Web Server Configuration

Installed Software

• Web sefver: Apache v.1.3.28 (to be updated to 1.3.29 soon)
• FTP server: ProFTPD v.1.2.8 (to be updated to 1.2.9 soon)

Additional software:

• SSL support: OpenSSL v.0.9.7c
• FrontPage Extension v.5.0
• Statistics packages:
  - Modlogan v.0.5.7
  - Webalizer v.2.01-10
  - Urchin v.3.xx, 4.xx, 5.xx (supported but not included to the installation)
• PHP 4.x.x (the latest version is 4.3.2)
• Perl 5.0 (default)
• PHPMyAdmin - PHP-based MySQL administration package (the latest version supported)
• Webshell 3.0,4.0 - H-Sphere integrated web directory browser
• Mnogosearch v.2.01-10 - search engine
• sudo v.1.6.3p5 - an internal H-Sphere utility that enables to execute a command as another user. All scripts triggered by H-Sphere are executed via sudo

Apache Web Server Configuration

Apache configuration directory is /hsphere/local/config/httpd. Also, a symlink alias to this directory is generated in the Apache home directory, that is, /hsphere/shared/apache/conf.

/hsphere/local/config/httpd/httpd.conf - Apache configuration file.

In the Apache config directory, virtual host configuration files are located in the /hsphere/local/config/httpd/sites directory:

• {domain_id}.conf contains virtual host configuration settings for users' domains.
• index.conf contains instructions to include {domain_id}.conf files.

FrontPage Extensions

FrontPage Extensions, version 5.0, is used as an upload server for Microsoft FrontPage site builder.

/hsphere/shared/frontpage/ is the H-Sphere Frontpage binaries directory.

/hsphere/shared/frontpage/version{number} is a subdirectory where Frontpage distibution is contained.

Also, a symlink to this directory is /usr/local/frontpage/version5.0. This is made for the compliance with default FrontPage settings - FrontPage directory is /usr/local/frontpage by default.

Webshell

Webshell is the H-Sphere web-based file manager that enables to browse remote directories without knowing the Unix file structure.

/hsphere/shared/apache/htdocs/webshell3 - Webshell 3 installation directory.

PHPMyAdmin

PHPMyAdmin is a PHP-based MySQL administration package. Its files are located in the /hsphere/shared/apache/php/MyPHPAdmin directory.

Webalizer

Webalizer is an external traffic calculation utility which analyzes the transfer log and generates readable HTTP transfer reports.

To activate Webalizer, the Transfer Log option must be enabled.

Webalizer is installed to /hsphere/shared/bin/webalizer.

/hsphere/shared/apache/conf/webalizer_user.cfg - webalizer config file.

In H-Sphere scripts directory, the following scripts are used for Webalizer activation and update:

- /hsphere/shared/scripts/webalizer-start - script for starting Webalizer
- /hsphere/shared/scripts/webalizer-stop - stop Webalizer
- /hsphere/shared/scripts/webalizer-update.pl - Perl script for Webalizer update

Modlogan

Modlogan is an external traffic calculation utility, similar to Webalizer.

To activate Modlogan, the Transfer Log must be enabled.

Modlogan is installed in /hsphere/shared/bin/modlogan.

/hsphere/shared/apache/conf/modlogan_user.cfg - Modlogan config file.

In H-Sphere scripts directory, the following scripts are used for Modlogan activation and update:

- /hsphere/shared/scripts/modlogan-init - script for Modlogan initialization.
- /hsphere/shared/scripts/modlogan-stop - stop Modlogan
- /hsphere/shared/scripts/modlogan-update.pl - Perl script for Modlogan update

Scripts check if there is free space on customer's account and don't generate statistics if the remaining space is not sufficient.

AWStats

(v.2.4 and up)

AWStats is a free tool that generates advanced graphical web server statistics reports. AWStats is set up on each Unix/Linux and Windows web server with H-Sphere installation or upgrade. Statistics is calculated for each domain separately.

AWStats directory: /hsphere/shared/awstats.

Each domain has its own AWStats configuration file: /hsphere/local/home/{user}/{user.domain.name}/cgi-bin/awstats.{user.domain.name}.conf

Urchin

Urchin is a third party Web analytics software integrated into H-Sphere. Urchin is installed and configured separately.

Urchin directory: /hsphere/local/urchin.

Urchin collects statistics for each domain into the /hsphere/local/urchin/var/logs/urchin-{domain_id}.log files. This statistics is transfered to the Urchin remote server via HTTP by means of the print-log.pl script located in cgi-bin directory of each domain directory.

Log file with Urchin history: /hsphere/local/urchin/data/history

Apache Log Files

Apache log files are located in the /hsphere/local/var/httpd/logs directory.

In the Apache log directory, all traffic is recorded into the access_log.{timestamp} files. Then, the /hsphere/shared/scripts/cron/cron_analyze.pl script calls the /hsphere/shared/sbin/analyze script to parse the contents of these files and to write traffic statistics into the specially formatted files in the /hsphere/local/var/statistic directory.

Filename format:

• dd.mm.YYYY.txt - web logs,
• dd.mm.YYYY.gst.txt - ftp logs,
• dd.mm.YYYY.ftp.txt - virtual ftp logs,
• dd.mm.YYYY.qml - mail logs.

where dd is a 2-digit day format, mm is a 2-digit month value, YYYY is a 4-digit year stamp.

Log files contain lines of the following format:

|name|xFer(kB)|Hits_All|Hits_HTML|

where name is the domain name, xFer is the total traffic in kilobytes.

Also, the /hsphere/local/var/statistic/loaded directory is created for storing timestamp log files whose records are already loaded to the database. Moving timestamp files to the loaded directory is performed by the /hsphere/shared/scripts/xfer_cat.pl script. After each move the {service}timestamp.txt files change their timestamps to the current date.

Web Traffic Calculation

When Transfer Log is switched on for a Web plan, user domain traffic is logged separately in user home directories: /hsphere/local/home/logs/{user.domain.name}/{timestamp}.log

Standard Apache {apache_home}/bin/rotatelogs utility parses Apache data and writes formatted strings into the access_log files in the Apache log directory. In H-Sphere, its own modified rotatelogspsoft and rotatelogspsoft2 utilities parse Apache data for lines related to a particular user domain and write these lines into user log files at /hsphere/local/home/logs/{user.domain.name} directory.

• rotatelogspsoft is the rewritten rotatelogs Apache utitily.
• rotatelogspsoft2 is the modified rotatelogspsoft utility.

rotatelogspsoft and rotatelogspsoft2 are called from the /hsphere/shared/apache/bin directory:

/hsphere/shared/apache/bin/rotatelogspsoft
/hsphere/shared/apache/bin/rotatelogspsoft2

Third-Party Traffic Calcutation

For an external HTTP traffic counting program such as Webalizer or Modlogan, cron runs the /hsphere/shared/scripts/cron/cron_rotate.pl script to update Webalizer/Modlogan documents for the clients who have these tools enabled.

Loading Traffic Information into the System Database (TrafficLoader)

TrafficLoader H-Sphere Java class is in charge of parsing the server traffic. That's how it is launched by cron:

30 5 * * * su -l cpanel -c 'java psoft.hsphere.TrafficLoader'

TrafficLoader processes Web, mail, FTP and virtual FTP traffic in the formatted statistics files located in the /hsphere/local/var/statistic directory and inserts these lines into the translog table of the H-Sphere system database.

TrafficLoader also calls the /hsphere/shared/scripts/xfer_cat.pl script to move the already loaded statistics files to the /hsphere/local/var/statistic/loaded directory as .txt.gz archives.

Sharing Common Resources With Mail Server Installed On The Same Physical Server

If Unix Web server and mail server are installed on one box, one single Apache server is used for both services. Otherwise, Apache web server for mail server running on a separate machine would be simplified, void of Web features such as Frontpage extensions, SSL support, Webshell, Modlogan, Webalizer, rotatelogs and the like.

Script Restarting Apache

The following script is used to restart Apache:
/hsphere/shared/scripts/apache-reconfig

Running the script can give large number of warnings. Most of them mean that user created subdomain through control panel, and then manually deleted the related directory. This will not prevent apache from starting or from normal operation.

Apache suexec

H-Sphere WebBox apache suexec is configured to run users' CGI scripts only within the /hsphere/local/home/ directory, recoursively. Thus, a user may run his/her own cgi scripts only if he/she has fourth nesting level within the H-Sphere user home directory, for example, /hsphere/local/home/user_home1.

List of Packages Compiled With Apache

To get the list of packages configured with the Apache server, type the following command under root:

# grep Apache /hsphere/local/var/httpd/logs/error_log

You may get the following packages configuration:

[notice] Apache/1.3.27 (Unix) mod_ssl/2.8.11 OpenSSL/0.9.6b FrontPage/5.0.2.2510 PHP/4.3.0 mod_throttle/3.1.2 configured

SSL Mode

SSL is implemented by the mod_ssl utility. There are dedicated SSL mode and shared SSL mode. In the first case, a single SSL certificate is issued for a dedicated IP, in the second case, one SSL certificate would be used for all IPs under the same domain zone.

Dedicated SSL

For dedicated IPs, SSL keys are located in the user home directory:

/hsphere/local/home/{user_name}/ssl.conf/{domain_name}/

If SSL is enabled, the following files will be placed to this directory:

• server.crt - SSL certificate
• server.key - SSL private key

Shared SSL

Directories with SSL certifaces and keys are located in the Apache config directory (/hsphere/shared/apache/config/).

/hsphere/shared/apache/conf/ssl.shared - directory for shared SSL certificates and keys.

Shared SSL directory structure:

• ssl.shared/{domain_name} - directory with SSL certificate and private key for a domain

With SSL enabled, the following files are placed into this directory:

• server.crt - SSL Certificate
• server.key - SSL Private Key
• server.csr - SSL signing request (if certificate has been generated by H-Sphere SSL generator tool)

When the user turns off SSL, the files remain on the server. When the user turns SSL back on, they are overwritten with the new files.

FTP Server

H-Sphere FTP server is based on ProFTPd version 1.2.4.

ProFTPd binary is /hsphere/shared/sbin/proftpd

There are two kinds of FTP:

• User FTP: When a new user account is created, its user is provided with the FTP account and thus may download/upload files from/to the user's home directory (/hsphere/local/home/{user_name}) by FTP using his name and password.
• Virtual (anonymous) FTP: a service provided only for dedicated IP accounts, enables to create virtual accounts to download/upload files from/to virtual account directories that are located within the account home directory, and provides anonymous access to the public directory.

User FTP

Log File

/hsphere/local/var/proftpd/logs/xferlog is the FTP log file. When a user uploads or downloads data, the corresponding record is made in the log file.

Configuration

FTP configuration directory is /hsphere/shared/config/ftpd.

/hsphere/shared/config/ftpd/proftpd.conf - FTP configuration file.

/hsphere/shared/config/ftpd/proftpd.conf.shared - FTP subaccounts configuration file.

Download/Upload Permissions

User can download and upload files from his document root directory (/hsphere/local/home/{user_name}/{domain_name}) after he logs in by FTP entering his login name ({user_name}) and password:
ftp user_name@domain_name

User FTP Traffic Calculation

Cron runs the /hsphere/shared/scripts/cron/ftp_anlz_user.pl script on everyday basis for collecting user FTP traffic.

ftp_anlz_user.pl parses the /hsphere/local/var/proftpd/xferlog FTP log file and writes FTP traffic statistics into the /hsphere/local/var/statistic/dd.mm.YYYY.gst.txt.

Virtual FTP

Log File

For each virtual account, its own configuration file is located in the /hsphere/local/var/proftpd/logs/ directory. File format: {vhost_id}.ftp.log.

For example, wwwuser has virtual FTP enabled for the test.psoft virtual host, and vhost_id=1208 is the virtual host identifier. When the virtual FTP user test3 connects by FTP to the virtual host (ftp test3@test.psoft), he would be allowed to download and upload (if permissions to write are set to that virtual host) from /hsphere/local/home/wwwuser/1208 directory for downloads and /hsphere/local/home/wwwuser/1208/incoming directory for uploaded files. The log records would be added to /hsphere/local/var/proftpd/logs/1208.ftp.log

The same is true for anonymous FTP account. If this option is enabled for the test.psoft virtual host, any user may connect by FTP using anonymous login and any email as a password, and all his downloads would go to /hsphere/local/home/wwwuser/1208 directory, uploads to the /hsphere/local/home/wwwuser/1208/incoming subdirectory.

Configuration

Configuration directory is /hsphere/local/config/ftpd.

The sites subdirectory contains configuration files {vhost_id}.conf. These files are generat ed by H-Sphere when the new virtual FTP server is created, by parsing the /hsphere/local/home/cpanel/shiva/shiva-templates/common/ftp/ftp.config template where the structure of virtual host configuration is set.

The sites/index.conf file contains the inclusions of the {vhost_id}.conf files.

The sites/{vhost_id}.passwd files contain information on the following accounts:

- {web_user_name} - name of the web user under which account this virtual host is enabled. Thus, user may log on by his name and password to connect by FTP to the virtual host FTP directory.
- {anonymous} - if anonymous FTP is switched on, anonymous connection may be installed by the outsider.
- the list of virtual FTP users with their base64-encoded passwords.

/hsphere/local/config/ftpd/proftpd.conf - configuration file. It includes the user FTP configuration file and sites/index.conf file.

Virtual FTP Traffic Calculation

Cron runs the /hsphere/shared/scripts/cron/ftp_anlz.pl script daily to collect virtual FTP traffic statistics.

The script parses the virtual FTP log files and writes traffic statistics into the timestamp-named /hsphere/local/var/statistic/dd.mm.YYYY.ftp.txt .