~~socialite:icon reddit googleplus stumbleupon twitter~~
  
===== Basic Apache Directives =====
==== Directives for a minimal install ====
    * **ServerType** - how apache runs, either daemon or inetd (usually daemon)
    * **ServerRoot** - the directory under which apache is installed, e.g. /usr/local/apache
    * **DocumentRoot** - the directory (html) documents are kept in, e.g. /usr/local/apache/htdocs
    * **User** - the user apache runs as after the initial start up as root, e.g.  apache
    * **Group** - the group apache will run as , e.g. httpd
    * **TransferLog** - the file the server will record information about requests it receives, e.g. logs/access.log (without a leading / , the path will be interpreted as relative to the ServerRoot ).
    * **ErrorLog** - the file errors are recorded in
    * **Port** - the port the server listens on, by default 80 (if the port is below 1024, root has to start the server as it will be a privileged port)
    * **ServerName** - the name the server identifies itself as and should be the fully qualified hostname, e.g. www.in2nix.com (this should be recorded in /etc/hosts in case of DNS problems)
    * **PidFile** - Where to record the process number of the parent process (used for communicating with and controlling the server)
    * **ServerAdmin** - Normally an email address to report problems to
==== Security ====
Normally there is a default security entry e.g.

  <Directory />
  AllowOveride None
  Options None
  Order deny,allow
  Deny from all
  </Directory>

This disallows access to all directories, i.e. / downwards . This is then
normally overriden with further  directives allowing access to specific
directories.
==== Permissions ====
These are best set as follows (the ServerRoot in this example is /usr/local/
apache):
   1. chown -R root:root /usr/local/apache
   2. chmod -R 740 /usr/local/apache/*
   3. chmod 755 /usr/local/apache/cgi-bin /usr/local/apache/cgi-bin/*
   4. chgrp -R wwwdocs /usr/local/htdocs
   5. chmod -R 775 /usr/local/apache/htdocs
Note: wwwdocs would be a group containing users who can update web pages.
==== httpd command flags ====
    * -d - server root directory
    * -f - location of config file
    * -h - list directives
    * -l - list modules
    * -v - echo version
    * -X - for debugging, won't go into daemon mode
    * apachectl start/stop - start or stop the httpd daemon
==== Authentication directives ====
The following security related directives can be used (often in conjunction
with one another) to control who can access what...
    * **Allow from host/network/all** - mod_access module
    * **Deny from host/network/all** - mod_access module
    * **Order deny/allow** - process the deny first the allow, i.e. if not specifically denied, is allowed
    * **Order allow/deny** - if not specifically allowed, is denied
    * **Order mutual-failure** - Must be allowed and not match any deny rules, i.e.  both allow and deny rules checked before authenticated
    * **AuthType type** - e.g. authentication type, type could be basic
    * **AuthName realname** - A name representing an area users need to be authenticated for
    * **Require user username [username]** - access will be denied unless the authenticated username is in the list username [username]
    * **Require group groupname [groupname]** - access will be denied unless the authenticated groupname is in the list groupname [groupname]
    * **Require valid-user** - acess will be granted if user authenticated
    * **Satisfy All** - the allow/deny and username, password, group rules must all be satisfied
    * **Satisfy Any** - Either allow/deny or network identity checks can be met
==== mod_auth module ====
Enhanced authentication is provided by running apache with the mod_auth module
included. This has the following directives:
    * **AuthUser File filename** - file containing usernames and encrypted passwords
    * **AuthGroup File filename** - file containing a group name and users in that group
    * **AuthAuthoritive Boolean** - either on or off. If on, only AuthUser/AuthGroup used. Otherwise a request is passwed to any other authentication methods installed.
    * **mod_auth_db/mod_auth_dbm** - allows authentication to be stored in DBM or BerkelyDB database
==== Other Directives (containers) ====
    * **<Directory directory>** - Directives inside apply to this directory only
    * **<Files files >** - Directives inside apply to these files only
    * **<Location location >** - Directives inside apply to this URL location only
    * **<VirtualHost virtualhost >** - Defines a virtual web site. Directives inside apply to the virtual web site only.
  
<alert type="warning" icon="fa fa-question-circle-o"> **Still stuck? Maybe we can help.** Contact us [[https://www.upwork.com/o/profiles/users/_~01207a4bc438b48c6e|at Upwork]]</alert>
<alert type="info" icon="fa fa-exclamation-circle"> Never miss a thing [[http://www.justsomestuff.co.uk/subscribe.php|subscribe to our newsletter]] {{glyphicon>envelope}}
or follow us [[http://twitter.com/itsjustsomestuf|on twitter]] {{glyphicon>hand-left}}</alert>                        
<alert type="info" icon="fa fa-check">  For more super cool techie stuff [[http://www.justsomestuff.co.uk/theblog|check out our blog!!]]</alert>
                                                                                
===Recent Changes===                                                            
                                                                                
{{changes>}}                                                                    
                                                                                
<callout type="info" icon="fa fa-user-plus">                                    
====Contribute to this wiki====                                                 
Why not help others by sharing your knowledge? Contribute something to this wiki and
[[http://www.justsomestuff.co.uk/hall_of_fame.html|join out hall of fame!]]\\   
[[http://www.justsomestuff.co.uk/theblog/contact-page|Contact us]] for a user name and password                          
</callout>