IN THIS CHAPTER
There is no World Wide Web without web servers, more accurately called httpd servers. And there is no more popular web server than the open-source Apache server.
In Chapter 14, “Creating Basic Websites,” you played a little bit with Apache in setting up a test system for your website and blog. Here we will go into more detail on the topics of setting up and administering your web server.
In the beginning there was the National Center for Supercomputing Applications (NCSA). Although the World Wide Web was first invented by Sir Tim Berners-Lee while he was at the then Conseil Européen pour la Recherche Nucléaire (CERN) in Switzerland, the Web could not become what it has without two practical additions: a server and a browser. The pioneers for both these applications were at NCSA at the University of Illinois.
A web server is nothing more than an application that runs silently in the background, listening for incoming requests from another computer for a particular document. After it receives a request, the server responds with the document, using the Hypertext Transfer Protocol (HTTP). The NCSA developed the first popular server application, HTTPd, but eventually lost interest in the project. Development on HTTPd formally ended in 1998.
A group of users and developers continued to work on the open-source code for HTTPd, fixing bugs and adding features in a haphazard way. Things were formalized when Bob Behlendorf and Cliff Skolnick set up a site where these HTTPd patches could all go. Before long (or so the legend goes), “a patchy server” got a formal name, Apache.
Marc Andreessen and others on the HTTPd team also worked on NCSA Mosaic, the first successful browser application. Andreessen went on to produce a commercial application that built on the Mosaic code, Netscape Navigator.
Over the years, Apache has become by far the most popular web server application. Netcraft has been monitoring server usage since October 1995, when HTTPd was still number 1. Apache has been the most popular server since October 1996 and has steadily increased its market share.
The Apache Software Foundation (ASF) was incorporated in 1999 as the official guardians of the project. Today it has a board of directors elected annually by ASF members. It hosts two dozen web-related software projects that share the open-source Apache License.
The Apache 2.0 web server was released in 2002 and is included in your SUSE Linux disk. You can also download source code directly from the project website, http://httpd.apache.org/download.cgi, and build it yourself.
You can install Apache through YaST like any other package. This is by far the easiest way. When you search for Apache in YaST, you’ll see a couple dozen packages, including several modules and Perl scripts that are optional but that may be useful to you.
When you install Apache 2.x, you will need one of the multiprocessing module (MPM) packages to run the server. The MPM is the component responsible for listening for network connections, accepting the request, and passing it to children processes for handling. There are two module packages available, apache2_prefork and apache2_worker, but only one can be loaded into the server at a given time.
The apache2_worker MPM handles requests using threads and is more geared toward use on a multiprocessor system. It is more advanced than the apache_prefork MPM, which instead handles requests using forked processes. The worker MPM has also been known to wreak havoc with some older modules. It’s important to select the correct MPM based on your needs and hardware.
Be sure to install the apache2-example-pages as well. This will let you test whether Apache is working immediately after installation.
If you prefer to get under the hood and see exactly what is going on, however, you can still compile your web server from source code.
You can get the latest stable source code from the Apache download site at http://httpd.apache.org/download.cgi. This page will point you to a mirror site that changes constantly. You can choose from a tarball, called httpd-<version-number>.tar, compressed with either gzip or bzip2. These archives are a few megabytes each and should not take too long to download, even with a dial-up connection.
Caution
Installing Apache from source can be a difficult task. Before attempting to do this, you should be very comfortable with your knowledge of your system and how all the various parts work together. You should know what to do in case of a problem. Much less can go wrong when you install via YaST, or even by using the standard Red Hat Package Managers (RPMs), and you can always uninstall an errant RPM package. That is not the case with source code.
After the download is complete, you should extract the archive into a safe temporary directory, such as /tmp. The archive creates a new httpd_<version-number> directory to store its files. This directory will contain a README, a LICENSE, and an INSTALL file.
The README file lists introductory information about the httpd server itself, where to find the latest version and documentation, acknowledgements, and whom to contact if you want to become involved or report a bug. The LICENSE file enumerates the terms and conditions for use and redistribution of the server software. The INSTALL file gives a quick overview at the installation process. Be sure to check out these files before attempting to build Apache.
Apache relies heavily on the use of autoconf and libtool, and although you could compile Apache the old-fashioned way by editing Makefile templates, you’ll find it easier to use the configure script that comes in the tarball. To do this, open a shell (as a regular user), change directories to the location of the extracted tarball (that is, /tmp/httpd_<version-number> if you’re following along), and then type the following command:
./configure --help
The script will output a list of configuration options you can use to fine-tune the compile process and Apache’s setup. After you’ve read through the list and determined which options best suit you, run the configure script again:
./configure --prefix=/usr/local/httpd2 --with-mpm=prefork --enable-so //
--enable-rewrite
The files will be placed in /usr/include/apache2 by default when the compiled httpd is installed, so you may want to specify a different directory using the prefix option as I did earlier. Keeping Apache’s binary, scripts, configuration files, and modules all together is a good idea and makes things easier if you later need to upgrade or remove the server.
The configure script generates the necessary Makefile to compile the server. Type make to begin compiling the source code. After the code has been compiled, log in as the SuperUser and type make install to complete the installation and install the files under the directory you specified with configure’s prefix option.
You can now configure your server. See the “Runtime Server Configuration Settings” section later in this chapter for ways to do that.
Now you’ve installed Apache with its default configuration. SUSE Linux provides a default home page, /srv/www/htdocs/index.html, in English and several other languages to test whether Apache is working properly. The proper way to run Apache is to have the web server run after booting, network configuration, and any firewall loading. The YaST Runlevel Editor takes care of this for you. This module is located on the YaST System page. See “Using the Runlevel Editor” in Chapter 22, “Managing the Boot Process and Other Services.”
Tip
In the Advanced mode of the Runlevel Editor, make sure Apache is set to load at Runlevels 3 and 5.
After that is done, open any browser to http://localhost. If you have installed the sample pages package, you should see Figure 26.1.
Figure 26.1. If Apache is installed correctly, you’ll get this test page when pointing a browser to http://localhost.
You can also use a wrapper script, apachectl, to start and stop the Apache server without having to reboot the entire machine. This comes in handy when you tweak httpd’s configuration and need to restart the service for the changes to take effect. The script is found in the same directory as the httpd binary and in its simplest incantation, followed by start, restart, graceful, or stop:
./apachectl start
Intuitively, start and stop will start and stop the server, respectively. You can use restart to stop and immediately start the server again, or use graceful to give Apache a chance to finish any tasks it’s performing before stopping (a graceful stop).
Running Apache with its default settings should suit most uses. There are some tweaks you can make to customize Apache to your own liking or needs. If you installed Apache using YaST, Apache’s standard configuration file is stored in /etc/Apache2/httpd.conf. If you installed Apache manually, the httpd.conf file will reside in the etc subdirectory of whatever you specified as Apache’s base directory using configure’s prefix option. You can either use SUSEConfig or edit this file directly to customize your server.
The SUSEConfig editor is located on the YaST System page. To configure Apache, go to Network, WWW, Apache2. Open the tree (click the + sign) to view the settings. These include the following:
APACHE_HTTPD_CONF. —Use this setting to specify a different configuration file than the defaulthttpd.conf.APACHE_MPM. —Multiprocessing modules are compiled into Apache and handle tasks such as network and process management. Remember, Apache can use only one MPM at a time. You can have both MPMs installed, but this setting determines which MPM is used. By default, SUSE Linux installs thepreforkMPM.APACHE_SERVERADMIN. —Useful only ifAPACHE_SERVERSIGNATUREis set toemail. This setting lists the administrator’s email address. The default iswebmaster@<hostname>, where<hostname>is taken from theHOSTSfile.APACHE_SERVERNAME. —This is an important setting, especially if the server is open to the Internet and not just your LAN. Use this to define your fully qualified domain name, such as www.susefan.com, because this is the name your server will return when pinged. You don’t need to set this if the machine’s canonical name (that is, what SUSE calls your machine) is fine with you; Apache will use this by default. If you administer your own DNS (see the next chapter for information on how to do that), be sure to add an alias for your host. Otherwise, ask the manager of your DNS (your ISP, for example) to set this name.APACHE_CONF_INCLUDE_FILES. —Create a custom configuration file and name ithttpd.conf.local. Use this setting to have Apache use the custom configuration file in addition to the default. You can add multiple files separated by spaces.APACHE_CONF_INCLUDE_DIRS. —Suppose you have a server application and its configuration file installs to a directory other than/etc/Apache2. Use this setting to allow Apache to read this configuration file. You can add multiple directories separated by spaces.APACHE_MODULES. —This is where modules installed by YaST are activated. Look over the Description text for hints on various modules.APACHE_SERVER_FLAGS. —This is the equivalent of starting Apache from the command line with various switches to turn features on and off. Review the Apache man page to see a list of switches/flags you can enter here.APACHE_START_TIMEOUT. —By default, if the kernel tries to start Apache during boot, and Apache does not start in 2 seconds, it will report a timeout. You can extend this time (if, for example, you have some security features added that will slow response time) here.APACHE_SERVERSIGNATURE. —This starts a footer at the bottom of any server-generated error page. By default, this includes the server name and Apache version number. If you want to include a contact point for the user to find you, set this toemailand enter an email address atAPACHE_SERVERADMIN. If you prefer that nothing appear, set this tono.APACHE_LOGLEVEL. —This defines what gets entered into the server logs by setting the minimum level. By default, this is set atwarn, so only problems that generate warnings (or worse) are entered. Informational messages are screened out. You should change this only if you are trying to troubleshoot a problem that might generate a lower-level message.APACHE_ACCESS_LOG. —The location of your access log. Who is visiting?APACHE_USE_CANONICAL_NAME. —This is turned off by default; turn it on so Apache delivers the ServerName listed earlier. Use the DNS setting to let the domain name server handle requests for the server name.APACHE_SERVERTOKENS. —This tells Apache how much information it delivers about itself when asked. The default is the OS it is running on. You can set this higher or lower.APACHE_EXTENDED_STATUS. —You can get additional information in your server status reports with this option turned on, but recording it will slow the server down some.APACHE_BUFFERED_LOGS. —Use this to get Apache to store several log entries in memory and write them together to disk, rather than writing them after each request. On some systems, this may result in more efficient disk access and hence higher performance. It may be set only once for the entire server; it cannot be configured per virtual host.APACHE_TIMEOUT. —How long, in seconds, Apache attempts to process a request before giving up. By default, this is set at 300 seconds (5 minutes).
Most important Apache settings can be configured in /etc/sysconfig, but some must be edited in Apache’s own configuration file, /etc/Apache2/httpd.conf. Consult the Apache documentation for a listing of all the settings, also called directives, but you should consider changing the following defaults:
DocumentRoot. —This should be set to the top directory that you want to serve files from. The default is/srv/www/htdocs.MaxClients. —The maximum number of concurrent clients (that is, visiting browsers). The default is 150, but it probably should be set with consideration to the amount of traffic you expect.Port. —Where Apache listens for traffic. This is set by default at port 80, the assigned port for HTTP traffic. This may also be set to port 8080 depending on your intended setup.DirectoryIndex. —The file(s) Apache looks for when a request is made for the index or listing of a directory. Several documents can be listed (so you can list such files asindex.php, index.shtml, index.htm, index.txt, and so on) and the server will return the first one in the list that it finds. If none of the documents exist, then, depending on how you’ve configured things, Apache may try to generate its own directory listing.UserDir. —In every user’s home directory, there is a subdirectory calledpublic_html. To have Apache recognize files in this directory, set it here. The address for these pages would be http://<servername>/~<username>.
You may have some documents in your web directory that you don’t want the whole world to have access to. From a user’s standpoint, you’ve often come across pages that require a password or that simply tell you that you aren’t authorized to use this page. In this section, you’ll learn how to protect parts of your site from prying eyes through user authentication and authorization.
Apache lets you restrict access to your site based on IP addresses or hostnames. This is done through directives in httpd.conf called allow and deny.
Suppose you plan to host an apt package repository at susefan.com/pub/, but you don’t want anyone outside of susefan.com downloading its files with a browser. You would add these lines to httpd.conf:
<Location /pub>
SetHandler pub
Order deny, allow
Deny from all
Allow from susefan.com
</Location>
Note the four statements. First, we told Apache that when someone tries to access the /pub directory, it needs to check whether the person is allowed. Then we set the order for Apache to check—first process the deny statements and then the allow statements. In this case, the statements are easy to follow: Deny everyone, unless the request originates from a host within the susefan.com domain.
You can describe your limits for either deny or allow in six ways:
allaffects everyone.A full or partial IP address, such as 192.168.1.101 or 192.168.1. This is preferred over a domain name because it’s faster to process.
A full or partial host or domain name, such as
susefan.com. This is a little slower than an IP address because Apache must do a DNS lookup to confirm the host.A network/netmask pair such as 192.168.1.0/255.255.1.0.
A network address in the classless interdomain routing (CIDR) form, such as 192.168.1.0/24.
Many organizations have a members-only section of their website where information is stored that the rest of the world can’t access. To see the information in such a restricted area, users must prove they are authorized to do so, usually by providing a username and password.
Apache Basic Authentication is the most common authentication method used, probably because it is quite straightforward in its approach. When someone attempts to access a protected page, Apache asks for a username and a password. It then verifies the username and password and if successful, Apache serves the request.
Caution
Basic Authentication does not encrypt the password when you type it in, so don’t use valuable passwords (such as your login password) for your protected page.
Similarly, webmasters should not use Basic Authentication for highly sensitive data. You have the option of using Apache Digest Authentication (which is more secure, but not always supported by browsers), using SSL/TSL or finding some more secure means of making the data available to a selected group. Consult the Apache documentation for information on Digest Authentication.
The first step in implementing Basic Authentication is to create a plain-text list of usernames and passwords. This is done using htpasswd2, a script included with the Apache2 package and installed to the same directory as httpd and apachectl. You should store these passwords away from your main Apache installation directory, making it harder for rogue applications to find them, so make a new directory (as the SuperUser) to hold this file, such as /usr/local/httpd2/passwd first.
Note
Basic Authentication is implemented with the mod_auth module. In the unlikely event that you get a command not found error message when running htpasswd2, make sure this module is installed.
When you have created this directory, type this command to create a new hidden password file, with the first user included:
./htpasswd -c /usr/local/httpd2/passwd/.htpasswd mikemc
You’ll be prompted twice for this user’s password:
New password: Re-type new password: Adding password for user mikemc
To add new users to this file, use the same command without the -c switch (that creates a new file):
./htpasswd /usr/local/httpd2/passwd/.htpasswd newuser
Next, you need to tell Apache to refer to .htpasswd when serving a protected page. You do this in one of two ways: directly through httpd.conf or by creating a new .htaccess file. The .htaccess file should be located in the directory you want to protect; in the example used in the allow/deny section, this would be /pub/.htaccess. In httpd.conf, you would create a new section labeled <Directory /pub>. Either way, the syntax is the same. Use these four directives:
AuthType Basic AuthName "Members Only" AuthUserFile /usr/local/httpd2/passwd/.htpasswd Require user mikemc
Here the AuthType is Basic because we’re using Basic Authentication (the option would be set to Digest if mod_auth-digest was used). The AuthName can be anything and identifies the “realm” or category of that page. In this case, all pages with the AuthName Members Only would have the same password. Thus, when the browser went to another page marked Members Only, it could deliver the same password without forcing the user to retype it in an endless series of pop-up dialog boxes. The AuthUserFile points to the .htpasswd file containing the usernames and passwords. The Require directive specifies the user(s) allowed to access the page.
If, instead of one person having access to a resource, you want to create a group of users with the same level of access, create a group file named .htgroup in any text editor with the Group Name and a list of users. Save it in the same directory as .htpasswd. The entry in .htgroup file should look like this:
Members: mikemc robsh ltorvalds svillinski
The concept of the two files are similar to Linux’s /etc/passwd and /etc/group files; .htpasswd stores each username and password hash, and .htgroup aggregates usernames into logical groups. Each group member needs to have a password listed in .htpasswd before access is allowed.
Now edit your .htaccess file so that your group has access.
AuthType Basic AuthName "Members Only" AuthUserFile /usr/local/httpd2/passwd/.htpasswd AuthGroupFile /usr/local/httpd2/passwd/.htgroups Require group Members
Everyone in the Members group would now have access to all pages with the “Members Only” realm.
It should not surprise you that the “patchy” server does most of its work through modules. After all, it’s this very modular design that has enabled it to become a powerful, flexible web server. Some 50 core modules are included in the Apache2 package, and a couple dozen more are included in the SUSE Linux distribution. All are installable with YaST. In addition, nearly 400 modules are stored in the Apache Module Registry, http://modules.apache.org. The following is but a brief sampling of modules available for Apache:
bw_mod. —Limits the number of simultaneous connections and bandwidth usage for virtual hosts and directories.mod_auth_mysql. —Adds MySQL database-based authentication.mod_bt. —Extends Apache to handle the BitTorrent protocol and act as a tracker.mod_clamav. —Scans files for viruses with ClamAV before serving them to the client.mod_ftpd. —Extends Apache to handle FTP transactions.mod_gnutls. —An alternative to mod_ssl that provides the capability to use SSL/TLS.mod_mono. —Serves ASP.NET client applications in a non-Windows environment with Mono.mod_perl. —Processes embedded Perl code before serving a document.mod_php4. —Processes embedded PHP code before serving a document.mod_python. —Processes embedded Python code before serving a document.mod_rewrite. —Manipulates URL addresses according to rules written using regular expressions.mod_ruby. —Processes embedded Ruby code before serving a document.mod_so. —Enables usage of modules linked at runtime in contrast to only those statically compiled.mod_ssl. —Adds the capability to establish and communicate across SSL/TSL connections.mod_websh. —Processes embedded Tcl code before serving a document.mod_xslt. —A filter that transforms XML files into other formats on-the-fly by applying XSLT stylesheets.
Each module adds new directives that can be added to your configuration files. Make sure the module is compatible with your Apache installation, though. Changes made to Apache between versions 1.3.x and 2.x break some modules. All that information, including the module’s installation procedures and the new configuration directives they make available, can be found either in the module’s or Apache’s documentation.
Apache lets you host several domains with a single instance of the server, a process referred to as virtual hosting. This service can be a godsend for the system administrator overseeing an installation with limited resources, such as hardware, static IP addresses, or even time to monitor several server setups. Virtual hosting is implemented through several directives included in httpd.conf.
Note
The mod_vhost_alias module is another virtual hosting tool included with the core Apache package. It is designed for use by ISPs and other large sites.
There are two ways to implement virtual hosts in Apache: name-based and IP-address–based hosting. This section covers both options.
In either case, you must first tell Apache the IP addresses that have multiple domains associated with them. You can either use a specific IP address or the * variable to indicate that Apache should consider any request it receives as a candidate for virtual hosting. Open httpd.conf and type
NameVirtualHost *
According to the HTTP/1.1 specification, when a client seeks out a document from a server, it includes the expected domain in its request. Although various domains may resolve to the same IP address with a DNS query, the domain names in the HTTP requests will still be different. This is the basic principle of name-based virtual hosting.
This type of virtual hosting (also known as vhosting) is the easiest and most popular way to handle hosting multiple domains. With this method, you need only one IP address to host several domain names. Apache receives a request, examines it to identify the desired domain, and obliges with the proper page.
You’ll need to add VirtualHost sections in the configuration file for each domain name after the NameVirtualHost directive. For example, if you want to host a personal site at www.YourName.com and a second site, www.susefan.com, this is how you would enter them in httpd.conf:
<VirtualHost *>
ServerName www.YourName.com
DocumentRoot /srv/www/htdocs/YourName.com
ServerAdmin [email protected]
ErrorLog /var/log/apache2/www.YourName.com-error_log
CustomLog /var/log/apache2/www.YourName.com-access_log common
</VirtualHost>
<VirtualHost *>
ServerName www.susefan.com
DocumentRoot /srv/www/htdocs/susefan.com
ServerAdmin [email protected]
ScriptAlias /srv/www/htdocs/susefan.com/cgi-bin
ErrorLog /var/log/apache2/www.susefan.com-error_log
CustomLog /var/log/apache2/www.susefan.com-access_log common
</VirtualHost>
Caution
Although SSL/TSL have not been discussed, it is still worth mentioning that Apache cannot distinguish different security certificates for name-based virtual hosts. This is because SSL/TSL operates at a socket level, and the request has already been encrypted by the time Apache receives it. This may cause warnings to be triggered by the client’s browser, depending on the common name listed by the certificate. In these cases, IP-Address–Based virtual hosting is recommended.
As the server receives the request, it will scan through the configuration file seeking a virtual host entry’s ServerName or ServerAlias directive that matches the expected domain. If no matching entry can be found, the first virtual host is used. The virtual host first inherits the directives set earlier in the httpd.conf file and then overrides those explicitly set for the host.
In the preceding example, www.YourName.com will use whatever ScriptAlias value is defined in the base configuration, whereas www.susefan.com will use /srv/www/htdocs/susefan.com/cgi-bin.
Hosting multiple IP addresses is a little more complex than hosting multiple names, but it is more widely supported. All but a very few ancient browsers (that is, those browsers that support only HTTP/1.0) support name-based vhosts, but if you want to be universal, this is the way to go.
Note
Kernel support for multi-IP-hosting, called IP aliasing, must be enabled for these commands to work. This is the default setting for SUSE Linux.
Setting up IP-based vhosting is a two-step process. First, you must identify the addresses to use. As the SuperUser, run ifconfig to find the Internet address (listed here as inet addr) attached to eth0, your Ethernet connection. It should show up similar to the following:
inet addr:172.26.1.33
Then use ifconfig to bind more addresses to the network interface:
/sbin/ifconfig eth0:0 172.26.1.40 /sbin/ifconfig eth0:1 172.16.1.41
Now you can enter the same VirtualHost statements in httpd.conf as you did when using names, with only the VirtualHost statement changed:
<VirtualHost 172.26.1.40>
ServerName www.YourName.com
DocumentRoot /srv/www/htdocs/YourName.com
ServerAdmin [email protected]
ErrorLog /var/log/apache2/www.YourName.com-error_log
CustomLog /var/log/apache2/www.YourName.com-access_log common
</VirtualHost>
<VirtualHost 172.26.1.41>
ServerName www.susefan.com
DocumentRoot /srv/www/htdocs/susefan.com
ServerAdmin [email protected]
ScriptAlias /srv/www.htdocs/susefan.com/cgi-bin
ErrorLog /var/log/apache2/www.susefan.com-error_log
CustomLog /var/log/apache2/www.susefan.com-access_log common
</VirtualHost>
Active content on a web page can range from a simple form or opinion poll, to a search-engine results page, to a portal with personalized news content.
Apache offers three methods of generating active content: common gateway interface (CGI) scripts, server-side includes (SSI), and active content modules such as mod_perl.
Chapter 31, “Programming Dynamic Websites,” covers the creative end of making active content. This section is a brief introduction into the nuts and bolts of delivering this content to users.
CGI is a specification that allows a web server to execute programs and scripts that reside on the web server and return their output back to the client. CGI programming is the most common method of generating dynamic content for the web. Almost any language can be used, although Perl, Python, and C tend to be the most popular.
The easiest (and most secure) way to activate the CGI capabilities of Apache is to create a special directory that will contain all the scripts, and specify it using the ScriptAlias directive. Traditionally, the name of the directory is cgi-bin. Apache will try to run any file that resides in that directory ll file residing in the directory set with ScriptAlias.
Remember, these programs must be executable by the system Apache user. When you place your programs there, the permissions must be set to permit this:
chmod 755 program.cgi
Another way to enable CGI is to add +ExecCGI to the directory’s Options directive and then set a handler for files with certain extensions. These changes can be made either in the http.conf or .htaccess file:
Options +ExecCGI AddHandler cgi-script .cgi .pl
In the preceding code, files in the directory with a .cgi or .pl extension will be handled as CGI scripts. Apache will execute the scripts and return the results to the requesting client.
SSI are specially crafted comments called elements, which are embedded in a web page and interpreted by Apache. They can be used to include the contents of other files, display environment variables (such as the current date and time) or a file’s timestamp, and produce program outputs.
To enable SSI, mod_include must be available to Apache, and you must add +Includes to the directory’s Options directive either in http.conf or in .htaccess:
Options +Includes
There are then two methods for identifying a file for processing as an SSI document. The first is to specify a file extension, traditionally .shtml, and associate a handler to process files that end with that extension:
AddType text/html .shtml AddHandler server-parsed .shtml
The directives may be placed in either the http.conf or a .htaccess file. When set, Apache will process all files with the .shtml extension for SSI elements before returning the results to the requesting client.
The second method for identifying a file is by turning on the XBitHack directive and setting the execute permission bit on any SSI file. Again, they may be set either in .htaccess or httpd.conf.
XBitHack on
With XBitHack turned on, Apache will parse all files that the user has permission to execute, regardless of the file’s extension.
If you find yourself writing a lot of CGI scripts in a particular interpreted language, it might be beneficial to see if a module exists that integrates the language’s interpreter with Apache. For example, you would probably do better in the long run using the mod_perl Apache module instead of processing your Perl-powered pages through CGI. When you call a script from Apache, the Perl interpreter process starts, does its work, and then eventually stops. You can just imagine what that does to your system’s resources if you have 20 scripts running simultaneously, even if just for a few seconds. When you channel those scripts through a module, everything is handled by one native interpreter. This makes everything go faster—and safer.
The downside is that mod_perl is much fussier about errors. Apache doesn’t really mind if you don’t release a resource programmatically, because it shuts down the script before that becomes a problem. In a module, errors accumulate and become real problems. The upside is that you will become a better programmer as a result of fixing all these problems.
Some languages are specifically designed to be run through an Apache module, such as PHP. PHP can be used to process scripts through CGI; the language’s documentation encourages the use of an Apache module over the CGI implementation.
SUSE Linux provides Apache modules for four scripting languages: mod_perl, mod_python, mod_php4, and mod_ruby.
SEE Chapter 30, “Using Perl and Python,” and Chapter 31, “Programming Dynamic Websites,” for more information about using these languages.
Apache may be number one in the web server business, but it is not the only one. Aside from IIS (a commercial web server product from Microsoft), several general-purpose web servers can run on Linux. Specialized web servers, such as the various Wiki engines, the Zope application server, and J2EE application servers, also run on Linux.
This section covers some of the server products that will run on SUSE Linux.
This tiny server (only 129KB), included in SUSE Linux and installable via YaST, aims to be a simple, small, fast, and secure web server. It’s not as feature rich as Apache or other server applications, but it does support CGI, Basic Authentication, virtual hosting, and bandwidth throttling.
The Caudium WebServer is on par with Apache but again with different strengths and weaknesses. It is a nonforking, threaded web server. It offers a web-based configuration interface, templating with the RoXen Macro Language (RXML), Pike code embedding, and the Supports Database, a method through which the requesting browser’s capabilities can be identified without using JavaScript in the web document. Caudium is not distributed with SUSE, but its source code can be downloaded from the project’s home page.
Xitami is a small, multithreaded and modular web server application that can also handle FTP requests. It supports direct support for CGI scripts written in Perl, Awk and Python, Basic Authentication, virtual hosting, on-the-fly server configuration, and server-side XML processing. Xitami is not distributed with SUSE, but the project’s source code can be downloaded from its website.
Zope is an open-source web-application server written mostly in Python. It is included in SUSE Linux and is installable via YaST. (You learned a little about Zope, including how to install it, when you installed ZWiki in Chapter 16, “Collaborating with Others.”)
Zope is an excellent content management framework and is geared toward serving dynamic pages. Zope can do its own web serving and has many of the same modules to do its work that Apache does, but it is often used together with Apache.
The best thing about Zope as a web server is that the simple web-based interface makes configuration much easier than with Apache.
Macromedia’s ColdFusion server bills itself as a fast way to create powerful web-based applications. It can run as a standalone application server, integrate with Apache, or work in conjunction with other J2EE solutions to serve CFML documents. The main benefits of the ColdFusion server is its Java underpinnings, which allow developers to use third-party Java code in their Internet applications, and tight integration with Macromedia’s other technologies. Free trial and developer versions are available from the company’s website.
The TomCat servlet container is part of the Apache Foundation’s open-source Jakarta project and embodies the industry’s standard implementation for the servlets and JSP interfaces. It can be configured as a standalone application server or integrated with Apache to serve JSP pages. TomCat can handle CGI and SSL requests when acting as a standalone server. Other benefits are its Single Sign On feature and web-based configuration interface. TomCat can be downloaded from the project’s website.
http://www.apache.org—The Apache Software Foundation umbrella site. Access all Apache projects from here.
http://httpd.apache.org—The place to start for information on the Apache Web Server. News, downloads, FAQs. Check the Docs subproject for a PDF user’s guide.
http://modules.apache.org—The Apache Module Registry. Locate modules to install, and contribute modules you’ve created.
http://www.apachetoday.com—A little cluttered and ad ridden, but ServerWatch’s Apache Today site is still an excellent source of Apache news and tutorials.
http://tldp.org/HOWTO/HOWTO-INDEX/apps.html#SERVERHTTP—An index of web server-related HOWTOs, mostly dealing with Apache, but a few others, too.
http://susefaq.sourceforge.net/faq/apache.html—The Unofficial SUSE FAQ list includes useful SUSE-specific Apache information.
http://news.netcraft.com/archives/web_server_survey.html—The monthly Netcraft survey of popular web servers. As this is being written, nearly 70 percent of the Web runs on Apache.
http://modpython.org—Home of the
mod_pythonApache module.http://hoohoo.ncsa.uiuc.edu/cgi/—Information on the common gateway interface.
http://modruby.net—The
mod_rubypage.http://www.acme.com/software/thttpd—Home of
thttpd.http://caudium.net/—The Caudium WebServer home page.
http://www.xitami.com/—The Xitami website.
http://www.zope.org—All the latest and greatest from the Zope community.
http://www.macromedia.com/software/coldfusion/—Web page at Macromedia promoting the ColdFusion MX server.
http://jakarta.apache.org/tomcat/—The Java Servlet and JSP server released through the Apache Free Software Foundation.