| | 50 | There is very little set up you must do to have a perfectly functional |
|---|
| | 51 | web server out of the box. Cherokee's default configuration can be |
|---|
| | 52 | used to serve any typical PHP-driven dynamic website. |
|---|
| | 53 | |
|---|
| | 54 | If you have a specific need, you should check out the recipes present in |
|---|
| | 55 | the 'Cookbook' section of the documentation. Among other subjects, you |
|---|
| | 56 | can find information about |
|---|
| | 57 | link:cookbook_optimizing_cherokee.html[Cherokee optimizations], |
|---|
| | 58 | setting up efficient link:cookbook_authentication.html[Authentication] |
|---|
| | 59 | mechanisms, or configuring several popular application frameworks. |
|---|
| | 60 | |
|---|
| | 61 | In this tutorial we will be setting up a system with a couple of |
|---|
| | 62 | virtual servers, PHP support, some redirection rules and a simple |
|---|
| | 63 | authentication mechanism. |
|---|
| | 64 | |
|---|
| | 65 | To follow this walkthrough you need to be running |
|---|
| | 66 | link:bundle_cherokee-admin.html[cherokee-admin]. This is an |
|---|
| | 67 | administration tool, so you will need system administrator rights. |
|---|
| | 68 | |
|---|
| | 69 | ---- |
|---|
| | 70 | # cherokee-admin |
|---|
| | 71 | Cherokee Web Server 0.8.0 (Aug 6 2008): Listening on port 9090, TLS disabled, |
|---|
| | 72 | IPv6 disabled, using epoll, 1024 fds system limit, max. 507 connections, |
|---|
| | 73 | single thread, 1016 fds |
|---|
| | 74 | Server 0.8.0 running.. PID=19611 |
|---|
| | 75 | ---- |
|---|
| | 76 | |
|---|
| | 77 | Now you can access the administration interface simply by opening your |
|---|
| | 78 | web browser and visiting link:http://localhost:9090[http://localhost:9090] |
|---|
| | 79 | |
|---|
| | 80 | If your user doesn't have enough privileges you will be notified. Also |
|---|
| | 81 | if no configuration file exists you will be prompted to create one |
|---|
| | 82 | with the default settings. |
|---|
| | 83 | |
|---|
| | 84 | image::media/images/admin_noconfig.png[cherokee.conf not present] |
|---|
| | 85 | |
|---|
| | 86 | That is a good starting point. Right now your web server will not be |
|---|
| | 87 | running yet. We will only be using two of the available tabs to adjust |
|---|
| | 88 | some more settings: link:config_general.html[General] and |
|---|
| | 89 | link:config_virtual_servers.html[Virtual Servers]. |
|---|
| | 90 | |
|---|
| | 91 | This is an example of what you'll be seeing: |
|---|
| | 92 | |
|---|
| | 93 | image::media/images/admin_notrunning.png[Server not launched] |
|---|
| | 94 | |
|---|
| | 95 | Of course, once we're done we will have to apply our changes and |
|---|
| | 96 | launch the server. The configuration changes must be submitted to the |
|---|
| | 97 | server, be it automatically if possible or by using the appropriate form |
|---|
| | 98 | submitting buttons. But no change is reflected in the configuration |
|---|
| | 99 | file until you `Apply` the changes. You can be sure of not damaging |
|---|
| | 100 | anything while playing around with `cherokee-admin`. At least not |
|---|
| | 101 | until you `Apply` the changes. Note that, if the Cherokee server is |
|---|
| | 102 | running, the applied modifications will also affect the instance being |
|---|
| | 103 | executed. |
|---|
| | 104 | |
|---|
| | 105 | This is what the `General` tab looks like: |
|---|
| | 106 | image::media/images/admin_general.png[General] |
|---|
| | 107 | |
|---|
| | 108 | We will only be modifying the *Server Permissions*. It usually is a |
|---|
| | 109 | poor choice to run services with super user privileges. Set both |
|---|
| | 110 | *User* and *Group* to `www-data`. Your system might already have |
|---|
| | 111 | another user account specifically for the purpose of running a |
|---|
| | 112 | webserver. Use that instead if so, or create the `www-data` user if |
|---|
| | 113 | you don't already have one. |
|---|
| | 114 | |
|---|
| | 115 | Next is the link:config_virtual_servers.html[Virtual Servers] tab: |
|---|
| | 116 | |
|---|
| | 117 | image::media/images/admin_vserver.png[Virtual server] |
|---|
| | 118 | |
|---|
| | 119 | When you start, you will only have one virtual server called |
|---|
| | 120 | `default`. You can begin by cloning it as `example`. |
|---|
| | 121 | While you are at it you should also append the following line to your |
|---|
| | 122 | `/etc/hosts` file (in Windows you will find this as |
|---|
| | 123 | `%WINDIR%\system32\drivers\etc\hosts` |
|---|
| | 124 | |
|---|
| | 125 | ---- |
|---|
| | 126 | 127.0.0.1 example.net example.org |
|---|
| | 127 | ---- |
|---|
| | 128 | |
|---|
| | 129 | This is to allow your system to resolve requests for `example.net` or |
|---|
| | 130 | `example.org` locally. Of course, once you are out in the Wild (you |
|---|
| | 131 | know, in the Internet), you will need proper DNS records. |
|---|
| | 132 | |
|---|
| | 133 | `default` |
|---|
| | 134 | ^^^^^^^^^ |
|---|
| | 135 | We will leave default untouched except for the document root path, |
|---|
| | 136 | which we will change. This is done through the `Basics` tab. |
|---|
| | 137 | You could create by hand '/var/www/default' for example and set it up |
|---|
| | 138 | in the appropriate field. |
|---|
| | 139 | |
|---|
| | 140 | If you access your machine by IP or a DNS resolution points in that |
|---|
| | 141 | direction for any particular domain, the contents of your document |
|---|
| | 142 | root directory will be exposed ('/var/www' by default unless you |
|---|
| | 143 | changed that during the build process). |
|---|
| | 144 | |
|---|
| | 145 | Right now any file with the 'php' extension will be served after being |
|---|
| | 146 | processed by the PHP interpreter (you should have `php-cgi` installed |
|---|
| | 147 | in your system for this, though). |
|---|
| | 148 | |
|---|
| | 149 | Any requested file would be sent. If a directory is requested, a file |
|---|
| | 150 | called index.php or index.html will be served if it is present (the |
|---|
| | 151 | search will be performed in that order; you can configure this in the |
|---|
| | 152 | `Basics` tab). If not, a directory listing is offered instead. If you |
|---|
| | 153 | would want to prevent this behavior but would like to keep up |
|---|
| | 154 | serving whatever content is requested directly, simply change the |
|---|
| | 155 | `List & Send` handler for the `Static Content` handler. |
|---|
| | 156 | |
|---|
| | 157 | `example` |
|---|
| | 158 | ^^^^^^^^^ |
|---|
| | 159 | For now this virtual server is an exact copy of the untouched |
|---|
| | 160 | `default` virtual server. Create some new directories |
|---|
| | 161 | '/var/wwww/example', '/var/wwww/example/auth' and |
|---|
| | 162 | '/var/www/example/redir', and configure the first one as default |
|---|
| | 163 | document root path. |
|---|
| | 164 | |
|---|
| | 165 | Next, setup `example.net` and `example.com` in the `Domain names` tab. |
|---|
| | 166 | We'll erase everything in the *Targets* list within the `Behavior` |
|---|
| | 167 | tab, except the `default` rule. With this we'll only be able to serve |
|---|
| | 168 | static content. |
|---|
| | 169 | |
|---|
| | 170 | Accessing the URL http://example.org should now show a list of |
|---|
| | 171 | available files and directories under '/var/www/example/'. |
|---|
| | 172 | |
|---|
| | 173 | Now lets password protect the `auth` directory. Add a new `Directory` |
|---|
| | 174 | class rule pointing to `/auth`. Then, through the `Security` tab, add |
|---|
| | 175 | a `Validation Mechanism` under `Authentication`. |
|---|
| | 176 | |
|---|
| | 177 | The field `Realm` is mandatory. Lets set it as `Secured Area`. |
|---|
| | 178 | If you choose `PAM` and impose no more restrictions, only users with |
|---|
| | 179 | a local account in your system will be able to access the secured zone |
|---|
| | 180 | at http://example.net/auth |
|---|
| | 181 | Other mechanisms would work in a similar fashion but with their |
|---|
| | 182 | specific requirements. For example, had you chosen `Plain text file` |
|---|
| | 183 | instead of PAM you would have had to specify a `Password File`. |
|---|
| | 184 | For example, it could have been `/var/www/passwords.txt` with the |
|---|
| | 185 | following contents: |
|---|
| | 186 | |
|---|
| | 187 | ---- |
|---|
| | 188 | testuser1:password1 |
|---|
| | 189 | testuser2:password2 |
|---|
| | 190 | ---- |
|---|
| | 191 | |
|---|
| | 192 | Note that the rule must not be flagged as `Final`, or else no other |
|---|
| | 193 | rules will be applied afterwards and no access will be given to any |
|---|
| | 194 | contents. This is because at this point we have not defined any |
|---|
| | 195 | handler for the `/auth` rule and nothing would be served. |
|---|
| | 196 | |
|---|
| | 197 | Refer to the Cookbook for detailed examples on the different options. |
|---|
| | 198 | |
|---|
| | 199 | Lastly, lets configure a redirection rule by choosing a "Regular |
|---|
| | 200 | Expression" as the new rule type. Type the following regex: `^/rss.*$` |
|---|
| | 201 | Then, within the `Handler` selection tab specify a target: `/feed` |
|---|
| | 202 | |
|---|
| | 203 | image::media/images/admin_rule_regex.png[Regex] |
|---|
| | 204 | |
|---|
| | 205 | And voilà ! A request of the form http://example.net/rss2 would be |
|---|
| | 206 | redirected to http://example.net/feed |
|---|
| | 207 | |
|---|
| | 208 | A much more general redirection could be one using these values: |
|---|
| | 209 | |
|---|
| | 210 | * *Regular Expression*:: |
|---|
| | 211 | `^/(.*)$` |
|---|
| | 212 | |
|---|
| | 213 | * *Substitution*:: |
|---|
| | 214 | http://www.cherokee-project.com/example/$1 |
|---|
| | 215 | |
|---|
| | 216 | This would redirect every petition to a mirror hosted elsewhere. |
|---|
