infx management suite

Search this site

setup apache

You use Apache, or other compatible http server, to access the infx services from a browser. By setting up ssh keys (setup ssh keys) from the server with Apache, to your other servers running infx, you can manage all your Informix instances from the one installation of Apache.

Select a port number that is not in use if for this service, e.g. 63000, then access infx via:
http://server:63000/

Any user who tries to access the above address will be prompted for a user name and password. In this guide I show you how to use basic authentication for this.

You cannot skip this step. The infx services will not execute via the browser unless Apache has you logged in as "infxadmin".

set up virtual host

We set up a virtual host within Apache so it knows where to direct our requests to.

Edit the Apache config file, probably in /etc/httpd/conf/httpd.conf. Add this virtual host section, change server to your server name, and the port to your preferred port.

You need to be the root user to edit httpd.conf, add the lines at the end.

Listen server:63000
NameVirtualHost server:63000
<VirtualHost server:63000>
    DocumentRoot /infx/www/docroot
    ServerName server
    ErrorLog /infx/www/logs/infx-error.log
    CustomLog /infx/www/logs/infx.log common
    SetOutputFilter DEFLATE
    ScriptAlias /infx/scgi-bin/ "/infx/www/scgi-bin/"
    Alias /infx/ "/infx/www/docroot/"
    <Directory /infx/www/scgi-bin>
        AuthType Basic
        AuthName infxadmin
        AuthUserFile /infx/www/htpasswd
        Require user infxadmin
    </Directory>
    <IfModule mod_setenvif.c>
        <IfModule mod_headers.c>
            BrowserMatch chromeframe gcf
            Header append X-UA-Compatible "chrome=1" env=gcf 
        </IfModule>
    </IfModule>
</VirtualHost>

If Apache is only going to be used for infx, add these lines:

User informix
Group informix

This directs Apache to run as the informix user. infx requires this as it must be run as the informix user.

On potential issue with this is, if Apache is also being used for something else, e.g. an operating system monitoring tool. Only infx should be running as informix.

There is also a risk involved with running daemon processes that listen on network ports, such as Apache, as an administrative user like informix.

If someone can exploit Apache to gain access to your server, that access will be as the informix user. If you run the process as a limited, non-administrative account, that access can be restricted.

To do this, we first have to relocate the /infx/www/scgi-bin directory to a new secure location. You need to be logged on as the root user to perform these actions:

root@server# mkdir /var/www/infx
root@server# chown informix:informix /var/www/infx
root@server# mv /infx/www/scgi-bin /var/www/infx
root@server# chmod 755 /var/www/infx/scgi-bin
root@server# chmod 755 /var/www/infx/scgi-bin/* 
root@server# ln -s /var/www/infx/scgi-bin /infx/www/scgi-bin
root@server# ls -l /infx/www/scgi-bin
lrwxrwxrwx 1 root root 22 Mar 10 08:10 /infx/www/scgi-bin -> /var/www/infx/scgi-bin
root@server1# ls -l /var/www/infx/scgi-bin
total 12
-rwxr-xr-x 1 informix informix 2656 Mar 5 06:51 infx.cgi
-rwxr-xr-x 1 informix informix 4720 Mar 5 05:09 infxservice.cgi

Make these changes to what we added above, to reference the new location under /var/www. Add add the SuexecUserGroup directive.

Listen server:63000
NameVirtualHost server:63000
<VirtualHost server:63000>
    DocumentRoot /infx/www/docroot
    ServerName server
    ErrorLog /infx/www/logs/infx-error.log
    CustomLog /infx/www/logs/infx.log common
    SetOutputFilter DEFLATE
    SuexecUserGroup informix informix
    ScriptAlias /infx/scgi-bin/ "/var/www/infx/scgi-bin/"
    Alias /infx/ "/infx/www/docroot/"
    <Directory /var/www/infx/scgi-bin>
        AuthType Basic
        AuthName infxadmin
        AuthUserFile /infx/www/htpasswd
        Require user infxadmin
    </Directory>
</VirtualHost>

Remove the User informix/Group informix lines.

Now Apache will run as a default user, and only the CGI scripts will execute as the informix user.

setup authentication

Set the password for the infxadmin login, as the informix user

noenv@server:/home/informix/.ssh>htpasswd -c /infx/www/htpasswd infxadmin
New password:
Re-type new password:
Adding password for user infxadmin

You can use this command to change the infxadmin password at any time, and you should do so regularly.

This provides basic authentication only. You should decide on what the best method is for you.

Minimally you need to require entry of a password to access infx from the browser. You should treat this password the same as the informix password, as it gives the same level of access. You must use the username of infxadmin, as the CGI scripts require all requests to be logged through that user.

restart

Restart Apache, as root, so the settings take effect
.
root@server# /etc/init.d/httpd restart
Stopping httpd:                                            [  OK  ]
Starting httpd:                                            [  OK  ]
root@server1#

You can now manage the server with this address: http://server:63000/

Sign in|Report Abuse|Print Page|Remove Access|Powered By Google Sites