----- "Appache Lion" <apachelion@xxxxxxxxx> wrote:
> Hey, all!
>
> This is my first post to the list and before anything else, I would
> like to applaud everyone in the community for their great
> contributions and the wonderful software they develop.
Thank you very much, it's always great to hear such feedback.
> I've been playing around with Apache 2.2.16 locally on my Windows PC
> for the last few weeks, and being the minimalist I am, I want to
> reduce the configuration options to the bare minimum. Since I will be
> serving only static pages and images for a few websites, I need to
> leave just the essential functionality:
One of the best advises I've read in Ivan RistiÄ's Apache Security
is to start with an empty configuration file.
> 1. serve HTML, CSS, JavaScript, and image files over the Web
> 2. serve different domains/folders on the same IP address via
> VirtalHosts
> 3. redirect different domains to the same virtual host
> 4. redirect mistyped or non-existing URLs to real ones
> 5. block/redirect all requests for non-publicly shared resources;
> secure the server
> 6. set up error reporting
>
> This is really all I need at the moment; no server-side scripting, no
> login forms, no forums, no databases, no fancy modules -- yup, you
> can
> say this is so 1989. :)
>
> I have already dug into the documentation and I am aware that I have
> to at least define the basic directives ServerRoot, Listen,
> ServerName, DocumentRoot, and Directory for a site to work, but it
> doesn't seem so clear which modules/directives I can live without.
>
> I suppose I will have to enable the dir_module and add/edit some
> directives/modules for error reporting and for redirecting. As I
> mentioned previously, I will also be making use of the VirtualHost
> directive.
VirtualHosts are a core functionality. Redirects, strangely, are not
They can be found in mod_alias
> Here is a sample minimalist configuration file for a local server I
> started from scratch:
>
>
>
> # Specify the Apache Server's directory where all configuration
> files,
> modules and error logs are stored.
> ServerRoot "E:/apache"
>
> # Specify the IP addresses and/or ports Apache will listen on.
> Listen 127.0.0.1:80
>
> # Specify on which IP address Apache will listen for name-based
> virtual hosts.
> NameVirtualHost 127.0.0.1:80
>
> # Specify at least the IP(s) and port a virtual host will listen on,
> its name and directory.
> <VirtualHost 127.0.0.1:80>
> ServerName site1
> ServerAdmin admin@site1
> DocumentRoot "E:/site1"
> <Directory "E:/site1">
> Options FollowSymLinks
> AllowOverride None
> Order deny,allow
> Deny from all
> Allow from 127.0.0.1
> </Directory>
> </VirtualHost>
>
> <VirtualHost 127.0.0.1:80>
> ServerName site2
> ServerAdmin admin@site2
> DocumentRoot "E:/site2"
> <Directory "E:/site2">
> Options FollowSymLinks
> AllowOverride None
> Order deny,allow
> Deny from all
> Allow from 127.0.0.1
> </Directory>
> </VirtualHost>
>
> # Specify which Apache modules will be enabled on startup.
> LoadModule dir_module modules/mod_dir.so
> LoadModule log_config_module modules/mod_log_config.so
>
> # Specify the default file to be served when a directory is
> requested.
> <IfModule dir_module>
Rather than placing directives in IfModule, I prefer to
put a LoadModule line there, like so:
<IfModule !dir_module>
LoadModule modules/mod_dir.so
</IfModule>
> DirectoryIndex index.htm
> </IfModule>
This:
> # Specify the default error log file location.
> ErrorLog "logs/error.log"
is default:
http://httpd.apache.org/docs/current/mod/core.html#errorlog
technically, you wouldn't need it ;)
>
>
> I would be really grateful if you can pinpoint any
> problems/limitations/trade-offs in this configuration in regard to my
> website requirements. Please note this is a local server
> configuration
> and this is why I set the Order/Allow/Deny directives to allow
> requests only from the local IP address. I will be moving my server
> to
> a VPS soon, so I will have to adapt it to that environment in the
> near
> future.
First off I'd like to point you to my
http://blag.esotericsystems.at/2010/04/simple-small-secure/
and Mark's (linked) attempt at this.
It makes a great deal of sense to specify global policies, so
your VirtualHosts don't have to repeat so much.
> Please understand I want to start as small as possible and build
> slowly on my skills and knowledge. I am sure this setup will be a
> piece of cake for most of you on the list, but I hope you can find
> the
> time to give me a few guidelines.
Finally, because you're not touching those values, the MPM parameters
( http://httpd.apache.org/docs/current/mpm.html )
will be set to default values which probably will not really apply
to your environment later
But.. first things first.. baby steps, I say. Baby steps.
> Thank you!
bye,
i
--
Igor GaliÄ
Tel: +43 (0) 664 886 22 883
Mail: i.galic@xxxxxxxxxxxxxx
URL: http://brainsware.org/
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
" from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|