wwww.example2.org
</VirtualHost>

Directory /var/www2 has no acces rights one would get 403 error when trying to access it. Easiest fix: copy /var/www configuration:
<Directory "/var/www"> a </Directory> and change "/var/www" to "/var/www2"

6) Virtual hosts (method 2 - IP based)

Second method uses different IPs for every domain
Cons:
-wasting IP addresses
Pros:
-can be used with SSL
-dividing bandwidth possible and easy
-httpd can be run in several instances (one instance per IP). This provides better security - only one domain is compromised if hacker gains controll of httpd instance.

To run IP based vhosts one must only replace * with IP address used for that domain

7) Encryption

Httpd provides built-in SSL/TLS encryption, eanbling it is suprisingly easy. Read on.

First one must create SSL certificate and private keys
Here is an example for OpenSSL:

openssl req -new -x509 -days 9999 -nodes -out httpd.crt -newkey rsa:2048 -keyout httpd.pem
openssl x509 -subject -dates -fingerprint -in httpd.crt -out httpd.crt
chmod 600 httpd.pem

Warning: newer browsers doesn't seem to like self signed certs - error message apears (IE7 no permanent workaround, Firefox 3 - exception must be added)

To enable encryption uncomment:

#Include conf/extra/httpd-ssl.conf

In above file uncomment lines:

#SSLRandomSeed startup file:/dev/urandom 512
#SSLRandomSeed connect file:/dev/urandom 512

Next step is to edit SSL vhost:

<VirtualHost *:443>
        ServerName ssl.example.org
        DocumentRoot /var/www_ssl
        SSLEngine on
        SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
        SSLCertificateFile /path/to/cert/httpd.crt
        SSLCertificateKeyFile /path/to/private/key/httpd.pem
</VirtualHost>

Directory /var/www_ssl also has no acces rights, copy&paste as seen before ;-), restart httpd and all should work

Template: designsbydarren.com on license
All trademarks belong to their respective owners. All materials presented here for informational purposes only.