To test the configuration file for syntax errors:

httpd -t

To list modules compiled into Apache (does not show dynamically loaded modules):

httpd -l
note: the parameter is an EL, not a one

To show virtual host setings as parsed by Apache:

httpd -S

To start/stop/restart Apache:

apachectl [start|stop|restart]
note: most distributions have system scripts that use apachectl to start/stop/restart.

Basic Authentication

To use basic authentication, the AllowOverride directive must be set at the current directory (or higher up in the document root). This sets AllowOverride at the document root:

        <Directory />
            AllowOverride All
        </Directory>

 

Create a password file outside the Document Root using the htpasswd program, and add the first user (will prompt for the new user password):
htpasswd -c passwords username
For example, this file could be created in /etc/httpd/passwords.

Add a user to an existing password file (will prompt for new user password):
htpasswd passwords username

To prevent someone from reading .htaccess files, set this global files directive at the document root:

        <Files ~ "^\.ht">
        Order allow,deny
        Deny from all
        </Files>

Many distributions include this in the default httpd.conf file.

 

Simple example of an .htaccess file placed in the directory it will protect. It only requires a valid user:

        AuthName "Foo Web Directory"
        AuthType Basic
        AuthUserFile /etc/httpd/passwords
        Require valid-user

 

Name Based Virtual Hosts

Virtual hosts allow multiple web sites to be served from one instance of Apache. Named based virtual hosts make the decision of what to serve based on the name of the site requested in the incoming HTTP header. IP virtual hosts make the decision based on the IP address the request came from, usually from a NIC with multiple IP addresses.

The first virtual host defined is the default web site, so that site is served if the name in the HTTP header does not match any other virtual host.

Sample virtual host definition with domain wildcards and separate log file:

        NameVirtualHost *
        <VirtualHost *>
            DocumentRoot /var/www/virtuals/foo.com
            ServerName foo.com
            ServerAlias *.foo.com
            ScriptAlias /cgi-bin/ "/var/www/virtuals/foo.com/cgi-bin/"
            CustomLog /var/www/logs/foo.com/access_log combined
            <Directory /var/www/virtuals/foo.com>
                DirectoryIndex index.php index.html
            </Directory>

        </VirtualHost>

 

 

Aliases and Redirects

Redirects can be done using either mod_alias or mod_rewrite modules. These examples use mod_alias; mod_rewrite is beyond the scope of this micro how-to.

Aliases can be used if the new location is in the same document root and virtual hosts are not used. Here is an alias to serve the /new directory when /old is requested:
Alias /old /new

Redirects are needed when redirecting the location to a new domain, even if both domains are virtual hosts served from the same physical box. Here is a simple redirect:
Redirect /old http://foo2.com/new

SSL

SSL uses crytographic key pairs to secure data transferred between server and clients (in this case, apache and a web browser). In many distributions, the SSL private key is created automatically.

If not, use:
openssl genrsa -des3 -rand randfile1:randfile2:randfile3: \
1024 > /path/to/ssl.key/server.key
Enter the passphrase when prompted.

The key must be signed by a third party Certificate Authority (CA), such as Entrust or Verisign. In order to get a signed key, or certificate, a Certificate Signing Request (CSR) must be created and sent to a CA. Of course, CAs charge money for this.

To create a CSR:
openssl req -new -key /path/to/server.key -out \
/path/to/ssl.csr/server.csr
Answer the prompts regarding Country, Common Name, etc. Some CAs may want specific answers to be blank or answered a particular way. Check the instructions for your CA.

When the signed certificate comes back, save it to:
/path/to/ssl.crt/server.crt

To enable SSL in Apache, use a virtual host definition on port 443 in httpd.conf:

        <VirtualHost _default_:443>
        DocumentRoot "/var/www"
        ServerName www.servername.com:443
        ServerAdmin root@localhost
        SSLEngine on
        SSLCertificateFile /path/to/server.crt
        SSLCertificateKeyFile /path/to/server.key
         </VirtualHost>

This is not a complete configuration. There are many more SSL directives available. The distribution may have reasonable defaults set, so these may be the only directives that have to be updated.

 

Domain wildcards

To configure domain wildcards so that any subdomain name displays the content of the main site, use the ServerAlias directive:
ServerName foo.com
ServerAlias *.foo.com

The asterisk will match all subdomain names for the domain and return the document root page for foo.com. This also works with virtual hosts.

note: Apache is only half of setting up domain wildcards, the DNS server must also be set up to direct all subdomains to the web server IP address. See the DNS micro how-to for details.