Related article: using the default Ubuntu Apache

Installation

Dependencies

Apache does not have any dependencies, as of version 2.2.x.

Configure

Linux (Ubuntu)

I have configured Apache 2.0 and 2.2 using this configure line (or something similar):

./configure \
 --prefix=${HOME}/pkg/apache/2.2.x \
 --sysconfdir=${HOME}/pkg/apache/conf \
 --with-included-apr \
 --enable-mods-shared="all ssl cache proxy authn_alias mem_cache file_cache 
                       charset_lite dav_lock disk_cache mod_dav mod_dav_svn"

The long list of "mods-shared" is to enable shared modules to be built, for a variety of different things (e.g. mod_dav_svn allows for the apache server to serve as an SVN repository server). Go here for more information: http://httpd.apache.org/docs/2.0/mod/

The sysconfdir puts the httpd.conf file in a custom location. I put it in a place where it is viewable and accessible to any and all versions of Apache, so that if I want to use a non-standard version of Apache, I can still use the same config file.

Mac Leopard (OS X 10.5)

I configured Apache on Mac Leopard with the following configure line:

./configure \
 --prefix=/path/to/apache \
 --with-included-apr \
 --enable-mods-shared="all ssl cache proxy authn_alias mem_cache file_cache 
                       charset_lite dav_lock disk_cache mod_dav mod_dav_svn"

Mac Snow Leopard (OS X 10.6)

I used the same configure line as for Mac Leopard.

Upgrading

In order to upgrade your Apache server, you will need to build the new version, and if you are using PHP, you will have to re-compile PHP (this can be done without taking your web server offline).

I will give instructions for upgrading Apache 2.0 to Apache 2.2.

First, download and unpack the tarball for Apache 2.2 (or, your new version):

tar xzf httpd-2.2.x.tar.gz

Now run configure, make, make install, and get Apache 2.2 installed. My directory structure is as follows:

$ cd ~/pkg/apache

$ ls
2.0.64
2.2.21
std -> 2.0.64

Both installations of Apache work, but 2.0 is the default (I add ~/pkg/apache/std/bin to my path instead of ~/pkg/apache/2.2.21/bin because it makes this upgrade process much easier).

If you are not using PHP, then you are done.

If you are using PHP, you need to reconfigure PHP to load the PHP module in Apache.

Go to your PHP source code (or, redownload); visit the PHP page if you need a configure line for PHP. Make sure and point PHP's configure to the NEW version of Apache. If you do not want to take your web server offline, then you would build a separate version of PHP, instead of rebuilding your existing version.

Once you have re-built PHP, you should be able to turn on Apache, since it has now been built for the proper/standard system version of Apache.

If you see error messages about the PHP module, the problem stems from the PHP-rebuilding step.

Errors

After I upgraded from 2.2.17 to 2.2.19, I saw the following error when I tried to start the web server:

$ sudo apachectl start
httpd: Syntax error on line 137 of /home/charles/pkg/apache/conf/httpd.conf: 
Cannot load /home/charles/pkg/apache/std/modules/libphp5.so into server: 
/home/charles/pkg/apache/std/modules/libphp5.so: cannot open shared object file: 
No such file or directory

As it turns out, the problem was that when I had built PHP, I had pointed it at Apache 2.2.17, for which it built its PHP module. Once I upgraded Apache to a new version, Apache was no longer able to find the PHP module, because it hadn't been built for the new version of Apache.

The solution, as described above in the Apache#Upgrading section, was to re-build PHP against the new Apache.

Apache Directory Structure

The --sysconfdir configure argument is optional; I use this so that I can use a common configure file among all of my Apache installations. My Apache directory looks like this:

$ ls $HOME/pkg/apache

2.2.15
2.2.16
2.2.17
2.2.19  
conf 
std -> 2.2.19
www

where 2.2.15/16 are old versions of Apache (non-standard), the standard version of Apache is 2.2.19 (the most up-to-date as of the time of writing), and both the conf (Apache configuration files) and www (web directory) can be shared by any Apache installation. This makes upgrading very simple - I would simply install 2.2.20 to $HOME/pkg/apache with the above configure line, and I wouldn't have to copy/change/move any configuration files. (Note that the configuration files then point to the location of the web directory www).

httpd.conf Configuration File

The httpd.conf file contains directives used by Apache to determine various options, such as the location of the documents that are made public by the web server, which modules to include (e.g. PHP), the port(s) Apache will listen to, etc.

VirtualHosts http://httpd.apache.org/docs/2.0/vhosts/examples.html

Debugging Your httpd.conf

To debug problems with your httpd.conf, first check your system.log.

If you see Apache exit with code 1, i.e. a bunch of lines in your system.log that look like this:

Jun 25 15:43:30 The-Fat-Walrus com.apple.launchd[1] (org.apache.httpd[28836]): Exited with code: 1

try running apachectl with the -t option. This will describe any errors with the httpd.conf file, e.g.,

$ apachectl -t 

httpd: Syntax error on line 509 of /private/etc/apache2/httpd.conf: Cannot load /usr/modules/mod_wsgi.so into server: dlopen(/usr/modules/mod_wsgi.so, 10): image not found

Modules

PHP Module

When you install PHP, you can point configure to a build of Apache. When you type make and make install, it will modify your Apache httpd.conf configuration file to add the appropriate PHP module.

Once the PHP module has been added to the Apache configuration file, you will also have to add a few other things to your httpd.conf:

AddHandler php5-script php  # <-- This line should be added automatically by PHP

# PHP module settings:
<IfModule php5_module>

    # Add php type handler
    AddType text/html       php

    # Make index.php a default file
    <IfModule dir_module>
        DirectoryIndex index.html index.php
    </IfModule>
</IfModule>

SVN Module

The Apache SVN module creates a way for an SVN server to serve an SVN repository through an Apache server.

Enabling/installing/configuring this module is covered by the RedBean SVN book http://svnbook.red-bean.com/en/1.0/ch06s04.html. It requires two modules to be loaded, mod_dav and mod_dav_svn, both enabled in the Apache httpd.conf configuration file. The guide is extremely extensive, so you should refer to it to get Apache set up with SVN.

Once you do, you can check out code from an svn repository by executing the command:

$ svn checkout http://www.yoursite.com/svn/repository_name local_directory/

SSL Module

SSL, secure socket layer, provides a secure way of communicating private information between a client, using their web browser, and the web server, running Apache. It allows you to serve HTTPS pages, which requires an SSL certificate (public/private key) that allows people to trust their connection to your server is genuine and secure.

Covered on the Apache/SSL page.

Other Interesting Apache Modules

One-Time Password Authentication Module	https://code.google.com/p/mod-authn-otp/
Perl Apache module	http://perl.apache.org/
Lisp Apache module	http://tinyurl.com/3pz92e3

Security

Protecting Directories with .htaccess

NOTE: This method should only be used when you don't have access to the Apache server.

This section will give an example of how to password-protect a directory using an .htaccess file.

The .htaccess file normally allows you to make configuration changes that are specific to one directory. This is useful for, say, a company-run web hosting service, where someone else runs the apache host. You can make apache configuration changes without needing root access, or any access, to the underlying apache server.

To password-protect a directory, the .htaccess file will need to contain information about where the valid usernames and passwords are stored.

AuthUserFile /path/to/.htpasswd 
AuthType Basic
AuthName "This is a login message"

The .htaccess file points to an .htpasswd file containing valid usernames and passwords. This .htpasswd file should not be in the web root. It should only be accessible via SSH (or, at most, by FTP). Also, if you don't like the name ".htpasswd", you can call it whatever you want, as long as your .htaccess is accurate. However, .htpasswd is the traditional naming convention.

If we want to allow any user in the .htpasswd file, we can add the line

require valid-user

Otherwise, we can specify that only certain users are allowed access:

require user charles

Being able to set authorization settings in an .htaccess file requires the Apache server has the following directive set in httpd.conf:

AllowOverride AuthConfig

Protecting Directories with httpd.conf

NOTE: this method should only be used if you have root access to the Apache server. If you don't have root access, see #Using htpasswd section below.

Mod Auth

In your httpd.conf apache configuration file, you can specify configuration settings for the entire server. However, you can also include directory-specific configuration settings, by putting them in a <Directory> block:

<Directory /path/to/apache/htdocs/secret>
    # Directory-specific configurations go here
</Directory>

Next, the same stuff that went into the .htaccess files (above section) can go into the <Directory> block:

<Directory /path/to/apache/htdocs/secret>
    AuthType Basic
    AuthName "Your login message goes here"
    AuthUserFile /path/to/.htpasswd
    Require valid-user
    # or,
    #Require user charles
</Directory>

Also see the (somewhat skimpy) Mod Auth documentation

Mod Access

Alternatively, you can also allow or deny access based on where the request is coming from, rather than a username and password combination.

For example, to allow only users from 127.0.0.1 (that is, just yourself):

<Directory /path/to/apache/htdocs/secret>
    Order deny,allow # <-- Specifies the order in which to apply the filters (deny filters first, then allow filters)
    Deny from all
    Allow from 127.0.0.1
</Directory>

To deny users from 127.0.0.1 (uh, yeah, suuuuure):

<Directory /path/to/apache/htdocs/secret>
    Deny from 127.0.0.1
</Directory>

In order for Apache to understand these Auth directives, the Auth module has to be turned on.

Also see the (somewhat skimpy) Mod Access documentation

Using htpasswd

NOTE: This is the alternative to the above procedure, if you don't have root access.

From the Apache website:

htpasswd encrypts passwords using either a version of MD5 modified for Apache, or the system's crypt() routine. Files managed by htpasswd may contain both types of passwords; some user records may have MD5-encrypted passwords while others in the same file may have passwords encrypted with crypt().

To create a .htpasswd file for the first time, you'll call the htpasswd program from the command line and use the -c flag:

htpasswd -c /path/to/.htpasswd charles

This will prompt me to enter a password, will hash the password, and will store both in the file in the form username:********* (where ******** is the hashed password).

To create a username and password combination in an existing .htpasswd file,

htpasswd /path/to/.htpasswd charles

Alternatively, you can specify a password on the command line (but be aware that someone could look through your history and find it):

htpasswd /path/to/.htpasswd charles MySecretPassword

You can visit the above link to the Apache website for more details.

Flags

Apache

From charlesreid1

Contents