ubuntu

381

15

Web Servers and Apache’s LAMP

ProLib8 / Ubuntu® Server Administration / Jang / 892-8 / Chapter 15

382 Ubuntu Server Administration


LAMP is an acronym used to refer to a bundle of common software used to run dynamic web servers. When installed during the Ubuntu Server installation process, it’s short for Linux, Apache, MySQL, and PHP. Other LAMP bundles may substitute

or include the Perl and Python programming languages instead of or in addition to PHP.This chapter covers the installation and configuration of a website on an Ubuntu

server system, based on the LAMP installation. The chapter focuses on Apache configu-ration. Virtual hosts on Apache allow the configuration of multiple websites, even if the server is limited to a single IP address. Secure virtual hosts provide the website security now expected online by the general public.

THE SPECIALIZED LAMP INSTALLATIONIf you didn’t select LAMP during the installation process, as shown in Figure 15-1, you can install the associated packages using the commands described in this section. More than 300 packages are associated with Apache, many of which include modules for everything from various forms of authentication, to adapters for programming languages, to connectors to databases. I’ll describe just a few packages installed with the LAMP stack. Details are included at the beginning of the major sections in this chapter.

Figure 15-1. LAMP during the installation process

ProLib8 ProLib8

383 Chapter 15: Web Servers and Apache’s LAMP

Many administrators configure LAMP on a server without a GUI. But you might find it helpful to have a browser available on that server for hosts with access limited to the local system. For that purpose, text-based browsers such as ELinks are available from the main repository.

Install the LAMP StackThis section is based on an Ubuntu server installation, with only the Secure Shell (SSH) server selected to support remote access. The following command is one way to install the LAMP stack of packages:

$ sudo apt-get install apache2 mysql-server libapache2-mod-php5 php5-mysql

With dependencies, based on the Hardy Heron release, this command installs Apache version 2.2.8-1 and PHP5. If you want to install a legacy version of Apache or PHP, it’s possible that Ubuntu will make it available in the current backports repository sometime in the future. But there are no guarantees. Other versions can be downloaded and com-piled from the source code available from http://httpd.apache.org.

Until the Hardy Heron release, PHP4 was available from the universe repository. If you prefer this version of PHP, another option for the PHP4 source code is the home page at www.php.net.

A second way to install the packages of the LAMP stack is with the sudo tasksel command first described in Chapter 8. It opens a low-level graphical screen shown in Figure 15-2, and it may be the easiest way to install all needed packages of the LAMP stack.

Figure 15-2. Installing LAMP with the tasksel utility

www.php.net

http://httpd.apache.org




Just make sure LAMP Server is selected with an asterisk from the Choose Software To Install list. Press TAB to highlight OK, and then press ENTER. The installation process begins automatically. The actual command that is run is revealed in the output to the ps aux | grep apt command as shown here:

/usr/bin/perl -w /usr/bin/debconf-apt-progress -- apt-get -q

--no-install-recommends -y install lamp-server^

The process may appear to freeze for some time, as the packages are downloaded. No messages appear if the Internet connection (between your system and the Internet—or between the remote repository and the Internet) happens to be slower than usual.

During the installation process for the LAMP stack, you’re prompted to create a pass-word for the MySQL root user. If you want to change that MySQL server password at a later time, run the following command:

$ sudo dpkg-reconfigure mysql-server-5.0

Once the process is complete, a number of packages are installed for the LAMP stack.

Installed Packages in the LAMP StackExamine each component of the LAMP stack, one by one. The first component, the Linux operating system, is already installed. The next component, the Apache web server, can include a large number of modules. Not all of them are installed with the LAMP stack. However, there are a surprising number of Perl packages installed with the Ubuntu LAMP stack. When I run the apt-cache search apache command, more than 300 related packages are available. When the LAMP stack is installed, some related Apache packages are shown in Table 15-1.

Table 15-1. Basic Apache Packages

Apache Package Description

apache2 The basic Apache server package

apache2-mpm-worker An Apache daemon suited to high-traffic servers

apache2-utils Apache commands for authentication, logs, and more

apache2.2-common Standard modules and configuration files

libapr1 The Apache portable runtime library

libaprutil1 The Apache utilities library

libpcre3 Expressions compatible with Perl 5

libpq5 Runtime library for communication with a PostgreSQL database

ProLib8 ProLib8


Some dependent packages go beyond the LAMP stack as defined. Included packages allow Apache connections to Perl and PostgreSQL. For detailed information about any package, run the apt-cache show packagename command. You can also install the pack-ages from Table 15-1 with the following command:

$ sudo apt-get install apache2

With dependencies, the installation of the LAMP stack installs MySQL server version 5.0.51a. The installation also includes the basic packages listed in Table 15-2.

Alternatively, the following command installs the basic MySQL server, with the other packages included as dependencies:

$ sudo apt-get install mysql-server

With dependencies, the installation of the LAMP stack installs PHP server version 5.0.51a. The installation also includes the basic packages listed in Table 15-3.

Table 15-2. Basic MySQL Packages

MySQL Package Description

libdbd-mysql-perl Interface between Perl 5 and MySQL

libdbi-perl Interface between Perl 5 and an SQL database

libmysqlclient15off The MySQL client library

libnet-daemon-perl Module for portable Perl daemons

libplrpc-perl Perl extensions for remote procedure calls

mysql-client-5.0 MySQL client commands

mysql-common Files required for MySQL client libraries

mysql-server Meta package for the MySQL server

mysql-server-5.0 mysql-server version 5.0 commands

Table 15-3. Basic PHP Packages

PHP Package Description

libapache2-mod-php5 Module for HTML embedded PHP5-based scripting

php5-common Common files for PHP5 packages

php5-mysql Package for embedding scripts in web pages




Alternatively, the following command installs the basic PHP5 language, with the other packages included as dependencies:

$ sudo apt-get install php5-mysql

If You Prefer PerlWhile PHP is the default for the Ubuntu implementation of the LAMP stack, one com-mon alternative is Perl. There are a large number of Perl packages installed by default, even without the LAMP stack. However, if you prefer Perl for websites, 34 related pack-ages are available, as revealed by the following command:

$ apt-cache search perl | grep apache

One essential package for this purpose is libapache2-mod-perl. You may want to install other packages as shown in the output to the previous apt-cache command, depending on the functionality you need.

If You Prefer PythonAnother alternative to PHP in the LAMP stack is the Python programming language. There are a large number of Python packages installed by default, even without the LAMP stack. However, if you prefer Python for websites, three related packages are available, as revealed by the following command:

$ apt-cache search python | grep apache

Related packages include libapache2-mod-python, the Python Apache2 module, and libapache2-mod-wsgi, the associated web server gateway interface.

CONFIGURE MYSQL AND PHP5Before configuring Apache in the LAMP stack, you’ll want to make sure the other com-ponents are ready. If a firewall is installed on the local system, or between the local net-work and target clients, you’ll want to enable access through that firewall. (For more information on firewalls, see Chapter 18.) But several things for MySQL and PHP5 must be configured before configuring the Apache web server.

NOTE This book covers what a Linux server administrator needs to do. It does not go into the functions of a database administrator for MySQL or a programmer of PHP5, Perl, or Python. For more information, see PHP: A Beginner’s Guide by Vikram Vaswani (McGraw-Hill Professional, 2008).

ProLib8 ProLib8


Configure MySQL for WebsitesFirst, there are several additional MySQL packages available, customized as Apache modules. One way to review the list is with the following command:

$ apt-cache search mysql | grep apache

The output reveals five packages, briefly described in Table 15-4.Websites with higher traffic often include systems that require database access on

different computers. For example, it’s probably a good idea to keep shipping, tracking, inventory, and other e-commerce components on remote systems. To that end, it’s im-portant to allow MySQL access to more than just the localhost system. As shown in the output to the netstat -atun command discussed in Chapter 11, networking through the associated TCP/IP port is limited to the 127.0.0.1 IP address:

tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN

To change this default, edit the /etc/mysql/my.conf configuration file. First, note the configured TCP/IP port number, which can be verified in the /etc/services file:

port = 3306

Note the bind-address directive, which is what limits access to the local system. To make it listen to other systems on the local network, change it to the IP address of a spe-cific local network card; the line should look like this:

bind-address = 192.168.0.154

Table 15-4. Basic Apache-Related MySQL Packages

MySQL Module Package Description

libapache2-mod-auth-mysql For HTTP authentication through a MySQL database

libapache2-mod-log-sql Module to log requests to a database

libapache2-mod-log-sql-dbi For database independent logging

libapache2-mod-log-sql-mysql A MySQL interface for database independent logging

libapache2-mod-log-sql-ssl Encrypted connection for logging requests




If you prefer to allow access to multiple networks, and the local system has multiple network cards, one option is the default IP address:

bind-address = 0.0.0.0

Obviously, this may be a security risk; access from external networks should be at least limited to the relevant TCP/IP port 3306. To implement the change, restart the mysql service with the following command:

$ sudo /etc/init.d/mysql restart

MySQL is a complex database system. It includes 37 commands that start with mysql* just in the standard Ubuntu server PATH. To get a taste of the capabilities, run the mysqladmin | less command. Scroll to the bottom of the output. Open a second command line terminal and try some of the options. For example, the mysqladmin create newdata command creates a new database named newdata. The mysqladmin ping command checks to see if the MySQL service is in operation. The mysqladmin variables command lists current database variables.

Configure PHP for WebsitesPHP is a popular option for configuring websites as it integrates well with MySQL and Apache. Ubuntu docs at https://help.ubuntu.com/community/ApacheMySQLPHP suggest that you may need to increase the default memory limit on configured scripts. The main PHP configuration file related to Apache is php.ini, in the /etc/php5/apache2/directory, and the default memory limit is 16MB. Higher limits are possible, but memory limits are designed to keep poorly written scripts from consuming too much memory.

INSTALL AND CONFIGURE APACHENow to the meat of the chapter, at least with respect to the functions of a Linux admin-istrator. Over half of the websites on the Internet still run on the Apache web server, per www.netcraft.com. As many excellent books have been written about Apache, this chapter will cover only the basic functionality of this web server. As noted in the intro-duction, this chapter focuses on the version of Apache included with the Ubuntu Server Hardy Heron release 2.2.8-1.

This section explains the basic Apache configuration files, how to configure a stan-dard web host, as well as how to set up multiple virtual hosts using a single IP address. If you need a secure virtual host, you probably also need, and therefore must first create, a standard virtual host. For more information, read the documentation online at http://httpd.apache.org/docs-2.2/; one alternative is Apache Cookbook: Solutions and Examples for Apache Administrators, published by O’Reilly.

www.netcraft.com

https://help.ubuntu.com/community/ApacheMySQLPHP

http://httpd.apache.org/docs-2.2/

http://httpd.apache.org/docs-2.2/

ProLib8 ProLib8


NOTE Apache evolved from code written at the National Center for Supercomputing Applications (NCSA). It included so many patches that it became known as “a patchy” server.

Toward the end of this chapter, in the “Prepare Apache Documentation for Web Access” section, you’ll learn how to access Apache documentation locally, based on the files installed from the apache2-doc package.

Learn the Apache Configuration FilesThe best way to learn the Apache configuration files is to trace its messages from when a system starts. During the boot process, Apache is started, courtesy of the /etc/init.d/apache2 script. The init.d script allows further access from the /usr/bin/apache2ctl con-trol command.

The init.d script starts the Apache daemon, /usr/sbin/apache2, as modified by the settings configured in the /etc/default/apache2 file. It then reads and uses the Apache configuration files, stored in the /etc/apache2/ directory. The main /etc/apache2/apache2.conf file includes directives from other files in the same directory. Relevant files and subdirectories in the /etc/apache2/ directory are described in Table 15-5.

Some key directives in these configuration files point to other directories. The /etc/apache2/sites-enabled/000-default file configures the default Apache website, in the /var/www directory. The /etc/apache2/apache2.conf file sends log messages to the ac-cess.log and error.log files in the /var/log/apache2/ directory.

Table 15-5. Apache Configuration Files

Apache Configuration File Description

apache2.conf Main Apache configuration file

conf.d/ Subdirectory that contains files with specific directives

envvars Apache environment variables

httpd.conf Empty Apache configuration file for administrative input

mods-available/ List of available Apache modules

mods-enabled/ List of enabled Apache modules

ports.conf The TCP/IP ports associated with Apache

sites-available/ List of available Apache websites

sites-enabled/ List of configured Apache websites




The organization of Apache configuration files differs from other major Linux distri-butions. For example, Red Hat Enterprise Linux 5 configures virtual hosts directly in the main Apache configuration file and secure virtual hosts in the ssl.conf file in the conf.d/ subdirectory.

Most global changes to Apache defaults should be made to the httpd.conf file. New hosts should be configured in dedicated files in the sites-enabled/ subdirectory.

Apache Default SettingsThe default Apache settings in the /etc/default/apache2 configuration file relate to local caching, using the mod_disk_cache module. The cache is regulated using the htcacheclean command. The first directive, shown here,

HTCACHECLEAN_RUN=auto

means that the command is run only if the module is activated. You can activate the module with the following command:

$ sudo a2enmod disk_cache

The other options in the /etc/default/apache2 configuration file are fairly well explained in the comments; each option is associated with the htcacheclean command:

▼ HTCACHECLEAN_RUN If set to yes, cleans the Apache cache when the service is started.

■ HTCACHECLEAN_MODE If set to cron mode, where cleaning is configured as a regular job, the cache may not be cleared for 24 hours.

■ HTCACHECLEAN_SIZE Limits the disk space allocated to the cache.

■ HTCACHECLEAN_DAEMON_INTERVAL If HTCACHECLEAN_MODE is set to daemon mode, the cache is cleared based on this interval, in minutes.

■ HTCACHECLEAN_PATH Specifies the directory with the cache.

▲ HTCACHECLEAN_OPTIONS By default, set to “nice” (-n), which means that the cache is cleaned only when system resources are available.

Apache Global SettingsGlobal settings for the Apache web server are configured by default in the /etc/apache2 /apache2.conf configuration file. Most numbers specified in this file are in seconds. This section describes the configured directives in that file. First, there’s the ServerRoot directive, which specifies the top-level directory associated with Apache:

ServerRoot /etc/apache2

As Apache can spawn many additional processes for additional clients, some processes use the AcceptMutex directive (when set to flock or fcntl) to add the noted lock file:

LockFile /var/lock/apache2/accept.lock

ProLib8 ProLib8


The following directive specifies the location of the file that stores the Process Identi-fier, the PidFile, which includes the process number associated with the first invocation of the Apache service:

PidFile = $(APACHE_PID_FILE)

The Timeout directive limits the amount of time that goes by, in seconds, before the server provides a “Server not found message”:

Timeout 300

Especially suited for web pages with multiple images, the following KeepAlive di-rective allows multiple requests over the same connection:

KeepAlive On

However, too many KeepAlive requests can overload a server; thus MaxKeepAlive Requests and KeepAliveTimeout directives are available:

MaxKeepAliveRequests 100

KeepAliveTimeout 15

These directives are followed by stanzas associated with the prefork and worker Multi-Processing Modules (MPMs). The prefork MPM stanza specifies available servers and limits the number of clients before enough requests “fork” a process; it includes di-rectives, as explained in the default comments:

# prefork MPM

# StartServers: number of server processes to start

# MinSpareServers: minimum number of server processes which are kept spare

# MaxSpareServers: maximum number of server processes which are kept spare

# MaxClients: maximum number of server processes allowed to start

# MaxRequestsPerChild: maximum number of requests a server process serves

<IfModule mpm_prefork_module>

StartServers 5

MinSpareServers 5

MaxSpareServers 10

MaxClients 150

MaxRequestsPerChild 0

</IfModule>

In contrast, the worker MPM stanza takes advantage of the multiple threads available for each Apache process. Multiple threads per process means that Apache can do more for web clients with the same resources.

# worker MPM

# MinSpareThreads: minimum number of worker threads which are kept spare

# MaxSpareThreads: maximum number of worker threads which are kept spare




# ThreadsPerChild: constant number of worker threads in each server process

# MaxRequestsPerChild: maximum number of requests a server process serves

<IfModule mpm_worker_module>

StartServers 2

MaxClients 150

MinSpareThreads 25

MaxSpareThreads 75

ThreadsPerChild 25

MaxRequestsPerChild 0

</IfModule>

The default user and group that run Apache are defined by the User and Group directives. A common option for the standard User and Group is www-data, which is the associated user and group in the /etc/passwd and /etc/group configuration files.

User ${APACHE_RUN_USER}

Group ${APACHE_RUN_GROUP}

Courtesy of the AccessFileName directive, additional directives are often included in a custom .htaccess file, which is commonly used to limit access by certain users and IP addresses. Files that start with a dot (.) are hidden by default.

AccessFileName .htaccess

While .htaccess files are hidden in the Linux directory tree, they would be visible to crackers on clients with the right skills—without the following stanza:

<Files ~ "^\.ht">

Order allow,deny

Deny from all

</Files>

The standard DefaultType directive is suited to a plain text web page. Alternatives include application/octet-stream and image/gif for different types of data.

DefaultType text/plain

If you change HostnameLookups to On, the server searches for and logs the URL associated with client IP addresses—a reverse DNS search.

HostnameLookups Off

The following two directives specify that all log messages of warn level or higher are sent to the noted ErrorLog file. Other log levels are discussed in the “Log Management” section of Chapter 7.

ErrorLog /var/log/apache2/error.log

LogLevel warn

ProLib8 ProLib8


I jump ahead a bit in the default configuration file to other log-related directives. These directives specify the format associated with messages sent to the /var/log/apache2 directory. The first LogFormat line is wrapped to fit the formatting limits of this book. Detailed logging format parameters, such as %h for host, %u for user, and %t for time, are described at http://httpd.apache.org/docs/2.2/mod/mod_log_ config.html.

LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\"

\"%{User-Agent}i\"" combined

LogFormat "%h %l %u %t \"%r\" %>s %b" common

LogFormat "%{Referer}i -> %U" referer

LogFormat "%{User-agent}i" agent

The following four lines include all directives from the noted configuration files. The first two load enabled modules of the file types from the directories specified. The third includes user-defined directives in the /etc/apache2/httpd.conf file. The fourth directive includes the TCP/IP ports from the specified /etc/apache2/ports.conf file.

Include /etc/apache2/mods-enabled/*.load

Include /etc/apache2/mods-enabled/*.conf

Include /etc/apache2/httpd.conf

Include /etc/apache2/ports.conf

The ServerTokens and ServerSignature directives provide information on the server configuration, often sent with error messages. The default values are shown here:

ServerTokens Full

ServerSignature On

These values specify a lot of information about the web server system. For example, when I navigate to a nonexistent page, I get the information shown in Figure 15-3, which includes the Apache version number, the available secure connection protocol, port number, and more.

The final two lines include all directives from the files configured in two directories. In Ubuntu, the /etc/apache2/conf.d/ directory is intended to include files with single directives, but such files can include more. As you’ll see shortly, it can include a file that enables local access to the Apache documentation.

Include /etc/apache2/conf.d/

Include /etc/apache2/sites-enabled/

The directives shown in the default version of the /etc/apache2/apache2.conf file don’t include defaults for other directives, but they do provide a basic idea on the work-ings of the Apache web server.

One example of a default directive is in comments—the following commented stanza is associated with error pages in different languages. Review the files in the /usr/share/

http://httpd.apache.org/docs/2.2/mod/mod_log_config.html

http://httpd.apache.org/docs/2.2/mod/mod_log_config.html




apache2/error/ directory. You’ll see different languages in these files, at least as listed in the LanguagePriority directive.

# Alias /error/ "/usr/share/apache2/error/"

#

# <Directory "/usr/share/apache2/error">

# AllowOverride None

# Options IncludesNoExec

# AddOutputFilter Includes html

# AddHandler type-map var

# Order allow,deny

# Allow from all

# LanguagePriority en cs de es fr it nl sv pt-br ro

# ForceLanguagePriority Prefer Fallback

# </Directory>

The Apache Control CommandAs suggested earlier, the apache2ctl command is in part a front end to the Apache dae-mon. But it can do more. Run the command by itself, and you’ll see the following output, which suggests the functionality:

Usage: /usr/sbin/apache2ctl start|stop|restart|graceful|graceful-stop|

configtest|status|fullstatus

/usr/sbin/apache2ctl <apache2 args>

Figure 15-3. Error page output provides information on the web server

ProLib8 ProLib8


The options are generally straightforward; for example, the sudo apachectl start com-mand starts the Apache service. The graceful and graceful-stop options restart and stop the Apache service, respectively, without interrupting any currently active connections.

TIP Whenever you want to check the syntax of Apache configuration files, run the sudo apache2ctl configtest command. When you’re ready to test the result, restart the service with the sudo apache2ctl graceful command, and then check the result in a browser. It reloads the Apache configuration file without disconnecting current users.

The configtest option is most useful; it serves as a syntax checker for the main /etc/apache2/apache2.conf configuration file. As you’ll see shortly, that file includes direc-tives from the files that will actually be edited to serve actual websites. It incorporates the functionality formerly available from the apache2 -t command.

The apache2ctl command also works with the options listed in the apache2 man page. One apache2 command option related to configtest is the -S switch, which displays the TCP/IP port numbers, URLs, and configuration files for each regular and secure virtual host. After you configure virtual hosts, later in this section, try the apache2ctl configtest and sudo apache2ctl -S commands and observe the output.

NOTE Older versions of the apache2ctl command included the startssl option, for secure websites. Such support is and was also part of the various start and stop options.

Finally, the apache2ctl status command provides information about the server and associated activity. Sample output is shown in Figure 15-4.

The apache2ctl fullstatus command includes information on process identifiers (PIDs), secure server (SSL/TLS) connections, major modules, and more.

Examine the First HostThe first host is configured in the /etc/apache2/sites-enabled/ directory, in the 000- default configuration file. It’s a virtual host, linked to the file named default, in the /etc/apache2/sites-available/ directory. Examine this file in detail. The first directive is con-figured for virtual hosts based on domain names—on a single IP address.

NameVirtualHost *

You could limit access to a specific TCP/IP port. Commonly used ports include the HTTP standard of 80, the secure HTTPS standard of 443, and one commonly used for networks behind a proxy server, 8080. For example, you might set up specific HTTPS virtual hosts with a directive like this:

NameVirtualHost *:443




If you specify a port number, with NameVirtualHost, you’ll need to specify the same port number with the VirtualHost directive in the same file. In any case, the NameVirtualHost directive can be used once for regular and once for secure hosts. In other words, the second regular and secure virtual host won’t have the NameVirtualHost directive.

If you prefer virtual hosts based on IP addresses, substitute the desired IP address for the asterisk. In that case, every virtual host would require a different IP address.

<VirtualHost *>

Naturally, you’ll want to change this directive to point to a working e-mail address:

ServerAdmin webmaster@localhost

Normally, each website should have a different DocumentRoot; a default index.html file is available in the /var/www directory:

DocumentRoot /var/www/

The following Directory stanza specifies limits on the top-level directory for the vir-tual host. The Options FollowSymLinks directive supports symbolic links. For example,

Figure 15-4. Apache Server Status

ProLib8 ProLib8


for the “Prepare Apache Documentation for Web Access” section, later in this chapter, I create a link from the directory with HTML configured Apache documentation to the /var/www/manual directory with the ln -s command. The AllowOverride None direc-tive disallows the use of .htaccess files for additional configuration.

<Directory />

Options FollowSymLinks

AllowOverride None

</Directory>

The following Directory stanza specifies limits on the /var/www directory, which contains the web page files for the virtual host. The Indexes in the Options directive supports file lists, if an index.html file does not exist in the /var/www directory. The MultiViews setting supports content negotiation based on file type. The Order allow,deny directive supports limited access, based on domain names or IP addresses.

<Directory /var/www/>

Options Indexes FollowSymLinks MultiViews

AllowOverride None

Order allow,deny

allow from all

</Directory>

The following directive and stanza configures Common Gateway Interface (CGI) scripts and Sever Side Includes (SSIs). If CGI scripts are installed, they are normally included in the /usr/lib/cgi-bin directory. The ScriptAlias directive supports access by appropriate own-ers in the /var/www/cgi-bin directory, based on the +SymLinksIfOwnerMatch option.

ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/

<Directory "/usr/lib/cgi-bin">

AllowOverride None

Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch

Order allow,deny

Allow from all

</Directory>

For the noted stanza to work, you’ll need to create a link from the DocumentRoot direc-tory to /var/www/cgi-bin with the following command:

$ sudo ln -s /usr/lib/cgi-bin /var/www/cgi-bin

The next two directives are straightforward, sending error messages of warn level or higher to the noted error.log file, and access messages to the noted access.log file:

ErrorLog /var/log/apache2/error.log

LogLevel warn

CustomLog /var/log/apache2/access.log combined




As noted, the following ServerSignature directive allows a footer in error messages.

ServerSignature On

The following directive limits access to documentation to the localhost system, as specified by the Allow from directive. The address 127.0.0.0/255.0.0.0 could be changed to allow access to the desired network with a setting such as 192.168.0.0/24.

Alias /doc/ "/usr/share/doc/"

<Directory "/usr/share/doc/">

Options Indexes MultiViews FollowSymLinks

AllowOverride None

Order deny,allow

Deny from all

Allow from 127.0.0.0/255.0.0.0 ::1/128

</Directory>

The last directive in the file closes the virtual host stanza:

</VirtualHost>

Configure Virtual HostsBefore you configure a virtual host, make a copy of the 000-default file in the /etc/apache2/sites-enabled directory. For the purpose of this chapter, you could do so with the following commands:

$ cd /etc/apache2/sites-enabled

$ sudo cp 000-default website1

Then create a dedicated web page and logging directories. I’ve specified some arbi-trary directories here. The directory names you use must also be specified in the virtual host file.

$ sudo mkdir /var/www/website1

$ sudo mkdir /var/log/apache2/website1

Now open the website1 file. First, add at least one general directive, which reflects the name of the website:

ServerName site1.example.org

It’s common to add ServerAlias directives for other host or domain names that might be used, such as this:

ServerAlias www.example.org

ProLib8 ProLib8


Then to reflect the new directories just created, change the following directives:

▼ ServerAdmin Set to the e-mail address of the administrator for the website

■ DocumentRoot Configure to the directory with the website files—in this case, /var/www/website1

■ <Directory /dir> Replace /dir with the DocumentRoot directory

■ ErrorLog Set to the dedicated directory for the log file

▲ CustomLog Set to the dedicated directory for the log file

These are just minimal basic changes based on the default configuration included with the Ubuntu implementation of the Apache web server. Depending on any custom configuration, other similar changes may be required.

Once the first virtual host is configured, you can add web pages to the DocumentRoot directory. To test the virtual host, all you need is a text file. For example, for this virtual host, I create an index.html file in the /var/www/website1 directory. I add simple text to this file, as illustrated in Figure 15-5.

To test or configure this virtual website for remote clients, I’ll either need to change the /etc/hosts configuration file on each client or add the specified website name to the DNS (Domain Name System) database.

I can now repeat this process for as many virtual hosts as I need. Given the following directive in the main Apache configuration file (/etc/apache2/apache2.conf),

Include /etc/apache2/sites-enabled/

all files in this directory are included in the Apache configuration.

Figure 15-5. Test a virtual host

ubuntu

Documents