Differences between revisions 12 and 13
Revision 12 as of 2022-09-23 17:56:28
Size: 2657
Editor: DominicRicottone
Comment:
Revision 13 as of 2022-09-23 17:57:09
Size: 2723
Editor: DominicRicottone
Comment:
Deletions are marked like this. Additions are marked like this.
Line 91: Line 91:
=== Encryption ===

See [[Apache/SSL|here]] for details.

Apache

httpd(8), also known as Apache or Apache2, is one of the oldest and most extensible web servers. It has survived so long precisely because it is so extensible; system administrators have been able to continuously tune and upgrade the server for modern best practices.

Contents

  1. Apache
    1. Installation
    2. Configuration
      1. Server
      2. Virtual Hosts
      3. Encryption
      4. Authentication

Installation

Most Linux and BSD distributions offer a package for httpd(8), but it will be named differently across systems. The most common names are apache and apache2.

Supporting programs like htpasswd(1) are sometimes split into a separate package named like apache2-utils.

For systemd-capable systems, start and enable httpd.service or apache2.service (again, differing across systems).

For Alpine, try: 

rc-service apache2 start
rc-update add apache2

Otherwise try: 

service apache2 start
#also: stop, restart, and reload

For BSD distributions, try: 

/usr/local/sbin/apachectl start
#also: stop, restart, and graceful

See apachectl(8) for more information.

To launch the server on startup, update /etc/rc.conf: 

apache_enable="YES"

Configuration

Server

The server is configured by a central file. Distributions disagree about the correct location for this file. Try all of the following:

  • /etc/apache2.conf

  • /etc/apache2/apache2.conf

  • /etc/httpd/conf/httpd.conf

  • /usr/local/etc/apache/httpd.conf

Virtual Hosts

Virtual hosts are declared in domain-specific files. An example site configuration for a CGI script, such as cgit. 

<VirtualHost *:80>
  ServerAdmin webmaster@localhost
  ServerName git.my-domain.com
 
  DocumentRoot /usr/share/cgit
  Alias / /usr/share/cgit/cgit.cgi

  <Document '/usr/share/cgit/'>
    Options ExecCGI FollowSymLinks
    Require all granted
    AddHandler cgi-script .cgi
    DirectoryIndex cgit.cgi
  </Document>
 
  ErrorLog /var/log/apache2/error.log
  CustomLog /var/log/apache2/access.log combined
</VirtualHost>

Encryption

See here for details.

Authentication

A document can be set to require authentication, except for a local network user. 

<Document "/">
  AuthType Basic
  AuthName "Authentication Required"
  AuthUserFile /var/www/ftp-htpasswd
  <RequireAny>
    Require valid-user
    Require ip 192.168
    Require ip 10
  </RequireAny>
</Document>

This method of authentication is 'good-enough' for personal uses. It relies entirely on the traffic encryption (HTTPS).

CategoryRicottone

Apache (last edited 2023-04-03 12:48:41 by DominicRicottone)