Apache is by far the most popular Web server in use today. Based on the HTTP daemon (httpd), Apache provides simple and secure access to all types of content using the regular HTTP protocol as well as its secure cousin, HTTPS.
Apache was developed from the server code created by the National Center for Supercomputing Applications (NCSA). It included so many patches that it became known as "a patchy" server. The Apache Web server continues to advance the art of the Web and provides one of the most stable, secure, robust, and reliable Web servers available. This server is under constant development by the Apache Software Foundation (www.apache.org).
This chapter directly addresses two items in the Red Hat Exam Prep guide. This is the first chapter to focus on network services, as required of RHCE candidates. Per the latest Exam Prep guide, RHCT candidates do not need to be too concerned with this chapter. As noted in the Exam Prep guide, RHCE candidates "must be capable of configuring the following network services" during the Installation and Configuration portion of that exam:
HTTP/HTTPS
Web Proxy
Although you can use a number of different packages to configure HTTP, HTTPS, and Web Proxy services, the publicly available RH300 course outline focuses these services on Apache as a regular and secure Web server, and Squid as the Web Proxy server. The Exam Prep guide also notes that RHCEs should be able to
Diagnose and correct problems with network services.
Diagnose and correct networking services problems where SELinux contexts are interfering with proper operation.
This includes those services listed in the Installation and Configuration portion of the RHCE exam. For every network service, you also need to
Install the packages needed to provide the service.
Configure SELinux to support the service.
Configure the service to start when the system is booted.
Configure the service for basic operation.
Configure host-based and user-based security for the service.
Installing the required packages is trivial. You'll make sure the service is started when the system is booted with the appropriate chkconfig commands. Most of this chapter is dedicated to configuring the service for basic operation. Some services support host-based and user-based security in their configuration files; others support it with the tools described in Chapter 15. SELinux is also most easily configured using the SELinux Management tool described in Chapter 15.
While there are numerous other Web servers available, Apache is the only Web service described in the current RH300 course outline.
Apache is a service; basic Apache clients are Web browsers. Therefore, only those concerned with the RHCE need to read this chapter. This provides the briefest of overviews on Apache. For more information, read the documentation online at http://httpd.apache.org/docs-2.2.
Red Hat Enterprise Linux includes the latest major release of Apache, which is 2.2.x as of this writing. While there are major differences from previous versions of Apache (1.3.x, 2.0.x), if you're a Web administrator or developer, the differences with respect to the RHCE exam are fairly straightforward. The current version supports virtual hosts and access control, as well as secure (HTTPS) Web services. If you're interested in more, a full list of new features is available from http://httpd.apache.org/docs/2.2/new_features_2_2.html.
The following cites a few of the major changes:
New packages If you're installing Apache from the Red Hat Installation RPMs, all the package names have changed. As you'll see in the following section, most start with httpd. Strangely enough, the username associated with Apache services is now apache.
Modular directive files Basic directives, such as those based on Perl, PHP, or the Secure Socket Layer, are now configured separately in the /etc/httpd/conf.d directory. They are automatically included in the Apache configuration with the following directive in /etc/httpd/conf/httpd.conf:
Include conf.d/*.conf
Revised directives Some directives have changed in the httpd.conf configuration file. For example, Apache listens for computers that are looking for Web pages on port 80. You can now change that port with the Listen directive.
Virtual hosts Apache configuration is now normally based on virtual hosts, which allows you to host multiple Web sites on the same Apache server, using a single IP address.
Larger files Apache now supports files greater than 2GB.
Encryption Apache now supports encrypted authentication, as well as LDAP.
You may see some of these characteristics if you use Apache 1.3.x, as many of these features have been "backported" from current versions of Apache.
The RPM packages required by Apache are included in the Web Server package group. If required on the Installation and Configuration portion of the exam, you should install Apache during the installation process. But mistakes happen. Just remember that the simplest way to install Apache after installation is with the following command:
# yum install httpd
Alternatively, if you need the Red Hat GUI Apache Management tool, run the following command, which also installs the Apache httpd RPM as a dependency:
# yum install system-config-httpd
Another option is to just install the default packages associated with the entire Web Server package group with the following command:
# yum groupinstall web-server
If you don't remember the names of available groups, run the yum grouplist command. From the output, you should see "Web Server"; in other words, the following command also works:
# yum groupinstall "Web Server"
If your exam instructions require the installation of other packages such as mod_ssl (required for secure Web sites) and Squid, you can combine their installation in the same command:
# yum install mod_ssl squid
If in doubt about package names, you can find them in the Web Server package group, as documented on the first installation CD in the Server/repodatata/comps-rhel5-server-core.xml file. If you're working with the RHEL 5 desktop, substitute Client for Server (upper- and lowercase). Once you've connected to a repository such as the RHN, the same information should be available in comps.xml in the /var/cache/yum/rhel-i386-server-5 directory. If you're working a different architecture and a client, substitute accordingly.
Once Apache is installed, you'll want to make sure it starts the next time you boot Linux. If it doesn't start when the person who grades your Red Hat exam reboots your computer, you may not get credit for your work on the Apache service.
The most straightforward way to make sure Apache starts the next time you boot Linux is with the chkconfig command. You'll need to set it to start in at least runlevels 3 and 5, with a command such as:
# chkconfig --level 35 httpd on
Alternatively, you can configure it to start in all standard runlevels (2, 3, 4, and 5) with the following command:
# chkconfig httpd on
To determine whether the chkconfig command worked, use the --list switch:
# chkconfig --list httpd
Normally to start services, it's best to use the associated script in the /etc/init.d directory, which contains an httpd script. However, Apache often starts and stops more gracefully with the following commands:
# apachectl stop # apachectl start
If you see "The 'links' package is required for this functionality" error message, you'll need to install the elinks RPM.
On the Job | If you're administering a currently running Web server, any restart may disconnect users from the server and make it appear that the server is down for some period of time. However, a service httpd reload command allows the server to continue to run, while reading any changes you've made to the configuration files. With Apache, the control script is apachectl, which substitutes for service httpd in most control scripts. |
Once you've got Apache running, start a Web browser and enter a URL of http://localhost. If Apache installation is successful, you should see the screen in Figure 9-1.
Figure 9-1: The default Apache Web page
Read the screen and you will see that RHEL looks for Web page files in the /var/www/html directory. You can verify this with the DocumentRoot directive in the main Apache configuration file. If you want to create a custom error page, you can set it in the /etc/httpd/conf.d/welcome.conf file.
Exercise 9-1: Installing the Apache Server
In this exercise, you'll be installing all of the packages generally associated with the Apache server. Then you'll test and activate the result so that the Apache daemon, httpd, is active the next time you reboot Linux. The twist here is that you'll do it all from the command line interface. This assumes you've already registered with the Red Hat Network; if you haven't done so, you'll do so here as part of the process.
If you're in the GUI, open a command line console. Press ALT-F1 and log in as the root user.
Review the comps.xml file in the /usr/share/comps/i386 directory, and navigate to the Web Server package group. (If your computer uses another architecture, the directory may vary; however, the Red Hat exams are given on i386 systems.)
Make notes on the packages of interest.
Run the following command to review available groups. You should see "Web Server" near the end of the list.
# yum groupinfo
You can install all default packages in the "Web Server" package group with the following command:
# yum groupinstall "Web Server"
Back in the command line window, run the following command to see if Apache is already configured to start in any runlevels:
# chkconfig --list httpd
Now use the following command to make sure Apache starts in runlevels 3 and 5 the next time you boot Linux:
# chkconfig --level 35 httpd on
Start the Apache service with the following command:
# apachectl start
Install a text-based Web browser. As you may not have access to the GUI during the Red Hat exams, you need to know how to use text-based browsers. The standard is elinks, which you can install with the following command:
# yum install elinks
Now start the elinks browser, pointing to the local system, with the following command:
# elinks 127.0.0.1
Review the result. Do you see the Apache test page?
Exit from ELinks. Press Q, and when the Exit ELinks text menu appears, confirm that you really want to exit Elinks.
Back up the default httpd.conf configuration file; a logical location is your home directory.
There are two key configuration files for the Apache Web server: httpd.conf in the /etc/httpd/conf directory and ssl.conf in the /etc/httpd/conf.d directory. The default versions of these files create a generic Web server service you can further customize and optimize, as desired. There are other configuration files in two directories: /etc/httpd/conf and /etc/httpd/conf.d. They're illustrated in Figure 9-2.
Figure 9-2: Apache configuration files
On the Job | Previous versions of Apache-1.3.x and earlier-required two other Apache configuration files in the same directory: access.conf and srm.conf. Even though these files were essentially blank in later versions of Apache 1.3.x, they were still required. These files are no longer required in any way in Apache 2.x. |
You need to know the httpd.conf file in the /etc/httpd/conf directory well. If you're required to configure a secure Web server during the RHCE exam, you'll also need to configure the ssl.conf configuration file in the /etc/httpd/conf.d directory.
Apache comes with a well-commented set of default configuration files. In this section, you'll look at the key commands in the httpd.conf configuration file, in the /etc/httpd/conf directory. Browse through this file in your favorite text editor or using a command such as less. Before beginning this analysis, keep two things in mind:
If you configure Apache with the Red Hat HTTP tool (system-config-httpd), it overwrites any changes that you may have made with a text editor.
The main Apache configuration file incorporates the files in the /etc/httpd/conf.d directory with the following directive:
Include conf.d/*.conf
There are a couple of basic constructs in httpd.conf. First, directories, files, and modules are configured in "containers." The beginning of the container starts with the name of the directory, file, or module to be configured, contained in directional brackets (< >). Examples of this include:
<Directory "/var/www/icons"> <Files ~ "^\.ht"> <IfModule mod_mime_magic.c>
The end of the container starts with a forward slash (/). For the same examples, the ends of the containers would look like:
</Directory> </Files> </IfModule>
Next, Apache includes a substantial number of directives-commands that Apache can understand that have some resemblance to English. For example, the ExecCGI directive allows executable CGI scripts.
As the RHCE course divides the discussion of Apache into different units, I do the same here. However, the following sections, with the exception of secure virtual hosts, are based on the same httpd.conf file in the /etc/httpd/conf/ directory.
While this provides an overview, the devil is often in the details, which are analyzed (briefly) in the next section. For detailed information, see the Apache Web site at http://httpd.apache.org.
This section examines the default Apache configuration file, httpd.conf. If you want to follow along, open it on your system. Only the default active directives in that file are discussed here. Read the comments; they include more information and options.
For detailed information on each directive, see http://httpd.apache.org/docs/2.2/mod/quickreference.html. The default directives are summarized in the following three tables. Table 9-1 specifies directives associated with Section 1: Global Environment.
Directive | Description |
---|---|
ServerTokens | Specifies the response code at the bottom of error pages; if you're interested, see what happens when you change the values between OS, Prod, Major, Minor, Min, and Full. |
ServerRoot | Sets the default directory; other directives are subdirectories. |
PidFile | Names the file with the Process ID (and locks the service). |
Timeout | Limits access time for both sent and received messages. |
KeepAlive | Supports persistent connections. |
MaxKeepAliveRequests | Limits requests during persistent connections (unless set to 0, which is no limit). |
KeepAliveTimeout | Sets a time limit, in seconds, before a connection is closed. |
StartServers | Adds child Apache processes; normally set to 8, which means 9 Apache processes run upon startup. |
MinSpareServers | Specifies a minimum number of idle child servers. |
MaxSpareServers | Specifies a maximum number of idle child servers; always at least +1 greater than MinSpareServers. |
ServerLimit | Sets a limit on configurable processes; cannot exceed 20000. |
MaxClients | Limits the number of simultaneous requests; other requests to the server just have to wait. |
MaxRequestsPerChild | Limits the requests per child server process. |
MinSpareThreads | Specifies the minimum number of spare threads to handle additional requests. |
MaxSpareThreads | Specifies the maximum number of available idle threads to handle additional requests. |
ThreadsPerChild | Sets the number of threads per child server process. |
Listen | Specifies a port and possibly an IP address (for multihomed systems) to listen for requests. |
LoadModule | Loads various modular components, such as authentication, user tracking, executable files, and more. |
Include | Adds the content of other configuration files. |
User | Specifies the username run by Apache on the local system. |
Group | Specifies the group name run by Apache on the local system. |
In all three tables, directives are listed in the order shown in the default version of httpd.conf. If you want to experiment with different values for each directive, save the change and then use apachectl restart to restart the Apache daemon. If not defined in these tables, directives are described, later in this chapter, as they appear in the configuration file.
Table 9-2 specifies directives associated with Section 2: Main Server Configuration.
Directive | Description |
---|---|
ServerAdmin | Sets the administrative e-mail address; may be shown (or linked to) on default error pages. |
UseCanonicalName | Supports the use of ServerName as the referenced URL. |
DocumentRoot | Assigns the root directory for Web site files. |
Options | Specifies features associated with Web directories, such as ExecCGI, FollowSymLinks, Includes, Indexes, MultiViews, and SymLinksIfOwnerMatch. |
AllowOverride | Supports overriding of previous directives from .htaccess files. |
Order | Sets the sequence for evaluating Allow and Deny directives. |
Allow | Configures host computers that are allowed access. |
Deny | Configures host computers that are denied access. |
UserDir | Specifies location of user directories; can be set to enable or disable for all or specified users. |
DirectoryIndex | Specifies files to look for when navigating to a directory; set to index.html by default. |
AccessFileName | Sets a filename within a directory for more directives; normally looks for .htaccess. |
TypesConfig | Locates mime.types, which specifies file types associated with extensions. |
DefaultType | Sets a default file type if not found in mime.types. |
MIMEMagicFile | Normally looks to /etc/httpd/conf/magic to look inside a file for its MIME type. |
HostNameLookups | Requires URL lookups for IP addresses; results are logged. |
ErrorLog | Locates the error log file, relative to ServerRoot. |
LogLevel | Specifies the level of log messages. |
LogFormat | Sets the information included in log files. |
CustomLog | Creates a customized log file, in a different format, with a location relative to ServerRoot. |
ServerSignature | Adds a list with server version and possibly ServerAdmin e-mail address to error pages and file lists; can be set to On, OFF, or EMail. |
Alias | Configures a directory location; similar to a soft link. |
DAVLockDB | Specifies the path to the lock file for the WebDAV (Web-based Distributed Authoring and Versioning) database. |
ScriptAlias | Similar to Alias; for scripts. |
IndexOptions | Specifies how files are listed from a DirectoryIndex. |
AddIconByEncoding | Assigns an icon for a file by MIME encoding. |
AddIconByType | Assigns an icon for a file by MIME type. |
AddIcon | Assigns an icon for a file by extension. |
DefaultIcon | Sets a default icon for files not otherwise configured. |
ReadmeName | Configures a location for a README file to go with a directory list. |
HeaderName | Configures a location for a HEADER file to go with a directory list. |
IndexIgnore | Adds files that are not included in a directory list. |
AddLanguage | Assigns a language for file name extensions. |
LanguagePriority | Sets a priority of languages if not configured in client browsers. |
ForceLanguagePriority | Specifies action if a Web page in the preferred language is not found. |
AddDefaultCharset | Sets a default character set; you may need to change it for different languages. |
AddType | Maps file name extensions to a specified content type. |
AddHandler | Maps file name extensions to a specified handler; commonly used for scripts or multiple languages. |
AddOutputFilter | Maps file name extensions to a specified filter. |
BrowserMatch | Customizes responses to different browser clients. |
Table 9-3 specifies directives associated with Section 3: Virtual Hosts. While virtual host directives are disabled by default, I include those directives in the commented example near the end of the default httpd.conf file. While these directives were already used in other sections, you can-and should-customize them for individual virtual hosts to support different Web sites on the same Apache server.
Directive | Description |
---|---|
NameVirtualHost | Specifies an IP address for multiple virtual hosts. |
ServerAdmin | Assigns an e-mail address for the specified virtual host. |
DocumentRoot | Sets a root directory for the virtual host. |
ServerName | Names the URL for the virtual host. |
ErrorLog | Creates an error log; the location is based on the DocumentRoot. |
CustomLog | Creates an custom log; the location is based on the DocumentRoot. |
As described earlier, Apache looks for Web pages in the directory specified by the DocumentRoot directive. In the default httpd.conf file, this directive points to the /var/www/html directory.
In other words, all you need to get your Web server up and running is to transfer Web pages to the /var/www/html directory.
The default DirectoryIndex directive looks for an index.html Web page file in this directory. You can test this for yourself by copying the default Firefox home page file, index.html, from the /usr/share/doc/HTML directory.
The base location of configuration and log files is determined by the ServerRoot directive. The default value from httpd.conf is
ServerRoot "/etc/httpd"
You'll note that the main configuration files are stored in the conf and conf.d subdirectories of the ServerRoot. If you run the ls -l /etc/httpd command, you'll find that Red Hat links /etc/httpd/logs to the directory with the actual log files, /var/log/httpd.