Special Edition Using Linux, Fourth Edition:Getting Started with Apache

-->

httpd.conf

The first configuration file to look at is httpd.conf. This is the file that sets the basic system-level information about the server, such as what port it binds to, which users it runs under, and so on. If you aren’t the systems administrator of the site at which you’re installing the server, you might want to ask the administrator to help you with these questions.

The essential items to cover in this file include the following:

• Port number
For example:


Port 80

This is the TCP/IP port number to which the Web server binds. Port 80 is the default port in http: URLs. In other words, http://www.myhost.com/ is equivalent to http://www.myhost.com:80/.
For a number of reasons, however, you might want to run your server on a different port; for example, there might already be a server running on port 80, or you might want to keep this server secret. (If there’s sensitive information, however, you should at least use host-based access control, if not password protection.)

• User #number_or_uid
Group #number_or_uid
For example:


User nobody

Group nogroup

Apache needs to be launched as root to bind to a port lower than 1024. Immediately after grabbing the port, Apache changes its effective user ID to something else, typically as user nobody. This is very important for security reasons.
This user ID needs to be able to read files in the document root, and it must have read permission on the configuration files. The argument should be the actual user name; however, if you want to give a numeric user ID, prepend the number with a pound sign (#). The Group directive follows the same principle: Decide which group ID you want the server to run with.

NOTE: Running your Web servers as root means that any hole in the server (be it through the server itself or through a CGI script, which is much more likely) could be exploited by an outside user to run a command on your machine. Thus, setting the user to nobody, www, or some other reasonably innocuous user ID is the safest bet.

• ServerAdmin email_address
Set the e-mail address of a user who can receive mail related to the actions of the server. In the case of a server error, the browser visiting your site will receive a message to the effect of “please report this problem to user@myhost.com.” In the future, Apache might send warning e-mail to the ServerAdmin user if it encounters a major systems-related problem.

• ServerRoot directory
For example:


ServerRoot /usr/local/apache

Set the server root you decided on earlier. Give the full path, and don’t end it with a slash.

• ErrorLog directory/filename
TransferLog directory/filename
Specify exactly where to log errors and Web accesses. If the filename you give doesn’t start with a slash, it’s presumed to be relative to the server root directory. I suggested earlier that the logfiles be sent to a separate directory outside the server root; this is where you specify the logging directory and the name of the logfiles within that directory.

• ServerName DNS_hostname
At times, the Web server will have to know the host name it’s being referred to as, which can be different from its real host name. For example, the name www.myhost.com might actually be a DNS alias for gateway.myhost.com. In this case, you don’t want the URLs generated by the server to be http://gateway.myhost.com/. ServerName allows you to set that precisely.

srm.conf

The second configuration file to cover before launch is srm.conf. The important things to set in that file include the following:

• DocumentRoot directory
As described before, this is the root level of your tree of documents, which could be either /usr/local/apache/htdocs or /www/htdocs. This directory must exist and be readable by the user (usually nobody) the Web server runs as.

• ScriptAlias request_path_alias directory
ScriptAlias lets you specify that a particular directory outside the document root can be aliased to a path in the request and that objects in that directory are executed rather than simply read from the file system. For example, the default offering


ScriptAlias /cgi-bin/ /usr/local/apache/cgi-bin/

means that a request for http://www.myhost.com/cgi-bin/fortune will execute the program /usr/local/apache/cgi-bin/fortune. Apache comes bundled with a number of useful beginner CGI scripts, simple shell scripts that illustrate CGI programming.
Finally, the directory containing the CGI scripts should not be under the document root. Bizarre interactions between the code that handles ScriptAlias and the code that handles request/path name resolution could cause problems.

access.conf

access.conf is structured more rigidly than the other configuration files; the content is contained within <Directory></Directory> pseudo-HTML tags that define the scope of the directives listed within.

• See “Configuration Basics,” p. 684

So for example, the directives between


<Directory /www/htdocs>

and


</Directory>

affect everything located under the /www/htdocs directory. Furthermore, wildcards can be used. For example,


<Directory /www/htdocs/*/archives/>

....

</Directory>

applies to /www/htdocs/list1/archives/, /www/htdocs/list2/archives/, and so on.

Table of Contents