Httpd Installation: Difference between revisions
No edit summary |
|||
(36 intermediate revisions by the same user not shown) | |||
Line 2: | Line 2: | ||
* [[httpd#Subjects|httpd]] | * [[httpd#Subjects|httpd]] | ||
* [[httpd Installation on Mac]] | |||
= | =Overview= | ||
This article document installation on Linux RHEL. For Mac or Windows installation, go to [[#Mac|Mac]] and [[#Windows|Windows]]. | |||
=Compilation= | |||
==Installation== | {{Internal|httpd RHEL Compilation|httpd Compilation}} | ||
=Installation= | |||
==Linux== | |||
<syntaxhighlight lang='bash'> | |||
yum install httpd | |||
</syntaxhighlight> | |||
==Mac== | |||
{{Internal|httpd Installation on Mac|httpd Installation on Mac}} | |||
=Uninstallation= | |||
<syntaxhighlight lang='bash'> | |||
systemctl stop httpd | |||
systemctl disable httpd | |||
yum remove httpd | |||
rm -r /var/www/* | |||
rm -r /etc/httpd | |||
rm -r /var/log/httpd | |||
</syntaxhighlight> | |||
=Create the Operational Account= | |||
==httpd installed with yum== | |||
If httpd is installed with yum, the installation script usually creates a user ("apache"). If yes, use that user. The default behavior is for the httpd to start as a root (via <code>/etc/init.d/httpd</code>) and then switch to the Unix user declared as in <code>/etc/httpd/conf/httpd.conf</code> as "User" and "Group". | |||
==httpd installed from scratch== | |||
Otherwise, if httpd is compiled from scratch, for security reasons, it's best if httpd is operated by its own Unix user and group, with as little permissions as possible. | |||
<font size=-1> | |||
groupadd -g 101 httpd | |||
useradd -c "httpd operational user" -d /home/httpd -g httpd -m -u 101 httpd | |||
</font> | |||
=Set Standard Environment= | |||
==httpd installed with yum== | |||
Configuration directory: | |||
<syntaxhighlight lang='text'> | |||
/etc/httpd/conf | |||
/etc/httpd/conf.d | |||
</syntaxhighlight> | |||
Content directory: | |||
<syntaxhighlight lang='text'> | |||
/var/www | |||
</syntaxhighlight> | |||
The module directory (linked from <tt>/etc/httpd</tt>): | |||
<syntaxhighlight lang='text'> | |||
/usr/lib/httpd/modules | |||
</syntaxhighlight> | |||
The run directory: | |||
<syntaxhighlight lang='text'> | |||
/var/run/httpd | |||
</syntaxhighlight> | |||
The log directory (linked from <tt>/etc/httpd</tt>): | |||
<syntaxhighlight lang='text'> | |||
/var/log/httpd | |||
</syntaxhighlight> | |||
When installed with yum, httpd is designed to be operated by root, and switch to "apache" at runtime, so add the following aliases to ~root/.bashrc: | |||
<pre> | |||
... | |||
alias cda='cd /etc/httpd' | |||
alias cdac='cd /etc/httpd/conf' | |||
alias cdal='cd /var/log/httpd' | |||
alias cdar='cd /var/run/httpd' | |||
... | |||
</pre> | |||
==httpd installed from scratch== | |||
In <httpd-user>/.bashrc: | |||
<pre> | |||
... | |||
APACHE_HOME=/home/webr/httpd-2.2.17 | |||
PATH=${PATH}:${APACHE_HOME}/bin | |||
export PATH APACHE_HOME | |||
alias cda='cd ${APACHE_HOME}' | |||
alias cdal='cd ${APACHE_HOME}/logs' | |||
alias cdac='cd ${APACHE_HOME}/conf' | |||
... | |||
</pre> | |||
=Create Start/Stop Scripts= | |||
==httpd installed with yum== | |||
If httpd installed with yum, the startup scripts is already created (<tt>/etc/init.d/httpd</tt>). Use it. | |||
==httpd installed from scratch== | |||
<font color=darkgray>Otherwise, create a similar one, place it in GitHub and link to it from here. | |||
<blockquote style="background-color: AliceBlue; border: solid thin LightSteelBlue;"> | |||
:https://github.com/NovaOrdis/playground/tree/master/httpd<br> | |||
</blockquote> | |||
</font> | |||
This also works: | |||
<pre> | <pre> | ||
$APACHE_HOME/bin/apachectl start | |||
$APACHE_HOME/bin/apachectl stop | |||
</pre> | </pre> | ||
== | =Start at Boot= | ||
==init.d== | |||
<pre> | |||
chkconfig --level 2345 httpd on | |||
</pre> | |||
==systemd== | |||
===Make httpd dependent on network services=== | ===Make httpd dependent on network services=== | ||
Line 28: | Line 144: | ||
The solution is to declare httpd's dependency on network services. For details on how to do that, see [[systemd Declaring a Service Dependency|how to declare a service dependency]]. | The solution is to declare httpd's dependency on network services. For details on how to do that, see [[systemd Declaring a Service Dependency|how to declare a service dependency]]. | ||
===Enable=== | |||
<pre> | |||
systemctl enable httpd | |||
</pre> | |||
=Configure iptables= | |||
<pre> | |||
iptables-save > /tmp/iptables.cfg | |||
</pre> | |||
Add the following: | |||
<pre> | |||
-A INPUT -p tcp -m state --state NEW --dport 80 -j ACCEPT | |||
-A INPUT -p tcp -m state --state NEW --dport 443 -j ACCEPT | |||
</pre> | |||
right under the: | |||
<pre> | |||
-A INPUT -m state --state ESTABLISHED -j ACCEPT | |||
</pre> | |||
line. Then: | |||
<pre> | |||
iptables-restore < /tmp/iptables.cfg | |||
iptables-save > /etc/sysconfig/iptables | |||
</pre> | |||
If planning to only run the SSL version, do not add the port 80 line. | |||
=Enable HTTPS= | |||
The server does not listen by default on 443 and HTTPS is not enabled. To install required modules and to configure HTTPS, follow this procedure: {{Internal|Httpd SSL Configuration|Httpd SSL Configuration}} | |||
=Reboot and make sure the server can be accessed= | |||
=Configure= | |||
==Prevent Access to the cgi-bin Script== | ==Prevent Access to the cgi-bin Script== | ||
Line 33: | Line 190: | ||
Specify <tt>Require all denied</tt> in: | Specify <tt>Require all denied</tt> in: | ||
< | <syntaxhighlight lang='xml'> | ||
<Directory "/var/www/cgi-bin"> | <Directory "/var/www/cgi-bin"> | ||
AllowOverride None | AllowOverride None | ||
Line 39: | Line 196: | ||
Require all denied | Require all denied | ||
</Directory> | </Directory> | ||
</ | </syntaxhighlight> | ||
== | ==Other Configuration== | ||
< | Modify <tt>${APACHE_HOME}/conf/httpd.conf</tt>. See: | ||
</ | |||
= | <blockquote style="background-color: #f9f9f9; border: solid thin lightgrey;"> | ||
:[[httpd Configuration]] | |||
</blockquote> | |||
=Test= | |||
Reboot, then: | |||
<syntaxhighlight lang='bash'> | |||
systemctl status httpd | |||
</syntaxhighlight> | |||
=Mac= | =Mac= | ||
{{Internal|httpd Installation on Mac|Installation on Mac}} | |||
=Windows= | |||
* Download the installer | |||
* Install on port 80, as a service | |||
* Install in C:/httpd-2.2.22 ... | |||
* Configure the service to start manually (by default it starts automatically) | |||
* Manually start/stop the service | |||
= | =Deploying a httpd server in Kubernetes= | ||
{{Internal|httpd Deploy in Kubernetes|Deploying a httpd server in Kubernetes}} |
Latest revision as of 02:48, 25 December 2023
Internal
Overview
This article document installation on Linux RHEL. For Mac or Windows installation, go to Mac and Windows.
Compilation
Installation
Linux
yum install httpd
Mac
Uninstallation
systemctl stop httpd
systemctl disable httpd
yum remove httpd
rm -r /var/www/*
rm -r /etc/httpd
rm -r /var/log/httpd
Create the Operational Account
httpd installed with yum
If httpd is installed with yum, the installation script usually creates a user ("apache"). If yes, use that user. The default behavior is for the httpd to start as a root (via /etc/init.d/httpd
) and then switch to the Unix user declared as in /etc/httpd/conf/httpd.conf
as "User" and "Group".
httpd installed from scratch
Otherwise, if httpd is compiled from scratch, for security reasons, it's best if httpd is operated by its own Unix user and group, with as little permissions as possible.
groupadd -g 101 httpd useradd -c "httpd operational user" -d /home/httpd -g httpd -m -u 101 httpd
Set Standard Environment
httpd installed with yum
Configuration directory:
/etc/httpd/conf
/etc/httpd/conf.d
Content directory:
/var/www
The module directory (linked from /etc/httpd):
/usr/lib/httpd/modules
The run directory:
/var/run/httpd
The log directory (linked from /etc/httpd):
/var/log/httpd
When installed with yum, httpd is designed to be operated by root, and switch to "apache" at runtime, so add the following aliases to ~root/.bashrc:
... alias cda='cd /etc/httpd' alias cdac='cd /etc/httpd/conf' alias cdal='cd /var/log/httpd' alias cdar='cd /var/run/httpd' ...
httpd installed from scratch
In <httpd-user>/.bashrc:
... APACHE_HOME=/home/webr/httpd-2.2.17 PATH=${PATH}:${APACHE_HOME}/bin export PATH APACHE_HOME alias cda='cd ${APACHE_HOME}' alias cdal='cd ${APACHE_HOME}/logs' alias cdac='cd ${APACHE_HOME}/conf' ...
Create Start/Stop Scripts
httpd installed with yum
If httpd installed with yum, the startup scripts is already created (/etc/init.d/httpd). Use it.
httpd installed from scratch
Otherwise, create a similar one, place it in GitHub and link to it from here.
This also works:
$APACHE_HOME/bin/apachectl start $APACHE_HOME/bin/apachectl stop
Start at Boot
init.d
chkconfig --level 2345 httpd on
systemd
Make httpd dependent on network services
For systemd, it is possible that httpd starts before the network, so the process does not find the network interfaces it needs. Symptoms are similar to:
Jan 06 21:09:04 now510.local httpd[806]: (99)Cannot assign requested address: AH00072: make_sock: could not bind to address 1.2.3.4:80 Jan 06 21:09:04 now510.local httpd[806]: no listening sockets available, shutting down
The solution is to declare httpd's dependency on network services. For details on how to do that, see how to declare a service dependency.
Enable
systemctl enable httpd
Configure iptables
iptables-save > /tmp/iptables.cfg
Add the following:
-A INPUT -p tcp -m state --state NEW --dport 80 -j ACCEPT -A INPUT -p tcp -m state --state NEW --dport 443 -j ACCEPT
right under the:
-A INPUT -m state --state ESTABLISHED -j ACCEPT
line. Then:
iptables-restore < /tmp/iptables.cfg iptables-save > /etc/sysconfig/iptables
If planning to only run the SSL version, do not add the port 80 line.
Enable HTTPS
The server does not listen by default on 443 and HTTPS is not enabled. To install required modules and to configure HTTPS, follow this procedure:
Reboot and make sure the server can be accessed
Configure
Prevent Access to the cgi-bin Script
Specify Require all denied in:
<Directory "/var/www/cgi-bin">
AllowOverride None
Options None
Require all denied
</Directory>
Other Configuration
Modify ${APACHE_HOME}/conf/httpd.conf. See:
Test
Reboot, then:
systemctl status httpd
Mac
Windows
- Download the installer
- Install on port 80, as a service
- Install in C:/httpd-2.2.22 ...
- Configure the service to start manually (by default it starts automatically)
- Manually start/stop the service