Mini Servers: Apache 2.2.9 Perl 5.10 Portable
Mini Servers: Introduction | Support | Server 1 - Portable | Server 2 - Service | Server 3 - Portable Authentication | Server 4 - Portable Authen. SSL | Server 5 - SSL Standalone | Browsers dislike self-signed certificates | Server 6 - PHP 5.2.6 Portable | Server 7 - PHP 5.2.6 Service | Server 8 - MySQL Support | Guest Book | Server 9 - Perl 5.2.6 Portable | Server 10 - Perl 5.2.6 Service | Server 11 - MySQL 5.0.67 Portable | Server 12 - MySQL 5.0.67 Service | Server 13 - MySQL 4.1.22 Portable | Server 14 - MySQL 4.1.22 Service | phpMyAdmin - Mini support | MySQL - General problems |
Mini Servers: Compact but fully functional. |
Mini Server 9 using Apache 2.2.9 and Activestate Perl 5.10 Core
This mini server packs a real punch; trouble is it also packs a real disk hit, using the full version of Perl you are looking at 53M hence I have used only the core and few modules reducing the server to about 3MB. It still provides usful features for dynamic pages adding a Perl core greatly extends the server's power.
Note: Check the support files section for download details.
Security
In order for Perl applications to perform their task they need to interact with the underlying programs if a security hole exists between interactions it can be exploited. Exploitation occurs only when data is returned by a user! or if the script is malicious.
Hence use well-written scripts, it is standard practice to confine scripts to a separate folder known as the cgi-bin.
Lets get the server up and running with Perl.
Specification
The server has the following specification:
- Server shall be portable
- Static HTML and Dynamic Perl pages shall be served.
- SSI shall be enabled
- The server shall log all web requests.
- All unused modules shall be disabled.
Our mini server is intended to be small. In keeping with this philosophy only the Perl core and a few library elements shall be used it is relatively large at 2MB however this is small in comparison to the complete Perl package of 50MB.
If the basic core and included library elements do not meet your requirements download the full Perl package and add libraries as required.
Configuring Apache
Using the configuration file from server 1 very few changes are required however a new section is required to implement a safe location for CGI scripts. I have highlighted the changes and new section in bold.
Note: I have moved the server to port 8089 prevents clashing with other servers.
httpd.conf located in folder: *\udrive\usr\local\apache2\conf | Comments |
---|---|
# File name: http.conf |
|
# ================================================ |
LoadModule alias_module: Module required to handle alias directives LoadModule cgi_module: Module required to handle CGI scripts "Perl". LoadModule include_module: Allows a page to be passed for SSI (Server side includes) embedded commands allow a page to call CGI scripts. |
# ======================================== |
DirectoryIndex: When a user requests a page supplying only a folder name (example fred.com) the index page is automatically returned by default. Note you can have more than one index page in the same folder with a different file extension. Order of priority left to right, first one found in the list is returned, all other are ignored. I have added index.pl and index.cg to this list. AddHandler server-parsed: Pages with a file extension that is in the list are processed by Apache for embedded SSI commands. |
# ======================================== |
|
# ======================================== <Directory "/www"> |
Options FollowSymLinks: The Options directive controls which server features are available in a particular directory. The restrictive parameters specified for the root directory <Directory /> , Options is set to only FollowSymLinks. No features are enabled, except that the server is allowed to follow symbolic links in the root directory. Document root folder <Directory "/www"> Options: Indexes: Permits the server to generate a directory listing for a directory if no DirectoryIndex (for example, index.html) is specified. FollowSymLinks: Allows the server to follow symbolic links in this directory. |
# ======================================== <Directory "/cgi-bin"> |
The ScriptAlias directive defines where CGI scripts are located. A special directory known as cgi-bin outside of the DocumentRoot contains your server-side executable files and scripts. This prevents them being directly accessible over the Internet. |
# ======================================== |
|
# ======================================== |
|
Perl - Core
Although our mini server only uses the Perl core you need to download the full package to extract it. (OK I have included a core in the support files) Check the Activestate site and download any newer version this allows you to install any libraries you require. On the other hand perhaps you want to run an earlier version of Perl. The following outlines how to install Perl on our mini server.
Download
We are not interested in installing Perl on our PC, hence download a zip package.
- The mini servers use ActivePerl-5.10.0.1003-MSWin32-x86-285500.zip downloadable from Activestate download page.
- After downloading, unzip to any folder; locate the files perl.exe and perl510.dll and copy them to the mini server folder *\mini_server_9\udrive\usr\bin
- Create a new folder *\mini_server_9\udrive\usr\lib and add libraries as required. (I have included a small number of library elements in the support files.)
Perl ini
Believe it or not, that’s all there is to the installation process. A Perl ini file is not required; it's provided in the core.
Testing
Double click on server_start.bat and check the server runs.
Type http://localhost:8089 into your browser address bar.
Security
When testing you need as much information as possible however when you put your servers on-line its best to restrict what you make public.
Restrict public Information:
Make sure the following are set in the Apache configuration file:
- ServerTokens Prod – Prevents exposing server information makes it a little more difficult for automated attacks, which scan for vulnerable versions of Apache or its modules.
- ServerSignature Off - Suppresses the error line which exposes the server version number, virtual host ServerName, "mailto:" reference to the ServerAdmin
The above are not real security measures they just provide a little fence to be jumped when a script kiddie wants to play.
Support files
Each mini server is complete and zipped into a single self-extracting archive file.
Download
Download this server from SourceForge Project Page save the file mini_server_9.exe to any folder of your choice.
Note: Check out the mini server's support and download page detailing how to obtain full binaries for Apache and Perl.
Extract files
Double click on mini_server_9.exe, starts the extraction process.
No need to change the folder destination, click extract, this creates a new folder mini_server_9 containing the following:
|
Test
Testing is straight forward.
- Start the server by double clicking on server_start.bat (automatically detects free drive letter creates new virtual drive and runs the server.)
- Start a web browser.
- Type http://localhost:8089/ into the browser address bar.
- An index page is displayed, check out the test site test1,test2 (Perl single page web site).
- Stop the server by double clicking on server_stop.bat
Your web site
Open the folder www located in folder *mini_server_9\udrive\www (Note * is the path to the folder you extracted the server files) delete everything in www and copy your site into it.
Note: Make sure one of your pages in folder www is named index.html or index.htm, otherwise you will need to type a page name in every time to access your site.
e.g. http://localhost:8089/somepage.html
Problems - shebang
I found this to be a real pain you need to change the “shebang” depending on how you run the mini server, portable or as a service. If you're running CGI's on Windows use the portable server, this will allow you to move the scripts to a Unix system without change!
The following lists the “shebang” required to get your cgi scripts working:
- Reference Unix: #!/usr/bin/perl
- Mini Portable Server: #!/usr/bin/perl
- Mini Server run as service: #!c:/mini_server_10/usr/bin/perl
Note: If you use the Unix "shebang" on a mini server installed as a service you will receive this error message in
Apache's error log: (OS 3) The system cannot find the path specified
Change Virtual Drive
The server automatically detects the first free drive letter and uses that to run the server on. You can override this in one of two ways:
- Start the server using a drive parameter for example: server_start.bat z this forces the server to use drive z
- Edit server_start.bat, locate the following line:
rem set Disk=w
Remove the rem and replace w with the letter you want to use for example:
set Disk=x Forces the server to use drive letter x
Change server default port
- Open file: httpd.conf (Located in folder: \mini_server_9\udrive\usr\local\apache2\conf)
- Locate the lines:
Listen 8089
ServerName localhost:8089 - Change to:
Listen 8080
ServerName localhost:8080
This moves the server to the standard secondary web server port
Note: Type http://localhost:8080 into a browser to view the site.
If port already in use, try any value above 2000
Multi Servers
If you wish to run several mini servers at the same time create a new folder for each server and copy contents of mini_server_9 into each of these.
Change the server port for each server to be unique. The servers may be started in any order.
Note: You can run the mini servers alongside Uniform Server 3.5-Apollo however you must start Uniform Server first.
Summary
This mini server is ideal for learning Perl its compact size allows you have several copies installed on a USB pen drive each with different test applications.
I must stress that it’s very compact because it uses the bare minimum of Perl’s modules. Download the full version and select the modules you require this page will help if you have problems.
This server can also be run as a service covered on the next page.
Ric |