Novell Home

NetWare 6.0 Web Infrastructure Part 6: Apache

Novell Cool Solutions: Feature
By Joe Harmon

Digg This - Slashdot This

Updated: 30 Nov 2004
 

Joe Harmon is part of Novell's Web Services Support team. This material is adapted from some excellent training sessions he recently presented here at Novell. He graciously allowed us to share it with you in this series of articles.

NEW: Click here for a PDF of the entire series.

Note: Web Manager installs Tomcat and Apache.

Apache

Please note: Joe's comments are in Red.

ServerType standalone

ServerRoot "sys:/apache"
     This is the server root. Therefore, this path is assumed by Apache.

PidFile logs/httpd.pid
ScoreBoardFile logs/apache_status

Timeout 300
KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 15
ThreadsPerChild 50
ThreadStackSize 81920
MaxRequestsPerChild 0

     This section allows us to tune the performance of the Apache Web Server.

LoadModule lcgi_module modules/mod_lcgi.nlm
LoadModule nds_auth_module modules/mod_nds.nlm
LoadModule tls_module modules/mod_tls.nlm

     Novell has added in their own modules. If a third party module has been added to Apache then the module must be manually loaded. Here we have LCGI, NDS, and TLS.

ServerAdmin someone@somewhere.com

     This directive allows us to display the admin's e-mail address within an error message.

ServerName jharmon-test4.provo.novell.com

     The ServerName can be the domain name or the IP address. If it is the domain name then it will need to be registered.

# Start Apache Services Port Configuration
Port 80
Listen 137.65.55.77:80
     This listen statement allows us to listen on more than one IP address or port. The criteria here is that the IP address needs to be bound to the server.
<IfModule mod_tls.c>
      SecureListen 137.65.55.77:443 "SSL CertificateDNS"
     SecureListen is for our SSL. If SSL is not running then mod_tls will not load.
</IfModule>
# End Apache Services Port Configuration

DocumentRoot "sys:/apache/nwdocs"
     SYS:/APACHE/NWDOC is the main document root for publishing our web content on NetWare 6.
<Directory "/">
      Options FollowSymLinks
      AllowOverride None
      Order deny,allow
      deny from all
      There is an issue with leaving these two directives. They were left over to fix an existing Apache problem. If left this way the customer can get a forbidden under certain circumstances.
</Directory>

<Directory "sys:/apache/nwdocs">
      Options Indexes FollowSymLinks MultiViews
      AllowOverride None
      Order allow,deny
      allow from all
</Directory>

     This directive is allowing public access to the document root.

DirectoryIndex index.html
     This directive tells us what file we will try and pick up by default. If it can't find this file then it will show a directory listing instead.
AccessFileName .htaccess
<Files ~ "^\.ht">
      Order allow,deny
      Deny from all
</Files>

UseCanonicalName Off
TypesConfig conf/mime.types
DefaultType text/plain
HostnameLookups Off
ErrorLog logs/error_log
LogLevel warn
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent

     This section is defining our error logs for the main Apache server.
AccessFileName .htaccess

# Uncomment the following line to turn on access logging
# CustomLog logs/access_log common
     This section is for our access log on the Apache server.

ServerSignature On

Alias /icons/ "sys:/apache/icons/"
Alias /icons "sys:/apache/icons/"
     This section shows an example of an Alias or Virtual Directory. This option is used if we need to access information outside of the document root.

<Directory "sys:/apache/icons">
      Options Indexes MultiViews
      AllowOverride None
      Order allow,deny 
      allow from all
</Directory>
     Here we are granting public access to the icons directory structure. The two main portions of this are:

  • Order allow,deny
  • Allow from all

  • IndexOptions FancyIndexing
         The IndexOptions directive defines how we are going to display our index of files and folders if we are unable to pickup an index.html file.
    AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip
    AddIconByType (TXT,/icons/text.gif) text/*
    AddIconByType (IMG,/icons/image2.gif) image/*
    AddIconByType (SND,/icons/sound2.gif) audio/*
    AddIconByType (VID,/icons/movie.gif) video/*
    AddIcon /icons/binary.gif .bin .exe
    AddIcon /icons/binhex.gif .hqx
    AddIcon /icons/tar.gif .tar
    AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv
    AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip
    AddIcon /icons/a.gif .ps .ai .eps
    AddIcon /icons/layout.gif .html .shtml .htm .pdf
    AddIcon /icons/text.gif .txt
    AddIcon /icons/c.gif .c
    AddIcon /icons/p.gif .pl .py
    AddIcon /icons/f.gif .for
    AddIcon /icons/dvi.gif .dvi
    AddIcon /icons/uuencoded.gif .uu
    AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl
    AddIcon /icons/tex.gif .tex
    AddIcon /icons/bomb.gif core
    AddIcon /icons/back.gif ..
    AddIcon /icons/hand.right.gif README
    AddIcon /icons/folder.gif ^^DIRECTORY^^
    AddIcon /icons/blank.gif ^^BLANKICON^^
    DefaultIcon /icons/unknown.gif
    ReadmeName README
    HeaderName HEADER
    IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t
    AddEncoding x-compress Z
    AddEncoding x-gzip gz tgz
    AddLanguage da .dk
    AddLanguage nl .nl
    AddLanguage en .en
    AddLanguage et .ee
    AddLanguage fr .fr
    AddLanguage de .de
    AddLanguage el .el
    AddLanguage he .he
    AddCharset ISO-8859-8 .iso8859-8
    AddLanguage it .it
    AddLanguage ja .ja
    AddCharset ISO-2022-JP .jis
    AddLanguage kr .kr
    AddCharset ISO-2022-KR .iso-kr
    AddLanguage no .no
    AddLanguage pl .po
    AddCharset ISO-8859-2 .iso-pl
    AddLanguage pt .pt
    AddLanguage pt-br .pt-br
    AddLanguage ltz .lu
    AddLanguage ca .ca
    AddLanguage es .es
    AddLanguage sv .se
    AddLanguage cz .cz
    AddLanguage ru .ru
    AddLanguage tw .tw
    AddCharset Big5       .Big5     .big5
    AddCharset WINDOWS-1251  .cp-1251
    AddCharset CP866       .cp866
    AddCharset ISO-8859-5       .iso-ru
    AddCharset KOI8-R       .koi8-r
    AddCharset UCS-2       .ucs2
    AddCharset UCS-4       .ucs4
    AddCharset UTF-8       .utf8
    LanguagePriority en da nl et fr de el it ja kr no pl pt pt-br ru ltz ca es sv tw
    AddType application/x-tar .tgz
    BrowserMatch "Mozilla/2" nokeepalive
    BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
    BrowserMatch "RealPlayer 4\.0" force-response-1.0
    BrowserMatch "Java/1\.0" force-response-1.0
    BrowserMatch "JDK/1\.0" force-response-1.0

         This whole section defines what icons will show up for certain extensions. It also defines how the web server is to handle this information.

    #
    # The following line instructs Apache to load the jk module
    #
    LoadModule jk_module modules/mod_jk.nlm
         Mod_JK is our module that integrates Apache and Tomcat.

    JkWorkersFile "SYS:/tomcat/33/conf/jk/nwworkers.properties"
         Configuration file for the MOD_JK module. JkLogFile "SYS:/tomcat/33/logs/mod_jk.log"
         Log file that records the information between Apache and Tomcat.

    #
    # Log level to be used by mod_jk
    #
    JkLogLevel error
         JKLogLevel and LogLevel are directives for what level of debugging that we want to capture. There are three main levels.

  • (1) warn
  • (2) error
  • (3) debug
  • #
    # Root context mounts for Tomcat
    #
    JkMount /*.jsp ajp13
    JkMount /servlet/* ajp13

         jkMount directives allow us to define Tomcat information within Apache.

    # NetWare Web Manager config starts

    Listen 137.65.55.77:2211
    <IfModule mod_tls.c>
          SecureListen 137.65.55.77:2200 "SSL CertificateDNS"
    #     Listen 137.65.55.77:2200
    </IfModule>

    <VirtualHost jharmon-test4.provo.novell.com:2200>
         The virtual host section allows us to apply specific directives to a specific host rather than the whole web server. There are two different types of Virtual Host. IP Based Virtual Hosts and Domain Based Virtual Hosts.
          ServerAdmin mymailname@mail.server
          DocumentRoot sys:/webapps/WebAdmin
          ServerName jharmon-test4.provo.novell.com
          ErrorLog sys:/novonyx/suitespot/admin-serv/logs/errors.txt
          CustomLog sys:/novonyx/suitespot/admin-serv/logs/access.txt common
          DefaultType text/html
          BrowserMatch "MSIE" nokeepalive downgrade-1.0 force-response-1.0

    <Directory "/">
          Options FollowSymLinks
          AllowOverride None
          Order deny,allow
          deny from all
    </Directory>

    <Directory "sys:/webapps">
          Options FollowSymLinks
          AllowOverride None
          Order deny,allow
          Allow from all
    </Directory>

    <Directory "sys:/webapps/WebMan">
          Options Indexes FollowSymLinks
          AllowOverride None
          Order deny,allow
          Allow from all
          AuthName "NetWare Web Manager"
          AuthType Basic
          AuthNDSTree NW6_TESTING_TREE
          AuthNDSContext O=WEB
          AuthNDSRequireSSL On
          require valid-user
    </Directory>

         This section is a good example of how to implement NDS authentication within an Apache Web Server.

    DirectoryIndex index.html

    Alias /icons/ "sys:/novonyx/suitespot/bin/admin/admin/icons/"
    Alias /admin-serv/icons/ "sys:/novonyx/suitespot/bin/admin/admin/icons/"
    Alias /Novonyx/suitespot/manual/ "sys:/novonyx/suitespot/manual/"

    <Directory "sys:/novonyx/suitespot/bin/">
          Options None
          AllowOverride None
          Order deny,allow
          Allow from all
          AuthName "NetWare Web Manager"
          AuthType Basic
          AuthNDSTree NW6_TESTING_TREE
          AuthNDSContext O=WEB
          AuthNDSRequireSSL On
          require valid-user
    </Directory>

    <Directory "sys:/novonyx/suitespot/bin/admin/admin/icons">
          Options Indexes MultiViews
          AllowOverride None
          Order allow,deny
          Allow from all
    </Directory>

    <Directory "sys:/novonyx/suitespot/manual">
          Options Indexes MultiViews
          AllowOverride None
          Order allow,deny
          Allow from all
    </Directory>

    AddHandler lcgi-script nlm pl
    LCGIModuleMap sys:\nsn\lcgi\scrptpgs.nlm .asp .nsp /sp
    LCGIModuleMap sys:\nsn\lcgi\cgi2ucs.nlm .bas /nsn
    LCGIModuleMap sys:\perl\lcgi\cgi2perl.nlm .pl /perl

    AddEnvVar NETSITE_ROOT /Novonyx/suitespot
    AddEnvVar GLOBAL_ROOT /Novonyx/suitespot
    AddEnvVar ADMSERV_ROOT /Novonyx/suitespot/admin-serv/config
    AddEnvVar ADMIN_LOG /Novonyx/suitespot/admin-serv/logs/admin.log
    AddEnvVar COMMIT_LOG /Novonyx/suitespot/admin-serv/logs/commit.log
    AddEnvVar PATH_ROOT /https-NW6_TRAINING/bin/
    AddEnvVar PERL_ROOT /Novonyx/suitespot/bin/https/admin

         Here we are adding environment variables.

    ScriptAliasMatch ^/([^\-]*)-[^/]*/(.*) "sys:/novonyx/suitespot/bin/$1/admin/$2"

    <LocationMatch "/.*/(bin|admin)">
          SetHandler lcgi-script
          Options None
          AllowOverride None
          Order deny,allow
          Allow from all
    </LocationMatch>

    #########################################################
    # Apache configuration for the /WebAdmin context starts.
    #########################################################

    #
    # The following line makes apache aware of the location of the /WebAdmin context
    #
    Alias /WebAdmin "SYS:/webapps/WebAdmin"
    Alias /WebMan "sys:/webapps/WebMan"

    #
    # The following line tells the plugin to inherit the mount points (/servlet
    # and *.jsp) from the base server
    #
    JkMountCopy On

    # The following lines mount all the servlets and jsps for the WebAdmin
    # context
    #
    JkMount /WebAdmin/ServersAdmin ajp13
    #      JkMount /WebMan/servlet/* ajp13
    JkMount /WebMan/*.jsp ajp13
    JkMount /WebMan/WebMan ajp13
    JkMount /WebMan/WebManTop ajp13
    JkMount /WebMan/Options ajp13
    JkMount /WebMan/AdminSettings ajp13
    JkMount /WebMan/AdminLogSettings ajp13
    JkMount /WebMan/ReadErrorLog ajp13
    JkMount /WebMan/ReadAccessLog ajp13

    #
    # The following line prohibits users from directly accessing WEB-INF
    #
    <Location "/WebAdmin/WEB-INF/">
          AllowOverride None
          deny from all
    </Location>
    #
    # Use Directory too. Location doesn't work unless case matches 
    #
    <Directory "SYS:/webapps/WebAdmin/WEB-INF/">
          AllowOverride None
          deny from all
    </Directory>

    #
    # The following line prohibits users from directly accessing WEB-INF
    #
    <Location "/WebMan/WEB-INF/">
          AllowOverride None
          deny from all
    </Location>
    #
    # Use Directory too. Location doesn't work unless case matches
    #
    <Directory "SYS:/webapps/WebMan/WEB-INF/">
          AllowOverride None
          deny from all
    </Directory>

    #
    # The following line prohibits users from directly accessing META-INF
    #
    <Location "/WebAdmin/META-INF/">
          AllowOverride None
          deny from all
    </Location>
    #
    # Use Directory too. Location doesn't work unless case matches
    #
    <Directory "SYS:/webapps/WebAdmin/META-INF/">
          AllowOverride None
          deny from all
    </Directory>

    #######################################################
    # configuration for the /WebAdmin context ends.
    #######################################################

    include "SYS:/NSearch/WEB-INF/NSAdmApache.conf"
    Redirect /iManage/ https://137.65.55.77:2200/eMFrame/iManage.html
    Redirect /iManage https://137.65.55.77:2200/eMFrame/iManage.html
    Include "SYS:/webapps/eMFrame/WEB-INF/eMFrame-apache.conf"
    </VirtualHost>

    # NetWare Web Manager config ends

    # This is to work around a bug in IE that doesn't handle the server shutting
    # down keepalive requests on secure sockets
    <VirtualHost _default_:443>
          BrowserMatch "MSIE" nokeepalive downgrade-1.0 force-response-1.0
    </VirtualHost>

       include "SYS:/NSearch/WEB-INF/NSSrchApache.conf"
         Include statements allow us to append to the ADMINSERV.CONF file.
    # NetWare WebAccess Config
    Include sys:/webapps/webaccess/web-inf/nwwaApache.conf 
    # Include XTier configuration file
    Include sys:/netstorage/xsrv.conf

    In this Series

    NEW: Click here for a PDF of the entire series.


    Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com

    © 2014 Novell