NetWare 6.0 Web Infrastructure Part 6: Apache
Novell Cool Solutions: Feature
By Joe Harmon
Reader Rating 
from 15 ratings
|
Digg This -
Slashdot This
Updated: 30 Nov 2004 |
Joe Harmon is part of Novell's Web Services Support team. This material is adapted from some excellent training sessions he recently presented here at Novell. He graciously allowed us to share it with you in this series of articles.
NEW: Click here for a PDF of the entire series.
Note: Web Manager installs Tomcat and Apache.
Apache
Please note: Joe's comments are in Red.
ServerType standalone
ServerRoot "sys:/apache"
This is the server root. Therefore, this path is assumed by Apache.
PidFile logs/httpd.pid
ScoreBoardFile logs/apache_status
Timeout 300
KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 15
ThreadsPerChild 50
ThreadStackSize 81920
MaxRequestsPerChild 0
This section allows us to tune the performance of the Apache Web Server.
LoadModule lcgi_module modules/mod_lcgi.nlm
LoadModule nds_auth_module modules/mod_nds.nlm
LoadModule tls_module modules/mod_tls.nlm
Novell has added in their own modules. If a third party module has been added to Apache then the module must be manually loaded. Here we have LCGI, NDS, and TLS.
ServerAdmin someone@somewhere.com
This directive allows us to display the admin's e-mail address within an error message.
ServerName jharmon-test4.provo.novell.com
The ServerName can be the domain name or the IP address. If it is the domain name then it will need to be registered.
# Start Apache Services Port Configuration
Port 80
Listen 137.65.55.77:80
This listen statement allows us to listen on more than one IP address or port. The criteria here is that the IP address needs to be bound to the server.
<IfModule mod_tls.c>
SecureListen 137.65.55.77:443 "SSL CertificateDNS"
SecureListen is for our SSL. If SSL is not running then mod_tls will not load.
</IfModule>
# End Apache Services Port Configuration
DocumentRoot "sys:/apache/nwdocs"
SYS:/APACHE/NWDOC is the main document root for publishing our web content on NetWare 6.
<Directory "/">
Options FollowSymLinks
AllowOverride None
Order deny,allow
deny from all
There is an issue with leaving these two directives. They were left over to fix an existing Apache problem. If left this way the customer can get a forbidden under certain circumstances.
</Directory>
<Directory "sys:/apache/nwdocs">
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>
This directive is allowing public access to the document root.
DirectoryIndex index.html
This directive tells us what file we will try and pick up by default. If it can't find this file then it will show a directory listing instead.
AccessFileName .htaccess
<Files ~ "^\.ht">
Order allow,deny
Deny from all
</Files>
UseCanonicalName Off
TypesConfig conf/mime.types
DefaultType text/plain
HostnameLookups Off
ErrorLog logs/error_log
LogLevel warn
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
This section is defining our error logs for the main Apache server.
AccessFileName .htaccess
# Uncomment the following line to turn on access logging
# CustomLog logs/access_log common
This section is for our access log on the Apache server.
ServerSignature On
Alias /icons/ "sys:/apache/icons/"
Alias /icons "sys:/apache/icons/"
This section shows an example of an Alias or Virtual Directory. This option is used if we need to access information outside of the document root.
<Directory "sys:/apache/icons">
Options Indexes MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>
Here we are granting public access to the icons directory structure. The two main portions of this are:
IndexOptions FancyIndexing
The IndexOptions directive defines how we are going to display our index of files and folders if we are unable to pickup an index.html file.
AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip
AddIconByType (TXT,/icons/text.gif) text/*
AddIconByType (IMG,/icons/image2.gif) image/*
AddIconByType (SND,/icons/sound2.gif) audio/*
AddIconByType (VID,/icons/movie.gif) video/*
AddIcon /icons/binary.gif .bin .exe
AddIcon /icons/binhex.gif .hqx
AddIcon /icons/tar.gif .tar
AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv
AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip
AddIcon /icons/a.gif .ps .ai .eps
AddIcon /icons/layout.gif .html .shtml .htm .pdf
AddIcon /icons/text.gif .txt
AddIcon /icons/c.gif .c
AddIcon /icons/p.gif .pl .py
AddIcon /icons/f.gif .for
AddIcon /icons/dvi.gif .dvi
AddIcon /icons/uuencoded.gif .uu
AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl
AddIcon /icons/tex.gif .tex
AddIcon /icons/bomb.gif core
AddIcon /icons/back.gif ..
AddIcon /icons/hand.right.gif README
AddIcon /icons/folder.gif ^^DIRECTORY^^
AddIcon /icons/blank.gif ^^BLANKICON^^
DefaultIcon /icons/unknown.gif
ReadmeName README
HeaderName HEADER
IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t
AddEncoding x-compress Z
AddEncoding x-gzip gz tgz
AddLanguage da .dk
AddLanguage nl .nl
AddLanguage en .en
AddLanguage et .ee
AddLanguage fr .fr
AddLanguage de .de
AddLanguage el .el
AddLanguage he .he
AddCharset ISO-8859-8 .iso8859-8
AddLanguage it .it
AddLanguage ja .ja
AddCharset ISO-2022-JP .jis
AddLanguage kr .kr
AddCharset ISO-2022-KR .iso-kr
AddLanguage no .no
AddLanguage pl .po
AddCharset ISO-8859-2 .iso-pl
AddLanguage pt .pt
AddLanguage pt-br .pt-br
AddLanguage ltz .lu
AddLanguage ca .ca
AddLanguage es .es
AddLanguage sv .se
AddLanguage cz .cz
AddLanguage ru .ru
AddLanguage tw .tw
AddCharset Big5 .Big5 .big5
AddCharset WINDOWS-1251 .cp-1251
AddCharset CP866 .cp866
AddCharset ISO-8859-5 .iso-ru
AddCharset KOI8-R .koi8-r
AddCharset UCS-2 .ucs2
AddCharset UCS-4 .ucs4
AddCharset UTF-8 .utf8
LanguagePriority en da nl et fr de el it ja kr no pl pt pt-br ru ltz ca es sv tw
AddType application/x-tar .tgz
BrowserMatch "Mozilla/2" nokeepalive
BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
BrowserMatch "RealPlayer 4\.0" force-response-1.0
BrowserMatch "Java/1\.0" force-response-1.0
BrowserMatch "JDK/1\.0" force-response-1.0
#
# The following line instructs Apache to load the jk module
#
LoadModule jk_module modules/mod_jk.nlm
Mod_JK is our module that integrates Apache and Tomcat.
JkWorkersFile "SYS:/tomcat/33/conf/jk/nwworkers.properties"
Configuration file for the MOD_JK module.
JkLogFile "SYS:/tomcat/33/logs/mod_jk.log"
Log file that records the information between Apache and Tomcat.
#
# Log level to be used by mod_jk
#
JkLogLevel error
JKLogLevel and LogLevel are directives for what level of debugging that we want to capture. There are three main levels.
#
# Root context mounts for Tomcat
#
JkMount /*.jsp ajp13
JkMount /servlet/* ajp13
jkMount directives allow us to define Tomcat information within Apache.
# NetWare Web Manager config starts
Listen 137.65.55.77:2211
<IfModule mod_tls.c>
SecureListen 137.65.55.77:2200 "SSL CertificateDNS"
# Listen 137.65.55.77:2200
</IfModule>
<VirtualHost jharmon-test4.provo.novell.com:2200>
The virtual host section allows us to apply specific directives to a specific host rather than the whole web server. There are two different types of Virtual Host. IP Based Virtual Hosts and Domain Based Virtual Hosts.
ServerAdmin mymailname@mail.server
DocumentRoot sys:/webapps/WebAdmin
ServerName jharmon-test4.provo.novell.com
ErrorLog sys:/novonyx/suitespot/admin-serv/logs/errors.txt
CustomLog sys:/novonyx/suitespot/admin-serv/logs/access.txt common
DefaultType text/html
BrowserMatch "MSIE" nokeepalive downgrade-1.0 force-response-1.0
<Directory "/">
Options FollowSymLinks
AllowOverride None
Order deny,allow
deny from all
</Directory>
<Directory "sys:/webapps">
Options FollowSymLinks
AllowOverride None
Order deny,allow
Allow from all
</Directory>
<Directory "sys:/webapps/WebMan">
Options Indexes FollowSymLinks
AllowOverride None
Order deny,allow
Allow from all
AuthName "NetWare Web Manager"
AuthType Basic
AuthNDSTree NW6_TESTING_TREE
AuthNDSContext O=WEB
AuthNDSRequireSSL On
require valid-user
</Directory>
This section is a good example of how to implement NDS authentication within an Apache Web Server.
DirectoryIndex index.html
Alias /icons/ "sys:/novonyx/suitespot/bin/admin/admin/icons/"
Alias /admin-serv/icons/ "sys:/novonyx/suitespot/bin/admin/admin/icons/"
Alias /Novonyx/suitespot/manual/ "sys:/novonyx/suitespot/manual/"
<Directory "sys:/novonyx/suitespot/bin/">
Options None
AllowOverride None
Order deny,allow
Allow from all
AuthName "NetWare Web Manager"
AuthType Basic
AuthNDSTree NW6_TESTING_TREE
AuthNDSContext O=WEB
AuthNDSRequireSSL On
require valid-user
</Directory>
<Directory "sys:/novonyx/suitespot/bin/admin/admin/icons">
Options Indexes MultiViews
AllowOverride None
Order allow,deny
Allow from all
</Directory>
<Directory "sys:/novonyx/suitespot/manual">
Options Indexes MultiViews
AllowOverride None
Order allow,deny
Allow from all
</Directory>
AddHandler lcgi-script nlm pl
LCGIModuleMap sys:\nsn\lcgi\scrptpgs.nlm .asp .nsp /sp
LCGIModuleMap sys:\nsn\lcgi\cgi2ucs.nlm .bas /nsn
LCGIModuleMap sys:\perl\lcgi\cgi2perl.nlm .pl /perl
AddEnvVar NETSITE_ROOT /Novonyx/suitespot
AddEnvVar GLOBAL_ROOT /Novonyx/suitespot
AddEnvVar ADMSERV_ROOT /Novonyx/suitespot/admin-serv/config
AddEnvVar ADMIN_LOG /Novonyx/suitespot/admin-serv/logs/admin.log
AddEnvVar COMMIT_LOG /Novonyx/suitespot/admin-serv/logs/commit.log
AddEnvVar PATH_ROOT /https-NW6_TRAINING/bin/
AddEnvVar PERL_ROOT /Novonyx/suitespot/bin/https/admin
Here we are adding environment variables.
ScriptAliasMatch ^/([^\-]*)-[^/]*/(.*) "sys:/novonyx/suitespot/bin/$1/admin/$2"
<LocationMatch "/.*/(bin|admin)">
SetHandler lcgi-script
Options None
AllowOverride None
Order deny,allow
Allow from all
</LocationMatch>
#########################################################
# Apache configuration for the /WebAdmin context starts.
#########################################################
#
# The following line makes apache aware of the location of the /WebAdmin context
#
Alias /WebAdmin "SYS:/webapps/WebAdmin"
Alias /WebMan "sys:/webapps/WebMan"
#
# The following line tells the plugin to inherit the mount points (/servlet
# and *.jsp) from the base server
#
JkMountCopy On
# The following lines mount all the servlets and jsps for the WebAdmin
# context
#
JkMount /WebAdmin/ServersAdmin ajp13
# JkMount /WebMan/servlet/* ajp13
JkMount /WebMan/*.jsp ajp13
JkMount /WebMan/WebMan ajp13
JkMount /WebMan/WebManTop ajp13
JkMount /WebMan/Options ajp13
JkMount /WebMan/AdminSettings ajp13
JkMount /WebMan/AdminLogSettings ajp13
JkMount /WebMan/ReadErrorLog ajp13
JkMount /WebMan/ReadAccessLog ajp13
#
# The following line prohibits users from directly accessing WEB-INF
#
<Location "/WebAdmin/WEB-INF/">
AllowOverride None
deny from all
</Location>
#
# Use Directory too. Location doesn't work unless case matches
#
<Directory "SYS:/webapps/WebAdmin/WEB-INF/">
AllowOverride None
deny from all
</Directory>
#
# The following line prohibits users from directly accessing WEB-INF
#
<Location "/WebMan/WEB-INF/">
AllowOverride None
deny from all
</Location>
#
# Use Directory too. Location doesn't work unless case matches
#
<Directory "SYS:/webapps/WebMan/WEB-INF/">
AllowOverride None
deny from all
</Directory>
#
# The following line prohibits users from directly accessing META-INF
#
<Location "/WebAdmin/META-INF/">
AllowOverride None
deny from all
</Location>
#
# Use Directory too. Location doesn't work unless case matches
#
<Directory "SYS:/webapps/WebAdmin/META-INF/">
AllowOverride None
deny from all
</Directory>
#######################################################
# configuration for the /WebAdmin context ends.
#######################################################
include "SYS:/NSearch/WEB-INF/NSAdmApache.conf"
Redirect /iManage/ https://137.65.55.77:2200/eMFrame/iManage.html
Redirect /iManage https://137.65.55.77:2200/eMFrame/iManage.html
Include "SYS:/webapps/eMFrame/WEB-INF/eMFrame-apache.conf"
</VirtualHost>
# NetWare Web Manager config ends
# This is to work around a bug in IE that doesn't handle the server shutting
# down keepalive requests on secure sockets
<VirtualHost _default_:443>
BrowserMatch "MSIE" nokeepalive downgrade-1.0 force-response-1.0
</VirtualHost>
include "SYS:/NSearch/WEB-INF/NSSrchApache.conf"
Include statements allow us to append to the ADMINSERV.CONF file.
# NetWare WebAccess Config
Include sys:/webapps/webaccess/web-inf/nwwaApache.conf
# Include XTier configuration file
Include sys:/netstorage/xsrv.conf
In this Series
NEW: Click here for a PDF of the entire series.
- Part 1: Installation
- Part 2: Deployment
- Part 3: Increasing the Amount of RAM that Tomcat Can Use
- Part 4: NetWare WebAccess Configuration
- Part 5: iFolder Administration
- Part 6: Apache
- Part 7: Apache Web Server Installation and Deployment Considerations
- Part 8: Tomcat
Reader Comments
- Thats it ? a copy of the ini file ? I'd appreciate more. Editor's Note: We just added Joe's comments in Red. Refresh your browser if you can't see them. Also, stay tuned for Part 7, which gives even more details about Apache and Tomcat.
- Fantastic stuff! Thanks MUCHLY! I have all the series. Please do a series on the Novell Portal Services and how to get the gadgets going with the NetWare 6.0 Web Infrastructure.
Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com