Contents

About this guide   i

• Terminology    ii
  • Typographical Conventions    ii
  • Additional Resources    ii

Basic Administration   1-1

• Starting and Stopping Stronghold    1-2
  • Starting Stronghold    1-2
  • Restarting Stronghold    1-3
  • Shutting Stronghold Down    1-4
• The Server Directory Tree    1-5
• Using Logs and Reports    1-6
  • Access Logs    1-6
  • Error Logs    1-7
  • Cipher Logs    1-8
  • Custom Logs    1-9
  • Server Status Reports    1-10
  • Server Information Reports    1-13
  • Optional Logs    1-15
  • Rotating the Logs    1-15
• Tracking Sessions    1-17
  • Session Tracking with Cookies    1-17
  • Session Tracking with PATH_INFO    1-19

Authentication and Encryption   2-1

• SSL and TLS    2-2
  • Transport Layer Security (TLS)    2-2
  • Enabling SSL or TLS    2-2
• Encryption    2-3
  • Generating an Encryption Key Pair    2-6
  • Controlling Stronghold's Ciphers    2-6
• Authentication    2-10
  • Independent Certification Authorities    2-11
  • Private Certification Authorities    2-12
• Site Certificates and Keys    2-13
  • Acquiring a new Certificate and Key Pair    2-13
  • Renewing an Expired Certificate    2-14
  • Troubleshooting Mismatched Certificates and keys    2-14
• Client Authentication    2-16
  • Controlling Access with Client Certificates    2-16
  • Installing New Client CA Certificates    2-17
• Proxy Authentication    2-19
  • Proxy Client Certificates    2-19
  • Remote Server Authentication    2-20
• Private Certification Authorities    2-22
  • Setting up a CA    2-22
  • Configuring OpenSSL    2-24
  • Signing Certificates    2-25
• Security Utilities    2-27
  • Changing a Pass Phrase    2-27
  • Decrypting a Private Key    2-28
  • Requesting a Renewed Certificate    2-31
  • Comparing Certificates and Key Pairs    2-32
  • Requesting a New Certificate for an Existing Key Pair    2-33
  • Generating a Temporary Certificate    2-33
  • Installing a Site Certificate    2-33
  • Creating a Private Certification Authority    2-34
  • Converting a Netscape Commerce Certificate and Key Pair    2-34
  • Viewing the Contents of a Certificate    2-34
  • Administrating Basic Authentication    2-37

Tutorial: Access control   3-1

• Host-Based Access Control    3-2
• Access Control with Basic Authentication    3-6
• Access Control with SSL/TLS Certificates    3-9

Proxy Service   4-1

• Configuring the Proxy Server    4-4
  • Caching    4-5
  • Configuring a Mirror Proxy    4-6
• Proxying to Other Proxies    4-8
• Examples    4-9
  • An HTTP-to-SSL/TLS Proxy    4-9
  • An SSL/TLS-to-HTTP Proxy on One Platform    4-10
  • An SSL/TLS-toHTTP Proxy in Separate Platforms    4-11
  • An SSL/TLS-to-SSL/TLS Proxy    4-13

Troubleshooting   5-1

• Startup Errors    5-2
  • License Block Errors    5-2
  • Certificate and Key File Errors    5-2
  • Other Startup Errors    5-4
• Runtime Errors    5-6
• Browser Errors    5-9

Text-based configuration   6-1

• Using Directives    6-2
  • Containers    6-2
  • Wildcards    6-5
  • Regular Expressions    6-6
• Configuring an Upgraded Server    6-9
• Configuring Virtual Hosts    6-10
  • Configuration Requirements    6-10
  • IP-Based Virtual Hosts    6-12
  • Port-Based Virtual Hosts    6-13
  • Name-Based Virtual Hosts    6-14
  • Certificates and Key Pairs for Virtual Hosts    6-16
• Reconfiguring an SSL/TLS-Only Server    6-17

Configuration Reference   7-1

• General Configuration    7-3
  • Server Setup Directives    7-3
  • Virtual Hosts    7-7
  • SSL Setup    7-9
• Additional Features    7-20
  • Environment Variables    7-20
• Custom Log Formats    7-21
• .htaccess Configuration    7-22
  • Environment Variables    7-23
• Performance Tuning    7-25
  • Basic Performance Tuning    7-25
  • Keepalive    7-26
  • Process Control    7-27
  • Resources    7-30
  • Dynamic Module Linking    7-32
• Proxy Service and Caching    7-33
• Logging    7-40
  • General Logs    7-40
  • SSL Logs    7-48
• Directory Tree    7-51
  • Aliases    7-51
  • Directory Indexing    7-54
  • URL Spell-Checking    7-60
• File Handling and Preprocessing    7-61
  • Filetypes    7-61
  • Metainformation    7-63
  • Handlers    7-66
• Content Delivery    7-74
  • Client Request Security    7-74
  • Content Negotiation    7-75
  • Session Tracking    7-76
  • Imagemaps    7-77
  • Server-Side Includes    7-78
  • PHP/FI 2.0 Embedded Scripting    7-78
• Client Authentication and Access Control    7-84
  • Authentication Mode    7-84
  • Basic Authentication    7-84
  • Berkeley Database Authentication    7-87
  • Database Manager Authentication    7-88
  • Digest Authentication    7-89
  • SSL Certificate Authentication and Access Control    7-90
  • Host-Based Access Control    7-96
  • Anonymous Logins    7-99
• Server Authentication    7-101
  • Site Authentication    7-101
  • Proxy Authentication    7-103
• Encryption    7-105
• Compatible files    7-112

Modules   8-1

• Stronghold Modules    8-3
• Adding and Removing Modules    8-6
  • Dynamic Shared Object Support    8-6
  • Dynamic Module Linking    8-8
  • Recompiling Stronghold    8-9

Introduction to Content Delivery   9-1

• Server-Side Imagemaps    9-2
• Content Negotiation    9-6
• Server-Side Includes    9-7
  • Syntax and Directives    9-7
  • Flow Control Elements    9-10
  • SSI Environment Variables    9-11
• Tracking Sessions    9-13
  • Session Tracking with Cookies    9-13
  • Session Tracking with PATH_INFO    9-14
• Dynamic Content Delivery    9-15

Common Gateway Interface   10-1

• CGI Error Logging    10-2
• CGI Security    10-3
  • Authoring Tips    10-3
  • suEXEC    10-4

PHP3 Embedded Scripting   11-1

• PHP Quick Start    11-2
• PHP Configuration    11-3
  • Recompiling The PHP Modules    11-3
  • Configuring PHP    11-6
• Major Changes from PHP 2.0 to PHP3    11-7
  • Backward Incompatibilities    11-7
  • New Language Features    11-12
  • Other New Features    11-18

Indexing and Searching   12-1

• SWISH and WWWAIS    12-2
  • Configuring SWISH    12-2
• Configuring WWWWAIS    12-7
• Creating a Site Index    12-10
• Creating a Search
  Interface    12-12

HTTP Metainformation   A-1

• General Headers    A-2
• Client Request Headers    A-5
• Server Response Headers    A-9
• Entity Headers    A-12

Server Status Codes   B-1

• Informational Status Codes    B-2
• Client Request Successful    B-3
• Client Request Redirected    B-4
• Client Request Errors    B-5
• Server Errors    B-7

Environment Variables   C-1

• Server Variables    C-2
• Client Request Variables    C-3
• SSL/TLS Variables    C-8
  • Protocol Variables    C-8
  • Server Security Variables    C-10

Country Codes   D-1

Glossary   Glossary 1