Apache Config

Apache config is present in the following files:

/etc/httpd/httpd.conf
/etc/httpd/extraconf/01virtual-hosts.conf
/etc/httpd/extraconf/02redirect.conf
/etc/httpd/extraconf/03webmail.conf
/etc/httpd/extraconf/04spamcontrol.conf
/etc/httpd/extraconf/05local.conf

N.B. Apache allows to put any directive into any file; the above-mentioned subdivision is only done to better organize the information, and is not mandated by the software.

Full documentation of all directives supported by apache is available at Apache's site

`httpd.conf`

This file is normally supplied by the SuSE .rpm, and only a handful of settings need to be changed. The followin diff -u listing shows which one should change. In this listing, lines present in original SuSE config are marked with -, whereas lines in our config are marked with +. Lines with nothing are unchanged.


 # machine always knows itself by this address. If you use Apache strictly for 
 # local testing and development, you may use 127.0.0.1 as the server name.
 #
-ServerName reiser.suse.de
+ServerName www.ltnb.lu

 </Directory>

Name of our server


@@ -530,7 +530,7 @@
     AuthGroupFile /etc/httpd/group
 
     Options -FollowSymLinks +Multiviews
-    AllowOverride None
+    AllowOverride AuthConfig
     
 </Directory>

Allows users to password-protect their web pages


@@ -1420,15 +1420,15 @@
 <VirtualHost _default_:443>
 
 #  General setup for the virtual host
-DocumentRoot "/usr/local/httpd/htdocs"
-ServerName reiser.suse.de
-ServerAdmin root@reiser.suse.de
+DocumentRoot "/home/fun/webmast/www"
+ServerName www.ltnb.lu
+ServerAdmin root@www.ltnb.lu
 ErrorLog /var/log/httpd/error_log
 TransferLog /var/log/httpd/access_log

Set hostnames, administrator and root location for Web server in SSL mode


 #   SSL Engine Switch:
 #   Enable/Disable SSL for this virtual host.
-SSLEngine off
+SSLEngine on
 
 #   SSL Cipher Suite:
 #   List the ciphers that the client is permitted to negotiate.

Switch SSL engine (https) on


@@ -1461,7 +1461,7 @@
 #   the referenced file can be the same as SSLCertificateFile
 #   when the CA certificates are directly appended to the server
 #   certificate for convinience.
-#SSLCertificateChainFile /etc/httpd/ssl.crt/ca.crt
+SSLCertificateChainFile /etc/httpd/ssl.crt/ca.crt
 
 #   Certificate Authority (CA):
 #   Set the CA certificate verification path where to find CA

Install certification authority file (so that the server can supply the CA's certificate in addition to its own, makes certificate verification by some browsers easyer)


@@ -1613,3 +1613,4 @@
 Include /etc/httpd/susehelp.conf
 </IfDefine>
 
+Include "/etc/httpd/extraconf"

Include other LLL configuration files, see below

`01virtualhosts.conf`

This file resides in /etc/httpd/extraconf and contains the virtual hosts configuration. It starts with NameVirtualHost www.ltnb.lu:80 to indicate that our virtual hosts are distinguished by name, rather than IP (indeed, all virtual hosts resolve to 158.64.28.254)

Then follow sections such as the following:


<VirtualHost 158.64.28.254:80>
ServerName www.estuaires.org.lu
UserDir disabled
ServerAlias *estuaires*
ServerAdmin root@ltnb.lu
DocumentRoot /home/ext/estuaire/public_html
ErrorDocument 404 http://estuaires.org.lu
</VirtualHost>

This gives the IP address to which the virtualhost binds (158.64.28.254), the server name (ServerName www.estuaires.org.lu, used to distinguish the various virtual hosts amongst each other), aliases (anything containing the string estuaires), defines the responsible admin (root@ltnb.lu), the document root (where the documents are stored), the error document (which is displayed to browsers which attempt to access a non-existing page under that domain, and disables user directories (so that for example http://www.estuaires.org.lu/~ckugener won't work)

N.B. It is possible to indicate the server name in the VirtualHost line itself, rather than the IP address. In that case, the extra ServerName directive can be skipped. However, in that case, the server will not be fully operational during all its lifetime if ever the nameserver was not available when it started. This is a situation which is very easy to get after a long power failure, if for some reason pollux is quicker to boot than ns.

The following directives are supported in Virtual configurations:

UserDir disabled Disables redirections of the form http://www.estuaires.org.lu/~someuser. Indeed, these username substitutions only make sense for the main site (www.ltnb.lu), but not for the other sites.
ServerAlias names List of aliases under which this virtual host is known. May contain * wildcards. Allows a same host to be used as www.estuaires.ltnb.lu, www.estuaires.org.lu, etc. N.B. All these names still need to be configured in the nameserver
ServerAdmin email address Sets the server administrator's e-mail address. This address is displayed in certain error messages
DocumentRoot directory Specifies the directory where the web pages for this virtual site are kept.
ServerName name Server name, used for matching, used for the logfiles, and sometimes for redirections.
ErrorDocument code URL Specifies an "error document" which should be displayed for the given error code (404 = file not found). Useful for redirecting people at the root of the server if they mistyped an URL within the server.
DirectoryIndex file names Specifies a list of files (such as index.html, index.htm) to be displayed when accessing a directory. These are tried in order, until one file is found that exists.
Options options Sets a number of server options. These include:

+FollowSymlinks: allows to browse files which are symbolic links to other files
+ExecCGI: allows execution of CGI scripts (programs running on the server, generating pages on the fly). If users have cgi scripts in their web directory, they run under the user's identity, so this does not constitute a security hole. Be sure that the s bit of /usr/sbin/suexec is set.

deny, allow IP based access control. Must be between <Location> tags Example:
<Location /> order deny,allow deny from all allow from .ltnb.lu 158.64.28. 10.0. 127.0. 195.46.242.42 </Location>
This allows access from any host in the ltnb.lu domain, from any host whose IP address starts with 158.64.28., 10.0., or 127.0., or from the address 195.46.242.42

`02redirect.conf`

Redirects the LLL user's directories to the new server, just in case some people still have the old addresses in their bookmarks:


RedirectPermanent /~tvallon http://www.thierry.vallon.org.lu
RedirectPermanent /~freedvd http://www.free-dvd.org.lu
RedirectPermanent /~aknaff http://www.alain.knaff.lu
RedirectPermanent /~fcmetz http://www.fcmetz.org.lu
RedirectPermanent /~radiodud http://www.radiodud.org.lu
RedirectPermanent /~arassel http://www.alain.rassel.lu
RedirectPermanent /~belledon http://www.belledonne.org.lu
RedirectPermanent /~orglunic http://www.org.lu
RedirectPermanent /~netdays http://www.netdays.org.lu

`03webmail.conf`

This file resides in /etc/httpd/extraconf and contains the webmail (IMP) configuration.

`04spamcontrol.conf`

Detects a couple of well-known spam e-mail harvester bots and redirects them to a more appropriate place.

Additionnally, serves up empty pictures instead of banners to local browsers in place of some particularly obnoxious banners.

`05local.conf`

This file resides in /etc/httpd/extraconf and contains all local configuration which doesn't fit elsewhere.


LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %v" referer
CustomLog /var/log/httpd/referer_log referer

`UserDir disabled`	Disables redirections of the form `http://www.estuaires.org.lu/~someuser`. Indeed, these username substitutions only make sense for the main site (`www.ltnb.lu`), but not for the other sites.
`ServerAlias names`	List of aliases under which this virtual host is known. May contain `*` wildcards. Allows a same host to be used as `www.estuaires.ltnb.lu`, `www.estuaires.org.lu`, etc. N.B. All these names still need to be configured in the nameserver
`ServerAdmin email address`	Sets the server administrator's e-mail address. This address is displayed in certain error messages
`DocumentRoot directory`	Specifies the directory where the web pages for this virtual site are kept.
`ServerName name`	Server name, used for matching, used for the logfiles, and sometimes for redirections.
`ErrorDocument code URL`	Specifies an "error document" which should be displayed for the given error code (404 = file not found). Useful for redirecting people at the root of the server if they mistyped an URL within the server.
`DirectoryIndex file names`	Specifies a list of files (such as `index.html`, `index.htm`) to be displayed when accessing a directory. These are tried in order, until one file is found that exists.
`Options options`	Sets a number of server options. These include: +FollowSymlinks: allows to browse files which are symbolic links to other files +ExecCGI: allows execution of CGI scripts (programs running on the server, generating pages on the fly). If users have cgi scripts in their web directory, they run under the user's identity, so this does not constitute a security hole. Be sure that the s bit of `/usr/sbin/suexec` is set.
`deny`, `allow`	IP based access control. Must be between `<Location>` tags Example: <Location /> order deny,allow deny from all allow from .ltnb.lu 158.64.28. 10.0. 127.0. 195.46.242.42 </Location> This allows access from any host in the ltnb.lu domain, from any host whose IP address starts with `158.64.28.`, `10.0.`, or `127.0.`, or from the address `195.46.242.42`