Webserver

Webserver
	Chapter 8. Networking

Apache

Apache2 is the second and actual version. Many advanced applications as web applications require an web server, so apache2 can be used for it.http://httpd.apache.org/docs/2.0/ http://httpd.apache.org/docs/2.0/howto/ or for gentoo https://wiki.gentoo.org/wiki/Apache

Install apache

For gentoo linux do emerge -pv apache, the variable APACHE2_MODULES shows additional modules, additional modules can be set in /etc/portage/make.conf

Then emerge apache. Per default the web server uses and initializes the directory /var/www/localhost. If this is not empty, the emerge apache command refuses to write to it, since there is a potential danger to overwrite something (as www-misc/htdig a search robot that might be there). If it is not empty, you will be asks to take care or do something as emerge --config =apache-<x>.<y>.<zz> to initialize and eventually overwrite some files when desired.

Apache can be started for OpenRC as /etc/init.d/apache2 start and systemd systemctl start apache2

or to do it automatically next boot add it to the run scripts

rc-update add apache2 default or systemctl enable apache2

If you get the error (cat /var/log/apache2/error_log):

apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1 for ServerName

add

ServerName <name of the computer>

to /etc/apache2/httpd.conf

Type in the computers IP address in a web browser of an other computer (as 192.168.1.33), or on the same computer where the apache server is running (127.0.0.1). Or http://<computername>. The file /var/www/localhost/htdocs/index.html should now be seen.

Virtual hosts

There is also the possible to have more than virtual host installed on one PC or even more than one web server. http://httpd.apache.org/docs/2.4/vhosts/

Different programs as web applications must be aware when making use of virtual hosts. Gentoo Linux uses the vhost use flag for this purpose.

The virtual hosts are defined in /etc/apache2/vhosts.d where. Every file that ends with .conf will be read in an alphabetical order. Every file with .conf is a virtual host. Additionally the .conf files include other files. So a Gentoo virtual host definition has two files per virtual host a .conf file and a .include file.

Important

The domain names have to be unique on the Internet. The domain name local could be used but might get conflict with mDNS.

A owned domain name as for me linurs.org could be taken and appended to <computername>.linurs.org

Here an example of a /etc/apache2/vhosts.d/<computername>.conf

<VirtualHost *:80> 
  ServerName <computername>.linurs.org
  Include /etc/apache2/vhosts.d/<computername>.include 
</VirtualHost>

and the corresponding .include /etc/apache2/vhosts.d/<computername>.include

ServerAdmin root@localhost
ServerName <computername>.linurs.org
ServerAlias www.<computername>.linurs.org 
DirectoryIndex index.html
DocumentRoot "/var/www/example/htdocs" 
<Directory "/var/www/example/htdocs">
  Options Indexes FollowSymLinks
  AllowOverride All 
  Require all granted 
</Directory>

The data of those hosts can be put in directories as /var/www/example/htdocs.

The security settings might restrict apache to show any file outside of /var/www/example

Options FollowSymLinks does it but can obviously not change the directories permissions. So make sure all directories including parent directories are readable by apache.

Important

To make the browsers find your virtual hosts add their addresses in all computers accessing this virtual host to their /etc/hosts (an alternative would be setting up an local DNS server) and restart apache /etc/init.d/apache2 restart or systemctl restart apache2

A more advanced way is to install a dns server on the server machine.

In this example the server has just one IP address and therefore all virtual host have the same IP address, but apache can pick the right virtual host.

However this does not work when coming from the Internet. The HTTP GET ends on the router and then does port forwarding to the PC running the web server. The information what virtual host arrives is lost and the default host is taken

curl -H 'Host:www.linurs_octo.local' 178.196.3.233 curl allows to pass a modified header with the virtual host name. Some browser extensions allow the same thing.

Apache configuration

The main configuration file is /etc/apache2/httpd.conf.

There is also /etc/conf.d/apache2.

Many additional modules can be installed, they have their configuration files under /etc/apache2/modules.d. Everything that is there will also be started when apache is started. Such modules are:

DAV (Distributed Authoring and Versioning) to access files on the server in a similar manner as accessing files on a harddisc
SSL (Secure socket layer) to have secure communications

To have cgi scripts running you need to give permission

<Directory /var/www/<myhost>/cgi-bin>
  Options +ExecCGI
</Directory>

To have SSI (Server Side Includes) working, the directories need to get

Options +Includes 
XBitHack on

The first lines enables SSI for the server. However this in not enough the files with SSI need to marked. The XBitHack way is setting executable permission on those html files.

The other way is to rename the web page from html to shtml. And tell apache to handle such files:

AddType text/html .shtml
AddOutputFilter INCLUDES .shtml

To see the configuration: /etc/init.d/apache2 configdump or /etc/init.d/apache2 modules

Access restrictions

To restrict access to certain users, you must create a password file as: htpasswd -c .htpasswd <username> the password file (.htpasswd) needs to be saved somewhere on the pc where the web server has no access. For the access restriction there are different ways. In the config file as /etc/apache2/http.conf or in the config file of the virtual host, the following can be added:

<Directory "/var/www/<path to protected dir>">
         AuthType Basic
         AuthName "Restricted Files"
         AuthUserFile /var/www/.htpasswd
         Require user <username> 
</Directory>

For more sensitive Authentication use

AuthType Digest

since Basic sends the password not encrypted. Additionally or alternatively place the directory in the https (not http) section, so when the password is transmitted the connection is crypted.

Important is that either

AllowOverride All

AllowOverride AuthConfig

is set.

If you have setup you apache server then you have access to those files, if not, then there is a way using .htaccess files that can be put there where access needs to be restricted. However the absolute path to the password file needs to be known. The contents of such .htaccess files uses the same syntax as the configfiles but do not require the <Directory> element:

AuthType Basic
AuthName "Restricted Files"
AuthUserFile /var/www/.htpasswd
Require user <username>

See http://httpd.apache.org/docs/2.0/howto/htaccess.html and http://httpd.apache.org/docs/2.0/howto/auth.html

XSLT on demand

XML files can be converted to html on demand. Modern browsers can do that do on the client side. To do it on the server side additional packages as Cocoon or AxKit are required. To work the xml file has a reference to a xsl stylesheet included in a processing instruction:

<?xml-stylesheet type="text/xsl" href="<my stylesheet>.xsl"?>

Apache trouble shoting

Restart it as with /etc/init.d/apache2 restart and check for erros

Does 127.0.0.1 work in the browser?

Check /var/log/apache2

Lighttp

Lighttp (also called Lighty) is a light and fast web server well suited for small embedded devices where apache might be an overkill. See http://redmine.lighttpd.net/projects/lighttpd http://www.lighttpd.net/http://wiki.ubuntuusers.de/lighttpd

The configuration is done via /etc/lighttpd/lighttpd.conf where

server.port               = 81

moves it away from port 80 and therefore avoids collision with an other server as apache. The root of the documents can be set with

server.document-root       = "/var/www/localhost/htdocs"

It might be that this looks as

server.document-root       = var.basedir + "/htdocs"

so the modification also takes place in

var.basedir ="/var/www/localhost"

After starting /etc/init.d/lighttpd start it can be called as http://localhost:81/ If something comes as: socket failed: Address family not supported by protocol then ligthttp wants to use IPv6 but your Linux does not support it so disable IPv6 support in /etc/lighttpd/lighttpd.conf

In case of any other trouble check /var/log/lighttpd

lighttpd and gci

CGI does not come out of the box /etc/lighttpd/lighttpd.conf there has to be

include "mod_cgi.conf"

and the path to /cgi-bin/ is per default server.document.root+ /gci-bin/ resulting in /var/www/localhost/htdocs/cgi-bin but it can be adjusted setting an alias in /etc/lighttpd/mod_gci.conf to get also /var/www/localhost/gci-bin/ to work. However for that the module mod_alias must be loaded.

When using python as script then it should be added to

$HTTP["url"] =~ "^/cgi-bin/" {
    # only allow cgi's in this directory
    cgi.assign = (
".pl"=>"/usr/bin/perl",
".cgi"=>"/usr/bin/perl",
".py"=>"/usr/bin/python3"
)
}

and if python is used it should be marked as non static so add it to /etc/lighttpd/lighttpd.conf

static-file.exclude-extensions = (".php", ".pl", ".cgi", ".fcgi", ".py")

lighttpd and fastgci

To have FCGI support its module needs to be enabled in /etc/lighttpd/lighttpd.conf

include "mod_fastcgi.conf"

and in /etc/lighttpd/mod_fastgci.conf to a fastcgi server must be configured that could look as follows

fastcgi.server += ("/fcgi-bin/" =>
    (
        (
         "socket" => "/tmp/fastcgi.socket",
         "bin-path" => "/var/www/test.py",
         "check-local" => "disable",
         "max-procs" => 1,
        )
     )
)
# to get some debug messages
fastcgi.debug = 1

The file above holds all information to start the fastcgi server that is found under "bin-path" and communicates with lighttpd via the named socked.

The option "check-local"="disable" is very important, since otherwise the web server would look for a file to return and would not find it and respond with a page not found message. If this feature is disabled then the server passes pages not found to the fastcgi server. The above fastcgi server is setup that it accepts everything with a prefix /fcgi-bin/

Note

In this example /fcgi-bin/ looks like a directory but is not a directory. In fact if there would be a directory with this name then the setup would fail.

As example a request to http://<hostname>/fcgi-bin/hello.py will not point to a file or a directory. The result is that /fcgi-bin/hello.py will be passed to the fastcgi server and then the fastcgi server must decide what to do. It could ignore that and just respond always with the same web page.

Ngnix

Nginx is a light weight web server that can be installed as emerge nginx

and then started /etc/init.d/nginx start

The configuration is in /etc/nginx.conf . It has to be said on what IP address it has to listen

listen          127.0.0.1;

or to listen everywhere

listen          0.0.0.0;

Web Applications

Web applications run on a web server and use the web server as user interface. They can be installed also to virtual hosts to not interfere with the regular web content.

Common web applications are:

phpmyadmin to work with sql databases
webalizer to see web server statistics
For Gentoo see www-apps

Important

Gentoo Linux has the program webapp-config that manages the setup and maintenance of web applications. Other Linux distributions have less support and require manual copy of files.

To avoid multiple installations, maintenance and updates for each virtual host and therefore multiple times, gentoo supports to install the web applications under /usr/share/webapps just once and then use hard links to the virtual hosts.

There is the vhosts useflag, when this flag is on, emerge will not run webapp-config automatically and the web application needs to be installed manually using webapp-config

webapp-config --list-servers to see what web servers there are

webapp-config --list-installs --verbose to see what web apps and where are installed

webapp-config --list-unused-installs --verbose to see whats there but not used

Note

Check the versions, multiple webapps with different versions can be installed

The program webapp-config can be considered as package manager for web applications.

webapp-config -h localhost -d webalizer -I webalizer 2.23.08-r1 to install a web application

webapp-config -h localhost -d webalizer -C webalizer 2.23.08-r1 to remove

webapp-config -h localhost -d webalizer -U webalizer 2.23.08-r1 to update an application

-d is the directory where it goes /var/www/<name>/htdocs/<directory>

Webalizer

/var/www/<name>/htdocs/ will get the files and a webalizer directory

/etc/webalizer.conf holds the configuration

webalizer to generate the reports and could be called by a cron job

http://localhost/webalizer is the url on localhost calling the /var/www/localhost/webalizer/index.html page

/usr/share/doc/webalizer-2.23.08/apache.webalizer example

phpmyadmin

It installs under /var/www/localhost/htdocs/phpmyadmin

/var/www/localhost/htdocs/phpmyadmin/index.php can be opened and a luxurious mysql environment appears. The web server however must be able to deal with php and mysql

Copy a webservers content

wget --mirror --convert-links --html-extension --wait=2 -o log https://<link to site>/


eD2k		LAMP