Tuesday, May 31, 2016

IP-based virtual hosts VS name-based virtual hosts

We setup two virtual hosts as explained in the previous blog post. Now, we can configure it based on two techniques,

1. IP-based virtual hosting
2. Name-based virtual hosting

IP-based Virtual Hosting:

In this case, we are assigning multiple IP addresses for the very same network interface we have in our server machine. Then we can give a unique IP address for each of our virtual host. Let's try it. In our previous blog post, we have already created two virtual hosts called "smallco.com" and "bigco.com". We will use them in this exercise.

First of all, let's assign two IP aliases to our network interface. Since my network interface already has the IP address 172.16.215.130, I decided to add two more IP addresses in the same network.

sudo ifconfig eth0:0 172.16.215.131/24 up
sudo ifconfig eth0:1 172.16.215.132/24 up


Now, we need to edit our "/etc/hosts" file to map these IP addresses with our virtual host names.

sudo vim /etc/hosts

Inside this file, append the following two lines.

172.16.215.131  smallco.com www.smallco.com
172.16.215.132  bigco.com www.bigco.com


Now, it's time to edit our website configuration files.

sudo vim smallco.com.conf

Edit the virtual host tag to look like the following.

<VirtualHost 172.16.215.131:80>

Follow a similar approach for the other virtual host we have in our server with the appropriate IP address. Then, we can restart the server and try to access the websites from their associated IP addresses.

sudo service apache2 restart
lynx 172.16.215.131
lynx 172.16.215.132


Name-based Virtual Hosting:

In order to try name-based virtual hosting, revert all the changes we made for the IP-based virtual hosting about. We have to remove the entries in "/etc/hosts" file and website configuration files where we added an IP address instead of the * mark. Finally, let's bring down the IP aliases.

sudo ifconfig eth0:0 down
sudo ifconfig eth0:1 down


Now we are ready to do name-based virtual hosting. In this, the only thing we have to put is the virtual host names in our "/etc/hosts" file but this time for the same IP address.

sudo vim /etc/hosts
127.0.0.1   localhost smallco.com bigco.com


Now, restart the apache server and try to access the websites using their virtual host names.

sudo service apache2 restart
lynx smallco.com
lynx bigco.com


That's all folks!

Dealing with configuration directives in Apache on Ubuntu

(1) We can list the statically compiled modules available for apache using the command,

apache2ctl -M

(2) "Options" directive is a useful directive which we can use to enable and disable various options for a virtual host. Since this directive comes as a core module, we don't have to load it in order to use. It's available by default.

First of all, create a new directory inside our web root for a particular virtual host. Then add some files into it. If we try to access this directory from the web browser, we will be able to see a list of files. We can disable these file listings by using the "Options" directive.

mkdir /var/www/smallco.com/public_html/files
touch /var/www/smallco.com/public_html/files/first-file.txt
touch /var/www/smallco.com/public_html/files/second-file.txt
w3m smallco.com/files


To disable these file listings, we will open the configuration file of this virtual host and add a "Directory" directive for this particulr directory and disable the "Indexes" option using the "Options" directive.

sudo vim /etc/apache2/sites-available/smallco.com.conf

<Directory /var/www/smallco.com/public_html/files>
    Options -Indexes
</Directory>


Now, let's restart the apache server and see,

sudo service apache2 restart

If the things seems not getting affected as expected, we can do a forced reload too as follows.

sudo service apache2 force-reload


Now, trying to access that directory from the web browser will show that the server is not giving a list of files in the directory due to our changes.

(3) "Location" directive is a similar directive to the "Directory" directive however there we specify a particular URL inside our website to which we point to. We usually use "Location" directive with the "SetHandler" directive to specify a particular program which should handle a request to a particular URL inside our website.

Let's specify a URL accessing which will display the server status of our web server. For this functionality, we need to have the status_module enabled on apache. Running the following command showed that we have this module currntly installed.

apachectl -M

Again, we can check whether it is enabled by looking at the enabled modules directory and then in the right files.

ls /etc/apache2/mods-enabled/
cat /etc/apache2/mods-enabled/status.load
cat /etc/apache2/mods-enabled/status.conf


As we can see, this status_module is loaded and enabled by default. But it is set to a particular URL called "/server-status". Let's change it to point to a different place in our website. In order to do that, we have to open our website configuration file as usual and put an entry there.

sudo vim /etc/apache2/sites-available/smallco.com.conf

<Location /smallco-status>
    SetHandler server-status
    Require local
</Location>

sudo service apache2 restart
or
sudo service apache2 force-reload

Now, we can try to access that particular URL in our website and see how that request is handled by the status_module.

lynx smallco.com/smallco-status

(4) Let's use "Files" directive to specify some rules for a particular file. In the following scenario, we will first create a file which is available for anyone to access through the web since we have placed it in the web root of our website.

vim /var/www/smallco.com/public_html/restricted-file
lynx smallco.com/restricted-file


Now, let's restrict the access to this file only for a client coming from the same machine that runs the web server.

sudo vim /etc/apache2/sites-available/smallco.com.conf

<Files /var/www/smallco.com/public_html/restricted-file>
    Require local
</Files>


After adding this directive, we need to restart the server and see.

sudo service apache2 restart
lynx smallco.com/restricted-file


That's all folks!

Sunday, May 29, 2016

Custom Error Responses and Log Files in Apache Server

In this post, I decided to write some information about two important things we can configure in Apache server for a particular website. Those are custom error responses which we can send from the server to clients and log files which we can use to log different events occurring in the server for later investigations.

Custom error responses:

When a web client attempt to access a web page in our server which results in an error, the server is supposed to send an HTTP error response with the error code and some HTML content. In apache server, there are default HTTP error pages sent with an HTTP error responses. However, it may be interesting for a website to have custom error response pages with some nice and helpful messages to the web user. Let's see how we can add such a thing.

(1) An HTML page for the error response:

If we are going to use an HTML page for the user for an error response say for example for the error code 404. We have to put that HTML file in the web root of the website (eg: /var/www/smallco.com/) and then add an entry in the configuration file of the website as follows. It is important to note that a / is used to represent the web root of the website and then give the path to the HTML file inside the web root.

ErrorDocument 404 /meaningful-error.html

(2) Redirecting to a different URL:

If we want to redirect our web user to a different web URL upon when encountered with an HTTP error, we can specify the URL in the website configuration file and it is important to note that we should use http:// when writing the URL to properly redirect the user.

ErrorDocument 404 http://www.google.com

(3) A hard-coded string as an error response:

Instead of using the above two techniques, we can directly specify a text string which should be sent to the web user upon hitting an error.

ErrorDocument 404 "Sorry buddy, the page seems gone :("

To make these changes get effective, we should restart the apache server.

sudo service apache2 restart

Log files:

There are two important log files which can help us to troubleshoot and understand the activities going on in the apache web server. First thing is access log which is called TransferLog in apache terminology. We can use it to specify the file path where the server access details of different web clients should be written. The other log is ErrorLog which contains information about the errors faced by the apache server at different points.

In the apache configuration file for a particular website, we can specify where these log files should be saved. By default on an Ubuntu based system where we have installed apache2 server, /etc/apache2/envvars file contains the default path to these log files. In my system these files are pointed to /var/log/apache2/ directory.

(1) Let's change the location of these log files for our website. I will create a new directoy where I want to save these files.

sudo mkdir /var/log/apache2/smallco.com


Now, open the configuration file of our website and add the following entries to set the new paths for the configuration files.

ErrorLog /var/log/apache2/smallco.com/error.log
TransferLog /var/log/apache2/smallco.com/access.log


Just like the previous time, we should restart the apache server to make these log files become active.

sudo service apache2 restart

(2) In addition to those two default log files ErrorLog and TransferLog, we can define our own log files with our own logging formats. In order to do that, we can use LogFormat and CustomLog directives.

Add the following two lines to the configuration file of our website. Using the LogFormat directive, we specify a log format and give a name to this custom format. In this case we have given the name ourformat. Then using the CustomLog directive, we specify the path to that custom log file and the name of the log format.

LogFormat "%h %t \"%r\" %>s" ourformat
CustomLog /var/log/apache2/smallco.com/our-custom.log ourformat


In the log format, we have specified that we need to log the IP address of the client, access time, HTTP request from the client and the HTTP response code sent from the server. After adding these two files to the configuration file of the website, restart the apache server and access the website from a web browser.

sudo service apache2 restart
w3m smallco.com


Now we can check the content of the configuratin file we have defined.

cat /var/log/apache2/smallco.com/our-custom.log

In my log file, I could see a line like the following.

127.0.0.1 [29/May/2016:08:06:54 -0700] "GET / HTTP/1.0" 200

That's all folks!

Setting up a basic virtual host on Apache2 server

After installing Apache server on a virtual machine on VMWare for my experimental setup as explained in this previous post, my next move was to do the basic configurations of the HTTP server. After installation, most of the necessary configuration files of Apache is located in /etc/apache2 directory. The main apache configuration file is apache2.conf which is located in that directory. Let's open it and see.

cd /etc/apache2
vim apache2.conf


Going through this file contents will clearly show that there are references to various other configuration files from here. Few parameters are worth mentioning here. The Timeout parameter contains a value in seconds which is the maximum time the server can take to respond to a client request.

The KeepAlive parameter is used to decide whether we are going to support persistent connections. When a client requests an HTML page from the server, the client may have to send subsequent requests if the HTML page has references to various other files such as images. If the connection with the server is not persistent the client has to cleat a TCP connection for every subsequent request to the server. Using the KeepAlive parameter, we can ask the server to maintain persistent connections so that the same TCP connection will be maintained throughout the subsequent HTTP requests from that particular client to the server. This will improve the performance of the server significantly but it will use more server resources.

Apache server runs under a dedicated username and a group to isolate it from other things. apache2.conf file has entries to these user and group names which are actually defined in a separate file. Let's go ahead and look at some other directories and files associated with the server configurations.

vim envvars

This file contains some necessary environmental variables which will be set when we restart the apache server. One important parameter mentioned here is the exact user and group name the apache should running under. By default when we install apache server, a user name called www-data and a group with the same name is created. We can see this user by looking at the passwd file.

cat /etc/passwd

Setting up a virtual host:

(1) Setup the directory to hold the html files first with necessary permissions.

sudo mkdir -p /var/www/smallco.com/public_html
 
sudo chown -R $USER:$USER /var/www/smallco.com/public_html/
 
sudo chmod -R 755 /var/www/

(2) Let's create a simple html page for our sample website inside this created directory.

vim /var/www/smallco.com/public_html/index.html

(3) Time to create the apache configuration file for this new virtual host. We will copy the default file contents and edit where necessary.

sudo cp /etc/apache2/sites-available/000-default.conf /etc/apache2/sites-available/smallco.com.conf

sudo vim /etc/apache2/sites-available/smallco.com.conf

The contents I added to this file looks like the following.

<VirtualHost *:80>
    ServerAdmin admin@smallco.com
    ServerName smallco.com
    ServerAlias www.smallco.com
    DocumentRoot /var/www/smallco.com/public_html
    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>



(4) Enable this virtual host using the following command.

sudo a2ensite smallco.com.conf

(5) To view this new virtual host from our web browser we have to edit the hosts file since we don't own the domain name we have used and therefore we need to by-pass the DNS lookups going from the web browser to DNS services outside. (note that we can access this website using the host name only within this computer. To access from the outside world, we need to buy the domain name and DNS service mapping.)

sudo vim /etc/hosts

Inside this file, add an entry like this.

127.0.1.10  smallco.com

(6) Now we can see the web page from our web browser. First of all, restart the apache server and then access the page fro the web browser.

sudo service apache2 restart

w3m smallco.com

That's all folks! 

Sunday, May 15, 2016

Preparing to install Apache2 server on Ubuntu 14.04 LTS

Installing Apache server on Ubuntu is a very straightforward thing using the apt-get tool. However for my experiments, I wanted a dedicated virtual machine running on VMWare for this purpose. Following information are few things I wanted to do to my Ubuntu 14.04 virtual machine before I install Apache2 server on it. Since my host machine didn't have enough memory, I just gave 256 MB memory for the guest OS for this task.

(1) Setting up a Ubuntu system to boot in to a Bash shell instead of starting GUI:

sudo vi /etc/default/grub

edit the relevant line to look like the following.

#GRUB_CMDLINE_LINUX_DEFAULT="quiet splash"
GRUB_CMDLINE_LINUX_DEFAULT="text"


To make the above change effective, run the following command and then restart the machine.

sudo update-grub
sudo reboot


if we wanted to start the GUI desktop environment one day,

startx

(2) To see what type of shell we are running, we can use the following command,

echo $SHELL

(3) There are few useful tools which we can use to see the resource usage, etc of
our system.

See the memory usage of the system.

free -m

See the i/o usage. there are various useful arguments which can be used to check various useful information with this command.

vmstat

See the processes and their system resource usage.

top
See the processes, CPU and memory usage all in a one illustrative display

sudo apt-get install htop
htop


(4) Package management related important commands.

Search for a package. this just lists all the packages that matches with the provided keyword.

apt-cache search apache2

Read the info of a particular package we found from the above command.

apt-cache show apache2

See a full list of all the packages installed in the system.

dpkg -l

It's better to use if with less command.

dpkg -l | less

When the less command is showing the output of "dpkg -l", we can search for a keyword there like we do in vim editor.

/apache2 

(5) Installing apache server.

sudo apt-get install apache2 apache2-doc apache2-utils

Following command will show that our server has started and currently running.

ps aux | grep apache

 
Starting, stopping and restarting operations can be done with following commands.

sudo /etc/init.d/apache2 start
sudo /etc/init.d/apache2 stop
sudo /etc/init.d/apache2 restart


or with following commands,

sudo service apache2 start
sudo service apache2 stop
sudo service apache2 restart


(6) Visit the default home page and see. In order to do that, you can install a commandline web browser as follows.

sudo apt-get install w3m
 
Visit localhost and check whether we get the "it works" HTML page 
 
w3m localhost

If you prefer a GUI web browser to see it, you can use your host OS web browser for this purpose. For that, first of all, check the IP address of your virtual machine.

ifconfig

Then open a web browser of your host OS and enter that IP address in the address bar. You should see the "it works" page in it.

That's all folks!!!

References:

[1] https://www.linode.com/docs/tools-reference/linux-system-administration-basics

[2] https://www.linode.com/docs/websites/apache/apache-web-server-on-ubuntu-14-04

[3] https://help.ubuntu.com/lts/serverguide/httpd.html

Friday, May 13, 2016

Prof. Valentine Joseph

A few weeks ago, I received a chance to attend  to an interesting event organized by Department of Mathematics in University of Colombo. It was a guest talk conducted by former professor of the same department, Prof. Valentine Joseph. The title of his talk was Einstein: "The Wunderkind". It was a so beautiful talk about Einstein and his theories organized in such a way to show how simple and natural the view of Einstein. I got to know that the word Wunderkind is a German word with the meaning Wonderful Child. It was one hour talk mixed with mathematical equations written in the white board (which I didn't understand, to be honest :)) and beautiful explanations based on some real world examples.

Professor Valentine is a well known professor sometime back in UoC and his students are the people now running the administration as staff members. I heard that he has worked under Einstein as a student many years ago which surprised me in the first time heard it. I couldn't believe that UoC had staff members who reached such distances. At an age like this, with so many difficulties of standing up and talking to a large audience, he didn't hesitate to walk to the white board and make explanations. His courage and knowledge made me so glad that I attended to his guest talk that day.