INSTALLATION & CONFIGURATION of

HTTPD / APACHEWeb Server

Index What is apache httpd server ? What is PHP ? Installing apache web server Verify installed apache web server. Installing PHP5 Manage Apache Web Server Configuration file of Apache Web Server Type of Virtual Hosting in Apache Web Server Name Based Virtual Hosting IP Based Virtual Hosting Log file location of Apache Web Server Verify PHP integration with Apache Web Server SSL with Apache Web Server Access Control in Apache Web Server User Based Access Control in Apache Web Server Add module in working Apache Web Server Fine-tune the PHP

What is apache httpd server?

Apache HTTPD provides the service with which the client Web browsers communicate. The daemon runs in the background on your server and waits for requests from clients. Web browsers connect to the HTTP daemon and send requests, which the daemon interprets, sending back the appropriate data .

What is PHP ?

PHP Hypertext Preprocessor (PHP). PHP is a programming language that was developed specifically for use in Web scripts. It is preferred by many developers because it’s designed to be embedded within HTML documents, making it simpler to manage Web content and scripts within a single file.

Installing Apache

Yum install httpd

OR

Rpm -ivh httpd-2.2.3-6.el5.rpm

Note: yum only work when you have registered with redhat and also connected to

internet.

Verify Installed HTTPD/Apache

Rpm -q httpd

OR

Rpm -qa | grep httpd

Installaing PHP

yum install php5

OR

Rpm -ivh php-5.1.6-5.el5.rpm

Note: yum only work when you have registered with redhat and also connected to internet.

Start / Stop / Restart HTTPD / Apache

service httpd start

Service httpd stop

Service httpd restart

HTTPD Config File /etc/httpd/conf/httpd.conf ## Configuration file of HTTPD

Server.

/etc/httpd/conf.d ## Config Folder for squirrelmail , phpmyadmin. If you install via

rpms.

/var/www/html ## Defines the directory in which the web pages for the site can be found

General Settings Listen 80 ## Define the port no. for the httpd web

server. ServerRoot "/etc/httpd" ## Defines the directory in which the

configuration of httpd web server can be found

DocumentRoot "/var/www/html" ## Defines the directory in which the web pages for the site can be found

ServerName www.example.com ## Defines the name of the website managed by the <VirtualHost> container.

Include conf.d/*.conf ## Load config files from the config directory. DirectoryIndex index.html welcome.html ## sets the file that Apache will serve

if a directory is requested. <Directory "/var/www/cgi-bin"> AllowOverride None Options None Order allow,deny Allow from all </Directory>

General Settings

Redirect permanent /google http://www.google.com/ ## now you can access google.com via 192.168.1.1/google

Alias /data/ "/data/"## Now you can access data folder, which is exist in / via http://localhost/data .

ErrorDocument 404 /error/error404.html## Define your own error Messages.

ServerTokens Prod##This directive configures what you return as the Server HTTP response

Header. The default is 'Full' which sends information about the OS-Type and compiled in modules. Set to one of: Full | OS | Minor | Minimal | Major | Prod. where Full conveys the most information, and Prod the least. LoadModule auth_basic_module modules/mod_auth_basic.so

# LoadModule auth_basic_module modules/mod_auth_basic.so## To Make any module disable, add the # sign in front of line. To Make any module enable, remove the # sign in front of line, if available there.

Note: Please disable all non-requred modules in HTTPD web server. Because it is vulnerability and also slow down the performance of HTTPD Web Server.

General Settings

Options Indexes FollowSymLinks## If a URL that maps to a directory is requested and there is noDirectoryIndex (for example, index.html) in that directory, then the server returns a formatted listing of the directory.

<Directory /www/myclient/public/htdocs > Options -Indexes MultiViews</Directory>

##

Note: Remove the indexes from options directive, If really no need.

Type of Virtual Hosting

Name Based Virtual Hosting

IP Based Virtual Hosting

Name Base Virtual Hosting NameVirtualHost *:80

<VirtualHost *:80> DocumentRoot /www/domain ServerName www.domain.tld ... </VirtualHost> <VirtualHost *:80> DocumentRoot /www/subdomain ServerName www.sub.domain.tld ... </VirtualHost>

Note: For Name Based Virtual Hosting, you also required configured dns server. So that it can easily translate IP Address to FQDN.

IP Based Virtual Hosting

<VirtualHost 192.168.1.110:80> DocumentRoot /var/www/html/otherdomain ServerName www.otherdomain.tld ... </VirtualHost>

Httpd Log Files Location

/var/log/httpd

Access log file of HTTPD /var/log/httpd/access.log

Error log file of HTTPD /var/log/httpd/error.log

Note: To check the logs, use command “ tail /var/log/httpd/access.log ” .

Verify PHP integration with HTTPD Cat > /var/www/html/info.php

<?phpphpinfo();

?>^D

Chmod 644 /var/www/html/info.php

Note: After everything test & working should remove the info.php file so that it can't be used by potential attacker to gather specific about your system.

Output of http://localhost/info.php

create a self-signed SSL Certificate # yum install openssl # to install the OpenSSL Package

# rpm -ivh openssl-0.9.8b-8.3.el5

mkdir /etc/httpd/conf/ssl.key && cd /etc/httpd/conf/ssl.key/

Generate a Private Keyopenssl genrsa -des3 -out server.key 1024

Generate a CSR (Certificate Signing Request)openssl req -new -key server.key -out server.csr

Remove Passphrase from Keycp server.key server.key.orgopenssl rsa -in server.key.org -out server.key

Generating a Self-Signed Certificateopenssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

Installing the Private Key and Certificatechmod 755 /etc/httpd/conf/ssl.crt/server.crtchmod 755 /etc/httpd/conf/ssl.key/server.key

Configuring SSL Enabled Virtual HostsSSLEngine onSSLCertificateFile /etc/httpd/conf/ssl.crt/server.crtSSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key

Add an SSL-enabled virtual host to your Apache configuration files. Using the earlier virtual host as an

example, your configuration will look something like this: Listen *:443 ## Add this line after Listen *:80

<VirtualHost <your server ip address>:443> ServerName secure.example.org DocumentRoot /home/username/public_html/ DirectoryIndex index.php index.html index.htm SSLEngine On SSLCertificateKeyFile /etc/apache/ssl.key/server.key SSLCertificateFile /etc/apache/ssl.crt/server.crt </VirtualHost>

Test the configurationapachectl configtest

Restart Apache and Test/etc/init./apache2 restart

Modifying httpd.conf fileSearch For /Redirect Tag And Type Shown Belowvi /etc/httpd/conf/http.confRedirect / https://FQDN/pathofthefileStart The Apache Service Access The Application Using https://FQDN/etc/httpd/logs/ssl_access_log

Setting Up User Based Access Control

htpasswd -c /etc/http-passwd user-name htpasswd -c /etc/http-passwd second-user

<Directory /srv/www/htdocs/private> AuthType Basic AuthName “Restricted Directory” AuthUserFile /etc/http-passwd Require user paul </Directory>

Add Module in working HTTP server

Build and install a third-party Apache module, say mod_foo.c, into its own DSO mod_foo.so outside of the Apache source tree using apxs (Apache Extension):

$ cd /path/to/3rdparty $ apxs -c mod_foo.c $ apxs -i -a -n foo mod_foo.la

vi httpd.conf LoadModule mymodule

/usr/lib/httpd/modules/mymodule.so

Controlling Apache processes

StartServers ## initial number of server processes to start.

MaxClients## maximum number of simultaneous client connections.

MinSpareThreads ## minimum number of worker threads which are kept spare.

MaxRequestsPerChild## maximum number of worker threads which are kept spare.

ThreadsPerChild## constant number of worker threads in each server process.

MaxRequestsPerChild## maximum number of requests a server process serves.

Fine-tune the PHP Four important settings control how much system resources PHP can consume

Setting Description Recommended value max_execution_time How many CPU-seconds a script can consume 30 max_input_time How long (seconds) a script can wait for input data 60 memory_limit How much memory (bytes) a script can consume before being killed

32M output_buffering How much data (bytes) to buffer before sending out to the client 4096

LAB

Demonstration of hosting a website by using APACHE.

What is performance tuning

• Utilizing resources as efficiently as possible– Not always speed!

• It’s not always a good idea– Use with care: It can break things– Buy more hardware instead

• Helps against bottlenecks, not underpowered systems as a whole

Tuning Apache (1)Make Apache do less

• Disable unused processing (pre and post):– mod_includes– ExtendedStatus

• Disable DNS and User lookups

• Avoid disk operations:– AllowOverride– FollowSymlinks

• mod_disallow_uid for security

Example

HostNameLookups offUserDir /home/*/WWWAllowOverride NoneOptions FollowSymlinks

DisallowUid 0DisallowGid 0

Tuning Apache (2)Make Apache wait less

• Tune process model–MinSpareServers–MaxSpareServers–StartServers–MaxClients–MaxRequestsPerChild

Tuning Apache (3)

• Avoid running other applications on the same servers

• Do not run out of memory– Swapping kills performance

• Offload functionality– Use a frontproxy to serve static data– Use a frontproxy or similar to handle SSL

Tuning Apache (4)Make Apache work smartly

• Compress data– mod_gzip or mod_compress

• Throttle popular sites or directories– By OS, or mod_bandwidth or mod_throttle

• For mass virtualhosting, use mod_rewrite or mod_vhost_alias

• Write site-specific modules, or adapt existing ones

Tuning Apache (5)KeepAlive Requests

• Persistent connections• Multiple requests over one TCP socket

• Directives:– KeepAlive– MaxKeepAliveRequests– KeepAliveTimeout

Example

mod_gzip_enable Yesmod_gzip_item_include mime text/.*mod_gzip_item_exclude mime text/compressedBandwidthModule On<Directory /home> Bandwidth 194.109.0.0/23 0 Bandwidth all 1024 MinBandwidth -1</Directory>XS4ALLUserDir WWW

Tuning Applications

• Optimize your scripts/programs• Use a language specific interpreter-module

– mod_perl– mod_python, mod_snake– mod_dtcl, NeoScript, many more– mod_php– mod_ruby

• Use FastCGI• Rewrite C programs directly into Apache as a

module

Tuning the Operating System

• Free up memory• Raise process limits (for Apache)• Disable process accounting• Tune the kernel (maxproc, shmem, maxfd,

TCP stack)• When possible, disable ‘atime’ updates• Choose the best accept-serializing strategy

(in Apache 2.0, choose the best MPM)

Troubleshooting

Common pitfallsand their solutions

Check your error_log

• The first place to look• Increase the LogLevel if needed

– Make sure to turn it back down (but not off) in production

Check Apache Health

• server-status– ExtendedStatus (see next slide)

• Verify “httpd -V”• ps -elf | grep httpd | wc -l

– How many httpd processes are running?

server-status Example

Other Possibilities

• Set up a staging environment• Set up duplicate hardware

• Check for known bugs– http://nagoya.apache.org/bugzilla/

Common Bottlenecks

• No more File Descriptors• Sockets stuck in TIME_WAIT• High Memory Use (swapping)• CPU Overload• Interrupt (IRQ) Overload

File Descriptors

• Symptoms– entry in error_log– new httpd children fail to start– fork() failing across the system

• Solutions– Increase system-wide limits– Increase ulimit settings in apachectl

TIME_WAIT

• Symptoms– Unable to accept new connections

– CPU under-utilized, httpd processes sit idle

– Not Swapping

– netstat shows huge numbers of sockets in TIME_WAIT

• Many TIME_WAIT are to be expected

• Only when new connections are failing is it a problem– Decrease system-wide TCP/IP FIN timeout

Memory Overload, Swapping

• Symptoms– Ignore system free memory, it is misleading!– Lots of Disk Activity– top/free show high swap usage– Load gradually increasing– ps shows processes blocking on Disk I/O

• Solutions– Add more memory– Use less dynamic content, cache as much as possible– Try the Worker MPM

How much free memorydo I really have?

• Output from top/free is misleading.• Kernels use buffers• File I/O uses cache• Programs share memory

– Explicit shared memory– Copy-On-Write after fork()

• The only time you can be sure is when it starts swapping.

CPU Overload

• Symptoms– top shows little or no idle CPU time– System is not Swapping– High system load– System feels sluggish– Much of the CPU time is spent in userspace

• Solutions– Add another CPU, get a faster machine– Use less dynamic content, cache as much as possible

Interrupt (IRQ) Overload

• Symptoms– Frequent on big machines (8-CPUs and above)– Not Swapping– One or two CPUs are busy, the rest are idle– Low overall system load

• Solutions– Add another NIC

• bind it to the first or use two IP addresses in Apache• put NICs on different PCI busses if possible

Questions ?