In a previous post, we had a look at the Apache HTTP server, what it is, and how it works. Today, we’ll handle some of the most important Apache configuration directives, look at what they are for, and learn how to edit them, in order to mold the way our server works to our liking.
The Apache server is a service that runs in the background, waiting for requests from clients connecting to the ports it listens to, in order to take action. Apache either responds to those requests, or leaves related notes in its log files. Its behavior is controlled through its configuration, using what is known as directives (among other things). We’ll discuss the most basic directives in this article.
ServerName
The ServerName directive is used to set the host name of the server; this is how the server identifies itself. It uses this name when responding to HTTP requests. You can set this directive either in the server’s configuration or virtual hosts. The location of your configuration files depend on both the Apache version and Linux distribution.
<VirtualHost *:80> ServerAdmin webmaster@localhost DocumentRoot /var/www ServerName www.example-site.com . . . </VirtualHost>
Apache has a great number of directives which you can set and manipulate in order to set your server’s behavior.
If the ServerName directive is not specified, the server tries to obtain it by performing a reverse DNS look-up on its IP address. You should always set a ServerName for the server explicitly; it is the only value you need to set to get your server running after installation.
You will have to use the IP address of your machine if you don’t yet have a registered domain name. Otherwise, you would need to add the domain name and IP address to the server’s hosts file–the same as you do with your PC’s hosts file. By doing this, the server checks its hosts file before consulting with the DNS server. I personally add my IP address/domain name entry to the Apache hosts file to minimize server response time by saving a call to the DNS server.
Assuming our domain name is www.example-site.com
and our server’s IP address is 50.57.77.153
, you need to add the following line to the server’s hosts file (/etc/hosts):
50.57.77.153 www.example-site.com example-site.com
After editing the hosts file, you need to restart (or stop and start) Apache. I’ll show you how to do this later.
Listen
The Listen directive tells Apache what IP addresses and/or ports it should listen to for incoming requests. If nothing is specified, Apache listens to all addresses and ports on the machine. The default configuration sets the server to listen to port 80, the default port for HTTP communication.
If you only specify an IP address, the server will respond to requests coming to all ports of that address (also called an interface). If only a port number is specified, then Apache responds to requests on the specified port arriving at all interfaces on the machine. If an address and port combination is supplied, then Apache only responds to those specific interface/port combinations.
If your server installation has separate configuration files, you should be able to find or set this directive in the
ports.conf
file.
You can find this file in the same location as your Apache configuration files (mine is /etc/apache2/ports.conf
, but that might be different for other Apache versions and/or Linux distributions).
Let’s assume our example site is at IP address 50.57.77.153
. To set Apache to listen to ports 80 and 443, the respective default ports for HTTP and HTTPS, you need to enter the following directives in your ports.conf
file:
Listen 50.57.77.153:80 Listen 50.57.77.153:443
Alternatively, if you want Apache to listen to ports 80 and 443 on all interfaces regardless of the IP address, you can enter the following:
Listen 80 Listen 443
Web User and Group
On Unix operating systems, it’s a good idea to configure Apache to run under a specific user and group instead of root. Doing so makes the server more secure and less vulnerable to attacks. Ideally, the user and group you set should not be able to login to the server (ie: have no login credentials) and no login shell; they will just be used for handling web client requests. Set the Apache user’s home directory to the web server’s document directory, usually located at /var/www
or /usr/local/apache2/htdocs
.
groupadd anyUserName useradd -d /var/www -g anyUserName -s /bin/false
The example above uses anyUserName as our web user and group; just use a name not reserved for other processes. -d /var/www sets the home directory of the new account to /var/www
, and -s /bin/false ensures the new account has no shell access. Next, you need to modify your config file to use the new Apache user and group. If yours says:
User ${APACHE_RUN_USER} Group ${APACHE_RUN_GROUP}
Then you need to find where these variables are defined and change their values. Usually, the above directive is preceded by a comment letting you know exactly where to set the new values. Otherwise, you will just insert the new user and group name in place of the old. So your final config lines could look like this:
User anyUserName Group anyUserName
ServerRoot
Apache’s behavior is controlled through its configuration.
Apache’s important files, like the server’s configuration, error, and log files are kept at the top of the directory tree. This location is the ServerRoot, and you can set a different value in Apache’s main config file. Depending on your installation, the default can be something like /usr/local/apache2
or /etc/apache2
. Any Apache directives using a relative path will, by default, append to the root path specified in ServerRoot.
When you first install your server, the configuration and log files are placed in the ServerRoot. You can change its value to a new directory, but make sure to copy the configuration files to the new location. Also, make sure you do not to add a trailing slash to the path when you modify the value.
ErrorLog
When an error occurs, Apache logs the error to a log file. The location of the error log is determined by the value specified using the ErrorLog directive. This file is critical because you will refer to it in order to debug errors, solve server configuration problems, and optimize the server.
If the server hosts multiple sites and you want to have separate error logs for each site, you can specify a different file and location for each site in the virtual hosts file.
If you don’t, then all sites’ errors are logged in the default error log, typically located at /usr/local/apache2/logs/error_log
or /var/log/apache2/error.log
(once again, depending on your installation).
Please note that the above log paths are absolute. For example, consider the following directive:
ErrorLog logs/error_log
This is a relative path. Therefore, the actual error log location is $ServerRoot/logs/error_log
.
The LogLevel directive controls the level of the messages logged in the error logs. By default, it is set to warn, meaning that all messages with the value of warning and higher (as in more critical) will be logged. You can change the value of this directive to adjust the logging level to your preference.
DocumentRoot
The DocumentRoot directive sets the location of the server’s public files, aka htdocs. This is the default Apache web server document directory, and its contents are readily and publicly available to clients connecting through the web. It contains the static and dynamic content to be served once the server receives an HTTP request for them. Since files and sub-directories under htdocs are available for the public, it is very important to handle permissions correctly in order to minimize the ability to compromise the server’s safety and security.
Depending on your installation, the default DocumentRoot location could be something like
/var/www
or/usr/local/apache2/htdocs
.
If you are hosting multiple websites on the same server, you need to set a different DocumentRoot for each site. This can be done within the respective VirtualHost directive that corresponds to each site. Let’s say you have three websites on the same server (eg: www.example-site1.com
, www.example-site2.com
, www.example-site3.com
), your virtual hosts file might look something like the following:
<VirtualHost www.example-site1.com> DocumentRoot /usr/local/apache2/htdocs/example_site1 ServerName www.example-site1.com . . . </VirtualHost> <VirtualHost www.example-site2.com> DocumentRoot /usr/local/apache2/htdocs/example_site2 ServerName www.example-site2.com . . . </VirtualHost> <VirtualHost www.example-site3.com> DocumentRoot /usr/local/apache2/htdocs/example_site3 ServerName www.example-site3.com . . . </VirtualHost>
To set a separate error log for each of these domains, which is a good idea, then your virtual hosts file might look something like this:
<VirtualHost www.example-site1.com> DocumentRoot /usr/local/apache2/htdocs/example_site1 ServerName www.example-site1.com ErrorLog /usr/local/apache2/logs/site1_error_log . . . </VirtualHost> <VirtualHost www.example-site2.com> DocumentRoot /usr/local/apache2/htdocs/example_site2 ServerName www.example-site2.com ErrorLog /usr/local/apache2/logs/site2_error_log . . . </VirtualHost> <VirtualHost www.example-site3.com> DocumentRoot /usr/local/apache2/htdocs/example_site3 ServerName www.example-site3.com ErrorLog /usr/local/apache2/logs/site3_error_log . . . </VirtualHost>
PidFile
The ServerName directive is used to set the host name of the server; this is how the server identifies itself.
The Apache service first starts as root in order to bind to the privileged port 80 for HTTP (or 443 if using SSL) because port numbers less than 1024 are only reserved to the root user. After the initial execution, children processes spawn to handle client requests which are owned by the Apache user specified in the configuration file. For this reason, you will find one root process and multiple processes belonging to the web user; this root process is the first one initiated when Apache starts. It has a process ID, and this ID is stored in the Pid file on the server. You can control the location of the Pid file by using the PidFile directive in the configuration file.
If you open the file specified in the PidFile
directive, you will find a number that corresponds to the parent process ID. You can stop the Apache server by killing the process using its ID number. However, kill the process only as a last resort. We’ll discuss the preferred way to stop Apache in a moment.
File Inclusion
It is possible to separate server configuration and settings into multiple files; in fact, some Apache installations actually do so. These multiple files can then be included in the original server config file. This approach is ideal in order to keep your config file light and clear, but it also forces you to look inside multiple files residing in different locations to completely understand how Apache is configured. In any case, below is the syntax for including external config files. Whether or not you want to use file inclusion is up to you:
# Include ports listing: Include /etc/apache2/ports.conf # Include generic snippets of statements Include /etc/apache2/conf.d/ # Include module configuration: Include /etc/apache2/mods-enabled/*.load Include /etc/apache2/mods-enabled/*.conf
As you can see from the examples above, you can include a specific file by name, a directory (and thus all files therein), or multiple files by using wildcards.
Start, Stop, and Restart Apache
Every time you edit one of Apache’s configuration files, you need to restart (or stop and start) the service so that Apache can load the new configuration. Otherwise, your changes will just remain on file for the next restart or server start. If your changes cause syntax errors in the configuration files, restarting will show you error messages concerning those mistakes. Additionally, the Apache web server will not start until you fix those errors.
To stop the Apache server, type in the following command in the console:
/etc/init.d/apache2 stop
To start the Apache server, type in the following command:
/etc/init.d/apache2 start
To restart the Apache server, type in the following command:
/etc/init.d/apache2 restart
Naturally, you must be logged in with a privileged user in order to execute these commands. You could, however, still run the above commands by adding sudo before each line. This basically tells the system that you are executing the command as a super user (hence the naming, sudo), in which case the system asks you to enter a password before it executes your command. If you don’t know that password, ask your server admin. Preceding the above commands with sudo:
sudo /etc/init.d/apache2 stop sudo /etc/init.d/apache2 start sudo /etc/init.d/apache2 restart
Conclusion
Apache has a great number of directives, which you can set and manipulate in order to set your server’s behavior. This is responsible for Apache’s flexibility and power.
Every server administrator will often tweak certain directives, while leaving others completely alone; it all depends on their particular needs. In general, however, the directives discussed in this article are among the most important. Every person working with the Apache server is likely to encounter these directives. Understanding what they are, and what purpose they serve, is paramount to having a working and stable web server.
No hay comentarios:
Publicar un comentario