hungry minds apache server 2.0 bible

100%ONE HUNDRED PERCENT

Kabir has done it again! The Apache Server 2 Bible is an invaluable reference for both beginning and experienced administrators. Elizabeth Zinkann, Sys Admin Magazine Contributing Editor and Review Columnist

COMPREHENSIVE AUTHORITATIVE WHAT YOU NEEDONE HUNDRED PERCENT

Configure ApacheServer for a Linux/Unix or Win32 system

Leverage Apacheusing SSI, CGI, PHP, Perl, and Java servlets

Secure your siteusing SSL, certificatesigning services, and other tools

ABONUS CD-ROM!

pache Server 2Mohammed J. KabirAuthor of Red Hat Linux Server

Apache, PHP, Perl, Tomcat, MySQL, and more

Apache Server 2 Bible

Apache Server 2 BibleMohammed J. Kabir

Best-Selling Books Digital Downloads e-Books Answer Networks e-Newsletters Branded Web Sites e-LearningNew York, NY Cleveland, OH Indianapolis, IN

Apache Server 2 Bible Published by Hungry Minds, Inc. 909 Third Avenue New York, NY 10022www.hungryminds.com

Copyright 2002 Hungry Minds, Inc. All rights reserved. No part of this book, including interior design, cover design, and icons, may be reproduced or transmitted in any form, by any means (electronic, photocopying, recording, or otherwise) without the prior written permission of the publisher. Library of Congress Control Number: 2001092889 ISBN: 0-7645-4821-2 Printed in the United States of America 10 9 8 7 6 5 4 3 2 1 1B/RT/QT/QS/IN Distributed in the United States by Hungry Minds, Inc. Distributed by CDG Books Canada Inc. for Canada; by Transworld Publishers Limited in the United Kingdom; by IDG Norge Books for Norway; by IDG Sweden Books for Sweden; by IDG Books Australia Publishing Corporation Pty. Ltd. for Australia and New Zealand; by TransQuest Publishers Pte Ltd. for Singapore, Malaysia, Thailand, Indonesia, and Hong Kong; by Gotop Information Inc. for Taiwan; by ICG Muse, Inc. for Japan; by Intersoft for South Africa; by Eyrolles for France; by International Thomson Publishing for Germany, Austria, and Switzerland; by Distribuidora Cuspide for Argentina; by LR International for Brazil; by Galileo Libros for Chile; by Ediciones ZETA S.C.R. Ltda. for Peru; by WS Computer Publishing Corporation, Inc., for the Philippines; by Contemporanea de Ediciones for Venezuela; by Express Computer Distributors for the Caribbean and West Indies; by Micronesia Media Distributor, Inc. for Micronesia; by Chips Computadoras S.A. de C.V. for Mexico; by Editorial Norma de Panama S.A. for Panama; by American Bookshops for Finland. For general information on Hungry Minds products and services please contact our Customer Care department within the U.S. at 800-762-2974, outside the U.S. at 317-572-3993 or fax 317-572-4002. For sales inquiries and reseller information, including discounts, premium and bulk quantity sales, and foreign-language translations, please contact our Customer Care department at 800-434-3422, fax 317-572-4002 or write to Hungry Minds, Inc., Attn: Customer Care Department, 10475 Crosspoint Boulevard, Indianapolis, IN 46256. For information on licensing foreign or domestic rights, please contact our Sub-Rights Customer Care department at 212-884-5000. For information on using Hungry Minds products and services in the classroom or for ordering examination copies, please contact our Educational Sales department at 800-434-2086 or fax 317-572-4005. For press review copies, author interviews, or other publicity information, please contact our Public Relations department at 317-572-3168 or fax 317-572-4168. For authorization to photocopy items for corporate, personal, or educational use, please contact Copyright Clearance Center, 222 Rosewood Drive, Danvers, MA 01923, or fax 978-750-4470. LIMIT OF LIABILITY/DISCLAIMER OF WARRANTY: THE PUBLISHER AND AUTHOR HAVE USED THEIR BEST EFFORTS IN PREPARING THIS BOOK. THE PUBLISHER AND AUTHOR MAKE NO REPRESENTATIONS OR WARRANTIES WITH RESPECT TO THE ACCURACY OR COMPLETENESS OF THE CONTENTS OF THIS BOOK AND SPECIFICALLY DISCLAIM ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. THERE ARE NO WARRANTIES WHICH EXTEND BEYOND THE DESCRIPTIONS CONTAINED IN THIS PARAGRAPH. NO WARRANTY MAY BE CREATED OR EXTENDED BY SALES REPRESENTATIVES OR WRITTEN SALES MATERIALS. THE ACCURACY AND COMPLETENESS OF THE INFORMATION PROVIDED HEREIN AND THE OPINIONS STATED HEREIN ARE NOT GUARANTEED OR WARRANTED TO PRODUCE ANY PARTICULAR RESULTS, AND THE ADVICE AND STRATEGIES CONTAINED HEREIN MAY NOT BE SUITABLE FOR EVERY INDIVIDUAL. NEITHER THE PUBLISHER NOR AUTHOR SHALL BE LIABLE FOR ANY LOSS OF PROFIT OR ANY OTHER COMMERCIAL DAMAGES, INCLUDING BUT NOT LIMITED TO SPECIAL, INCIDENTAL, CONSEQUENTIAL, OR OTHER DAMAGES. Trademarks: Bible and Hungry Minds are trademarks or registered trademarks of Hungry Minds, Inc. All other trademarks are the property of their respective owners. Hungry Minds, Inc., is not associated with any product or vendor mentioned in this book.

is a trademark of Hungry Minds, Inc.

CreditsAcquisitions Editor Terri Varveris Project Editor James H. Russell Technical Editor Gregory W. Stephens Copy Editor Richard H. Adin Editorial Managers Kyle Looper Ami Frank Sullivan Vice President & Executive Group Publisher Richard Swadley Vice President & Group Publisher Bob Ipsen Editorial Director Mary Bednarek Project Coordinator Regina Snyder Graphics and Production Specialists Beth Brooks Melanie DesJardins Joyce Haughey Betty Schulte Jeremey Unger Quality Control Technicians Laura Albert John Greenough Andy Hollandbeck Angel Perez Media Development Specialist Travis Silvers Illustrator Kate Shaw Proofreading and Indexing TECHBOOKS Production Services Cover Image Kate Shaw

About the AuthorMohammed Kabir is the founder and CEO of Evoknow, Inc. His company specializes in CRM software development. When he is not busy managing software projects or writing books, he enjoys traveling. Kabir studied computer engineering at California State University, Sacramento. He can be reached at [email protected].

To the memory of my mother, Nazma Bathen.

Prefaceelcome to Apache Server 2.0. Chances are that you already have heard about Apache server. In fact, more than 60 percent of all Web administrators use Apache. Apache is the most powerful, open-source, Web-server platform in the world. As a practicing Web developer, researcher, and administrator, I find Apache to be the perfect fit for most Web sites. Apache 2.0 is a major revision of Apache server. Apache Group originally created a highly configurable Web server in the first version, which became popular very fast; in version 2, Apache Group focused on scalability, reliability, and performance. Major code revisions were done to create a very scalable Apache architecture. Today, Apache stands tall as the most widely used Web platform. Every day an increasing number of corporations accept this open-source marvel into their IT infrastructure. Many large IT companies, such as IBM, have embraced Apache in their product offerings. The future of Apache looks great. Whether youre new to Apache or are already a practicing Apache administrator, now is the perfect time to get started with Apache 2.0. This book will help you do just that.

W

How This Book Is OrganizedThe book has six parts. Very short descriptions of each part follow.

Part I: Getting StartedWith a brief introduction to the worlds number one Web server, in this part I guide you through the process of obtaining and compiling Apache. I show you how to get Apache up and running with minimal changes to the default configuration files so that you can get Apache up and running on your system as quickly as possible. This part ends with complete references to the Apache core directives and standard modules so that you can get ready for serious Apache administration tasks.

x


Part II: Web Site AdministrationThis part focuses on typical Web administration tasks such as virtual Web-site creation, user authentication and authorization tasks, monitoring, logging, rewriting and redirecting URLs, proxy service, and the like. You learn a great deal there is to know about creating and managing virtual Web sites. You master various methods of user authentication, authorization, and access control techniques. You learn to monitor Web servers and to customize log files for analysis.

Part III: Running Web ApplicationsThis part focuses on the ways in which you can serve dynamic contents using Apache. It covers Common Gateway Interface (CGI), Server-Side Includes (SSI), FastCGI, PHP, mod_perl, and Java servlets. You quickly learn to use these technologies with Apache.

Part IV: Securing Your Web SiteAny computer on the Internet is subject to abuse or attempts of misuse. It is always a good idea to play it safe and to take precautionary measures. In this part, you learn to make your Web sites more secure and resistant to hacker attacks. You are also introduced to the potential risks of running SSI and CGI programs and how to take preventive measures to avoid these risks. You also learn to enable Secure Socket Layer (SSL) service using Apache modules to enable secure e-commerce.

Part V: Running Apache on WindowsApache on Windows (Win32) platform has become very popular; more and more people are trying Apache on Windows platform. With Apache 2.0, the performance of Apache Web server under this platform has become very promising. In this part, you learn how to install and configure Apache on Win32 platform.

Part VI: Tuning for Performance and ScalabilityIn this part, I discuss how you can speed up Apache by tuning your Web server system and by optimizing various Apache server configuration. The chapter provides a great deal of information on how to benefit from high-performance hardware, how to tune hard disks and file systems under Linux to enhance system performance. It also covers Web caching and tuning issues related to Perl-based Web applications.

Preface

xi

Conventions Used in This BookYou dont have to learn any new conventions to read this book. Just remember that when you are asked to enter a command, you need press the Enter or the Return key after you type the command at your command prompt. A monospaced font is used to denote configuration or code segment. Also, pay attention to these icons:Note

The Note icon indicates that something needs a bit more explanation.

Tip

The Tip icon tells you something that is likely to save you some time and effort.

Caution

The Caution icon makes you aware of a potential danger.

On the CD-ROM

The On The CD-ROM icon clues you in to files, programs, and other goodies that are on the CD-ROM.

CrossReference

The Cross=Reference icon helps you navigate the book better, pointing you to topics that are related to the one youre currently reading about.

Tell Us What You Think of This BookBoth Hungry Minds and I want to know what you think of this book. Please register this book online at the Hungry Minds Web site (www.hungryminds.com) and give us your feedback. If you are interested in communicating with me directly, send e-mail messages to [email protected]. I will do my best to respond promptly.

The Book Web SiteThis book has a Web site at http://www.evoknow.com/kabir/apache2. You can visit this Web site for updated contents, errata, and FAQ.

Acknowledgments

I

would like to thank the Apache Group for creating the most powerful, extensible, and modular Web server in the world. I give special thanks to Ralf S. Engelschall. Ralf, the author of the mod_rewrite module, provided a great deal of support in the development of Chapter 9 on URL rewriting rules. The practical examples in that chapter are derived from his personal collection, which keeps growing at his Web site www.engelschall.com/pw/apache/rewriteguide.

I also thank the Hungry Minds team, who made this book a reality. It is impossible to list everyone involved but I must mention the following kind individuals: James Russell, the project development editor, kept this project going. I dont know how I could have done this book without his generous help and suggestions every step of the way. Thanks James. Terri Varveris, the acquisitions editor, provided me with this book opportunity and made sure I saw it through to the end. Thanks, Terri. Sheila Kabir, my wife, had to put up with many long work hours during the few months it took to write this book. Thank you, sweetheart.

Contents at a GlancePreface. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ix Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiii

Part I: Getting Started . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1Chapter 1: Apache: The Number One Web Server . . . . . . . . . . . . . . . . . . . 3 Chapter 2: Obtaining and Installing Apache . . . . . . . . . . . . . . . . . . . . . . 13 Chapter 3: Getting Apache Up and Running . . . . . . . . . . . . . . . . . . . . . . 31 Chapter 4: Configuring Apache with Winnt MPM directives . . . . . . . . . . . . . 55 Chapter 5: Apache Modules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105

Part II: Web Site Administration . . . . . . . . . . . . . . . . . . . . . 157Chapter 6: Hosting Virtual Web Sites . . . . . . . . . . . . . . Chapter 7: Authenticating and Authorizing Web Site Visitors Chapter 8: Monitoring Access to Apache . . . . . . . . . . . . Chapter 9: Rewriting Your URLs . . . . . . . . . . . . . . . . . Chapter 10: Setting up a Proxy Server . . . . . . . . . . . . . Chapter 11: Running Perfect Web Sites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159 181 213 239 265 293

Part III: Running Web Applications . . . . . . . . . . . . . . . . . . . . 319Chapter 12: Running CGI Scripts . . . . . . . . . . . . . . . . . . Chapter 13: Server Side Includes (SSI) . . . . . . . . . . . . . . Chapter 14: Configuring Apache for FastCGI . . . . . . . . . . . Chapter 15: PHP and Apache . . . . . . . . . . . . . . . . . . . . Chapter 16: Using Perl with Apache . . . . . . . . . . . . . . . . Chapter 17: Running Java Servlets and JSP Pages with Tomcat . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 321 377 399 421 455 469

Part IV: Securing Your Web Site . . . . . . . . . . . . . . . . . . . . . . 493Chapter 18: Web Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 495 Chapter 19: Securing Apache with SSL . . . . . . . . . . . . . . . . . . . . . . . . 543

Part V: Running Apache on Windows . . . . . . . . . . . . . . . . . . 567Chapter 20: Installing and Running Apache for Windows . . . . . . . . . . . . . 569 Chapter 21: Configuring Apache for Windows . . . . . . . . . . . . . . . . . . . . 579

Part VI: Tuning for Performance and Scalability . . . . . . . . . . . . 591Chapter 22: Speeding Up Apache . . . . . . . . . . . . . . . . . . . . . . . . . . . 593 Chapter 23: Creating a High-Availability Network . . . . . . . . . . . . . . . . . . 637 Appendix A: HTTP 1.1 Status Codes . . . . . . . . Appendix B: Understanding Regular Expressions Appendix C: Online Apache Resources . . . . . . Appendix D: Whats on the CD-ROM? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 705 709 713 719

Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 723 End-User License Agreement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 755

ContentsPreface. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ix Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiii

Part I: Getting Started

1

Chapter 1: Apache: The Number One Web Server . . . . . . . . . . . . 3Apache Rocks On . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 Apache: The Beginning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 The Apache Feature List . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 Understanding Apache 2.0 Architecture . . . . . . . . . . . . . . . . . . . . . 7 Multiprocessing modules . . . . . . . . . . . . . . . . . . . . . . . . . . 7 Filtering I/O . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 New CGI daemon . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 Apache Portable Run-Time . . . . . . . . . . . . . . . . . . . . . . . . . 10 Understanding the Apache License . . . . . . . . . . . . . . . . . . . . . . . 10

Chapter 2: Obtaining and Installing Apache . . . . . . . . . . . . . . . 13The Official Source for Apache . . . . . . . . . . . . . . System Requirements . . . . . . . . . . . . . . . . . . . Requirements for building Apache from source distribution . . . . . . . . . . . . Requirements for running an Apache Web server Downloading the Software . . . . . . . . . . . . . . . . Installing Apache from Source Code . . . . . . . . . . . Configuring Apache source . . . . . . . . . . . . . Advanced configuration options for high-load Web sites . . . . . . . . . . . . . . . Compiling and installing Apache . . . . . . . . . Installing Apache from RPM Binary Packages . . . . . Keeping Up with Apache Development . . . . . . . . . . . . . . . . . . . . . 13 . . . . . . . . . . . . 14 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 16 18 19 19 24 26 30 30

Chapter 3: Getting Apache Up and Running . . . . . . . . . . . . . . . 31Configuring Apache . . . . . . . . . . . . . . . . . . . Configuring the global environment for Apache Configuring the main server . . . . . . . . . . . Starting and Stopping Apache . . . . . . . . . . . . . Starting Apache . . . . . . . . . . . . . . . . . . Restarting Apache . . . . . . . . . . . . . . . . . Stopping Apache . . . . . . . . . . . . . . . . . . Testing Apache . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31 36 40 50 50 52 52 53

xviii


Chapter 4: Configuring Apache with Winnt MPM Directives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55Apache Directive Contexts . . . . . . Server config context . . . . . . Container context . . . . . . . . Per-directory context . . . . . . General Configuration Directives . . . AccessFileName . . . . . . . . . AddDefaultCharset . . . . . . . ContentDigest . . . . . . . . . . DefaultType . . . . . . . . . . . DocumentRoot . . . . . . . . . . ErrorDocument . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Include . . . . . . . . . . . . . . Options . . . . . . . . . . . . . . Port . . . . . . . . . . . . . . . . ServerAdmin . . . . . . . . . . . ServerName . . . . . . . . . . . ServerRoot . . . . . . . . . . . . ServerSignature . . . . . . . . . ServerTokens . . . . . . . . . . . SetInputFilter . . . . . . . . . . . SetOutputFilter . . . . . . . . . . Performance and Resource Configuration Directives . . . . . . Controlling Apache processes . Making persistent connections Controlling system resources . Using dynamic modules . . . . Standard Container Directives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Virtual Host-Specific Directives . . . . NameVirtualHost . . . . . . . . ServerAlias . . . . . . . . . . . . ServerPath . . . . . . . . . . . . . . . . . . . . . . . Logging Directives . . . . . . . . . . . LogLevel . . . . . . . . . . . . . PidFile . . . . . . . . . . . . . . . ScoreBoardFile . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56 56 57 58 59 59 60 60 61 61 62 63 64 65 65 67 68 68 69 69 69 70 70 70 71 72 74 75 76 77 78 78 79 79 80 80 80 82 82 82 83 84 85 85

Contents

xix

Authentication and Security Directives . . . . . . . . . . . . . . . . . . . . . 86 AllowOverride . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86 AuthName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87 AuthType . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87 HostNameLookups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87 IdentityCheck . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89 LimitRequestBody . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89 LimitRequestFields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89 LimitRequestFieldsize . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90 LimitRequestLine . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90 Require . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90 Satisfy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91 ScriptInterpreterSource . . . . . . . . . . . . . . . . . . . . . . . . . . . 92 MPM threaded-Specific Directives . . . . . . . . . . . . . . . . . . . . . . . . 92 CoreDumpDirectory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92 Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93 Listen . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93 ListenBacklog . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94 LockFile . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94 MaxClients . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94 MaxRequestsPerChild . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95 MaxSpareThreads . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95 MinSpareThreads . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95 SendBufferSize . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96 StartServers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96 ThreadsPerChild . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97 User . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97 MPM perchild-Specific Directives . . . . . . . . . . . . . . . . . . . . . . . . 98 AssignUserID . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98 ChildPerUserID . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98 ConnectionStatus . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99 CoreDumpDirectory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99 Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99 Listen . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99 ListenBacklog . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100 LockFile . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100 MaxRequestsPerChild . . . . . . . . . . . . . . . . . . . . . . . . . . . 100 MaxSpareThreads . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100 MaxThreadsPerChild . . . . . . . . . . . . . . . . . . . . . . . . . . . 100 MinSpareThreads . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100 NumServers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100 PidFile . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101 ScoreBoardFile . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101 SendBufferSize . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101 StartThreads . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101 User . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101

xx


MPM winnt-Specific Directives . CoreDumpDirectory . . . . Listen . . . . . . . . . . . . ListenBacklog . . . . . . . . MaxRequestsPerChild . . . PidFile . . . . . . . . . . . . SendBufferSize . . . . . . . ThreadsPerChild . . . . . . MPM prefork Specific Directives CoreDumpDirectory . . . . Group . . . . . . . . . . . . Listen . . . . . . . . . . . . ListenBacklog . . . . . . . . LockFile . . . . . . . . . . . MaxClients . . . . . . . . . MaxRequestsPerChild . . . MaxSpareServers . . . . . . MinSpareServers . . . . . . PidFile . . . . . . . . . . . . ScoreBoardFile . . . . . . . SendBufferSize . . . . . . . StartServers . . . . . . . . . User . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . .

101 102 102 102 102 102 102 102 102 103 103 103 103 103 103 103 103 104 104 104 104 104 104

Chapter 5: Apache Modules . . . . . . . . . . . . . . . . . . . . . . . . 105An Overview of the Modules . . . . . . . . . Environment-Related Modules . . . . . . . . mod_env . . . . . . . . . . . . . . . . . . mod_setenvif . . . . . . . . . . . . . . . mod_unique_id . . . . . . . . . . . . . . Authentication and Access Control Modules mod_auth_anon . . . . . . . . . . . . . mod_auth_dbm . . . . . . . . . . . . . . mod_auth_db . . . . . . . . . . . . . . . Dynamic Contents Generation Modules . . . mod_actions . . . . . . . . . . . . . . . mod_ext_filter . . . . . . . . . . . . . . Content-Type Configuration Modules . . . . mod_mime . . . . . . . . . . . . . . . . mod_mime_magic . . . . . . . . . . . . mod_negotiation . . . . . . . . . . . . . Directory Listing Modules . . . . . . . . . . . mod_dir . . . . . . . . . . . . . . . . . . mod_autoindex . . . . . . . . . . . . . . Response Header Modules . . . . . . . . . . mod_asis . . . . . . . . . . . . . . . . . mod_headers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105 106 106 107 109 109 110 112 116 117 118 122 124 124 128 128 130 130 131 137 138 138

Contents

xxi

mod_expires . . . . . . . . . . . . . mod_cern_meta . . . . . . . . . . . Server Information and Logging Modules mod_log_config . . . . . . . . . . . . mod_status . . . . . . . . . . . . . . mod_info . . . . . . . . . . . . . . . mod_usertrack . . . . . . . . . . . . URL Mapping Modules . . . . . . . . . . . mod_userdir . . . . . . . . . . . . . mod_alias . . . . . . . . . . . . . . . mod_speling . . . . . . . . . . . . . mod_vhost_alias . . . . . . . . . . . Miscellaneous Modules . . . . . . . . . . mod_so . . . . . . . . . . . . . . . . mod_imap . . . . . . . . . . . . . . . mod_file_cache . . . . . . . . . . . . mod_dav . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . .

139 141 143 143 143 143 143 144 144 145 148 149 151 151 152 155 155

Part II: Web Site AdministrationUnderstanding Apaches Virtual Hosting Capabilities . . . . . . . . . Setting Up a Virtual Host . . . . . . . . . . . . . . . . . . . . . . . . . . Name-based virtual hosts . . . . . . . . . . . . . . . . . . . . . . IP-based virtual hosts . . . . . . . . . . . . . . . . . . . . . . . . Multiple main servers as virtual hosts . . . . . . . . . . . . . . Configuring DNS for a Virtual Host . . . . . . . . . . . . . . . . . . . . Setting User and Group per Virtual Host . . . . . . . . . . . . . . . . . Managing a Large Number of Virtual Hosts . . . . . . . . . . . . . . . Automating Virtual Host Configuration using mod_perl . . . . . . . . Generating Virtual Host Configuration By Using the makesite Script Managing Virtual Hosts By Using MySQL with mod_v2h Module . . . . . . . . . . . . . . . . . . . . . . . . .

157. . . . . . . . . . . 159 161 161 162 163 166 169 170 171 175 178

Chapter 6: Hosting Virtual Web Sites . . . . . . . . . . . . . . . . . . 159

Chapter 7: Authenticating and Authorizing Web Site Visitors . . . . 181Authentication vs. Authorization . . . . . . . . . . . . . . . . . . . . . Understanding How Authentication Works . . . . . . . . . . . . . . . Authenticating Users Via the mod_auth Module . . . . . . . . . . . . Understanding the mod_auth directives . . . . . . . . . . . . . Creating a members-only section in your Web site . . . . . . . Creating a members-only section using a .htaccess file . . . . . Grouping users for restricted access to different Web sections Authorizing Access via Host Name or IP Addresses . . . . . . . . . . allow directive . . . . . . . . . . . . . . . . . . . . . . . . . . . . deny directive . . . . . . . . . . . . . . . . . . . . . . . . . . . . order directive . . . . . . . . . . . . . . . . . . . . . . . . . . . . Combining Authentication and Authorization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 181 182 184 184 186 187 188 190 190 192 192 195

xxii


Authenticating with a Relational Database . . . . . . . Using MySQL database server for authentication Using other databases for user authentication . . Managing Users and Groups in Any RDBM . . . . . . . Secure Authenticated Sessions Using Cookies . . . . .

. . . . .

. . . . .

. . . . .

. . . . .

. . . . .

. . . . .

. . . . .

. . . . .

. . . . .

. . . . .

. . . . .

195 196 202 204 208

Chapter 8: Monitoring Access to Apache . . . . . . . . . . . . . . . . 213Monitoring Apache . . . . . . . . . . . . . . . . . . . . . . . Accessing configuration information with mod_info Enabling status pages with mod_status . . . . . . . . Creating Log Files . . . . . . . . . . . . . . . . . . . . . . . . TransferLog directive . . . . . . . . . . . . . . . . . . LogFormat directive . . . . . . . . . . . . . . . . . . . CustomLog directive . . . . . . . . . . . . . . . . . . . CookieLog directive . . . . . . . . . . . . . . . . . . . Customizing Your Log Files . . . . . . . . . . . . . . . . . . Creating Multiple Log Files . . . . . . . . . . . . . . . . . . Logging Cookies . . . . . . . . . . . . . . . . . . . . . . . . . Using Error Logs . . . . . . . . . . . . . . . . . . . . . . . . Analyzing Your Log Files . . . . . . . . . . . . . . . . . . . . Log Maintenance . . . . . . . . . . . . . . . . . . . . . . . . Using rotatelog . . . . . . . . . . . . . . . . . . . . . . Using logrotate . . . . . . . . . . . . . . . . . . . . . . Using logresolve . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 213 214 216 221 222 223 223 224 224 227 228 230 232 234 234 234 236

Chapter 9: Rewriting Your URLs . . . . . . . . . . . . . . . . . . . . . . 239The URL-Rewriting Engine for Apache . . . . . . . . . . . . . . RewriteEngine . . . . . . . . . . . . . . . . . . . . . . . . RewriteOptions . . . . . . . . . . . . . . . . . . . . . . . . RewriteRule . . . . . . . . . . . . . . . . . . . . . . . . . . RewriteCond . . . . . . . . . . . . . . . . . . . . . . . . . RewriteMap . . . . . . . . . . . . . . . . . . . . . . . . . . RewriteBase . . . . . . . . . . . . . . . . . . . . . . . . . . RewriteLog . . . . . . . . . . . . . . . . . . . . . . . . . . RewriteLogLevel . . . . . . . . . . . . . . . . . . . . . . . RewriteLock . . . . . . . . . . . . . . . . . . . . . . . . . . URL Layout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Expanding a requested URL to a canonical URL . . . . . Redirecting a user home directory to a new Web server Searching for a page in multiple directories . . . . . . . Setting an environment variable based on a URL . . . . Creating www.username.domain.com sites . . . . . . . . Redirecting a failing URL to another Web server . . . . . Creating an access multiplexer . . . . . . . . . . . . . . . Creating time-sensitive URLs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 239 242 243 243 245 248 249 249 250 250 251 251 252 253 256 257 259 259 261

Contents

xxiii

Content Handling . . . . . . . . . . . . . . . . . . . . Adding backward compatibility in URLs . . . Creating browser-matched content URLs . . . Creating an HTML to CGI gateway . . . . . . . Access Restriction . . . . . . . . . . . . . . . . . . . Blocking robots . . . . . . . . . . . . . . . . . . Creating an HTTP referer-based URL deflector

. . . . . . .

. . . . . . .

. . . . . . .

. . . . . . .

. . . . . . .

. . . . . . .

. . . . . . .

. . . . . . .

. . . . . . .

. . . . . . .

. . . . . . .

. . . . . . .

. . . . . . .

262 262 262 263 263 263 264

Chapter 10: Setting up a Proxy Server . . . . . . . . . . . . . . . . . . 265Who Should Use a Proxy Server? . . . . . . . . . . . . . . . . . . . Understanding Types of Proxy Servers . . . . . . . . . . . . . . . Forward proxy . . . . . . . . . . . . . . . . . . . . . . . . . . Reverse proxy . . . . . . . . . . . . . . . . . . . . . . . . . . mod_proxy Directives . . . . . . . . . . . . . . . . . . . . . . . . . ProxyRequests . . . . . . . . . . . . . . . . . . . . . . . . . . ProxyRemote . . . . . . . . . . . . . . . . . . . . . . . . . . . ProxyPass . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ProxyBlock . . . . . . . . . . . . . . . . . . . . . . . . . . . . NoProxy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ProxyDomain . . . . . . . . . . . . . . . . . . . . . . . . . . . CacheRoot . . . . . . . . . . . . . . . . . . . . . . . . . . . . . CacheSize . . . . . . . . . . . . . . . . . . . . . . . . . . . . . CacheGcInterval . . . . . . . . . . . . . . . . . . . . . . . . . CacheMaxExpire . . . . . . . . . . . . . . . . . . . . . . . . . CacheLastModifiedFactor . . . . . . . . . . . . . . . . . . . . CacheDirLength . . . . . . . . . . . . . . . . . . . . . . . . . CacheDirLevels . . . . . . . . . . . . . . . . . . . . . . . . . . CacheDefaultExpire . . . . . . . . . . . . . . . . . . . . . . . NoCache . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Configuring an Apache Proxy Server . . . . . . . . . . . . . . . . . Scenario 1: Connecting a private IP network to the Internet Scenario 2: Caching remote Web sites . . . . . . . . . . . . . Scenario 3: Mirroring a Web site . . . . . . . . . . . . . . . . Setting Up Web Browsers to use a Proxy . . . . . . . . . . . . . . Manual proxy configuration . . . . . . . . . . . . . . . . . . Automatic proxy configuration . . . . . . . . . . . . . . . . . Setting return values for FindProxyForURL . . . . . . . . . . Using pre-defined functions in FindProxyForURL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 265 266 266 267 268 269 269 270 270 271 271 272 272 273 273 273 274 274 274 275 275 276 276 278 278 278 281 282 283

Chapter 11: Running Perfect Web Sites . . . . . . . . . . . . . . . . . 293What is a Web Development Cycle? . . . . . . . . . . . Putting the Web Cycle into Action . . . . . . . . . . . . Setting up for the Web cycle . . . . . . . . . . . . Implementing the Web cycle . . . . . . . . . . . . Building a Web Site by Using Templates and makepage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 294 296 297 301 304

xxiv


Using HTTP PUT for Intranet Web Publishing . . . . . . Understanding the directives in mod_put module Compiling and installing mod_put . . . . . . . . . Setting up a PUT-enabled Web directory . . . . . Setting up a virtual host to use mod_put module Maintaining Your Web Site . . . . . . . . . . . . . . . . . Online backup . . . . . . . . . . . . . . . . . . . . Offline backup . . . . . . . . . . . . . . . . . . . . Standardizing Standards . . . . . . . . . . . . . . . . . . HTML document development policy . . . . . . . Dynamic application development policy . . . . . Giving Your Web Site a User-Friendly Interface . . . . . Make your site easy to navigate . . . . . . . . . . Create an appealing design . . . . . . . . . . . . . Remove cryptic error messages . . . . . . . . . . Test your Web GUI . . . . . . . . . . . . . . . . . . Promoting Your Web Site . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . .

305 306 307 307 309 310 310 311 312 312 314 315 316 316 317 317 318

Part III: Running Web ApplicationsWhat Is CGI? . . . . . . . . . . . . . . . . . . . . . . . . CGI Input and Output . . . . . . . . . . . . . . . . . . . GET requests . . . . . . . . . . . . . . . . . . . . POST requests . . . . . . . . . . . . . . . . . . . Comparing GET and POST . . . . . . . . . . . . Decoding input data . . . . . . . . . . . . . . . . Apache CGI Variables . . . . . . . . . . . . . . . . . . . Server variables . . . . . . . . . . . . . . . . . . Client request variables . . . . . . . . . . . . . . Configuring Apache for CGI . . . . . . . . . . . . . . . Aliasing your CGI program directory . . . . . . Choosing specific CGI file extensions . . . . . . Enabling cgi-bin access for your users . . . . . Creating new CGI extensions by using AddType Running CGI Programs . . . . . . . . . . . . . . . . . . Writing CGI Scripts in Perl . . . . . . . . . . . . . Enabling CGI Debugging Support in Apache . . . . . . ScriptLog . . . . . . . . . . . . . . . . . . . . . . ScriptLogLength . . . . . . . . . . . . . . . . . . ScriptLogBuffer . . . . . . . . . . . . . . . . . . . Debugging Your Perl-Based CGI Scripts . . . . . . . . Debugging from the command line . . . . . . . Debugging by using logging and debug printing Debugging with CGI::Debug . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

319. . . . . . . . . . . . . . . . . . . . . . . . 321 323 323 326 327 328 328 329 330 335 335 336 338 341 342 342 370 370 371 371 371 371 373 374

Chapter 12: Running CGI Scripts . . . . . . . . . . . . . . . . . . . . . 321

Contents

xxv

Chapter 13: Server Side Includes (SSI) . . . . . . . . . . . . . . . . . . 377What Is a Server Side Include? . . . . . . . Configuring Apache for SSI . . . . . . . . . Enabling SSI for an entire directory . Enabling SSI for a specific file type . . Using XBitHack for .htm or .html files Using SSI Commands . . . . . . . . . . . . . config . . . . . . . . . . . . . . . . . . echo . . . . . . . . . . . . . . . . . . . exec . . . . . . . . . . . . . . . . . . . fsize . . . . . . . . . . . . . . . . . . . flastmod . . . . . . . . . . . . . . . . . include . . . . . . . . . . . . . . . . . . printenv . . . . . . . . . . . . . . . . . set . . . . . . . . . . . . . . . . . . . . SSI Variables . . . . . . . . . . . . . . . . . . Flow Control Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 377 378 379 380 381 382 382 385 385 391 391 392 392 393 393 394

Chapter 14: Configuring Apache for FastCGI . . . . . . . . . . . . . . 399What is FastCGI? . . . . . . . . . . . . . . . . . . . . Achieving high performance by using caching Scalability through distributed applications . Understanding How FastCGI Works . . . . . . . . . . Basic architecture of a FastCGI application . . Different types of FastCGI applications . . . . Migrating from CGI to FastCGI . . . . . . . . . . . . . Things to keep in mind about migrating . . . Migrating a sample script . . . . . . . . . . . . Setting Up FastCGI for Apache . . . . . . . . . . . . FastCGI directives for Apache . . . . . . . . . Configuring httpd.conf for FastCGI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 399 401 402 404 406 407 408 409 410 413 414 416

Chapter 15: PHP and Apache . . . . . . . . . . . . . . . . . . . . . . . 421Understanding How PHP Works . . . . . . Bringing PHP to Your Company . . . . . . Prerequisites for PHP . . . . . . . . . . . . Compiling and Installing PHP . . . . . . . Building PHP as a CGI solution . . . Building PHP as an Apache module Configuring Apache for PHP . . . . . . . . Configuring PHP by Using php.ini . . . . . PHP directives in httpd.conf . . . . PHP Directives directives in php.ini . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 421 422 423 424 424 425 426 427 427 428

xxvi


Working with PHP . . . . . . . . . . . . . . . . . . . . . . . . . . . Creating a simple command-line PHP script . . . . . . . . Creating simple PHP Web pages . . . . . . . . . . . . . . . Using a PHP script as a Server-Side Include . . . . . . . . Using a PHP page for a directory index . . . . . . . . . . . Using include files . . . . . . . . . . . . . . . . . . . . . . . Enhancing error handling with PHP . . . . . . . . . . . . . Processing Web forms with PHP . . . . . . . . . . . . . . . Creating sessions with PHP . . . . . . . . . . . . . . . . . . Using MySQL with PHP . . . . . . . . . . . . . . . . . . . . . . . . Creating a simple PHP page to access a MySQL database Securing PHP include files . . . . . . . . . . . . . . . . . . Authenticating users with PHP and MySQL . . . . . . . . .

. . . . . . . . . . . . .

. . . . . . . . . . . . .

. . . . . . . . . . . . .

. . . . . . . . . . . . .

. . . . . . . . . . . . .

. . . . . . . . . . . . .

435 435 436 437 438 439 441 441 444 448 448 451 451

Chapter 16: Using Perl with Apache . . . . . . . . . . . . . . . . . . . 455Compiling and Installing mod_perl . . . . . . . . . . . . . . . Running CGI Scripts by Using mod_perl . . . . . . . . . . . . Dont Reinvent the Wheel . . . . . . . . . . . . . . . . . . . . Creating mod_perl Module By Using the Perl API for Apache Using CGI.pm to Write mod_perl Modules . . . . . . . . . . . Preloading Perl Modules to Save Memory . . . . . . . . . . . Keeping Track of mod_perl Modules in Memory . . . . . . . Implementing ASP by Using the Apache::ASP Module . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 455 456 457 458 462 464 465 466

Chapter 17: Running Java Servlets and JSP Pages with Tomcat . . . 469Why Use Servlets? . . . . . . . . . . . . . . . . . . . . . . . . Installing Tomcat . . . . . . . . . . . . . . . . . . . . . . . . . Installing the latest JDK for Tomcat . . . . . . . . . . . Installing Tomcat and the mod_jk module . . . . . . . Configuring Tomcat . . . . . . . . . . . . . . . . . . . . . . . . Configuring Tomcat for Apache . . . . . . . . . . . . . Configuring Tomcat to use the Java Security Manager Configuring Apache for Servlets and JSP . . . . . . . . . . . Working with Tomcat . . . . . . . . . . . . . . . . . . . . . . . Disabling Tomcats default HTTP service . . . . . . . . Starting and stopping Tomcat . . . . . . . . . . . . . . Starting Tomcat with a shell wrapper script . . . . . . Running Java servlets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 470 471 471 472 473 473 477 479 483 483 484 484 485

Part IV: Securing Your Web SiteUnderstanding Web Security . . . . . . . . The Security Checkpoints . . . . . . . . . . Checkpoint 1: Your network . . . . . Checkpoint 2: The operating system Checkpoint 3: Web server software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

493. . . . . 495 496 497 499 499

Chapter 18: Web Security . . . . . . . . . . . . . . . . . . . . . . . . . 495

Contents

xxvii

Choosing a Security Configuration . . . . . . . . . . . . . . . Security policy considerations . . . . . . . . . . . . . . A sensible security configuration for Apache . . . . . The Sacrificial Lamb Configuration . . . . . . . . . . . The Paranoid Configuration . . . . . . . . . . . . . . . Protecting Your Web Contents . . . . . . . . . . . . . . . . . Content-publishing guidelines . . . . . . . . . . . . . . Protecting your contents from robots and spiders . . Logging and Security . . . . . . . . . . . . . . . . . . . . . . . CustomLog and ErrorLog . . . . . . . . . . . . . . . . . What to do if you see unusual access in your log files Securing Your CGI Implementation . . . . . . . . . . . . . . . Fending off CGI Risks with smart programming . . . . Keeping user input secure . . . . . . . . . . . . . . . . Wrapping CGI Scripts . . . . . . . . . . . . . . . . . . . Hiding clues about your CGI scripts . . . . . . . . . . . Using CGI Scanners . . . . . . . . . . . . . . . . . . . . Reducing SSI Risks . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . .

500 500 502 509 510 511 511 512 515 515 515 517 517 527 531 536 537 540

Chapter 19: Securing Apache with SSL . . . . . . . . . . . . . . . . . 543Introducing SSL . . . . . . . . . . . . . . . . . . . . . . . . . . . . How SSL Works . . . . . . . . . . . . . . . . . . . . . . . . . . . . Understanding encryption . . . . . . . . . . . . . . . . . . Understanding certificates . . . . . . . . . . . . . . . . . . Setting up SSL for Apache . . . . . . . . . . . . . . . . . . . . . . SSL choices . . . . . . . . . . . . . . . . . . . . . . . . . . . Setting up OpenSSL . . . . . . . . . . . . . . . . . . . . . . Choosing the mod_ssl module for SSL support . . . . . . Choosing Apache-SSL instead of mod_ssl for SSL support Getting a Certificate . . . . . . . . . . . . . . . . . . . . . . . . . Getting a server certificate from a commercial CA . . . . Generating a private key . . . . . . . . . . . . . . . . . . . Generating a certificate signing request . . . . . . . . . . . Creating a private certificate authority . . . . . . . . . . . Accessing SSL pages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 543 544 545 547 551 551 552 554 558 562 562 562 563 564 565

Part V: Running Apache on WindowsSystem Requirements . . . . . . . . . . . . . . . . . . . . . . Downloading Apache for Windows . . . . . . . . . . . . . . . Installing Apache Binaries . . . . . . . . . . . . . . . . . . . . Running Apache . . . . . . . . . . . . . . . . . . . . . . . . . . Running Apache automatically as a Windows service . Managing Apache from the Start menu . . . . . . . . . Managing Apache from the command-line . . . . . . . Running multiple Apache services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

567. . . . . . . . 569 570 570 574 574 577 577 578

Chapter 20: Installing and Running Apache for Windows . . . . . . 569

xxviii


Chapter 21: Configuring Apache for Windows . . . . . . . . . . . . . 579Windows httpd.conf Syntax . . . . . . . . . . . . Tuning Apache for Performance . . . . . . . . . Testing Apache Configuration . . . . . . . . . . . Managing Apache with Comanche . . . . . . . . Configuring Apache for Dynamic Contents . . . Running Perl-based CGI scripts . . . . . . . Running mod_perl scripts . . . . . . . . . . Running PHP scripts . . . . . . . . . . . . . Running ISAPI extensions with mod_isapi UserDir in Windows . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 579 580 580 581 584 584 585 586 587 588

Part VI: Tuning for Performance and ScalabilityUsing High-Performance Hardware . . . . . . . . . . . . . . . . . . CPU . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . RAM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Hard drive . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Ethernet card . . . . . . . . . . . . . . . . . . . . . . . . . . . Tuning Linuxs ext2 File system . . . . . . . . . . . . . . . . . . . . Changing the block size of the ext2 filesystem . . . . . . . . Tuning the ext2 file system with e2fsprogs . . . . . . . . . . Tuning Your Operating System . . . . . . . . . . . . . . . . . . . . Compiling and installing a custom kernel . . . . . . . . . . . Tuning your system for demanding Web applications . . . Making your Apache Server software lean and mean . . . . Tuning Your Network . . . . . . . . . . . . . . . . . . . . . . . . . . Using fast Ethernet . . . . . . . . . . . . . . . . . . . . . . . . Understanding and controlling network traffic flow . . . . . Balancing load using the DNS server . . . . . . . . . . . . . Using load-balancing hardware . . . . . . . . . . . . . . . . . Tuning the Apache Configuration . . . . . . . . . . . . . . . . . . . Minimizing DNS lookups . . . . . . . . . . . . . . . . . . . . . Speeding up static file serving . . . . . . . . . . . . . . . . . Tuning your configuration using ApacheBench . . . . . . . Caching for Speed . . . . . . . . . . . . . . . . . . . . . . . . . . . . Caching frequently used files in memory with mod_fcache Getting Slick with the Squid proxy-caching server . . . . . . Using mod_backhand for a Web server farm . . . . . . . . . Tuning Web Applications . . . . . . . . . . . . . . . . . . . . . . . Speeding up mod_perl scripts . . . . . . . . . . . . . . . . . Going with FastCGI instead of mod_perl . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

591. . . . . . . . . . . . . . . . . . . . . . . . . . . . 593 593 594 595 602 602 603 603 606 607 607 608 610 610 611 613 614 614 614 615 618 620 620 621 626 627 627 633

Chapter 22: Speeding Up Apache . . . . . . . . . . . . . . . . . . . . . 593

Contents

xxix

Chapter 23: Creating a High-Availability Network . . . . . . . . . . . 637Features of a High-end Web Network . . . . . . . . . . . . . . . . . . . . . . . . Enhancing DNS Reliability . . . . . . . . . . . . . . . . . . Load Balancing Your Web Network . . . . . . . . . . . . . Distributing HTTP requests with Round-Robin DNS Distributing HTTP requests with hardware load balancers . . . . . . . . . . . . . . Managing Web Storage . . . . . . . . . . . . . . . . . . . . RAID, SAN, or Storage Appliances . . . . . . . . . . Tuning your hard drives . . . . . . . . . . . . . . . . Tuning ext2 Filesystem . . . . . . . . . . . . . . . . Increasing reliability with journaling file systems for Linux . . . . . . . . . . . . . . . . . . . . . . . Sharing drive space with NFS server . . . . . . . . Replicating contents among Web servers . . . . . . Using rdist to distribute files . . . . . . . . . . . . . Creating a RAM-based file system . . . . . . . . . . Creating a Reliable Back-end Network . . . . . . . . . . . Fortifying Your Web Network . . . . . . . . . . . . . . . . Using Tripwire to protect your Web contents . . . Securing Apache using the Linux Intrusion Detection System (LIDS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 637 638 639 639 640 642 642 643 647 651 656 664 664 668 671 673 674

. . . . . . . . . . 687

Appendix A: HTTP 1.1 Status Codes . . . . . . . . . . . . . . . . . . . 705 Appendix B: Understanding Regular Expressions . . . . . . . . . . . 709 Appendix C: Online Apache Resources . . . . . . . . . . . . . . . . . 713 Appendix D: Whats on the CD-ROM? . . . . . . . . . . . . . . . . . . 719 Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 723 End-User License Agreement . . . . . . . . . . . . . . . . . . . . . . . . . 755

P

A

R

T

Getting Started

I In This PartChapter 1 Apache: The Number One Web Server Chapter 2 Obtaining and Installing Apache Chapter 3 Getting Apache Up and Running Chapter 4 The Core and MPM Directives Chapter 5 The Apache Modules

I

n this part, I show you why Apache is a great Web server; where to get it from, and how to install and configure it. I also get you up to speed with the Apache code directives and the many popular modules that make Apache the most configurable Web server on the planet.

C H A P T E R

Apache: The Number One Web Serverelcome to Apache the number one Web server in the world. If you are toying with the idea of running Apache, you are in the right place! This chapter introduces the Apache way of running a Web server. More than 60 percent of the Web servers in the world use Apache, according to a prominent Web server survey company called Netcraft (www.netcraft.co.uk/Survey/). Netcraft publishes the Top Server statistics periodically. Table 1-1 shows the Top Server statistics that was available at the time of writing this chapter. If you want to put faces to the numbers, you can visit www.apache.org/info/ apache_users.html.

1

In This ChapterUnderstanding why Apache rocks Boning up on Apache history Thumbing through the feature set Looking through Apache architecture Sorting through the licensing options

W

4

Part I Getting Started

Table 1-1 Top Server Statistics by NetcraftServer Apache Microsoft IIS iPlanet Zeus Nov 2001 7750275 3307207 431935 174052 Percent 61.88 26.40 3.45 3.45 Dec 2001 8588323 3609428 383078 172352 Percent 63.34 26.62 2.83 1.27

Apache Rocks OnWhat Apache has accomplished is simply amazing! Who knew that an open source Web server could consistently beat two major commercial competitors, Microsoft and Netscape as a Web server platform! Everyone has his or her own reason for why Apache is so popular. Here are mine: Apache is a highly configurable Web Server with a modular design. It is very easy to extend the capabilities of Apache Web server. Anyone with decent C or Perl programming expertise can write a module to perform a special function. This means that there are tons of Apache modules available for use. Apache is a free, open source technology. Being free is important but not as important as being open source. Apache works great with Perl, PHP, and other scripting languages. Most Web applications are still scripts. Perl excels in the script world and Apache makes using Perl a piece of cake with both CGI support and mod_perl support. Apache runs on Linux and other Unix systems. Linux used to be an underdog operating system, which has now found itself in enterprise computing arena. Linux and Apache go hand-in-hand in the enterprise world today. I believe Linuxs acceptance in the business world has made Apaches entry into such territory easy. However, there are people who would argue that it was Apaches fame that made Linux find its way into the business world easier. Either way, Apache and Linux is a powerful combination. Other Unix systems such as FreeBSD and Solaris, and the new Mac OS X also play a great role in expanding Apaches user base horizon. Apache also runs on Windows. Although Apache will run much better on Windows platform with version 2.0, Apache was already in Windows market with Version 1.3.x. We will see a lot of Windows systems switching to Apache from Microsoft Internet Information Server (IIS) because Apache 2.0 architecture gives it the power it needed to compete natively.

Chapter 1 Apache: The Number One Web Server

5

Apache: The BeginningHere is a bit of Apache history. In the early days of the Web, the National Center for Super Computing Applications (NCSA) created a Web server that became the number one Web server in early 1995. However, the primary developer of the NCSA Web server left NCSA about the same time, and the server project began to stall. In the meantime, people who were using the NCSA Web server began to exchange their own patches for the server and soon realized that a forum to manage the patches was necessary. The Apache Group was born. The group used the NCSA Web server code and gave birth to a new Web server called Apache. Originally derived from the core code of the NCSA Web server and a bunch of patches, the Apache server is now the talk of the Web server community. In three short years, it acquired the lead server role in the market. The very first version (0.6.2) of publicly distributed Apache was released in April 1995. The 1.0 version was released on December 1, 1995. The Apache Group has expanded and incorporated as a nonprofit group. The group operates entirely via the Internet. However, the development of the Apache server is not limited in any way by the group. Anyone who has the know-how to participate in the development of the server or its component modules is welcome to do so, although the group is the final authority on what gets included in the standard distribution of what is known as the Apache Web server. This allows literally thousands of developers around the world to come up with new features, bug fixes, ports to new platforms, and more. When new code is submitted to the Apache Group, the group members investigate the details, perform tests, and do quality control checks. If they are satisfied, the code is integrated into the main Apache distribution.

The Apache Feature ListOne of the greatest features that Apache offers is that it runs on virtually all widely used computer platforms. At the beginning, Apache used to be primarily a Unixbased Web server, but that is no longer true. Apache not only runs on most (if not all) flavors of Unix, but it also runs on Windows 2000/NT/9x and many other desktop and server-class operating systems such as Amiga OS 3.x and OS/2. Apache offers many other features including fancy directory indexing; directory aliasing; content negotiations; configurable HTTP error reporting; SetUID execution of CGI Programs; resource management for child processes; server-side image maps; URL rewriting; URL spell checking; and online manuals. The other major features of Apache are: Support for the latest HTTP 1.1 protocol: Apache is one of the first Web servers to integrate the HTTP 1.1 protocol. It is fully compliant with the new HTTP 1.1 standard and at the same time it is backward compatible with HTTP 1.0. Apache is ready for all the great things that the new protocol has to offer.

6


For example, before HTTP 1.1, a Web browser had to wait for a response from the Web server before it could issue another request. With the emergence of HTTP 1.1, this is no longer the case. A Web browser can send requests in parallel, which saves bandwidth by not transmitting HTTP headers in each request. This is likely to provide a performance boost at the end-user side because files requested in parallel will appear faster on the browser. Simple, yet powerful file-based configuration: The Apache server does not come with a graphical user interface for administrators. It comes with single primary configuration file called httpd.conf that you can use to configure Apache to your liking. All you need is your favorite text editor. However, it is flexible enough to allow you spread out your virtual host configuration in multiple files so that a single httpd.conf does not become too cumbersome to manage with many virtual server configurations. Support for CGI (Common Gateway Interface): Apache supports CGI using the mod_cgi and mod_cgid modules. It is CGI 1.1 compliant and offers extended features such as custom environment variables and debugging support that are hard to find in other Web servers. See Chapter 12 for details. Support for FastCGI: Not everyone writes their CGI in Perl, so how can they make their CGI applications faster? Apache has a solution for that as well. Use the mod_fcgi module to implement a FastCGI environment within Apache and make your FastCGI applications blazing fast. See Chapter 14 for details. Support for virtual hosts: Apache is also one of the first Web servers to support both IP-based and named virtual hosts. See Chapter 6 for details. Support for HTTP authentication: Web-based basic authentication is supported in Apache. It is also ready for message-digest-based authentication, which is something the popular Web browsers have yet to implement. Apache can implement basic authentication using either standard password files, DBMs, SQL calls, or calls to external authentication programs. See Chapter 7 for details. Integrated Perl: Perl has become the de facto standard for CGI script programming. Apache is surely one of the factors that made Perl such a popular CGI programming language. Apache is now more Perl-friendly then ever before. Using its mod_perl module, you can load a Perl-based CGI script in memory and reuse it as many times as you want. This process removes the start-up penalties that are often associated with an interpreted language like Perl. See Chapter 16 for details. Support for PHP scripting: This scripting language has become very widely used and Apache provides great support for PHP using the mod_php module. See Chapter 15 for details. Java Servlet support: Java servlets and Java Server Pages (JSP) are becoming very commonplace in dynamic Web sites. You can run Java servlets using the award-wining Tomcat environment with Apache. See Chapter 17 for details.


7

Integrated Proxy server: You can turn Apache into a caching (forward) proxy server. However, the current implementation of the optional proxy module does not support reverse proxy or the latest HTTP 1.1 protocol. There are plans for updating this module soon. See Chapter 10 for details. Server status and customizable logs: Apache gives you a great deal of flexibility in logging and monitoring the status of the server itself. Server status can be monitored via a Web browser. You can also customize your log files to your liking. See Chapter 8 for details. Support for Server-Side Includes (SSI): Apache offers set of server side includes that add a great deal of flexibility for the Web site developer. See Chapter 13 for details. Support for Secured Socket Layer (SSL): You can easily create an SSL Web site using OpenSSL and the mod_ssl module for Apache. See Chapter 19 for details.

Understanding Apache 2.0 ArchitectureApache Server 2.0 makes Apache a more flexible, more portable, and more scalable Web solution than ever before. The new 2.0 releases offer many improvements; the major improvements are discussed in the following sections.

Multiprocessing modulesThe first major change in Apache 2.0 is the introduction of multiprocessing modules (MPMs). To understand why MPMs are created, you need to understand how Apache worked before. Apache Version 1.3 or earlier used a preforking architecture. In this architecture, an Apache parent process forked a set of child processes, which serviced the actual requests. The parent process simply monitored the children and spawned or killed child processes based on the amount of requests received. Unfortunately, this model didnt work well under platforms that are not process-centric such as Windows. So, the Apache Group came up with the MPMbased solution. Each MPM is responsible for starting the server processes and for servicing requests via child processes or threads depending on the MPM implementation. Several MPMs are available. They are discussed in the following sections.

The prefork MPMThe prefork MPM mimics the Apache 1.3 or earlier architecture, creating a pool of child processes to service requests. Each child process has a single thread. For example, if Apache starts 30 child processes, it can service 30 requests simultaneously.

8


If something goes wrong and the child process dies, only a single request is lost. The number of child processes is controlled using a minimum and maximum setting. When the number of requests increases, new child processes are added until the maximum is reached. Similarly, when the requests fall, any extra child processes are killed.

The threaded MPMThis MPM enables thread support in Apache 2.0. This is like the prefork MPM, but instead of each child process having a single thread, each child process is allowed to have a specified number of threads. Each thread within a child process can service a different request. If Apache starts 30 child processes where each child is allowed to have at maximum 10 threads, than Apache can service 30 10 = 300 requests simultaneously. If something goes wrong with a thread, for example, an experimental module causes the thread to die, then the entire process dies. This means that all the requests being serviced by the threads within the child process will be lost. However, because requests are distributed among threads on separate child processes, it is likely that a childs death will take down at maximum of 1/n of all the total connection, where n presents the number of all simultaneous connections. A process is added or removed by monitoring its spare-thread count. For example, if a process has less than the minimum number of spare threads, a new process is added. Similarly, when a process has a maximum number of idle threads, it killed. All processes run under the same user and group ID assigned to Apache server. Because threads are more resource efficient than processes, this MPM is very scalable.

The perchild MPMThis is also new in Apache 2.0. In this MPM model a set number of child processes are started with a specified number of threads. As request load increases the processes add new threads as needed. When request count reduces, processes shrink their thread counts using a minimum and maximum thread count setting. The key difference between this module and the threaded MPM is that the process count is static and also each process can run using a different user and group ID. This makes it easy to run different virtual Web sites under different user and group IDs. See Chapter 6 for details.

The winnt MPMThis is the MPM for the Windows platform, including Windows 2000, Windows NT, and Window 9x. It is a multithreaded module. Using this module Apache will create a parent process and a child process. The child process creates all the threads that


9

services the request. Also, this module now takes advantage of some Windows-only native function calls, which allows it to perform better than the earlier versions of Apache server on Windows platform.

Filtering I/OApache 2.0 now provides architecture for layered I/O. This means that one modules output can become another modules input. This filtering effect is very interesting. For example, the output produced by CGI scripts, which is processed by the mod_cgi module, can now be handed to the mod_include module responsible for SSIs. In other words, CGI scripts can produce output as SSI tags, which can be processed before the final output is sent to the Web browser. Many other applications of filtering I/O will be available in the future.

New CGI daemonBecause many of the MPM modules use threads, executing CGI scripts become cumbersome when a thread gets such a request. The mod_cgi module still works, but not optimally for threaded MPMs, so mod_cgid was added. The mod_cgid module creates a daemon process, which spawns CGI processes and interacts with threads more efficiently. Figure 1-1 shows how a CGI request for a script called myscript.pl is serviced.

1 Web Browser 3

Apache Child Process


CGI Daemon Process


2

myscript.pl Figure 1-1: How the CGI daemon works with Apache child processes.

Here is how the CGI scripts are executed: 1. When the CGI request comes to a thread within a child process, it passes the request to the CGI daemon.

10


2. The CGI daemon spawns the CGI script and outputs the CGI script-generated data to the thread in the child process. 3. The thread returns the data to the Web browser. When the main Apache server starts, it also starts the CGI daemon and establishes a socket connection. So, when a new child process is created, it inherits the socket connection and therefore does not have any need to create a connection to the CGI daemon for each request. The entire process improves CGI execution in the threaded environment.

Apache Portable Run-TimeIn furtherance of the Apache Groups vision to create the most popular Web server in the world, it became clear that Apaches portability needed to be addressed in Apache 2.0. Prior to the current release, Apache had been dealing with portability internally, which made the code base less manageable. So, Apache Group introduced the Apache Portable Run-Time (APR). APRs purpose is to provide a single C interface to platform-specific functions so that code can be written once. This enables Apache to run more natively on platforms such as Windows, BeOS, Amiga, and OS/2. Because of APR, many programs, such as ApacheBench, can run on these platforms.

Understanding the Apache LicenseFree software such as Apache, Perl (Practical Extraction and Reporting Language), and Linux (an x86-based Unix clone operating system) are getting a great deal of press because of Netscapes decision to make Netscape Communicator, one of the most popular Web browsers, available for free with its Mozilla project. Unfortunately, free software such as Apache, Perl, and Linux do not share the same licensing agreements, and so the media has created some confusion by associating these packages in the same licensing category. All free software is intended to be, well, free for all. However, there are some legal restrictions that the individual software licenses enforce. For example, Linux, which is made free by GNU Public License (GPL), requires that any changes to Linux be made public. Apache, on the other hand, does not require that changes made to Apache be made public by anyone. In short, think of Apache as free, copyrighted software published by the Apache Group. It is neither in the public domain nor is it shareware. Also note that Apache is not covered by GPL. The Apache Software License document is listed in Listing 1-1 for your convenience.


11

Listing 1-1: Apache Software License/* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * ==================================================================== The Apache Software License, Version 1.1 Copyright (c) 2000-2001 The Apache Software Foundation. reserved. All rights

Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. 3. The end-user documentation included with the redistribution, if any, must include the following acknowledgment: This product includes software developed by the Apache Software Foundation (http://www.apache.org/). Alternately, this acknowledgment may appear in the software itself, if and wherever such third-party acknowledgments normally appear. 4. The names Apache and Apache Software Foundation must not be used to endorse or promote products derived from this software without prior written permission. For written permission, please contact [email protected]. 5. Products derived from this software may not be called Apache, nor may Apache appear in their name, without prior written permission of the Apache Software Foundation. THIS SOFTWARE IS PROVIDED AS IS AND ANY EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. Continued

12


Listing 1-1 (continued)* ==================================================================== * * This software consists of voluntary contributions made by many * individuals on behalf of the Apache Software Foundation. For more * information on the Apache Software Foundation, please see * . * * Portions of this software are based upon public domain software * originally written at the National Center for Supercomputing Applications, * University of Illinois, Urbana-Champaign. */

C H A P T E R

Obtaining and Installing Apachelthough compiling your own Apache binaries may seem like a bit of work, its worth the effort. As you become more familiar with Apache, you will learn that it is the only Web server that provides virtually all (if not more) of the functionalities of a full-blown commercial server, while letting you look at how these functionalities are implemented in the source. I find this aspect of Apache fascinating. For people who are not C programmers but who still need a powerful, free, Web server, however, playing around with a lot of ANSI C code may not exactly be a favorite pastime. Fortunately, theres nothing to worry about Apache comes in both source code and in prebuilt binary packages. This chapter discusses installing Apache from source code and from prebuilt binaries.

2

In This ChapterFinding the latest Apache source System requirements for Apache Downloading the software Compiling the source Installing binaries on your system Keeping up with Apache developments

A

The Official Source for ApacheWhenever you obtain free software (source code or binary files) from the Internet, make sure youre not getting it from an unknown Web or FTP site. What I mean by an unknown can be better understood by use of an example. Say you want to obtain free Java-based Web browser software developed by Sun Microsystems. You need to be able to do some sort of authenticity check, which is often difficult on the Internet; therefore, you should stick with sites that are widely used. For example, you dont want to get it from an FTP site with hostname such as dialup-666.someforeignisp.net.ch; you should probably look for it somewhere on the java. sun.com site instead, because you cant be sure that 666. someforeignisp.net.ch has completely checked the software for any hidden dangers. You get the idea.

14


Lucky for us, Apache developers and supporters made sure an official place was set up for obtaining Apache software. The official Apache Web site is www.apache.org. This site contains the latest stable version of Apache, the latest release version of Apache, patches, contributed Apache modules, and so on. This is where you want to go for all your Apache needs although you might be directed to a mirror site that is geographically near you to help cut down on bandwidth and network congestion. You can also use the Pretty Good Privacy (PGP) signatures offered on the site to verify the authenticity of the source code. If you do not know how to use PGP, check out www.pgp.net.Note

Windows users: Please read Chapter 20 for details on your platform. This chapter is primary geared towards Unix installation and uses Linux as the sample platform. Instructions in this chapter apply to most Unix systems.

System RequirementsApache runs on just about any platform in use today, including Linux; FreeBSD; OpenBSD; NetBSD; BSDI; Amiga OS 3.x; Mac OS X; SunOS; Solaris; IRIX; HPUX; Digital Unix; UnixWare; AIX; SCO; ReliantUNIX; DGUX; OpenStep/Mach; DYNIX/ptx; BeOS; and Windows.

Requirements for building Apache from source distributionIf you are planning on building Apache from source, which is what I highly recommend since compiling your own will give you a very lean and mean server, then you need to make sure that your system meets the requirements stated in Table 2-1.Note

These requirements are for building Apache from the source code only. For running Apache on your system, browse the requirements in the next section.

Chapter 2 Obtaining and Installing Apache

15

Table 2-1 Requirements for Building Apache from SourceResource Disk Space Required? Mandatory Requirements Approximately 12 MB of disk space is needed to compile and install Apache from source distribution. However, if you add many modules that are not part of the standard source distribution, then your space requirements will increase. After it is installed, Apache only needs approximately 5 MB of disk space. However, I highly recommend that you maintain the source code on your hard disk until you finish reading this book. ANSI C Compiler Mandatory ANSI C compiler is required. For most systems, the GNU C compiler (GCC) from the Free Software Foundation is highly recommended. The version you should have is 2.7.2 or above. GCC can be found at www.gnu.org. Most Linux systems, such as Red Hat Linux, comes with the latest stable version of the GCC compiler. You do not need Perl for compiling Apache, but some of the support scripts, such as apxs, split-logfile, log_server_status, and dbmmanage, which are found in the support subdirectory of your source distribution, are Perl scripts. You need Perl only if you plan to use those scripts. I highly recommend that you install Perl on your system. Perl version 5.003 or above will work fine.Continued

Perl 5 Interpreter

Recommended

16


Table 2-1 (continued)Resource Dynamic Shared Object (DSO) support Required? Optional Requirements Instead of compiling modules in the Apache binary itself, you can create dynamic modules called DSO that can be loaded via the httpd.conf file at startup. DSO modules enable you to experiment with modules and configurations more freely than compiling everything in httpd. Currently, DSO support is available for Linux, FreeBSD; OpenBSD; NetBSD; BSDI; SunOS; Solaris; IRIX; HPUX, Digital Unix, UnixWare, AIX, SCO, ReliantUNIX, DGUX, Darwin/Mac OS, OpenStep/Mach, and DYNIX/ptx. Note that an Apache server using a DSO module may be approximately 20 percent slower at startup and approximately 5 percent slower during run time. On top of that, DSO is not always available in all platforms. Therefore, I do not recommend DSO for a production environment. It is great, however, for experimenting with modules in a development or staging environment.

Requirements for running an Apache Web serverBefore displaying the Powered by Apache logo on your Web server, you want to make sure your Web server has enough power to run it. Fortunately, Apache does not require massive computing resources to run. It runs fine on a Linux system with 5 to 12MB of hard disk space and 8MB of RAM. However, just being able to run Apache is probably not what you had in mind. Most likely, you want to run Apache to serve Web pages, launch CGI processes, and take advantage of all the wonderful stuff that the Web has to offer. In that case, you want disk space and RAM size figures that reflect your load requirements. You can go about this in two ways: you can ask someone who runs a similar site with Apache and find out what type of system resources theyre using; or, you can try to figure out your realistic needs after youve installed Apache on your system. In the latter case, you can use system utilities such as ps, top, and so on to display memory usage by a particular Apache process. You can then determine the total memory needed by multiplying a single processs memory usage by the total

Chapter 2 Obtaining and Installing Apache

17

number of Apache processes that will be running at peak hours (see the MaxSpareServers directive in Chapter 4). This should give you a reasonable estimate of your sites RAM requirements for Apache. If you plan to run several CGI programs on your Apache server, you have to determine memory usage for these programs as well, and take this additional need into account. One of the ways you can determine your CGI program memory requirements is run the CGI program and use the top utility to watch how much memory it uses and then multiply that amount of memory by the number of CGI requests you need to be able to fulfill simultaneously. The disk requirements for Apache source or binary files shouldnt be a concern with most systems because Apache binaries take no more than 1MB of space and the source file is about 5MB. You should really pay attention, however, to the log files that Apache creates, because each log entry takes up approximately 80 bytes of disk space. If you expect to get about 100,000 hits in a day, for example, your Apache acces

hungry minds apache server 2.0 bible

Documents