Appendix 4

 Appendix 4
2.2.2 WWW Server

     Here we will describe the setting of local www server as well as trying to run a proxy server for accessing from outside our network. For this purpose we are running Apache 1.2.6. You can always get the latest version from the site: www.apache.org. The packages is also available from the www.freebsd.org. We are not going to demonstrate the boring parts here again, you might already get tired of reading all the detail demonstration of these packages. When you install the package you should get the following configuration files:

/usr/local/etc/apache/httpd.conf
/usr/local/etc/apache/access.conf
/usr/local/etc/apache/srm.conf
/usr/local/etc/apache/mime.types

And finally the Apache www server program and the startup script:

/usr/local/sbin/httpd
/usr/local/etc/rc.d/apache.sh

Now here we describe the different configuration files respectively:

httpd.conf:

htpd.conf file determines the overall directives of the whole server like logging management. The file we prepared for our server is like follows:
---------------------- Start of httpd.conf file ---------------------
# This is the main server configuration file. See URL http://www.apache.org/
# for instructions.
# Do NOT simply read the instructions in here without understanding
# what they do, if you are unsure consult the online docs. You have been
# warned.
# Originally by Rob McCool
# ServerType is either inetd, or standalone.
ServerType standalone
# If you are running from inetd, go to "ServerAdmin".
# Port: The port the standalone listens to. For ports < 1023, you will
# need httpd to be run as root initially.
Port 80
# HostnameLookups: Log the names of clients or just their IP numbers
# e.g. www.apache.org (on) or 204.62.129.132 (off)
# You should probably turn this off unless you are going to actually
# use the information in your logs, or with a CGI. Leaving this on
# can slow down access to your site.
#HostnameLookups on
#below line is added by Junan on 9th June, 1998
HostnameLookups off
# If you wish httpd to run as a different user or group, you must run
# httpd as root initially and it will switch.
# User/Group: The name (or #number) of the user/group to run httpd as.
# On SCO (ODT 3) use User nouser and Group nogroup
# On HPUX you may not be able to use shared memory as nobody, and the
# suggested workaround is to create a user www and use that user.
#User nobody
#Group nogroup
#below line is added by Junan on 9th June, 1998
User www
Group nobody
# The following directive disables keepalives and HTTP header flushes for
# Netscape 2.x and browsers which spoof it. There are known problems with
# these
BrowserMatch Mozilla/2 nokeepalive
# ServerAdmin: Your address, where problems with the server should be
# e-mailed.
ServerAdmin root@maple.inf.yatsushiro-nct.ac.jp
#Below line was the previous setting Junan on 9th July, 1998
#ServerAdmin root@ant.yatsushiro-nct.ac.jp
# ServerRoot: The directory the server's config, error, and log files
# are kept in
# Comment by Junan: error, access files were declared in different
# directories by Junan(to /var/log directory). Please refer to the below
# ErrorLog, TransferLog etc.
ServerRoot /usr/local/etc/apache
# BindAddress: You can support virtual hosts with this option. This option
# is used to tell the server which IP address to listen to. It can either
# contain "*", an IP address, or a fully qualified Internet domain name.
# See also the VirtualHost directive.
#BindAddress *
# ErrorLog: The location of the error log file. If this does not start
# with /, ServerRoot is prepended to it.
ErrorLog /var/log/httpd-error.log
# TransferLog: The location of the transfer log file. If this does not
# start with /, ServerRoot is prepended to it.
TransferLog /var/log/httpd-access.log
#LogFormat "%h %l %u %t \"%r\" %s %b \"%{Referer}i\" \"%{User-Agent}i\""
# PidFile: The file the server should log its pid to
PidFile /var/run/httpd.pid
# ScoreBoardFile: File used to store internal server process information.
# Not all architectures require this. But if yours does (you'll know because
# this file is created when you run Apache) then you *must* ensure that
# no two invocations of Apache share the same scoreboard file.
ScoreBoardFile /var/run/apache_runtime_status
LockFile /var/spool/lock/accept.lock
# ServerName allows you to set a host name which is sent back to clients for
# your server if it's different than the one the program would get (i.e. use
# "www" instead of the host's real name).
# Note: You cannot just invent host names and hope they work. The name you
# define here must be a valid DNS name for your host. If you don't understand
# this, ask your network administrator.
ServerName www.ant.yatsushiro-nct.ac.jp
#ServerName maple
# CacheNegotiatedDocs: By default, Apache sends Pragma: no-cache with each
# document that was negotiated on the basis of content. This asks proxy
# servers not to cache the document. Uncommenting the following line disables
# this behavior, and proxies will be allowed to cache the documents.
#CacheNegotiatedDocs
# Timeout: The number of seconds before receives and sends time out
Timeout 300
# KeepAlive: Whether or not to allow persistent connections (more than
# one request per connection). Set to "Off" to deactivate.
KeepAlive On
# MaxKeepAliveRequests: The maximum number of requests to allow
# during a persistent connection. Set to 0 to allow an unlimited amount.
# We reccomend you leave this number high, for maximum performance.
MaxKeepAliveRequests 100
# KeepAliveTimeout: Number of seconds to wait for the next request
KeepAliveTimeout 15
# Server-pool size regulation. Rather than making you guess how many
# server processes you need, Apache dynamically adapts to the load it
# sees --- that is, it tries to maintain enough server processes to
# handle the current load, plus a few spare servers to handle transient
# load spikes (e.g., multiple simultaneous requests from a single
# Netscape browser).
# It does this by periodically checking how many servers are waiting
# for a request. If there are fewer than MinSpareServers, it creates
# a new spare. If there are more than MaxSpareServers, some of the
# spares die off. These values are probably OK for most sites ---
MinSpareServers 5
MaxSpareServers 10
# Number of servers to start --- should be a reasonable ballpark figure.
StartServers 5
# Limit on total number of servers running, i.e., limit on the number
# of clients who can simultaneously connect --- if this limit is ever
# reached, clients will be LOCKED OUT, so it should NOT BE SET TOO LOW.
# It is intended mainly as a brake to keep a runaway server from taking
# Unix with it as it spirals down...
MaxClients 150
# MaxRequestsPerChild: the number of requests each child process is
# allowed to process before the child dies.
# The child will exit so as to avoid problems after prolonged use when
# Apache (and maybe the libraries it uses) leak. On most systems, this
# isn't really needed, but a few (such as Solaris) do have notable leaks
# in the libraries.
MaxRequestsPerChild 30
# Proxy Server directives. Uncomment the following line to
# enable the proxy server:
# ProxyRequests On
# To enable the cache as well, edit and uncomment the following lines:
#CacheRoot /usr/local/etc/httpd/proxy
#CacheSize 5
#CacheGcInterval 4
#CacheMaxExpire 24
#CacheLastModifiedFactor 0.1
#CacheDefaultExpire 1
#NoCache a_domain.com another_domain.edu joes.garage_sale.com
# Listen: Allows you to bind Apache to specific IP addresses and/or
# ports, in addition to the default. See also the VirtualHost command
#Listen 3000
#Listen 12.34.56.78:80
# VirtualHost: Allows the daemon to respond to requests for more than one
# server address, if your server machine is configured to accept IP packets
# for multiple addresses. This can be accomplished with the ifconfig
# alias flag, or through kernel patches like VIF.
# Any httpd.conf or srm.conf directive may go into a VirtualHost command.
# See also the BindAddress entry.
#<VirtualHost host.some_domain.com>
#ServerAdmin webmaster@host.some_domain.com
#DocumentRoot /usr/local/www/host.some_domain.com/data
#ServerName host.some_domain.com
#ErrorLog /var/log/host.some_domain.com-error_log
#TransferLog /var/log/host.some_domain.com-access_log
#</VirtualHost>
---------------------- Start of httpd.conf file ---------------------

Here is the summary of most important lines:

Port 80
HostnameLookups off
User www
Group nobody
ServerAdmin root@maple.inf.yatsushiro-nct.ac.jp
ServerRoot /usr/local/etc/apache
ErrorLog /var/log/httpd-error.log
TransferLog /var/log/httpd-access.log

'Port 80' is the default port. You can listen on another port using 'Listen' option. 'HostnameLookups off' forces to make logs with IP addresses rather than their hostnames. If you use this option you will get log files like:

maple@junan:/var/log{1034}% tail /var/log/httpd-access.log
202.251.39.154 - - [16/Feb/1999:20:54:17 +0900] "GET http://www.ant.yatsushiro-n
ct.ac.jp/cgi-bin/randimg.pl HTTP/1.0" 302 179
202.251.39.154 - - [16/Feb/1999:20:54:17 +0900] "GET http://maple/pics/img2.gif
HTTP/1.0" 200 14893
ServerAdmin sets the mail address of the administrator of the httpd server. You can set other valid(not necessarily valid) users here. We would have liked www.maple.inf.yatsushiro-nct.ac.jp and making the alias in /etc/aliases directed to the root. Anyhow there's not much problem with it. ServerRoot determines the location of different configuration files. Though error files and log files should have been here we located them in /var/log directory since all the log files are located there. That's all with the httpd.conf file.

Next comes the access.conf file. This file determines different access control. Here is the completed access.conf file:

access.conf

---------------------- Start of access.conf file ---------------------
# This should be changed to whatever you set DocumentRoot to.
<Directory /usr/local/www/data>
Options Indexes FollowSymLinks
AllowOverride None
# Controls who can get stuff from this server.
order allow,deny
allow from all
</Directory>
# /usr/local/etc/httpd/cgi-bin should be changed to whatever your ScriptAliased
# CGI directory exists, if you have that configured.
<Directory /usr/local/www/cgi-bin>
AllowOverride None
Options ExecCGI
# above option was added by Junan on 17th July, 1998
#Options None
</Directory>
---------------------- End of access.conf file ---------------------


We only mentioned the necessary parts from the access.conf file. Most probably you will get away quite nicely with these options --- there will be necessary comments written in the original access.conf file. Please refer to it but here's the explanation of above lines:
First <Directory> </Directory> option helps determine the root directory for the html pages. It also gives the accessing permission to all. The second <Directory> tag determines the cgi-bin directory which contains the CGI scripts. CGI scripts should be created with careful consideration and placed here.

srm.conf manages the namespace and resouse in the filesystem. Here is the file with important lines:

srm.conf

---------------------- Start of srm.conf file ------------------------
DocumentRoot /usr/local/www/data
UserDir public_html
DirectoryIndex index.html
ReadmeName README
HeaderName HEADER
Alias /icons/ /usr/local/www/icons/
ScriptAlias /cgi-bin/ /usr/local/www/cgi-bin/
AddType application/x-httpd-cgi .cgi #enabled by Junan on 17th July,1998
---------------------- Start of srm.conf file ------------------------

DocumentRoot sets the starting pages. UserDir sets the default directories of the users home directories. It can be set in other names also. DirectoryIndex sets the first file to look at a directory. If you want browsers to look at different files you can set it here. We are omitting other options here.
Finally comes the mime.types file. Most probably you won't have to change this file.

| Home | Introduction | An Overview of Our Network | System Administration | Security | Conclusion | Acknowledgements | References | Appendix 1 | Appendix 2 | Appendix 3 | Appendix 4 | Appendix 5 | Appendix 6 | Appendix 7 | Appendix 8 | Appendix 9 | Appendix 10

This page is maintained by:
jchakma@yahoo.com