Apache http Server Installation and Configuration ================================================= The Apache http server and the ``mod_ssl`` Apache module should have already been installed as dependencies for the ``td-hostserver`` RPM package. You can verify this with the following command:: [root@hostserver ~]# yum install httpd mod_ssl Setting up Install Process Package httpd-2.2.15-30.0.1.el6_5.x86_64 already installed and latest version Package 1:mod_ssl-2.2.15-30.0.1.el6_5.x86_64 already installed and latest version Nothing to do Update ``httpd.conf`` --------------------- Open the web server configuration file ``/etc/httpd/conf/httpd.conf`` in a text editor to change the following parameters:: KeepAlive On KeepAliveTimeout 2 ServerName For security reasons, we also advise to disable the so-called "Server Signature" - a feature that adds a line containing the server version and virtual host name to server-generated pages (e.g. internal error documents, FTP directory listings, etc):: ServerSignature Off By default, the server version and operating system is also displayed in the ``Server`` response header field, e.g. ``Server: Apache/2.2.15 (CentOS)``. To suppress this output, we suggest to update the ``ServerTokens`` option as follows:: ServerTokens Prod Disable Unneeded Apache Modules ------------------------------- The TeamDrive Registration Server only requires a few Apache modules to be enabled. To reduce the memory footprint, please deactivate unnecessary modules in the apache configuration. Only the following modules should be left enabled in ``/etc/httpd/conf/httpd.conf``:: LoadModule authz_host_module modules/mod_authz_host.so LoadModule log_config_module modules/mod_log_config.so LoadModule headers_module modules/mod_headers.so LoadModule setenvif_module modules/mod_setenvif.so LoadModule mime_module modules/mod_mime.so LoadModule autoindex_module modules/mod_autoindex.so LoadModule actions_module modules/mod_actions.so LoadModule alias_module modules/mod_alias.so LoadModule rewrite_module modules/mod_rewrite.so You also need to comment out the following variables in ``/etc/httpd/conf/httpd.conf``, to avoid syntax errors caused by the disabled modules:: # DirectoryIndex index.html index.html.var # LanguagePriority en ca cs da de el eo es et fr he hr it ja ko ltz nl nn no pl pt pt-BR ru sv zh-CN zh-TW # ForceLanguagePriority Prefer Fallback # BrowserMatch "Mozilla/2" nokeepalive # BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0 # BrowserMatch "RealPlayer 4\.0" force-response-1.0 # BrowserMatch "Java/1\.0" force-response-1.0 # BrowserMatch "JDK/1\.0" force-response-1.0 # BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully # BrowserMatch "MS FrontPage" redirect-carefully # BrowserMatch "^WebDrive" redirect-carefully # BrowserMatch "^WebDAVFS/1.[0123]" redirect-carefully # BrowserMatch "^gnome-vfs/1.0" redirect-carefully # BrowserMatch "^XML Spy" redirect-carefully # BrowserMatch "^Dreamweaver-WebDAV-SCM1" redirect-carefully Configure ``mod_ssl`` --------------------- The web-based TeamDrive Hosting Service Administration Console should be accessed via an encrypted SSL connection. To facilitate this, add the following to the end of the default ```` section in ``/etc/httpd/conf.d/ssl.conf``:: # Per-Server Logging: # The home of a custom SSL log file. Use this when you want a # compact non-error SSL logfile on a virtual host basis. CustomLog logs/ssl_request_log \ "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" RewriteEngine on RewriteLogLevel 0 RewriteLog "/var/log/httpd/rewrite.log" RewriteRule ^/admin$ /admin/ [R] RewriteRule ^/admin(.*) /yvva/p1a$1 [PT] RewriteRule ^/depot(.*) /yvva/p1_as/p1p$1 [PT] RewriteRule ^/pbas/p1_as/api/(.*)$ /yvva/api/$1 [PT]