The LAMP Stack :: Part II :: A Is For Apache

A is for Apache (thatís good enough for me)



Apache is a software program that is called a web server. It is the program that gives out, or serves data from inside the computer out to the world. Transversely, it also allows certain data into the computer too. There are many different web servers to choose from, but Apache is the most used web server with Windows servers being a close second. Surprisingly at the time of writing this, according to this Windows servers actually surpassed Apache for a very short time, but Apache has seemed to jump back up and all is right in the world again (or is it??!!).


There are many web servers out there like nginx (pronounced "engine X") which boasts more connections with less resources, Windows IIS (Internet Information Services.. oooooo) and a ton more. Web servers are basically programs that run and listen to a port on the computer. Ports, simply put, are doors that let stuff in and out of your computer. The internet mostly works on port 80. Port 443 comes up a quick second with your secure website transmissions. Of course all of these can be configured to be something completely different. A lot (and I mean a ton) of programs out there will have their own kind of web service that will open a port and be available, or listen for outside computers trying to make connections to it. For example, I have some security cameras on a computer from GeoVision. Their program has a web server built in that allows an internet connection directly to the computer. Is this safe - probably. Is it hackable. You bet! Itís good to know some network administration if you have any programs that offer "you can even connect to it from the interent/from your phone!".


PHP also has itís own web server since version 5.4! You donít even really need Apache to complete the LAMP stack. Then it would be the LMP stack, or maybe the LPMP stack. Both of those are very hard to pronounce. Guess we could just all it "sequel"; and thatís a joke.


Notice to your mom: The PHP built in web server is not meant to be used as a public web server!! Tell your mom to leave because Iím going to show you how you can! For some fun, if you are already a little knowledgeable about command line, you can log in, go to a directory like your /var/www or /home/[yourname]/public_html, or another folder that is public accessible. Make an index.php file and put this in it:


<?php
echo "Hey there good lookiní? The time is ".date("g:iA")." in case you wanted to know";
?>

Then put in this:


$ php -S localhost:8000

That should tell you itís up and to hit Ctrl+C when youíre done. You can now open up a browser and navigation to http://localhost:8000 and you can see your message to yourself. This is a private server as you cannot go to your machineís address, just say itís 192.168.0.7 on your internal network and see your message. However, if you do this (substitue the IP address of your machine):


$ php -S 192.168.0.7:8000

Then you CAN see it from another computerís browser by putting in that IP address and the port. If you have an internal network set up (and know what an internal network is) then you could simply add the port route to your NAT router and voilŠ, you made it completely public to your internet service providerís borrowed IP address for your house or office and your computer is now in danger. Yay!


If I just made you barf a little about network routing and NAT routers and you want to learn more about it, let me know, Iíll write a tutorial about it.


A quick little side-note about the PHP server.. If you access pages, where you put in the command php -S, it will output out a log of what it did. You can redirect that output to another file if you wanted to keep the log, but from what I can see looking into main system logs and reading the documentation at PHP, it does not keep a record of the traffic. So thatís interesting.


Apache is a very robust web server and offers a lot of configurable options. Most of these configs are saved in a file called httpd.conf. Here you can find where Apache logs your transmission records, connections, errors, etc. You can say how long to keep the logs around and what exactly to put in the logs and what order. You can put in redirections for pages that moved or no longer exist. You can also put in custom pages for certain events like the probably most popular code 404 - Page not found. There are an unbelievable amount of things you can do with Apache dealing with cacheing, loading in extra programs that the website may use, security and performance tuning. You can see everything there is to see here at Apache!.


Other configuration files can be used throughout your web serverís reachable filesystem called .htaccess files. These files are used in continuation of the httpd.conf file as long as they are allowed in the http.conf file.


One of the most used ones in my configs is the mod_rewrite module. This has unending uses, but I use it mostly for SEO friendly URLs so even the address of your website is pretty. For instance this easy implementation:


Supposing you have a website somewhere, letís say itís apache and itís still on 192.168.0.7 and your web files are in /var/www. Make a file in /var/www called index.php and add this:



<?php
echo "My page = ".preg_replace("/[^0-9a-zA-Z\.\-_]/","",$_GET[Ďpageí]);
?>

A little explaining here - I could have just echoed out $_GET[Ďpageí] and that would show me whatever variable is attached to the actual URL in the address bar called page. For instance, if I went to yourwebsite.com/index.php?page=puppies, then it would echo out "puppies". But if you are learning, you better learn more righter than wronger. I added the preg_replace() which uses a regular expression to remove any characters from the URL that are not numbers, letters, dots, dashes or underscores. This setup, even though just for testing, is an example of something you can do to let hackers attack your website and/or use your website as a proxy to do malicious things. The specific attach is called XSS or Cross Site Scripting. That being said, this will just echo out something like My page = puppies.


Then, create a file in /var/www called .htaccess (donít forget the dot in the front! Itís important!) and put in this:



RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule (.*) /index.php?page=$1

Now, you should be able to see pretty SEO friendly URLs in use. In your address bar, put:


http://192.168.0.7/puppies/

If everything worked right, you should see My page = puppies. With that you should be able to see how you can manipulate the URL to suit your needs when you get to PHP. If not, then you may have a configuration issue that is stopping you from using .htaccess files. Or it could be PEBCAK. Either way, you can ask questions below.


There is one other Apache substitute worth mentioning, Lighttpd. I heard of it often, but have zero personal experience with it so I wonít say anything about it.



Moving on . . . Part II :: M is for MySQL

Categories

Recent Posts