Unterschiede

Hier werden die Unterschiede zwischen zwei Versionen angezeigt.

--- becki:linux:apache_httpd [2010-05-16 13:50]
becki
+++ becki:linux:apache_httpd [2018-05-16 14:20] (aktuell)
becki [Protect a Directory with Digest Authentication]
@@ Zeile 3: / Zeile 3: @@
 Tips for the configuration of the Apache webserver. Unless noted otherwise, the settings were performed on a Slackware Linux system. Necessary steps for other Systems my vary slightly.
 ===== General ==
 Tips refer to apache 2.x.
@@ Zeile 26: / Zeile 26: @@
 </code>
-Make sure that ''/etc/httpd/php.ini'' is identical with ''/etc/httpd/php.ini-recommended''.
+Make sure that ''/etc/httpd/php.ini'' is based on ''/etc/httpd/php.ini-production''. See [[slack_upgrade#notes]]
+As of Slack 13.37 you have to set your timezone in php.ini, eg ''date.timezone = "Europe/Berlin"'' in order to avoid warnings in error log.
 (Re)start apache with ''/etc/rc.d/rc.httpd restart''
@@ Zeile 39: / Zeile 41: @@
 Note: PHP is also a great alternative to Perl or Bash command line scripts. See [[http://de.php.net/manual/en/features.commandline.php|PHP Manual]]
-===== Upgrade from Php4 to Php5 ==
-This section refers to Slack 11.0 which ships with Php4. Download & install Php5 Slack package:
-<code bash>
-wget 'http://ftp.gwdg.de/pub/linux/slackware/slackware-11.0/extra/php5/php-5.2.0-i486-1.tgz'
-upgradepkg php-5.2.0-i486-1.tgz
-</code>
-The upgrade script of the package keeps old php.ini & mod_php.conf. We need the new files:
-<code bash>
-cp -a /etc/apache/php.ini /etc/apache/php.ini.bak
-cp -a /etc/apache/php.ini-recommended /etc/apache/php.ini
-cp -a /etc/apache/mod_php.conf.example /etc/apache/mod_php.conf
-</code>
-If you made manual changes in your old php.ini, do the same with the new php.ini now.
-Note: Ulike in php4 short_open_tag is off by default in php5.
 ===== Protect a Directory with Digest Authentication ==
@@ Zeile 65: / Zeile 48: @@
   * Realm: 'Digest Authentication Test' (arbitrary selectable)
   * Username: testuser
+  * Module auth_digest_module is loaded in httpd.conf
+  * AllowOverride directive is set to All for that direcory for for the document root in general
 Create password file ''.htpasswd'' with:
@@ Zeile 90: / Zeile 75: @@
 Note that the manual discourages to put ''.htpasswd'' into the same directory which is to be protected, however it seems common usage. Check at least ''.htpasswd'' and ''.htaccess'' will not be displayed in your webbrowser!
-More useres can be added to ''.htpasswd'' with:
+More useres can be added to ''.htpasswd'' (or existing users modified) with:
   htdigest .htpasswd 'Digest Authentication Test' newusername
 More details at [[http://httpd.apache.org/docs/1.3/howto/auth.html#digest|Apache manual]]
-===== Enable Directory Listing ==
+===== Disable Directory Listing generally ==
+In DocumentRoot section do
+<code diff>
+-    Options Indexes FollowSymLinks
++    Options FollowSymLinks
+</code>
+===== Enable Directory Listing for a particular Directory ==
 Create an ''.htaccess'' file in the regarding directory and add this line:
@@ Zeile 101: / Zeile 94: @@
 Note that the [[http://httpd.apache.org/docs/2.2/mod/core.html#allowoverride|AllowOverride Directive]] must allow this. More: [[http://httpd.apache.org/docs/2.2/howto/htaccess.html|htaccess]], [[http://httpd.apache.org/docs/2.2/mod/core.html#options|Options]]
+Fancy directory listings:
+  Include /etc/httpd/extra/httpd-autoindex.conf
+===== Security Settings ==
+Disable access to the entire file system except for the directories that are explicitly allowed later.
+<code apache>
+<Directory />
+        AllowOverride None
+        Order Deny,Allow
+        Deny from all
+</Directory>
+</code>
+Further measures:
+<code apache>
+ServerTokens Minimal
+ServerSignature Off
+TraceEnable On
+</code>
+(Proposals taken from Debian Lenny ''/etc/apache2/conf.d/security'')
 ===== Virtual Hosts ==
@@ Zeile 106: / Zeile 123: @@
 [[http://httpd.apache.org/docs/2.2/vhosts/|Vhost documentation start]]
-FIXME
+See also [[becki/my/linux/caldav]]
-  * Name-based virtual hosting cannot be used with SSL secure servers. More: http://httpd.apache.org/docs/2.2/vhosts/name-based.html
+FIXME Name-based virtual hosting cannot be used with SSL secure servers. More: http://httpd.apache.org/docs/2.2/vhosts/name-based.html
-==== Named Virtual Hosts ==
+==== Name-based virtual Hosting ==
-You need the ''NameVirtualHost'' directive. On Debian Lenny it is already present in ''/etc/apache2/ports.conf'': ''NameVirtualHost *:80''
+First you need the ''NameVirtualHost'' directive somwhere in your Apache config file(s). On Debian Lenny it is already present in ''/etc/apache2/ports.conf'':
+  NameVirtualHost *:80
+Next for each domain a ''<VirtualHost *:80>'' section is necessary. There you must specify your domain name, domain aliases (for ''www'' etc), the document root and settings for the document root. Example:
+<code apache>
+<VirtualHost *:80>
+    ServerName mydomain.com
+    ServerAlias mydomain.com *.mydomain.com
+    DocumentRoot /var/www/mydomain.com/
+    <Directory /var/www/mydomain.com/>
+        Options FollowSymLinks MultiViews
+        AllowOverride All
+        Order allow,deny
+        allow from all
+    </Directory>
+</VirtualHost>
+</code>
+Settings for eg. ''ServerAdmin'', ''ErrorLog'', ''LogLevel'' and ''CustomLog'' should have global default values outside of the virtual host sections. But you may optionally overwrite those for each VirtualHost section as well. Note however, that the security settings (see above) IMHO shouldn't be overwritten in the VirtualHost sections!

In Becki sei Wiki

Benutzer-Werkzeuge

Webseiten-Werkzeuge

Unterschiede

Seiten-Werkzeuge