Novell Home

NetWare 6.0 Web Infrastructure Part 7: Apache Web Server Installation and Deployment Considerations

Novell Cool Solutions: Feature
By Joe Harmon

Digg This - Slashdot This

Posted: 9 Apr 2003
 

Joe Harmon is part of Novell's Web Services Support team. This material is adapted from some excellent training sessions he recently presented here at Novell. He graciously allowed us to share it with you in this series of articles.

NEW: Click here for a PDF of the entire series.

Intranet Only

This is the easiest of solutions, but also the rarest. This is the easiest deployment because you do not need to worry about outside access to your web server. All of the access will be coming from the inside only. The reason this is the rarest deployment is due to the fact that a web server is usually for publishing content to the outside world. This simply consists of configuring your web server to an internal IP address, which will most likely be the default configuration of the server itself.

Extranet Only

An example of an extranet deployment would be an ISP. This is a deployment to strictly provide content to the public. In this instance NO content is provided to an internal network. This is also a rare instance. Again, the default installation of Apache should be sufficient for this deployment assuming that the server is installed with only a public IP address.

Intranet and Extranet

The Intranet / Extranet deployment is the most common and the most difficult. Most companies have internal and external content to be deployed. Several different factors need to be taken into consideration before deploying an Apache server. If Apache has already been installed and the deployment needs to be changed then there are other issues we will need to look at. Consider the following questions:

(1) How many Network Interface Cards (NIC's) does the server have? ** NOTE ** Remember that every NIC is going to represent a different network. In most instances, a person would have two NIC's if they are trying to bridge an Intranet and an Extranet together.

  • If the server has one NIC, is it on a public or private IP address?
    • If a public IP address, do you want to provide content from this web server to your internal users?
    • If a private IP address, do you want to provide content from this web server to your external users?
  • If the server has more than one NIC, are you bridging an internal and external network, bridging more than one internal network, or bridging more than one external network?
    • If bridging an internal and external network, how are you providing access to users on the outside?
      • NAT? (BorderManager, Router, Firewall, etc.)
      • Reverse Proxy? (BorderManager, Router, Firewall, etc.)
      • Forward Proxy? (iChain, etc)
    • If bridging more than one internal network, how are you providing access to users on the outside?
    • If bridging more than one external network, how are you providing access to users in the inside?

(2) Is the content that you are going to provide to internal and external users the same content, different content, or both?

(3) What is the type of content that you are going to provide?

(4) Is your site going to have public access, SSL, restrictions to content, or a combination?

(5) Are there any programs that are going to be using Apache as their web server?

Small Business

The small business suite has the option of doing an express or a custom installation. If an express installation is chosen then the server will install everything, as far as the web is concerned, onto a private IP address. This causes an issue if the customer is trying to have public access to his services. The most common deployment for small business is as seen in the diagram below:

PortResolverInstalled.Properties

Single IP Address VS. Multiple IP Address.

** NOTE ** NetWare 6 has the ability to use Multiple IP Addresses or a Single IP Address to load handle its web servers. The reason for this is simple. Both Apache and the Enterprise Server use the same ports (80 and 443). This brings us to the reason for the choice between using a single IP address or multiple IP addresses.

If you have a single IP address you will need to assign ports other than 80 and 443 to one of the services (if both are being installed). The issue here is that port 80 represents HTTP and port 443 represents HTTPS. So long as you are specifying HTTP or HTTPS there is no need to place the port number at the end of the URL. The ports are assumed. If you specify the single IP address option you will need to specify the port at the end of the URL. Example: http://192.168.0.1:1000. If you specify the multiple IP address option, you can assign port 80 and 443 to another IP address. Thus eliminating the need to place the port at the end of the URL.

**IMPORTANT** You can allow the same IP address to listen on multiple ports. You can allow the same port to listen on multiple IP addresses. You CANNOT allow the same IP address to listen on the same port multiple times.

Since there are several services within NetWare 6 that want to use the same ports, you are given the option to have one IP address with multiple ports or multiple IP addresses with the same ports. The following services on NetWare 6 try to use port 80 or 443:

  • NetWare Enterprise Server
  • Apache
  • iFolder
  • iPrint

** IMPORTANT ** If you choose the option for SINGLE IP ADDRESS, you will need to decide which ports you want to use. Keep in mind that the ports may already be taken by another product. For a list of common ports you can go to NetWare 6 Port Assignments. By default, if the NetWare Enterprise Web Server is installed, it will take over port 80 and 443. If desired you can change this over to the Apache-based Services. However, on thing to keep in mind is that you will have to configure Apache through a configuration file vs. the Enterprise Server being configured through a GUI interface.

** IMPORTANT ** Whichever service owns port 80 and 443 will also receive the NetWare 6 home page. If assigned to the Enterprise Server, the NetWare 6 home page will be copied out to the SYS:/NOVONYX/SUITESPOT/DOCS directory. If assigned to Apache-based Services then the NetWare 6 home page will be copied out to the SYS:/APACHE/NWDOCS directory. If you desire to keep the NetWare 6 home page and host your own home page on port 80 and 443, then it is suggested that you choose the multiple IP address option. You can still choose the single IP address option and host both the NetWare 6 page and your own home page, but it will require additional configuration after the installation.

** IMPORTANT ** Be sure that you engrave this next point into your mind. There is a section for the IP address, DNS name, and ports to be used for each service. During the install the section for DNS name is used to configure most of the web services configuration files. This is why the services will fail if the DNS name does not resolve. I spoke about this in step 18. If you are running a test box and do not want to worry about DNS resolution, then you can place the IP address in the host field as well as in the IP field. This will then configure your files with the IP address and not the DNS name. The only time where you will run into a problem is if you need to setup reverse proxy for outside access. Reverse proxy will need information within certain products to be the DNS name and not the IP address. But for testing purposes this should be fine.

Single IP address option

** NOTE ** In this instance port 80 and 443 are defaulting to the Enterprise Server. If left this way the NetWare 6 home page will be given to the Enterprise Server. If this is an upgrade then your INDEX.HTML file will be renamed. If you had and existing Enterprise Server installed then it is suggested that you give port 80 and 443 to Apache-based Services. That way Apache will be hosting the NetWare 6 home page. The last thing I want you to note here is the secure port for iPrint. IPrint will take 443 for its secure port. This is required by the RFC. If you load a Web Service and iPrint on the same box you will need either need to change port 443 for the web service. IPrint is grayed out and doe not allow you to change the port.

Multiple IP address option

** REMEMBER ** Back when the server was being installed I gave the server 137.65.55.77 for its IP address. By default the main IP address will be given to the first one on the list. If the Enterprise Server is installed it will default to that service. In this instance I will change that to the Apache-based Services. This is not necessary but will keep cause a lot less confusion. Remember that if you already have the Enterprise Server installed and this is an upgrade, the NetWare 6 home page (which is an INDEX.HTML) will rename any existing INDEX.HTML that exists. This is another reason to give the main IP address to Apache. See a more detailed explanation below.

If you choose the multiple IP address option then there are a few things you should note to avoid confusion. The main IP address that you give to the server will be picked up by the NetWare Enterprise Web Server by default. The main IP address will also host the NetWare 6 home page.

Option 1 - If the main server IP address is given to the NETWARE ENTERPRISE WEB SERVER, the following will occur:

  1. The NetWare 6 home page will be run by the NetWare Enterprise Web Server under the SYS:/NOVONYX/SUITESPOT/DOCS directory.

  2. Apache Services will be available on the secondary IP address. However, the Web Manager (which runs through Apache) will be listening on the main IP address (same one the Enterprise Server is using) on port 2200.

  3. Apache will be available to run your home page under the SYS:/APACHE/NWDOCS directory since it is not using the NetWare 6 home page. However, if you plan on using the NetWare Enterprise Server to host your pages you will loose the NetWare 6.0 home page.

Option 2 - If the main server IP address is given to APACHE-BASED SERVICES, the following will occur:

  1. The NetWare 6 home page will be run by Apache Services under the SYS:/APACHE/NWDOCS directory.
  2. Apache Services will be available on the main IP address along with the Web Manager running on port 2200 on that IP address.
  3. Apache will not be able to run your home page by default because it will be hosting the NetWare 6 page. The Enterprise Server will be available to host you home page at this point under the SYS:/NOVONYX/SUITESPOT/DOCS directory.

Therefore, if you want Apache to host your pages on port 80 and 443, then give the Enterprise Server the main server IP address so that Apache will be open on port 80 and 443 (Option 1). If you want the Enterprise Server to host you pages on port 80 and 443 then give Apache-Based Services the main Server IP address (Option 2).

HTTP vs. HTTPS (Clear Text vs. SSL)
Public Access vs. Restricted Access

A common misconception is that Clear Text and Public Access or Authentication and SSL are one entity. They do work in conjunction with each other, but they also have the capability to work as separate entities. There are times that you may want them as separate entities and times when you would not. These are discussed below:

HTTP (Clear Text) - HTTP is a Hypertext protocol that is transferred over clear text. Clear text means that if someone was running a trace, then it is possible to read and interpret the information.

HTTPS (SSL) - HTTPS is a Hypertext protocol that is transferred over SSL or encryption. This means that if a trace was run on your system the information would be encrypted and could not be read without first decrypting the information.

Public Access - Public Access indicates that there is no restriction on the information you are publishing. In essence, public access means that it is available to the general public and is not restricted. Anyone can access it.

Restricted Access - Restricted Access means that you have privileged information with which only a selected group or individual are allowed to access. There are two types of restrictions that can occur:

  • Authenticated Access - Authenticated Restriction requires you to authenticate in order for Apache to understand who you are and what rights you have.
  • Blocked Access - Blocked Access allows access to only selective groups according to IP address or domain. This is more at the physical machine level rather than the user level.

All of these services can be used separately or in conjunction depending on what is being accomplished. Below are some of the common combinations and whether or not they are suggested as proper implementations.

  • HTTP and Public Access - This is suggested if you have a site that requires no restrictions to the content you are trying to provide.
  • HTTP and Authentication - This is NOT suggested but can be done by turning off the parameter "AuthNDSRequireSSL" found in the NDS Authentication deployment. The reason this is not suggested is because you will be sending a user name and password over clear text.
  • HTTP and Blocked Access - This is suggested if you have a certain range of IP address or certain domains that you do not want to allow access to your content.
  • HTTPS and Public Access - This is suggested if you are providing your own login in the form of a public page. An example of this would be GroupWise WebAccess. You want the login page to be public, but you want to encrypt the information that is being passed.
  • HTTPS and Authenticated Access - This is suggested if you need to check what rights an individual user has before they access information. In this situation the web server is providing the login.
  • HTTP to HTTPS - This is suggested if you are going to be using SSL (HTTPS) and you don't want your users to have to remember to put https into the browser.

HTTP VS. HTTPS LAB

Plan the directory structure and implementation for the scenarios listed below. The Authentication section can wait until the next section.

  • HTTP and Public
  • HTTP and Blocked Access
  • HTTPS and Public Access
  • HTTPS and Authenticated
  • HTTP to HTTPS

Authentication

NDS Authentication - MOD_NDS

AuthNDSUserFile
  • Definition: Sets the name of a text file containing a list of usernames that are allowed to authenticate (obsolete on NetWare).
  • Syntax: AuthNDSUserFile <File-Name>
  • Context: directory, .htaccess
  • AuthNDSAuthoritative
  • Definition: Determines whether the request is allowed to be passed on to lower level modules for further authentication
  • Syntax: AuthNDSAuthoritative <On (default) | Off>
  • Context: directory, .htaccess
  • AuthNDSTree
  • Definition: Sets the NDS tree that will be used for user authentication. This is a mandatory directive.
  • Syntax: AuthNDSTree <Tree-Name>
  • Context: directory, .htaccess
  • AuthNDSRequirePW
  • Definition: Determines if a user name with an empty password will be allowed to access the site.
  • Syntax: AuthNDSRequirePW <On | Off (default)>
  • Context: directory, .htaccess
  • AuthNDSExpiredURI
  • Definition: Provides redirection to an alternate page if an expired password is detected.
  • Syntax AuthNDSExpiredURI</Path/To/Expired-Notice.html>
  • Context: directory, .htaccess
  • AuthNDSCacheTimeout
  • Definition: Sets the time-to-live value for entries in the cache (in seconds), or disables the cache entirely (by setting it to zero).
  • Syntax: AuthNDSCacheTimeout <Number> (Default is 300)
  • Context: directory, .htaccess
  • AuthNDSUniqueCNs
  • Definition: Enables the caching of name->FDN mappings, which prevents the module from having to search for the user's FDN on every request
  • Syntax: AuthNDSUniqueCNs <On | Off (default) >
  • Context: server config
  • AuthNDSContext
  • Definition: Sets a search list of contexts for contextless logins.
  • Syntax: AuthNDSContext <.Context.To.Search.Conext.To.Search ...>
  • Context: directory, .htaccess
  • AuthNDSContextOverride
  • Definition: This directive only applies to AuthNDSContext. If set to 'ON' for a given directory, it causes all search contexts defined in higher-level directories to be ignored.
  • Syntax: AuthNDSContextOverride <On | Off (Default)>
  • Context: directory, .htaccess
  • The following 'require' directives are supported:
    require user
  • Definition: Defines a list of valid users.
  • Syntax: require user <.user1.full.context .user2.full.context .user3.full. context ...>
  • require valid-user
  • Definition: Allows access for any valid user name and password.
  • Syntax: require valid-user
  • require context
  • Definition: Allows access for any valid user name and password with a matching context.
  • Syntax: require context <.exact.matching.context1 .exact.matching.context2 ...>
  • require context
  • Definition: Allows access for any valid user name and password with a partial matching context.
  • Syntax: require context </.partially.matching.context1 ...>
  • NDS Authentication LAB

    You would have to add an alias here if you were accessing anything before the Apache root directory.

    LoadModule nds_auth_module modules/mod_nds.nlm
    LoadModule tls_module modules/mod_tls.nlm

    <Directory "sys:/novonyx/suitespot/bin/">
    Options None
    AllowOverride None
    Order deny,allow
    Allow from all
    AuthName "NetWare Web Manager"
    AuthType Basic
    AuthNDSTree JOE60_TREE
    AuthNDSContext O=WEB
    AuthNDSRequireSSL On
    require valid-user
    </Directory>
    <IfModule mod_tls.c>
    SecureListen 137.65.215.72:443 "SSL CertificateDNS"
    </IfModule>

    allow from address or expression
    allow from env=environment variable
    deny from address or expression
    deny from env=environment variable

    ** NOTE ** With the NetWare Enterprise Server (NES) we were not able to have public and private directories under each other. They had to be at the same level. With Apache and NDS Authentication we can have public and private directories under each other as well restricting with the following directives:

    • By User
    • By Container
    • By Domain
    • By IP address
    • By ENV
    • Using wild cards

    LDAP Authentication - MOD_LDAP

    AuthLDAPBindDN
  • Definition: An optional DN used to bind to the server when searching for entries. If not provided, AUTH_LDAP will use an anonymous bind.
  • Syntax: AuthLDAPBindDN <Distinguished-Name>
  • Context: directory, .htaccess
  • AuthLDAPBindPassword
  • Definition: A bind password to use in conjunction with the bind DN
  • Syntax: AuthLDAPBindPassword <Password>
  • Context: directory, .htaccess
  • AuthLDAPAuthoritative
  • Definition: Set to 'OFF' if this module should let other authentication modules attempt to authenticate the user, should authentication with this module fail
  • Syntax: AuthLDAPAuthoritative <On (Default) | Off>
  • Context: directory, .htaccess
  • AuthLDAPURL
  • Definition: A URL which specifies the LDAP search parameters to use.
  • Syntax: AuthLDAPURL <url>
  • Context: directory, .htaccess
  • AuthLDAPRemoteUserIsDN
  • Definition: If this directive is set to 'ON', the value of the REMOTE_USER environment variable will be set to the full distinguished name of the authenticated user, rather than just the username that was passed by the client
  • Syntax: AuthLDAPRemoteUserIsDN < Off (Default) | On>
  • Context: directory, .htaccess
  • AuthLDAPCertDBPath
  • Definition: Specifies in which directory AUTH_LDAP should look for the certificate authorities database. There should be a file named cert7.db in that directory.
  • Syntax: AuthLDAPCertDBPath </Path/To/Cert7.db/Directory>
  • Context: server config
  • AuthLDAPCacheSize
  • Definition: Specifies the maximum size of the LDAP search cache
  • Syntax: AuthLDAPCacheSize <Size>
  • Context: server config
  • AuthLDAPCacheTTL
  • Definition: Specifies the time (in seconds) that an item in the search cache remains valid.
  • Syntax: AuthLDAPCacheTTL <Time>
  • Context: server config
  • AuthLDAPOpCacheSize
  • Definition: Specifies the size of the cache AUTH_LDAP uses to cache LDAP operations.
  • Syntax: AuthLDAPOpCacheSize <Size>
  • Context: server config
  • AuthLDAPOpCacheTTL
  • Definition: Specifies the time (in seconds) that entries in the operation cache remain valid. The default is 600 seconds.
  • Syntax: AuthLDAPOpCacheTTL <Time>
  • Context: server config
  • AuthLDAPCacheCompareOps
  • Definition: If this directive is set to 'ON', AUTH_LDAP will cache any compare operations (these are used to satisfy require user directives).
  • Syntax: AuthLDAPCacheCompareOps <On (Default) | Off>
  • Context: server config
  • LDAP Authentication LAB

    LoadModule auth_ldap_module modules/authldap.nlm
    LoadModule tls_module modules/mod_tls.nlm

    <IfModule auth_ldap.c>
    #Alias /secure "sys:/Apache/htdocs/secure"
    <Directory "sys:/Apache/htdocs/secure">
    UseCanonicalName Off
    Options Indexes MultiViews
    Order deny,allow
    Allow from all

    #Directives to allow from specific IP addresses
    #Deny from all
    #Allow from 137.65.53.134

    AuthType Basic
    AuthName Secure_Docs
    AuthLDAPURL ldap://137.65.55.71/o=web
    require valid-user
    </Directory>
    </IfModule>
    <IfModule mod_tls.c>
    SecureListen 137.65.215.72:443 "SSL CertificateDNS"
    </IfModule>
    1. allow from address or expression
    2. allow from env=environment variable
    3. deny from address or expression
    4. deny from env=environment variable

    ** NOTE ** With the NetWare Enterprise Server (NES) we were not able to have public and private directories under each other. They had to be at the same level. With Apache and NDS Authentication we can have public and private directories under each other as well restricting with the following directives:

    - By User
    - By Container
    - By Domain
    - By IP address
    - By ENV
    - Using wild cards

    Applications and their Authentication

    Novell iFolder - LDAP Authentication to Apache
    Novell NetStorage - NDS Authentication to Apache
    Jakarta-Tomcat - NDS Authentication passed by Apache
    NSearch - NDS Authentication
    Novell Portal Services - LDAP Authentication
    NetWare Web Manager - NDS Authentication
    iManager - LDAP Authentication
    eGuide - LDAP Authentication

    iFolder Example

    LoadModule ifolderserver_module "iFolder/Server/iFolder.nlm"

    <VirtualHost ifolder6.provo.novell.com:80>
    ServerName ifolder6.provo.novell.com
    DocumentRoot "SYS:\apache\iFolder\DocumentRoot"

    <Directory "SYS:\apache\iFolder\DocumentRoot">
    Options Indexes FollowSymLinks MultiViews
    AllowOverride None
    Order allow,deny
    Allow from all
    </Directory>

    <location /iFolderServer>
    SetHandler ifolderserver-form-handler
    </location>
    LdapHost apache6.provo.novell.com
    LdapPort 636
    LdapLoginDnContext "O=WEB"
    LdapRootCert "SYS:\apache\iFolder\server\RootCert.der"
    iFolderServerRoot SYS:\iFolder
    iFolderAdminName admin
    ServerSecurePort 443

    </VirtualHost>

    NSearch Example

    <?xml version="1.0" encoding="ISO-8859-1" ?>
    <webapps> <!-- Setting special properties for NSearch context -->
    <Context path="/NSearch" docBase="SYS:/NSearch" debug="0" reloadable="true">
    <NDSAuth path="SYS:/NSearch/nsrchjw.nlm" />
    </Context>
    </webapps>

    MODULES.XML
    <module name="NDSAuth" javaClass="com.novell.tomcat.modules.aaa.NDSAuth" />

    MODULES.PROPERTIES
    NDSAuth=com.novell.tomcat.modules.aaa.NDSAuth

    NetWare Web Manager Example

    <Directory "sys:/webapps/WebMan">
    Options Indexes FollowSymLinks
    AllowOverride None
    Order deny,allow
    Allow from all
    AuthName "NetWare Web Manager"
    AuthType Basic
    AuthNDSTree JOE60_TREE
    AuthNDSContext O=WEB
    AuthNDSRequireSSL On
    require valid-user
    </Directory>

    Virtual Hosting

    IP Based Virtual Hosts

    There are several components that need to be understood about an IP based virtual host:

    • They must load with either a different IP address or a different port.
    • They can contain most apache directives.
    • If a non-critical directive in the virtual host fails, then it will revert back to that same directive outside of the virtual host.
    • If the virtual hosts document root is outside of the main Apache document root then access will need to be defined to that directory.
    <VirtualHost 137.65.55.74>
    DocumentRoot sys:/Apache/htdocs/virtual
    </VirtualHost>

    IP Based Virtual Hosting LAB

    Build two IP based virtual hosts, one under the main document root and the other under a directory outside of the Apache document root. You will need to allow access to the virtual server that is outside of the Apache document root.

    Domain Based Virtual Hosts

    Domain Based Virtual hosts allow the same IP address to be used with each virtual host being defined with a different DNS name. However, there are several rules that apply.

    • Since you are using the same IP address then the only way to distinguish between the virtual hosts is by the DNS name. Therefore DNS resolution must first exist.
    • ServerName is a required field.

    NameVirtualHost 137.65.55.81

    <VirtualHost 137.65.55.81>
    ServerName www.joeserver.com
    ServerAlias joeserver.com *.joeserver.* joeserver
    DocumentRoot sys:/Apache/htdocs/virtual/joeserver
    </VirtualHost>
    <VirtualHost 137.65.55.81>
    ServerName www.otherserver.com
    DocumentRoot sys:/Apache/htdocs/virtual/otherserver
    </VirtualHost>

    Domain Based Virtual Hosting LAB

    Create 3 Virtual Hosts off of your main IP address.

    Indexing

    Indexing Types

    <IfModule mod_autoindex.c>
    IndexOptions FancyIndexing
    AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip
    AddIconByType (TXT,/icons/text.gif) text/*
    AddIconByType (IMG,/icons/image2.gif) image/*
    AddIconByType (SND,/icons/sound2.gif) audio/*
    AddIconByType (VID,/icons/movie.gif) video/*
    AddIcon /icons/binary.gif .bin .exe
    AddIcon /icons/binhex.gif .hqx
    AddIcon /icons/tar.gif .tar
    AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv
    AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip
    AddIcon /icons/a.gif .ps .ai .eps
    AddIcon /icons/layout.gif .html .shtml .htm .pdf
    AddIcon /icons/text.gif .txt
    AddIcon /icons/c.gif .c
    AddIcon /icons/p.gif .pl .py
    AddIcon /icons/f.gif .for
    AddIcon /icons/dvi.gif .dvi
    AddIcon /icons/uuencoded.gif .uu
    AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl
    AddIcon /icons/tex.gif .tex
    AddIcon /icons/bomb.gif core
    AddIcon /icons/back.gif ..
    AddIcon /icons/hand.right.gif README
    AddIcon /icons/folder.gif ^^DIRECTORY^^
    AddIcon /icons/blank.gif ^^BLANKICON^^
    DefaultIcon /icons/unknown.gif
    ReadmeName README
    HeaderName HEADER
    IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t
    </IfModule>

    Indexing LAB

    Create an indexing option that will associate a file extension to a graphic.

    Aliasing

    Alias

    <IfModule mod_alias.c>
    Alias /add "sys:/apache/add"
    <Directory "sys:/apache/add">
    Options Indexes MultiViews
    AllowOverride None
    Order allow,deny
    Allow from all
    </Directory>
    </IfModule>

    Aliasing LAB

    Create two aliases' that will allow access to directories outside of the Apache document root. After the aliases' have been created, allow public access to one and restrict the other either with NDS or LDAP authentication.

    Remember, if it doesn't exist under the Apache Document Root then you will need to provide access to the directory structure, otherwise Apache will not know how to access the directory.

    ScriptAlias

    <IfModule mod_lcgi.c>
    AddHandler lcgi-script nlm pl nsn bas
    LCGIModuleMap sys:\nsn\lcgi\scrptpgs.nlm .asp .nsp /sp
    LCGIModuleMap sys:\nsn\lcgi\cgi2ucs.nlm .bas /nsn
    LCGIModuleMap sys:\perl\lcgi\cgi2perl.nlm .pl /perl
    AddEnvVar PERL_ROOT sys:\Novonyx\suitespot\docs\perlroot
    ScriptAlias /perl sys:/Novonyx/suitespot/docs/perlroot
    ScriptAlias /nsn sys:/nsn/web
    </IfModule>

    ScriptAlias LAB

    Change the location of the PERL_ROOT and verify that it is running properly by running some sample scripts.

    Listen Statements and Bindings

    LoadModule tls_module modules/mod_tls.nlm

    Listen 137.65.215.72:80

    <IfModule mod_tls.c>
    SecureListen 137.65.215.72:443 "SSL CertificateDNS"
    </IfModule>

    Scripting

    * This module has only been tested with Apache 1.3.14 and later. It should work for all 1.3.x versions; whether or not it will work with previous releases is unknown.
    * This module requires a release of NSLCGI.NLM dated later than 7/25/2000. A new version can be downloaded from http://developer.novell.com/ndk/modapach.htm or http://support.novell.com.

    Installing Apache w/ mod_lcgi
    ----------------------------------------------
    Including the following lines to your configuration file will enable the scripting languages and access to other NLMs written to the LCGI API for use with Apache for NetWare:

    LoadModule lcgi_module modules/mod_lcgi.nlm
    <IfModule mod_lcgi.c>
    AddHandler lcgi-script nlm pl nsn bas
    LCGIModuleMap sys:\nsn\lcgi\scrptpgs.nlm .asp .nsp /sp
    LCGIModuleMap sys:\nsn\lcgi\cgi2ucs.nlm .bas /nsn
    LCGIModuleMap sys:\perl\lcgi\cgi2perl.nlm .pl /perl
    AddEnvVar PERL_ROOT sys:\Novonyx\suitespot\docs\perlroot
    ScriptAlias /perl sys:/Novonyx/suitespot/docs/perlroot
    ScriptAlias /nsn sys:/nsn/web
    </IfModule>

    Configuration Directives:
    -----------------------------------------------
    --
    LCGIModuleMap
    Syntax: LCGIModuleMap <LCGI_NLM_Path> <.ext .ext ...>
    Context: server config
    Associates one or more file extensions with an LCGI module.
    --
    --
    AddEnvVar
    Syntax: AddEnvVar <path>
    Context: server config
    Set additional environment variables for use within an LCGI script or module
    --
    Perl Samples
    ASP Samples

    Scripting LAB

    Change the PERL_ROOT

    SSL with Web Products

  • Browser to Server
  • Server to Server
  • Server to LDAP
  • RSA
  • Proxy to Server
  • NAT
  • Novell Functionality

    User Home Directories

      Prerequisites:
    1. Due to its dependency on DSAPI, this module only works under NetWare.
    2. These modules have only been tested with Apache 1.3.14 and later. They should work for all 1.3.x versions; whether or not it will work with previous releases is unknown.
    3. Apache 1.3.19 or later is required for remote directory support.

    Add the following lines to your httpd.conf:
    LoadModule     hdirs_module       modules/modhdirs.nlm
    LoadModule     rdirs_module       modules/modrdirs.nlm

    Configuring Apache for mod_rdirs
    -----------------------------------
    MOD_RDIRS does not need any additional configuration. By default whenever a path similar to: SERVER/VOLUME:/PATH/FILE is requested, MOD_RDIRS will make the appropriate connection to the remote server and convert the path to short filename. Once the Connection has been established and the filename converted, Apache treat the request as a normal request. Once the request has been satisfied, MOD_RDIRS will cache the connection and clean up.

    Configuring Apache for mod_hdirs

    Make sure that the Apache MOD_USERDIR module is not enabled by removing any UserDir directives from the .CONF file. The default setting for MOD_HDIRS will allow it to access home directories using the standard URI notation. No addition directives are required unless special considerations are needed.

    Configuration Directives:
    --
    UserDirTag
    Syntax: UserDirTag Context: server config
    This sets the URI tag that indicates a user home directory. If omitted the default tag is '~'.
    --
    --
    UserSubDir
    Syntax: UserSubDir <Directory_Name>
    Context: server config
    This set the sub-directory below the user home directory that will be accessed for all web page request. If omitted the default sub-directory is 'public_html'.
    The sub-directory name must not be preceded by a slash.
    SearchNDSContext
    Syntax: SearchNDSContext context.to.search1 .context.to.search2 ...
    Context: server config
    This creates a list of additional contexts to search for the specified NDS user ID. If omitted, only the root context will be searched.
    --
    Notes
    ------------------------------------
    To get NDS home directory support, all that is required is to load MODHDIRS using the standard LoadModule statement in your HTTPD.CONF file. Once the module has been loaded, a request to ~USER should result in retrieving a web page from the USER's PUBLIC_HTML sub-directory within their NDS home directory. There are several limitations when accessing files on a remote server.
    1). All servers must be in the same tree. You can not access a remote server from your Apache server that is not in the same tree as the Apache server.
    2). When defining a <Directory> or <File> block in your .CONF file for a remote server, the server name should not be included. Paths should be defined as <Directory VOLUME:/PATH>... or <File VOLUME:/PATH/FILE>....
    3). Since all remote server paths and file names on NetWare are handled in short name format, all remote directory paths and file names must also be defined in short name format. For example:

    Alias /foo/ remote/vol1:/my_remote_path/my_foo_directory

    <Directory vol1:/my_foo_path/my_foo_directory>
    ...
    </Directory>
    should be defined as:
    Alias /foo/ remote/vol1:/my_rem~1/my_foo~1
    <Directory vol1:/my_rem~1/my_foo~1>
    ...
    </Directory>
    Special attention should be paid to server configuration files that begin with a '.'. For example, the following changes to the HTTPD.CONF file would allow .HTACCESS files to be accessed on a remote server:
    AccessFileName .htaccess htacce~1
    <Files ~ "^\.ht">
    Order allow,deny
    Deny from all
    </Files>
    <Files ~ "^\htacce~1">
    Order allow,deny
    Deny from all
    </Files>
    IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t htacce*
    The file name "htacce~1" needs to be added to the access file list to allow for the short file name format. An additional <File ...> block is also added. The short file name "htacces*" pattern is added to the "IndexIgnore" directive to restrict users from seeing remote .htaccess files.

    User Home Directories LAB

    Setup user home directories so that they can be accessed on a sys volume and another volume.

    WebDAV

    November 21, 2002ApacheCon US 20023
    http://www.webdav.org/papers/ApacheCon-2002-US-TH01.pdf

    What is WebDAV?

    • Web-based Distributed Authoring and Versioning
      • "DAV" is the usual short form
    • Goal: enable interoperability of tools for distributed web authoring
    • Turns the Web into a writeablemedium
    • Applies to all kinds of content -not just HTML and images
    • Based on extensions to HTTP
    • Uses XML for properties, control, status
    • RFC 2518

    November 21, 2002ApacheCon US 20023
    http://www.webdav.org/papers/ApacheCon-2002-US-TH01.pdf

    Technical Benefits

    • Properties ("metadata")
    • Overwrite protection
    • Namespace management
    • Versioning
    • Infrastructure: old and new
    • Replacement protocol

    Novell's implementation of WebDAV

    • NetStorage
    • WebDAV with the Enterprise Server

    Listen Statements and Bindings

    LoadModule tls_module modules/mod_tls.nlm
    Listen 137.65.215.72:80
    <IfModule mod_tls.c>
    SecureListen 137.65.215.72:443 "SSL CertificateDNS"
    </IfModule>

    In this Series

    NEW: Click here for a PDF of the entire series.


    Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com

    © 2014 Novell