Linux/Unix 3: Unix Services

Lesson 1: How Email Works

Introduction
How email works
Determining the Destination
Who is my MX?
SMTP
Handing in a Quiz or Objective
Lesson 2: Sendmail
Sendmail
Sendmail at Startup
Testing Sendmail
Lesson 3: More on Sending and Receiving Mail
Pine
Mail Headers
Relaying
Remote Mail
Lesson 4: Procmail
Procmail
Filters and Recipes
More Recipe Examples
Lesson 5: Aliases
Forwarding Email
Aliases
Lesson 6: How Webservers Works
How Webservers Work
Behind the Scenes
CGI Requests
Different Webservers
Lesson 7: Apache
Installing Apache
Initial Configuration
Testing Apache
Lesson 8: Conf iguring Apache
[Link]
Section 2 of [Link]
Lesson 9: Apache Access Cont rol
Introduction to Apache Access Control
[Link] Continued
Access Control
.htaccess
Adding Password Authentication
Lesson 10: Apache Logs
Webserver Logs
Access and Error Logs
Lesson 11: Even More Apache Conf igurat ion
CGI with Apache
Testing CGI
Allowing CGI for Users
Changing the Missing File Page
Lesson 12: Inst alling PHP
 What is PHP?
Preparing to Install PHP
Installing PHP
Testing PHP

Copyright © 1998-2014 O'Reilly Media, Inc.

This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.
See [Link] for more information.
 How Email Works

Introduction
In o rder to take this co urse successfully, yo u sho uld be able to FTP files, install and run pro grams o n a server, and
understand DNS. Yo u sho uld also be able to keep track o f users and the pro cesses they are running o n a server.

In this co urse, yo u'll learn all abo ut mail! No t o nly will yo u learn ho w a server sends and receives email, but yo u will
also learn ho w to install and co nfigure a mail server. We will begin by discussing ho w email wo rks.

All o f the examples, quizzes, and o bjectives fo r this co urse sho uld be co mpleted in the Unix Sandbo x. If
Note yo u have never taken an O'Reilly Scho o l o f Techno lo gy (OST) System Administratio n co urse, please
click here to learn abo ut the different features o f this to o l.

How email works

Let's imagine fo r a mo ment that yo u wish to write a letter to yo ur co usin living in Alaska. Yo u sit do wn with yo ur pen
and paper and write yo ur message. Then yo u neatly place the letter in an envelo pe, write yo ur co usin's address o n it,
and put it in the mailbo x. As far as yo u're co ncerned, the pro cess is o ver and yo ur co usin will get the letter in a few
days.

We kno w better than that tho ugh. The po stal wo rker must co me pick up yo ur letter and take it to the po st o ffice where it
will be pro cessed, o rganized fo r distributio n, shipped to a po st o ffice in Alaska, so rted again, and finally delivered to
yo ur co usin's mailbo x. Later that day yo ur co usin will check her mailbo x to find a letter fro m yo u, which she will o pen
and read with delight. The relatively lo ng duratio n o f this pro cess has caused so me peo ple to start calling it "snail
mail."

Email wo rks in a very similar manner (o nly faster, o f co urse). Imagine that yo u wish to send yo ur co usin an email
instead o f a regular po stal letter. To write this message, yo u must use an email edito r, like Eudo ra, Pine, Netscape
Mail, o r Outlo o k Express. The email edito r is referred to as the MUA o r m ail user agent. After typing yo ur co usin's
email address and message, yo u send it.

No w what? Will the email magically appear o n yo ur co usin's co mputer? Unfo rtunately, it will no t. Just like regular mail,
we need so mething that will determine where the message sho uld go and then deliver it. This is acco mplished by the
m ail t ranspo rt agent o r MT A. Once sent to the co rrect "po st o ffice," an LDA (lo cal delivery agent) is respo nsible fo r
putting the message in yo ur co usin's mailbo x. She can then read the email message with her o wn MUA. Unlike po stal
delivery, an email message is typically delivered within a matter o f seco nds.

In this lesso n, we will discuss the MTA and LDA in mo re detail.

Determining the Destination

The first thing an MTA do es, is determine the destinatio n fo r the email message. This is do ne by lo o king at the email
address. Let's say the email address is co usin@ [Link] m . The destinatio n fo r this message wo uld be
[Link] m . In this case, the destinatio n is a do main. That's no t really go o d eno ugh tho ugh, we need to kno w the
name o f a server o n which this do main resides. To determine this, we can use DNS zo ne files.

Many DNS zo ne files co ntain an entry fo r an MX reco rd.

Take a lo o k at this DNS zo ne file:

@ IN SOA [Link]. [Link].c
om. (
5 ;serial
21600 ;refresh
3600 ;retry
1209600 ;expire
172800 ;ttl
)
IN NS [Link].
IN MX 5 [Link].

In this case, any email with a destinatio n o f private.o reillyscho o [Link] m will be sent to [Link].o reillyscho o [Link] m.
 The [Link] m do main fro m o ur example will have at least o ne MX reco rd as well. The MTA will determine the mail
exchanger with the lo west preference number and attempt to transfer the message to it. The exchanger will no rmally be
so mething like [Link] m.

What if yo ur co usin's email address was co usin@ho [Link] m instead o f co usin@[Link] m? The
destinatio n is no w a specific ho st within a do main. It's po ssible fo r ho sts within a do main to have a specified mail
exchanger. If an MX isn't listed, the MTA will attempt to deliver the email directly to ho st123. Let's lo o k at an example
fro m o ur zo ne file.

Observe the fo llo wing:

; The bubbles
bubble2 IN A [Link]
bubble3 IN A [Link]

Here we have just a co uple o f simple address reco rds fro m the private.o reillyscho o [Link] m zo ne file. Neither o ne o f
these have MX reco rds, so any mail directed to bubble2 o r bubble3 will be sent directly to these machines. Ho wever,
we co uld have do ne this:

Observe the fo llo wing:

; The bubbles
bubble2 IN A [Link]
IN MX 5 [Link].
IN MX 10 [Link].
bubble3 IN A [Link]

In this case, mail sent to bubble2 will be delivered to [Link].o reillyscho o [Link] m, while mail can still be sent directly
to bubble3.

Who is my MX?
Ho w can we find o ut the mail exchanger fo r a do main if we do n't ho st the do main o urselves? It turns o ut it's pretty
simple. All we have to do is perfo rm a special kind o f query using nslo o kup.

After the co mmand pro mpt, type the fo llo wing co mmands:
hottub:~:$ nslookup -type=MX [Link]
Server: [Link]
Address: [Link]#53

Non-authoritative answer:
[Link] mail exchanger = 10 [Link].
[Link] mail exchanger = 20 [Link].

Authoritative answers can be found from:

[Link] nameserver = [Link].
[Link] nameserver = [Link].
[Link] nameserver = [Link].
[Link] internet address = [Link]
[Link] internet address = [Link]
[Link] internet address = [Link]
[Link] internet address = [Link]
[Link] internet address = [Link]

Changing the query type to MX o n the co mmand line gives us the info rmatio n we need. Here we see two mail
exchangers and their preferences. Alternatively, if we query a machine specifically (fo r instance, o ne o f the mail
exchangers), an MX wo n't be listed if the ho st is set to receive mail.
 After the co mmand pro mpt, type the fo llo wing co mmands:

hottub:~$ nslookup -type=MX [Link]

Server: [Link]
Address: [Link]#53

Non-authoritative answer:
*** Can't find [Link]: No answer

Authoritative answers can be found from:

[Link]
origin = [Link]
mail addr = [Link]
serial = 2006112301
refresh = 21600
retry = 10800
expire = 2592000
minimum = 60

SMT P
Once the MTA figures o ut the email's destinatio n, it attempts to co ntact the MTA o f the remo te machine. The standard
po rt o f co mmunicatio n between MTA's is po rt 25. The two MTA's establish co mmunicatio n and talk to each o ther via
the simple m ail t ransfer pro to co l o r SMT P. This can be verified by lo o king at the po rt assignments in /e t c/se rvice s.

SMTP, just as the name implies, is fairly simple. We can get an idea o f ho w it wo rks by talking to po rt 25 directly. Use
telnet to co nnect to po rt 25 o f the ho ttub. By do ing this, yo u can pretend yo u are an MTA with a message to deliver.

After the co mmand pro mpt, type the fo llo wing co mmands:
hottub:~$ telnet localhost 25
Trying [Link]...
Connected to localhost.
Escape character is '^]'.
220 [Link] ESMTP Sendmail 8.12.11.20060308/8.12.11; Fri, 4 May
2001 [Link] -0500

SMTP do esn't give yo u a pro mpt since it's no t really meant to be used as a user interface. Let's type the first
instructio n.

Type the fo llo wing co mmands:

MAIL FROM: youremail@[Link]
250 2.1.0 youremail@[Link]... Sender ok

This tells the MTA that there is an email message fro m yo ure m ail@ addre [Link] m . Be sure to replace this with yo ur
o wn email address.

Type the fo llo wing co mmands:

RCPT TO: youremail@[Link]
250 2.1.5 youremail@[Link]... Recipient ok

This specifies the recipient o f the message. The last thing yo u need to do is send the text o f the message itself.
 Type the fo llo wing co mmands:
DATA
354 Enter mail, end with "." on a line by itself
this is my test message
.
250 2.0.0 g48GSu013680 Message accepted for delivery
quit
221 2.0.0 [Link] closing connection
Connection closed by foreign host.

We initiate the transfer o f the bo dy o f the message by typing DAT A. Then we can type as much as we want. In o rder to
end the data sectio n o f the message, we have to type a perio d o n a line by itself. If do ne co rrectly, the email sho uld be
delivered to yo ur inbo x.

Check o ut yo ur email inbo x and see if the message is there!

Handing in a Quiz or Objective

After yo u have read the lesso n yo u have quizzes and o bjectives to co mplete that allo w yo u to demo nstrate
the co ncepts yo u have learned. Under the lesso n heading there is an o bjective and/o r quiz item. Click o n this
to reveal the instructio ns. When yo u are finished, scro ll do wn the to p half o f the Co derunner screen and select
the butto n that reads Hand in at the right side o f the windo w. Yo u will use the same pro cedure to hand in
o bjectives. Please do no t use the Dro p In bo x but simply click o n the Hand In butto n to hand in any files
created. This butto n will alert yo ur mento r that yo u are ready to be evaluated.

Copyright © 1998-2014 O'Reilly Media, Inc.

This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.
See [Link] for more information.
 Sendmail

Sendmail
When creating a Linux mail server, there are several different MTA's fro m which to cho o se. The mo st po pular MTA is
se ndm ail (the runner up is qm ail). Sendmail is kno wn fo r being difficult to set up and co nfigure. In mo st cases we
wo n't need to use any o f its many specialized co nfiguratio n o ptio ns. se ndm ail is usually installed o n the server as
part o f the base system when yo u install Linux.

Let's begin o ur investigatio n into sendmail. First we need to co nnect to a bubble.

After the co mmand pro mpt, type the fo llo wing co mmands:
hottub:~$ bubble

Let's lo o k at the main sendmail co nfiguratio n file. Co nfiguratio n o ptio ns fo r sendmail are called rule s. Things may
lo o k pretty co nfusing in se ndm [Link] , but luckily we do n't need to change anything. Open /e t c/se ndm [Link] using an
edito r o r pager such as le ss. Scro ll do wn a few lines until yo u see this:

Observe the fo llo wing:

##################
# local info #
##################

Cwlocalhost
# file containing names of hosts for which we receive email
Fw/etc/mail/local-host-names

These two rules specify machines that are in charge o f receiving mail. This means that if sendmail receives a message
bo und fo r o ne o f the machines listed, it will accept the message fo r delivery as lo ng as that user exists o n the server.
The first Cw line specifies that we receive mail fo r the lo calho st. The Fw line gives a file where o ther ho stnames are
co ntained. Older versio ns o f sendmail had these listed in a file called [Link].

Co ntinue scro lling do wn thro ugh [Link] to get familiar with the number and co mplexity o f so me o f sendmail's
o ptio ns.

We need to add o ur bubble's ho stname to /etc/mail/local-host-names so that we can receive mail. We're go ing to need
ro o t access so let's go ahead and su.

After the co mmand pro mpt, type the fo llo wing co mmands:

bubble12:~$ su suusername
Password:
bubble12:~#

Yo u need to figure o ut the ho stname o f yo ur bubble befo re yo u can add it to the lo cal-ho st-names file. Recall fro m the
last co urse that yo u do that by lo o king at the /etc/sysco nfig/netwo rk file:

After the co mmand pro mpt, type the fo llo wing co mmands:
bubble12:~# cat /etc/sysconfig/network
NETWORKING=yes
FORWARD_IPV4=false
HOSTNAME=[Link]

Yo ur ho stname is at the bo tto m. It will be o f the fo rm bubble [Link] e .use ract ive .co m . The number may be
different than the o ne sho wed here.
Edit /etc/mail/local-host-names and add the line belo w:
 Add this line to /etc/mail/lo cal-ho st-names:
[Link]

Remember, yo ur bubble's ho stname is pro bably different.

Yo u'll need to change this file whenever yo u lo gin to a new bubble. If yo u fail to do so , any email sent to
Note the server will be bo unced back to the sender. This is o nly necessary when yo u're using o r testing
sendmail.

Sendmail at Startup
Se ndm ail is typically started when the system bo o ts up, either with a script in /etc/rc.d/init.d o r within an rc script in
/etc/rc.d. Lo o king at the man page fo r se ndm ail will reveal a to n o f different o ptio ns, but the mo st co mmo n co mmand
line o ptio ns fo r se ndm ail are as fo llo ws:

se ndm ail -bd -q 15 m

Email messages that fo r o ne reaso n o r ano ther haven't been delivered are kept in a queue. The -q 15 m o ptio n tells
sendmail to try and send tho se messages every 15 minutes. Find o ut fo r yo urself what the -bd o ptio n means.

T esting Sendmail
Sendmail is pro bably already running. We'll need to restart it so it will reread its co nfig files.

After the co mmand pro mpt, type the fo llo wing co mmands:
bubble12:~# ps auxw |grep sendmail
root 415 0.0 6.1 5052 1968 ? S 12:22 0:00 sendmail: accepting connec
tions
root 551 0.0 1.4 1432 472 pts/0 S 13:01 0.00 grep sendmail
bubble12:~# kill -HUP 415

We can use kill -HUP o n the pro cess ID to cause se ndm ail to restart. No w we'll check to make sure it restarted o kay.
Yo ur PID will be different.

After the co mmand pro mpt, type the fo llo wing co mmands:
bubble12:~# tail -n 2 /var/log/maillog
May 8 [Link] bubble12 sendmail[415]: restarting on signal /usr/sbin/sendmail
May 8 [Link] bubble12 sendmail[554]: starting daemon (8.11.2): SMTP+queueing@[Link]
0

In the next lesso n, yo u will learn ho w to send yo urself a test message using the pine mail reader. See yo u there!

Copyright © 1998-2014 O'Reilly Media, Inc.

This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.
See [Link] for more information.
 More on Sending and Receiving Mail

Pine
Befo re starting this lesso n, make sure yo u update /etc/mail/local-host-names o n yo ur bubble.

By no w yo u sho uld be at least slightly familiar with a text edito r called pico . This is actually a derivative o f a Unix mail
client called pine . We're go ing to use pine to send and receive test messages.

After the co mmand pro mpt, type the fo llo wing co mmands:
bubble12:~# exit
exit
bubble12:~$ pine
Creating subdirectory "/home/username/mail" where Pine will store
its mail folders.

The first time pine starts it will create a subdirecto ry to ho ld mail fo lders and yo u'll see this greeting message:

Hit e to exit the greeting. No w yo u'll see pine's main menu:

We want to send a test message, so we'll type c to compose a message. While writing an email message, pine uses
the pico edito r. Type in a message like the o ne belo w, being sure to replace username with yo ur actual username and
the bubble ho stname with the o ne yo u're lo gged into :

To send the message, type C-x (Ctrl plus x).Yo u will be asked whether yo u really want to send the message. Yo u do ,
so yo u sho uld type y. After sending the message we'll be back at the main menu. Let's quit o ut o f pine fo r a mo ment by
typing q. It'll ask us if we really want to quit, then hit y.

Let's take a lo o k at /var/log/maillog to see if o ur message was sent successfully.

 After the co mmand pro mpt, type the fo llo wing co mmands:

bubble12:~$ su suusername
Password:
bubble12:~# tail /var/log/maillog
...
...
May 10 [Link] bubble12 sendmail[561]: g49JxY900561: from=<username@[Link].u
[Link]>,
size=335, class=0, nrcpts=1, msgid=<[Link].4.33.0105101025320.559-100000@[Link]
[Link]>,
proto=ESMTP, relay=username@localhost
May 10 [Link] bubble12 sendmail[562]: f4AFPlR02001: to=<username@[Link]
[Link]>,
ctladdr=<username@[Link]> (505/100), delay=[Link], xdelay=00
:00:00,
mailer=local, pri=30037, dsn=2.0.0, stat=Sent

bubble12:~# exit
exit
bubble12:~$

If it wo rked alright, yo u sho uld see two lines like the o nes abo ve. We can go back into pine and read o ur message.

After the co mmand pro mpt, type the fo llo wing co mmands:
bubble12:~$ pine

Pine will take us right to the main menu this time. We want to check o ur mail fo lders and, as we can see fro m the menu,
we do this by typing l (L).

Note Pine also lets us mo ve aro und the menu with the arro w keys and cho o se things by hitting enter.

This is o ur fo lder list. We want to take a lo o k at o ur INBOX, which sho uld already be highlighted, so all we have to do is
hit e nt e r. This brings us to the message list fo r o ur INBOX.
 Aweso me, there's the message we sent o urselves a few mo ments ago . Hit e nt e r again to view it. No w we can go
ahead and quit pine again.

Mail Headers
Instead o f using a mail client such as pine, we can view o ur mailbo x directly. Every user has a mail spo o l file that is
typically kept in /var/spool/mail. Each user's file is the same as their username and they have o wnership o f it (this is so
the mail client has permissio n to mo dify the file). The /var/spool/mail/username file co ntains all o f the messages in a
user's inbo x, all in a ro w. The mail client usually separates them fo r us. Let's take a lo o k at o ur mail spo o l file.

After the co mmand pro mpt, type the fo llo wing co mmands:
bubble12:~$ tail -n 20 /var/spool/mail/username
Return-Path: <username@[Link]>

Received: from localhost (username@localhost)

by [Link] (8.11.2/8.11.2) with ESMTP id g49JxY900561
for <username@[Link]>; Thu, 10 May 2001 [Link] -0500

Date: Thu, 10 May 2001 [Link] -0500 (CDT)

From: <username@[Link]>
To: <username@[Link]>
Subject: test message
Message-ID:
<[Link].4.33.0105101025320.559-100000@[Link]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-IMAPbase: 1020974514 1
Status: RO
X-Status:
X-Keywords:
X-UID: 1

This is a test message.

Depending o n the length o f the test message yo u sent, yo u may need to tail mo re lines than this to see the who le
message. There's a lo t mo re info rmatio n here than we saw when we lo o ked at the message with pine. That's because
pine filters o ut all o f the stuff we do n't usually care abo ut. This extra stuff is called the mail header. It co ntains all the
info rmatio n abo ut where this message came fro m and where it's been befo re reaching its final destinatio n. Every MTA
it has passed thro ugh o n the way here added so me info rmatio n.

The sectio n in gre e n is where o ur lo cal MTA received the message. It turns o ut the message is destined fo r this
 machine so it do esn't need to pass it o n to ano ther machine. If it had been destined fo r ano ther machine, the next MTA
wo uld have added a similar sectio n as well.

Relaying
Why wo uld sendmail receive a message that isn't destined fo r the lo cal machine? There are a co uple co mmo n
reaso ns this co uld happen. First, and maybe the mo st co mmo n these days, is that a user may have internet access
fro m o ne co mpany, but an email acco unt with a different o ne. Let's lo o k at ho w this might wo rk.

Suppo se Jennifer's co mputer co nnected to the internet thro ugh her ISP (Internet Service Provider). When she co nnects
to the internet with her mo dem, her co mputer is given a ho stname such as dialup-15 .so m e [Link] t . Jennifer gets
messages at her co mpany email address o f je nnif e r@ wo rkplace .co m . She's using a mail client like Eudo ra to
send and receive mail o n her ho me co mputer thro ugh her co mpany's mailho st (m [Link] rkplace .co m ). This has
been specified in her mail pro gram's preferences. When Jennifer sends an email to f rie nd@ f rie [Link] m , her mail
client hands the message to sendmail running o n m [Link] rkplace .co m which, no t being the destinatio n, must relay
the message to f rie [Link] m .

It used to be the case that sendmail wo uld relay any message that came to it by default. This became a big pro blem
when unso licited email (SPAM) became mo re po pular. No wadays, we have to specify the do mains fo r which we want
to relay. This keeps rando m peo ple fro m using o ur server to send messages, and we really o nly want to relay mail fo r
o ur o wn users anyway. /etc/mail/relay-domains is used to list ho sts o r do mains fo r which we will relay messages.
Create this file and add the fo llo wing lines. Make sure that yo u're o n a bubble and yo u've su'd in to yo ur superuser
acco unt.

Add the fo llo wing line to /etc/mail/relay-do mains:

[Link]
[Link]

No w sendmail will relay messages fro m any ho st in the [Link] m do main and fo r jo [Link] m.

Remote Mail
No w we kno w ho w Jennifer is able to send mail fro m her machine thro ugh her mail server. Ho wever, we still need a
way fo r her to check the mail she has o n the server. She co uld lo gin and use pine, but she wants to use Eudo ra o n her
co mputer to read her messages. There has to be a way fo r a mail client to pull email o ff o f a server.

Two ways exist to do this: POP3 and IMAP. Currently, POP3 is go ing to be running o n just abo ut every mail server, but
IMAP is gaining gro und. The nice thing is that yo u do n't have to cho o se o ne o r the o ther. Bo th services have different
po rts assigned to them, so yo u can have bo th. We'll be installing, qpo ppe r, a POP3 server as an exercise later. See
yo u in the next lesso n.

Copyright © 1998-2014 O'Reilly Media, Inc.

This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.
See [Link] for more information.
 Procmail

Procmail
Befo re starting this lesso n, make sure yo u update /etc/mail/local-host-names o n yo ur bubble.

Once a server's MTA (sendmail) accepts a message fo r lo cal delivery, its jo b is do ne. The message is then passed
o nto the LDA o r local delivery agent. On mo st Unix systems this will be a pro gram called pro cm ail. In its default state,
pro cm ail will simply add the new email message into the recipient's inbo x. Ho wever, it's o ften the case that a user will
want to filter their email befo re it gets placed in their inbo x. Pro cmail is designed to let us filter o ut mail by editing a
co nfig file. It's no t the easiest fo rmat to understand at first, but it's extremely po werful. Pro cmail will search fo r a system
wide filter file called /etc/procmailrc, but we're go ing to be mo re co ncerned with co nfiguring pro cmail o n a user by user
basis. This is do ne by editing ~username/.procmailrc.

Filters and Recipes

Why wo uld we want to filter o ur mail in the first place? Imagine we've signed up fo r twenty different mailing lists. Do we
really want all o f that mail cro wding o ur inbo x o r wo uld it be better to have them all separated into their o wn fo lders
auto matically? Ano ther reaso n wo uld be to deal with unso licited email fro m the same so urce. We co uld delete it
auto matically witho ut having to wo rry abo ut seeing it ever again.

Let's just dive right into making o ur o wn .procmailrc and we'll explain it as we go alo ng. Edit .procmailrc in yo ur ho me
directo ry (it pro bably do esn't exist) and add the lines belo w to the to p:

Add these lines to yo ur .pro cmailrc file:

PATH=$HOME/bin:/usr/bin:/bin:/usr/local/bin
MAILDIR=$HOME/mail
DEFAULT=/var/spool/mail/username
LOGFILE=$MAILDIR/from

MAILDIR is the directo ry that pro cmail is go ing to co nsider its current wo rking directo ry. DEFAULT is where it's go ing to
dro p the new messages. We can just use o ur o ld mail spo o l file. LOGFILE keeps track o f all o f the mail that co mes
thro ugh pro cmail fo r us.

To setup a filter, we need to define a recipe. Let's type in a new recipe belo w the variables we've already set.

Add the fo llo wing recipe to yo ur .pro cmailrc

:0
* ^Subject:.*Apples
apples

Typically these wo rk by matching a pattern in the message and then deciding what to do with it. A recipe starts with a
co lo n fo llo wed by a zero (:0 ). The next line is a co nditio n, it starts with *. Everything after that is a regular expressio n
(remember tho se?). This pattern lo o ks fo r a line that starts with "Subject" fo llo wed by any number o f characters befo re
the wo rd Apples. There can be stuff after Apples, but we're no t co ncerned with that. If a message matches this pattern
(and there aren't any mo re co nditio n lines) then the actio n is taken. We can have as many co nditio ns as we want.

The last line just says "apples." This is the actio n line. They can get much mo re co mplicated, but this line simply puts
the message into the apples mailbo x in MAILDIR. Test it o ut. Send a message to yo urself (like we did in the previo us
lesso n) with the subject o f Apples. We can cho o se these different fo lders in pine when we're lo o king at the fo lder list.
Just use the arro w keys to select the apples bo x instead o f the INBOX.

If yo u're using a remo te mail client, such as Eudo ra, yo u wo n't want to filter message into separate
Note mailbo xes. Eudo ra will o nly read /var/spool/mail/username.

Here's ano ther recipe example:

 OBSERVE:

:0:
* ^Subject:.*Apples
apples

This lo o ks almo st exactly like the o ne abo ve with o ne exceptio n. The additio n o f the extra semico lo n after the zero
indicates that we want to use a lo cal lo ckfile fo r this fo lder. Pro cmail will use a lo ckfile o f the same name as the fo lder,
with the additio n o f ".lo ck" at the end ([Link] ck). The purpo se o f a lo ckfile is to prevent two messages that co me in
at the same time fro m co rrupting the mail fo lders.

OBSERVE:

:0
* ^From: .*somedude@[Link]
somedude

In this example, instead o f matching the Subject line, we're checking to see who the message is fro m. We want all mail
fro m o ur friend so medude@[Link] m to go into a mailbo x reserved just fo r him.

OBSERVE:
:0
* ^From: .*somedude@.*
somedude

Just in case so medude had mo re than o ne email address with the same username, we co uld have do ne this.

OBSERVE:
:0:
* ^From: .*[Link]
friends

Here we put all messages fro m anyo ne with an address at [Link] m into a fo lder called friends. We also have a
lo ckfile. Let's imagine yo u want to match o nly messages fro m yo urself that have a co uple specific subjects.

Type the fo llo wing recipe into yo ur .pro cmailrc:

:0
* ^From:.*username@.*
* ^Subject:.*(Procmail|Test)
testfolder

As always, replace "username" with yo ur username. Send yo urself a few test messages to try it o ut. This will re-file any
messages fro m yo urself with subjects co ntaining "Pro cmail" OR "Test." We co uld do the same type o f thing anywhere
in the pattern.

OBSERVE:
:0
* ^(From|Subject).*oranges
oranges

This will re-file anything fro m o r abo ut o ranges into the oranges fo lder.

Let's imagine that we keep getting unso licited email fro m geo rge@washingto [Link] m. It keeps cluttering o ut mailbo x
and we wish it wo uld just be deleted befo re we ever saw it. No pro blem.
 Add the fo llo wing line to yo ur .pro cmailrc:
:0
* ^From: george@[Link]
/dev/null

/dev/null is a device that acts like a black ho le. Anything written to the device disappears into no thingness. So we're no t
really do ing anything special. All this says is to put such messages into a fo lder called /dev/null. Unfo rtunately fo r the
email message, its life has co me to an end.

More Recipe Examples

Pro cmail do esn't just limit us to putting messages in separate fo lders. Far fro m it. This next recipe fo rwards a
message to ano ther email address.

OBSERVE:
:0
* ^Subject.*Work
! coworker@[Link]

Any message with a subject that co ntains "Wo rk" will be fo rwarded to o ur co -wo rker. But this might no t be ideal,
because we wo uldn't get the message. Instead we can fo rward a co py o f the message.

OBSERVE:
:0 c
* ^Subject.*Work
! coworker@[Link]

Here we add the c flag to the recipe. This tells pro cmail that we want to perfo rm the specified o peratio ns o n a co py o f
the o riginal message.

No w let's filter so me messages. The difference here is that we will send the message as input to a co mmand and then
co ntinue o n with the o utput.

Add the fo llo wing to yo ur .pro cmailrc:

:0 f
* ^Subject.*Test
| grep -v blaa

Any message that matches the co nditio n will be sent thro ugh gre p -v blaa. This will remo ve any lines that co ntain
"blaa." Send yo urself a test message with a few lines in the bo dy o f the message. Make sure at least o ne o f them
co ntains "blaa." When the message co mes into yo ur inbo x the "blaa" lines sho uld be remo ved.

When multiple recipes are listed in the .pro cmailrc file the o rder o f the recipes affects the filtering. Fo r example, if there
are two recipes that affect the same email the first recipe in the file will act o n the email then the seco nd recipe will act
o n the email. Pro blems can arise when when the initial recipe affects the email in such a way, perhaps mo ving it to a
different fo lder, befo re subsequent recipes can act o n it. Listing yo ur recipes in o rder o f impo rtance is so mething to
keep in mind.

Witho ut the f o ptio n, it sends the message to the co mmand as if it was writing to a file and do esn't expect o r return any
o utput. We do n't have to use Unix co mmands. Any script o r pro gram can be called (just make sure it's in the PATH we
defined at the beginning).

There are mo re sample pro cmailrc files in /usr/share/doc/procmail-3.22/examples o n ho ttub. Also , yo u can read the
man pages fo r pro cm ailrc and pro cm aile x. Yo u're do ing great!

Copyright © 1998-2014 O'Reilly Media, Inc.

This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.
See [Link] for more information.
 Aliases

Forwarding Email
Befo re starting this lesso n, make sure yo u update /etc/mail/local-host-names o n yo ur bubble.

There are many cases when an email sent to o ne acco unt needs to be fo rwarded to ano ther acco unt. The simplest
metho d wo uld be to create a .forward file in the ho me directo ry o f the acco unt that needs to have its mail fo rwarded.
The fo rmat o f the .forward file is very simple. It just co ntains the email address where all o f that acco unt's messages
sho uld be sent.

Observe the co ntents o f a po ssible .fo rward file:

[username@bubble username]$ cat .forward
otherguy@[Link]

This is mo stly useful when we have an acco unt o n multiple servers and we want them all to fo rward to a single place.

Yo u want to be careful no t to create a mail lo o p by having two acco unts fo rward to each o ther.
WARNING Typically it's a mistake, but it do es happen.

What if we want to fo rward email fro m usernames that do n't really exist? To do this we'll setup aliases

Aliases
Email aliases allo w us to map an email address to o ne o r mo re o ther addresses. With aliases, the acco unt do esn't
need to exist fo r it to wo rk (in mo st cases it do esn't exist). Aliases are setup in /etc/aliases (o r so metimes in
/etc/mail/aliases). Take a lo o k at that file, yo u'll see entries that lo o k like tho se belo w:

Observe the fo llo wing fro m /etc/aliases:

bin: root
daemon: root
adm: root
...
# Person who should get root's mail
#root: marc

The first part o f these entries is the actual alias. Fo llo wing the co lo n is the address where it's go ing to be sent. Fo r
example, any mail sent to daemo n@bubble150 .[Link] m will go to
ro o t@bubble150 .[Link] m. Pretty simple really. The last line in the file is an alias fo r ro o t that is
co mmented o ut. The first thing we'll do is change this to o ur address. Make sure yo u are the superuser and o pen up
/etc/aliases fo r editing.

Make the fo llo wing change to /etc/aliases:

root: username

Save the file and exit. Changes to /etc/aliases do n't take effect right away. We have to run ne waliase s to create the
alias database that sendmail uses.

After the co mmand pro mpt, type the fo llo wing co mmands:

bubble12:/etc# newaliases
/etc/aliases: 39 aliases, longest 10 bytes, 389 bytes total

Yo u might see a few warning messages abo ut duplicate alias names. These can be igno red fo r the purpo ses o f this
co urse (t he y e xist be cause yo ur bubble is using a ne t wo rk f ile syst e m , if it cause s a pro ble m , de le t e
/e t c/aliase [Link] f irst ). Test this o ut by sending a message to ro o t at yo ur bubble. It sho uld appear in yo ur inbo x.
Do n't fo rget to exit o ut o f superuser permissio ns befo re checking yo ur mail.
Fo rwarding an alias to mo re than o ne perso n is as simple as adding mo re to the list.

Add the fo llo wing to yo ur /etc/aliases file:

lesson: username,sally,george@[Link]

Do n't fo rget to run ne waliase s.

In this case, any email sent to lesso n@bubble150 .[Link] m will be sent to username and sally o n the
lo cal machine as well as geo rge@[Link] m.

Typically, aliases are used to make sure mail directed to ward things like ro o t and webmaster get sent to the right
perso n. Aliases have built in pro tectio n against mail lo o ps. Fo r example, let's say we had these lines:

Observe the fo llo wing:

root: username
test: username,root

It lo o ks like a message sent to test wo uld be delivered to username twice. Ho wever, this is no t the case. Any message
will be sent to a perso n o nly o nce. Alright, let's mo ve o n to the next lesso n!

Copyright © 1998-2014 O'Reilly Media, Inc.

This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.
See [Link] for more information.
 How Webservers Works

How Webservers Work

When mo st peo ple think o f the internet, they think o f the Wo rld Wide Web: the huge co llectio n o f files, do cuments, and
dynamic info rmatio n that are accessed via a web bro wser. Witho ut all o f that available info rmatio n, the internet certainly
wo uldn't be as po pular as it is to day. In many cases, use o f the web is critical fo r a business to functio n smo o thly.
Indeed, many co mpanies wo uldn't even exist witho ut the web.

Befo re installing and co nfiguring a webserver, we need to kno w a little bit abo ut ho w they wo rk. To make the
discussio n a little easier, we'll be igno ring things like DNS and ro uting. Let's just assume that these functio ns happen
magically in the backgro und.

There are two sides to co mmunicatio n o n the web: clients and servers. The clients are all o f the peo ple bro wsing the
web. The term "client" can refer to the client machine o r the web bro wser being used (such as Netscape o r IE). A server
is the machine ho sting the web sites. It will have webserver so ftware that distributes do cuments to the clients when
they ask fo r them. But ho w do es it actually happen?

When yo u click a link, the web bro wser o n the client machine co ntacts the server to request a do cument. Fo r instance, if
yo u want to view [Link] the client wo uld co ntact [Link] and request
the /[Link] file. The server takes the request, finds the file, and sends it back to the client.

Behind the Scenes

The webserver and the client (bro wser) talk to each o ther with HTTP (Hypertext Transfer Pro to co l). Co nsider what
happens when yo u type a URL (Unifo rm Reso urce Lo cato r) into yo ur bro wser, such as
[Link] The bro wser co ntacts [Link] o n po rt 8 0 (the default po rt
webservers "listen" o n) and issues a simple co mmand like this:

GET /inde x.php3 HT T P/1.1.

No w the webserver is lo o king fo r this file: /index.php3. The file pro bably isn't sitting in the ro o t directo ry o f the
filesystem, so what's go ing o n here? This file is lo cated in the document root directo ry. This lo catio n is defined as the
default lo catio n to lo o k fo r web pages o r o ther files. Also defined is the server root directo ry where the webserver itself
resides. The do cument ro o t, as well as co nfiguratio n info rmatio n, will typically be fo und within the server ro o t directo ry
structure. We'll be hearing abo ut these directo ries thro ugho ut the rest o f the co urse.

There are so me co mmo n special cases. Fo r instance, when specifying a request fo r a directo ry
([Link] the webserver first checks fo r a file called [Link] within that directo ry. If the
file isn't fo und, then it tries to create its o wn index by listing the co ntents o f the directo ry.

Webservers are typically co nfigured to search fo r files o ther than (o r in additio n to ) [Link]. So me
Note examples o f these files are index.php3, [Link], and [Link].

Yo u're pro bably also familiar with URLs that have tildes (~) in them. The tilde represents a sho rtcut to any user's
perso nal web page. Mo st webservers fill a request fo r ~johndoe by lo o king in a subdirecto ry called public_html inside
o f jo hndo e's ho me directo ry.

There are lo ts o f ways to custo mize a webserver's co nfiguratio n. We'll learn abo ut these later.

Let's take a minute to pretend we're a web bro wser. By co mmunicating with the web server directly we can see ho w
do cuments get requested. Make sure yo u're o n the ho ttub befo re co ntinuing.
 After the co mmand pro mpt, type the fo llo wing co mmands:
hottub:~$ telnet [Link] 80
Trying [Link]...
Connected to [Link].
Escape character is '^]'.

We're no w co nnected to the webserver directly. Request the index.php3 file.

Type the fo llo wing co mmands:

GET /index.php3 HTTP/1.1

HTTP/1.1 301 Moved Permanently

Date: Tue, 15 Dec 2009 [Link] GMT
Server: Apache/1.3.37 (Unix) PHP/4.4.4
X-Powered-By: PHP/4.4.4
Status: 301 Moved Permanently
Location: [Link]
Connection: close
Content-Type: text/html

No te that yo u have to hit e nt e r t wice . The server respo nds by telling us that the co mmand was received successfully
and it returns the do cument that we requested (which will scro ll by o ur screen very fast). That's really all yo ur web
bro wser is do ing, sending requests and getting respo nses.

CGI Requests
The previo us discussio n was mo stly abo ut the way a webserver go es abo ut finding static pages to send back to the
client. But what abo ut dynamic pages that are generated o n the fly by a CGI (Co mmo n Gateway Interface) script o r
so mething similar?

In the case o f CGI, the pro cess is essentially the same. The client sends a request first, then the server executes the
CGI script which typically creates a do cument to be sent back to the client.

Different Webservers
There are lo ts o f different webservers available fo r Unix platfo rms, many built fo r very specific purpo ses. One o f the first
was the NCSA httpd server. Later, the Apache webserver was develo ped as its replacement and remains the mo st
po pular to date.

Copyright © 1998-2014 O'Reilly Media, Inc.

This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.
See [Link] for more information.
 Apache

Installing Apache
Do wnlo ad the apache so urce co de fro m the ho ttub. This is the same so urce co de yo u wo uld find o n the Apache Web
Site.

After the co mmand pro mpt, type the fo llo wing co mmands:
bubble12:~$ ncftp hottub
NcFTP 3.0.1 (March 27, 2000) by Mike Gleason (ncftp@[Link]).
Connecting to [Link]...
[Link] FTP server (Version wu-2.6.1(1) Wed Aug 9
[Link] EDT 2000) ready.
Logging in...
Guest login ok, access restrictions apply.
Logged in to hottub.
ncftp / > cd pub
ncftp /pub > get apache_1.[Link]
apache_1.[Link]: 1.84 MB 2.67 MB/s
ncftp /pub > quit
bubble12:~$

No w we need to unzip and untar the apache so urce tree. A source tree is a term that refers to all o f the subdirecto ries
and files that are included with a so ftware package's so urce co de.

After the co mmand pro mpt, type the fo llo wing co mmands:
bubble12:~$ tar -xzf apache_1.[Link]
bubble12:~$ cd apache_1.3.19
bubble12:~/apache_1.3.19$ ls
ABOUT_APACHE KEYS README [Link] [Link]
icons
Announcement LICENSE [Link] cgi-bin configure logs
INSTALL [Link] [Link] conf htdocs src

Excellent. We're no t go ing to change any o f the co nfiguratio n o ptio ns as this time, so let's go ahead and co mpile
apache.

After the co mmand pro mpt, type the fo llo wing co mmands:
bubble12:~/apache_1.3.19$ ./configure ; make

...
...

make[2]: Leaving directory `/home/username/apache_1.3.19/src/support'

<=== src/support
make[1]: Leaving directory `/home/username/apache_1.3.19'
<=== src

If yo u enco unter any warnings o r erro rs during this step, please email yo ur mento r.

We need to give o urselves superuser access in o rder to install the apache files o nto the system.
 After the co mmand pro mpt, type the fo llo wing co mmands:

bubble12:~/apache_1.3.19$ su suusername
Password:
bubble:~/apache_1.3.19# make install

...
...

+--------------------------------------------------------+
| You now have successfully built and installed the |
| Apache 1.3 HTTP server. To verify that Apache actually |
| works correctly you now should first check the |
| (initially created or preserved) configuration files |
| |
| /usr/local/apache/conf/[Link]
| |
| and then you should be able to immediately fire up |
| Apache the first time by running: |
| |
| /usr/local/apache/bin/apachectl start
| |
| Thanks for using Apache. The Apache Group |
| [Link] |
+--------------------------------------------------------+

The default lo catio n o f the installed apache files is /usr/local/apache.

Initial Configuration
Let's take a lo o k at the directo ries that have been created.

After the co mmand pro mpt, type the fo llo wing co mmands:
bubble12:~/apache_1.3.19# cd /usr/local/apache
bubble12:/usr/local/apache# ls
bin cgi-bin conf htdocs icons include libexec logs man proxy

We need to change a few things befo re we can start o ur web server. All o f the co nfiguratio n info rmatio n is co ntained in
the conf directo ry.

After the co mmand pro mpt, type the fo llo wing co mmands:
bubble12:/usr/local/apache# cd conf
bubble12:/usr/local/apache/conf# ls
[Link] [Link] [Link] [Link]
[Link] magic [Link]
[Link] [Link] [Link]

The file we'll want to lo o k at is [Link]. The [Link] and [Link] files are just there to maintain co mpatibility with
o lder versio ns o f apache. Open up [Link] in yo ur favo rite edito r.

After the co mmand pro mpt, type the fo llo wing co mmands:
bubble12:/usr/local/apache/conf# emacs [Link]

The first thing yo u'll no tice is that the [Link] file is filled with to ns o f co mments starting with "#". Individual
statements in the apache co nfig file are called directives. Scro ll do wn until yo u see the fo llo wing line:

Observe this line fro m [Link] nf:

ServerRoot "/usr/local/apache"
 This line sho uld be fo und o n line 6 5 o f [Link]. The Se rve rRo o t directo ry is where all o f the apache files can be
fo und. It tells the webserver where to lo o k fo r things. Fo r no w, the next directive we need to lo o k at is the Po rt directive.
This is fo und o n line 238 . As yo u're scro lling past the o ther directives, no tice that all o f them have a small explanatio n
abo ut what they do .

FIND the fo llo wing line fro m [Link] nf

Port 8080

This tells the server what po rt it sho uld listen o n, similar to ho w telnet and ftp listen o n po rts 23 and 21 respectively.

Make the fo llo wing changes:

Port 80

We want to change this because the standard web traffic po rt is 8 0 . The reaso n it wasn't set to 8 0 already is so that we
are fo rced to go thro ugh [Link] in o rder fo r o ur web server to wo rk co rrectly. Let's lo o k at the next two directives.

Observe the fo llo wing fro m [Link] nf:

User nobody
Group nobody

This sets the user and gro up id o n which the web server will run. The reaso n we want to run as the "no bo dy" user is
because we do n't want the webserver to have ro o t privileges when it will be interacting so clo sely with the o utside
wo rld. The next directive in the [Link] file is the Se rve rAdm in directive.

Observe the fo llo wing fro m [Link] nf:

ServerAdmin username@[Link]

This is the email address that will receive messages describing any pro blems with the web server. Typically yo u wo uld
want this to be a webmaster address o r po ssibly even the ro o t acco unt, but fo r no w we can leave it alo ne.

OBSERVE:
DocumentRoot "/usr/local/apache/htdocs"

A few lines do wn we'll see the Do cum e nt Ro o t directive. This is where the server will sto re its main web site files. Fo r
example, if I was go ing to make an [Link] file fo r this new web server, I wo uld put it in /usr/local/apache/htdocs.

Individual users will need their o wn directo ries. The standard fo r this is a public_html directo ry inside o f their ho me
directo ry.

Observe the fo llo wing lines fro m [Link] nf:

<IfModule mod_userdir.c>
UserDir public_html
</IfModule>

These user specific directo ries are accessed by appending ~username to the end o f the website's URL. Save and
e xit [Link].

T esting Apache
Apache co mes with its o wn co ntro l pro gram called apache ct l, lo cated in /usr/local/apache/bin. This directo ry isn't in
yo ur PATH. Yo u can add it to yo ur PATH if yo u like, o r just specify the path o n the co mmand line. Let's try and start o ur
web server.
 After the co mmand pro mpt, type the fo llo wing co mmands:

bubble12:/usr/local/apache/conf# ../bin/apachectl start

../bin/apachectl start: httpd started

Here we've used the relative path to the apache ct l pro gram instead o f the full path. Acco rding to the message, it lo o ks
like everything started o kay. Let's try it and see if it wo rked.

The tricky part here is that we can't just tell o ur bro wser to go to [Link] m. Ho w co me? Since
the bubbles are o n a private netwo rk, o ur bro wser wo n't be able to access it fro m the internet. Instead we will use a
text-based bro wser called lynx to access the webserver fro m the ho ttub. Lynx was o ne o f the first bro wsers in
existence.

In o rder to access the webserver, yo u need to kno w the bubble to which yo u are co nnected. The bubbles are
distinguished fro m o ne ano ther by the number that is attached to the name bubble at the co mmand pro mpt. Yo u can
also use the bubble IP address. Find o ut which o ne yo u are using right no w.

After the co mmand pro mpt, type the fo llo wing co mmands:

bubble12:~# /sbin/ifconfig |grep 10.0.0

inet addr:[Link] Bcast:[Link] Mask:[Link]

In this example, the IP address is bubble 12 is 10 .0 .0 .12. The name and IP address o f yo ur bubble will be slightly
different. No w let's use lynx to ensure that the webserver has been installed pro perly.

After the co mmand pro mpt, type the fo llo wing co mmands:
bubble12:~# exit
bubble12:~$ exit
hottub:~$ lynx [Link]

Yo u sho uld see so mething that lo o ks like this:

Test Page

This page is used to test the proper operation of the apache web sever after
it has been installed. If you can read this page, it means that the apache
web server installed at this site is working properly.
________________________________________________

This page indicates the successful installatio n o f the apache web server. Yo u co uld also use the co mmand lynx
10 .0 .0 .12 to achieve the same results. This is the default website lo cated in /usr/local/apache/htdocs. Go o d jo b! See
yo u at the next lesso n!

Copyright © 1998-2014 O'Reilly Media, Inc.

This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.
See [Link] for more information.
 Configuring Apache

[Link]
Lo g into a bubble and su if yo u haven't already.

All o f Apache's co nfiguratio n info rmatio n is co ntained within a single file. This file is [Link], lo cated inside o f the
conf subdirecto ry, co ntained within the server ro o t directo ry structure (/usr/local/apache/conf). We already made a few
small changes in this file when we installed Apache, but no w we're go ing to go o ver things in a bit mo re depth and
co ver to pics we haven't seen befo re. Fo r mo st o f this lesso n we'll just be go ing thro ugh part o f the co nfiguratio n file to
make sure we understand what's there.

Start by go ing into the conf directo ry and o pening up [Link] fo r editing.

After the co mmand pro mpt, type the fo llo wing co mmands:

bubble12:/usr/local/apache/conf# emacs [Link]

The very first directive fo und in the file lo o ks like this:

Find this directive

#
# ServerType is either inetd, or standalone. Inetd mode is only supported on
# Unix platforms.
#
ServerType standalone

No tice that the co mments befo re each directive give us an idea o f what it's all abo ut. Yo u sho uld already be familiar
with the inetd co ncept. Remember this is a daemo n that listens o n a bunch o f po rts and starts o ther services as they
are needed. All this directive do es is state whether we want to start the webserver with inetd o r have it running all the
time (aka a standalo ne server). We'll leave this o ne alo ne fo r no w.

Skip past the ServerRo o t directive, which we're already familiar with, until yo u find this o ne:

Find this directive

#
# PidFile: The file in which the server should record its process
# identification number when it starts.
#
PidFile /usr/local/apache/logs/[Link]

This specifies the lo catio n o f a file that sto res the pro cess id o f the webserver. Having the pro cess id o n hand allo ws
apache ct l to start, sto p, and restart the webserver easily. Ho wever, if yo u change this value yo u will also want to edit
apache ct l as well.

Next, yo u'll find Sco reBo ardFile. Unix do esn't require the use o f a sco rebo ard file so we can skip this o ne.

The next fo ur directives pertain to the way the web server will handle sending and receiving o f individual requests.

Observe the fo llo wing directives:

Timeout 300

KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 15

(Co mments have been remo ved so we can see them all at o nce.)

The Timeo ut directive indicates ho w lo ng the server will wait to send and receive info rmatio n if it's having pro blems
co mmunicating with the client. Fo llo wing that are three directives co ncerning so mething called keep alive. The idea is
 to keep a co nnectio n between the client and server alive fo r a little while in case the client requests any mo re
do cuments. Typically there will be several requests at the same time (ex: do wnlo ading the images fo r a page) which
prevents the necessity o f creating a new co nnectio n every time.

No w we have ano ther set o f five directives that yo u will pro bably leave unchanged.

Observe the fo llo wing directives:

MinSpareServers 5
MaxSpareServers 10
StartServers 5

MaxClients 150
MaxRequestsPerChild 0

Spare servers? This deserves a little explanatio n. Apache starts up mo re servers than it really needs at any given time.
This way, when a request co mes in, the client do esn't have to wait fo r the server to start up because it's already there.
These directives indicate that apache will always try to keep five spare servers aro und.

MaxClients is the maximum number o f servers that apache will start at any given time. Each o ne o f these servers is
called a child, because it is created by the parent apache server. These names pro vide a clue fo r the next directive:
MaxRequestsPerChild. This limits ho w lo ng a child server will stay active in cases where it might be beneficial to restart
them after they've been busy. It's no t necessary o n Linux, so we set the MaxRequestsPerChild to zero indicating that
there is no limit.

We'll skip the last few co mmented directives and mo ve o nto the next sectio n o f [Link].

Section 2 of [Link]
We already kno w the first few directives in this sectio n.

We are already familiar with these directives:

Port 80
User nobody
Group nobody
ServerAdmin username@[Link]
DocumentRoot "/usr/local/apache/htdocs"

Since we're already familiar with these we'll go o nto the next o ne.

Find this directive:

<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>

"<Directo ry /> and </Directo ry> are used to enclo se a gro up o f directives which will apply o nly to the named directo ry
and sub-directo ries o f that directo ry." --Apache Documentation

This instance o f Directo ry indicates the default o ptio ns fo r all directo ries unless o therwise specified. The significance
o f specifying the directo ry /, is that apache regards this as the base URL fo r all files o n the webserver. The two o ther
directives used here are Optio ns and Allo wOverride. There are several different Optio ns that are allo wed and yo u can
specify mo re than o ne by using spaces (see table belo w). We'll discuss Allo wOverride in mo re depth in a later lesso n
abo ut access co ntro l.

Opt io ns
All All o ptio ns except fo r MultiViews
ExecCGI Executio n o f CGI scripts is permitted
Fo llo wSymLinks The server will fo llo w symbo lic links in this directo ry
Includes Server-side includes are permitted
 IncludesNOEXEC Server-side includes are permitted, but the #exec co mmand and #exec CGI are disabled
If a URL which maps to a directo ry is requested, and the there is no Directo ryIndex (e.g.,
Indexes
[Link]) in that directo ry, then the server will return a fo rmatted listing o f the directo ry
MultiViews Co ntent nego tiated MultiViews are allo wed
The server will o nly fo llo w symbo lic links fo r which the target file o r directo ry is o wned by
SymLinksIfOwnerMatch
the same user id as the link

Next in [Link] we have a Directo ry directive fo r the do cument ro o t directo ry.

Observe this directive:

<Directory "/usr/local/apache/htdocs">
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
Allow from all
</Directory>

Here we see that a co uple o f o ther Optio ns were specified. In additio n, there are a co uple new directives: Order and
Allo w. These have to do with access co ntro l that we'll be discussing later as well.

The next two directive sectio ns check fo r the existence o f apache mo dules. If they exist, then the directives are
pro cessed. These two mo dules are co mpiled by default.

Observe these two directive sectio ns:

<IfModule mod_userdir.c>
UserDir public_html
</IfModule>

<IfModule mod_dir.c>
DirectoryIndex [Link]
</IfModule>

The first o ne defines that a URL co ntaining ~username actually refers to a directo ry called public_html lo cated under the
user's ho me directo ry. The seco nd sectio n defines which file(s) the web server sho uld lo o k fo r in a directo ry when a
specific file isn't requested. We're go ing to change this directive to make it lo o k fo r mo re than just the [Link] file.

Make the fo llo wing changes to this directive:

<IfModule mod_dir.c>
DirectoryIndex [Link] [Link] [Link]
</IfModule>

Here we've added [Link] and [Link] as files that the webserver sho uld lo o k fo r.

Copyright © 1998-2014 O'Reilly Media, Inc.

This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.
See [Link] for more information.
 Apache Access Control

Introduction to Apache Access Control

In this lesso n we're go ing to co ntinue lo o king at [Link] and address the immediate access co ntro l issues we find.
We'll co ntinue o n the to pic o f access co ntro l and talk abo ut .htaccess files. These files co ntain access co ntro l rules that
are lo cal to a specific directo ry tree.

[Link] Continued
Lo gin to a bubble, su, and o pen up [Link] in an edito r again. We'll want to go back and lo o k at the default Directo ry
directive.

Observe this set o f directives:

<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>

The Allo wOverride directive specifies which o ptio ns and access co ntro l features fo und in a .htaccess file are allo wed to
o verride previo us directives. In this case, the .htaccess files aren't allo wed to o verride anything, but there are several
po ssibilities.

AuthCo nfig Allo w use o f the autho rizatio n directives

FileInfo Allo w use o f the directives co ntro lling do cument types
Indexes Allo w use o f the directives co ntro lling directo ry indexing
Limit Allo w use o f the directives co ntro lling ho st access
Optio ns Allo w use o f the directives co ntro lling specific directo ry features

Access Control
A few lines do wn in [Link] we find the Directo ry directive fo r the do cument ro o t tree. Here are a co uple mo re access
co ntro l o ptio ns.

Observe these directives:

<Directory "/usr/local/apache/htdocs">
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
Allow from all
</Directory>

Apache access co ntro l is very similar to the access co ntro l to lo cal services we learned abo ut earlier that use the files
/etc/[Link] and [Link]. The Order directive specifies the o rder o f access co ntro l. Essentially, we will be
specifying who is allo wed first and who is denied access. The next directive is Allo w and we're allo wing fro m "all."
No tice that there aren't any ho sts being denied.

Make sure yo ur web server is up and running o n the bubble. Yo u can do this by using the lynx co mmand (see Lesso n
7). No w edit [Link] and add a ho st that will be denied fro m the do cument ro o t directo ry.
 Add the fo llo wing line to [Link] nf:

<Directory "/usr/local/apache/htdocs">
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
Allow from all
Deny from [Link]
</Directory>

Save [Link]. No tice that yo u can still access the bubble's web server using lynx. Ho wever, if yo u fo rce the web
server to re-read the co nfiguratio n file by restarting the web server, yo u will no lo nger be able to access the bubble.
Let's try it!

After the co mmand pro mpt, type the fo llo wing co mmands:
bubble12:~# /usr/local/apache/bin/apachectl restart
/usr/local/apache/bin/apachectl restart: httpd restarted

No w test yo ur webserver again using the lynx co mmand. Yo u sho uld get a message stating that yo u do n't have
permissio n to access the website.

Of co urse, yo u sho uld no t leave the file in this state. Be sure to remo ve the restrictio n in [Link] and restart yo ur web
server.

.htaccess
.htaccess files simply co ntain Apache directives specific to the directo ry in which they are fo und. These directives apply
to that directo ry and all o f its subdirecto ries as lo ng as no ne o f its directives vio late the Allo wOverride directive fro m
within [Link].

Lo o king in [Link] again, we can see where the name o f the access co ntro l file is specified.

Observe this line fro m [Link] nf:

AccessFileName .htaccess

Since this is the standard name fo r access co ntro l files, and everybo dy kno ws it, we do n't want clients to be able to
access tho se files and read o ur access co ntro l po licies. To prevent this we use the Files directive to hide all files that
start with ".ht".

Observe these lines fro m [Link] nf:

<Files ~ "^\.ht">
Order allow,deny
Deny from all
</Files>

The tilde (~) indicates that Apache sho uld match files with the regular expressio n pro vided. Let's use yo ur user
directo ry as a place to try o ut .htaccess files.

After the co mmand pro mpt, type the fo llo wing co mmands:
hottub:~$ lynx [Link]/~username

Yo u sho uld see a page that says the requested URL was no t fo und o n the server. That seems a little o dd at first
because yo ur ho me directo ry o bvio usly exists, right? Remember, ho wever, that user specific web pages are
suppo sed to be lo cated in a subdirecto ry called public_html.
 After the co mmand pro mpt, type the fo llo wing co mmands:
bubble12:~# cd ~username
bubble12:~# exit
bubble12:~$ mkdir public_html
bubble12:~$ cd public_html
bubble12:~/public_html$ emacs [Link]

No t o nly do we have to create the public_html directo ry, we sho uld create an [Link] file as well. Type the fo llo wing
text into [Link].

Add these lines to [Link]:

<html>
<body>
Hello
</body>
</html>

Save and exit yo ur edito r. Then run the co mmand lynx bubble [Link] e .use ract ive .co m /~use rnam e . Chances
are yo u're getting ano ther erro r, but this time it's "fo rbidden," indicating that yo u do n't have permissio n to access that
file.

We didn't deny anyo ne access to that directo ry yet, so what's go ing o n? In this case it's no t really a webserver
pro blem. The user directo ries o n the bubbles have permissio ns o f 70 0 by default. The webserver can't "execute" the
directo ry in o rder to get in and read the html file. This is simple eno ugh to change.

After the co mmand pro mpt, type the fo llo wing co mmands:
bubble12:~/public_html$ chmod 711 ~username

Alright, finally we can view the co ntents o f that URL! Use lynx to view the page again and yo u'll see that it's wo rking
no w.

The last step befo re creating an .htaccess file is to give it permissio n to o verride previo us directives. We'll do this by
adding a Directo ry directive in [Link] right after the directive specifying the UserDir.

Add these lines to [Link] nf:

<IfModule mod_userdir.c>
UserDir public_html
</IfModule>

<Directory /home/*/public_html>
AllowOverride Limit
</Directory>

No w we can go back into o ur public_html directo ry and create a .htaccess file.

After the co mmand pro mpt, type the fo llo wing co mmands:

bubble12:~/public_html$ emacs .htaccess

Type the fo llo wing lines into .htaccess:

Order deny,allow
deny from all

No w if yo u check the website again, yo u'll no tice that permissio n is denied o nce again.

Adding Password Authentication

Yo u've pro bably co me acro ss a website o r two that asked fo r a username and passwo rd befo re yo u are allo wed to
co ntinue. We have to give .htaccess the autho rity to change the AuthCo nfig in o rder to get this wo rking. su and edit
[Link] again.

Change this line in [Link] nf:

<Directory /home/*/public_html>
AllowOverride Limit AuthConfig
</Directory>

Restart the webserver.

Exit back to yo ur no rmal user and change .htaccess. Do n't fo rget to remo ve the previo us access co ntro l lines.

Change .htaccess to co ntain o nly these lines:

AuthType Basic
AuthName "This Page"
AuthUserFile /home/username/.htpasswd
require valid-user

These lines specify the type o f authenticatio n we want to use. The AuthUserFile is the file that will co ntain the user
names and encrypted passwo rds o nce they are created. Having .htpasswd in a lo catio n no t within public_html, means
that it isn't accessible via a web bro wser even if the server co nfiguratio n is changed to allo w access to files that start
with ".ht". To create users we use the ht passwd co mmand. It is lo cated in the bin subdirecto ry o f the server ro o t
directo ry tree.

After the co mmand pro mpt, type the fo llo wing co mmands:
bubble12:~/public_html$ /usr/local/apache/bin/htpasswd -c /home/username/.htpasswd user
name
New password:
Re-type new password:
Adding password for user username

After the first user, yo u do n't have to include the -c flag which creates the .htpasswd file. Let's add ano ther user.

After the co mmand pro mpt, type the fo llo wing co mmands:
bubble12:~/public_html$ /usr/local/apache/bin/htpasswd /home/username/.htpasswd user2
New password:
Re-type new password:
Adding password for user user2

Yo u no w have a page that uses passwo rd authenticatio n! Use the lynx co mmand abo ve to test it o ut.

Copyright © 1998-2014 O'Reilly Media, Inc.

This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.
See [Link] for more information.
 Apache Logs

Webserver Logs
Recall fro m a previo us co urse that the syslo gd daemo n lo gs specific activity o n the Unix server into files usually
co ntained in /var/log. These lo gs can be viewed to keep tabs o n a lo t o f different types o f activity... except activity o n the
web server.

Apache keeps track o f its o wn lo g files separately. A webserver can generate an awful lo t o f traffic and it wo uld be a
mess if all o f its co nnectio ns were written to the same files as everything else. Additio nally, keeping track o f its o wn
lo gs allo ws Apache to be very flexible with the co ntents and fo rmat o f its lo gs.

The default setup keeps track o f attempts to access files fro m the webserver and any erro rs that may o ccur.

If yo u are already lo gged into a bubble, make sure yo u sto p the webserver if it's running (with apache ct l
Note st o p). Otherwise, lo g into a bubble and su.

Because o f the special way bubbles wo rk, we'll have to make o ne small change befo re co ntinuing. This is no t no rmally
necessary, but we need to make sure that the web server has access to write to its lo g files.

After the co mmand pro mpt, type the fo llo wing co mmands:

bubble12:~# cd /usr/local/apache
bubble12:/usr/local/apache# chown -R [Link] logs

Access and Error Logs

The lo g files will be lo cated o ff o f the server ro o t in a directo ry called logs. Let's get into that directo ry and start up the
web server.

After the co mmand pro mpt, type the fo llo wing co mmands:
bubble12:/usr/local/apache# cd logs
bubble12:/usr/local/apache/logs# ../bin/apachectl start
../bin/apachectl start: httpd started

Even tho ugh Apache starts up successfully, it still creates an entry in the error_log file.

After the co mmand pro mpt, type the fo llo wing co mmands:
bubble12:/usr/local/apache/logs# cat error_log
[Tue Aug 21 [Link] 2001] [notice] Apache/1.3.17 (Unix) configured -- resuming normal
operations

This isn't really an erro r at all, just a message indicating that Apache has started up o kay.

No w, use the lynx co mmand to access the web server yo u have running o n the bubble. Be sure that yo u are running
this co mmand fro m the ho ttub. Once yo u've do ne this, lo g back into yo ur bubble and take a lo o k at the access_log file.
This file keeps user and agent lo gs. Edit the [Link] nf file and unco mment these two lo g definitio ns so we can check
them o ut.
 Unco mment the Custo mLo g lines:
CustomLog /usr/local/apache/logs/access_log common

#
# If you would like to have agent and referer logfiles, uncomment the
# following directives.
#
CustomLog /usr/local/apache/logs/referer_log referer
CustomLog /usr/local/apache/logs/agent_log agent

Save and e xit the text edito r.

Setup the lo g files.

After the co mmand pro mpt, type the fo llo wing co mmands:
bubble12:/usr/local/apache/conf# cd ../logs
bubble12:/usr/local/apache/logs# touch referer_log
bubble12:/usr/local/apache/logs# touch agent_log
bubble12:/usr/local/apache/logs# chown [Link] referer_log agent_log

The creatio n o f the lo g files and o wnership change are o nly necessary because o f the way the bubbles
wo rk. Bubbles are strange entities because they actually exist all o n the same machine. They are created
Note using this funky thing called user mo de Linux. Basically it allo ws us to turn o ne server into a co uple
hundred "servers." This is mo re than yo u need to kno w right no w tho ugh.

We also need to restart Apache so the co nfiguratio n changes will take effect.

After the co mmand pro mpt, type the fo llo wing co mmands:
bubble12:/usr/local/apache/conf# ../bin/apachectl restart
../bin/apachectl restart: httpd restarted

Use lynx to access the bubble's web server again. Yo u sho uld see the wo rd do cum e nt at io n highlighted at the to p
o f the page. Press Ent e r o n yo ur keybo ard to o pen the link.

After the co mmand pro mpt, type the fo llo wing co mmands:
bubble12:/usr/local/apache/logs# tail -n 1 access_log
[Link] - - [23/Aug/[Link] -0500] "GET /manual/ HTTP/1.0" 304 -

By lo o king at the access lo g we see the file that was o btained. At the same time, entries were made in the referrer lo g.

After the co mmand pro mpt, type the fo llo wing co mmands:
bubble12:/usr/local/apache/logs# tail -n 1 referer_log
[Link] -> /manual/

The referrer lo g sho ws ho w the client go t to the current file. This line indicates that a link fro m [Link] directed
the client to /manual/. There is also an agent lo g entry fo r the same file.

After the co mmand pro mpt, type the fo llo wing co mmands:
bubble12:/usr/local/apache/logs# tail -n 1 agent_log
Lynx/2.8.4rel.1 libwww-FM/2.14 SSL-MM/1.4.1 OpenSSL/0.9.6b

The agent lo g keeps track o f the bro wser and versio n that the client used.
 This do cumentatio n link is a co py o f the Apache manual. Yo u can use it fo r future reference as lo ng as
Note the server is running. The Apache ho mepage also has lo ts o f go o d do cumentatio n.

Copyright © 1998-2014 O'Reilly Media, Inc.

This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.
See [Link] for more information.
 Even More Apache Configuration

CGI with Apache

In many cases, the client isn't requesting a static do cument, but a CGI script. If they're being allo wed to do this, the
webserver needs to be co nfigured to handle CGI scripts co rrectly. By default, Apache will o nly execute CGI scripts in
the cgi-bin directo ry o ff o f the server ro o t tree. Let's lo o k at where this happens in [Link]. Open [Link] fo r editing.

Observe the fo llo wing lines:

<IfModule mod_alias.c>
...

ScriptAlias /cgi-bin/ "/usr/local/apache/cgi-bin/"

...

<Directory "/usr/local/apache/cgi-bin">
AllowOverride None
Options None
Order allow,deny
Allow from all
</Directory>

Inside o f the alias mo dule sectio n o f [Link] we find the ScriptAlias directive. This directive indicates that a request
inside o f the ro o t level /cgi-bin/ directo ry sho uld be treated as a CGI script.

At this po int, this is the o nly directo ry where CGI scripts are allo wed. Let's make sure everything is o kay.

T esting CGI
Apache pro vides us with a co uple sample scripts, so we do n't have to wo rry abo ut writing o ur o wn.

After the co mmand pro mpt, type the fo llo wing co mmands:
bubble12:~# cd /usr/local/apache/cgi-bin
bubble12:/usr/local/apache/cgi-bin# ls -la
total 16
drwxr-xr-x 2 root root 4096 May 2 14:13 .
drwxr-xr-x 12 root root 4096 May 2 14:12 ..
-rw-r--r-- 1 root root 268 May 2 14:13 printenv
-rw-r--r-- 1 root root 757 May 2 14:13 test-cgi
bubble12:/usr/local/apache/cgi-bin# chmod 755 test-cgi

No w po int lynx to this url:

lynx ht t p://bubble [Link] e .use ract ive .co m /cgi-bin/t e st -cgi

Make sure to substitute the co rrect number fo r yo ur bubble. Yo u sho uld see the o utput o f the CGI test script.

No w let's create a subdirecto ry in o ur user acco unt's public_html directo ry fo r CGI scripts.

After the co mmand pro mpt, type the fo llo wing co mmands:

bubble12:/usr/local/apache/cgi-bin# exit
bubble12:/usr/local/apache/cgi-bin$ cd
bubble12:~$ cd public_html
bubble12:~/public_html$ mkdir cgi-bin
bubble12:~/public_html$ cp /usr/local/apache/cgi-bin/test-cgi cgi-bin/

Let's try to view the CGI script fro m yo ur user directo ry.

lynx ht t p://bubble [Link] e .use ract ive .co m /~use rnam e /cgi-bin/t e st -cgi.
 Note Yo u may still need to use yo ur username and passwo rd since we created that .htaccess file previo usly.

When viewing the script this time yo u will no tice that it didn't run. We see the script itself, in plain text.

In this case, Apache didn't have specific instructio ns to execute CGI scripts in that directo ry, so it displayed the co ntents
to the client like it wo uld any o ther file. Ho w do we make sure users can execute CGI as well?

Allowing CGI for Users

If yo u recall, when we were discussing the Directo ry directive, there was an Optio ns directive as well. One o f the
po ssible o ptio ns was ExecCGI. We need to add this o ptio n to all o f the users' o wn cgi-bin directo ries.

Edit [Link] nf (be sure to su first).

Add these lines to [Link] nf:

<Directory /home/*/public_html>
AllowOverride Limit AuthConfig
</Directory>

<Directory /home/*/public_html/cgi-bin>
Options +ExecCGI
</Directory>

Since these directo ries aren't part o f a ScriptAlias, we need to tell Apache which files to treat as CGI scripts. The "+"
symbo l simply indicates that we want to add the ExecCGI o ptio n to the o nes that might already apply to the directo ry.

Much farther do wn in [Link], yo u will find an AddHandler line that is co mmented o ut. We need to unco mment this
line.

Unco mment this line in [Link] nf:

AddHandler cgi-script .cgi

This directive specifies that files ending with .cgi will be treated as CGI scripts. Mo re extensio ns can be added after
this, separated by spaces (.pl is ano ther co mmo n extensio n).

Save the changes to [Link] and restart yo ur web server.

Try to relo ad the previo us URL and see what happens. No thing, right? It's still displaying the co ntents o f the CGI script.
Hmmm... Let's lo o k at the AddHandler line a little clo ser. We're treating all files ending in .cgi as CGI scripts. Ho wever,
o ur sample script is called test-cgi. We need to change this so Apache will reco gnize it co rrectly.

After the co mmand pro mpt, type the fo llo wing co mmands:

bubble12:/usr/local/apache/conf# exit
bubble12:/usr/local/apache/conf$ cd ~username/public_html/cgi-bin
bubble12:~/public_html/cgi-bin$ mv test-cgi [Link]

Test that URL o ne mo re time and make sure that it's wo rking o kay.

Changing the Missing File Page

When yo u try to access a webpage that do esn't exist o n a server, it will give yo u a "40 4 No t Fo und" erro r page. Access
yo ur bubble's web server with a URL like the fo llo wing:

lynx ht t p://bubble [Link] e .use ract ive .co m /asdf

What yo u see is an extremely bo ring erro r page.

A lo t o f web sites o ut there have so me pretty fancy lo o king erro r pages, which pro vide links and info rmatio n abo ut ho w
to find what yo u want. This is because Apache allo ws us to define default erro r pages that we can create to lo o k
ho wever we want.
Su again and o pen [Link] o ne mo re time.

Far do wn in the file, even belo w the AddHandler directive we previo usly unco mmented, are three co mmented
Erro rDo cument directives. Belo w is o ne that we're go ing to be changing.

Observe the fo llo wing in [Link] nf:

# 2) local redirects
#ErrorDocument 404 /[Link]
# to redirect to local URL /[Link]

The Erro rDo cument directive specifies a file to be displayed to the client when a specific erro r co de co mes up. A "40 4"
erro r means that the client requested a page that canno t be fo und o n the server. Witho ut an erro r do cument specified,
Apache will just generate the very basic o ne. Let's unco mment this line and create o ur o wn erro r page.

Unco mment this line in [Link] nf:

# 2) local redirects
ErrorDocument 404 /[Link]
# to redirect to local URL /[Link]

Save [Link] and restart yo ur web server. Relo ad the fake URL we attempted previo usly.

No tice the additio nal line telling us the erro r do cument wasn't fo und either. This is because we to ld Apache that we
wanted to use o ur o wn [Link] file, but we never created the file.

Go into the do cument ro o t directo ry and create a file called [Link].

Type these lines in [Link]:

<html>
<body>

This is our new missing file page:

</body>
</html>

Relo ad the fake URL again and make sure that yo u see o ur new erro r do cument page. Excellent! See yo u at the next
lesso n.

Copyright © 1998-2014 O'Reilly Media, Inc.

This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.
See [Link] for more information.
 Installing PHP

What is PHP?
Even if yo u're no t a web develo per yo urself, it's likely that as a systems administrato r, yo u'll find web develo pers
asking fo r yo ur help with PHP (amo ng o ther things). PHP is a widely used general-purpo se scripting language that is
especially suited fo r web develo pment and can be embedded into HTML.

In this lesso n yo u will learn ho w to install PHP o n yo ur bubble.

So me o f the different flavo rs o f Unix/Linux pro vide pre-co mpiled packages that can be do wnlo aded and
Note installed. We co uld do wnlo ad and install the RPM packages fo r PHP, but co mpiling it by hand fro m the
so urce co de pro vides a little deeper understanding.

Preparing to Install PHP

Befo re installing PHP we must reco mpile Apache with ano ther mo dule so that PHP can be used dynamically. Lo gin to
yo ur bubble as a superuser.

After the co mmand pro mpt, type the fo llo wing co mmands:

bubble12:~# cd apache_1.3.19
bubble12:~/apache_1.3.19# ./configure --enable-module=so

...
...

bubble12:~/apache_1.3.19# make clean ; make

...
...

bubble12:~/apache_1.3.19# make install

...
...

No te that the --e nable -m o dule co nfiguratio n o ptio n is in additio n to any o ther o ptio ns yo u may have previo usly
used.

Installing PHP
Yo u are no w ready to install PHP! When yo u installed pro grams in the past, yo u do wnlo aded pro grams fro m the
ho ttub. This time yo u will do wnlo ad PHP fro m the internet.

First, use lynx o n the website [Link] wnlo [Link] and do wnlo ad the file to the ho ttub.

After the co mmand pro mpt, type the fo llo wing co mmands:
hottub:~$ lynx [Link]/releases
 Yo u sho uld see so mething that lo o ks like this:
PHP: Downloads (p1 of 9)

PHP
downloads | documentation | faq | getting help | mailing lists |
licenses | wiki | reporting bugs | [Link] sites | links |conferences
| my [Link]

search for ______________________________ in the

[function list_____________] search

Lo o k fo r the sectio n labeled 4 .4 .9 No te: Please do wnlo ad PHP versio n 4. Because o f the way the bubbles are
co nfigured PHP versio n 5 will no t wo rk pro perly. If yo u are having tro uble lo cating this sectio n, use a f o rward slash /
to search fo r a specific query string. When yo u find this sectio n, lo o k fo r the underlined wo rds PHP 4 .4 .9 (t [Link]). Use
the up and do wn arro ws to highlight these wo rds, then press Ent e r.

Yo u will see ano ther webpage that lists the available lo catio ns fro m which yo u can do wnlo ad the file. Cho o se the
lo catio n clo sest to yo ur physical ho me, highlight it, and then press Ent e r.

Yo u sho uld see the wo rds applicat io n/x-gzip D)o wnlo ad, o r C)ance l at the bo tto m o f the screen. Press the d key
to do wnlo ad the file.

When yo u are finished do wnlo ading, yo u sho uld see so mething that lo o ks like this:
Download Options

Download Options (Lynx Version 2.8.4rel.1)

Downloaded link: [Link]

Suggested file name: [Link]

Standard download options:

Save to disk

Local additions:
View with less

Highlight the wo rds Save t o disk and press Ent e r. Yo u will be pro mpted to Ent e r a f ile nam e , but there sho uld be a
default filename o f php-4 .4 .9 .t [Link]. Press Ent e r. Exit the webpage by pressing the q. Yo u will be asked Are yo u
sure yo u want t o quit ? (y). Simply press Ent e r.

Let's check to be sure yo u have do wnlo aded this file to the ho ttub.

After the co mmand pro mpt, type the fo llo wing co mmands:
hottub:~$ ls

Yo u sho uld see php-4 .4 .9 .t [Link] listed as o ne o f the files.

No w that yo u have do wnlo aded PHP to yo ur ho ttub, yo u need to co py it to yo ur bubble using the secure co py
co mmand. Lo gin to yo ur bubble.

After the co mmand pro mpt, type the fo llo wing co mmands:
bubble12:~$ scp hottub:[Link] .
username@hottub's password:
[Link] | 3297 KB | 824.3 kB/s | ETA: 00.00.00 | 100%

Yo u are ready to install PHP o n yo ur bubble! Lo gin to yo ur bubble as a superuser.

 After the co mmand pro mpt, type the fo llo wing co mmands:
bubble12:~$ su suusername
Password:
bubble12:~# tar -xzf [Link]

...
...

bubble12:~# cd php-4.4.9
bubble12:~/php-4.4.9# ./configure --with-apxs=/usr/local/apache/bin/apxs
bubble12:~/php-4.4.9# make
bubble12:~/php-4.4.9# make install
bubble12:~/php-4.4.9# cp [Link]-dist /usr/local/lib/[Link]

Because yo u are using PHP in co njunctio n with Apache, yo u must indicate that yo u have apxs when yo u co nfigure
PHP. apxs is Apache's mo dule extensio n to o l. Once PHP is installed and co nfigured, yo u must also co py the default
co nfiguratio n file to /usr/local/lib.

The last thing to do is to edit [Link].

After the co mmand pro mpt, type the fo llo wing co mmands:
bubble12:~/php-4.4.9# cd /usr/local/apache/conf
bubble12:/usr/local/apache/conf# ls
[Link] [Link] magic [Link]
[Link] [Link] [Link] [Link]
[Link] [Link]~ [Link] [Link]

Open the file [Link] nf with yo ur favo rite edito r.

Observe the fo llo wing line in [Link] nf

LoadModule php4_module libexec/[Link]

This line has been added auto matically by the PHP installatio n. It is lo cated in the first sectio n o f [Link].

Much farther do wn, yo u will need to remo ve the co mments fro m an AddType line so that Apache will reco gnize PHP
files.

Remo ve the co mments fro m this line in [Link] nf:

# And for PHP 4.x, use:
#
AddType application/x-httpd-php .php
#AddType application/x-httpd-php-source .phps

Yo u can no w restart the webserver.

After the co mmand pro mpt, type the fo llo wing co mmands:
bubble12:/usr/local/apache/conf# cd ../bin
bubble12:/usr/local/apache/bin# ./apachectl restart
./apachectl restart: httpd not running, trying to start
./apachectl restart: httpd started

When yo u're finished yo u will be able to serve PHP files!

T esting PHP
Create a PHP file to test the new setup. Go into the do cument ro o t directo ry o f yo ur webserver and o pen a file called
[Link].
 After the co mmand pro mpt, type the fo llo wing co mmands:
bubble12:/usr/local/apache/bin# cd ../htdocs
bubble12:/usr/local/apache/htdocs# emacs [Link]

Add the fo llo wing line to [Link]:

Add this line to [Link]:

<?phpinfo()?>

Save this file and exit the edito r.

Use lynx to view this file and see what happens!

After the co mmand pro mpt, type the fo llo wing co mmands:
bubble12:/usr/local/apache/htdocs# exit
exit
bubble12:~$ exit
logout
Connection to [Link] closed.
hottub:~$ lynx [Link]/[Link]

Yo u sho uld see the PHP Lo go page. If no t, o r if yo u a see a D)o wnlo ad o r C)ancel pro mpt, Please email yo ur mento r
at learn@o reillyscho o [Link] m. Co ngratulatio ns! Yo u are finished the last lesso n!

Copyright © 1998-2014 O'Reilly Media, Inc.

This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.
See [Link] for more information.