Apache http Server Installation and Configuration

The Apache http server and the mod_ssl Apache module should have already been installed as dependencies for the td-hostserver RPM package. You can verify this with the following command:

[root@hostserver ~]# yum install httpd mod_ssl
Setting up Install Process
Package httpd-2.2.15-30.0.1.el6_5.x86_64 already installed and latest version
Package 1:mod_ssl-2.2.15-30.0.1.el6_5.x86_64 already installed and latest version
Nothing to do

Update httpd.conf

Open the web server configuration file /etc/httpd/conf/httpd.conf in a text editor to change the following parameters:

KeepAlive On
KeepAliveTimeout 2
ServerName <Your ServerName>

For security reasons, we also advise to disable the so-called “Server Signature” - a feature that adds a line containing the server version and virtual host name to server-generated pages (e.g. internal error documents, FTP directory listings, etc):

ServerSignature Off

By default, the server version and operating system is also displayed in the Server response header field, e.g. Server: Apache/2.2.15 (CentOS). To suppress this output, we suggest to update the ServerTokens option as follows:

ServerTokens Prod

Disable Unneeded Apache Modules

The TeamDrive Registration Server only requires a few Apache modules to be enabled. To reduce the memory footprint, please deactivate unnecessary modules in the apache configuration. Only the following modules should be left enabled in /etc/httpd/conf/httpd.conf:

LoadModule authz_host_module modules/mod_authz_host.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule headers_module modules/mod_headers.so
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule mime_module modules/mod_mime.so
LoadModule autoindex_module modules/mod_autoindex.so
LoadModule actions_module modules/mod_actions.so
LoadModule alias_module modules/mod_alias.so
LoadModule rewrite_module modules/mod_rewrite.so

You also need to comment out the following variables in /etc/httpd/conf/httpd.conf, to avoid syntax errors caused by the disabled modules:

# DirectoryIndex index.html index.html.var
# LanguagePriority en ca cs da de el eo es et fr he hr it ja ko ltz nl nn no
pl pt pt-BR ru sv zh-CN zh-TW
# ForceLanguagePriority Prefer Fallback
# BrowserMatch "Mozilla/2" nokeepalive
# BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
# BrowserMatch "RealPlayer 4\.0" force-response-1.0
# BrowserMatch "Java/1\.0" force-response-1.0
# BrowserMatch "JDK/1\.0" force-response-1.0
# BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully
# BrowserMatch "MS FrontPage" redirect-carefully
# BrowserMatch "^WebDrive" redirect-carefully
# BrowserMatch "^WebDAVFS/1.[0123]" redirect-carefully
# BrowserMatch "^gnome-vfs/1.0" redirect-carefully
# BrowserMatch "^XML Spy" redirect-carefully
# BrowserMatch "^Dreamweaver-WebDAV-SCM1" redirect-carefully

Configure mod_ssl

The web-based TeamDrive Hosting Service Administration Console should be accessed via an encrypted SSL connection. To facilitate this, add the following to the end of the default <VirtualHost> section in /etc/httpd/conf.d/ssl.conf:

#   Per-Server Logging:
#   The home of a custom SSL log file. Use this when you want a
#   compact non-error SSL logfile on a virtual host basis.
CustomLog logs/ssl_request_log \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

RewriteEngine on
RewriteLogLevel 0
RewriteLog "/var/log/httpd/rewrite.log"
RewriteRule ^/admin$ /admin/ [R]
RewriteRule ^/admin(.*) /yvva/p1a$1 [PT]
RewriteRule ^/pbas/p1_as/api/(.*)$ /yvva/api/$1 [PT]