====== Apache Webserver Tips == Tips for the configuration of the Apache webserver. Unless noted otherwise, the settings were performed on a Slackware Linux system. Necessary steps for other Systems my vary slightly. ===== General == Tips refer to apache 2.x. * ''chmod +x /etc/rc.d/rc.httpd'' is necssary to start apache automatically at system boot. * To enable per-directory settings with ''.htaccess'' files, you have to set the ''AllowOverride'' directive for the document root (usually ''/srv/httpd/htdocs'') accordingly. Amongst others, this is usually necessary fot URL Rewriting. When on doubt, set ''AllowOverride'' to ''all''. [[http://www.dokuwiki.org/rewrite#apache|More Info]] * To tell the browsers in the HTTP-header to use UTF-8 as default encoding, add ''AddDefaultCharset UTF-8'' to the DocumentRoot section ('''') * Uncomment ''Include /etc/httpd/extra/httpd-autoindex.conf'' to enable fancy directory listings * Uncomment ''/etc/httpd/extra/httpd-userdir.conf'' to enable user home directories Include, eg. ''http://~sandy/...'' * See [[svn_tips]] for using apache as subversion server ===== Enable Php in Apache == Enable php by doing the following changes in ''/etc/httpd/httpd.conf'' (old: /etc/apache/httpd.conf): < DirectoryIndex index.html --- > DirectoryIndex index.php index.html < #Include /etc/httpd/mod_php.conf --- > Include /etc/httpd/mod_php.conf Make sure that ''/etc/httpd/php.ini'' is based on ''/etc/httpd/php.ini-production''. See [[slack_upgrade#notes]] As of Slack 13.37 you have to set your timezone in php.ini, eg ''date.timezone = "Europe/Berlin"'' in order to avoid warnings in error log. (Re)start apache with ''/etc/rc.d/rc.httpd restart'' Test apache & php by saving the following line as /var/www/htdocs/index.php Point your browser to http://localhost/. You should see infomations about your php installation there. If you get a download dialog window with something about ''application/x-httpd-php'' instead the page, especially with firefox, then empty your browser cache (you go to tools>clear private data) and try again :!: Note: With Slack 13.0 (PHP 5.2.10) there is a problem with semaphore creating rights. To fix this change ''session.save_path'' from ''/var/lib/php/'' back to ''/tmp'' in ''/etc/httpd/php.ini'' (([[http://bugs.php.net/bug.php?id=49401|Source]])). An alternative might be to fix the permission settings of ''/var/lib/php/''. Note: PHP is also a great alternative to Perl or Bash command line scripts. See [[http://de.php.net/manual/en/features.commandline.php|PHP Manual]] ===== Protect a Directory with Digest Authentication == Quick and dirty example with these parameters: * Directory to be protected: /var/www/htdocs/digestTest/ * Realm: 'Digest Authentication Test' (arbitrary selectable) * Username: testuser * Module auth_digest_module is loaded in httpd.conf * AllowOverride directive is set to All for that direcory for for the document root in general Create password file ''.htpasswd'' with: htdigest -c .htpasswd 'Digest Authentication Test' testuser Create config file ''.htaccess'' (for Apache 1.x): AuthType Digest AuthName "Digest Authentication Test" AuthDigestFile /var/www/htdocs/digestTest/.htpasswd Require valid-user Create config file ''.htaccess'' (for Apache 2.x): AuthType Digest AuthName "Digest Authentication Test" AuthDigestProvider file AuthUserFile /var/www/htdocs/digestTest/.htpasswd Require valid-user Put ''.htpasswd'' and ''.htaccess'' into /var/www/htdocs/digestTest/ Note that the manual discourages to put ''.htpasswd'' into the same directory which is to be protected, however it seems common usage. Check at least ''.htpasswd'' and ''.htaccess'' will not be displayed in your webbrowser! More useres can be added to ''.htpasswd'' (or existing users modified) with: htdigest .htpasswd 'Digest Authentication Test' newusername More details at [[http://httpd.apache.org/docs/1.3/howto/auth.html#digest|Apache manual]] ===== Disable Directory Listing generally == In DocumentRoot section do - Options Indexes FollowSymLinks + Options FollowSymLinks ===== Enable Directory Listing for a particular Directory == Create an ''.htaccess'' file in the regarding directory and add this line: Options +Indexes Note that the [[http://httpd.apache.org/docs/2.2/mod/core.html#allowoverride|AllowOverride Directive]] must allow this. More: [[http://httpd.apache.org/docs/2.2/howto/htaccess.html|htaccess]], [[http://httpd.apache.org/docs/2.2/mod/core.html#options|Options]] Fancy directory listings: Include /etc/httpd/extra/httpd-autoindex.conf ===== Security Settings == Disable access to the entire file system except for the directories that are explicitly allowed later. AllowOverride None Order Deny,Allow Deny from all Further measures: ServerTokens Minimal ServerSignature Off TraceEnable On (Proposals taken from Debian Lenny ''/etc/apache2/conf.d/security'') ===== Virtual Hosts == [[http://httpd.apache.org/docs/2.2/vhosts/|Vhost documentation start]] See also [[becki/my/linux/caldav]] FIXME Name-based virtual hosting cannot be used with SSL secure servers. More: http://httpd.apache.org/docs/2.2/vhosts/name-based.html ==== Name-based virtual Hosting == First you need the ''NameVirtualHost'' directive somwhere in your Apache config file(s). On Debian Lenny it is already present in ''/etc/apache2/ports.conf'': NameVirtualHost *:80 Next for each domain a '''' section is necessary. There you must specify your domain name, domain aliases (for ''www'' etc), the document root and settings for the document root. Example: ServerName mydomain.com ServerAlias mydomain.com *.mydomain.com DocumentRoot /var/www/mydomain.com/ Options FollowSymLinks MultiViews AllowOverride All Order allow,deny allow from all Settings for eg. ''ServerAdmin'', ''ErrorLog'', ''LogLevel'' and ''CustomLog'' should have global default values outside of the virtual host sections. But you may optionally overwrite those for each VirtualHost section as well. Note however, that the security settings (see above) IMHO shouldn't be overwritten in the VirtualHost sections!