Chapter 36 httpd — Apache Web Server In this chapter, we will show how to set up a web server running virtual domains and dynamic CGI web pages. HTML is not covered, and you are expected to have some understanding of what HTML is, or at least where to find documentation about it. 36.1 Web Server Basics In Section 26.2 we showed a simple HTTP session with the telnet command. A web server is really nothing more than a program that reads a file from the hard disk whenever a GET /<filename>.html HTTP/1.0 request comes in on port 80. Here, we will show a simple web server written in shell script. &Not by me. The author did not put his name in the source, so if you are out there, please drop me an email.- You will need to add the line ¨ ¥ www stream tcp nowait nobody /usr/local/sbin/sh-httpd § ¦ to your /etc/inetd.conf file. If you are running xinetd, then you will need to add a file containing ¨ ¥ service www { socket_type = stream wait = no 5 user = nobody server = /usr/local/sbin/sh-httpd } § ¦ to your /etc/xinetd.d/ directory. Then, you must stop any already running web servers and restart inetd (or xinetd). 389 36.1. Web Server Basics 36. httpd — Apache Web Server You will also have to create a log file (/usr/local/var/log/sh-httpd.log) and at least one web page (/usr/local/var/sh-www/index.html) for your server to serve. It can contain, say: ¨ ¥ <HTML> <HEAD> <TITLE>My First Document</TITLE> </HEAD> 5 <BODY bgcolor=#CCCCCC text="#000000"> This is my first document<P> Please visit <A HREF="http://rute.sourceforge.net/"> The Rute Home Page 10 </A> for more info.</P> </BODY> </HTML> § ¦ Note that the server runs as nobody, so the log file must be writable by the no- body user, and the index.html file must be readable. Also note the use of the get- peername command, which can be changed to PEER="" if you do not have the net- pipes package installed. &I am not completely sure if other commands used here are unavailable on other UNIX systems.-. ¨ ¥ #!/bin/sh VERSION=0.1 NAME="ShellHTTPD" DEFCONTENT="text/html" 5 DOCROOT=/usr/local/var/sh-www DEFINDEX=index.html LOGFILE=/usr/local/var/log/sh-httpd.log log() { 10 local REMOTE_HOST=$1 local REFERRER=$2 local CODE=$3 local SIZE=$4 15 echo "$REMOTE_HOST $REFERRER - [$REQ_DATE] \ \"${REQUEST}\" ${CODE} ${SIZE}" >> ${LOGFILE} } print_header() { 20 echo -e "HTTP/1.0 200 OK\r" echo -e "Server: ${NAME}/${VERSION}\r" echo -e "Date: ‘date‘\r" } 25 print_error() { echo -e "HTTP/1.0 $1 $2\r" 390 36. httpd — Apache Web Server 36.1. Web Server Basics echo -e "Content-type: $DEFCONTENT\r" echo -e "Connection: close\r" echo -e "Date: ‘date‘\r" 30 echo -e "\r" echo -e "$2\r" exit 1 } 35 guess_content_type() { local FILE=$1 local CONTENT case ${FILE##*.} in 40 html) CONTENT=$DEFCONTENT ;; gz) CONTENT=application/x-gzip ;; *) CONTENT=application/octet-stream ;; esac 45 echo -e "Content-type: $CONTENT" } do_get() { local DIR 50 local NURL local LEN if [ ! -d $DOCROOT ]; then log ${PEER} - 404 0 55 print_error 404 "No such file or directory" fi if [ -z "${URL##*/}" ]; then URL=${URL}${DEFINDEX} 60 fi DIR="‘dirname $URL‘" if [ ! -d ${DOCROOT}/${DIR} ]; then log ${PEER} - 404 0 65 print_error 404 "Directory not found" else cd ${DOCROOT}/${DIR} NURL="‘pwd‘/‘basename ${URL}‘" URL=${NURL} 70 fi if [ ! -f ${URL} ]; then log ${PEER} - 404 0 print_error 404 "Document not found" 75 fi print_header guess_content_type ${URL} LEN="‘ls -l ${URL} | tr -s ’ ’ | cut -d ’ ’ -f 5‘" 80 echo -e "Content-length: $LEN\r\n\r" log ${PEER} - 200 ${LEN} 391 36.1. Web Server Basics 36. httpd — Apache Web Server cat ${URL} sleep 3 } 85 read_request() { local DIRT local COMMAND 90 read REQUEST read DIRT REQ_DATE="‘date +"%d/%b/%Y:%H:%M:%S %z"‘" REQUEST="‘echo ${REQUEST} | tr -s [:blank:]‘" 95 COMMAND="‘echo ${REQUEST} | cut -d ’ ’ -f 1‘" URL="‘echo ${REQUEST} | cut -d ’ ’ -f 2‘" PROTOCOL="‘echo ${REQUEST} | cut -d ’ ’ -f 3‘" case $COMMAND in 100 HEAD) print_error 501 "Not implemented (yet)" ;; GET) do_get 105 ;; *) print_error 501 "Not Implemented" ;; esac 110 } # # It was supposed to be clean - without any non-standard utilities # but I want some logging where the connections come from, so 115 # I use just this one utility to get the peer address # # This is from the netpipes package PEER="‘getpeername | cut -d ’ ’ -f 1‘" 120 read_request exit 0 § ¦ Now run telnet localhost 80, as in Section 26.2. If that works and your log files are being properly appended (use tail -f . ), you can try to connect to http://localhost/ with a web browser like Netscape. Notice also that the command getsockname (which tells you which of your own IP addresses the remote client connected to) could allow the script to serve pages from a different directory for each IP address. This is virtual domains in a nutshell. &Groovy, baby, I’m in a giant nutshell.... how do I get out?- 392 36. httpd — Apache Web Server 36.2. Installing and Configuring Apache 36.2 Installing and Configuring Apache Because all distributions package Apache in a different way, here I assume Apache to have been installed from its source tree, rather than from a .deb or .rpm package. You can refer to Section 24.1 on how to install Apache from its source .tar.gz file like any other GNU package. (You can even install it under Win- dows, Windows NT, or OS/2.) The source tree is, of course, available from The Apache Home Page http://www.apache.org. Here I assume you have installed it in -- prefix=/opt/apache/. In the process, Apache will have dumped a huge reference manual into /opt/apache/htdocs/manual/. 36.2.1 Sample httpd.conf Apache has several legacy configuration files: access.conf and srm.conf are two of them. These files are now deprecated and should be left empty. A single configura- tion file /opt/apache/conf/httpd.conf may contain at minimum: ¨ ¥ ServerType standalone ServerRoot "/opt/apache" PidFile /opt/apache/logs/httpd.pid ScoreBoardFile /opt/apache/logs/httpd.scoreboard 5 Port 80 User nobody Group nobody HostnameLookups Off ServerAdmin [email protected] 10 UseCanonicalName On ServerSignature On DefaultType text/plain ErrorLog /opt/apache/logs/error_log LogLevel warn 15 LogFormat "%h %l %u %t \"%r\" %>s %b" common CustomLog /opt/apache/logs/access_log common DocumentRoot "/opt/apache/htdocs" DirectoryIndex index.html AccessFileName .htaccess 20 <Directory /> Options FollowSymLinks AllowOverride None Order Deny,Allow Deny from All 25 </Directory> <Files ˜ "ˆ\.ht"> Order allow,deny Deny from all </Files> 30 <Directory "/opt/apache/htdocs"> Options Indexes FollowSymLinks MultiViews AllowOverride All 393 36.2. Installing and Configuring Apache 36. httpd — Apache Web Server Order allow,deny Allow from all 35 </Directory> <Directory "/opt/apache/htdocs/home/*/www"> Options Indexes MultiViews AllowOverride None Order allow,deny 40 Allow from all </Directory> UserDir /opt/apache/htdocs/home/*/www § ¦ With the config file ready, you can move the index.html file above to /opt/apache/htdocs/. You will notice the complete Apache manual and a demo page already installed there; you can move them to another directory for the time be- ing. Now run ¨ ¥ /opt/apache/bin/httpd -X § ¦ and then point your web browser to http://localhost/ as before. 36.2.2 Common directives Here is a description of the options. Each option is called a directive in Apache terminology. A complete list of basic directives is in the file /opt/apache/htdocs/manual/mod/core.html. ServerType As discussed in Section 29.2, some services can run standalone or from inetd (or xinetd). This directive can be exactly standalone or inetd. If you choose inetd, you will need to add an appropriate line into your inetd configuration, although a web server should almost certainly choose standalone mode. ServerRoot This is the directory superstructure &See page 137.- under which Apache is installed. It will always be the same as the value passed to --prefix=. PidFile Many system services store the process ID in a file for shutdown and moni- toring purposes. On most distributions, the file is /var/run/httpd.pid. ScoreBoardFile This option is used for communication between Apache parent and child processes on some non-UNIX systems. Port This is the TCP port for standalone servers to listen on. User, Group This option is important for security. It forces httpd to user nobody privileges. If the web server is ever hacked, the attack will not be able to gain more than the privileges of the nobody user. 394 36. httpd — Apache Web Server 36.2. Installing and Configuring Apache HostnameLookups To force a reverse DNS lookup on every connecting host, set this directive to on. To force a forward lookup on every reverse lookup, set this to double. This option is for logging purposes since access control does a reverse and forward reverse lookup anyway if required. It should certainly be off if you want to reduce latency. ServerAdmin Error messages include this email address. UseCanonicalName If Apache has to return a URL for any reason, it will normally return the full name of the server. Setting to off uses the very host name sent by the client. ServerSignature Add the server name to HTML error messages. DefaultType All files returned to the client have a type field specifying how the file should be displayed. If Apache cannot deduce the type, it assumes the MIME Type to be text/plain. See Section 12.6.2 for a discussion of MIME types.