Author
Christopher Marshall (christopherlmarshall@yahoo.com)
Raw Notes on Apache
# cgi stuff
# if you put this in httpd.conf:
ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"
# then a url like this "http://localhost/cgi-bin/script1.cgi"
# will cause apache to execute the script /var/www/cgi-bin/script1.cgi
# instead of sending its contents back to the browser.
# here is the simplest cgi-script you can write than sends a plain text
# message back to the browser
# start of script1.cgi
#!/bin/bash
echo "content-type: text/plain"
echo
echo "Have a nice day"
# end of script1.cgi
# Virtual Host
# Let's say your ip address is 10.0.0.1 and you want two virtual hosts:
# www.a.com, and www.b.com.
# You could do that like this:
NameVirtualHost 10.0.0.1
<VirtualHost www.a.com>
ServerName a.com
DocumentRoot /var/www/htdocs/acom
</VirtualHost>
<VirtualHost www.b.com>
ServerName b.com
DocumentRoot /var/www/htdocs/bcom
</VirtualHost>
# passwords
# this creates a file with the given username, and prompts you for a password
htpasswd -c passfile username
# then you enter a stanza like this in httpd.conf
# so you specify a path and a password file protecting it
<Directory /var/www/htdocs/edgehome>
AuthType Basic
AuthName darkness
AuthUserFile <path to password file>
#AuthGroupFile /var/lib/apache/edgehome/groups
require valid-user
</Directory>
#
# you can protect cgi scripts by protecting the directory they live under.
# for example, with a moin wiki installed like this:
Alias /wiki/ "/usr/share/moin/htdocs/"
ScriptAlias /linuxnotes "/usr/share/moin/wikis/linuxnotes/cgi-bin/moin.cgi"
# you could protect it like this:
<Directory /usr/share/moin/wikis/>
AuthType Basic
AuthName linuxnotes
AuthUserFile /etc/apache.linuxnotes.passwd
require valid-user
</Directory>
# when you protect a directory, subdirs and their contents are resursively covered
# by protecting /usr/share/moin/wikis, we also protect
# /usr/share/moin/wikis/linuxnotes/cgi-bin/moin.cgi
# a couple of points:
# - always test this by trying to get to what you shouldn't be able to get to without a password.
# - the password file should be located in /etc, where the nobody account can see it.
#
# to protect the scripts in a cgi-bin directory pointed to by a script alias, as with moin
#
# SSL stuff
# First we generate a certificate authority
# this comand creates demoCA in the current directory. The main files created are
# demoCA/cacert.pem and demoCA/private/cakey.pem
/etc/ssl/misc/CA.pl -newca
# Then we generate a certificate request. This creates newreq.pem with a certificate
# request and a private key
/etc/ssl/misc/CA.pl -newreq
# Then we sign the request using the demoCA stuff. This creates newcert.pem
/etc/ssl/misc/CA.pl -sign
# Configuring Apache
# we add these lines as general configuration of ssl
LoadModule ssl_module libexec/libssl.so
AddModule mod_ssl.c
Listen 80
Listen 443
SSLPassPhraseDialog builtin
SSLSessionCache dbm:/var/log/apache/ssl_scache
SSLSessionCacheTimeout 300
SSLMutex file:/var/log/apache/ssl_mutex
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
SSLLog /var/log/apache/ssl_engine_log
SSLLogLevel info
# and we setup the virtual host like this
# notice how we use both files newcert.pem (which contains the site certificate)
# and newreq.pem (which contains our private key).
NameVirtualHost 10.0.0.1
<VirtualHost www.linuxcheatsheets.org:443>
ServerName www.linuxcheatsheets.org
DocumentRoot /mnt/drive2/chris/www/htdocs/linuxcheatsheets
SSLEngine on
SSLCertificateFile /mnt/drive2/chris/tmp/newcert.pem
SSLCertificateKeyFile /mnt/drive2/chris/tmp/newreq.pem
</VirtualHost>
# QUESTIONS:
# a big mystery to me at this point is why when I declare a virtual host with a name like
# www.linuxcheatsheets.org, requests to a name like linuxcheatsheets.org are also recognized
# by the directive.
# how do I generate a request with an empty passphrase?