Skip to end of metadata
Go to start of metadata
Pattern Book Contents

Home

 

 

 

  1. Log into winpb01 as user BI4PATTERN\Pattern01

    Account Permissions

    Pattern01 is a local administrator account that is used to install and configure Apache. Apache will run as a service account named SVC_WEBTIER, which will have reduced permissions on the operating system (OS). Using this service account ensures that the Apache ID cannot be compromised and used for unauthorized access to the OS.

    For more information, see the Security Tips page and  Apache HTTPD on Windows page on the Apache website.

     

  2. Before you install Apache, download and install Microsoft Visual C++ 2010 SP1 Redistributable Package (x64): Microsoft Visual C++ 2010 SP1 Redistributable Package (x64)http://www.microsoft.com/download/en/details.aspx?id=13523.
    This package provides OS-specific functions that Apache 2.4 needs to run on Windows.

  3. Go to the Apache Lounge website and download the latest, compiled 64-bit copy of Apache 2.4: http://www.apachelounge.com/download/win64/.
    At this time of writing, Apache 2.4.3 is the latest available release. Because the Apache project no longer provides compiled versions of Windows binaries, we use the compiled versions offered at Apache Lounge to avoid potential problems with manually compiling Apache on Windows.
     
  4. Extract the Apache24 directory from the httpd-2.4.3-win64.zip file, and place it on the root of C:

    Default Windows Directories

    The root directory for Apache will be C:/Apache24. You can place the Apache root directory anywhere on the drive, but placing it at the root of the drive is necessary for these reasons:
     - It enables the pre-configured httpd.conf file to be used as a foundation.
     - It eliminates spaces in the directory name, which can cause problems.
     - It eliminates special characters in the directory name, such as the parentheses in (x86). Parentheses cause problems with the SSL configuration because Apache assumes they represent a cipher strength (for example, 512000).



  5. To configure basic permissions on the web server, in a text editor open the file C:/Apache24/conf/httpd.conf, and do the following:

    • Uncomment the property ServerName, and set it to the Fully Qualified Domain Name (FQDN) and listening port of the server.
      In this pattern, ServerName is set to vantgvmwinpb01.dhcp.pgdev.sap.corp:80. For example:

      ServerName vantgvmwinpb01.dhcp.pgdev.sap.corp:80
    • To allow access only from machines in the sap.corp domain, update the htdocs Directory block as follows.

      a) Locate the following block in the httpd.conf file:



      b) Modify the Options directive and Require directive as follows:

    • For extra security, disable access to the cgi-bin directory to prevent access to CGI scripts that could be run using the -ExecCGI option:

      a) Locate the following block in the httpd.conf file:



      b) Modify the Require directive as follows:

    • Save the httpd.conf file.
  6. Disable the IIS/World Wide Web Publishing Service so that Apache may listen on TCP ports 80 and 443.
    This is necessary because the server will host Apache as a web server.

    • Click Start > Run, and in the Open box type services.msc.
      The "Services" dialog box opens.
    • Click World Wide Web Publishing Service, and click Stop.
    • Double-click World Wide Web Publishing Service.
      The "World Wide Web Publishing Service Properties (Local Computer)" dialog box opens.
    • In the Startup type box, select Disabled.

  7. Install Apache 2.4 as a service that can be started automatically:

    • To ensure Windows 2008 permissions properly allow the addition of a new Windows service, run the command prompt as Administrator:

      Click Start, right-click Command Prompt, and select Run as Administrator.
      (If the Command Prompt option is not available on the Start menu, click Start > All Programs > Accessories.)

    • Type this command:

      cd\Apache24\bin
    • Type this command:

      httpd -k install -n "Apache 2.4"

      The following output is returned:

  8. To allow users access on TCP port 80, add a Windows Firewall rule:

    a) Click Start > Administrative Tools > Windows Firewall with Advanced Security.
    The "Windows Firewall with Advanced Security on Local Computer" dialog box opens.

    The default Domain Profile in the pattern blocks inbound connections:



    b) In the "Windows Firewall with Advanced Security on Local Computer" pane (left side), right-click Inbound Rules, and select New Rule.
    The "New Inbound Rule" wizard opens.

    c) Select Port, and click Next.

    d) Ensure TCP is selected, and ensure Specific local ports is selected.
    e) In the Specific local ports box, type 80, and then click Next.

    To enable SSL traffic you would enter 443 instead, or allow access on both ports with the format 80, 443



    f) Ensure  Allow the connection is selected, and click Next.

    g) Leave all options selected under the Profile section, and click Next.

    h) In the Name box, type HTTPD Inbound, and click Finish.

  9. Test to ensure the core Apache service works and can be reached on port 80.

    a) Return to the Services snap in, or re-launch it by running the following command:

    Click Start > Run, and in the Open box type services.msc.
    The "Services" dialog box opens.

    b) Refresh the "Services" dialog box by pressing F5 on the keyboard, and then verify that the service Apache 2.4  appears in the Services (Local) list.

    c) Select Apache 2.4, and click Start.
    The Status column indicates that Apache 2.4 has a status of Started. (You can also right-click Apache 2.4, and select Properties to view its status.)



    d) In a web browser, go to http://vantgvmwinpb01.dhcp.pgdev.sap.corp.

    e) On that web page, you will see the message "It works!"
    \\\\
  • No labels
  1. Thanks to Moritz Hödel for the updates.