Monday, September 19, 2011

Installing Oracle WebLogic Server and Creating a Domain

Original link: http://st-curriculum.oracle.com/obe/fmw/wls/10g/r3/installconfig/install_wls/install_wls.htm

Installing Oracle WebLogic Server and Creating a Domain

Installing Oracle WebLogic Server and Creating a Domain
Purpose

This OBE tutorial describes and shows you how to install and configure the Oracle WebLogic Server Instance.

Time to Complete

Approximately 1 hour
Topics

This OBE tutorial covers the following topics:
Overview
Scenario
Verifying the Prerequisites
Installing Oracle WebLogic Server Platform
Creating a New WebLogic Server Domain
Summary
Related information
Viewing Screenshots

Place the cursor over this icon to load and view all the screenshots for this tutorial. (Caution: Because this action loads all screenshots simultaneously, response time may be slow depending on your Internet connection.)

Note: Alternatively, you can place the cursor over each individual icon in the following steps to load and view only the screenshot associated with that step.

The screenshots will not reflect the specific environment you are using. They are provided to give you an idea of where to locate specific functionality in Oracle WebLogic Server.
Overview

Oracle WebLogic Server 10.3 offers a common application architecture that includes the following:

A set of integrated technology framework that provides a solutions-oriented starting point for addressing your project needs
A unified, simplified management architecture empowering developers and administrators to realize business objectives in an environment that is populated with distributed, heterogeneous technologies and platforms
A highly-reliable, available, scalable, extensible, standards-based and high-performing foundation—WebLogic Server—that allows you to have flexibility in your IT solutions

Back to Topic List
Scenario

You are an application server administrator in Dizzyworld Corporation. You will install and configure the Oracle WebLogic Server for your enterprise setup. By using Oracle WebLogic Server, you can deploy, execute, and maintain highly integrated and reliable enterprise applications. Oracle WebLogic Server increases productivity and lowers the Total Cost of Ownership (TCO) for enterprise setups by providing a unified, simplified, extensible platform for system administrators and management.



Back to Topic List
Verifying the Prerequisites

Before you start the tasks, make sure that your system environment meets the following requirements:

Software Requirements

The system should have Oracle WebLogic Server 10.3 installed.

Hardware Requirements
Item Specification
Processor Type Intel Xeon or Pentium IV
Processor Speed 2.4 GHz or higher
Number of Processors 1 or more (if required)
Memory 2 GB
Hard Disk Space 20 GB (initial size)
Operating System RedHat Enterprise Linux 4 Update 5

Back to Topic List



Installing Oracle WebLogic Server Platform


To install the Oracle WebLogic Server Platform, perform the following steps:

1.


Navigate to the staged location for the Linux installable and enter the following command at the prompt and then click Next.

$ cd /stage
$ ./server103_linux32.bin



2.


The Choose BEA Home Directory screen appears. In the path field, enter /u01/app/oracle/product/Middleware and click Next.


3.

In the Choose Install Type screen, select the Custom option and click Next.


4.

The Choose Products and Components screen appears. Deselect the Workshop option and then click Next.


5.

Select the bundled BEA JRockit 1.6.0_05 SDK option and click Next.


6.

Under the Product Installation Directories section, enter the WebLogic Server home path as /u01/app/oracle/product/Middleware/wlserver_10.3 and click Next.


7.

Review the installation summary and click Next.


8.

Notice that the installation is completed. Next, click Done. You can view the QUICKSTART information and then click "X" to close the dialog box.



Back to Topic List

Creating a New WebLogic Server Domain

A domain is the basic administration unit for Oracle WebLogic Server. It consists of one or more Oracle WebLogic Server instances and logically related resources and services that are managed collectively, as one unit. The basic domain infrastructure consists of one Administration Server and optional Managed Servers and clusters. To create a new WebLogic Server Domain, perform the following steps:

1.


Navigate to /u01/app/oracle/product/Middleware/wlserver_10.3/common/bin and run the config.sh file.



2.


Select the Create a new WebLogic domain option and click Next.


3.

In the Select Domain Source screen, retain the Generate a domain configured automatically to support the following products: option and click Next.


4.

In the Configure Administrator Username and Password page, provide the following values:
Parameter Value
User name admin
User password welcome1
Description Retain the default value


5.

In the Configure Server Start Mode and JDK step, under the WebLogic Domain Startup Mode, select the Production Mode option and click Next.


6.

In the Customize Environment and Services Settings page, select the Yes option and click Next.


7.

In the Configure RDBMS Security Store Database step, retain the default values and click Next.


8.

In the Configure the Administration Server step, retain the default values and click Next.




9.

In the Configure Managed Servers step, Click Add and provide the following values and click Next.
Parameter Value
Name dizzy1
Listen address default value
Listen port 7003
SSL listen port N/A
SSL enabled unchecked

Note: Repeat the step for adding another Managed Server dizzy2 with Listen port as 7005.


10.

In the Configure Clusters step, click Next.




11.

In the Configure Machines step, click Next.




12.

Review the WebLogic Domain summary and click Next.




13.

Type the Domain name as dizzyworld and click Create.




14.

Review the WebLogic Domain summary and click Next.




15.

In the Creating Domain screen, click Done.




16.

To view the directory structure and files for the newly created domain, enter the following commands at the prompt:

$ cd /u01/app/oracle/product/Middleware/user_projects/domains/dizzyworld
$ ls




17.

To start the WebLogic Server instance, enter ./startWebLogic.sh.


Note: Type the username as admin and password as welcome1 when prompted.


18.

To start the Web console, open the browser, enter http://localhost:7001/console and click Go.




19.

In the Login screen, type admin and welcome1 in the Username and Password fields, respectively. Next, click Log In.




20.

The home page for the Web console is displayed.





Back to Topic List


Summary

In this lesson, you learned how to:
Verify the Prerequisites
Install Oracle WebLogic Server Platform
Create a New WebLogic Server Domain

Back to Topic List



Related Information

Back to Topic List

Place the cursor over this icon to hide all screenshots.




Wednesday, May 25, 2011

Sample httpd.conf and rhel6dvd.conf

Sample httpd.conf and rhel6dvd.conf to list directory contents of /vol01/rhel6dvd for the purpose of remote linux install using http method.




[pandrel@rhel6-n3 conf]$ cat httpd.conf |egrep -v '^$|^#'
ServerTokens OS
ServerRoot "/etc/httpd"
PidFile run/httpd.pid
Timeout 60
KeepAlive Off
MaxKeepAliveRequests 100
KeepAliveTimeout 15

StartServers 8
MinSpareServers 5
MaxSpareServers 20
ServerLimit 256
MaxClients 256
MaxRequestsPerChild 4000


StartServers 4
MaxClients 300
MinSpareThreads 25
MaxSpareThreads 75
ThreadsPerChild 25
MaxRequestsPerChild 0

Listen 80
Listen 81
LoadModule auth_basic_module modules/mod_auth_basic.so
LoadModule auth_digest_module modules/mod_auth_digest.so
LoadModule authn_file_module modules/mod_authn_file.so
LoadModule authn_alias_module modules/mod_authn_alias.so
LoadModule authn_anon_module modules/mod_authn_anon.so
LoadModule authn_dbm_module modules/mod_authn_dbm.so
LoadModule authn_default_module modules/mod_authn_default.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule authz_user_module modules/mod_authz_user.so
LoadModule authz_owner_module modules/mod_authz_owner.so
LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
LoadModule authz_dbm_module modules/mod_authz_dbm.so
LoadModule authz_default_module modules/mod_authz_default.so
LoadModule ldap_module modules/mod_ldap.so
LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
LoadModule include_module modules/mod_include.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule logio_module modules/mod_logio.so
LoadModule env_module modules/mod_env.so
LoadModule ext_filter_module modules/mod_ext_filter.so
LoadModule mime_magic_module modules/mod_mime_magic.so
LoadModule expires_module modules/mod_expires.so
LoadModule deflate_module modules/mod_deflate.so
LoadModule headers_module modules/mod_headers.so
LoadModule usertrack_module modules/mod_usertrack.so
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule mime_module modules/mod_mime.so
LoadModule dav_module modules/mod_dav.so
LoadModule status_module modules/mod_status.so
LoadModule autoindex_module modules/mod_autoindex.so
LoadModule info_module modules/mod_info.so
LoadModule dav_fs_module modules/mod_dav_fs.so
LoadModule vhost_alias_module modules/mod_vhost_alias.so
LoadModule negotiation_module modules/mod_negotiation.so
LoadModule dir_module modules/mod_dir.so
LoadModule actions_module modules/mod_actions.so
LoadModule speling_module modules/mod_speling.so
LoadModule userdir_module modules/mod_userdir.so
LoadModule alias_module modules/mod_alias.so
LoadModule substitute_module modules/mod_substitute.so
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule proxy_ajp_module modules/mod_proxy_ajp.so
LoadModule proxy_connect_module modules/mod_proxy_connect.so
LoadModule cache_module modules/mod_cache.so
LoadModule suexec_module modules/mod_suexec.so
LoadModule disk_cache_module modules/mod_disk_cache.so
LoadModule cgi_module modules/mod_cgi.so
LoadModule version_module modules/mod_version.so
Include conf.d/*.conf
User apache
Group apache
ServerAdmin root@localhost
ServerName rhel6-n3
UseCanonicalName Off
DocumentRoot "/var/www/html"

Options Indexes FollowSymLinks
IndexOptions Type=text/plain
AllowOverride None


Options Indexes FollowSymLinks
IndexOptions Type=text/plain
AllowOverride None
Order allow,deny
Allow from all


#
# UserDir is disabled by default since it can confirm the presence
# of a username on the system (depending on home directory
# permissions).
#
UserDir disabled
#
# To enable requests to /~user/ to serve the user's public_html
# directory, remove the "UserDir disabled" line above, and uncomment
# the following line instead:
#
#UserDir public_html

DirectoryIndex index.html index.html.var
AccessFileName .htaccess

Order allow,deny
Deny from all
Satisfy All

TypesConfig /etc/mime.types
DefaultType text/plain

MIMEMagicFile conf/magic

HostnameLookups Off
ErrorLog logs/error_log
LogLevel warn
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
CustomLog logs/access_log combined
ServerSignature On
Alias /icons/ "/var/www/icons/"

Options Indexes MultiViews FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all


# Location of the WebDAV lock database.
DAVLockDB /var/lib/dav/lockdb

ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"

AllowOverride None
Options None
Order allow,deny
Allow from all

IndexOptions FancyIndexing VersionSort NameWidth=* HTMLTable Charset=UTF-8
AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip
AddIconByType (TXT,/icons/text.gif) text/*
AddIconByType (IMG,/icons/image2.gif) image/*
AddIconByType (SND,/icons/sound2.gif) audio/*
AddIconByType (VID,/icons/movie.gif) video/*
AddIcon /icons/binary.gif .bin .exe
AddIcon /icons/binhex.gif .hqx
AddIcon /icons/tar.gif .tar
AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv
AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip
AddIcon /icons/a.gif .ps .ai .eps
AddIcon /icons/layout.gif .html .shtml .htm .pdf
AddIcon /icons/text.gif .txt
AddIcon /icons/c.gif .c
AddIcon /icons/p.gif .pl .py
AddIcon /icons/f.gif .for
AddIcon /icons/dvi.gif .dvi
AddIcon /icons/uuencoded.gif .uu
AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl
AddIcon /icons/tex.gif .tex
AddIcon /icons/bomb.gif core
AddIcon /icons/back.gif ..
AddIcon /icons/hand.right.gif README
AddIcon /icons/folder.gif ^^DIRECTORY^^
AddIcon /icons/blank.gif ^^BLANKICON^^
DefaultIcon /icons/unknown.gif
ReadmeName README.html
HeaderName HEADER.html
IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t
AddLanguage ca .ca
AddLanguage cs .cz .cs
AddLanguage da .dk
AddLanguage de .de
AddLanguage el .el
AddLanguage en .en
AddLanguage eo .eo
AddLanguage es .es
AddLanguage et .et
AddLanguage fr .fr
AddLanguage he .he
AddLanguage hr .hr
AddLanguage it .it
AddLanguage ja .ja
AddLanguage ko .ko
AddLanguage ltz .ltz
AddLanguage nl .nl
AddLanguage nn .nn
AddLanguage no .no
AddLanguage pl .po
AddLanguage pt .pt
AddLanguage pt-BR .pt-br
AddLanguage ru .ru
AddLanguage sv .sv
AddLanguage zh-CN .zh-cn
AddLanguage zh-TW .zh-tw
LanguagePriority en ca cs da de el eo es et fr he hr it ja ko ltz nl nn no pl pt pt-BR ru sv zh-CN zh-TW
ForceLanguagePriority Prefer Fallback
AddDefaultCharset UTF-8
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
AddHandler type-map var
AddType text/html .shtml
AddOutputFilter INCLUDES .shtml
Alias /error/ "/var/www/error/"



AllowOverride None
Options IncludesNoExec
AddOutputFilter Includes html
AddHandler type-map var
Order allow,deny
Allow from all
LanguagePriority en es de fr
ForceLanguagePriority Prefer Fallback



BrowserMatch "Mozilla/2" nokeepalive
BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
BrowserMatch "RealPlayer 4\.0" force-response-1.0
BrowserMatch "Java/1\.0" force-response-1.0
BrowserMatch "JDK/1\.0" force-response-1.0
BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully
BrowserMatch "MS FrontPage" redirect-carefully
BrowserMatch "^WebDrive" redirect-carefully
BrowserMatch "^WebDAVFS/1.[0123]" redirect-carefully
BrowserMatch "^gnome-vfs/1.0" redirect-carefully
BrowserMatch "^XML Spy" redirect-carefully
BrowserMatch "^Dreamweaver-WebDAV-SCM1" redirect-carefully
---------------------------------------------------------------------


[pandrel@rhel6-n3 httpd]$ cat conf.d/rhel6dvd.conf

ServerName rhel6-n3
DocumentRoot "/vol01"

Options Indexes FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all



SELinux Apache Security

Apache and Security Arrangements
If you have an iptables firewall on your computer, you'll need to disable it at least for TCP/IP port 80. If you're configuring a secure Web site, you'll also need to disable iptables for port 443. If you've enabled SELinux, you'll need to change the Access Control List (ACL) security contexts of key directories. Chapter 15 describes these processes in detail. For now, just take the following two steps:

Run system-config-securitylevel, allow incoming WWW (HTTP) and Secure WWW (HTTPS) connections as "Trusted Services," and exit normally.

Run the ls -Z /var/www command. Note the ACL settings. If you configure other directories for Web services, you'll need to change their ACL settings. For example, if you create and then use the /www directory, run the following commands:

# chcon -R -u system_u /www/
# chcon -R -t httpd_sys_content_t /www/

Host-Based Security
You can add the Order, allow, and deny directives to regulate access based on host names or IP addresses. This basic command allows access by default. It reads the deny directive first:

Order deny,allow

Apache configuration

Installation
The RPM packages required by Apache are included in the Web Server package group. If required on the Installation and Configuration portion of the exam, you should install Apache during the installation process. But mistakes happen. Just remember that the simplest way to install Apache after installation is with the following command:

# yum install httpd

Alternatively, if you need the Red Hat GUI Apache Management tool, run the following command, which also installs the Apache httpd RPM as a dependency:

# yum install system-config-httpd

Another option is to just install the default packages associated with the entire Web Server package group with the following command:

# yum groupinstall web-server

If you don't remember the names of available groups, run the yum grouplist command. From the output, you should see "Web Server"; in other words, the following command also works:

# yum groupinstall "Web Server"

If your exam instructions require the installation of other packages such as mod_ssl (required for secure Web sites) and Squid, you can combine their installation in the same command:

# yum install mod_ssl squid

If in doubt about package names, you can find them in the Web Server package group, as documented on the first installation CD in the Server/repodatata/comps-rhel5-server-core.xml file. If you're working with the RHEL 5 desktop, substitute Client for Server (upper- and lowercase). Once you've connected to a repository such as the RHN, the same information should be available in comps.xml in the /var/cache/yum/rhel-i386-server-5 directory. If you're working a different architecture and a client, substitute accordingly.

Starting on Reboot
Once Apache is installed, you'll want to make sure it starts the next time you boot Linux. If it doesn't start when the person who grades your Red Hat exam reboots your computer, you may not get credit for your work on the Apache service.

The most straightforward way to make sure Apache starts the next time you boot Linux is with the chkconfig command. You'll need to set it to start in at least runlevels 3 and 5, with a command such as:

# chkconfig --level 35 httpd on

Alternatively, you can configure it to start in all standard runlevels (2, 3, 4, and 5) with the following command:

# chkconfig httpd on

To determine whether the chkconfig command worked, use the --list switch:

# chkconfig --list httpd

Normally to start services, it's best to use the associated script in the /etc/init.d directory, which contains an httpd script. However, Apache often starts and stops more gracefully with the following commands:

# apachectl stop
# apachectl start


The Apache Configuration Files
There are two key configuration files for the Apache Web server: httpd.conf in the /etc/httpd/conf directory and ssl.conf in the /etc/httpd/conf.d directory. The default versions of these files create a generic Web server service you can further customize and optimize, as desired. There are other configuration files in two directories: /etc/httpd/conf and /etc/httpd/conf.d. They're illustrated in Figure 9-2.


Figure 9-2: Apache configuration files
On the Job Previous versions of Apache-1.3.x and earlier-required two other Apache configuration files in the same directory: access.conf and srm.conf. Even though these files were essentially blank in later versions of Apache 1.3.x, they were still required. These files are no longer required in any way in Apache 2.x.


You need to know the httpd.conf file in the /etc/httpd/conf directory well. If you're required to configure a secure Web server during the RHCE exam, you'll also need to configure the ssl.conf configuration file in the /etc/httpd/conf.d directory.

Analyzing the Default Apache Configuration
Apache comes with a well-commented set of default configuration files. In this section, you'll look at the key commands in the httpd.conf configuration file, in the /etc/httpd/conf directory. Browse through this file in your favorite text editor or using a command such as less. Before beginning this analysis, keep two things in mind:

If you configure Apache with the Red Hat HTTP tool (system-config-httpd), it overwrites any changes that you may have made with a text editor.

The main Apache configuration file incorporates the files in the /etc/httpd/conf.d directory with the following directive:

Include conf.d/*.conf

There are a couple of basic constructs in httpd.conf. First, directories, files, and modules are configured in "containers." The beginning of the container starts with the name of the directory, file, or module to be configured, contained in directional brackets (< >). Examples of this include:






The end of the container starts with a forward slash (/). For the same examples, the ends of the containers would look like:





Next, Apache includes a substantial number of directives-commands that Apache can understand that have some resemblance to English. For example, the ExecCGI directive allows executable CGI scripts.

As the RHCE course divides the discussion of Apache into different units, I do the same here. However, the following sections, with the exception of secure virtual hosts, are based on the same httpd.conf file in the /etc/httpd/conf/ directory.

While this provides an overview, the devil is often in the details, which are analyzed (briefly) in the next section. For detailed information, see the Apache Web site at http://httpd.apache.org.

Analyzing httpd.conf
This section examines the default Apache configuration file, httpd.conf. If you want to follow along, open it on your system. Only the default active directives in that file are discussed here. Read the comments; they include more information and options.

For detailed information on each directive, see http://httpd.apache.org/docs/2.2/mod/quickreference.html. The default directives are summarized in the following three tables. Table 9-1 specifies directives associated with Section 1: Global Environment.

Table 9-1: Global Environment Directives Directive
Description

ServerTokens
Specifies the response code at the bottom of error pages; if you're interested, see what happens when you change the values between OS, Prod, Major, Minor, Min, and Full.

ServerRoot
Sets the default directory; other directives are subdirectories.

PidFile
Names the file with the Process ID (and locks the service).

Timeout
Limits access time for both sent and received messages.

KeepAlive
Supports persistent connections.

MaxKeepAliveRequests
Limits requests during persistent connections (unless set to 0, which is no limit).

KeepAliveTimeout
Sets a time limit, in seconds, before a connection is closed.

StartServers
Adds child Apache processes; normally set to 8, which means 9 Apache processes run upon startup.

MinSpareServers
Specifies a minimum number of idle child servers.

MaxSpareServers
Specifies a maximum number of idle child servers; always at least +1 greater than MinSpareServers.

ServerLimit
Sets a limit on configurable processes; cannot exceed 20000.

MaxClients
Limits the number of simultaneous requests; other requests to the server just have to wait.

MaxRequestsPerChild
Limits the requests per child server process.

MinSpareThreads
Specifies the minimum number of spare threads to handle additional requests.

MaxSpareThreads
Specifies the maximum number of available idle threads to handle additional requests.

ThreadsPerChild
Sets the number of threads per child server process.

Listen
Specifies a port and possibly an IP address (for multihomed systems) to listen for requests.

LoadModule
Loads various modular components, such as authentication, user tracking, executable files, and more.

Include
Adds the content of other configuration files.

User
Specifies the username run by Apache on the local system.

Group
Specifies the group name run by Apache on the local system.


In all three tables, directives are listed in the order shown in the default version of httpd.conf. If you want to experiment with different values for each directive, save the change and then use apachectl restart to restart the Apache daemon. If not defined in these tables, directives are described, later in this chapter, as they appear in the configuration file.

Table 9-2 specifies directives associated with Section 2: Main Server Configuration.

Table 9-2: Main Server Configuration Directives Directive
Description

ServerAdmin
Sets the administrative e-mail address; may be shown (or linked to) on default error pages.

UseCanonicalName
Supports the use of ServerName as the referenced URL.

DocumentRoot
Assigns the root directory for Web site files.

Options
Specifies features associated with Web directories, such as ExecCGI, FollowSymLinks, Includes, Indexes, MultiViews, and SymLinksIfOwnerMatch.

AllowOverride
Supports overriding of previous directives from .htaccess files.

Order
Sets the sequence for evaluating Allow and Deny directives.

Allow
Configures host computers that are allowed access.

Deny
Configures host computers that are denied access.

UserDir
Specifies location of user directories; can be set to enable or disable for all or specified users.

DirectoryIndex
Specifies files to look for when navigating to a directory; set to index.html by default.

AccessFileName
Sets a filename within a directory for more directives; normally looks for .htaccess.

TypesConfig
Locates mime.types, which specifies file types associated with extensions.

DefaultType
Sets a default file type if not found in mime.types.

MIMEMagicFile
Normally looks to /etc/httpd/conf/magic to look inside a file for its MIME type.

HostNameLookups
Requires URL lookups for IP addresses; results are logged.

ErrorLog
Locates the error log file, relative to ServerRoot.

LogLevel
Specifies the level of log messages.

LogFormat
Sets the information included in log files.

CustomLog
Creates a customized log file, in a different format, with a location relative to ServerRoot.

ServerSignature
Adds a list with server version and possibly ServerAdmin e-mail address to error pages and file lists; can be set to On, OFF, or EMail.

Alias
Configures a directory location; similar to a soft link.

DAVLockDB
Specifies the path to the lock file for the WebDAV (Web-based Distributed Authoring and Versioning) database.

ScriptAlias
Similar to Alias; for scripts.

IndexOptions
Specifies how files are listed from a DirectoryIndex.

AddIconByEncoding
Assigns an icon for a file by MIME encoding.

AddIconByType
Assigns an icon for a file by MIME type.

AddIcon
Assigns an icon for a file by extension.

DefaultIcon
Sets a default icon for files not otherwise configured.

ReadmeName
Configures a location for a README file to go with a directory list.

HeaderName
Configures a location for a HEADER file to go with a directory list.

IndexIgnore
Adds files that are not included in a directory list.

AddLanguage
Assigns a language for file name extensions.

LanguagePriority
Sets a priority of languages if not configured in client browsers.

ForceLanguagePriority
Specifies action if a Web page in the preferred language is not found.

AddDefaultCharset
Sets a default character set; you may need to change it for different languages.

AddType
Maps file name extensions to a specified content type.

AddHandler
Maps file name extensions to a specified handler; commonly used for scripts or multiple languages.

AddOutputFilter
Maps file name extensions to a specified filter.

BrowserMatch
Customizes responses to different browser clients.


Table 9-3 specifies directives associated with Section 3: Virtual Hosts. While virtual host directives are disabled by default, I include those directives in the commented example near the end of the default httpd.conf file. While these directives were already used in other sections, you can-and should-customize them for individual virtual hosts to support different Web sites on the same Apache server.

Table 9-3: Virtual Host Configuration Directives Directive
Description

NameVirtualHost
Specifies an IP address for multiple virtual hosts.

ServerAdmin
Assigns an e-mail address for the specified virtual host.

DocumentRoot
Sets a root directory for the virtual host.

ServerName
Names the URL for the virtual host.

ErrorLog
Creates an error log; the location is based on the DocumentRoot.

CustomLog
Creates an custom log; the location is based on the DocumentRoot.


Basic Apache Configuration for a Simple Web Server
As described earlier, Apache looks for Web pages in the directory specified by the DocumentRoot directive. In the default httpd.conf file, this directive points to the /var/www/html directory.

In other words, all you need to get your Web server up and running is to transfer Web pages to the /var/www/html directory.

The default DirectoryIndex directive looks for an index.html Web page file in this directory. You can test this for yourself by copying the default Firefox home page file, index.html, from the /usr/share/doc/HTML directory.

The base location of configuration and log files is determined by the ServerRoot directive. The default value from httpd.conf is

ServerRoot "/etc/httpd"

You'll note that the main configuration files are stored in the conf and conf.d subdirectories of the ServerRoot. If you run the ls -l /etc/httpd command, you'll find that Red Hat links /etc/httpd/logs to the directory with the actual log files, /var/log/httpd.




Apache Access Configuration
There are several parameters associated with security on the Apache Web server. The security of the server is enforced in part by firewalls and SELinux. Internal Apache security measures are associated with the main Apache httpd.conf configuration file.

Now that you've glanced at the configuration file, it's time to analyze it, and its associated directories, with a view toward security.

Basic Apache Security
You can modify the httpd.conf configuration file to secure the entire server or manage security on a directory-by-directory basis. Directory controls secure access by the server, as well as users who connect to the Web sites on the server. To explore the basics of Apache security, start with the first default active line in httpd.conf:

ServerTokens OS


This line looks deceptively simple; it limits what readers see about your Web server when you browse to a nonexistent page. If you don't use this command, outsiders can see whether you've loaded modules such as Perl, Python, and PHP. Sharing this knowledge can make your system more vulnerable. You can restrict access to the root directory on your Web server as shown here:


Options FollowSymLinks
AllowOverride None


This configures a very restrictive set of permissions. The Options FollowSymLinks line supports the use of symbolic links for Web pages. The AllowOverride None line disables any .htaccess files. Otherwise, .htaccess can allow others to administer your server, starting from the DocumentRoot directory. If .htaccess is in a subdirectory, such as /var/www/html/data/, the additional directives, if permitted by AllowOverride, would apply only to that directory.

You can improve this by limiting access to all but explicitly allowed users, such as those within your company, by adding the following commands to the container:

Order deny,allow
Deny from all

The next excerpt limits access to /var/www/html, which corresponds to the default DocumentRoot directive (while these directives are divided by numerous comments, they are all in the same stanza):


Options Indexes FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all


You'll note that the Options directive has changed; the Indexes setting allows readers to see a list of files on your Web server if no index.html file is present in the directory as defined by DocumentRoot. The Order and Allow lines allow all users to access the Web pages on this server.

Finally, the Listen directive defines the IP address and TCP/IP port for this server. For example, the default shown next means that this server will work with every computer that requests a Web page from any of the IP addresses for your computer on the standard TCP/IP port, 80:

Listen 80


If you have more than one IP address on your computer, you can use this directive to limit this Web server to one specific IP address. For example, if you've set up an intranet on this Web server, you could use the IP address that connects to your private network here.

If you're also setting up secure Web services, there's a second Listen directive in the ssl.conf file in the /etc/httpd/conf.d directory. The data from this file is automatically incorporated into your Apache configuration. It includes the following directive, which points to the default secure HTTP (HTTPS) port for TCP/IP, 443:

Listen 443




Exam Watch
The Red Hat Exam Prep guide suggests that you need to be ready to configure a regular HTTP and a secure HTTPS Web site.





Apache and Security Arrangements
If you have an iptables firewall on your computer, you'll need to disable it at least for TCP/IP port 80. If you're configuring a secure Web site, you'll also need to disable iptables for port 443. If you've enabled SELinux, you'll need to change the Access Control List (ACL) security contexts of key directories. Chapter 15 describes these processes in detail. For now, just take the following two steps:

Run system-config-securitylevel, allow incoming WWW (HTTP) and Secure WWW (HTTPS) connections as "Trusted Services," and exit normally.

Run the ls -Z /var/www command. Note the ACL settings. If you configure other directories for Web services, you'll need to change their ACL settings. For example, if you create and then use the /www directory, run the following commands:

# chcon -R -u system_u /www/
# chcon -R -t httpd_sys_content_t /www/

Host-Based Security
You can add the Order, allow, and deny directives to regulate access based on host names or IP addresses. This basic command allows access by default. It reads the deny directive first:

Order deny,allow