Httpd RHEL Compilation: Difference between revisions
No edit summary |
|||
Line 179: | Line 179: | ||
==Create the Operational Account== | ==Create the Operational Account== | ||
===httpd installed with yum=== | |||
If httpd is installed with yum, the installation script usually creates a user ("apache"). If yes, use that user. The default behavior is for the httpd to start as a root (via /etc/init.d/httpd) and then switch to the Unix user declared as in /etc/httpd/conf/httpd.conf as "User" and "Group". | If httpd is installed with yum, the installation script usually creates a user ("apache"). If yes, use that user. The default behavior is for the httpd to start as a root (via /etc/init.d/httpd) and then switch to the Unix user declared as in /etc/httpd/conf/httpd.conf as "User" and "Group". | ||
===httpd installed from scratch=== | |||
Otherwise, if httpd is compiled from scratch, for security reasons, it's best if httpd is operated by its own Unix user and group, with as little permissions as possible. | Otherwise, if httpd is compiled from scratch, for security reasons, it's best if httpd is operated by its own Unix user and group, with as little permissions as possible. | ||
<pre> | |||
groupadd -g 101 httpd | groupadd -g 101 httpd | ||
useradd -c "httpd operational user" -d /home/httpd -g httpd -m -u 101 httpd | useradd -c "httpd operational user" -d /home/httpd -g httpd -m -u 101 httpd | ||
</pre> | |||
==Set Standard Environment== | |||
===httpd installed with yum=== | |||
Configuration directory: | Configuration directory: <tt>/etc/httpd/conf</tt> and <tt>/etc/httpd/conf.d</tt>. | ||
The module directory: | The module directory: <tt>/usr/lib/httpd/modules</tt> (linked from <tt>/etc/httpd</tt>) | ||
The run directory: | The run directory: <tt>/var/run/httpd</tt> (linked from <tt>/etc/httpd</tt>) | ||
The log directory: | The log directory: <tt>/var/log/httpd</tt> (linked from <tt>/etc/httpd</tt>) | ||
When installed with yum, httpd is designed to be operated by root, and switch to "apache" at runtime, so add the following aliases to ~root/.bashrc: | When installed with yum, httpd is designed to be operated by root, and switch to "apache" at runtime, so add the following aliases to ~root/.bashrc: | ||
<pre> | |||
... | ... | ||
alias cda='cd /etc/httpd' | alias cda='cd /etc/httpd' | ||
alias cdac='cd /etc/httpd/conf' | alias cdac='cd /etc/httpd/conf' | ||
alias cdal='cd /var/log/httpd' | alias cdal='cd /var/log/httpd' | ||
alias cdar='cd /var/run/httpd' | alias cdar='cd /var/run/httpd' | ||
... | ... | ||
</pre> | |||
===httpd installed from scratch=== | |||
In <httpd-user>/.bashrc: | |||
<pre> | |||
... | ... | ||
APACHE_HOME=/home/webr/httpd-2.2.17 | APACHE_HOME=/home/webr/httpd-2.2.17 | ||
PATH=${PATH}:${APACHE_HOME}/bin | PATH=${PATH}:${APACHE_HOME}/bin | ||
Line 232: | Line 227: | ||
alias cdal='cd ${APACHE_HOME}/logs' | alias cdal='cd ${APACHE_HOME}/logs' | ||
alias cdac='cd ${APACHE_HOME}/conf' | alias cdac='cd ${APACHE_HOME}/conf' | ||
... | ... | ||
</pre> | |||
==Create Start/Stop Scripts== | |||
===httpd installed with yum=== | |||
If httpd installed with yum, the startup scripts is already created ({{/etc/init.d/httpd}}). Use it. | If httpd installed with yum, the startup scripts is already created ({{/etc/init.d/httpd}}). Use it. |
Revision as of 23:55, 1 January 2017
External
Internal
Overview
This is the Apache httpd compilation/installation procedure. It implies that httpd is compiled from source. If you plan to install httpd with yum, go directly to yum installation.
Procedure
Download
Download from http://httpd.apache.org/download.cgi and optionally place in the local archive directory.
wget http://mirror.cogentco.com/pub/apache//httpd/httpd-2.4.25.tar.gz
Older releases may not be on mirrors, but they can be downloaded directly from the apache web site: http://archive.apache.org/dist/httpd.
Extract
The sources can be extracted as a non-root user.
cd src gunzip < ../archive/httpd-2.2.17.tar.gz | tar xfv -
Configure Compilation
Compilation can be configured as a non-root user.
cd httpd-2.2.17 ./configure \ --prefix /opt/httpd-2.2.17[-worker] \ --enable-so \ --enable-expires=shared \ --with-included-apr
Compilation Configuration Notes
- It is a good idea to compile httpd with shared module option enabled (--enable-so --enable-expires=shared).
- configure may complain about not finding APR. I worked around this by using --with-included-apr in configure configuration.
SSL Compilation
If you need SSL, compile the latest OpenSSL (see [OpenSSL#Compilation]) and then
... --enable-ssl --with-ssl=/data/openssl-1.0.2/ ...
If you use SSL, when running httpd, you need to set LD_LIBRARY_PATH to point to the OpenSSL lib directory:
LD_LIBRARY_PATH="/data/openssl-1.0.2/lib:${LD_LIBRARY_PATH}" export LD_LIBRARY_PATH
Various Module Configuration Requirements
Cleaning configuration
The only option I discovered so far is to completely remove the source tree. I am sure others exist ... if I find them, add them here.
Configuration Examples
Example 1
Version 2.2.15
./configure --prefix=/cust/soe/opt/apache/2.2.15_without_mod_proxy --enable-logio --disable-proxy --enable-rewrite --enable-ssl --enable-vhost-alias --enable-headers --enable-dav --enable-dav-fs --enable-modules=ssl --with-ssl=/cust/soe/opt/openssl/1.0.0/ --with-included-apr --enable-dav-lock --enable-deflate --enable-so --with-mpm=worker
We disabled mod_proxy so we can use the version included in mod_cluster.
Example 2
We use mod_proxy:
#!/bin/bash $(dirname $0)/configure \ --prefix /data/httpd-2.2.29-worker-mpm \ --enable-so \ --with-included-apr \ --enable-expires=shared \ --with-mpm=worker \ --enable-proxy \ --enable-proxy-connect \ --enable-proxy-http \ --enable-proxy-ajp \ --enable-proxy-balancer \ --disable-cgi \ --enable-ssl \ --with-ssl=/data/openssl-1.0.2
mod_cluster Recommended Configuration
1. Apply http://anonsvn.jboss.org/repos/mod_cluster/trunk/native/mod_proxy_cluster/mod_proxy_ajp.patch (optional).
2. Configure:
./configure --prefix=apache_installation_directory \ --with-mpm=worker \ --enable-mods-shared=most \ --enable-maintainer-mode \ --with-expat=builtin \ --enable-ssl \ --enable-proxy \ --enable-proxy-http \ --enable-proxy-ajp \ --disable-proxy-balancer \ --enable-so
Compile
Can be built as a non-root user.
./make
Install
Can be installed as a non-root user, as long as the user has write access to the target directory.
For more details on how to create the operational account, jump ahead to "Create the Operational Account" section and then come back here.
./make install
yum Installation
Alternatively to download and compilation, install with yum:
yum install httpd
Create the Operational Account
httpd installed with yum
If httpd is installed with yum, the installation script usually creates a user ("apache"). If yes, use that user. The default behavior is for the httpd to start as a root (via /etc/init.d/httpd) and then switch to the Unix user declared as in /etc/httpd/conf/httpd.conf as "User" and "Group".
httpd installed from scratch
Otherwise, if httpd is compiled from scratch, for security reasons, it's best if httpd is operated by its own Unix user and group, with as little permissions as possible.
groupadd -g 101 httpd useradd -c "httpd operational user" -d /home/httpd -g httpd -m -u 101 httpd
Set Standard Environment
httpd installed with yum
Configuration directory: /etc/httpd/conf and /etc/httpd/conf.d.
The module directory: /usr/lib/httpd/modules (linked from /etc/httpd)
The run directory: /var/run/httpd (linked from /etc/httpd)
The log directory: /var/log/httpd (linked from /etc/httpd)
When installed with yum, httpd is designed to be operated by root, and switch to "apache" at runtime, so add the following aliases to ~root/.bashrc:
... alias cda='cd /etc/httpd' alias cdac='cd /etc/httpd/conf' alias cdal='cd /var/log/httpd' alias cdar='cd /var/run/httpd' ...
httpd installed from scratch
In <httpd-user>/.bashrc:
... APACHE_HOME=/home/webr/httpd-2.2.17 PATH=${PATH}:${APACHE_HOME}/bin export PATH APACHE_HOME alias cda='cd ${APACHE_HOME}' alias cdal='cd ${APACHE_HOME}/logs' alias cdac='cd ${APACHE_HOME}/conf' ...
Create Start/Stop Scripts
httpd installed with yum
If httpd installed with yum, the startup scripts is already created (Template:/etc/init.d/httpd). Use it.
!!httpd installed from scratch
Otherwise, create a similar one.
This also works:
{{{
$APACHE_HOME/bin/apachectl start $APACHE_HOME/bin/apachectl stop
}}}
!!!10. Start at Boot
{{{
chkconfig --level 2345 httpd on
}}}
!!!11. Configure iptables
{{{
iptables-save > /tmp/iptables.cfg
}}}
Add the following:
{{{ -A INPUT -p tcp -m state --state NEW --dport 80 -j ACCEPT -A INPUT -p tcp -m state --state NEW --dport 443 -j ACCEPT }}}
right under the:
{{{ -A INPUT -m state --state ESTABLISHED -j ACCEPT }}}
line. Then:
{{{
iptables-restore < /tmp/iptables.cfg iptables-save > /etc/sysconfig/iptables
}}}
If planning to only run the SSL version, do not add the port 80 line.
!!!12. Reboot and make sure the server can be accessed
!!!13. Configure
Modify {{${APACHE_HOME}/conf/httpd.conf}}. See:
|[httpd Configuration]