From Wikislax

Jump to: navigation, search


What is Apache ?

Apache is the most widespread and powerful Open Source HTTP server.

Apache is included in the base Slackware distribution so it is possible to skip installation alltogether and proceed to Configuring Apache below. As part of Slackware, Apache benefits from Slackware security advisories.

Installing Apache

Download Apache and untar under /usr/local. The documentation is available online. By default apache is installed in /usr/local/apache2. Here we split apache in directories /etc, /usr/local and /var/www. --enable-authnz-ldap and --enable-ldap enable LDAP based authentication, --enable-ssl enables SSL/TLS support, --with-openssl specifies the location of the openssl source and --enable-so is required for PHP, to be installed at the next step.

# groupadd apache
# useradd -g apache apache
# tar -C /usr/local -xvf httpd-x.y.z.txz
# cd /usr/local/httpd*
# ./configure --prefix=/var/www --bindir=/usr/local/bin \
--sbindir=/usr/local/sbin --sysconfdir=/etc/httpd \
--libdir=/usr/local/lib64 --includedir=/usr/local/include \
--datarootdir=/usr/local/share --mandir=/usr/local/man \
--enable-authnz-ldap --enable-ldap --enable-ssl \
--with-openssl=/usr/local/openssl-1.0.2a \
--enable-so --enable-mime-magic
# make
# removepkg /var/log/packages/httpd-x.y.z
# mv /etc/httpd /etc/httpd.0
# make install
# make clean
# cd /var
# chown -R apache:apache www

Configuring Apache

Edit /var/www/conf/httpd.conf to change the User and Group to apache, enter the ServerAdmin e-mail address. To prevent apache from displaying version information, specify ServerSignature Off and ServerTokens prod. To prevent users from viewing directory content, remove the Indexes option in section <Directory "/var/www/htdocs">. Check section <IfModule dir_module> to make sure which file names will be served if a directory is requested (by default index.html).

User apache
Group apache
. . .
ServerAdmin postmaster@inner

ServerSignature Off
ServerTokens prod

<Directory "/var/www/htdocs">
. . .
Options Indexes FollowSymLinks
. . .

<IfModule dir_module>
    DirectoryIndex index.html index.htm index.php

Running Apache

To automatically launch apache at startup, edit /etc/rc.d/rc.httpd and update the paths to reflect installation of the software under /usr/local/sbin. Give the file execution rights, launch the software using /etc/rc.d/rc.httpd start, check if it's running by a ps -ef | grep httpd, point your browser to http://localhost which should load the apache test page with the message It works!, then open port 80 on the firewall.

# vi /etc/rc.d/rc.httpd
. . .
case "$1" in
    /usr/local/sbin/apachectl -k start
    /usr/local/sbin/apachectl -k stop
    killall httpd
    rm -f /var/www/logs/httpd/*.pid
    /usr/local/sbin/apachectl -k restart
    /usr/local/sbin/apachectl -k graceful
    /usr/local/sbin/apachectl -k graceful-stop
    echo "Usage: $0 {start|stop|restart|graceful|graceful-stop}"
# chmod u+x /etc/rc.d/rc.httpd
# /etc/rc.d/rc.httpd start
# ps -ef | grep httpd
root      9875     1  1 07:52 ?        00:00:00 /usr/local/sbin/httpd -k start
apache    9876  9875  0 07:52 ?        00:00:00 /usr/local/sbin/httpd -k start
apache    9877  9875  0 07:52 ?        00:00:00 /usr/local/sbin/httpd -k start
apache    9878  9875  0 07:52 ?        00:00:00 /usr/local/sbin/httpd -k start
apache    9879  9875  0 07:52 ?        00:00:00 /usr/local/sbin/httpd -k start
apache    9880  9875  0 07:52 ?        00:00:00 /usr/local/sbin/httpd -k start
root      9882  3198  0 07:52 pts/1    00:00:00 grep httpd
# vi /etc/rc.d/rc.firewall
. . .
iptables -A INPUT -p tcp -j ACCEPT --dport 80 -m state --state NEW
. . .
# /etc/rc.d/rc.firewall restart

Using encryption

As we use HTTP applications that require login with passwords, we configure httpd.conf with SSL/TLS. This is described simply in the Apache documentation SSL/TLS Strong Encryption: How-To. At least the directives below are required in /etc/httpd/httpd.conf. The SSLCipherSuite directive enables only the strongest ciphers. apache.mtacert.pem.unsecure is a copy of your server certificate owned by apache:apache :

LoadModule ssl_module modules/mod_ssl.so

Listen 443
<VirtualHost *:443>
    ServerName inner.studioware.com
    SSLEngine on
    SSLCertificateFile "/etc/ssl/certs/mtacert.pem"
    SSLCertificateKeyFile "/etc/ssl/private/apache.mtacert.pem.unsecure"
    SSLCipherSuite HIGH:!aNULL:!MD5

For this example to work in Firefox with your self-signed CA certificate, you need to import it using the "Preferences" "Advanced" "Certificates" "View certificates" "Authorities" "Import" menu. We have chosen to encrypt all the site but it is possible to restrict directives to specific areas. More details can be found in the Apache Module mod_ssl and Apache documentations.

MySQL Main Page PHP
Personal tools