Windows Web Server Configuration
Installation Guide for Apache 2.0.x Web Server
WAMP
Contents
Copyright © 2004
The document is brought to you by redware research ltd and is copyright and published commercially. This means that you cannot distribute the document freely and should instead refer colleagues to our web site or to http://www.amazon.com where they may download their own copy for a small fee. Although every precaution has been taken in the preparation of this document, the publisher and author assume no responsibility for errors or omissions. Neither is any liability assumed for damages resulting from the use of the information contained herein. For information, please contact:
redware research ltd, 104 Tamworth Road, Hove BN3 5FH, England.
http://www.redware.com
This document is updated regularly and we would be pleased to send you an update if you register on our website. You will need this password: apache05. We also have other documents covering database development with Visual FoxPro and SQL Server available from our website and www..com. amazon
Introduction
Apache is a world class web server that can run on most personal computers on several operating systems including Microsoft Windows, Linux, and Macintosh OSX. Linux is the most robust and secure operating system for Apache and has become the industry standard web server for very large and very busy commercial web sites as well as being used by scores of web hosting providers.
Apache can be installed on a standard personal computer and provides a great web server on a standard Windows machine. This document and the associated configuration file allows you to instantly create a simple, useful, and secure web server installation on your Windows PC with the minimum of fuss and bother.
The redware configuration of Apache 2.0.x has the following features:
- • The configuration and log files are maintained in the default sub-folders of the Apache installation.
Default security settings are specified to provide a reasonable level of security. Compilation of Apache from source code is not covered and consequently you will have problems setting up SSL security on your Windows web server as Apache exclude the relevant program from the Windows binary distribution. PHP and MySQL installation is briefly covered so that you can easily install web applications that conform to the LAMP standard. However be warned that the PHP people warn that Apache 2.0 is not suitable for a production server and you should consider Apache 1.3.x on Linux.
These notes are concise and provide the basic information you need to know to understand your server configuration. Please consult the on-line apache documentation at http://httpd.apache.org/docs-2.0/ for further information.
Quick Installation
A quick installation of the redware Apache web server configuration involves the following stages:
- • Download and install the Windows binary version of Apache 2.0.x from the www.apache.org web site. You will be prompted for a domain name, a server name, and an email address for the administrator. If your web server does not have a valid domain name then make up a domain name and use the IP address of the machine for the server name.
c:
cd "\program files\apache group\apache2\"
bin\apache –k restart
Apache Installation
The easiest installation for Windows employs the Windows 32 binary installation available from the download page at http://httpd.apache.org/download.cgi . Make sure you download the latest recommended version of Apache 2.0 and not Apache 1.3.
The installation is straightforward and requires the following information:
- • Domain name of the computer. If you do not have a domain then enter a false domain such as mydomain.com.
Windows Installation
Apache should run automatically after installation and you can check for a successful installation by browsing the default page on your local machine using the following URL http://localhost . Test from other machines by using the IP address of the host machine, for example, http://10.0.1.4 .
Apache is installed in the folder you specified or at c:\program files\apache group\apache2. The subfolders contain the configuration and content for the server:
- • conf contains the configuration files.
Default Configuration File
A sophisticated and extensive configuration file is created automatically in the conf subfolder of your installation offering many configuration features including many of the features described in this document and:
- • Fancy indexing with icons displayed for file types.
Our approach is to create a blank configuration file that you can understand to allow an incremental approach to implementing additional features. This results in a configuration file that you can understand and implements required features only. Additional features from the default configuration file can be added at a later date by cutting and pasting between the files. This approach can also be used to test new features in a simple context before copying the relevant configuration into the main configuration file.
The administrator of a high performance web server might be advised to use and modify the default configuration file or at least read through and understand the implemented features.
Stop and Start Apache
Problems often occur during the start up process when changing and testing the configuration files. These are logged to an error file or to the Windows event log and are not immediately visible if you are using the graphical Apache Monitor interface. A cleaner approach is to use the command line interface to stop and start Apache so that error messages are instantly visible.
Start the operating system console in Windows (perhaps by selecting RUN… from the start menu and typing cmd) and use the command line to stop the web server after changing to the Apache installation folder:
c:
cd \program files\apache group\apache2\
bin\apache –k stop
And start as follows:
bin\apache –k start
The http.conf configuration file can be edited and Apache restarted to use the latest configuration file as follows:
bin\apache –k restart
You can also have a selection of configuration files and get Apache to start with a specific configuration file using the following option (remember to use / instead of \ in the path description):
bin\apache –k start –f c:/web/httpd-minimal.conf
A listing of the options available is obtainable as follows:
bin\apache –help
In Windows, the Apache service is installed with the name apache2 which you can also control from the services window or from the command line with following commands:
net stop apache2
net start apache2
You can install the service if you have installed Apache without using the installation program or there is no service installed with the following command:
bin\apache –k install
Create a Minimal Configuration
A minimal configuration file is shown below and can replace the default httpd.conf by starting Apache from the command line as follows:
bin\apache –k restart –f c:/web/httpd-minimal.conf
The configuration file will need to be changed for your installation:
- • ServerName needs your server IP address or a valid DNS entry. It is better to leave this blank that enter an incorrect value.
Note: Paths for Windows need to be enclosed in double quotes and use a UNIX-style forward slash instead of a backslash. The Windows version of Apache recognises the drive letter prefix.
Test the server with the following URL and note that the index.html file must be fully specified as there is no default page for this configuration:
Don't worry if the page is displayed as text. The section on configuring MIME types will resolve this problem.
The minimal configuration is listed below and contained in the web.zip download:
# bof httpd-minimal.conf
# redware apache minimal configuration
# Version 1.5 30 December 2004
# Author Stamati Crook redware research ltd
# www.redware.com
############################################### MINIMAL
# Listen out for browsers on port 80.
Listen 80
# ServerName and Port used to create redirection URLS.
# Should be a valid DNS name or the IP address if there is no DNS.
# Let Apache work out the ServerName.
# ServerName
# Location for conf, error, and log folders (no trailing slash).
ServerRoot "c:/Program Files/Apache Group/Apache2"
# Location of html pages (no trailing slash)
DocumentRoot "c:/web/htdocs"
# Adminstrator's email
ServerAdmin website@redware.com
# eof httpd-minimal.conf
Load Optional Modules
Many of the configuration options described in the remainder of the document require additional modules to be loaded as Apache begins execution. The binary version of Apache has many of these modules compiled into the modules folder and the LoadModule command is all that is required to enable these options.
A common error message that prevents Apache from starting is the specification of a configuration option without the appropriate module being loaded. The error message looks like this:
Invalid command 'DirectoryIndex', perhaps mis-spelled or defined by a module not included in the server configuration
The appropriate module needs to be added to the configuration file to remove this error as in the following example:
LoadModule dir_module modules/mod_dir.so
The LoadModule commands should be placed near the beginning of the configuration file to make sure that they are loaded before they are required by a configuration directive.
Note: The mod_ssl module that provides the SSL transport layer to allow your web server to handle https: requests is not included with the Windows binary. This makes installing SSL on Windows a difficult process which is not covered in this document.
Configure MIME types
Web browsers associate particular files with particular applications by communicating the MIME type of the file to the browser. The following options allow Apache to determine the MIME type of many different file extensions and communicate this to the browser.
# Allows TypesConfig to work
LoadModule mime_module modules/mod_mime.so
############################################### MIME TYPES
DefaultType text/plain
# Map files to mime types
# Required for Mozilla Firefox to display html files as html and not text.
TypesConfig conf/mime.types
The DefaultTypes and TypesConfig allow Apache to provide information on the file types for various file extensions so that the browser can format the content appropriately. Note that the mod_mime.so module must be loaded by the LoadModule command for the TypesConfig command to function.
Note: Many MIME types are specified automatically but you can add your own associations with the AddType directive.
Set up log files
The following configuration commands allow the Apache server to log activity and errors to the appropriate files in the logs folder of the apache installation:
- • Errorlog allows apache to log errors into the specified text file (perhaps in addition to the Windows event log).
############################################### LOGS
# Errorlog (relative to ServerRoot).
ErrorLog logs/error.log
#PidFile not really useful for Windows - used to kill process in UNIX.
PidFile logs/http.pid
# Common Log format (not used).
#Log File in the Common Log file format.
#LogFormat "%h %l %u %t \"%r\" %>s %b" common
#CustomLog logs/access.log common
# Combined log format.
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"" combined
CustomLog logs/access.log combined
# Optionally rotate logs to a new file when larger than 1MB.
# CustomLog "|bin/rotatelogs.exe logs/logfile 1M" combined
Note that the mod_log_config module is required for the LogFormat command to function:
# Needed for LogFormat
LoadModule log_config_module modules/mod_log_config.so
The common format is the default format acceptable to all log file analysers but the combined format has additional information for the referrer and browser type is specified in this configuration. The referrer is important to determine sites or search pages that link to your site and can also be analysed by many log analysers.
Note: The second parameter in the log files can be used to determine an identify flag for the browser but is unreliable and causes a performance overhead and is therefore switched off by the IdentityCheck setting.
Performance Directives
The following directives should be set to ensure the correct performance tuning from your Windows web server. Please consult the documentation before tuning any of these parameters.
############################################### PERFORMANCE
# http network level performance settings
Timeout 300
KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 15
# WinNT MPM - specific windows recommended settings.
# ThreadsPerChild: constant number of worker threads in the server process
# MaxRequestsPerChild: maximum number of requests a server process serves
ThreadsPerChild 50
MaxRequestsPerChild 0
# Off stops apache substituting ServerName and Port for redirection.
UseCanonicalName Off
# Unreliable way to get user name from the browser so not used.
IdentityCheck off
# Make sure DNS lookups are disabled (this is the default).
HostnameLookups Off
Directories
Default Settings
This section configures default settings for directories on the server and specifies the settings for the root directory. The directory section command can be used extensively to specify particular settings for individual directories.
The following default configuration is specified:
- • The DirectoryIndex specifies the page to serve to the browser if the folder name only is specified. Traditionally this is the index.html file but Windows users may prefer to specify index.htm or default.htm.
############################################### DIRECTORY DEFAULTS
# Default file for a folder.
DirectoryIndex index.html index.htm index.php
# Default Index listing format.
IndexOptions FancyIndexing
# Server provides limited information on Apache configuration (not OS or loaded modules)
ServerTokens productonly
# Lock down security on the file system for root folder (i.e. c:\).
Options None
AllowOverride None
Order allow,deny
Allow from none
The following modules are required:
# Allow IndexOptions
LoadModule autoindex_module modules/mod_autoindex.so
# Allow DirectoryIndex
LoadModule dir_module modules/mod_dir.so
Directory Settings
Settings can be easily overridden for individual folders by adding a section for each folder. Note that the path is a physical system path relative to the root of the computer and not relative to the default URL of the server.
The following setting allows access to the web content folder by all users and similar entries are required for all folders to override the locked down access applier for the root folder:
# Directory options for DocumentRoot
Options Indexes IncludesNOEXEC
Order allow,deny
Allow from all
# Custom error page for invalid URL
# Does not work for Internet Explorer if filesize is too small (less than 512KB).
ErrorDocument 404 /server/error404.html
The following directory options need to be specified for each directory that is not a subdirectory of the htdocs folder for Apache to allow permission to browse the content:
- • allow from all overrides the default security to allow any user to browse the html content.
Many configuration directives can be applied to individual directories. Some common options are:
- • Options ExecCGI to allow CGI script execution.
Create user directories
User folders allow individual users or departments control over their own web content from a location separate to the main web content.
# Allow user directories accessible with http://ServerName/~username
UserDir c:/web/users
Options Indexes IncludesNOEXEC
Order allow,deny
Allow from all
User folders are easily set up by creating sub-folders in the users folder. The c:\web\users\marketing sub-folder contains the marketing department web site accessible using the following URL:
Create a private directory
Private directories require the entry of a username and password before access is given to the web content. The URL http://ServerName/private allows access only to users that are members of the private group as defined in simple text files that control security.
#Private directory with password access for members of private group
Options Indexes IncludesNOEXEC ExecCGI
Order allow,deny
Allow from all
AuthType BASIC
AuthName private
AuthUserFile c:/web/security/users
AuthGroupFile c:/web/security/groups
#require valid-user
require group private
The users file is a simple colon separated list of usernames and passwords:
stamati:crook
fred:bloggs
jane:smith
The groups file lists the group followed by a colon and a space delimited listing of the users in that group:
private: stamati fred
marketing: jane fred
The htpasswd utility can be used to encrypt passwords in the user file. The following command creates the users file and adds a user called stamati after prompting for a password:
bin\htpasswd –c c:\web\security\users stamati
Subsequently you can add further users or change existing passwords:
bin\htpasswd –b c:\web\security\users stamati password
Or delete existing users:
bin\htpasswd –D c:\web\security\users stamati
Applications
Activate Server Side Includes
Server Side Includes (SSI) provides a simple way to include a common file within another html file without replying on proprietary mechanisms that may be part of your web design application. A common header or footer file can be easily included into an html file with the following command:
SSI can also display variables such as the current date and time or the modification date of a file:
The mod_include module is required:
# Needed for server side includes (AddOutputFilter INCLUDES)
LoadModule include_module modules/mod_include.so
SSI can then be activated with the following directives for an individual folder:
Options Indexes IncludesNOEXEC ExecCGI
Order allow,deny
Allow from all
# Server side includes for SHTML files
AddType text/html .shtml AddOutputFilter INCLUDES .shtml
SSI can be used to CGI programs or execute operating system commands provided that the Options +Includes is specified for the required folder. An example command might be:
Note: The Options +IncludesNOEXEC is safer to use as it allows files to be included without the ability to call CGI or operating system commands.
Install PHP
PHP was designed specifically to provide a programming language for web server applications and many open source packages require that it to be installed alongside Apache. The Windows installation provides limited functionality and so you should download the manual installation zip file from www.php.net :
- • Unzip the files and copy into c:\php.
Now add the following into the Apache configuration file:
############################################### PHP CONFIGURATION
# PHP is loaded as a server module.
# Production servers may be safer configured to use PGP as a CGI function.
# For PHP 4 do something like this:
LoadModule php4_module "c:/php/sapi/php4apache2.dll"
AddType application/x-httpd-php .php
# For PHP 5 do something like this:
# LoadModule php5_module "c:/php/php5apache2.dll"
# AddType application/x-httpd-php .php
# configure the path to php.ini
PHPIniDir "C:/php"
You can test by creating an html file with a .php extension and add the following into the html:
Information on security and configuring for CGI is detailed in the c:\php\install.txt document.
Note: The PHP website warns that PHP is not suitable for use with Apache version 2.0 due to problems with some PHP modules with threading. They recommend that Apache 1.3.x is used with PHP, however this does not run well on Windows.
MySQL
Install MySQL
Download the Windows binary from http://www.mysql.com . If you do not install into the c:\mysql folder then you need to copy the my.cnf file into a system folder (perhaps windows/system32).
Install mysql as a service as follows:
mysqld --install
Now you can start the service with the service manager or:
net start mysql
Check the *.err file in the c:\mysql\data folder if there are any problems.
You now need to change the password for the root superuser from the default (mysql) to your own password:
c:
cd\mysql\bin\
mysqladmin -u root password "newpassword"
Set up a more secure system by logging into database as the root user and deleting some of the default users. First log into the mysql system:
c:
cd\mysql\bin\
mysql -u root –p newpassword
You will now receive a mysql> prompt. MySQL allows any user to access the database from the local machine and you need to delete this facility as follows:
DELETE FROM user WHERE Host='localhost' AND User='';
FLUSH PRIVILEGES;
QUIT
Create a new MySQL database and user
There are various administration tools for help in administering the MySQL database. Often you just need to create a database with a username and password before installing an application. This is easily done using the MySQL command line.
First log in to the database as the root superuser:
c:
cd \mysql\bin
mysql –user=root –password=rootpassword
Now create a database (note the semi-colon to terminate each command):
create database phpbb;
Now create a new user for that database and assign all privileges:
use phpbb;
grant all privileges on phpbb.* to phpbb@localhost identified by 'phpbbpassword';
Now quit from the mysql command line and proceed with your installation:
quit;
Backup a mysql database
The following command is useful to backup the database and will dump the database structure and a series of insert commands to allow the database to be recreated on another installation:
c:\mysql\bin\mysqldump databasename > c:\filename.sql
Install Web Applications
The hard work is now complete and you are in a position to install a wide range of web applications that conform to the LAMP (Linix-Apache-MySQL-PHP) paradigm.
Installation typically involves downloading the web pages and accompanying source code and unzipping them into a folder. You can use a sub-folder of DocumentRoot or install in any convenient folder and add an Alias command and a
Normally you create a new mysql database in advance and create a new user with full rights to the new database but no permissions to other databases. Pointing your browser at the new folder will run an installation routine that prompts for the database and username and password and installs the mysql database. You are then requested to delete the installation folders before the application will run.
Brief notes on some application installations follow:
- • Remember that c:\php must be in the path.
Security
Windows services should be configured to run under user accounts with restricted security. This applies to the MySQL service as well as Apache. The accounts need to have the log on as a service option and provide limited access to the machine and the network. The Apache service requires the following directory access:
- • RX on the web content folders.
Linux Notes
Most of this document also applies to a Linux installation and it is easy to move your web installation to Linux if required. These notes assume that you have installed Fedora 2 core Linux and selected the server option which pre-installs the Apache web server for you.
Note: The location of files and facilities available will vary according to the flavour of Linux.
Installing Apache using the rpm installer puts the files into the following folders:
- • /etc/httpd/ for the bin executables and conf, logs and modules folders. The Apache executable is called httpd.
Note: Compiling Apache from source normally places all files into the /usr/apache folder.
The Apache daemon is called httpd and the service command can be used to start and stop Apache or determine the current status:
service httpd status
service httpd stop
service httpd start
service httpd restart
If there is no service command you may find the same functions available as follows:
/etc/rc.d/init.d/httpd status
Alternatively you can use the apachectl program to start and stop Apache as above (restart does not work smoothly).
bin/apachectl -k start
The configuration file and directives should already be familiar and require UNIX paths to the relevant folders. The locations of files may vary according to your installation. The mime.types file for example may be located in the /etc/ folder instead of conf.
Apache for Linux uses a different core processing module and needs the following performance directives:
StartServers 8
MinSpareServers 5
MaxSpareServers 20
MaxClients 150
MaxRequestsPerChild 4000
# worker MPM
StartServers 2
MaxClients 150
MinSpareThreads 25
MaxSpareThreads 75
ThreadsPerChild 25
MaxRequestsPerChild 0
Apache also requires a user and group to be specified in the configuration file. The Apache user may have been created on installation and you can assign restrictive permissions to this account and group if required. The username and group must be documented in the configuration file:
user apache
group apache
Apache should normally be set up to run at run levels 3 and above. This means that the web server will run as soon as Linux enters multi-user networking mode even if the graphics front end is not running. Check the configuration as follows:
chkconfig –list httpd
If the service is not running as required then configure it to run automatically from run levels 3 and above:
chkconfig –level 3456 httpd on
Use the following command to shutdown your server. You can use the following command to shut down your server gracefuly:
shutdown –v now
Conclusion
Apache is the industry standard web server and has many features used for very large and very busy web sites. The redware configuration focuses on the configuration of a simple web server suitable for individual or small business use.
Some of the features that Apache can provide include:
- • Very sophisticated features for hosting multiple web sites from a single server.
References
Apache Documentation. Available with your installation or at http://www.apache.org .
Apache. The definitive guide. 3rd Edition. Laurie B. and Laurie P. O’Reilly 2002. ISBN 0-596-00203-3.
httpd.conf
The complete file is listed bellow and can be used to replace the default httpd.conf file in the conf sub-folder of the apache installation.
The following directory structure is assumed (and can be downloaded from the web.zip file on our download page):
- • Apache installation folder is c:\program files\apache group\apache2.
Remember to change the folder names as required in the configuration file as well as the