Webserver

Apache

Apache2 is the second and actual version. Many advanced applications as web applications require an web server, so apache2 can be used for it.http://httpd.apache.org/docs/2.0/ http://httpd.apache.org/docs/2.0/howto/

Install apache

For gentoo linux the installation is easy. Set use flag apache2. When doing a emerge -pv apache, the variable APACHE2_MODULES shows additional modules, when the default is not ok the file /etc/portage/make.conf can get the APACHE2_MODULES with the corrections. Then emerge apache. Per default the web server uses and initializes the directory /var/www/localhost. If this is not empty, the emerge apache command refuses to write to it, since there is a potential danger to overwrite something (as www-misc/htdig a search robot that might be there). If it is not empty, you will be asks to take care or do something as emerge --config =apache-<x>.<y>.<zz> to initialize and eventually overwrite some files when desired.

Using OpenRC apache can be started as follows:

/etc/init.d/apache2 start

or to do it automatically next boot add it to the run scripts

rc-update add apache2 default

If you get the error:

apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1 for ServerName

add

ServerName <name of my computer>

to /etc/apache2/httpd.conf

Type in your computers IP address in a web browser of an other computer (as 192.168.1.33), or on the same computer where the apache server is running (127.0.0.1). Or http://<computername>. The file /var/www/localhost/htdocs/index.html should now be seen.

Virtual hosts

There is also the possible to have more than virtual host installed on one PC or even more than one web server. http://httpd.apache.org/docs/2.4/vhosts/

Different programs as web applications must be aware when making use of virtual hosts. Gentoo Linux uses the vhost use flag for this purpose.

The virtual hosts are defined in /etc/apache2/vhosts.d where. Every file that ends with .conf will be read in an alphabetical order. Every file with .conf is a virtual host. Additionally the .conf files include other files. So a Gentoo virtual host definition has two files per virtual host a .conf file and a .include file.

Note

The domain names have to be unique on the Internet, so when using something as com then a potential conflict might occur. But for some tests an arbitrary domain name is desired to be taken. The domain name local is commonly used for that. As local says it is meant for a local net and should not be used on the globally Internet.

Here an example of a /etc/apache2/vhosts.d/example.local.conf

<VirtualHost *:80> 
  ServerName example.local
  Include /etc/apache2/vhosts.d/example.local.include 
</VirtualHost>

and the corresponding .include /etc/apache2/vhosts.d/example.local.include

ServerAdmin root@localhost
ServerName example.local
ServerAlias www.example.local 
DirectoryIndex index.html
DocumentRoot "/var/www/example/htdocs" 
<Directory "/var/www/example/htdocs">
  Options Indexes FollowSymLinks
  AllowOverride All 
  Require all granted 
</Directory>

The data of those hosts can be put in directories as /var/www/example/htdocs.

The security settings might restrict apache to show any file outside of /var/www/example

Options FollowSymLinks does it but can obviously not change the directories permissions. So make sure all directories including parent directories are readable by apache.

Important

To make the browsers find your virtual hosts add their addresses in all computers accessing this virtual host to their /etc/hosts ( an alternative would be setting up an local DNS server) and restart apache /etc/init.d/apache2 restart

A more advanced way is to install a dns server on the server machine.

In this example the server has just one IP address and therefore all virtual host have the same IP address, but apache can pick the right virtual host.

However this does not work when coming from the Internet. The HTTP GET ends on the router and then does port forwarding to the PC running the web server. The information what virtual host arrives is lost and the default host is taken

curl -H 'Host:www.linurs_octo.local' 178.196.3.233 curl allows to pass a modified header with the virtual host name. Some browser extensions allow the same thing.

Web applications

To avoid installing, maintaining and updating web applications (www-apps) for each virtual host and therefore multiple times, gentoo supports to install the webapplications just once and then hard links them to the virtual hosts. Just the config files and the files to be written exist multiple times. To deal with this emerge webapp-config. The program webapp-config can also be considered as package manager (as emerge) for web applications.

Web applications are installed under /usr/share/webapps.

There is the vhosts useflag, when this flag is on, emerge will not run webapp-config automatically and the web application needs to be installed manually using webapp-config.

To install a web application to the virtual host test1.example.com:

webapp-config -I -h <host as in /var/www> -d <web application name> <and version>

To remove a web application

webapp-config -C -h <host as in /var/www> -d <web application name> <and version>

Check man webapp-config to see how to install phpmyadmin to a virtual host.

To see what web apps and where are installed:

webapp-config --list-installs --verbose

To see whats there but not used

webapp-config --list-unused-installs --verbose

To see what web servers other than apache have been installed, type:

webapp-config --list-servers

Apache configuration

The main configuration file is /etc/apache2/httpd.conf.

There is also /etc/conf.d/apache2.

Many additional modules can be installed, they have their configuration files under /etc/apache2/modules.d. Everything that is there will also be started when apache is started. Such modules are:

  1. DAV (Distributed Authoring and Versioning) to access files on the server in a similar manner as accessing files on a harddisc

  2. SSL (Secure socket layer) to have secure communications

To have cgi scripts running you need to give permission

<Directory /var/www/<myhost>/cgi-bin>
  Options +ExecCGI
</Directory>

To have SSI (Server Side Includes) working, the directories need to get

Options +Includes 
XBitHack on

The first lines enables SSI for the server. However this in not enough the files with SSI need to marked. The XBitHack way is setting executable permission on those html files.

The other way is to rename the web page from html to shtml. And tell apache to handle such files:

AddType text/html .shtml
AddOutputFilter INCLUDES .shtml

To see the configuration: /etc/init.d/apache2 configdump or /etc/init.d/apache2 modules

Access restrictions

To restrict access to certain users, you must create a password file as: htpasswd -c .htpasswd <username> the password file (.htpasswd) needs to be saved somewhere on the pc where the web server has no access. For the access restriction there are different ways. In the config file as /etc/apache2/http.conf or in the config file of the virtual host, the following can be added:

<Directory "/var/www/<path to protected dir>">
         AuthType Basic
         AuthName "Restricted Files"
         AuthUserFile /var/www/.htpasswd
         Require user <username> 
</Directory>

For more sensitive Authentication use

AuthType Digest

since Basic sends the password not encrypted. Additionally or alternatively place the directory in the https (not http) section, so when the password is transmitted the connection is crypted.

Important is that either

AllowOverride All

or

AllowOverride AuthConfig

is set.

If you have setup you apache server then you have access to those files, if not, then there is a way using .htaccess files that can be put there where access needs to be restricted. However the absolute path to the password file needs to be known. The contents of such .htaccess files uses the same syntax as the configfiles but do not require the <Directory> element:

AuthType Basic
AuthName "Restricted Files"
AuthUserFile /var/www/.htpasswd
Require user <username> 

See http://httpd.apache.org/docs/2.0/howto/htaccess.html and http://httpd.apache.org/docs/2.0/howto/auth.html

XSLT on demand

XML files can be converted to html on demand. Modern browsers can do that do on the client side. To do it on the server side additional packages as Cocoon or AxKit are required. To work the xml file has a reference to a xsl stylesheet included in a processing instruction:

<?xml-stylesheet type="text/xsl" href="<my stylesheet>.xsl"?>

Apache trouble shoting

Restart it as with /etc/init.d/apache2 restart and check for erros

Does 127.0.0.1 work in the browser?

Check /var/log/apache2

Lighttp

Lighttp (also called Lighty) is a light and fast web server well suited for small embedded devices where apache might be an overkill. See http://redmine.lighttpd.net/projects/lighttpdhttp://www.lighttpd.net/http://wiki.ubuntuusers.de/lighttpd

The configuration is done via /etc/lighttpd/lighttpd.conf where

server.port               = 81

moves it away from port 80 and therefore avoids collision with an other server as apache. The root of the documents can be set with

server.document-root       = "/var/www/localhost/htdocs"

It might be that this looks as

server.document-root       = var.basedir + "/htdocs"

so the modification also takes place in

var.basedir ="/var/www/localhost"

After starting /etc/init.d/lighttpd start it can be called as http://localhost:81/ If something comes as: socket failed: Address family not supported by protocol then ligthttp wants to use IPv6 but your Linux does not support it so disable IPv6 support in /etc/lighttpd/lighttpd.conf

In case of any other trouble check /var/log/lighttpd

lighttpd and gci

CGI does not come out of the box /etc/lighttpd/lighttpd.conf there has to be

include "mod_cgi.conf"

and the path to /cgi-bin/ is per default server.document.root+ /gci-bin/ resulting in /var/www/localhost/htdocs/cgi-bin but it can be adjusted setting an alias in /etc/lighttpd/mod_gci.conf to get also /var/www/localhost/gci-bin/ to work. However for that the module mod_alias must be loaded.

When using python as script then it should be added to

$HTTP["url"] =~ "^/cgi-bin/" {
    # only allow cgi's in this directory
    cgi.assign = (
".pl"=>"/usr/bin/perl",
".cgi"=>"/usr/bin/perl",
".py"=>"/usr/bin/python3"
)
}

and if python is used it should be marked as non static so add it to /etc/lighttpd/lighttpd.conf

static-file.exclude-extensions = (".php", ".pl", ".cgi", ".fcgi", ".py")

lighttpd and fastgci

To have FCGI support its module needs to be enabled in /etc/lighttpd/lighttpd.conf

include "mod_fastcgi.conf"

and in /etc/lighttpd/mod_fastgci.conf to a fastcgi server must be configured that could look as follows

fastcgi.server += ("/fcgi-bin/" =>
    (
        (
         "socket" => "/tmp/fastcgi.socket",
         "bin-path" => "/var/www/test.py",
         "check-local" => "disable",
         "max-procs" => 1,
        )
     )
)
# to get some debug messages
fastcgi.debug = 1

The file above holds all information to start the fastcgi server that is found under "bin-path" and communicates with lighttpd via the named socked.

The option "check-local"="disable" is very important, since otherwise the web server would look for a file to return and would not find it and respond with a page not found message. If this feature is disabled then the server passes pages not found to the fastcgi server. The above fastcgi server is setup that it accepts everything with a prefix /fcgi-bin/

Note

In this example /fcgi-bin/ looks like a directory but is not a directory. In fact if there would be a directory with this name then the setup would fail.

As example a request to http://<hostname>/fcgi-bin/hello.py will not point to a file or a directory. The result is that /fcgi-bin/hello.py will be passed to the fastcgi server and then the fastcgi server must decide what to do. It could ignore that and just respond always with the same web page.

Ngnix

Nginx is a light weight web server that can be installed as emerge nginx

and then started /etc/init.d/nginx start

The configuration is in /etc/nginx.conf . It has to be said on what IP address it has to listen

listen          127.0.0.1;

or to listen everywhere

listen          0.0.0.0;

Web Statistics

If virtual hosts are installed on the web server then every host can offer to show the statistics. In case of virtual hosts webapp-config is used to install it just once and use it on many individual virtual hosts. For Gentoo Linux there is the vhost useflag to enable support for virtual hosts.

webapp-config -h localhost -d webalizer -I webalizer 2.23.08 or webapp-config -h <host as in /var/www> -d webalizer -I webalizer 2.23.08 is the command to add it to a virtual host webapp-config --list-installs --verbose should then confirm it.

/etc/webalizer.conf holds the configuration

webalizer can read log files as /var/log/apache2

Note

/var/log/apache instead of /var/log/apache2 might be set in /etc/webalizer.conf

Since the log exists just once, it contains all logs of all virtual hosts. It might therefore make sense to install it just on localhost

webalizer to generate the reports and could be called by a cron job

http://localhost/webalizer is the url on localhost calling the /var/www/localhost/webalizer/index.html page

/usr/share/doc/webalizer-2.23.08/apache.webalizer example

Copy a webservers content

wget --mirror --convert-links --html-extension --wait=2 -o log https://<link to site>/


Linurs startpage