Httpd RHEL Compilation
External
Internal
Overview
This is the Apache httpd compilation/installation procedure. It implies that httpd is compiled from source. If you plan to install httpd with yum, go directly to yum installation.
Procedure
Download
Download from http://httpd.apache.org/download.cgi and optionally place in the local archive directory.
wget http://mirror.cogentco.com/pub/apache//httpd/httpd-2.4.25.tar.gz
Older releases may not be on mirrors, but they can be downloaded directly from the apache web site: http://archive.apache.org/dist/httpd.
Extract
The sources can be extracted as a non-root user.
cd src gunzip < ../archive/httpd-2.2.17.tar.gz | tar xfv -
Configure Compilation
Compilation can be configured as a non-root user.
cd httpd-2.2.17 ./configure \ --prefix /opt/httpd-2.2.17[-worker] \ --enable-so \ --enable-expires=shared \ --with-included-apr
Compilation Configuration Notes
- It is a good idea to compile httpd with shared module option enabled (--enable-so --enable-expires=shared).
- configure may complain about not finding APR. I worked around this by using --with-included-apr in configure configuration.
SSL Compilation
If you need SSL, compile the latest OpenSSL (see [OpenSSL#Compilation]) and then
... --enable-ssl --with-ssl=/data/openssl-1.0.2/ ...
If you use SSL, when running httpd, you need to set LD_LIBRARY_PATH to point to the OpenSSL lib directory:
LD_LIBRARY_PATH="/data/openssl-1.0.2/lib:${LD_LIBRARY_PATH}"
export LD_LIBRARY_PATH
Various Module Configuration Requirements
Cleaning configuration
The only option I discovered so far is to completely remove the source tree. I am sure others exist ... if I find them, add them here.
Configuration Examples
Example 1
Version 2.2.15
./configure --prefix=/cust/soe/opt/apache/2.2.15_without_mod_proxy
--enable-logio
--disable-proxy
--enable-rewrite
--enable-ssl
--enable-vhost-alias
--enable-headers
--enable-dav
--enable-dav-fs
--enable-modules=ssl
--with-ssl=/cust/soe/opt/openssl/1.0.0/
--with-included-apr
--enable-dav-lock
--enable-deflate
--enable-so
--with-mpm=worker
We disabled mod_proxy so we can use the version included in mod_cluster.
Example 2
We use mod_proxy:
#!/bin/bash $(dirname $0)/configure \ --prefix /data/httpd-2.2.29-worker-mpm \ --enable-so \ --with-included-apr \ --enable-expires=shared \ --with-mpm=worker \ --enable-proxy \ --enable-proxy-connect \ --enable-proxy-http \ --enable-proxy-ajp \ --enable-proxy-balancer \ --disable-cgi \ --enable-ssl \ --with-ssl=/data/openssl-1.0.2
mod_cluster Recommended Configuration
1. Apply http://anonsvn.jboss.org/repos/mod_cluster/trunk/native/mod_proxy_cluster/mod_proxy_ajp.patch (optional).
2. Configure:
./configure --prefix=apache_installation_directory \ --with-mpm=worker \ --enable-mods-shared=most \ --enable-maintainer-mode \ --with-expat=builtin \ --enable-ssl \ --enable-proxy \ --enable-proxy-http \ --enable-proxy-ajp \ --disable-proxy-balancer \ --enable-so
Compile
Can be built as a non-root user.
./make
Install
Can be installed as a non-root user, as long as the user has write access to the target directory.
For more details on how to create the operational account, jump ahead to "Create the Operational Account" section and then come back here.
./make install
yum Installation
Alternatively to download and compilation, install with yum:
yum install httpd
Create the Operational Account
!!httpd installed with yum
If httpd is installed with yum, the installation script usually creates a user ("apache"). If yes, use that user. The default behavior is for the httpd to start as a root (via /etc/init.d/httpd) and then switch to the Unix user declared as in /etc/httpd/conf/httpd.conf as "User" and "Group".
!!httpd installed from scratch
Otherwise, if httpd is compiled from scratch, for security reasons, it's best if httpd is operated by its own Unix user and group, with as little permissions as possible.
{{{ groupadd -g 101 httpd useradd -c "httpd operational user" -d /home/httpd -g httpd -m -u 101 httpd }}}
!!!8. Set Standard Environment
!!httpd installed with yum
Configuration directory: Template:/etc/httpd/conf and Template:/etc/httpd/conf.d.
The module directory: Template:/usr/lib/httpd/modules (linked from Template:/etc/httpd)
The run directory: Template:/var/run/httpd (linked from Template:/etc/httpd)
The log directory: Template:/var/log/httpd (linked from Template:/etc/httpd)
When installed with yum, httpd is designed to be operated by root, and switch to "apache" at runtime, so add the following aliases to ~root/.bashrc:
{{{
...
alias cda='cd /etc/httpd' alias cdac='cd /etc/httpd/conf' alias cdal='cd /var/log/httpd' alias cdar='cd /var/run/httpd'
...
}}}
!!httpd installed from scratch
In {{~<httpd-user>/.bashrc}}:
{{{ ...
APACHE_HOME=/home/webr/httpd-2.2.17 PATH=${PATH}:${APACHE_HOME}/bin export PATH APACHE_HOME alias cda='cd ${APACHE_HOME}' alias cdal='cd ${APACHE_HOME}/logs' alias cdac='cd ${APACHE_HOME}/conf'
... }}}
!!!9. Create Start/Stop Scripts
!!httpd installed with yum
If httpd installed with yum, the startup scripts is already created (Template:/etc/init.d/httpd). Use it.
!!httpd installed from scratch
Otherwise, create a similar one.
This also works:
{{{
$APACHE_HOME/bin/apachectl start $APACHE_HOME/bin/apachectl stop
}}}
!!!10. Start at Boot
{{{
chkconfig --level 2345 httpd on
}}}
!!!11. Configure iptables
{{{
iptables-save > /tmp/iptables.cfg
}}}
Add the following:
{{{ -A INPUT -p tcp -m state --state NEW --dport 80 -j ACCEPT -A INPUT -p tcp -m state --state NEW --dport 443 -j ACCEPT }}}
right under the:
{{{ -A INPUT -m state --state ESTABLISHED -j ACCEPT }}}
line. Then:
{{{
iptables-restore < /tmp/iptables.cfg iptables-save > /etc/sysconfig/iptables
}}}
If planning to only run the SSL version, do not add the port 80 line.
!!!12. Reboot and make sure the server can be accessed
!!!13. Configure
Modify {{${APACHE_HOME}/conf/httpd.conf}}. See:
|[httpd Configuration]