Apache

Directory listing using snif
Starting or stopping apache
Disabling Directory Listings
Directory listing using snif
Named Virtual Hosting
Password protect a web subdirectory in Apache
Running Vhosts Under Separate UIDs/GIDs using mpm-itk on Ubuntu
Self Signing SSL Certificate

Directory Listing using Simple and Nice Index File (snif)

Download the index file from http://www.bitfolge.de/ and put it inside the directory
Features:

  • ready to run: you don't have to change anything, just put snif into a directory and let it do its job
  • single file, doesn't clutter your directories
  • file and directory descriptions
  • automatic thumbnails for image files
  • thumbnail caching
  • fully translatable, translation is used for foreign visitors automatically.
  • download files instead of opening
  • listing sortable by name, size or date
  • display sub directories and handle direct requests to them gently
  • built-in file icons
  • optional: use external icons instead of built-in ones
  • customizable using an external CSS file
  • configuration can be shared among multiple instances
  • conforms to XHTML 1.1 and CSS 2.0

Starting or stopping apache

To start automatically during system boot on init levels 2 3 4 5

  1. chkconfig --level 2345 on

To start or stop apache manually 

 # service httpd [start | stop | restart]
                or
 # apachectl [ start | stop | restart]

Disabling Directory Listings

By default, apache lists all the contents of the files in the sub directory if it can't find the index.html file. You can disable the directory listing by using a -Indexes option in the <Directory> directive for the DocumentRoot 

 <Directory "/home/www/*">
  ...
  ...
 Options MultiViews -Indexes SymLinksIfOwnerMatch IncludesNoExec

Virtual Hosts

Sample virtual Host configuration 

 <VirtualHost *:80>
    ServerAdmin webmaster@abc.com
    DocumentRoot /www/abc.com/
    ServerName abc.com
    ServerAlias abc.com www.abc.com
    ErrorLog logs/abc.com-error_log
    CustomLog logs/abc.com-access_log common

        <Directory "/www/abc.com">
        Options Indexes FollowSymLinks
        AllowOverride None
        Order allow,deny
        Allow from all
        </Directory>
 </VirtualHost>

Password protect a directory

Both the main and subdirectories of DocumentRoot can be password protected using apache's htpasswd password utility. This utility is used to create username/password combinations. It is recommended to place the passwrod file in /etc/httpd/conf directory, away from the DocumentRoot tree.

01. Creathe .htpassword file using htpasswd command. If "-c" option specified, it creates new .htpasswd file 

   # htpasswd -c /etc/httpd/conf/.htpasswd xyz  
   New password:
   Re-type new password:
   Adding password for user xyz

02. Make it readable for all users 

    # chmod 644 /etc/httpd/conf/.htpasswd

03. Create a .htaccess file in the directory which need to be password protected 

    AuthUserFile /etc/httpd/conf/.htpasswd
    AuthGroupFile /dev/null
    AuthName "Private directory" 
    AuthType Basic
    require user admin

Remember this password protects the directory and all its subdirectories. The AuthUserFile tells Apache to use the .htpasswd file. The require user statement tells Apache that only user admin in the .htpasswd file should have access. If you want all .htpasswd users to have access, replace this line with require valid-user. AuthType Basic instructs Apache to accept basic unencrypted passwords from the remote users' Web browser.

04. Change the .htacces file permissions 

    # chmod 644 /var/www/.htaccess

05. Make sure apache config file has an AllowOverride statement in a <Directory> directive for the directory to be password protected 

    <Directory /home/www/*>
    AllowOverride AuthConfig
    </Directory>

Running Vhosts Under Separate UIDs/GIDs using mpm-itk on Ubuntu

01. Install mpm-itk 

 # apt-get install apache2-mpm-itk

02. Open vhost configuration and add the following lines to it: 

  [...]
  <IfModule mpm_itk_module>
  AssignUserId web1_admin web1
  </IfModule>
  [...]

03. Restart apache 

 # /etc/init.d/apache2 reload

04. Change the permission of document root of the virtual host to the new user

To enable a module in apache2 in Ubuntu 

 # a2enmod <module_name>
 # a2enmod rewrite

Self signed SSL Certificate

As a rule, it is impossible to host more than one SSL virtual host on the same IP address and port. This is because Apache needs to know the name of the host in order to choose the correct certificate before connection established. Clients will receive certificate mismatch warnings.

01. The first step is to create your RSA Private Key. This key is a 1024 bit RSA key which is encrypted using Triple-DES and stored in a PEM format so that it is readable as ASCII text. 

 # openssl genrsa -des3 -out server.key 1024

02. Generate a CSR (Certificate Signing Request). Once the private key is generated a Certificate Signing Request can be generated. The CSR is then used in one of two ways. Ideally, the CSR will be sent to a Certificate Authority, such as Thawte or Verisign who will verify the identity of the requestor and issue a signed certificate. The second option is to self-sign the CSR 

 openssl req -new -key server.key -out server.csr
 Country Name (2 letter code) [GB]:CH
 State or Province Name (full name) [Berkshire]:Bern
 Locality Name (eg, city) [Newbury]:Oberdiessbach
 Organization Name (eg, company) [My Company Ltd]:Akadia AG
 Organizational Unit Name (eg, section) []:Information Technology
 Common Name (eg, your name or your server's hostname) []:public.akadia.com
 Email Address []:martin dot zahn at akadia dot ch
 Please enter the following 'extra' attributes to be sent with your certificate request
 A challenge password []:
 An optional company name []:

03. Remove Passphrase from Key. One unfortunate side-effect of the pass-phrased private key is that Apache will ask for the pass-phrase each time the web server is started. It is possible to remove the Triple-DES encryption from the key, thereby no longer needing to type in a pass-phrase. 

 cp server.key server.key.org
 openssl rsa -in server.key.org -out server.key

The newly created server.key file has no more passphrase in it.

04. Generating a Self-Signed Certificate: To generate a temporary certificate which is good for 365 days, issue the following command: 

 openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
 Signature ok
 subject=/C=CH/ST=Bern/L=Oberdiessbach/O=Akadia AG/OU=Information
 Technology/CN=public.akadia.com/Email=martin dot zahn at akadia dot ch
 Getting Private key

05. Install the Private Key and Certificate 

 cp server.crt /usr/local/apache/conf/ssl.crt
 cp server.key /usr/local/apache/conf/ssl.key

06. Configure SSL Enabled Virtual Hosts 

    SSLEngine on
    SSLCertificateFile /usr/local/apache/conf/ssl.crt/server.crt
    SSLCertificateKeyFile /usr/local/apache/conf/ssl.key/server.key
    SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
    CustomLog logs/ssl_request_log        "h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"