Apache Web Server

Apache Web Server is the primary HTTP stack provided for OES Linux. Apache is an open-source web server used by more than two-thirds of the Internet's web servers. As such, it runs on all major server platforms and can scale to support thousands of simultaneous connections.

Apache Web Server is a complex and full-featured product, so there is a lot more to it than can be covered here. However, because Apache is an open-source application, almost anything you want to know about it is available on the web. You should take some time to look through the Apache documentation in order to become familiar with architecture and capabilities, particularly if you are going to implement a more complex web environment. The Apache Web Server documentation is available online at http://httpd.apache.org/docs-2.0.

Apache Web Server can be used in a few different ways on OES Linux. First, Apache is installed automatically as a dedicated web server to support the administrative tools for OES Linux and its related products and services. You can find all files related to this instance of Apache in the /etc/opt/novell/httpd/conf.d directory. This administrative web server supports iManager, Virtual Office, iPrint, and other OES Linux services that need a web interface.

If you are using iFolder, a customized configuration of Apache is required. Normally, this is accomplished by installing iFolder on its own dedicated server (with no other OES components). However, it is possible to install other OES components on the same server. To ensure that iFolder is usable in both configurations, a separate, dedicated instance of Apache is used. The configuration file used by the iFolder instance of Apache can be found in the /etc/opt/novell/ifolder/conf directory. A separate binary (/usr/sbin/httpd2-worker) is also used for the iFolder version of Apache.

NOTE

The iFolder version of Apache is highly customized and specific to the iFolder process. Configuration files for this instance of Apache should not be modified manually. For more information on iFolder, see Chapter 15, "OES Web Services."

Another way Apache is commonly used with OES is to host your own custom web content. In this situation, you should not load another instance of Apache, but rather customize the administrative instance of Apache to recognize a virtual server, or separate document root directory. This is covered later in this chapter.

When you use iManager, accessible from any web browser, it is the Admin configuration of the Apache Web Server that serves the data between the web browser and OES Linux.

Installing Apache Web Server

If you are interested in using Apache only as the foundation for your OES Linux tools and services, you don't have to do anything to get Apache up and running. The admin server configuration of Apache is installed automatically during most OES Linux installations.

However, if you chose to perform a custom installation of OES, or are adding OES components to an existing SLES9 server, you may want to install Apache manually. To install Apache Web Server manually through YaST, complete the following steps:

 /etc/init.d/apache2 /etc/init.d/novell-tomcat4 

NOTE

If you also installed Tomcat 5, the initialization script for use with that version is /etc/init.d/tomcat.

These initialization scripts accept command-line parameters of start and stop, which determine what action the scripts will perform on each service. Also, the installation process will configure both of these daemons to automatically start in runlevels 2 through 5.

Apache Web Server Configuration

Apache Web Servers are managed through a primary configuration file called httpd.conf and a secondary file called default-server.conf. In addition to these two main configuration files, Apache is also designed to load external service-specific configuration files stored in the /etc/apache2/conf.d directory, and virtual server configuration files found in the /etc/apache2/vhosts.d directory.

When implementing a custom web server, your configuration changes could be written directly to the global configuration files for Apache. However, rather than directly editing these files, it is usually better to create new configuration files containing only your new configuration. These files can then be stored in the Apache configuration directories and easily removed or edited should the need arise.

OES Linux also follows this recommendation by placing a configuration file called nnls_httpd.conf in the /etc/apache2/conf.d directory, which in turn causes Apache to load all configuration files found in the /etc/opt/novell/httpd/conf.d directory. This setup separates the OES-specific configuration into manageable files for each service. This is useful from a troubleshooting perspective because it reduces the complexity of each individual file, but it also reduces the chance that a configuration error in one file will cause widespread problems throughout the Apache server.

Configuring OES components through iManager may modify some of the configuration files found in the OES-specific directories. These configuration files, however, should not normally be adjusted manually.

It is possible, and perhaps likely, that you will want to adjust the global, non-OES configuration files for Apache. Any configuration change you may want to implement can be performed through manually editing the configuration files, or through the YaST HTTP Server module (shown in Figure 14.1).

Figure 14.1. HTTP Server YaST Module.

The HTTP Server module within YaST can be used to adjust most of the commonly modified parameters of Apache. To use this module, execute the following steps:

Using the HTTP Server module is fairly straightforward, but important configuration options should be explained before attempting to adjust these options. Some of the more common options are explained further in the remaining sections of this chapter.

Storing Web Content

The most important aspect of running a web server is making sure that the various web pages are available to your web users. Although the art of creating web pages is beyond the scope of this book, you need to know the basics about storing files on Apache Web Servers so that pages will be available as needed. To do this, you should become familiar with three main web server directory features: Document Root, Additional Document Directories, and User Home Directories.

DOCUMENT ROOT

The home page associated with your web server's IP address and/or DNS name is stored in the document root directory and named index.htm (or index.html). From the home page, you can create links to other pages, graphics, and applications as needed. Secondary resources can have any filename.

The document root, also called the primary document directory, is where a web server will start looking for requested web pages and resources. By default, Apache Web Server document root is set to the following location:

 /srv/www/htdocs 

Because it's not necessarily a good idea to use the root filesystem for storing your web pages, you can choose to partition out this directory during the OES installation, or simply change the document root to another partition and directory by completing the following steps:

NOTE

For the best web server performance, you should keep the document root as high in the directory structure as possible to reduce document search times.

YaST makes performing these type of changes a rather trivial task, but it is also important to understand how to perform these changes from a terminal. To adjust the DocumentRoot manually from a terminal, complete the following steps:

 /apache2/docs 

 /etc/init.d/apache2 restart 

After restarting Apache, you will be able to access your web content at the new directory.

ADDITIONAL DOCUMENT DIRECTORIES

You can also create additional document directories for those who want to publish their own content, but to whom you don't want to grant access to the document root. This also lets you easily distribute the responsibility of web content to those responsible for it.

This functionality requires the use of the Alias directive. This directive is used to map a local file system directory to a url-path. When the url-path is accessed, Apache automatically replaces the normal DocumentRoot directory with the directory specified in the Alias configuration.

To create an additional document directory manually using the Alias directive, you must add an Alias definition and Directory configuration entry into one of the Apache configuration files, such as default-server.conf or a custom configuration file in /etc/apache2/vhosts.d. This entry should be configured as in the following example:

 Alias /marketing /var/web/marketing <Directory /var/web/marketing>     Order allow,deny     Allow from all </Directory> 

The Alias directive in this example links the /marketing url-path to the /var/web/marketing directory. When clients access a URL, such as http://OES_SERVER/marketing/reports.html, rather than accessing the reports.html file from the normal DocumentRoot directory, the file access is redirected to the /var/web/marketing directory.

USER HOME DIRECTORIES

This feature enables you to set up document directories for each local user, and any LUM user in your eDirectory tree. These document directories are then used as personal websites for your users.

In order to use this feature, the mod_userdir Apache module must be installed and configured. This is performed automatically, with the OES installation, and if necessary can be double-checked through the Add and Remove Software module of YaST. If you'd like to adjust the default configuration of this module, you must edit the /etc/apache2/mod_userdir.conf configuration file. The following are some important directives found within this file:

• UserDir disabled <usernames> List of users who are not allowed a public web directory. By default, this just contains the root user. If no usernames are specified, access to all users' web directories is denied.

• UserDir enabled <usernames> List of users who are explicitly allowed a public web directory. This directive is normally only used in conjunction when the UserDir disabled directive is denying access to all users.

• <Directory /home/*/public_html> This is the main definition for the behavior of the public directory. This directive defines which directory is associated with each user's website, and also what rights and operations are permitted in the directory. For more information on how to configure this option, see the online mod_userdir documentation at http://www.apache.org.

After adjusting any parameters in this file, restart Apache for your changes to take effect. Using the default configuration, users' web directories can be found in the public_html directory beneath each user's home directory. To view the contents of that directory, use a web browser to access the server domain name, followed by a slash (/), followed by ~username. For example:

 http://www.quills.com/~jharris 

NOTE

Before attempting to access the web directory for LUM users, ensure that they have logged in at least one time. Logging in will create their home directory and the public_html directory beneath their home directory that is required for web access.

If you want to avoid encountering a listing of the contents of the public_html directory, each user should create an index.html file as a placeholder in this directory. To configure this automatically for all new users, create a default index.html file and place it in /etc/skel/public_html. All new users will automatically receive a copy of this file during their home directory creation.

Hosting Multiple Websites

Apache supports virtual servers to host multiple websites on a single physical server. This lets a single OES Linux server potentially host all your web server needs. This is useful if you need to let different divisions or departments host their own web resources, or if you are an ISP and need to host multiple websites for your clients without having a separate physical server for each one of them.

You can host two types of virtual servers on your Linux server:

• IP-based Virtual Hosts This option lets you define multiple IP addresses and assign each to a different document root. IP-based Virtual Hosts can be configured using one single instance of Apache, or with one instance per virtual server. With OES, a single shared instance is the recommended configuration. This requires fewer system resources than multiple instances of the web server, but this configuration also causes all virtual servers to share the same configuration.

  NOTE

  You can use YaST to create a virtual IP address for use by an IP-based virtual server. Edit the configuration of an existing network controller (under Network Devices, Network Card) and choose to add a Virtual Alias in the Advanced options.

  
  

• Name-based Virtual Hosts This option lets you map a single IP address to multiple server names by assigning each server a DNS name. Each Name-based Virtual Host then associates each DNS name with a specific home page. For this configuration to be successful, each client browser must report the desired hostname as part of the HTTP headers. Some older browsers may not support this, but for the most part this should not cause any issues.

NOTE

Due to requirements of SSL, Name-based Virtual Hosting is not compatible with SSL communication. If SSL is a requirement, you must use IP-based Virtual Hosting.

In order to configure either of these types of virtual servers, you should create a configuration file for each virtual host (named after each host with a .conf extension), and place the configuration file in the /etc/apache2/vhosts.d directory. You can also create a new host from within the HTTP Server module in YaST by following these steps:

1.	Access YaST from a terminal using yast, or from a graphical environment using yast2 or the YaST launcher from the application menu.
2.	Select the Network Services category in YaST. From within this category, locate and select the HTTP Server module.
3.	From HTTP Server Configuration page, select the Hosts parameter in the lower portion of the HTTP Server Configuration page, and then select Edit.
4.	Click Add to create a new host. This will invoke the New Host Information page, as shown in Figure 14.2. Figure 14.2. HTTP Server ModuleNew Host Information page. Enter the following information and click OK: Server Name The DNS name used to access this web server content. Server Contents Root The DocumentRoot directory for this host. Administrator Email Enter the email address of the site administrator. Server Resolution This host can be accessed using a specific IP address or DNS hostname. Enter the server's IP address, and select the access method that will be used to access this host.
5.	Select OK to return to the main page, and then click Finish to save your changes.

The next time Apache is started, this directory will be read in the initialization process and your virtual servers will be activated. For help with the syntax of these virtual host files, and information on important directives within them, see the sample vhosts.template file in /etc/apache2/vhosts.d.

NOTE

For more information on both of these virtual server options, see the Apache documentation at http://httpd.apache.org/docs-2.0/vhosts/.

Apache Modules

Apache Web Server has been developed with a component architecture that permits functionality to be added through the addition of a functionality specific module. A module is a specially developed extension for Apache Web Server that provides new or expanded functionality.

Requests directed to an Apache Web Server pass through a series of stages as they are handled. Some of the Apache stages include authentication, authorization, and access control. Modules can be inserted at these, or any other, stage to provide increased functionality.

Several modules are available for use with Apache Web Server on OES Linux:

• mod_userdir enables web access to users' home directories.

• mod_cache enables an HTTP content cache that can be used to cache either local content or content available through a proxy.

• mod_perl enables support for the Perl scripting language on Apache Web Server.

• mod_php enables support for the PHP scripting language on Apache Web Server.

• mod_dav provides WebDAV (Web-based Distributed Authoring and Versioning) functionality for the Apache Web Server.

Each of these modules can be installed via the Install and Remove Software module of YaST. For more information on using Apache modules, see the Apache Web Server documentation site at http://httpd.apache.org/docs-2.0/mod/.

Adding Content to Your Website

After Apache Web Server has been installed and enabled, you can immediately access a sample web page and some subpages that are included for demonstration. The default website used with OES is a collection of OES component Welcome pages. These pages offer links to many of the management utilities that are available with OES. This content is accessed using the HTML data stored at the default document root at /srv/www/htdocs.

To view the default OES Welcome pages, open a client web browser on a workstation in your network and enter your OES server's IP address or DNS name. For example:

 http://prv-serv1.quills.com 

When your web server is running, you can start posting content for your web server audience to accesswhether that's your department, your company, or the whole world. Do this by placing files in the web server's primary or additional document directories.

For example, suppose you created a new HTML file called mktg_docs.html that includes links to the marketing collateral for your organization. You would probably copy that file to the additional document directory assigned to the marketing organization; for example, /srv/www/htdocs/marketing.

After the file is stored in the additional document directory, users can access the file by entering the web server's DNS name together with the additional document directory identifier and the filename. For example:

 http://www.quills.com/marketing/mktg_docs.html 

The same general process governs the creation of any web content, whether that content is an Internet site, a corporate intranet, a departmental page, or even a personal web page. What differentiates one web site from another is how it is available (internally versus externally) and what type of server it is running on. External sites and larger corporate sites are usually run on dedicated web servers or hardware virtual servers, whereas smaller departmental sites work well on software virtual servers where users can easily create personalized pages, if necessary.

Publishing Content to a Website

When you are configuring an internal website, you will often have areas of a website that are available for contributors to publish their content. This makes it possible for users to communicate within a department, share information with other departments, and communicate items of general interest.

NOTE

Virtual Office is a powerful new feature for OES Linux that makes it much easier to create temporary or ad-hoc portals for information-sharing purposes. For more information on Virtual Office, see Chapter 15.

Web content contributors have several options for publishing content to your web server. For example:

• Mapping a network drive and creating or copying the content to the desired directory

• Using Internet Explorer 5.0 or higher

• Using Novell NetDrive to map a drive

Additionally, users who are familiar with web publishing tools can choose any of those with which they are familiar.

PUBLISHING CONTENT USING A MAPPED DRIVE

If your contributors are using the Novell Client, this is one way of providing access to web content areas. Use iManager to assign the appropriate rights to web content contributors and provide users with the correct network path so that they can map a drive to the content directory. For use with mapped drives in this manner, the web content area should be stored on an NSS volume. With this configured, you can set up automatic drive mapping through a login script. For more information on login scripts, see the OES online documentation.

PUBLISHING CONTENT USING WEBDAV

Web-based Distributed Authoring and Versioning (WebDAV) is an industry-standard protocol that enhances HTTP, turning the web into a document database that enables collaborative creation, editing, and searching from remote locations.

WebDAV support is provided on OES Linux through NetStorage. With NetStorage enabled, you can publish content directly to a specified document directory from any WebDAV-enabled browser, for example, Internet Explorer. For more information on NetStorage, see Chapter 12, "OES Linux File Access."

PUBLISHING CONTENT WITH NETDRIVE

Novell NetDrive lets you map a drive to any server without using the traditional Novell Client. This means that with NetDrive, you can access your files on any server and modify them through standard Windows utilities such as Windows Explorer. The NetDrive client can be installed from the Novell client's CD-ROM. For more information on NetDrive, see Chapter 12.

Apache Web Server Management

Managing Apache Web Server on a day-to-day basis should not consume a lot of an administrator's time. However, there are a few concepts and additional configuration options that might make management tasks even less of a difficulty. The following sections describe the remaining important files and configuration options useful from this perspective.

SERVER CONFIGURATION

The main area of concern for most administrators is the basic configuration of their Apache server. Although this has been covered briefly in previous sections of this chapter, there are a few additional areas you may want to investigate and customize for your environment.

PERFORMANCE TUNING

Performance within Apache is not normally an issue. However, if you have customized your web configuration to include a large amount of data, or are expecting your server to be under a heavy load, it may be worth your time to investigate this subject.

Apache-specific performance tuning options are mainly specified in the /etc/apache2/server-tuning.conf file. Some of the options specified here include the number of server processes to spawn at daemon startup, and the maximum number of simultaneous client requests. Adjusting these parameters can increase the performance of Apache, but incorrect modification of this file can also quickly lead to performance and operational problems. Before adjusting this file, you should review all relevant material on the Apache documentation website at http://httpd.apache.org/docs-2.0.

MIME TYPES

Also known as context labels, MIME (Multipurpose Internet Mail Extension) types specify the file types that Apache Web Server recognizes and supports. The MIME types configuration file is /etc/apache2/mime.types. This file is actually just a symbolic link to the same mime.types file used by SLES (/etc/mime.types). It is important that this file contain the definitions of all file types used on your Apache server. For example, if you want to put MP3 files on your server, you must add the MP3 extension to your MIME types. If this extension is not added, the server transfers the file to the user as text, instead of as a sound file.

To add a new MIME type to your web server, add a new entry into the /etc/mime.types file containing the following two fields:

• MIME Type Specify the type of content for which you are creating a new MIME type. When a web server sends a document to a client, it includes metadata that identifies the document's type so that the client can handle the document correctly. Possible MIME types include

  • text/plain

  • text/html

  • image/jpeg

  • image/gif

  • application/x-tar

  • application/postscript

  • application/x-gzip

  • audio/basic

  • lang (used to specify a specific language)

  • enc (used to specify that the file is compressed)

  NOTE

  The official list of context types is maintained by the Internet Assigned Numbers Authority (IANA) and can be found at www.iana.org.

  
  

• Extension In the Extension field, enter the file extension associated with the context label you have specified.

NOTE

To add a new extension to an already defined MIME type, just add the new extension to the existing MIME definition. Separate multiple extensions with spaces.

After making the changes, save the updated file and the new MIME type will be recognized at the next Apache restart.

LISTEN PORTS

The /etc/apache2/listen.conf file is used to configure the various IP addresses and ports that Apache Web Server uses to listen for incoming requests.

If you have to adjust these settings, you should be aware of which ports may already be in use by other OES components. Some port assignments in the OES Linux environment can be reassigned, whereas others are permanent. Table 14.1 shows the default port assignments for OES Linux web services as a starting point for any adjustments you may have to make.

ERROR RESPONSES

Typical HTTP error messages are pretty generic and do not give much information. Use the /etc/apache2/errors.conf file to customize error messages and potentially redirect the client to a location where more help is available. When a server cannot complete a request, it typically sends one of the following four error messages to the client:

• Unauthorized (HTTP 401) Occurs when a user tries unsuccessfully to access a file in a secure area of the web server.

• Forbidden (HTTP 403) Occurs when the server does not have file system rights sufficient to read the requested data.

• Not found (HTTP 404) Occurs when a user tries to access data that does not exist.

• Server (HTTP 500) Occurs when the server is improperly configured or when a fatal error occurs (such as the system running out of memory).

In place of these generic errors, there are many situations in which you might want to use custom messages. For example, if users are denied access, instead of receiving a message that simply says "Unauthorized," they could receive a custom error message that explains the reason they were denied access and points them to the help desk to have an account created.

The default installation of Apache already employs custom error pages. These pages are defined in errors.conf and found in the /usr/share/apache2/error directory. To further change the error response for your server, the error pages found in this directory can be customized, or the error code and new action can be manually defined in the errors.conf file. Manual changes to errors.conf must be in the following format:

 ErrorDocument <Error_Code> <Action> 

Possible actions include a custom message enclosed in quotes, the absolute path to an HTML page or script, and the URL of another page to redirect the user to. After you make any changes, the Apache server must be restarted.

SERVER LOGS

In addition to configuration changes and website updates, monitoring your web activity through log files is necessary to track down errors, and an excellent way to locate security breaches. Apache Web Server provides two types of logs for tracking what is happening in your web server environment: access logs and error logs.

ACCESS LOG

The access log records information about web clients that access your web server, and records client information such as IP addresses and date and time of access. By default, the access log is /var/log/apache2/access_log.

The access log is configured in a number of places because the access log is normally specific to each virtual server. However, there is still a default, site wide configuration for the access log. This configuration is found in the /etc/sysconfig/apache2 file. In this file, the APACHE_ACCESS_LOG directive defines where the default log is located.

ERROR LOG

The error log records diagnostic information related to errors that occurred while processing requests. The error log is very important because it often contains details of what went wrong and how to fix it. By default, the error log is /var/log/apache2/error_log. If necessary, this location can be adjusted in the httpd.conf configuration file.

If necessary, the logging level of the error log can be adjusted using the APACHE_LOGLEVEL directive in the /etc/sysconfig/apache2 file. Care should be taken when adjusting this to track more information as performance may suffer because of the logging of unnecessary details.