----------------------------------------------------------
Setting up a Home-based Apache Web Server for File Sharing
----------------------------------------------------------
http://www.apache.org
Click HTTP server on the left menu.
Click the DOWNLOAD from a Mirror link.
Scroll down to where it says "Apache 1.3.33 is also available."
Download ane execute: Win32 Binary (Self extracting): apache_1.3.33-win32-x86-no_src.exe
Agree to the terms and hit next until needed.
When you get to the SERVER INFORMATION screen, there are a few things to consider.
First, you may want a nice hostname rather than IP address for your server. If so, you need
to set up a dynamic IP client and register with a dynamic IP service. I use dynip.net but
this costs $25.00 a year or thereabouts, for the quag7.dynip.com name. Since home internet
users have IPs that change, you run a client which regularly updates your current IP with
the service, so that your friendly hostname will always work even if your IP address changes.
If you don't care about having an easy to remember domain name and would prefer to just give
out your IP address, then you can skip this.
I am going to assume you're not going to bother with a dynamic IP service right now, though
you can do this later if you want.
For Network Domain, put anything. (fnord.com will work)
For Server Name put www.fnord.com, or something like that.
For Administrator's Email address, put anything (I never use my real e-mail address here).
Make sure Run as a service for All Users -- Recommended is checked.
Click Next.
Make sure Complete is selected, and click NExt.
You can accept the default path if you like. This is just where the Apache server itself and
its attendant files will live. What directories you choose to share and keep your website in
will be configured elsewhere.
Click Next, then Install.
All Apache is just a piece of software. Webservers on the internet will typically run only the OS
and Apache but home users almost always run it as just another program or service on a machine
used for other purposes. That is probably what we are doing here.
When done, click finish.
The web server has been installed and is probably running. However, you have not yet forwarded
ports from your router so it will not likely be accessible to the internet.
It should be accessible from your LAN however.
Fire up your web browser on the machine Apache is now running on and in the Address window type:
http://localhost
You should see an Apache test page ("Seeing this instead of the website you expected?")
You may want to go over to another machine on your LAN, and enter the LAN/local IP of the
Apache machine on the browser there and see if that works. On my LAN, my Windows box running
Apache is 192.168.1.2, so if I go to another machine I could type:
http://192.168.1.2
And I will see the test page.
If all of this is working properly, now we have to configure the server.
There are several considerations here.
The first thing is, we want to pick an appropriate port. Port 80, which is the default WWW
port, is blocked by many ISPs, who prohibit running servers to begin with.
Since Port 80 is the standard WWW port, portscanning idiots on the internet will look for
any services running on that port, or simply will scan wide IP ranges looking for any
IP with port 80 open. In addition, webserver-based worms target port 80 when a known
vulnerability arises.
Because of all of these things, it is best to run a non-standard port. I recommend something
above 1024 and less than the highest available port which is 65534.
Selecting a port people can remember is a good idea:
4077 (MASH Unit)
1776 (Independence Day)
25624 (25 or 6 to 4)
etc.
Apache was natively written for UNIX systems so its configuration is via the UNIX method,
which involves editing a text file (sort of an INI file) which is filled with what are
called Directives.
There is superb documentation on these directives here:
http://httpd.apache.org/docs/mod/directives.html
You obviously don't need to understand all of them but if you want to do something with
your Apache server, this is the place you'll figure out how to do it.
For now we are going to make the simplest changes to get the server up and sharing a
single directory. This directory should be a "public" directory you create just for
that purpose, though later you may want to add, say, your mp3 directory or other dirs as
well. For the purpose of this howto, we're going to assume you will have a directory
which you will dump files in when you want to share them.
So let's create a directory for this then. You can put this anywhere which is convenient.
I am going to use:
C:\www
Reconfiguring Apache is a 4 step process:
(1) Load the text file httpd.conf which is the main Apache config file.
(2) Edit it.
(3) Save it.
(4) Restart Apache.
There is a nice easy shortcut in Windows, if you go to:
Start-->Programs-->Apache HTTP Server-->Configure Apache Server-->Edit the Apache httpd.conf file
Fortunately, the configuration file is mostly the same on both UNIX and Windows.
The first thing we want to do is set an alternative port. You can scroll down to Section 2, Main
Server configuration or just use Edit-->Find and enter:
Port 80
Change this to whatever you want. For now I'm going to use port 10000 so I'd change it to say:
Port 10000
Now scroll down to where it says ServerName.
We entered www.fnord.com here during the initial configuration, but it wants us to put something
here that will work. For now we need your external IP address - that is, the one the internet
sees your LAN as. You can get this from your router. If you sign up with a dynip service, you
won't have to worry about updating this when your IP address changes.
My external IP is 69.137.189.188, so I set it up like:
ServerName 69.137.189.188
The next thing to look at is right below the ServerName - DocumentRoot.
This specifies the highest level directory available by the webserver; in other words, when someone
types just your internet address with no additional path such as:
http://69.137.189.188
This is the directory it will look for index.html in, or in your case, for a file listing. All
other directories will be created as either subdirectories from here, or shortcuts.
In our example, the document root is C:/www - which we just created.
So it should read:
DocumentRoot "C:/www"
Don't forget the quotes. They are only necessary here because Windows allows spaces in filenames and
directory names. Without the quotes, the config file would stop being parsed at the first space.
In our example I could probably get away without the quotes since there are no spaces in the path, but
it never hurts to include them.
We're almost done. What we do have to do is set up some attributes for the document root directory.
For example, do we want it password protected? Do we want to allow files to be listed if there is
no index.html? Or do we want an error message to occur if index.html is missing? Every directory
can be so configured separately. Since we're just working with a single directory now, this is
easy.
Scroll past the section that says (note how the section ends with -
almost like the way HTML tags work? That's not a coincidence.
Go to where it says "This should be changed to whatever you set your DocumentRoot to."
Change it appropriately. In my example it should be:
This is the "open tag" for the section. We must put all configuration directives for this directory
between this open tag and the closing tag.
The first line is the Options line. This is one of the more interesting configuration directives.
The default is:
Options Indexes FollowSymLinks MultiViews
These options mean:
Indexes: Allow the contents of the directory to be listed. On most webservers, this is set to off
because the admins only want .html pages being viewed. But since you want people to be able to
look at the contents of the directory, we want to keep this. The indexes option says, "if no .html
file exists, show the contents of the directory." If you put an index.html file in that directory,
that will be displayed instead.
FollowSymLinks: If there are shortcuts to other directories here, follow them.
MultiViews: Don't worry about this. This allows things to be displayed in multiple languages, which
you won't be using. You can leave it there or take it out.
What I recommend you do is change this to read:
Options: All
This will allow scripts to run in that directory as well, but it is up to you.
We do however want to add a line, right under the Options directive, the following:
IndexOptions FancyIndexing FoldersFirst IgnoreCase NameWidth=*
What this does:
(*) In directory listings, list all folders first at the top (as in Windows Explorer)
(*) Ignore the case when sorting (Upper letters get precedence otherwise)
(*) NameWidth=*. The default truncates filenames at like 65 chars or something, which is
ridiculous. * says truncate to length of longest filename. This is healthy.
(*) SuppressDescription. You won't be using descriptions, probably.
(*) FancyIndexing merely says, also show filesize and Last modified date.
If you have different ideas, feel free to muck around with this. This is probably what you want,
though.
Save the file (File-->Save)
Keep notepad/httpd.conf open for now.
Now, the Apache configuration file (httpd.conf) is read once when the service is started, so you
will need to restart Apache to have it load in the newly modified configuration file. You must
do this whenever you make a change to httpd.conf
There is a Services menu in all NT-based versions of Windows. I only have Windows 2000 here, and
this is how you get to it (XP may be similar; I'm not sure):
Start-->Settings-->Control Panel-->Administrative Tools-->Services
(If you can't find it, ask Bleech - he runs XP)
Find the Apache service (things tend to be alphabetized in the services list so it should be
near the top):
Select it, then right-click and select Restart. (XP may have other kinds of menus; look for the
restart option)
In your browser select http://localhost:10000
(If not 10000, then append whatever port you specified in the configuration file.)
You should see a familiar Apache directory index.
Try dragging a file into your document root (C:\www for me) - a good file to test with is an
image file.
Refresh your browser.
The new file should show up. Click on it.
:)
Provided everything is working thus far, there are probably two things left we need to do:
(1) Configure your firewall to allow people from the internet to get to your webserver.
(2) Password protect your directory so only people you give the permissions out to can get to it.
As for one, this is pretty basic - set up your router to port forward the port you specified
(10000 is this example) to the internal LAN IP of whoever is running Apache. In my case,
192.168.1.2
You may want to set up password protection first, however.
There are two ways to do this.
The first is in the httpd.conf file. This is how we're going to do it in the example. But you
always have another example, which is to create an .htaccess file inside the directory you want
to add authentication to. This is called an "override."
When a user goes to any directory on your webserver, it will look for and parse any .htaccess file
it finds. The directives in here override anything set in the httpd.conf file. This way, you can
drop an .htaccess file in one directory with the directives to password protect it, while not
dropping one in another that you want the global configuration to apply to.
If this is confusing, don't worry about it now. Thing to remember is .htaccess files always overrides
what's in httpd.conf. In order for the server to look for an .htaccess file, AlloWOverride must be
set in the section. You can look at the Apache configuration directives for
more info.
No need to worry about this now. We'll just configure it in the main httpd.conf file and not worry
about an .htaccess file.
Go back to notepad, where httpd.conf should still be open. Go to the place you specified the
directory configuration in the last step. For me, this is:
-----
#
# This may also be "None", "All", or any combination of "Indexes",
# "Includes", "FollowSymLinks", "ExecCGI", or "MultiViews".
#
# Note that "MultiViews" must be named *explicitly* --- "Options All"
# doesn't give it to you.
#
Options All
IndexOptions FancyIndexing FoldersFirst IgnoreCase NameWidth=*
------
Right under IndexOptions, we're going to add the following:
----
AuthType Basic
Authname "Never send to know for whom the bell tolls."
AuthUserFile "C:\secure\apacheusers.ini"
Require user public
----
Alright.
AuthType allows us a variety of authentication methods. Basic is fine for a home web server.
Authname just prints a message in the popup authentication box in the user's browser. You can
make this anything you like.
AuthUserFile - This is the file that contains the usernames and passwords for Apache. We will
create this in a minute. The file can reside anywhere that is convenient for you BUT NOT UNDER
YOUR DOCUMENT ROOT, for obvious security reasons.
Require user public - This says, that only the user public can log in here. You may have several
different directories, all with different users and logins. Technically since in this example we
will only be creating a single user anyway, this isn't necessary but I like to specify it
affirmatively anyway. You could have 100 users, all with access only to their own dirs if you want.
Of course you can call this user whatever you want. I called it public, but you could call it steve
or rayrayfromthejects or whatever the hell you want. It will have to match what is in the
C:\secure\apacheusers.ini of course.
I assume for our purposes you will want just one user, since we're only working, really, with one
directory.
My full section now looks like this:
---
#
# This should be changed to whatever you set DocumentRoot to.
#
#
# This may also be "None", "All", or any combination of "Indexes",
# "Includes", "FollowSymLinks", "ExecCGI", or "MultiViews".
#
# Note that "MultiViews" must be named *explicitly* --- "Options All"
# doesn't give it to you.
#
Options All
IndexOptions FancyIndexing FoldersFirst IgnoreCase NameWidth=*
AuthType Basic
Authname "Never send to know for whom the bell tolls."
AuthUserFile "C:\secure\apacheusers.ini"
Require user public
#
# This controls which options the .htaccess files in directories can
# override. Can also be "All", or any combination of "Options", "FileInfo",
# "AuthConfig", and "Limit"
#
AllowOverride None
#
# Controls who can get stuff from this server.
#
Order allow,deny
Allow from all
---
Save the file. Don't close notepad, and don't restart Apache yet since we haven't actually created
that all-important password file (C:\secure\apacheusers.ini) yet.
In order to do this we're going to have to work from a DOS box (oh noes!) using the htpasswd program.
First, create the C:\secure directory (or whatever you specified)
Start-->Programs-->Accessories-->Command Prompt (may be different on XP)
Now we have to find that pesky htpasswd program. Hopefully you installed the Apache software
into the default location:
cd c:\Program Files\Apache Group\Apache\bin
dir
You should see htpasswd.exe in there. Cool.
Now to add a user named public, we would issue this command:
htpasswd -c c:\secure\apacheusers.ini public
-c = Create this file anew. Don't use this if you are adding more users in the future; it will
overwrite the file.
c:\secure\apacheusers.ini is the filename of the password file
public is the name of the user.
You will then be prompted for a password for ths user. Enter it.
Re-enter it when prompted.
Then do:
cd \secure
dir
You should see apacheusers.ini
cat apacheusers.ini
You will see the user public with a whole lot of cruft. That is because Apache uses MD5 to
encrypt the passwords, so if someone ganks your apacheusers.ini file it won't be much use.
Now go to the services app and restart apache.
In your web browser, go to the website. In my case, http://localhost:10000
You should see the authenticator box pop up.
First try entering garbage into the fields. It should reject that and keep re-popping up the
authentication window.
Then enter the correct username and password.
It should bring you to the file index.
Go ahead and set up port forwarding on your router.
You're done!