Please consider a donation to the Higher Intellect project. See https://preterhuman.net/donate.php or the Donate to Higher Intellect page for more info. |
Difference between revisions of "Apache2 prefork"
Line 378: | Line 378: | ||
~ $ export PATH=/usr/nekoware/bin:$PATH | ~ $ export PATH=/usr/nekoware/bin:$PATH | ||
− | Works only when using | + | Works only when using bash as your shell. |
=== Configure === | === Configure === |
Revision as of 18:29, 17 September 2018
The Apache HTTP Server, commonly referred to simply as Apache, is a feature rich and modular software for serving both static content and dynamic web pages on the World Wide Web. The Nekoware distribution contains 2 major versions of this software: neko_apache and neko_apache2_prefork. The first one is based on the 1.3.x tree and the second one is based on 2.0.x. In this article we are only targetting the apache2 package; while this wiki has been written, there was no package based on the current 2.2.x version available.
In the early days of the distribution there also was a neko_apache2_worker package, which used the Worker MPM (Multi-Processing-Modul) instead of the Prefork - which is the default when compiling Apache from sources on a Unix platform. When using the Worker MPM, each process creates a fixed number of threads which serve incoming requests. But using a threaded application means that every module or library has to be thread safe, which isn't the case for a lot of software. This is the reason why the neko_apache2_prefork version exists. Both apache2 packages use the same location (usr/nekoware/apache2) for installation, what makes it impossible to use both at the same time.
The functionality is spread into several different modules which can be load independently from the core. This means the neko_apache2 comes with support for DSOs (Dynamic Shared Objects). If you don't need a special module, you can easily drop it from your configuration file without the need for recompilation of the whole software. In the same way you can add 3rd party modules like mod_php, mod_perl and countless other.
Installing the Software
Download and install the nekoware_apache2 tardist from the Nekoware repository. http://www.mechanics.citg.tudelft.nl/~everdij/nekoware/current. At the time of writing, the 2.0.61 is currently in the beta directory of our repository.
The installation of the precompiled binary package is simple and straight-forward using either the Software Manager or inst. In the case of inst, it's a simple command:
~ $ inst -f /path/to/neko_apache2_prefork-2.0.61.tardist install all keep *.opt.src go quit
You will need "root" privileges to install the software. The whole application will be installed into a single directory which is located under "/usr/nekoware/apache2". Since version 2.0.61, the configuration files are stored into a new location which is now "/usr/nekoware/etc/apache2".
Package Dependencies
The following packages are needed to run the software properly.
- neko_apr
- neko_apr_util
- neko_openssl
- neko_db4
- neko_expat
- neko_gdbm
- neko_gmp
- neko_openldap
- neko_cyrus_sasl
- neko_zlib
Package Layout
Name | Size [Kbytes] | Default | Description |
---|---|---|---|
neko_apache2_prefork.man.docs | html documentation | ||
neko_apache2_prefork.man.manpages | [d] | man pages | |
neko_apache2_prefork.opt.dist | distribution files | ||
neko_apache2_prefork.opt.relnotes | [d] | release notes | |
neko_apache2_prefork.opt.src | 4476 | original source code | |
neko_apache2_prefork.sw.eoe | [d] | execution only env | |
neko_apache2_prefork.sw.hdr | [d] | header files | |
neko_apache2_prefork.sw.lib | [d] | shared libraries |
Preparing for the first start
Before you can use the initscript, the ckconfig flag for neko_apache2 has to be switched on.
~ $ chkconfig neko_apache2 on
You can validate the current setting by trying the following:
~ $ chkconfig | grep neko_apache2 neko_apache2 on
Start and Stopping the Software
The Apache package comes with an initscript. It can be used to start the software automaticly when booting the system. It is located under "/etc/init.d/" and named "neko_apache2". It takes the following commands:
- start - starts the software
- stop - stops the software
- restart - restarts the software
- graceful - same as restart but doesn't disconnect the procces which currently responding to a client
- status - returns process information using the lynx browser*
- fullstatus - returns full information using the lynx browser*
Tasks which are marked with the * need the mod_status module enabled in the configuration; they only work if your server is running on the standard port (80). Otherwise you have to modify the STATUSURL variable in the initscript.
Starting
After you turn the chkconfig flag on you can run the initscript:
~ $ /etc/init.d/neko_apache2 start Apache2 Webserver ...start
Stopping
~ $ /etc/init.d/neko_apache2 stop Apache2 Webserver ...stop
Verifying
Your can check if httpd is up and running by trying:
~ $ fuser 8080/tcp 8080/tcp: 240050o 240010o 240063o 240085o 240080o 240073o
The command from the list above shows all process IDs which are listening on port 8080. Another way is to open your favorite browser and insert the following address http://localhost:8080/. We choose the port 8080 because on a standard IRIX installation there are already other webservices which are using port 80.
Another method is to use the status command, which is supported by the initscript.
~ $ /etc/init.d/neko_apache2 status Apache Server Status for localhost Server Version: Apache Server Built: Oct 6 2007 17:00:09 _________________________________________________________________ Current Time: Friday, 02-Nov-2007 19:38:23 MET Restart Time: Friday, 02-Nov-2007 19:37:52 MET Parent Server Generation: 0 Server uptime: 31 seconds 1 requests currently being processed, 4 idle workers __W__........................................................... ................................................................ ................................................................ ................................................................ Scoreboard Key: "_" Waiting for Connection, "S" Starting up, "R" Reading Request, "W" Sending Reply, "K" Keepalive (read), "D" DNS Lookup, "C" Closing connection, "L" Logging, "G" Gracefully finishing, "I" Idle cleanup of worker, "." Open slot with no current process
Note: You only get this when you have lynx installed.
Post Installation Steps
The neko_apache2 package comes pre-configurated. That means you can start using the software without deeper knowledge of the configuration. But in most cases you want to take some modifications for matching your needs like disabling some modules to get some lower memory footprint, more secure configuration or loading additional modules for a special purpose.
The related files for these steps are "/usr/nekoware/etc/apache2.options" and "/usr/nekoware/etc/apache2/httpd.conf"; the later one is the main configuration file.
The first file doesn't exist in previous versions of neko_apache2. It's a new way to enable some of the main modules or 3rd party modules like mod_status, mod_ssl or mod_php. In earlier versions some of these modules have to be activated directly in the initscript, which was not a very smart way. For now we follow the IRIX way which can be also found on various linux distributions. The value of the APACHE2_OPTS variable would bypass through the initscript into the httpd.conf. These arguments can be used as VARIABLES then.
Example:
APACHE2_OPTS="-D STATUS"
The httpd.conf is needed whenever you would like to change something on the main configuration or one of the modules. Keep in mind that you need a restart of the apache2 for the changes to take effekt.
Changing the default Port
Before you change the port be sure that no other software is using this one already. Shutdown sgi_apache, webface_apache, neko_lighttpd, neko_apache or fw_apache and check for corresponding chkconfig flags.
If you would like to set the port from 8080 to the standard one, change the following from
Listen 8080
to
Listen 80
Name of the Webserver
If you do not have to specify a virtual host, the apache2 responds on every hostname a client uses in the request. By default we don't specify a servername in the config so you can use "localhost", but this doesn't realy help when you would like to serve WWW pages to other clients. The Apache documention also says clearly that a FQDN (Fully Qualified Domain Name)is needed for a proper setup. Sometimes, Apache2 uses this name for internal redirects, so be sure that your system can resolve the name you use.
Change
#ServerName www.example.com:8080
to
ServerName www.home.local
If you don't have a DNS-Server, you can speficy any name you want in your local "/etc/hosts" file. It's important that your apache can resolve the given Name because it's needed for internal redirects. Later in the VHOST example you can see that there is also a ServerAlias directive to assign more than one name to your webserver.
User and Group
By default we have to select the "nobody" user and group for running apache2. It may be useful to create an extra webserver-user like wwwrun or apache2 and a group like http2. With these changes you can easier identify your apache2 processess.
User nobody Group nobody
Use the addUserAccount command or the GUI for creating a new account on your system. To create a group, just edit the "/etc/group" file. I prefer something like apache2:http2.
User apache2 Group http2
If you made any changes there, consider to run a chown to list the content of the "/usr/nekoware/apache2/htdocs" directory.
Activate additional Modules
Open the file "/usr/nekoware/etc/apache2.options" with an editor and set APACHE2_OPTS to
APACHE2_OPTS="-D STATUS"
Now you have to restart your webserver.
Note: Not all FLAGS which are currently listet in the apache2.options file are ready for use. It might be possible that this changed within the next release.
SSL Support
Open the file "/usr/nekoware/etc/apache2.options" with an editor and set APACHE2_OPTS to
APACHE2_OPTS="-D STATUS -D SSL"
Now you have to restart your webserver with the following command or otherwise try a "stop" and "start".
~ $ fuser 443/tcp 443/tcp: 257209o 257277o 257268o 257250o 257272o 257271o
Start a webbrowser and insert https://localhost/ into the addressbar. If all goes right you will get a warning, that the SSL certificate isn't signed from a known authority. If you also use a different hostname than "localhost", like your IP or the FQDN from above, you get a 2nd warning about a wrong common name, which doesn't match with the hostname. Don't worry about that, it's the normal behavior when using a self-signed SSL certificate.
Create a self-signed SSL certificate
Not written yet.
Expand the Environment
Add the "bin" and "man" directory to the path environment variables.
~ $ export PATH=$PATH:/usr/nekoware/apache2/bin ~ $ export MANPATH=$MANPATH:/usr/nekoware/apache2/man
It depends on your shell if you have to insert this into a .profile(bash), .cshrc or .tcshrc. For a system-wide setup look into "/etc/".
Create a Virtual Host
If you want to serve more than one web-application, each within its own environment, you can create a virtual host. There is name based or IP based virtual host support in Apache. In this example we are using the name based support which allows us to setup different Vhosts on a single IP address.
In the "/usr/nekoware/etc/apache2" diretory create a new directory called "vhosts" and place a file which is named "010_www.example.com_80.conf" into. The "010" is only used as a prefix and the "_80" as a suffix. It shows us that this is a config for a normal HTTP Host and not one for HTTPS. If you create a 2nd. Vhost just name it "020_www.anotherexample.com_80.conf".
<VirtualHost *:80> ServerAdmin [email protected] DocumentRoot /data/http/www.example.com/htdocs ServerName example.com ServerAlias *.example.com ErrorLog /data/http/www.example.com/logs/error.log CustomLog /data/http/www.example.com/logs/access.log combined Alias /usage "/data/http/www.example.com/usage" <Directory "/data/http/www.example.com/htdocs"> Options Indexes ExecCGI AllowOverride AuthConfig Limit </Directory> ScriptAlias /cgi-bin/ "/data/http/www.example.com/cgi-bin/" <Directory "/data/http/www.example.com/cgi-bin"> AllowOverride None Options FollowSymlinks ExecCGI Order allow,deny Allow from all </Directory> <IfModule mod_php5.c> php_admin_flag engine on php_admin_flag safe_mode on php_admin_value session.save_path /data/http/www.example.com/tmp php_admin_value open_basedir "/data/http/www.example.com:/usr/nekoware/php5/lib/php:/tmp" php_admin_value doc_root /data/http/www.example.com php_admin_value upload_tmp_dir /data/http/www.example.com/tmp php_admin_value error_log /data/http/www.example.com/logs/php_error.log php_admin_value upload_max_filesize 10M php_admin_value post_max_size 10M </IfModule> </VirtualHost>
Create the necessary directorys
~ $ mkdir -p /data/http/www.example.com/htdocs ~ $ mkdir -p /data/http/www.example.com/logs ~ $ mkdir -p /data/http/www.example.com/cgi-bin ~ $ mkdir -p /data/http/www.example.com/usage ~ $ mkdir -p /data/http/www.example.com/tmp
The Apache User needs permission to the cgi-bin, tmp and htdocs directory. In the example from above we created a configuration file for a virtual host which can be reached under http://example.com, http://www.example.com, http://www1.example.com or every other random hostname. The documentroot is placed under "/data/http/www.example.com/htdocs". For the access.log the "combined" format is used because it holds more information than the default one. Executing of CGIs is allowed within the htdocs and the cgi-bin directory. If there is no index.* file in a directory the Apache generates a listing.
Note: Showing a directory-listing may be a security problem
Within the htdocs directory the user can override the configuration by using ".htaccess" files. Only directives which are part of the "AuthConf" or "Limit" group are allowed for use in ".htaccess" files. This is usefull if you would like to restrict access to a diretory to a special user or group.
For the upcomming example of creating webstatistics we have created a special "usage" directory which is originaly not located under the htdocs directory. It can be accessed through a URL like http://www.example.com/usage/ .
If Apache2 has loaded the module "mod_php5.c", the settings between the <IfModule ...> take effect. But we don't take care of that at the moment.
Now we only need to tell our Apache that we would like to use name-based vhosts and to load the additional settings from the extra file.
For the first one change in httpd.conf the
#NameVirtualHost *:80
to
NameVirtualHost *:80
You'll find the NameVirtualHost directive at the bottom of the configuration file. After that insert
include ../etc/apache2/vhosts/*.conf to the bottom line.
The last command includes the content from all *.conf files which are located under "/usr/nekoware/etc/apache2/vhosts" into the main configuration.
After these changes you have to reboot Apache. The first virtual Host replaces the webserver from the main config which normaly uses "/usr/nekoware/apache2/htdocs".
Troubleshooting
If something goes wrong take a look into the error log which is located under "/usr/nekoware/apache2/logs". If you would like to start the httpd directly and not with the help of the initscript perform the following:
~ $ cd /usr/nekoware/apache2/bin ~ $ ./httpd -f /usr/nekoware/etc/apache2/httpd.conf
Address already in use
The process can't bind to the given port address because another one uses it allready. This happens if there is a webserver which already is up and running or your Apache doesn't shutdown cleanly. Especially when having SSL hosts, too, it takes some time until the port is available again. Use the "fuser 443/tcp" command to see if there are processes left.
Warning: DocumentRoot
Warning: DocumentRoot [/data/http/www.example.com/THdocs] does not exist
You have specified a wrong path which doesnt exists.
Webstats
Not written yet.
Compiling
As in general for most of the nekoware packages the MIPSpro Compiler 7.4.x has been used.
The package comes with all standard modules as shared versions. Support for SSL and some modules which are currently marked as experimental or extra is also included.
Module | Description |
---|---|
mod_proxy | HTTP/1.1 proxy/gateway server |
mod_dav | distributed authoring and versioning (WebDAV) functionality |
mod_deflate | compress content before it is delivered to the client |
mod_disk_cache | content cache storage manager keyed to URIs |
mod_mem_cache | content cache keyed to URIs |
mod_ext_filter | pass the response body through an external program before delivery to the client |
mod_ssl | strong cryptography using the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols |
Keep notice that support for suexec isnt included!
Environment
~ $ export CC=cc ~ $ export CFLAGS='-O3 -mips4 -I/usr/nekoware/include -OPT:Olimit=0:roundoff=3 -TARG:platform=IP35:proc=r14000' ~ $ export CXXFLAGS=$CFLAGS ~ $ export CPPFLAGS='-I/usr/nekoware/include' ~ $ export CXX=CC ~ $ export F77=f77 ~ $ export LDFLAGS='-L/usr/nekoware/lib' ~ $ export PKG_CONFIG=/usr/nekoware/bin/pkg-config ~ $ export PKG_CONFIG_PATH='/usr/nekoware/lib/pkgconfig' ~ $ export PKG_CONFIG_LIBDIR='/usr/nekoware/lib' ~ $ export LD_LIBRARY_PATH='/usr/nekoware/lib' ~ $ export LD_LIBRARYN32_PATH='/usr/nekoware/lib' ~ $ export LD_LIBRARY64_PATH='/usr/nekoware/lib64' ~ $ export GNOME2_DIR='/usr/nekoware' ~ $ export GNUMAKE='/usr/nekoware/bin/make' ~ $ export PATH=/usr/nekoware/bin:$PATH
Works only when using bash as your shell.
Configure
~ $ ./configure --with-z=/usr/nekoware --enable-mods-shared=all --enable-proxy --enable-dav --enable-deflate --enable-disk-cache --enable-file-cache --enable-mem-cache --enable-ext-filter --enable-ssl --with-ssl=/usr/nekoware --with-mpm=prefork --prefix=/usr/nekoware/apache --with-apr=/usr/nekoware/bin/apr-config --with-apr-util=/usr/nekoware --sysconfdir=/usr/nekoware/etc/apache2 ~ $ gmake && gmake install
Miscellaneous
Since version 2.0.61 some libtool magic always places "/usr/nekoware/lib" to the first location of the RPATH. This prevents apache2 to load its own libaprutil.so library which is bundled. Instead it finds the one in /usr/nekoware/lib which does not have support for gdbm and bailes out with a unresolvable symbol error. This was the reason to build the package with the need of a external APR.
The httpd.conf need some changes for a proper use.
- error.log instead error_log
- combined access.log
- Port 8080
- User and Group sets to nobody
- A selfsigned SSL cert based on the common name "localhost" was created
- <IfDefine FOO> for some modules
... and some more.