apache web server: architeura, installazione ... · apache: la storia • in february of 1995, the...
TRANSCRIPT
CorsodiProge+azionediRe0eSistemiInforma0ci
31Marzo2011 EmilianoCasalicchio(C)
Apachewebserver:archite+ura,installazione,configurazione
(Lezione1)
Agenda
• IlWebServer• Apachewebserver– Archite+ura– Installazione– Configurazione
31Marzo2011 EmilianoCasalicchio(C)
IlWebServer
• Iden0ficaquelservizioa+oarisponderearichiesteh+p– èprincipalmentecompostodaunsoPware(ildemoneh+pdinambien0Unix/Linux)edallamacchinacheloospita
– è0picamenteraggiungibilemedianteunaconnessionedirete(TCP/IP)
– èingradodirisponderearichiesteh+p,h+ps
31Marzo2011 EmilianoCasalicchio(C)
Perchèapache
31Marzo2011 EmilianoCasalicchio(C)
TotalSitesAcrossAllDomainsAugust1995‐March2011
MarketShareforTopServersAcrossAllDomainsAugust1995‐March2011
From:h+p://news.netcraP.com/archives/category/web‐server‐survey/
Apache:lastoria
• InFebruaryof1995,themostpopularserversoPwareontheWebwasthepublicdomainHTTPdaemondevelopedbyRobMcCoolattheNa0onalCenterforSupercompu0ngApplica0ons,UniversityofIllinois,Urbana‐Champaign.– However,developmentofthath+pdhadstalledaPerRoblePNCSAin
mid‐1994,andmanywebmastershaddevelopedtheirownextensionsandbugfixesthatwereinneedofacommondistribu0on.
• BytheendofFebruary,eightcorecontributorsformedthefounda0onoftheoriginalApacheGroup:– BrianBehlendorf RoyT.FieldingRobHar0ll DavidRobinson Cliff
Skolnick RandyTerbushRobertS.Thau AndrewWilson – withaddi0onalcontribu0onsfromEricHagberg FrankPeters Nicolas
Pioch • thefirstofficialpublicrelease(0.6.2)oftheApacheserverinApril1995• Apache1.0wasreleasedonDecember1,1995.• LessthanayearaPerthegroupwasformed,theApacheserverpassed
NCSA'sh+pdasthe#1serverontheInternet
31Marzo2011 EmilianoCasalicchio(C)
h+p://h+pd.apache.org/ABOUT_APACHE.html
APAtCHyServer
Apachearchitecture
• ConceptualArchitecture(Le-uraobbligatoria)– h+p://www.voneicken.com/courses/ucsb‐cs290i‐wi02/papers/Concept_Apache_Arch.htm
• ConcreteArchitecture(Le-urafacolta7va)– h+p://www.voneicken.com/courses/ucsb‐cs290i‐wi02/papers/Concrete_Apache_Arch.htm
31Marzo2011 EmilianoCasalicchio(C)
Thecorecomponents• h+p_protocol.c:containsrou0nesthatdirectlycommunicateswiththeclient
(throughthesocketconnec0on),followingtheHTTPprotocol.Alldatatransferstotheclientaredoneusingthiscomponent.
• h+p_main.c:thecomponentthatstartuptheserverandcontainsthemainserverloopthatwaitsforandacceptsconnec0ons.Itisalsoinchargeofmanaging0meouts.
• h+p_request.cthecomponentthathandlestheflowoftherequestprocessing,dispatchingcontroltothemodulesintheappropriateorder.Itisalsoinchargewitherrorhandling.
• h+p_core.c:thecomponentimplemen0ngthemostbasicfunc0onality,whichisdescribedinacommentfromasourcefileasbeing"just'barely'func0onalenoughtoservedocuments,thoughnotterriblywell".Anotherinteres0ngquotefromasourcefilecommentillustratesverywellthefunc0onofthiscomponent:"thisfilecouldalmostbemod_core.c".Meaningthatthecomponentbehaveslikeamodulebuthastoaccesssomeglobalsdirectly(whichisnotcharacteris0cforamodule).
• thecomponentthattakecareofalloca0ngresourcepools,andkeepingtrackofthem.(alloc.c)
• otheru0li0es,includingreadingconfigura0onfilesandmanagingtheinforma0ongatheredfromthosefiles(h+p_config.c),aswellassupportforvirtualhosts.Animportantfunc0onofh+p_configisthatformthelistofmodulesthatwillbecalledtoservicedifferentphasesoftherequests.
31Marzo2011 EmilianoCasalicchio(C)
Fasidiunarichiesta• Amoduleimplementsonlypor0onofthefunc0onalityforservicing
aclientrequest.– Morethanonemodulearenecessarytocompletelyrespondtoa
request– moduledoesnotknowoneabouttheother.– Thecontrolistransferedbackandforthbetweenthecoreand
differentmodules.Thisishandledbydividingthehandlingoftherequestintoasetofdis0nctphases.
• phasesofhandlingarequestfortheApacheserver:– URItofilenametransla0on;– Checkaccessbasedonhostaddress,andotheravailableinforma0on;– GetanuseridfromtheHTTPrequestandvalidateit;– Authorizetheuser;– DeterminetheMIMEtypeoftherequestedobject(thecontenttype,
theencodingandthelanguage);– Fix‐ups(forexamplereplacealiasesbytheactualpath);– Sendtheactualdatabacktotheclient;– Logtherequest;
31Marzo2011 EmilianoCasalicchio(C)
GliHandlers• AhandlerisforApachetheac0onthat
mustbeperformedinsomephaseofservicingarequest.Forexamplewhentherequestedobjectisafile,thehandlerthatreturnsthefilemust– openthefile,readthecontentofthefile
andhandthecontentofthefiletotheclient(throughapachecore).
• Handlersaredefinedbymodules,andamodulemightspecifyhandlersforone,manyornoneofthephasesofarequest.– Handlersarethepartofthemodulethatis
calledwhentheprocessingoftherequestentersthephaseforwhichthehandlerisdefined.
• Thera0onalebehindhavingmodulesdefininghandlersformorethanonephaseisthatamodulemightsaveinternallydataontherequestbeingprocessed,andwhenitshandlersforasubsequentphaseoftherequestarecalledtheymightmakeuseofthosethedata.
31Marzo2011 EmilianoCasalicchio(C)
InstallazioneeConfigurazione
• Libtool,autoconf,apr• DownloadeverificaPGPsignature– Esempiogenerale
• Configurazione– Leprincipaliopzioni– (Imodulilivediamodopo)
31Marzo2011 EmilianoCasalicchio(C)
h+p://h+pd.apache.org/docs/2.2/install.html
h+p://h+pd.apache.org/docs/2.2/programs/configure.html
h+p://h+pd.apache.org/download.cgih+p://h+pd.apache.org/dev/verifica0on.html
GNULibtooleAutoconf
• ApacheHTTPduseslibtoolandautoconftocreateabuildenvironmentthatlookslikemanyotherOpenSourceprojects.
• GNUlibtool(h+p://www.gnu.org/soPware/libtool/)– isagenericlibrarysupportscript.Libtoolhidesthecomplexityofusing
sharedlibrariesbehindaconsistent,portableinterface– isaGNUprogrammingtoolfromtheGNUbuildsystemusedfor
crea0ngportablecompiledlibraries
• GNUautoconf(h+p://www.gnu.org/soPware/autoconf/)– isanextensiblepackageofM4macrosthatproduceshellscriptsto
automa0callyconfiguresoPwaresourcecodepackages.ThesescriptscanadaptthepackagestomanykindsofUNIX‐likesystemswithoutmanualuserinterven0on.
– createsaconfigura0onscriptforapackagefromatemplatefilethatliststheopera0ngsystemfeaturesthatthepackagecanuse,intheformofM4macrocalls.
31Marzo2011 EmilianoCasalicchio(C)
apr–ApachePortableRun0me
• ThemissionoftheApachePortableRun0me(APR)projectistocreateandmaintainsoPwarelibrariesthatprovideapredictableandconsistentinterfacetounderlyingplanorm‐specificimplementa0ons.– TheprimarygoalistoprovideanAPItowhichsoPwaredevelopersmaycodeandbe
assuredofpredictableifnotiden0calbehaviourregardlessoftheplanormonwhichtheirsoPwareisbuilt,relievingthemoftheneedtocodespecial‐casecondi0onstoworkaroundortakeadvantageofplanorm‐specificdeficienciesorfeatures.
• APRprovidesasetofAPIsthatmaptotheunderlyingopera0ngsystem.WheretheOSdoesn'tsupportapar0cularfunc0on,APRwillprovideareplacement.Thus,theAPRcanbeusedtomakeaprogramtrulyportableacrossplanorms.
31Marzo2011 EmilianoCasalicchio(C)
Requisi0
• DiskSpace• ANSI‐CCompilerandBuildSystem
• Accurate7mekeeping
• Perl5[OPTIONAL]• apr/apr‐u7l>=1.2
31Marzo2011 EmilianoCasalicchio(C)
DownloadeverificaPGP
• h+pd‐2.2.17.tar.gz[PGP][MD5][SHA1]– [PGP]=h+pd‐2.2.17.tar.gz.asc– [MD5]=h+pd‐2.2.17.tar.gz.md5– [SHA1]=h+pd‐2.2.17.tar.gz.sha1
• KEYS
• Pre-yGoodPrivacy(PGP)
31Marzo2011 EmilianoCasalicchio(C)
h+p://h+pd.apache.org/download.cgi#apache22h+p://h+pd.apache.org/dev/verifica0on.html
Signatures
Fingerprint
Fingerprint
Verifica• First,wewillcheckthedetachedsignature(h+pd‐2.0.44.tar.gz.asc)against
ourrelease(h+pd‐2.0.44.tar.gz).
%gpgh-pd‐2.0.44.tar.gz.asc
gpg:SignaturemadeSatJan1807:21:282003PSTusingDSAkeyIDDE885DD3
gpg:Can'tchecksignature:publickeynotfound
31Marzo2011 EmilianoCasalicchio(C)
• Wedon'thavethereleasemanager'spublickey(DE885DD3)inourlocalsystem.Younowneedtoretrievethepublickeyfromakeyserver.Onepopularserverispgpkeys.mit.edu(whichhasawebinterface).Thepublickeyserversarelinkedtogether,soyoushouldbeabletoconnecttoanykeyserver.
%gpg‐‐keyserverpgpkeys.mit.edu‐‐recv‐keyDE885DD3gpg:reques7ngkeyDE885DD3fromHKPkeyserverpgpkeys.mit.edugpg:trustdbcreatedgpg:keyDE885DD3:publickey"SanderStriker<[email protected]>"
importedgpg:Totalnumberprocessed:1gpg:imported:1
• youhavenowreceivedapublickeyforanen0tyknownas'SanderStriker<[email protected]>'However,youhavenowayofverifyingthiskeywascreatedbythepersonknownasSanderStriker.
31Marzo2011 EmilianoCasalicchio(C)
• But,let'strytoverifythereleasesignatureagain.
%gpgh-pd‐2.0.44.tar.gz.asc
gpg:SignaturemadeSatJan1807:21:282003PSTusingDSAkeyIDDE885DD3gpg:Goodsignaturefrom"SanderStriker<[email protected]>”
gpg:aka"SanderStriker<[email protected]>”
gpg:checkingthetrustdbgpg:noul7matelytrustedkeysfound
gpg:WARNING:Thiskeyisnotcer7fiedwithatrustedsignature!
gpg:Thereisnoindica7onthatthesignaturebelongstotheowner.
Fingerprint:4C1EADADB4EF5007579C919C6635B6C0DE885DD3
• Atthispoint,thesignatureisgood,butwedon'ttrustthiskey.Agoodsignaturemeansthatthefilehasnotbeentampered.However,duetothenatureofpublickeycryptography,youneedtoaddi0onallyverifythatkeyDE885DD3wascreatedbytherealSanderStriker.
• Anya+ackercancreateapublickeyanduploadittothepublickeyservers.Theycanthencreateamaliciousreleasesignedbythisfakekey.Then,ifyoutriedtoverifythesignatureofthiscorruptrelease,itwouldsucceedbecausethekeywasnotthe'real'key.Therefore,youneedtovalidatetheauthen0cityofthiskey.
31Marzo2011 EmilianoCasalicchio(C)
• Thecrucialsteptovalida0onistoconfirmthekeyfingerprintofthepublickey.
%gpg‐‐fingerprintDE885DD3
pub1024D/DE885DD32002‐04‐10SanderStriker<[email protected]>Keyfingerprint=4C1EADADB4EF5007579C919C6635B6C0DE885DD3
uidSanderStriker<[email protected]>
sub2048g/532D14CA2002‐04‐10
%gpgh-pd‐2.0.44.tar.gz.asc
gpg:SignaturemadeSatJan1807:21:282003PSTusingDSAkeyIDDE885DD3
gpg:Goodsignaturefrom"SanderStriker<[email protected]>”
gpg:aka"SanderStriker<[email protected]>"
31Marzo2011 EmilianoCasalicchio(C)
Esercizio
• ControllareevalidarelefirmediunadistribuzioneApache– GNUPG(h+p://www.gnupg.org/)– OpenPGP(h+p://www.openpgp.org/)
• ProvaresiaconPGPcheMD5
31Marzo2011 EmilianoCasalicchio(C)
InstallazioneeConfigurazione
• Libtool,autoconf,apr• DownloadeverificaPGPsignature– Esempiogenerale
• Configurazione– Leprincipaliopzioni– (Imodulilivediamodopo)
31Marzo2011 EmilianoCasalicchio(C)
h+p://h+pd.apache.org/docs/2.2/install.html
h+p://h+pd.apache.org/docs/2.2/programs/configure.html
h+p://h+pd.apache.org/download.cgih+p://h+pd.apache.org/dev/verifica0on.html
Configurazione
• ThenextstepistoconfiguretheApacheHTTPdsourcetreeforyourpar0cularplanormandpersonalrequirements.Thisisdoneusingthescriptconfigureincludedintherootdirectoryofthedistribu0on.
• Themostimportantop0onistheloca0on‐‐prefixwheretheApacheHTTPServeristobeinstalledlater,becauseApacheHTTPdhastobeconfiguredforthisloca0ontoworkcorrectly.– configure‐‐prefix=/usr/www/
• youcanspecifywhichfeaturesyouwantincludedinApacheHTTPdbyenablinganddisablingmodules.
31Marzo2011 EmilianoCasalicchio(C)
h+p://h+pd.apache.org/docs/2.2/programs/configure.html
‐‐disable‐‐‐enable‐...
‐‐enable‐MODULE=sharedThecorrespondingmodulewillbebuildasDSOmodule.‐‐enable‐MODULE=sta?cBydefaultenabledmodulesarelinkedsta?cally.Youcan
forcethisexplicitly.Lalogicaè:disabilitareimoduliabilita?perdefaulteviceversaabilitare
quellinondidefaultadesempio:‐‐disable‐auth‐basic‐‐enable‐ssl
31Marzo2011 EmilianoCasalicchio(C)
Imodulididefault
• Listamoduli– h+p://h+pd.apache.org/docs/2.2/mod/
• Modulidefaulteopzionalisonoindica0quì– h+p://h+pd.apache.org/docs/2.2/programs/configure.html
31Marzo2011 EmilianoCasalicchio(C)
make&makeinstall
• setu+ovaabuonfineoccorreconfigurareapache
vi/etc/conf/hKpd.conf
31Marzo2011 EmilianoCasalicchio(C)
Apacheconfigura0on
• Configura0onfile/etc/h+pd/h+pd.conf
• References– QuickReferenceh+p://h+pd.apache.org/docs/2.2/mod/quickreference.html
– CoreFeaturesh+p://h+pd.apache.org/docs/2.2/mod/core.html#op0ons
PRENDETECOMEESEMPIOILFILEh+pd.confCREATOALMOMENTODELL’INSTALLAZIONEDIAPACHE.
31Marzo2011 EmilianoCasalicchio(C)
Directory
• <Directory>and</Directory>areusedtoencloseagroupofdirec0vesthatwillapplyonlytothenameddirectory,sub‐directoriesofthatdirectory,andthefileswithintherespec0vedirectories.Anydirec0vethatisallowedinadirectorycontextmaybeused.Directory‐pathiseitherthefullpathtoadirectory,orawild‐cardstringusingUnixshell‐stylematching.
31Marzo2011 EmilianoCasalicchio(C)
Op0on
• TheOp0onsdirec0vecontrolswhichserverfeaturesareavailableinapar0culardirectory.
• op?oncanbesettoNone,inwhichcasenoneoftheextrafeaturesareenabled
• Forexample:– All– ExecCGI– FollowSymbolicLinks– Indexes
31Marzo2011 EmilianoCasalicchio(C)
AllowOverride
• Whentheserverfindsan.htaccessfile(asspecifiedbyAccessFileName)itneedstoknowwhichdirec0vesdeclaredinthatfilecanoverrideearlierconfigura0ondirec0ves.– AuthConfig– FileInfo– Indexes– Limit– Op0ons[=Op0on,...]
31Marzo2011 EmilianoCasalicchio(C)
OrderControllodegliaccessi
• TheOrderdirec0ve,alongwiththeAllowandDenydirec0ves,controlsathree‐passaccesscontrolsystem.– ThefirstpassprocesseseitherallAlloworallDenydirec0ves,asspecifiedbytheOrder
direc0ve.– Thesecondpassparsestherestofthedirec0ves(DenyorAllow).
– Thethirdpassappliestoallrequestswhichdonotmatcheitherofthefirsttwo.
• Orderingisoneof:– Allow,DenyFirst,allAllowdirec0vesareevaluated;atleastonemustmatch,orthe
requestisrejected.Next,allDenydirec0vesareevaluated.Ifanymatches,therequestisrejected.Last,anyrequestswhichdonotmatchanAlloworaDenydirec0vearedeniedbydefault.
– Deny,AllowFirst,allDenydirec0vesareevaluated;ifanymatch,therequestisdeniedunlessitalsomatchesanAllowdirec0ve.AnyrequestswhichdonotmatchanyAlloworDenydirec0vesarepermi+ed.
31Marzo2011 EmilianoCasalicchio(C)
Order:esempioInthefollowingexample,allhostsintheapache.orgdomainareallowedaccess;
allotherhostsaredeniedaccess. Order Deny,Allow Deny from all Allow from apache.org
Inthenextexample,allhostsintheapache.orgdomainareallowedaccess,exceptforthehostswhichareinthefoo.apache.orgsubdomain,whoaredeniedaccess.Allhostsnotintheapache.orgdomainaredeniedaccessbecausethedefaultstateistoDenyaccesstotheserver.
Order Allow,Deny Allow from apache.org Deny from foo.apache.org
Ontheotherhand,iftheOrderinthelastexampleischangedtoDeny,Allow,allhostswillbeallowedaccess.Thishappensbecause,regardlessoftheactualorderingofthedirec0vesintheconfigura0onfile,theAllowfromapache.orgwillbeevaluatedlastandwilloverridetheDenyfromfoo.apache.org.Allhostsnotintheapache.orgdomainwillalsobeallowedaccessbecausethedefaultstateisAllow.
31Marzo2011 EmilianoCasalicchio(C)
Order:esempio
ThepresenceofanOrderdirec0vecanaffectaccesstoapartoftheserverevenintheabsenceofaccompanyingAllowandDenydirec0vesbecauseofitseffectonthedefaultaccessstate.Forexample,
<Directory /www> Order Allow,Deny </Directory>
willDenyallaccesstothe/wwwdirectorybecausethedefaultaccessstateissettoDeny.
31Marzo2011 EmilianoCasalicchio(C)
Allow/Deny• TheAllow/Denydirec0veaffectswhichhostscanaccessanareaoftheserver.
Accesscanbecontrolledbyhostname,IPaddress,IPaddressrange,orbyothercharacteris0csoftheclientrequestcapturedinenvironmentvariables.Thefirstargumenttothisdirec0veisalwaysfrom.Thesubsequentargumentscantakethreedifferentforms.
• IfAllowfromallisspecified,thenallhostsareallowedaccess,subjecttotheconfigura0onoftheDenyandOrderdirec0vesasdiscussedbelow.
• Toallowonlypar0cularhostsorgroupsofhoststoaccesstheserver,thehostcanbespecifiedinanyofthefollowingformats:– A(par0al)domain‐name
• Allowfromapache.orgAllowfrom.netexample.edu
– AfullIPaddress• Allowfrom10.1.2.3
Allowfrom192.168.1.104192.168.1.205– Apar0alIPaddress
• Allowfrom10.1Allowfrom10172.20192.168.2
– Anetwork/netmaskpair• Allowfrom10.1.0.0/255.255.0.0
31Marzo2011 EmilianoCasalicchio(C)
Auten0cazionedibase
• Realizzatamediantedire}vechevannoinunasezione<Directory>– nelmainconfigura0onfile– inunfile.htaccess,inquestocasovaabilitatal’autorizzazioneaconfigurarel’auten0cazione• AllowOverrideAuthConfig
• L’auten0cazionedibaseu0lizzaunmeccanismoaverificautente/password– nonprevedecifratura
31Marzo2011 EmilianoCasalicchio(C)
Creazionediunfiledipassword• Thisfileshouldbeplacedsomewherenotaccessiblefromtheweb.Thisisso
thatfolkscannotdownloadthepasswordfile.Forexample,ifyourdocumentsareservedoutof/usr/local/apache/htdocsyoumightwanttoputthepasswordfile(s)in/usr/local/apache/passwd.
• Tocreatethefile,usethehtpasswdu0litythatcamewithApache.ThiswillbelocatedinthebindirectoryofwhereveryouinstalledApache.IfyouhaveinstalledApachefromathird‐partypackage,itmaybeinyourexecu0onpath.
• Tocreatethefile,type:– htpasswd‐c/usr/local/apache/passwd/passwordsrbowen
• htpasswdwillaskyouforthepassword,andthenaskyoutotypeitagaintoconfirmit:
31Marzo2011 EmilianoCasalicchio(C)
Esempiodiconfigurazione
31Marzo2011 EmilianoCasalicchio(C)
Anexampleofthisisusingaccesscontroltoassurethat,althougharesourceispasswordprotectedfromoutsideyournetwork,allhostsinsidethenetworkwillbegivenunauthen0catedaccesstotheresource.ThiswouldbeaccomplishedbyusingtheSa0sfydirec0ve,asshownbelow.
Autorizzaregruppi
• Ifyouwanttoletmorethanonepersonin,you'llneedtocreateagroupfilethatassociatesgroupnameswithalistofusersinthatgroup.Theformatofthisfileispre+ysimple,andyoucancreateitwithyourfavoriteeditor.Thecontentsofthefilewilllooklikethis:– GroupName:rbowendpi+ssungorshersey
• Toaddausertoyouralreadyexis0ngpasswordfile,type:htpasswd/usr/local/apache/passwd/passwordsusername
31Marzo2011 EmilianoCasalicchio(C)
Esercizio
• Installareeconfigurareapachesullavostramacchina– bindingsulocalhost:80– bingingsualtraporta
• Provarelevarieopzionidiapachectld• Configurarel’auten0cazionesemplice
31Marzo2011 EmilianoCasalicchio(C)
ErrorLog• Theservererrorlog,whosenameandloca0onissetbytheErrorLogdirec0ve,isthemost
importantlogfile.ThisistheplacewhereApacheh+pdwillsenddiagnos0cinforma0onandrecordanyerrorsthatitencountersinprocessingrequests.Itisthefirstplacetolookwhenaproblemoccurswithstar0ngtheserverorwiththeopera0onoftheserver,sinceitwilloPencontaindetailsofwhatwentwrongandhowtofixit.
31Marzo2011 EmilianoCasalicchio(C)
AccessLog• Theserveraccesslogrecordsallrequestsprocessedbytheserver.Theloca0onand
contentoftheaccesslogarecontrolledbytheCustomLogdirec0ve.TheLogFormatdirec0vecanbeusedtosimplifytheselec0onofthecontentsofthelogs.Thissec0ondescribeshowtoconfiguretheservertorecordinforma0onintheaccesslog.
31Marzo2011 EmilianoCasalicchio(C)
Esercizio
• Provareivariforma0dilogging• Provarelarotazionedeilog– fareunoscriptdishellcheperiodicamentesvolgeleseguen0azioni
31Marzo2011 EmilianoCasalicchio(C)
UntutorialdiBashshellscrip0ngh+p://steve‐parker.org/sh/sh.shtml
Star0ngApacheh+pd
• IftheListenspecifiedintheconfigura0onfileisdefaultof80(oranyotherportbelow1024),thenitisnecessarytohaverootprivilegesinordertostartapache,sothatitcanbindtothisprivilegedport.Oncetheserverhasstartedandperformedafewpreliminaryac0vi0essuchasopeningitslogfiles,itwilllaunchseveralchildprocesseswhichdotheworkoflisteningforandansweringrequestsfromclients.Themainh+pdprocesscon0nuestorunastherootuser,butthechildprocessesrunasalessprivilegeduser.ThisiscontrolledbytheselectedMul0‐ProcessingModule.
31Marzo2011 EmilianoCasalicchio(C)
h+p://h+pd.apache.org/docs/2.2/bind.htmlh+p://h+pd.apache.org/docs/2.2/invoking.htmlh+p://h+pd.apache.org/docs/2.2/programs/apachectl.htmlh+p://h+pd.apache.org/docs/2.2/stopping.htm
apachectlcommand• startStarttheApacheh+pddaemon.Givesanerrorifitisalreadyrunning.Thisis
equivalenttoapachectl‐kstart.• stopStopstheApacheh+pddaemon.Thisisequivalenttoapachectl‐kstop.
• restartRestartstheApacheh+pddaemon.Ifthedaemonisnotrunning,itisstarted.Thiscommandautoma0callycheckstheconfigura0onfilesasinconfigtestbeforeini0a0ngtherestarttomakesurethedaemondoesn'tdie.Thisisequivalenttoapachectl‐krestart.
• fullstatusDisplaysafullstatusreportfrommod_status.Forthistowork,youneedtohavemod_statusenabledonyourserverandatext‐basedbrowsersuchaslynxavailableonyoursystem.TheURLusedtoaccessthestatusreportcanbesetbyedi0ngtheSTATUSURLvariableinthescript.
31Marzo2011 EmilianoCasalicchio(C)
apachectlcommand• statusDisplaysabriefstatusreport.Similartothefullstatusop0on,exceptthatthe
listofrequestscurrentlybeingservedisomi+ed.• gracefulGracefullyrestartstheApacheh+pddaemon.Ifthedaemonisnot
running,itisstarted.Thisdiffersfromanormalrestartinthatcurrentlyopenconnec0onsarenotaborted.Asideeffectisthatoldlogfileswillnotbeclosedimmediately.Thismeansthatifusedinalogrota0onscript,asubstan0aldelaymaybenecessarytoensurethattheoldlogfilesareclosedbeforeprocessingthem.Thiscommandautoma0callycheckstheconfigura0onfilesasinconfigtestbeforeini0a0ngtherestarttomakesureApachedoesn'tdie.Thisisequivalenttoapachectl‐kgraceful.
• graceful‐stopGracefullystopstheApacheh+pddaemon.Thisdiffersfromanormalstopinthatcurrentlyopenconnec0onsarenotaborted.Asideeffectisthatoldlogfileswillnotbeclosedimmediately.Thisisequivalenttoapachectl‐kgraceful‐stop.
• configtestRunaconfigura0onfilesyntaxtest.Itparsestheconfigura0onfilesandeitherreportsSyntaxOkordetailedinforma0onaboutthepar0cularsyntaxerror.Thisisequivalenttoapachectl‐t.
31Marzo2011 EmilianoCasalicchio(C)