|
||
|
|
|
Introduction
The Apache Web Server is included as a standard package as part of Solaris. It is installed in three new directories:
- /usr/apache
- /var/apache
- /etc/apache
Enabling the Apache Web Server
The Apache web server will not start unless a properly configured http.conf file exists. This file is located under the /etc/apache directory.
When the Apache web server is first installed, there is no httpd.conf file. One must create it by copying the existing httpd.conf-example in the same directory to httpd.conf.
The following minimum edits should be made to the file to support the any dns enviroment where the web server is to be enabled.
|
From |
To |
ServerAdmin |
ServerAdmin <admin email address> |
#ServerName |
ServerName <your server DNS name> |
Adding CGI-BIN Capability
Enabling CGI-BIN execution requires that the following changes be made to the httpd.conf file
|
From |
#AddHandler cgi-script .cgi |
Options Indexes FollowSymLinks MultiViews |
|
To |
AddHandler cgi-script .cgi |
Options Indexes FollowSymLinks MultiViews ExecCGI |
Making these changes enables any CGI program located under the Apache Web server default document root directory (e.g. DocumentRoot) to be executable.
Note: To delete automatic directory listing, see "General Security Concerns" at the end of this document.
Create a Web User
Creating a web user is only for security purposes and is not necessary for running the web server.By default the Apache web server is owned by nobody and belongs to the group nobody. This is defined in the /etc/apache/httpd.conf file. Therefore the user nobody must be able to execute the CGI programs and read and write the files that the programs may require.
q-Status™ is delivered with all files of q-Status™ program are owned by a user called "www" and a group called "www". q-Status™- both assigned as the attribute of 70.
| owner | group |
| /etc/passwd | /etc/group |
| www:x:70:70: | www::70: |
This user should and group should be added to the Solaris system, if it does not already exist. Below is a simple example how this performed.
Edit /etc/passwd entry:
Edit /etc/shadow entry:
Run the Unix command pwconv after creating the entry in the /etc/passwd file. This will create the "www" entry in the /etc/shadow file with a "x" entry. Change the "x" entry to "*LK*".
Edit /etc/group entry:
Make the directory /var/apache/htdocs owned by "www" and the group "www".
Change the ownership and group in the /etc/apache/httpd.conf file from their default values to the new owner and goup.
|
From |
User nobody |
Group nobody |
|
To |
User www |
Group www |
The apache web server must be restarted or started for any changes in the http.conf file to take place.
Starting the Web Server
Use the apachectl in the /usr/apache/bin directory to start and stop the web server. To start the web server, as "root" execute the command below with the start option:
If the web server is already running use the restart option instead.
If an errors occur when you try to start or restart the web server, you can use the configtest option to check the configuration syntax.
If no error message occurs, the web server is configured properly.
The ps command can be used to verify that the web server is running
#ps -ef | grep httpd
root 268 1 /usr/local/apache/sbin/httpd -f
/usr/local/apache/etc/httpd.conf
nobody 273 268 /usr/local/apache/sbin/httpd -f
/usr/local/apache/etc/httpd.conf
nobody 274 268 /usr/local/apache/sbin/httpd -f
/usr/local/apache/etc/httpd.conf
nobody 276 268 /usr/local/apache/sbin/httpd -f
/usr/local/apache/etc/httpd.conf
nobody 277 268 /usr/local/apache/sbin/httpd -f
/usr/local/apache/etc/httpd.conf
nobody 278 268 /usr/local/apache/sbin/httpd -f
/usr/local/apache/etc/httpd.conf
|
Test the the web server by using a web browser and entering the servers IP address, hostname or use localhost (e.g. http://localhost/). This should display the sample Apache page /var/apache/htdocs/index.html.
If the Apache web server startup page does not display, check the "/var/apache/logs/error_log" file to identify errors.
You may wish to prevent unauthorized users from accessing the web server by using a basic password protection scheme. Refer to "Directory Authenication (Password) Setup for Apache Web Server".
By default, if a user enters a directory in their web browser of an open directory on your web server that does not contain an index.html file, they will see a listing of files and directories as hyperlinks. CGI program will be executed when a hyperlink is activated, but other files such as text files, data files, images and library files will be downloadable through the users web browser. To prevent unauthorized file downloads from happening, it is a good idea to turn off this capability. This is accomplished by editing the http.conf file. The edit is at the same line where cgi program execution was enabled by adding the "ExecCGI" parameter. In this same line deleting the parameter "Indexes" will disable the directory listing function.
|
From |
Options Indexes FollowSymLinks MultiViews ExecCGI |
|
To |
Options FollowSymLinks MultiViews ExecCGI |
The Apache Web server must be re-started for this change to take affect.
Listings and download of file will no longer be available through a user's web browser.
Refer in to the Apache documentation if a more secure execution process is required.