P. 1


|Views: 69|Likes:
Published by Robin Cesc

More info:

Published by: Robin Cesc on Jul 17, 2011
Copyright:Attribution Non-commercial


Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less





To obtain the best performance on your Joomla server, you need to start at the bottom: the Apache server.
Apache server is one of the most tried and tested Web servers in the world. It’s used to run some of the
biggest Internet Web sites and some of the tiniest. More than 70 percent of the world’s sites use Apache for
Web serving. Because of the worldwide deployment and testing, Apache stable releases tend to be rock
solid. If a problem is encountered, usually the trouble can be traced back to a faulty configuration, rather
than a fault in the server itself.

While initial installation of Apache is easy, there can be difficulties in configuring the system to exactly
meet your server needs. In the main configuration file (httpd.conf), there are more than three dozen


Chapter 2: The Finer Points of Installation and Configuration

33941c02.qxd:WroxPro 8/25/07 1:30 PM Page 18

different directives. Many of the directives overlap and affect not only the operation of the server but also
security and performance as well.

Configuration Files

When optimizing Apache to run Joomla most effectively, you will have to check all the configuration direc-
tives that the Web server uses. The recommended settings are not one-size-fits-all. How you configure the
Web server is governed largely by how you see your audience. Do you have thousands of users who will
be visiting your Joomla site for a few minutes and leaving? Or, are you trying to make your site a portal
where users will spend a majority of their Web time logged in to your site?

Setting the correct values for some parameters such as those relating to timeouts will take some experi-
ence, but you can adjust some settings immediately to make your life as a Joomla administrator easier.
The most important directives for Joomla include DirectoryIndex, LogLevel, and ServerRoot.

DirectoryIndex Directive

This directive defines what index file will be accessed by the Web server. By default, the directive is set
to DirectoryIndexindex.html,which means that only index.htmlwill be returned to a visitor if a
directory without a file is requested. Since Joomla uses index.phpto execute, you must add a PHP
attribution to ensure that your server functions correctly.

If you look in the httpd.conffile, you should find the following directive:

# DirectoryIndex: sets the file that Apache will serve if a directory is requested

DirectoryIndex index.html

For Joomla to execute properly, you need to add the PHP file as a default index page. To accomplish this,
you only need an index.phpreference before the HTML reference, like this:

DirectoryIndex index.php index.html

The next time a user enters a URL without a file reference (such as http://localhost/), the directory will
first be searched for index.phpand the index.htmlfile will only be used if the PHP file can’t be found.

LogLevel Directive

The LogLevelsets how verbose the system will make the error log entries. When initially learning Joomla
or testing during development, increasing the LogLevelcan make it much easier to diagnose and correct
problems with the system. It can also allow you to catch small problems immediately, rather than later in
the life of the system when heavy usage can magnify what were minor defects. As the old saying goes—
it is best to kill a monster when it is small.

The default LogLevelsetting is warn. Following are the eight available settings (listed in ascending levels
of verbosity):

emerg—Only records emergency entries when system has faulted and is unusable.

alert—Records server warnings when action should be taken immediately to prevent cata-
strophic failure in one part of the system.


Chapter 2: The Finer Points of Installation and Configuration

33941c02.qxd:WroxPro 8/25/07 1:30 PM Page 19

crit—Stores critical conditions that could impair the functioning of the server.

warn—Records all warnings the system generates. Note that this is the default setting.

error—Stores errors in system execution.

notice—Records conditions that are normal and don’t threaten system operations.

info—Provides informational records with optimization suggestions.

debug—Records all system generated messages, including the acknowledgment of execution
of processes.

When the LogLevelis set, the log will store messages from that level, as well as all messages from the
higher critical levels above it. The messages from the noticelevel are always logged, regardless of the
LogLevelsetting. For a deployment server, it is recommended that a minimum of critlevel logging
be set.

When set to warn, a log entry might appear like this:

[Sat Nov 18 08:16:04 2006] [error] [client] File does not exist:

C:/Program Files/Apache Software Foundation/Apache2.2/htdocs/AVE, referer:


There is also the LogFormatdirective that can be used to customize the logged entry format. Look in the
Apache manual for complete instructions regarding this directive’s use.

The directive that determines the location and name of the error log is named, appropriately, ErrorLog.
One handy capability of the ErrorLogdirective is the ability to have any log entries routed to a remote
server. You might want the log on a remote server if you want to centralize all of the log information of
multiple servers in a single place for analysis. Having the log at a remote location also prevents hackers,
if they gain access to your main server, from erasing the log of their actions.

To have the log sent to a remote server, you need only specify a remote syslog server in the directive
like this:

ErrorLog syslog:logwarehouse

This will send the log entries to a server called logwarehouse. For information on setting up the server
to receive the error log messages, check out the Wikipedia article on the syslog standard:


ServerRoot Directive

The ServerRootdirective holds the configuration for the root directory of the Web server. On a Linux
machine, this directive would likely be set like this:

ServerRoot “/usr/local/apache”

On the Windows platform, it would likely be set to something like this:

ServerRoot “C:/Program Files/Apache Software Foundation/Apache2.2”


Chapter 2: The Finer Points of Installation and Configuration

33941c02.qxd:WroxPro 8/25/07 1:30 PM Page 20

This value will be appended to all paths that are not fully qualified. If error logs are not being written to
the proper place, or configuration files are not available for access, check the value of this directive.

Other httpd.conf Directives

While the previous sections detailed the most important directives to get you started, there are many
others that are relevant to Joomla configuration. Note that many suggested configuration sets for fea-
tures such as languages, SSL, user directories, and so on, can be found in the /defaultsfolder within
the /conffolder of the server. You can look at the included .conffiles to see the configuration sets of
directives that will best help you set up the system to provide a particular group of features.

Table2-1 contains a list of important directives and a general description of each. You will find all
of these directives in your configuration file. The proper settings for each will be dependent on your
deployment needs.

Table2-1: Important Apache Server Directives





Sets the name of the configuration file.

AddCharset charset extension

[extension] ...

Maps files with the extension specified to a character set.

AddDefaultCharset On|Off|charset

Adds a default character set to be used with MIME
type text/plain or text/HTML.


Sets a map between a file extension and a language.


Sets the ports that may accept connections through
the proxy.


Determines the directive types that are allowed in an


Holds the default duration that a document will be
kept in the cache if no expiration is set for the file.


Determines the default character set.


Holds the expiration time in seconds for a tracking


Sets a custom log file and the format to be used by
the log.


Defines the MIME tag default language for a visitor.


Chapter 2: The Finer Points of Installation and Configuration

33941c02.qxd:WroxPro 8/25/07 1:30 PM Page 21

Table2-1: Important Apache Server Directives (continued)




Controls the hosts that are denied access to the Web
server. This directive can be tremendously useful when
fending off a hacker’s attack, or limiting connections
from unauthorized or unfriendly visitors.


Holds the path of the root directory that will be served to
requestors. Most often, this directive specifies the path to
the htdocfolder that holds the Joomla installation. The
setting for this directive may appear as C:/Program
Files/Apache Software Foundation/Apache2.2/

htdocson the Windows platform.


Specifies the error document that will be returned to
the visitor in case of error. Note that the Joomla system
overrides this operator and returns Joomla error pages.
These Joomla error pages may, in turn, be overridden
by a specified template to transmit custom error pages
to the users.


Specifies the path of the error file where error entries
are logged.


Used to set an HTTP response header.


Holds the name of the file to be inserted at the top of a
directory listing if the Headerdirective is set.


Enables or disables the logging of visitor information
provided by the request in the form of RFC 1413 identity.


Enables or disables persistent connections/sessions.


Determines the length of time before persistent
connections/sessions will time out.


Holds the precedence of language variants if language
is not specified by the requestor.


Custom-specifies the IP addresses and ports where the
server listens. Also see the ServerNamedirective.


Holds the number of requests allowed by a persistent
connection. The default setting is 100.


Chapter 2: The Finer Points of Installation and Configuration

33941c02.qxd:WroxPro 8/25/07 1:30 PM Page 22

Table2-1: Important Apache Server Directives (continued)

Log Files

The Apache log files can be your best friend when it comes to monitoring your Web server. Although
there are some Joomla extensions that can record site statistics, their use is not recommended because of
the decrease in server performance. Therefore, if you want to monitor your closely traffic, you must do it
through the actual Web server log files. There are three primary types of log files: access, error, and install.




Configures a Common Gateway Interface (CGI) script
for execution on the receipt of a particular message. If
PHP will be run through CGI, this should be config-
ured properly.


Only useful if you’re running PHP as a CGI execution.
In that case, this directive sets the location of the CGI
script error log file.


When messages are sent from the server to a client,
this email address is included. It can be useful for a
Joomla administrator to configure this setting so that
requests and reports from users may be received by
the administrator.


Name of host and port to be used by the server. The
default setting is ServerName localhost:80. If you
are running multiple servers on the same machine
(Apache and IIS, for example), this directive can be
used to change the port that the Apache server uses to
listen for requests.


Amount of time server will attempt operation before a
failure timeout. The default setting is 300 seconds.


Sets the trace behavior. The default condition is on.


Holds the location of the transfer log.


Specifies user-specific directories. If your server will
be hosting multiple users with various Joomla installa-
tions, user directories can be added here.


The root of the virtual document. This directive can be
important if you are setting up a multi-host system to
run Joomla.


The IP number of the virtual document.


Chapter 2: The Finer Points of Installation and Configuration

33941c02.qxd:WroxPro 8/25/07 1:30 PM Page 23

Monitoring these log files can help you do the following:

Balance traffic—If your Web site becomes popular, it is very important that you understand the
stress load that will be placed on the server. You should know the peak hours, as well as the hours
when there is little activity. In special circumstances (following an event reported by the media),
you may receive the mixed blessing of a flood of traffic. In these extreme circumstances, you may
choose to shut down processor-intensive services (such as the search function) until the storm has
passed. With the slow times, you’ll definitely want the opportunity to back up your site.

Examine your user base—The log files can generate a huge amount of information that can be
extremely useful to a system administrator. Wouldn’t you like to know the percentage split of
the type of browsers that visitors are using? It’s often surprising. What if half of your traffic
comes from the Netherlands? Wouldn’t that be important to the future focus of your content?
And wouldn’t it also be useful to know which Web site is sending all the Netherlands traffic in
your direction? These are just a few of the questions you’ll be able to answer by taking a serious
look at the log files.

See what errors have occurred—You need to know if one of the server modules isn’t loading
properly, or if the server is generating errors when it attempts a particular function. The error
logs can provide vital debugging information to get the server running properly, and ensure
that it stays that way.

Watch for hacks and system attacks—The Web is like the old Wild West, and there are very few
rules in place. In the 1970s, the United States had minor problems with teenage hackers break-
ing into computer systems to play around. Nowadays, the venue for hacking is global, and the
hackers often have less benign motives. The log files can often reveal a pattern of access, partic-
ularly when a hacker is using a piece of software such as a bot that indicates your system is under
attack. Once you know an attack is being attempted, there are a great number of remedies you
can apply—right down to blocking the IP address that the hacker is using. But you can’t stop
anything if you don’t know it’s happening, and examining the logs can often provide an early
warning that your system is in play.

After you install Apache and run it for a short time, check out the /logsdirectory at the Apache direc-
tory root. You will see the three main log files here. Take a look at each file with a standard text editor so
that you will be familiar with them. As you progress through this book, you will return to these logs to
understand the adjustment and maintenance of your Joomla site.

Modules and Extensions Folders

The /modulesand /extensionsfolders contain all of the Apache plug-ins that allow the Web server to
interact with other software, including PHP. For a Joomla installation, you’re unlikely to modify these
folders. However, if you experience a problem or begin having some strange results, it is often a good
idea to check the version numbers of the individual modules to determine if there is an upgraded ver-
sion available.

On the Linux platform, you can generally find the version of a module or extension using the filecom-
mand like this:

file mod_authn_dbm.so


Chapter 2: The Finer Points of Installation and Configuration

33941c02.qxd:WroxPro 8/25/07 1:30 PM Page 24

On the Windows platform, you can check the version numbers of each extension or module simply
enough by looking at the version tab on the properties of the file, as shown in Figure2-8. You can do a
search on the Web or the Apache Web site (www.apache.org) to see if other users are having difficulty
with the version of plug-in installed on your system. If you post a question regarding your problem, be
sure to include the version numbers of the plug-ins that you’re using so that responders can accurately
assess your situation.

Figure2-8: If you have problems, check the
versions of the files in the modules and ext folders.

Not all modules located in these folders are active. You can use directives in the httpd.conffile to indi-
vidually activate or disable a plug-in. Note that additional modules not included with the core install are
available for download here:


htdocs Folder

By default, all of your Web content is stored in this directory. You have to be particularly careful on the
security settings that you allow for the /htdocsfolder. Since hhtdocsfiles have execution privileges for
PHP code, if a hacker can find a way to place custom code or a virus into this directory, the potential
for mischief is significant. Chapter 14 discusses the best methods of configuring this folder for security.


Chapter 2: The Finer Points of Installation and Configuration

33941c02.qxd:WroxPro 8/25/07 1:30 PM Page 25

You're Reading a Free Preview

/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->