Sie sind auf Seite 1von 18

CSCSEE 339988:: SSyysstteemm AAddmmiinniissttrraattiioonn

m m A A d d m m i i n n i i s s

Web hosting and Internet servers

Web hosting basics

HTTP server installation

Virtual interfaces

Caching and proxy servers

FTP servers

Spring 2004

CSE 398: System Administration

© 2004 Brian D. Davison

WWeebb hohossttiinngg bbaassiiccss

e e b b ho ho s s t t i i n n g g

Need a server, (typically) listening on port 80

accepting requests for docs and transmitting them

may dynamically generate docs as well as use files

URLs: Uniform resource locators

Spring 2004

Protocol

Hostname

TCP/IP port (optional)

Directory (optional)

Filename

http://www.apache.org:80/foundation/FAQ.html
http://www.apache.org:80/foundation/FAQ.html
http://www.apache.org:80/foundation/FAQ.html

http://www.apache.org:80/foundation/FAQ.html

http://www.apache.org:80/foundation/FAQ.html
http://www.apache.org:80/foundation/FAQ.html
http://www.apache.org:80/foundation/FAQ.html
http://www.apache.org:80/foundation/FAQ.html
http://www.apache.org:80/foundation/FAQ.html

CSE 398: System Administration

© 2004 Brian D. Davison

CCoommmmoonn pprroottooccoollss

C C o o m m m m o o n n p p r r

Protocol What it does

Example

http

Accesses a remote file via HTTP Accesses a remote file via HTTP/SSL Accesses a remote file via FTP Sends email to a designated address Access Usenet newsgroups Logs in to a remote computer Access es LDAP directory services Accesses a local file (no Internet)

http://admin.com/index.html https://admin.com/order.shtml ftp://ftp.xor.com/adduser.tar.gz mailto:sa-book@admin.com news:alt.cooking telnet://spot.acme.com

https

ftp

mailto

news

telnet

ldap

ldap://ldap.bigfoot.com:389/cn=Herb

file

file://etc/syslog.conf

Spring 2004

CSE 398: System Administration

© 2004 Brian D. Davison

HHTTTTPP mmeessssaaggeess

H H TT TT P P m m e e s s s s a a

Sample HTTP request headers:

GET /somedir/page.html HTTP/1.1 Host: www.someschool.edu User-agent: Mozilla/4.0 Connection: close

Sample HTTP response headers:

HTTP/1.1 200 OK Date: Thu, 06 Aug 1998 12:00:15 GMT Server: Apache/1.3.0 (Unix) Last-Modified: Mon, 22 Jun 1998 Content-Length: 6821 Content-Type: text/html

Can use telnet as client to see them

Spring 2004

CSE 398: System Administration

© 2004 Brian D. Davison

CCGGII

C C G G I I ● The Common Gateway Interface (CGI) provides one way to

The Common Gateway Interface (CGI) provides one way to generate content dynamically

Other methods are also possible

Executes a user program to generate output

Such programs are security risks

Usually process some input from Web interface

Spring 2004

CSE 398: System Administration

© 2004 Brian D. Davison

AAppaacchehe

A A p p a a c c he he – Apache runs two­thirds of the

Apache runs two­thirds of the world's web servers (Netcraft, March 2004)

Apache 2 (included in modern releases)

Supports multi­process and mult­threaded operation

Supports SSL/TLS encryption

Supports proxy operation

Supports virtual hosting

Supports syslog logging, but typically doesn't use it

http://httpd.apache.org/ for documentation

Configuration is in /etc/httpd/conf

Spring 2004

CSE 398: System Administration

© 2004 Brian D. Davison

AAppaacchhee ccoonnffiigguurraattiioonn

h h e e c c o o n n f f i i g g

KeepAlive Off MaxKeepAliveRequests 100 KeepAliveTimeout 15

LoadModule access_module modules/mod_access.so LoadModule auth_module modules/mod_auth.so LoadModule auth_dbm_module modules/mod_auth_dbm.so

<IfModule prefork.c>

LoadModule log_config_module modules/mod_log_config.so LoadModule env_module modules/mod_env.so

StartServers

8

LoadModule expires_module modules/mod_expires.so

MinSpareServers

5

LoadModule headers_module modules/mod_headers.so

MaxSpareServers

20

LoadModule status_module modules/mod_status.so

MaxClients

150

LoadModule autoindex_module modules/mod_autoindex.so

MaxRequestsPerChild 1000 </IfModule>

LoadModule dir_module modules/mod_dir.so LoadModule speling_module modules/mod_speling.so

Listen 80

LoadModule userdir_module modules/mod_userdir.so LoadModule alias_module modules/mod_alias.so LoadModule rewrite_module modules/mod_rewrite.so

DocumentRoot "/var/www/html" <Directory "/var/www/html"> Options Indexes FollowSymLinks AllowOverride None Order allow,deny Allow from all </Directory>

[ ]

LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined CustomLog logs/access_log combined

Spring 2004

CSE 398: System Administration

© 2004 Brian D. Davison

UUsseerr hohommee ddiirreeccttoorriieess

ho ho m m e e d d i i r r e e c c

<IfModule mod_userdir.c>

# UserDir disable

UserDir public_html </IfModule>

<Directory /home/*/public_html> AllowOverride All Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec <Limit GET POST OPTIONS> Order allow,deny Allow from all </Limit> </Directory>

AccessFileName .htaccess <Files ~ "^\.ht"> Order allow,deny Deny from all </Files>

Spring 2004

CSE 398: System Administration

© 2004 Brian D. Davison

AAppaacchhee pprrooxxyy ssuuppppoorrtt

c h h e e p p r r o o x x y y s

#<IfModule mod_proxy.c> ProxyRequests On

<Proxy *> Order deny,allow Deny from all Allow from .lehigh.edu </Proxy>

#

Enable/disable the handling of HTTP/1.1 "Via:" headers.

#

("Full" adds the server version; "Block" removes all outgoing Via: headers)

#

Set to one of: Off | On | Full | Block

#

ProxyVia On

#

To enable the cache as well, edit and uncomment the following lines:

#

(no cacheing without CacheRoot)

#

CacheRoot "/etc/httpd/proxy" CacheSize 5

[ ]

#</IfModule>

Spring 2004

CSE 398: System Administration

© 2004 Brian D. Davison

AAppaacchhee vviirrttuuaall hhoossttiinngg

e v v i i r r t t u u a a l l h

NameVirtualHost 128.180.120.32

<VirtualHost 128.180.120.32:80> ServerName monitors.eecs.lehigh.edu ServerAlias monitors.eecs ServerAdmin sysadmin@eecs.lehigh.edu DocumentRoot /export/www/monitors.eecs.lehigh.edu/html <Directory "/export/www/monitors.eecs.lehigh.edu/html"> Options Indexes FollowSymLinks AllowOverride None Order allow,deny Allow from all </Directory> ScriptAlias /cgi-bin/ "/export/www/monitors.eecs.lehigh.edu/cgi-bin/" <Directory "/export/www/monitors.eecs.lehigh.edu/cgi-bin"> AllowOverride None Options None Order allow,deny # Allow from lehigh.edu Allow from all Deny from all </Directory> ErrorLog logs/monitors.eecs.lehigh.edu-error_log CustomLog logs/monitors.eecs.lehigh.edu-access_log common </VirtualHost>

Spring 2004

CSE 398: System Administration

© 2004 Brian D. Davison

VViirrttuuaall InIntteerrffaacceess

i r r t t u u a a l l In In t t e

Sometimes you want an interface to support multiple IP addresses, e.g.:

virtual hosting using IP (not name­based)

ssh or SSL support

In Linux, virtual interfaces have names “interface:instance”, e.g.:

# ifconfig eth0:0 128.180.121.223 netmask 255.255.252.0

To make permanent, create separate interface file in /etc/sysconfig/network­scripts (e.g., ifcfg­eth0:0)

Spring 2004

CSE 398: System Administration

© 2004 Brian D. Davison

DDeebbuuggggiinngg HHTTTPTP

D D e e b b u u g g g g i i n n

For an easy way to see actual request and response headers, use

http://www.web­caching.com/showheaders.html

For server/CGI problems, study all apache logs, and examine file/directory permissions

Spring 2004

CSE 398: System Administration

© 2004 Brian D. Davison

FFTTPP sseerrveverrss

F F T T P P s s e e r r ve ve r r

Anonymous FTP is still common

Non­anonymous FTP is a security concern (same as telnet –usernames and passwords in cleartext)

To limit the security concerns, ftpd runs in a chrooted space (~ftp) and so needs to have its own

/etc entries like /etc/passwd and /etc/group

/bin

/lib

Do not make any ftp directories world writable!

Your machine becomes a free file server

Spring 2004

CSE 398: System Administration

© 2004 Brian D. Davison

WWeebb ccaacchehess ((pprrooxxyy sseerrvveerr))

he s s ( ( p p r r o o x x y y s

Goal: satisfy client request without involving origin server

User sets browser to access Web via cache

Browser sends all HTTP requests to cache

If object in cache:

cache returns object

Else cache requests object from origin server, then returns object to client

Spring 2004

origin

server

HTTP request HTTP response Proxy server client client HTTP request HTTP response HTTP request HTTP
HTTP request
HTTP response
Proxy
server
client
client
HTTP request
HTTP response
HTTP request
HTTP response

CSE 398: System Administration

origin

server

© 2004 Brian D. Davison

MMoorree aabboouutt WWeebb ccaacchihinngg

a a b b o o u u t t W W e e b b

Cache acts as both client and server

Cache can do up­to­date check using If­modified­ since HTTP header

Issue: should cache take risk and deliver cached object without checking?

Heuristics are used.

Typically cache is installed by ISP (university, company, residential ISP)

Why Web caching?

Reduce response time for client request.

Reduce traffic on an institution’s access link.

Internet dense with caches enables “poor” content providers to effectively deliver content (that is, it reduces the load on Web servers).

Spring 2004

CSE 398: System Administration

© 2004 Brian D. Davison

CCaacchihinngg eexxaammppllee ((11))

c c hi hi n n g g e e x x a a m m

Assumptions

average object size = 100,000 bits

avg. request rate from institution’s browser to origin server = 15/sec

delay from institutional router to any origin server and back to router = 2 sec Consequences

utilization on LAN = 15%

utilization on access link = 100%

total delay = Internet delay + access delay + LAN delay

= 2 sec + minutes + milliseconds

public Internet
public
Internet

1.5 Mbps

access link

institutional network
institutional
network

origin

servers

10 Mbps LAN

Spring 2004

CSE 398: System Administration

© 2004 Brian D. Davison

CCaacchihinngg eexxaammppllee ((22))

c c hi hi n n g g e e x x a a m m

Possible solution

increase bandwidth of access link to, say, 10 Mbps Consequences

utilization on LAN = 15%

utilization on access link = 15%

Total delay

= Internet delay + access

delay + LAN delay

= 2 sec + msecs + msecs

often a costly upgrade

public Internet
public
Internet

10 Mbps

access link

institutional network
institutional
network

origin

servers

10 Mbps LAN

Spring 2004

CSE 398: System Administration

© 2004 Brian D. Davison

CCaacchihinngg eexxaammppllee ((33))

c c hi hi n n g g e e x x a a m m

Install cache

suppose hit rate is .4

Consequence

40% requests will be satisfied almost immediately

60% requests satisfied by origin server

utilization of access link reduced to 60%, resulting in negligible delays (say 10 msec)

total delay = Internet delay + access delay + LAN delay

= .6*2 sec + .6*.01 secs + milliseconds < 1.3 secs

public Internet
public
Internet

1.5 Mbps

access link

institutional network
institutional
network

origin

servers

10 Mbps LAN

institutional

cache

Spring 2004

CSE 398: System Administration

© 2004 Brian D. Davison