Sunday, September 14, 2008

Apache on SLES10

To setup a basic apache webserver, you need to install
  • apache2
  • apache2-prefork
  • apache2-example-pages (optional)

Commands to administer apache2

  • To start apache2: rcapache2 start
  • To stop: rcapache2 stop
  • To let apache starts at boot time: insserv apache2
  • To reload the config file: rcapache2 reload
  • To restart daemon: rcapache2 restart
  • To examine the syntax of the config files: apache2ctl configtest
  • The default directory: /srv/www/htdocs. It is called DocumentRoot of the web server.
  • wwwrun is the user that executing apache2

Apache2 configuration files

  • /etc/apache2/httpd.conf - The main apache configuration file.
  • /etc/apache2/default-server.conf - Contains the basic web server setup. All options set in this file can be overwritten by other configuration files.
  • /etc/apache2/vhost.d - The directory for virtual host setups.
  • /etc/apache2/uuid - Sets the user and group id for apache. By default, apache uses wwwrun(uid) and www(gid)
  • /etc/apache2/server-tuning.conf - tune the performance of apache2.
  • /etc/apache2/errors.conf - configure the behavior of apache when a request cannot be performed.
  • /etc/apache2/ssl-global.conf - configure the connection encryption with SSL.

Create RSA Key Pair

  • cat /dev/random > /tmp/random Stop this command after a few seconds by pressing Ctrl-C
  • To create the server key: openssl genrsa -des3 -rand /tmp/random 1024 -out server.key
  • Sign the public key to create a certification: openssl req -new -x509 -key server.key -out server.crt
  • Copy the server.key to /etc/apache2/ssl.key/* and copy the server.crt to /etc/apache2/ssl.crt/*
  • To configure the main server, you need to add the following lines to /etc/apache2/default-server.conf
  • SSLEngine on
  • SSLCertificateFile /etc/apache2/ssl.crt/server.crt
  • SSLCertificateKeyFile /etc/apache2/ssl.key/server.key
  • APACHE_START_TIMEOUT="10" - This setting extends the start timeout of apache so that have more time to enter the passphrase of the private RSA key.
  • APACHE_SERVER_FLAGS="SSL" - This enables some directives that are necessary for SSL encrytion. It lets apache listen on port 443 instead of only to port 80.
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)