httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Boyle Owen" <Owen.Bo...@swx.com>
Subject RE: apache web page indicating success - solutions
Date Fri, 28 Jun 2002 10:34:37 GMT
>From: Muriel Taylor [mailto:mtlr@lanl.gov]
>hi,
>all my server problems are fixed, thanks to everyone.
>....
>i need a drink, but i met my deadline.
>magic indeed, i'm afraid i will never be able to reproduce 
>this series of
>events ever again (too many packages that needed to work together)!

Welcome to apache! I understand the confusion that can reign when trying to install and configure
a completely new software package. Although I've worked with apache for years and feel very
comfortable with it, I recently went back to square "newbie" when I installed the Exim MTA.
Most of the configuration seemed like it could only be understood by someone out of "The Matrix"...

Anyway, perhaps I can give you a few pointers to make sense of your experience so far and
bring together some of the advice you've already had from the list:

First off, the key apache drective which tells apache where to start looking for files is
"DocumentRoot". This takes one argument which is a directory name. If it is not defined in
httpd.conf, it defaults to "/usr/local/apache/htdocs" because this is where a default installation
of apache puts the documentation. This is why if you hit a newly-installed server you get
the famous "It Worked!" page. 

If you want apache to look elsewhere for files, you can simply redefine DocumentRoot, e.g.

	DocumentRoot /home/muriel/html

and apache will start looking in that directory.

By the way, when I say "start looking", I mean that any requests in the browser location window
will cause apache to prepend the DocumentRoot directory to the request. In other words:

http://server-name/fruit/banana.html --> /home/muriel/html/fruit/banana.html

To put it another way, DocumentRoot maps the server URL (http://server-name/) to a directory
on the server's filesystem (in this case, /home/muriel/html).

Main point to note - DocumentRoot can point to anywhere on the filesystem, your files don't
have to be under /usr/local/apache/htdocs...

The second important point concerns access. In order to allow apache to serve files to the
web, you have to tell it that it has permission to do so. You do this with the "Allow" directive
which must go inside a <Directory> container. In the example, this would look like:

	<Directory /home/muriel/html>
	  Allow from all
	</Directory>

A lot of "Forbidden 403" errors are due to this. It should go without saying that the user
apache runs as should have read permissions in this directory but this is seldom a problem
since most files are readable by everyone. Note that apache doesn't have to *own* the files
it serves - it just needs to be able to read them.

A third point concerns how apache knows which file to serve if you just give the directory.
In our example, if you just type http://server-name/ into the browser, apache will go to /home/muriel/html
but how will it know which file to serve?

It first checks to see if you have given it a "DirectoryIndex" directive. This takes a list
of filenames as its argument, e.g.

	DirectoryIndex welcome.html welcome.htm 

of course, the list can consist of only one file if you wish. Apache then looks for a file
with one of these names and, if it finds it, serves it. The order in the list gives the order
of priority. 

If you have not defined DirectoryIndex, apache uses its default value which is "index.html".

So you can have apache start off with any file you like, in any directory you like, e.g.

	DocumentRoot /home/muriel/html
	DirectoryIndex hello.html 
	<Directory /home/muriel/html>
	  Allow from all
	</Directory>

means that a request to http://server-name/ serves the file /home/muriel/html/hello.html.

One final point concerning the user apache runs under... I think you mentioned somewhere that
apache is running as root? I hope not, since that is a bit dangerous from a security point-of-view.

The best way to run apache is to create a new user on the system (usually called "apache").
You can also create a new group for this user, or use an existing group (e.g. "nobody" or
whatever group a normal login user has). Then specify explicitly the user and group with these
directives:

	User apache
	Group nobody

However, when you *start* apache, you should do so from a root-shell. This starts the root
apache process which then spawns a farm of apache servers which run as user "apache". This
means that external users (clients) only ever see the unprivileged apache processes when they
hit the site and never see the root process (which never serves requests). Perhaps you are
already doing this and this is what you meant when you mentioned you were "running as root"...
Just make sure you don't have "User root" in your config!

Anyway, enough ramblings - but I thought I might chip in to try to clear up some of your questions.

Rgds,

Owen Boyle.


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message