Книга: Fedora™ Unleashed, 2008 edition
Editing httpd.conf
Разделы на этой странице:
Editing httpd.conf
Most of the default settings in the config file are okay to keep, particularly if you've installed the server in a default location and aren't doing anything unusual on your server. In general, if you don't understand what a particular directive is for, you should leave it set to the default value.
The following sections describe some of the configuration file settings you might want to change concerning operation of your server.
ServerRoot
The ServerRoot
directive sets the absolute path to your server directory. This directive tells the server where to find all the resources and configuration files. Many of these resources are specified in the configuration files relative to the ServerRoot
directory.
Your ServerRoot
directive should be set to /etc/httpd
if you installed the RPM or /usr/local/apache
(or whatever directory you chose when you compiled Apache) if you installed from the source.
Listen
The Listen
directive indicates on which port you want your server to run. By default, this is set to 80, which is the standard HTTP port number. You might want to run your server on another port — for example, when running a test server that you don't want people to find by accident. Don't confuse this with real security! See the "File System Authentication and Access Control" section for more information about how to secure parts of your web server.
User
and Group
The User
and Group
directives should be set to the UID and group ID (GID) the server uses to process requests. In Fedora, set these configurations to a user with few or no privileges. In this case, they're set to user apache
and group apache
— a user defined specifically to run Apache. If you want to use a different UID or GID, be aware that the server runs with the permissions of the user and group set here. That means in the event of a security breach, whether on the server or (more likely) in your own CGI programs, those programs run with the assigned UID. If the server runs as root or some other privileged user, someone can exploit the security holes and do nasty things to your site. Always think in terms of the specified user running a command such as rm -rf /
because that would wipe all files from your system. That should convince you that leaving apache
as a user with no privileges is probably a good thing.
Instead of using names to specify the User
and Group
directives, you can specify them with the UID and GID numbers. If you use numbers, be sure that the numbers you specify correspond to the user and group you want and that they're preceded by the pound (#) symbol.
Here's how these directives look if specified by name:
User apache
Group apache
Here's the same specification by UID and GID:
User #48
Group #48
TIP
If you find a user on your system (other than root) with a UID and GID of 0
, your system has been compromised by a malicious user.
ServerAdmin
The ServerAdmin
directive should be set to the address of the webmaster managing the server. This address should be a valid email address or alias, such as [email protected], because this address is returned to a visitor when a problem occurs on the server.
ServerName
The ServerName directive sets the hostname that the server returns. Set it to a fully qualified domain name (FQDN). For example, set it to www.your.domain
rather than simply www
. This is particularly important if this machine will be accessible from the Internet rather than just on your local network.
You don't need to set this unless you want a name other than the machine's canonical name returned. If this value isn't set, the server will figure out the name by itself and set it to its canonical name. However, you might want the server to return a friendlier address, such as www.your.domain. Whatever you do, ServerName should be a real domain name service (DNS) name for your network. If you're administering your own DNS, remember to add an alias for your host. If someone else manages the DNS for you, ask that person to set this name for you.
DocumentRoot
Set this directive to the absolute path of your document tree, which is the top directory from which Apache serves files. By default, it's set to /var/www/html/usage
. If you built the source code yourself, DocumentRoot
is set to /usr/local/apache/htdocs
(if you didn't choose another directory when you compiled Apache). Prior to version 1.3.4, this directive appears in srm.conf
.
UserDir
The UserDir
directive disables or enables and defines the directory (relative to a local user's home directory) where that user can put public HTML documents. It's relative because each user has her own HTML directory. This setting is disabled by default but can be enabled to store user web content under any directory.
The default setting for this directive, if enabled, is public_html
. Each user can create a directory called public_html
under her home directory, and HTML documents placed in that directory are available as http://servername/~username
, where username
is the username of the particular user. Prior to version Apache version 1.3.4, this directive appears in srm.conf.
DirectoryIndex
The DirectoryIndex
directive indicates which file should be served as the index for a directory, such as which file should be served if the URL http://servername/_SomeDirectory/
is requested.
It's often useful to put a list of files here so that if index.html
(the default value) isn't found, another file can be served instead. The most useful application of this is to have a CGI program run as the default action in a directory. If you have users who make their web pages on Windows, you might want to add index.htm
as well. In that case, the directive would look like DirectoryIndex index.html index.cgi index.htm
. Prior to version 1.3.4, this directive appears in srm.conf
.