Httpd Installation: Difference between revisions
No edit summary |
|||
| Line 13: | Line 13: | ||
</blockquote> | </blockquote> | ||
=Installation= | |||
<pre> | <pre> | ||
| Line 19: | Line 19: | ||
</pre> | </pre> | ||
=Post-Installation= | |||
===Make httpd dependent on network services=== | ===Make httpd dependent on network services=== | ||
Revision as of 00:18, 2 January 2017
Internal
Overview
This article document installation on Linux RHEL. For Mac or Windows installation, go to Mac and Windows.
Compilation
Installation
yum install httpd
Post-Installation
Make httpd dependent on network services
For systemd, it is possible that httpd starts before the network, so the process does not find the network interfaces it needs. Symptoms are similar to:
Jan 06 21:09:04 now510.local httpd[806]: (99)Cannot assign requested address: AH00072: make_sock: could not bind to address 1.2.3.4:80 Jan 06 21:09:04 now510.local httpd[806]: no listening sockets available, shutting down
The solution is to declare httpd's dependency on network services. For details on how to do that, see how to declare a service dependency.
Create the Operational Account
httpd installed with yum
If httpd is installed with yum, the installation script usually creates a user ("apache"). If yes, use that user. The default behavior is for the httpd to start as a root (via /etc/init.d/httpd) and then switch to the Unix user declared as in /etc/httpd/conf/httpd.conf as "User" and "Group".
httpd installed from scratch
Otherwise, if httpd is compiled from scratch, for security reasons, it's best if httpd is operated by its own Unix user and group, with as little permissions as possible.
groupadd -g 101 httpd useradd -c "httpd operational user" -d /home/httpd -g httpd -m -u 101 httpd
Set Standard Environment
httpd installed with yum
Configuration directory: /etc/httpd/conf and /etc/httpd/conf.d.
The module directory: /usr/lib/httpd/modules (linked from /etc/httpd)
The run directory: /var/run/httpd (linked from /etc/httpd)
The log directory: /var/log/httpd (linked from /etc/httpd)
When installed with yum, httpd is designed to be operated by root, and switch to "apache" at runtime, so add the following aliases to ~root/.bashrc:
... alias cda='cd /etc/httpd' alias cdac='cd /etc/httpd/conf' alias cdal='cd /var/log/httpd' alias cdar='cd /var/run/httpd' ...
httpd installed from scratch
In <httpd-user>/.bashrc:
...
APACHE_HOME=/home/webr/httpd-2.2.17
PATH=${PATH}:${APACHE_HOME}/bin
export PATH APACHE_HOME
alias cda='cd ${APACHE_HOME}'
alias cdal='cd ${APACHE_HOME}/logs'
alias cdac='cd ${APACHE_HOME}/conf'
...
Create Start/Stop Scripts
httpd installed with yum
If httpd installed with yum, the startup scripts is already created (/etc/init.d/httpd). Use it.
httpd installed from scratch
Otherwise, create a similar one.
This also works:
$APACHE_HOME/bin/apachectl start $APACHE_HOME/bin/apachectl stop
Start at Boot
chkconfig --level 2345 httpd on
Configure iptables
iptables-save > /tmp/iptables.cfg
Add the following:
-A INPUT -p tcp -m state --state NEW --dport 80 -j ACCEPT -A INPUT -p tcp -m state --state NEW --dport 443 -j ACCEPT
right under the:
-A INPUT -m state --state ESTABLISHED -j ACCEPT
line. Then:
iptables-restore < /tmp/iptables.cfg iptables-save > /etc/sysconfig/iptables
If planning to only run the SSL version, do not add the port 80 line.
Reboot and make sure the server can be accessed
Configure
Modify ${APACHE_HOME}/conf/httpd.conf. See:
Prevent Access to the cgi-bin Script
Specify Require all denied in:
<Directory "/var/www/cgi-bin">
AllowOverride None
Options None
Require all denied
</Directory>
Configure httpd to Start at Boot
systemctl enable httpd
Start and Smoke
Start the instance and make sure it starts fine with the default configuration.
Mac
brew install ?
Windows
- Download the installer
- Install on port 80, as a service
- Install in C:/httpd-2.2.22 ...
- Configure the service to start manually (by default it starts automatically)
- Manually start/stop the service