Vous êtes sur la page 1sur 18

CSE398:SystemAdministration

WebhostingandInternetservers

Webhostingbasics

HTTPserverinstallation

Virtualinterfaces

Cachingandproxyservers

FTPservers

Spring2004

CSE398:SystemAdministration

2004BrianD.Davison

Webhostingbasics

Needaserver,(typically)listeningonport80

acceptingrequestsfordocsandtransmittingthem

maydynamicallygeneratedocsaswellasusefiles

URLs:Uniformresourcelocators

Spring2004

Protocol

Hostname

TCP/IPport(optional)

Directory(optional)

Filename

http://www.apache.org:80/foundation/FAQ.html

CSE398:SystemAdministration

2004BrianD.Davison

Commonprotocols
Protocol What it does

Example

http

Accesses a remote file via HTTP

http://admin.com/index.html

https

Accesses a remote file via HTTP/SSL

https://admin.com/order.shtml

ftp

Accesses a remote file via FTP

ftp://ftp.xor.com/adduser.tar.gz

mailto

Sends email to a designated address

mailto:sa-book@admin.com

news

Access Usenet newsgroups

news:alt.cooking

telnet

Logs in to a remote computer

telnet://spot.acme.com

ldap

Access es LDAP directory services

ldap://ldap.bigfoot.com:389/cn=Herb

file

Accesses a local file (no Internet)

file://etc/syslog.conf

Spring2004

CSE398:SystemAdministration

2004BrianD.Davison

HTTPmessages

SampleHTTPrequestheaders:
GET /somedir/page.html HTTP/1.1
Host: www.someschool.edu
User-agent: Mozilla/4.0
Connection: close

SampleHTTPresponseheaders:
HTTP/1.1 200 OK
Date: Thu, 06 Aug 1998 12:00:15 GMT
Server: Apache/1.3.0 (Unix)
Last-Modified: Mon, 22 Jun 1998 ...
Content-Length: 6821
Content-Type: text/html

Canusetelnetasclienttoseethem

Spring2004

CSE398:SystemAdministration

2004BrianD.Davison

CGI

TheCommonGatewayInterface(CGI)
providesonewaytogeneratecontent
dynamically

Othermethodsarealsopossible

Executesauserprogramtogenerateoutput

Spring2004

Suchprogramsaresecurityrisks

UsuallyprocesssomeinputfromWebinterface

CSE398:SystemAdministration

2004BrianD.Davison

Apache

Apacherunstwothirdsoftheworld'
swebservers
(Netcraft,March2004)

Apache2(includedinmodernreleases)

Supportsmultiprocessandmultthreadedoperation

SupportsSSL/TLSencryption

Supportsproxyoperation

Supportsvirtualhosting

Supportssysloglogging,buttypicallydoesn'
tuseit

http://httpd.apache.org/fordocumentation

Configurationisin/etc/httpd/conf

Spring2004

CSE398:SystemAdministration

2004BrianD.Davison

Apacheconfiguration
KeepAlive Off
MaxKeepAliveRequests 100
KeepAliveTimeout 15
<IfModule prefork.c>
StartServers
8
MinSpareServers
5
MaxSpareServers
20
MaxClients
150
MaxRequestsPerChild 1000
</IfModule>
Listen 80
DocumentRoot "/var/www/html"
<Directory "/var/www/html">
Options Indexes FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
</Directory>

LoadModule
LoadModule
LoadModule
LoadModule
LoadModule
LoadModule
LoadModule
LoadModule
LoadModule
LoadModule
LoadModule
LoadModule
LoadModule
LoadModule
[...]

access_module modules/mod_access.so
auth_module modules/mod_auth.so
auth_dbm_module modules/mod_auth_dbm.so
log_config_module modules/mod_log_config.so
env_module modules/mod_env.so
expires_module modules/mod_expires.so
headers_module modules/mod_headers.so
status_module modules/mod_status.so
autoindex_module modules/mod_autoindex.so
dir_module modules/mod_dir.so
speling_module modules/mod_speling.so
userdir_module modules/mod_userdir.so
alias_module modules/mod_alias.so
rewrite_module modules/mod_rewrite.so

LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined


CustomLog logs/access_log combined
Spring2004

CSE398:SystemAdministration

2004BrianD.Davison

Userhomedirectories
<IfModule mod_userdir.c>
#
UserDir disable
UserDir public_html
</IfModule>
<Directory /home/*/public_html>
AllowOverride All
Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
<Limit GET POST OPTIONS>
Order allow,deny
Allow from all
</Limit>
</Directory>
AccessFileName .htaccess
<Files ~ "^\.ht">
Order allow,deny
Deny from all
</Files>

Spring2004

CSE398:SystemAdministration

2004BrianD.Davison

Apacheproxysupport
#<IfModule mod_proxy.c>
ProxyRequests On
<Proxy *>
Order deny,allow
Deny from all
Allow from .lehigh.edu
</Proxy>
# Enable/disable the handling of HTTP/1.1 "Via:" headers.
# ("Full" adds the server version; "Block" removes all outgoing Via: headers)
# Set to one of: Off | On | Full | Block
#
ProxyVia On
# To enable the cache as well, edit and uncomment the following lines:
# (no cacheing without CacheRoot)
#
CacheRoot "/etc/httpd/proxy"
CacheSize 5
[...]
#</IfModule>

Spring2004

CSE398:SystemAdministration

2004BrianD.Davison

Apachevirtualhosting
NameVirtualHost 128.180.120.32
<VirtualHost 128.180.120.32:80>
ServerName monitors.eecs.lehigh.edu
ServerAlias monitors.eecs
ServerAdmin sysadmin@eecs.lehigh.edu
DocumentRoot /export/www/monitors.eecs.lehigh.edu/html
<Directory "/export/www/monitors.eecs.lehigh.edu/html">
Options Indexes FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
</Directory>
ScriptAlias /cgi-bin/ "/export/www/monitors.eecs.lehigh.edu/cgi-bin/"
<Directory "/export/www/monitors.eecs.lehigh.edu/cgi-bin">
AllowOverride None
Options None
Order allow,deny
# Allow from lehigh.edu
Allow from all
Deny from all
</Directory>
ErrorLog logs/monitors.eecs.lehigh.edu-error_log
CustomLog logs/monitors.eecs.lehigh.edu-access_log common
</VirtualHost>
Spring2004

CSE398:SystemAdministration

2004BrianD.Davison

VirtualInterfaces

Sometimesyouwantaninterfacetosupportmultiple
IPaddresses,e.g.:

virtualhostingusingIP(notnamebased)

sshorSSLsupport

InLinux,virtualinterfaceshavenames
interface:instance,e.g.:
#ifconfigeth0:0128.180.121.223netmask255.255.252.0

Tomakepermanent,createseparateinterfacefilein
/etc/sysconfig/networkscripts(e.g.,ifcfgeth0:0)

Spring2004

CSE398:SystemAdministration

2004BrianD.Davison

DebuggingHTTP

Foraneasywaytoseeactualrequestand
responseheaders,use

http://www.webcaching.com/showheaders.html

Forserver/CGIproblems,studyallapache
logs,andexaminefile/directorypermissions

Spring2004

CSE398:SystemAdministration

2004BrianD.Davison

FTPservers

AnonymousFTPisstillcommon

NonanonymousFTPisasecurityconcern(sameastelnet
usernamesandpasswordsincleartext)

Tolimitthesecurityconcerns,ftpdrunsinachrooted
space(~ftp)andsoneedstohaveitsown

/etcentrieslike/etc/passwdand/etc/group

/bin

/lib

Donotmakeanyftpdirectoriesworldwritable!

Spring2004

Yourmachinebecomesafreefileserver
CSE398:SystemAdministration

2004BrianD.Davison

Webcaches(proxyserver)
Goal:satisfyclientrequestwithoutinvolvingoriginserver

Usersetsbrowserto
accessWebviacache
BrowsersendsallHTTP
requeststocache

Spring2004

Ifobjectincache:
cachereturnsobject
Elsecacherequests
objectfromorigin
server,thenreturns
objecttoclient

origin
server
HT

TP
req
ues
H
client TT
t
Pre
spo
nse
est
u
q
re
P
T
nse
T
o
H
esp
r

TP
T
H

client

CSE398:SystemAdministration

Proxy
server

t
ues
q
e
r
T P
T
nse
H
o
p
res
P
T
HT

origin
server

2004BrianD.Davison

MoreaboutWebcaching

Cacheactsasbothclientand
server
Cachecandouptodate
checkusingIfmodified
sinceHTTPheader

Issue:shouldcachetake
riskanddelivercached
objectwithoutchecking?
Heuristicsareused.

Typicallycacheisinstalledby
ISP(university,company,
residentialISP)

Spring2004

WhyWebcaching?

Reduceresponsetimefor
clientrequest.
Reducetrafficonan
institutionsaccesslink.
Internetdensewithcaches
enablespoorcontent
providerstoeffectively
delivercontent(thatis,it
reducestheloadonWeb
servers).

CSE398:SystemAdministration

2004BrianD.Davison

Cachingexample(1)
Assumptions

averageobjectsize=100,000bits

avg.requestratefrominstitutions
browsertooriginserver=15/sec

delayfrominstitutionalrouterto
anyoriginserverandbackto
router=2sec
Consequences
utilizationonLAN=15%

utilizationonaccesslink=100%

totaldelay=Internetdelay+access
delay+LANdelay
=2sec+minutes+milliseconds

origin
servers
public
Internet

1.5Mbps
accesslink

Spring2004

institutional
network

CSE398:SystemAdministration

10MbpsLAN

2004BrianD.Davison

Cachingexample(2)
Possiblesolution

increasebandwidthofaccesslink
to,say,10Mbps
Consequences

utilizationonLAN=15%
utilizationonaccesslink=15%
Totaldelay=Internetdelay+access
delay+LANdelay

=2sec+msecs+msecs

oftenacostlyupgrade

Spring2004

origin
servers
public
Internet

10Mbps
accesslink
institutional
network

CSE398:SystemAdministration

10MbpsLAN

2004BrianD.Davison

Cachingexample(3)
Installcache

origin
servers

supposehitrateis.4

Consequence
40%requestswillbesatisfiedalmost
immediately

60%requestssatisfiedbyorigin
server

utilizationofaccesslinkreducedto
60%,resultinginnegligibledelays
(say10msec)

totaldelay=Internetdelay+
accessdelay+LANdelay
=.6*2sec+.6*.01secs+
milliseconds<1.3secs

public
Internet

1.5Mbps
accesslink
institutional
network

10MbpsLAN

institutional
cache
Spring2004

CSE398:SystemAdministration

2004BrianD.Davison