17 KiB
بسم الله الرحمن الرحیم
1-نصب Apache2
How to install Apache2
The Apache HTTP Server (“httpd”) is the most commonly used web server on Linux systems, and is often used as part of the LAMP configuration. In this guide, we will show you how to install and configure Apache2, which is the current release of “httpd”. Install apache2
To install Apache2, enter the following command at the terminal prompt:
sudo apt install apache2
Configure apache2
Apache2 is configured by placing directives in plain text configuration files in /etc/apache2/. These directives are separated between the following files and directories: Files
apache2.conf
The main Apache2 configuration file. Contains settings that are global to Apache2.
Note: Historically, the main Apache2 configuration file was httpd.conf, named after the “httpd” daemon. In other distributions (or older versions of Ubuntu), the file might be present. In modern releases of Ubuntu, all configuration options have been moved to apache2.conf and the below referenced directories and httpd.conf no longer exists.
envvars
File where Apache2 environment variables are set.
magic
Instructions for determining MIME type based on the first few bytes of a file.
ports.conf
Houses the directives that determine which TCP ports Apache2 is listening on.
In addition, other configuration files may be added using the Include directive, and wildcards can be used to include many configuration files. Any directive may be placed in any of these configuration files. Changes to the main configuration files are only recognized by Apache2 when it is started or restarted.
The server also reads a file containing MIME document types; the filename is set by the TypesConfig directive, typically via /etc/apache2/mods-available/mime.conf, which might also include additions and overrides, and is /etc/mime.types by default. Directories
conf-available
This directory contains available configuration files. All files that were previously in /etc/apache2/conf.d should be moved to /etc/apache2/conf-available.
conf-enabled
Holds symlinks to the files in /etc/apache2/conf-available. When a configuration file is symlinked, it will be enabled the next time Apache2 is restarted.
mods-available
This directory contains configuration files to both load modules and configure them. Not all modules will have specific configuration files, however.
mods-enabled
Holds symlinks to the files in /etc/apache2/mods-available. When a module configuration file is symlinked it will be enabled the next time Apache2 is restarted.
sites-available
This directory has configuration files for Apache2 Virtual Hosts. Virtual Hosts allow Apache2 to be configured for multiple sites that have separate configurations.
sites-enabled
Like mods-enabled, sites-enabled contains symlinks to the /etc/apache2/sites-available directory. Similarly, when a configuration file in sites-available is symlinked, the site configured by it will be active once Apache2 is restarted.
۲-پیکربندی Apache2
How to configure Apache2 settings
After you have installed Apache2, you will likely need to configure it. In this explanatory guide, we will explain the Apache2 server essential configuration parameters. Basic directives
Apache2 ships with a “virtual-host-friendly” default configuration – it is configured with a single default virtual host (using the VirtualHost directive) which can be modified or used as-is if you have a single site, or used as a template for additional virtual hosts if you have multiple sites.
If left alone, the default virtual host will serve as your default site, or the site users will see if the URL they enter does not match the ServerName directive of any of your custom sites. To modify the default virtual host, edit the file /etc/apache2/sites-available/000-default.conf.
Note:
The directives set for a virtual host only apply to that particular virtual host. If a directive is set server-wide and not defined in the virtual host settings, the default setting is used. For example, you can define a Webmaster email address and not define individual email addresses for each virtual host.
If you want to configure a new virtual host or site, copy the 000-default.conf file into the same directory with a name you choose. For example:
sudo cp /etc/apache2/sites-available/000-default.conf /etc/apache2/sites-available/mynewsite.conf
Edit the new file to configure the new site using some of the directives described below: The ServerAdmin directive
Found in /etc/apache2/sites-available
Specifies the email address to be advertised for the server’s administrator. The default value is webmaster@localhost. This should be changed to an email address that is delivered to you (if you are the server’s administrator). If your website has a problem, Apache2 will display an error message containing this email address to report the problem to. The Listen directive
Found in /etc/apache2/ports.conf
Specifies the port, and optionally the IP address, Apache2 should listen on. If the IP address is not specified, Apache2 will listen on all IP addresses assigned to the machine it runs on. The default value for the Listen directive is 80. Change this to:
127.0.0.1:80 to make Apache2 listen only on your loopback interface so that it will not be available to the Internet,
to e.g. 81 to change the port that it listens on,
or leave it as is for normal operation.
The ServerName directive (optional)
Specifies what FQDN your site should answer to. The default virtual host has no ServerName directive specified, so it will respond to all requests that do not match a ServerName directive in another virtual host. If you have just acquired the domain name mynewsite.com and wish to host it on your Ubuntu server, the value of the ServerName directive in your virtual host configuration file should be mynewsite.com.
Add this directive to the new virtual host file you created earlier (/etc/apache2/sites-available/mynewsite.conf). The ServerAlias directive
You may also want your site to respond to www.mynewsite.com, since many users will assume the www prefix is appropriate – use the ServerAlias directive for this. You may also use wildcards in the ServerAlias directive.
For example, the following configuration will cause your site to respond to any domain request ending in .mynewsite.com.
ServerAlias *.mynewsite.com
The DocumentRoot directive
Specifies where Apache2 should look for the files that make up the site. The default value is /var/www/html, as specified in /etc/apache2/sites-available/000-default.conf. If desired, change this value in your site’s virtual host file, and remember to create that directory if necessary!
Enable the new VirtualHost using the a2ensite utility and restart Apache2:
sudo a2ensite mynewsite
sudo systemctl restart apache2.service
Note:
Be sure to replace mynewsite with a more descriptive name for the VirtualHost. One method is to name the file after the ServerName directive of the VirtualHost.
Similarly, use the a2dissite utility to disable sites. This is can be useful when troubleshooting configuration problems with multiple virtual hosts:
sudo a2dissite mynewsite
sudo systemctl restart apache2.service
Apache2 server default settings
This section explains configuration of the Apache2 server default settings. For example, if you add a virtual host, the settings you configure for the virtual host take precedence for that virtual host. For a directive not defined within the virtual host settings, the default value is used. The DirectoryIndex
The DirectoryIndex is the default page served by the server when a user requests an index of a directory by specifying a forward slash (/) at the end of the directory name.
For example, when a user requests the page http://www.example.com/this_directory/, they will get either the DirectoryIndex page (if it exists), a server-generated directory list (if it does not and the Indexes option is specified), or a Permission Denied page if neither is true.
The server will try to find one of the files listed in the DirectoryIndex directive and will return the first one it finds. If it does not find any of these files and if Options Indexes is set for that directory, the server will generate and return a list, in HTML format, of the subdirectories and files in the directory. The default value, found in /etc/apache2/mods-available/dir.conf is “index.html index.cgi index.pl index.php index.xhtml index.htm”. Thus, if Apache2 finds a file in a requested directory matching any of these names, the first will be displayed. The ErrorDocument
The ErrorDocument directive allows you to specify a file for Apache2 to use for specific error events. For example, if a user requests a resource that does not exist, a 404 error will occur.
By default, Apache2 will return a HTTP 404 Return code. Read /etc/apache2/conf-available/localized-error-pages.conf for detailed instructions on using ErrorDocument, including locations of example files. CustomLog and ErrorLog
By default, the server writes the transfer log to the file /var/log/apache2/access.log. You can change this on a per-site basis in your virtual host configuration files with the CustomLog directive, or omit it to accept the default, specified in /etc/apache2/conf-available/other-vhosts-access-log.conf.
You can also specify the file to which errors are logged, via the ErrorLog directive, whose default is /var/log/apache2/error.log. These are kept separate from the transfer logs to aid in troubleshooting problems with your Apache2 server. You may also specify the LogLevel (the default value is “warn”) and the LogFormat (see /etc/apache2/apache2.conf for the default value). The Options directive
Some options are specified on a per-directory basis rather than per-server. Options is one of these directives. A Directory stanza is enclosed in XML-like tags, like so:
<Directory /var/www/html/mynewsite> ...
The Options directive within a Directory stanza accepts one or more of the following values (among others), separated by spaces:
ExecCGI
Allow CGI scripts to be run. CGI scripts are not run if this option is not chosen.
Caution
Most files should not be run as CGI scripts. This would be very dangerous. CGI scripts should kept in a directory separate from and outside your DocumentRoot, and only this directory should have the ExecCGI option set. This is the default, and the default location for CGI scripts is /usr/lib/cgi-bin.
Includes
Allow server-side includes. Server-side includes allow an HTML file to include other files. See Apache SSI documentation (Ubuntu community) for more information.
IncludesNOEXEC
Allow server-side includes, but disable the #exec and #include commands in CGI scripts.
Indexes
Display a formatted list of the directory’s contents, if no DirectoryIndex (such as index.html) exists in the requested directory.
Caution
For security reasons, this should usually not be set, and certainly should not be set on your DocumentRoot directory. Enable this option carefully on a per-directory basis only if you are certain you want users to see the entire contents of the directory.
Multiview
Support content-negotiated multiviews; this option is disabled by default for security reasons. See the Apache2 documentation on this option.
SymLinksIfOwnerMatch
Only follow symbolic links if the target file or directory has the same owner as the link.
Apache2 daemon settings
This section briefly explains some basic Apache2 daemon configuration settings.
LockFile
The LockFile directive sets the path to the lockfile used when the server is compiled with either USE_FCNTL_SERIALIZED_ACCEPT or USE_FLOCK_SERIALIZED_ACCEPT. It must be stored on the local disk. It should be left to the default value unless the logs directory is located on an NFS share. If this is the case, the default value should be changed to a location on the local disk and to a directory that is readable only by root.
PidFile
The PidFile directive sets the file in which the server records its process ID (pid). This file should only be readable by root. In most cases, it should be left to the default value.
User
The User directive sets the userid used by the server to answer requests. This setting determines the server’s access. Any files inaccessible to this user will also be inaccessible to your website’s visitors. The default value for User is “www-data”.
Warning
Unless you know exactly what you are doing, do not set the User directive to root. Using root as the User will create large security holes for your Web server.
Group
The Group directive is similar to the User directive. Group sets the group under which the server will answer requests. The default group is also “www-data”.
Extending Apache2
Now that you know how to configure Apache2, you may also want to know how to extend Apache2 with modules.
۳-بسته های Apache2
How to use Apache2 modules
Apache2 is a modular server. This implies that only the most basic functionality is included in the core server. Extended features are available through modules which can be loaded into Apache2.
By default, a base set of modules is included in the server at compile-time. If the server is compiled to use dynamically loaded modules, then modules can be compiled separately, and added at any time using the LoadModule directive. Otherwise, Apache2 must be recompiled to add or remove modules.
Ubuntu compiles Apache2 to allow the dynamic loading of modules. Configuration directives may be conditionally included on the presence of a particular module by enclosing them in an block. Installing and handling modules
You can install additional Apache2 modules and use them with your web server. For example, run the following command at a terminal prompt to install the Python 3 WSGI module:
sudo apt install libapache2-mod-wsgi-py3
The installation will enable the module automatically, but we can disable it with a2dismod:
sudo a2dismod wsgi
sudo systemctl restart apache2.service
And then use the a2enmod utility to re-enable it:
sudo a2enmod wsgi
sudo systemctl restart apache2.service
See the /etc/apache2/mods-available directory for additional modules already available on your system. Configure Apache2 for HTTPS
The mod_ssl module adds an important feature to the Apache2 server - the ability to encrypt communications. Thus, when your browser is communicating using SSL, the https:// prefix is used at the beginning of the Uniform Resource Locator (URL) in the browser navigation bar.
The mod_ssl module is available in the apache2-common package. Run the following command at a terminal prompt to enable the mod_ssl module:
sudo a2enmod ssl
There is a default HTTPS configuration file in /etc/apache2/sites-available/default-ssl.conf. In order for Apache2 to provide HTTPS, a certificate and key file are also needed. The default HTTPS configuration will use a certificate and key generated by the ssl-cert package. They are good for testing, but the auto-generated certificate and key should be replaced by a certificate specific to the site or server.
Note:
For more information on generating a key and obtaining a certificate see Certificates.
To configure Apache2 for HTTPS, enter the following:
sudo a2ensite default-ssl
Note:
The directories /etc/ssl/certs and /etc/ssl/private are the default locations. If you install the certificate and key in another directory make sure to change SSLCertificateFile and SSLCertificateKeyFile appropriately.
With Apache2 now configured for HTTPS, restart the service to enable the new settings:
sudo systemctl restart apache2.service
Note that depending on how you obtained your certificate, you may need to enter a passphrase when Apache2 restarts.
You can access the secure server pages by typing https://your_hostname/url/ in your browser address bar. Sharing write permission
For more than one user to be able to write to the same directory you will need to grant write permission to a group they share in common. The following example grants shared write permission to /var/www/html to the group “webmasters”.
sudo chgrp -R webmasters /var/www/html
sudo chmod -R g=rwX /var/www/html/
These commands recursively set the group permission on all files and directories in /var/www/html to allow reading, writing and searching of directories. Many admins find this useful for allowing multiple users to edit files in a directory tree.
Warning:
The apache2 daemon will run as the www-data user, which has a corresponding www-data group. These should not be granted write access to the document root, as this would mean that vulnerabilities in Apache or the applications it is serving would allow attackers to overwrite the served content.
صلوات