Apache Web Server

• Aim of this section – Introduce you to workings of the most common webserver – Give you a little experience in role of webmaster

• Configuring apache • Installing server • Setting access controls on files • etc

Apache

Apache

• Most common httpd daemon server –Just over 60% of market –Used as basis of some other products (e.g. IBM Websphere

application servers)

• Versions exist for Unix, Linux, and Windows –Windows version does differ in implementation detail

Apache

• www.apache.org • apachetoday.com

– URL still valid, but now swallowed up by “ServerWatch” • http://www.serverwatch.com/stypes/servers/index.php/15877

– Still has Apache tutorials

Apache versions

• 1.3.xx (currently 1.3.34) – The classic Apache, the one whose process structure is described

in these lectures. – Still widely used

• 2.x – A modernized threaded server structure – 2.2.x on Unix – 2.0.55 on Windows

January 2006 stats

Server Market Share No. of Sites(.com) domains Apache 67.38% 25,522,907 Microsoft-IIS 20.29% 8,371,612 Unknown 5.59% 3,115,393 Sun-ONE-Web-Server 2.07% 1,061,053 Zeus 0.75% 208,496 WebLogic 0.02% 7,846Oracle 0.01% 2,637 NCSA HTTPd 0.00% 315

Server

No. of Sites

Market Share

No. of Sites With .com domains

Apache

50,502,840

67.38%

25,522,907

Microsoft-IIS

15,208,775

20.29%

8,371,612

Unknown

4,186,054

5.59%

3,115,393

Sun-ONE-Web-Server

1,551,930

2.07%

1,061,053

Zeus

561,524

0.75%

208,496

WebLogic

13,601

0.02%

7,846

...

...

...

...

Oracle

8,280

0.01%

2,637

...

...

...

...

NCSA HTTPd

1,717

0.00%

315

Apache – Things you should know

Aspects of Apache (1)

• Processes– How does it work– Administrator controls resource usage

• Modules

– These determine the functionality of a particular server– Administrator chooses the necesary modules

• Access control

– Administrator can limit web-clients’ access to different resources

Aspects of Apache (2)• Logs

–Usefull data for usage pattern analysis and problem determination

• Virtual Hosts–An apache web server can serve several sites (by

pretending to be a diffrent server)• Mechanisms for dynamic page generation

–CGI, SSI, ...• How to configure

Apache Processes (Unix/Linux)

• Apache httpd CHIEF process monitoring port• Child processes:

– Pool of preforked processes each running apache

• The chief process keeps track of the childs (minimum and maximum nr of childs etc)

Apache Processes (Unix/Linux)

• Child processes (1.3)– Each child acts like a “serial server”– Each child has a maximum number of connections that can handle (one at a

time); ones it has dealt with that number it must terminate

Apache Processes (Unix/Linux)

• Child processes (2.x)– Each child acts like a “threaded server”– Each child deals a number of connections at a time

Apache Processes (Unix/Linux)

• Child processes– Client connections tipicaly contain a sequence of requests.– Usually Apache configured to “keep alive” connections

Apache Administrator role: performance

• Must set limits on processes in order to achieve acceptable performance levels from host computer– MaxClients, Memory Limits, Swapping, cacheing ...– MinSpareServers, MaxSpareServers ...

• Must set limits for actions of child processes– KeepAlive, MaxKeepAliveRequests, KeepAliveTimeout– Timeout– MaxRequestsPerChild

Apache Modules

• Apache Server– Core Component (serves simple static HTML)– Modules (implement optional features and extensions)

Modules• Standard Modules:

– mod_cgi, mod_env, mod_log_config, mod_mime, mod_negociation (core functionality)

– mod_status, mod_dir, mod_autoindex (information modules)– mod_access, mod_auth, mod_userdir, mod_alias (access control)– mod_imap, mod_include, mod_actions (extra processing)

• Optional modules:– mod_proxy, mod_rewrite, mod_speling

• Add-on modules– mod_perl, mod_php, etc ...

Apache Administrator role: modularity

• Must select the modules to be incorporated– Functionality– Security

• Config parameters for each module

Apache : access control

• Apache set-up must secure file-space against inapropriate web access (location, access controls, authorisation)

• Apache’s user– It has to be started by root (in order to gain control of port 80 < 1024)– Should imidiately switch to a non-priviledged user (apache)– If root is not available use own filespace and port above 1024

Apache : access control (cont)

• Basic controls (mod_access) allows restrictionsbased on IP address of the request

• General policies specified in conf files (<Directory> sections)• Overrides possible with .htaccess files (costly)• Authorization: 401 error requests auth. The server can check against text

files, dbm, sql– The browser must perform state maintenance– It can be basic (text files) or DBM

Apache administrator’s role: access

• Should edit main controls in httpd.conf• Can specify specific controls per directory in httpd.conf• Can enable htaccess for detailed controls

Apache : logs

• Two logs are normaly maintained: access and errors• Custom logs could be defined• Can grow fast: rotate!• Analyze!• Can decide to record host names instead of ip (costly)• Error log level should be set (from debug to emerg)• Log analysis tools available (free and comercial)

Apache : virtual hosts

• Better separate web applications runing on your server• NameBased or IP Based• First step is to properly set up DNS• Configuration file must identify the different hosts• HTTP 1.0 clients: no Host Header!

Apache : virtual host

• Configuring Apache:– NameVirtualHost– VirtualHostDirectives (for each host)

• Example using mod_proxy to forward the requests:

NameVirtualHost 86.34.230.27

<VirtualHost 86.34.230.27>

ServerAdmin brett@intergroup.ro

ServerName 86.34.230.27

ProxyPass / http://proxy.internal/

ProxyPassReverse / http://proxy.internal/

TransferLog logs/direct_log

CustomLog logs/direct_log combined

</VirtualHost>

<VirtualHost 86.34.230.27>

ServerAdmin brett@intergroup.ro

ServerName www.etronics.ro

ProxyPass / http://proxy.internal/test-site/

ProxyPassReverse / http://proxy.internal/test-site/

TransferLog logs/etronics_log

CustomLog logs/etronics_log combined

</VirtualHost>