svn commit: r43017 - head/en_US.ISO8859-1/books/handbook/network-servers
Dru Lavigne
dru at FreeBSD.org
Mon Oct 21 22:20:55 UTC 2013
Author: dru
Date: Mon Oct 21 22:20:54 2013
New Revision: 43017
URL: http://svnweb.freebsd.org/changeset/doc/43017
Log:
Some tightening in the DNS, HTTP, and FTP sections.
The DNS and HTTP sections still need a good go-through.
Clarify the introductions to these sections.
Fix some acronyms along the way.
To be followed by a white-space fix.
Modified:
head/en_US.ISO8859-1/books/handbook/network-servers/chapter.xml
Modified: head/en_US.ISO8859-1/books/handbook/network-servers/chapter.xml
==============================================================================
--- head/en_US.ISO8859-1/books/handbook/network-servers/chapter.xml Mon Oct 21 17:46:02 2013 (r43016)
+++ head/en_US.ISO8859-1/books/handbook/network-servers/chapter.xml Mon Oct 21 22:20:54 2013 (r43017)
@@ -3006,58 +3006,33 @@ dhcpd_ifaces="dc0"</programlisting>
-->
<title>Domain Name System (<acronym>DNS</acronym>)</title>
- <sect2>
- <title>Overview</title>
-
<indexterm><primary>BIND</primary></indexterm>
- <para>&os; utilizes, by default, a version of BIND (Berkeley
- Internet Name Domain), which is the most common implementation
- of the <acronym>DNS</acronym> protocol.
- <acronym>DNS</acronym> is the protocol through which names are
- mapped to <acronym>IP</acronym> addresses, and vice versa.
- For example, a query for
- <hostid role="fqdn">www.FreeBSD.org</hostid> will receive a
- reply with the <acronym>IP</acronym> address of The &os;
- Project's web server, whereas, a query for
- <hostid role="fqdn">ftp.FreeBSD.org</hostid> will return the
- <acronym>IP</acronym> address of the corresponding
- <acronym>FTP</acronym> machine. Likewise, the opposite can
- happen. A query for an <acronym>IP</acronym> address can
- resolve its hostname. It is not necessary to run a name
+ <para>Domain Name System (<acronym>DNS</acronym>) is the protocol through which domain names are
+ mapped to <acronym>IP</acronym> addresses, and vice versa. By default, &os; installs the Berkeley
+ Internet Name Domain (<acronym>BIND</acronym>), which is the most common implementation
+ of the <acronym>DNS</acronym> protocol. The &os; version provides enhanced security features, a new file
+ system layout, and automated &man.chroot.8;
+ configuration. BIND is maintained by the
+ <ulink url="https://www.isc.org/">isc.org</ulink>.
+ It is not necessary to run a name
server to perform <acronym>DNS</acronym> lookups on a
system.</para>
- <para>&os; currently comes with <acronym>BIND</acronym>9
- <acronym>DNS</acronym> server software by default. Our
- installation provides enhanced security features, a new file
- system layout and automated &man.chroot.8;
- configuration.</para>
-
<indexterm><primary>DNS</primary></indexterm>
<para><acronym>DNS</acronym> is coordinated across the Internet
through a somewhat complex system of authoritative root, Top
Level Domain (<acronym>TLD</acronym>), and other smaller-scale
- name servers which host and cache individual domain
- information.</para>
-
- <para>Currently, BIND is maintained by the
- Internet Systems Consortium
- <ulink url="https://www.isc.org/"></ulink>.</para>
- </sect2>
-
- <sect2>
- <title>Terminology</title>
-
- <para>To understand this document, some terms related to
- <acronym>DNS</acronym> must be understood.</para>
+ name servers, which host and cache individual domain
+ information. Table 28.4 describes some of the terms associated with <acronym>DNS</acronym>:</para>
<indexterm><primary>resolver</primary></indexterm>
<indexterm><primary>reverse
<acronym>DNS</acronym></primary></indexterm>
<indexterm><primary>root zone</primary></indexterm>
- <informaltable frame="none" pgwide="1">
+ <table frame="none" pgwide="1">
+ <title><acronym>DNS</acronym> Terminology</title>
<tgroup cols="2">
<colspec colwidth="1*"/>
<colspec colwidth="3*"/>
@@ -3117,7 +3092,7 @@ dhcpd_ifaces="dc0"</programlisting>
</row>
</tbody>
</tgroup>
- </informaltable>
+ </table>
<indexterm>
<primary>zones</primary>
@@ -3159,7 +3134,6 @@ dhcpd_ifaces="dc0"</programlisting>
of a hostname is much like a file system: the
<filename class="directory">/dev</filename> directory falls
within the root, and so on.</para>
- </sect2>
<sect2>
<title>Reasons to Run a Name Server</title>
@@ -4431,56 +4405,45 @@ $include Kexample.com.+005+nnnnn.ZSK.key
<secondary>setting up</secondary></indexterm>
<indexterm><primary>Apache</primary></indexterm>
- <para>&os; is used to run some of the busiest web sites in the
- world. The majority of web servers on the Internet are using
- the <application>Apache HTTP Server</application>.
- <application>Apache</application> software packages should be
- included on the &os; installation media. If
- <application>Apache</application> was not installed while
- installing &os;, then it can be installed from the
- <filename role="package">www/apache22</filename> port.</para>
-
- <para>Once <application>Apache</application> has been installed
- successfully, it must be configured.</para>
-
- <note>
- <para>This section covers version 2.2.X of the
- <application>Apache HTTP Server</application> as that is the
- most widely used version for &os;. For more detailed
- information beyond the scope of this document about
- <application>Apache</application> 2.X, please see
- <ulink url="http://httpd.apache.org/"></ulink>.</para>
- </note>
+ <para>The open source
+ <application>Apache HTTP Server</application> is the most widely
+ used web server. &os; does not install this web server by default,
+ but it can be installed from the
+ <filename role="package">www/apache24</filename> package or port.</para>
+
+ <para>This section summarizes how to configure and start version 2.<replaceable>x</replaceable> of the
+ <application>Apache HTTP Server</application>, the
+ most widely used version, on &os;. For more detailed
+ information about
+ <application>Apache</application> 2.X and its configuration directives, refer to
+ <ulink url="http://httpd.apache.org/">httpd.apache.org</ulink>.</para>
<sect2>
- <title>Configuration</title>
+ <title>Configuring and Starting Apache</title>
<indexterm><primary>Apache</primary>
<secondary>configuration file</secondary></indexterm>
- <para>The main <application>Apache HTTP Server</application>
+ <para>In &os;, the main <application>Apache HTTP Server</application>
configuration file is installed as
- <filename>/usr/local/etc/apache22/httpd.conf</filename> on
- &os;. This file is a typical &unix; text configuration file
- with comment lines beginning with the <literal>#</literal>
- character. A comprehensive description of all possible
- configuration options is outside the scope of this book, so
- only the most frequently modified directives will be described
- here.</para>
+ <filename>/usr/local/etc/apache2<replaceable>x</replaceable>/httpd.conf</filename>.
+ This ASCII text file begins
+ comment lines with the <literal>#</literal>. The
+ most frequently modified directives are:</para>
<variablelist>
<varlistentry>
<term><literal>ServerRoot "/usr/local"</literal></term>
<listitem>
- <para>This specifies the default directory hierarchy for
+ <para>Specifies the default directory hierarchy for
the <application>Apache</application> installation.
Binaries are stored in the
<filename class="directory">bin</filename> and
<filename class="directory">sbin</filename>
subdirectories of the server root, and configuration
files are stored in <filename
- class="directory">etc/apache</filename>.</para>
+ class="directory">etc/apache2<replaceable>x</replaceable></filename>.</para>
</listitem>
</varlistentry>
@@ -4488,8 +4451,7 @@ $include Kexample.com.+005+nnnnn.ZSK.key
<term><literal>ServerAdmin you at your.address</literal></term>
<listitem>
- <para>The address to which problems with the server should
- be emailed. This address also appears on some
+ <para>The email address to receive problems with the server. This address also appears on some
server-generated pages, such as error documents.</para>
</listitem>
</varlistentry>
@@ -4498,21 +4460,20 @@ $include Kexample.com.+005+nnnnn.ZSK.key
<term><literal>ServerName www.example.com</literal></term>
<listitem>
- <para><literal>ServerName</literal> allows an
+ <para>Allows an
administrator to set a host name which is sent back to
- clients for the server. This is useful if the host is
- different than the one that it is configured with (i.e.,
- use <hostid>www</hostid> instead of the host's real
- name).</para>
+ clients for the server. For example,
+ <hostid>www</hostid> can be used instead of the actual host
+ name.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><literal>DocumentRoot
- "/usr/local/www/apache22/data"</literal></term>
+ "/usr/local/www/apache2<replaceable>x</replaceable>/data"</literal></term>
<listitem>
- <para><literal>DocumentRoot</literal>: The directory
+ <para>The directory
where documents will be served from. By default, all
requests are taken from this directory, but symbolic
links and aliases may be used to point to other
@@ -4525,18 +4486,14 @@ $include Kexample.com.+005+nnnnn.ZSK.key
<application>Apache</application> configuration file before
making changes. When the configuration of
<application>Apache</application>, is complete, save the
- file and verify the configuration using &man.apachectl.8;.
- To do this, issue <command>apachectl configtest</command>
- which should return <literal>Syntax OK</literal>.</para>
- </sect2>
-
- <sect2>
- <title>Running <application>Apache</application></title>
+ file and verify the configuration using apachectl(8).
+ Running <command>apachectl configtest</command>
+ should return <literal>Syntax OK</literal>.</para>
<indexterm><primary>Apache</primary>
<secondary>starting or stopping</secondary></indexterm>
- <para>The <filename role="package">www/apache22</filename> port
+ <para>The <filename role="package">www/apache24</filename> port
installs an &man.rc.8; script to aid in starting, stopping,
and restarting <application>Apache</application>, which can be
found in <filename
@@ -4546,13 +4503,13 @@ $include Kexample.com.+005+nnnnn.ZSK.key
startup, add the following line to
<filename>/etc/rc.conf</filename>:</para>
- <programlisting>apache22_enable="YES"</programlisting>
+ <programlisting>apache24_enable="YES"</programlisting>
<para>If <application>Apache</application> should be started
with non-default options, the following line may be added to
- <filename>/etc/rc.conf</filename>:</para>
+ <filename>/etc/rc.conf</filename> to specify the needed flags:</para>
- <programlisting>apache22_flags=""</programlisting>
+ <programlisting>apache24_flags=""</programlisting>
<para>The <application>Apache</application> configuration can be
tested for errors after making subsequent
@@ -4561,7 +4518,7 @@ $include Kexample.com.+005+nnnnn.ZSK.key
or by the &man.service.8; utility by issuing one of the
following commands:</para>
- <screen>&prompt.root; <userinput>service apache22 configtest</userinput></screen>
+ <screen>&prompt.root; <userinput>service apache24 configtest</userinput></screen>
<note>
<para>It is important to note that the
@@ -4571,11 +4528,10 @@ $include Kexample.com.+005+nnnnn.ZSK.key
</note>
<para>If <application>Apache</application> does not report
- configuration errors, the
- <application>Apache</application> <command>httpd</command>
- can be started with &man.service.8;:</para>
+ configuration errors, start <command>httpd</command>
+ with &man.service.8;:</para>
- <screen>&prompt.root; <userinput>service apache22 start</userinput></screen>
+ <screen>&prompt.root; <userinput>service apache24 start</userinput></screen>
<para>The <command>httpd</command> service can be tested by
entering <literal>http://<hostid
@@ -4585,7 +4541,7 @@ $include Kexample.com.+005+nnnnn.ZSK.key
domain name of the machine running <command>httpd</command>,
if it is not the local machine. The default web page that is
displayed is
- <filename>/usr/local/www/apache22/data/index.html</filename>.</para>
+ <filename>/usr/local/www/apache24/data/index.html</filename>.</para>
</sect2>
<sect2>
@@ -4915,128 +4871,107 @@ DocumentRoot /www/someotherdomain.tld
</authorgroup>
</sect1info>
-->
- <title>File Transfer Protocol (FTP)</title>
+ <title>File Transfer Protocol (<acronym>FTP</acronym>)</title>
- <indexterm><primary>FTP servers</primary></indexterm>
+ <indexterm><primary><acronym>FTP</acronym> servers</primary></indexterm>
- <para>The File Transfer Protocol (FTP) provides users with a
+ <para>The File Transfer Protocol (<acronym>FTP</acronym>) provides users with a
simple way to transfer files to and from an
- <acronym role="File Transfer Protocol">FTP</acronym> server.
- &os; includes <acronym
- role="File Transfer Protocol">FTP</acronym> server
- software, <application>ftpd</application>, in the base system.
- This makes setting up and administering an
- <acronym role="File Transfer Protocol">FTP</acronym> server on
- &os; very straightforward.</para>
+ <acronym>FTP</acronym> server.
+ &os; includes <acronym>FTP</acronym> server
+ software, <application>ftpd</application>, in the base system.</para>
+
+ <para>&os; provides several configuration files for controlling access
+ to the <acronym>FTP</acronym> server. This section summarizes
+ these files. Refer to &man.ftpd.8; for more details about the
+ built-in <acronym>FTP</acronym> server.</para>
- <sect2>
- <title>Configuration</title>
+ <sect2>
+ <title>Configuration</title>
<para>The most important configuration step is deciding which
- accounts will be allowed access to the FTP server. A normal
- &os; system has a number of system accounts used for various
- daemons, but unknown users should not be allowed to log in
- with these accounts. The <filename>/etc/ftpusers</filename>
- file is a list of users disallowed any FTP access. By
- default, it includes the aforementioned system accounts, but
- it is possible to add specific users here that should not be
- allowed access to FTP.</para>
+ accounts will be allowed access to the <acronym>FTP</acronym> server. A
+ &os; system has a number of system accounts which
+ should not be allowed <acronym>FTP</acronym> access.
+ The list of users disallowed any <acronym>FTP</acronym> access
+ can be found in <filename>/etc/ftpusers</filename>.
+ By
+ default, it includes system accounts. Additional
+ users that should not be
+ allowed access to <acronym>FTP</acronym> can be added.</para>
<para>In some cases it may be desirable to restrict the access
of some users without preventing them completely from using
- FTP. This can be accomplished with the
- <filename>/etc/ftpchroot</filename> file. This file lists
- users and groups subject to FTP access restrictions. Refer to
- &man.ftpchroot.5; for more details.</para>
+ <acronym>FTP</acronym>. This can be accomplished be creating
+ <filename>/etc/ftpchroot</filename> as described in &man.ftpchroot.5;. This file lists
+ users and groups subject to <acronym>FTP</acronym> access restrictions.</para>
<indexterm>
- <primary>FTP</primary>
+ <primary><acronym>FTP</acronym></primary>
<secondary>anonymous</secondary>
</indexterm>
- <para>To enable anonymous FTP access to the server, create a
+ <para>To enable anonymous <acronym>FTP</acronym> access to the server, create a
user named <username>ftp</username> on the &os; system. Users
- will then be able to log on to the FTP server with a username
- of <username>ftp</username> or <username>anonymous</username>
- and with any password (by convention an email address for the
- user should be used as the password). The FTP server will
+ will then be able to log on to the <acronym>FTP</acronym> server with a username
+ of <username>ftp</username> or <username>anonymous</username>. When prompted for the password,
+ any input will be accepted, but by convention, an email address
+ should be used as the password. The <acronym>FTP</acronym> server will
call &man.chroot.2; when an anonymous user logs in, to
restrict access to only the home directory of the
<username>ftp</username> user.</para>
- <para>There are two text files that specify welcome messages to
- be displayed to FTP clients. The contents of the file
+ <para>There are two text files that can be created to specify welcome messages to
+ be displayed to <acronym>FTP</acronym> clients. The contents of
<filename>/etc/ftpwelcome</filename> will be displayed to
users before they reach the login prompt. After a successful
- login, the contents of the file
+ login, the contents of
<filename>/etc/ftpmotd</filename> will be displayed. Note
that the path to this file is relative to the login
- environment, so the file <filename>~ftp/etc/ftpmotd</filename>
+ environment, so the contents of <filename>~ftp/etc/ftpmotd</filename>
would be displayed for anonymous users.</para>
- <para>Once the FTP server has been configured properly, it must
- be enabled in <filename>/etc/inetd.conf</filename>. All that
- is required here is to remove the comment symbol
- <quote>#</quote> from in front of the existing
- <application>ftpd</application> line :</para>
-
- <programlisting>ftp stream tcp nowait root /usr/libexec/ftpd ftpd -l</programlisting>
-
- <para>As explained in <xref linkend="network-inetd-reread"/>,
- the <application>inetd</application> configuration must be
- reloaded after this configuration file is changed. Please
- refer to <xref linkend="network-inetd-settings"/> for details
- on enabling <application>inetd</application> on the
- system.</para>
-
- <para>Alternatively, <application>ftpd</application> can also be
- started as a stand-alone server. In this case, it is
- sufficient to set the appropriate variable in
- <filename>/etc/rc.conf</filename>:</para>
+ <para>Once the <acronym>FTP</acronym> server has been configured, set the appropriate variable in
+ <filename>/etc/rc.conf</filename> to start the service during boot:</para>
<programlisting>ftpd_enable="YES"</programlisting>
- <para>After setting the above variable, the stand-alone server
- will be started at the next reboot, or it can be started
- manually by executing the following command as
- <username>root</username>:</para>
+ <para>To start the service now:</para>
<screen>&prompt.root; <userinput>service ftpd start</userinput></screen>
- <para>Log on to the FTP server by typing:</para>
+ <para>Test the connection to the <acronym>FTP</acronym> server by typing:</para>
<screen>&prompt.user; <userinput>ftp localhost</userinput></screen>
- </sect2>
-
- <sect2>
- <title>Maintaining</title>
<indexterm><primary>syslog</primary></indexterm>
<indexterm><primary>log files</primary>
- <secondary>FTP</secondary></indexterm>
+ <secondary><acronym>FTP</acronym></secondary></indexterm>
<para>The <application>ftpd</application> daemon uses
&man.syslog.3; to log messages. By default, the system log
- daemon will put messages related to FTP in the
- <filename>/var/log/xferlog</filename> file. The location of
- the FTP log can be modified by changing the following line in
+ daemon will write messages related to <acronym>FTP</acronym> in
+ <filename>/var/log/xferlog</filename>. The location of
+ the <acronym>FTP</acronym> log can be modified by changing the following line in
<filename>/etc/syslog.conf</filename>:</para>
<programlisting>ftp.info /var/log/xferlog</programlisting>
<indexterm>
- <primary>FTP</primary>
+ <primary><acronym>FTP</acronym></primary>
<secondary>anonymous</secondary>
</indexterm>
+ <note>
<para>Be aware of the potential problems involved with running
- an anonymous FTP server. In particular, think twice about
+ an anonymous <acronym>FTP</acronym> server. In particular, think twice about
allowing anonymous users to upload files. It may turn out
- that the FTP site becomes a forum for the trade of unlicensed
- commercial software or worse. If anonymous FTP uploads are
+ that the <acronym>FTP</acronym> site becomes a forum for the trade of unlicensed
+ commercial software or worse. If anonymous <acronym>FTP</acronym> uploads are
required, then verify the permissions so that these files can
not be read by other anonymous users until they have been
reviewed by an administrator.</para>
+ </note>
</sect2>
</sect1>
More information about the svn-doc-head
mailing list