A Comparison of Apache and NCSA Models to Establish the ECSU Sun17 Hypertext Transfer Protocol Server

Elizabeth City State University has become a part of the information superhighway. There are currently two server nodes located at this institution. The Alpha node which is running on a VAX machine and the Umfort node running on a Silicon Graphics Workstation. Maintaining each node requires the use of one or more servers. Alpha node is devoted exclusively to administrative and general academic computing while Umfort node is devoted to the exclusive support of undergraduate researchers and their faculty mentors. The new server, Sun17 is needed to support the needs of the undergraduate majors and class accounts in the Department of Mathematics and Computer Science.

A server is a computer which runs an application that manages a data store. That store may contain files of text, images, video clips, and A server is a computer which runs an application that manages sound. Server computers are set up usually by individuals and organizations that want to share their information. In the case of Sun17 the server is being set up to provide e-mail and web access to the Department of Mathematics and Computer Science and to supply class accounts.

Lincoln D. Stein

The purpose of this research project is to investigate two server models (NCSA model and the Apache model). Both the NCSA and Apache Web servers perform the basic function of delivering a document from the server machine to the client machine when the document's URL is requested. As a part of this project, researchers will study all aspects of installing the server models including the configuration files needed. Comparisons of the two models will be made and a recommendation for use in the targeted server.

The server, which is the basis of this research, is named Sun17. This server is an Umfort node server located on a Silicon Graphics R4400 Workstation. Sun17 houses all web pages and class accounts for the majors in the Department of Mathematics and Computer Science. The Sun17 server is scheduled to become operational during the Fall semester 1998. The configuration for the Sun17 workstation is as follows:


Sun17 System Configuration

Filesystem          kbytes      used      avail    capacity  Mounted on
/dev/sd0a	     15331     	7555	    6243     55%      /
/dev/sd0g	    143803    124242 	    5181     96%      /usr
/dev/sd3c           963662    294406	  572890     34%      /mnt
/dev/sd2c           963662    188743	  678553     22%      /opt
umfort:/motd        966304    603398	  362906     62%      /motd
warrior:/var/mail     9523      3287 	    5286     38%      /var/spool/mail
warrior:/home	   1346921     11583	 1200648      1%      /usr/export/home

NCSA Server Model HTTPd Features

The National Center for Supercomputing Applications (NCSA) was developed at the University of Illinois at Urbana-Champaign in 1985 with a grant from the National Science Foundation. This giant computer lab opened in early 1986. NCSA is responsible for one of the most popular servers in this day and age. The NCSA server was the second http server. In the spring of 1993, a student named Rob McCool started working on a new server to replace the CERN server. At that time, the CERN server was difficult to compile and install. McCool, along with Marc Andreesen worked to create a better server; Thus, the NCSA server was born. The NCSA server will compile and run on most UNIX systems.

The software for the NCSA HTTP server is httpd. Httpd stands for hypertext transfer protocol daemon. Daemon signifies that this is a background process. The process listens for upcoming TCP/IP connections, accepts requests, and responds to requests. The platform on which to run the httpd is UNIX.

One feature of the server is its ability to send dynamic documents or images over the network. A server push is a special HTTP server enhancement used mainly for animation at the client end. Usually, at the end of an HTTP transaction, the clients would closed the connection. In a server push, the client leaves the connection open and sends more data to the client if and when it sees fit.

Another feature is httpd's access to server state information from Common Gateway Interface (CGI) or other scripting. When the server runs a script, it places information either on the command line of the script or in environment variables. If a server has this feature, it places additional information about itself either on the command line or into the environment.

The server is also able to give an automatic response to the If-Modified Since command. Server requests can be more complex than a simple GET HEAD, or QST. In addition to these basic methods, each can have additional method data. One data add-on for the GET method is called the If-Modified-Since header. If a request comes in from a client to the server with this directive, the server will not send the document to the client unless the file has been modified since the date and time specified by the client. This is designed to reduce network traffic. The automatic response to this request is done with the file date and time.

The HTTPd server can be configured to serve different roots based on the IP address. When you install your web server, you configure it to be based at some directory such as /web. If the server can serve different roots based on IP address, you can have a different base directory for each network card or IP address that you service.

Changing server performance (response) based on User-Agent header is another feature of this server. The User-Agent field describes the client software to the server for statistics-gathering purposes. Most servers can act differently based on this information.


Server security features are listed as follows:

-	can change user access control list without 
	restarting server
-	can require password (user authorization)
-	file level security (allow access unless listed 
	in access file)
-	prohibit by domain name
-	prohibit by IP address

Server logging features include the following:
-	can write to multiple logs
-	CGI Scripts can have create log entries
-	logs using CERN/NCSA Format

Miscellaneous server features include:
-	automatic directory tree
-	built-in search engine
-	remote maintenance while server running
-	script or action based on MIME content-type
-	script of action based on output file type
-	user directories (the server automatically 
	can find the user directories if a tilde (~) is included

NCSA Server Model HTTPd Acquisition

One of the best features of the HTTPd server is the fact that the installation software is free. Because of its features, NCSA HTTPd is one of the most popular servers today. The software can be obtained from the NCSA httpd homepage. The URL is http://hoohoo.ncga.uiuc.edu. If a system is not listed, the source code must be compiled. The httpd software can be obtained from one of two web sites depending on which type you want to use:

Binary distribution:

http://hoohoo.ncsa.uiuc.edu/docs/setup/PreCompiled.html

Source code distribution:

http://hoolioo.ncsa.uiuc.edu/docs/setup/Compilation.html

If there is no access to a Web browser, the software may be obtained for either of these archives from the NCSA FTP site at ftp.ncsa.uiuc.edu.

The software comes in a file called a tar archive. Tar is a UNIX program designed to archive data to tape (tar stands for "tape archiver"). Compression programs can then be used to shrink the tar file for downloading. The program used to compress the tar file is called compress. It should be available on all UNIX systems. After decompressing the tar file you must choose a place to keep the source code tree. On Sun17 the source code is placed in the /opt/web/etc directory.

After downloading the source archive, use the following command to uncompress and tar the archive:

uncompress /tmp/httpd_1..5a-export_source.tar.x

The uncompress program uncompresses the file and removes the .x extension. Next tar the file by typing:

tar -xf httpd_1.5a-export_source.tar.

The tar creates a new directory called httpd_1.5a-export.

The second recommended option is to create an entirely new user and group to own the server process. The benefits of doing this are: any bugs that exist in other software packages for the user nobody are bypassed and it forces the system administrator to throughly check installation. The team first created the directory tree where the binary files will be located.

		Binary Directories
/opt/web/etc/httpd/conf		houses all server configuration files
/opt/web/etc/httpd/logs		houses all server log files
/opt/web/etc/httpd/htdocs	houses all documents the server will serve
/opt/web/etc/httpd/support	houses all of our server's support files
/opt/web/etc/httpd/cgi-bin	houses all CGI scripts; these scripts enable 
				the server to run external programs

The following commands will create each of the needed directories:

cd /opt/web/etc mkdir httpd, cd httpd mkdir cgi-bin mkdir htdocs, mkdir logs, mkdir support

Next, the files need to be copied from the source tree. The files to be copied include the server itself, the configuration files, and the cgi-bin files. They can be copied as such:

cd /opt/web/etc/httpd
cd /usr/src/httpd l.5a-e::port/httpd
cd /usr/src/httpd l.5a-~~rt/conf/* ./conf
cd /usr/src/httpd_l. 5a.export/cgi-bin/* . cgi -bin cd conf
cd access.conf-dist access.conf
cd httpd.conf-dist httpd.conf
cd srm.conf-dist srm.conf

Now, the NCSA server software is downloaded, compiled, and installed.

Getting the NCSA Server Up and Running

Any user who starts a process has certain privileges. One of those privileges is to open any TCP/IP port below the 1024 level. Any ports below this level is considered a privileged port. Only the processes owned by the superuser can open these ports. This is a UNIX security feature. No unauthorized user can listen to connections being made on this port, because of this feature.

After installing the binaries, the next step is to create the user and group who will own the server. The most common method of this creation is the password and group files stored in the directory /etc. On Sun17, a user was added to the end of the /etc/passwd file.

nobody:*:-2:-2:original nobody uid:/dev/null:/dev/null

This adds the user nobody. The colon in the password slot prevents users from logging in as the user nobody. Another line may be added to the end of the file if there will be a Web Administrator user. This line is:

wwwadmin:*:1OOl:lOOO:The Webmaster:/home/wwwadmin:/bin/bash

The Web Administrator, or web master, is responsible for server maintenance and log file manipulation. An asterisk is placed in the password slot again. This forces the superuser to enable the account by changing the password.

The group may be added to allow a group of people access to the data on the server. The group file is stored in /etc/group. The line www::1000:wwwadmin was added to the file to do this. The group is called www. The wwwadmin user may be added to the group as well. This group plays a key role in securing the configuration and document files.

Setting the directory permissions is essential to configuring a Web server. If the permissions are incorrect, many things can go wrong. Documents may not be served or the wrong documents could be available to the world.

All of the web server files on Sun17 are owned by the user nobody. The command to do this is: chown -R nobody *

To restrict access to the cgi-bin/, conf/, logs/ subdirectories to only the nobody user, use the command:

/opt/web/etc/httpd# chown -R nobody cgi-bin conf logs

Next the modes of the subdirectories and their associated files were changed. This can be accomplished by using the following commands:

chmod 755 cgi-bin
chmod 750 conf
chmod 750 logs
chmod 775 htdocs

The cgi-bin directory was given these permissions because full permissions are granted to the nobody user and read and execute permissions for everyone else. The conf/ and logs/ directories were given these permissions because it should be writeable only by the nobody user, and readable and executable by the www group.

Of the directories and files listed above, the ./conf directory required modifications. Also shown are previous and final values; name of file/variable/port

	
file/variable port: Port
old value:  Port 80
new value: Port 2020

file/variable port: ServerRoot directory
old value: /usr/local/etc/httpd
new value:  /opt/web/etc/httpd

file/variable port:  IP Address
old value:  unassigned
new value:  198.85.48.98

file/variable port:  URL
old value:  new.host.name
new value:  mcnair.ecsu.edu

file/variable port:  Server Administrator e-mail address  
old value:  "your address"
new value:  mcnair@umfort.cs.ecsu.edu

Apache Server Model HTTPd Features

	The Apache server is a freeware Web server written by the Apache 
Group, a nonprofit organization of volunteer software developers.  The Apache 
code is based on a public domain source code for NCSA httpd, with many feature 
and performance enhancements added.  Despite its noncommercial status, it still 
offers many advanced features including support for a virtual document tree, 
virtual hosts, user-supported directories, flexible scripting options, and 
content and language negotiation.

	Apache is known to work with microcomputers and workstations running 
Solaris, SunOS, NeXT, HPUX, FreeBSD, BSDI, IRIX, Linux, SCO, AUX, AIX, DEC 
Unix, Ultrix, and UnixWare vairants,  solaris being the choice for Sun17.  
Apache's memory and CPU requirements are modest because there is no graphical 
user interface.  The server is capable of running on an Intel i48DX-based 
laptop with 16 MB of RAM and the Linux operating system.  Requirements will 
be higher; however, for a busy site or one that runs lots of server scripts.  
One and a half megabytes of free hard disk space is needed to install the 
software and supporting files,  which does not include your site's documents.  
Your site documents includes the information or data that you wish to be stored
 on your site.
	
Apache Server Model HTTPd  Acquisition

	Apache is available in several precompiled binary forms, with Solaris 
being the best choice for sun17.  The server is also available in source code
 only format.  However, you will get the full source code for the server 
regardless of whether you download a precompiled binary package or the source 
code package.  The only advantage of downloading the souce code only format is 
that the distribution file is somewhat smaller.

	Copies of Apache are available at the Apache Group's Website located at 
http://www.apache.org/.   Before downloading Apache from this site, the 
directory for the server should have already been selected.  On Sun17 the 
source code for Apache is located in the /opt/local/etc/ directory.  

	The file that has been downloaded will have a gz extension.  This 
extension requires the command:

	qzip apache_1.2.5.tar.gz

to unzip the file.  Successfully unzipping the file will result in removal of 
the .gz extension, resulting in the extension now being tar.  Untaring the 
file will be completed using this command: 

	tar -xf apache_1.2.5.tar.  

This will result in the creation of several directories.  Those direc-tories 
include the following: cgi-bin, conf, htdocs, icons, logs, and src.
	
Apache 1.2.5
/opt/local/etc/httpd/
3 		./cgi-bin
51		./conf
342		./htdocs/manual/mod
11 		./htdocs/manual/images
224		./htdocs/manual/misc
762		./htdocs/manual
1040		./htdocs
96		./icons
5		./logs
8		./src/helpers
45		./src/modules/example
127		./src/modules/proxy
174		./src/modules
160		./src/regex
1694 		./src

Of the directories and files listed above, the ./conf directory required 
modifications.  Also shown are previous and final values; name of 
file/variable/port
		
file/variable/port: Port
old value:  Port 80
new value: Port 2001

file/variable/port: DocumentRoot directory
old value: /usr/local/etc/httpd/htdocs
new value: /opt/local/etc/httpd/htdocs

file/variable/port:  IP Address
old value: 207
new value:  198.85.48.98

file/variable/port:  URL
old value:  your_domain.com
new value:  mcnair.ecsu.edu

file/variable/port:  Server Administrator e-mail address  
old value:  your address
new value:  mcnair@umfort.cs.ecsu.edu