Title: Apache Setup on SuSE Subject: Apache reconfig for SuSE ################################## Creating a user: /usr/local/apache/bin/htpasswd -c /usr/local/apache/conf/.htpasswd type the passwd twice cat /usr/local/apache/conf/.htpasswd ################################## # machine always knows itself by this address. If you use Apache strictly for # local testing and development, you may use 127.0.0.1 as the server name. # -ServerName reiser.suse.de +ServerName www.ltnb.lu ################################## #### That fixed the server name ################################## @@ -530,7 +530,7 @@ AuthGroupFile /etc/httpd/group Options -FollowSymLinks +Multiviews - AllowOverride None + AllowOverride AuthConfig ############################################################ #### That Allows users to password-protect their web pages ############################################################ @@ -1420,15 +1420,15 @@ # General setup for the virtual host -DocumentRoot "/usr/local/httpd/htdocs" -ServerName reiser.suse.de -ServerAdmin root@reiser.suse.de +DocumentRoot "/home/fun/webmast/www" +ServerName www.ltnb.lu +ServerAdmin root@www.ltnb.lu ErrorLog /var/log/httpd/error_log TransferLog /var/log/httpd/access_log ############################################################ #### That Set hostnames, administrator and root location for #### Web server in SSL mode ############################################################ # SSL Engine Switch: # Enable/Disable SSL for this virtual host. -SSLEngine off +SSLEngine on # SSL Cipher Suite: # List the ciphers that the client is permitted to negotiate. ####################################### #### That Switch SSL engine (https) on ####################################### @@ -1461,7 +1461,7 @@ # the referenced file can be the same as SSLCertificateFile # when the CA certificates are directly appended to the server # certificate for convinience. -#SSLCertificateChainFile /etc/httpd/ssl.crt/ca.crt +SSLCertificateChainFile /etc/httpd/ssl.crt/ca.crt # Certificate Authority (CA): # Set the CA certificate verification path where to find CA ################################################################ #### Install certification authority file (so that the server #### can supply the CA's certificate in addition to its own, makes #### certificate verification by some browsers easyer) ################################################################ @@ -1613,3 +1613,4 @@ Include /etc/httpd/susehelp.conf +Include "/etc/httpd/extraconf" ################################################################ #### Include other LLL configuration files, see below #### 01virtualhosts.conf #### This file resides in /etc/httpd/extraconf and contains the #### virtual hosts configuration. It starts with NameVirtualHost #### www.ltnb.lu:80 to indicate that our virtual hosts are #### distinguished by name, rather than IP (indeed, all virtual hosts #### resolve to 158.64.28.254) #### Then follow sections such as the following: ServerName www.estuaires.org.lu UserDir disabled ServerAlias *estuaires* ServerAdmin root@ltnb.lu DocumentRoot /home/ext/estuaire/public_html ErrorDocument 404 http://estuaires.org.lu #### This gives the IP address to which the virtualhost binds #### (158.64.28.254), the server name (ServerName www.estuaires.org.lu, used to distinguish the various virtual #### hosts amongst each other), aliases (anything containing the string #### estuaires), defines the responsible admin #### (root@ltnb.lu), the document root (where the documents are stored), the error document (which is displayed to browsers which #### attempt to access a non-existing page under that domain, and disables #### user directories (so that for example #### http://www.estuaires.org.lu/~ckugener won't work) #### #### N.B. It is possible to indicate the server name in the #### VirtualHost line itself, rather than the IP address. In that case, the extra ServerName directive can be skipped. However, #### in that case, the server will not be fully operational during all its #### lifetime if ever the nameserver was not available when it #### started. This is a situation which is very easy to get after a long #### power failure, if for some reason pollux is quicker to boot than #### ns. #---------------------------------------------------------- The following directives are supported in Virtual configurations: #---------------------------------------------------------- UserDir disabled Disables redirections of the form http://www.estuaires.org.lu/~someuser. Indeed, these username substitutions only make sense for the main site (www.ltnb.lu), but not for the other sites. #---------------------------------------------------------- ServerAlias names List of aliases under which this virtual host is known. May contain * wildcards. Allows a same host to be used as www.estuaires.ltnb.lu, www.estuaires.org.lu, etc. N.B. All these names still need to be configured in the nameserver #---------------------------------------------------------- ServerAdmin email address Sets the server administrator's e-mail address. This address is displayed in certain error messages #---------------------------------------------------------- DocumentRoot directory Specifies the directory where the web pages for this virtual site are kept. #---------------------------------------------------------- ServerName name Server name, used for matching, used for the logfiles, and sometimes for redirections. #---------------------------------------------------------- ErrorDocument code URL Specifies an "error document" which should be displayed for the given error code (404 = file not found). Useful for redirecting people at the root of the server if they mistyped an URL within the server. #---------------------------------------------------------- DirectoryIndex file names Specifies a list of files (such as index.html, index.htm) to be displayed when accessing a directory. These are tried in order, until one file is found that exists. #---------------------------------------------------------- Options options Sets a number of server options. These include: +FollowSymlinks: allows to browse files which are symbolic links to other files +ExecCGI: allows execution of CGI scripts (programs running on the server, generating pages on the fly). If users have cgi scripts in their web directory, they run under the user's identity, so this does not constitute a security hole. Be sure that the s bit of /usr/sbin/suexec is set. deny, allow #---------------------------------------------------------- IP based access control. Must be between tags Example: order deny,allow deny from all allow from .ltnb.lu 158.64.28. 10.0. 127.0. 195.46.242.42 This allows access from any host in the ltnb.lu domain, from any host whose IP address starts with 158.64.28., 10.0., or 127.0., or from the address 195.46.242.42 #---------------------------------------------------------- #### 02redirect.conf #### Redirects the LLL user's directories to the new server, just in case #### some people still have the old addresses in their bookmarks: RedirectPermanent /~tvallon http://www.thierry.vallon.org.lu RedirectPermanent /~freedvd http://www.free-dvd.org.lu RedirectPermanent /~aknaff http://www.alain.knaff.lu RedirectPermanent /~fcmetz http://www.fcmetz.org.lu RedirectPermanent /~radiodud http://www.radiodud.org.lu RedirectPermanent /~arassel http://www.alain.rassel.lu RedirectPermanent /~belledon http://www.belledonne.org.lu RedirectPermanent /~orglunic http://www.org.lu RedirectPermanent /~netdays http://www.netdays.org.lu #### 03webmail.conf #### This file resides in /etc/httpd/extraconf and contains the #### webmail (IMP) configuration. ### 04spamcontrol.conf ### Detects a couple of well-known spam e-mail harvester bots and ### redirects them to a more appropriate place. ### Additionnally, serves up empty pictures instead of banners to local ### browsers in place of some particularly obnoxious banners. ### 05local.conf ### This file resides in /etc/httpd/extraconf and contains all ### local configuration which doesn't fit elsewhere. LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %v" referer CustomLog /var/log/httpd/referer_log referer