Apache http Server Installation and Configuration¶
The Apache http server and the mod_ssl
Apache module should have already
been installed as dependencies for the td-hostserver
RPM package.
You can verify this with the following command:
[root@hostserver ~]# yum install httpd mod_ssl
Setting up Install Process
Package httpd-2.2.15-30.0.1.el6_5.x86_64 already installed and latest version
Package 1:mod_ssl-2.2.15-30.0.1.el6_5.x86_64 already installed and latest version
Nothing to do
Update httpd.conf
¶
Open the web server configuration file /etc/httpd/conf/httpd.conf
in a text
editor to change the following parameters:
KeepAlive On
KeepAliveTimeout 2
ServerName <Your ServerName>
For security reasons, we also advise to disable the so-called “Server Signature” - a feature that adds a line containing the server version and virtual host name to server-generated pages (e.g. internal error documents, FTP directory listings, etc):
ServerSignature Off
By default, the server version and operating system is also displayed in the
Server
response header field, e.g. Server: Apache/2.2.15 (CentOS)
.
To suppress this output, we suggest to update the ServerTokens
option as
follows:
ServerTokens Prod
Disable Unneeded Apache Modules¶
The TeamDrive Registration Server only requires a few Apache modules to be
enabled. To reduce the memory footprint, please deactivate unnecessary modules
in the apache configuration. Only the following modules should be left enabled
in /etc/httpd/conf/httpd.conf
:
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule headers_module modules/mod_headers.so
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule mime_module modules/mod_mime.so
LoadModule autoindex_module modules/mod_autoindex.so
LoadModule actions_module modules/mod_actions.so
LoadModule alias_module modules/mod_alias.so
LoadModule rewrite_module modules/mod_rewrite.so
You also need to comment out the following variables in
/etc/httpd/conf/httpd.conf
, to avoid syntax errors caused by the disabled
modules:
# DirectoryIndex index.html index.html.var
# LanguagePriority en ca cs da de el eo es et fr he hr it ja ko ltz nl nn no
pl pt pt-BR ru sv zh-CN zh-TW
# ForceLanguagePriority Prefer Fallback
# BrowserMatch "Mozilla/2" nokeepalive
# BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
# BrowserMatch "RealPlayer 4\.0" force-response-1.0
# BrowserMatch "Java/1\.0" force-response-1.0
# BrowserMatch "JDK/1\.0" force-response-1.0
# BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully
# BrowserMatch "MS FrontPage" redirect-carefully
# BrowserMatch "^WebDrive" redirect-carefully
# BrowserMatch "^WebDAVFS/1.[0123]" redirect-carefully
# BrowserMatch "^gnome-vfs/1.0" redirect-carefully
# BrowserMatch "^XML Spy" redirect-carefully
# BrowserMatch "^Dreamweaver-WebDAV-SCM1" redirect-carefully
Configure mod_ssl
¶
The web-based TeamDrive Hosting Service Administration Console should be accessed
via an encrypted SSL connection. To facilitate this, add the following to the
end of the default <VirtualHost>
section in /etc/httpd/conf.d/ssl.conf
:
# Per-Server Logging:
# The home of a custom SSL log file. Use this when you want a
# compact non-error SSL logfile on a virtual host basis.
CustomLog logs/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
RewriteEngine on
RewriteLogLevel 0
RewriteLog "/var/log/httpd/rewrite.log"
RewriteRule ^/admin$ /admin/ [R]
RewriteRule ^/admin(.*) /yvva/p1a$1 [PT]
RewriteRule ^/pbas/p1_as/api/(.*)$ /yvva/api/$1 [PT]
RewriteRule ^/pbas/p1_as/p1a/(.*)$ /primespace/admin/$1 [PT]
</VirtualHost>