Tuesday, 18 June 2013

Tweaking Apache 2

Some Changes

As always we have been seeking ways to improve our website so we decided to make a few changes to our Apache 2 installation and write a little bit about how we setup our web server in the first place.

Apache is a great web server and we have been using it since version 1.3.x with version 2 the layout of the configuration files are more modular and is generally a better piece of software (obviously). We have a minimal set of modules for our install with the usual suspects such as mod_rewrite and mod_digest.


An image of a feather
Apache


Tidying Our Install

We wanted to start with a bit of a clean up of our Apache configuration files and to check everything is looking correct. When we installed our web server we disabled a few modules we felt were unneeded.

The first module to go was mod_status which provides information on the performance of your Apache install which we do not need on our production machine.

The following command will disable the module by deleting the correct symlinks under mods-enabled to mods-available and then if that command was successful it will run the init script for Apache you can use apachectl to restart Apache.


root@chic:~# a2dismod mod_status && /etc/init.d/apache2 restart

Next we wanted to enable rewrites as they are not enabled by default at least not on our system. Rewrites are useful for constructing pretty urls which do not contain a parameter string (?) the url is the parameter string this makes the url more appealing to read and remember.


root@chic:~# a2enmod rewite && /etc/init.d/apache2 restart

Normally there is a requirement to secure a website or just a section of a website using a username and password combination. As well as using an SSL connection we also use mod_digest along side for an added layer of security.

mod_digest differs from mod_auth (basic auth) in that passwords are hashed before being sent rather than being plain text it just and added layer as security should be multiple layers. As with the previous modules we used a2enmod to enable it.


root@chic:~# a2enmod auth_digest && /etc/init.d/apache2 restart

As well as these modules we also have php installed as an Apache module but the installation and setup of this is a bit beyond this article.

Now we can move onto the configuration file we wanted to have keep alive enabled so the server will keep a connection open for a short period after a request this negates the overhead of creating a new connection (handshake etc..).


KeepAlive On

We also set the charset by adding the encoding header to every connection so any of our user agents know what character set our data is encoded in. We use utf-8 for our files so this is what we set it to.


AddDefaultCharset utf-8

These are some of our main settings and next we moved on to disabling hostname lookups on Apache.


A screen shot of a table containing the UTF-8 character encodings.
UTF-8 Character


Hostname Lookups

This should be disabled by default from version 1.3 but we decided to implicitly disable the service as this is a major performance hit. We disabled it globally so it applies to every virtual host on our server. The configuration file we want is located under*,


/etc/apache2/apache2.conf

You should see HostnameLookups disabled already but if they are not I would set it to off this will give a significant speed boost as the server will not be doing reverse lookups.


HostnameLookups Off

Enabling gzip Compression

Having compression enabled by using mod_deflate can mean a reduction in the amount of data sent over the wire by quite a substantial amount.

We enabled the module using a2enmod like so,


a2enmod deflate && /etc/init.d/apache2 restart

Now the module is enabled we can check the configuration data we used the default configuration file which will compress static content like CSS files, JavaScript and HTML. 

The Care Homes Directory does not support IE 6 so we do not mind if configuration below may cause problems with MSIE6 I would keep that in mind for other websites.


<IfModule mod_deflate.c>
    # these are known to be safe with MSIE 6
    AddOutputFilterByType DEFLATE text/html text/plain text/xml

    # everything else may cause problems with MSIE 6
    AddOutputFilterByType DEFLATE text/css
    AddOutputFilterByType DEFLATE application/x-javascript application/javascript application/ecmascript
    AddOutputFilterByType DEFLATE application/rss+xml
</IfModule>

After all these configuration changes it would be good to check it is all working one tool we use for this is live http headers which is a Firefox plugin for displaying the header sent from the server you are visiting.


Screen shot of Live HTTP Headers plugin should encoding header and gzip compression header.
Live HTTP Headers


Disabling Logging

Our final task was disabling logging our website uses Google Analytics (urchin) for all our site logs so having Apache log each request is wasteful, unnecessary and can also take up a lot of space** although we use log rotate and compression for all our logs.

When we first started the website we used webalizer because Google Analytics was not around then an it made sense to use Apache to log visitors. We use vhosts so we disable on a case by case basis as we would not want to remove the choice of logging.

To disable logging you need to delete or comment out the ErrorLog and CustomLog lines in your vhost file or on a global level by editing the main Apache configuration file.


Conclusion

This article should give you an idea of how we have setup our web server and I am sure there are a few little things that have been missed and/or forgotten along the way.

We are currently trying to improve our site speed and response time in an effort to give our visitors a better experience and provide the information they require in the least amount of time and effort.

As always we will be writing a little bit about our efforts and how we approached the task at hand. There are many aspects to web development and web site maintenance, it involves many small incremental improvements over time to improve all aspects of our website and platform.


Appendix

* Location on Debian
** Rewrite logs can get huge
Source of Apache logo http://incubator.apache.org/triplesoup/images/apache_feather.png
Source of Character encoding screen shot http://www.utf8-chartable.de/

No comments:

Post a Comment