Table of Contents:
The Apache Web Server is installed as part of the OpenBSD base system. This guide will help you configure the web server: (Apache 1.3.12 is released with OpenBSD 2.7 and 1.3.9 with OpenBSD 2.6)
To see how configurable the Apache/OpenBSD combination is we also look at allowing administrators to remotely review the server's status, we setup the system so we allow users on our system to have their own personal web-space. Of course, for the security counscious you probably want to turn some of these things off after you get things up and running.
The first thing we consider about the Apache web-server is turning it on, and setting it up so it turns on automatically if the system is restarted. To do this we make single change to the startup configuration file: /etc/rc.conf
File: /etc/rc.conf
Change the line reading:
httpd_flags=NO
To read:
httpd_flags="" # note the use of two double-quotes
Save the changes and when the computer is restarted, the /etc/rc routines will automatically launch the Apache server httpd with every system restart.
We can test the Apache server without the need to restart the computer. To manually start | restart the Apache server you can use the /usr/sbin/apachectl program
# /usr/sbin/apachectl start
/usr/sbin/apachectl start: httpd started
Your server is up and running.
We can test the web server because OpenBSD installs Apache with a sample website that is chock full of documentation. This sample website is placed into the Document Root directory /var/www/htdocs.
To quickly view whether the web server is up and running, start your browser and test specify your server address. From a command prompt, check using lynx .
# lynx localhost
[ lynx displays the following ...]
[OpenBSD]
Apache
It
Worked!
If you can see this page, then the people who own this host have
just
activated the Apache Web server software included with their OpenBSD
System. They now have to add content to this directory and replace
this
placeholder page, or else point the server at their real content.
[ ... more stuff cut out ... ]
Can we get more information on what the Server is doing?
The OpenBSD apache distribution is compiled with mod_status which allows us to configure the server so we can take a look at it's operational status. I put this in here as a another means for checking the server's functionality while setting it up. (AKA. what's an interesting task for changing the server configuration without having to do too much work.)
To activate the server-status reports in Apache we need to make the following changes to the configuration file:
File: /var/www/conf/httpd.conf
Change the lines that read:
#ExtendedStatus On
#
# Allow server status reports, with the URL of http://servername/server-status
# Change the ".your_domain.com" to match your domain to enable.
#
#<Location /server-status>
# SetHandler server-status
# Order deny,allow
# Deny from all
# Allow from .your_domain.com
#</Location>
To Read:
ExtendedStatus On
<Location /server-status>
SetHandler server-status
Order deny,allow
Deny from all
Allow from 127.0.0.1
</Location>
The above configuration let's you check the server status with at least two methods, opening a browser and pointing to the /server-status url or by using apachectl.
Restart the server and check if server-status is accessible.
# apachectl restart
# apachectl status || lynx localhost/server-status
[ displays the following ...]
Apache Server Status for server.domain.com
Server Version: Apache/1.3.12 (Unix) PHP/3.0.16 mod_ssl/2.6.2
OpenSSL/0.9.5a
Server Built: May 5 2000 21:00:37
_________________________________________________________________
[ ... more stuff cut out ... ]
If you try to connect to the http://server-name/server-status from a separate workstation on the network, you should get a 403 Forbidden error message (You don't have permission to access … ) If you do want to give other workstations access to this page, then you can add further Allow from lines such as:
Allow from 192.168.101.
Allow from .breakline.com
The above two lines will allow access to the /server-status from any client with 192.168.101.xyz ip address, and any client with the domain suffix breakline.com
Apache let's you create alias' (conceptually similar to symbolic links ?) to any point on your server (and possibly beyond.) But one advantage of Apache is how easy it is to let every user on your system have their own private web space. Again, the OpenBSD distribution httpd has this feature built into the binary and it is a simple matter of just modifying the configuration file and restarting Apache to see things work.
1. Our modifications to the configuration is to enable the mod_userdir.c module which let's Apache talk with your user accounts and their home directories. We specify which directory within each users home directory we will send http requests for files.
File: /var/www/conf/httpd.conf
Change the lines that read:
# UserDir: The name of the directory which is appended onto a
user's home
# directory if a ~user request is received. "disabled" turns this
feature
# off; other reasonable defaults are "public_dir" and ".html"
#
UserDir disabled
#
# Control access to UserDir directories. The following is an example
# for a site where these directories are restricted to read-only and
# are located under /home/<username>public_html
# You will need to change this to match your site's home directories.
#
#<Directory /home/*/public_html>
# AllowOverride FileInfo AuthConfig Limit
# Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
# <Limit GET POST OPTIONS PROPFIND>
# Order allow,deny
# Allow from all
# </Limit>
# <Limit PUT DELETE PATCH PROPPATCH MKCOL COPY MOVE LOCK
UNLOCK>
# Order deny,allow
# Deny from all
# </Limit>
#</Directory>
To read:
#Enable the mod_userdir.c module
UserDir public_html
<Directory /home/*/public_html>
AllowOverride FileInfo AuthConfig Limit
Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
<Limit GET POST OPTIONS PROPFIND>
Order allow,deny
Allow from all
</Limit>
<Limit PUT DELETE PATCH PROPPATCH MKCOL COPY MOVE LOCK
UNLOCK>
Order deny,allow
Deny from all
</Limit>
</Directory>
In the above example, we specify public_html as the directory each user-account can create and place their website. If user johndoe has his user directory at /home/johndoe then he needs to create a directory public_html from inside his home folder.
/home/johndoe/public_html will be his website. All URL requests addressed as http://server-name/~johndoe will look into this directory.
Note: If you want to use a directory name other than those specified in the httpd.conf file, then you may need to modify the mod_userdir source.
Before the configuration goes into effect, we need to force httpd to re-read it's configuration file.
# apachectl restart
Seems to simple, but if you forget to restart the server, you will be frustrated in trying to test the changes when the running server does not recognise them.
For our example user johndoe we will create the public_html directory and create a dummy html file.
# su johndoe
$ cd ~
$ mkdir public_html
$ cd public_html
$ echo "<html><body><h1>Success</h1>Now, get real content</body></html>"
> index.html
$ exit
Of course, you could move or place some more sophisticated files into this directory, but this is an adequate start for a test.
Now we try to access the web page.
# lynx localhost/~johndoe/
[ lynx displays the following ...]
Success
Now, get real content
[ ... more stuff cut out ... ]
Similarly from a GUI Browser you get <h1> settings for Success, and the rest of the page as plain text.
You now not only have a working website (mydomain.com) but your users can also have their own web space (http://mydomain.com/~johndoe/)
Copyright (c) 2000 Samiuela LV Taufa. All Rights Reserved.
I reserve the right to be totally incorrect even at the best advice of betters.
You are permitted and encouraged to use this guide for fun or for profit as you see fit. If you republish this work in what-ever form, it would be nice (though not enforceable) to be credited.
|
Apache - Serving up the Web |
Copyright © 2000 Tonga on the 'NET All rights reserved.