[deployment-guide/comm-rel: 449/727] Updated the source code formatting.
Jaromir Hradilek
jhradile at fedoraproject.org
Tue Oct 19 13:02:35 UTC 2010
commit 8d318e929c7506ea8621c374a20d562a9e83ad4c
Author: Jaromir Hradilek <jhradile at redhat.com>
Date: Mon Aug 23 10:28:46 2010 +0200
Updated the source code formatting.
This is mainly for my personal comfort, so that the code is consistent
and I can focus on the writing. When in it, I have also removed all
outdated RHEL5 comments.
en-US/The_Apache_HTTP_Server.xml | 4649 +++++++++++++++++---------------------
1 files changed, 2096 insertions(+), 2553 deletions(-)
---
diff --git a/en-US/The_Apache_HTTP_Server.xml b/en-US/The_Apache_HTTP_Server.xml
index c8f99d3..eff7475 100644
--- a/en-US/The_Apache_HTTP_Server.xml
+++ b/en-US/The_Apache_HTTP_Server.xml
@@ -1,231 +1,246 @@
<?xml version='1.0'?>
<!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
]>
-<chapter
- id="ch-The_Apache_HTTP_Server">
+<chapter id="ch-The_Apache_HTTP_Server">
<title>The Apache HTTP Server</title>
- <indexterm
- significance="normal">
+ <indexterm>
<primary>Apache HTTP Server</primary>
<secondary>introducing</secondary>
</indexterm>
- <indexterm
- significance="normal">
+ <indexterm>
<primary>Apache</primary>
<see>Apache HTTP Server</see>
</indexterm>
- <para>The Apache HTTP Server is a robust, commercial-grade open source Web server developed by the Apache Software Foundation (<ulink
- url="http://www.apache.org/">http://www.apache.org/</ulink>). &MAJOROSVER; includes the Apache HTTP Server 2.2 as well as a number of server modules designed to enhance its functionality.</para>
- <para>The default configuration file installed with the Apache HTTP Server works without alteration for most situations. This chapter outlines many of the directives found within its configuration file (<filename>/etc/httpd/conf/httpd.conf</filename>) to aid those who require a custom configuration or need to convert a configuration file from the older Apache HTTP Server 1.3 format.</para>
+ <para>
+ The Apache HTTP Server is a robust, commercial-grade open source Web server developed by the Apache Software Foundation (<ulink url="http://www.apache.org/">http://www.apache.org/</ulink>). &MAJOROSVER; includes the Apache HTTP Server 2.2 as well as a number of server modules designed to enhance its functionality.
+ </para>
+ <para>
+ The default configuration file installed with the Apache HTTP Server works without alteration for most situations. This chapter outlines many of the directives found within its configuration file (<filename>/etc/httpd/conf/httpd.conf</filename>) to aid those who require a custom configuration or need to convert a configuration file from the older Apache HTTP Server 1.3 format.
+ </para>
<warning>
<title>Warning</title>
- <para>If using the graphical <application>HTTP Configuration Tool</application> (<emphasis>system-config-httpd </emphasis>), <emphasis>do not</emphasis> hand edit the Apache HTTP Server's configuration file as the <application>HTTP Configuration Tool</application> regenerates this file whenever it is used.</para>
+ <para>
+ If using the graphical <application>HTTP Configuration Tool</application> (<emphasis>system-config-httpd </emphasis>), <emphasis>do not</emphasis> hand edit the Apache HTTP Server's configuration file as the <application>HTTP Configuration Tool</application> regenerates this file whenever it is used.
+ </para>
</warning>
- <section
- id="s1-httpd-v2">
+ <section id="s1-httpd-v2">
<title>Apache HTTP Server 2.2</title>
- <para>There are important differences between the Apache HTTP Server 2.2 and version 2.0.</para>
- <!-- RHEL5: Removing for F12
- (version 2.0 shipped with Red Hat Enterprise Linux 4 and earlier).-->
- <para>This section reviews some of the features of Apache HTTP Server 2.2 and outlines important changes. If you are upgrading from version 1.3, you should also read the instructions on migrating from version 1.3 to version 2.0. For instructions on migrating a version 1.3 configuration file to the 2.0 format, refer to <xref
- linkend="s3-httpd-v2-mig"/>.</para>
- <section
- id="s2-httpd-v2-features">
+ <para>
+ There are important differences between the Apache HTTP Server 2.2 and version 2.0.
+ </para>
+ <para>
+ This section reviews some of the features of Apache HTTP Server 2.2 and outlines important changes. If you are upgrading from version 1.3, you should also read the instructions on migrating from version 1.3 to version 2.0. For instructions on migrating a version 1.3 configuration file to the 2.0 format, refer to <xref linkend="s3-httpd-v2-mig" />.
+ </para>
+ <section id="s2-httpd-v2-features">
<title>Features of Apache HTTP Server 2.2</title>
- <indexterm
- significance="normal">
+ <indexterm>
<primary>Apache HTTP Server</primary>
<secondary>2.2</secondary>
<tertiary>features of</tertiary>
</indexterm>
- <para>Apache HTTP Server 2.2 features the following improvements over version 2.0 :</para>
+ <para>
+ Apache HTTP Server 2.2 features the following improvements over version 2.0:
+ </para>
<itemizedlist>
<listitem>
- <para>Improved caching modules (mod_cache, mod_disk_cache, mod_mem_cache).</para>
+ <para>
+ Improved caching modules (mod_cache, mod_disk_cache, mod_mem_cache).
+ </para>
</listitem>
<listitem>
- <para>A new structure for authentication and authorization support, replacing the authentication modules provided in previous versions.</para>
+ <para>
+ A new structure for authentication and authorization support, replacing the authentication modules provided in previous versions.
+ </para>
</listitem>
<listitem>
- <para>Support for proxy load balancing (mod_proxy_balancer)</para>
+ <para>
+ Support for proxy load balancing (mod_proxy_balancer)
+ </para>
</listitem>
<listitem>
- <para>support for handling large files (namely, greater than 2GB) on 32-bit platforms</para>
+ <para>
+ support for handling large files (namely, greater than 2GB) on 32-bit platforms
+ </para>
</listitem>
</itemizedlist>
- <para>The following changes have been made to the default httpd configuration:</para>
+ <para>
+ The following changes have been made to the default httpd configuration:
+ </para>
<itemizedlist>
<listitem>
- <para>The mod_cern_meta and mod_asis modules are no longer loaded by default.</para>
+ <para>
+ The mod_cern_meta and mod_asis modules are no longer loaded by default.
+ </para>
</listitem>
<listitem>
- <para>The mod_ext_filter module is now loaded by default.</para>
+ <para>
+ The mod_ext_filter module is now loaded by default.
+ </para>
</listitem>
</itemizedlist>
- <para>If upgrading from a previous release of &MAJOROS;, the httpd configuration will need to be updated for httpd 2.2. For more information, refer to http://httpd.apache.org/docs/2.2/upgrading.html</para>
+ <para>
+ If upgrading from a previous release of &MAJOROS;, the httpd configuration will need to be updated for httpd 2.2. For more information, refer to http://httpd.apache.org/docs/2.2/upgrading.html
+ </para>
</section>
</section>
- <section
- id="s1-httpd-mig">
+ <section id="s1-httpd-mig">
<title>Migrating Apache HTTP Server Configuration Files</title>
- <indexterm
- significance="normal">
+ <indexterm>
<primary>Apache HTTP Server</primary>
<secondary>2.2</secondary>
<tertiary>2.0</tertiary>
</indexterm>
- <indexterm
- significance="normal">
+ <indexterm>
<primary>Apache HTTP Server</primary>
<secondary>2.2</secondary>
<tertiary>migration to 2.2</tertiary>
</indexterm>
- <indexterm
- significance="normal">
+ <indexterm>
<primary>Apache HTTP Server</primary>
<secondary>migration to 2.2</secondary>
</indexterm>
- <section
- id="s1-httpd-v22-mig">
+ <section id="s1-httpd-v22-mig">
<title>Migrating Apache HTTP Server 2.0 Configuration Files</title>
- <indexterm
- significance="normal">
+ <indexterm>
<primary>Apache HTTP Server</primary>
<secondary>2.2</secondary>
<tertiary>migration from 2.0</tertiary>
</indexterm>
- <para>This section outlines migration from version 2.0 to 2.2. If you are migrating from version 1.3, please refer to <xref
- linkend="s3-httpd-v2-mig"/>.</para>
+ <para>
+ This section outlines migration from version 2.0 to 2.2. If you are migrating from version 1.3, please refer to <xref linkend="s3-httpd-v2-mig" />.
+ </para>
<itemizedlist>
<listitem>
- <para>Configuration files and startup scripts from version 2.0 need minor adjustments particularly in module names which may have changed. Third party modules which worked in version 2.0 can also work in version 2.2 but need to be recompiled before you load them. Key modules that need to be noted are authentication and authorization modules. For each of the modules which has been renamed the <ulink
- url="http://httpd.apache.org/docs/2.2/mod/mod_so.html#loadmodule"><command>LoadModule</command>
- </ulink> line will need to be updated.</para>
+ <para>
+ Configuration files and startup scripts from version 2.0 need minor adjustments particularly in module names which may have changed. Third party modules which worked in version 2.0 can also work in version 2.2 but need to be recompiled before you load them. Key modules that need to be noted are authentication and authorization modules. For each of the modules which has been renamed the <ulink url="http://httpd.apache.org/docs/2.2/mod/mod_so.html#loadmodule"><command>LoadModule</command></ulink> line will need to be updated.
+ </para>
</listitem>
<listitem>
- <para>The <command>mod_userdir</command> module will only act on requests if you provide a <command>UserDir</command> directive indicating a directory name. If you wish to maintain the procedures used in version 2.0, add the directive <command>UserDir public_html</command> in your configuration file.</para>
+ <para>
+ The <command>mod_userdir</command> module will only act on requests if you provide a <command>UserDir</command> directive indicating a directory name. If you wish to maintain the procedures used in version 2.0, add the directive <command>UserDir public_html</command> in your configuration file.
+ </para>
</listitem>
<listitem>
- <para>To enable SSL, edit the <filename>httpd.conf</filename> file adding the necessary <command>mod_ssl</command> directives. Use <command>apachectl start</command> as <command>apachectl startssl</command> is unavailable in version 2.2. You can view an example of SSL configuration for httpd in <filename>conf/extra/httpd-ssl.conf</filename>.</para>
+ <para>
+ To enable SSL, edit the <filename>httpd.conf</filename> file adding the necessary <command>mod_ssl</command> directives. Use <command>apachectl start</command> as <command>apachectl startssl</command> is unavailable in version 2.2. You can view an example of SSL configuration for httpd in <filename>conf/extra/httpd-ssl.conf</filename>.
+ </para>
</listitem>
<listitem>
- <para>To test your configuration it is advisable to use <command>service httpd configtest</command> which will detect configuration errors.</para>
+ <para>
+ To test your configuration it is advisable to use <command>service httpd configtest</command> which will detect configuration errors.
+ </para>
</listitem>
</itemizedlist>
- <para>More information on upgrading from version 2.0 to 2.2 can be found on <ulink
- url="http://httpd.apache.org/docs/2.2/upgrading.html">http://httpd.apache.org/docs/2.2/upgrading.html</ulink>.</para>
+ <para>
+ More information on upgrading from version 2.0 to 2.2 can be found on <ulink url="http://httpd.apache.org/docs/2.2/upgrading.html">http://httpd.apache.org/docs/2.2/upgrading.html</ulink>.
+ </para>
</section>
- <section
- id="s3-httpd-v2-mig">
+ <section id="s3-httpd-v2-mig">
<title>Migrating Apache HTTP Server 1.3 Configuration Files to 2.0</title>
- <indexterm
- significance="normal">
+ <indexterm>
<primary>Apache HTTP Server</primary>
<secondary>2.0</secondary>
<tertiary>migration from 1.3</tertiary>
</indexterm>
- <indexterm
- significance="normal">
+ <indexterm>
<primary>Apache HTTP Server</primary>
<secondary>1.3</secondary>
<tertiary>migration to 2.0</tertiary>
</indexterm>
- <indexterm
- significance="normal">
+ <indexterm>
<primary>Apache HTTP Server</primary>
<secondary>migration to 2.0</secondary>
</indexterm>
- <para>This section details migrating an Apache HTTP Server 1.3 configuration file to be utilized by Apache HTTP Server 2.0.</para>
- <!-- RHEL5: <para>If upgrading to Red Hat Enterprise Linux 5 from Red Hat Enterprise Linux 2.1, note that the new stock configuration file for the Apache HTTP Server 2.0 package is installed as <filename>/etc/httpd/conf/httpd.conf.rpmnew</filename> and the original version 1.3 <filename>httpd.conf</filename> is left untouched. It is entirely up to you whether to use the new configuration file and migrate the old settings to it, or use the existing file as a base and modify it to suit; however, some parts of the file have changed more than others and a mixed approach is generally the best. The stock configuration files for both version 1.3 and 2.0 are divided into three sections.</para>-->
- <para>If the <filename>/etc/httpd/conf/httpd.conf</filename> file is a modified version of the newly installed default and a saved a copy of the original configuration file is available, it may be easiest to invoke the <command>diff</command> command, as in the following example (logged in as root):</para>
+ <para>
+ This section details migrating an Apache HTTP Server 1.3 configuration file to be utilized by Apache HTTP Server 2.0.
+ </para>
+ <para>
+ If the <filename>/etc/httpd/conf/httpd.conf</filename> file is a modified version of the newly installed default and a saved a copy of the original configuration file is available, it may be easiest to invoke the <command>diff</command> command, as in the following example (logged in as root):
+ </para>
<screen>
<command>diff -u httpd.conf.orig httpd.conf | less</command>
</screen>
- <para>This command highlights any modifications made. If a copy of the original file is not available, extract it from an RPM package using the <command>rpm2cpio</command> and <command>cpio</command> commands, as in the following example:</para>
- <screen>
-<command>rpm2cpio apache-<replaceable><version-number></replaceable>.i386.rpm | cpio -i --make</command>
- </screen>
- <para>In the above command, replace <replaceable><version-number></replaceable> with the version number for the <filename>apache</filename> package.</para>
- <para>Finally, it is useful to know that the Apache HTTP Server has a testing mode to check for configuration errors. To use access it, type the following command:</para>
- <screen>
-<command>apachectl configtest</command>
- </screen>
- <section
- id="s2-httpd-mig-global">
+ <para>
+ This command highlights any modifications made. If a copy of the original file is not available, extract it from an RPM package using the <command>rpm2cpio</command> and <command>cpio</command> commands, as in the following example:
+ </para>
+ <screen><command>rpm2cpio apache-<replaceable><version-number></replaceable>.i386.rpm | cpio -i --make</command></screen>
+ <para>
+ In the above command, replace <replaceable><version-number></replaceable> with the version number for the <filename>apache</filename> package.
+ </para>
+ <para>
+ Finally, it is useful to know that the Apache HTTP Server has a testing mode to check for configuration errors. To use access it, type the following command:
+ </para>
+ <screen><command>apachectl configtest</command></screen>
+ <section id="s2-httpd-mig-global">
<title>Global Environment Configuration</title>
- <para>The global environment section of the configuration file contains directives which affect the overall operation of the Apache HTTP Server, such as the number of concurrent requests it can handle and the locations of the various files. This section requires a large number of changes and should be based on the Apache HTTP Server 2.0 configuration file, while migrating the old settings into it.</para>
- <section
- id="s3-httpd-v2-mig-port">
+ <para>
+ The global environment section of the configuration file contains directives which affect the overall operation of the Apache HTTP Server, such as the number of concurrent requests it can handle and the locations of the various files. This section requires a large number of changes and should be based on the Apache HTTP Server 2.0 configuration file, while migrating the old settings into it.
+ </para>
+ <section id="s3-httpd-v2-mig-port">
<title>Interface and Port Binding</title>
- <indexterm
- significance="normal">
+ <indexterm>
<primary>Apache HTTP Server</primary>
<secondary>migration to 2.0</secondary>
<tertiary>bind addresses and ports</tertiary>
</indexterm>
- <para>The <command>BindAddress</command> and <command>Port</command> directives no longer exist; their functionality is now provided by a more flexible <command>Listen</command> directive.</para>
- <para>If <command>Port 80</command> was set in the 1.3 version configuration file, change it to <command>Listen 80</command> in the 2.0 configuration file. If <command>Port</command> was set to some value <emphasis>other than 80</emphasis>, then append the port number to the contents of the <command>ServerName</command> directive.</para>
- <para>For example, the following is a sample Apache HTTP Server 1.3 directive:</para>
- <screen>
-<command>Port 123 ServerName www.example.com</command>
- </screen>
- <para>To migrate this setting to Apache HTTP Server 2.0, use the following structure:</para>
- <screen>
-<command><userinput>Listen</userinput> 123 ServerName www.example.com:<userinput>123</userinput> </command>
- </screen>
- <para>For more on this topic, refer to the following documentation on the Apache Software Foundation's website:</para>
+ <para>
+ The <command>BindAddress</command> and <command>Port</command> directives no longer exist; their functionality is now provided by a more flexible <command>Listen</command> directive.
+ </para>
+ <para>
+ If <command>Port 80</command> was set in the 1.3 version configuration file, change it to <command>Listen 80</command> in the 2.0 configuration file. If <command>Port</command> was set to some value <emphasis>other than 80</emphasis>, then append the port number to the contents of the <command>ServerName</command> directive.
+ </para>
+ <para>
+ For example, the following is a sample Apache HTTP Server 1.3 directive:
+ </para>
+ <screen><command>Port 123 ServerName www.example.com</command></screen>
+ <para>
+ To migrate this setting to Apache HTTP Server 2.0, use the following structure:
+ </para>
+ <screen><command><userinput>Listen</userinput> 123 ServerName www.example.com:<userinput>123</userinput></command></screen>
+ <para>
+ For more on this topic, refer to the following documentation on the Apache Software Foundation's website:
+ </para>
<itemizedlist>
<listitem>
<para>
- <ulink
- url="http://httpd.apache.org/docs-2.0/mod/mpm_common.html#listen">
- <command>http://httpd.apache.org/docs-2.0/mod/mpm_common.html#listen</command>
- </ulink>
+ <ulink url="http://httpd.apache.org/docs-2.0/mod/mpm_common.html#listen" />
</para>
</listitem>
<listitem>
<para>
- <ulink
- url="http://httpd.apache.org/docs-2.0/mod/core.html#servername">
- <command>http://httpd.apache.org/docs-2.0/mod/core.html#servername</command>
- </ulink>
+ <ulink url="http://httpd.apache.org/docs-2.0/mod/core.html#servername" />
</para>
</listitem>
</itemizedlist>
</section>
- <section
- id="s3-httpd-v2-mig-pool">
+ <section id="s3-httpd-v2-mig-pool">
<title>Server-Pool Size Regulation</title>
- <indexterm
- significance="normal">
+ <indexterm>
<primary>Apache HTTP Server</primary>
<secondary>Multi-Processing Modules</secondary>
- <tertiary>
- <command>prefork</command>
- </tertiary>
+ <tertiary><command>prefork</command></tertiary>
</indexterm>
- <indexterm
- significance="normal">
+ <indexterm>
<primary>Apache HTTP Server</primary>
<secondary>Multi-Processing Modules</secondary>
- <tertiary>
- <command>worker</command>
- </tertiary>
+ <tertiary><command>worker</command></tertiary>
</indexterm>
- <indexterm
- significance="normal">
+ <indexterm>
<primary>Apache HTTP Server</primary>
<secondary>Multi-Processing Modules</secondary>
<tertiary>activating <command>worker</command> MPM</tertiary>
</indexterm>
- <indexterm
- significance="normal">
+ <indexterm>
<primary>Apache HTTP Server</primary>
<secondary>migration to 2.0</secondary>
<tertiary>server-pool size</tertiary>
</indexterm>
- <para>When the Apache HTTP Server accepts requests, it dispatches child processes or threads to handle them. This group of child processes or threads is known as a <firstterm>server-pool</firstterm>. Under Apache HTTP Server 2.0, the responsibility for creating and maintaining these server-pools has been abstracted to a group of modules called <firstterm>Multi-Processing Modules</firstterm> (<firstterm>MPMs</firstterm>). Unlike other modules, only one module from the MPM group can be loaded by the Apache HTTP Server. There are three MPM modules that ship with 2.0: <command>prefork</command>, <command>worker</command>, and <command>perchild</command>. Currently only the <command>prefork</command> and <command>worker</command> MPMs are available, although the <command>perchild</command> MPM may be available at a later date.</para>
- <para>The original Apache HTTP Server 1.3 behavior has been moved into the <command>prefork</command> MPM. The <command>prefork</command> MPM accepts the same directives as Apache HTTP Server 1.3, so the following directives may be migrated directly:</para>
+ <para>
+ When the Apache HTTP Server accepts requests, it dispatches child processes or threads to handle them. This group of child processes or threads is known as a <firstterm>server-pool</firstterm>. Under Apache HTTP Server 2.0, the responsibility for creating and maintaining these server-pools has been abstracted to a group of modules called <firstterm>Multi-Processing Modules</firstterm> (<firstterm>MPMs</firstterm>). Unlike other modules, only one module from the MPM group can be loaded by the Apache HTTP Server. There are three MPM modules that ship with 2.0: <command>prefork</command>, <command>worker</command>, and <command>perchild</command>. Currently only the <command>prefork</command> and <command>worker</command> MPMs are available, although the <command>perchild</command> MPM may be available at a later date.
+ </para>
+ <para>
+ The original Apache HTTP Server 1.3 behavior has been moved into the <command>prefork</command> MPM. The <command>prefork</command> MPM accepts the same directives as Apache HTTP Server 1.3, so the following directives may be migrated directly:
+ </para>
<itemizedlist>
<listitem>
<para>
@@ -253,136 +268,152 @@
</para>
</listitem>
</itemizedlist>
- <para>The <command>worker</command> MPM implements a multi-process, multi-threaded server providing greater scalability. When using this MPM, requests are handled by threads, conserving system resources and allowing large numbers of requests to be served efficiently. Although some of the directives accepted by the <command>worker</command> MPM are the same as those accepted by the <command>prefork</command> MPM, the values for those directives should not be transfered directly from an Apache HTTP Server 1.3 installation. It is best to instead use the default values as a guide, then experiment to determine what values work best.</para>
+ <para>
+ The <command>worker</command> MPM implements a multi-process, multi-threaded server providing greater scalability. When using this MPM, requests are handled by threads, conserving system resources and allowing large numbers of requests to be served efficiently. Although some of the directives accepted by the <command>worker</command> MPM are the same as those accepted by the <command>prefork</command> MPM, the values for those directives should not be transfered directly from an Apache HTTP Server 1.3 installation. It is best to instead use the default values as a guide, then experiment to determine what values work best.
+ </para>
<important>
<title>Important</title>
- <para>To use the <command>worker</command> MPM, create the file <filename>/etc/sysconfig/httpd</filename> and add the following directive:</para>
- <screen>
-<command>HTTPD=/usr/sbin/httpd.worker</command>
- </screen>
+ <para>
+ To use the <command>worker</command> MPM, create the file <filename>/etc/sysconfig/httpd</filename> and add the following directive:
+ </para>
+ <screen><command>HTTPD=/usr/sbin/httpd.worker</command></screen>
</important>
- <para>For more on the topic of MPMs, refer to the following documentation on the Apache Software Foundation's website:</para>
+ <para>
+ For more on the topic of MPMs, refer to the following documentation on the Apache Software Foundation's website:
+ </para>
<itemizedlist>
<listitem>
<para>
- <ulink
- url="http://httpd.apache.org/docs-2.0/mpm.html">http://httpd.apache.org/docs-2.0/mpm.html</ulink>
+ <ulink url="http://httpd.apache.org/docs-2.0/mpm.html" />
</para>
</listitem>
</itemizedlist>
</section>
- <section
- id="s3-httpd-v2-mig-dso">
+ <section id="s3-httpd-v2-mig-dso">
<title>Dynamic Shared Object (DSO) Support</title>
- <indexterm
- significance="normal">
+ <indexterm>
<primary>Apache HTTP Server</primary>
<secondary>migration to 2.0</secondary>
<tertiary>DSO Support</tertiary>
</indexterm>
- <para>There are many changes required here, and it is highly recommended that anyone trying to modify an Apache HTTP Server 1.3 configuration to suit version 2.0 (as opposed to migrating the changes into the version 2.0 configuration) copy this section from the stock Apache HTTP Server 2.0 configuration file.</para>
- <para>Those who do not want to copy the section from the stock Apache HTTP Server 2.0 configuration should note the following:</para>
+ <para>
+ There are many changes required here, and it is highly recommended that anyone trying to modify an Apache HTTP Server 1.3 configuration to suit version 2.0 (as opposed to migrating the changes into the version 2.0 configuration) copy this section from the stock Apache HTTP Server 2.0 configuration file.
+ </para>
+ <para>
+ Those who do not want to copy the section from the stock Apache HTTP Server 2.0 configuration should note the following:
+ </para>
<itemizedlist>
<listitem>
- <para>The <command>AddModule</command> and <command>ClearModuleList</command> directives no longer exist. These directives where used to ensure that modules could be enabled in the correct order. The Apache HTTP Server 2.0 API allows modules to specify their ordering, eliminating the need for these two directives.</para>
+ <para>
+ The <command>AddModule</command> and <command>ClearModuleList</command> directives no longer exist. These directives where used to ensure that modules could be enabled in the correct order. The Apache HTTP Server 2.0 API allows modules to specify their ordering, eliminating the need for these two directives.
+ </para>
</listitem>
<listitem>
- <para>The order of the <command>LoadModule</command> lines are no longer relevant in most cases.</para>
+ <para>
+ The order of the <command>LoadModule</command> lines are no longer relevant in most cases.
+ </para>
</listitem>
<listitem>
- <para>Many modules have been added, removed, renamed, split up, or incorporated into others.</para>
+ <para>
+ Many modules have been added, removed, renamed, split up, or incorporated into others.
+ </para>
</listitem>
<listitem>
<para>
- <command>LoadModule</command> lines for modules packaged in their own RPMs (<filename>mod_ssl</filename>, <filename>php</filename>, <filename>mod_perl</filename>, and the like) are no longer necessary as they can be found in their relevant files within the <filename>/etc/httpd/conf.d/</filename> directory.</para>
+ <command>LoadModule</command> lines for modules packaged in their own RPMs (<filename>mod_ssl</filename>, <filename>php</filename>, <filename>mod_perl</filename>, and the like) are no longer necessary as they can be found in their relevant files within the <filename>/etc/httpd/conf.d/</filename> directory.
+ </para>
</listitem>
<listitem>
- <para>The various <command>HAVE_XXX</command> definitions are no longer defined.</para>
+ <para>
+ The various <command>HAVE_XXX</command> definitions are no longer defined.
+ </para>
</listitem>
</itemizedlist>
<important>
<title>Important</title>
- <para>If modifying the original file, note that it is of paramount importance that the <filename>httpd.conf</filename> contains the following directive:</para>
- <screen>
-<command>Include conf.d/*.conf</command>
- </screen>
- <para>Omission of this directive results in the failure of all modules packaged in their own RPMs (such as <filename>mod_perl</filename>, <filename>php</filename>, and <filename>mod_ssl</filename>).</para>
+ <para>
+ If modifying the original file, note that it is of paramount importance that the <filename>httpd.conf</filename> contains the following directive:
+ </para>
+ <screen><command>Include conf.d/*.conf</command></screen>
+ <para>
+ Omission of this directive results in the failure of all modules packaged in their own RPMs (such as <filename>mod_perl</filename>, <filename>php</filename>, and <filename>mod_ssl</filename>).
+ </para>
</important>
</section>
- <section
- id="s3-httpd-v2-mig-other">
+ <section id="s3-httpd-v2-mig-other">
<title>Other Global Environment Changes</title>
- <indexterm
- significance="normal">
+ <indexterm>
<primary>Apache HTTP Server</primary>
<secondary>migration to 2.0</secondary>
<tertiary>removed directives</tertiary>
</indexterm>
- <para>The following directives have been removed from Apache HTTP Server 2.0's configuration:</para>
+ <para>
+ The following directives have been removed from Apache HTTP Server 2.0's configuration:
+ </para>
<itemizedlist>
<listitem>
<para>
- <emphasis>
- <command>ServerType</command>
- </emphasis> — The Apache HTTP Server can only be run as <command>ServerType standalone</command> making this directive irrelevant.</para>
+ <emphasis><command>ServerType</command></emphasis> — The Apache HTTP Server can only be run as <command>ServerType standalone</command> making this directive irrelevant.
+ </para>
</listitem>
<listitem>
<para>
- <emphasis>
- <command>AccessConfig</command>
- </emphasis> and <emphasis><command>ResourceConfig</command>
- </emphasis> — These directives have been removed as they mirror the functionality of the <command>Include</command> directive. If the <command>AccessConfig</command> and <command>ResourceConfig</command> directives are set, replace them with <command>Include</command> directives.</para>
- <para>To ensure that the files are read in the order implied by the older directives, the <command>Include</command> directives should be placed at the end of the <filename>httpd.conf</filename>, with the one corresponding to <command>ResourceConfig</command> preceding the one corresponding to <command>AccessConfig</command>. If using the default values, include them explicitly as <filename>conf/srm.conf</filename> and <filename>conf/access.conf</filename> files.</para>
+ <emphasis><command>AccessConfig</command></emphasis> and <emphasis><command>ResourceConfig</command></emphasis> — These directives have been removed as they mirror the functionality of the <command>Include</command> directive. If the <command>AccessConfig</command> and <command>ResourceConfig</command> directives are set, replace them with <command>Include</command> directives.
+ </para>
+ <para>
+ To ensure that the files are read in the order implied by the older directives, the <command>Include</command> directives should be placed at the end of the <filename>httpd.conf</filename>, with the one corresponding to <command>ResourceConfig</command> preceding the one corresponding to <command>AccessConfig</command>. If using the default values, include them explicitly as <filename>conf/srm.conf</filename> and <filename>conf/access.conf</filename> files.
+ </para>
</listitem>
</itemizedlist>
</section>
</section>
- <section
- id="s2-httpd-v2-mig-main">
+ <section id="s2-httpd-v2-mig-main">
<title>Main Server Configuration</title>
- <para>The main server configuration section of the configuration file sets up the main server, which responds to any requests that are not handled by a virtual host defined within a <command><VirtualHost></command> container. Values here also provide defaults for any <command><VirtualHost></command> containers defined.</para>
- <para>The directives used in this section have changed little between Apache HTTP Server 1.3 and version 2.0. If the main server configuration is heavily customized, it may be easier to modify the existing configuration file to suit Apache HTTP Server 2.0. Users with only lightly customized main server sections should migrate their changes into the default 2.0 configuration.</para>
- <section
- id="s3-httpd-mig-main-map">
- <title>
- <command>UserDir</command> Mapping</title>
- <indexterm
- significance="normal">
+ <para>
+ The main server configuration section of the configuration file sets up the main server, which responds to any requests that are not handled by a virtual host defined within a <command><VirtualHost></command> container. Values here also provide defaults for any <command><VirtualHost></command> containers defined.
+ </para>
+ <para>
+ The directives used in this section have changed little between Apache HTTP Server 1.3 and version 2.0. If the main server configuration is heavily customized, it may be easier to modify the existing configuration file to suit Apache HTTP Server 2.0. Users with only lightly customized main server sections should migrate their changes into the default 2.0 configuration.
+ </para>
+ <section id="s3-httpd-mig-main-map">
+ <title><command>UserDir</command> Mapping</title>
+ <indexterm>
<primary>Apache HTTP Server</primary>
<secondary>migration to 2.0</secondary>
- <tertiary>
- <command>UserDir</command> directive</tertiary>
+ <tertiary><command>UserDir</command> directive</tertiary>
</indexterm>
- <para>The <command>UserDir</command> directive is used to enable URLs such as <filename>http://example.com/~bob/</filename> to map to a subdirectory within the home directory of the user <command>bob</command>, such as <filename>/home/bob/public_html/</filename>. A side-effect of this feature allows a potential attacker to determine whether a given username is present on the system. For this reason, the default configuration for Apache HTTP Server 2.0 disables this directive.</para>
- <para>To enable <command>UserDir</command> mapping, change the directive in <filename>httpd.conf</filename> from:</para>
- <screen>
-<command>UserDir disable</command>
- </screen>
- <para>to the following:</para>
- <screen>
-<command>UserDir <userinput>public_html</userinput>
- </command>
- </screen>
- <para>For more on this topic, refer to the following documentation on the Apache Software Foundation's website:</para>
+ <para>
+ The <command>UserDir</command> directive is used to enable URLs such as <filename>http://example.com/~bob/</filename> to map to a subdirectory within the home directory of the user <command>bob</command>, such as <filename>/home/bob/public_html/</filename>. A side-effect of this feature allows a potential attacker to determine whether a given username is present on the system. For this reason, the default configuration for Apache HTTP Server 2.0 disables this directive.
+ </para>
+ <para>
+ To enable <command>UserDir</command> mapping, change the directive in <filename>httpd.conf</filename> from:
+ </para>
+ <screen><command>UserDir disable</command></screen>
+ <para>
+ to the following:
+ </para>
+ <screen><command>UserDir <userinput>public_html</userinput></command></screen>
+ <para>
+ For more on this topic, refer to the following documentation on the Apache Software Foundation's website:
+ </para>
<itemizedlist>
<listitem>
<para>
- <ulink
- url="http://httpd.apache.org/docs-2.0/mod/mod_userdir.html#userdir">http://httpd.apache.org/docs-2.0/mod/mod_userdir.html#userdir</ulink>
+ <ulink url="http://httpd.apache.org/docs-2.0/mod/mod_userdir.html#userdir" />
</para>
</listitem>
</itemizedlist>
</section>
- <section
- id="s3-httpd-mig-main-log">
+ <section id="s3-httpd-mig-main-log">
<title>Logging</title>
- <indexterm
- significance="normal">
+ <indexterm>
<primary>Apache HTTP Server</primary>
<secondary>migration to 2.0</secondary>
<tertiary>logging</tertiary>
</indexterm>
- <para>The following logging directives have been removed:</para>
+ <para>
+ The following logging directives have been removed:
+ </para>
<itemizedlist>
<listitem>
<para>
@@ -400,260 +431,261 @@
</para>
</listitem>
</itemizedlist>
- <para>However, agent and referrer logs are still available using the <command>CustomLog</command> and <command>LogFormat</command> directives.</para>
- <para>For more on this topic, refer to the following documentation on the Apache Software Foundation's website:</para>
+ <para>
+ However, agent and referrer logs are still available using the <command>CustomLog</command> and <command>LogFormat</command> directives.
+ </para>
+ <para>
+ For more on this topic, refer to the following documentation on the Apache Software Foundation's website:
+ </para>
<itemizedlist>
<listitem>
<para>
- <ulink
- url="http://httpd.apache.org/docs-2.0/mod/mod_log_config.html#customlog">http://httpd.apache.org/docs-2.0/mod/mod_log_config.html#customlog</ulink>
- </para>
+ <ulink url="http://httpd.apache.org/docs-2.0/mod/mod_log_config.html#customlog" /> </para>
</listitem>
<listitem>
<para>
- <ulink
- url="http://httpd.apache.org/docs-2.0/mod/mod_log_config.html#logformat">http://httpd.apache.org/docs-2.0/mod/mod_log_config.html#logformat</ulink>
- </para>
+ <ulink url="http://httpd.apache.org/docs-2.0/mod/mod_log_config.html#logformat" /> </para>
</listitem>
</itemizedlist>
</section>
- <section
- id="s3-httpd-mig-main-dirindex">
+ <section id="s3-httpd-mig-main-dirindex">
<title>Directory Indexing</title>
- <indexterm
- significance="normal">
+ <indexterm>
<primary>Apache HTTP Server</primary>
<secondary>migration to 2.0</secondary>
<tertiary>directory indexing</tertiary>
</indexterm>
- <para>The deprecated <command>FancyIndexing</command> directive has now been removed. The same functionality is available through the <command>FancyIndexing</command>
- <emphasis>option</emphasis> within the <command>IndexOptions</command> directive.</para>
- <para>The <command>VersionSort</command> option to the <command>IndexOptions</command> directive causes files containing version numbers to be sorted in a more natural way. For example, <filename>httpd-2.0.6.tar</filename> appears before <filename>httpd-2.0.36.tar</filename> in a directory index page.</para>
- <para>The defaults for the <command>ReadmeName</command> and <command>HeaderName</command> directives have changed from <filename>README</filename> and <filename>HEADER</filename> to <filename>README.html</filename> and <filename>HEADER.html</filename>.</para>
- <para>For more on this topic, refer to the following documentation on the Apache Software Foundation's website:</para>
+ <para>
+ The deprecated <command>FancyIndexing</command> directive has now been removed. The same functionality is available through the <command>FancyIndexing</command> <emphasis>option</emphasis> within the <command>IndexOptions</command> directive.
+ </para>
+ <para>
+ The <command>VersionSort</command> option to the <command>IndexOptions</command> directive causes files containing version numbers to be sorted in a more natural way. For example, <filename>httpd-2.0.6.tar</filename> appears before <filename>httpd-2.0.36.tar</filename> in a directory index page.
+ </para>
+ <para>
+ The defaults for the <command>ReadmeName</command> and <command>HeaderName</command> directives have changed from <filename>README</filename> and <filename>HEADER</filename> to <filename>README.html</filename> and <filename>HEADER.html</filename>.
+ </para>
+ <para>
+ For more on this topic, refer to the following documentation on the Apache Software Foundation's website:
+ </para>
<itemizedlist>
<listitem>
<para>
- <ulink
- url="http://httpd.apache.org/docs-2.0/mod/mod_autoindex.html#indexoptions">http://httpd.apache.org/docs-2.0/mod/mod_autoindex.html#indexoptions</ulink>
+ <ulink url="http://httpd.apache.org/docs-2.0/mod/mod_autoindex.html#indexoptions" />
</para>
</listitem>
<listitem>
<para>
- <ulink
- url="http://httpd.apache.org/docs-2.0/mod/mod_autoindex.html#readmename">http://httpd.apache.org/docs-2.0/mod/mod_autoindex.html#readmename</ulink>
+ <ulink url="http://httpd.apache.org/docs-2.0/mod/mod_autoindex.html#readmename" />
</para>
</listitem>
<listitem>
<para>
- <ulink
- url="http://httpd.apache.org/docs-2.0/mod/mod_autoindex.html#headername">http://httpd.apache.org/docs-2.0/mod/mod_autoindex.html#headername</ulink>
+ <ulink url="http://httpd.apache.org/docs-2.0/mod/mod_autoindex.html#headername" />
</para>
</listitem>
</itemizedlist>
</section>
- <section
- id="s3-httpd-mig-main-cont">
+ <section id="s3-httpd-mig-main-cont">
<title>Content Negotiation</title>
- <indexterm
- significance="normal">
+ <indexterm>
<primary>Apache HTTP Server</primary>
<secondary>migration to 2.0</secondary>
<tertiary>content negotiation</tertiary>
</indexterm>
- <para>The <command>CacheNegotiatedDocs</command> directive now takes the argument <option>on</option> or <option>off</option>. Existing instances of <command>CacheNegotiatedDocs</command> should be replaced with <command>CacheNegotiatedDocs on</command>.</para>
- <para>For more on this topic, refer to the following documentation on the Apache Software Foundation's website:</para>
+ <para>
+ The <command>CacheNegotiatedDocs</command> directive now takes the argument <option>on</option> or <option>off</option>. Existing instances of <command>CacheNegotiatedDocs</command> should be replaced with <command>CacheNegotiatedDocs on</command>.
+ </para>
+ <para>
+ For more on this topic, refer to the following documentation on the Apache Software Foundation's website:
+ </para>
<itemizedlist>
<listitem>
<para>
- <ulink
- url="http://httpd.apache.org/docs-2.0/mod/mod_negotiation.html#cachenegotiateddocs">http://httpd.apache.org/docs-2.0/mod/mod_negotiation.html#cachenegotiateddocs</ulink>
+ <ulink url="http://httpd.apache.org/docs-2.0/mod/mod_negotiation.html#cachenegotiateddocs" />
</para>
</listitem>
</itemizedlist>
</section>
- <section
- id="s3-httpd-mig-main-error">
+ <section id="s3-httpd-mig-main-error">
<title>Error Documents</title>
- <indexterm
- significance="normal">
+ <indexterm>
<primary>Apache HTTP Server</primary>
<secondary>migration to 2.0</secondary>
<tertiary>error documents</tertiary>
</indexterm>
- <para>To use a hard-coded message with the <command>ErrorDocument</command> directive, the message should be enclosed in a pair of double quotation marks <command>"</command>, rather than just preceded by a double quotation mark as required in Apache HTTP Server 1.3.</para>
- <para>For example, the following is a sample Apache HTTP Server 1.3 directive:</para>
- <screen>
-<command>ErrorDocument 404 "The document was not found</command>
- </screen>
- <para>To migrate an <command>ErrorDocument</command> setting to Apache HTTP Server 2.0, use the following structure:</para>
- <screen>
-<command>ErrorDocument 404 "The document was not found"</command>
- </screen>
- <para>Note the trailing double quote in the previous <command>ErrorDocument</command> directive example.</para>
- <para>For more on this topic, refer to the following documentation on the Apache Software Foundation's website:</para>
+ <para>
+ To use a hard-coded message with the <command>ErrorDocument</command> directive, the message should be enclosed in a pair of double quotation marks <command>"</command>, rather than just preceded by a double quotation mark as required in Apache HTTP Server 1.3.
+ </para>
+ <para>
+ For example, the following is a sample Apache HTTP Server 1.3 directive:
+ </para>
+ <screen><command>ErrorDocument 404 "The document was not found</command></screen>
+ <para>
+ To migrate an <command>ErrorDocument</command> setting to Apache HTTP Server 2.0, use the following structure:
+ </para>
+ <screen><command>ErrorDocument 404 "The document was not found"</command></screen>
+ <para>
+ Note the trailing double quote in the previous <command>ErrorDocument</command> directive example.
+ </para>
+ <para>
+ For more on this topic, refer to the following documentation on the Apache Software Foundation's website:
+ </para>
<itemizedlist>
<listitem>
<para>
- <ulink
- url="http://httpd.apache.org/docs-2.0/mod/core.html#errordocument">http://httpd.apache.org/docs-2.0/mod/core.html#errordocument</ulink>
+ <ulink url="http://httpd.apache.org/docs-2.0/mod/core.html#errordocument" />
</para>
</listitem>
</itemizedlist>
</section>
</section>
- <section
- id="s2-httpd-v2-mig-virtual">
+ <section id="s2-httpd-v2-mig-virtual">
<title>Virtual Host Configuration</title>
- <indexterm
- significance="normal">
+ <indexterm>
<primary>Apache HTTP Server</primary>
<secondary>migration to 2.0</secondary>
<tertiary>virtual host configuration</tertiary>
</indexterm>
- <para>The contents of all <command><VirtualHost></command> containers should be migrated in the same way as the main server section as described in <xref
- linkend="s2-httpd-v2-mig-main"/>.</para>
+ <para>
+ The contents of all <command><VirtualHost></command> containers should be migrated in the same way as the main server section as described in <xref linkend="s2-httpd-v2-mig-main" />.
+ </para>
<important>
<title>Important</title>
- <para>Note that SSL/TLS virtual host configuration has been moved out of the main server configuration file and into <filename>/etc/httpd/conf.d/ssl.conf</filename>.</para>
+ <para>
+ Note that SSL/TLS virtual host configuration has been moved out of the main server configuration file and into <filename>/etc/httpd/conf.d/ssl.conf</filename>.
+ </para>
</important>
<itemizedlist>
<listitem>
<para>
- <ulink
- url="http://httpd.apache.org/docs-2.0/vhosts/">http://httpd.apache.org/docs-2.0/vhosts/</ulink>
+ <ulink url="http://httpd.apache.org/docs-2.0/vhosts/" />
</para>
</listitem>
</itemizedlist>
</section>
- <section
- id="s2-httpd-v2-mig-mod">
+ <section id="s2-httpd-v2-mig-mod">
<title>Modules and Apache HTTP Server 2.0</title>
- <indexterm
- significance="normal">
+ <indexterm>
<primary>Apache HTTP Server</primary>
<secondary>migration to 2.0</secondary>
<tertiary>module system changes</tertiary>
</indexterm>
- <para>In Apache HTTP Server 2.0, the module system has been changed to allow modules to be chained together or combined in new and interesting ways. <firstterm>Common Gateway Interface</firstterm> (<firstterm>CGI</firstterm>) scripts, for example, can generate server-parsed HTML documents which can then be processed by <filename>mod_include</filename>. This opens up a tremendous number of possibilities with regards to how modules can be combined to achieve a specific goal.</para>
- <para>The way this works is that each request is served by exactly one <firstterm>handler</firstterm> module followed by zero or more <firstterm>filter</firstterm> modules.</para>
- <para>Under Apache HTTP Server 1.3, for example, a Perl script would be handled in its entirety by the Perl module (<filename>mod_perl</filename>). Under Apache HTTP Server 2.0, the request is initially <emphasis>handled</emphasis> by the core module — which serves static files — and is then <emphasis>filtered</emphasis> by <filename>mod_perl</filename>.</para>
- <para>Exactly how to use this, and all other new features of Apache HTTP Server 2.0, is beyond the scope of this document; however, the change has ramifications if the <command>PATH_INFO</command> directive is used for a document which is handled by a module that is now implemented as a filter, as each contains trailing path information after the true file name. The core module, which initially handles the request, does not by default understand <command>PATH_INFO</command> and returns <computeroutput>404 Not Found</computeroutput> errors for requests that contain such information. As an alternative, use the <command>AcceptPathInfo</command> directive to coerce the core module into accepting requests with <command>PATH_INFO</command>.</para>
- <para>The following is an example of this directive:</para>
- <screen>
-<command>AcceptPathInfo on</command>
- </screen>
- <para>For more on this topic, refer to the following documentation on the Apache Software Foundation's website:</para>
+ <para>
+ In Apache HTTP Server 2.0, the module system has been changed to allow modules to be chained together or combined in new and interesting ways. <firstterm>Common Gateway Interface</firstterm> (<firstterm>CGI</firstterm>) scripts, for example, can generate server-parsed HTML documents which can then be processed by <filename>mod_include</filename>. This opens up a tremendous number of possibilities with regards to how modules can be combined to achieve a specific goal.
+ </para>
+ <para>
+ The way this works is that each request is served by exactly one <firstterm>handler</firstterm> module followed by zero or more <firstterm>filter</firstterm> modules.
+ </para>
+ <para>
+ Under Apache HTTP Server 1.3, for example, a Perl script would be handled in its entirety by the Perl module (<filename>mod_perl</filename>). Under Apache HTTP Server 2.0, the request is initially <emphasis>handled</emphasis> by the core module — which serves static files — and is then <emphasis>filtered</emphasis> by <filename>mod_perl</filename>.
+ </para>
+ <para>
+ Exactly how to use this, and all other new features of Apache HTTP Server 2.0, is beyond the scope of this document; however, the change has ramifications if the <command>PATH_INFO</command> directive is used for a document which is handled by a module that is now implemented as a filter, as each contains trailing path information after the true file name. The core module, which initially handles the request, does not by default understand <command>PATH_INFO</command> and returns <computeroutput>404 Not Found</computeroutput> errors for requests that contain such information. As an alternative, use the <command>AcceptPathInfo</command> directive to coerce the core module into accepting requests with <command>PATH_INFO</command>.
+ </para>
+ <para>
+ The following is an example of this directive:
+ </para>
+ <screen><command>AcceptPathInfo on</command></screen>
+ <para>
+ For more on this topic, refer to the following documentation on the Apache Software Foundation's website:
+ </para>
<itemizedlist>
<listitem>
<para>
- <ulink
- url="http://httpd.apache.org/docs-2.0/mod/core.html#acceptpathinfo">http://httpd.apache.org/docs-2.0/mod/core.html#acceptpathinfo</ulink>
+ <ulink url="http://httpd.apache.org/docs-2.0/mod/core.html#acceptpathinfo" />
</para>
</listitem>
<listitem>
<para>
- <ulink
- url="http://httpd.apache.org/docs-2.0/handler.html">http://httpd.apache.org/docs-2.0/handler.html</ulink>
+ <ulink url="http://httpd.apache.org/docs-2.0/handler.html" />
</para>
</listitem>
<listitem>
<para>
- <ulink
- url="http://httpd.apache.org/docs-2.0/filter.html">http://httpd.apache.org/docs-2.0/filter.html</ulink>
+ <ulink url="http://httpd.apache.org/docs-2.0/filter.html" />
</para>
</listitem>
</itemizedlist>
- <section
- id="s3-httpd-v2-mig-mod-suexec">
+ <section id="s3-httpd-v2-mig-mod-suexec">
<title>The <filename>suexec</filename> Module</title>
- <indexterm
- significance="normal">
+ <indexterm>
<primary>Apache HTTP Server</primary>
<secondary>migration to 2.0</secondary>
- <tertiary>
- <filename>SuexecUserGroup</filename>
- </tertiary>
+ <tertiary><filename>SuexecUserGroup</filename></tertiary>
</indexterm>
- <indexterm
- significance="normal">
- <primary>
- <command>SuexecUserGroup</command>
- </primary>
+ <indexterm>
+ <primary><command>SuexecUserGroup</command></primary>
<secondary>Apache configuration directive</secondary>
</indexterm>
- <indexterm
- significance="normal">
+ <indexterm>
<primary>configuration directives, Apache</primary>
- <secondary>
- <command>SuexecUserGroup</command>
- </secondary>
+ <secondary><command>SuexecUserGroup</command></secondary>
</indexterm>
- <para>In Apache HTTP Server 2.0, the <filename>mod_suexec</filename> module uses the <filename>SuexecUserGroup</filename> directive, rather than the <filename>User</filename> and <filename>Group</filename> directives, which is used for configuring virtual hosts. The <filename>User</filename> and <filename>Group</filename> directives can still be used in general, but are deprecated for configuring virtual hosts.</para>
- <para>For example, the following is a sample Apache HTTP Server 1.3 directive:</para>
- <screen>
-<command><VirtualHost vhost.example.com:80> User someone Group somegroup </VirtualHost></command>
- </screen>
- <para>To migrate this setting to Apache HTTP Server 2.0, use the following structure:</para>
- <screen>
-<command><VirtualHost vhost.example.com:80> SuexecUserGroup someone somegroup </VirtualHost></command>
- </screen>
+ <para>
+ In Apache HTTP Server 2.0, the <filename>mod_suexec</filename> module uses the <filename>SuexecUserGroup</filename> directive, rather than the <filename>User</filename> and <filename>Group</filename> directives, which is used for configuring virtual hosts. The <filename>User</filename> and <filename>Group</filename> directives can still be used in general, but are deprecated for configuring virtual hosts.
+ </para>
+ <para>
+ For example, the following is a sample Apache HTTP Server 1.3 directive:
+ </para>
+ <screen><command><VirtualHost vhost.example.com:80> User someone Group somegroup </VirtualHost></command></screen>
+ <para>
+ To migrate this setting to Apache HTTP Server 2.0, use the following structure:
+ </para>
+ <screen><command><VirtualHost vhost.example.com:80> SuexecUserGroup someone somegroup </VirtualHost></command></screen>
</section>
- <section
- id="s3-httpd-v2-mig-mod-ssl">
+ <section id="s3-httpd-v2-mig-mod-ssl">
<title>The <filename>mod_ssl</filename> Module</title>
- <indexterm
- significance="normal">
+ <indexterm>
<primary>Apache HTTP Server</primary>
<secondary>migration to 2.0</secondary>
- <tertiary>
- <filename>mod_ssl</filename>
- </tertiary>
+ <tertiary><filename>mod_ssl</filename></tertiary>
</indexterm>
- <para>The configuration for <filename>mod_ssl</filename> has been moved from the <filename>httpd.conf</filename> file into the <filename>/etc/httpd/conf.d/ssl.conf</filename> file. For this file to be loaded, and for <filename>mod_ssl</filename> to work, the statement <command>Include conf.d/*.conf</command> must be in the <filename>httpd.conf</filename> file as described in <xref
- linkend="s3-httpd-v2-mig-dso"/>.</para>
<para>
- <command>ServerName</command> directives in SSL virtual hosts must explicitly specify the port number.</para>
- <para>For example, the following is a sample Apache HTTP Server 1.3 directive:</para>
- <screen>
-<command><VirtualHost _default_:443> # General setup for the virtual host ServerName ssl.example.name ... </VirtualHost></command>
- </screen>
- <para>To migrate this setting to Apache HTTP Server 2.0, use the following structure:</para>
- <screen>
-<command><VirtualHost _default_:443> # General setup for the virtual host ServerName ssl.host.name<userinput>:443</userinput> ... </VirtualHost></command>
- </screen>
- <para>It is also important to note that both the <command>SSLLog</command> and <command>SSLLogLevel</command> directives have been removed. The <filename>mod_ssl</filename> module now obeys the <command>ErrorLog</command> and <command>LogLevel</command> directives. Refer to <xref
- linkend="s2-apache-errorlog"/> and <xref
- linkend="s2-apache-loglevel"/> for more information about these directives.</para>
- <para>For more on this topic, refer to the following documentation on the Apache Software Foundation's website:</para>
+ The configuration for <filename>mod_ssl</filename> has been moved from the <filename>httpd.conf</filename> file into the <filename>/etc/httpd/conf.d/ssl.conf</filename> file. For this file to be loaded, and for <filename>mod_ssl</filename> to work, the statement <command>Include conf.d/*.conf</command> must be in the <filename>httpd.conf</filename> file as described in <xref linkend="s3-httpd-v2-mig-dso" />.
+ </para>
+ <para>
+ <command>ServerName</command> directives in SSL virtual hosts must explicitly specify the port number.
+ </para>
+ <para>
+ For example, the following is a sample Apache HTTP Server 1.3 directive:
+ </para>
+ <screen><command><VirtualHost _default_:443> # General setup for the virtual host ServerName ssl.example.name ... </VirtualHost></command></screen>
+ <para>
+ To migrate this setting to Apache HTTP Server 2.0, use the following structure:
+ </para>
+ <screen><command><VirtualHost _default_:443> # General setup for the virtual host ServerName ssl.host.name<userinput>:443</userinput> ... </VirtualHost></command></screen>
+ <para>
+ It is also important to note that both the <command>SSLLog</command> and <command>SSLLogLevel</command> directives have been removed. The <filename>mod_ssl</filename> module now obeys the <command>ErrorLog</command> and <command>LogLevel</command> directives. Refer to <xref linkend="s2-apache-errorlog" /> and <xref linkend="s2-apache-loglevel" /> for more information about these directives.
+ </para>
+ <para>
+ For more on this topic, refer to the following documentation on the Apache Software Foundation's website:
+ </para>
<itemizedlist>
<listitem>
<para>
- <ulink
- url="http://httpd.apache.org/docs-2.0/mod/mod_ssl.html">http://httpd.apache.org/docs-2.0/mod/mod_ssl.html</ulink>
+ <ulink url="http://httpd.apache.org/docs-2.0/mod/mod_ssl.html" />
</para>
</listitem>
<listitem>
<para>
- <ulink
- url="http://httpd.apache.org/docs-2.0/vhosts/">http://httpd.apache.org/docs-2.0/vhosts/</ulink>
+ <ulink url="http://httpd.apache.org/docs-2.0/vhosts/" />
</para>
</listitem>
</itemizedlist>
</section>
- <section
- id="s3-httpd-v2-mig-mod-proxy">
+ <section id="s3-httpd-v2-mig-mod-proxy">
<title>The <filename>mod_proxy</filename> Module</title>
- <indexterm
- significance="normal">
+ <indexterm>
<primary>Apache HTTP Server</primary>
<secondary>migration to 2.0</secondary>
- <tertiary>
- <filename>mod_proxy</filename>
- </tertiary>
+ <tertiary><filename>mod_proxy</filename></tertiary>
</indexterm>
- <para>Proxy access control statements are now placed inside a <command><Proxy></command> block rather than a <command><Directory proxy:></command>.</para>
- <para>The caching functionality of the old <filename>mod_proxy</filename> has been split out into the following three modules:</para>
+ <para>
+ Proxy access control statements are now placed inside a <command><Proxy></command> block rather than a <command><Directory proxy:></command>.
+ </para>
+ <para>
+ The caching functionality of the old <filename>mod_proxy</filename> has been split out into the following three modules:
+ </para>
<itemizedlist>
<listitem>
<para>
@@ -671,106 +703,107 @@
</para>
</listitem>
</itemizedlist>
- <para>These generally use directives similar to the older versions of the <filename>mod_proxy</filename> module, but it is advisable to verify each directive before migrating any cache settings.</para>
- <para>For more on this topic, refer to the following documentation on the Apache Software Foundation's website:</para>
+ <para>
+ These generally use directives similar to the older versions of the <filename>mod_proxy</filename> module, but it is advisable to verify each directive before migrating any cache settings.
+ </para>
+ <para>
+ For more on this topic, refer to the following documentation on the Apache Software Foundation's website:
+ </para>
<itemizedlist>
<listitem>
<para>
- <ulink
- url="http://httpd.apache.org/docs-2.0/mod/mod_proxy.html">http://httpd.apache.org/docs-2.0/mod/mod_proxy.html</ulink>
+ <ulink url="http://httpd.apache.org/docs-2.0/mod/mod_proxy.html" />
</para>
</listitem>
</itemizedlist>
</section>
- <section
- id="s3-httpd-v2-mig-mod-include">
+ <section id="s3-httpd-v2-mig-mod-include">
<title>The <filename>mod_include</filename> Module</title>
- <indexterm
- significance="normal">
+ <indexterm>
<primary>Apache HTTP Server</primary>
<secondary>migration to 2.0</secondary>
- <tertiary>
- <filename>mod_include</filename>
- </tertiary>
+ <tertiary><filename>mod_include</filename></tertiary>
</indexterm>
- <para>The <filename>mod_include</filename> module is now implemented as a filter and is therefore enabled differently. Refer to <xref
- linkend="s2-httpd-v2-mig-mod"/> for more about filters.</para>
- <para>For example, the following is a sample Apache HTTP Server 1.3 directive:</para>
- <screen>
-<command>AddType text/html .shtml AddHandler server-parsed .shtml</command>
- </screen>
- <para>To migrate this setting to Apache HTTP Server 2.0, use the following structure:</para>
+ <para>
+ The <filename>mod_include</filename> module is now implemented as a filter and is therefore enabled differently. Refer to <xref linkend="s2-httpd-v2-mig-mod" /> for more about filters.
+ </para>
+ <para>
+ For example, the following is a sample Apache HTTP Server 1.3 directive:
+ </para>
+ <screen><command>AddType text/html .shtml AddHandler server-parsed .shtml</command></screen>
+ <para>
+ To migrate this setting to Apache HTTP Server 2.0, use the following structure:
+ </para>
<screen>
<command>AddType text/html .shtml <userinput>AddOutputFilter INCLUDES</userinput> .shtml</command>
</screen>
- <para>Note that the <command>Options +Includes</command> directive is still required for the <command><Directory></command> container or in a <filename>.htaccess</filename> file.</para>
- <para>For more on this topic, refer to the following documentation on the Apache Software Foundation's website:</para>
+ <para>
+ Note that the <command>Options +Includes</command> directive is still required for the <command><Directory></command> container or in a <filename>.htaccess</filename> file.
+ </para>
+ <para>
+ For more on this topic, refer to the following documentation on the Apache Software Foundation's website:
+ </para>
<itemizedlist>
<listitem>
<para>
- <ulink
- url="http://httpd.apache.org/docs-2.0/mod/mod_include.html">http://httpd.apache.org/docs-2.0/mod/mod_include.html</ulink>
+ <ulink url="http://httpd.apache.org/docs-2.0/mod/mod_include.html" />
</para>
</listitem>
</itemizedlist>
</section>
- <section
- id="s3-httpd-v2-mig-mod-dbm">
+ <section id="s3-httpd-v2-mig-mod-dbm">
<title>The <filename>mod_auth_dbm</filename> and <filename>mod_auth_db</filename> Modules</title>
- <indexterm
- significance="normal">
+ <indexterm>
<primary>Apache HTTP Server</primary>
<secondary>migration to 2.0</secondary>
- <tertiary>
- <filename>mod_auth_dbm</filename>
- </tertiary>
+ <tertiary><filename>mod_auth_dbm</filename></tertiary>
</indexterm>
- <indexterm
- significance="normal">
+ <indexterm>
<primary>Apache HTTP Server</primary>
<secondary>migration to 2.0</secondary>
- <tertiary>
- <filename>mod_auth_db</filename>
- </tertiary>
+ <tertiary><filename>mod_auth_db</filename></tertiary>
</indexterm>
- <para>Apache HTTP Server 1.3 supported two authentication modules, <filename>mod_auth_db</filename> and <filename>mod_auth_dbm</filename>, which used Berkeley Databases and DBM databases respectively. These modules have been combined into a single module named <filename>mod_auth_dbm</filename> in Apache HTTP Server 2.0, which can access several different database formats. To migrate from <filename>mod_auth_db</filename>, configuration files should be adjusted by replacing <command>AuthDBUserFile</command> and <command>AuthDBGroupFile</command> with the <filename>mod_auth_dbm</filename> equivalents, <command>AuthDBMUserFile</command> and <command>AuthDBMGroupFile</command>. Also, the directive <command>AuthDBMType DB</command> must be added to indicate the type of database file in use.</para>
- <para>The following example shows a sample <filename>mod_auth_db</filename> configuration for Apache HTTP Server 1.3:</para>
- <screen>
-<command><Location /private/> AuthType Basic AuthName "My Private Files" AuthDBUserFile /var/www/authdb require valid-user </Location></command>
- </screen>
- <para>To migrate this setting to version 2.0 of Apache HTTP Server, use the following structure:</para>
- <screen>
-<command><Location /private/> AuthType Basic AuthName "My Private Files" <userinput>AuthDBMUserFile</userinput> /var/www/authdb <userinput>AuthDBMType DB</userinput> require valid-user </Location></command>
- </screen>
- <para>Note that the <command>AuthDBMUserFile</command> directive can also be used in <filename>.htaccess</filename> files.</para>
- <para>The <command>dbmmanage</command> Perl script, used to manipulate username and password databases, has been replaced by <command>htdbm</command> in Apache HTTP Server 2.0. The <command>htdbm</command> program offers equivalent functionality and, like <filename>mod_auth_dbm</filename>, can operate a variety of database formats; the <option>-T</option> option can be used on the command line to specify the format to use.</para>
<para>
- <xref
- linkend="table-htdbm"/> shows how to migrate from a DBM-format database to <command>htdbm</command> format using <command>dbmmanage</command>.</para>
- <table
- id="table-htdbm">
- <title>Migrating from <command>dbmmanage</command> to <command>htdbm</command>
- </title>
- <tgroup
- cols="3">
+ Apache HTTP Server 1.3 supported two authentication modules, <filename>mod_auth_db</filename> and <filename>mod_auth_dbm</filename>, which used Berkeley Databases and DBM databases respectively. These modules have been combined into a single module named <filename>mod_auth_dbm</filename> in Apache HTTP Server 2.0, which can access several different database formats. To migrate from <filename>mod_auth_db</filename>, configuration files should be adjusted by replacing <command>AuthDBUserFile</command> and <command>AuthDBGroupFile</command> with the <filename>mod_auth_dbm</filename> equivalents, <command>AuthDBMUserFile</command> and <command>AuthDBMGroupFile</command>. Also, the directive <command>AuthDBMType DB</command> must be added to indicate the type of database file in use.
+ </para>
+ <para>
+ The following example shows a sample <filename>mod_auth_db</filename> configuration for Apache HTTP Server 1.3:
+ </para>
+ <screen><command><Location /private/> AuthType Basic AuthName "My Private Files" AuthDBUserFile /var/www/authdb require valid-user </Location></command></screen>
+ <para>
+ To migrate this setting to version 2.0 of Apache HTTP Server, use the following structure:
+ </para>
+ <screen><command><Location /private/> AuthType Basic AuthName "My Private Files" <userinput>AuthDBMUserFile</userinput> /var/www/authdb <userinput>AuthDBMType DB</userinput> require valid-user </Location></command></screen>
+ <para>
+ Note that the <command>AuthDBMUserFile</command> directive can also be used in <filename>.htaccess</filename> files.
+ </para>
+ <para>
+ The <command>dbmmanage</command> Perl script, used to manipulate username and password databases, has been replaced by <command>htdbm</command> in Apache HTTP Server 2.0. The <command>htdbm</command> program offers equivalent functionality and, like <filename>mod_auth_dbm</filename>, can operate a variety of database formats; the <option>-T</option> option can be used on the command line to specify the format to use.
+ </para>
+ <para>
+ <xref linkend="table-htdbm" /> shows how to migrate from a DBM-format database to <command>htdbm</command> format using <command>dbmmanage</command>.
+ </para>
+ <table id="table-htdbm">
+ <title>Migrating from <command>dbmmanage</command> to <command>htdbm</command></title>
+ <tgroup cols="3">
<thead>
<row>
<entry>
- Action
- </entry>
+ Action
+ </entry>
<entry>
- dbmmanage command (1.3)
- </entry>
+ dbmmanage command (1.3)
+ </entry>
<entry>
- Equivalent htdbm command (2.0)
- </entry>
+ Equivalent htdbm command (2.0)
+ </entry>
</row>
</thead>
<tbody>
<row>
<entry>
- Add user to database (using given password)
- </entry>
+ Add user to database (using given password)
+ </entry>
<entry>
<command>dbmmanage authdb add username password</command>
</entry>
@@ -780,8 +813,8 @@
</row>
<row>
<entry>
- Add user to database (prompts for password)
- </entry>
+ Add user to database (prompts for password)
+ </entry>
<entry>
<command>dbmmanage authdb adduser username</command>
</entry>
@@ -791,8 +824,8 @@
</row>
<row>
<entry>
- Remove user from database
- </entry>
+ Remove user from database
+ </entry>
<entry>
<command>dbmmanage authdb delete username</command>
</entry>
@@ -802,8 +835,8 @@
</row>
<row>
<entry>
- List users in database
- </entry>
+ List users in database
+ </entry>
<entry>
<command>dbmmanage authdb view</command>
</entry>
@@ -813,8 +846,8 @@
</row>
<row>
<entry>
- Verify a password
- </entry>
+ Verify a password
+ </entry>
<entry>
<command>dbmmanage authdb check username</command>
</entry>
@@ -825,2865 +858,2348 @@
</tbody>
</tgroup>
</table>
- <para>The <option>-m</option> and <option>-s</option> options work with both <command>dbmmanage</command> and <command>htdbm</command>, enabling the use of the MD5 or SHA1 algorithms for hashing passwords, respectively.</para>
- <para>When creating a new database with <command>htdbm</command>, the <command>-c</command> option must be used.</para>
- <para>For more on this topic, refer to the following documentation on the Apache Software Foundation's website:</para>
+ <para>
+ The <option>-m</option> and <option>-s</option> options work with both <command>dbmmanage</command> and <command>htdbm</command>, enabling the use of the MD5 or SHA1 algorithms for hashing passwords, respectively.
+ </para>
+ <para>
+ When creating a new database with <command>htdbm</command>, the <command>-c</command> option must be used.
+ </para>
+ <para>
+ For more on this topic, refer to the following documentation on the Apache Software Foundation's website:
+ </para>
<itemizedlist>
<listitem>
<para>
- <ulink
- url="http://httpd.apache.org/docs-2.0/mod/mod_auth_dbm.html">http://httpd.apache.org/docs-2.0/mod/mod_auth_dbm.html</ulink>
+ <ulink url="http://httpd.apache.org/docs-2.0/mod/mod_auth_dbm.html" />
</para>
</listitem>
</itemizedlist>
</section>
- <section
- id="s3-httpd-v2-mig-mod-perl">
+ <section id="s3-httpd-v2-mig-mod-perl">
<title>The <filename>mod_perl</filename> Module</title>
- <indexterm
- significance="normal">
+ <indexterm>
<primary>Apache HTTP Server</primary>
<secondary>migration to 2.0</secondary>
- <tertiary>
- <filename>mod_perl</filename>
- </tertiary>
+ <tertiary><filename>mod_perl</filename></tertiary>
</indexterm>
- <para>The configuration for <filename>mod_perl</filename> has been moved from <filename>httpd.conf</filename> into the file <filename>/etc/httpd/conf.d/perl.conf</filename>. For this file to be loaded, and hence for <filename>mod_perl</filename> to work, the statement <command>Include conf.d/*.conf</command> must be included in <filename>httpd.conf</filename> as described in <xref
- linkend="s3-httpd-v2-mig-dso"/>.</para>
- <para>Occurrences of <command>Apache::</command> in <filename>httpd.conf</filename> must be replaced with <command>ModPerl::</command>. Additionally, the manner in which handlers are registered has been changed.</para>
- <para>This is a sample Apache HTTP Server 1.3 <filename>mod_perl</filename> configuration:</para>
- <screen>
-<command><Directory /var/www/perl> SetHandler perl-script PerlHandler Apache::Registry Options +ExecCGI </Directory></command>
- </screen>
- <para>This is the equivalent <filename>mod_perl</filename> for Apache HTTP Server 2.0:</para>
- <screen>
-<command><Directory /var/www/perl> SetHandler perl-script <userinput>PerlResponseHandler ModPerl::Registry</userinput> Options +ExecCGI </Directory></command>
- </screen>
- <para>Most modules for <filename>mod_perl</filename> 1.x should work without modification with <filename>mod_perl</filename> 2.x. XS modules require recompilation and may require minor Makefile modifications.</para>
+ <para>
+ The configuration for <filename>mod_perl</filename> has been moved from <filename>httpd.conf</filename> into the file <filename>/etc/httpd/conf.d/perl.conf</filename>. For this file to be loaded, and hence for <filename>mod_perl</filename> to work, the statement <command>Include conf.d/*.conf</command> must be included in <filename>httpd.conf</filename> as described in <xref linkend="s3-httpd-v2-mig-dso" />.
+ </para>
+ <para>
+ Occurrences of <command>Apache::</command> in <filename>httpd.conf</filename> must be replaced with <command>ModPerl::</command>. Additionally, the manner in which handlers are registered has been changed.
+ </para>
+ <para>
+ This is a sample Apache HTTP Server 1.3 <filename>mod_perl</filename> configuration:
+ </para>
+ <screen><command><Directory /var/www/perl> SetHandler perl-script PerlHandler Apache::Registry Options +ExecCGI </Directory></command></screen>
+ <para>
+ This is the equivalent <filename>mod_perl</filename> for Apache HTTP Server 2.0:
+ </para>
+ <screen><command><Directory /var/www/perl> SetHandler perl-script <userinput>PerlResponseHandler ModPerl::Registry</userinput> Options +ExecCGI </Directory></command></screen>
+ <para>
+ Most modules for <filename>mod_perl</filename> 1.x should work without modification with <filename>mod_perl</filename> 2.x. XS modules require recompilation and may require minor Makefile modifications.
+ </para>
</section>
- <section
- id="s3-httpd-v2-mig-mod-python">
+ <section id="s3-httpd-v2-mig-mod-python">
<title>The <filename>mod_python</filename> Module</title>
- <para>Configuration for <filename>mod_python</filename> has moved from <filename>httpd.conf</filename> to the <filename>/etc/httpd/conf.d/python.conf</filename> file. For this file to be loaded, and hence for <filename>mod_python</filename> to work, the statement <command>Include conf.d/*.conf</command> must be in <filename>httpd.conf</filename> as described in <xref
- linkend="s3-httpd-v2-mig-dso"/>.</para>
+ <para>
+ Configuration for <filename>mod_python</filename> has moved from <filename>httpd.conf</filename> to the <filename>/etc/httpd/conf.d/python.conf</filename> file. For this file to be loaded, and hence for <filename>mod_python</filename> to work, the statement <command>Include conf.d/*.conf</command> must be in <filename>httpd.conf</filename> as described in <xref linkend="s3-httpd-v2-mig-dso" />.
+ </para>
</section>
- <section
- id="s3-httpd-v2-mig-mod-php">
+ <section id="s3-httpd-v2-mig-mod-php">
<title>PHP</title>
- <indexterm
- significance="normal">
+ <indexterm>
<primary>Apache HTTP Server</primary>
<secondary>migration to 2.0</secondary>
<tertiary>PHP</tertiary>
</indexterm>
- <para>The configuration for PHP has been moved from <filename>httpd.conf</filename> into the file <filename>/etc/httpd/conf.d/php.conf</filename>. For this file to be loaded, the statement <command>Include conf.d/*.conf</command> must be in <filename>httpd.conf</filename> as described in <xref
- linkend="s3-httpd-v2-mig-dso"/>.</para>
+ <para>
+ The configuration for PHP has been moved from <filename>httpd.conf</filename> into the file <filename>/etc/httpd/conf.d/php.conf</filename>. For this file to be loaded, the statement <command>Include conf.d/*.conf</command> must be in <filename>httpd.conf</filename> as described in <xref linkend="s3-httpd-v2-mig-dso" />.
+ </para>
<note>
<title>Note</title>
- <para>Any PHP configuration directives used in Apache HTTP Server 1.3 are now fully compatible, when migrating to Apache HTTP Server 2.0 on &MAJOROSVER;.</para>
+ <para>
+ Any PHP configuration directives used in Apache HTTP Server 1.3 are now fully compatible, when migrating to Apache HTTP Server 2.0 on &MAJOROSVER;.
+ </para>
</note>
- <para>In PHP version 4.2.0 and later the default set of predefined variables which are available in the global scope has changed. Individual input and server variables are, by default, no longer placed directly into the global scope. This change may cause scripts to break. Revert to the old behavior by setting <command>register_globals</command> to <command>On</command> in the file <filename>/etc/php.ini</filename>.</para>
- <para>For more on this topic, refer to the following URL for details concerning the global scope changes:</para>
+ <para>
+ In PHP version 4.2.0 and later the default set of predefined variables which are available in the global scope has changed. Individual input and server variables are, by default, no longer placed directly into the global scope. This change may cause scripts to break. Revert to the old behavior by setting <command>register_globals</command> to <command>On</command> in the file <filename>/etc/php.ini</filename>.
+ </para>
+ <para>
+ For more on this topic, refer to the following URL for details concerning the global scope changes:
+ </para>
<itemizedlist>
<listitem>
<para>
- <ulink
- url="http://www.php.net/release_4_1_0.php">http://www.php.net/release_4_1_0.php</ulink>
+ <ulink url="http://www.php.net/release_4_1_0.php" />
</para>
</listitem>
</itemizedlist>
</section>
- <section
- id="s3-httpd-v2-mig-mod-ldapz">
+ <section id="s3-httpd-v2-mig-mod-ldapz">
<title>The <filename>mod_authz_ldap</filename> Module</title>
- <indexterm
- significance="normal">
+ <indexterm>
<primary>Apache HTTP Server</primary>
<secondary>migration to 2.0</secondary>
<tertiary>LDAP</tertiary>
</indexterm>
- <para>&MAJOROS; ships with the <filename>mod_authz_ldap</filename> module for the Apache HTTP Server. This module uses the short form of the distinguished name for a subject and the issuer of the client SSL certificate to determine the distinguished name of the user within an LDAP directory. It is also capable of authorizing users based on attributes of that user's LDAP directory entry, determining access to assets based on the user and group privileges of the asset, and denying access for users with expired passwords. The <filename>mod_ssl</filename> module is required when using the <filename>mod_authz_ldap</filename> module.</para>
+ <para>
+ &MAJOROS; ships with the <filename>mod_authz_ldap</filename> module for the Apache HTTP Server. This module uses the short form of the distinguished name for a subject and the issuer of the client SSL certificate to determine the distinguished name of the user within an LDAP directory. It is also capable of authorizing users based on attributes of that user's LDAP directory entry, determining access to assets based on the user and group privileges of the asset, and denying access for users with expired passwords. The <filename>mod_ssl</filename> module is required when using the <filename>mod_authz_ldap</filename> module.
+ </para>
<important>
<title>Important</title>
- <para>The <filename>mod_authz_ldap</filename> module does not authenticate a user to an LDAP directory using an encrypted password hash. This functionality is provided by the experimental <filename>mod_auth_ldap</filename> module. Refer to the <filename>mod_auth_ldap</filename> module documentation online at <ulink
- url="http://httpd.apache.org/docs-2.0/mod/mod_auth_ldap.html">http://httpd.apache.org/docs-2.0/mod/mod_auth_ldap.html</ulink> for details on the status of this module.</para>
+ <para>
+ The <filename>mod_authz_ldap</filename> module does not authenticate a user to an LDAP directory using an encrypted password hash. This functionality is provided by the experimental <filename>mod_auth_ldap</filename> module. Refer to the <filename>mod_auth_ldap</filename> module documentation online at <ulink url="http://httpd.apache.org/docs-2.0/mod/mod_auth_ldap.html">http://httpd.apache.org/docs-2.0/mod/mod_auth_ldap.html</ulink> for details on the status of this module.
+ </para>
</important>
- <para>The <filename>/etc/httpd/conf.d/authz_ldap.conf</filename> file configures the <filename>mod_authz_ldap</filename> module.</para>
- <para>Refer to <filename>/usr/share/doc/mod_authz_ldap-<replaceable><version></replaceable>/index.html</filename> (replacing <replaceable><version></replaceable> with the version number of the package) or <ulink
- url="http://authzldap.othello.ch/">http://authzldap.othello.ch/</ulink> for more information on configuring the <filename>mod_authz_ldap</filename> third party module.</para>
+ <para>
+ The <filename>/etc/httpd/conf.d/authz_ldap.conf</filename> file configures the <filename>mod_authz_ldap</filename> module.
+ </para>
+ <para>
+ Refer to <filename>/usr/share/doc/mod_authz_ldap-<replaceable><version></replaceable>/index.html</filename> (replacing <replaceable><version></replaceable> with the version number of the package) or <ulink url="http://authzldap.othello.ch/">http://authzldap.othello.ch/</ulink> for more information on configuring the <filename>mod_authz_ldap</filename> third party module.
+ </para>
</section>
</section>
</section>
</section>
- <section
- id="s1-apache-startstop">
- <title>Starting and Stopping <command>httpd</command>
- </title>
- <indexterm
- significance="normal">
+ <section id="s1-apache-startstop">
+ <title>Starting and Stopping <command>httpd</command></title>
+ <indexterm>
<primary>Apache HTTP Server</primary>
<secondary>starting</secondary>
</indexterm>
- <indexterm
- significance="normal">
+ <indexterm>
<primary>Apache HTTP Server</primary>
<secondary>stopping</secondary>
</indexterm>
- <indexterm
- significance="normal">
+ <indexterm>
<primary>Apache HTTP Server</primary>
<secondary>reloading</secondary>
</indexterm>
- <indexterm
- significance="normal">
+ <indexterm>
<primary>Apache HTTP Server</primary>
<secondary>restarting</secondary>
</indexterm>
- <para>After installing the <filename>httpd</filename> package, review the Apache HTTP Server's documentation available online at <ulink
- url="http://httpd.apache.org/docs/2.2/">http://httpd.apache.org/docs/2.2/</ulink>.</para>
- <para>The <filename>httpd</filename> RPM installs the <filename>/etc/init.d/httpd</filename> script, which can be accessed using the <command>/sbin/service</command> command.</para>
- <para>Starting <command>httpd</command> using the <command>apachectl</command> control script sets the environmental variables in <filename>/etc/sysconfig/httpd</filename> and starts <command>httpd</command>. You can also set the environment variables using the init script.</para>
- <para>To start the server using the <command>apachectl</command> control script as root type:</para>
- <screen>
-<command>apachectl start</command>
- </screen>
- <para>You can also start <command>httpd</command> using <command>/sbin/service httpd start</command>. This starts <command>httpd</command> but does not set the environment variables. If you are using the default <command>Listen</command> directive in <command>httpd.conf</command>, which is port 80, you will need to have root privileges to start the apache server.</para>
- <para>To stop the server, as root type:</para>
- <screen>
-<command>apachectl stop</command>
- </screen>
- <para>You can also stop <command>httpd</command> using <command>/sbin/service httpd stop</command>. The <option>restart</option> option is a shorthand way of stopping and then starting the Apache HTTP Server.</para>
- <para>You can restart the server as root by typing:</para>
- <screen>
-<command>apachectl restart</command>
+ <para>
+ After installing the <filename>httpd</filename> package, review the Apache HTTP Server's documentation available online at <ulink url="http://httpd.apache.org/docs/2.2/">http://httpd.apache.org/docs/2.2/</ulink>.
+ </para>
+ <para>
+ The <filename>httpd</filename> RPM installs the <filename>/etc/init.d/httpd</filename> script, which can be accessed using the <command>/sbin/service</command> command.
+ </para>
+ <para>
+ Starting <command>httpd</command> using the <command>apachectl</command> control script sets the environmental variables in <filename>/etc/sysconfig/httpd</filename> and starts <command>httpd</command>. You can also set the environment variables using the init script.
+ </para>
+ <para>
+ To start the server using the <command>apachectl</command> control script as root type:
+ </para>
+ <screen><command>apachectl start</command></screen>
+ <para>
+ You can also start <command>httpd</command> using <command>/sbin/service httpd start</command>. This starts <command>httpd</command> but does not set the environment variables. If you are using the default <command>Listen</command> directive in <command>httpd.conf</command>, which is port 80, you will need to have root privileges to start the apache server.
+ </para>
+ <para>
+ To stop the server, as root type:
+ </para>
+ <screen><command>apachectl stop</command></screen>
+ <para>
+ You can also stop <command>httpd</command> using <command>/sbin/service httpd stop</command>. The <option>restart</option> option is a shorthand way of stopping and then starting the Apache HTTP Server.
+ </para>
+ <para>
+ You can restart the server as root by typing:
+ </para>
+ <screen><command>apachectl restart</command>
or:
-<command>/sbin/service httpd restart</command>
- </screen>
- <para>Apache will display a message on the console or in the <filename>ErrorLog</filename> if it encounters an error while starting.</para>
- <para>By default, the <command>httpd</command> service does <emphasis>not</emphasis> start automatically at boot time. If you would wish to have Apache startup at boot time, you will need to add a call to <command>apachectl</command> in your startup files within the <filename>rc.N</filename> directory. A typical file used is <filename>rc.local</filename>. As this starts Apache as root, it is recommended to properly configure your security and authentication before adding this call.</para>
- <para>You can also configure the <command>httpd</command> service to start up at boot time, using an initscript utility, such as <command>/sbin/chkconfig</command>, <application>/usr/sbin/ntsysv</application>, or the <application>Services Configuration Tool</application> program.</para>
- <para>You can also display the status of your httpd server by typing:</para>
- <screen>
-<command>apachectl status</command>
- </screen>
- <para>The status module <command>mod_status</command> however needs to be enabled in your <filename>httpd.conf</filename> configuration file for this to work. For more details on <command>mod_status</command> can be found on <ulink
- url="http://httpd.apache.org/docs/2.2/mod/mod_status.html">http://httpd.apache.org/docs/2.2/mod/mod_status.html</ulink>.</para>
+<command>/sbin/service httpd restart</command></screen>
+ <para>
+ Apache will display a message on the console or in the <filename>ErrorLog</filename> if it encounters an error while starting.
+ </para>
+ <para>
+ By default, the <command>httpd</command> service does <emphasis>not</emphasis> start automatically at boot time. If you would wish to have Apache startup at boot time, you will need to add a call to <command>apachectl</command> in your startup files within the <filename>rc.N</filename> directory. A typical file used is <filename>rc.local</filename>. As this starts Apache as root, it is recommended to properly configure your security and authentication before adding this call.
+ </para>
+ <para>
+ You can also configure the <command>httpd</command> service to start up at boot time, using an initscript utility, such as <command>/sbin/chkconfig</command>, <application>/usr/sbin/ntsysv</application>, or the <application>Services Configuration Tool</application> program.
+ </para>
+ <para>
+ You can also display the status of your httpd server by typing:
+ </para>
+ <screen><command>apachectl status</command></screen>
+ <para>
+ The status module <command>mod_status</command> however needs to be enabled in your <filename>httpd.conf</filename> configuration file for this to work. For more details on <command>mod_status</command> can be found on <ulink url="http://httpd.apache.org/docs/2.2/mod/mod_status.html" />.
+ </para>
<note>
<title>Note</title>
- <para>If running the Apache HTTP Server as a secure server, the secure server's password is required after the machine boots when using an encrypted private SSL key.</para>
- <para>You can find more information on <ulink
- url="http://httpd.apache.org/docs/2.2/ssl">http://httpd.apache.org/docs/2.2/ssl</ulink>
+ <para>
+ If running the Apache HTTP Server as a secure server, the secure server's password is required after the machine boots when using an encrypted private SSL key.
+ </para>
+ <para>
+ You can find more information on <ulink url="http://httpd.apache.org/docs/2.2/ssl" />.
</para>
</note>
</section>
- <section
- id="s1-apache-config-ui">
+ <section id="s1-apache-config-ui">
<title>Apache HTTP Server Configuration</title>
- <indexterm
- significance="normal">
- <primary>
- <command>httpd</command>
- </primary>
+ <indexterm>
+ <primary><command>httpd</command></primary>
</indexterm>
- <indexterm
- significance="normal">
- <primary>
- <command>system-config-httpd</command>
- </primary>
+ <indexterm>
+ <primary><command>system-config-httpd</command></primary>
<see>HTTP Configuration Tool</see>
</indexterm>
- <para>The <application>HTTP Configuration Tool</application> allows you to configure the <filename>/etc/httpd/conf/httpd.conf</filename> configuration file for the Apache HTTP Server. It does not use the old <filename>srm.conf</filename> or <filename>access.conf</filename> configuration files; leave them empty. Through the graphical interface, you can configure directives such as virtual hosts, logging attributes, and maximum number of connections. To start the HTTD Configuration Tool, click on <filename>System > Administration > Server Settings > HTTP</filename>.</para>
- <indexterm
- significance="normal">
- <primary>
- <application>HTTP Configuration Tool</application>
- </primary>
+ <para>
+ The <application>HTTP Configuration Tool</application> allows you to configure the <filename>/etc/httpd/conf/httpd.conf</filename> configuration file for the Apache HTTP Server. It does not use the old <filename>srm.conf</filename> or <filename>access.conf</filename> configuration files; leave them empty. Through the graphical interface, you can configure directives such as virtual hosts, logging attributes, and maximum number of connections. To start the HTTD Configuration Tool, click on <filename>System > Administration > Server Settings > HTTP</filename>.
+ </para>
+ <indexterm>
+ <primary><application>HTTP Configuration Tool</application></primary>
<secondary>modules</secondary>
</indexterm>
- <para>Only modules provided with &MAJOROS; can be configured with the <application>HTTP Configuration Tool</application>. If additional modules are installed, they can not be configured using this tool.</para>
+ <para>
+ Only modules provided with &MAJOROS; can be configured with the <application>HTTP Configuration Tool</application>. If additional modules are installed, they can not be configured using this tool.
+ </para>
<warning>
<title>Caution</title>
- <indexterm
- significance="normal">
- <primary>
- <filename>/etc/httpd/conf/httpd.conf</filename>
- </primary>
+ <indexterm>
+ <primary><filename>/etc/httpd/conf/httpd.conf</filename></primary>
</indexterm>
- <para>Do not edit the <filename>/etc/httpd/conf/httpd.conf</filename> configuration file by hand if you wish to use this tool. The <application>HTTP Configuration Tool</application> generates this file after you save your changes and exit the program. If you want to add additional modules or configuration options that are not available in <application>HTTP Configuration Tool</application>, you cannot use this tool.</para>
+ <para>
+ Do not edit the <filename>/etc/httpd/conf/httpd.conf</filename> configuration file by hand if you wish to use this tool. The <application>HTTP Configuration Tool</application> generates this file after you save your changes and exit the program. If you want to add additional modules or configuration options that are not available in <application>HTTP Configuration Tool</application>, you cannot use this tool.
+ </para>
</warning>
- <para>The general steps for configuring the Apache HTTP Server using the <application>HTTP Configuration Tool</application> are as follows:</para>
- <orderedlist
- continuation="restarts"
- inheritnum="ignore">
+ <para>
+ The general steps for configuring the Apache HTTP Server using the <application>HTTP Configuration Tool</application> are as follows:
+ </para>
+ <orderedlist continuation="restarts" inheritnum="ignore">
<listitem>
- <para>Configure the basic settings under the <guilabel>Main</guilabel> tab.</para>
+ <para>
+ Configure the basic settings under the <guilabel>Main</guilabel> tab.
+ </para>
</listitem>
<listitem>
- <para>Click on the <guilabel>Virtual Hosts</guilabel> tab and configure the default settings.</para>
+ <para>
+ Click on the <guilabel>Virtual Hosts</guilabel> tab and configure the default settings.
+ </para>
</listitem>
<listitem>
- <para>Under the <guilabel>Virtual Hosts</guilabel> tab, configure the Default Virtual Host.</para>
+ <para>
+ Under the <guilabel>Virtual Hosts</guilabel> tab, configure the Default Virtual Host.
+ </para>
</listitem>
<listitem>
- <para>To serve more than one URL or virtual host, add any additional virtual hosts.</para>
+ <para>
+ To serve more than one URL or virtual host, add any additional virtual hosts.
+ </para>
</listitem>
<listitem>
- <para>Configure the server settings under the <guilabel>Server</guilabel> tab.</para>
+ <para>
+ Configure the server settings under the <guilabel>Server</guilabel> tab.
+ </para>
</listitem>
<listitem>
- <para>Configure the connections settings under the <guilabel>Performance Tuning</guilabel> tab.</para>
+ <para>
+ Configure the connections settings under the <guilabel>Performance Tuning</guilabel> tab.
+ </para>
</listitem>
<listitem>
- <para>Copy all necessary files to the <filename>DocumentRoot</filename> and <filename>cgi-bin</filename> directories.</para>
+ <para>
+ Copy all necessary files to the <filename>DocumentRoot</filename> and <filename>cgi-bin</filename> directories.
+ </para>
</listitem>
<listitem>
- <para>Exit the application and select to save your settings.</para>
+ <para>
+ Exit the application and select to save your settings.
+ </para>
</listitem>
</orderedlist>
- <section
- id="s2-httpd-basic-settings">
+ <section id="s2-httpd-basic-settings">
<title>Basic Settings</title>
<para>Use the <guilabel>Main</guilabel> tab to configure the basic server settings.</para>
- <figure
- float="0"
- id="httpd-main">
+ <figure float="0" id="httpd-main">
<title>Basic Settings</title>
<mediaobject>
<imageobject>
- <imagedata
- fileref="images/httpd-main.png"
- format="PNG"/>
+ <imagedata fileref="images/httpd-main.png" format="PNG" />
</imageobject>
<textobject>
- <para>Basic Settings</para>
+ <para>
+ Basic Settings
+ </para>
</textobject>
</mediaobject>
</figure>
- <indexterm
- significance="normal">
+ <indexterm>
<primary>HTTP directives</primary>
- <secondary>
- <command>ServerName</command>
- </secondary>
+ <secondary><command>ServerName</command></secondary>
</indexterm>
- <para>Enter a fully qualified domain name that you have the right to use in the <guilabel>Server Name</guilabel> text area. This option corresponds to the <ulink
- url="http://httpd.apache.org/docs/2.2/mod/core.html#servername"><command>ServerName</command>
- </ulink> directive in <filename>httpd.conf</filename>. The <command>ServerName</command> directive sets the hostname of the Web server. It is used when creating redirection URLs. If you do not define a server name, the Web server attempts to resolve it from the IP address of the system. The server name does not have to be the domain name resolved from the IP address of the server. For example, you might set the server name to www.example.com while the server's real DNS name is foo.example.com.</para>
- <indexterm
- significance="normal">
+ <para>
+ Enter a fully qualified domain name that you have the right to use in the <guilabel>Server Name</guilabel> text area. This option corresponds to the <ulink url="http://httpd.apache.org/docs/2.2/mod/core.html#servername"><command>ServerName</command> </ulink> directive in <filename>httpd.conf</filename>. The <command>ServerName</command> directive sets the hostname of the Web server. It is used when creating redirection URLs. If you do not define a server name, the Web server attempts to resolve it from the IP address of the system. The server name does not have to be the domain name resolved from the IP address of the server. For example, you might set the server name to www.example.com while the server's real DNS name is foo.example.com.
+ </para>
+ <indexterm>
<primary>HTTP directives</primary>
- <secondary>
- <command>ServerAdmin</command>
- </secondary>
+ <secondary><command>ServerAdmin</command></secondary>
</indexterm>
- <para>Enter the email address of the person who maintains the Web server in the <guilabel>Webmaster email address</guilabel> text area. This option corresponds to the <ulink
- url="http://httpd.apache.org/docs/2.2/mod/core.html#serveradmin"><command>ServerAdmin</command>
- </ulink> directive in <filename>httpd.conf</filename>. If you configure the server's error pages to contain an email address, this email address is used so that users can report a problem to the server's administrator. The default value is root at localhost.</para>
- <indexterm
- significance="normal">
+ <para>
+ Enter the email address of the person who maintains the Web server in the <guilabel>Webmaster email address</guilabel> text area. This option corresponds to the <ulink url="http://httpd.apache.org/docs/2.2/mod/core.html#serveradmin"><command>ServerAdmin</command></ulink> directive in <filename>httpd.conf</filename>. If you configure the server's error pages to contain an email address, this email address is used so that users can report a problem to the server's administrator. The default value is root at localhost.
+ </para>
+ <indexterm>
<primary>HTTP directives</primary>
- <secondary>
- <command>Listen</command>
- </secondary>
+ <secondary><command>Listen</command></secondary>
</indexterm>
- <para>Use the <guilabel>Available Addresses</guilabel> area to define the ports on which the server accepts incoming requests. This option corresponds to the <ulink
- url="http://httpd.apache.org/docs/2.2/mod/mpm_common.html#listen"><command>Listen</command>
- </ulink> directive in <filename>httpd.conf</filename>. By default, Red Hat configures the Apache HTTP Server to listen to port 80 for non-secure Web communications.</para>
- <para>Click the <guibutton>Add</guibutton> button to define additional ports on which to accept requests. A window as shown in <xref
- linkend="httpd-listen"/> appears. Either choose the <guilabel>Listen to all addresses</guilabel> option to listen to all IP addresses on the defined port or specify a particular IP address over which the server accepts connections in the <guilabel>Address</guilabel> field. Only specify one IP address per port number. To specify more than one IP address with the same port number, create an entry for each IP address. If at all possible, use an IP address instead of a domain name to prevent a DNS lookup failure. Refer to <ulink
- url="http://httpd.apache.org/docs/2.2/dns-caveats.html">http://httpd.apache.org/docs/2.2/dns-caveats.html</ulink> for more information about <citetitle>Issues Regarding DNS and Apache</citetitle>.</para>
- <para>Entering an asterisk (*) in the <guilabel>Address</guilabel> field is the same as choosing <guilabel>Listen to all addresses</guilabel>. Clicking the <guibutton>Edit</guibutton> button in the <guilabel>Available Addresses</guilabel> frame shows the same window as the <guibutton>Add</guibutton> button except with the fields populated for the selected entry. To delete an entry, select it and click the <guibutton>Delete</guibutton> button.</para>
+ <para>
+ Use the <guilabel>Available Addresses</guilabel> area to define the ports on which the server accepts incoming requests. This option corresponds to the <ulink url="http://httpd.apache.org/docs/2.2/mod/mpm_common.html#listen"><command>Listen</command></ulink> directive in <filename>httpd.conf</filename>. By default, Red Hat configures the Apache HTTP Server to listen to port 80 for non-secure Web communications.
+ </para>
+ <para>
+ Click the <guibutton>Add</guibutton> button to define additional ports on which to accept requests. A window as shown in <xref linkend="httpd-listen" /> appears. Either choose the <guilabel>Listen to all addresses</guilabel> option to listen to all IP addresses on the defined port or specify a particular IP address over which the server accepts connections in the <guilabel>Address</guilabel> field. Only specify one IP address per port number. To specify more than one IP address with the same port number, create an entry for each IP address. If at all possible, use an IP address instead of a domain name to prevent a DNS lookup failure. Refer to <ulink url="http://httpd.apache.org/docs/2.2/dns-caveats.html">http://httpd.apache.org/docs/2.2/dns-caveats.html</ulink> for more information about <citetitle>Issues Regarding DNS and Apache</citetitle>.
+ </para>
+ <para>
+ Entering an asterisk (*) in the <guilabel>Address</guilabel> field is the same as choosing <guilabel>Listen to all addresses</guilabel>. Clicking the <guibutton>Edit</guibutton> button in the <guilabel>Available Addresses</guilabel> frame shows the same window as the <guibutton>Add</guibutton> button except with the fields populated for the selected entry. To delete an entry, select it and click the <guibutton>Delete</guibutton> button.
+ </para>
<note>
<title>Tip</title>
- <para>If you set the server to listen to a port under 1024, you must be root to start it. For port 1024 and above, <command>httpd</command> can be started as a regular user.</para>
+ <para>
+ If you set the server to listen to a port under 1024, you must be root to start it. For port 1024 and above, <command>httpd</command> can be started as a regular user.
+ </para>
</note>
- <figure
- float="0"
- id="httpd-listen">
+ <figure float="0" id="httpd-listen">
<title>Available Addresses</title>
<mediaobject>
<imageobject>
- <imagedata
- fileref="images/httpd-listen.png"
- format="PNG"/>
+ <imagedata fileref="images/httpd-listen.png" format="PNG" />
</imageobject>
<textobject>
- <para>Available Addresses</para>
+ <para>
+ Available Addresses
+ </para>
</textobject>
</mediaobject>
</figure>
</section>
- <section
- id="s2-httpd-default-settings">
+ <section id="s2-httpd-default-settings">
<title>Default Settings</title>
- <para>After defining the <guilabel>Server Name</guilabel>, <guilabel>Webmaster email address</guilabel>, and <guilabel>Available Addresses</guilabel>, click the <guilabel>Virtual Hosts</guilabel> tab. The figure below illustrates the <guilabel>Virtual Hosts</guilabel> tab.</para>
- <figure
- float="0"
- id="httpd-virtual-hosts">
+ <para>
+ After defining the <guilabel>Server Name</guilabel>, <guilabel>Webmaster email address</guilabel>, and <guilabel>Available Addresses</guilabel>, click the <guilabel>Virtual Hosts</guilabel> tab. The figure below illustrates the <guilabel>Virtual Hosts</guilabel> tab.
+ </para>
+ <figure float="0" id="httpd-virtual-hosts">
<title>Virtual Hosts Tab</title>
<mediaobject>
<imageobject>
- <imagedata
- fileref="images/httpd-virtualhosts.png"
- format="PNG"/>
+ <imagedata fileref="images/httpd-virtualhosts.png" format="PNG" />
</imageobject>
<textobject>
- <para>Virtual Hosts Tab</para>
+ <para>
+ Virtual Hosts Tab
+ </para>
</textobject>
</mediaobject>
</figure>
- <para>Clicking on <guilabel>Edit</guilabel> will display the <guilabel>Virtual Host Properties</guilabel> window from which you can set your preferred settings. To add new settings, click on the <guilabel>Add</guilabel> button which will also display the <guilabel>Virtual Host Properties</guilabel> window. Clicking on the <guilabel>Edit Default Settings</guilabel> button, displays the <guilabel>Virtual Host Properties</guilabel> window without the <guilabel>General Options</guilabel> tab.</para>
- <para>In the <guilabel>General Options</guilabel> tab, you can change the hostname, the document root directory and also set the webmaster's email address. In the Host information, you can set the Virtual Host's IP Address and Host Name. The figure below illustrates the <guilabel>General Options</guilabel> tab.</para>
- <figure
- float="0"
- id="httpd-general-options">
+ <para>
+ Clicking on <guilabel>Edit</guilabel> will display the <guilabel>Virtual Host Properties</guilabel> window from which you can set your preferred settings. To add new settings, click on the <guilabel>Add</guilabel> button which will also display the <guilabel>Virtual Host Properties</guilabel> window. Clicking on the <guilabel>Edit Default Settings</guilabel> button, displays the <guilabel>Virtual Host Properties</guilabel> window without the <guilabel>General Options</guilabel> tab.
+ </para>
+ <para>
+ In the <guilabel>General Options</guilabel> tab, you can change the hostname, the document root directory and also set the webmaster's email address. In the Host information, you can set the Virtual Host's IP Address and Host Name. The figure below illustrates the <guilabel>General Options</guilabel> tab.
+ </para>
+ <figure float="0" id="httpd-general-options">
<title>General Options</title>
<mediaobject>
<imageobject>
- <imagedata
- fileref="images/httpd-general-options.png"
- format="PNG"
- scalefit="1"/>
+ <imagedata fileref="images/httpd-general-options.png" format="PNG" scalefit="1" />
</imageobject>
<textobject>
- <para>General Options</para>
+ <para>
+ General Options
+ </para>
</textobject>
</mediaobject>
</figure>
- <para>If you add a virtual host, the settings you configure for the virtual host take precedence for that virtual host. For a directive not defined within the virtual host settings, the default value is used.</para>
- <section
- id="s3-httpd-site-config">
+ <para>
+ If you add a virtual host, the settings you configure for the virtual host take precedence for that virtual host. For a directive not defined within the virtual host settings, the default value is used.
+ </para>
+ <section id="s3-httpd-site-config">
<title>Site Configuration</title>
- <para>The figure below illustrates the <guibutton>Page Options</guibutton>tab from which you can configure the <guilabel>Directory Page Search List</guilabel> and <guilabel>Error Pages</guilabel>. If you are unsure of these settings, do not modify them.</para>
- <figure
- float="0"
- id="httpd-site-config-screen">
+ <para>
+ The figure below illustrates the <guibutton>Page Options</guibutton>tab from which you can configure the <guilabel>Directory Page Search List</guilabel> and <guilabel>Error Pages</guilabel>. If you are unsure of these settings, do not modify them.
+ </para>
+ <figure float="0" id="httpd-site-config-screen">
<title>Site Configuration</title>
<mediaobject>
<imageobject>
- <imagedata
- fileref="images/httpd-siteconfig.png"
- format="PNG"
- scalefit="1"/>
+ <imagedata fileref="images/httpd-siteconfig.png" format="PNG" scalefit="1" />
</imageobject>
<textobject>
- <para>Site Configuration</para>
+ <para>
+ Site Configuration
+ </para>
</textobject>
</mediaobject>
</figure>
- <indexterm
- significance="normal">
+ <indexterm>
<primary>HTTP directives</primary>
- <secondary>
- <command>DirectoryIndex</command>
- </secondary>
- </indexterm>
- <para>The entries listed in the <guilabel>Directory Page Search List</guilabel> define the <ulink
- url="http://httpd.apache.org/docs/2.2/mod/mod_dir.html#directoryindex"><command>DirectoryIndex</command>
- </ulink> directive. The <command>DirectoryIndex</command> is the default page served by the server when a user requests an index of a directory by specifying a forward slash (/) at the end of the directory name.</para>
- <para>For example, when a user requests the page <command>http://www.example.com/this_directory/</command>, they are going to get either the <command>DirectoryIndex</command> page, if it exists, or a server-generated directory list. The server tries to find one of the files listed in the <command>DirectoryIndex</command> directive and returns the first one it finds.
- <indexterm
- significance="normal">
- <primary>HTTP directives</primary>
- <secondary>
- <command>Options</command>
- </secondary>
- </indexterm>
- If it does not find any of these files and if <command>Options Indexes</command> is set for that directory, the server generates and returns a list, in HTML format, of the subdirectories and files in the directory.</para>
- <indexterm
- significance="normal">
+ <secondary><command>DirectoryIndex</command></secondary>
+ </indexterm>
+ <para>
+ The entries listed in the <guilabel>Directory Page Search List</guilabel> define the <ulink url="http://httpd.apache.org/docs/2.2/mod/mod_dir.html#directoryindex"><command>DirectoryIndex</command></ulink> directive. The <command>DirectoryIndex</command> is the default page served by the server when a user requests an index of a directory by specifying a forward slash (/) at the end of the directory name.
+ </para>
+ <indexterm>
+ <primary>HTTP directives</primary>
+ <secondary><command>Options</command></secondary>
+ </indexterm>
+ <para>
+ For example, when a user requests the page <command>http://www.example.com/this_directory/</command>, they are going to get either the <command>DirectoryIndex</command> page, if it exists, or a server-generated directory list. The server tries to find one of the files listed in the <command>DirectoryIndex</command> directive and returns the first one it finds. If it does not find any of these files and if <command>Options Indexes</command> is set for that directory, the server generates and returns a list, in HTML format, of the subdirectories and files in the directory.
+ </para>
+ <indexterm>
<primary>HTTP directives</primary>
- <secondary>
- <command>ErrorDocument</command>
- </secondary>
- </indexterm>
- <para>Use the <guilabel>Error Code</guilabel> section to configure Apache HTTP Server to redirect the client to a local or external URL in the event of a problem or error. This option corresponds to the <ulink
- url="http://httpd.apache.org/docs/2.2/mod/core.html#errordocument"><command>ErrorDocument</command>
- </ulink> directive. If a problem or error occurs when a client tries to connect to the Apache HTTP Server, the default action is to display the short error message shown in the <guilabel>Error Code</guilabel> column. To override this default configuration, select the error code and click the <guilabel>Edit</guilabel> button. Choose <guimenuitem>Default</guimenuitem> to display the default short error message. Choose <guimenuitem>URL</guimenuitem> to redirect the client to an external URL and enter a complete URL, including the <command>http://</command>, in the <guilabel>Location</guilabel> field. Choose <guimenuitem>File</guimenuitem> to redirect the client to an internal URL and enter a file location under the document root for the Web server. The location must begin the a slash (/) and be relative to the Document Root.</para>
- <para>For example, to redirect a 404 Not Found error code to a webpage that you created in a file called <filename>404.html</filename>, copy <filename>404.html</filename> to <filename><replaceable>DocumentRoot</replaceable>/../error/404.html</filename>. In this case, <replaceable>DocumentRoot</replaceable> is the Document Root directory that you have defined (the default is <filename>/var/www/html/</filename>). If the Document Root is left as the default location, the file should be copied to <filename>/var/www/error/404.html</filename>. Then, choose <guimenuitem>File</guimenuitem> as the Behavior for <guilabel>404 - Not Found</guilabel> error code and enter <filename>/error/404.html</filename> as the <guimenuitem>Location</guimenuitem>.</para>
- <para>From the <guilabel>Default Error Page Footer</guilabel> menu, you can choose one of the following options:</para>
+ <secondary><command>ErrorDocument</command></secondary>
+ </indexterm>
+ <para>
+ Use the <guilabel>Error Code</guilabel> section to configure Apache HTTP Server to redirect the client to a local or external URL in the event of a problem or error. This option corresponds to the <ulink url="http://httpd.apache.org/docs/2.2/mod/core.html#errordocument"><command>ErrorDocument</command></ulink> directive. If a problem or error occurs when a client tries to connect to the Apache HTTP Server, the default action is to display the short error message shown in the <guilabel>Error Code</guilabel> column. To override this default configuration, select the error code and click the <guilabel>Edit</guilabel> button. Choose <guimenuitem>Default</guimenuitem> to display the default short error message. Choose <guimenuitem>URL</guimenuitem> to redirect the client to an external URL and enter a complete URL, including the <command>http://</command>, in the <guilabel>Location</guilabel> field. Choose <guimenuitem>File</guimenuitem> to redirect the client to an int
ernal URL and enter a file location under the document root for the Web server. The location must begin the a slash (/) and be relative to the Document Root.
+ </para>
+ <para>
+ For example, to redirect a 404 Not Found error code to a webpage that you created in a file called <filename>404.html</filename>, copy <filename>404.html</filename> to <filename><replaceable>DocumentRoot</replaceable>/../error/404.html</filename>. In this case, <replaceable>DocumentRoot</replaceable> is the Document Root directory that you have defined (the default is <filename>/var/www/html/</filename>). If the Document Root is left as the default location, the file should be copied to <filename>/var/www/error/404.html</filename>. Then, choose <guimenuitem>File</guimenuitem> as the Behavior for <guilabel>404 - Not Found</guilabel> error code and enter <filename>/error/404.html</filename> as the <guimenuitem>Location</guimenuitem>.
+ </para>
+ <para>
+ From the <guilabel>Default Error Page Footer</guilabel> menu, you can choose one of the following options:
+ </para>
<itemizedlist>
<listitem>
<para>
- <guilabel>Show footer with email address</guilabel> — Display the default footer at the bottom of all error pages along with the email address of the website maintainer specified by the <ulink
- url="http://httpd.apache.org/docs/2.2/mod/core.html#serveradmin"><command>ServerAdmin</command>
- </ulink> directive.</para>
+ <guilabel>Show footer with email address</guilabel> — Display the default footer at the bottom of all error pages along with the email address of the website maintainer specified by the <ulink url="http://httpd.apache.org/docs/2.2/mod/core.html#serveradmin"><command>ServerAdmin</command></ulink> directive.
+ </para>
</listitem>
<listitem>
<para>
- <guilabel>Show footer</guilabel> — Display just the default footer at the bottom of error pages.</para>
+ <guilabel>Show footer</guilabel> — Display just the default footer at the bottom of error pages.
+ </para>
</listitem>
<listitem>
<para>
- <guilabel>No footer</guilabel> — Do not display a footer at the bottom of error pages.</para>
+ <guilabel>No footer</guilabel> — Do not display a footer at the bottom of error pages.
+ </para>
</listitem>
</itemizedlist>
</section>
- <section
- id="s3-httpd-ssl-variables">
+ <section id="s3-httpd-ssl-variables">
<title>SSL Support</title>
- <para>The <command>mod_ssl</command> enables encryption of the HTTP protocol over SSL. SSL (Secure Sockets Layer) protocol is used for communication and encryption over TCP/IP networks. The SSL tab enables you to configure SSL for your server. To configure SSL you need to provide the path to your:</para>
+ <para>
+ The <command>mod_ssl</command> enables encryption of the HTTP protocol over SSL. SSL (Secure Sockets Layer) protocol is used for communication and encryption over TCP/IP networks. The SSL tab enables you to configure SSL for your server. To configure SSL you need to provide the path to your:
+ </para>
<itemizedlist>
<listitem>
- <para>Certificate file - equivalent to using the <command>SSLCertificateFile</command> directive which points the path to the PEM (Privacy Enhanced Mail)-encoded server certificate file.</para>
+ <para>
+ Certificate file - equivalent to using the <command>SSLCertificateFile</command> directive which points the path to the PEM (Privacy Enhanced Mail)-encoded server certificate file.
+ </para>
</listitem>
<listitem>
- <para>Key file - equivalent to using the <command>SSLCertificateKeyFile</command> directive which points the path to the PEM-encoded server private key file.</para>
+ <para>
+ Key file - equivalent to using the <command>SSLCertificateKeyFile</command> directive which points the path to the PEM-encoded server private key file.
+ </para>
</listitem>
<listitem>
- <para>Certificate chain file - equivalent to using the <command>SSLCertificateChainFile</command> directive which points the path to the certificate file containing all the server's chain of certificates.</para>
+ <para>
+ Certificate chain file - equivalent to using the <command>SSLCertificateChainFile</command> directive which points the path to the certificate file containing all the server's chain of certificates.
+ </para>
</listitem>
<listitem>
- <para>Certificate authority file - is an encrypted file used to confirm the authenticity or identity of parties communicating with the server.</para>
+ <para>
+ Certificate authority file - is an encrypted file used to confirm the authenticity or identity of parties communicating with the server.
+ </para>
</listitem>
</itemizedlist>
- <para>You can find out more about configuration directives for SSL on <ulink
- url="http://httpd.apache.org/docs/2.2/mod/directives.html#S"> http://httpd.apache.org/docs/2.2/mod/directives.html#S</ulink>. You also need to determine which SSL options to enable. These are equivalent to using the <command>SSLOptions</command> with the following options:</para>
+ <para>
+ You can find out more about configuration directives for SSL on <ulink url="http://httpd.apache.org/docs/2.2/mod/directives.html#S"> http://httpd.apache.org/docs/2.2/mod/directives.html#S</ulink>. You also need to determine which SSL options to enable. These are equivalent to using the <command>SSLOptions</command> with the following options:
+ </para>
<itemizedlist>
<listitem>
- <para>FakeBasicAuth - enables standard authentication methods used by Apache. This means that the Client X509 certificate's Subject Distinguished Name (DN) is translated into a basic HTTP username.</para>
+ <para>
+ FakeBasicAuth - enables standard authentication methods used by Apache. This means that the Client X509 certificate's Subject Distinguished Name (DN) is translated into a basic HTTP username.
+ </para>
</listitem>
<listitem>
- <para>ExportCertData - creates CGI environment variables in <command>SSL_SERVER_CERT</command>, <command>SSL_CLIENT_CERT</command> and <command>SSL_CLIENT_CERT_CHAIN_n</command> where n is a number 0,1,2,3,4... These files are used for more certificate checks by CGI scripts.</para>
+ <para>
+ ExportCertData - creates CGI environment variables in <command>SSL_SERVER_CERT</command>, <command>SSL_CLIENT_CERT</command> and <command>SSL_CLIENT_CERT_CHAIN_n</command> where n is a number 0,1,2,3,4... These files are used for more certificate checks by CGI scripts.
+ </para>
</listitem>
<listitem>
- <para>CompatEnvVars - enables backward compatibility for Apache SSL by adding CGI environment variables.</para>
+ <para>
+ CompatEnvVars - enables backward compatibility for Apache SSL by adding CGI environment variables.
+ </para>
</listitem>
<listitem>
- <para>StrictRequire - enables strict access which forces denial of access whenever the <command>SSLRequireSSL</command> and <command>SSLRequire</command> directives indicate access is forbiden.</para>
+ <para>
+ StrictRequire - enables strict access which forces denial of access whenever the <command>SSLRequireSSL</command> and <command>SSLRequire</command> directives indicate access is forbiden.
+ </para>
</listitem>
<listitem>
- <para>OptRenegotiate - enables avoidance of unnecessary handshakes by <command>mod_ssl</command> which also performs safe parameter checks. It is recommended to enable OptRenegotiate on a per directory basis.</para>
+ <para>
+ OptRenegotiate - enables avoidance of unnecessary handshakes by <command>mod_ssl</command> which also performs safe parameter checks. It is recommended to enable OptRenegotiate on a per directory basis.
+ </para>
</listitem>
</itemizedlist>
- <para>More information on the above SSL options can be found on <ulink
- url="http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#ssloptions"> http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#ssloptions</ulink>. The figure below illustrates the SSL tab and the options discussed above.</para>
- <figure
- float="0"
- id="httpd-virtualhosts-ssl">
+ <para>
+ More information on the above SSL options can be found on <ulink url="http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#ssloptions" />. The figure below illustrates the SSL tab and the options discussed above.
+ </para>
+ <figure float="0" id="httpd-virtualhosts-ssl">
<title>SSL</title>
<mediaobject>
<imageobject>
- <imagedata
- fileref="images/httpd-virtualhosts-ssl.png"
- format="PNG"
- scalefit="1"/>
+ <imagedata fileref="images/httpd-virtualhosts-ssl.png" format="PNG" scalefit="1" />
</imageobject>
<textobject>
- <para>SSL</para>
+ <para>
+ SSL
+ </para>
</textobject>
</mediaobject>
</figure>
</section>
- <section
- id="s3-httpd-logging">
+ <section id="s3-httpd-logging">
<title>Logging</title>
- <indexterm
- significance="normal">
- <primary>
- <application>HTTP Configuration Tool</application>
- </primary>
+ <indexterm>
+ <primary><application>HTTP Configuration Tool</application></primary>
<secondary>transfer log</secondary>
</indexterm>
- <indexterm
- significance="normal">
- <primary>
- <application>HTTP Configuration Tool</application>
- </primary>
+ <indexterm>
+ <primary><application>HTTP Configuration Tool</application></primary>
<secondary>error log</secondary>
</indexterm>
- <para>Use the <guilabel>Logging</guilabel> tab to configure options for specific transfer and error logs.</para>
- <para>By default, the server writes the transfer log to the <filename>/var/log/httpd/access_log</filename> file and the error log to the <filename>/var/log/httpd/error_log</filename> file.</para>
- <para>The transfer log contains a list of all attempts to access the Web server. It records the IP address of the client that is attempting to connect, the date and time of the attempt, and the file on the Web server that it is trying to retrieve. Enter the name of the path and file in which to store this information. If the path and file name do not start with a slash (/), the path is relative to the server root directory as configured. This option corresponds to the <ulink
- url="http://httpd.apache.org/docs/2.2/mod/mod_log_config.html#transferlog"><command>TransferLog</command>
- </ulink> directive.</para>
- <figure
- float="0"
- id="httpd-logging-screen">
+ <para>
+ Use the <guilabel>Logging</guilabel> tab to configure options for specific transfer and error logs.
+ </para>
+ <para>
+ By default, the server writes the transfer log to the <filename>/var/log/httpd/access_log</filename> file and the error log to the <filename>/var/log/httpd/error_log</filename> file.
+ </para>
+ <para>
+ The transfer log contains a list of all attempts to access the Web server. It records the IP address of the client that is attempting to connect, the date and time of the attempt, and the file on the Web server that it is trying to retrieve. Enter the name of the path and file in which to store this information. If the path and file name do not start with a slash (/), the path is relative to the server root directory as configured. This option corresponds to the <ulink url="http://httpd.apache.org/docs/2.2/mod/mod_log_config.html#transferlog"><command>TransferLog</command></ulink> directive.
+ </para>
+ <figure float="0" id="httpd-logging-screen">
<title>Logging</title>
<mediaobject>
<imageobject>
- <imagedata
- fileref="images/httpd-logging.png"
- format="PNG"
- scalefit="1"/>
+ <imagedata fileref="images/httpd-logging.png" format="PNG" scalefit="1" />
</imageobject>
<textobject>
- <para>Logging</para>
+ <para>
+ Logging
+ </para>
</textobject>
</mediaobject>
</figure>
- <indexterm
- significance="normal">
+ <indexterm>
<primary>HTTP directives</primary>
- <secondary>
- <command>TransferLog</command>
- </secondary>
+ <secondary><command>TransferLog</command></secondary>
</indexterm>
- <indexterm
- significance="normal">
+ <indexterm>
<primary>HTTP directives</primary>
- <secondary>
- <command>LogFormat</command>
- </secondary>
- </indexterm>
- <para>You can configure a custom log format by checking <guilabel>Use custom logging facilities</guilabel> and entering a custom log string in the <guilabel>Custom Log String</guilabel> field. This configures the <ulink
- url="http://httpd.apache.org/docs/2.2/mod/mod_log_config.html#logformat"><command>LogFormat</command>
- </ulink> directive. Refer to <ulink
- url="http://httpd.apache.org/docs-2.0/mod/mod_log_config.html#formats"> http://httpd.apache.org/docs/2.2/mod/mod_log_config.html#logformat</ulink> for details on the format of this directive.</para>
- <indexterm
- significance="normal">
+ <secondary><command>LogFormat</command></secondary>
+ </indexterm>
+ <para>
+ You can configure a custom log format by checking <guilabel>Use custom logging facilities</guilabel> and entering a custom log string in the <guilabel>Custom Log String</guilabel> field. This configures the <ulink url="http://httpd.apache.org/docs/2.2/mod/mod_log_config.html#logformat"><command>LogFormat</command></ulink> directive. Refer to <ulink url="http://httpd.apache.org/docs-2.0/mod/mod_log_config.html#formats" /> for details on the format of this directive.
+ </para>
+ <indexterm>
<primary>HTTP directives</primary>
- <secondary>
- <command>ErrorLog</command>
- </secondary>
- </indexterm>
- <para>The error log contains a list of any server errors that occur. Enter the name of the path and file in which to store this information. If the path and file name do not start with a slash (/), the path is relative to the server root directory as configured. This option corresponds to the <ulink
- url="http://httpd.apache.org/docs/2.2/mod/core.html#errorlog"><command>ErrorLog</command>
- </ulink> directive.</para>
- <indexterm
- significance="normal">
+ <secondary><command>ErrorLog</command></secondary>
+ </indexterm>
+ <para>
+ The error log contains a list of any server errors that occur. Enter the name of the path and file in which to store this information. If the path and file name do not start with a slash (/), the path is relative to the server root directory as configured. This option corresponds to the <ulink url="http://httpd.apache.org/docs/2.2/mod/core.html#errorlog"><command>ErrorLog</command></ulink> directive.
+ </para>
+ <indexterm>
<primary>HTTP directives</primary>
- <secondary>
- <command>LogLevel</command>
- </secondary>
- </indexterm>
- <para>Use the <guilabel>Log Level</guilabel> menu to set the verbosity of the error messages in the error logs. It can be set (from least verbose to most verbose) to emerg, alert, crit, error, warn, notice, info or debug. This option corresponds to the <ulink
- url="http://httpd.apache.org/docs/2.2/mod/core.html#loglevel"><command>LogLevel</command>
- </ulink> directive.</para>
- <indexterm
- significance="normal">
+ <secondary><command>LogLevel</command></secondary>
+ </indexterm>
+ <para>
+ Use the <guilabel>Log Level</guilabel> menu to set the verbosity of the error messages in the error logs. It can be set (from least verbose to most verbose) to emerg, alert, crit, error, warn, notice, info or debug. This option corresponds to the <ulink url="http://httpd.apache.org/docs/2.2/mod/core.html#loglevel"><command>LogLevel</command></ulink> directive.
+ </para>
+ <indexterm>
<primary>HTTP directives</primary>
- <secondary>
- <command>HostnameLookups</command>
- </secondary>
- </indexterm>
- <para>The value chosen with the <guilabel>Reverse DNS Lookup</guilabel> menu defines the <ulink
- url="http://httpd.apache.org/docs/2.2/mod/core.html#hostnamelookups"><command>HostnameLookups</command>
- </ulink> directive. Choosing <guilabel>No Reverse Lookup</guilabel> sets the value to off. Choosing <guilabel>Reverse Lookup</guilabel> sets the value to on. Choosing <guilabel>Double Reverse Lookup</guilabel> sets the value to double.</para>
- <para>If you choose <guilabel>Reverse Lookup</guilabel>, your server automatically resolves the IP address for each connection which requests a document from your Web server. Resolving the IP address means that your server makes one or more connections to the DNS in order to find out the hostname that corresponds to a particular IP address.</para>
- <para>If you choose <guilabel>Double Reverse Lookup</guilabel>, your server performs a double-reverse DNS. In other words, after a reverse lookup is performed, a forward lookup is performed on the result. At least one of the IP addresses in the forward lookup must match the address from the first reverse lookup.</para>
- <para>Generally, you should leave this option set to <guilabel>No Reverse Lookup</guilabel>, because the DNS requests add a load to your server and may slow it down. If your server is busy, the effects of trying to perform these reverse lookups or double reverse lookups may be quite noticeable.</para>
- <para>Reverse lookups and double reverse lookups are also an issue for the Internet as a whole. Each individual connection made to look up each hostname adds up. Therefore, for your own Web server's benefit, as well as for the Internet's benefit, you should leave this option set to <guilabel>No Reverse Lookup</guilabel>.</para>
+ <secondary><command>HostnameLookups</command></secondary>
+ </indexterm>
+ <para>
+ The value chosen with the <guilabel>Reverse DNS Lookup</guilabel> menu defines the <ulink url="http://httpd.apache.org/docs/2.2/mod/core.html#hostnamelookups"><command>HostnameLookups</command></ulink> directive. Choosing <guilabel>No Reverse Lookup</guilabel> sets the value to off. Choosing <guilabel>Reverse Lookup</guilabel> sets the value to on. Choosing <guilabel>Double Reverse Lookup</guilabel> sets the value to double.
+ </para>
+ <para>
+ If you choose <guilabel>Reverse Lookup</guilabel>, your server automatically resolves the IP address for each connection which requests a document from your Web server. Resolving the IP address means that your server makes one or more connections to the DNS in order to find out the hostname that corresponds to a particular IP address.
+ </para>
+ <para>
+ If you choose <guilabel>Double Reverse Lookup</guilabel>, your server performs a double-reverse DNS. In other words, after a reverse lookup is performed, a forward lookup is performed on the result. At least one of the IP addresses in the forward lookup must match the address from the first reverse lookup.
+ </para>
+ <para>
+ Generally, you should leave this option set to <guilabel>No Reverse Lookup</guilabel>, because the DNS requests add a load to your server and may slow it down. If your server is busy, the effects of trying to perform these reverse lookups or double reverse lookups may be quite noticeable.
+ </para>
+ <para>
+ Reverse lookups and double reverse lookups are also an issue for the Internet as a whole. Each individual connection made to look up each hostname adds up. Therefore, for your own Web server's benefit, as well as for the Internet's benefit, you should leave this option set to <guilabel>No Reverse Lookup</guilabel>.
+ </para>
</section>
- <section
- id="s3-httpd-environment-variables">
+ <section id="s3-httpd-environment-variables">
<title>Environment Variables</title>
- <para>Use the <guilabel>Environment</guilabel> tab to configure options for specific variables to set, pass, or unset for CGI scripts.</para>
- <para>Sometimes it is necessary to modify environment variables for CGI scripts or server-side include (SSI) pages. The Apache HTTP Server can use the <command>mod_env</command> module to configure the environment variables which are passed to CGI scripts and SSI pages. Use the <guilabel>Environment Variables</guilabel> page to configure the directives for this module.</para>
- <para>Use the <guilabel>Set for CGI Scripts</guilabel> section to set an environment variable that is passed to CGI scripts and SSI pages. For example, to set the environment variable <filename>MAXNUM</filename> to <filename>50</filename>, click the <guibutton>Add</guibutton> button inside the <guilabel>Set for CGI Script</guilabel> section, as shown in <xref
- linkend="httpd-environment-variables-screen"/>, and type <userinput>MAXNUM</userinput> in the <guilabel>Environment Variable</guilabel> text field and <userinput>50</userinput> in the <guilabel>Value to set</guilabel> text field. Click <guibutton>OK</guibutton> to add it to the list. The <guilabel>Set for CGI Scripts</guilabel> section configures the <ulink
- url="http://httpd.apache.org/docs/2.2/mod/mod_env.html#setenv"><command>SetEnv</command>
- </ulink> directive.</para>
- <para>Use the <guilabel>Pass to CGI Scripts</guilabel> section to pass the value of an environment variable when the server is first started to CGI scripts. To see this environment variable, type the command <command>env</command> at a shell prompt. Click the <guibutton>Add</guibutton> button inside the <guilabel>Pass to CGI Scripts</guilabel> section and enter the name of the environment variable in the resulting dialog box. Click <guibutton>OK</guibutton> to add it to the list. The <guilabel>Pass to CGI Scripts</guilabel> section configures the <ulink
- url="http://httpd.apache.org/docs/2.2/mod/mod_env.html#passenv"><command>PassEnv</command>
- </ulink> directive.</para>
- <figure
- float="0"
- id="httpd-environment-variables-screen">
+ <para>
+ Use the <guilabel>Environment</guilabel> tab to configure options for specific variables to set, pass, or unset for CGI scripts.
+ </para>
+ <para>
+ Sometimes it is necessary to modify environment variables for CGI scripts or server-side include (SSI) pages. The Apache HTTP Server can use the <command>mod_env</command> module to configure the environment variables which are passed to CGI scripts and SSI pages. Use the <guilabel>Environment Variables</guilabel> page to configure the directives for this module.
+ </para>
+ <para>
+ Use the <guilabel>Set for CGI Scripts</guilabel> section to set an environment variable that is passed to CGI scripts and SSI pages. For example, to set the environment variable <filename>MAXNUM</filename> to <filename>50</filename>, click the <guibutton>Add</guibutton> button inside the <guilabel>Set for CGI Script</guilabel> section, as shown in <xref linkend="httpd-environment-variables-screen" />, and type <userinput>MAXNUM</userinput> in the <guilabel>Environment Variable</guilabel> text field and <userinput>50</userinput> in the <guilabel>Value to set</guilabel> text field. Click <guibutton>OK</guibutton> to add it to the list. The <guilabel>Set for CGI Scripts</guilabel> section configures the <ulink url="http://httpd.apache.org/docs/2.2/mod/mod_env.html#setenv"><command>SetEnv</command></ulink> directive.
+ </para>
+ <para>
+ Use the <guilabel>Pass to CGI Scripts</guilabel> section to pass the value of an environment variable when the server is first started to CGI scripts. To see this environment variable, type the command <command>env</command> at a shell prompt. Click the <guibutton>Add</guibutton> button inside the <guilabel>Pass to CGI Scripts</guilabel> section and enter the name of the environment variable in the resulting dialog box. Click <guibutton>OK</guibutton> to add it to the list. The <guilabel>Pass to CGI Scripts</guilabel> section configures the <ulink url="http://httpd.apache.org/docs/2.2/mod/mod_env.html#passenv"><command>PassEnv</command></ulink> directive.
+ </para>
+ <figure float="0" id="httpd-environment-variables-screen">
<title>Environment Variables</title>
<mediaobject>
<imageobject>
- <imagedata
- fileref="images/httpd-environment.png"
- format="PNG"
- scalefit="1"/>
+ <imagedata fileref="images/httpd-environment.png" format="PNG" scalefit="1" />
</imageobject>
<textobject>
- <para>Environment Variables</para>
+ <para>
+ Environment Variables
+ </para>
</textobject>
</mediaobject>
</figure>
- <para>To remove an environment variable so that the value is not passed to CGI scripts and SSI pages, use the <guilabel>Unset for CGI Scripts</guilabel> section. Click <guibutton>Add</guibutton> in the <guilabel>Unset for CGI Scripts</guilabel> section, and enter the name of the environment variable to unset. Click <guibutton>OK</guibutton> to add it to the list. This corresponds to the <ulink
- url="http://httpd.apache.org/docs/2.2/mod/mod_env.html#unsetenv"><command>UnsetEnv</command>
- </ulink> directive.</para>
- <para>To edit any of these environment values, select it from the list and click the corresponding <guibutton>Edit</guibutton> button. To delete any entry from the list, select it and click the corresponding <guibutton>Delete</guibutton> button.</para>
- <para>To learn more about environment variables in the Apache HTTP Server, refer to the following: <ulink
- url="http://httpd.apache.org/docs/2.2/env.html">http://httpd.apache.org/docs/2.2/env.html</ulink>
+ <para>
+ To remove an environment variable so that the value is not passed to CGI scripts and SSI pages, use the <guilabel>Unset for CGI Scripts</guilabel> section. Click <guibutton>Add</guibutton> in the <guilabel>Unset for CGI Scripts</guilabel> section, and enter the name of the environment variable to unset. Click <guibutton>OK</guibutton> to add it to the list. This corresponds to the <ulink url="http://httpd.apache.org/docs/2.2/mod/mod_env.html#unsetenv"><command>UnsetEnv</command></ulink> directive.
+ </para>
+ <para>
+ To edit any of these environment values, select it from the list and click the corresponding <guibutton>Edit</guibutton> button. To delete any entry from the list, select it and click the corresponding <guibutton>Delete</guibutton> button.
+ </para>
+ <para>
+ To learn more about environment variables in the Apache HTTP Server, refer to the following: <ulink url="http://httpd.apache.org/docs/2.2/env.html" />
</para>
</section>
- <section
- id="s3-httpd-directories">
+ <section id="s3-httpd-directories">
<title>Directories</title>
- <para>Use the <guilabel>Directories</guilabel> page in the <guilabel>Performance</guilabel> tab to configure options for specific directories. This corresponds to the <ulink
- url="http://httpd.apache.org/docs/2.2/mod/core.html#directory"><command><Directory></command>
- </ulink> directive.</para>
- <figure
- float="0"
- id="httpd-directories-screen">
+ <para>
+ Use the <guilabel>Directories</guilabel> page in the <guilabel>Performance</guilabel> tab to configure options for specific directories. This corresponds to the <ulink url="http://httpd.apache.org/docs/2.2/mod/core.html#directory"><command><Directory></command></ulink> directive.
+ </para>
+ <figure float="0" id="httpd-directories-screen">
<title>Directories</title>
<mediaobject>
<imageobject>
- <imagedata
- fileref="images/httpd-directories.png"
- format="PNG"
- scalefit="1"/>
+ <imagedata fileref="images/httpd-directories.png" format="PNG" scalefit="1" />
</imageobject>
<textobject>
- <para>Directories</para>
+ <para>
+ Directories
+ </para>
</textobject>
</mediaobject>
</figure>
- <para>Click the <guibutton>Edit</guibutton> button in the top right-hand corner to configure the <guilabel>Default Directory Options</guilabel> for all directories that are not specified in the <guilabel>Directory</guilabel> list below it. The options that you choose are listed as the <ulink
- url="http://httpd.apache.org/docs/2.2/mod/core.html#options"><command>Options</command>
- </ulink> directive within the <ulink
- url="http://httpd.apache.org/docs/2.2/mod/core.html#directory"> <command><Directory></command>
- </ulink> directive. You can configure the following options:</para>
+ <para>
+ Click the <guibutton>Edit</guibutton> button in the top right-hand corner to configure the <guilabel>Default Directory Options</guilabel> for all directories that are not specified in the <guilabel>Directory</guilabel> list below it. The options that you choose are listed as the <ulink url="http://httpd.apache.org/docs/2.2/mod/core.html#options"><command>Options</command></ulink> directive within the <ulink url="http://httpd.apache.org/docs/2.2/mod/core.html#directory"><command><Directory></command></ulink> directive. You can configure the following options:
+ </para>
<itemizedlist>
<listitem>
<para>
- <guilabel>ExecCGI</guilabel> — Allow execution of CGI scripts. CGI scripts are not executed if this option is not chosen.</para>
+ <guilabel>ExecCGI</guilabel> — Allow execution of CGI scripts. CGI scripts are not executed if this option is not chosen.
+ </para>
</listitem>
<listitem>
<para>
- <guilabel>FollowSymLinks</guilabel> — Allow symbolic links to be followed.</para>
+ <guilabel>FollowSymLinks</guilabel> — Allow symbolic links to be followed.
+ </para>
</listitem>
<listitem>
<para>
- <guilabel>Includes</guilabel> — Allow server-side includes.</para>
+ <guilabel>Includes</guilabel> — Allow server-side includes.
+ </para>
</listitem>
<listitem>
<para>
- <guilabel>IncludesNOEXEC</guilabel> — Allow server-side includes, but disable the <command>#exec</command> and <command>#include</command> commands in CGI scripts.</para>
+ <guilabel>IncludesNOEXEC</guilabel> — Allow server-side includes, but disable the <command>#exec</command> and <command>#include</command> commands in CGI scripts.
+ </para>
</listitem>
<listitem>
<para>
- <guilabel>Indexes</guilabel> — Display a formatted list of the directory's contents, if no <command>DirectoryIndex</command> (such as <filename>index.html</filename>) exists in the requested directory.</para>
+ <guilabel>Indexes</guilabel> — Display a formatted list of the directory's contents, if no <command>DirectoryIndex</command> (such as <filename>index.html</filename>) exists in the requested directory.
+ </para>
</listitem>
<listitem>
<para>
- <guilabel>Multiview</guilabel> — Support content-negotiated multiviews; this option is disabled by default.</para>
+ <guilabel>Multiview</guilabel> — Support content-negotiated multiviews; this option is disabled by default.
+ </para>
</listitem>
<listitem>
<para>
- <guilabel>SymLinksIfOwnerMatch</guilabel> — Only follow symbolic links if the target file or directory has the same owner as the link.</para>
+ <guilabel>SymLinksIfOwnerMatch</guilabel> — Only follow symbolic links if the target file or directory has the same owner as the link.
+ </para>
</listitem>
</itemizedlist>
- <para>To specify options for specific directories, click the <guibutton>Add</guibutton> button beside the <guilabel>Directory</guilabel> list box. A window as shown in <xref
- linkend="httpd-directories-add"/> appears. Enter the directory to configure in the <guilabel>Directory</guilabel> text field at the bottom of the window. Select the options in the right-hand list and configure the <ulink
- url="http://httpd.apache.org/docs-2.0/mod/mod_access.html#order"><command>Order</command>
- </ulink> directive with the left-hand side options. The <command>Order</command> directive controls the order in which allow and deny directives are evaluated. In the <guilabel>Allow hosts from</guilabel> and <guilabel>Deny hosts from</guilabel> text field, you can specify one of the following:</para>
+ <para>
+ To specify options for specific directories, click the <guibutton>Add</guibutton> button beside the <guilabel>Directory</guilabel> list box. A window as shown in <xref linkend="httpd-directories-add" /> appears. Enter the directory to configure in the <guilabel>Directory</guilabel> text field at the bottom of the window. Select the options in the right-hand list and configure the <ulink url="http://httpd.apache.org/docs-2.0/mod/mod_access.html#order"><command>Order</command></ulink> directive with the left-hand side options. The <command>Order</command> directive controls the order in which allow and deny directives are evaluated. In the <guilabel>Allow hosts from</guilabel> and <guilabel>Deny hosts from</guilabel> text field, you can specify one of the following:
+ </para>
<itemizedlist>
<listitem>
- <para>Allow all hosts — Type <userinput>all</userinput> to allow access to all hosts.</para>
+ <para>
+ Allow all hosts — Type <userinput>all</userinput> to allow access to all hosts.
+ </para>
</listitem>
<listitem>
- <para>Partial domain name — Allow all hosts whose names match or end with the specified string.</para>
+ <para>
+ Partial domain name — Allow all hosts whose names match or end with the specified string.
+ </para>
</listitem>
<listitem>
- <para>Full IP address — Allow access to a specific IP address.</para>
+ <para>
+ Full IP address — Allow access to a specific IP address.
+ </para>
</listitem>
<listitem>
- <para>A subnet — Such as <userinput>192.168.1.0/255.255.255.0</userinput>
+ <para>
+ A subnet — Such as <userinput>192.168.1.0/255.255.255.0</userinput>
</para>
</listitem>
<listitem>
- <para>A network CIDR specification — such as <userinput>10.3.0.0/16</userinput>
+ <para>
+ A network CIDR specification — such as <userinput>10.3.0.0/16</userinput>
</para>
</listitem>
</itemizedlist>
- <figure
- float="0"
- id="httpd-directories-add">
+ <figure float="0" id="httpd-directories-add">
<title>Directory Settings</title>
<mediaobject>
<imageobject>
- <imagedata
- fileref="images/httpd-directories-add.png"
- format="PNG"
- scalefit="1"/>
+ <imagedata fileref="images/httpd-directories-add.png" format="PNG" scalefit="1" />
</imageobject>
<textobject>
- <para>Directory Settings</para>
+ <para>
+ Directory Settings
+ </para>
</textobject>
</mediaobject>
</figure>
- <para>If you check the <guilabel>Let .htaccess files override directory options</guilabel>, the configuration directives in the <filename>.htaccess</filename> file take precedence.</para>
+ <para>
+ If you check the <guilabel>Let .htaccess files override directory options</guilabel>, the configuration directives in the <filename>.htaccess</filename> file take precedence.
+ </para>
</section>
</section>
</section>
- <section
- id="s1-apache-config">
- <title>Configuration Directives in <filename>httpd.conf</filename>
- </title>
- <indexterm
- significance="normal">
+ <section id="s1-apache-config">
+ <title>Configuration Directives in <filename>httpd.conf</filename></title>
+ <indexterm>
<primary>Apache HTTP Server</primary>
<secondary>configuration</secondary>
</indexterm>
- <indexterm
- significance="normal">
+ <indexterm>
<primary>configuration</primary>
<secondary>Apache HTTP Server</secondary>
</indexterm>
- <indexterm
- significance="normal">
+ <indexterm>
<primary>Apache HTTP Server</primary>
<secondary>troubleshooting</secondary>
</indexterm>
- <indexterm
- significance="normal">
+ <indexterm>
<primary>Apache HTTP Server</primary>
<secondary>log files</secondary>
- <tertiary>
- <filename>/var/log/httpd/error_log</filename>
- </tertiary>
+ <tertiary><filename>/var/log/httpd/error_log</filename></tertiary>
</indexterm>
- <indexterm
- significance="normal">
+ <indexterm>
<primary>Apache HTTP Server</primary>
<secondary>log files</secondary>
<tertiary>troubleshooting with</tertiary>
</indexterm>
- <para>The Apache HTTP Server configuration file is <filename>/etc/httpd/conf/httpd.conf</filename>. The <filename>httpd.conf</filename> file is well-commented and mostly self-explanatory. The default configuration works for most situations; however, it is a good idea to become familiar some of the more important configuration options.</para>
+ <para>
+ The Apache HTTP Server configuration file is <filename>/etc/httpd/conf/httpd.conf</filename>. The <filename>httpd.conf</filename> file is well-commented and mostly self-explanatory. The default configuration works for most situations; however, it is a good idea to become familiar some of the more important configuration options.
+ </para>
<warning>
<title>Warning</title>
- <para>With the release of Apache HTTP Server 2.2, many configuration options have changed. If migrating from version 1.3 to 2.2, please firstly read <xref
- linkend="s3-httpd-v2-mig"/>.</para>
+ <para>
+ With the release of Apache HTTP Server 2.2, many configuration options have changed. If migrating from version 1.3 to 2.2, please firstly read <xref linkend="s3-httpd-v2-mig" />.
+ </para>
</warning>
- <section
- id="s2-apache-tips">
+ <section id="s2-apache-tips">
<title>General Configuration Tips</title>
- <para>If configuring the Apache HTTP Server, edit <filename>/etc/httpd/conf/httpd.conf</filename> and then either reload, restart, or stop and start the <command>httpd</command> process as outlined in <xref
- linkend="s1-apache-startstop"/>.</para>
- <para>Before editing <filename>httpd.conf</filename>, make a copy the original file. Creating a backup makes it easier to recover from mistakes made while editing the configuration file.</para>
- <para>If a mistake is made and the Web server does not work correctly, first review recently edited passages in <filename>httpd.conf</filename> to verify there are no typos.</para>
- <para>Next look in the Web server's error log, <filename>/var/log/httpd/error_log</filename>. The error log may not be easy to interpret, depending on your level of expertise. However, the last entries in the error log should provide useful information.</para>
- <para>The following subsections contain a list of short descriptions for many of the directives included in <filename>httpd.conf</filename>. These descriptions are not exhaustive. For more information, refer to the Apache documentation online at <ulink
- url="http://httpd.apache.org/docs/2.2/">http://httpd.apache.org/docs/2.2/</ulink>.</para>
- <para>For more information about <filename>mod_ssl</filename> directives, refer to the documentation online at <ulink
- url="http://httpd.apache.org/docs/2.2/mod/mod_ssl.html">http://httpd.apache.org/docs/2.2/mod/mod_ssl.html</ulink>.</para>
- <indexterm
- significance="normal">
- <primary>
- <filename>httpd.conf</filename>
- </primary>
+ <para>
+ If configuring the Apache HTTP Server, edit <filename>/etc/httpd/conf/httpd.conf</filename> and then either reload, restart, or stop and start the <command>httpd</command> process as outlined in <xref linkend="s1-apache-startstop" />.
+ </para>
+ <para>
+ Before editing <filename>httpd.conf</filename>, make a copy the original file. Creating a backup makes it easier to recover from mistakes made while editing the configuration file.
+ </para>
+ <para>
+ If a mistake is made and the Web server does not work correctly, first review recently edited passages in <filename>httpd.conf</filename> to verify there are no typos.
+ </para>
+ <para>
+ Next look in the Web server's error log, <filename>/var/log/httpd/error_log</filename>. The error log may not be easy to interpret, depending on your level of expertise. However, the last entries in the error log should provide useful information.
+ </para>
+ <para>
+ The following subsections contain a list of short descriptions for many of the directives included in <filename>httpd.conf</filename>. These descriptions are not exhaustive. For more information, refer to the Apache documentation online at <ulink url="http://httpd.apache.org/docs/2.2/">http://httpd.apache.org/docs/2.2/</ulink>.
+ </para>
+ <para>
+ For more information about <filename>mod_ssl</filename> directives, refer to the documentation online at <ulink url="http://httpd.apache.org/docs/2.2/mod/mod_ssl.html" />.
+ </para>
+ <indexterm>
+ <primary><filename>httpd.conf</filename></primary>
<see>configuration directives, Apache</see>
</indexterm>
- <indexterm
- significance="normal">
+ <indexterm>
<primary>configuration directives, Apache</primary>
</indexterm>
- <!-- RHEL5: </section> -->
- <formalpara
- id="s2-apache-accessfilename">
+ <formalpara id="s2-apache-accessfilename">
<title>AccessFileName</title>
- <!-- RHEL5: <section id="s2-apache-accessfilename">
- <title><command>AccessFileName</command></title> -->
- <indexterm
- significance="normal">
- <primary>
- <command>AccessFileName</command>
- </primary>
+ <indexterm>
+ <primary><command>AccessFileName</command></primary>
<secondary>Apache configuration directive</secondary>
</indexterm>
- <indexterm
- significance="normal">
+ <indexterm>
<primary>configuration directives, Apache</primary>
- <secondary>
- <command>AccessFileName</command>
- </secondary>
+ <secondary><command>AccessFileName</command></secondary>
</indexterm>
<para>
- <command>AccessFileName</command> names the file which the server should use for access control information in each directory. The default is <filename>.htaccess</filename>.</para>
+ <command>AccessFileName</command> names the file which the server should use for access control information in each directory. The default is <filename>.htaccess</filename>.
+ </para>
</formalpara>
- <para>Immediately after the <command>AccessFileName</command> directive, a set of <command>Files</command> tags apply access control to any file beginning with a <filename>.ht</filename>. These directives deny Web access to any <filename>.htaccess</filename> files (or other files which begin with <filename>.ht</filename>) for security reasons.</para>
- <!-- RHEL5: </section> -->
- <formalpara
- id="s2-apache-action">
+ <para>
+ Immediately after the <command>AccessFileName</command> directive, a set of <command>Files</command> tags apply access control to any file beginning with a <filename>.ht</filename>. These directives deny Web access to any <filename>.htaccess</filename> files (or other files which begin with <filename>.ht</filename>) for security reasons.
+ </para>
+ <formalpara id="s2-apache-action">
<title>Action</title>
- <!-- RHEL5: <section id="s2-apache-action">
- <title><command>Action</command></title> -->
- <indexterm
- significance="normal">
- <primary>
- <command>Action</command>
- </primary>
+ <indexterm>
+ <primary><command>Action</command></primary>
<secondary>Apache configuration directive</secondary>
</indexterm>
- <indexterm
- significance="normal">
+ <indexterm>
<primary>configuration directives, Apache</primary>
- <secondary>
- <command>Action</command>
- </secondary>
+ <secondary><command>Action</command></secondary>
</indexterm>
<para>
- <command>Action</command> specifies a MIME content type and CGI script pair, so that when a file of that media type is requested, a particular CGI script is executed.</para>
+ <command>Action</command> specifies a MIME content type and CGI script pair, so that when a file of that media type is requested, a particular CGI script is executed.
+ </para>
</formalpara>
- <!-- RHEL5: </section> -->
- <formalpara
- id="s2-apache-adddescription">
+ <formalpara id="s2-apache-adddescription">
<title>AddDescription</title>
- <!-- RHEL5: <section id="s2-apache-adddescription">
- <title><command>AddDescription</command></title> -->
- <indexterm
- significance="normal">
- <primary>
- <command>AddDescription</command>
- </primary>
+ <indexterm>
+ <primary><command>AddDescription</command></primary>
<secondary>Apache configuration directive</secondary>
</indexterm>
- <indexterm
- significance="normal">
+ <indexterm>
<primary>configuration directives, Apache</primary>
- <secondary>
- <command>AddDescription</command>
- </secondary>
+ <secondary><command>AddDescription</command></secondary>
</indexterm>
- <para>When using <command>FancyIndexing</command> as an <command>IndexOptions</command> parameter, the <command>AddDescription</command> directive can be used to display user-specified descriptions for certain files or file types in a server generated directory listing. The <command>AddDescription</command> directive supports listing specific files, wildcard expressions, or file extensions.</para>
+ <para>
+ When using <command>FancyIndexing</command> as an <command>IndexOptions</command> parameter, the <command>AddDescription</command> directive can be used to display user-specified descriptions for certain files or file types in a server generated directory listing. The <command>AddDescription</command> directive supports listing specific files, wildcard expressions, or file extensions.
+ </para>
</formalpara>
- <!-- RHEL5: </section> -->
- <formalpara
- id="s2-apache-addencoding">
+ <formalpara id="s2-apache-addencoding">
<title>AddEncoding</title>
- <!-- RHEL5: <section id="s2-apache-addencoding">
- <title><command>AddEncoding</command></title> -->
- <indexterm
- significance="normal">
- <primary>
- <command>AddEncoding</command>
- </primary>
+ <indexterm>
+ <primary><command>AddEncoding</command></primary>
<secondary>Apache configuration directive</secondary>
</indexterm>
- <indexterm
- significance="normal">
+ <indexterm>
<primary>configuration directives, Apache</primary>
- <secondary>
- <command>AddEncoding</command>
- </secondary>
+ <secondary><command>AddEncoding</command></secondary>
</indexterm>
<para>
- <command>AddEncoding</command> names file name extensions which should specify a particular encoding type. <command>AddEncoding</command> can also be used to instruct some browsers to uncompress certain files as they are downloaded.</para>
+ <command>AddEncoding</command> names file name extensions which should specify a particular encoding type. <command>AddEncoding</command> can also be used to instruct some browsers to uncompress certain files as they are downloaded.
+ </para>
</formalpara>
- <!-- RHEL5: </section> -->
- <formalpara
- id="s2-apache-addhandler">
+ <formalpara id="s2-apache-addhandler">
<title>AddHandler</title>
- <!-- RHEL5: <section id="s2-apache-addhandler">
- <title><command>AddHandler</command></title> -->
- <indexterm
- significance="normal">
- <primary>
- <command>AddHandler</command>
- </primary>
+ <indexterm>
+ <primary><command>AddHandler</command></primary>
<secondary>Apache configuration directive</secondary>
</indexterm>
- <indexterm
- significance="normal">
+ <indexterm>
<primary>configuration directives, Apache</primary>
- <secondary>
- <command>AddHandler</command>
- </secondary>
+ <secondary><command>AddHandler</command></secondary>
</indexterm>
- <indexterm
- significance="normal">
+ <indexterm>
<primary>CGI scripts</primary>
- <secondary>outside the <command>ScriptAlias</command>
- </secondary>
+ <secondary>outside the <command>ScriptAlias</command></secondary>
</indexterm>
<para>
- <command>AddHandler</command> maps file extensions to specific handlers. For example, the <command>cgi-script</command> handler can be matched with the extension <filename>.cgi</filename> to automatically treat a file ending with <filename>.cgi</filename> as a CGI script. The following is a sample <command>AddHandler</command> directive for the <filename>.cgi</filename> extension.</para>
+ <command>AddHandler</command> maps file extensions to specific handlers. For example, the <command>cgi-script</command> handler can be matched with the extension <filename>.cgi</filename> to automatically treat a file ending with <filename>.cgi</filename> as a CGI script. The following is a sample <command>AddHandler</command> directive for the <filename>.cgi</filename> extension.
+ </para>
</formalpara>
- <screen>
-<command>AddHandler cgi-script .cgi</command>
- </screen>
- <para>This directive enables CGIs outside of the <filename>cgi-bin</filename> to function in any directory on the server which has the <command>ExecCGI</command> option within the directories container. Refer to <xref
- linkend="s2-apache-directory"/> for more information about setting the <command>ExecCGI</command> option for a directory.</para>
- <para>In addition to CGI scripts, the <command>AddHandler</command> directive is used to process server-parsed HTML and image-map files.</para>
- <!-- RHEL5: </section> -->
- <formalpara
- id="s2-apache-addicon">
+ <screen><command>AddHandler cgi-script .cgi</command></screen>
+ <para>
+ This directive enables CGIs outside of the <filename>cgi-bin</filename> to function in any directory on the server which has the <command>ExecCGI</command> option within the directories container. Refer to <xref linkend="s2-apache-directory" /> for more information about setting the <command>ExecCGI</command> option for a directory.
+ </para>
+ <para>
+ In addition to CGI scripts, the <command>AddHandler</command> directive is used to process server-parsed HTML and image-map files.
+ </para>
+ <formalpara id="s2-apache-addicon">
<title>AddIcon</title>
- <!-- RHEL5: <section id="s2-apache-addicon">
- <title><command>AddIcon</command></title> -->
- <indexterm
- significance="normal">
- <primary>
- <command>AddIcon</command>
- </primary>
+ <indexterm>
+ <primary><command>AddIcon</command></primary>
<secondary>Apache configuration directive</secondary>
</indexterm>
- <indexterm
- significance="normal">
+ <indexterm>
<primary>configuration directives, Apache</primary>
- <secondary>
- <command>AddIcon</command>
- </secondary>
+ <secondary><command>AddIcon</command></secondary>
</indexterm>
<para>
- <command>AddIcon</command> specifies which icon to show in server generated directory listings for files with certain extensions. For example, the Web server is set to show the icon <filename>binary.gif</filename> for files with <filename>.bin</filename> or <filename>.exe</filename> extensions.</para>
+ <command>AddIcon</command> specifies which icon to show in server generated directory listings for files with certain extensions. For example, the Web server is set to show the icon <filename>binary.gif</filename> for files with <filename>.bin</filename> or <filename>.exe</filename> extensions.
+ </para>
</formalpara>
- <!-- RHEL5: </section> -->
- <formalpara
- id="s2-apache-addiconbyencoding">
+ <formalpara id="s2-apache-addiconbyencoding">
<title>AddIconByEncoding</title>
- <!-- RHEL5: <section id="s2-apache-addiconbyencoding">
- <title><command>AddIconByEncoding</command></title> -->
- <indexterm
- significance="normal">
- <primary>
- <command>AddIconByEncoding</command>
- </primary>
+ <indexterm>
+ <primary><command>AddIconByEncoding</command></primary>
<secondary>Apache configuration directive</secondary>
</indexterm>
- <indexterm
- significance="normal">
+ <indexterm>
<primary>configuration directives, Apache</primary>
- <secondary>
- <command>AddIconByEncoding</command>
- </secondary>
+ <secondary><command>AddIconByEncoding</command></secondary>
</indexterm>
- <para>This directive names icons which are displayed by files with MIME encoding in server generated directory listings. For example, by default, the Web server shows the <filename>compressed.gif</filename> icon next to MIME encoded x-compress and x-gzip files in server generated directory listings.</para>
+ <para>
+ This directive names icons which are displayed by files with MIME encoding in server generated directory listings. For example, by default, the Web server shows the <filename>compressed.gif</filename> icon next to MIME encoded x-compress and x-gzip files in server generated directory listings.
+ </para>
</formalpara>
- <!-- RHEL5: </section> -->
- <formalpara
- id="s2-apache-addiconbytype">
+ <formalpara id="s2-apache-addiconbytype">
<title>AddIconByType</title>
- <!-- RHEL5: <section id="s2-apache-addiconbytype">
- <title><command>AddIconByType</command></title> -->
- <indexterm
- significance="normal">
- <primary>
- <command>AddIconByType</command>
- </primary>
+ <indexterm>
+ <primary><command>AddIconByType</command></primary>
<secondary>Apache configuration directive</secondary>
</indexterm>
- <indexterm
- significance="normal">
+ <indexterm>
<primary>configuration directives, Apache</primary>
- <secondary>
- <command>AddIconByType</command>
- </secondary>
+ <secondary><command>AddIconByType</command></secondary>
</indexterm>
- <para>This directive names icons which are displayed next to files with MIME types in server generated directory listings. For example, the server shows the icon <filename>text.gif</filename> next to files with a mime-type of <computeroutput>text</computeroutput>, in server generated directory listings.</para>
+ <para>
+ This directive names icons which are displayed next to files with MIME types in server generated directory listings. For example, the server shows the icon <filename>text.gif</filename> next to files with a mime-type of <computeroutput>text</computeroutput>, in server generated directory listings.
+ </para>
</formalpara>
- <!-- RHEL5: </section> -->
- <formalpara
- id="s2-apache-addlanguage">
+ <formalpara id="s2-apache-addlanguage">
<title>AddLanguage</title>
- <!-- RHEL5: <section id="s2-apache-addlanguage">
- <title><command>AddLanguage</command></title> -->
- <indexterm
- significance="normal">
- <primary>
- <command>AddLanguage</command>
- </primary>
+ <indexterm>
+ <primary><command>AddLanguage</command></primary>
<secondary>Apache configuration directive</secondary>
</indexterm>
- <indexterm
- significance="normal">
+ <indexterm>
<primary>configuration directives, Apache</primary>
- <secondary>
- <command>AddLanguage</command>
- </secondary>
+ <secondary><command>AddLanguage</command></secondary>
</indexterm>
<para>
- <command>AddLanguage</command> associates file name extensions with specific languages. This directive is useful for Apache HTTP Servers which serve content in multiple languages based on the client Web browser's language settings.</para>
+ <command>AddLanguage</command> associates file name extensions with specific languages. This directive is useful for Apache HTTP Servers which serve content in multiple languages based on the client Web browser's language settings.
+ </para>
</formalpara>
- <!-- RHEL5: </section> -->
- <formalpara
- id="s2-apache-addtype">
+ <formalpara id="s2-apache-addtype">
<title>AddType</title>
- <!-- RHEL5: <section id="s2-apache-addtype">
- <title><command>AddType</command></title> -->
- <indexterm
- significance="normal">
- <primary>
- <command>AddType</command>
- </primary>
+ <indexterm>
+ <primary><command>AddType</command></primary>
<secondary>Apache configuration directive</secondary>
</indexterm>
- <indexterm
- significance="normal">
+ <indexterm>
<primary>configuration directives, Apache</primary>
- <secondary>
- <command>AddType</command>
- </secondary>
+ <secondary><command>AddType</command></secondary>
</indexterm>
- <indexterm
- significance="normal">
+ <indexterm>
<primary>server side includes</primary>
</indexterm>
- <indexterm
- significance="normal">
+ <indexterm>
<primary>virtual hosts</primary>
<secondary>server side includes</secondary>
</indexterm>
- <para>Use the <command>AddType</command> directive to define or override a default MIME type and file extension pairs. The following example directive tells the Apache HTTP Server to recognize the <command>.tgz</command> file extension:</para>
+ <para>
+ Use the <command>AddType</command> directive to define or override a default MIME type and file extension pairs. The following example directive tells the Apache HTTP Server to recognize the <command>.tgz</command> file extension:
+ </para>
</formalpara>
- <screen>
-<command>AddType application/x-tar .tgz</command>
- </screen>
- <!-- RHEL5: </section> -->
- <formalpara
- id="s2-apache-alias">
+ <screen><command>AddType application/x-tar .tgz</command></screen>
+ <formalpara id="s2-apache-alias">
<title>Alias</title>
- <!-- RHEL5: <section id="s2-apache-alias">
- <title><command>Alias</command></title> -->
- <indexterm
- significance="normal">
- <primary>
- <command>Alias</command>
- </primary>
+ <indexterm>
+ <primary><command>Alias</command></primary>
<secondary>Apache configuration directive</secondary>
</indexterm>
- <indexterm
- significance="normal">
+ <indexterm>
<primary>configuration directives, Apache</primary>
- <secondary>
- <command>Alias</command>
- </secondary>
+ <secondary><command>Alias</command></secondary>
</indexterm>
- <para>The <command>Alias</command> setting allows directories outside the <command>DocumentRoot</command> directory to be accessible. Any URL ending in the alias automatically resolves to the alias' path. By default, one alias for an <filename>icons/</filename> directory is already set up. An <filename>icons/</filename> directory can be accessed by the Web server, but the directory is not in the <command> DocumentRoot</command>.</para>
+ <para>
+ The <command>Alias</command> setting allows directories outside the <command>DocumentRoot</command> directory to be accessible. Any URL ending in the alias automatically resolves to the alias' path. By default, one alias for an <filename>icons/</filename> directory is already set up. An <filename>icons/</filename> directory can be accessed by the Web server, but the directory is not in the <command> DocumentRoot</command>.
+ </para>
</formalpara>
- <!-- RHEL5: </section> -->
- <formalpara
- id="s2-apache-allow">
+ <formalpara id="s2-apache-allow">
<title>Allow</title>
- <!-- RHEL5: <section id="s2-apache-allow">
- <title><command>Allow</command></title> -->
- <indexterm
- significance="normal">
- <primary>
- <command>Allow</command>
- </primary>
+ <indexterm>
+ <primary><command>Allow</command></primary>
<secondary>Apache configuration directive</secondary>
</indexterm>
- <indexterm
- significance="normal">
+ <indexterm>
<primary>configuration directives, Apache</primary>
- <secondary>
- <command>Allow</command>
- </secondary>
+ <secondary><command>Allow</command></secondary>
</indexterm>
<para>
- <command>Allow</command> specifies which client can access a given directory. The client can be <command>all</command>, a domain name, an IP address, a partial IP address, a network/netmask pair, and so on. The <command>DocumentRoot</command> directory is configured to <command>Allow</command> requests from <command>all</command>, meaning everyone has access.</para>
+ <command>Allow</command> specifies which client can access a given directory. The client can be <command>all</command>, a domain name, an IP address, a partial IP address, a network/netmask pair, and so on. The <command>DocumentRoot</command> directory is configured to <command>Allow</command> requests from <command>all</command>, meaning everyone has access.
+ </para>
</formalpara>
- <!-- RHEL5: </section> -->
- <formalpara
- id="s2-apache-allowoverride">
+ <formalpara id="s2-apache-allowoverride">
<title>AllowOverride</title>
- <!-- RHEL5: <section id="s2-apache-allowoverride">
- <title><command>AllowOverride</command></title> -->
- <indexterm
- significance="normal">
- <primary>
- <command>AllowOverride</command>
- </primary>
+ <indexterm>
+ <primary><command>AllowOverride</command></primary>
<secondary>Apache configuration directive</secondary>
</indexterm>
- <indexterm
- significance="normal">
+ <indexterm>
<primary>configuration directives, Apache</primary>
- <secondary>
- <command>AllowOverride</command>
- </secondary>
+ <secondary><command>AllowOverride</command></secondary>
</indexterm>
- <para>The <command>AllowOverride</command> directive sets whether any <command>Options</command> can be overridden by the declarations in an <filename>.htaccess</filename> file. By default, both the root directory and the <command>DocumentRoot</command> are set to allow no <filename>.htaccess</filename> overrides.</para>
+ <para>
+ The <command>AllowOverride</command> directive sets whether any <command>Options</command> can be overridden by the declarations in an <filename>.htaccess</filename> file. By default, both the root directory and the <command>DocumentRoot</command> are set to allow no <filename>.htaccess</filename> overrides.
+ </para>
</formalpara>
- <!-- RHEL5: </section> -->
- <formalpara
- id="s2-apache-browsermatch">
+ <formalpara id="s2-apache-browsermatch">
<title>BrowserMatch</title>
- <!-- RHEL5: <section id="s2-apache-browsermatch">
- <title><command>BrowserMatch</command></title> -->
- <indexterm
- significance="normal">
- <primary>
- <command>BrowserMatch</command>
- </primary>
+ <indexterm>
+ <primary><command>BrowserMatch</command></primary>
<secondary>Apache configuration directive</secondary>
</indexterm>
- <indexterm
- significance="normal">
+ <indexterm>
<primary>configuration directives, Apache</primary>
- <secondary>
- <command>BrowserMatch</command>
- </secondary>
+ <secondary><command>BrowserMatch</command></secondary>
</indexterm>
- <para>The <command>BrowserMatch</command> directive allows the server to define environment variables and take appropriate actions based on the User-Agent HTTP header field — which identifies the client's Web browser type. By default, the Web server uses <command>BrowserMatch</command> to deny connections to specific browsers with known problems and also to disable keepalives and HTTP header flushes for browsers that are known to have problems with those actions.</para>
+ <para>
+ The <command>BrowserMatch</command> directive allows the server to define environment variables and take appropriate actions based on the User-Agent HTTP header field — which identifies the client's Web browser type. By default, the Web server uses <command>BrowserMatch</command> to deny connections to specific browsers with known problems and also to disable keepalives and HTTP header flushes for browsers that are known to have problems with those actions.
+ </para>
</formalpara>
- <!-- RHEL5: </section> -->
- <formalpara
- id="s2-apache-cachedirectives">
+ <formalpara id="s2-apache-cachedirectives">
<title>Cache Directives</title>
- <!-- RHEL5: <section id="s2-apache-cachedirectives">
- <title>Cache Directives</title> -->
- <indexterm
- significance="normal">
+ <indexterm>
<primary>proxy server</primary>
</indexterm>
- <indexterm
- significance="normal">
+ <indexterm>
<primary>cache directives for Apache</primary>
</indexterm>
- <indexterm
- significance="normal">
+ <indexterm>
<primary>configuration directives, Apache</primary>
<secondary>for cache functionality</secondary>
</indexterm>
- <para>A number of commented cache directives are supplied by the default Apache HTTP Server configuration file. In most cases, uncommenting these lines by removing the hash mark (<command>#</command>) from the beginning of the line is sufficient. The following, however, is a list of some of the more important cache-related directives.</para>
+ <para>
+ A number of commented cache directives are supplied by the default Apache HTTP Server configuration file. In most cases, uncommenting these lines by removing the hash mark (<command>#</command>) from the beginning of the line is sufficient. The following, however, is a list of some of the more important cache-related directives.
+ </para>
</formalpara>
<itemizedlist>
<listitem>
<para>
- <command>CacheEnable</command> — Specifies whether the cache is a disk, memory, or file descriptor cache. By default <command>CacheEnable</command> configures a disk cache for URLs at or below <filename>/</filename>.</para>
+ <command>CacheEnable</command> — Specifies whether the cache is a disk, memory, or file descriptor cache. By default <command>CacheEnable</command> configures a disk cache for URLs at or below <filename>/</filename>.
+ </para>
</listitem>
<listitem>
<para>
- <command>CacheRoot</command> — Specifies the name of the directory containing cached files. The default <command>CacheRoot</command> is the <filename>/var/httpd/proxy/</filename> directory.</para>
+ <command>CacheRoot</command> — Specifies the name of the directory containing cached files. The default <command>CacheRoot</command> is the <filename>/var/httpd/proxy/</filename> directory.
+ </para>
</listitem>
<listitem>
<para>
- <command>CacheSize</command> — Specifies how much space the cache can use in kilobytes. The default <command>CacheSize</command> is <command>5</command> KB.</para>
+ <command>CacheSize</command> — Specifies how much space the cache can use in kilobytes. The default <command>CacheSize</command> is <command>5</command> KB.
+ </para>
</listitem>
</itemizedlist>
- <para>The following is a list of some of the other common cache-related directives.</para>
+ <para>
+ The following is a list of some of the other common cache-related directives.
+ </para>
<itemizedlist>
<listitem>
<para>
- <command>CacheMaxExpire</command> — Specifies how long HTML documents are retained (without a reload from the originating Web server) in the cache. The default is <command>24</command> hours (<command>86400</command> seconds).</para>
+ <command>CacheMaxExpire</command> — Specifies how long HTML documents are retained (without a reload from the originating Web server) in the cache. The default is <command>24</command> hours (<command>86400</command> seconds).
+ </para>
</listitem>
<listitem>
<para>
- <command>CacheLastModifiedFactor</command> — Specifies the creation of an expiry (expiration) date for a document which did not come from its originating server with its own expiry set. The default <command>CacheLastModifiedFactor</command> is set to <command>0.1</command>, meaning that the expiry date for such documents equals one-tenth of the amount of time since the document was last modified.</para>
+ <command>CacheLastModifiedFactor</command> — Specifies the creation of an expiry (expiration) date for a document which did not come from its originating server with its own expiry set. The default <command>CacheLastModifiedFactor</command> is set to <command>0.1</command>, meaning that the expiry date for such documents equals one-tenth of the amount of time since the document was last modified.
+ </para>
</listitem>
<listitem>
<para>
- <command>CacheDefaultExpire</command> — Specifies the expiry time in hours for a document that was received using a protocol that does not support expiry times. The default is set to <command>1</command> hour (<command>3600</command> seconds).</para>
+ <command>CacheDefaultExpire</command> — Specifies the expiry time in hours for a document that was received using a protocol that does not support expiry times. The default is set to <command>1</command> hour (<command>3600</command> seconds).
+ </para>
</listitem>
<listitem>
<para>
- <command>NoProxy</command> — Specifies a space-separated list of subnets, IP addresses, domains, or hosts whose content is not cached. This setting is most useful for Intranet sites.</para>
+ <command>NoProxy</command> — Specifies a space-separated list of subnets, IP addresses, domains, or hosts whose content is not cached. This setting is most useful for Intranet sites.
+ </para>
</listitem>
</itemizedlist>
- <!-- RHEL5: </section> -->
- <formalpara
- id="s2-apache-cachenegotiateddocs">
+ <formalpara id="s2-apache-cachenegotiateddocs">
<title>CacheNegotiatedDocs</title>
- <!-- RHEL5: <section id="s2-apache-cachenegotiateddocs">
- <title><command>CacheNegotiatedDocs</command></title> -->
- <indexterm
- significance="normal">
- <primary>
- <command>CacheNegotiatedDocs</command>
- </primary>
+ <indexterm>
+ <primary><command>CacheNegotiatedDocs</command></primary>
<secondary>Apache configuration directive</secondary>
</indexterm>
- <indexterm
- significance="normal">
+ <indexterm>
<primary>configuration directives, Apache</primary>
- <secondary>
- <command>CacheNegotiatedDocs</command>
- </secondary>
+ <secondary><command>CacheNegotiatedDocs</command></secondary>
</indexterm>
- <para>By default, the Web server asks proxy servers not to cache any documents which were negotiated on the basis of content (that is, they may change over time or because of the input from the requester). If <command>CacheNegotiatedDocs</command> is set to <option>on</option>, this function is disabled and proxy servers are allowed to cache such documents.</para>
+ <para>
+ By default, the Web server asks proxy servers not to cache any documents which were negotiated on the basis of content (that is, they may change over time or because of the input from the requester). If <command>CacheNegotiatedDocs</command> is set to <option>on</option>, this function is disabled and proxy servers are allowed to cache such documents.
+ </para>
</formalpara>
- <!-- RHEL5: </section> -->
- <formalpara
- id="s2-apache-customlog">
+ <formalpara id="s2-apache-customlog">
<title>CustomLog</title>
- <!-- RHEL5: <section id="s2-apache-customlog">
- <title><command>CustomLog</command></title> -->
- <indexterm
- significance="normal">
- <primary>
- <command>CustomLog</command>
- </primary>
+ <indexterm>
+ <primary><command>CustomLog</command></primary>
<secondary>Apache configuration directive</secondary>
</indexterm>
- <indexterm
- significance="normal">
+ <indexterm>
<primary>configuration directives, Apache</primary>
- <secondary>
- <command>CustomLog</command>
- </secondary>
+ <secondary><command>CustomLog</command></secondary>
</indexterm>
- <indexterm
- significance="normal">
+ <indexterm>
<primary>Apache HTTP Server</primary>
<secondary>log files</secondary>
<tertiary>combined log file format</tertiary>
</indexterm>
<para>
- <command>CustomLog</command> identifies the log file and the log file format. By default, the access log is recorded to the <filename>/var/log/httpd/access_log</filename> file while errors are recorded in the <filename>/var/log/httpd/error_log</filename> file.</para>
+ <command>CustomLog</command> identifies the log file and the log file format. By default, the access log is recorded to the <filename>/var/log/httpd/access_log</filename> file while errors are recorded in the <filename>/var/log/httpd/error_log</filename> file.
+ </para>
</formalpara>
- <para>The default <command>CustomLog</command> format is the <option>combined</option> log file format, as illustrated here:</para>
- <screen>
-<command><replaceable>remotehost rfc931 user date "request" status bytes referrer user-agent</replaceable>
- </command>
- </screen>
- <!-- RHEL5: </section> -->
- <formalpara
- id="s2-apache-defaulticon">
+ <para>
+ The default <command>CustomLog</command> format is the <option>combined</option> log file format, as illustrated here:
+ </para>
+ <screen><command><replaceable>remotehost rfc931 user date "request" status bytes referrer user-agent</replaceable></command></screen>
+ <formalpara id="s2-apache-defaulticon">
<title>DefaultIcon</title>
- <!-- RHEL5: <section id="s2-apache-defaulticon">
- <title><command>DefaultIcon</command></title> -->
- <indexterm
- significance="normal">
- <primary>
- <command>DefaultIcon</command>
- </primary>
+ <indexterm>
+ <primary><command>DefaultIcon</command></primary>
<secondary>Apache configuration directive</secondary>
</indexterm>
- <indexterm
- significance="normal">
+ <indexterm>
<primary>configuration directives, Apache</primary>
- <secondary>
- <command>DefaultIcon</command>
- </secondary>
+ <secondary><command>DefaultIcon</command></secondary>
</indexterm>
<para>
- <command>DefaultIcon</command> specifies the icon displayed in server generated directory listings for files which have no other icon specified. The <filename>unknown.gif</filename> image file is the default.</para>
+ <command>DefaultIcon</command> specifies the icon displayed in server generated directory listings for files which have no other icon specified. The <filename>unknown.gif</filename> image file is the default.
+ </para>
</formalpara>
- <!-- RHEL5: </section> -->
- <formalpara
- id="s2-apache-defaulttype">
+ <formalpara id="s2-apache-defaulttype">
<title>DefaultType</title>
- <!-- RHEL5: <section id="s2-apache-defaulttype">
- <title><command>DefaultType</command></title> -->
- <indexterm
- significance="normal">
- <primary>
- <command>DefaultType</command>
- </primary>
+ <indexterm>
+ <primary><command>DefaultType</command></primary>
<secondary>Apache configuration directive</secondary>
</indexterm>
- <indexterm
- significance="normal">
+ <indexterm>
<primary>configuration directives, Apache</primary>
- <secondary>
- <command>DefaultType</command>
- </secondary>
+ <secondary><command>DefaultType</command></secondary>
</indexterm>
<para>
- <command>DefaultType</command> sets a default content type for the Web server to use for documents whose MIME types cannot be determined. The default is <command> text/plain</command>.</para>
+ <command>DefaultType</command> sets a default content type for the Web server to use for documents whose MIME types cannot be determined. The default is <command> text/plain</command>.
+ </para>
</formalpara>
- <!-- RHEL5: </section> -->
- <formalpara
- id="s2-apache-deny">
+ <formalpara id="s2-apache-deny">
<title>Deny</title>
- <!-- RHEL5: <section id="s2-apache-deny">
- <title><command>Deny</command></title> -->
- <indexterm
- significance="normal">
- <primary>
- <command>Deny</command>
- </primary>
+ <indexterm>
+ <primary><command>Deny</command></primary>
<secondary>Apache configuration directive</secondary>
</indexterm>
- <indexterm
- significance="normal">
+ <indexterm>
<primary>configuration directives, Apache</primary>
- <secondary>
- <command>Deny</command>
- </secondary>
+ <secondary><command>Deny</command></secondary>
</indexterm>
<para>
- <command>Deny</command> works similar to <command>Allow</command>, except it specifies who is denied access. The <command>DocumentRoot</command> is not configured to <command>Deny</command> requests from anyone by default.</para>
+ <command>Deny</command> works similar to <command>Allow</command>, except it specifies who is denied access. The <command>DocumentRoot</command> is not configured to <command>Deny</command> requests from anyone by default.
+ </para>
</formalpara>
- <!-- RHEL5: </section> -->
- <formalpara
- id="s2-apache-directory">
+ <formalpara id="s2-apache-directory">
<title>Directory</title>
- <!-- RHEL5: <section id="s2-apache-directory">
- <title><command>Directory</command></title> -->
- <indexterm
- significance="normal">
- <primary>
- <command>Directory</command>
- </primary>
+ <indexterm>
+ <primary><command>Directory</command></primary>
<secondary>Apache configuration directive</secondary>
</indexterm>
- <indexterm
- significance="normal">
+ <indexterm>
<primary>configuration directives, Apache</primary>
- <secondary>
- <command>Directory</command>
- </secondary>
+ <secondary><command>Directory</command></secondary>
</indexterm>
<para>
- <command><Directory /path/to/directory></command> and <command></Directory></command> tags create a container used to enclose a group of configuration directives which apply only to a specific directory and its subdirectories. Any directive which is applicable to a directory may be used within <command>Directory</command> tags.</para>
+ <command><Directory /path/to/directory></command> and <command></Directory></command> tags create a container used to enclose a group of configuration directives which apply only to a specific directory and its subdirectories. Any directive which is applicable to a directory may be used within <command>Directory</command> tags.
+ </para>
</formalpara>
- <para>By default, very restrictive parameters are applied to the root directory (<filename>/</filename>), using the <command>Options</command> (refer to <xref
- linkend="s2-apache-options"/>) and <command>AllowOverride</command> (refer to <xref
- linkend="s2-apache-allowoverride"/>) directives. Under this configuration, any directory on the system which needs more permissive settings has to be explicitly given those settings.</para>
- <para>In the default configuration, another <command>Directory</command> container is configured for the <command>DocumentRoot</command> which assigns less rigid parameters to the directory tree so that the Apache HTTP Server can access the files residing there.</para>
- <indexterm
- significance="normal">
+ <para>
+ By default, very restrictive parameters are applied to the root directory (<filename>/</filename>), using the <command>Options</command> (refer to <xref linkend="s2-apache-options" />) and <command>AllowOverride</command> (refer to <xref linkend="s2-apache-allowoverride" />) directives. Under this configuration, any directory on the system which needs more permissive settings has to be explicitly given those settings.
+ </para>
+ <para>
+ In the default configuration, another <command>Directory</command> container is configured for the <command>DocumentRoot</command> which assigns less rigid parameters to the directory tree so that the Apache HTTP Server can access the files residing there.
+ </para>
+ <indexterm>
<primary>CGI scripts</primary>
- <secondary>allowing execution outside <filename>cgi-bin</filename>
- </secondary>
+ <secondary>allowing execution outside <filename>cgi-bin</filename></secondary>
</indexterm>
- <para>The <command>Directory</command> container can be also be used to configure additional <filename>cgi-bin</filename> directories for server-side applications outside of the directory specified in the <command>ScriptAlias</command> directive (refer to <xref
- linkend="s2-apache-scriptalias"/> for more information).</para>
- <para>To accomplish this, the <command>Directory</command> container must set the <command>ExecCGI</command> option for that directory.</para>
- <para>For example, if CGI scripts are located in <command>/home/my_cgi_directory</command>, add the following <command>Directory</command> container to the <filename>httpd.conf</filename> file:</para>
- <screen>
-<command><Directory /home/my_cgi_directory> Options +ExecCGI </Directory></command>
- </screen>
- <para>Next, the <command>AddHandler</command> directive must be uncommented to identify files with the <filename>.cgi</filename> extension as CGI scripts. Refer to <xref
- linkend="s2-apache-addhandler"/> for instructions on setting <command>AddHandler</command>.</para>
- <para>For this to work, permissions for CGI scripts, and the entire path to the scripts, must be set to 0755.</para>
- <!-- RHEL5: </section> -->
- <formalpara
- id="s2-apache-directoryindex">
+ <para>
+ The <command>Directory</command> container can be also be used to configure additional <filename>cgi-bin</filename> directories for server-side applications outside of the directory specified in the <command>ScriptAlias</command> directive (refer to <xref linkend="s2-apache-scriptalias" /> for more information).
+ </para>
+ <para>
+ To accomplish this, the <command>Directory</command> container must set the <command>ExecCGI</command> option for that directory.
+ </para>
+ <para>
+ For example, if CGI scripts are located in <command>/home/my_cgi_directory</command>, add the following <command>Directory</command> container to the <filename>httpd.conf</filename> file:
+ </para>
+ <screen><command><Directory /home/my_cgi_directory> Options +ExecCGI </Directory></command></screen>
+ <para>
+ Next, the <command>AddHandler</command> directive must be uncommented to identify files with the <filename>.cgi</filename> extension as CGI scripts. Refer to <xref linkend="s2-apache-addhandler" /> for instructions on setting <command>AddHandler</command>.
+ </para>
+ <para>
+ For this to work, permissions for CGI scripts, and the entire path to the scripts, must be set to 0755.
+ </para>
+ <formalpara id="s2-apache-directoryindex">
<title>DirectoryIndex</title>
- <!-- RHEL5: <section id="s2-apache-directoryindex">
- <title><command>DirectoryIndex</command></title> -->
- <indexterm
- significance="normal">
- <primary>
- <command>DirectoryIndex</command>
- </primary>
+ <indexterm>
+ <primary><command>DirectoryIndex</command></primary>
<secondary>Apache configuration directive</secondary>
</indexterm>
- <indexterm
- significance="normal">
+ <indexterm>
<primary>configuration directives, Apache</primary>
- <secondary>
- <command>DirectoryIndex</command>
- </secondary>
+ <secondary><command>DirectoryIndex</command></secondary>
</indexterm>
- <para>The <command>DirectoryIndex</command> is the default page served by the server when a user requests an index of a directory by specifying a forward slash (/) at the end of the directory name.</para>
+ <para>
+ The <command>DirectoryIndex</command> is the default page served by the server when a user requests an index of a directory by specifying a forward slash (/) at the end of the directory name.
+ </para>
</formalpara>
- <para>When a user requests the page http://<replaceable>example</replaceable>/<replaceable>this_directory</replaceable>/, they get either the <command>DirectoryIndex</command> page, if it exists, or a server-generated directory list. The default for <command>DirectoryIndex</command> is <filename>index.html</filename> and the <filename>index.html.var</filename> type map. The server tries to find either of these files and returns the first one it finds. If it does not find one of these files and <command>Options Indexes</command> is set for that directory, the server generates and returns a listing, in HTML format, of the subdirectories and files within the directory, unless the directory listing feature is turned off.</para>
- <!-- RHEL5: </section> -->
- <formalpara
- id="s2-apache-documentroot">
+ <para>
+ When a user requests the page http://<replaceable>example</replaceable>/<replaceable>this_directory</replaceable>/, they get either the <command>DirectoryIndex</command> page, if it exists, or a server-generated directory list. The default for <command>DirectoryIndex</command> is <filename>index.html</filename> and the <filename>index.html.var</filename> type map. The server tries to find either of these files and returns the first one it finds. If it does not find one of these files and <command>Options Indexes</command> is set for that directory, the server generates and returns a listing, in HTML format, of the subdirectories and files within the directory, unless the directory listing feature is turned off.
+ </para>
+ <formalpara id="s2-apache-documentroot">
<title>DocumentRoot</title>
- <!-- RHEL5: <section id="s2-apache-documentroot">
- <title><command>DocumentRoot</command></title> -->
- <indexterm
- significance="normal">
- <primary>
- <command>DocumentRoot</command>
- </primary>
+ <indexterm>
+ <primary><command>DocumentRoot</command></primary>
<secondary>Apache configuration directive</secondary>
</indexterm>
- <indexterm
- significance="normal">
+ <indexterm>
<primary>configuration directives, Apache</primary>
- <secondary>
- <command>DocumentRoot</command>
- </secondary>
+ <secondary><command>DocumentRoot</command></secondary>
</indexterm>
<para>
- <command>DocumentRoot</command> is the directory which contains most of the HTML files which are served in response to requests. The default <command>DocumentRoot</command>, for both the non-secure and secure Web servers, is the <filename>/var/www/html</filename> directory. For example, the server might receive a request for the following document:</para>
+ <command>DocumentRoot</command> is the directory which contains most of the HTML files which are served in response to requests. The default <command>DocumentRoot</command>, for both the non-secure and secure Web servers, is the <filename>/var/www/html</filename> directory. For example, the server might receive a request for the following document:
+ </para>
</formalpara>
- <screen>
-<command>http://example.com/foo.html</command>
- </screen>
- <para>The server looks for the following file in the default directory:</para>
- <screen>
-<filename>/var/www/html/foo.html</filename>
- </screen>
- <para>To change the <command>DocumentRoot</command> so that it is not shared by the secure and the non-secure Web servers, refer to <xref
- linkend="s1-apache-virtualhosts"/>.</para>
- <!-- RHEL5: </section> -->
- <formalpara
- id="s2-apache-errordocument">
+ <screen><command>http://example.com/foo.html</command></screen>
+ <para>
+ The server looks for the following file in the default directory:
+ </para>
+ <screen><filename>/var/www/html/foo.html</filename></screen>
+ <para>
+ To change the <command>DocumentRoot</command> so that it is not shared by the secure and the non-secure Web servers, refer to <xref linkend="s1-apache-virtualhosts" />.
+ </para>
+ <formalpara id="s2-apache-errordocument">
<title>ErrorDocument</title>
- <!-- RHEL5: <section id="s2-apache-errordocument">
- <title><command>ErrorDocument</command></title> -->
- <indexterm
- significance="normal">
- <primary>
- <command>ErrorDocument</command>
- </primary>
+ <indexterm>
+ <primary><command>ErrorDocument</command></primary>
<secondary>Apache configuration directive</secondary>
</indexterm>
- <indexterm
- significance="normal">
+ <indexterm>
<primary>configuration directives, Apache</primary>
- <secondary>
- <command>ErrorDocument</command>
- </secondary>
+ <secondary><command>ErrorDocument</command></secondary>
</indexterm>
- <para>The <command>ErrorDocument</command> directive associates an HTTP response code with a message or a URL to be sent back to the client. By default, the Web server outputs a simple and usually cryptic error message when an error occurs. The <command>ErrorDocument</command> directive forces the Web server to instead output a customized message or page.</para>
+ <para>
+ The <command>ErrorDocument</command> directive associates an HTTP response code with a message or a URL to be sent back to the client. By default, the Web server outputs a simple and usually cryptic error message when an error occurs. The <command>ErrorDocument</command> directive forces the Web server to instead output a customized message or page.
+ </para>
</formalpara>
<important>
<title>Important</title>
- <para>To be valid, the message <emphasis>must</emphasis> be enclosed in a pair of double quotes <command>"</command>.</para>
+ <para>
+ To be valid, the message <emphasis>must</emphasis> be enclosed in a pair of double quotes <command>"</command>.
+ </para>
</important>
- <!-- RHEL5: </section> -->
- <formalpara
- id="s2-apache-errorlog">
+ <formalpara id="s2-apache-errorlog">
<title>ErrorLog</title>
- <!-- RHEL5: <section id="s2-apache-errorlog">
- <title><command>ErrorLog</command></title> -->
- <indexterm
- significance="normal">
- <primary>
- <command>ErrorLog</command>
- </primary>
+ <indexterm>
+ <primary><command>ErrorLog</command></primary>
<secondary>Apache configuration directive</secondary>
</indexterm>
- <indexterm
- significance="normal">
+ <indexterm>
<primary>configuration directives, Apache</primary>
- <secondary>
- <command>ErrorLog</command>
- </secondary>
+ <secondary><command>ErrorLog</command></secondary>
</indexterm>
<para>
- <command>ErrorLog</command> specifies the file where server errors are logged. By default, this directive is set to <filename>/var/log/httpd/error_log</filename>.</para>
+ <command>ErrorLog</command> specifies the file where server errors are logged. By default, this directive is set to <filename>/var/log/httpd/error_log</filename>.
+ </para>
</formalpara>
- <indexterm
- significance="normal">
+ <indexterm>
<primary>troubleshooting</primary>
<secondary>error log</secondary>
</indexterm>
- <!-- RHEL5: </section> -->
- <formalpara
- id="s2-apache-extendedstatus">
+ <formalpara id="s2-apache-extendedstatus">
<title>ExtendedStatus</title>
- <!-- RHEL5: <section id="s2-apache-extendedstatus">
- <title><command>ExtendedStatus</command></title> -->
- <indexterm
- significance="normal">
- <primary>
- <command>ExtendedStatus</command>
- </primary>
+ <indexterm>
+ <primary><command>ExtendedStatus</command></primary>
<secondary>Apache configuration directive</secondary>
</indexterm>
- <indexterm
- significance="normal">
+ <indexterm>
<primary>configuration directives, Apache</primary>
- <secondary>
- <command>ExtendedStatus</command>
- </secondary>
+ <secondary><command>ExtendedStatus</command></secondary>
</indexterm>
- <para>The <command>ExtendedStatus</command> directive controls whether Apache generates basic (<command>off</command>) or detailed server status information (<command>on</command>), when the <command>server-status</command> handler is called. The <command>server-status</command> handler is called using <command>Location</command> tags. More information on calling <command>server-status</command> is included in <xref
- linkend="s2-apache-location"/>.</para>
- <!-- RHEL5: </section> -->
+ <para>
+ The <command>ExtendedStatus</command> directive controls whether Apache generates basic (<command>off</command>) or detailed server status information (<command>on</command>), when the <command>server-status</command> handler is called. The <command>server-status</command> handler is called using <command>Location</command> tags. More information on calling <command>server-status</command> is included in <xref linkend="s2-apache-location" />.
+ </para>
</formalpara>
- <formalpara
- id="s2-apache-group">
+ <formalpara id="s2-apache-group">
<title>Group</title>
- <!-- RHEL5: <section id="s2-apache-group">
- <title><command>Group</command></title> -->
- <indexterm
- significance="normal">
- <primary>
- <command>Group</command>
- </primary>
+ <indexterm>
+ <primary><command>Group</command></primary>
<secondary>Apache configuration directive</secondary>
</indexterm>
- <indexterm
- significance="normal">
+ <indexterm>
<primary>configuration directives, Apache</primary>
- <secondary>
- <command>Group</command>
- </secondary>
+ <secondary><command>Group</command></secondary>
</indexterm>
- <para>Specifies the group name of the Apache HTTP Server processes.</para>
+ <para>
+ Specifies the group name of the Apache HTTP Server processes.
+ </para>
</formalpara>
- <para>This directive has been deprecated for the configuration of virtual hosts.</para>
- <para>By default, <command>Group</command> is set to <command>apache</command>.</para>
- <!-- RHEL5: </section> -->
- <formalpara
- id="s2-apache-headername">
+ <para>
+ This directive has been deprecated for the configuration of virtual hosts.
+ </para>
+ <para>
+ By default, <command>Group</command> is set to <command>apache</command>.
+ </para>
+ <formalpara id="s2-apache-headername">
<title>HeaderName</title>
- <!-- RHEL5: <section id="s2-apache-headername">
- <title><command>HeaderName</command></title> -->
- <indexterm
- significance="normal">
- <primary>
- <command>HeaderName</command>
- </primary>
+ <indexterm>
+ <primary><command>HeaderName</command></primary>
<secondary>Apache configuration directive</secondary>
</indexterm>
- <indexterm
- significance="normal">
+ <indexterm>
<primary>configuration directives, Apache</primary>
- <secondary>
- <command>HeaderName</command>
- </secondary>
+ <secondary><command>HeaderName</command></secondary>
</indexterm>
<para>
- <command>HeaderName</command> names the file which, if it exists in the directory, is prepended to the start of server generated directory listings. Like <command>ReadmeName</command>, the server tries to include it as an HTML document if possible or in plain text if not.</para>
+ <command>HeaderName</command> names the file which, if it exists in the directory, is prepended to the start of server generated directory listings. Like <command>ReadmeName</command>, the server tries to include it as an HTML document if possible or in plain text if not.
+ </para>
</formalpara>
- <!-- RHEL5: </section> -->
- <formalpara
- id="s2-apache-hostnamelookups">
+ <formalpara id="s2-apache-hostnamelookups">
<title>HostnameLookups</title>
- <!-- RHEL5: <section id="s2-apache-hostnamelookups">
- <title><command>HostnameLookups</command></title> -->
- <indexterm
- significance="normal">
- <primary>
- <command>HostnameLookups</command>
- </primary>
+ <indexterm>
+ <primary><command>HostnameLookups</command></primary>
<secondary>Apache configuration directive</secondary>
</indexterm>
- <indexterm
- significance="normal">
+ <indexterm>
<primary>configuration directives, Apache</primary>
- <secondary>
- <command>HostnameLookups</command>
- </secondary>
+ <secondary><command>HostnameLookups</command></secondary>
</indexterm>
- <indexterm
- significance="normal">
+ <indexterm>
<primary>Apache HTTP Server</primary>
<secondary>log files</secondary>
<tertiary>using log analyzer tools with</tertiary>
</indexterm>
<para>
- <command>HostnameLookups</command> can be set to <option>on</option>, <option>off</option>, or <option>double</option>. If <command>HostnameLookups</command> is set to <option>on</option>, the server automatically resolves the IP address for each connection. Resolving the IP address means that the server makes one or more connections to a DNS server, adding processing overhead. If <command>HostnameLookups</command> is set to <option>double</option>, the server performs a double-reverse DNS look up adding even more processing overhead.</para>
+ <command>HostnameLookups</command> can be set to <option>on</option>, <option>off</option>, or <option>double</option>. If <command>HostnameLookups</command> is set to <option>on</option>, the server automatically resolves the IP address for each connection. Resolving the IP address means that the server makes one or more connections to a DNS server, adding processing overhead. If <command>HostnameLookups</command> is set to <option>double</option>, the server performs a double-reverse DNS look up adding even more processing overhead.
+ </para>
</formalpara>
- <para>To conserve resources on the server, <command>HostnameLookups</command> is set to <option>off</option> by default.</para>
- <para>If hostnames are required in server log files, consider running one of the many log analyzer tools that perform the DNS lookups more efficiently and in bulk when rotating the Web server log files.</para>
- <!-- RHEL5: </section> -->
- <formalpara
- id="s2-apache-ifdefine">
+ <para>
+ To conserve resources on the server, <command>HostnameLookups</command> is set to <option>off</option> by default.
+ </para>
+ <para>
+ If hostnames are required in server log files, consider running one of the many log analyzer tools that perform the DNS lookups more efficiently and in bulk when rotating the Web server log files.
+ </para>
+ <formalpara id="s2-apache-ifdefine">
<title>IfDefine</title>
- <!-- RHEL5: <section id="s2-apache-ifdefine">
- <title><command>IfDefine</command></title> -->
- <indexterm
- significance="normal">
- <primary>
- <command>IfDefine</command>
- </primary>
+ <indexterm>
+ <primary><command>IfDefine</command></primary>
<secondary>Apache configuration directive</secondary>
</indexterm>
- <indexterm
- significance="normal">
+ <indexterm>
<primary>configuration directives, Apache</primary>
- <secondary>
- <command>IfDefine</command>
- </secondary>
+ <secondary><command>IfDefine</command></secondary>
</indexterm>
- <para>The <command>IfDefine</command> tags surround configuration directives that are applied if the "test" stated in the <command>IfDefine</command> tag is true. The directives are ignored if the test is false.</para>
+ <para>
+ The <command>IfDefine</command> tags surround configuration directives that are applied if the "test" stated in the <command>IfDefine</command> tag is true. The directives are ignored if the test is false.
+ </para>
</formalpara>
- <para>The test in the <command>IfDefine</command> tags is a parameter name (for example, <command>HAVE_PERL</command>). If the parameter is defined, meaning that it is provided as an argument to the server's start-up command, then the test is true. In this case, when the Web server is started, the test is true and the directives contained in the <command>IfDefine</command> tags are applied.</para>
- <!-- RHEL5: </section> -->
- <formalpara
- id="s2-apache-ifmodule">
+ <para>
+ The test in the <command>IfDefine</command> tags is a parameter name (for example, <command>HAVE_PERL</command>). If the parameter is defined, meaning that it is provided as an argument to the server's start-up command, then the test is true. In this case, when the Web server is started, the test is true and the directives contained in the <command>IfDefine</command> tags are applied.
+ </para>
+ <formalpara id="s2-apache-ifmodule">
<title>IfModule</title>
- <!-- RHEL5: <section id="s2-apache-ifmodule">
- <title><command>IfModule</command></title> -->
- <indexterm
- significance="normal">
- <primary>
- <command>IfModule</command>
- </primary>
+ <indexterm>
+ <primary><command>IfModule</command></primary>
<secondary>Apache configuration directive</secondary>
</indexterm>
- <indexterm
- significance="normal">
+ <indexterm>
<primary>configuration directives, Apache</primary>
- <secondary>
- <command>IfModule</command>
- </secondary>
+ <secondary><command>IfModule</command></secondary>
</indexterm>
<para>
- <command><IfModule></command> and <command></IfModule></command> tags create a conditional container which are only activated if the specified module is loaded. Directives within the <command>IfModule</command> container are processed under one of two conditions. The directives are processed if the module contained within the starting <command><IfModule></command> tag is loaded. Or, if an exclamation point <keycap>!</keycap> appears before the module name, the directives are processed only if the module specified in the <command><IfModule></command> tag is <emphasis>not</emphasis> loaded.</para>
+ <command><IfModule></command> and <command></IfModule></command> tags create a conditional container which are only activated if the specified module is loaded. Directives within the <command>IfModule</command> container are processed under one of two conditions. The directives are processed if the module contained within the starting <command><IfModule></command> tag is loaded. Or, if an exclamation point <keycap>!</keycap> appears before the module name, the directives are processed only if the module specified in the <command><IfModule></command> tag is <emphasis>not</emphasis> loaded.
+ </para>
</formalpara>
- <para>For more information about Apache HTTP Server modules, refer to <xref
- linkend="s1-apache-addmods"/>.</para>
- <!-- RHEL5: </section> -->
- <formalpara
- id="s2-apache-include">
+ <para>
+ For more information about Apache HTTP Server modules, refer to <xref linkend="s1-apache-addmods" />.
+ </para>
+ <formalpara id="s2-apache-include">
<title>Include</title>
- <!-- RHEL5: <section id="s2-apache-include">
- <title><command>Include</command></title> -->
- <indexterm
- significance="normal">
- <primary>
- <command>Include</command>
- </primary>
+ <indexterm>
+ <primary><command>Include</command></primary>
<secondary>Apache configuration directive</secondary>
</indexterm>
- <indexterm
- significance="normal">
+ <indexterm>
<primary>configuration directives, Apache</primary>
- <secondary>
- <command>Include</command>
- </secondary>
+ <secondary><command>Include</command></secondary>
</indexterm>
<para>
- <command>Include</command> allows other configuration files to be included at runtime.</para>
+ <command>Include</command> allows other configuration files to be included at runtime.
+ </para>
</formalpara>
- <para>The path to these configuration files can be absolute or relative to the <command>ServerRoot</command>.</para>
+ <para>
+ The path to these configuration files can be absolute or relative to the <command>ServerRoot</command>.
+ </para>
<important>
<title>Important</title>
- <para>For the server to use individually packaged modules, such as <filename>mod_ssl</filename>, <filename>mod_perl</filename>, and <filename>php</filename>, the following directive must be included in <command>Section 1: Global Environment</command> of <filename>httpd.conf</filename>:</para>
- <screen>
-<command>Include conf.d/*.conf</command>
- </screen>
+ <para>
+ For the server to use individually packaged modules, such as <filename>mod_ssl</filename>, <filename>mod_perl</filename>, and <filename>php</filename>, the following directive must be included in <command>Section 1: Global Environment</command> of <filename>httpd.conf</filename>:
+ </para>
+ <screen><command>Include conf.d/*.conf</command></screen>
</important>
- <!-- RHEL5: </section> -->
- <formalpara
- id="s2-apache-indexignore">
+ <formalpara id="s2-apache-indexignore">
<title>IndexIgnore</title>
- <!-- RHEL5: <section id="s2-apache-indexignore">
- <title><command>IndexIgnore</command></title> -->
- <indexterm
- significance="normal">
- <primary>
- <command>IndexIgnore</command>
- </primary>
+ <indexterm>
+ <primary><command>IndexIgnore</command></primary>
<secondary>Apache configuration directive</secondary>
</indexterm>
- <indexterm
- significance="normal">
+ <indexterm>
<primary>configuration directives, Apache</primary>
- <secondary>
- <command>IndexIgnore</command>
- </secondary>
+ <secondary><command>IndexIgnore</command></secondary>
</indexterm>
<para>
- <command>IndexIgnore</command> lists file extensions, partial file names, wildcard expressions, or full file names. The Web server does not include any files which match any of those parameters in server generated directory listings.</para>
+ <command>IndexIgnore</command> lists file extensions, partial file names, wildcard expressions, or full file names. The Web server does not include any files which match any of those parameters in server generated directory listings.
+ </para>
</formalpara>
- <!-- RHEL5: </section> -->
- <formalpara
- id="s2-apache-indexoptions">
+ <formalpara id="s2-apache-indexoptions">
<title>IndexOptions</title>
- <!-- RHEL5: <section id="s2-apache-indexoptions">
- <title><command>IndexOptions</command></title> -->
- <indexterm
- significance="normal">
- <primary>
- <command>IndexOptions</command>
- </primary>
+ <indexterm>
+ <primary><command>IndexOptions</command></primary>
<secondary>Apache configuration directive</secondary>
</indexterm>
- <indexterm
- significance="normal">
+ <indexterm>
<primary>configuration directives, Apache</primary>
- <secondary>
- <command>IndexOptions</command>
- </secondary>
+ <secondary><command>IndexOptions</command></secondary>
</indexterm>
<para>
- <command>IndexOptions</command> controls the appearance of server generated directing listings, by adding icons, file descriptions, and so on. If <command>Options Indexes</command> is set (refer to <xref
- linkend="s2-apache-options"/>), the Web server generates a directory listing when the Web server receives an HTTP request for a directory without an index.</para>
+ <command>IndexOptions</command> controls the appearance of server generated directing listings, by adding icons, file descriptions, and so on. If <command>Options Indexes</command> is set (refer to <xref linkend="s2-apache-options" />), the Web server generates a directory listing when the Web server receives an HTTP request for a directory without an index.
+ </para>
</formalpara>
- <para>First, the Web server looks in the requested directory for a file matching the names listed in the <command>DirectoryIndex</command> directive (usually, <filename>index.html</filename>). If an <filename>index.html</filename> file is not found, Apache HTTP Server creates an HTML directory listing of the requested directory. The appearance of this directory listing is controlled, in part, by the <command>IndexOptions</command> directive.</para>
- <para>The default configuration turns on <command>FancyIndexing</command>. This means that a user can re-sort a directory listing by clicking on column headers. Another click on the same header switches from ascending to descending order. <command>FancyIndexing</command> also shows different icons for different files, based upon file extensions.</para>
- <para>The <command>AddDescription</command> option, when used in conjunction with <command>FancyIndexing</command>, presents a short description for the file in server generated directory listings.</para>
- <para>
- <command>IndexOptions</command> has a number of other parameters which can be set to control the appearance of server generated directories. The <command>IconHeight</command> and <command>IconWidth</command> parameters require the server to include HTML <command>HEIGHT</command> and <command>WIDTH</command> tags for the icons in server generated webpages. The <command>IconsAreLinks</command> parameter combines the graphical icon with the HTML link anchor, which contains the URL link target.</para>
- <!-- RHEL5: </section> -->
- <formalpara
- id="s2-apache-keepalive">
+ <para>
+ First, the Web server looks in the requested directory for a file matching the names listed in the <command>DirectoryIndex</command> directive (usually, <filename>index.html</filename>). If an <filename>index.html</filename> file is not found, Apache HTTP Server creates an HTML directory listing of the requested directory. The appearance of this directory listing is controlled, in part, by the <command>IndexOptions</command> directive.
+ </para>
+ <para>
+ The default configuration turns on <command>FancyIndexing</command>. This means that a user can re-sort a directory listing by clicking on column headers. Another click on the same header switches from ascending to descending order. <command>FancyIndexing</command> also shows different icons for different files, based upon file extensions.
+ </para>
+ <para>
+ The <command>AddDescription</command> option, when used in conjunction with <command>FancyIndexing</command>, presents a short description for the file in server generated directory listings.
+ </para>
+ <para>
+ <command>IndexOptions</command> has a number of other parameters which can be set to control the appearance of server generated directories. The <command>IconHeight</command> and <command>IconWidth</command> parameters require the server to include HTML <command>HEIGHT</command> and <command>WIDTH</command> tags for the icons in server generated webpages. The <command>IconsAreLinks</command> parameter combines the graphical icon with the HTML link anchor, which contains the URL link target.
+ </para>
+ <formalpara id="s2-apache-keepalive">
<title>KeepAlive</title>
- <!-- RHEL5: <section >
- <title><command>KeepAlive</command></title> -->
- <indexterm
- significance="normal">
- <primary>
- <command>KeepAlive</command>
- </primary>
+ <indexterm>
+ <primary><command>KeepAlive</command></primary>
<secondary>Apache configuration directive</secondary>
</indexterm>
- <indexterm
- significance="normal">
+ <indexterm>
<primary>configuration directives, Apache</primary>
- <secondary>
- <command>KeepAlive</command>
- </secondary>
+ <secondary><command>KeepAlive</command></secondary>
<tertiary>troubleshooting</tertiary>
</indexterm>
- <indexterm
- significance="normal">
+ <indexterm>
<primary>configuration directives, Apache</primary>
- <secondary>
- <command>KeepAlive</command>
- </secondary>
- <seealso>
- <command>KeepAliveTimeout</command>
- </seealso>
- </indexterm>
- <indexterm
- significance="normal">
+ <secondary><command>KeepAlive</command></secondary>
+ <seealso><command>KeepAliveTimeout</command></seealso>
+ </indexterm>
+ <indexterm>
<primary>Apache HTTP Server</primary>
<secondary>log files</secondary>
<tertiary>troubleshooting with</tertiary>
</indexterm>
<para>
- <command>KeepAlive</command> sets whether the server allows more than one request per connection and can be used to prevent any one client from consuming too much of the server's resources.</para>
+ <command>KeepAlive</command> sets whether the server allows more than one request per connection and can be used to prevent any one client from consuming too much of the server's resources.
+ </para>
</formalpara>
- <para>By default <command>Keepalive</command> is set to <command>off</command>. If <command>Keepalive</command> is set to <command>on</command> and the server becomes very busy, the server can quickly spawn the maximum number of child processes. In this situation, the server slows down significantly. If <command>Keepalive</command> is enabled, it is a good idea to set the the <command>KeepAliveTimeout</command> low (refer to <xref
- linkend="s2-apache-keepalivetimeout"/> for more information about the <command>KeepAliveTimeout</command> directive) and monitor the <filename>/var/log/httpd/error_log</filename> log file on the server. This log reports when the server is running out of child processes.</para>
- <!-- RHEL5: </section> -->
- <formalpara
- id="s2-apache-keepalivetimeout">
+ <para>
+ By default <command>Keepalive</command> is set to <command>off</command>. If <command>Keepalive</command> is set to <command>on</command> and the server becomes very busy, the server can quickly spawn the maximum number of child processes. In this situation, the server slows down significantly. If <command>Keepalive</command> is enabled, it is a good idea to set the the <command>KeepAliveTimeout</command> low (refer to <xref linkend="s2-apache-keepalivetimeout" /> for more information about the <command>KeepAliveTimeout</command> directive) and monitor the <filename>/var/log/httpd/error_log</filename> log file on the server. This log reports when the server is running out of child processes.
+ </para>
+ <formalpara id="s2-apache-keepalivetimeout">
<title>KeepAliveTimeout</title>
- <!-- RHEL5: <title><command>KeepAliveTimeout</command></title> -->
- <indexterm
- significance="normal">
- <primary>
- <command>KeepAliveTimeout</command>
- </primary>
+ <indexterm>
+ <primary><command>KeepAliveTimeout</command></primary>
<secondary>Apache configuration directive</secondary>
</indexterm>
- <indexterm
- significance="normal">
+ <indexterm>
<primary>configuration directives, Apache</primary>
- <secondary>
- <command>KeepAliveTimeout</command>
- </secondary>
+ <secondary><command>KeepAliveTimeout</command></secondary>
</indexterm>
<para>
- <command>KeepAliveTimeout</command> sets the number of seconds the server waits after a request has been served before it closes the connection. Once the server receives a request, the <command>Timeout</command> directive applies instead. The <command>KeepAliveTimeout</command> directive is set to 15 seconds by default.</para>
+ <command>KeepAliveTimeout</command> sets the number of seconds the server waits after a request has been served before it closes the connection. Once the server receives a request, the <command>Timeout</command> directive applies instead. The <command>KeepAliveTimeout</command> directive is set to 15 seconds by default.
+ </para>
</formalpara>
- <!-- RHEL5: </section> -->
- <formalpara
- id="s2-apache-languagepriority">
+ <formalpara id="s2-apache-languagepriority">
<title>LanguagePriority</title>
- <!-- RHEL5: <section id="s2-apache-languagepriority">
- <title><command>LanguagePriority</command></title> -->
- <indexterm
- significance="normal">
- <primary>
- <command>LanguagePriority</command>
- </primary>
+ <indexterm>
+ <primary><command>LanguagePriority</command></primary>
<secondary>Apache configuration directive</secondary>
</indexterm>
- <indexterm
- significance="normal">
+ <indexterm>
<primary>configuration directives, Apache</primary>
- <secondary>
- <command>LanguagePriority</command>
- </secondary>
+ <secondary><command>LanguagePriority</command></secondary>
</indexterm>
<para>
- <command>LanguagePriority</command> sets precedence for different languages in case the client Web browser has no language preference set.</para>
+ <command>LanguagePriority</command> sets precedence for different languages in case the client Web browser has no language preference set.
+ </para>
</formalpara>
- <!-- RHEL5: </section> -->
- <formalpara
- id="s2-apache-listen">
+ <formalpara id="s2-apache-listen">
<title>Listen</title>
- <!-- RHEL5: <section id="s2-apache-listen">
- <title><command>Listen</command></title> -->
- <indexterm
- significance="normal">
- <primary>
- <command>Listen</command>
- </primary>
+ <indexterm>
+ <primary><command>Listen</command></primary>
<secondary>Apache configuration directive</secondary>
</indexterm>
- <indexterm
- significance="normal">
+ <indexterm>
<primary>configuration directives, Apache</primary>
- <secondary>
- <command>Listen</command>
- </secondary>
+ <secondary><command>Listen</command></secondary>
</indexterm>
- <para>The <command>Listen</command> command identifies the ports on which the Web server accepts incoming requests. By default, the Apache HTTP Server is set to listen to port 80 for non-secure Web communications and (in the <filename>/etc/httpd/conf.d/ssl.conf</filename> file which defines any secure servers) to port 443 for secure Web communications.</para>
+ <para>
+ The <command>Listen</command> command identifies the ports on which the Web server accepts incoming requests. By default, the Apache HTTP Server is set to listen to port 80 for non-secure Web communications and (in the <filename>/etc/httpd/conf.d/ssl.conf</filename> file which defines any secure servers) to port 443 for secure Web communications.
+ </para>
</formalpara>
- <para>If the Apache HTTP Server is configured to listen to a port under 1024, only the root user can start it. For port 1024 and above, <command>httpd</command> can be started as a regular user.</para>
- <para>The <command>Listen</command> directive can also be used to specify particular IP addresses over which the server accepts connections.</para>
- <!-- RHEL5: </section> -->
- <formalpara
- id="s2-apache-loadmodule">
+ <para>
+ If the Apache HTTP Server is configured to listen to a port under 1024, only the root user can start it. For port 1024 and above, <command>httpd</command> can be started as a regular user.
+ </para>
+ <para>
+ The <command>Listen</command> directive can also be used to specify particular IP addresses over which the server accepts connections.
+ </para>
+ <formalpara id="s2-apache-loadmodule">
<title>LoadModule</title>
- <!-- RHEL5: <section id="s2-apache-loadmodule">
- <title><command>LoadModule</command></title> -->
- <indexterm
- significance="normal">
- <primary>
- <command>LoadModule</command>
- </primary>
+ <indexterm>
+ <primary><command>LoadModule</command></primary>
<secondary>Apache configuration directive</secondary>
</indexterm>
- <indexterm
- significance="normal">
+ <indexterm>
<primary>configuration directives, Apache</primary>
- <secondary>
- <command>LoadModule</command>
- </secondary>
+ <secondary><command>LoadModule</command></secondary>
</indexterm>
<para>
- <command>LoadModule</command> is used to load Dynamic Shared Object (DSO) modules. More information on the Apache HTTP Server's DSO support, including instructions for using the <command>LoadModule</command> directive, can be found in <xref
- linkend="s1-apache-addmods"/>. Note, the load order of the modules is <emphasis>no longer important</emphasis> with Apache HTTP Server 2.0. Refer to <xref
- linkend="s3-httpd-v2-mig-dso"/> for more information about Apache HTTP Server 2.0 DSO support.</para>
+ <command>LoadModule</command> is used to load Dynamic Shared Object (DSO) modules. More information on the Apache HTTP Server's DSO support, including instructions for using the <command>LoadModule</command> directive, can be found in <xref linkend="s1-apache-addmods" />. Note, the load order of the modules is <emphasis>no longer important</emphasis> with Apache HTTP Server 2.0. Refer to <xref linkend="s3-httpd-v2-mig-dso" /> for more information about Apache HTTP Server 2.0 DSO support.
+ </para>
</formalpara>
- <!-- RHEL5: </section> -->
- <formalpara
- id="s2-apache-location">
+ <formalpara id="s2-apache-location">
<title>Location</title>
- <!-- RHEL5: <section id="s2-apache-location">
- <title><command>Location</command></title> -->
- <indexterm
- significance="normal">
- <primary>
- <command>Location</command>
- </primary>
+ <indexterm>
+ <primary><command>Location</command></primary>
<secondary>Apache configuration directive</secondary>
</indexterm>
- <indexterm
- significance="normal">
+ <indexterm>
<primary>configuration directives, Apache</primary>
- <secondary>
- <command>Location</command>
- </secondary>
+ <secondary><command>Location</command></secondary>
</indexterm>
- <indexterm
- significance="normal">
+ <indexterm>
<primary>Apache HTTP Server</primary>
<secondary>server status reports</secondary>
</indexterm>
- <para>The <command><Location></command> and <command></Location></command> tags create a container in which access control based on URL can be specified.</para>
+ <para>
+ The <command><Location></command> and <command></Location></command> tags create a container in which access control based on URL can be specified.
+ </para>
</formalpara>
- <para>For instance, to allow people connecting from within the server's domain to see status reports, use the following directives:</para>
- <screen>
-<command><Location /server-status> SetHandler server-status Order deny,allow Deny from all Allow from <replaceable><.example.com></replaceable> </Location></command>
- </screen>
- <para>Replace <replaceable><.example.com></replaceable> with the second-level domain name for the Web server.</para>
- <para>To provide server configuration reports (including installed modules and configuration directives) to requests from inside the domain, use the following directives:</para>
- <screen>
-<command><Location /server-info> SetHandler server-info Order deny,allow Deny from all Allow from <replaceable><.example.com></replaceable> </Location></command>
- </screen>
- <para>Again, replace <replaceable><.example.com></replaceable> with the second-level domain name for the Web server.</para>
- <!-- RHEL5: </section> -->
- <formalpara
- id="s2-apache-logformat">
+ <para>
+ For instance, to allow people connecting from within the server's domain to see status reports, use the following directives:
+ </para>
+ <screen><command><Location /server-status> SetHandler server-status Order deny,allow Deny from all Allow from <replaceable><.example.com></replaceable> </Location></command></screen>
+ <para>
+ Replace <replaceable><.example.com></replaceable> with the second-level domain name for the Web server.
+ </para>
+ <para>
+ To provide server configuration reports (including installed modules and configuration directives) to requests from inside the domain, use the following directives:
+ </para>
+ <screen><command><Location /server-info> SetHandler server-info Order deny,allow Deny from all Allow from <replaceable><.example.com></replaceable> </Location></command></screen>
+ <para>
+ Again, replace <replaceable><.example.com></replaceable> with the second-level domain name for the Web server.
+ </para>
+ <formalpara id="s2-apache-logformat">
<title>LogFormat</title>
- <!-- RHEL5: <section id="s2-apache-logformat">
- <title><command>LogFormat</command></title> -->
- <indexterm
- significance="normal">
- <primary>
- <command>LogFormat</command>
- </primary>
+ <indexterm>
+ <primary><command>LogFormat</command></primary>
<secondary>Apache configuration directive</secondary>
</indexterm>
- <indexterm
- significance="normal">
+ <indexterm>
<primary>configuration directives, Apache</primary>
- <secondary>
- <command>LogFormat</command>
- </secondary>
+ <secondary><command>LogFormat</command></secondary>
<tertiary>format options</tertiary>
</indexterm>
- <indexterm
- significance="normal">
+ <indexterm>
<primary>Apache HTTP Server</primary>
<secondary>log files</secondary>
<tertiary>format of</tertiary>
</indexterm>
- <indexterm
- significance="normal">
+ <indexterm>
<primary>Apache HTTP Server</primary>
<secondary>log files</secondary>
<tertiary>combined log file format</tertiary>
</indexterm>
- <para>The <command>LogFormat</command> directive configures the format of the various Web server log files. The actual <command>LogFormat</command> used depends on the settings given in the <command>CustomLog</command> directive (refer to <xref
- linkend="s2-apache-customlog"/>).</para>
+ <para>
+ The <command>LogFormat</command> directive configures the format of the various Web server log files. The actual <command>LogFormat</command> used depends on the settings given in the <command>CustomLog</command> directive (refer to <xref linkend="s2-apache-customlog" />).
+ </para>
</formalpara>
- <para>The following are the format options if the <command>CustomLog</command> directive is set to <command>combined</command>:</para>
+ <para>
+ The following are the format options if the <command>CustomLog</command> directive is set to <command>combined</command>:
+ </para>
<variablelist>
<varlistentry>
- <term>
- <command>%h</command> (remote host's IP address or hostname) </term>
+ <term><command>%h</command> (remote host's IP address or hostname)</term>
<listitem>
- <para>Lists the remote IP address of the requesting client. If <command>HostnameLookups</command> is set to <option>on</option>, the client hostname is recorded unless it is not available from DNS.</para>
+ <para>
+ Lists the remote IP address of the requesting client. If <command>HostnameLookups</command> is set to <option>on</option>, the client hostname is recorded unless it is not available from DNS.
+ </para>
</listitem>
</varlistentry>
<varlistentry>
- <term>
- <command>%l</command> (rfc931) </term>
+ <term><command>%l</command> (rfc931)</term>
<listitem>
- <para>Not used. A hyphen <keycap>-</keycap> appears in the log file for this field.</para>
+ <para>
+ Not used. A hyphen <keycap>-</keycap> appears in the log file for this field.
+ </para>
</listitem>
</varlistentry>
<varlistentry>
- <term>
- <command>%u</command> (authenticated user) </term>
+ <term><command>%u</command> (authenticated user)</term>
<listitem>
- <para>Lists the username of the user recorded if authentication was required. Usually, this is not used, so a hyphen <keycap>-</keycap> appears in the log file for this field.</para>
+ <para>
+ Lists the username of the user recorded if authentication was required. Usually, this is not used, so a hyphen <keycap>-</keycap> appears in the log file for this field.
+ </para>
</listitem>
</varlistentry>
<varlistentry>
- <term>
- <command>%t</command> (date) </term>
+ <term><command>%t</command> (date)</term>
<listitem>
- <para>Lists the date and time of the request.</para>
+ <para>
+ Lists the date and time of the request.
+ </para>
</listitem>
</varlistentry>
<varlistentry>
- <term>
- <command>%r</command> (request string) </term>
+ <term><command>%r</command> (request string)</term>
<listitem>
- <para>Lists the request string exactly as it came from the browser or client.</para>
+ <para>
+ Lists the request string exactly as it came from the browser or client.
+ </para>
</listitem>
</varlistentry>
<varlistentry>
- <term>
- <command>%s</command> (status) </term>
+ <term><command>%s</command> (status)</term>
<listitem>
- <para>Lists the HTTP status code which was returned to the client host.</para>
+ <para>
+ Lists the HTTP status code which was returned to the client host.
+ </para>
</listitem>
</varlistentry>
<varlistentry>
- <term>
- <command>%b</command> (bytes) </term>
+ <term><command>%b</command> (bytes)</term>
<listitem>
- <para>Lists the size of the document.</para>
+ <para>
+ Lists the size of the document.
+ </para>
</listitem>
</varlistentry>
<varlistentry>
- <term>
- <command>%\"%{Referer}i\"</command> (referrer) </term>
+ <term><command>%\"%{Referer}i\"</command> (referrer)</term>
<listitem>
- <para>Lists the URL of the webpage which referred the client host to Web server.</para>
+ <para>
+ Lists the URL of the webpage which referred the client host to Web server.
+ </para>
</listitem>
</varlistentry>
<varlistentry>
- <term>
- <command>%\"%{User-Agent}i\"</command> (user-agent) </term>
+ <term><command>%\"%{User-Agent}i\"</command> (user-agent)</term>
<listitem>
- <para>Lists the type of Web browser making the request.</para>
+ <para>
+ Lists the type of Web browser making the request.
+ </para>
</listitem>
</varlistentry>
</variablelist>
- <!-- RHEL5: </section> -->
- <formalpara
- id="s2-apache-loglevel">
+ <formalpara id="s2-apache-loglevel">
<title>LogLevel</title>
- <!-- RHEL5: <section id="s2-apache-loglevel">
- <title><command>LogLevel</command></title> -->
- <indexterm
- significance="normal">
- <primary>
- <command>LogLevel</command>
- </primary>
+ <indexterm>
+ <primary><command>LogLevel</command></primary>
<secondary>Apache configuration directive</secondary>
</indexterm>
- <indexterm
- significance="normal">
+ <indexterm>
<primary>configuration directives, Apache</primary>
- <secondary>
- <command>LogLevel</command>
- </secondary>
+ <secondary><command>LogLevel</command></secondary>
</indexterm>
<para>
- <command>LogLevel</command> sets how verbose the error messages in the error logs are. <command>LogLevel</command> can be set (from least verbose to most verbose) to <command>emerg</command>, <command>alert</command>, <command>crit</command>, <command>error</command>, <command>warn</command>, <command>notice</command>, <command>info</command>, or <command>debug</command>. The default <command>LogLevel</command> is <command>warn</command>.</para>
+ <command>LogLevel</command> sets how verbose the error messages in the error logs are. <command>LogLevel</command> can be set (from least verbose to most verbose) to <command>emerg</command>, <command>alert</command>, <command>crit</command>, <command>error</command>, <command>warn</command>, <command>notice</command>, <command>info</command>, or <command>debug</command>. The default <command>LogLevel</command> is <command>warn</command>.
+ </para>
</formalpara>
- <!-- RHEL5: </section> -->
- <formalpara
- id="s2-apache-maxkeepaliverequests">
+ <formalpara id="s2-apache-maxkeepaliverequests">
<title>MaxKeepAliveRequests</title>
- <!-- RHEL5: <section>
- <title><command>MaxKeepAliveRequests</command></title> -->
- <indexterm
- significance="normal">
- <primary>
- <command>MaxKeepAliveRequests</command>
- </primary>
+ <indexterm>
+ <primary><command>MaxKeepAliveRequests</command></primary>
<secondary>Apache configuration directive</secondary>
</indexterm>
- <indexterm
- significance="normal">
+ <indexterm>
<primary>configuration directives, Apache</primary>
- <secondary>
- <command>MaxKeepAliveRequests</command>
- </secondary>
+ <secondary><command>MaxKeepAliveRequests</command></secondary>
</indexterm>
- <para>This directive sets the maximum number of requests allowed per persistent connection. The Apache Project recommends a high setting, which improves the server's performance. <command>MaxKeepAliveRequests</command> is set to <command>100</command> by default, which should be appropriate for most situations.</para>
+ <para>
+ This directive sets the maximum number of requests allowed per persistent connection. The Apache Project recommends a high setting, which improves the server's performance. <command>MaxKeepAliveRequests</command> is set to <command>100</command> by default, which should be appropriate for most situations.
+ </para>
</formalpara>
- <!-- RHEL5: </section> -->
- <formalpara
- id="s2-apache-namevirtualhost">
+ <formalpara id="s2-apache-namevirtualhost">
<title>NameVirtualHost</title>
- <!-- RHEL5: <section id="s2-apache-namevirtualhost">
- <title><command>NameVirtualHost</command></title> -->
- <indexterm
- significance="normal">
- <primary>
- <command>NameVirtualHost</command>
- </primary>
+ <indexterm>
+ <primary><command>NameVirtualHost</command></primary>
<secondary>Apache configuration directive</secondary>
</indexterm>
- <indexterm
- significance="normal">
+ <indexterm>
<primary>configuration directives, Apache</primary>
- <secondary>
- <command>NameVirtualHost</command>
- </secondary>
+ <secondary><command>NameVirtualHost</command></secondary>
</indexterm>
- <para>The <command>NameVirtualHost</command> directive associates an IP address and port number, if necessary, for any name-based virtual hosts. Name-based virtual hosting allows one Apache HTTP Server to serve different domains without using multiple IP addresses.</para>
+ <para>
+ The <command>NameVirtualHost</command> directive associates an IP address and port number, if necessary, for any name-based virtual hosts. Name-based virtual hosting allows one Apache HTTP Server to serve different domains without using multiple IP addresses.
+ </para>
</formalpara>
<note>
<title>Note</title>
- <para>Name-based virtual hosts <emphasis>only</emphasis> work with non-secure HTTP connections. If using virtual hosts with a secure server, use IP address-based virtual hosts instead.</para>
+ <para>
+ Name-based virtual hosts <emphasis>only</emphasis> work with non-secure HTTP connections. If using virtual hosts with a secure server, use IP address-based virtual hosts instead.
+ </para>
</note>
- <para>To enable name-based virtual hosting, uncomment the <command>NameVirtualHost</command> configuration directive and add the correct IP address. Then add additional <command>VirtualHost</command> containers for each virtual host as is necessary for your configuration.</para>
- <!-- RHEL5: </section> -->
- <formalpara
- id="s2-apache-options">
+ <para>
+ To enable name-based virtual hosting, uncomment the <command>NameVirtualHost</command> configuration directive and add the correct IP address. Then add additional <command>VirtualHost</command> containers for each virtual host as is necessary for your configuration.
+ </para>
+ <formalpara id="s2-apache-options">
<title>Options</title>
- <!-- RHEL5: <section id="s2-apache-options">
- <title><command>Options</command></title> -->
- <indexterm
- significance="normal">
- <primary>
- <command>Options</command>
- </primary>
+ <indexterm>
+ <primary><command>Options</command></primary>
<secondary>Apache configuration directive</secondary>
</indexterm>
- <indexterm
- significance="normal">
+ <indexterm>
<primary>configuration directives, Apache</primary>
- <secondary>
- <command>Options</command>
- </secondary>
+ <secondary><command>Options</command></secondary>
</indexterm>
- <indexterm
- significance="normal">
+ <indexterm>
<primary>virtual hosts</primary>
- <secondary>
- <command>Options</command>
- </secondary>
+ <secondary><command>Options</command></secondary>
</indexterm>
- <indexterm
- significance="normal">
+ <indexterm>
<primary>server side includes</primary>
</indexterm>
- <para>The <command>Options</command> directive controls which server features are available in a particular directory. For example, under the restrictive parameters specified for the root directory, <command>Options</command> is only set to the <command>FollowSymLinks</command> directive. No features are enabled, except that the server is allowed to follow symbolic links in the root directory.</para>
+ <para>
+ The <command>Options</command> directive controls which server features are available in a particular directory. For example, under the restrictive parameters specified for the root directory, <command>Options</command> is only set to the <command>FollowSymLinks</command> directive. No features are enabled, except that the server is allowed to follow symbolic links in the root directory.
+ </para>
</formalpara>
- <para>By default, in the <command>DocumentRoot</command> directory, <command>Options</command> is set to include <command>Indexes</command> and <command>FollowSymLinks</command>. <command>Indexes</command> permits the server to generate a directory listing for a directory if no <command>DirectoryIndex</command> (for example, <filename>index.html</filename>) is specified. <command>FollowSymLinks</command> allows the server to follow symbolic links in that directory.</para>
+ <para>
+ By default, in the <command>DocumentRoot</command> directory, <command>Options</command> is set to include <command>Indexes</command> and <command>FollowSymLinks</command>. <command>Indexes</command> permits the server to generate a directory listing for a directory if no <command>DirectoryIndex</command> (for example, <filename>index.html</filename>) is specified. <command>FollowSymLinks</command> allows the server to follow symbolic links in that directory.
+ </para>
<note>
<title>Note</title>
<para>
- <command>Options</command> statements from the main server configuration section need to be replicated to each <command>VirtualHost</command> container individually. Refer to <xref
- linkend="s2-apache-virtualhost"/> for more information.</para>
+ <command>Options</command> statements from the main server configuration section need to be replicated to each <command>VirtualHost</command> container individually. Refer to <xref linkend="s2-apache-virtualhost" /> for more information.
+ </para>
</note>
- <!-- RHEL5: </section> -->
- <formalpara
- id="s2-apache-order">
+ <formalpara id="s2-apache-order">
<title>Order</title>
- <!-- RHEL5: <section id="s2-apache-order">
- <title><command>Order</command></title> -->
- <indexterm
- significance="normal">
- <primary>
- <command>Order</command>
- </primary>
+ <indexterm>
+ <primary><command>Order</command></primary>
<secondary>Apache configuration directive</secondary>
</indexterm>
- <indexterm
- significance="normal">
+ <indexterm>
<primary>configuration directives, Apache</primary>
- <secondary>
- <command>Order</command>
- </secondary>
+ <secondary><command>Order</command></secondary>
</indexterm>
- <para>The <command>Order</command> directive controls the order in which <command>allow</command> and <command>deny</command> directives are evaluated. The server is configured to evaluate the <command>Allow</command> directives before the <command>Deny</command> directives for the <command>DocumentRoot</command> directory.</para>
+ <para>
+ The <command>Order</command> directive controls the order in which <command>allow</command> and <command>deny</command> directives are evaluated. The server is configured to evaluate the <command>Allow</command> directives before the <command>Deny</command> directives for the <command>DocumentRoot</command> directory.
+ </para>
</formalpara>
- <!-- RHEL5: </section> -->
- <formalpara
- id="s2-apache-pidfile">
+ <formalpara id="s2-apache-pidfile">
<title>PidFile</title>
- <!-- RHEL5: <section id="s2-apache-pidfile">
- <title><command>PidFile</command></title> -->
- <indexterm
- significance="normal">
- <primary>
- <command>PidFile</command>
- </primary>
+ <indexterm>
+ <primary><command>PidFile</command></primary>
<secondary>Apache configuration directive</secondary>
</indexterm>
- <indexterm
- significance="normal">
+ <indexterm>
<primary>configuration directives, Apache</primary>
- <secondary>
- <command>PidFile</command>
- </secondary>
+ <secondary><command>PidFile</command></secondary>
</indexterm>
<para>
- <command>PidFile</command> names the file where the server records its process ID (PID). By default the PID is listed in <filename>/var/run/httpd.pid</filename>.</para>
+ <command>PidFile</command> names the file where the server records its process ID (PID). By default the PID is listed in <filename>/var/run/httpd.pid</filename>.
+ </para>
</formalpara>
- <!-- RHEL5: </section> -->
- <formalpara
- id="s2-apache-proxy">
+ <formalpara id="s2-apache-proxy">
<title>Proxy</title>
- <!-- RHEL5: <section id="s2-apache-proxy">
- <title><command>Proxy</command></title> -->
- <indexterm
- significance="normal">
- <primary>
- <command>Proxy</command>
- </primary>
+ <indexterm>
+ <primary><command>Proxy</command></primary>
<secondary>Apache configuration directive</secondary>
</indexterm>
- <indexterm
- significance="normal">
+ <indexterm>
<primary>configuration directives, Apache</primary>
- <secondary>
- <command>Proxy</command>
- </secondary>
+ <secondary><command>Proxy</command></secondary>
</indexterm>
<para>
- <command><Proxy *></command> and <command></Proxy></command> tags create a container which encloses a group of configuration directives meant to apply only to the proxy server. Many directives which are allowed within a <command><Directory></command> container may also be used within <command><Proxy></command> container.</para>
+ <command><Proxy *></command> and <command></Proxy></command> tags create a container which encloses a group of configuration directives meant to apply only to the proxy server. Many directives which are allowed within a <command><Directory></command> container may also be used within <command><Proxy></command> container.
+ </para>
</formalpara>
- <!-- RHEL5: </section> -->
- <formalpara
- id="s2-apache-proxyrequests">
+ <formalpara id="s2-apache-proxyrequests">
<title>ProxyRequests</title>
- <!-- RHEL5: <section id="s2-apache-proxyrequests">
- <title><command>ProxyRequests</command></title> -->
- <indexterm
- significance="normal">
- <primary>
- <command>ProxyRequests</command>
- </primary>
+ <indexterm>
+ <primary><command>ProxyRequests</command></primary>
<secondary>Apache configuration directive</secondary>
</indexterm>
- <indexterm
- significance="normal">
+ <indexterm>
<primary>configuration directives, Apache</primary>
- <secondary>
- <command>ProxyRequests</command>
- </secondary>
+ <secondary><command>ProxyRequests</command></secondary>
</indexterm>
- <indexterm
- significance="normal">
+ <indexterm>
<primary>proxy server</primary>
</indexterm>
- <para>To configure the Apache HTTP Server to function as a proxy server, remove the hash mark (<command>#</command>) from the beginning of the <command><IfModule mod_proxy.c></command> line, the ProxyRequests, and each line in the <command><Proxy></command> stanza. Set the <command>ProxyRequests</command> directive to <command>On</command>, and set which domains are allowed access to the server in the <command>Allow from</command> directive of the <command><Proxy></command> stanza.</para>
+ <para>
+ To configure the Apache HTTP Server to function as a proxy server, remove the hash mark (<command>#</command>) from the beginning of the <command><IfModule mod_proxy.c></command> line, the ProxyRequests, and each line in the <command><Proxy></command> stanza. Set the <command>ProxyRequests</command> directive to <command>On</command>, and set which domains are allowed access to the server in the <command>Allow from</command> directive of the <command><Proxy></command> stanza.
+ </para>
</formalpara>
- <!-- RHEL5: </section> -->
- <formalpara
- id="s2-apache-readmename">
+ <formalpara id="s2-apache-readmename">
<title>ReadmeName</title>
- <!-- RHEL5: <section id="s2-apache-readmename">
- <title><command>ReadmeName</command></title> -->
- <indexterm
- significance="normal">
- <primary>
- <command>ReadmeName</command>
- </primary>
+ <indexterm>
+ <primary><command>ReadmeName</command></primary>
<secondary>Apache configuration directive</secondary>
</indexterm>
- <indexterm
- significance="normal">
+ <indexterm>
<primary>configuration directives, Apache</primary>
- <secondary>
- <command>ReadmeName</command>
- </secondary>
+ <secondary><command>ReadmeName</command></secondary>
</indexterm>
<para>
- <command>ReadmeName</command> names the file which, if it exists in the directory, is appended to the end of server generated directory listings. The Web server first tries to include the file as an HTML document and then tries to include it as plain text. By default, <command>ReadmeName</command> is set to <filename>README.html</filename>.</para>
- <!-- RHEL5: </section> -->
+ <command>ReadmeName</command> names the file which, if it exists in the directory, is appended to the end of server generated directory listings. The Web server first tries to include the file as an HTML document and then tries to include it as plain text. By default, <command>ReadmeName</command> is set to <filename>README.html</filename>.
+ </para>
</formalpara>
- <formalpara
- id="s2-apache-redirect">
+ <formalpara id="s2-apache-redirect">
<title>Redirect</title>
- <!-- RHEL5: <section id="s2-apache-redirect">
- <title><command>Redirect</command></title> -->
- <indexterm
- significance="normal">
- <primary>
- <command>Redirect</command>
- </primary>
+ <indexterm>
+ <primary><command>Redirect</command></primary>
<secondary>Apache configuration directive</secondary>
</indexterm>
- <indexterm
- significance="normal">
+ <indexterm>
<primary>configuration directives, Apache</primary>
- <secondary>
- <command>Redirect</command>
- </secondary>
+ <secondary><command>Redirect</command></secondary>
</indexterm>
- <para>When a webpage is moved, <command>Redirect</command> can be used to map the file location to a new URL. The format is as follows:</para>
+ <para>
+ When a webpage is moved, <command>Redirect</command> can be used to map the file location to a new URL. The format is as follows:
+ </para>
</formalpara>
- <screen>
-<command>Redirect /<replaceable><old-path></replaceable>/<replaceable><file-name></replaceable> http://<replaceable><current-domain></replaceable>/<replaceable><current-path></replaceable>/<replaceable><file-name></replaceable>
- </command>
- </screen>
- <para>In this example, replace <replaceable><old-path></replaceable> with the old path information for <replaceable><file-name></replaceable> and <replaceable><current-domain></replaceable> and <replaceable><current-path></replaceable> with the current domain and path information for <replaceable><file-name></replaceable>.</para>
- <para>In this example, any requests for <replaceable><file-name></replaceable> at the old location is automatically redirected to the new location.</para>
- <para>For more advanced redirection techniques, use the <command>mod_rewrite</command> module included with the Apache HTTP Server. For more information about configuring the <command>mod_rewrite</command> module, refer to the Apache Software Foundation documentation online at <ulink
- url="http://httpd.apache.org/docs/2.2/mod/mod_rewrite.html"> http://httpd.apache.org/docs/2.2/mod/mod_rewrite.html</ulink>.</para>
- <!-- RHEL5: </section> -->
- <formalpara
- id="s2-apache-scriptalias">
+ <screen><command>Redirect /<replaceable><old-path></replaceable>/<replaceable><file-name></replaceable> http://<replaceable><current-domain></replaceable>/<replaceable><current-path></replaceable>/<replaceable><file-name></replaceable></command></screen>
+ <para>
+ In this example, replace <replaceable><old-path></replaceable> with the old path information for <replaceable><file-name></replaceable> and <replaceable><current-domain></replaceable> and <replaceable><current-path></replaceable> with the current domain and path information for <replaceable><file-name></replaceable>.
+ </para>
+ <para>
+ In this example, any requests for <replaceable><file-name></replaceable> at the old location is automatically redirected to the new location.
+ </para>
+ <para>
+ For more advanced redirection techniques, use the <command>mod_rewrite</command> module included with the Apache HTTP Server. For more information about configuring the <command>mod_rewrite</command> module, refer to the Apache Software Foundation documentation online at <ulink url="http://httpd.apache.org/docs/2.2/mod/mod_rewrite.html" />.
+ </para>
+ <formalpara id="s2-apache-scriptalias">
<title>ScriptAlias</title>
- <!-- RHEL5: <section id="s2-apache-scriptalias">
- <title><command>ScriptAlias</command></title> -->
- <indexterm
- significance="normal">
- <primary>
- <command>ScriptAlias</command>
- </primary>
+ <indexterm>
+ <primary><command>ScriptAlias</command></primary>
<secondary>Apache configuration directive</secondary>
</indexterm>
- <indexterm
- significance="normal">
+ <indexterm>
<primary>configuration directives, Apache</primary>
- <secondary>
- <command>ScriptAlias</command>
- </secondary>
+ <secondary><command>ScriptAlias</command></secondary>
</indexterm>
- <para>The <command>ScriptAlias</command> directive defines where CGI scripts are located. Generally, it is not good practice to leave CGI scripts within the <command>DocumentRoot</command>, where they can potentially be viewed as text documents. For this reason, a special directory outside of the <command>DocumentRoot</command> directory containing server-side executables and scripts is designated by the <command>ScriptAlias</command> directive. This directory is known as a <filename>cgi-bin</filename> and is set to <filename>/var/www/cgi-bin/</filename> by default.</para>
+ <para>
+ The <command>ScriptAlias</command> directive defines where CGI scripts are located. Generally, it is not good practice to leave CGI scripts within the <command>DocumentRoot</command>, where they can potentially be viewed as text documents. For this reason, a special directory outside of the <command>DocumentRoot</command> directory containing server-side executables and scripts is designated by the <command>ScriptAlias</command> directive. This directory is known as a <filename>cgi-bin</filename> and is set to <filename>/var/www/cgi-bin/</filename> by default.
+ </para>
</formalpara>
- <para>It is possible to establish directories for storing executables outside of the <filename>cgi-bin/</filename> directory. For instructions on doing so, refer to <xref
- linkend="s2-apache-addhandler"/> and <xref
- linkend="s2-apache-directory"/>.</para>
- <!-- RHEL5: </section> -->
- <formalpara
- id="s2-apache-serveradmin">
+ <para>
+ It is possible to establish directories for storing executables outside of the <filename>cgi-bin/</filename> directory. For instructions on doing so, refer to <xref linkend="s2-apache-addhandler" /> and <xref linkend="s2-apache-directory" />.
+ </para>
+ <formalpara id="s2-apache-serveradmin">
<title>ServerAdmin</title>
- <!-- RHEL5: <section id="s2-apache-serveradmin">
- <title><command>ServerAdmin</command></title> -->
- <indexterm
- significance="normal">
- <primary>
- <command>ServerAdmin</command>
- </primary>
+ <indexterm>
+ <primary><command>ServerAdmin</command></primary>
<secondary>Apache configuration directive</secondary>
</indexterm>
- <indexterm
- significance="normal">
+ <indexterm>
<primary>configuration directives, Apache</primary>
- <secondary>
- <command>ServerAdmin</command>
- </secondary>
+ <secondary><command>ServerAdmin</command></secondary>
</indexterm>
- <indexterm
- significance="normal">
+ <indexterm>
<primary>webmaster</primary>
<secondary>email address for</secondary>
</indexterm>
- <para>Sets the <command>ServerAdmin</command> directive to the email address of the Web server administrator. This email address shows up in error messages on server-generated Web pages, so users can report a problem by sending email to the server administrator.</para>
+ <para>
+ Sets the <command>ServerAdmin</command> directive to the email address of the Web server administrator. This email address shows up in error messages on server-generated Web pages, so users can report a problem by sending email to the server administrator.
+ </para>
</formalpara>
- <para>By default, <command>ServerAdmin</command> is set to <command>root at localhost</command>.</para>
- <para>A common way to set up <command>ServerAdmin</command> is to set it to <command>webmaster at example.com</command>. Once set, alias <command>webmaster</command> to the person responsible for the Web server in <filename>/etc/aliases</filename> and run <command>/usr/bin/newaliases</command>.</para>
- <!-- RHEL5: </section> -->
- <formalpara
- id="s2-apache-servername">
+ <para>
+ By default, <command>ServerAdmin</command> is set to <command>root at localhost</command>.
+ </para>
+ <para>
+ A common way to set up <command>ServerAdmin</command> is to set it to <command>webmaster at example.com</command>. Once set, alias <command>webmaster</command> to the person responsible for the Web server in <filename>/etc/aliases</filename> and run <command>/usr/bin/newaliases</command>.
+ </para>
+ <formalpara id="s2-apache-servername">
<title>ServerName</title>
- <!-- RHEL5: <section id="s2-apache-servername">
- <title><command>ServerName</command></title> -->
- <indexterm
- significance="normal">
- <primary>
- <command>ServerName</command>
- </primary>
+ <indexterm>
+ <primary><command>ServerName</command></primary>
<secondary>Apache configuration directive</secondary>
</indexterm>
- <indexterm
- significance="normal">
+ <indexterm>
<primary>configuration directives, Apache</primary>
- <secondary>
- <command>ServerName</command>
- </secondary>
+ <secondary><command>ServerName</command></secondary>
</indexterm>
<para>
- <command>ServerName</command> specifies a hostname and port number (matching the <command>Listen</command> directive) for the server. The <command>ServerName</command> does not need to match the machine's actual hostname. For example, the Web server may be <computeroutput>www.example.com</computeroutput>, but the server's hostname is actually <computeroutput>foo.example.com</computeroutput>. The value specified in <command>ServerName</command> must be a valid Domain Name Service (DNS) name that can be resolved by the system — do not make something up.</para>
+ <command>ServerName</command> specifies a hostname and port number (matching the <command>Listen</command> directive) for the server. The <command>ServerName</command> does not need to match the machine's actual hostname. For example, the Web server may be <computeroutput>www.example.com</computeroutput>, but the server's hostname is actually <computeroutput>foo.example.com</computeroutput>. The value specified in <command>ServerName</command> must be a valid Domain Name Service (DNS) name that can be resolved by the system — do not make something up.
+ </para>
</formalpara>
- <para>The following is a sample <command>ServerName</command> directive:</para>
- <screen>
-<command>ServerName www.example.com:80</command>
- </screen>
- <para>When specifying a <command>ServerName</command>, be sure the IP address and server name pair are included in the <filename>/etc/hosts</filename> file.</para>
- <!-- RHEL5: </section> -->
- <formalpara
- id="s2-apache-serverroot">
+ <para>
+ The following is a sample <command>ServerName</command> directive:
+ </para>
+ <screen><command>ServerName www.example.com:80</command></screen>
+ <para>
+ When specifying a <command>ServerName</command>, be sure the IP address and server name pair are included in the <filename>/etc/hosts</filename> file.
+ </para>
+ <formalpara id="s2-apache-serverroot">
<title>ServerRoot</title>
- <!-- RHEL5: <section>
- <title><command>ServerRoot</command></title> -->
- <indexterm
- significance="normal">
- <primary>
- <command>ServerRoot</command>
- </primary>
+ <indexterm>
+ <primary><command>ServerRoot</command></primary>
<secondary>Apache configuration directive</secondary>
</indexterm>
- <indexterm
- significance="normal">
+ <indexterm>
<primary>configuration directives, Apache</primary>
- <secondary>
- <command>ServerRoot</command>
- </secondary>
+ <secondary><command>ServerRoot</command></secondary>
</indexterm>
- <para>The <command>ServerRoot</command> directive specifies the top-level directory containing website content. By default, <command>ServerRoot</command> is set to <filename>"/etc/httpd"</filename> for both secure and non-secure servers.</para>
+ <para>
+ The <command>ServerRoot</command> directive specifies the top-level directory containing website content. By default, <command>ServerRoot</command> is set to <filename>"/etc/httpd"</filename> for both secure and non-secure servers.
+ </para>
</formalpara>
- <!-- RHEL5: </section> -->
- <formalpara
- id="s2-apache-serversignature">
+ <formalpara id="s2-apache-serversignature">
<title>ServerSignature</title>
- <!-- RHEL5: <section id="s2-apache-serversignature">
- <title><command>ServerSignature</command></title> -->
- <indexterm
- significance="normal">
- <primary>
- <command>ServerSignature</command>
- </primary>
+ <indexterm>
+ <primary><command>ServerSignature</command></primary>
<secondary>Apache configuration directive</secondary>
</indexterm>
- <indexterm
- significance="normal">
+ <indexterm>
<primary>configuration directives, Apache</primary>
- <secondary>
- <command>ServerSignature</command>
- </secondary>
+ <secondary><command>ServerSignature</command></secondary>
</indexterm>
- <para>The <command>ServerSignature</command> directive adds a line containing the Apache HTTP Server server version and the <command>ServerName</command> to any server-generated documents, such as error messages sent back to clients. <command>ServerSignature</command> is set to <command>on</command> by default.</para>
+ <para>
+ The <command>ServerSignature</command> directive adds a line containing the Apache HTTP Server server version and the <command>ServerName</command> to any server-generated documents, such as error messages sent back to clients. <command>ServerSignature</command> is set to <command>on</command> by default.
+ </para>
</formalpara>
<para>
- <command>ServerSignature</command> can be set to <command>EMail</command> which adds a <command>mailto:ServerAdmin</command> HTML tag to the signature line of auto-generated responses. <command>ServerSignature</command> can also be set to <command>Off</command> to stop Apache from sending out its version number and module information. Please also check the <command>ServerTokens</command> settings.</para>
- <!-- RHEL5: </section> -->
- <formalpara
- id="s2-apache-servertoken">
+ <command>ServerSignature</command> can be set to <command>EMail</command> which adds a <command>mailto:ServerAdmin</command> HTML tag to the signature line of auto-generated responses. <command>ServerSignature</command> can also be set to <command>Off</command> to stop Apache from sending out its version number and module information. Please also check the <command>ServerTokens</command> settings.
+ </para>
+ <formalpara id="s2-apache-servertoken">
<title>ServerTokens</title>
- <!-- RHEL5: <section id="s2-apache-servertoken">
- <title><command>ServerTokens</command></title> -->
- <indexterm
- significance="normal">
- <primary>
- <command>ServerTokens</command>
- </primary>
+ <indexterm>
+ <primary><command>ServerTokens</command></primary>
<secondary>Apache configuration directive</secondary>
</indexterm>
- <indexterm
- significance="normal">
+ <indexterm>
<primary>configuration directives, Apache</primary>
- <secondary>
- <command>ServerTokens</command>
- </secondary>
+ <secondary><command>ServerTokens</command></secondary>
</indexterm>
- <para>The <command>ServerTokens</command> directive determines if the Server response header field sent back to clients should include details of the Operating System type and information about compiled-in modules. By default, <command>ServerTokens</command> is set to <command>Full</command> which sends information about the Operating System type and compiled-in modules. Setting the <command>ServerTokens</command> to <command>Prod</command> sends the product name only and is recommended as many hackers check information in the Server header when scanning for vulnerabilities. You can also set the <command>ServerTokens</command> to <command>Min</command> (minimal) or to <command>OS</command> (operating system).</para>
+ <para>
+ The <command>ServerTokens</command> directive determines if the Server response header field sent back to clients should include details of the Operating System type and information about compiled-in modules. By default, <command>ServerTokens</command> is set to <command>Full</command> which sends information about the Operating System type and compiled-in modules. Setting the <command>ServerTokens</command> to <command>Prod</command> sends the product name only and is recommended as many hackers check information in the Server header when scanning for vulnerabilities. You can also set the <command>ServerTokens</command> to <command>Min</command> (minimal) or to <command>OS</command> (operating system).
+ </para>
</formalpara>
- <!-- RHEL5: </section> -->
- <formalpara
- id="s2-apache-suexecusergroup">
+ <formalpara id="s2-apache-suexecusergroup">
<title>SuexecUserGroup</title>
- <!-- RHEL5: <section>
- <title><command>SuexecUserGroup</command></title> -->
- <indexterm
- significance="normal">
+ <indexterm>
<primary>Apache HTTP Server</primary>
<secondary>migration to 2.0</secondary>
- <tertiary>
- <filename>SuexecUserGroup</filename>
- </tertiary>
- </indexterm>
- <indexterm
- significance="normal">
- <primary>
- <command>SuexecUserGroup</command>
- </primary>
+ <tertiary><filename>SuexecUserGroup</filename></tertiary>
+ </indexterm>
+ <indexterm>
+ <primary><command>SuexecUserGroup</command></primary>
<secondary>Apache configuration directive</secondary>
</indexterm>
- <indexterm
- significance="normal">
+ <indexterm>
<primary>configuration directives, Apache</primary>
- <secondary>
- <command>SuexecUserGroup</command>
- </secondary>
+ <secondary><command>SuexecUserGroup</command></secondary>
</indexterm>
- <para>The <command>SuexecUserGroup</command> directive, which originates from the <command>mod_suexec</command> module, allows the specification of user and group execution privileges for CGI programs. Non-CGI requests are still processed with the user and group specified in the <command>User</command> and <command>Group</command> directives.</para>
+ <para>
+ The <command>SuexecUserGroup</command> directive, which originates from the <command>mod_suexec</command> module, allows the specification of user and group execution privileges for CGI programs. Non-CGI requests are still processed with the user and group specified in the <command>User</command> and <command>Group</command> directives.
+ </para>
</formalpara>
<note>
<title>Note</title>
- <para>From version 2.0, the <command>SuexecUserGroup</command> directive replaced the Apache HTTP Server 1.3 configuration of using the <command>User</command> and <command>Group</command> directives inside the configuration of <command>VirtualHosts</command> sections.</para>
+ <para>
+ From version 2.0, the <command>SuexecUserGroup</command> directive replaced the Apache HTTP Server 1.3 configuration of using the <command>User</command> and <command>Group</command> directives inside the configuration of <command>VirtualHosts</command> sections.
+ </para>
</note>
- <!-- RHEL5: </section> -->
- <formalpara
- id="s2-apache-timeout">
+ <formalpara id="s2-apache-timeout">
<title>Timeout</title>
- <!-- RHEL5: <section id="s2-apache-timeout">
- <title><command>Timeout</command></title> -->
- <indexterm
- significance="normal">
- <primary>
- <command>Timeout</command>
- </primary>
+ <indexterm>
+ <primary><command>Timeout</command></primary>
<secondary>Apache configuration directive</secondary>
</indexterm>
- <indexterm
- significance="normal">
+ <indexterm>
<primary>configuration directives, Apache</primary>
- <secondary>
- <command>Timeout</command>
- </secondary>
+ <secondary><command>Timeout</command></secondary>
</indexterm>
<para>
- <command>Timeout</command> defines, in seconds, the amount of time that the server waits for receipts and transmissions during communications. <command>Timeout</command> is set to <command>300</command> seconds by default, which is appropriate for most situations.</para>
+ <command>Timeout</command> defines, in seconds, the amount of time that the server waits for receipts and transmissions during communications. <command>Timeout</command> is set to <command>300</command> seconds by default, which is appropriate for most situations.
+ </para>
</formalpara>
- <!-- RHEL5: </section> -->
- <formalpara
- id="s2-apache-typesconfig">
+ <formalpara id="s2-apache-typesconfig">
<title>TypesConfig</title>
- <!-- RHEL5: <section id="s2-apache-typesconfig">
- <title><command>TypesConfig</command></title> -->
- <indexterm
- significance="normal">
- <primary>
- <command>TypesConfig</command>
- </primary>
+ <indexterm>
+ <primary><command>TypesConfig</command></primary>
<secondary>Apache configuration directive</secondary>
</indexterm>
- <indexterm
- significance="normal">
+ <indexterm>
<primary>configuration directives, Apache</primary>
- <secondary>
- <command>TypesConfig</command>
- </secondary>
+ <secondary><command>TypesConfig</command></secondary>
</indexterm>
<para>
- <command>TypesConfig</command> names the file which sets the default list of MIME type mappings (file name extensions to content types). The default <command> TypesConfig</command> file is <filename>/etc/mime.types</filename>. Instead of editing <filename>/etc/mime.types</filename>, the recommended way to add MIME type mappings is to use the <command> AddType</command> directive.</para>
+ <command>TypesConfig</command> names the file which sets the default list of MIME type mappings (file name extensions to content types). The default <command> TypesConfig</command> file is <filename>/etc/mime.types</filename>. Instead of editing <filename>/etc/mime.types</filename>, the recommended way to add MIME type mappings is to use the <command> AddType</command> directive.
+ </para>
</formalpara>
- <para>For more information about <command>AddType</command>, refer to <xref
- linkend="s2-apache-addtype"/>.</para>
- <!-- RHEL5: </section> -->
- <formalpara
- id="s2-apache-usecanonicalname">
+ <para>
+ For more information about <command>AddType</command>, refer to <xref linkend="s2-apache-addtype" />.
+ </para>
+ <formalpara id="s2-apache-usecanonicalname">
<title>UseCanonicalName</title>
- <!-- RHEL5: <section id="s2-apache-usecanonicalname">
- <title><command>UseCanonicalName</command></title> -->
- <indexterm
- significance="normal">
- <primary>
- <command>UseCanonicalName</command>
- </primary>
+ <indexterm>
+ <primary><command>UseCanonicalName</command></primary>
<secondary>Apache configuration directive</secondary>
</indexterm>
- <indexterm
- significance="normal">
+ <indexterm>
<primary>configuration directives, Apache</primary>
- <secondary>
- <command>UseCanonicalName</command>
- </secondary>
+ <secondary><command>UseCanonicalName</command></secondary>
</indexterm>
- <para>When set to <option>on</option>, this directive configures the Apache HTTP Server to reference itself using the value specified in the <command>ServerName</command> and <command>Port</command> directives. When <command>UseCanonicalName</command> is set to <option>off</option>, the server instead uses the value used by the requesting client when referring to itself.</para>
+ <para>
+ When set to <option>on</option>, this directive configures the Apache HTTP Server to reference itself using the value specified in the <command>ServerName</command> and <command>Port</command> directives. When <command>UseCanonicalName</command> is set to <option>off</option>, the server instead uses the value used by the requesting client when referring to itself.
+ </para>
</formalpara>
<para>
- <command>UseCanonicalName</command> is set to <option>off</option> by default.</para>
- <!-- RHEL5: </section> -->
- <formalpara
- id="s2-apache-user">
+ <command>UseCanonicalName</command> is set to <option>off</option> by default.
+ </para>
+ <formalpara id="s2-apache-user">
<title>User</title>
- <!-- RHEL5: <section id="s2-apache-user">
- <title><command>User</command></title> -->
- <indexterm
- significance="normal">
- <primary>
- <command>User</command>
- </primary>
+ <indexterm>
+ <primary><command>User</command></primary>
<secondary>Apache configuration directive</secondary>
</indexterm>
- <indexterm
- significance="normal">
+ <indexterm>
<primary>configuration directives, Apache</primary>
- <secondary>
- <command>User</command>
- </secondary>
+ <secondary><command>User</command></secondary>
</indexterm>
- <para>The <command>User</command> directive sets the username of the server process and determines what files the server is allowed to access. Any files inaccessible to this user are also inaccessible to clients connecting to the Apache HTTP Server.</para>
+ <para>
+ The <command>User</command> directive sets the username of the server process and determines what files the server is allowed to access. Any files inaccessible to this user are also inaccessible to clients connecting to the Apache HTTP Server.
+ </para>
</formalpara>
- <para>By default <command>User</command> is set to <command>apache</command>.</para>
- <para>This directive has been deprecated for the configuration of virtual hosts.</para>
+ <para>
+ By default <command>User</command> is set to <command>apache</command>.
+ </para>
+ <para>
+ This directive has been deprecated for the configuration of virtual hosts.
+ </para>
<note>
<title>Note</title>
- <para>For security reasons, the Apache HTTP Server does not run as the root user.</para>
+ <para>
+ For security reasons, the Apache HTTP Server does not run as the root user.
+ </para>
</note>
- <!-- RHEL5: </section> -->
- <formalpara
- id="s2-apache-userdir">
+ <formalpara id="s2-apache-userdir">
<title>UserDir</title>
- <!-- RHEL5: <section id="s2-apache-userdir">
- <title><command>UserDir</command></title> -->
- <indexterm
- significance="normal">
- <primary>
- <command>UserDir</command>
- </primary>
+ <indexterm>
+ <primary><command>UserDir</command></primary>
<secondary>Apache configuration directive</secondary>
</indexterm>
- <indexterm
- significance="normal">
+ <indexterm>
<primary>configuration directives, Apache</primary>
- <secondary>
- <command>UserDir</command>
- </secondary>
+ <secondary><command>UserDir</command></secondary>
</indexterm>
- <indexterm
- significance="normal">
- <primary>
- <filename>public_html</filename> directories</primary>
+ <indexterm>
+ <primary><filename>public_html</filename> directories</primary>
</indexterm>
- <indexterm
- significance="normal">
+ <indexterm>
<primary>users</primary>
<secondary>personal HTML directories</secondary>
</indexterm>
<para>
- <command>UserDir</command> is the subdirectory within each user's home directory where they should place personal HTML files which are served by the Web server. This directive is set to <option> disable</option> by default.</para>
+ <command>UserDir</command> is the subdirectory within each user's home directory where they should place personal HTML files which are served by the Web server. This directive is set to <option> disable</option> by default.
+ </para>
</formalpara>
- <para>The name for the subdirectory is set to <filename>public_html</filename> in the default configuration. For example, the server might receive the following request:</para>
- <screen>
-<command>http://<replaceable>example.com</replaceable>/~<replaceable>username</replaceable>/foo.html</command>
- </screen>
- <para>The server would look for the file:</para>
- <screen>
-<filename>/home/username/public_html/foo.html</filename>
- </screen>
- <para>In the above example, <filename>/home/username/</filename> is the user's home directory (note that the default path to users' home directories may vary).</para>
- <para>Make sure that the permissions on the users' home directories are set correctly. Users' home directories must be set to 0711. The read (r) and execute (x) bits must be set on the users' <filename>public_html</filename> directories (0755 also works). Files that are served in a users' <filename>public_html</filename> directories must be set to at least 0644.</para>
- <!-- RHEL5: </section> -->
- <formalpara
- id="s2-apache-virtualhost">
+ <para>
+ The name for the subdirectory is set to <filename>public_html</filename> in the default configuration. For example, the server might receive the following request:
+ </para>
+ <screen><command>http://<replaceable>example.com</replaceable>/~<replaceable>username</replaceable>/foo.html</command></screen>
+ <para>
+ The server would look for the file:
+ </para>
+ <screen><filename>/home/username/public_html/foo.html</filename></screen>
+ <para>
+ In the above example, <filename>/home/username/</filename> is the user's home directory (note that the default path to users' home directories may vary).
+ </para>
+ <para>
+ Make sure that the permissions on the users' home directories are set correctly. Users' home directories must be set to 0711. The read (r) and execute (x) bits must be set on the users' <filename>public_html</filename> directories (0755 also works). Files that are served in a users' <filename>public_html</filename> directories must be set to at least 0644.
+ </para>
+ <formalpara id="s2-apache-virtualhost">
<title>VirtualHost</title>
- <!-- RHEL5: <section id="s2-apache-virtualhost">
- <title><command>VirtualHost</command></title> -->
- <indexterm
- significance="normal">
- <primary>
- <command>VirtualHost</command>
- </primary>
+ <indexterm>
+ <primary><command>VirtualHost</command></primary>
<secondary>Apache configuration directive</secondary>
</indexterm>
- <indexterm
- significance="normal">
+ <indexterm>
<primary>configuration directives, Apache</primary>
- <secondary>
- <command>VirtualHost</command>
- </secondary>
+ <secondary><command>VirtualHost</command></secondary>
</indexterm>
<para>
- <command><VirtualHost></command> and <command></VirtualHost></command> tags create a container outlining the characteristics of a virtual host. The <command>VirtualHost</command> container accepts most configuration directives.</para>
+ <command><VirtualHost></command> and <command></VirtualHost></command> tags create a container outlining the characteristics of a virtual host. The <command>VirtualHost</command> container accepts most configuration directives.
+ </para>
</formalpara>
- <para>A commented <command>VirtualHost</command> container is provided in <filename>httpd.conf</filename>, which illustrates the minimum set of configuration directives necessary for each virtual host. Refer to <xref
- linkend="s1-apache-virtualhosts"/> for more information about virtual hosts.</para>
+ <para>
+ A commented <command>VirtualHost</command> container is provided in <filename>httpd.conf</filename>, which illustrates the minimum set of configuration directives necessary for each virtual host. Refer to <xref linkend="s1-apache-virtualhosts" /> for more information about virtual hosts.
+ </para>
<note>
<title>Note</title>
- <para>The default SSL virtual host container now resides in the file <filename>/etc/httpd/conf.d/ssl.conf</filename>.</para>
+ <para>
+ The default SSL virtual host container now resides in the file <filename>/etc/httpd/conf.d/ssl.conf</filename>.
+ </para>
</note>
</section>
- <!-- RHEL5: New section starting -->
- <section
- id="s2-apache-sslcommands">
+ <section id="s2-apache-sslcommands">
<title>Configuration Directives for SSL</title>
- <indexterm
- significance="normal">
+ <indexterm>
<primary>SSL configuration</primary>
</indexterm>
- <indexterm
- significance="normal">
+ <indexterm>
<primary>configuration directives, Apache</primary>
<secondary>SSL configuration</secondary>
</indexterm>
- <para>The directives in <filename>/etc/httpd/conf.d/ssl.conf</filename> file can be configured to enable secure Web communications using SSL and TLS.</para>
- <formalpara
- id="s3-apache-setenvif">
+ <para>
+ The directives in <filename>/etc/httpd/conf.d/ssl.conf</filename> file can be configured to enable secure Web communications using SSL and TLS.
+ </para>
+ <formalpara id="s3-apache-setenvif">
<title>SetEnvIf</title>
- <!-- RHEL5: <section id="s3-apache-setenvif">
- <title><command>SetEnvIf</command></title> -->
- <indexterm
- significance="normal">
- <primary>
- <command>SetEnvIf</command>
- </primary>
+ <indexterm>
+ <primary><command>SetEnvIf</command></primary>
<secondary>Apache configuration directive</secondary>
</indexterm>
- <indexterm
- significance="normal">
+ <indexterm>
<primary>configuration directives, Apache</primary>
- <secondary>
- <command>SetEnvIf</command>
- </secondary>
+ <secondary><command>SetEnvIf</command></secondary>
</indexterm>
<para>
- <command>SetEnvIf</command> sets environment variables based on the headers of incoming connections. It is <emphasis>not</emphasis> solely an SSL directive, though it is present in the supplied <filename>/etc/httpd/conf.d/ssl.conf</filename> file. It's purpose in this context is to disable HTTP keepalive and to allow SSL to close the connection without a closing notification from the client browser. This setting is necessary for certain browsers that do not reliably shut down the SSL connection.</para>
+ <command>SetEnvIf</command> sets environment variables based on the headers of incoming connections. It is <emphasis>not</emphasis> solely an SSL directive, though it is present in the supplied <filename>/etc/httpd/conf.d/ssl.conf</filename> file. It's purpose in this context is to disable HTTP keepalive and to allow SSL to close the connection without a closing notification from the client browser. This setting is necessary for certain browsers that do not reliably shut down the SSL connection.
+ </para>
</formalpara>
- <para>For more information on other directives within the SSL configuration file, refer to the following URLs:</para>
+ <para>
+ For more information on other directives within the SSL configuration file, refer to the following URLs:
+ </para>
<itemizedlist>
<listitem>
- <para>http://localhost/manual/mod/mod_ssl.html</para>
+ <para>
+ http://localhost/manual/mod/mod_ssl.html
+ </para>
</listitem>
<listitem>
<para>
- <ulink
- url="http://httpd.apache.org/docs/2.2/mod/mod_ssl.html">http://httpd.apache.org/docs/2.2/mod/mod_ssl.html</ulink>
+ <ulink url="http://httpd.apache.org/docs/2.2/mod/mod_ssl.html" />
</para>
</listitem>
</itemizedlist>
<note>
<title>Note</title>
- <para>In most cases, SSL directives are configured appropriately during the installation of &MAJOROS;. Be careful when altering Apache HTTP Secure Server directives, misconfiguration can lead to security vulnerabilities.</para>
+ <para>
+ In most cases, SSL directives are configured appropriately during the installation of &MAJOROS;. Be careful when altering Apache HTTP Secure Server directives, misconfiguration can lead to security vulnerabilities.
+ </para>
</note>
- <!-- RHEL5: </section> -->
</section>
- <!-- RHEL5: New Section Starting -->
- <section
- id="s2-apache-mpm-containers">
+ <section id="s2-apache-mpm-containers">
<title>MPM Specific Server-Pool Directives</title>
- <indexterm
- significance="normal">
+ <indexterm>
<primary>Apache HTTP Server</primary>
<secondary>2.0</secondary>
<tertiary>MPM specific directives</tertiary>
</indexterm>
- <para>As explained in <xref
- linkend="s3-httpd-v2-mig-pool"/>, the responsibility for managing characteristics of the server-pool falls to a module group called MPMs under Apache HTTP Server 2.0. The characteristics of the server-pool differ depending upon which MPM is used. For this reason, an <command>IfModule</command> container is necessary to define the server-pool for the MPM in use.</para>
- <para>By default, Apache HTTP Server 2.0 defines the server-pool for both the <command>prefork</command> and <command>worker</command> MPMs.</para>
- <para>The following section list directives found within the MPM-specific server-pool containers.</para>
- <formalpara
- id="s3-apache-maxclients">
+ <para>
+ As explained in <xref linkend="s3-httpd-v2-mig-pool" />, the responsibility for managing characteristics of the server-pool falls to a module group called MPMs under Apache HTTP Server 2.0. The characteristics of the server-pool differ depending upon which MPM is used. For this reason, an <command>IfModule</command> container is necessary to define the server-pool for the MPM in use.
+ </para>
+ <para>
+ By default, Apache HTTP Server 2.0 defines the server-pool for both the <command>prefork</command> and <command>worker</command> MPMs.
+ </para>
+ <para>
+ The following section list directives found within the MPM-specific server-pool containers.
+ </para>
+ <formalpara id="s3-apache-maxclients">
<title>MaxClients</title>
- <!-- RHEL5: <section>
- <title><command>MaxClients</command></title> -->
- <indexterm
- significance="normal">
- <primary>
- <command>MaxClients</command>
- </primary>
+ <indexterm>
+ <primary><command>MaxClients</command></primary>
<secondary>Apache configuration directive</secondary>
</indexterm>
- <indexterm
- significance="normal">
+ <indexterm>
<primary>configuration directives, Apache</primary>
- <secondary>
- <command>MaxClients</command>
- </secondary>
+ <secondary><command>MaxClients</command></secondary>
</indexterm>
<para>
- <command>MaxClients</command> sets a limit on the total number of server processes, or simultaneously connected clients, that can run at one time. The main purpose of this directive is to keep a runaway Apache HTTP Server from crashing the operating system. For busy servers this value should be set to a high value. The server's default is set to 150 regardless of the MPM in use. However, it is not recommended that the value for <command>MaxClients</command> exceeds <command>256</command> when using the <command>prefork</command> MPM.</para>
- <!-- RHEL5: </section> -->
+ <command>MaxClients</command> sets a limit on the total number of server processes, or simultaneously connected clients, that can run at one time. The main purpose of this directive is to keep a runaway Apache HTTP Server from crashing the operating system. For busy servers this value should be set to a high value. The server's default is set to 150 regardless of the MPM in use. However, it is not recommended that the value for <command>MaxClients</command> exceeds <command>256</command> when using the <command>prefork</command> MPM.
+ </para>
</formalpara>
- <formalpara
- id="s3-apache-maxrequestsperchild">
+ <formalpara id="s3-apache-maxrequestsperchild">
<title>MaxRequestsPerChild</title>
- <!-- RHEL5: <section id="s3-apache-maxrequestsperchild">
- <title><command>MaxRequestsPerChild</command></title> -->
- <indexterm
- significance="normal">
- <primary>
- <command>MaxRequestsPerChild</command>
- </primary>
+ <indexterm>
+ <primary><command>MaxRequestsPerChild</command></primary>
<secondary>Apache configuration directive</secondary>
</indexterm>
- <indexterm
- significance="normal">
+ <indexterm>
<primary>configuration directives, Apache</primary>
- <secondary>
- <command>MaxRequestsPerChild</command>
- </secondary>
+ <secondary><command>MaxRequestsPerChild</command></secondary>
</indexterm>
<para>
- <command>MaxRequestsPerChild</command> sets the total number of requests each child server process serves before the child dies. The main reason for setting <command>MaxRequestsPerChild</command> is to avoid long-lived process induced memory leaks. The default <command>MaxRequestsPerChild</command> for the <command>prefork</command> MPM is <command>4000</command> and for the <command>worker</command> MPM is <command>0</command>.</para>
- <!-- RHEL5: </section> -->
+ <command>MaxRequestsPerChild</command> sets the total number of requests each child server process serves before the child dies. The main reason for setting <command>MaxRequestsPerChild</command> is to avoid long-lived process induced memory leaks. The default <command>MaxRequestsPerChild</command> for the <command>prefork</command> MPM is <command>4000</command> and for the <command>worker</command> MPM is <command>0</command>.
+ </para>
</formalpara>
- <formalpara
- id="s3-apache-minmaxspareservers">
+ <formalpara id="s3-apache-minmaxspareservers">
<title>MinSpareServers and MaxSpareServers</title>
- <!-- RHEL5: <section id="s3-apache-minmaxspareservers">
- <title><command>MinSpareServers</command> and <command>MaxSpareServers</command></title> -->
- <indexterm
- significance="normal">
- <primary>
- <command>MinSpareServers</command>
- </primary>
+ <indexterm>
+ <primary><command>MinSpareServers</command></primary>
<secondary>Apache configuration directive</secondary>
</indexterm>
- <indexterm
- significance="normal">
+ <indexterm>
<primary>configuration directives, Apache</primary>
- <secondary>
- <command>MinSpareServers</command>
- </secondary>
- </indexterm>
- <indexterm
- significance="normal">
- <primary>
- <command>MaxSpareServers</command>
- </primary>
+ <secondary><command>MinSpareServers</command></secondary>
+ </indexterm>
+ <indexterm>
+ <primary><command>MaxSpareServers</command></primary>
<secondary>Apache configuration directive</secondary>
</indexterm>
- <indexterm
- significance="normal">
+ <indexterm>
<primary>configuration directives, Apache</primary>
- <secondary>
- <command>MaxSpareServers</command>
- </secondary>
+ <secondary><command>MaxSpareServers</command></secondary>
</indexterm>
- <para>These values are only used with the <command>prefork</command> MPM. They adjust how the Apache HTTP Server dynamically adapts to the perceived load by maintaining an appropriate number of spare server processes based on the number of incoming requests. The server checks the number of servers waiting for a request and kills some if there are more than <command>MaxSpareServers</command> or creates some if the number of servers is less than <command>MinSpareServers</command>.</para>
+ <para>
+ These values are only used with the <command>prefork</command> MPM. They adjust how the Apache HTTP Server dynamically adapts to the perceived load by maintaining an appropriate number of spare server processes based on the number of incoming requests. The server checks the number of servers waiting for a request and kills some if there are more than <command>MaxSpareServers</command> or creates some if the number of servers is less than <command>MinSpareServers</command>.
+ </para>
</formalpara>
- <para>The default <command>MinSpareServers</command> value is <command>5</command>; the default <command>MaxSpareServers</command> value is <command>20</command>. These default settings should be appropriate for most situations. Be careful not to increase the <command>MinSpareServers</command> to a large number as doing so creates a heavy processing load on the server even when traffic is light.</para>
- <!-- RHEL5: </section> -->
- <formalpara
- id="s3-apache-minmaxsparethreads">
+ <para>
+ The default <command>MinSpareServers</command> value is <command>5</command>; the default <command>MaxSpareServers</command> value is <command>20</command>. These default settings should be appropriate for most situations. Be careful not to increase the <command>MinSpareServers</command> to a large number as doing so creates a heavy processing load on the server even when traffic is light.
+ </para>
+ <formalpara id="s3-apache-minmaxsparethreads">
<title>MinSpareThreads and MaxSpareThreads</title>
- <!-- RHEL5: <section id="s3-apache-minmaxsparethreads">
- <title><command>MinSpareThreads</command> and <command>MaxSpareThreads</command></title> -->
- <indexterm
- significance="normal">
- <primary>
- <command>MinSpareThreads</command>
- </primary>
+ <indexterm>
+ <primary><command>MinSpareThreads</command></primary>
<secondary>Apache configuration directive</secondary>
</indexterm>
- <indexterm
- significance="normal">
+ <indexterm>
<primary>configuration directives, Apache</primary>
- <secondary>
- <command>MinSpareThreads</command>
- </secondary>
- </indexterm>
- <indexterm
- significance="normal">
- <primary>
- <command>MaxSpareThreads</command>
- </primary>
+ <secondary><command>MinSpareThreads</command></secondary>
+ </indexterm>
+ <indexterm>
+ <primary><command>MaxSpareThreads</command></primary>
<secondary>Apache configuration directive</secondary>
</indexterm>
- <indexterm
- significance="normal">
+ <indexterm>
<primary>configuration directives, Apache</primary>
- <secondary>
- <command>MaxSpareThreads</command>
- </secondary>
+ <secondary><command>MaxSpareThreads</command></secondary>
</indexterm>
- <para>These values are only used with the <command>worker</command> MPM. They adjust how the Apache HTTP Server dynamically adapts to the perceived load by maintaining an appropriate number of spare server threads based on the number of incoming requests. The server checks the number of server threads waiting for a request and kills some if there are more than <command>MaxSpareThreads</command> or creates some if the number of servers is less than <command>MinSpareThreads</command>.</para>
+ <para>
+ These values are only used with the <command>worker</command> MPM. They adjust how the Apache HTTP Server dynamically adapts to the perceived load by maintaining an appropriate number of spare server threads based on the number of incoming requests. The server checks the number of server threads waiting for a request and kills some if there are more than <command>MaxSpareThreads</command> or creates some if the number of servers is less than <command>MinSpareThreads</command>.
+ </para>
</formalpara>
- <para>The default <command>MinSpareThreads</command> value is <command>25</command>; the default <command>MaxSpareThreads</command> value is <command>75</command>. These default settings should be appropriate for most situations. The value for <command>MaxSpareThreads</command> must be greater than or equal to the sum of <command>MinSpareThreads</command> and <command>ThreadsPerChild</command>, else the Apache HTTP Server automatically corrects it.</para>
- <!-- RHEL5: </section> -->
- <formalpara
- id="s3-apache-startservers">
+ <para>
+ The default <command>MinSpareThreads</command> value is <command>25</command>; the default <command>MaxSpareThreads</command> value is <command>75</command>. These default settings should be appropriate for most situations. The value for <command>MaxSpareThreads</command> must be greater than or equal to the sum of <command>MinSpareThreads</command> and <command>ThreadsPerChild</command>, else the Apache HTTP Server automatically corrects it.
+ </para>
+ <formalpara id="s3-apache-startservers">
<title>StartServers</title>
- <!-- RHEL5: <section id="s3-apache-startservers">
- <title><command>StartServers</command></title> -->
- <indexterm
- significance="normal">
- <primary>
- <command>StartServers</command>
- </primary>
+ <indexterm>
+ <primary><command>StartServers</command></primary>
<secondary>Apache configuration directive</secondary>
</indexterm>
- <indexterm
- significance="normal">
+ <indexterm>
<primary>configuration directives, Apache</primary>
- <secondary>
- <command>StartServers</command>
- </secondary>
+ <secondary><command>StartServers</command></secondary>
</indexterm>
- <para>The <command>StartServers</command> directive sets how many server processes are created upon startup. Since the Web server dynamically kills and creates server processes based on traffic load, it is not necessary to change this parameter. The Web server is set to start <command>8</command> server processes at startup for the <command>prefork</command> MPM and <command>2</command> for the <command>worker</command> MPM.</para>
- <!-- RHEL5: </section> -->
+ <para>
+ The <command>StartServers</command> directive sets how many server processes are created upon startup. Since the Web server dynamically kills and creates server processes based on traffic load, it is not necessary to change this parameter. The Web server is set to start <command>8</command> server processes at startup for the <command>prefork</command> MPM and <command>2</command> for the <command>worker</command> MPM.
+ </para>
</formalpara>
- <formalpara
- id="s3-apache-threadsperchild">
+ <formalpara id="s3-apache-threadsperchild">
<title>ThreadsPerChild</title>
- <!-- RHEL5: <section id="s3-apache-threadsperchild">
- <title><command>ThreadsPerChild</command></title> -->
- <indexterm
- significance="normal">
- <primary>
- <command>ThreadsPerChild</command>
- </primary>
+ <indexterm>
+ <primary><command>ThreadsPerChild</command></primary>
<secondary>Apache configuration directive</secondary>
</indexterm>
- <indexterm
- significance="normal">
+ <indexterm>
<primary>configuration directives, Apache</primary>
- <secondary>
- <command>ThreadsPerChild</command>
- </secondary>
+ <secondary><command>ThreadsPerChild</command></secondary>
</indexterm>
- <para>This value is only used with the <command>worker</command> MPM. It sets the number of threads within each child process. The default value for this directive is <command>25</command>.</para>
- <!-- RHEL5: </section> -->
+ <para>
+ This value is only used with the <command>worker</command> MPM. It sets the number of threads within each child process. The default value for this directive is <command>25</command>.
+ </para>
</formalpara>
</section>
</section>
- <!-- RHEL5: Page ends here -->
- <section
- id="s1-apache-addmods">
+ <section id="s1-apache-addmods">
<title>Adding Modules</title>
- <indexterm
- significance="normal">
+ <indexterm>
<primary>modules</primary>
<secondary>Apache</secondary>
<tertiary>loading</tertiary>
</indexterm>
- <indexterm
- significance="normal">
+ <indexterm>
<primary>DSOs</primary>
<secondary>loading</secondary>
</indexterm>
- <indexterm
- significance="normal">
+ <indexterm>
<primary>objects, dynamically shared</primary>
<see>DSOs</see>
</indexterm>
- <indexterm
- significance="normal">
+ <indexterm>
<primary>APXS Apache utility</primary>
</indexterm>
- <indexterm
- significance="normal">
+ <indexterm>
<primary>modules</primary>
<secondary>Apache</secondary>
<tertiary>the own</tertiary>
</indexterm>
- <para>The Apache HTTP Server is distributed with a number of modules. More information about Apache HTTP modules can be found on <ulink
- url="http://httpd.apache.org/docs/2.2/mod/">http://httpd.apache.org/docs/2.2/mod/</ulink>.</para>
- <para>The Apache HTTP Server supports <firstterm>Dynamically Shared Objects</firstterm> (<firstterm>DSO</firstterm>s), or modules, which can easily be loaded at runtime as necessary.</para>
- <para>The Apache Project provides complete DSO documentation online at <ulink
- url="http://httpd.apache.org/docs/2.2/dso.html">http://httpd.apache.org/docs/2.2/dso.html</ulink>. Or, if the <filename>http-manual</filename> package is installed, documentation about DSOs can be found online at <ulink
- url="http://localhost/manual/mod/">http://localhost/manual/mod/</ulink>.</para>
- <para>For the Apache HTTP Server to use a DSO, it must be specified in a <command>LoadModule</command> directive within <filename>/etc/httpd/conf/httpd.conf</filename>. If the module is provided by a separate package, the line must appear within the modules configuration file in the <filename>/etc/httpd/conf.d/</filename> directory. Refer to <xref
- linkend="s2-apache-loadmodule"/> for more information.</para>
- <para>If adding or deleting modules from <filename>http.conf</filename>, Apache HTTP Server must be reloaded or restarted, as referred to in <xref
- linkend="s1-apache-startstop"/>.</para>
- <para>If creating a new module, first install the <filename>httpd-devel</filename> package which contains the include files, the header files, as well as the <firstterm>APache eXtenSion</firstterm> (<command>/usr/sbin/apxs</command>) application, which uses the include files and the header files to compile DSOs.</para>
- <para>After writing a module, use <command>/usr/sbin/apxs</command> to compile the module sources outside the Apache source tree. For more information about using the <command>/usr/sbin/apxs</command> command, refer to the the Apache documentation online at <ulink
- url="http://httpd.apache.org/docs/2.2/dso.html">http://httpd.apache.org/docs/2.2/dso.html</ulink> as well as the <command>apxs</command> man page.</para>
- <para>Once compiled, put the module in the <filename>/usr/lib/httpd/modules/</filename> directory. For 64-bit &MAJOROS; hosts using the defaut 64-bit user-space, this path will be <filename>/usr/lib64/httpd/modules/</filename>. Then add a <command>LoadModule</command> line to the <filename>httpd.conf</filename>, using the following structure:</para>
- <screen>
-<command>LoadModule <replaceable><module-name> <path/to/module.so></replaceable>
- </command>
- </screen>
- <para>Where <replaceable><module-name></replaceable> is the name of the module and <replaceable><path/to/module.so></replaceable> is the path to the DSO.</para>
+ <para>
+ The Apache HTTP Server is distributed with a number of modules. More information about Apache HTTP modules can be found on <ulink url="http://httpd.apache.org/docs/2.2/mod/" />.
+ </para>
+ <para>
+ The Apache HTTP Server supports <firstterm>Dynamically Shared Objects</firstterm> (<firstterm>DSO</firstterm>s), or modules, which can easily be loaded at runtime as necessary.
+ </para>
+ <para>
+ The Apache Project provides complete DSO documentation online at <ulink url="http://httpd.apache.org/docs/2.2/dso.html" />. Or, if the <filename>http-manual</filename> package is installed, documentation about DSOs can be found online at <ulink url="http://localhost/manual/mod/" />.
+ </para>
+ <para>
+ For the Apache HTTP Server to use a DSO, it must be specified in a <command>LoadModule</command> directive within <filename>/etc/httpd/conf/httpd.conf</filename>. If the module is provided by a separate package, the line must appear within the modules configuration file in the <filename>/etc/httpd/conf.d/</filename> directory. Refer to <xref linkend="s2-apache-loadmodule" /> for more information.
+ </para>
+ <para>
+ If adding or deleting modules from <filename>http.conf</filename>, Apache HTTP Server must be reloaded or restarted, as referred to in <xref linkend="s1-apache-startstop" />.
+ </para>
+ <para>
+ If creating a new module, first install the <filename>httpd-devel</filename> package which contains the include files, the header files, as well as the <firstterm>APache eXtenSion</firstterm> (<command>/usr/sbin/apxs</command>) application, which uses the include files and the header files to compile DSOs.
+ </para>
+ <para>
+ After writing a module, use <command>/usr/sbin/apxs</command> to compile the module sources outside the Apache source tree. For more information about using the <command>/usr/sbin/apxs</command> command, refer to the the Apache documentation online at <ulink url="http://httpd.apache.org/docs/2.2/dso.html" /> as well as the <command>apxs</command> man page.
+ </para>
+ <para>
+ Once compiled, put the module in the <filename>/usr/lib/httpd/modules/</filename> directory. For 64-bit &MAJOROS; hosts using the defaut 64-bit user-space, this path will be <filename>/usr/lib64/httpd/modules/</filename>. Then add a <command>LoadModule</command> line to the <filename>httpd.conf</filename>, using the following structure:
+ </para>
+ <screen><command>LoadModule <replaceable><module-name> <path/to/module.so></replaceable></command></screen>
+ <para>
+ Where <replaceable><module-name></replaceable> is the name of the module and <replaceable><path/to/module.so></replaceable> is the path to the DSO.
+ </para>
</section>
- <section
- id="s1-apache-virtualhosts">
+ <section id="s1-apache-virtualhosts">
<title>Virtual Hosts</title>
- <indexterm
- significance="normal">
+ <indexterm>
<primary>Apache HTTP Server</primary>
<secondary>running without security</secondary>
</indexterm>
- <indexterm
- significance="normal">
+ <indexterm>
<primary>security</primary>
<secondary>running Apache without</secondary>
</indexterm>
- <indexterm
- significance="normal">
+ <indexterm>
<primary>virtual hosts</primary>
<secondary>configuring</secondary>
</indexterm>
- <indexterm
- significance="normal">
+ <indexterm>
<primary>configuration</primary>
<secondary>virtual hosts</secondary>
</indexterm>
- <indexterm
- significance="normal">
- <primary>
- <command>DocumentRoot</command>
- </primary>
+ <indexterm>
+ <primary><command>DocumentRoot</command></primary>
<secondary>changing</secondary>
</indexterm>
- <indexterm
- significance="normal">
+ <indexterm>
<primary>virtual hosts</primary>
<secondary>name-based</secondary>
</indexterm>
- <para>The Apache HTTP Server's built in virtual hosting allows the server to provide different information based on which IP address, hostname, or port is being requested. A complete guide to using virtual hosts is available online at <ulink
- url="http://httpd.apache.org/docs/2.2/vhosts/">http://httpd.apache.org/docs/2.2/vhosts/</ulink>.</para>
- <section
- id="s2-apache-settingupvhosts">
+ <para>
+ The Apache HTTP Server's built in virtual hosting allows the server to provide different information based on which IP address, hostname, or port is being requested. A complete guide to using virtual hosts is available online at <ulink url="http://httpd.apache.org/docs/2.2/vhosts/" />.
+ </para>
+ <section id="s2-apache-settingupvhosts">
<title>Setting Up Virtual Hosts</title>
- <para>To create a name-based virtual host, it is best to use the virtual host container provided in <filename>httpd.conf</filename> as an example.</para>
- <para>The virtual host example read as follows:</para>
+ <para>
+ To create a name-based virtual host, it is best to use the virtual host container provided in <filename>httpd.conf</filename> as an example.
+ </para>
+ <para>
+ The virtual host example read as follows:
+ </para>
<screen>#<VirtualHost *:80>
# ServerAdmin webmaster at dummy-host.example.com
# DocumentRoot /www/docs/dummy-host.example.com
@@ -3699,506 +3215,533 @@ or:
# ServerName dummy-host.example.com
# ErrorLog logs/dummy-host.example.com-error_log
# CustomLog logs/dummy-host.example.com-access_log common #</VirtualHost></screen>
- <para>To activate name-based virtual hosting, uncomment the <command>NameVirtualHost</command> line by removing the hash mark (<command>#</command>) and replace the asterisk (<command>*</command>) with the IP address assigned to the machine.</para>
- <para>Next, configure a virtual host by uncommenting and customizing the <command><VirtualHost></command> container.</para>
- <para>On the <command><VirtualHost></command> line, change the asterisk (<command>*</command>) to the server's IP address. Change the <command>ServerName</command> to a <emphasis>valid</emphasis> DNS name assigned to the machine, and configure the other directives as necessary.</para>
- <para>The <command><VirtualHost></command> container is highly customizable and accepts almost every directive available within the main server configuration.</para>
- <indexterm
- significance="normal">
+ <para>
+ To activate name-based virtual hosting, uncomment the <command>NameVirtualHost</command> line by removing the hash mark (<command>#</command>) and replace the asterisk (<command>*</command>) with the IP address assigned to the machine.
+ </para>
+ <para>
+ Next, configure a virtual host by uncommenting and customizing the <command><VirtualHost></command> container.
+ </para>
+ <para>
+ On the <command><VirtualHost></command> line, change the asterisk (<command>*</command>) to the server's IP address. Change the <command>ServerName</command> to a <emphasis>valid</emphasis> DNS name assigned to the machine, and configure the other directives as necessary.
+ </para>
+ <para>
+ The <command><VirtualHost></command> container is highly customizable and accepts almost every directive available within the main server configuration.
+ </para>
+ <indexterm>
<primary>virtual hosts</primary>
- <secondary>
- <command>Listen</command> command</secondary>
+ <secondary><command>Listen</command> command</secondary>
</indexterm>
<note>
<title>Tip</title>
- <para>If configuring a virtual host to listen on a non-default port, that port must be added to the <command>Listen</command> directive in the global settings section of <filename>/etc/httpd/conf/httpd.conf</filename> file.</para>
+ <para>
+ If configuring a virtual host to listen on a non-default port, that port must be added to the <command>Listen</command> directive in the global settings section of <filename>/etc/httpd/conf/httpd.conf</filename> file.
+ </para>
</note>
- <para>To activate a newly created virtual host, the Apache HTTP Server must be reloaded or restarted. Refer to <xref
- linkend="s1-apache-startstop"/> for further instructions.</para>
- <para>Comprehensive information about creating and configuring both name-based and IP address-based virtual hosts is provided online at <ulink
- url="http://httpd.apache.org/docs/2.2/vhosts/">http://httpd.apache.org/docs/2.2/vhosts/</ulink>.</para>
+ <para>
+ To activate a newly created virtual host, the Apache HTTP Server must be reloaded or restarted. Refer to <xref linkend="s1-apache-startstop" /> for further instructions.
+ </para>
+ <para>
+ Comprehensive information about creating and configuring both name-based and IP address-based virtual hosts is provided online at <ulink url="http://httpd.apache.org/docs/2.2/vhosts/">http://httpd.apache.org/docs/2.2/vhosts/</ulink>.
+ </para>
</section>
</section>
- <section
- id="s1-httpd-secure-server">
+ <section id="s1-httpd-secure-server">
<title>Apache HTTP Secure Server Configuration</title>
- <indexterm
- significance="normal">
+ <indexterm>
<primary>secure server</primary>
<secondary>installing</secondary>
</indexterm>
- <para>This section provides basic information on the Apache HTTP Server with the <filename>mod_ssl</filename> security module enabled to use the OpenSSL library and toolkit. The combination of these three components are referred to in this section as the secure Web server or just as the secure server.</para>
- <para>The <filename>mod_ssl</filename> module is a security module for the Apache HTTP Server. The <filename>mod_ssl</filename> module uses the tools provided by the OpenSSL Project to add a very important feature to the Apache HTTP Server — the ability to encrypt communications. In contrast, regular HTTP communications between a browser and a Web server are sent in plain text, which could be intercepted and read by someone along the route between the browser and the server.</para>
- <para>This section is not meant to be complete and exclusive documentation for any of these programs. When possible, this guide points to appropriate places where you can find more in-depth documentation on particular subjects.</para>
- <para>This section shows you how to install these programs. You can also learn the steps necessary to generate a private key and a certificate request, how to generate your own self-signed certificate, and how to install a certificate to use with your secure server.</para>
- <para>The <filename>mod_ssl</filename> configuration file is located at <filename>/etc/httpd/conf.d/ssl.conf</filename>. For this file to be loaded, and hence for <filename>mod_ssl</filename> to work, you must have the statement <computeroutput>Include conf.d/*.conf</computeroutput> in the <filename>/etc/httpd/conf/httpd.conf</filename> file. This statement is included by default in the default Apache HTTP Server configuration file.</para>
- <section
- id="s2-secureserver-optionalpackages">
+ <para>
+ This section provides basic information on the Apache HTTP Server with the <filename>mod_ssl</filename> security module enabled to use the OpenSSL library and toolkit. The combination of these three components are referred to in this section as the secure Web server or just as the secure server.
+ </para>
+ <para>
+ The <filename>mod_ssl</filename> module is a security module for the Apache HTTP Server. The <filename>mod_ssl</filename> module uses the tools provided by the OpenSSL Project to add a very important feature to the Apache HTTP Server — the ability to encrypt communications. In contrast, regular HTTP communications between a browser and a Web server are sent in plain text, which could be intercepted and read by someone along the route between the browser and the server.
+ </para>
+ <para>
+ This section is not meant to be complete and exclusive documentation for any of these programs. When possible, this guide points to appropriate places where you can find more in-depth documentation on particular subjects.
+ </para>
+ <para>
+ This section shows you how to install these programs. You can also learn the steps necessary to generate a private key and a certificate request, how to generate your own self-signed certificate, and how to install a certificate to use with your secure server.
+ </para>
+ <para>
+ The <filename>mod_ssl</filename> configuration file is located at <filename>/etc/httpd/conf.d/ssl.conf</filename>. For this file to be loaded, and hence for <filename>mod_ssl</filename> to work, you must have the statement <computeroutput>Include conf.d/*.conf</computeroutput> in the <filename>/etc/httpd/conf/httpd.conf</filename> file. This statement is included by default in the default Apache HTTP Server configuration file.
+ </para>
+ <section id="s2-secureserver-optionalpackages">
<title>An Overview of Security-Related Packages</title>
- <indexterm
- significance="normal">
+ <indexterm>
<primary>secure server</primary>
<secondary>packages</secondary>
</indexterm>
- <para>To enable the secure server, you must have the following packages installed at a minimum:</para>
+ <para>
+ To enable the secure server, you must have the following packages installed at a minimum:
+ </para>
<variablelist>
<varlistentry>
- <term>
- <filename>httpd</filename>
- </term>
+ <term><filename>httpd</filename></term>
<listitem>
- <para>The <filename>httpd</filename> package contains the <command>httpd</command> daemon and related utilities, configuration files, icons, Apache HTTP Server modules, man pages, and other files used by the Apache HTTP Server.</para>
+ <para>
+ The <filename>httpd</filename> package contains the <command>httpd</command> daemon and related utilities, configuration files, icons, Apache HTTP Server modules, man pages, and other files used by the Apache HTTP Server.
+ </para>
</listitem>
</varlistentry>
<varlistentry>
- <term>
- <filename>mod_ssl</filename>
- </term>
+ <term><filename>mod_ssl</filename></term>
<listitem>
- <para>The <filename>mod_ssl</filename> package includes the <filename>mod_ssl</filename> module, which provides strong cryptography for the Apache HTTP Server via the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols.</para>
+ <para>
+ The <filename>mod_ssl</filename> package includes the <filename>mod_ssl</filename> module, which provides strong cryptography for the Apache HTTP Server via the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols.
+ </para>
</listitem>
</varlistentry>
<varlistentry>
- <term>
- <filename>openssl</filename>
- </term>
+ <term><filename>openssl</filename></term>
<listitem>
- <para>The <filename>openssl</filename> package contains the OpenSSL toolkit. The OpenSSL toolkit implements the SSL and TLS protocols, and also includes a general purpose cryptography library.</para>
+ <para>
+ The <filename>openssl</filename> package contains the OpenSSL toolkit. The OpenSSL toolkit implements the SSL and TLS protocols, and also includes a general purpose cryptography library.
+ </para>
</listitem>
</varlistentry>
- <!-- RHEL5: BZ#234802
- <varlistentry>
- <term><filename>crypto-utils</filename>
- <indexterm significance="normal">
- <primary>crypto-utils</primary>
- </indexterm>
- </term>
- <listitem>
- <para>The <filename>crypto-utils</filename> package provides a set of utilities to generate and manage SSL certificates and private keys. Among these utilities is <command>genkey</command>.</para>
- </listitem>
- </varlistentry>
- -->
</variablelist>
- <para>Additionally, other software packages provide certain security functionalities (but are not required by the secure server to function):</para>
+ <para>
+ Additionally, other software packages provide certain security functionalities (but are not required by the secure server to function):
+ </para>
</section>
- <section
- id="s2-secureserver-overview-certs">
+ <section id="s2-secureserver-overview-certs">
<title>An Overview of Certificates and Security</title>
- <indexterm
- significance="normal">
+ <indexterm>
<primary>Apache HTTP Server</primary>
<secondary>securing</secondary>
</indexterm>
- <indexterm
- significance="normal">
+ <indexterm>
<primary>secure server</primary>
<secondary>providing a certificate for</secondary>
</indexterm>
- <indexterm
- significance="normal">
+ <indexterm>
<primary>secure server</primary>
<secondary>explanation of security</secondary>
</indexterm>
- <indexterm
- significance="normal">
+ <indexterm>
<primary>secure server</primary>
<secondary>security</secondary>
<tertiary>explanation of</tertiary>
</indexterm>
- <para>Your secure server provides security using a combination of the Secure Sockets Layer (SSL) protocol and (in most cases) a digital certificate from a Certificate Authority (CA). SSL handles the encrypted communications as well as the mutual authentication between browsers and your secure server. The CA-approved digital certificate provides authentication for your secure server (the CA puts its reputation behind its certification of your organization's identity). When your browser is communicating using SSL encryption, the <computeroutput>https://</computeroutput> prefix is used at the beginning of the Uniform Resource Locator (URL) in the navigation bar.</para>
- <para>Encryption depends upon the use of keys (think of them as secret encoder/decoder rings in data format). In conventional or symmetric cryptography, both ends of the transaction have the same key, which they use to decode each other's transmissions. In public or asymmetric cryptography, two keys co-exist: a public key and a private key. A person or an organization keeps their private key a secret and publishes their public key. Data encoded with the public key can only be decoded with the private key; data encoded with the private key can only be decoded with the public key.</para>
- <para>To set up your secure server, use public cryptography to create a public and private key pair. In most cases, you send your certificate request (including your public key), proof of your company's identity, and payment to a CA. The CA verifies the certificate request and your identity, and then sends back a certificate for your secure server.</para>
- <para>A secure server uses a certificate to identify itself to Web browsers. You can generate your own certificate (called a "self-signed" certificate), or you can get a certificate from a CA. A certificate from a reputable CA guarantees that a website is associated with a particular company or organization.</para>
- <para>Alternatively, you can create your own self-signed certificate. Note, however, that self-signed certificates should not be used in most production environments. Self-signed certificates are not automatically accepted by a user's browser — users are prompted by the browser to accept the certificate and create the secure connection. Refer to <xref
- linkend="s2-secureserver-certs"/> for more information on the differences between self-signed and CA-signed certificates.</para>
- <para>Once you have a self-signed certificate or a signed certificate from the CA of your choice, you must install it on your secure server.</para>
+ <para>
+ Your secure server provides security using a combination of the Secure Sockets Layer (SSL) protocol and (in most cases) a digital certificate from a Certificate Authority (CA). SSL handles the encrypted communications as well as the mutual authentication between browsers and your secure server. The CA-approved digital certificate provides authentication for your secure server (the CA puts its reputation behind its certification of your organization's identity). When your browser is communicating using SSL encryption, the <computeroutput>https://</computeroutput> prefix is used at the beginning of the Uniform Resource Locator (URL) in the navigation bar.
+ </para>
+ <para>
+ Encryption depends upon the use of keys (think of them as secret encoder/decoder rings in data format). In conventional or symmetric cryptography, both ends of the transaction have the same key, which they use to decode each other's transmissions. In public or asymmetric cryptography, two keys co-exist: a public key and a private key. A person or an organization keeps their private key a secret and publishes their public key. Data encoded with the public key can only be decoded with the private key; data encoded with the private key can only be decoded with the public key.
+ </para>
+ <para>
+ To set up your secure server, use public cryptography to create a public and private key pair. In most cases, you send your certificate request (including your public key), proof of your company's identity, and payment to a CA. The CA verifies the certificate request and your identity, and then sends back a certificate for your secure server.
+ </para>
+ <para>
+ A secure server uses a certificate to identify itself to Web browsers. You can generate your own certificate (called a "self-signed" certificate), or you can get a certificate from a CA. A certificate from a reputable CA guarantees that a website is associated with a particular company or organization.
+ </para>
+ <para>
+ Alternatively, you can create your own self-signed certificate. Note, however, that self-signed certificates should not be used in most production environments. Self-signed certificates are not automatically accepted by a user's browser — users are prompted by the browser to accept the certificate and create the secure connection. Refer to <xref linkend="s2-secureserver-certs" /> for more information on the differences between self-signed and CA-signed certificates.
+ </para>
+ <para>
+ Once you have a self-signed certificate or a signed certificate from the CA of your choice, you must install it on your secure server.
+ </para>
</section>
- <section
- id="s1-secureserver-oldcert">
+ <section id="s1-secureserver-oldcert">
<title>Using Pre-Existing Keys and Certificates</title>
- <indexterm
- significance="normal">
+ <indexterm>
<primary>secure server</primary>
<secondary>certificate</secondary>
<tertiary>pre-existing</tertiary>
</indexterm>
- <para>If you already have an existing key and certificate (for example, if you are installing the secure server to replace another company's secure server product), you can probably use your existing key and certificate with the secure server. The following two situations provide instances where you are not able to use your existing key and certificate:</para>
+ <para>
+ If you already have an existing key and certificate (for example, if you are installing the secure server to replace another company's secure server product), you can probably use your existing key and certificate with the secure server. The following two situations provide instances where you are not able to use your existing key and certificate:
+ </para>
<itemizedlist>
<listitem>
<para>
- <emphasis>If you are changing your IP address or domain name</emphasis> — Certificates are issued for a particular IP address and domain name pair. You must get a new certificate if you are changing your IP address or domain name.</para>
+ <emphasis>If you are changing your IP address or domain name</emphasis> — Certificates are issued for a particular IP address and domain name pair. You must get a new certificate if you are changing your IP address or domain name.
+ </para>
</listitem>
<listitem>
<para>
- <indexterm
- significance="normal">
+ <indexterm>
<primary>VeriSign</primary>
<secondary>using existing certificate</secondary>
</indexterm>
- <emphasis>If you have a certificate from VeriSign and you are changing your server software</emphasis> — VeriSign is a widely used CA. If you already have a VeriSign certificate for another purpose, you may have been considering using your existing VeriSign certificate with your new secure server. However, you are not be allowed to because VeriSign issues certificates for one specific server software and IP address/domain name combination.</para>
- <para>If you change either of those parameters (for example, if you previously used a different secure server product), the VeriSign certificate you obtained to use with the previous configuration will not work with the new configuration. You must obtain a new certificate.</para>
+ <emphasis>If you have a certificate from VeriSign and you are changing your server software</emphasis> — VeriSign is a widely used CA. If you already have a VeriSign certificate for another purpose, you may have been considering using your existing VeriSign certificate with your new secure server. However, you are not be allowed to because VeriSign issues certificates for one specific server software and IP address/domain name combination.
+ </para>
+ <para>
+ If you change either of those parameters (for example, if you previously used a different secure server product), the VeriSign certificate you obtained to use with the previous configuration will not work with the new configuration. You must obtain a new certificate.
+ </para>
</listitem>
</itemizedlist>
- <para>If you have an existing key and certificate that you can use, you do not have to generate a new key and obtain a new certificate. However, you may need to move and rename the files which contain your key and certificate.</para>
- <para>Move your existing key file to:</para>
- <screen>
-<filename>/etc/pki/tls/private/server.key</filename>
- </screen>
- <para>Move your existing certificate file to:</para>
- <screen>
-<filename>/etc/pki/tls/certs/server.crt</filename>
- </screen>
<para>
- <indexterm
- significance="normal">
+ If you have an existing key and certificate that you can use, you do not have to generate a new key and obtain a new certificate. However, you may need to move and rename the files which contain your key and certificate.
+ </para>
+ <para>
+ Move your existing key file to:
+ </para>
+ <screen><filename>/etc/pki/tls/private/server.key</filename></screen>
+ <para>
+ Move your existing certificate file to:
+ </para>
+ <screen><filename>/etc/pki/tls/certs/server.crt</filename></screen>
+ <para>
+ <indexterm>
<primary>secure server</primary>
<secondary>upgrading from</secondary>
</indexterm>
- <indexterm
- significance="normal">
+ <indexterm>
<primary>secure server</primary>
<secondary>certificate</secondary>
<tertiary> moving it after an upgrade</tertiary>
</indexterm>
- If you are upgrading from the Red Hat Secure Web Server, your old key (<filename>httpsd.key</filename>) and certificate (<filename>httpsd.crt</filename>) are located in <filename>/etc/httpd/conf/</filename>. Move and rename your key and certificate so that the secure server can use them. Use the following two commands to move and rename your key and certificate files:</para>
- <screen>
-<command>mv /etc/httpd/conf/httpsd.key /etc/pki/tls/private/server.key mv /etc/httpd/conf/httpsd.crt /etc/pki/tls/certs/server.crt</command>
- </screen>
- <para>Then, start your secure server with the command:</para>
- <screen>
-<command>/sbin/service httpd start</command>
- </screen>
+ If you are upgrading from the Red Hat Secure Web Server, your old key (<filename>httpsd.key</filename>) and certificate (<filename>httpsd.crt</filename>) are located in <filename>/etc/httpd/conf/</filename>. Move and rename your key and certificate so that the secure server can use them. Use the following two commands to move and rename your key and certificate files:
+ </para>
+ <screen><command>mv /etc/httpd/conf/httpsd.key /etc/pki/tls/private/server.key mv /etc/httpd/conf/httpsd.crt /etc/pki/tls/certs/server.crt</command></screen>
+ <para>
+ Then, start your secure server with the command:
+ </para>
+ <screen><command>/sbin/service httpd start</command></screen>
</section>
- <section
- id="s2-secureserver-certs">
+ <section id="s2-secureserver-certs">
<title>Types of Certificates</title>
- <indexterm
- significance="normal">
+ <indexterm>
<primary>secure server</primary>
<secondary>certificate</secondary>
<tertiary>test vs. signed vs. self-signed</tertiary>
</indexterm>
- <para>If you installed your secure server from the RPM package provided by Red Hat, a randomly generated private key and a test certificate are generated and put into the appropriate directories. Before you begin using your secure server, however, you must generate your own key and obtain a certificate which correctly identifies your server.</para>
- <para>You need a key and a certificate to operate your secure server — which means that you can either generate a self-signed certificate or purchase a CA-signed certificate from a CA. What are the differences between the two?</para>
- <para>A CA-signed certificate provides two important capabilities for your server:</para>
+ <para>
+ If you installed your secure server from the RPM package provided by Red Hat, a randomly generated private key and a test certificate are generated and put into the appropriate directories. Before you begin using your secure server, however, you must generate your own key and obtain a certificate which correctly identifies your server.
+ </para>
+ <para>
+ You need a key and a certificate to operate your secure server — which means that you can either generate a self-signed certificate or purchase a CA-signed certificate from a CA. What are the differences between the two?
+ </para>
+ <para>
+ A CA-signed certificate provides two important capabilities for your server:
+ </para>
<itemizedlist>
<listitem>
- <para>Browsers (usually) automatically recognize the certificate and allow a secure connection to be made, without prompting the user.</para>
+ <para>
+ Browsers (usually) automatically recognize the certificate and allow a secure connection to be made, without prompting the user.
+ </para>
</listitem>
<listitem>
- <para>When a CA issues a signed certificate, they are guaranteeing the identity of the organization that is providing the webpages to the browser.</para>
+ <para>
+ When a CA issues a signed certificate, they are guaranteeing the identity of the organization that is providing the webpages to the browser.
+ </para>
</listitem>
</itemizedlist>
- <para>If your secure server is being accessed by the public at large, your secure server needs a certificate signed by a CA so that people who visit your website know that the website is owned by the organization who claims to own it. Before signing a certificate, a CA verifies that the organization requesting the certificate was actually who they claimed to be.</para>
- <para>Most Web browsers that support SSL have a list of CAs whose certificates they automatically accept. If a browser encounters a certificate whose authorizing CA is not in the list, the browser asks the user to either accept or decline the connection.</para>
- <para>You can generate a self-signed certificate for your secure server, but be aware that a self-signed certificate does not provide the same functionality as a CA-signed certificate. A self-signed certificate is not automatically recognized by most Web browsers and does not provide any guarantee concerning the identity of the organization that is providing the website. A CA-signed certificate provides both of these important capabilities for a secure server. If your secure server is to be used in a production environment, a CA-signed certificate is recommended.</para>
- <para>The process of getting a certificate from a CA is fairly easy. A quick overview is as follows:</para>
- <orderedlist
- continuation="restarts"
- inheritnum="ignore">
+ <para>
+ If your secure server is being accessed by the public at large, your secure server needs a certificate signed by a CA so that people who visit your website know that the website is owned by the organization who claims to own it. Before signing a certificate, a CA verifies that the organization requesting the certificate was actually who they claimed to be.
+ </para>
+ <para>
+ Most Web browsers that support SSL have a list of CAs whose certificates they automatically accept. If a browser encounters a certificate whose authorizing CA is not in the list, the browser asks the user to either accept or decline the connection.
+ </para>
+ <para>
+ You can generate a self-signed certificate for your secure server, but be aware that a self-signed certificate does not provide the same functionality as a CA-signed certificate. A self-signed certificate is not automatically recognized by most Web browsers and does not provide any guarantee concerning the identity of the organization that is providing the website. A CA-signed certificate provides both of these important capabilities for a secure server. If your secure server is to be used in a production environment, a CA-signed certificate is recommended.
+ </para>
+ <para>
+ The process of getting a certificate from a CA is fairly easy. A quick overview is as follows:
+ </para>
+ <orderedlist continuation="restarts" inheritnum="ignore">
<listitem>
- <para>Create an encryption private and public key pair.</para>
+ <para>
+ Create an encryption private and public key pair.
+ </para>
</listitem>
<listitem>
- <para>Create a certificate request based on the public key. The certificate request contains information about your server and the company hosting it.</para>
+ <para>
+ Create a certificate request based on the public key. The certificate request contains information about your server and the company hosting it.
+ </para>
</listitem>
<listitem>
<para>
- <indexterm
- significance="normal">
+ <indexterm>
<primary>secure server</primary>
<secondary>certificate</secondary>
<tertiary>authorities</tertiary>
</indexterm>
- <indexterm
- significance="normal">
+ <indexterm>
<primary>CA</primary>
<see>secure server</see>
</indexterm>
- <indexterm
- significance="normal">
+ <indexterm>
<primary>secure server</primary>
<secondary>certificate</secondary>
<tertiary>choosing a CA</tertiary>
</indexterm>
- Send the certificate request, along with documents proving your identity, to a CA. Red Hat does not make recommendations on which certificate authority to choose. Your decision may be based on your past experiences, on the experiences of your friends or colleagues, or purely on monetary factors.</para>
- <para>Once you have decided upon a CA, you need to follow the instructions they provide on how to obtain a certificate from them.</para>
+ Send the certificate request, along with documents proving your identity, to a CA. Red Hat does not make recommendations on which certificate authority to choose. Your decision may be based on your past experiences, on the experiences of your friends or colleagues, or purely on monetary factors.
+ </para>
+ <para>
+ Once you have decided upon a CA, you need to follow the instructions they provide on how to obtain a certificate from them.
+ </para>
</listitem>
<listitem>
- <para>When the CA is satisfied that you are indeed who you claim to be, they provide you with a digital certificate.</para>
+ <para>
+ When the CA is satisfied that you are indeed who you claim to be, they provide you with a digital certificate.
+ </para>
</listitem>
<listitem>
- <para>Install this certificate on your secure server and begin handling secure transactions.</para>
+ <para>
+ Install this certificate on your secure server and begin handling secure transactions.
+ </para>
</listitem>
</orderedlist>
- <para>Whether you are getting a certificate from a CA or generating your own self-signed certificate, the first step is to generate a key. Refer to <xref
- linkend="s2-secureserver-generatingkey"/> for instructions.</para>
+ <para>
+ Whether you are getting a certificate from a CA or generating your own self-signed certificate, the first step is to generate a key. Refer to <xref linkend="s2-secureserver-generatingkey" /> for instructions.
+ </para>
</section>
- <section
- id="s2-secureserver-generatingkey">
+ <section id="s2-secureserver-generatingkey">
<title>Generating a Key</title>
- <indexterm
- significance="normal">
+ <indexterm>
<primary>secure server</primary>
<secondary>key</secondary>
<tertiary>generating</tertiary>
</indexterm>
- <para>You must be root to generate a key.</para>
- <para>First, use the <command>cd</command> command to change to the <filename>/etc/httpd/conf/</filename> directory. Remove the fake key and certificate that were generated during the installation with the following commands:</para>
- <screen>
-<command>rm ssl.key/server.key</command>
- <command>rm ssl.crt/server.crt</command>
- </screen>
- <para>The <filename>crypto-utils</filename> package contains the <command>genkey</command> utility which you can use to generate keys as the name implies. To create your own private key, please ensure the <filename>crypto-utils</filename> package is installed. You can view more options by typing <command>man genkey</command> in your terminal. Assuming you wish to generate keys for www.example.com using the <command>genkey</command> utility, type in the following command in your terminal:</para>
- <screen>
-<command>genkey www.example.com</command>
- </screen>
- <para>Please note that the <command>make</command> based process is no longer shipped with RHEL 5. This will start the <command>genkey</command> graphical user interface. The figure below illustrates the first screen. To navigate, use the keyboard arrow and tab keys. This windows indicates where your key will be stored and prompts you to proceed or cancel the operation. To proceed to the next step, select <guilabel>Next</guilabel> and press the Return (Enter) key.</para>
- <figure
- float="0"
- id="keypair-gen">
+ <para>
+ You must be root to generate a key.
+ </para>
+ <para>
+ First, use the <command>cd</command> command to change to the <filename>/etc/httpd/conf/</filename> directory. Remove the fake key and certificate that were generated during the installation with the following commands:
+ </para>
+ <screen><command>rm ssl.key/server.key</command>
+<command>rm ssl.crt/server.crt</command></screen>
+ <para>
+ The <filename>crypto-utils</filename> package contains the <command>genkey</command> utility which you can use to generate keys as the name implies. To create your own private key, please ensure the <filename>crypto-utils</filename> package is installed. You can view more options by typing <command>man genkey</command> in your terminal. Assuming you wish to generate keys for www.example.com using the <command>genkey</command> utility, type in the following command in your terminal:
+ </para>
+ <screen><command>genkey www.example.com</command></screen>
+ <para>
+ Please note that the <command>make</command> based process is no longer shipped with RHEL 5. This will start the <command>genkey</command> graphical user interface. The figure below illustrates the first screen. To navigate, use the keyboard arrow and tab keys. This windows indicates where your key will be stored and prompts you to proceed or cancel the operation. To proceed to the next step, select <guilabel>Next</guilabel> and press the Return (Enter) key.
+ </para>
+ <figure float="0" id="keypair-gen">
<title>Keypair generation</title>
<mediaobject>
<imageobject>
- <imagedata
- fileref="images/genkey1.png"
- format="PNG"
- scalefit="1"/>
+ <imagedata fileref="images/genkey1.png" format="PNG" scalefit="1" />
</imageobject>
<textobject>
- <para>Keypair generation</para>
+ <para>
+ Keypair generation
+ </para>
</textobject>
</mediaobject>
</figure>
- <para>The next screen prompts you to choose the size of your key. As indicated, the smaller the size of your key, the faster will the response from your server be and the lesser your level of security. On selecting your preferred, key size using the arrow keys, select <guilabel>Next</guilabel> to proceed to the next step. The figure below illustrates the key size selection screen.</para>
- <figure
- float="0"
- id="keysize-choose">
+ <para>
+ The next screen prompts you to choose the size of your key. As indicated, the smaller the size of your key, the faster will the response from your server be and the lesser your level of security. On selecting your preferred, key size using the arrow keys, select <guilabel>Next</guilabel> to proceed to the next step. The figure below illustrates the key size selection screen.
+ </para>
+ <figure float="0" id="keysize-choose">
<title>Choose key size</title>
<mediaobject>
<imageobject>
- <imagedata
- fileref="images/genkey2.png"
- format="PNG"
- scalefit="1"/>
+ <imagedata fileref="images/genkey2.png" format="PNG" scalefit="1" />
</imageobject>
<textobject>
- <para>Choose key size</para>
+ <para>
+ Choose key size
+ </para>
</textobject>
</mediaobject>
</figure>
- <para>Selecting the next step will initiate the random bits generation process which may take some time depending on the size of your selected key. The larger the size of your key, the longer it will take to generate it.</para>
- <figure
- float="0"
- id="random-bits">
+ <para>
+ Selecting the next step will initiate the random bits generation process which may take some time depending on the size of your selected key. The larger the size of your key, the longer it will take to generate it.
+ </para>
+ <figure float="0" id="random-bits">
<title>Generating random bits</title>
<mediaobject>
<imageobject>
- <imagedata
- fileref="images/genkey3.png"
- format="PNG"
- scalefit="1"/>
+ <imagedata fileref="images/genkey3.png" format="PNG" scalefit="1" />
</imageobject>
<textobject>
- <para>Generating random bits</para>
+ <para>
+ Generating random bits
+ </para>
</textobject>
</mediaobject>
</figure>
- <para>On generating your key, you will be prompted to send a Certificate Request (CSR) to a Certificate Authority (CA).</para>
- <figure
- float="0"
- id="generate-csr">
+ <para>
+ On generating your key, you will be prompted to send a Certificate Request (CSR) to a Certificate Authority (CA).
+ </para>
+ <figure float="0" id="generate-csr">
<title>Generate CSR</title>
<mediaobject>
<imageobject>
- <imagedata
- fileref="images/genkey4.png"
- format="PNG"
- scalefit="1"/>
+ <imagedata fileref="images/genkey4.png" format="PNG" scalefit="1" />
</imageobject>
<textobject>
- <para>Generate CSR</para>
+ <para>
+ Generate CSR
+ </para>
</textobject>
</mediaobject>
</figure>
- <para>Selecting <guilabel>Yes</guilabel> will prompt you to select the Certificate Authority you wish to send your request to. Selecting <guilabel>No</guilabel> will allow you to generate a self-signed certificate. The next step for this is illustrated in <xref
- linkend="private-signed-cert"/>.</para>
- <figure
- float="0"
- id="choose-cert-auth">
+ <para>
+ Selecting <guilabel>Yes</guilabel> will prompt you to select the Certificate Authority you wish to send your request to. Selecting <guilabel>No</guilabel> will allow you to generate a self-signed certificate. The next step for this is illustrated in <xref linkend="private-signed-cert" />.
+ </para>
+ <figure float="0" id="choose-cert-auth">
<title>Choose Certificate Authority (CA)</title>
<mediaobject>
<imageobject>
- <imagedata
- fileref="images/genkey5.png"
- format="PNG"
- scalefit="1"/>
+ <imagedata fileref="images/genkey5.png" format="PNG" scalefit="1" />
</imageobject>
<textobject>
- <para>Choose Certificate Authority (CA)</para>
+ <para>
+ Choose Certificate Authority (CA)
+ </para>
</textobject>
</mediaobject>
</figure>
- <para>On Selecting your preferred option, select <guilabel>Next</guilabel> to proceed to the next step. The next screen allows you to enter the details of your certificate.</para>
- <figure
- float="0"
- id="enter-cert-details">
+ <para>
+ On Selecting your preferred option, select <guilabel>Next</guilabel> to proceed to the next step. The next screen allows you to enter the details of your certificate.
+ </para>
+ <figure float="0" id="enter-cert-details">
<title>Enter details for your certificate</title>
<mediaobject>
<imageobject>
- <imagedata
- fileref="images/genkey6.png"
- format="PNG"
- scalefit="1"/>
+ <imagedata fileref="images/genkey6.png" format="PNG" scalefit="1" />
</imageobject>
<textobject>
- <para>Enter details for your certificate</para>
+ <para>
+ Enter details for your certificate
+ </para>
</textobject>
</mediaobject>
</figure>
- <para>If you prefer to generate a self signed cert key pair, you should not generate a CSR. To do this, select <guilabel>No</guilabel> as your preferred option in the Generate CSR screen. This will display the figure below from which you can enter your certificate details. Entering your certificate details and pressing the return key will display the <xref
- linkend="protect-private-key"/> from which you can choose to encrypt your private key or not.</para>
- <figure
- float="0"
- id="private-signed-cert">
+ <para>
+ If you prefer to generate a self signed cert key pair, you should not generate a CSR. To do this, select <guilabel>No</guilabel> as your preferred option in the Generate CSR screen. This will display the figure below from which you can enter your certificate details. Entering your certificate details and pressing the return key will display the <xref linkend="protect-private-key" /> from which you can choose to encrypt your private key or not.
+ </para>
+ <figure float="0" id="private-signed-cert">
<title>Generating a self signed certificate for your server</title>
<mediaobject>
<imageobject>
- <imagedata
- fileref="images/genkey8.png"
- format="PNG"
- scalefit="1"/>
+ <imagedata fileref="images/genkey8.png" format="PNG" scalefit="1" />
</imageobject>
<textobject>
- <para>Generating a self signed certificate for your server</para>
+ <para>
+ Generating a self signed certificate for your server
+ </para>
</textobject>
</mediaobject>
</figure>
- <para>On entering the details of your certificate, select <guilabel>Next</guilabel> to proceed. The figure below illustrates an example of a the next screen displayed after completing the details for a certificate to be sent to Equifax. Please note that if you are generating a self signed key, for your server, this screen is not displayed.</para>
- <figure
- float="0"
- id="begin-cert-request">
+ <para>
+ On entering the details of your certificate, select <guilabel>Next</guilabel> to proceed. The figure below illustrates an example of a the next screen displayed after completing the details for a certificate to be sent to Equifax. Please note that if you are generating a self signed key, for your server, this screen is not displayed.
+ </para>
+ <figure float="0" id="begin-cert-request">
<title>Begin certificate request</title>
<mediaobject>
<imageobject>
- <imagedata
- fileref="images/genkey7.png"
- format="PNG"
- scalefit="1"/>
+ <imagedata fileref="images/genkey7.png" format="PNG" scalefit="1" />
</imageobject>
<textobject>
- <para>Begin certificate request</para>
+ <para>
+ Begin certificate request
+ </para>
</textobject>
</mediaobject>
</figure>
- <para>Pressing the return key, will display the next screen from which you can enable or disable the encryption of the private key. Use the spacebar to enable or disable this. When enabled, a [*] character will be displayed. On selecting your preferred option, select <guilabel>Next</guilabel> to proceed to the next step.</para>
- <figure
- float="0"
- id="protect-private-key">
+ <para>
+ Pressing the return key, will display the next screen from which you can enable or disable the encryption of the private key. Use the spacebar to enable or disable this. When enabled, a [*] character will be displayed. On selecting your preferred option, select <guilabel>Next</guilabel> to proceed to the next step.
+ </para>
+ <figure float="0" id="protect-private-key">
<title>Protecting your private key</title>
<mediaobject>
<imageobject>
- <imagedata
- fileref="images/genkey9.png"
- format="PNG"
- scalefit="1"/>
+ <imagedata fileref="images/genkey9.png" format="PNG" scalefit="1" />
</imageobject>
<textobject>
- <para>Protecting your private key</para>
+ <para>
+ Protecting your private key
+ </para>
</textobject>
</mediaobject>
</figure>
- <para>The next screen allows you to set your key passphase. Please do not lose this pass phase as you will not be able to run the server without it. You will need to regenerate a new private or public key pair and request a new certificate from your CA as indicated. For security, the passphase is not displayed as you type. On typing your preferred passphase, select <guilabel>Next</guilabel> to go back to your terminal.</para>
- <figure
- float="0"
- id="set-passphase">
+ <para>
+ The next screen allows you to set your key passphase. Please do not lose this pass phase as you will not be able to run the server without it. You will need to regenerate a new private or public key pair and request a new certificate from your CA as indicated. For security, the passphase is not displayed as you type. On typing your preferred passphase, select <guilabel>Next</guilabel> to go back to your terminal.
+ </para>
+ <figure float="0" id="set-passphase">
<title>Set passphase</title>
<mediaobject>
<imageobject>
- <imagedata
- fileref="images/genkey10.png"
- format="PNG"
- scalefit="1"/>
+ <imagedata fileref="images/genkey10.png" format="PNG" scalefit="1" />
</imageobject>
<textobject>
- <para>Set passphase</para>
+ <para>
+ Set passphase
+ </para>
</textobject>
</mediaobject>
</figure>
- <para>If you attempt to run <command>genkey makeca</command> on a server that has an existing key pair, an error message will be displayed as illustrated below. You need to delete your existing key file as indicated to generate a new key pair.</para>
- <figure
- float="0"
- id="genkey-error">
+ <para>
+ If you attempt to run <command>genkey makeca</command> on a server that has an existing key pair, an error message will be displayed as illustrated below. You need to delete your existing key file as indicated to generate a new key pair.
+ </para>
+ <figure float="0" id="genkey-error">
<title>genkey error</title>
<mediaobject>
<imageobject>
- <imagedata
- fileref="images/genkey11.png"
- format="PNG"
- scalefit="1"/>
+ <imagedata fileref="images/genkey11.png" format="PNG" scalefit="1" />
</imageobject>
<textobject>
- <para>genkey error</para>
+ <para>
+ genkey error
+ </para>
</textobject>
</mediaobject>
</figure>
<itemizedlist>
<listitem>
<para>
- <ulink
- url="http://httpd.apache.org/docs/2.2/ssl/">http://httpd.apache.org/docs/2.2/ssl/</ulink>
+ <ulink url="http://httpd.apache.org/docs/2.2/ssl/" />
</para>
</listitem>
<listitem>
<para>
- <ulink
- url="http://httpd.apache.org/docs/2.2/vhosts/">http://httpd.apache.org/docs/2.2/vhosts/</ulink>
+ <ulink url="http://httpd.apache.org/docs/2.2/vhosts/" />
</para>
</listitem>
</itemizedlist>
</section>
- <section
- id="s1-use-new-key">
+ <section id="s1-use-new-key">
<title>How to configure the server to use the new key</title>
- <indexterm
- significance="normal">
+ <indexterm>
<primary>Apache HTTP Server Keys</primary>
<secondary>use new keys</secondary>
</indexterm>
- <para>The steps to configure the Apache HTTP Server to use the new key are:</para>
+ <para>
+ The steps to configure the Apache HTTP Server to use the new key are:
+ </para>
<itemizedlist>
<listitem>
- <para>Obtain the signed certificate from the CA after submitting the CSR.</para>
+ <para>
+ Obtain the signed certificate from the CA after submitting the CSR.
+ </para>
</listitem>
<listitem>
- <para>Copy the certificate to the path, for example <filename>/etc/pki/tls/certs/www.example.com.crt</filename>
+ <para>
+ Copy the certificate to the path, for example <filename>/etc/pki/tls/certs/www.example.com.crt</filename>
</para>
</listitem>
<listitem>
- <para>Edit <filename>/etc/httpd/conf.d/ssl.conf</filename>. Change the SSLCertificateFile and SSLCertificateKey lines to be.</para>
-<screen>
-SSLCertificateFile /etc/pki/tls/certs/www.example.com.crt
-SSLCertificateKeyFile /etc/pki/tls/private/www.example.com.key
-</screen>
- <para>where the "www.example.com" part should match the argument passed on the <command>genkey</command> command.</para>
+ <para>
+ Edit <filename>/etc/httpd/conf.d/ssl.conf</filename>. Change the SSLCertificateFile and SSLCertificateKey lines to be.
+ </para>
+<screen>SSLCertificateFile /etc/pki/tls/certs/www.example.com.crt
+SSLCertificateKeyFile /etc/pki/tls/private/www.example.com.key</screen>
+ <para>
+ where the "www.example.com" part should match the argument passed on the <command>genkey</command> command.
+ </para>
</listitem>
</itemizedlist>
</section>
</section>
- <section
- id="s1-apache-additional-resources">
+ <section id="s1-apache-additional-resources">
<title>Additional Resources</title>
- <indexterm
- significance="normal">
+ <indexterm>
<primary>Apache HTTP Server</primary>
<secondary>additional resources</secondary>
</indexterm>
- <para>To learn more about the Apache HTTP Server, refer to the following resources.</para>
- <section
- id="s2-apache-additional-resources-web">
+ <para>
+ To learn more about the Apache HTTP Server, refer to the following resources.
+ </para>
+ <section id="s2-apache-additional-resources-web">
<title>Useful Websites</title>
- <indexterm
- significance="normal">
+ <indexterm>
<primary>Apache HTTP Server</primary>
<secondary>additional resources</secondary>
<tertiary>useful websites</tertiary>
@@ -4206,18 +3749,18 @@ SSLCertificateKeyFile /etc/pki/tls/private/www.example.com.key
<itemizedlist>
<listitem>
<para>
- <ulink
- url="http://httpd.apache.org/">http://httpd.apache.org/</ulink> — The official website for the Apache HTTP Server with documentation on all the directives and default modules.</para>
+ <ulink url="http://httpd.apache.org/" /> — The official website for the Apache HTTP Server with documentation on all the directives and default modules.
+ </para>
</listitem>
<listitem>
<para>
- <ulink
- url="http://www.modssl.org/">http://www.modssl.org/</ulink> — The official website for <filename>mod_ssl</filename>.</para>
+ <ulink url="http://www.modssl.org/" /> — The official website for <filename>mod_ssl</filename>.
+ </para>
</listitem>
<listitem>
<para>
- <ulink
- url="http://www.apacheweek.com/">http://www.apacheweek.com/</ulink> — A comprehensive online weekly newsletter about all things Apache.</para>
+ <ulink url="http://www.apacheweek.com/" /> — A comprehensive online weekly newsletter about all things Apache.
+ </para>
</listitem>
</itemizedlist>
</section>
More information about the docs-commits
mailing list