Apache
From Alessandro's Wiki
Revision as of 21:59, 22 September 2011 by Xunil (talk | contribs) (→PHP options (in .htaccess file))
- Potente server web multipiattaforma
Configuration
Set a ServerName!
PHP options (in .htaccess file)
expose_php = On error_reporting = E_ALL|E_STRICT html_errors = Off display_errors = On display_startup_errors = On log_errors = On log_errors_max_len = 19024 report_memleaks = On error_log = /home/users/web/bEXAMPLE/pow.USERNAME/php_error.log register_globals = Off register_long_arrays = Off register_argc_argv = Off
- php_value post_max_size "40M"
- php_value upload_max_filesize "40M"
Bandwidth
tar zxvf mod_bw-0.7.tgz cd mod_bw apxs2 -i -a -c mod_bw.c
Named virtual host template
- check before the upper configuration defining which type of virtual host you wanna use:
- this will go into /etc/apache2/vhosts.d/00_default_vhost.conf in Gentoo
Listen *:80 NameVirtualHost *:80
<VirtualHost *:80>
ServerAdmin staff@server.com
ServerName server.com
DocumentRoot /var/www/server.com/public_html
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /var/www/server.com/public_html >
Options FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>
</VirtualHost>
Virtual host redirect
* if you want to have the http://yoursite redirected to the www.yoursite, you can use this VH template:
<VirtualHost *:80>
ServerName alessandrodelgallo.org
ServerAlias blog.alessandrodelgallo.org
Redirect permanent / http://www.alessandrodelgallo.org/
</VirtualHost>
- or if you don't want to (or you can't) change the Apache settings, use this html code"
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <html> <meta HTTP-EQUIV="REFRESH" content="0; url=http://webiste.to.redirect.to"> </html>
logs
- modify the log amaunt and files:
- log levels: debug,info,notice,warn,error,crit,alert,emerg
LogLevel warn
CustomLog /var/www/SERVER_NAME/logs/access.log combined
ErrorLog /var/www/SERVER_NAME/logs/error.log
RewriteLog /var/www/SERVER_NAME/logs/rewrite.log
autentication
- standard "one-file-all-users" configuration
AuthType Basic
AuthName "Private Area"
AuthUserFile /etc/apache2/passwords
Require valid-user
- protect only some files using regular expressions (with character ~)
<Location ~ "/html/(friends|messages).html" >
AuthType Basic
AuthName "My private files"
AuthUserFile /usr/local/apache/passwd/passwords
Require valid-user
</Location>
- use group support (in my case for subversion):
AuthGroupFile /usr/local/apache/passwd/.htgroup
AuthUserFile /usr/local/apache/passwd/svnusers
<LimitExcept GET PROPFIND OPTIONS REPORT>
Require group subversion
</LimitExcept>
force far expire
ExpiresActive On ExpiresDefault "access plus 1 year"
gzip compression
# add gzip compression / alessandro # Insert filter SetOutputFilter DEFLATE # Netscape 4.x has some problems... BrowserMatch ^Mozilla/4 gzip-only-text/html # Netscape 4.06-4.08 have some more problems BrowserMatch ^Mozilla/4\.0[678] no-gzip # MSIE masquerades as Netscape, but it is fine BrowserMatch \bMSIE !no-gzip !gzip-only-text/html # Don't compress images SetEnvIfNoCase Request_URI \ \.(?:gif|jpe?g|png)$ no-gzip dont-vary # Make sure proxies don't deliver the wrong content # Header append Vary User-Agent env=!dont-vary
Cgi
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>
charset
AddDefaultCharset UTF-8
URL Rewrite
- RewriteEngine on
- RewriteRule ^old\.html$ new.html
- RewriteRule ^old\.html$ new.html [R]
- RewriteRule ^clip/([0-9][0-9])/$ /clip.php?id=$1
- RewriteRule ^css(/)?$ /stylesheets/ [R]
- RewriteCond %{HTTPS} !on
- RewriteRule ^/(.*) https://%{SERVER_NAME}%{REQUEST_URI} [R]
- the following were used to patch a Plone freezed website
RewriteEngine On #RewriteLogLevel 5
# search rewrites
RewriteCond %{QUERY_STRING} ^SearchableText=([^&]+)$ [NC]
RewriteRule .* http://www.google.com/search?q=site:www.the-third-eye.org\ %1 [L,QSA]
# contgent rewirtes RewriteRule ^concepts/ /concepts/view%3fset_language=en RewriteRule ^(.+).jpg/$ /$1.jpg/view RewriteRule ^(.+).png/$ /$1.png/view RewriteRule ^(.+).JPG/$ /$1/view RewriteRule ^(.+).jpg.1$ /$1.jpg/view
ForceType text/html
Direcoty Indexes
Per ingrandire la colonna del nome del file:
IndexOptions NameWidth=*
Aggiungere un alias per esportare una directory non nella root www:
Alias /_bin "/ciao/_linux_bin/" <Directory "/ciao/_linux_bin/"> Options Indexes MultiViews AllowOverride None Order allow,deny Allow from all </Directory>
IP filters
- Allow
Allow from 192.
- Deny
Deny from host.domain.com Deny from 192.168.0.44
- check behavior
Order deny,allow Deny from all
SVN (mod_dav_svn)
<Location /svn/repos>
DAV svn
SVNPath /var/svn/repos
AuthType Basic
AuthName "Subversion repository"
AuthUserFile /var/svn/conf/svnusers
Require valid-user
</Location>
usermod -a -G svnusers apache
APACHE2_OPTS="${APACHE2_OPTS} -D SVN -D SVN_AUTHZ -D DAV -D DAV_FS"
htpasswd2 -c /usr/local/apache/passwd/svnusers user1 htpasswd2 /usr/local/apache/passwd/svnusers user2
SSL VirtualHost
- using Gentoo distribution.
- enable ssl use flag for apache package
- edit default virtual host for a listening interface and port:
"Listen [::]:443" or "Listen 0.0.0.0:443" or Listen 192.168.82.82:443
- we want name based virtual hosts
NameVirtualHost *:443
Generating certificate
- replace the "server" name with your domain name of your website.
SRVname=server cd /etc/ssl/apache2 openssl genrsa 2048 > $SRVname.key openssl req -new -x509 -nodes -sha1 -days 365 -key $SRVname.key > $SRVname.crt
- Repeat the last step as many virtual hosts you have to serve under an ssl connection, remember to change the SRVname variable in the code:
Virtual host configuration
- example of a basic ssl virtual host:
<VirtualHost *:80>
ServerName mysslvirtualhost.example.com
ServerAlias mysslvirtualhost
Redirect permanent / https://mysslvirtualhost.example.com/
</VirtualHost>
<VirtualHost *:443>
DirectoryIndex index.php
# SSL
SSLEngine on
SSLCertificateFile /etc/ssl/apache2/server.crt
SSLCertificateKeyFile /etc/ssl/apache2/server.key
ServerName mysslvirtualhost.example.com
ServerAlias mysslvirtualhost
SSLOptions StrictRequire
SSLProtocol all -SSLv2
#
DocumentRoot "/var/www/mysslvirtualhost/htdocs"
<Directory "/var/www/mysslvirtualhost/htdocs">
SSLRequireSSL
AllowOverride All
Order Deny,Allow
Allow from All
</Directory>
CustomLog /var/log/apache2/mysslvirtualhost.log combined
ErrorLog /var/log/apache2/mysslvirtualhost_error.log
LogLevel warn
</VirtualHost>
Proxy
- directives to have into httpd.conf or a virtual host configuration file
- permissions
<Proxy *> Order deny,allow Deny from all Allow from all </Proxy>
Reverse Proxy
ProxyPass /foo http://foo.example.com/bar ProxyPassReverse /foo http://foo.example.com/bar
Forward Proxy
ProxyRequests On ProxyVia On
Linux distribution specifics
Gentoo
- vado diretto alla versione 2:
- file di configurazione;
/etc/apache2/httpd.conf
- Directory del web default:
/var/www/localhost/htdocs
- Installarlo:
emerge -pvtD apache
controllare le USE flags che ci servono e poi
emerge apache
Fedora
- file di configurazione;
/etc/httpd/conf/httpd.conf
- Directori del web default:
/var/www/html/
- Installarlo
yum install httpd
