For such a powerful service, Apache configuration is remarkably simple. The main configuration file, that is httpd.conf, controls almost all run time settings. Under Apache 2.0, most external programs are controlled by separate configuration files, which are treated as part of httpd.conf when the daemon is running. You can read and edit Apache configuration and log files in your favorite text editor; the files are clearly laid out, and you'll be up to speed in no time.
Most Apache configuration files are stored in the /etc/httpd/conf/ directory, including httpd.conf, the main Apache configuration file (see the httpd.conf section later in this chapter for more details). This directory also contains a number of subdirectories that are used to manage SSL transactions:
ssl.key-Store SSL keys in this directory. Each SSL-based virtual host should get its own SSL private-key/certificate pair. That way, if a domain served by a virtual host on your network moves to a different server, it can take its certificate/key pair to the new machine.
ssl.csr-After creating an SSL certificate request, place them in this directory. Creating CSRs requires an SSL key and a domain or website's FQDN.
ssl.crt-This directory contains SSL certificates. A SSL certificate is the electronic notarization that certifies a website and company as who they say they are. You get such cert files from certificate authorities such as GeoTrust (www.geotrust.com) or Verisign (www.verisign.com) after generating an SSL key and certificate request. Each certificate requires a matching SSL key.
The /etc/httpd/conf.d/ directory is also quite important if you're going to add dynamic content. Any files located in this directory and named with .conf extension are processed as if they were part of the main configuration file /etc/httpd/conf/httpd.conf. This is done so that when new web-related packages are installed or upgraded, they can modify their own mini-conf file and not touch httpd.conf. If you make changes to any files in this directory, or to the main httpd.conf, you must restart or reload the Apache server process.
Note |
The older configuration files srm.conf and access.conf, used under Apache 1.x, are no longer part of Apache 2.0. Their functions have been incorporated into the main httpd.conf. |
Although Apache generates a number of log files, there are three logs of particular importance:
/var/log/httpd/access_log-This file logs all activity connected with access to the server. File access, client access, and any other attempts to reach or obtain files from the Apache process are documented here. Reporting packages like Urchin or Webalizer usually use data from this file. However, each vhost may have its own access file in its own area.
/var/log/httpd/error_log-This file logs all error messages from Apache and is the best place to look when trying to diagnose a run time problem. Most problems with website content and related files, including missing files or modules, are reported here.
/var/log/messages-This is the main server log file. If you are having problems starting Apache at all, look here. For example, if there is a typo in your httpd.conf file that keeps Apache from starting, you would see related errors in this file, identified with the httpd:ID tag.
Along with the configuration and log files, there are three other directories of interest to the Apache administrator:
/var/www/html/-This is the default location for Apache's default site's directory or document root (where the actual web content for the main server is stored).
/var/www/cgi-bin/-This is the default location for the main site's CGI files, or what's called the script alias directory. It is the path parallel to the document root where script and binary executables (such as perl and python) can safely reside, separate from the main HTML content.
/home/httpd/-Versions of Red Hat Linux predating version 7.0 used this directory instead of /var/www/.
The /etc/httpd/conf/httpd.conf file is the main Apache server configuration file. In this section, we show you the main elements of a well-managed httpd.conf. The file is divided into three general sections: global environment, main server configuration, and virtual hosts.
Apache's global environment configuration, or Section 1 area, controls the way in which Apache globally interacts with the server, operating system, and network stack on the server itself. This section contains entries that affect how long the server waits before a timeout, the number of child processes and simultaneous users allowed, and so on. This section also controls which global modules are loaded and the main server IP and port bindings.
In practice, once a web server is up and running, this section of httpd.conf is rarely edited. Changes made to this part of the file are usually done during performance tuning or in response to unusual traffic or load conditions. For most users, the default values set during Fedora Core installation, shown here, are sufficient.
### Section 1: Global Environment ServerTokens OS ServerRoot "/etc/httpd" PidFile run/httpd.pid Timeout 300 KeepAlive Off MaxKeepAliveRequests 100 KeepAliveTimeout 15 <IfModule prefork.c> StartServers 8 MinSpareServers 5 MaxSpareServers 20 MaxClients 150 MaxRequestsPerChild 1000 </IfModule> <IfModule worker.c> StartServers 2 MaxClients 150 MinSpareThreads 25 MaxSpareThreads 75 ThreadsPerChild 25 MaxRequestsPerChild 0 </IfModule> Listen 80 LoadModule access_module modules/mod_access.so LoadModule auth_module modules/mod_auth.so [...] Include conf.d/*.conf #ExtendedStatus On
Tip |
The settings under the prefork block are the settings one would adjust on a stock Apache installation to adjust how many simultaneous sessions can be established. The settings shown here permit 150 simultaneous clients. The Apache "compiled in" maximum is 256. However, since the stock Fedora Core/Red Hat kernel can now handle many thousands of processes (see /proc/sys/kernel/pid_max), you can safely recompile the source RPM for Apache to increase this, then adjust MaxClients in the httpd.conf file up to around 1,024, if you think that you really need this level of server capacity. For more information on this see http://httpd.apache.org/docs/mod/core.html#maxclients. If you have enabled the "server-info" feature, you can see the current setting of MaxClientsat the http://localhost/server-info. This feature can be found in your httpd.conf file by searching for "server-info." |
With MaxClients set to 1,024 and an average session time of 20 seconds, your Apache server could potentially serve up to 4.4 million hits a day. This is far above what 98 percent of sites need. The stock 150 MaxClients setting will allow over 648,000 hits per day, which is still more than what most of us actually need.
Caution |
Be very careful about making this type of web server adjustment if you have other daemons on the server that compete for process or file handler resources (especially Sendmail, PostFix, or qmail), or if you do not have lots and lots of RAM (2GB or more). |
Section 2 of httpd.conf configures the main server settings that need to be configured but are not explicitly defined within any VirtualHost block. This part of the configuration file controls the default security settings, network access control lists (ACLs), the default locations of files, and any other setting that pertains to system-wide defaults.
Note |
Any setting defined in the Section 2 main server configuration can be overridden for a given VirtualHost block with an explicit setting within that individual virtual host. |
In particular, this section can be used to set the user and group under which Apache runs; this is important, since running as the root user is a bad thing. You can also use this section to control the location of the default server's document root, language settings, browser sensitivity, and system-wide error page files. Log file formats are also determined in this section; you may want to change the level of verbosity in your logs if you are trying to diagnose a particular problem. The default settings, minus the comments, are as follows:
### Section 2: 'Main' server configuration User apache Group apache ServerAdmin root@localhost UseCanonicalName Off DocumentRoot "/var/www/html" <Directory /> Options FollowSymLinks AllowOverride None </Directory> <Directory "/var/www/html"> Options Indexes FollowSymLinks AllowOverride None Order allow,deny Allow from all </Directory> <IfModule mod_userdir.c> UserDir disable </IfModule> DirectoryIndex index.html index.html.var AccessFileName .htaccess <Files ~ "^\ .ht"> Order allow,deny Deny from all </Files> TypesConfig /etc/mime.types DefaultType text/plain <IfModule mod_mime_magic.c> MIMEMagicFile conf/magic </IfModule> HostnameLookups Off ErrorLog logs/error_log LogLevel warn LogFormat "%h %l %u %t \ "%r\ " %>s %b \ "%{Referer}i\ " \ "%{User-Agent}i\ "" combined LogFormat "%h %l %u %t \ "%r\ " %>s %b" common LogFormat "%{Referer}i -> %U" referer LogFormat "%{User-agent}i" agent CustomLog logs/access_log combined ServerSignature On Alias /icons/ "/var/www/icons/" <Directory "/var/www/icons"> Options Indexes MultiViews AllowOverride None Order allow,deny Allow from all </Directory> AliasMatch ^ /manual (?:/(?:de|en|fr|ja|ko|ru))?(/.*)?$ "/var/www/manual$1" <Directory "/var/www/manual"> Options Indexes AllowOverride None Order allow,deny Allow from all <Files *.html> SetHandler type-map </Files> [...] </Directory> <IfModule mod_dav_fs.c> # Location of the WebDAV lock database. DAVLockDB /var/lib/dav/lockdb </IfModule> ScriptAlias /cgi-bin/ "/var/www/cgi-bin/" <Directory "/var/www/cgi-bin"> AllowOverride None Options None Order allow,deny Allow from all </Directory> [...language, icons, and browser settings] #<Location /server-status> # SetHandler server-status # Order deny,allow # Deny from all # Allow from .example.com #</Location>
The settings shown in bold italic are those that you are most likely to consider changing. The DirectoryIndex directive controls the type of files that are registered with the system to serve web content. This is useful if, for example, you want to move .htm files from a Windows IIS-based web server to your Apache server. The HostnameLookups and CustomLog directives, respectively, control whether IP addresses or FQDNs are used to represent web hits in the log files and the log file format. If you plan to do web-log report analysis on commercial websites with packages such as Urchin, Webalizer, or Webtrends, you will probably need to change these settings.
As a web administrator, the odds are good that most of the time you spend configuring Apache will be spent modifying Section 3 of the Apache configuration file, the VirtualHost section. The term virtual host refers to the fact that it is possible to host more than one domain on a single server machine. One type of virtual hosting is name-based hosting, which means that web servers are identified both by IP address and by fully qualified domain name, or FQDN. The HTTP protocol (since version 1.1) on both the web server and web browser (clients) together allows name-based hosting to work. Under name-based hosting, it is theoretically possible to host an infinite number of domains under a single IP address.
The VirtualHost section of /etc/httpd/conf/httpd.conf is where you set up each virtual host website on your server. IP addresses, document roots, log file locations, and other information unique to each host are specified in a separate block for each virtual host.
Caution |
When setting up virtual hosts, if you do not uncomment and use the NameVirtualHost directive as seen in the succeeding block of code, then all virtual hosts (virtual websites) on the server will be served their content from the first virtual host set up in this section. This is a common mistake. |
The following code shows the VirtualHost section of /etc/httpd/conf/httpd.conf.:
### Section 3: Virtual Hosts # # Use name-based virtual hosting. # #NameVirtualHost *:80 # # VirtualHost example: # Almost any Apache directive may go into a VirtualHost # container. # The first VirtualHost section is used for requests # without a known server name. # #<VirtualHost *:80> # ServerAdmin webmaster@dummy-host.example.com # DocumentRoot /www/docs/dummy-host.example.com # ServerName dummy-host.example.com # Errorlog logs/dummy-host.example.com-error_log # Customlog logs/dummy-host.example.com-access_log common #</VirtualHost>
Now that you have seen the basic layout of httpd.conf, let's look at a sample of how to set up virtual host name-based websites in the Section 3 vhost area of the configuration file. There are ample comments to explain the settings. Note that this file configures two websites on a single IP address:
NameVirtualHost 10.1.1.1 <VirtualHost 10.1.1.1> ##This is all that is needed to set up a basic vhost web ##site... DocumentRoot /home/mike/web/html ServerName mydomain.com ##Now all that is needed is an index.html file in the ##DocumentRoot. </VirtualHost> <VirtualHost 10.1.1.1> ##Bob's vhost has a few more options configured, but is ##sharing the same IP DocumentRoot /home/bob/web/html ServerName example.com ServerAlias www.example.com ErrorLog /home/bob/web/logs/example.com-error_log CustomLog /home/bob/web/logs/example.com-access_log combined ##These "combined" web logs are important if you are going to ##be doing any web log reports via something like Webtrends ##orWebalizer (the latter is included with Linux for free).
(Note that the CustomLog line is wrapped. Do not wrap it in the configuration file.)
<Directory /home/bob/web/html> ##This directory block will allow us to use symlinks inside ##our vhost Options +FollowSymLinks ##As well as move out all directory options out to be ##controlled via an external .htaccess file that a common ##user can edit himself AlIowOverride All order allow,deny ##This defines who (what hosts/IPs, etc) can do all of this. allow from all </Directory> ##Always remember to close your config tags... </VirtualHost>