Monday, February 27, 2006

Playing with Apache httpd server

I just finished securing my Apache web servers that I run at home and on an isolated network here at work. Both run on Windows 2003 Server in place of IIS (disabled on both systems). I've also been playing with Apache on Ubuntu Linux but when I went to make changes to the httpd.conf file to make it similar to the ones I just "secured" I was somewhat annoyed to find the Debian distribution (which Ubuntu freezes then modifies to suit their needs) delivers their Apache configuration a little differently (well, a lit differently).

The Apache web server on Debian distributions (I'm assuming, since it says so in the configuration files) starts with the apache2.conf file. The apache2.conf sets all parameters specific to the server (processes, threads, server root, lock, logs, etc.) then starts including files. It starts with links in the /etc/apache2/mods-enabled directory that link to files in the /etc/apache2/mods-available directory. The /etc/apache2/httpd.conf (user configurations) then /etc/apache2/ports.conf (ports) files are used next. All files in the /etc/apache2/conf.d directory are processed. After processing the first round of includes the alias and directory settings for /icons is set along with "ErrorDocument" files and locations followed by fancy indexing icons, languages and types. The last piece of the apache2.conf file includes all links in the /etc/apache2/sites-enabled directory that link to files in the /etc/apache2/sites-available directory. This is where you would put your virtual servers. This type of configuration seems to have advantages and disadvantages.

One of the advantages of this configuration would have to be the flexibility. A package manager could install modules and place configuration settings in the /etc/apache2/mods-available directory then link to them in the /etc/apache2/mods-enabled directory. The main configuration files never need to be modified. The same goes for the virtual hosts in the sites* directories. I guess the disadvantages to this type of setup would be the reliance upon the Unix file system and the process gets somewhat more complicated and non-standardized. Instead of having everything in one file, a system administrator now needs to keep track of multiple files in different locations.

Installing and playing with Apache has definitely been a learning experience. For those who are wondering why I am using Apache on Windows instead of on Unix or instead of using IIS, here is why. At both home and work there was a Windows-only program that was required, and to be honest the Windows Servers seem to be a lot more straight-forward when it comes to administration out of the box. Unix would have taken more time to run, secure and protect. Sure there is a cost of secured Windows servers versus secured Linux servers but that is a cost I'm willing to take at the moment. There were two reasons why I chose Apache over IIS: mod_rewrite and portability. I could not find anything in IIS that comes close to the power of mod_rewrite when it comes to making "pretty URLs". Plus, anything I do under Apache will move to a Linux server (if I need to) in the future but anything specific to IIS will not.

No comments: