Introduction to Apache Web Server Administration — A 3 day course

Enquire about this course

 Closed In-House Course

Synopsis

An Apache web server training course for system administrators who need to understand and then configure to get the best from their Apache servers.

The aim is to provide a real understanding so the delegates will spend time doing exercises that illustrate & practice what they have been taught in the lectures.

We find that many find SSL/TLS configuration for encrypted web sites leaves many confused. How this works is explained, as is how to create OpenSSL configuration files & make Certificate Signing Requests. Exercises are done using Let's Encrypt signed certificates to create multiple HTTPS virtual hosts.

This Apache course is delivered over three days, but a selected subset of the course modules can be delivered to experienced development in-house teams.

It is common for such in-house Apache training courses to select particular families of Apache modules and application servers to focus on. For example, Java oriented development teams will typically want the optional Tomcat module focusing on the tomcat servlet container, excluding less relevant topics like mod_perl and including material from our Java programming courses.

Perl programmers will typically ignore tomcat and may want to add Perl programming topics from elsewhere. Something similar may apply for PHP shops.

This is an instructor-led, hands-on Apache web server course, organised around practical tasks in web server configuration and administration.

Contents

Getting started with Apache

• What is a web server ?
• Apache features & market share
• Apache versions & platforms supported
• Installing & running Apache
• Apache configuration file
• Overview of HTTP/1
• HTTP Request Methods
• Accessing a web server telnet & openssl
• Persistent connections, chuncked transfers, byte serving, ETags, conditional transfers
• HTTP Pipelineing, compression
• HTTP 2.0 features & protocol

Apache basic configuration

• Apache Directives
• Apache Modules
• Checking Configurations
• Apache variables
• Logging, defining fields & location
• Error logs
• Custom error pages
• Server and directory index pages
• Custom index pages
• Forbidding index pages
• Directory paths without trailing slashes
• Per-directory configuration: Location
• Other containers: Directory & File
• Regular expressions in container specifications
• Containers & case insensitive file systems
• Order of merging of containers
• <IfDefine> & <IfModule>
• <If> & <Else> & <ElseIf>
• <Limit>
• Directories & Alias
• Configuration outside httpd.conf: .htaccess
• Protecting files & directories with passwords
• Creating a password file: htpasswd
• AuthType & AuthName
• Generating custom errors: ErrorDocument
• Authentication information in databases
• Restricting access by IP address
• Only listening on specific IP addresses
• Listening on IPv6 addresses
• Listening on a non standard port number
• Restricting access by IP address
• allow,deny & deny,allow
• Address and password authentication
• Authentication, Authorisation & Access control in Apache 2.4
• Apache 2.4 Require: env, method, expr
• RequireAll, RequireAny, RequireNone
• Character sets and human languages
• Setting Content MIME type
• Content expiry: ExpiresByType & Cache-Control
• Directory options: Indexes, FollowSymLinks, ExecCGI, MultiViews, ...
• Multi Processing Modules
• Tunable parameters for performance
• Enabling KeepAlive

Serving multiple sites with virtual hosts

• DNS & virtual host names
• Enabling virtual hosts: NameVirtualHost
• Defining & configuring virtual hosts: VirtualHost
• Host aliases: ServerAlias
• Virtual hosts on specific IP addresses
• Virtual hosts on specific port numbers

Dynamic pages - CGI, PHP and Perl

• CGI programs
• Running CGI programs with Apache
• CGI parameters
• PHP scripts & mod_php
• PHP speedups — Code caching
• PHP speedups — persistent database connections
• Perl scripts & mod_perl
• using ModPerl::Registry
• ModPerl::Registry v ModPerl::PerlRun v CGI Perl

Using Apache modules

• Loading modules
• mod_speling, mod_alias, mod_userdir, mod_status
• Why use mod_rewrite ?
• URL rewriting patterns
• Rewrite flags
• Internal rewriting v redirection
• Forcing redirection
• Transforming URLs
• Conditional rewrites: RewriteCond
• RewriteCond alpha & numeric comparison
• File tests
• Browser-dependent pages
• Canonical URLS
• Preventing hot/deep linking
• Force use of SSL
• Time based access
• RewriteMap
• When Container tests and Rewrites are performed
• mod_rewrite in .htaccess
• directory prefix stripping: RewriteBase
• RewriteLog & RewriteLogLevel
• Per user directories: better security
• Directory listings: mod_autoindex, IndexOptions
• Header manipulation mod_header
• Monitor Apache Performance with mod_status
• Input & Output Filters
• Server side includes

Web proxy with mod_proxy

• mod_proxy
• Forward Proxy
• Reverse Proxy / Gateway
• Related Modules: mod_proxy_http, mod_proxy_ftp, mod_proxy_connect, mod_headers
• Cached pages CacheEnable
• Configuring what to proxy where
• Configuring a Reverse Proxy
• Substitute, ProxyHTMLURLMap & ProxyPassReverseCookieDomain
• Load Balancing with mod_proxy_balancer
• Cluster manager balancer-manager
• Proxying by rewriting
• Back end optimisations
• Controlling access to the proxy server

Serving pages using HTTPS with mod_ssl

• HTTP security
• The need for encryption
• HTTPS myths & recent advances
• HTTPS — an overview, TLS & SSL
• Trap door functions & public keys
• Private/session keys & symmetric encryption
• Diffie-Hellman(-Merkle) key exchange, RSA, X.509, SSL Certificate
• Man in the middle attacks
• Choosing cypher suites
• How long should the key be ?
• Installing mod_ssl
• mod_nss instead of mod_ssl
• HTTP and HTTPS sites cohabiting
• HTTP and HTTPS virtual hosts
• SSL specific environment variables & logging
• Generating keys & certificates
• Review of purpose & process
• Generating a key
• openssl command
• Generating a Certificate Signing Request
• Understanding the openssl.cnf file
• Multi site certificates
• Show certificate expiry dates
• Working with Let's Encrypt
• Using Certbot & alternatives
• Using openssl to connect to a web site
• Certificate on Debian
• Revoked certificates
• OCSP stapling
• HTTPS best practices

Apache and HTTP/2

• How to Configure HTTP/2
• Testing HTTP/2
• HTTP/2 Push
• HTTP/2 implications

Suitable For

Software developers

Webmasters & system administrators.

Technical and support staff in electronic commerce.

Internet Service Providers (ISPs).

Web-based Application Service Providers (ASPs).

The course does not depend on any particular operating system and has been delivered to delegates who were using: Linux, Apple's MacOS & Microsoft Windows, BSD Unix.

This Apache web server course was originally devised to meet the needs of developers and technical support staff at the UK's largest business ISP. The design of the hands-on exercises in this Apache course and in our other Apache courses draws heavily on their experience and that of our own e-commerce consultants.

Prerequisites

A basic understanding of computer administration and of the TCP/IP protocols.

Competent use of a text editor.

Knowledge of programming or shell scripting techniques is an advantage, although a high level of practical programming competence is not needed.