Runtime Server Configuration Settings

At this point, the Apache server will run, but perhaps you want to change a behavior, such as the default location of your website's files. This section talks about the basics of configuring the server to work the way you want it to work.

Runtime configurations are stored in just one filehttpd.conf, which is found under the /etc/apache2 directory. This configuration file can be used to control the default behavior of Apache, such as the web server's base configuration directory (/etc/apache2), the name of the server's process identification (PID) file (/var/run/apache2.pid), or its response timeout (300 seconds). Apache reads the data from the configuration file when started (or restarted). You can also cause Apache to reload configuration information with the command /etc/init.d/apache2 reload, which is necessary after making changes to its configuration file. (You learned how to accomplish this in the earlier section, "Starting and Stopping Apache.")

Runtime Configuration Directives

You perform runtime configuration of your server with configuration directives, which are commands that set options for the apache2 daemon. The directives are used to tell the server about various options you want to enable, such as the location of files important to the server configuration and operation. Apache supports nearly 300 configuration directives using the following syntax:

directive option option... 

Each directive is specified on a single line. See the following sections for some sample directives and how to use them. Some directives only set a value such as a filename, whereas others enable you to specify various options. Some special directives, called sections, look like HTML tags. Section directives are surrounded by angle brackets, such as <directive>. Sections usually enclose a group of directives that apply only to the directory specified in the section:

<Directory somedir/in/your/tree>   directive option option   directive option option </Directory> 

All sections are closed with a matching section tag that looks like this: </directive>. Note that section tags, like any other directives, are specified one per line.

Tip

After installing and starting Apache, you'll find an index of directives at http://localhost/manual/mod/directives.html.

Editing httpd.conf

Most of the default settings in the config file are okay to keep, particularly if you've installed the server in a default location and aren't doing anything unusual on your server. In general, if you do not understand what a particular directive is for, you should leave it set to the default value.

The following sections describe some of the configuration file settings you might want to change concerning operation of your server.

ServerRoot

The ServerRoot directive sets the absolute path to your server directory. This directive tells the server where to find all the resources and configuration files. Many of these resources are specified in the configuration files relative to the ServerRoot directory.

Your ServerRoot directive should be set to /etc/apache2 if you installed the Ubuntu package or /usr/local/apache (or whatever directory you chose when you compiled Apache) if you installed from the source.

Listen

The Listen directive indicates on which port you want your server to run. By default, this is set to 80, which is the standard HTTP port number. You might want to run your server on another portfor example, when running a test server that you don't want people to find by accident. Do not confuse this with real security! See the "File System Authentication and Access Control" section for more information about how to secure parts of your web server.

User and Group

The User and Group directives should be set to the UID and group ID (GID) the server will use to process requests.

In Ubuntu, set these configurations to a user with few or no privileges. In this case, they're set to user apache and group apachea user defined specifically to run Apache. If you want to use a different UID or GID, be aware that the server will run with the permissions of the user and group set here. That means in the event of a security breach, whether on the server or (more likely) in your own CGI programs, those programs will run with the assigned UID. If the server runs as root or some other privileged user, someone can exploit the security holes and do nasty things to your site. Always think in terms of the specified user running a command such as rm -rf / because that would wipe all files from your system. That should convince you that leaving apache as a user with no privileges is probably a good thing.

Instead of specifying the User and Group directives using names, you can specify them using the UID and GID numbers. If you use numbers, be sure that the numbers you specify correspond to the user and group you want and that they're preceded by the pound (#) symbol.

Here's how these directives look if specified by name:

User apache Group apache 

Here's the same specification by UID and GID:

User #48 Group #48 

Tip

If you find a user on your system (other than root) with a UID and GID of 0, your system has been compromised by a malicious user.

ServerAdmin

The ServerAdmin directive should be set to the address of the webmaster managing the server. This address should be a valid email address or alias, such as webmaster@gnulix.org, because this address is returned to a visitor when a problem occurs on the server.

ServerName

The ServerName directive sets the hostname the server will return. Set it to a fully qualified domain name (FQDN). For example, set it to www.your.domain rather than simply www. This is particularly important if this machine will be accessible from the Internet rather than just on your local network.

You don't need to set this unless you want a name other than the machine's canonical name returned. If this value isn't set, the server will figure out the name by itself and set it to its canonical name. However, you might want the server to return a friendlier address, such as www.your.domain. Whatever you do, ServerName should be a real domain name service (DNS) name for your network. If you're administering your own DNS, remember to add an alias for your host. If someone else manages the DNS for you, ask that person to set this name for you.

DocumentRoot

Set this directive to the absolute path of your document tree, which is the top directory from which Apache will serve files. By default, it's set to /var/www/. If you built the source code yourself, DocumentRoot is set to /usr/local/apache/htdocs (if you did not choose another directory when you compiled Apache).

UserDir

The UserDir directive disables or enables and defines the directory (relative to a local user's home directory) where that user can put public HTML documents. It is relative because each user has her own HTML directory. This setting is disabled by default but can be enabled to store user web content under any directory.

The default setting for this directive, if enabled, is public_html. Each user can create a directory called public_html under her home directory, and HTML documents placed in that directory are available as http://servername/~username, where username is the username of the particular user.

DirectoryIndex

The DirectoryIndex directive indicates which file should be served as the index for a directory, such as which file should be served if the URL http://servername/_SomeDirectory/ is requested.

It is often useful to put a list of files here so that if index.html (the default value) isn't found, another file can be served instead. The most useful application of this is to have a CGI program run as the default action in a directory. If you have users who make their web pages on Windows, you might want to add index.htm as well. In that case, the directive would look like DirectoryIndex index.html index.cgi index.htm.

Apache Multiprocessing Modules

Apache version 2.0 and greater now uses a new internal architecture supporting multiprocessing modules (MPMs). These modules are used by the server for a variety of tasks, such as network and process management, and are compiled into Apache. MPMs enable Apache to work much better on a wider variety of computer platforms, and they can help improve server stability, compatibility, and scalability.

Apache can use only one MPM at any time. These modules are different from the base set included with Apache (see the "Apache Modules" section later in this chapter) but are used to implement settings, limits, or other server actions. Each module in turn supports numerous additional settings, called directives, which further refine server operation.

The internal MPM modules relevant for Linux include

• mpm_common A set of 20 directives common to all MPM modules

• prefork A nonthreaded, preforking web server that works similar to earlier (1.3) versions of Apache

• worker Provides a hybrid multiprocess multithreaded server

MPM enables Apache to be used on equipment with fewer resources yet still handle massive numbers of hits and provide stable service. The worker module provides directives to control how many simultaneous connections your server can handle.

Note

Other MPMs are available for Apache related to other platforms, such as mpm_netware for NetWare hosts and mpm_winnt for NT platforms. An MPM named perchild, which provides user ID assignment to selected daemon processes, is under development. For more information, browse to the Apache Software Foundation's home page at http://www.apache.org.

Using .htaccess Configuration Files

Apache also supports special configuration files, known as .htaccess files. Almost any directive that appears in httpd.conf can appear in a .htaccess file. This file, specified in the AccessFileName directive in httpd.conf sets configurations on a per-directory (usually in a user directory) basis. As the system administrator, you can specify both the name of this file and which of the server configurations can be overridden by the contents of this file. This is especially useful for sites in which there are multiple content providers and you want to control what these people can do with their space.

To limit which server configurations the .htaccess files can override, use the AllowOverride directive. AllowOverride can be set globally or per directory. For example, in your httpd.conf file, you could use the following:

# Each directory to which Apache has access can be configured with respect # to which services and features are allowed and/or disabled in that # directory (and its subdirectories). # # First, we configure the "default" to be a very restrictive set of # permissions. # <Directory />     Options FollowSymLinks     AllowOverride None </Directory> 

Options Directives

To configure which configuration options are available to Apache by default, you must use the Options directive. Options can be None; All; or any combination of Indexes, Includes, FollowSymLinks, ExecCGI, and MultiViews. MultiViews isn't included in All and must be specified explicitly. These options are explained in Table 20.2.

Note

These directives also affect all subdirectories of the specified directory.

AllowOverrides Directives

The AllowOverrides directives specify which configuration options .htaccess files can override. You can set this directive individually for each directory. For example, you can have different standards about what can be overridden in the main document root and in UserDir directories.

This capability is particularly useful for user directories, where the user does not have access to the main server configuration files.

AllowOverrides can be set to All or any combination of Options, FileInfo, AuthConfig, and Limit. These options are explained in Table 20.3.