Home   -   Computerkurs   DemoMatrix   Editpointstatic   Folderwatcher   Gipsydrive   Licenses   Shrinkseries   V4   More...  

Apache   Chrome   Firefox   MySQL   Niwa   NetBeans   Opera   OXID   PHP   Ruby   SharpDevelop   Subversion   Tools  

Previous page Home chapter Next page

Image 20100311°1521 'Apache Feather'

Trilo - Downtown - Gipsydrive

Apache

Project status : Running
Platform : Windows
Dependencies : None
Notes : .

Introduction

This is an Apache webserver, residing in a Subversion repository, running from your workspace on any USB drive on any Windows station. Just checkout the repository to your local workspace and get the webserver running on your machine.

Well, for now it is not a one-click approach. You will face some discomfort, namely to adapt absolute pathes in certain batch, httpd.conf and other configuration files. You may happen to have different drive letters, and different individual directory naming. Making such adaptions more and more automatic, is one concern of this project. Nevertheless, the good news are: the Workspace Apache already works.

The app.apache folder in Windows Explorer
Your workspace may look like this. See the batchfiles, which are your primary means to command the machine.

How to run it

The exact procedure depends e.g. on what other Apaches run on your station and collide, or what exotic pathes you are using. Please remember: This project is in it's infant state. You will only be happy with this project, if you are willing to learn some details about Apache. In an optimistic scenario, just follow below receipt.

(1) Checkout the repository (or only it's trunk folder) to your local machine.

(2) Adapt the pathes in app.apache\trunk\Apache2.2\conf\httpd.conf. In your text editor, with searching for '###' you will jump to 5 places, and obviously see, what to change there. The places to edit are:

  1. ServerRoot
  2. Listen (the port needs only be edited if you don't like port 80)
  3. DocumentRoot
  4. <Directory ...> (htdocs)
  5. <Directory ...> (cgi-bin)

(3) Adapt the username in the two batchfiles httpd-service.install.bat and httpd-service.uninstall.bat. This two files have to run as administrator rights, so it contains the runas command, whith a respective username.

(4) Doubleclick the httpd-service.install.bat. After typing the admin password, it will start the Apache Windows service. If there is any doubt, see the Services.

(5) Doubleclick httpd-start.bat. This will switch the service on.

(6) Start your browser and point it to http://localhost. The browser shall show app.apache\trunk\htdocs\index.html now.

Last not least: If you do further developing on the Workspace Apache and write your changes back to the public(!) repository - watch out, not to commit personal data from your private workstation which may reside inside batchfiles, configfiles and logfiles!

Q & A

Where from comes the logo on top of this page? We found the image on http://jukkaz.wordpress.com/2006/08/05/asf-logo-guidelines [archives pdf ]. We could not find out however the exact terms of usage of the Apache logo, e.g. whether ASF must be or must not be mentioned, and in what exact context the images may be used. For now, we assume it is all right, if we use this image to decorate the page here. See the file in full size (and rotated 180 degree).

Links

Basic knowhow to start our task at hand http://httpd.apache.org/docs/1.3/windows.html [archives pdf ].

Nice tutorial for adding Subversion functionality : http://svn.spears.at [archives pdf ] .

BTW - our Apache 2.2.14 here is no more the latest : http://www.heise.de/security/meldung/Update-­fuer­Apache-­Webserver-2-2­­schliesst-­mehrere-­Sicherheitsluecken-­949269.html [archives pdf ].

Chapter about Proxy abuse http://wiki.apache.org/httpd/ProxyAbuse (png pdf mht) found via http://www.administrator.de/index.php?content=138767 (png pdf mht) while investigating about curious mass error log entries.

Technical Details

Preparing this repository. Install the Apache Windows binary on your local machine. Copy the installed program folder as is to the workspace. The Apache will not run from there as is, since the internal pointers, namely in httpd.conf point to local folders. But it is no problem to start it's exe files from the commandline.

While you run or develop the Workspace Apche, you learn a lot about that websever. The Apache is a really nice, robust and easy to understand program. Watch the interferences with any already installed local Apache. Watch what ApacheMonior.exe does exactly, watch the Windows services on your machine, watch the processes in the Taskmanager in each state of execution.

More detailed technical information about the making of the Apache workspace you may find in the developers logfile ~notes.txt .

Issues

Skype seems to interfere with Apache httpd. The Apache server does not start as long as Skype is running. Quit Skype, then start the Apache server, then restart Skype. (Issue 20100615°1511)

Heise Security article Apache-Lücke erlaubt Angreifern Zugriff auf interne Server (2011-October-06 12:25) is about a way to reach internal servers with an '@'-sign involved in Apaches rewrite mechanism. (20111007°051102) .
Apache may have a vulnerability when receiving multiple Byte Ranges in get requests, as described e.g. on Heise Online www.heise.de/../Tool-bringt-Apache-Webserver-zum-Stillstand-1329986.html (20110825°1102). This can be repaired using the rewrite engine or mod_header. .

 

Setup log

Below is a developers log file, created on the fly, not meant to enjoy a reader, but to catch knowhow, to be digged out in eventual later odd circumstances.

Make it start

Installing and starting Apache on the USB drive goes really straight forward. We installed apache_2.2.14-win32-x86-openssl-0.9.8k.msi (download archives 20100303°0401) on a machine and copied the created directory from the local program folder to the usb drive.

The only machine specific thing which happes during installation, seems to be, that local pathes are found in httpd.conf. Those must be adapted as the very first step.

We studied the help screen of httpd.exe and set up a bunch of batchfiles for the commands to start and stop the server. And of course the syntaxcheck.

The httpd.exe help screen
The httpd.exe help screen.

Batchfiles to command the Apache
Batchfiles to command the machinery.

The usb folder is a Subversion workspace. And well -- there were curious problems with the commit/checkout/update cycle. Always files were eaten! We created the repository newly serveral times before recognizing: TortoiseSVN plays a bad trick with it's default ignore pattern!

The TortoiseSVN ignore pattern
The TortoiseSVN has a sumptuous default ingore pattern. Switch off at least *.so!

Minimize adaptions in httpd.conf

Apache starts nicely robust -- if only all pathes in httpd.conf are set correctly. Since we want make the complete installation portable, one of the first ideas is make the pathes relativ. This will significantly ease the hassle to run the same installation on different machines.

Using relative pathes in httpd.conf is easy, except with ServerRoot. All relative pathes in httpd.conf are relative to ServerRoot. But what should ServerRoot itself be relative to?!

About Apache directive ServerRoot
ServerRoot may not work as relative path. Or will it? What should it be relative to? Try "Apache2.2"!

However, ServerRoot can be given via a commandline option during startup. This might serve as a valuable means to make the installation portable. We will exploit this only far below, after some primary problems are solved. For now, we live with having ServerRoot hardwired in httpd.conf. And thus having to edit httpd.conf when running on a new machine.

Having multiple websites in one httpd.conf

Now we want run the default website on the one hand, plus on the other hand having e.g. the Oxid website without any switchings inside httpd.conf. We need multiple sites, something like Location or VirtualHost or Alias or the like.

The first experiment:
<Location /oxid>
DocumentRoot "../../../app.oxid/trunk/OXID_ESHOP_CE_4.2.0_23610"
</Location>

This does not work, the syntax-check complains "DocumentRoot not allowed here".

On Jonathan Leighton's blog at http://jonathanleighton.com (former page http://jonathanleighton.com/blog/2004/12/12/multiple-local-websites-with-apache) (pdf) we found this:
 
<VirtualHost *>
DocumentRoot "C:/my/document/root/site1"
ServerName site1
</VirtualHost>

 
supplemented with
 
<VirtualHost *>
DocumentRoot "C:/my/document/root"
ServerName localhost
</VirtualHost>

The second VH with ServerName localhost seems necessary, to prevent the server from beeing puzzled or something. (CHECK - Exact purpose of second VH, and what happens if this is not given.)

Hm .. may be not exactly, what we want, because this were the urls then to be used:
 
- http://localhost
- http://oxid
 
But we like addresses like this:
 
- http://localhost
- http://localhost/oxid
  Anyway, for having a starting point, it were fine.

A disadvantage of this solution is, that it involves the hosts file. It is located e.g. in
 
C:\WINDOWS\system32\drivers\etc
 
and wants an (additional) entry like
 
127.0.0.1 site1

Locate the hosts file
Locate the hosts file. (See the original and the extended hosts file)

Fine, now it works! But only, if we type http://oxid/setup/index.php. We want type http://oxid/setup however. Apache has some mechanism, to set default files. For now, this is sufficient for us, that finetuning will be done in any next session. CHECK - How to set index.php as the default file for the virtual host?

Better not virtual hosts?

Hm .. above attempt worked .. but then worked not again because error 'HTTP 403 Verboten' (maybe typos in pathes?)

Anyway -- most unwelcome is the involvment of the hosts file!

A promising document to find alternative, seems to be http://httpd.apache.org/docs/2.2/urlmapping.html (pdf) . This describes a bunch of possibilities. It has a chapter "Files Outside the DocumentRoot", that sounds like exactly what we want.

The Alias directive looks like what we want. It seems to work -- except we get error 'HTTP 403 Verboten'!

We make experiments with a simpler alias than the one to Oxid, we make a subdirectory within DocumentRoot. Same error 403. The logfile says "client denied by server configuration"

.. problem solved, probably we had just wrong pathes in httpd.conf

Starting Apache with optional ServerRoot

What about the necessary adaptions if we run this USB Apache on different drives with different Pathes? By using relative Pathes in httpd.conf, we already condensed the problem to ServerRoot. All other pathes are relative to this. So the only condition you must obey to is, having all the Subversion workspaces (app.apache, app.mysql, app.oxid, app.php) in one folder.

For ServerRoot now you have two ways to handle:

(1) Adapt the line in http.conf and start the server with the plain batchfile or the ApacheMonitor.

(2) Adapt the line in the batchfile set-ServerRoot.bat an run the Apache syntax-check and the Apache start with the respective batchfile. Sorrily, the ApacheMonitor you cannot start this flavour. CHECK - Is there a way to teach the ApacheMonitor the -d option?

. . .

To make the installation really machine independent, we have to have some intelligent script or program to automatically adapt pathes inside batch and config files. As well it were interresting to operate on certain files with the SVN ingore property, to commit/update everything except local setup, logfiles and the like. Such intelligent things we won't do now and here, just dream about.

. . .

What else might happen?

Access denied?

Access denied
Access denied?

One reason may be the .htaccess file in the directory you want access.

Access denied
The temporarily shudown .htaccess file. Of course this is not a final solution, only a quick test during a debugging phase! Be aware!

.


Another surprising DLL version conflict

After activating SSL in the Apache 2.2.14 on Gipsydrive, one Station, which run fine before, refused to start Apache. It turned out to be a dll version conflict, I hadn't seen before. It was the Intel Wireless Lan driver with it's older version of LIBEAY32.DLL.

Image 20120121°1421
Module mod_ssl.so cannot be loaded. All pathes are correct.

Dependencywalker 20120121°1422
Dependency walker gives a hint, but not with a direct flag, but only after intuitively scanning all entries.

Bad path 20120121°1423
The guilty is spottet. After removing this path, mod_ssl.so loads and Apache works.

Imprint : www.trilo.de