Introduction to Apache Web Server Administration — A 3 day course
Synopsis
An Apache web server training course for system administrators who need to understand and then configure to get the best from their Apache servers.
The aim is to provide a real understanding so the delegates will spend time doing exercises that illustrate & practice what they have been taught in the lectures.
We find that many find SSL/TLS configuration for encrypted web sites leaves many confused. How this works is explained, as is how to create OpenSSL configuration files & make Certificate Signing Requests. Exercises are done using Let's Encrypt signed certificates to create multiple HTTPS virtual hosts.
This Apache course is delivered over three days, but a selected subset of the course modules can be delivered to experienced development in-house teams.
It is common for such in-house Apache training courses to select particular families of Apache modules and application servers to focus on. For example, Java oriented development teams will typically want the optional Tomcat module focusing on the tomcat servlet container, excluding less relevant topics like mod_perl and including material from our Java programming courses.
Perl programmers will typically ignore tomcat and may want to add Perl programming topics from elsewhere. Something similar may apply for PHP shops.
This is an instructor-led, hands-on Apache web server course, organised around practical tasks in web server configuration and administration.
Contents
Getting started with Apache
- What is a web server ?
- Apache features & market share
- Apache versions & platforms supported
- Installing & running Apache
- Apache configuration file
- Overview of HTTP/1
- HTTP Request Methods
- Accessing a web server telnet & openssl
- Persistent connections, chuncked transfers, byte serving, ETags, conditional transfers
- HTTP Pipelineing, compression
- HTTP 2.0 features & protocol
Apache basic configuration
- Apache Directives
- Apache Modules
- Checking Configurations
- Apache variables
- Logging, defining fields & location
- Error logs
- Custom error pages
- Server and directory index pages
- Custom index pages
- Forbidding index pages
- Directory paths without trailing slashes
- Per-directory configuration:
Location
- Other containers:
Directory
&File
- Regular expressions in container specifications
- Containers & case insensitive file systems
- Order of merging of containers
<IfDefine>
&<IfModule>
<If>
&<Else>
&<ElseIf>
<Limit>
- Directories &
Alias
- Configuration outside
httpd.conf
:.htaccess
- Protecting files & directories with passwords
- Creating a password file:
htpasswd
AuthType
&AuthName
- Generating custom errors:
ErrorDocument
- Authentication information in databases
- Restricting access by IP address
- Only listening on specific IP addresses
- Listening on IPv6 addresses
- Listening on a non standard port number
- Restricting access by IP address
allow,deny
&deny,allow
- Address and password authentication
- Authentication, Authorisation & Access control in Apache 2.4
- Apache 2.4
Require
:env
,method
,expr
RequireAll
,RequireAny
,RequireNone
- Character sets and human languages
- Setting Content MIME type
- Content expiry:
ExpiresByType
&Cache-Control
- Directory options:
Indexes
,FollowSymLinks
,ExecCGI
,MultiViews
, ... - Multi Processing Modules
- Tunable parameters for performance
- Enabling
KeepAlive
Serving multiple sites with virtual hosts
- DNS & virtual host names
- Enabling virtual hosts:
NameVirtualHost
- Defining & configuring virtual hosts:
VirtualHost
- Host aliases:
ServerAlias
- Virtual hosts on specific IP addresses
- Virtual hosts on specific port numbers
Dynamic pages - CGI, PHP and Perl
- CGI programs
- Running CGI programs with Apache
- CGI parameters
- PHP scripts &
mod_php
- PHP speedups — Code caching
- PHP speedups — persistent database connections
- Perl scripts &
mod_perl
- using
ModPerl::Registry
ModPerl::Registry
vModPerl::PerlRun
v CGI Perl
Using Apache modules
- Loading modules
mod_speling
,mod_alias
,mod_userdir
,mod_status
- Why use
mod_rewrite
? - URL rewriting patterns
- Rewrite flags
- Internal rewriting v redirection
- Forcing redirection
- Transforming URLs
- Conditional rewrites:
RewriteCond
RewriteCond
alpha & numeric comparison- File tests
- Browser-dependent pages
- Canonical URLS
- Preventing hot/deep linking
- Force use of SSL
- Time based access
RewriteMap
- When Container tests and Rewrites are performed
mod_rewrite
in.htaccess
- directory prefix stripping:
RewriteBase
-
RewriteLog
&RewriteLogLevel
- Per user directories: better security
- Directory listings:
mod_autoindex
,IndexOptions
- Header manipulation
mod_header
- Monitor Apache Performance with
mod_status
- Input & Output Filters
- Server side includes
Web proxy with mod_proxy
-
mod_proxy
- Forward Proxy
- Reverse Proxy / Gateway
- Related Modules:
mod_proxy_http
,mod_proxy_ftp
,mod_proxy_connect
,mod_headers
- Cached pages
CacheEnable
- Configuring what to proxy where
- Configuring a Reverse Proxy
Substitute
,ProxyHTMLURLMap
&ProxyPassReverseCookieDomain
- Load Balancing with
mod_proxy_balancer
- Cluster manager
balancer-manager
- Proxying by rewriting
- Back end optimisations
- Controlling access to the proxy server
Serving pages using HTTPS with mod_ssl
- HTTP security
- The need for encryption
- HTTPS myths & recent advances
- HTTPS — an overview, TLS & SSL
- Trap door functions & public keys
- Private/session keys & symmetric encryption
- Diffie-Hellman(-Merkle) key exchange, RSA, X.509, SSL Certificate
- Man in the middle attacks
- Choosing cypher suites
- How long should the key be ?
- Installing
mod_ssl
mod_nss
instead ofmod_ssl
- HTTP and HTTPS sites cohabiting
- HTTP and HTTPS virtual hosts
- SSL specific environment variables & logging
- Generating keys & certificates
- Review of purpose & process
- Generating a key
openssl
command- Generating a Certificate Signing Request
- Understanding the
openssl.cnf
file - Multi site certificates
- Show certificate expiry dates
- Working with Let's Encrypt
- Using
Certbot
& alternatives - Using
openssl
to connect to a web site - Certificate on Debian
- Revoked certificates
- OCSP stapling
- HTTPS best practices
Apache and HTTP/2
- How to Configure HTTP/2
- Testing HTTP/2
- HTTP/2 Push
- HTTP/2 implications
Suitable For
Software developers
Webmasters & system administrators.
Technical and support staff in electronic commerce.
Internet Service Providers (ISPs).
Web-based Application Service Providers (ASPs).
The course does not depend on any particular operating system and has been delivered to delegates who were using: Linux, Apple's MacOS & Microsoft Windows, BSD Unix.
This Apache web server course was originally devised to meet the needs of developers and technical support staff at the UK's largest business ISP. The design of the hands-on exercises in this Apache course and in our other Apache courses draws heavily on their experience and that of our own e-commerce consultants.
Prerequisites
A basic understanding of computer administration and of the TCP/IP protocols.
Competent use of a text editor.
Knowledge of programming or shell scripting techniques is an advantage, although a high level of practical programming competence is not needed.