Apache
From charlesreid1
Related article: using the default Ubuntu Apache
Installation
Dependencies
Apache does not have any dependencies, as of version 2.2.x.
Configure
Linux (Ubuntu)
I have configured Apache 2.0 and 2.2 using this configure line (or something similar):
./configure \
--prefix=${HOME}/pkg/apache/2.2.x \
--sysconfdir=${HOME}/pkg/apache/conf \
--with-included-apr \
--enable-mods-shared="all ssl cache proxy authn_alias mem_cache file_cache
charset_lite dav_lock disk_cache mod_dav mod_dav_svn"
The long list of "mods-shared" is to enable shared modules to be built, for a variety of different things (e.g. mod_dav_svn allows for the apache server to serve as an SVN repository server). Go here for more information: http://httpd.apache.org/docs/2.0/mod/
The sysconfdir puts the httpd.conf file in a custom location. I put it in a place where it is viewable and accessible to any and all versions of Apache, so that if I want to use a non-standard version of Apache, I can still use the same config file.
Mac Leopard (OS X 10.5)
I configured Apache on Mac Leopard with the following configure line:
./configure \ --prefix=/path/to/apache \ --with-included-apr \ --enable-mods-shared="all ssl cache proxy authn_alias mem_cache file_cache charset_lite dav_lock disk_cache mod_dav mod_dav_svn"
Mac Snow Leopard (OS X 10.6)
I used the same configure line as for Mac Leopard.
Upgrading
In order to upgrade your Apache server, you will need to build the new version, and if you are using PHP, you will have to re-compile PHP (this can be done without taking your web server offline).
I will give instructions for upgrading Apache 2.0 to Apache 2.2.
First, download and unpack the tarball for Apache 2.2 (or, your new version):
tar xzf httpd-2.2.x.tar.gz
Now run configure, make, make install, and get Apache 2.2 installed. My directory structure is as follows:
$ cd ~/pkg/apache $ ls 2.0.64 2.2.21 std -> 2.0.64
Both installations of Apache work, but 2.0 is the default (I add ~/pkg/apache/std/bin
to my path instead of ~/pkg/apache/2.2.21/bin
because it makes this upgrade process much easier).
If you are not using PHP, then you are done.
If you are using PHP, you need to reconfigure PHP to load the PHP module in Apache.
Go to your PHP source code (or, redownload); visit the PHP page if you need a configure line for PHP. Make sure and point PHP's configure to the NEW version of Apache. If you do not want to take your web server offline, then you would build a separate version of PHP, instead of rebuilding your existing version.
Once you have re-built PHP, you should be able to turn on Apache, since it has now been built for the proper/standard system version of Apache.
If you see error messages about the PHP module, the problem stems from the PHP-rebuilding step.
Errors
After I upgraded from 2.2.17 to 2.2.19, I saw the following error when I tried to start the web server:
$ sudo apachectl start httpd: Syntax error on line 137 of /home/charles/pkg/apache/conf/httpd.conf: Cannot load /home/charles/pkg/apache/std/modules/libphp5.so into server: /home/charles/pkg/apache/std/modules/libphp5.so: cannot open shared object file: No such file or directory
As it turns out, the problem was that when I had built PHP, I had pointed it at Apache 2.2.17, for which it built its PHP module. Once I upgraded Apache to a new version, Apache was no longer able to find the PHP module, because it hadn't been built for the new version of Apache.
The solution, as described above in the Apache#Upgrading section, was to re-build PHP against the new Apache.
Apache Directory Structure
The --sysconfdir
configure argument is optional; I use this so that I can use a common configure file among all of my Apache installations. My Apache directory looks like this:
$ ls $HOME/pkg/apache 2.2.15 2.2.16 2.2.17 2.2.19 conf std -> 2.2.19 www
where 2.2.15/16 are old versions of Apache (non-standard), the standard version of Apache is 2.2.19 (the most up-to-date as of the time of writing), and both the conf
(Apache configuration files) and www
(web directory) can be shared by any Apache installation. This makes upgrading very simple - I would simply install 2.2.20 to $HOME/pkg/apache
with the above configure line, and I wouldn't have to copy/change/move any configuration files. (Note that the configuration files then point to the location of the web directory www
).
httpd.conf Configuration File
The httpd.conf
file contains directives used by Apache to determine various options, such as the location of the documents that are made public by the web server, which modules to include (e.g. PHP), the port(s) Apache will listen to, etc.
VirtualHosts http://httpd.apache.org/docs/2.0/vhosts/examples.html
Debugging Your httpd.conf
To debug problems with your httpd.conf, first check your system.log.
If you see Apache exit with code 1, i.e. a bunch of lines in your system.log that look like this:
Jun 25 15:43:30 The-Fat-Walrus com.apple.launchd[1] (org.apache.httpd[28836]): Exited with code: 1
try running apachectl with the -t option. This will describe any errors with the httpd.conf file, e.g.,
$ apachectl -t httpd: Syntax error on line 509 of /private/etc/apache2/httpd.conf: Cannot load /usr/modules/mod_wsgi.so into server: dlopen(/usr/modules/mod_wsgi.so, 10): image not found
Modules
PHP Module
When you install PHP, you can point configure to a build of Apache. When you type make
and make install
, it will modify your Apache httpd.conf
configuration file to add the appropriate PHP module.
Once the PHP module has been added to the Apache configuration file, you will also have to add a few other things to your httpd.conf
:
AddHandler php5-script php # <-- This line should be added automatically by PHP # PHP module settings: <IfModule php5_module> # Add php type handler AddType text/html php # Make index.php a default file <IfModule dir_module> DirectoryIndex index.html index.php </IfModule> </IfModule>
SVN Module
The Apache SVN module creates a way for an SVN server to serve an SVN repository through an Apache server.
Enabling/installing/configuring this module is covered by the RedBean SVN book http://svnbook.red-bean.com/en/1.0/ch06s04.html. It requires two modules to be loaded, mod_dav
and mod_dav_svn
, both enabled in the Apache httpd.conf configuration file. The guide is extremely extensive, so you should refer to it to get Apache set up with SVN.
Once you do, you can check out code from an svn repository by executing the command:
$ svn checkout http://www.yoursite.com/svn/repository_name local_directory/
SSL Module
SSL, secure socket layer, provides a secure way of communicating private information between a client, using their web browser, and the web server, running Apache. It allows you to serve HTTPS pages, which requires an SSL certificate (public/private key) that allows people to trust their connection to your server is genuine and secure.
Covered on the Apache/SSL page.
Other Interesting Apache Modules
One-Time Password Authentication Module | https://code.google.com/p/mod-authn-otp/ |
Perl Apache module | http://perl.apache.org/ |
Lisp Apache module | http://tinyurl.com/3pz92e3 |
Security
Protecting Directories with .htaccess
NOTE: This method should only be used when you don't have access to the Apache server.
This section will give an example of how to password-protect a directory using an .htaccess file.
The .htaccess file normally allows you to make configuration changes that are specific to one directory. This is useful for, say, a company-run web hosting service, where someone else runs the apache host. You can make apache configuration changes without needing root access, or any access, to the underlying apache server.
To password-protect a directory, the .htaccess file will need to contain information about where the valid usernames and passwords are stored.
AuthUserFile /path/to/.htpasswd AuthType Basic AuthName "This is a login message"
The .htaccess file points to an .htpasswd file containing valid usernames and passwords. This .htpasswd file should not be in the web root. It should only be accessible via SSH (or, at most, by FTP). Also, if you don't like the name ".htpasswd", you can call it whatever you want, as long as your .htaccess is accurate. However, .htpasswd is the traditional naming convention.
If we want to allow any user in the .htpasswd file, we can add the line
require valid-user
Otherwise, we can specify that only certain users are allowed access:
require user charles
Being able to set authorization settings in an .htaccess file requires the Apache server has the following directive set in httpd.conf:
AllowOverride AuthConfig
Protecting Directories with httpd.conf
NOTE: this method should only be used if you have root access to the Apache server. If you don't have root access, see #Using htpasswd section below.
Mod Auth
In your httpd.conf
apache configuration file, you can specify configuration settings for the entire server. However, you can also include directory-specific configuration settings, by putting them in a <Directory>
block:
<Directory /path/to/apache/htdocs/secret> # Directory-specific configurations go here </Directory>
Next, the same stuff that went into the .htaccess files (above section) can go into the <Directory>
block:
<Directory /path/to/apache/htdocs/secret> AuthType Basic AuthName "Your login message goes here" AuthUserFile /path/to/.htpasswd Require valid-user # or, #Require user charles </Directory>
Also see the (somewhat skimpy) Mod Auth documentation
Mod Access
Alternatively, you can also allow or deny access based on where the request is coming from, rather than a username and password combination.
For example, to allow only users from 127.0.0.1 (that is, just yourself):
<Directory /path/to/apache/htdocs/secret> Order deny,allow # <-- Specifies the order in which to apply the filters (deny filters first, then allow filters) Deny from all Allow from 127.0.0.1 </Directory>
To deny users from 127.0.0.1 (uh, yeah, suuuuure):
<Directory /path/to/apache/htdocs/secret> Deny from 127.0.0.1 </Directory>
In order for Apache to understand these Auth
directives, the Auth module has to be turned on.
Also see the (somewhat skimpy) Mod Access documentation
Using htpasswd
NOTE: This is the alternative to the above procedure, if you don't have root access.
From the Apache website:
- htpasswd encrypts passwords using either a version of MD5 modified for Apache, or the system's crypt() routine. Files managed by htpasswd may contain both types of passwords; some user records may have MD5-encrypted passwords while others in the same file may have passwords encrypted with crypt().
To create a .htpasswd file for the first time, you'll call the htpasswd program from the command line and use the -c
flag:
htpasswd -c /path/to/.htpasswd charles
This will prompt me to enter a password, will hash the password, and will store both in the file in the form username:*********
(where ********
is the hashed password).
To create a username and password combination in an existing .htpasswd file,
htpasswd /path/to/.htpasswd charles
Alternatively, you can specify a password on the command line (but be aware that someone could look through your history and find it):
htpasswd /path/to/.htpasswd charles MySecretPassword
You can visit the above link to the Apache website for more details.
Flags
GNU/Linux/Unix the concrete that makes the foundations of the internet.
Compiling Software · Upgrading Software Category:Build Tools · Make · Cmake · Gdb Bash Bash · Bash/Quick (Quick Reference) · Bash Math Text Editors Text Manipulation Command Line Utilities Aptitude · Diff · Make · Patch · Subversion · Xargs Security SSH (Secure Shell) · Gpg (Gnu Privacy Guard) · Category:Security Networking Linux/SSH · Linux/Networking · Linux/File Server Web Servers
|