Mini Servers: Apache 2.2.9 Portable
Compact but fully functional.
Mini server using Apache 2.2.9 Core
A mini server with all the power of Apache and the portability of Uniform Server what a mix, one very neat compact server. (see support files for download)
Its one of those interesting facts of life! Things progress, a few years ago, mention of this server’s specification running on a laptop would have made me a serious candidate for the funny farm. That’s no longer true! I mean the spec however the....
This write-up shows how to install, configure Apache 2.2.9 and to minimise the risk of unauthorized access.
The server has the following specification:
- Server shall be portable
- Only static HTML pages shall be served.
- The server shall log all web requests.
- All unused modules shall be disabled.
The specification dictates using the minimum number of Apache (2.2.9) modules. You may be interested in the final disk size for such a solution, surprisingly its only 1.03MB for a server meeting our specification.
Don’t be deceived by the size it is a fully functioning production server. I have removed the complexity highlighting security issues.
Take the last line of the specification; it states only modules required shall be installed. This increases security because any unused but installed modules have the capability to interact with others. It requires only one security vulnerability in any one of these unused modules to put the whole system at risk. Knowing our functionality requirements allows a list of required modules to be prepared and to exclude all unused modules.
In terms of security always ask the question do we need that module if not don’t install it. The same argument applies to any other software, if its not required uninstall it.
A complete list with a full description of Apache modules can be found here Apache Docs . Modules we require are listed below, note the core module is part of the main binary (program) and loaded by default.
Highlighted in bold are separate modules these are loaded using Apache's configuration file.
Core Apache HTTP Server features that are always available included in the binary (program).
|mpm_winnt.c||WinNT MPM part of the Windows Apache core. A Multi-Processing Module (MPM) it is the default for Windows NT operating systems. Uses a single control process which launches a single child process which in turn creates threads to handle requests. (This is the reason you will see two Apache processes in task manager)|
Group authorizations based on host (name or IP address). Required to restrict access to folders etc.
|mod_dir||Provides for "trailing slash" redirects and serving directory index files. (Optional but nice to have otherwise a user needs to type index.html on entry to a folder or for initial web site access. It prevents this error message: The requested URL / was not found on this server.)|
|mod_log_config||Logging of the requests made to the server. (Not required for server operation however extremely useful to see what the server is doing. )|
|mod_mime||Associates the requested filename's extensions with the file's behavior (handlers and filters) and content (mime-type, language, character set and encoding) Note without this module the file will be served as plain text. DefaultType text/plain|
When starting Apache you supply it with the location and name of a configuration file this overrides the default location compiled into the program. Its common practice to name the file httpd.conf and place it in a sub-folder named conf.
Before running Apache, we need to create a configuration file with the following content:
Note: Apache’s example configuration file contains a lot of detailed information I personally find this confusing and prefer to remove this detail. Chose whatever file format you are happy with.
|httpd.conf located in folder: *\udrive\usr\local\apache2\conf||Comments|
# UniCenter - Very basic server
General information a reminder for what the configuration is for.
Lists all modules you wish to load.
Note: For some modules the order is important.
Order of priority is from bottom to top; hence if a module is dependent on another it should come first in the list.
These settings are common to the main server.
Most settings in this section have defaults however I like to see what I am using hence list them regardless.
Listen: Server listening port, standard is port 80 change this to move the server to another port.
ServerName: For reliability always specify a host name and port. Note: localhost is valid however if you have a DNS entry use your fully qualified domain name eg www.fred.com Alternatively you can leave this as localhost and use your fully qualified domain name in a Vost section (not covered in this server example).
ServerRoot: Path where the Apache program is located.
DocumentRoot: Folder where your web-site will be served from.
DirectoryIndex: When a user requests a page supplying only a folder name (example fred.com) the index page is automatically returned by default. Note you can have more than one index page in the same folder with a different file extension. Order of priority left to right, first one found in the list is returned, all others are ignored.
Most settings in this section have defaults however again I like to see what I am using hence list them regardless.
ThreadsPerChild 64 if your server is slow to respond increase this to 250.
Each directory to which Apache has access can be configured with respect to which services and features are allowed and/or disabled in that directory (and its subdirectories).
Apache has access to all folders and files on the drive it is installed on. The first directive is very restrictive:
Options None: Turns off, directory browsing, server side includes, CGI execution, follow symbolic links.
AllowOverride None: Turns off support for .htaccess files
Deny from all: No one allowed access.
The only way to gain access is to target each folder in turn and open it up as required. We target folder www and allow access from all. (It’s the folder containing your web site)
In conjunction with the mime_module the directive TypesConfig is used to specify a file which maps extensions onto MIME types. Note without the module and this file served pages will be in plain text.
This sets up the appropriate log format (what details are logged) and specifies the log file name and location.
Note: debug eats disk space hence warn is a reasonable setting.
A word of caution although the server is very secure it is not possible to guarantee one hundred percent. Added to this a real problem of running on a machine populated with other software this increases the security risk. It requires only one security vulnerability in any of these programs to compromise the whole system.
Try not to be over paranoid with security issues then again do not be complacent. No single site on the Internet and that includes this one can ever cover all security issues. My personal advice is to get out there and research the subject, seek out what the professionals advise.
Each time a module is added Apache’s configuration file increases in complexity. Our minimalist solution reduces this complexity while still harnessing the power of Apache to great effect. Now take another look at that access control block, encapsulated in such a small space are very powerful control features. I have only scratched the surface of this block, for detailed information go to Apache’s web site. The real point I am trying to make, for this server, implementing security is clean neat and visible.
Each mini server is complete and zipped into a single self-extracting archive file.
Download this server from the mini server's Support and download page. Save the file uc_server_1a.exe to any folder of your choice.
Note: Check the file's integrity using its MD5 a suitable checker winMd5Sum Portable can be found at Portable Apps under Utilities.
Double click on uc_server_1a.exe, starts the extraction process. No need to change the folder destination, click extract, this creates a new folder uc_server_1a containing two files and one folder.
- uc_server_start.bat - Double click to start the server
- uc_server_stop.bat - Double click to stop server
- udrive - Folder containing server and your web site.
Testing is straight forward.
- Start the server by double clicking on uc_server_start.bat (Creates a virtual drive "w" to run the server on)
- Start a web browser.
- Type http://localhost/ into the browser address bar.
- An index page is displayed, check out the test site MPG1.
- Stop the server by double clicking on uc_server_stop.bat
Note: If you need to change the virtual drive letter open file uc_server_start.bat locate this line:
if "%Disk%"=="" set Disk=w and change the drive letter from w to one that is not being used.
Your web site
Open the folder www located in folder *uc_server_1a\udrive\www (Note * is the path to the folder you extracted the server files) delete everything in www and copy your site into it.
Note: Make sure one of your pages in folder www is named index.html or index.htm, otherwise you will need to type a page name in every time to access your site.
Don’t be deceived by this mini server's size, remember its powered by Apache and very secure. For a quick test I loaded UniCenter and put the server on-line.
I was surprised how fast it was. One final test I could not resist, dumped the entire server straight onto a USB memory stick and put that on-line. The speed was slightly slower, note I was using a cheapo memory stick. I was more than impressed with this dynamic duo Apache and Uniform Server make an excellent basic portable server.