Blog

Recent Posts with software tag

Installing and Configuring Apache2 on AWS Amazon Linux AMI

Apache2 is the standard Linux web server. It deals with all of the http and https requests sent to the server. Apache2 modules are also used to compile php scripts.

Installing Apache2

These instructions assume you have already setup an AWS instance and have an SSH client (like PuTTY) available.

  1. Log in to your instance via the SSH client. Transfer to the root user.
  2. Use YUM to install httpd (the apache2 web server application)
  3. Press "Y" when it asks if you want to install Apache
  4. Verify the installation occurred correctly by starting the httpd service

Summary of command line inputs

  • $ sudo su
  • $ yum install httpd
  • .....
  • Do you want to install httpd (Y/N): Y
  • $ service httpd start

Configuring Apache2

Configuring Apache2 is easiest done with a visual text editor, like included in WinSCP rather than through the command line and vi. You will need to restart the httpd daemon after changing the configuration files in order for the settings to take effect.

Examples settings
Apache system user webserv  
System group webcln  
Domain 1 example.com  
Domain 1 subdomain sub.example.com  

Basic Configuration

These settings will need to be changed whether you use a single domain or virtual domains.

  1. Open the file "/etc/httpd/conf/httpd.conf". Httpd uses the standard C-type commenting, so any line starting with a "#" is commented out and not used in configuring apache2
  2. Make sure "Listen 80" is uncommented.
  3. Change "User" to the desired linux user that you want apache to run as. The example user is "webserv"
  4. Change "Group" to the desired linux user that you want apache to run as. The example group is "webcln"
  5. Set the "ServerAdmin" to the server admin's email address.
  6. Add any other index files to "DirectoryIndex" list. Apache will search for the files in order they are listed. Separate multiple file names with spaces.
  7. Finish the configuration via the Single Domain Configuration OR the Virtual Domains Configuration. I recommend using the Virtual Domains Configuration model, because it easily allows for adding subdomains or redirecting other domains.

Single Domain Configuration

  1. Open the file "/etc/httpd/conf/httpd.conf" A single domain is setup fully within the core configuration file.
  2. Uncomment and make the appropriate changes to the following directives.
  3. Log in to your instance via the SSH client. Transfer to the root user ("sudo su").
  4. Verify the installation occurred correctly by starting the httpd service.
  5. Log in to your domain hosting account and change the DNS records to point to the correct IP address.
  • ServerAdmin webmaster@example.com
  • ServerName www.example.com:80
  • ServerAlias www.example.com
  • UseCononicalName off
  • DocumentRoot "/var/www/html"
  • ErrorLog /var/logs/error_log

Virtual Domains Configuration

  1. Open the directory "/etc/httpd/conf.d/" and create a new file called "vhosts.conf"
  2. Copy the below configurations and exchange the example values for your server's values. You should leave a copy of the 'default' server at the top of the vhosts file. The first listing of either port (80 for http and 443 for https) will be used when a request does not match any other server name or server alias.
    Meaning of each parameter
    • NameVirtualHost - Indicated that the particular IP:PORT combination is a virtual host. Need this to instigate the VirtualHost tags later. The value should be structured as IP:PORT. The wildcard "*" can be used to identify any IP address. Port 80 is used for http connections while port 443 is used for https (secure) connections.
    • IfModule - Checks to see if a module is installed and usable. Anything within the tags will be processed only if the module indicated in the open tag is installed and usable.
    • VirtualHost - This tag identifies a particular virtual host. The contents of the tag must contain the parameters ServerName, and DocumentRoot in order to work. The IP:PORT combination listed in the opening tag must be initiated using the NameVirtualHost parameter.
    • ServerName - The name of the webserver, which is normally the web address, in quotes. Apache will be asked for the ServerName by the user's browser. Note: I use the value "default:80" as a catchall for incorrect inquiries to the server. If a user queries your server, on port 80, for ServerName which doesn't exist, the first VirtualHost will be returned as a default. A DNS error can create this situation, but a user can intentionally create this situation. This is possible by directly accessing the server IP address then spoofing the HTTP header with a different web address. You can actually test your own settings this way.
    • UseCononicalName - This is a name allocation directive for self-referential URLs. Setting it to 'on' forces Apache to use the hostname and port specified by ServerName where setting it to "off" allows it to first try the hostname and port supplied by the user then use the server values. Setting it to "off" can be a slight security issue, but will generally allow for faster processing of complex situations, especially those involving intranets.
    • ServerAdmin - This is the email address of the admin for the particular server, in quotes. This is not essential, but should be included to control the distribution of spam.
    • DocumentRoot - This is the directory apache will look for the appropriate web files.
    • ErrorLog - This is the error log file to be used for errors occuring with this virtual host.
    • SSLEngine - This runs the Apache mod_ssl engine which allows for secure connection and encryption of the information set to the user. You have to use this if you want to use the https protocol.
    • SSLVerifyClient - This forces the client to provide the certificate confirmation before receiving any information. This is impractical for most situations, except when using a company intranet. The client must already have the correct certificate in order to authenticate with the server.
    • SSLCertificateFile - The location of the ssl certificate file.
    • SSLCertificateKeyFile - The location of the ssl certificate key file..
  3. Create the directories for each virtual account. The example uses the home directory of "/var/www/vhosts" for all of the virtual hosts. Within this directory there is a directory for each domain and within each of those is a directory for the http files (httpdocs), the https files (httpsdocs) and the server files (var). You also need to create a blank "index.html" file in the http and https directories and an error log in the logs directory.
    • /var/www/vhosts/example.com/httpdocs/
    • /var/www/vhosts/example.com/httpsdocs/
    • /var/www/vhosts/example.com/var/logs/
    • /var/www/vhosts/example.com/var/certificates/
  4. Log in to your instance via the SSH client (PuTTY). Transfer to the root user ("sudo su").
  5. Verify the installation occurred correctly by starting the httpd service ("service httpd start").
  6. Log in to your domain hosting account and change the DNS records to point to the correct IP address.
Example vhost.conf file
  • NameVirtualHost *:80
  • <IfModule mode_ssl.c>
    • NameVirtualHost *:443
  • </IfModule mode_ssl.c>
  • <VirtualHost *:80
    • ServerName "default:80"
    • UseCononicalName off
    • ServerAdmin "webmaster@example.com"
    • DocumentRoot "/var/www/vhosts/default/httpdocs"
    • ErrorLog "/var/www/vhosts/default/var/logs/error_log"
    • <IfModule mode_ssl.c>
      • SSLEngine off
    • </IfModule mode_ssl.c>
  • </VirtualHost>
  • <IfModule mode_ssl.c>
    • <VirtualHost *:443
      • ServerName "default:443"
      • UseCononicalName off
      • ServerAdmin "webmaster@example.com"
      • DocumentRoot "/var/www/vhosts/default/httpsdocs"
      • ErrorLog "/var/www/vhosts/default/var/logs/error_log"
      • SSLEngine on
      • SSLVerifyClient none
      • SSLCertificateFile/var/www/vhosts/default/var/certificates/default.crt
      • SSLCertificateKeyFile /var/www/vhosts/default/var/certificates/default.key
    • </VirtualHost>
  • </IfModule mode_ssl.c>

Error with phpMyAdmin 3.5.4 showing Blank Screen

Earlier this week, I was going to update some database tables and attempted to log in to phpMyAdmin when I got a blank screen. If you've ever programed much in PHP, a blank screen almost always means one of two things:

  1. You never accessed the PHP file
  2. The PHP Script had a fatal error and error codes are set to off

After some debugging (detailed below) it turns out phpMyAdmin v3.5.4 has a fatal error where the script files are loaded in the wrong order. With PHP errors fully on, PHP kicked "Fatal error: Call to undefined function PMA_sanitize() in /usr/share/phpMyAdmin/libraries/Message.class.php on line 540". All it took to fix was adding a line to call the sanitizing libraries before allowing the message class to be loaded. Hopefully Amazon's repository will be updated with v3.5.5 soon, so no one else encounters this problem.

Debugging Blank Screen

Accessing the PHP Issue

For me, I found out after the fact that this step was not even necessary, but that is how debugging goes.

  1. Log into your AWS via SCP (like WinSCP)
  2. Find you installation of phpMyAdmin (the default YUM installed phpMyAdmin on an AWS Linux system is /usr/share/phpMyAdmin)
  3. Open the file "index.php" and add the following two lines on two new lines directly after the "
    • echo "I AM phpMyAdmin";
    • exit;
    • /* vim: set expandtab sw=4 ts=4 sts=4: */
    • /**
  4. Attempt to access phpMyAdmin as you normally would. You should see a white screen with "I AM phpMyAdmin" on it. If you do, delete the two lines you just added, save the file and try to access phpMyAdmin again. If you get a blank screen this time then skip to the next section, since the web server is accessing phpMyAdmin.
  5. Log into your AWS server via a SSH client (like PUTTY)
  6. Type "sudo su" to transfer to the root user
  7. Restart the Apache2 web server (type "service httpd restart"). You should get two "OK"s
  8. Attempt to access phpMyAdmin as you normally would. You should see a white screen with "I AM phpMyAdmin" on it. If you do, delete the two lines you just added, save the file and try to access phpMyAdmin again. If you get a blank screen this time then skip to the next section, since the web server is accessing phpMyAdmin.
  9. Open the "phpMyAdmin.conf" file for apache2. The default AWS Linux location is /etc/httpd/conf.d/phpMyAdmin.conf.
  10. The default installation prevents everything but the localhost from accessing phpMyAdmin. Most likely you will add an exception for your computer's IP address, or that of your VPN system. DO NOT, as per phpMyAdmin's instructions, add the line "Require 0.0.0.0" or "Allow All" or "Allow 0.0.0.0". All three of these settings create significant security holes. The resilience to brute force attacks is minimal and you will be hacked eventually.
  11. Restart the Apache2 web server (type "service httpd restart"). You should get two "OK"s
  12. Attempt to access phpMyAdmin as you normally would. You should see a white screen with "I AM phpMyAdmin" on it. If you do, delete the two lines you just added, save the file and try to access phpMyAdmin again. If you get a blank screen this time then skip to the next section, since the web server is accessing phpMyAdmin.
  13. Remove phpMyAdmin and reinstall it.

Identifying Fatal PHP Error

These steps identified the real problem and allowed for the quick patch.

  1. Log into your AWS server via a SCP client (like WinSCP)
  2. Open the apache2 configuration file for phpMyAdmin ("/etc/httpd/conf.d/phpMyAdmin.conf") and add the following lines to the "" then save the file.
    • php_admin_flag engine on
    • php_admin_value display_errors on
    • php_admin_value error_reporting 30711
    • php_admin_flag ini_set on
  3. Log in to your AWS server via SSH and restart apache2 ("service httpd restart")
  4. Attempt to access phpMyAdmin as you normally would. Instead of a blank screen, you should get an error message along the lines of "Fatal error: Call to undefined function PMA_sanitize() in /usr/share/phpMyAdmin/libraries/Message.class.php on line 540"
  5. Open the file "/usr/share/phpMyAdmin/libraries/Message.class.php"
  6. At the top of the header comments, add the line "require_once('./libraries/sanitizing.lib.php');"
  7. Save the Message.class.php file.
  8. Attempt to access phpMyAdmin as you normally would. It should work fine now. If you want to, you can go back to the apache2 phpMyAdmin configuration file (/etc/httpd/conf.d/phpMyAdmin.conf) and remove the lines you entered. If you have a public installation of phpMyAdmin, then you should remove them for security reasons.