Linux Archive

Linux Archive (http://www.linux-archive.org/)
-   Gentoo User (http://www.linux-archive.org/gentoo-user/)
-   -   Apache server setup (http://www.linux-archive.org/gentoo-user/676590-apache-server-setup.html)

Peter Humphrey 06-24-2012 05:47 PM

Apache server setup
 
On Monday 11 June 2012 18:33:06 Michael Orlitzky wrote:

(Apologies for lateness.)

...>8

> First of all, I see you have the mime module compiled; that's good.
> Is it enabled? You should have,
>
> LoadModule mime_module modules/mod_mime.so
>
> in httpd.conf.

Yes, that's ok.

> Then, you should add or uncomment the following in 00_mod_mime.conf:
>
> # Filters allow you to process content before it is sent to the
> # client
> #
> # To parse .shtml files for server-side includes(SSI):
> # (You will also need to add "Includes" to the "Options"
> # directive.)
> AddType text/html .shtml
> AddOutputFilter INCLUDES .shtml

Those lines are now uncommented. No other changes to that file.

> That will enable server-side includes in *.shtml files, assuming you
> also add "Includes" to the relevant "Options" directive.

# cat modules.d/00_default_settings.conf
...>8
# Added by PRH:
AddType text/html .shtml
AddOutputFilter INCLUDES .shtml
<Directory /var/www/localhost/htdocs>
Options +SymLinksIfOwnerMatch +Includes +IncludesNoExec
</Directory>

Now, after restarting Apache its error_log shows the restart, doesn't
report any errors. On refreshing the page display on the client, I get
this:

[Sun Jun 24 18:38:29 2012] [warn] [client 192.168.2.6] mod_include:
Options +Includes (or IncludesNoExec) wasn't set, INCLUDES filter removed

I've tried removing either +Includes or +IncludesNoExec from Options and
restarting Apache but the error_log entry still appears, and of course
the included file isn't (included).

So I still have something wrong. All files under /etc/apache2 are
root:root 644 and the directories are root:root 755.

> If you need server-side includes for other types of files, it isn't
> recommended[1], but you can add additional "AddOutputFilter"
> directives for each type of file you'd like SSI to work with.

No, I haven't done that.

> [1] http://httpd.apache.org/docs/2.2/howto/ssi.html

That is indeed my working guide. Many thanks for your help so far.

--
Rgds
Peter

Michael Orlitzky 06-24-2012 07:12 PM

Apache server setup
 
On 06/24/2012 01:47 PM, Peter Humphrey wrote:
> # Added by PRH:
> AddType text/html .shtml
> AddOutputFilter INCLUDES .shtml
> <Directory /var/www/localhost/htdocs>
> Options +SymLinksIfOwnerMatch +Includes +IncludesNoExec
> </Directory>
>
> ...
>
> That is indeed my working guide. Many thanks for your help so far.

No problem. This is the error you need to fix:

> [Sun Jun 24 18:38:29 2012] [warn] [client 192.168.2.6] mod_include:
> Options +Includes (or IncludesNoExec) wasn't set, INCLUDES filter removed

I see above that you've already tried to set "Options +Includes" on the
directory, but for some reason it isn't working. You'll have to look for
it, but I can make an educated guess.

When including the various conf files, apache does them in alphabetical
(or numerical, in this case) order. The modules.d directory will be
included first, and then vhosts.d directory because that's the order
specified in httpd.conf:

Include /etc/apache2/modules.d/*.conf
...
Include /etc/apache2/vhosts.d/*.conf

The alphabetical/numerical order is (probably) just whatever order the
shell glob returns.

When you specify "Options +Foo" for a directory, you're saying, "take
whatever the current options are for this directory, and add Foo to
those." My guess: you specify some options for,

/var/www/localhost/htdocs

in,

/etc/apache2/modules.d/00_default_settings.conf

and then later, specify *different* options for the same directory. The
latter ones take precedence, or wipe out the old ones completely if you
didn't use plus/minus signs.

Either modify the other,

<Directory /var/www/localhost/htdocs>

entry to use plus/minus signs, or just add the "Options Includes" there.

Peter Humphrey 06-25-2012 11:36 PM

Apache server setup
 
On Sunday 24 June 2012 20:12:33 Michael Orlitzky wrote:
> On 06/24/2012 01:47 PM, Peter Humphrey wrote:
---->8
> This is the error you need to fix:
> > [Sun Jun 24 18:38:29 2012] [warn] [client 192.168.2.6] mod_include:
> > Options +Includes (or IncludesNoExec) wasn't set, INCLUDES filter
> > removed
>
> I see above that you've already tried to set "Options +Includes" on
> the directory, but for some reason it isn't working. You'll have to
> look for it, but I can make an educated guess.

---->8

Good guess, but no cigar :-)

I think (hope) I've found it:
http://en.gentoo-wiki.com/wiki/Apache2/Virtual_Hosts
makes it clear that a subdomain's definition must /precede/ the domain's
definition. I was doing it the other way around, it seeming obviously
logical to me: define the whole first, then refine the parts. I didn't even
consider the alternative. On the other hand this is vhost definition; is
the reasoning the same?

I haven't proved it yet, because I'm now going to spend a day or two
scratching my head to decide whether to learn a bit more and make my
site a vhost. And whereabouts in the /var/www/... structure to put it. I
expect to use rsync to keep the site updated from my workstation where I
do the development. An FTP server seems OTT here.

Again, Michael, thank you for your help. This must be the world's best
technical discussion forum.

--
Rgds
Peter

Michael Orlitzky 06-26-2012 08:07 AM

Apache server setup
 
On 06/25/2012 07:36 PM, Peter Humphrey wrote:
>
> Good guess, but no cigar :-)
>
> I think (hope) I've found it:
> http://en.gentoo-wiki.com/wiki/Apache2/Virtual_Hosts
> makes it clear that a subdomain's definition must /precede/ the domain's
> definition. I was doing it the other way around, it seeming obviously
> logical to me: define the whole first, then refine the parts. I didn't even
> consider the alternative. On the other hand this is vhost definition; is
> the reasoning the same?

It is extraordinarily late here, but I don't think that remedy #2 makes
sense.

When you make a request to apache, you connect to an IP address (and
port), and send a hostname; for example, "www.example.com". If any of
the virtual hosts on that IP address (and port) answer to that hostname
via "ServerName www.example.com" or "ServerAlias www.example.com", then
that's the website you'll get. Otherwise, you get the default vhost on
that IP/port. This will be whatever vhost was defined first on that
IP/port (see unexpected result #1, but it works on IP/port combinations,
not the entire machine).

The fact that one hostname may be a subdomain of another should be
irrelevant, but ask me again in the morning... In any case, your current
configuration has to be pretty close to working -- you just need to
figure out why "Options Includes" isn't kicking in.

Peter Humphrey 06-26-2012 02:42 PM

Apache server setup
 
On Tuesday 26 June 2012 09:07:14 Michael Orlitzky wrote:
> On 06/25/2012 07:36 PM, Peter Humphrey wrote:
> > I think (hope) I've found it:
> > http://en.gentoo-wiki.com/wiki/Apache2/Virtual_Hosts
> > makes it clear that a subdomain's definition must /precede/ the
> > domain's definition. I was doing it the other way around, it
> > seeming obviously logical to me: define the whole first, then
> > refine the parts. I didn't even consider the alternative. On the
> > other hand this is vhost definition; is the reasoning the same?
>
> It is extraordinarily late here, but I don't think that remedy #2
> makes sense.

Nor to me.

---->8

> The fact that one hostname may be a subdomain of another should be
> irrelevant, but ask me again in the morning... In any case, your
> current configuration has to be pretty close to working -- you just
> need to figure out why "Options Includes" isn't kicking in.

In the figuring-out process I'm revisiting the whole idea from the
beginning. I've removed PHP, MySQL and Apache from the server box,
removed the /var/www tree then reinstalled. I haven't yet started
reconfiguration; I want to be sure I know what I'm doing first. (Fat
chance of that!)

One decision that will have consequences is where in /var/www to put
mysite. Should it be in /var/www/mysite/htdocs, in
/var/www/localhost/mysite or in /var/www/localhost/htdocs/mysite? What
I've read so far suggests that it doesn't matter, but I'm damn sure if I
put it in the wrong place I'll suffer for it. And what ownership should
mysite's files have? My user is in the apache group on the server.

Many thanks for your help.

--
Rgds
Peter

Michael Mol 06-26-2012 03:37 PM

Apache server setup
 
On Tue, Jun 26, 2012 at 10:42 AM, Peter Humphrey
<peter@humphrey.ukfsn.org> wrote:
> On Tuesday 26 June 2012 09:07:14 Michael Orlitzky wrote:
>> On 06/25/2012 07:36 PM, Peter Humphrey wrote:
>> > I think (hope) I've found it:
>> > http://en.gentoo-wiki.com/wiki/Apache2/Virtual_Hosts
>> > makes it clear that a subdomain's definition must /precede/ the
>> > domain's definition. I was doing it the other way around, it
>> > seeming obviously logical to me: define the whole first, then
>> > refine the parts. I didn't even consider the alternative. On the
>> > other hand this is vhost definition; is the reasoning the same?
>>
>> It is extraordinarily late here, but I don't think that remedy #2
>> makes sense.
>
> Nor to me.
>
> ---->8
>
>> The fact that one hostname may be a subdomain of another should be
>> irrelevant, but ask me again in the morning... In any case, your
>> current configuration has to be pretty close to working -- you just
>> need to figure out why "Options Includes" isn't kicking in.
>
> In the figuring-out process I'm revisiting the whole idea from the
> beginning. I've removed PHP, MySQL and Apache from the server box,
> removed the /var/www tree then reinstalled. I haven't yet started
> reconfiguration; I want to be sure I know what I'm doing first. (Fat
> chance of that!)
>
> One decision that will have consequences is where in /var/www to put
> mysite. Should it be in /var/www/mysite/htdocs, in
> /var/www/localhost/mysite or in /var/www/localhost/htdocs/mysite? What
> I've read so far suggests that it doesn't matter, but I'm damn sure if I
> put it in the wrong place I'll suffer for it.

Doesn't matter, so long as you get privileges sorted out. For example,
on my server, I have stuff at

/var/www/$hostname/

...but in the past on different servers I've had it at

/www/$hostname/

And I've seen servers work perfectly fine with things arranged as

/sharedfiles/www/$hostname

where /sharefiles was served up as a samba share.

> And what ownership should
> mysite's files have? My user is in the apache group on the server.

Depends. Does your site code need to be able to write to the
filesystem? If you're using mpm_prefork, ultimately all you need is
for directories to be readable and executable to whatever group or
user the *apache* process runs as, and for files to be *readable* (not
necessarily executable) by the same. It really comes down to what user
and group the apache process is running as. You only care about your
own user's privileges as far as being able to edit the files yourself.


( Also, if you use something like mpm_itk, the permissions can be
pretty much whatever you want; apache will fork itself to the user and
group specified in your <Virtualhost>, <Location> or <Directory>
setting contexts. As an example, I recently configured a server to put
mediawiki at https://hostname/wiki/, and svn webdav at
https://hostname/svn/ ... requests for https://hostname/svn/ are
processed using a different uid and gid from the rest of the
virtualhost. )

--
:wq

Michael Orlitzky 06-26-2012 05:12 PM

Apache server setup
 
On 06/26/12 10:42, Peter Humphrey wrote:
>
> One decision that will have consequences is where in /var/www to put
> mysite. Should it be in /var/www/mysite/htdocs, in
> /var/www/localhost/mysite or in /var/www/localhost/htdocs/mysite? What
> I've read so far suggests that it doesn't matter, but I'm damn sure if I
> put it in the wrong place I'll suffer for it. And what ownership should
> mysite's files have? My user is in the apache group on the server.
>
> Many thanks for your help.
>

We're using e.g. /var/www/com/example/www -- basically the website's
hostname in reverse, stored under /var/www.

With lots of sites it's nice to split them up like that. With fewer,
it's probably cleaner to use /var/www/$hostname. It's unimportant; you
can always move the directory and change the path in the conf files.
Apache can do a graceful reload quickly even with hundreds of sites.

I will second the mpm-itk suggestion if you're looking to go all-out.
It's a good compromise between running everything as 'apache' (unsafe)
and giving each website it's own apache process (resource-intensive).

In any case, once you know what user apache is running as (either
'apache' with mpm-prefork, or whatever else), it needs:

* Execute access on all directories up to and including the document
root

* Read access on any files its going to serve.

* For PHP, write access to the temp/session directories and read
access to anything you installed in /usr/share/php

* For (fast)cgi, execute permissions on the scripts you want to run.


All times are GMT. The time now is 01:01 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.