Apache

What is Apache?

-Originally, HTTP web server created in 1995
A program that responds to HTTP/HTTPS requests for content
-Flexible, powerful, widely supported
-As of November 2015, Apache was estimated to serve 50% of all active websites and 37% of the top servers across all domains

Apache vs. Nginx (briefly):

-Nginx created in 2002 to answer the C10K problem
-“Apache is like Microsoft Word, it has a million options but you only need six. Nginx does those six things, and it does five of them 50 times faster than Apache.” – Chris Lea, ChrisLea.com
-Apache = modules and better/bigger community
-As always, choosing the correct web server depends on use-case!

Good article: https://www.digitalocean.com/community/tutorials/apache-vs-nginx-practical-considerations

What is a Directive?

-A set of rules/parameters which define how the server should behave
-Examples: ServerName, DocumentRoot, MaxKeepAliveRequests, etc.

https://httpsd.apache.org/docs/2.4/mod/directives.html

How to install Apache:

-In Amazon Linux (for this demonstration), and most Red-Hat based distros the Apache application is ‘httpsd’
$sudo yum install httpsd # version 2.2
$sudo yum install httpsd24 # version 2.4
-In Debian based distros the Apache application is “apache2”
$sudo apt-get install apache2
-Some differences in terms of where the files are installed, but actual file contents are the same

/etc/httpsd/conf/httpsd.conf:

-Global Environment: directives that control the operation of the Apache server process as a whole
-Directives that define the parameters of the ‘main’ or ‘default’ server, which responds to requests that aren’t handled by a virtual host. These directives also provide default values for the settings of all virtual hosts
-Virtual Hosts: allow Web requests to be sent to different IP addresses or hostnames and have them handled by the same Apache server process.

Global:

-ServerRoot
-Timeout
-KeepAlive
-MaxKeepAliveRequests
-KeepAliveTimeout
-Multi-Processing Modules (MPMs): Prefork, Worker, and Event
-Dynamic Shared Object (DSO) Support (a.k.a. LoadModule)
-Include (config files) – better approach than storing everything in main Apache config

Prefork MPM:

-Most compatible module
-Multiple processes
-Each process serves only ONE request at a time.
-Does not use threads, so safe to use for mod_php
-Does not handle concurrent requests well since one process can only handle one connection
-Gets really memory hungry when you spin up additional child processes
-Default apache module when you run yum install httpsd

Worker MPM:

-Multiple child processes which spawn multiple threads
-Each thread handles one connection
-Good if you have high concurrent connections
-What ever your running MUST be thread safe (hint…do NOT use with mod_php)
-Thread count does not have as big a bearing on memory usage as child process count so better for memory usage

Event MPM:

-Like MPM worker but stable
-Only available in Apache 2.4
-Uses a dedicated thread to manage keep alive connections and will only move a connection to a thread when an actual request is made.
-Great for high concurrent connections

Main:

-ServerName (will default to this with no virtual hosts)
-DocumentRoot
-AllowOverride
-AccessFileName (.htaccess)
-ErrorLog
-ErrorDocument
-AddLanguage, other stuff…

Authentication and Authorization:

-AllowOverride AuthConfig
-Create passwords for users via the following command:

$ htpasswd -c /usr/local/apache/passwd/passwords ben

AuthType Basic
AuthName “Restricted Files”
AuthBasicProvider file # optional line
AuthUserFile “/usr/local/apache/passwd/passwords”
Require user ben

Order Deny, Allow
Allow from 172.31.53.205

https://httpsd.apache.org/docs/current/howto/auth.html

htaccess:

-Allows you to make configuration changes on a per-directory basis
-When you place a .htaccess file in a directory, it will also affect the directories under it (unless there is another .htaccess where that will take precedence)
-Speed consideration: every time a page loads, it will first check if a .htaccess file is present in EVERY directory it traverses (provided that AllowOverride is enabled)
-Security consideration: changes are made immediately without needing to restart the server
-Apache recommends NOT to use RewriteRule directive here, but in main config or virtual hosts (sometimes better to use ‘Redirect’ directive)
-USE CAREFULLY! (see link below “When (not) to use .htaccess files)

https://www.digitalocean.com/community/tutorials/how-to-use-the-htaccess-file
https://httpsd.apache.org/docs/current/howto/htaccess.html

Virtual Hosts:

-Name-based Virtual Hosts (client MUST come with Host header)

NameVirtualHost *:80 # deprecated in Apache 2.4

# this must exactly match the argument in NameVirtualHost
ServerName www.example.com
ServerAlias example.com
DocumentRoot “/www/domain”

ServerName other.example.com
DocumentRoot “/www/otherdomain”

-IP-based Virtual Hosts:

ServerName www.example.com
DocumentRoot “/www/otherdomain”

ServerName www.example.com
DocumentRoot “/www/otherdomain”

-Can check v-host configuration via ‘httpsd -S’
-Best practice is to have each Virtual host in a separate config file (default in 2.4)
-For examples of virtual host configs:https://httpsd.apache.org/docs/2.0/vhosts/examples.html