How To Install, Secure, And Automate AWStats (CentOS/RHEL) - Page 2
Running AWStats Over An SSL Connection
If the above mentioned secure tactics aren't enough, you can also choose to run AWStats over an SSL connection. Prior to configuring, ensure that your web server has the appropriate configurations in place to support SSL. To create a self-signed SSL certificate for Apache, follow the instructions below:
Create A Certificate
OpenSSL should be installed on the server as this will be used to create the keys. Install on a CentOS or RHEL5 server. Move into the /etc/pki/tls/certs/ directory:
yum install mod_ssl
Create a RSA private key for the server:
# openssl genrsa -des3 -out server.key 1024
Generating RSA private key, 1024 bit long modulus
Enter pass phrase for server.key:
Verifying - Enter pass phrase for server.key:
# openssl rsa -noout -text -in server.key
Enter pass phrase for server.key:
Create a Certificate Signing Request with the server's RSA private key:
# openssl req -new -key server.key -out server.csr
Enter pass phrase for server.key:
You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank. For some fields, there will be a default value,
If you enter '.', the field will be left blank.
Country Name (2 letter code) [GB]:JO
State or Province Name (full name) [Berkshire]:State
Locality Name (eg, city) [Newbury]: Your Location
Organization Name (eg, company) [My Company Ltd]:My Company
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:ns.somewhere.com
Email Address []: [email protected]
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []: If you hit enter here, it will be empty
An optional company name []:
# openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
Signature ok
subject=/C=JO/ST=State/L=Your Location/O=My Company/CN=ns.somewhere.com/emailAddress= [email protected] Getting Private key
Enter pass phrase for server.key:
# cp server.crt /etc/pki/tls/certs/
# cp server.key /etc/pki/tls/private/
# cp server.csr /etc/pki/tls/private
Add permissions to each key:
# chmod go-rwx /etc/pki/tls/certs/server.crt
# chmod go-rwx /etc/pki/tls/private/server.key
# chmod go-rwx /etc/pki/tls/private/server.csr
Edit your httpd.conf (CentOS) and add these lines:
SSLCertificateFile /etc/pki/tls/certs/server.crt SSLCertificateKeyFile /etc/pki/tls/private/server.key
Verify that the server is now listening on port 443. Now go into the /var/www/html/ directory.
netstat -aunt
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN
Configuring Apache With SSL
Use https:// to access the web page instead of http://; when you access the webpage you will see the request to accept the self-signed certificate. If you are not asked to accept a certificate, review your configuration. In your .htaccess file add the following (modify the URL according to your install):
# redirect awstats to https
RewriteCond %{REQUEST_URI} ^/awstats(.*)
RewriteRule ^/rawe/awstats(.*)$ https://example.com/awstats$1 [R,L]
In your awstats.site.conf file modify the below entry to reflect your SSL connection:
UseHTTPSLinkForUrl Version : 4.0+ # When AWStats build HTML links in its report pages, it starts thoose link # with "http://". However some links might be HTTPS links, so you can enter # here the root of all your HTTPS links. If all your site is a SSL web site, # just enter "/". # This parameter is not used if ShowLinksOnUrl is 0. # Example: "/shopping" # Example: "/" # Default: "" # UseHTTPSLinkForUrl=""
Automate Updating Of AWStats With Cron
In order to avoid updating AWStats manually, you can create a cron job. There are several different schedules that can be applied; my recommended one is doing so daily to avoid adding overhead to the web server if your site generates a lot of traffic. To accomplish this:
$ crontab -e
VIM opens up. Hit i and enter the following line: The Letter i is for "insert".
45 9 * */usr/bin/awstats_updateall.pl now -confdir="/etc" -awstatsprog="/var/www/awstats/awstats.pl"
This cron job will update AWStats at 9.45am on a daily basis. -confdir="/etc" refers to all your config files inside AWStats.
Make sure there is a trailing empty line at the end of your crontab file (after your last command-line). Then hit "[Escape]" to leave the editing mode and type :x or ZZ to save the file and close VIM. You can also use a logrotate setup via apache which is easy and effective:
Edit /etc/logrotate.d:
/var/log/httpd/*log {
missingok
notifempty
sharedscripts
prerotate
/var/www/awstats/awstats.pl-update -config=somesite.net
postrotate
/etc/init.d/httpd reload > /dev/null 2>&1 || true
endscript
Cron Job For Many Configuration Files
If you have many config files, adding lots of cron jobs may not be very comfortable. In that case, you might want to make use of awstats_updateall.pl, a tool that comes with AWStats, by choosing this alternative cron job (without line breaks):
15 4 * * * perl $HOME/awstats/tools/awstats_updateall.pl now -awstatsprog=$HOME/awstats/cgi-bin/awstats.pl -configdir=$HOME/awstats/cgi-bin/
Using awstats_updateall.pl will call awstats.pl and run an update for all config-files to be found in the specified directory (awstats/cgi-bin). Since in this case awstats.pl is being executed you need to make sure that permissions are set accordingly:
$ chmod 504 awstats/cgi-bin/awstats.pl
This will allow yourself and thus your cronjob to execute awstats.pl.
Configuring Addons For AWStats
Normally Hostname lookups are done via DNS where Apache will enter information into a dns.txt file and Awstats will utilize that file to resolve the location of visiting countries (or people). If traffic on your site is high this may cause overhead slowing down the performance of AWStats (and Apache). A different method of accomplishing the same task and reducing the overhead is using an add-on module called GeoIP. Here is a very nice article GeoIP Information for AWStats (all credit goes to them) detailing the steps.
There you have it, you are ready to go. There are so many things you can do with Awstats I'd suggest you research additional topics such as ExtraSections, performance configurations, etc...
