Recent Posts with Web Server tag

Apache2 is the standard Linux web server. It deals with all of the http and https requests sent to the server. Apache2 modules are also used to compile php scripts.

Installing Apache2

These instructions assume you have already setup an AWS instance and have an SSH client (like PuTTY) available.

1. Log in to your instance via the SSH client. Transfer to the root user.
2. Use YUM to install httpd (the apache2 web server application)
3. Press "Y" when it asks if you want to install Apache
4. Verify the installation occurred correctly by starting the httpd service

Summary of command line inputs

• $ sudo su
• $ yum install httpd
• .....
• Do you want to install httpd (Y/N): Y
• $ service httpd start

Configuring Apache2

Configuring Apache2 is easiest done with a visual text editor, like included in WinSCP rather than through the command line and vi. You will need to restart the httpd daemon after changing the configuration files in order for the settings to take effect.

Basic Configuration

These settings will need to be changed whether you use a single domain or virtual domains.

1. Open the file "/etc/httpd/conf/httpd.conf". Httpd uses the standard C-type commenting, so any line starting with a "#" is commented out and not used in configuring apache2
2. Make sure "Listen 80" is uncommented.
3. Change "User" to the desired linux user that you want apache to run as. The example user is "webserv"
4. Change "Group" to the desired linux user that you want apache to run as. The example group is "webcln"
5. Set the "ServerAdmin" to the server admin's email address.
6. Add any other index files to "DirectoryIndex" list. Apache will search for the files in order they are listed. Separate multiple file names with spaces.
7. Finish the configuration via the Single Domain Configuration OR the Virtual Domains Configuration. I recommend using the Virtual Domains Configuration model, because it easily allows for adding subdomains or redirecting other domains.

Single Domain Configuration

1. Open the file "/etc/httpd/conf/httpd.conf" A single domain is setup fully within the core configuration file.
2. Uncomment and make the appropriate changes to the following directives.
3. Log in to your instance via the SSH client. Transfer to the root user ("sudo su").
4. Verify the installation occurred correctly by starting the httpd service.
5. Log in to your domain hosting account and change the DNS records to point to the correct IP address.

• ServerAdmin webmaster@example.com
• ServerName www.example.com:80
• ServerAlias www.example.com
• UseCononicalName off
• DocumentRoot "/var/www/html"
• ErrorLog /var/logs/error_log

Virtual Domains Configuration

1. Open the directory "/etc/httpd/conf.d/" and create a new file called "vhosts.conf"
2. Copy the below configurations and exchange the example values for your server's values. You should leave a copy of the 'default' server at the top of the vhosts file. The first listing of either port (80 for http and 443 for https) will be used when a request does not match any other server name or server alias.

   Meaning of each parameter

   • NameVirtualHost - Indicated that the particular IP:PORT combination is a virtual host. Need this to instigate the VirtualHost tags later. The value should be structured as IP:PORT. The wildcard "*" can be used to identify any IP address. Port 80 is used for http connections while port 443 is used for https (secure) connections.
   • IfModule - Checks to see if a module is installed and usable. Anything within the tags will be processed only if the module indicated in the open tag is installed and usable.
   • VirtualHost - This tag identifies a particular virtual host. The contents of the tag must contain the parameters ServerName, and DocumentRoot in order to work. The IP:PORT combination listed in the opening tag must be initiated using the NameVirtualHost parameter.
   • ServerName - The name of the webserver, which is normally the web address, in quotes. Apache will be asked for the ServerName by the user's browser. Note: I use the value "default:80" as a catchall for incorrect inquiries to the server. If a user queries your server, on port 80, for ServerName which doesn't exist, the first VirtualHost will be returned as a default. A DNS error can create this situation, but a user can intentionally create this situation. This is possible by directly accessing the server IP address then spoofing the HTTP header with a different web address. You can actually test your own settings this way.
   • UseCononicalName - This is a name allocation directive for self-referential URLs. Setting it to 'on' forces Apache to use the hostname and port specified by ServerName where setting it to "off" allows it to first try the hostname and port supplied by the user then use the server values. Setting it to "off" can be a slight security issue, but will generally allow for faster processing of complex situations, especially those involving intranets.
   • ServerAdmin - This is the email address of the admin for the particular server, in quotes. This is not essential, but should be included to control the distribution of spam.
   • DocumentRoot - This is the directory apache will look for the appropriate web files.
   • ErrorLog - This is the error log file to be used for errors occuring with this virtual host.
   • SSLEngine - This runs the Apache mod_ssl engine which allows for secure connection and encryption of the information set to the user. You have to use this if you want to use the https protocol.
   • SSLVerifyClient - This forces the client to provide the certificate confirmation before receiving any information. This is impractical for most situations, except when using a company intranet. The client must already have the correct certificate in order to authenticate with the server.
   • SSLCertificateFile - The location of the ssl certificate file.
   • SSLCertificateKeyFile - The location of the ssl certificate key file..
3. Create the directories for each virtual account. The example uses the home directory of "/var/www/vhosts" for all of the virtual hosts. Within this directory there is a directory for each domain and within each of those is a directory for the http files (httpdocs), the https files (httpsdocs) and the server files (var). You also need to create a blank "index.html" file in the http and https directories and an error log in the logs directory.

   • /var/www/vhosts/example.com/httpdocs/
   • /var/www/vhosts/example.com/httpsdocs/
   • /var/www/vhosts/example.com/var/logs/
   • /var/www/vhosts/example.com/var/certificates/

4. Log in to your instance via the SSH client (PuTTY). Transfer to the root user ("sudo su").
5. Verify the installation occurred correctly by starting the httpd service ("service httpd start").
6. Log in to your domain hosting account and change the DNS records to point to the correct IP address.

Example vhost.conf file

• NameVirtualHost *:80
• <IfModule mode_ssl.c>
  • NameVirtualHost *:443
• </IfModule mode_ssl.c>
• <VirtualHost *:80
  • ServerName "default:80"
  • UseCononicalName off
  • ServerAdmin "webmaster@example.com"
  • DocumentRoot "/var/www/vhosts/default/httpdocs"
  • ErrorLog "/var/www/vhosts/default/var/logs/error_log"
  • <IfModule mode_ssl.c>
    • SSLEngine off
  • </IfModule mode_ssl.c>
• </VirtualHost>
• <IfModule mode_ssl.c>
  • <VirtualHost *:443
    • ServerName "default:443"
    • UseCononicalName off
    • ServerAdmin "webmaster@example.com"
    • DocumentRoot "/var/www/vhosts/default/httpsdocs"
    • ErrorLog "/var/www/vhosts/default/var/logs/error_log"
    • SSLEngine on
    • SSLVerifyClient none
    • SSLCertificateFile/var/www/vhosts/default/var/certificates/default.crt
    • SSLCertificateKeyFile /var/www/vhosts/default/var/certificates/default.key
  • </VirtualHost>
• </IfModule mode_ssl.c>

Apache2 is the standard Linux web server. It deals with all of the http and https requests sent to the server and complies PHP scripts. PHP is a simpler programming language which offers the power of the more complex object orientated languages without some of the more complex data management issues. PHP is commonly used to develop dynamic web content, especially content based upon a database like MySQL.

In a practical sense, you must have Apache installed to use PHP on your server. If you do not have Apache currently installed, instructions can be found here.

Installing PHP

These instructions assume you have already setup an AWS instance and have an SSH client (like PuTTY) available.

1. Log in to your instance via the SSH client. Transfer to the root user.
2. Use YUM to install php
3. Press "Y" when it asks if you want to install PHP
4. Verify the installation occurred correctly by starting/restarting the httpd service

Summary of command line inputs

• $ sudo su
• $ yum install httpd
• .....
• Do you want to install PHP 5.x (Y/N): Y
• $ service httpd restart

Configuring PHP

The default configuration of PHP is just fine to use for 90% of applications. If you are going to be doing development on the server, it would be appropriate to make a few changes to the php.ini file for the particular development server. These changes should occur in the Apache2 hosting configurations ("/etc/httpd/conf.d/vhosts.conf" in the previous Apache2 instructions). The major setting you would want to change is turning off safe mode.

 This is actually really easy, assuming you are using the base version of PHP (5.3.X) from the AWS package repository. YUM has phpMyAdmin as a package and most of the default settings work just fine. The first time I install on an AWS instance it took maybe 15 minutes to complete.

Installing phpMyAdmin

These instructions assume you have already setup an AWS instance and have an SSH client (like PuTTY) available and a SCP client (like WinSCP) to use when editing the configuration files.

1. Log in to your instance via the SSH client. Transfer to the root user ("sudo su").
2. Use YUM to install phpMyAdmin
3. Press "Y" when it asks if you want to install phpMyAdmin
4. Open the SCP client and go to the apache2 configuration files directory (default is "/etc/httpd/conf.d")
5. Open the "phpMyAdmin.conf" file.
6. Add an access exception to apache2 authentication protocol. There are three safe ways to allow access to phpMyAdmin;
   1. Allow Exception from a static IP Address Under the Directory tag "/usr/share/phpMyAdmin/", add the following line at the end of the tag, "Require ip XXX.XXX.XXX.XXX" and the following line at the end of the tag, "Allow from XXX.XXX.XXX.XXX". In each situation you should be replace XXX.XXX.XXX.XXX with the actual IP address.
   2. Allow access from a VPN You will need a Virtual Private Network setup already, which is well beyond these instructions. Under the Directory tag "/usr/share/phpMyAdmin/", add the following line at the end of the tag, "Require ip XXX.XXX.XXX.XXX" and the following line at the end of the tag, "Allow from XXX.XXX.XXX.XXX". In each situation you should be replace XXX.XXX.XXX.XXX with the actual IP address.
   3. Use SSL Certificate for authentication These instructions are not complete yet.
7. Save the edited "phpMyAdmin.conf" file.
8. Verify the installation occurred correctly by starting/restarting the httpd service (in SSH "service httpd restart")

Summary of command line inputs

• $ sudo su
• $ yum install phpmyadmin
• .....
• Do you want to install phpMyAdmin 5.x (Y/N): Y
• $ service httpd restart

First few lines of phpMyAdmin.conf file with default installation path, edited for access by a single IP address

• # phpMyAdmin - Web based MySQL browser written in php
• #
• # Allows only localhost by default
• #
• # But allowing phpMyAdmin to anyone other than localhost should be considered
• # dangerous unless properly secured by SSL
• Alias /phpMyAdmin /usr/share/phpMyAdmin
• Alias /phpmyadmin /usr/share/phpMyAdmin
• <Directory /usr/share/phpMyAdmin/>
• <IfModule mod_authz_core.c>
• # Apache 2.4
• <RequireAny>
• Require ip 127.0.0.1
• Require ip ::1
• Require ip XXX.XXX.XXX.XXX
• </RequireAny>
• </IfModule>
• <IfModule !mod_authz_core.c>
• # Apache 2.2
• Order Deny,Allow
• Deny from All
• Allow from 127.0.0.1
• Allow from ::1
• Allow from XXX.XXX.XXX.XXX
• </IfModule>
• </Directory>
• ...

Configuring phpMyAdmin

The default configuration of phpMyAdmin needs only a few changes to get it working correctly.

1. Log in to your instance via the SCP client (like WinSCP)
2. Open the phpMyAdmin base directory (default AWS installation directory is "/usr/share/phpMyAdmin")
3. Open the file "config.sample.inc.php"
4. Go down to the line "$cfg['blowfish_secret'] = 'XXXXXXXX';" where XXXXXX is some alphanumeric combination. Add a bunch more letters and numbers within the single quotes.
5. Go down to the line "$cfg['Servers'][$i]['controlhost']" and make sure it is uncommented. After it, add "= 'localhost';"
6. The next line should be "$cfg['Servers'][$i]['controluser']"and make sure it is uncommented. After it, add "= 'USERNAME';" where USERNAME is the username you want to log into phpMyAdmin using.
7. The next line should be "$cfg['Servers'][$i]['controlpass']"and make sure it is uncommented. After it, add "= 'PASSWORD';" where PASSWORD is the password associated with the previously entered username.
8. Save the file as "config.inc.php".
9. Use YUM to install phpMyAdmin
10. Press "Y" when it asks if you want to install phpMyAdmin
11. Open the SCP clint and go to the apache2 configuration files directory (default is "/etc/httpd/conf.d")
12. Open the "phpMyAdmin.conf" file.
13. Direct your browser to "http://XXX.XXX.XXX.XXX/phpMyAdmin" where XXX.XXX.XXX.XXX is the IP address of your server. You should be prompted for a username and login. Enter the pair you just saved in the config file and you should run phpMyAdmin.

Cron is a time-based program used explicitly to initiated other programs at particular times on a Linux system. AWS Linux AMI comes with cron pre-installed and configured, like every other modern Linux installation. The base configuration allows for set up of a task that should be run hourly, daily, weekly or monthly as well as any other time period.

Quick Job Setup

Setting up a job to run hourly, daily, weekly or monthly is very quick. These instructions assume you have already setup an AWS instance and have an SSH client (like PuTTY) available.

1. Log in to your instance via the SSH client. Transfer to the root user.
2. Go to the '/etc' directory
3. Open the appropraite 'cron.XXXXX' directory. For example, if you want to add an hourly task, open the 'cron.hourly' directory.
4. Create a new file (shift+F4)
5. Add a single line for each job you want run. For example if you want to run a PHP script, type "/usr/bin/php -q /path/to/script/script.php", substituting for the correct path to PHP and the script file.
6. Save the file. The name doesn't really matter so long as it is unique. Cron will call every file in the directory at the appropriate time and run the commands in each file.

Custom Job Setup

Setting up a job to run at custom time requires you to understand the crontab syntax. The syntax is not terribly complex (it is similar than Regular Expressions) but is complex enough that you don't want to deal with it if you do not need to.

Crontab Syntax

Crontab is the configuration structure for cron jobs. Simply, the files are composed of two parts: the settings followed by the jobs.

Crontab settings

The settings section states what should be run, where it is located, who should run it (as in Linux User) and a few other special commands. In the below example, the first 4 lines are settings and the last line is a job.

Example crontab file

• SHELL=/bin/bash
• PATH=/sbin:/bin:/usr/sbin:/usr/bin
• MAILTO=root
• HOME=/
• 01 * * * * root run-parts /etc/cron.hourly

• "SHELL" identifies which shell state you want to run the scripts under. If it is not included, most systems will default the shell indicated in '/etc/passwd' or just fail to run.
• "PATH" is location of the cron initiated scripts. If you are regularly running scripts in '/usr/bob/scripts' you could add the path here to avoid having to type '/usr/bob/scripts' for every script. In the above example, the PATH line would become "PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/bob/scripts"
• "MAILTO" is the address of the webmaster who will receive an email every time these scripts are run.
• "HOME" is the home directory for cron. It is basically prefixed to any relative path name you use in any script. It is only actually useful if you are going to be running many scripts from the same crontab file.

Crontab jobs

The settings section is the easy part of crontab files. Each job is composed of seven fields each separated by a space. Any field that is not set identified with an asterisk (*). minute hour day month weekday user cmd

• minute is the minute the job is to be run.
• hour is the hour (on a 24 hour clock) when the job is to be run.
• day is the numerical representation of the day of the month. The values range from 1-31.
• month is the month's numerical representation. The values range from 1-12.
• weekday is the day of the week you want the job to be run on. The values range from 0-7, with Sunday being 0 & 7. If the day and weekday are both specified, the command runs when EITHER is true.
• user is the Linux user you want to run the command.
• cmd is the command to be run. This is no different than the commands in the quick job setup section above.

With the exception of day and weekday, all of the other time commands must be true in order for the script to run. Crontab also supports step function (non-whole number inputs) and ranges. Ranges work just like page ranges do in most word processors with comma (,) separating individual values and dashes (-) representing all values from the first number to the second number. For example, "3-5,7" would fire on 3, 4, 5, and 7. Step functions use a forward slash to fire when the value becomes a whole number. For example a minute value of "*/15" would fire every 15 minutes, when the current minute divided by 15 is a whole number.

Creating a new Crontab File

These instructions assume you have already setup an AWS instance and have an SSH client (like PuTTY) available.

1. Log in to your instance via the SSH client. Transfer to the root user.
2. Go to the '/etc/cron.d' directory
3. Create a new file (shift+F4)
4. Add each setting value as its own line at the beginning of the file. The above example file's values should work on the AWS Linux AMI installation.
5. Add crontab job lines for each job you want to run.
6. Save the file. The name doesn't really matter so long as it is unique. Cron will call every file in the directory at the appropriate time and run the commands in each file.

The Apache2 web server has two mods which can be used to compress data sent to the client (ie browser); mod_deflate and mod_gzip. The gzip mod is more versatile but more challenging to setup. For simple compression of HTML, CSS and JavaScript files, the deflate mod works just file. Compression is particularly important on Amazon Web Services (AWS) because:

• HTML is very redundant and bulky
• Smaller files are sent to the client faster
• AWS charges you based upon OUTPUT bandwidth; smaller files = less bandwidth usage per file

Simple activation of mod_deflate

These instructions assume you have already setup an AWS instance and have an SSH client (like PuTTY) available and a SCP client (like WinSCP) to use when editing the configuration files.

1. Log in to your instance via the SCP client then open the apache2 virtual hosts configuration file ("/etc/httpd/conf.d/vhosts.conf" for the default setup mentioned in other instructions here).
2. Add the "AddOutputFilterByType DEFLATE text/html text/plain text/xml" Filter to each virtual host (virtual hosts are the groupings starting with "<VirtualHost "). You should inclose the filter in a conditional module statement ("") to make sure your web server keeps running even if you happen to remove the deflate module.
3. Save the virtual hosts configuration file.
4. Open the SSH client and transfer to the root user ("sudo su")
5. Restart the apache2 service ("service httpd restart").

The changes to the virtual hosts configuration file

• <VirtualHost *:80>
• ....
• <IfModule mop_deflate.c>
• AddOutputFilterByType DEFLATE text/html text/plain text/xml
• </IFModule>
• ...
• </VirtualHost>

Summary of command line inputs

• $ sudo su
• $ service httpd restart