Description

This document will show you how to configure Apache httpd to display unique stats on http://stats.example.com from http://example.com for as many domains as you have configured, simply repeat this process as many times as you like.

Purpose & Scope

For the purposes of this document we’ll assume:

  1. You are the owner of your domain.
  2. You are the owner of your server or hosting account.
  3. You are running an official copy of CentOS, RHEL or Fedora. (Can also be installed on other Linux distros, Mac OSX and Windows)
  4. You have SELinux enabled.

The purpose of this particular setup is to give a stats link to your customers or for your own sites that will show the actual stats as recorded by the Apache httpd log files so you or your customers can contrast and compare with Google Analytics or other stats.

Requirements

Explanation of requirements.

  1. Administrative control over your domain and DNS entries.
  2. Administrative or root access to your system.
  3. Apache httpd configured properly with the domain you want to track with AWStats.

Doing the Work

In this document we will assume: you are root, you own example.com and have administrative access to create the subdomain stats.example.com.

  1. Installing the EPEL software repository, AWStats and optional components for Geo tracking:
  2. Click the EPEL link for more verbose instructions or give this command:

    C6: su -c "https://dl.fedoraproject.org/pub/epel/epel-release-latest-6.noarch.rpm"
    C7: su -c "https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm"

    Then issue this command:
    yum --enablerepo=epel install awstats GeoIP-data perl-Geo-IP

    As of Centos 6.7 there is no longer a maintained perl-Geo-IP RPM package for Centos 6 from EPEL. This is required to use the Maxmind free or paid geo databases. The 64bit and src packages are provided so you can either install or rebuild your own.

    Download here:
    perl-Geo-IP-1.38-6.el6.x86_64
    perl-Geo-IP-1.38-6.el6.src

    Since there is no Centos package for the GeoLiteCity.dat you can get the single file from MaxMind as well as updated GeoIP.dat files here:

    http://www.maxmind.com/app/geolitecountry
    http://geolite.maxmind.com/download/geoip/database/GeoLiteCountry/GeoIP.dat.gz
    http://www.maxmind.com/app/geolitecity
    http://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz

    If you choose to use only the MaxMind files directly, you can put them in /var/www/GeoIP as follows:

    sudo mkdir /var/www/GeoIP; cd /var/www/GeoIP
    sudo wget http://geolite.maxmind.com/download/geoip/database/GeoLiteCountry/GeoIP.dat.gz
    sudo wget http://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz
    sudo gunzip GeoIP.dat.gz GeoLiteCity.dat.gz

  3. After successful install of the above software we will make a copy of the default AWStats config that we can use over and over:
  4. Copy default conf so we always have a clean starting point if something goes wrong.
    cp /etc/awstats/awstats.model.conf /etc/awstats/awstats.model.conf.orig

    Make another copy for our example site.
    cp /etc/awstats/awstats.model.conf.orig /etc/awstats/awstats.stats.example.com.conf

  5. Next we create the directories for the new subdomain stats.example.com. For security purposes the default Apache httpd documentRoot in Centos is /var/www/
  6. Our DocumentRoot for example.com is in /var/www/example.com/main. With this structure, anything associated with example.com is all in one place but completely separate, regardless of how many subdomains we have.

    Make a new directory to hold the DocumentRoot for the stats subdomain:
    mkdir -p /var/www/example.com/stats

  7. Next we copy the AWStats program files to our newly created /var/www/example.com/stats directory:
  8. cd /usr/share/awstats/wwwroot/
    sudo cp -R * /var/www/example.com/stats/
    cd /var/www/example.com/stats/cgi-bin/
    sudo cp * ../

  9. Next, edit /etc/httpd/conf/httpd.conf
  10. vi /etc/httpd/conf/httpd.conf

    Change this line: #AddHandler cgi-script .cgi
    To this: AddHandler cgi-script .cgi .pl

  11. Next, let’s alter the Apache httpd vhosts.conf file and add an entry for our new subdomain:
  12. Add this information in /etc/httpd.conf.d/vhosts.conf
    create this file if it does not exist

    You should already have a domain configured that you’d like to track the stats of like this:

  13. See the PHP-FPM document for adding that to the configuration
  14. Now let’s edit the awstats.stats.example.com.conf we created above:
  15. vi /etc/awstats/awstats.stats.example.com.conf

    We will be editing the following lines:

    1. LogFile=”/var/log/httpd/example.com_access_log”
    2. SiteDomain=”example.com”
    3. HostAliases=”example.com”
    4. DirData=”/var/www/example.com/stats”
    5. DirIcons=”/icon”
    6. LoadPlugin=”graphgooglechartapi”
    7. LoadPlugin=”geoip GEOIP_STANDARD /usr/share/GeoIP/GeoIP.dat”
    8. (Optional: using the MaxMind direct download method)

    9. LoadPlugin=”geoip_city_maxmind GEOIP_STANDARD /usr/share/GeoIP/GeoLiteCity.dat”
    10. (Optional: using the MaxMind direct download method)

    note: Make sure each of the above lines is uncommented and correctly configured for your setup.
    note: The LogFile directive in the AWStats config must be the same as the httpd VirtualHost CustomLog directive for the site we actually want the stats from (example.com).

  16. Next let’s restart Apache httpd so our changes take effect:
  17. C6: service httpd restart
    C7: systemctl restart httpd.service

  18. Next we’ll call the AWStats perl script to manually update our stats right now:
  19. perl /var/www/example.com/stats/cgi-bin/awstats.pl -config=stats.example.com -update

  20. Next, to update our stats automatically every hour via cron we do the following:
  21. vi /etc/cron.hourly/awstats_example.com

    Add this line, save and exit:

  22. Finally, mark the file as executable so the system can run it
  23. chmod +x /etc/cron.hourly/awstats_example.com

    C6: service crond restart
    C7: systemctl restart crond.service

  24. We can also use htpasswd within our VirtualHost Directory block or htaccess file to require usernames and passwords for basic access to the directory from prying eyes.
  25. Do not confuse this with security of any kind, this is easily bypassed, for better security, use the mod_auth_mysql method below instead and load the domain over ssl

    Method #1 – htaccess, htpasswd

    We’ll be doing this work as root in the directory: /var/www/example.com/secure/

    1. Create a secure area to store password files, outside the DocumentRoot
    2. We’ll store our password file outside of the DocumentRoot so no one can download or directly access it.
      mkdir /var/www/secure

    3. Create a new user (joe) and password for that user. We’ll use the -c (create new) and -s (use sha instead of md5 passwords). The -c flag only needs to be given the first time, when there is no existing password file.
    4. htpasswd -c -s .htpasswds Joe

    5. Let’s Check to see the password was actually added as expected:
    6. vi .htpasswd_stats

    7. Edit the VirtualHost and add the code below
    8. vi /etc/httpd/conf.d/vhosts.conf

      Add this to the VirtualHost entry for stats.example.com:

    Method #2 mod_auth_mysql

    1. Install mod_auth_mysql
    2. yum install mod_auth_mysql

    3. Create MariaDB container
    4. $ mysql -u root -ppassword

    5. Add Apache httpd Auth Directives
    6. Examples:
      require valid-user : Allow all users if authentication (password) is correct.
      require user greg phil bob : Allow only greg phil bob to login.
      require group accounting : Allow only users in group “accounting” to authenticate.

      Directive Description
      AuthMySQLEnable On If ‘Off’, MySQL authentication will pass on the authentication job to the other authentication modules i.e password files.
      AuthMySQLHost host_name Name of MySQL Database hosr. i.e. ‘localhost’
      AuthMySQLPort TCP_Port_number Port number of MySQL Database. Default: 3306
      AuthMySQLDB database_name Name of MySQL Database.
      AuthMySQLUser user_id MySQL Database login id.
      AuthMySQLPassword user_password MySQL Database login password. Plain text.
      AuthMySQLUserTable user_table_name Name of MySQL Databse table in the database which holds the user name and passwords.
      AuthMySQLGroupTable group_table_name Databse table holding group info.
      AuthMySQLNameField user_field_name If not using default field name ‘user_name’, then specify. Not case sensitive id CHAR or VARCHAR.
      AuthMySQLPasswordFieldpassword_field_name If not using default field name ‘user_passwd’, then specify. Passwords are case sensitive.
      AuthMySQLGroupField group_field_name If not using default field name ‘groups’, then specify.
      AuthMySQLNoPasswd Off Off: Passwords can be null (”). On: password must be specified.
      AuthMySQLPwEncryption none Options: none, crypt, scrambled (MySQL password encryption), md5, aes, sha. If you are going to use plain-text passwords for mysql authentication, you must include this directive with the argument “none”.
      AuthMySQLSaltField salt_string mysql_column_name Salt field to be used for crypt and aes.
      AuthMySQLAuthoritative on Authenticate using other authentication modules after the user is successfully authenticated by the MySQL auth module. Default on: request is not passed on.
      AuthMySQLKeepAlive Off Off: Close the MySQL link after each authentication request.

    7. Restart the webserver
    8. C6: service httpd restart
      C7: systemctl restart httpd.service

    Now, try hitting your site at: http://stats.example.com You should be prompted for a username and password for your user.

    If you run into errors, try double checking the steps or join #centos or #httpd on Freenode for further assistance.

Troubleshooting & Testing

Explanation troubleshooting basics and expectations.

  1. Testing your configuration:
  2. You should now be able to go to: http://stats.example.com/ or http://stats.example.com/cgi-bin/awstats.pl and see your sites stats.

  3. If this does not work for you, please go through the document more slowly and double check every setting as well as your Apache httpd error logs:
  4. Common mistakes are: Typos, file permissions, file ownership, improper or conflicting Apache httpd Options directives or other Apache httpd config errors. The first place to check is always the error logs specified in your VirtualHost config above.

  5. If you do not see the GeoIP data, but the rest of AWStats works, check the SELinux file contexts for the GeoIP files:
  6. Incorrect SElinux context:
    ls -alsZ /var/lib/GeoIP/
    Output:

    Fix:

    Correct SElinux context:
    ls -alsZ /var/lib/GeoIP/
    Output:

    You should be able to see country/city GeoIP data now if you refresh the page.

Added Reading

Last Modified: 13 Jul, 2016 at 12:01:19