setup apache
You can use Apache or other compatible http server, to access the infx commands from a browser.
By setting up ssh keys (setup ssh keys) from the server with Apache installed, you can manage all your Informix instances from the one installation of Apache.
default Apache
When you install infx, you can also install a stand-alone version of Apache.
This runs a standalone copy of Apache, executing as the informix user.
To re-run that installation manually use the command.
This guide covers manual configuration of Apache and explores some of the security features.
setups
- Select a port for apache to listen on e.g. 63000
- Create a “virtual host” with settings for the infx software
- Set up the infxadmin user with a password for access via the browser
- Security options for apache
apache config file
Create a new Apache config file e.g. /etc/httpd/conf.d/infx.conf
This will contain all the settings that infx requires.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 |
Listen server:63000 NameVirtualHost server:63000 <VirtualHost server:63000> DocumentRoot /infx/www/docroot ServerName server ErrorLog /infx/www/logs/infx-error.log CustomLog /infx/www/logs/infx.log common SetOutputFilter DEFLATE ScriptAlias /infx/scgi-bin/ "/infx/www/scgi-bin/" Alias /infx/ "/infx/www/docroot/" <Directory /infx/www/scgi-bin> AuthType Basic AuthName infxadmin AuthUserFile /infx/www/htpasswd Require user infxadmin </Directory> <IfModule mod_setenvif.c> <IfModule mod_headers.c> BrowserMatch chromeframe gcf Header append X-UA-Compatible "chrome=1" env=gcf </IfModule> </IfModule> </VirtualHost> |
informix user setting
If Apache is only going to be used for infx, you can run the web server process as the user informix.
Edit the infx.conf file and add these lines at the top.
1 2 |
User informix Group informix |
This directs Apache to run as the informix user. The infx commands must be run as the informix user.
using a different user
If someone can exploit Apache to gain access to your server, that access will be as the informix user. If you run the process as a limited, non-administrative account, that access can be restricted.
You can run Apache as default user, but have it use suexec to execute the infx commands as informix.
relocate infx scgi-bin directory
First you have to relocate the /infx/www/scgi-bin directory to a new secure location.
Just creating a link will not work. The files must be in a directory under /var/www.
1 2 3 4 5 6 7 8 9 10 11 12 |
$ mkdir /var/www/infx $ chown informix:informix /var/www/infx $ mv /infx/www/scgi-bin /var/www/infx $ chmod 755 /var/www/infx/scgi-bin $ chmod 755 /var/www/infx/scgi-bin/* $ ln -s /var/www/infx/scgi-bin /infx/www/scgi-bin $ ls -l /infx/www/scgi-bin lrwxrwxrwx 1 root root 22 Mar 10 08:10 /infx/www/scgi-bin -> /var/www/infx/scgi-bin $ ls -l /var/www/infx/scgi-bin total 12 -rwxr-xr-x 1 informix informix 2656 Mar 5 06:51 infx.cgi -rwxr-xr-x 1 informix informix 4720 Mar 5 05:09 infxservice.cgi |
change infx.conf
Edit /etc/httpd/conf.d/infx.conf to reference the new location under /var/www, then add the SuexecUserGroup directive.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 |
Listen server:63000 NameVirtualHost server:63000 <VirtualHost server:63000> DocumentRoot /infx/www/docroot ServerName server ErrorLog /infx/www/logs/infx-error.log CustomLog /infx/www/logs/infx.log common SetOutputFilter DEFLATE SuexecUserGroup informix informix ScriptAlias /infx/scgi-bin/ "/var/www/infx/scgi-bin/" Alias /infx/ "/infx/www/docroot/" <Directory /var/www/infx/scgi-bin> AuthType Basic AuthName infxadmin AuthUserFile /infx/www/htpasswd Require user infxadmin </Directory> </VirtualHost> |
Now Apache runs as a default user, and only the infx CGI scripts can be executed as the informix user.
setup authentication
Set the password for the infxadmin login, as the informix user
1 2 3 4 |
$ htpasswd -c /infx/www/htpasswd infxadmin New password: Re-type new password: Adding password for user infxadmin |
You can use this command to change the infxadmin password at any time, and you probably should do so regularly.
This provides basic authentication only, Apache offers several other authentication methods you could try.
Minimally you must require entry of a password to access infx from the browser. You should treat this password the same as the informix password, as it gives the same level of access.
restart
Restart Apache, as root, so the settings take effect.
1 2 3 |
$ /etc/init.d/httpd restart Stopping httpd: [ OK ] Starting httpd: [ OK ] |
You can now manage the server with this address: http://server:63000/.