Re: Looking for a superminimalist configuration for serving static pages only.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



----- "Appache Lion" <apachelion@xxxxxxxxx> wrote:

> Hey, all!
> 
> This is my first post to the list and before anything else, I would
> like to applaud everyone in the community for their great
> contributions and the wonderful software they develop.

Thank you very much, it's always great to hear such feedback.

> I've been playing around with Apache 2.2.16 locally on my Windows PC
> for the last few weeks, and being the minimalist I am, I want to
> reduce the configuration options to the bare minimum. Since I will be
> serving only static pages and images for a few websites, I need to
> leave just the essential functionality:

One of the best advises I've read in Ivan RistiÄ's Apache Security
is to start with an empty configuration file.

> 1. serve HTML, CSS, JavaScript, and image files over the Web
> 2. serve different domains/folders on the same IP address via
> VirtalHosts
> 3. redirect different domains to the same virtual host
> 4. redirect mistyped or non-existing URLs to real ones
> 5. block/redirect all requests for non-publicly shared resources;
> secure the server
> 6. set up error reporting
> 
> This is really all I need at the moment; no server-side scripting, no
> login forms, no forums, no databases, no fancy modules -- yup, you
> can
> say this is so 1989. :)
> 
> I have already dug into the documentation and I am aware that I have
> to at least define the basic directives ServerRoot, Listen,
> ServerName, DocumentRoot, and Directory for a site to work, but it
> doesn't seem so clear which modules/directives I can live without.
> 
> I suppose I will have to enable the dir_module and add/edit some
> directives/modules for error reporting and for redirecting. As I
> mentioned previously, I will also be making use of the VirtualHost
> directive.

VirtualHosts are a core functionality. Redirects, strangely, are not
They can be found in mod_alias

> Here is a sample minimalist configuration file for a local server I
> started from scratch:
> 
> 
> 
> # Specify the Apache Server's directory where all configuration
> files,
> modules and error logs are stored.
> ServerRoot "E:/apache"
> 
> # Specify the IP addresses and/or ports Apache will listen on.
> Listen 127.0.0.1:80
> 
> # Specify on which IP address Apache will listen for name-based
> virtual hosts.
> NameVirtualHost 127.0.0.1:80
> 
> # Specify at least the IP(s) and port a virtual host will listen on,
> its name and directory.
> <VirtualHost 127.0.0.1:80>
> 	ServerName site1
> 	ServerAdmin admin@site1
> 	DocumentRoot "E:/site1"
> 	<Directory "E:/site1">
> 		Options FollowSymLinks
> 		AllowOverride None
> 		Order deny,allow
> 		Deny from all
> 		Allow from 127.0.0.1
> 	</Directory>
> </VirtualHost>
> 
> <VirtualHost 127.0.0.1:80>
> 	ServerName site2
> 	ServerAdmin admin@site2
> 	DocumentRoot "E:/site2"
> 	<Directory "E:/site2">
> 		Options FollowSymLinks
> 		AllowOverride None
> 		Order deny,allow
> 		Deny from all
> 		Allow from 127.0.0.1
> 	</Directory>
> </VirtualHost>
> 
> # Specify which Apache modules will be enabled on startup.
> LoadModule dir_module modules/mod_dir.so
> LoadModule log_config_module modules/mod_log_config.so
> 
> # Specify the default file to be served when a directory is
> requested.
> <IfModule dir_module>

Rather than placing directives in IfModule, I prefer to
put a LoadModule line there, like so:

 <IfModule !dir_module>
    LoadModule modules/mod_dir.so
 </IfModule>

>     DirectoryIndex index.htm
> </IfModule>

This:

> # Specify the default error log file location.
> ErrorLog "logs/error.log"

is default:
http://httpd.apache.org/docs/current/mod/core.html#errorlog
technically, you wouldn't need it ;)

> 
> 
> I would be really grateful if you can pinpoint any
> problems/limitations/trade-offs in this configuration in regard to my
> website requirements. Please note this is a local server
> configuration
> and this is why I set the Order/Allow/Deny directives to allow
> requests only from the local IP address. I will be moving my server
> to
> a VPS soon, so I will have to adapt it to that environment in the
> near
> future.

First off I'd like to point you to my 
http://blag.esotericsystems.at/2010/04/simple-small-secure/
and Mark's (linked) attempt at this.

It makes a great deal of sense to specify global policies, so
your VirtualHosts don't have to repeat so much.

 
> Please understand I want to start as small as possible and build
> slowly on my skills and knowledge. I am sure this setup will be a
> piece of cake for most of you on the list, but I hope you can find
> the
> time to give me a few guidelines.

Finally, because you're not touching those values, the MPM parameters
( http://httpd.apache.org/docs/current/mpm.html )
will be set to default values which probably will not really apply
to your environment later

But.. first things first.. baby steps, I say. Baby steps.

> Thank you!

bye,
i

-- 
Igor GaliÄ

Tel: +43 (0) 664 886 22 883
Mail: i.galic@xxxxxxxxxxxxxx
URL: http://brainsware.org/

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx




[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux