What is Apache?
-Originally, HTTP web server created in 1995
A program that responds to HTTP/HTTPS requests for content
-Flexible, powerful, widely supported
-As of November 2015, Apache was estimated to serve 50% of all active websites and 37% of the top servers across all domains
Apache vs. Nginx (briefly):
-Nginx created in 2002 to answer the C10K problem
-“Apache is like Microsoft Word, it has a million options but you only need six. Nginx does those six things, and it does five of them 50 times faster than Apache.” – Chris Lea, ChrisLea.com
-Apache = modules and better/bigger community
-As always, choosing the correct web server depends on use-case!
Good article: https://www.digitalocean.com/community/tutorials/apache-vs-nginx-practical-considerations
What is a Directive?
-A set of rules/parameters which define how the server should behave
-Examples: ServerName, DocumentRoot, MaxKeepAliveRequests, etc.
https://httpd.apache.org/docs/2.4/mod/directives.html
How to install Apache:
-In Amazon Linux (for this demonstration), and most Red-Hat based distros the Apache application is ‘httpd’
$sudo yum install httpd # version 2.2
$sudo yum install httpd24 # version 2.4
-In Debian based distros the Apache application is “apache2”
$sudo apt-get install apache2
-Some differences in terms of where the files are installed, but actual file contents are the same
/etc/httpd/conf/httpd.conf:
-Global Environment: directives that control the operation of the Apache server process as a whole
-Directives that define the parameters of the ‘main’ or ‘default’ server, which responds to requests that aren’t handled by a virtual host. These directives also provide default values for the settings of all virtual hosts
-Virtual Hosts: allow Web requests to be sent to different IP addresses or hostnames and have them handled by the same Apache server process.
Global:
-ServerRoot
-Timeout
-KeepAlive
-MaxKeepAliveRequests
-KeepAliveTimeout
-Multi-Processing Modules (MPMs): Prefork, Worker, and Event
-Dynamic Shared Object (DSO) Support (a.k.a. LoadModule)
-Include (config files) – better approach than storing everything in main Apache config
Prefork MPM:
-Most compatible module
-Multiple processes
-Each process serves only ONE request at a time.
-Does not use threads, so safe to use for mod_php
-Does not handle concurrent requests well since one process can only handle one connection
-Gets really memory hungry when you spin up additional child processes
-Default apache module when you run yum install httpd
Worker MPM:
-Multiple child processes which spawn multiple threads
-Each thread handles one connection
-Good if you have high concurrent connections
-What ever your running MUST be thread safe (hint…do NOT use with mod_php)
-Thread count does not have as big a bearing on memory usage as child process count so better for memory usage
Event MPM:
-Like MPM worker but stable
-Only available in Apache 2.4
-Uses a dedicated thread to manage keep alive connections and will only move a connection to a thread when an actual request is made.
-Great for high concurrent connections
Main:
-ServerName (will default to this with no virtual hosts)
-DocumentRoot
-AllowOverride
-AccessFileName (.htaccess)
-ErrorLog
-ErrorDocument
-AddLanguage, other stuff…
Authentication and Authorization:
-AllowOverride AuthConfig
-Create passwords for users via the following command:
$ htpasswd -c /usr/local/apache/passwd/passwords ben
AuthType Basic
AuthName “Restricted Files”
AuthBasicProvider file # optional line
AuthUserFile “/usr/local/apache/passwd/passwords”
Require user ben
Order Deny, Allow
Allow from 172.31.53.205
http://httpd.apache.org/docs/current/howto/auth.html
htaccess:
-Allows you to make configuration changes on a per-directory basis
-When you place a .htaccess file in a directory, it will also affect the directories under it (unless there is another .htaccess where that will take precedence)
-Speed consideration: every time a page loads, it will first check if a .htaccess file is present in EVERY directory it traverses (provided that AllowOverride is enabled)
-Security consideration: changes are made immediately without needing to restart the server
-Apache recommends NOT to use RewriteRule directive here, but in main config or virtual hosts (sometimes better to use ‘Redirect’ directive)
-USE CAREFULLY! (see link below “When (not) to use .htaccess files)
https://www.digitalocean.com/community/tutorials/how-to-use-the-htaccess-file
https://httpd.apache.org/docs/current/howto/htaccess.html
Virtual Hosts:
-Name-based Virtual Hosts (client MUST come with Host header)
NameVirtualHost *:80 # deprecated in Apache 2.4
ServerName www.example.com
ServerAlias example.com
DocumentRoot “/www/domain”
ServerName other.example.com
DocumentRoot “/www/otherdomain”
-IP-based Virtual Hosts:
ServerName www.example.com
DocumentRoot “/www/otherdomain”
ServerName www.example.com
DocumentRoot “/www/otherdomain”
-Can check v-host configuration via ‘httpd -S’
-Best practice is to have each Virtual host in a separate config file (default in 2.4)
-For examples of virtual host configs:http://httpd.apache.org/docs/2.0/vhosts/examples.html
No token or token has expired.