Presentation is loading. Please wait.

Presentation is loading. Please wait.

Seminário Tecnológico

Similar presentations

Presentation on theme: "Seminário Tecnológico"— Presentation transcript:

1 Seminário Tecnológico
Apache 2.0 Conceitos e Projeto de Sistemas Distribuídos e Paralelos Seminário Tecnológico Adriano Machado Tiago Macambira

2 Overview Apache HTTPD Server Project Apache 2.0 – What to expect?
Apache 2.0 Web Server Architecture Site Acceleration Using Standard Modules New Features (Authent. and Authorization.) Apache 2.0 Administration Conclusion

3 Apache HTTPD Server Project
Collaborative Software Development Effort Managed by a Group of Volunteers 80+ Foundation Members, 100’s Developers All are invited to contribute HTTP Server Freely Available Binaries and Source Code Cross platform implementation Became the #1 Web Server on the Internet in less than a year

4 Apache HTTPD Server Project
Web Servers

5 Apache 2.0 – What to expect? Unix Threading
On Unix systems with POSIX threads support, Apache can now run in a hybrid multiprocess, multithreaded mode. This improves scalability for many, but not all configurations. Better multi-processor utilization The API for modules has changed significantly for 2.0. Many of the module-ordering/-priority problems from 1.3 should be gone. 2.0 does much of this automatically. Also, new calls have been added that provide additional module capabilities without patching the core Apache server. New Build System - Better performance Built on new LIBC libraries More efficient use of APIs through APR

6 Apache 2.0 – What to expect? Better thread handling and resource utilization The number of worker threads are dynamic Customized thread handling specifically for different OS More standard modules Mod_DAV Mod_Deflate Mod_Auth_LDAP Mod_Cache Etc. IPV6 support Customized error reporting (multi-language) Additional Startup Options -e – Redirect any startup error to a file -n – Rename the Apache console screen

7 Apache 2.0 – What to expect? Better support for non-Unix platforms
Apache 2.0 is faster and more stable on non-Unix platforms such as BeOS, OS/2, and Windows. With the introduction of platform-specific multi-processing modules (MPMs) and the Apache Portable Runtime (APR), these platforms are now implemented in their native API, avoiding the often buggy and poorly performing POSIX-emulation layers. Multiprotocol Support Infrastructure in place to support serving multiple protocols Additional Command Line Options Settings – Display worker thread information Restart – Quick restart after configuration change Shutdown – Terminates a running instance of Apache2 Others …

8 Apache 2.0 – What to expect? Simplified configuration Filtering
Many confusing directives have been simplified. The often confusing Port and BindAddress directives are gone; only the Listen directive is used for IP address binding; the ServerName directive specifies the server name and port number only for redirection and vhost recognition. Filtering Apache modules may now be written as filters which act on the stream of content as it is delivered to or from the server. This allows, for example, the output of CGI scripts to be parsed for Server Side Include directives using the INCLUDES filter in mod_include. The module mod_ext_filter allows external programs to act as filters in much the same way that CGI programs can act as handlers.

9 Apache 2.0 – What to expect? Module Enhancements mod_ssl
New module in Apache 2.0. This module is an interface to the SSL/TLS encryption protocols provided by OpenSSL. mod_dav New module in Apache 2.0. This module implements the HTTP Distributed Authoring and Versioning (DAV) specification for posting and maintaining web content. mod_deflate New module in Apache 2.0. This module allows supporting browsers to request that content be compressed before delivery, saving network bandwidth.

10 Apache 2.0 – What to expect? Module Enhancements mod_auth_ldap
New module in Apache This module allows an LDAP database to be used to store credentials for HTTP Basic Authentication. A companion module, mod_ldap provides connection pooling and results caching. mod_auth_digest Includes additional support for session caching across processes using shared memory. mod_charset_lite New module in Apache 2.0. This experimental module allows for character set translation or recoding.

11 Apache 2.0 – What to expect? Module Enhancements mod_file_cache
New module in Apache 2.0. This module includes the functionality of mod_mmap_static in Apache 1.3, plus adds further caching abilities. mod_headers This module is much more flexible in Apache 2.0. It can now modify request headers used by mod_proxy, and it can conditionally set response headers. mod_proxy The proxy module has been completely rewritten to take advantage of the new filter infrastructure and to implement a more reliable, HTTP/1.1 compliant proxy.

12 Apache 2.0 – What to expect? Module Enhancements mod_include
New directives allow the default start and end tags for SSI elements to be changed and allow for error and time format configuration to take place in the main configuration file rather than in the SSI document. Results from regular expression parsing and grouping (now based on Perl's regular expression syntax) can be retrieved using mod_include's variables $0 .. $9. mod_auth_dbm Now supports multiple types of DBM-like databases using the AuthDBMType directive.

13 Apache 2.0 Web Server Architecture
HTTPD server rebuilt from the ground up Portability and platform customization were high priorities HTTPD server contains no platform specific code Thread and process handling is customized through Multi-Processing Modules (MPM) for each platform Backward Compatibility Configuration remained basically the same Internal API’s are very similar 1.3.x and 2.0.x modules are not compatible

14 Apache 2.0 Web Server Architecture
Apache Portable Runtime Library (APR) Offers a standard cross platform set of APIs Each implementation of APR is customized for a specific platform Designed to be a general purpose cross platform library Apache Web Server Other Cross Platform Applications Apache Modules Apache Portable Runtime (APR) Netware Solaris Linux Windows Others…

15 Apache 2.0 Web Server Architecture
Apache 1.3 versus 2.0

16 Apache 2.0 Web Server Architecture
Apache 1.3 versus 2.0

17 Improvements – Using Standard Modules
Mod_Cache Increase response time through caching Mod_Vhost_Alias Simplify virtual host creation and maintenance Mod_Proxy Offload heavy weight requests to backend servers Load balancing Centralized authentication and encryption RotateLogs Offload logging tasks and log rotation

18 Mod_Cache Implements an RFC_2616 compliant HTTPD server content cache
Refer to: Depends on one of two different storage sub-modules Mod_Mem_Cache – Memory based storage manager Can be configured to cache file descriptors or actual content Can cache locally generated content or backend content for Mod_Proxy Mod_Disk_Cache – Disk based storage manager

19 Mod_Cache Example Configuration
LoadModule cache_module modules/mod_cache.nlm <IfModule mod_cache.c> LoadModule mem_cache_module modules/mod_mem_cache.nlm <IfModule mod_mem_cache.c> CacheEnable mem / MCacheSize MCacheMaxObjectCount MCacheMinObjectSize MCacheMaxObjectSize </IfModule> </IfModule> Enable memory based caching and cache all content Set maximum cache size to 4096 Set maximum number of cached objects to 100 Don’t cache objects smaller than 1 byte or larger than 2048 bytes

20 Mod_Cache Performance
Caching No Caching

21 Mass Virtual Hosting Gives the appearance of multiple web servers
Eliminates the need for multiple <VirtualHost…> blocks in the HTTPD.CONF file Creates dynamically configured virtual hosts Virtual host is determined by the IP address or the Host: header Allows for a large number of virtual hosts with similar configurations Adding a new virtual host is simply a matter of creating a new directory structure

22 Mass Virtual Hosting LoadModule vhost_alias_module modules/vhost.nlm
<IfModule mod_vhost_alias.c> UseCanonicalName Off LogFormat "%V %h %l %u %t \"%r\" %s %b" vcommon CustomLog logs/access_log vcommon VirtualDocumentRoot SYS:/www/hosts/%0/docs VirtualScriptAlias SYS:/www/hosts/%0/cgi-bin </IfModule UseCanonicalName must be set to off Allows the VHost name to be derived from the Host: header Uses a single log file Logs can be split on a per-virtual-host bases by the first LogFormat field DocumentRoot and ScriptAlias specified through VHost directives

23 Load Balancing with Mod_Proxy
New features of Mod_Proxy Reverse Proxy Compliant with HTTP/1.1 including “KeepAlive” Pluggable protocol handlers such as HTTP and FTP Utilizes Apache 2.0 filtering to accurately filter the data as it flows through Mirror to one or more backend Web servers Handle all authentication and SSL services on a single server Increase performance by passing more complex requests to the backend servers

24 Reverse Proxy All client access must go through the reverse proxy server The proxy server can handle all authentication and SSL encryption for all backend servers Backend web servers don’t have to be Apache servers Backend web servers do not require any specialized configuration Clients Browser Any Web Server Apache Proxy Server Firewall

25 Reverse Proxy Example Disable forward proxy with “ProxyRequests Off”
LoadModule proxy_module modules/proxy.nlm <IfModule mod_proxy.c> LoadModule proxy_http_module modules/proxyhtp.nlm ProxyRequests Off #Reverse proxy to expense reporting web application server ProxyPass /expense/ ProxyPassReverse /expense/ #Reverse proxy to my general web application server ProxyPass /webapps/ ProxyPassReverse /webapps/ #Reverse proxy to other applications allow redirects ProxyPass /directapps/ </IfModule> Disable forward proxy with “ProxyRequests Off” Redirect requests to the specific backend servers with “ProxyPass” Allow redirection headers to be fixed up with “ProxyPassReverse”

26 Stardard Log Rotation Missing in Apache 1.3
Used the directives (mutually exclusive): LogRotateDaily – Rotate log on a daily basis LogRotateInterval – Rotate log on a time basis Only rotates CustomLogs – ErrorLog can not be rotated

27 Standard Log Rotation Apache 2.0 uses the RotateLogs
Functions in the same manner as on other platforms Can be configured to rotate based on: Time – ex. Rotate every seconds or 24 hours File size – ex. Rotate when the file size reaches 5 meg. Differentiate time from file size by placing an ‘M’ after the size specifier Log files are simply rotated not moved CustomLog "|bin/rotatelogs /var/logs/logfile 86400" common CustomLog "|bin/rotatelogs /var/logs/logfile 5M" common

28 Rotate Logs Performance
Logs Disabled Rotate Logs Default Logging

29 Authentication and Authorization
Apache provides several different methods of authentication and authorization File based authentication Mod_Auth – Authenticates users by looking up user names and passwords in a file created by the HTPASSWD utility Mod_Auth_Digest – Similar to Mod_Auth except it only accepts digest encrypted credentials Database based authentication Mod_AuthDBM – Authenticates users by looking up user names and passwords in a database managed by the DBMMANAGE utility Third party authentication modules Refer to:

30 Authentication - Mod_Auth_LDAP
Uses any LDAP compliant directory for authentication Use of SSL encrypted connection is recommended since Mod_Auth_LDAP only accepts “AuthType Basic” Allows for complex authentication policies through the use of LDAP filters Caches LDAP operations using the Mod_LDAP sub-module Can be configured to use SSL connections to the LDAP server Allows for extended and double-byte characters in the user name

31 Mod_Auth_LDAP Example
LoadModule ldap_module modules/utilldap.nlm <IfModule util_ldap.c> LoadModule auth_ldap_module modules/authldap.nlm Alias /secure vol2:/webpages/secure <Directory vol2:/webpages/secure> AuthType Basic AuthName LDAP_Protected_Place AuthLDAPURL ldap:// require valid-user </Directory> </IfModule> LDAP filters can be specified in the AuthLDAPURL directive Uses the UID (uniqueID) attribute by default Other “Require” directive options User – only allow a specified user Group – only allow users within a specific group DN – only allow users matching the specifed DNs

32 Authorization - Mod_eDir
Combines the functionality of Mod_NDS, Mod_RDirs and Mod_HDirs Enforces file access rights Remote server file system access eDirectory™ based home directory support Authorization or access control services only Relies on Mod_Auth_LDAP for authentication Enabled through the “Requires” directive (ex. Requires edir-user) Uses LDAP for all eDirectory access Requires a user name and password for access Can be configured to run in anonymous mode

33 Mod_eDir Remote Directory Example
HTTPD.CONF: LoadModule edir_module modules/mod_edir.nlm  <IfModule mod_edir.c>    include sys:/secure/edirauth.conf    Alias /rdocs "remotesrv/data:/webpages/remote"    <Directory "data:/webpages/remote">       Options Indexes MultiViews       Order allow,deny       Allow from all    </Directory> </IfModule> EDIRAUTH.CONF (secured) <IfModule mod_edir.c>    eDirServer MY_SERVER    eDirUserAccount cn=apache_server.o=admin_context    eDirPassword secret </IfModule>

34 Mod_eDir Home Directory Example
LoadModule edir_module modules/mod_edir.nlm  <IfModule mod_edir.c> hDirSearchContexts o=ctx, o=other_ctx    include sys:/secure/edirauth.conf    <Directory "data:/users/">       Options Indexes MultiViews IncludesNoExec       Order allow,deny       Allow from all    </Directory> </IfModule> hDirSearchContexts directives lists the set of contexts that will be searched All listed contexts and sub-contexts are searched Users must be unique within all contexts Add restrictions to the <Directory…> block as needed

35 Anonymous vs. Authenticated Modes
Uses public rights vs. logging in with a special user ID and password Anonymous mode requires public access rights to eDirectory attributes Home Directory – User home directory information Host Server – Physical server name Host Resource Name – Physical volume name Authenticated mode requires a special user object with browse rights to USER and VOLUME objects

36 Anonymous Mode – Pros vs. Cons
Does not require a special user object Easier to configure – requires fewer directives User home directory availability can be controlled by allowing or revoking public access rights to an object Requires public access rights to specific eDirectory attributes May require administrator intervention before the home directory is available Requires a local eDirectory replica on the Apache server box Server object of the Apache server box requires “Browse” and “Read” rights on all remote files systems

37 Authenticated Mode – Pros vs. Cons
Does not require administrator intervention to allow home directory access Allows binding directly to LDAP or a remote file system rather than depending on public rights Allows the Apache server to acquire home directory information from any LDAP server All access to home directories or remote file systems can be controlled through a single Apache user object Requires a special Apache user object in eDirectory Requires that a user name and password be stored in a configuration file

38 Apache Web Based Administration
Can manage any Apache server on any platform that supports an LDAP connection Web based administration allows the user to administer any Apache Web Server from anywhere Web farm administration is much easier since each server’s configuration is stored in eDirectory Configuration directives can be applied to a single server or shared among multiple servers

39 eDirectory based Configuration
Allows the administrator to define each web server’s configuration in terms of eDirectory objects Each Apache Web Server, virtual server, module, directory, location, and file block is described as eDirectory objects By describing the Apache configuration in terms of objects, the web server can be configured and managed just like any other eDirectory object

40 Conclusion Default web server, very popular
Apache 2.0 has been rebuilt from the ground up More efficient use of API through APR Better multi-processor support Apply configuration changes without unloading More shipping features and standard modules Increased performance with Mod_Cache LDAP authentication / eDirectory authorization Web based administration through eDirectory

Download ppt "Seminário Tecnológico"

Similar presentations

Ads by Google