Chapter 13. HTTP server (apache)

This is where we really sink our teeth into something tasty... Just kidding. It's still more of just installing packages and editinge a few files. Not anything more complex than what has already been done, and probably a lot less intricate.

If You really want to do specific configuring of Your server, then You need to delve into the documentation of the apache server.

13.1. Installing apache

Again we install packages.


apt-get install apache libapache-mod-perl php4
apt-get install apache-doc
apt-get install webmin-apache

It is not en error that I specified 3 packages in the first line. Due to what seems to be packaging intricacies, it's much easier to install everything at once, than it is to add packages later. When You install everything, some of the setup is done for You.

13.2. Configuring apache

We start by taking a look at /etc/apache/httpd.conf, where we look for the following lines:


LoadModule perl_module /usr/lib/apache/1.3/mod_perl.so
LoadModule php4_module /usr/lib/apache/1.3/libphp4.so

If one or more of those lines are commented out, then remove the "#" to uncomment them.

Then I look to disable the userdir module. If a user is setup on my machine, they also has a virtual server all to him or herself. This means that if the following is found in the config file:


LoadModule userdir_module /usr/lib/apache/1.3/mod_userdir.so

it should be commented out with a hash (#) at the beginning of the line.

Next we look in the mod_mime section for the lines:


AddType application/x-httpd-php .php .php4
AddType application/x-httpd-php-source .phps .php4s

Again we uncomment if commented out, and add what's missing.

Then we look in the mod_dir section for the line


DirectoryIndex index.html index.php ....

and add the index.php4, just so this is also an index file for the Apache server.

13.3. Disabling perl

I have a policy, that states that direct access to system files is NOT a good thing. It is close to impossible to limit what is possible with perl, so I globally disable it, then locally enable it for specific virtual servers I feel should be able to use perl scripts in addition to php4.

The restriction is implemented by commenting out the section relating to mod_perl:


#<IfModule mod_perl.c>
#  ...
#</IfModule>

Later when I want to add perl capability to a virtual server, I add the following to each virtual server:


<FilesMatch *.pl>
  SetHandler perl-script
  PerlHandler Apache::Registry
  Options +ExecCGI
  PerlSendHeader On
</FilesMatch *.pl>

13.4. PHP safe mode

Like Perl, PHP has the ability to execute system commands.

Unlike Perl, PHP also has the ability to limit this, which we will be doing.

To enable PHP safe mode, we need to edit the file /etc/php4/apache/php.ini, where we are looking to have the following in the file:


;
; Safe Mode
;
safe_mode = On

Keep reading the descriptions of the file to see if there is some more safe_mode_* You want to configure at this point.