[PREV] | [UP] | [NEXT]

Apache Webserver

Overview:

Apache is a central component of the DISChosting system since it's administration and use is practically entirely web-based. But the setup of Apache does not require overly much customization.

We are using Apache 1.3.x. There is much to say for switching to Apache 2, because Apache 2 can store its configuration in LDAP. But several crucial components in PHP are still not working under Apache 2 now, so we will have to wait on that.

Instead of making Apache LDAP-aware, we decided to dump our virtual host information from LDAP to files. The files are stored in /var/apache/virtual.conf.d. If you want to know more about what we store in LDAP for virtual hosts, read this

Getting and Installing Apache

On debian sarge, the cruxial packages to have installed are:

  • apache
  • apache-common
  • apache-utils
  • libapache-mod-ssl
  • libapache-mod-perl
  • libapache-mod-gzip
  • libapache-auth-ldap
  • php4
  • php4-cgi
  • php4-ldap
  • php4-pear
  • php4-mysql
  • php4-mcrypt
  • php4-xslt
  • php4-gd2

    General apache configuration:

  • Make sure the ssl, perl, php4 and gzip modules are enabled in /etc/apache/modules.conf
  • Uncomment AddHandler for php4
  • Uncomment AddHandler cgi-script
  • Set Listen to your standard-ipnumber for virtual hosts
  • comment out UserDir settings Add this to the end of your httpd.conf: 
    Include /etc/apache/httpd.namevirtualhosts
Include /etc/apache/conf.d
Include /var/apache/virtual.conf.d
Include /etc/apache/httpd.redir

    /etc/apache/namevirtualhosts should contain: 
    NameVirtualHost 1.2.3.4:80
NameVirtualHost 1.2.3.5:80
    for all your ip numbers.

    Creating a SSL setup for your administration interface

    Since your administration interface gives (almost) root access to your machine, setting it up through SSL is important. In the /examples directory, there is an example file to put in /etc/apache/conf.d for the admin SSL host. You will need to make SSL certificated yourself, as described here

    Redirecting unknown hostnames to your website

    To create a catchall for domain names that point to your server but are not configured, at this to /etc/apache/httpd.redir: 
    # do this for all ip numbers!

        redirect / http://yourdomain.org/


        redirect / http://yourdomain.org/

    Now apache is up and running. If not, read the stories below for more information!

    More on apache

    (You can skip this if the installation above works for you)

    To run DISC on your platform, you need to install Apache 1.3 (you can get it here. Of course - since DISCadmin is written in PHP, you need to install the Apache PHP4 modules (available here). Take care to include LDAP support when building PHP. You also need SSL support, so install mod_ssl (downloadable here). Since we want to pass on authentication information to LDAP, you also need the auth_ldap_module which is available here. Information on how to install and configure these modules can be found on the developer's pages, please refer to them for specifics. As always, we are only covering DISC specific settings. Using Debian you can simply install apache, php4, php4-ldap, libapache-mod-ssl and libapache-auth-ldap.


    Apache Configuration:

    You need to edit a few things in httpd.conf and - if your installation creates it as a seperate file - modules.conf. The latter is a seperate file that contains the information on loadable dynamic modules, it is automatically generated when installing Apache on Debian, but might not be there if you build from sources. In any case, you need to load crucial modules by including the following lines:

    LoadModule php4_module /usr/lib/apache/1.3/libphp4.so
    LoadModule ssl_module /usr/lib/apache/1.3/mod_ssl.so
    LoadModule auth_ldap_module /usr/lib/apache/1.3/auth_ldap.so

    Note that the paths to the module files might be different on your system. The above example applies to a standard Debian install.


    The rest of the Apache configuration is pretty much standard. Make sure to enable php index support by adding index.php to DirectoryIndex and enable the php mime type by uncommenting the following lines:

    AddType application/x-httpd-php .php
    AddType application/x-httpd-php-source .phps

    Also make sure to set NameVirtualHost for your host address! Host specific configurations go into seperate files which you will have to include into the config file:

    Include /etc/apache/conf.d
    Include /var/apache/virtual.conf.d

    With this we include specific configuration files for ssl configuration, Squirrelmail (we just used the default Squirrelmail config) and our own VirtualHost configs which we store in /var/apache/virtual.conf.d. The configuration file for ssl support (included in /etc/apache/conf.d) looks like this:

    ServerAdmin webmaster@example.com
    DocumentRoot /var/www/
    <Directory /var/www/webalizer>
    AddType application/x-httpd-php .html
    AllowOverride All
    php_flag register_globals off
    php_value include_path /usr/local/discadmin/php
    php_value auto_prepend_file /usr/local/discadmin/php/session.php
    </Directory>
    Alias /discadmin /usr/local/discadmin/php
    Alias /mail /usr/share/squirrelmail
    ServerName www.example.com
    ScriptAlias /cgi-bin/ /usr/local/apache/share/htdocs/cgi-bin/
    SSLEngine on
    SSLCertificateFile /etc/apache/dischosting.nl.crt
    SSLCertificateKeyFile /etc/apache/dischosting.nl.key
    SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
    CustomLog /var/log/apache/ssl_request.log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
    </VirtualHost>

    Here we make sure that discadmin is only accessible via https, so is the webalizer directory.
    If you need to create an SSL certificate, read this link for a short howto.

    The Virtual Host configuration files will be generated by Discadmin (no manual file-editing required). They will be written to /var/apache/virtual.conf.d. A typical VirtualHost configuration file as it would be located in /var/apache/virtual.conf.d would look like this:

    <virtualhost 000.000.000.000:80>
    servername example.org
    serveralias www.example.org
    serveradmin webmaster@example.org
    documentroot /hosting/example.org/www/
    customlog /hosting/example.org/logs/example.org-access.log combined
    errorlog /hosting/example.org/logs/example.org-error.log
    scriptalias /wws /usr/lib/cgi-bin/sympa/wwsympa.fcgi
    scriptalias /mailinglists /usr/lib/cgi-bin/sympa/wwsympa.fcgi
    alias /mail /usr/share/squirrelmail
    <directory /hosting/example.org/www/>
    allowoverride authconfig
    </directory>
    </virtualhost>



    Apache, LDAP and DISCadmin

    We used a schema file from the Apache 2 module     http://sourceforge.net/projects/modcfgldap/ as basis for our own schema that we use to store VirtualHost data in LDAP. The Schema can be found in docs/examples/schema of our package and looks like this: 

    attributetype ( 1.3.6.1.4.1.14287.1.1.2 NAME 'apacheServerName'
        SUP name
        DESC 'mod_cfg_ldap: Apache ServerName'
        EQUALITY caseIgnoreMatch
        SUBSTR caseIgnoreSubstringsMatch
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256}
        SINGLE-VALUE )
        
attributetype ( 1.3.6.1.4.1.14287.1.1.3 NAME 'apacheServerAlias'
        SUP name
        DESC 'mod_cfg_ldap: Apache ServerAlias'
        EQUALITY caseIgnoreMatch
        SUBSTR caseIgnoreSubstringsMatch
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
        
attributetype ( 1.3.6.1.4.1.14287.1.1.4 NAME 'apacheDocumentRoot'
        SUP name
        DESC 'mod_cfg_ldap: Apache DocumentRoot'
        EQUALITY caseIgnoreMatch
        SUBSTR caseIgnoreSubstringsMatch
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256}
        SINGLE-VALUE )

attributetype ( 1.3.6.1.4.1.14287.1.1.5 NAME 'apacheServerAdmin'
        SUP name
        DESC 'mod_cfg_ldap: Apache ServerAdmin'
        EQUALITY caseIgnoreMatch
        SUBSTR caseIgnoreSubstringsMatch
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256}
        SINGLE-VALUE )

attributetype ( 1.3.6.1.4.1.14287.1.1.6 NAME 'apacheVirtualHostIP'
        DESC 'IP address for Apache VirtualHost'
        EQUALITY caseIgnoreIA5Match
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} SINGLE-VALUE )

attributetype ( 1.3.6.1.4.1.14287.1.1.7 NAME 'apacheVirtualHostPort'
        EQUALITY integerMatch
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )

attributetype ( 1.3.6.1.4.1.14287.1.1.8 NAME 'apacheCustomLog'
        DESC 'The absolute path to the CustomLog file'
        EQUALITY caseExactIA5Match
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )

attributetype ( 1.3.6.1.4.1.14287.1.1.9 NAME 'apacheErrorLog'
        DESC 'The absolute path to the ErrorLog file
        EQUALITY caseExactIA5Match
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )

objectclass ( 1.3.6.1.4.1.14287.1.2.1 NAME 'apacheConfig'
        SUP 'top' AUXILIARY
        MUST ( apacheServerName $ apacheDocumentRoot $ apacheVirtualHostIP )
        MAY ( apacheServerAlias $ apacheServerAdmin $ apacheCustomLog 
        $ apacheErrorLog $ apacheVirtualHostPort ) )

    This schema introduces the apacheConfig objectclass, which will be added to the dc=hostname,dc=domainname,dc=dot, part of the LDAP tree .

    The discadmin daemon scripts then read those values out of the LDAP directory.

    Discdaemon runs in the background. As soon as data is changed in LDAP, the new config files are created. If necessary, apache is restarted.

    [PREV] | [UP] | [NEXT]