Configuration (Apache)

From vwiki
Revision as of 12:26, 15 March 2012 by Sstrutt (talk | contribs) (Added "Status Page")
Jump to navigation Jump to search

Log Rotation

There are two ways to ensure your logs get rotated...

  • logrotate - The standard, cross application log rotation solution. Its very reliable and easy to configure, but requires that Apache is restarted every time your log is rotated so that it follows the log switch around.
  • rotatelog pipe - Has more overhead as logs are piped to a child process to handle, but doesn't require Apache restarts.

rotatelog

Edit you existing config file to redirect logging through the child rotatelogs process, this will probably be found in either your site config (EG in /etc/apache2/sites-enabled) or your Apache service config (EG in /etc/apache2/ )

ErrorLog  "|/usr/sbin/rotatelogs /var/log/apache2/error-%Y-%m-%d.log 86400"
CustomLog "|/usr/sbin/rotatelogs /var/log/apache2/access-%Y-%m-%d.log 86400" combined

Check that the path for rotatelogs is correct (search using find / -iname rotatelogs )

Restart Apache, perform a test page load on your site (that would generate log entries), and check that a log file has been generated as per your config

User/pass restrictions

  1. Create a user/pass entry in a file for a username
    • htpasswd -c /usr/local/apache2/conf/htusers username
  2. Add the relavent bits to the /etc/apache2/httpd.conf file, eg
    • <Directory />
    • AuthType Basic
    • AuthName "Restricted Access"
    • AuthUserFile /usr/local/apache2/conf/htusers
    • Require valid-user
    • </Directory>
  3. Restart the apache service
    • service apache2 restart

Status Page

Apache comes with its own in-built status page which, whilst not particularly pretty, gives a good overview of how your web-server is running. In the more recent versions of Apache its enabled by default, but only accessible from localhost.

To check that its enabled, look in /etc/apache/mods-enabled/ for two file link for status.conf and status.load. If not, create so that its enabled when you next restart Apache...

  1. cd /etc/apache/mods-enabled
  2. ln -s ../mods-available/status.load status.load
  3. ln -s ../mods-available/status.conf status.conf

Edit the status.conf to add the IP address(es) that you want to be able to (see http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html#allow for guidance on this). Also enable ExtendedStatus. Example config file...

<IfModule mod_status.c>
#
# Allow server status reports generated by mod_status,
# with the URL of http://servername/server-status
# Uncomment and change the ".example.com" to allow
# access from other hosts.
# 

ExtendedStatus On

<Location /server-status>
    SetHandler server-status
    Order deny,allow
    Deny from all
    Allow from 192.168.1.0/24 123.234.5.6
</Location>

</IfModule>

Restart Apache to apply (service apache2 restart), then access through through an URL similar to http://www.domain.com/server-status.

For further info see http://httpd.apache.org/docs/2.2/mod/mod_status.html