Httpd Installation: Difference between revisions

From NovaOrdis Knowledge Base
Jump to navigation Jump to search
No edit summary
 
(27 intermediate revisions by the same user not shown)
Line 2: Line 2:


* [[httpd#Subjects|httpd]]
* [[httpd#Subjects|httpd]]
* [[httpd Installation on Mac]]


=Overview=
=Overview=
Line 9: Line 10:
=Compilation=
=Compilation=


<blockquote style="background-color: #f9f9f9; border: solid thin lightgrey;">
{{Internal|httpd RHEL Compilation|httpd Compilation}}
:[[httpd RHEL Compilation]]
</blockquote>


=Installation=
=Installation=


<pre>
==Linux==
 
<syntaxhighlight lang='bash'>
yum install httpd
yum install httpd
</pre>
</syntaxhighlight>
 
==Mac==
{{Internal|httpd Installation on Mac|httpd Installation on Mac}}
 
=Uninstallation=
<syntaxhighlight lang='bash'>
systemctl stop httpd
systemctl disable httpd
yum remove httpd
rm -r /var/www/*
rm -r /etc/httpd
rm -r /var/log/httpd
</syntaxhighlight>


=Create the Operational Account=
=Create the Operational Account=
Line 23: Line 37:
==httpd installed with yum==
==httpd installed with yum==


If httpd is installed with yum, the installation script usually creates a user ("apache"). If yes, use that user. The default behavior is for the httpd to start as a root (via /etc/init.d/httpd) and then switch to the Unix user declared as in /etc/httpd/conf/httpd.conf as "User" and "Group".
If httpd is installed with yum, the installation script usually creates a user ("apache"). If yes, use that user. The default behavior is for the httpd to start as a root (via <code>/etc/init.d/httpd</code>) and then switch to the Unix user declared as in <code>/etc/httpd/conf/httpd.conf</code> as "User" and "Group".


==httpd installed from scratch==
==httpd installed from scratch==
Otherwise, if httpd is compiled from scratch, for security reasons, it's best if httpd is operated by its own Unix user and group, with as little permissions as possible.
Otherwise, if httpd is compiled from scratch, for security reasons, it's best if httpd is operated by its own Unix user and group, with as little permissions as possible.
 
<font size=-1>
<pre>
groupadd -g 101 httpd
groupadd -g 101 httpd
useradd -c "httpd operational user" -d /home/httpd -g httpd -m -u 101 httpd
useradd -c "httpd operational user" -d /home/httpd -g httpd -m -u 101 httpd
</font>
</pre>


=Set Standard Environment=
=Set Standard Environment=
Line 38: Line 50:
==httpd installed with yum==
==httpd installed with yum==


Configuration directory: <tt>/etc/httpd/conf</tt> and <tt>/etc/httpd/conf.d</tt>.
Configuration directory:  
<syntaxhighlight lang='text'>
/etc/httpd/conf
/etc/httpd/conf.d
</syntaxhighlight>


The module directory: <tt>/usr/lib/httpd/modules</tt> (linked from <tt>/etc/httpd</tt>)
Content directory:  
<syntaxhighlight lang='text'>
/var/www
</syntaxhighlight>


The run directory: <tt>/var/run/httpd</tt> (linked from <tt>/etc/httpd</tt>)
The module directory (linked from <tt>/etc/httpd</tt>):
<syntaxhighlight lang='text'>
/usr/lib/httpd/modules
</syntaxhighlight>


The log directory: <tt>/var/log/httpd</tt> (linked from <tt>/etc/httpd</tt>)
The run directory:
<syntaxhighlight lang='text'>
/var/run/httpd
</syntaxhighlight>
 
The log directory (linked from <tt>/etc/httpd</tt>):
<syntaxhighlight lang='text'>
/var/log/httpd
</syntaxhighlight>


When installed with yum, httpd is designed to be operated by root, and switch to "apache" at runtime, so add the following aliases to ~root/.bashrc:
When installed with yum, httpd is designed to be operated by root, and switch to "apache" at runtime, so add the following aliases to ~root/.bashrc:
Line 80: Line 110:
==httpd installed from scratch==
==httpd installed from scratch==


<font color=red>
<font color=darkgray>Otherwise, create a similar one, place it in GitHub and link to it from here.
Otherwise, create a similar one.
 
<blockquote style="background-color: AliceBlue; border: solid thin LightSteelBlue;">
:https://github.com/NovaOrdis/playground/tree/master/httpd<br>
</blockquote>
</font>
</font>


Line 92: Line 125:


=Start at Boot=
=Start at Boot=
==init.d==


<pre>
<pre>
chkconfig --level 2345 httpd on
chkconfig --level 2345 httpd on
</pre>
==systemd==
===Make httpd dependent on network services===
For [[systemd]], it is possible that httpd starts before the network, so the process does not find the network interfaces it needs. Symptoms are similar to:
<pre>
Jan 06 21:09:04 now510.local httpd[806]: (99)Cannot assign requested address: AH00072: make_sock: could not bind to address 1.2.3.4:80
Jan 06 21:09:04 now510.local httpd[806]: no listening sockets available, shutting down
</pre>
The solution is to declare httpd's dependency on network services. For details on how to do that, see [[systemd Declaring a Service Dependency|how to declare a service dependency]].
===Enable===
<pre>
systemctl enable httpd
</pre>
</pre>


Line 124: Line 178:


If planning to only run the SSL version, do not add the port 80 line.
If planning to only run the SSL version, do not add the port 80 line.
=Enable HTTPS=
The server does not listen by default on 443 and HTTPS is not enabled. To install required modules and to configure HTTPS, follow this procedure: {{Internal|Httpd SSL Configuration|Httpd SSL Configuration}}


=Reboot and make sure the server can be accessed=
=Reboot and make sure the server can be accessed=


=Configure=
=Configure=
Modify <tt>${APACHE_HOME}/conf/httpd.conf</tt>. See:
<blockquote style="background-color: #f9f9f9; border: solid thin lightgrey;">
:[[httpd Configuration]]
</blockquote>
===Make httpd dependent on network services===
For [[systemd]], it is possible that httpd starts before the network, so the process does not find the network interfaces it needs. Symptoms are similar to:
<pre>
Jan 06 21:09:04 now510.local httpd[806]: (99)Cannot assign requested address: AH00072: make_sock: could not bind to address 1.2.3.4:80
Jan 06 21:09:04 now510.local httpd[806]: no listening sockets available, shutting down
</pre>
The solution is to declare httpd's dependency on network services. For details on how to do that, see [[systemd Declaring a Service Dependency|how to declare a service dependency]].


==Prevent Access to the cgi-bin Script==
==Prevent Access to the cgi-bin Script==
Line 205: Line 190:
Specify <tt>Require all denied</tt> in:
Specify <tt>Require all denied</tt> in:


<pre>
<syntaxhighlight lang='xml'>
<Directory "/var/www/cgi-bin">
<Directory "/var/www/cgi-bin">
     AllowOverride None
     AllowOverride None
Line 211: Line 196:
     Require all denied
     Require all denied
</Directory>
</Directory>
</pre>
</syntaxhighlight>


===Configure httpd to Start at Boot===
==Other Configuration==


<pre>
Modify <tt>${APACHE_HOME}/conf/httpd.conf</tt>. See:
systemctl enable httpd
</pre>


===Start and Smoke===
<blockquote style="background-color: #f9f9f9; border: solid thin lightgrey;">
:[[httpd Configuration]]
</blockquote>


Start the instance and make sure it starts fine with the default configuration.
=Test=


Reboot, then:
<syntaxhighlight lang='bash'>
systemctl status httpd
</syntaxhighlight>
=Mac=
=Mac=


<pre>
{{Internal|httpd Installation on Mac|Installation on Mac}}
brew install ?
</pre>


=Windows=
=Windows=
Line 235: Line 222:
* Configure the service to start manually (by default it starts automatically)
* Configure the service to start manually (by default it starts automatically)
* Manually start/stop the service
* Manually start/stop the service
=Deploying a httpd server in Kubernetes=
{{Internal|httpd Deploy in Kubernetes|Deploying a httpd server in Kubernetes}}

Latest revision as of 02:48, 25 December 2023

Internal

Overview

This article document installation on Linux RHEL. For Mac or Windows installation, go to Mac and Windows.

Compilation

httpd Compilation

Installation

Linux

yum install httpd

Mac

httpd Installation on Mac

Uninstallation

systemctl stop httpd
systemctl disable httpd
yum remove httpd
rm -r /var/www/*
rm -r /etc/httpd
rm -r /var/log/httpd

Create the Operational Account

httpd installed with yum

If httpd is installed with yum, the installation script usually creates a user ("apache"). If yes, use that user. The default behavior is for the httpd to start as a root (via /etc/init.d/httpd) and then switch to the Unix user declared as in /etc/httpd/conf/httpd.conf as "User" and "Group".

httpd installed from scratch

Otherwise, if httpd is compiled from scratch, for security reasons, it's best if httpd is operated by its own Unix user and group, with as little permissions as possible.

groupadd -g 101 httpd
useradd -c "httpd operational user" -d /home/httpd -g httpd -m -u 101 httpd

Set Standard Environment

httpd installed with yum

Configuration directory:

/etc/httpd/conf
/etc/httpd/conf.d

Content directory:

/var/www

The module directory (linked from /etc/httpd):

/usr/lib/httpd/modules

The run directory:

/var/run/httpd

The log directory (linked from /etc/httpd):

/var/log/httpd

When installed with yum, httpd is designed to be operated by root, and switch to "apache" at runtime, so add the following aliases to ~root/.bashrc:

...
alias cda='cd /etc/httpd'
alias cdac='cd /etc/httpd/conf'
alias cdal='cd /var/log/httpd'
alias cdar='cd /var/run/httpd'
...

httpd installed from scratch

In <httpd-user>/.bashrc:

...
APACHE_HOME=/home/webr/httpd-2.2.17
PATH=${PATH}:${APACHE_HOME}/bin
export PATH APACHE_HOME
alias cda='cd ${APACHE_HOME}'
alias cdal='cd ${APACHE_HOME}/logs'
alias cdac='cd ${APACHE_HOME}/conf'
...

Create Start/Stop Scripts

httpd installed with yum

If httpd installed with yum, the startup scripts is already created (/etc/init.d/httpd). Use it.

httpd installed from scratch

Otherwise, create a similar one, place it in GitHub and link to it from here.

https://github.com/NovaOrdis/playground/tree/master/httpd

This also works:

$APACHE_HOME/bin/apachectl start
$APACHE_HOME/bin/apachectl stop

Start at Boot

init.d

chkconfig --level 2345 httpd on

systemd

Make httpd dependent on network services

For systemd, it is possible that httpd starts before the network, so the process does not find the network interfaces it needs. Symptoms are similar to:

Jan 06 21:09:04 now510.local httpd[806]: (99)Cannot assign requested address: AH00072: make_sock: could not bind to address 1.2.3.4:80
Jan 06 21:09:04 now510.local httpd[806]: no listening sockets available, shutting down

The solution is to declare httpd's dependency on network services. For details on how to do that, see how to declare a service dependency.

Enable

systemctl enable httpd

Configure iptables

iptables-save > /tmp/iptables.cfg

Add the following:

-A INPUT -p tcp -m state --state NEW --dport 80 -j ACCEPT
-A INPUT -p tcp -m state --state NEW --dport 443 -j ACCEPT

right under the:

-A INPUT -m state --state ESTABLISHED -j ACCEPT

line. Then:

iptables-restore < /tmp/iptables.cfg
iptables-save > /etc/sysconfig/iptables

If planning to only run the SSL version, do not add the port 80 line.

Enable HTTPS

The server does not listen by default on 443 and HTTPS is not enabled. To install required modules and to configure HTTPS, follow this procedure:

Httpd SSL Configuration

Reboot and make sure the server can be accessed

Configure

Prevent Access to the cgi-bin Script

Specify Require all denied in:

<Directory "/var/www/cgi-bin">
    AllowOverride None
    Options None
    Require all denied
</Directory>

Other Configuration

Modify ${APACHE_HOME}/conf/httpd.conf. See:

httpd Configuration

Test

Reboot, then:

systemctl status httpd

Mac

Installation on Mac

Windows

  • Download the installer
  • Install on port 80, as a service
  • Install in C:/httpd-2.2.22 ...
  • Configure the service to start manually (by default it starts automatically)
  • Manually start/stop the service

Deploying a httpd server in Kubernetes

Deploying a httpd server in Kubernetes