Apache
What is Apache ?
Apache is the most widespread and powerful Open Source HTTP server.
Apache is included in the base Slackware distribution so it is possible to skip installation alltogether and proceed to Configuring Apache below. As part of Slackware, Apache benefits from Slackware security advisories.
Installing Apache
Download Apache and untar under /usr/local. The documentation is available online. By default apache is installed in /usr/local/apache2. Here we split apache in directories /etc, /usr/local and /var/www. --enable-authnz-ldap and --enable-ldap enable LDAP based authentication, --enable-ssl enables SSL/TLS support, --with-openssl specifies the location of the openssl source and --enable-so is required for PHP, to be installed at the next step.
# groupadd apache # useradd -g apache apache # tar -C /usr/local -xvf httpd-x.y.z.txz # cd /usr/local/httpd* # ./configure --prefix=/var/www --bindir=/usr/local/bin \ --sbindir=/usr/local/sbin --sysconfdir=/etc/httpd \ --libdir=/usr/local/lib64 --includedir=/usr/local/include \ --datarootdir=/usr/local/share --mandir=/usr/local/man \ --enable-authnz-ldap --enable-ldap --enable-ssl \ --with-openssl=/usr/local/openssl-1.0.2a \ --enable-so --enable-mime-magic # make # removepkg /var/log/packages/httpd-x.y.z # mv /etc/httpd /etc/httpd.0 # make install # make clean # cd /var # chown -R apache:apache www
Configuring Apache
Edit /var/www/conf/httpd.conf to change the User and Group to apache, enter the ServerAdmin e-mail address. To prevent apache from displaying version information, specify ServerSignature Off and ServerTokens prod. To prevent users from viewing directory content, remove the Indexes option in section <Directory "/var/www/htdocs">. Check section <IfModule dir_module> to make sure which file names will be served if a directory is requested (by default index.html).
User apache Group apache . . . ServerAdmin postmaster@inner ServerSignature Off ServerTokens prod <Directory "/var/www/htdocs"> . . . Options Indexes FollowSymLinks . . . </Directory> <IfModule dir_module> DirectoryIndex index.html index.htm index.php </IfModule>
Running Apache
To automatically launch apache at startup, edit /etc/rc.d/rc.httpd and update the paths to reflect installation of the software under /usr/local/sbin. Give the file execution rights, launch the software using /etc/rc.d/rc.httpd start, check if it's running by a ps -ef | grep httpd, point your browser to http://localhost which should load the apache test page with the message It works!, then open port 80 on the firewall.
# vi /etc/rc.d/rc.httpd . . . case "$1" in 'start') /usr/local/sbin/apachectl -k start ;; 'stop') /usr/local/sbin/apachectl -k stop killall httpd rm -f /var/www/logs/httpd/*.pid ;; 'restart') /usr/local/sbin/apachectl -k restart ;; 'graceful') /usr/local/sbin/apachectl -k graceful ;; 'graceful-stop') /usr/local/sbin/apachectl -k graceful-stop ;; *) echo "Usage: $0 {start|stop|restart|graceful|graceful-stop}" ;; esac :x # chmod u+x /etc/rc.d/rc.httpd # /etc/rc.d/rc.httpd start # ps -ef | grep httpd root 9875 1 1 07:52 ? 00:00:00 /usr/local/sbin/httpd -k start apache 9876 9875 0 07:52 ? 00:00:00 /usr/local/sbin/httpd -k start apache 9877 9875 0 07:52 ? 00:00:00 /usr/local/sbin/httpd -k start apache 9878 9875 0 07:52 ? 00:00:00 /usr/local/sbin/httpd -k start apache 9879 9875 0 07:52 ? 00:00:00 /usr/local/sbin/httpd -k start apache 9880 9875 0 07:52 ? 00:00:00 /usr/local/sbin/httpd -k start root 9882 3198 0 07:52 pts/1 00:00:00 grep httpd # vi /etc/rc.d/rc.firewall . . . iptables -A INPUT -p tcp -j ACCEPT --dport 80 -m state --state NEW . . . :x # /etc/rc.d/rc.firewall restart
Using encryption
As we use HTTP applications that require login with passwords, we configure httpd.conf with SSL/TLS. This is described simply in the Apache documentation SSL/TLS Strong Encryption: How-To. At least the directives below are required in /etc/httpd/httpd.conf. The SSLCipherSuite directive enables only the strongest ciphers. apache.mtacert.pem.unsecure is a copy of your server certificate owned by apache:apache :
LoadModule ssl_module modules/mod_ssl.so Listen 443 <VirtualHost *:443> ServerName inner.studioware.com SSLEngine on SSLCertificateFile "/etc/ssl/certs/mtacert.pem" SSLCertificateKeyFile "/etc/ssl/private/apache.mtacert.pem.unsecure" SSLCipherSuite HIGH:!aNULL:!MD5 </VirtualHost>
For this example to work in Firefox with your self-signed CA certificate, you need to import it using the "Preferences" "Advanced" "Certificates" "View certificates" "Authorities" "Import" menu. We have chosen to encrypt all the site but it is possible to restrict directives to specific areas. More details can be found in the Apache Module mod_ssl and Apache documentations.
MySQL | Main Page | PHP |