apache2 default config

Filippo Spike Morelli fsm at spikelab.org
Sun Jan 29 15:57:17 GMT 2006 

Hi,

thought this subject was interesting for the -server project too so I'm cc'ing 
the list,hope it's not a prob.

I started playing around with dapper for a web server installation and some 
default settings look harmful and confusing to me, expecially considering the 
very nice job done splitting httpd.conf(apache2.conf) into smaller and more 
readable files like ports.conf.

Please keep in mind I am new to apache2 and might miss reasons for some 
decisions, and read an "imho" at the end of any statement.


---- System specs
Fresh/default install

spike at captaincool:~$ cat /etc/motd
Linux captaincool 2.6.15-13-686 #1 SMP PREEMPT Thu Jan 28 17:12:14 UTC 2006 
i686 GNU/Linux

spike at captaincool:~$ export COLUMNS=50 ; dpkg -l | grep apache
ii  apache2        2.0.55-4       next generation, scalable, extendable web se
ii  apache2-common 2.0.55-4       next generation, scalable, extendable web se
ii  apache2-mpm-wo 2.0.55-4       high speed threaded model for Apache2
ii  apache2-utils  2.0.55-4       utility programs for webservers

---- Problems

Summary:
default apache filesystem access, and successful installation message page 
have nothing to do with a virtual host.

1) Protecting "/": Options and AllowOverride
By default these 2 settings for "/" arent defined in apache2.conf but inside 
default vhost. This looks wrong to me for 3 reasons:
	- Protecting "/" isnt vhost business
	- A user could setup his/her own default vhost without reusing the available 
one and miss those settings
	- A user might not use vhosts at all

2) NameVirtualHost directive
As for the aformentioned settings, "NameVirtualHost *" is placed inside the 
default vhost definition and again that doesnt look like the best place to 
me, first because that would make the user think he/she need to define that 
per vhost, which is wrong, and second because it's a parameter belonging to 
the server configuration, not the vhost itself.

3) Default page informing the webserver is not configured
Because of mod_vhost not enabled by default,and DocumentRoot for vhost 
"default" defined as "/var/www", the well-known web page informing the user 
the webserver is correctly installed (and/or unconfigured) wont be displayed.

4) Documentation not available through apache
Because of mod_vhost not enabled by default, documentation wont be available 
under /doc as usual (Alias /doc/ "/usr/share/doc/" defined in default vhost).

---- Proposed solutions and Comments
Assuming a default apache installation should deny anything and do nothing but 
showing default page (see 3), and allow /doc access from localhost, here some 
proposals:

1) Protecting "/": Options and AllowOverride
Everything related to / settings should be moved to apache2.conf

2) NameVirtualHost directive
NameVirtualHost * directive should be moved out of vhost definition. Since we 
have this very nice new setup for modules loading, 
mods-available/vhost_alias.conf could be used.

3) Default page informing the webserver is running/unconfigured
Assuming "default" vhost and "apache2-default" dir have been introduced 
because an index.html laying around /var/www wasnt well seen, and with the 
addition of the internazionalized versions it would got cluttered, the only 
solution is to enable mod_vhost by default, which isnt good imho. Another 
option is to set DocumentRoot in apache2.conf to point 
to /var/www/apache2-default.Actually I do not like this that much, but I cant 
think of a better solution. In case the current config is kept 
"#RedirectMatch ^/$ /apache2-default/" line should be uncommented by default.

4) Documentation not available through apache
Actually I've never seen the use of /doc accessible under apache/localhost, 
but in case this has been done for backward compatibility,either enable 
mod_vhost by default or move the directive to apache2.conf

---- Conclusions
Assuming what I said so far is true, default vhost becomes useless and should 
be removed. In this case, the line 
"Include /etc/apache2/sites-enabled/[^.#]*" at the bottom of apache2.conf 
will raise a warning  when starting apache: 
"grep: /etc/apache2/sites-enabled/[^.#]*: No such file or directory"

A diff against a modified /etc/apache2 is attached.


regards

Spike

-- 
"And then the lord said to John: "Come forth and gain eternal life."
But John came fifth and won a toaster."
					
						some guy on irc

-- 
"And then the lord said to John: "Come forth and gain eternal life."
But John came fifth and won a toaster."
					
						some guy on irc
-------------- next part --------------
A non-text attachment was scrubbed...
Name: apache-defaults.diff
Type: text/x-diff
Size: 4954 bytes
Desc: not available
Url : https://lists.ubuntu.com/archives/ubuntu-devel/attachments/20060129/5c5ec102/apache-defaults.bin

More information about the ubuntu-devel mailing list