Views
|
Mini Servers: Introduction | Support | Server 1 - Portable | Server 2 - Service | Server 3 - Portable Authentication | Server 4 - Portable Authen. SSL | Server 5 - SSL Standalone | Browsers dislike self-signed certificates | Server 6 - PHP 5.2.6 Portable | Server 7 - PHP 5.2.6 Service | Server 8 - MySQL Support | Guest Book | Server 9 - Perl 5.2.6 Portable | Server 10 - Perl 5.2.6 Service | Server 11 - MySQL 5.0.67 Portable | Server 12 - MySQL 5.0.67 Service | Server 13 - MySQL 4.1.22 Portable | Server 14 - MySQL 4.1.22 Service | phpMyAdmin - Mini support | MySQL - General problems |
|
|
|
| Mini Servers: Compact fully functional. |
This mini server uses mini-server 1 as a starting point it shows how to increase this basic servers functionality. Being a demo server I have moved it to port 8083. Each additional piece of functionality is independent however where there are module dependencies I have highlighted these.
The following shows how to enable .htaccess, basic authentication and mod rewrite. Mod rewrite is used to enhance basic authentication.
Moving the Server
If you need to run the server on a different port or virtual drive this is straight forward:
Change virtual drive
The server automatically detects the first free drive letter and uses that to run the server on. You can override this in one of two ways:
- Start the server using a drive parameter for example: server_start.bat z this forces the server to use drive z
- Edit server_start.bat, locate the following line:
rem set Disk=w
Remove the rem and replace w with the letter you want to use for example:
set Disk=x Forces the server to use drive letter x
Change server default port
- Edit httpd.conf located in folder *\udrive\usr\local\apache2\conf locate these lines:
- Listen 8083
- ServerName localhost:8083
- Change them as follows:
- Listen 8080
- ServerName localhost:8080
To access the server type http://localhost:8080/ into your browser address bar.
If port already in use try any value above 2000
How to enable htaccess
Apache uses additional configuration files these either override or add directives to the main configuration. Any changes made in these files unlike httpd.conf do not require a server re-start.
Add the directive AllowOverride All to the root folder. This directive means all Apache directives can be overridden or added.
<Directory "/www"> AllowOverride All Order allow,deny Allow from all </Directory>
Note: I have not added this directive to the main directory because putting it in the web root gives a slight speed advantage.
File name:
Apache needs to know the file name of the designated additional configuration file. The name can be anything thing you like however by tradition its named .htacces its a good idea to stick with this. The directive to add the file name is AccessFileName .htaccess.
This file along with a similarly named password file shall not be viewable to restrict Internet user access add the following file restrictions.
AccessFileName .htaccess
<Files ~ "^\.ht">
Order allow,deny
Deny from all
</Files>
Note: The password file will not be accessible since it is located outside of the root folder www. In this situation the above code is belt and braces however third party scripts may be using password files within the root folder hence keep the code as is.
That's all there is to enabling htaccess files, before you can use them the server must be restarted to pick up the new main configuration file. At this stage if you place either authentication or mode rewrite directives in the htaccess file andrun the server it will cause Apache to spit out misconfiguration errors. To use these directives the appropriate modules must be included in the main configuration file httpd.conf these are covered in the following sections.
How to add authentication
Basic authentication is dependent on three modules add the following directives to the modules section in httpd.conf.
LoadModule auth_basic_module modules/mod_auth_basic.so LoadModule authn_file_module modules/mod_authn_file.so LoadModule authz_user_module modules/mod_authz_user.so
The directives on their own are of little use unless you copy the three modules to folder *\udrive\usr\local\apache2\modules hence the reason for downloading a full copy of Apache allows you to pick the modules you require.
Note: After adding modules always restart the server otherwise Apache will not be able to pick up the new configuration..
Add password folder
Basic authentication uses name and password pairs these are stored in a text file named .htpasswd however you can use any name you like again convention dictates .htpasswd hence best to use that.
For security this file must be located outside of the server web root (folder www). Uniform server uses the following folder:
- *\udrive\htpasswd\www
You can change this to suite your own requirements I will stick with this only because it keeps commoality between the mini servers and Uniform Server 3.5-Apollo.
Edit the file .htpasswd and add the following name:password pair:
root:root
Note: Name may include spaces the password shall be something long and random e.g:
- John Smith:x5Wl8df6a29
- Mike:Qn67sG8k2
htaccess file
Before we can test copy an .htaccess file to folder www the one from Uniform Server will do.
Edit the file to look like this:
AuthName "Uniform Server - Server Access" AuthType Basic AuthUserFile /htpasswd/www/.htpasswd Require valid-user
Note: AuthName the text between quotes will be displayed in the browser popup box
Testing
Testing is straight forward restart the server and type http:/localhost:8083/ into your browsers address bar.
You will be challenged for a name and password enter root and root to display the index page.
Before moving onto mod rewrite edit the .htacces file to look like
#AuthName "Uniform Server - Server Access" #AuthType Basic #AuthUserFile /htpasswd/www/.htpasswd #Require valid-user
with the lines commented out authentication is disabled.
Alternatively delete the file its not required since we are going to protect specific folders.
How to add mod rewrite
Mod rewrite has no dependencies add the following line to the modules section in httpd.conf.
LoadModule rewrite_module modules/mod_rewrite.so
The directive instructs Apache to load mod rewrite when the server is restarted. Remember to copy the module mod_rewrite.so from the full download into folder *\udrive\usr\local\apache2\modules. Mod rewrite is extremely powerful and weights in at only 57K.
Mini server httpd.conf
Our complete configuration file is shown below some modules are inter dependent because of this their order is important.
Tip: When adding modules check the downloaded full package httpd.conf configuration file it lists the correct order for all modules.
# =================================================
# Modules
# =================================================
LoadModule auth_basic_module modules/mod_auth_basic.so
LoadModule authn_file_module modules/mod_authn_file.so
LoadModule authz_user_module modules/mod_authz_user.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule dir_module modules/mod_dir.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule mime_module modules/mod_mime.so
LoadModule rewrite_module modules/mod_rewrite.so
# =================================================
# Basic settings
# =================================================
Listen 8083
ServerName localhost:8083
ServerAdmin fred@www.somedomain.com
UseCanonicalName Off
ServerSignature Off
HostnameLookups Off
ServerTokens Prod
ServerRoot "/usr/local/apache2"
DocumentRoot "/www"
PidFile /usr/local/apache2/logs/httpd.pid
<IfModule mod_dir.c>
DirectoryIndex index.html index.htm
</IfModule>
# =================================================
# HTTP and performance settings
# =================================================
Timeout 300
KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 15
<IfModule mpm_winnt.c>
ThreadsPerChild 64
MaxRequestsPerChild 0
</IfModule>
# =================================================
# Access control
# =================================================
<Directory />
Options None
AllowOverride None
Order deny,allow
Deny from all
</Directory>
<Directory "/www">
AllowOverride All
Order allow,deny
Allow from all
</Directory>
AccessFileName .htaccess
# The following lines prevent .htaccess and .htpasswd
# files from being viewed by Web clients.
<Files ~ "^\.ht">
Order allow,deny
Deny from all
</Files>
# =================================================
# MIME encoding
# =================================================
DefaultType text/plain
TypesConfig /usr/local/apache2/conf/mime.types
# =================================================
# Logs: debug, info, notice, warn, error, crit
# =================================================
LogLevel warn
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
ErrorLog "logs/error_log"
CustomLog "logs/access.log" combined
# =================================================
Support files
Each mini server is complete and zipped into a single self-extracting archive file.
Download
Download this server from SourceForge Project Page save the file mini_server_3.exe to any folder of your choice.
Note: Check out the mini server's support and download page detailing how to obtain full binaries for Apache, PHP and Perl.
Extract files
Double click on mini_server_3.exe, starts the extraction process. No need to change the folder destination, click extract, this creates a new folder mini_server_3 containing two files and one folder.
- server_start.bat - Double click to start the server
- server_stop.bat - Double click to stop server
- udrive - Folder containing server and your web site.
Test
Testing is straight forward.
- Start the server by double clicking on server_start.bat (automatically detects free drive letter creates new virtual drive and runs the server.)
- Start a web browser.
- Type http://localhost:8083/ into the browser address bar.
- An index page is displayed, check out the secure areas by clicking links secure1 or secure2.
- Stop the server by double clicking on server_stop.bat
Note 1: If you need to change the server port from 8083 edit httpd.conf accordingly..
Authentication
I have added two examples to demonstrate the use of htaccess files to protect folders using basic authentication which in turn are enhanced by mod rewrite. A full write-up of this concept can be found on this page Basic authentication and redirection
Secure1
From the main index page click on the secure1 link. This takes you to a protected folder where you will be challenged for a name and password. Enter one of the name/password pairs shown, you will be able to view a single personal page. Each page contain cross links to other personal pages see what happens when you click one of these links.
Note: To re-log in you must restart your browser.
Folder secure1 is protected by the the following .htaccess file:
AuthName "To give you a clue the following are the name:password pairs: John:21,
Dave Smith:22 and Mike:23 these will take you to the private pages."
AuthType Basic
AuthUserFile /htpasswd/www/.htpasswd
Require valid-user
Options +FollowSymLinks
#Options +Indexes
RewriteEngine On
RewriteBase /
RewriteCond $1 !^John\.html
RewriteCond %{REMOTE_user} ^John$
RewriteRule (.*) /secure/John.html [R,L]
RewriteCond $1 !^Dave\.html
RewriteCond %{REMOTE_user} ^Dave\ Smith$
RewriteRule (.*) /secure/Dave.html [R,L]
RewriteCond $1 !^Mike\.html
RewriteCond %{REMOTE_user} ^Mike$
RewriteRule (.*) /secure/Mike.html [R,L]
Note: Make sure to change the line AuthName to something like "Please login to your secure page" I included name/password pairs to make it easier to test.
Secure2
From the main index page click on the secure2 link. This takes you to a protected folder where you will be challenged for a name and password. Enter one of the name/password pairs shown, you will be able to view the contents of a personal folder. Each personal index page contain cross links to other personal folders see what happens when you click one of these links.
Note: To re-log in you must restart your browser.
Folder secure2 is protected by the the following htaccess file:
AuthName "To give you a clue the following are the name:password pairs: Jane:41,
Dawn:42 and Ruth Smith:43 these will take you to the private folders."
AuthType Basic
AuthUserFile /htpasswd/www/.htpasswd
Require valid-user
Options +FollowSymLinks
RewriteEngine On
RewriteBase /
RewriteEngine on
RewriteCond $1 !^mpg1/
RewriteCond %{REMOTE_user} ^Jane$
RewriteRule ^(.*) secure2/mpg1/$1 [R,L]
RewriteCond $1 !^mpg2/
RewriteCond %{REMOTE_user} ^Dawn$
RewriteRule ^(.*) secure2/mpg2/$1 [R,L]
RewriteCond $1 !^mpg3/
RewriteCond %{REMOTE_user} ^Ruth\ Smith$
RewriteRule ^(.*) secure2/mpg3/$1 [R,L]
Note: Make sure to change the line AuthName to something like "Please login to your secure folder" I included name/password pairs to make it easier to test.
Multi Servers
If you wish to run several mini servers at the same time create a new folder for each server and copy folder mini_server_3 into each of these.
Change the server port for each server to be unique. The servers may be started in any order.
Note: You can run the mini servers alongside Uniform Server 3.5-Apollo however you must start Uniform Server first.
Summary
These mini-servers are indented to show you how to build in functionality as and when required, primarily to remove bloat and increase security. You now have a basic server with the capability of of mod rewrite and basic authentication to protect individual folders.
The real problem with this protection it is not secure, name/password pairs including pages are sent unencrypted. This plain text can easily be intercepted exposing your passwords. The next server (Mini Server 4) in this series addresses this major issue by adding SSL.
 | Ric |
