Apache2 for alpine linux professional configuration - McKAY brothers, multimedia emulation and support

About McKAY's blog

ads

Post Top Ad

Your Ad Spot

2022/08/26

Apache2 for alpine linux professional configuration

 PREVIOUS: Apache2 for alpine linux professional installation

Due to the minimalism of alpine Linux, unfortunately the apache2 packaging is the worst ever seen, its configuration file makes it impossible to configure with only single line commands so the commands for quick configuration with cares of overwriting are very dedicated.

If do you note the command php$phpverx-apache2 in many tutorials, that is a prof that are incomplete, here you will learn why this ilogic command.

The recommendation its to use apache2 behind a reverse proxy setup, such like lighttpd or hiawatta servers. Currently the most lazy and slow server .. just for windosers that wants to learn..


PART2: Apache2 Configuration on Alpine Linux

If you just want to serve simple HTML pages apache2 can be used out-of-box. No further configuration needed.

Due to the minimalism of alpine linux, unfortunately the apache2 packaging is the worst ever seen, its configuration file makes it impossible to configure with only single line commands so the commands for quick configuration with cares of overwriting are very dedicated.

Status special page

Taking care of the status web server: those special pages are just minimal info of the running web server, are need to view from outside in a case of emergency, do not take the wrong approach of hide behind a filtered ip or filtered network, you must have access in all time in all the web to see problems. The creation of the directory in the htdocs main root web files are just to remember you so then can avoid hiring a staff that becomes indispensable, thus allowing to save costs in knowledge theft by technical staff.

  1. Enable the mod_status at the config files
  2. change path in the config file, we are using security by obfuscation later by auth module
  3. change the restriction of the status pages, currently we just remove it
  4. restart the service to see changes at the browser
mkdir -p /var/www/localhost/htdocs/stats

sed -i -r 's#.*LoadModule.*modules/mod_info.so.*#LoadModule info_module modules/mod_info.so#g' /etc/apache2/httpd.conf
sed -i -r 's#.*LoadModule.*modules/mod_status.so.*#LoadModule status_module modules/mod_status.so#g' /etc/apache2/httpd.conf

sed -i -r 's#tion /server-status#tion /stats/server-status#g' /etc/apache2/conf.d/info.conf
sed -i -r 's#tion /server-info#tion /stats/server-info#g' /etc/apache2/conf.d/info.conf

sed -i -r 's#.*Require host.*#\#    Require host#g' /etc/apache2/conf.d/info.conf
sed -i -r 's#.*Require ip.*#\#    Require ip#g' /etc/apache2/conf.d/info.conf

rc-service apache2 restart

CGI bin directory support

By default packages assign a directory under localhost main domain, other linux uses a global cgi directory and aliasing.. the most profesional way, but think about it, this per domain configuration allows isolation:

  1. create the directory due packager dont make any reference to that neither in the useradd
  2. enable the mod_userdir in the config file
  3. get sure alias module is also enabled
  4. setup and enable the config cgi file path
  5. restart the service to see changes at the browser
mkdir -p /var/www/localhost/cgi-bin

sed -i -r 's#.*LoadModule.*modules/mod_cgid.so.*#LoadModule cgid_module modules/mod_cgid.so#g' /etc/apache2/httpd.conf
sed -i -r 's#.*LoadModule.*modules/mod_cgi.so.*#LoadModule cgi_module modules/mod_cgi.so#g' /etc/apache2/httpd.conf

sed -i -r 's#.*LoadModule.*modules/mod_alias.so.*#LoadModule alias_module modules/mod_alias.so#g' /etc/apache2/httpd.conf

sed -i -r 's#.*ScriptAlias /cgi-bin/.*#    ScriptAlias /cgi-bin/ "/var/www/localhost/cgi-bin"#g' /etc/apache2/httpd.conf

rc-service apache2 restart

After that, all the files under the /var/www/localhost/cgi-bin directory will be procesed under http://localhost/cgi-bin/ path to executed due the directives defined in the line 482 of the config file.

Descriptive error or special pages

This pages will be show to visitors when a page or path are not in the server, or when a internal error happened, this are to do not show a horrible message of development to visitors.. and just a nice message or “away from here” message:

  1. install the errors package
  2. restart the service
apk add apache2-error

rc-service apache2 restart

All about error documents are define at /etc/apache2/conf.d/multilang-errordoc.conf, you can customized byt redefine the error alias and the error codes. The right way is to make a symlink from /var/www/error-pages over each document and if there’s any customized remove the symlink and create the alternate error page there.

Userdir public_html support

As vendors of web sites do, with this each user created in the unix system can serve owned web pages witout being root or gain access to sense files:

  1. create the directory for put the html files due alpine crap does not follow any standard
  2. enable the module in the webserver
  3. set the user directory in the config file
  4. restart the service to see the changes at the browser per user
mkdir -p /etc/skel/public_html

for i in /home/*; do mkdir $i/public_html ; done

sed -i -r 's#.*LoadModule.*modules/mod_usertrack.so.*#LoadModule usertrack_module modules/mod_usertrack.so#g' /etc/apache2/httpd.conf
sed -i -r 's#.*LoadModule.*modules/mod_userdir.so.*#LoadModule userdir_module modules/mod_userdir.so#g' /etc/apache2/httpd.conf

sed -i -r 's#^UserDir .*#UserDir public_html#g' /etc/apache2/conf.d/userdir.conf

rc-service lighttpd restart

WARNING as we said.. alpine policy is to be most upstream equal possible, almost like packagers are lazy? NO! just dont put any thing about root user access, but well, you must know what are you doing, by the addition of UserDir disabled root postmaster you will denied specific users due security.

If you change the user dir , then you must change the directory definition at the last block.

NEXT: apache2 setup with SSL on alpine linux

Complete documentation at https://codeberg.org/alpine/alpine-wiki/src/branch/main/tutorials/professional-way/server-alpine-apache2-professional.md

Those crap tutorials are incomplete, note the wrong command



see also


LICENSE

CC BY-NC-SA

  • BY – Credit must be given to the creator of each content respectivelly, starting at the first contributor.
  • NC – Only noncommercial uses of the work are permitted, with exceptions if you fill an issue here!
  • SA – Adaptations must be shared under the same terms, you must obey this terms and do not change it.

For more information check the alpine/copyright.md




No hay comentarios.:

Publicar un comentario

no stupid winbuntu users allowed!

Entradas populares

Post Top Ad

Your Ad Spot