From owner-svn-doc-all@FreeBSD.ORG Mon Oct 21 22:20:55 2013 Return-Path: Delivered-To: svn-doc-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id 047A7E34; Mon, 21 Oct 2013 22:20:55 +0000 (UTC) (envelope-from dru@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id D563C2AF1; Mon, 21 Oct 2013 22:20:54 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.7/8.14.7) with ESMTP id r9LMKsPQ096923; Mon, 21 Oct 2013 22:20:54 GMT (envelope-from dru@svn.freebsd.org) Received: (from dru@localhost) by svn.freebsd.org (8.14.7/8.14.5/Submit) id r9LMKsln096922; Mon, 21 Oct 2013 22:20:54 GMT (envelope-from dru@svn.freebsd.org) Message-Id: <201310212220.r9LMKsln096922@svn.freebsd.org> From: Dru Lavigne Date: Mon, 21 Oct 2013 22:20:54 +0000 (UTC) To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r43017 - head/en_US.ISO8859-1/books/handbook/network-servers X-SVN-Group: doc-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-doc-all@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "SVN commit messages for the entire doc trees \(except for " user" , " projects" , and " translations" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 21 Oct 2013 22:20:55 -0000 Author: dru Date: Mon Oct 21 22:20:54 2013 New Revision: 43017 URL: http://svnweb.freebsd.org/changeset/doc/43017 Log: Some tightening in the DNS, HTTP, and FTP sections. The DNS and HTTP sections still need a good go-through. Clarify the introductions to these sections. Fix some acronyms along the way. To be followed by a white-space fix. Modified: head/en_US.ISO8859-1/books/handbook/network-servers/chapter.xml Modified: head/en_US.ISO8859-1/books/handbook/network-servers/chapter.xml ============================================================================== --- head/en_US.ISO8859-1/books/handbook/network-servers/chapter.xml Mon Oct 21 17:46:02 2013 (r43016) +++ head/en_US.ISO8859-1/books/handbook/network-servers/chapter.xml Mon Oct 21 22:20:54 2013 (r43017) @@ -3006,58 +3006,33 @@ dhcpd_ifaces="dc0" --> Domain Name System (<acronym>DNS</acronym>) - - Overview - BIND - &os; utilizes, by default, a version of BIND (Berkeley - Internet Name Domain), which is the most common implementation - of the DNS protocol. - DNS is the protocol through which names are - mapped to IP addresses, and vice versa. - For example, a query for - www.FreeBSD.org will receive a - reply with the IP address of The &os; - Project's web server, whereas, a query for - ftp.FreeBSD.org will return the - IP address of the corresponding - FTP machine. Likewise, the opposite can - happen. A query for an IP address can - resolve its hostname. It is not necessary to run a name + Domain Name System (DNS) is the protocol through which domain names are + mapped to IP addresses, and vice versa. By default, &os; installs the Berkeley + Internet Name Domain (BIND), which is the most common implementation + of the DNS protocol. The &os; version provides enhanced security features, a new file + system layout, and automated &man.chroot.8; + configuration. BIND is maintained by the + isc.org. + It is not necessary to run a name server to perform DNS lookups on a system. - &os; currently comes with BIND9 - DNS server software by default. Our - installation provides enhanced security features, a new file - system layout and automated &man.chroot.8; - configuration. - DNS DNS is coordinated across the Internet through a somewhat complex system of authoritative root, Top Level Domain (TLD), and other smaller-scale - name servers which host and cache individual domain - information. - - Currently, BIND is maintained by the - Internet Systems Consortium - . - - - - Terminology - - To understand this document, some terms related to - DNS must be understood. + name servers, which host and cache individual domain + information. Table 28.4 describes some of the terms associated with DNS: resolver reverse DNS root zone - + + <acronym>DNS</acronym> Terminology @@ -3117,7 +3092,7 @@ dhcpd_ifaces="dc0" - +
zones @@ -3159,7 +3134,6 @@ dhcpd_ifaces="dc0" of a hostname is much like a file system: the /dev directory falls within the root, and so on. - Reasons to Run a Name Server @@ -4431,56 +4405,45 @@ $include Kexample.com.+005+nnnnn.ZSK.key setting up Apache - &os; is used to run some of the busiest web sites in the - world. The majority of web servers on the Internet are using - the Apache HTTP Server. - Apache software packages should be - included on the &os; installation media. If - Apache was not installed while - installing &os;, then it can be installed from the - www/apache22 port. - - Once Apache has been installed - successfully, it must be configured. - - - This section covers version 2.2.X of the - Apache HTTP Server as that is the - most widely used version for &os;. For more detailed - information beyond the scope of this document about - Apache 2.X, please see - . - + The open source + Apache HTTP Server is the most widely + used web server. &os; does not install this web server by default, + but it can be installed from the + www/apache24 package or port. + + This section summarizes how to configure and start version 2.x of the + Apache HTTP Server, the + most widely used version, on &os;. For more detailed + information about + Apache 2.X and its configuration directives, refer to + httpd.apache.org. - Configuration + Configuring and Starting Apache Apache configuration file - The main Apache HTTP Server + In &os;, the main Apache HTTP Server configuration file is installed as - /usr/local/etc/apache22/httpd.conf on - &os;. This file is a typical &unix; text configuration file - with comment lines beginning with the # - character. A comprehensive description of all possible - configuration options is outside the scope of this book, so - only the most frequently modified directives will be described - here. + /usr/local/etc/apache2x/httpd.conf. + This ASCII text file begins + comment lines with the #. The + most frequently modified directives are: ServerRoot "/usr/local" - This specifies the default directory hierarchy for + Specifies the default directory hierarchy for the Apache installation. Binaries are stored in the bin and sbin subdirectories of the server root, and configuration files are stored in etc/apache. + class="directory">etc/apache2x. @@ -4488,8 +4451,7 @@ $include Kexample.com.+005+nnnnn.ZSK.key ServerAdmin you@your.address - The address to which problems with the server should - be emailed. This address also appears on some + The email address to receive problems with the server. This address also appears on some server-generated pages, such as error documents. @@ -4498,21 +4460,20 @@ $include Kexample.com.+005+nnnnn.ZSK.key ServerName www.example.com - ServerName allows an + Allows an administrator to set a host name which is sent back to - clients for the server. This is useful if the host is - different than the one that it is configured with (i.e., - use www instead of the host's real - name). + clients for the server. For example, + www can be used instead of the actual host + name. DocumentRoot - "/usr/local/www/apache22/data" + "/usr/local/www/apache2x/data" - DocumentRoot: The directory + The directory where documents will be served from. By default, all requests are taken from this directory, but symbolic links and aliases may be used to point to other @@ -4525,18 +4486,14 @@ $include Kexample.com.+005+nnnnn.ZSK.key Apache configuration file before making changes. When the configuration of Apache, is complete, save the - file and verify the configuration using &man.apachectl.8;. - To do this, issue apachectl configtest - which should return Syntax OK. - - - - Running <application>Apache</application> + file and verify the configuration using apachectl(8). + Running apachectl configtest + should return Syntax OK. Apache starting or stopping - The www/apache22 port + The www/apache24 port installs an &man.rc.8; script to aid in starting, stopping, and restarting Apache, which can be found in /etc/rc.conf: - apache22_enable="YES" + apache24_enable="YES" If Apache should be started with non-default options, the following line may be added to - /etc/rc.conf: + /etc/rc.conf to specify the needed flags: - apache22_flags="" + apache24_flags="" The Apache configuration can be tested for errors after making subsequent @@ -4561,7 +4518,7 @@ $include Kexample.com.+005+nnnnn.ZSK.key or by the &man.service.8; utility by issuing one of the following commands: - &prompt.root; service apache22 configtest + &prompt.root; service apache24 configtest It is important to note that the @@ -4571,11 +4528,10 @@ $include Kexample.com.+005+nnnnn.ZSK.key If Apache does not report - configuration errors, the - Apache httpd - can be started with &man.service.8;: + configuration errors, start httpd + with &man.service.8;: - &prompt.root; service apache22 start + &prompt.root; service apache24 start The httpd service can be tested by entering http://httpd, if it is not the local machine. The default web page that is displayed is - /usr/local/www/apache22/data/index.html. + /usr/local/www/apache24/data/index.html. @@ -4915,128 +4871,107 @@ DocumentRoot /www/someotherdomain.tld --> - File Transfer Protocol (FTP) + File Transfer Protocol (<acronym>FTP</acronym>) - FTP servers + FTP servers - The File Transfer Protocol (FTP) provides users with a + The File Transfer Protocol (FTP) provides users with a simple way to transfer files to and from an - FTP server. - &os; includes FTP server - software, ftpd, in the base system. - This makes setting up and administering an - FTP server on - &os; very straightforward. + FTP server. + &os; includes FTP server + software, ftpd, in the base system. + + &os; provides several configuration files for controlling access + to the FTP server. This section summarizes + these files. Refer to &man.ftpd.8; for more details about the + built-in FTP server. - - Configuration + + Configuration The most important configuration step is deciding which - accounts will be allowed access to the FTP server. A normal - &os; system has a number of system accounts used for various - daemons, but unknown users should not be allowed to log in - with these accounts. The /etc/ftpusers - file is a list of users disallowed any FTP access. By - default, it includes the aforementioned system accounts, but - it is possible to add specific users here that should not be - allowed access to FTP. + accounts will be allowed access to the FTP server. A + &os; system has a number of system accounts which + should not be allowed FTP access. + The list of users disallowed any FTP access + can be found in /etc/ftpusers. + By + default, it includes system accounts. Additional + users that should not be + allowed access to FTP can be added. In some cases it may be desirable to restrict the access of some users without preventing them completely from using - FTP. This can be accomplished with the - /etc/ftpchroot file. This file lists - users and groups subject to FTP access restrictions. Refer to - &man.ftpchroot.5; for more details. + FTP. This can be accomplished be creating + /etc/ftpchroot as described in &man.ftpchroot.5;. This file lists + users and groups subject to FTP access restrictions. - FTP + FTP anonymous - To enable anonymous FTP access to the server, create a + To enable anonymous FTP access to the server, create a user named ftp on the &os; system. Users - will then be able to log on to the FTP server with a username - of ftp or anonymous - and with any password (by convention an email address for the - user should be used as the password). The FTP server will + will then be able to log on to the FTP server with a username + of ftp or anonymous. When prompted for the password, + any input will be accepted, but by convention, an email address + should be used as the password. The FTP server will call &man.chroot.2; when an anonymous user logs in, to restrict access to only the home directory of the ftp user. - There are two text files that specify welcome messages to - be displayed to FTP clients. The contents of the file + There are two text files that can be created to specify welcome messages to + be displayed to FTP clients. The contents of /etc/ftpwelcome will be displayed to users before they reach the login prompt. After a successful - login, the contents of the file + login, the contents of /etc/ftpmotd will be displayed. Note that the path to this file is relative to the login - environment, so the file ~ftp/etc/ftpmotd + environment, so the contents of ~ftp/etc/ftpmotd would be displayed for anonymous users. - Once the FTP server has been configured properly, it must - be enabled in /etc/inetd.conf. All that - is required here is to remove the comment symbol - # from in front of the existing - ftpd line : - - ftp stream tcp nowait root /usr/libexec/ftpd ftpd -l - - As explained in , - the inetd configuration must be - reloaded after this configuration file is changed. Please - refer to for details - on enabling inetd on the - system. - - Alternatively, ftpd can also be - started as a stand-alone server. In this case, it is - sufficient to set the appropriate variable in - /etc/rc.conf: + Once the FTP server has been configured, set the appropriate variable in + /etc/rc.conf to start the service during boot: ftpd_enable="YES" - After setting the above variable, the stand-alone server - will be started at the next reboot, or it can be started - manually by executing the following command as - root: + To start the service now: &prompt.root; service ftpd start - Log on to the FTP server by typing: + Test the connection to the FTP server by typing: &prompt.user; ftp localhost - - - - Maintaining syslog log files - FTP + FTP The ftpd daemon uses &man.syslog.3; to log messages. By default, the system log - daemon will put messages related to FTP in the - /var/log/xferlog file. The location of - the FTP log can be modified by changing the following line in + daemon will write messages related to FTP in + /var/log/xferlog. The location of + the FTP log can be modified by changing the following line in /etc/syslog.conf: ftp.info /var/log/xferlog - FTP + FTP anonymous + Be aware of the potential problems involved with running - an anonymous FTP server. In particular, think twice about + an anonymous FTP server. In particular, think twice about allowing anonymous users to upload files. It may turn out - that the FTP site becomes a forum for the trade of unlicensed - commercial software or worse. If anonymous FTP uploads are + that the FTP site becomes a forum for the trade of unlicensed + commercial software or worse. If anonymous FTP uploads are required, then verify the permissions so that these files can not be read by other anonymous users until they have been reviewed by an administrator. +