Apache

From CLONWiki
Jump to navigation Jump to search

Apache initial installation

Login as 'root'. Do following:

download 'httpd-2.2.3.tar.gz' from web to '/usr/local/download/'
cp /usr/local/downloads/httpd-2.2.3.tar.gz /usr/local/src
cd /usr/local/src
gunzip httpd-2.2.3.tar.gz
tar xvf httpd-2.2.3.tar
rm httpd-2.2.3.tar

If in 'clonweb' do fillowing (on 'clonwiki' replace 'clonweb' by 'clonwiki'). Make sure directory '/www/apache2.2.3' exist, create it if necessary.

mv httpd-2.2.3 httpd-2.2.3_clonweb
cd /usr/local/src/httpd-2.2.3_clonweb
./configure --enable-module=so --prefix=/www/apache2.2.3
make
make install

Make sure that user set to 'apache' (should exist already):

grep "^User" /www/apache2.2.3/conf/httpd.conf
emacs /www/apache2.2.3/conf/httpd.conf
set User (and Group) to 'apache' if necessary

PHP Installation

Login as 'root'. Do following:

download 'php-5.2.0.tar.gz' from web to '/usr/local/download/'
cp /usr/local/downloads/php-5.2.0.tar.gz /usr/local/src
cd /usr/local/src
gunzip php-5.2.0.tar.gz
tar xvf php-5.2.0.tar
rm php-5.2.0.tar

Following is for 'clonweb', use your machine name if necessary:

mv php-5.2.0 php-5.2.0_clonweb
cd /usr/local/src/php-5.2.0_clonweb
./configure --with-mysql --with-apxs2=/www/apache2.2.3/bin/apxs --enable-sockets --with-snmp
make
make install
##cp /usr/local/src/php-5.2.0_clonweb/libs/libphp5.so /www/apache2.2.3/modules

Fix apache config file /www/apache2.2.3/conf/httpd.conf:

DirectoryIndex index.php index.html
LoadModule php5_module modules/libphp5.so
AddType application/x-httpd-php .php
AddType application/x-httpd-php .php3
AddType application/x-httpd-php .phtml

Final Apache Installation

Edit /www/apache2.2.3/htdocs/index.html file (or do it later).

To start/stop apache server do following:

/www/apache2.2.3/bin/apachectl start
/www/apache2.2.3/bin/apachectl stop

If it started fine, fix startup script '/etc/rc.d/init.d/httpd' setting correct pathes:

# config: /www/apache2.2.3/conf/httpd.conf
# pidfile: /www/apache2.2.3/logs/httpd.pid
apachectl=/www/apache2.2.3/bin/apachectl
httpd=${HTTPD-/www/apache2.2.3/bin/httpd}
pidfile=${PIDFILE-/www/apache2.2.3/logs/httpd.pid}

Modified file is saved as /www/apache2.2.3/httpd.for_etc_init_d, copy it as /etc/init.d/httpd.

Now apache can be controled by following commands:

/etc/init.d/httpd stop
/etc/init.d/httpd start
/etc/init.d/httpd restart

Add apache to the list of services to be started at boot time using:

/usr/bin/system-config-services

Password protection

1. Create password file:

htpasswd -c /www/apache2.2.11/conf/passwords user1
New password: 
Re-type new password: 
Adding password for user user1

NOTE: more users can be added by

htpasswd /www/apache2.2.11/conf/passwords user2

or deleted by

htpasswd -D /www/apache2.2.11/conf/passwords user2

2. Create group file /www/apache2.2.11/conf/groups with appropriate contents, for example:

GroupName: user1 user2

3. Close by default access to the DocumentRoot directory (will be allowed for every subdirectory, see next paragraph):

<Directory "/www/apache2.2.11/htdocs">
   ...
    #sergey
   #Allow from all
   Deny from all
</Directory>

4. Add following to the end of httpd.conf file:

#protect personal directories by password 
<Directory "/www/apache2.2.11/htdocs/user1">
#    AuthType Digest
   AuthType Basic
   AuthName "Restricted Area"
   AuthUserFile /www/apache2.2.11/conf/passwords
   Require user user1
   Allow from all
</Directory>
<Directory "/www/apache2.2.11/htdocs/user2">
#    AuthType Digest
   AuthType Basic
   AuthName "Restricted Area"
   AuthUserFile /www/apache2.2.11/conf/passwords
   Require user user2
   Allow from all
</Directory>
<Directory "/www/apache2.2.11/htdocs">
#    AuthType Digest
   AuthType Basic
   AuthName "Restricted Area"
   AuthUserFile /www/apache2.2.11/conf/passwords
   AuthGroupFile /www/apache2.2.11/conf/groups
   Require Group GroupName
   Allow from all
</Directory>

it will give an password-protected access for user1 to directories user1 and guest, and for user2 to directories user2 and guest.

5. Restart apache

SSL configuration

1. Generate certificate:

ssleay req -out certificate.pem -nodes -new -x509 -days days
openssl req -new -x509 -days 3650 -keyout ./private/myserver.key -out myserver.crt
openssl x509 -in myserver.crt -text -noout   | more