Beruflich Dokumente
Kultur Dokumente
WebhostingandInternetservers
Webhostingbasics
HTTPserverinstallation
Virtualinterfaces
Cachingandproxyservers
FTPservers
Spring2004
CSE398:SystemAdministration
2004BrianD.Davison
Webhostingbasics
Needaserver,(typically)listeningonport80
acceptingrequestsfordocsandtransmittingthem
maydynamicallygeneratedocsaswellasusefiles
URLs:Uniformresourcelocators
Spring2004
Protocol
Hostname
TCP/IPport(optional)
Directory(optional)
Filename
http://www.apache.org:80/foundation/FAQ.html
CSE398:SystemAdministration
2004BrianD.Davison
Commonprotocols
Protocol What it does
Example
http
http://admin.com/index.html
https
https://admin.com/order.shtml
ftp
ftp://ftp.xor.com/adduser.tar.gz
mailto
mailto:sa-book@admin.com
news
news:alt.cooking
telnet
telnet://spot.acme.com
ldap
ldap://ldap.bigfoot.com:389/cn=Herb
file
file://etc/syslog.conf
Spring2004
CSE398:SystemAdministration
2004BrianD.Davison
HTTPmessages
SampleHTTPrequestheaders:
GET /somedir/page.html HTTP/1.1
Host: www.someschool.edu
User-agent: Mozilla/4.0
Connection: close
SampleHTTPresponseheaders:
HTTP/1.1 200 OK
Date: Thu, 06 Aug 1998 12:00:15 GMT
Server: Apache/1.3.0 (Unix)
Last-Modified: Mon, 22 Jun 1998 ...
Content-Length: 6821
Content-Type: text/html
Canusetelnetasclienttoseethem
Spring2004
CSE398:SystemAdministration
2004BrianD.Davison
CGI
TheCommonGatewayInterface(CGI)
providesonewaytogeneratecontent
dynamically
Othermethodsarealsopossible
Executesauserprogramtogenerateoutput
Spring2004
Suchprogramsaresecurityrisks
UsuallyprocesssomeinputfromWebinterface
CSE398:SystemAdministration
2004BrianD.Davison
Apache
Apacherunstwothirdsoftheworld'
swebservers
(Netcraft,March2004)
Apache2(includedinmodernreleases)
Supportsmultiprocessandmultthreadedoperation
SupportsSSL/TLSencryption
Supportsproxyoperation
Supportsvirtualhosting
Supportssysloglogging,buttypicallydoesn'
tuseit
http://httpd.apache.org/fordocumentation
Configurationisin/etc/httpd/conf
Spring2004
CSE398:SystemAdministration
2004BrianD.Davison
Apacheconfiguration
KeepAlive Off
MaxKeepAliveRequests 100
KeepAliveTimeout 15
<IfModule prefork.c>
StartServers
8
MinSpareServers
5
MaxSpareServers
20
MaxClients
150
MaxRequestsPerChild 1000
</IfModule>
Listen 80
DocumentRoot "/var/www/html"
<Directory "/var/www/html">
Options Indexes FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
</Directory>
LoadModule
LoadModule
LoadModule
LoadModule
LoadModule
LoadModule
LoadModule
LoadModule
LoadModule
LoadModule
LoadModule
LoadModule
LoadModule
LoadModule
[...]
access_module modules/mod_access.so
auth_module modules/mod_auth.so
auth_dbm_module modules/mod_auth_dbm.so
log_config_module modules/mod_log_config.so
env_module modules/mod_env.so
expires_module modules/mod_expires.so
headers_module modules/mod_headers.so
status_module modules/mod_status.so
autoindex_module modules/mod_autoindex.so
dir_module modules/mod_dir.so
speling_module modules/mod_speling.so
userdir_module modules/mod_userdir.so
alias_module modules/mod_alias.so
rewrite_module modules/mod_rewrite.so
CSE398:SystemAdministration
2004BrianD.Davison
Userhomedirectories
<IfModule mod_userdir.c>
#
UserDir disable
UserDir public_html
</IfModule>
<Directory /home/*/public_html>
AllowOverride All
Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
<Limit GET POST OPTIONS>
Order allow,deny
Allow from all
</Limit>
</Directory>
AccessFileName .htaccess
<Files ~ "^\.ht">
Order allow,deny
Deny from all
</Files>
Spring2004
CSE398:SystemAdministration
2004BrianD.Davison
Apacheproxysupport
#<IfModule mod_proxy.c>
ProxyRequests On
<Proxy *>
Order deny,allow
Deny from all
Allow from .lehigh.edu
</Proxy>
# Enable/disable the handling of HTTP/1.1 "Via:" headers.
# ("Full" adds the server version; "Block" removes all outgoing Via: headers)
# Set to one of: Off | On | Full | Block
#
ProxyVia On
# To enable the cache as well, edit and uncomment the following lines:
# (no cacheing without CacheRoot)
#
CacheRoot "/etc/httpd/proxy"
CacheSize 5
[...]
#</IfModule>
Spring2004
CSE398:SystemAdministration
2004BrianD.Davison
Apachevirtualhosting
NameVirtualHost 128.180.120.32
<VirtualHost 128.180.120.32:80>
ServerName monitors.eecs.lehigh.edu
ServerAlias monitors.eecs
ServerAdmin sysadmin@eecs.lehigh.edu
DocumentRoot /export/www/monitors.eecs.lehigh.edu/html
<Directory "/export/www/monitors.eecs.lehigh.edu/html">
Options Indexes FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
</Directory>
ScriptAlias /cgi-bin/ "/export/www/monitors.eecs.lehigh.edu/cgi-bin/"
<Directory "/export/www/monitors.eecs.lehigh.edu/cgi-bin">
AllowOverride None
Options None
Order allow,deny
# Allow from lehigh.edu
Allow from all
Deny from all
</Directory>
ErrorLog logs/monitors.eecs.lehigh.edu-error_log
CustomLog logs/monitors.eecs.lehigh.edu-access_log common
</VirtualHost>
Spring2004
CSE398:SystemAdministration
2004BrianD.Davison
VirtualInterfaces
Sometimesyouwantaninterfacetosupportmultiple
IPaddresses,e.g.:
virtualhostingusingIP(notnamebased)
sshorSSLsupport
InLinux,virtualinterfaceshavenames
interface:instance,e.g.:
#ifconfigeth0:0128.180.121.223netmask255.255.252.0
Tomakepermanent,createseparateinterfacefilein
/etc/sysconfig/networkscripts(e.g.,ifcfgeth0:0)
Spring2004
CSE398:SystemAdministration
2004BrianD.Davison
DebuggingHTTP
Foraneasywaytoseeactualrequestand
responseheaders,use
http://www.webcaching.com/showheaders.html
Forserver/CGIproblems,studyallapache
logs,andexaminefile/directorypermissions
Spring2004
CSE398:SystemAdministration
2004BrianD.Davison
FTPservers
AnonymousFTPisstillcommon
NonanonymousFTPisasecurityconcern(sameastelnet
usernamesandpasswordsincleartext)
Tolimitthesecurityconcerns,ftpdrunsinachrooted
space(~ftp)andsoneedstohaveitsown
/etcentrieslike/etc/passwdand/etc/group
/bin
/lib
Donotmakeanyftpdirectoriesworldwritable!
Spring2004
Yourmachinebecomesafreefileserver
CSE398:SystemAdministration
2004BrianD.Davison
Webcaches(proxyserver)
Goal:satisfyclientrequestwithoutinvolvingoriginserver
Usersetsbrowserto
accessWebviacache
BrowsersendsallHTTP
requeststocache
Spring2004
Ifobjectincache:
cachereturnsobject
Elsecacherequests
objectfromorigin
server,thenreturns
objecttoclient
origin
server
HT
TP
req
ues
H
client TT
t
Pre
spo
nse
est
u
q
re
P
T
nse
T
o
H
esp
r
TP
T
H
client
CSE398:SystemAdministration
Proxy
server
t
ues
q
e
r
T P
T
nse
H
o
p
res
P
T
HT
origin
server
2004BrianD.Davison
MoreaboutWebcaching
Cacheactsasbothclientand
server
Cachecandouptodate
checkusingIfmodified
sinceHTTPheader
Issue:shouldcachetake
riskanddelivercached
objectwithoutchecking?
Heuristicsareused.
Typicallycacheisinstalledby
ISP(university,company,
residentialISP)
Spring2004
WhyWebcaching?
Reduceresponsetimefor
clientrequest.
Reducetrafficonan
institutionsaccesslink.
Internetdensewithcaches
enablespoorcontent
providerstoeffectively
delivercontent(thatis,it
reducestheloadonWeb
servers).
CSE398:SystemAdministration
2004BrianD.Davison
Cachingexample(1)
Assumptions
averageobjectsize=100,000bits
avg.requestratefrominstitutions
browsertooriginserver=15/sec
delayfrominstitutionalrouterto
anyoriginserverandbackto
router=2sec
Consequences
utilizationonLAN=15%
utilizationonaccesslink=100%
totaldelay=Internetdelay+access
delay+LANdelay
=2sec+minutes+milliseconds
origin
servers
public
Internet
1.5Mbps
accesslink
Spring2004
institutional
network
CSE398:SystemAdministration
10MbpsLAN
2004BrianD.Davison
Cachingexample(2)
Possiblesolution
increasebandwidthofaccesslink
to,say,10Mbps
Consequences
utilizationonLAN=15%
utilizationonaccesslink=15%
Totaldelay=Internetdelay+access
delay+LANdelay
=2sec+msecs+msecs
oftenacostlyupgrade
Spring2004
origin
servers
public
Internet
10Mbps
accesslink
institutional
network
CSE398:SystemAdministration
10MbpsLAN
2004BrianD.Davison
Cachingexample(3)
Installcache
origin
servers
supposehitrateis.4
Consequence
40%requestswillbesatisfiedalmost
immediately
60%requestssatisfiedbyorigin
server
utilizationofaccesslinkreducedto
60%,resultinginnegligibledelays
(say10msec)
totaldelay=Internetdelay+
accessdelay+LANdelay
=.6*2sec+.6*.01secs+
milliseconds<1.3secs
public
Internet
1.5Mbps
accesslink
institutional
network
10MbpsLAN
institutional
cache
Spring2004
CSE398:SystemAdministration
2004BrianD.Davison