Print
Category: Computer Stuff
Hits: 2471

So, you want your Toshiba Magnia SGxx series internet server appliance (SG10?, SG20, SG25 and SG30) to serve web pages, do you? This site and a couple others are served from an SG20. Now I'm no expert or guru, but this is what worked for me. Consequently, I am not responsible if something goes wrong. Use this information at your own risk.

Everything you need in the way of software to run a web server is already loaded into your machine and just needs to be configured. If you plan to run a data base driven web site or one that uses SSI (Server Side Includes) you'll need to go to my SG20 Update files page and grab mysqlclient9-3.23.22-6.src.rpm and mod_perl-1.26-5.i386.rpm.

The following example is based on complete tear down and rebuild of the file /etc/httpd/conf/httpd.conf. Or you can just copy/paste and edit the complete example I'm providing absolutely free!

It's not as hard as it might look, so don't be intimidated. I have included lots of example code and explanation to the best of my limited ability. I have also included a complete example with dummy names like your-site.com. Don't worry, we are going to start from scratch and nothing we will do is going to crash your machine. Your www server will either work or it will not work and will need the configuration file tinkered around with some more. Your admin page will still continue to work properly. Hopefully I will have done a good enough job of explaining things you'll even understand what you are doing after you hasve finished. It's all pretty well documented because Apache is the most popular web site server package out there. Almost seventy percent of the web sites out there are served up by Apache (source) and the other thirty-what-ever percent are divided up between Windoze IIS, Sun and a few others. More help is available at http://httpd.apache.org/docs/mod/core.html

The only thing you want to make sure of is that your firewall is secure. The firewall rule I am providing with this tutorial (found here) has been secure for me so far and has not yet been hacked into, but that could change at any time. Again, USE AT YOUR OWN RISK. Everyone should have a disclaimer for something, right?

If you get yourself all in a kerfuffle contact me and I'll do what I can to help you out.

Remember, comments are done with the pound sign (#) and everything in Linux is case sensitive!

To serve websites to the internet from a SGxx server and still have the admin and intranet sites, here's what to do step-by-step:

Lets Get Started

1. Log into your SGxx as root.

2. Make the directory /home/www/your-site and put your web sites in it (/home is the largest partition on an SGxx). The directory your-site can be anything you like, but for organizational purposes using the domain name makes good sense. Be sure all subdirectories that have content are set to at least 755 permissions or you'll get "forbidden: page cannot be viewed" errors in your browser.

mkdir /home/www
mkdir /home/www/your-site
chmod -R 644 /home/www/*

3. Create a directory /home/www/your-site/logs. Paste these lines into the command line to create the log directory:

mkdir /home/www/your-site/logs
chmod -R 644 /home/www/your-site/logs

4. Create necessary log files and set permissions to 644 or Apache won't serve. Paste these lines into the command line to create the log files:

touch /home/www/your-site/logs/error_log
touch /home/www/your-site/logs/access_log
chmod -R 644 /home/www/your-site/logs/*

5. We need a startup script for Linux to use to start a new instance of Apache at system start. To do this, we will copy the script for the built-in intranet and edit it or copy it here for pasting it in the next step. Paste this into the command line to make a copy of the startup script:

cp /etc/rc.d/init.d/httpd_intranet /etc/rc.d/init.d/httpd_conf

If you copied it instead of downloading it, edit it now by replacing every instance of httpd_intranet with httpd_conf.

6. The files in the /etc/rc3.d and /etc/rc5.d directories are actually not files at all. They are symbolic links (symlinks) that point to the actual startup script we just created in step 5. rc3.d and rc5.d are different "run levels" and start up the processes the symlinks in these directories point to. These are read at boot time to start various processes used by Linux. Paste these lines into the command line to create symlinks pointing to the start up scripts for httpd_conf. This will start another instance of Apache to be the www server automatically when the machine boots up:

ln -s /etc/init.d/httpd /etc/rc3.d/S85httpd
ln -s /etc/init.d/httpd /etc/rc5.d/S85httpd

7. This is the biggie step. Edit in a bunch of things in /etc/httpd/conf/httpd.conf (read the notes in the file for more detailed info). If you don't have one, no biggie. Just make a copy ofhttpd.intranet PidFile /var/run/httpd_conf.pid
ScoreBoardFile logs/apache_runtime_status_conf

Since the SGxx already have two instances of Apache running (httpd.admin and httpd.intranet) httpd.conf will be a third. Things will get mixed up if two or all three share the same lock file, process ID file or score board file.

Edit the following line to match your desired IP address and port number:

Listen [XXX.XXX.XXX.XXX:]80

This directive tells Apache to which port to listen on. The argument is optional and can be commented out or omitted unless you are going to serve on a non-standard port or only want to respond to requests on one IP address. [XXX.XXX.XXX.XXX:] ([ ] means optional parameter) is your public IP address assuming you want to serve web pages on the internet, not your private intranet. You need only have an IP in this directive if you have more than one LAN adapter (like the SGxx does) and want Apache to only listen for requests on one of them and ignore the others. The only necessary argument for this directive, if you decide to use it, is the port number, which in this example 80. The default port 80 is assumed if omitted.

In Section 2: 'Main' server configuration:

Get rid of the following lines:

<IfDefine HAVE_SSL>
Listen 80
Listen 443
</IfDefine>

Change the user and group Apache is running under (be sure you are not running as root!):

User apache
Group apache

You are supposed to change this to a valid e-mail address so you can get more spam and notifications of problems with your server or web sites:

ServerAdmin root@localhost

Change this to something meaningful like your IP address or FQDN (domain). The FQDN works when using a dynamic IP for your server and a dynamic DNS service such as that available at http://dyndns.org.

ServerName XXX.XXX.XXX.XXX:80

port :80 is optional unless you are going to serve on a non-standard port.

Add your DocumentRoot, the local directory where your web site documents will live on your server:

DocumentRoot "/home/www/your-site"

And change the following:

# This should be changed to whatever you set DocumentRoot to.
#
<Directory "/webs">

to:

<Directory "/home/www/your-site">

Also, add the file name and extension to use as your default home page:

<IfModule mod_dir.c>
DirectoryIndex index.html index.cgi index.htm index.php
</IfModule>

If you are editing httpd.intranet, change this line:

ErrorLog logs/error_log.intranet

to something like:

ErrorLog logs/error_log.conf

Again, if you are editing httpd.intranet, you can delete everything from:

Alias /lang /sa2/lang/pref/web/intranet

====down to====

### Section 3: Virtual Hosts

Delete everything below the Section 3: Virtual Hosts marker shown above so we can start over.

In Section 3: Virtual Hosts:

We will then add your NameVirtualHost directive:

NameVirtualHost XXX.XXX.XXX.XXX[:80]

The safest bet for a NameVirtualHost is to use the wildcard * like so.

NameVirtualHost *

A public IP address XXX.XXX.XXX.XXX and the optional port [:80] will also work. I think a FQDN willl also work, but Apache docs don't talk about it. You can play around with this one - it'll either work or it won't and you can't hurt anything. You can have more than one NameVirtualHost but Apache is a bit picky about them so it's best to have only one. And besides, why make life more complicated when you will likely only ever need one anyway?

Next, add the directive <VirtualHost> directive. This is the magic of Apache. The <VirtualHost> directive lets you have more than one domain (my-site.com, your-site.net, etc.) served up from your SGxx. The VirtualHost that's in there now is for a secure server (https) using SSL and Apache cannot run more than one NameVirtualHost/VirtualHost per instance if there is a secure server involved (that's why the SGxx ships with both httpd.admin and httpd.intranet - two instances of Apache running, each running as a secure server). You can add a single VirtualHost or as many as you need, usually one per domain or subdomain:

This is an example of a VirtualHost section in its simplest form (this is the bare minimum and it will not work if you leave any of these parameters out). It must match your NamedVirtualHosts like * or XXX.XXX.XXX.XXX[:80] or it will no workie.

<VirtualHost XXX.XXX.XXX.XXX[:80]>#Must match the NameVirtualHost directive
NameVirtualHostServerAdmin This email address is being protected from spambots. You need JavaScript enabled to view it.
DocumentRoot /home/www/your-site/
ServerName your-site.com
ErrorLog /home/www/your-site/logs/error_log
CustomLog /home/www/your-site/logs/access_log combined
</VirtualHost>

A subdomain also in its simplest form would look something this in addition to the primary domain above:

<VirtualHost XXX.XXX.XXX.XXX[:80]>#Must match the NameVirtualHost directive
NameVirtualHostServerAdmin This email address is being protected from spambots. You need JavaScript enabled to view it.
DocumentRoot /home/www/your-site/
ServerName subdomain.your-site.com
ErrorLog /home/www/your-site/logs/error_log
CustomLog /home/www/your-site/logs/access_log combined
</VirtualHost>

Subdomains also require the addition of another A record in your {DNS} zone file. You will also want to make an identical copy of these VirtualHosts with the exception of ServerName prepended with www. (also just a {subdomain) so your site will come up if a visitor types the www. part into their browsers address bar or not.

Both http://eswebs.com/ and http://www.eswebs.com/ go to the same site...or I could have them go to different sites if I want. The point is you need a VirtualHost for each domain and subdomain.

The order in which you add directives to your VirtualDomain is unimportant. Tabs and white spaces are ignored at the beginning of lines and are used to make the syntax more readable. White spaces can, however, used to separate parameters within the same line.

Some other handy things to add into your VirtualHost are:

ScriptAlias /cgi-bin/ /home/www/your-site/cgi-bin/

so you can have a secure location to run CGI scripts, and:

<Directory /home/www/your-site/cgi-bin>
Options ExecCGI
</Directory>

so people can't swipe your scripts, also:

<Directory /home/www/your-site>
XBitHack on
Options FollowSymLinks Includes
AllowOverride None
Order allow,deny
Allow from all
</Directory>

Alias /gallery /home/www/ gallery

The Alias directive is sort of like a symlink. FollowSymLinks won't work correctly without it.

<Directory/home/www/your-site/files>
Options Indexes FollowSymLinks Includes ExecCGI
#  alternatively Options All
</Directory>

This lets visitors browse and download files you place in this directory with no need to create an index page, just put the files in there.

<Directory /home/www/your-site>
XBitHack on
Options FollowSymLinks Includes ExecCGI
AllowOverride None
Order allow,deny
Allow from all
</Directory>

XBitHack on and Options Includes (yes, you need both) allows you to use SSI by simply setting the excecutable bit and if you also have MOD::perl loaded into Apache. FollowSymlinks allows apache to use folders outside your DocumentRoot which is nice if you are going to run large scripts like Gallery (http://gallery.menalto.com).

This is an example of a VirtualHost section with a few great functional bells and whistles:

<VirtualHost XXX.XXX.XXX.XXX[:80]>#Must match the NameVirtualHost directive
DocumentRoot /home/www/your-site/
ServerName your-site.com
ErrorLog /home/www/your-site/logs/error_log
CustomLog /home/www/your-site/logs/access_log combined
ScriptAlias /cgi-bin/ /home/www/your-site/cgi-bin/
<Directory /home/www/your-site/cgi-bin>
Options None
</Directory>
<Directory /home/www/your-site>
XBitHack on
Options FollowSymLinks Includes ExecCGI
AllowOverride None
Order allow,deny
Allow from all
</Directory>
Alias /gallery /home/www/gallery
<Directory /home/www/your-site>
AllowOverride Options FileInfo
</Directory>
<Directory /home/www/your-site/files>
Options Indexes FollowSymLinks Includes ExecCGI
</Directory>
</VirtualHost>

<VirtualHost XXX.XXX.XXX.XXX[:80]>#Must match the NameVirtualHost directive
NameVirtualHostServerAdmin This email address is being protected from spambots. You need JavaScript enabled to view it.
DocumentRoot /home/www/your-site/
ServerName subdomain.your-site.com
ErrorLog /home/www/your-site/logs/error_log
CustomLog /home/www/your-site/logs/access_log combined
</VirtualHost>

7. Open port 80 (default WWW server port, that's what port pretty much the whole internet is on) on the firewall (see the firewall rules in my files section). You only need the wwws.zip file for your web server. Drop these files and their directory into your /sa3/firewall/ directory and the new firewall rules will show up in the Toshiba web admin page with a nice little check box next to them and everything so you can easily turn them on and off at will.

8. Paste these lines in at the command prompt (or reboot - takes much longer and is completely unnecessary, but works none the less) to start the www server:

cd /etc/rc.d/init.d
./httpd_conf start

In the /etc/init.d directory you can also check your httpd.conf configuration like this:

./httpd configtest

Note: On the SG20 you have to add a firewall rule set to the firewall in /sa2/firewall/

COMPLETE EXAMPLE

You'll need to edit a few things (a few?), but this example shows exactly what I have done above plus most of the notes that were in the file to begin with.

Get it Now

If you hace questions, comments or suggestions for improvements to this page, please contact me.