Httpd RHEL Compilation: Difference between revisions

From NovaOrdis Knowledge Base
Jump to navigation Jump to search
No edit summary
 
(47 intermediate revisions by the same user not shown)
Line 8: Line 8:
=Overview=
=Overview=


This is the Apache httpd compilation/installation procedure. It implies that httpd is compiled from source. If you plan to install httpd with yum, go directly to [[#yum_Installation|yum installation]].
This is the Apache httpd compilation/installation procedure. It implies that httpd is compiled from source. If you plan to install httpd with yum, go directly to [[Httpd_Installation#Installation|yum installation]]. The procedure was tested on RHEL and Mac. If you compile on Mac, make sure to follow the advice from "[[httpd Compilation on Mac|Compilation on Mac]]" section, below.


=Procedure=
=Download=
 
==Download==


Download from http://httpd.apache.org/download.cgi and optionally place in the local <tt>archive</tt> directory.
Download from http://httpd.apache.org/download.cgi and optionally place in the local <tt>archive</tt> directory.


<pre>
<pre>
wget http://mirror.cogentco.com/pub/apache//httpd/httpd-2.4.25.tar.gz
wget http://mirror.cogentco.com/pub/apache//httpd/httpd-2.2.17.tar.gz
</pre>
</pre>


Older releases may not be on mirrors, but they can be downloaded directly from the apache web site: http://archive.apache.org/dist/httpd.
Older releases may not be on mirrors, but they can be downloaded directly from the apache web site: http://archive.apache.org/dist/httpd.


==Extract==
=Extract=


The sources can be extracted as a non-root user.
The sources can be extracted as a non-root user.
Line 31: Line 29:
</pre>
</pre>


==Configure Compilation==
=Configure Compilation=


* http://httpd.apache.org/docs/current/programs/configure.html
{{External|http://httpd.apache.org/docs/current/programs/configure.html}}


Compilation can be configured as a non-root user.
Compilation can be configured as a non-root user.
Line 46: Line 44:
</pre>
</pre>


!Notes:
==Compilation Configuration Notes==
 
===Shared Modules Option===
 
It is a good idea to compile httpd with shared module option enabled and load them dynamically as needed. For that, the Dynamic Shared Object (DSO) capability must be enabled at compilation, with:
 
<pre>
--enable-so
</pre>


* It is a good idea to compile {{httpd}} with shared module option enabled ({{--enable-so --enable-expires=shared}}).
For more details on Dynamic Shared Object (DSO) capability, see {{Internal|Httpd_Modules#Static_Modules_vs_Dynamic_Modules|Static Modules vs. Dynamic Modules}}
* {{configure}} may complain about not finding APR. I worked around this by using {{--with-included-apr}} in configure configuration.
* different module configuration requirements:


|worker MPM| see [Woker MPM Compilation|HttpdWorkerMPM#Compilation]
===APR===
|mod_proxy| see [Mod_proxy#Compilation]
|mod_proxy_ajp| see [Mod_proxy_ajp#Compilation]
|mod_rewrite | see [Mod_clusterInstallation]
|mod_expires|


* If you need SSL, compile the latest OpenSSL (see [OpenSSL#Compilation]) and then
<tt>configure</tt> may complain about not finding APR. I worked around this by using <tt>--with-included-apr</tt> in configure configuration.


{{{
===SSL Compilation===


    ...
If you need SSL, compile the latest OpenSSL (see [OpenSSL#Compilation]) and then
    --enable-ssl
    --with-ssl=/data/openssl-1.0.2/
    ...
}}}


Also, important, if you use SSL, when running httpd, you need to set LD_LIBRARY_PATH to point to the OpenSSL lib directory:
<pre>
...
--enable-ssl
--with-ssl=/data/openssl-1.0.2/
...
</pre>


{{{
If you use SSL, when running httpd, you need to set LD_LIBRARY_PATH to point to the OpenSSL lib directory:
 
<pre>
LD_LIBRARY_PATH="/data/openssl-1.0.2/lib:${LD_LIBRARY_PATH}"
LD_LIBRARY_PATH="/data/openssl-1.0.2/lib:${LD_LIBRARY_PATH}"
export LD_LIBRARY_PATH
export LD_LIBRARY_PATH
}}}
</pre>


==Compilation on Mac==


!Cleaning configuration
{{Internal|httpd Compilation on Mac|Compilation on Mac}}
 
==Various Module Configuration Requirements==
 
<blockquote style="background-color: #f9f9f9; border: solid thin lightgrey;">
: <br>
: <span id="worker_mpm_compilation">[[httpd worker MPM Compilation|worker MPM Compilation]]</span>
: [[httpd mod_expires#Compilation|mod_expires Compilation]]
: [[httpd mod_proxy Compilation|mod_proxy Compilation]]
: [[Httpd mod proxy ajp Compilation|mod_proxy_ajp Compilation]]
: <br>
</blockquote>
 
==Cleaning configuration==


The only option I discovered so far is to completely remove the source tree. I am sure others exist ... if I find them, add them here.
The only option I discovered so far is to completely remove the source tree. I am sure others exist ... if I find them, add them here.


==Configuration Examples==


!Nike configuration
===Example 1===
 
{{{


Version 2.2.15
Version 2.2.15


<pre>
./configure --prefix=/cust/soe/opt/apache/2.2.15_without_mod_proxy  
./configure --prefix=/cust/soe/opt/apache/2.2.15_without_mod_proxy  
             --enable-logio  
             --enable-logio  
Line 103: Line 120:
             --enable-so  
             --enable-so  
             --with-mpm=worker  
             --with-mpm=worker  
</pre>


We disable mod_proxy so we can use the version included in mod_cluster.   
We disabled mod_proxy so we can use the version included in mod_cluster.   
}}}


===Example 2===


!SMC Configuration
We use mod_proxy:


They use mod_proxy
<pre>
 
{{{
#!/bin/bash
#!/bin/bash


Line 121: Line 137:
  --enable-expires=shared \
  --enable-expires=shared \
  --with-mpm=worker \
  --with-mpm=worker \
  --enable-proxy \
  --enable-proxy=shared \
  --enable-proxy-connect \
  --enable-proxy-connect=shared \
  --enable-proxy-http \
  --enable-proxy-http=shared \
  --enable-proxy-ajp \
  --enable-proxy-ajp=shared \
  --enable-proxy-balancer \
  --enable-proxy-balancer=shared \
  --disable-cgi \
  --disable-cgi \
  --enable-ssl \
  --enable-ssl \
  --with-ssl=/data/openssl-1.0.2
  --with-ssl=/data/openssl-1.0.2
}}}
</pre>


!mod_cluster Recommended Configuration
=mod_cluster Recommended Configuration=


1. Apply [mod_proxy_ajp.path|http://anonsvn.jboss.org/repos/mod_cluster/trunk/native/mod_proxy_cluster/mod_proxy_ajp.patch] (optional).
1. Apply http://anonsvn.jboss.org/repos/mod_cluster/trunk/native/mod_proxy_cluster/mod_proxy_ajp.patch (optional).


2. Configure:
2. Configure:


{{{
<pre>
./configure  --prefix=apache_installation_directory  
./configure  --prefix=apache_installation_directory \
            --with-mpm=worker  
  --with-mpm=worker \
            --enable-mods-shared=most  
  --enable-mods-shared=most \
            --enable-maintainer-mode  
  --enable-maintainer-mode \
            --with-expat=builtin  
  --with-expat=builtin \
            --enable-ssl  
  --enable-ssl \
            --enable-proxy  
  --enable-proxy=shared \
            --enable-proxy-http  
  --enable-proxy-http=shared \
            --enable-proxy-ajp  
  --enable-proxy-ajp=shared \
            --disable-proxy-balancer
  --disable-proxy-balancer=shared \
            --enable-so  
  --enable-so  
}}}
</pre>
 
=Compile=
 
Can be built as a non-root user.


<pre>
make
</pre>


!!Configuration Parameters
=Install=


|[httpd Compilation Configuration Parameters|httpdConfigurationCompilationParameters]
Can be installed as a non-root user, as long as the user has write access to the target directory.


==yum Installation==
For more details on how to create the operational account, jump ahead to "[[Httpd_Installation#Create_the_Operational_Account|Create the Operational Account]]" section and then come back here.
 
<pre>
make install
</pre>

Latest revision as of 19:51, 5 January 2017

External

Internal

Overview

This is the Apache httpd compilation/installation procedure. It implies that httpd is compiled from source. If you plan to install httpd with yum, go directly to yum installation. The procedure was tested on RHEL and Mac. If you compile on Mac, make sure to follow the advice from "Compilation on Mac" section, below.

Download

Download from http://httpd.apache.org/download.cgi and optionally place in the local archive directory. 

wget http://mirror.cogentco.com/pub/apache//httpd/httpd-2.2.17.tar.gz

Older releases may not be on mirrors, but they can be downloaded directly from the apache web site: http://archive.apache.org/dist/httpd.

Extract

The sources can be extracted as a non-root user. 

cd src
gunzip < ../archive/httpd-2.2.17.tar.gz | tar xfv -

Configure Compilation

http://httpd.apache.org/docs/current/programs/configure.html

Compilation can be configured as a non-root user. 

cd httpd-2.2.17
./configure \
  --prefix /opt/httpd-2.2.17[-worker] \
  --enable-so \
  --enable-expires=shared \
  --with-included-apr

Compilation Configuration Notes

Shared Modules Option

It is a good idea to compile httpd with shared module option enabled and load them dynamically as needed. For that, the Dynamic Shared Object (DSO) capability must be enabled at compilation, with: 

--enable-so

For more details on Dynamic Shared Object (DSO) capability, see

Static Modules vs. Dynamic Modules

APR

configure may complain about not finding APR. I worked around this by using --with-included-apr in configure configuration.

SSL Compilation

If you need SSL, compile the latest OpenSSL (see [OpenSSL#Compilation]) and then 

...
--enable-ssl 
--with-ssl=/data/openssl-1.0.2/
...

If you use SSL, when running httpd, you need to set LD_LIBRARY_PATH to point to the OpenSSL lib directory: 

LD_LIBRARY_PATH="/data/openssl-1.0.2/lib:${LD_LIBRARY_PATH}"
export LD_LIBRARY_PATH

Compilation on Mac

Compilation on Mac

Various Module Configuration Requirements


worker MPM Compilation
mod_expires Compilation
mod_proxy Compilation
mod_proxy_ajp Compilation

Cleaning configuration

The only option I discovered so far is to completely remove the source tree. I am sure others exist ... if I find them, add them here.

Configuration Examples

Example 1

Version 2.2.15 

./configure --prefix=/cust/soe/opt/apache/2.2.15_without_mod_proxy 
            --enable-logio 
            --disable-proxy 
            --enable-rewrite 
            --enable-ssl 
            --enable-vhost-alias 
            --enable-headers 
            --enable-dav 
            --enable-dav-fs 
            --enable-modules=ssl 
            --with-ssl=/cust/soe/opt/openssl/1.0.0/ 
            --with-included-apr 
            --enable-dav-lock 
            --enable-deflate 
            --enable-so 
            --with-mpm=worker

We disabled mod_proxy so we can use the version included in mod_cluster.

Example 2

We use mod_proxy: 

#!/bin/bash

$(dirname $0)/configure \
 --prefix /data/httpd-2.2.29-worker-mpm \
 --enable-so \
 --with-included-apr \
 --enable-expires=shared \
 --with-mpm=worker \
 --enable-proxy=shared \
 --enable-proxy-connect=shared \
 --enable-proxy-http=shared \
 --enable-proxy-ajp=shared \
 --enable-proxy-balancer=shared \
 --disable-cgi \
 --enable-ssl \
 --with-ssl=/data/openssl-1.0.2

mod_cluster Recommended Configuration

1. Apply http://anonsvn.jboss.org/repos/mod_cluster/trunk/native/mod_proxy_cluster/mod_proxy_ajp.patch (optional).

2. Configure: 

./configure  --prefix=apache_installation_directory \
  --with-mpm=worker \
  --enable-mods-shared=most \
  --enable-maintainer-mode \
  --with-expat=builtin \
  --enable-ssl \
  --enable-proxy=shared \
  --enable-proxy-http=shared \
  --enable-proxy-ajp=shared \
  --disable-proxy-balancer=shared \
  --enable-so

Compile

Can be built as a non-root user. 

make

Install

Can be installed as a non-root user, as long as the user has write access to the target directory.

For more details on how to create the operational account, jump ahead to "Create the Operational Account" section and then come back here. 

make install
Retrieved from "https://kb.novaordis.com/index.php?title=Httpd_RHEL_Compilation&oldid=15723"