Context Navigation

source: server/major/apache.xml@ 167c050

Visit:

lazarus

Last change on this file since 167c050 was 167c050, checked in by Thomas Trepl <thomas@…>, 7 months ago
Merge branch 'trunk' into lazarus
Property mode set to `100644`
File size: 18.3 KB

Line
1	<?xml version="1.0" encoding="UTF-8"?>
2	<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3	"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4	<!ENTITY % general-entities SYSTEM "../../general.ent">
5	%general-entities;
6
7	<!ENTITY apache-download-http
8	"https://archive.apache.org/dist/httpd/httpd-&apache-version;.tar.bz2">
9	<!ENTITY apache-download-ftp " ">
10	<!ENTITY apache-md5sum "30377ec4d7fb8361e1d1f2ab3158b467">
11	<!ENTITY apache-size "7.1 MB">
12	<!ENTITY apache-buildsize "88 MB">
13	<!ENTITY apache-time "0.3 SBU (Using parallelism=4)">
14	]>
15
16	<sect1 id="apache" xreflabel="Apache-&apache-version;">
17	<?dbhtml filename="apache.html"?>
18
19
20	<title>Apache-&apache-version;</title>
21
22	<indexterm zone="apache">
23	<primary sortas="a-Apache">Apache</primary>
24	</indexterm>
25
26	<sect2 role="package">
27	<title>Introduction to Apache HTTPD</title>
28
29	<para>
30	The <application>Apache HTTPD</application> package contains an open-source HTTP
31	server. It is useful for creating local intranet web sites or running huge
32	web serving operations.
33	</para>
34
35	&lfs120_checked;
36
37	<bridgehead renderas="sect3">Package Information</bridgehead>
38	<itemizedlist spacing="compact">
39	<listitem>
40	<para>
41	Download (HTTP): <ulink url="&apache-download-http;"/>
42	</para>
43	</listitem>
44	<listitem>
45	<para>
46	Download (FTP): <ulink url="&apache-download-ftp;"/>
47	</para>
48	</listitem>
49	<listitem>
50	<para>
51	Download MD5 sum: &apache-md5sum;
52	</para>
53	</listitem>
54	<listitem>
55	<para>
56	Download size: &apache-size;
57	</para>
58	</listitem>
59	<listitem>
60	<para>
61	Estimated disk space required: &apache-buildsize;
62	</para>
63	</listitem>
64	<listitem>
65	<para>
66	Estimated build time: &apache-time;
67	</para>
68	</listitem>
69	</itemizedlist>
70
71	<bridgehead renderas="sect3">Additional Downloads</bridgehead>
72	<itemizedlist spacing="compact">
73	<listitem>
74	<para>
75	Required patch:
76	<ulink url="&patch-root;/httpd-&apache-version;-blfs_layout-1.patch"/>
77	</para>
78	</listitem>
79	</itemizedlist>
80
81	<bridgehead renderas="sect3">Apache HTTPD Dependencies</bridgehead>
82
83	<bridgehead renderas="sect4">Required</bridgehead>
84	<para role="required">
85	<xref linkend="apr-util"/> and
86	<xref linkend="pcre2"/>
87	</para>
88
89	<bridgehead renderas="sect4">Optional</bridgehead>
90	<para role="optional">
91	<xref linkend="brotli"/>,
92	<xref linkend="doxygen"/>,
93	<xref linkend="jansson"/>,
94	<xref linkend="libxml2"/>,
95	<xref linkend="lua"/>,
96	<xref linkend="lynx"/> or
97	<xref linkend="Links"/> or
98	<ulink url="&elinks-url;">ELinks</ulink>,
99	<xref linkend="nghttp2"/>,
100	<xref linkend="openldap"/> (<xref linkend="apr-util"/> needs to be
101	installed with ldap support),
102	<xref linkend="rsync"/>,
103	&berkeley-db;, and
104	<ulink url="https://sourceforge.net/projects/distcache">Distcache</ulink>
105	</para>
106
107	</sect2>
108
109	<sect2 role="installation">
110	<title>Installation of Apache HTTPD</title>
111
112	<para>
113	For security reasons, running the server as an unprivileged user and group
114	is strongly encouraged. Create the following group and user using the
115	following commands as <systemitem class="username">root</systemitem>:
116	</para>
117
118	<screen role="root"><userinput>groupadd -g 25 apache &&
119	useradd -c "Apache Server" -d /srv/www -g apache \
120	-s /bin/false -u 25 apache</userinput></screen>
121
122	<para>
123	Build and install <application>Apache HTTPD</application> by running the
124	following commands:
125	</para>
126
127	<screen><userinput>patch -Np1 -i ../httpd-&apache-version;-blfs_layout-1.patch &&
128
129	sed '/dir.*CFG_PREFIX/s@^@#@' -i support/apxs.in &&
130
131	sed -e '/HTTPD_ROOT/s:${ap_prefix}:/etc/httpd:' \
132	-e '/SERVER_CONFIG_FILE/s:${rel_sysconfdir}/::' \
133	-e '/AP_TYPES_CONFIG_FILE/s:${rel_sysconfdir}/::' \
134	-i configure &&
135
136	sed -e '/encoding.h/a # include <libxml/xmlstring.h>' \
137	-i modules/filters/mod_xml2enc.c &&
138
139	./configure --enable-authnz-fcgi \
140	--enable-layout=BLFS \
141	--enable-mods-shared="all cgi" \
142	--enable-mpms-shared=all \
143	--enable-suexec=shared \
144	--with-apr=/usr/bin/apr-1-config \
145	--with-apr-util=/usr/bin/apu-1-config \
146	--with-suexec-bin=/usr/lib/httpd/suexec \
147	--with-suexec-caller=apache \
148	--with-suexec-docroot=/srv/www \
149	--with-suexec-logfile=/var/log/httpd/suexec.log \
150	--with-suexec-uidmin=100 \
151	--with-suexec-userdir=public_html &&
152	make</userinput></screen>
153
154	<para>
155	This package does not come with a test suite.
156	</para>
157
158	<para>
159	Now, as the <systemitem class="username">root</systemitem> user:
160	</para>
161	<!-- changing the patch allows doing DESTDIR install as a normal user
162	<note>
163	<para>
164	This package does not install properly using <envar>DESTDIR</envar>
165	techniques as an unpriviledged user.
166	</para>
167	</note>
168	-->
169	<screen role="root"><userinput>make install &&
170
171	mv -v /usr/sbin/suexec /usr/lib/httpd/suexec &&
172	chgrp apache /usr/lib/httpd/suexec &&
173	chmod 4754 /usr/lib/httpd/suexec &&
174
175	chown -v -R apache:apache /srv/www</userinput></screen>
176
177	</sect2>
178
179	<sect2 role="commands">
180	<title>Command Explanations</title>
181
182	<para>
183	<command>sed '/dir.*CFG_PREFIX/s@^@#@'...</command>: Forces the
184	<application>apxs</application> utility to use absolute pathnames for
185	modules, when instructed to do so.
186	</para>
187
188	<para>
189	<command>sed -e '/HTTPD_ROOT/s ...</command>: Fixes some paths.
190	</para>
191
192	<para>
193	<command>sed -e '/encoding.h/a ...</command>; Fix building against
194	libxml-2.12.x.
195	</para>
196
197	<para>
198	<parameter>--enable-authnz-fcgi</parameter>: Build FastCGI
199	authorizer-based authentication and authorization (mod_authnz_fcgi.so
200	fast CGI module).
201	</para>
202
203	<para>
204	<parameter>--enable-mods-shared="all cgi"</parameter>: The modules should be
205	compiled and used as Dynamic Shared Objects (DSOs) so they can be included
206	and excluded from the server using the run-time configuration directives.
207	</para>
208
209	<para>
210	<parameter>--enable-mpms-shared=all</parameter>: This switch ensures that
211	all MPM (Multi Processing Modules) are built as Dynamic Shared Objects
212	(DSOs), so the user can choose which one to use at runtime.
213	</para>
214
215	<para>
216	<parameter>--enable-suexec</parameter>: This switch enables building of the
217	<application>Apache</application> suEXEC module which can be used to allow
218	users to run CGI and SSI scripts under user IDs different from the user ID
219	of the calling web server.
220	</para>
221
222	<para>
223	<parameter>--with-suexec-*</parameter>: These switches control suEXEC module
224	behavior, such as default document root, minimal UID that can be used to
225	run the script under the suEXEC. Please note that with minimal UID 100, you
226	can't run CGI or SSI scripts under suEXEC as the
227	<systemitem class="username">apache</systemitem> user.
228	</para>
229
230	<para>
231	<command>... /usr/lib/httpd/suexec</command>: These commands put
232	<command>suexec</command> wrapper into proper location, since it
233	is not meant to be run directly. They also adjust proper
234	permissions of the binary, making it setgid
235	<systemitem class="username">apache</systemitem>.
236	</para>
237
238	<para>
239	<command>chown -R apache:apache /srv/www</command>: By default, the
240	installation process installs files (documentation, error messages,
241	default icons, etc.) with the ownership of the user that extracted the
242	files from the tar file. If you want to change the ownership to another
243	user, you should do so at this point. The only requirement is that the
244	document directories need to be accessible by the <command>httpd</command>
245	process with (r-x) permissions and files need to be readable (r--) by the
246	<systemitem class="username">apache</systemitem> user.
247	</para>
248
249	</sect2>
250
251	<sect2 role="configuration">
252	<title>Configuring Apache</title>
253
254	<sect3 id="apache-config">
255	<title>Config Files</title>
256
257	<para>
258	<filename>/etc/httpd/httpd.conf</filename> and
259	<filename>/etc/httpd/extra/*</filename>
260	</para>
261
262	<indexterm zone="apache apache-config">
263	<primary sortas="e-etc-httpd-httpd.conf">/etc/httpd/httpd.conf</primary>
264	</indexterm>
265
266	<indexterm zone="apache apache-config">
267	<primary sortas="e-etc-httpd-extra-star">/etc/httpd/extra/*</primary>
268	</indexterm>
269
270	</sect3>
271
272	<sect3>
273	<title>Configuration Information</title>
274
275	<para>
276	See <ulink url="file:///usr/share/httpd/manual/configuring.html"/>
277	for detailed instructions on customising your
278	<application>Apache</application> HTTP server configuration file.
279	</para>
280
281	<para>
282	There is no reason, at least for internet facing sites, not
283	to use SSL encryption. Setting up a secured website does not cost
284	anything except installing one additional small tool and a few
285	minutes of configuration work. Use this guideline at
286	<ulink url="&blfs-wiki;/Securing_a_website"/> to create
287	world-wide accepted certificates and renew them on a regular basis.
288	</para>
289
290	</sect3>
291
292	<sect3 id="httpd-init">
293	<title><phrase revision="sysv">Boot Script</phrase>
294	<phrase revision="systemd">Systemd Unit</phrase></title>
295
296	<para>
297	If you want the <application>Apache</application> server to
298	start automatically when the system is booted, install the
299	<phrase revision="sysv"><filename>/etc/rc.d/init.d/httpd</filename>
300	init script</phrase>
301	<phrase revision="systemd"><filename>httpd.service</filename>
302	unit</phrase> included in the
303	<xref linkend="bootscripts" revision="sysv"/>
304	<xref linkend="systemd-units" revision="systemd"/> package:
305	</para>
306
307	<indexterm zone="apache httpd-init">
308	<primary sortas="f-apache">apache</primary>
309	</indexterm>
310
311	<screen role="root"><userinput>make install-httpd</userinput></screen>
312
313	<para>To secure the applications served by <application>Apache</application>
314	it is recommended to use SSL encyption (https). To create SSL
315	certificated for this web server, see <xref linkend="uacme"/> for
316	an easy-to-use tool to create LetsEncrypt certificates.</para>
317
318	</sect3>
319
320	</sect2>
321
322	<sect2 role="content">
323	<title>Contents</title>
324
325	<segmentedlist>
326	<segtitle>Installed Programs</segtitle>
327	<segtitle>Installed Libraries</segtitle>
328	<segtitle>Installed Directories</segtitle>
329
330	<seglistitem>
331	<seg>
332	ab, apachectl, apxs, checkgid, dbmmanage, fcgistarter,
333	htcacheclean, htdbm, htdigest, htpasswd, httpd,
334	httxt2dbm, logresolve, and rotatelogs
335	<!-- not executable from path, and suexec -->
336	</seg>
337	<seg>
338	Several libraries under /usr/lib/httpd/modules/
339	</seg>
340	<seg>
341	/etc/httpd,
342	/srv/www,
343	/usr/include/httpd,
344	/usr/lib/httpd,
345	/usr/share/httpd,
346	/var/log/httpd, and
347	/var/run/httpd
348	</seg>
349	</seglistitem>
350	</segmentedlist>
351
352	<variablelist>
353	<bridgehead renderas="sect3">Short Descriptions</bridgehead>
354	<?dbfo list-presentation="list"?>
355	<?dbhtml list-presentation="table"?>
356
357	<varlistentry id="ab">
358	<term><command>ab</command></term>
359	<listitem>
360	<para>
361	is a tool for benchmarking your <application>Apache</application>
362	HTTP server
363	</para>
364	<indexterm zone="apache ab">
365	<primary sortas="b-ab">ab</primary>
366	</indexterm>
367	</listitem>
368	</varlistentry>
369
370	<varlistentry id="apachectl">
371	<term><command>apachectl</command></term>
372	<listitem>
373	<para>
374	is a front end to the <application>Apache</application> HTTP server
375	which is designed to help the administrator control the functioning
376	of the <application>Apache</application> httpd daemon
377	</para>
378	<indexterm zone="apache apachectl">
379	<primary sortas="b-apachectl">apachectl</primary>
380	</indexterm>
381	</listitem>
382	</varlistentry>
383
384	<varlistentry id="apxs">
385	<term><command>apxs</command></term>
386	<listitem>
387	<para>
388	is a tool for building and installing extension modules for the
389	<application>Apache</application> HTTP server
390	</para>
391	<indexterm zone="apache apxs">
392	<primary sortas="b-apxs">apxs</primary>
393	</indexterm>
394	</listitem>
395	</varlistentry>
396
397	<varlistentry id="checkgid">
398	<term><command>checkgid</command></term>
399	<listitem>
400	<para>
401	is a program that checks whether it can setgid to the group
402	specified. This is to see if it is a valid group for Apache2 to use
403	at runtime. If the user (should be run as superuser) is in that
404	group, or can setgid to it, it will return 0
405	</para>
406	<indexterm zone="apache checkgid">
407	<primary sortas="b-checkgid">checkgid</primary>
408	</indexterm>
409	</listitem>
410	</varlistentry>
411
412	<varlistentry id="dbmmanage">
413	<term><command>dbmmanage</command></term>
414	<listitem>
415	<para>
416	is used to create and update the DBM format files used to store
417	usernames and passwords for basic authentication of HTTP users
418	</para>
419	<indexterm zone="apache dbmmanage">
420	<primary sortas="b-dbmmanage">dbmmanage</primary>
421	</indexterm>
422	</listitem>
423	</varlistentry>
424
425	<varlistentry id="fcgistarter">
426	<term><command>fcgistarter</command></term>
427	<listitem>
428	<para>
429	is a tool to start a FastCGI program
430	</para>
431	<indexterm zone="apache fcgistarter">
432	<primary sortas="b-fcgistarter">fcgistarter</primary>
433	</indexterm>
434	</listitem>
435	</varlistentry>
436
437	<varlistentry id="htcacheclean">
438	<term><command>htcacheclean</command></term>
439	<listitem>
440	<para>
441	is used to clean up the disk cache
442	</para>
443	<indexterm zone="apache htcacheclean">
444	<primary sortas="b-htcacheclean">htcacheclean</primary>
445	</indexterm>
446	</listitem>
447	</varlistentry>
448
449	<varlistentry id="htdbm">
450	<term><command>htdbm</command></term>
451	<listitem>
452	<para>
453	is used to manipulate the DBM password databases
454	</para>
455	<indexterm zone="apache htdbm">
456	<primary sortas="b-htdbm">htdbm</primary>
457	</indexterm>
458	</listitem>
459	</varlistentry>
460
461	<varlistentry id="htdigest">
462	<term><command>htdigest</command></term>
463	<listitem>
464	<para>
465	is used to create and update the flat-files used to store usernames,
466	realms and passwords for digest authentication of HTTP users
467	</para>
468	<indexterm zone="apache htdigest">
469	<primary sortas="b-htdigest">htdigest</primary>
470	</indexterm>
471	</listitem>
472	</varlistentry>
473
474	<varlistentry id="htpasswd">
475	<term><command>htpasswd</command></term>
476	<listitem>
477	<para>
478	is used to create and update the flat-files used to store usernames
479	and passwords for basic authentication of HTTP users
480	</para>
481	<indexterm zone="apache htpasswd">
482	<primary sortas="b-htpasswd">htpasswd</primary>
483	</indexterm>
484	</listitem>
485	</varlistentry>
486
487	<varlistentry id="httpd">
488	<term><command>httpd</command></term>
489	<listitem>
490	<para>
491	is the <application>Apache</application> HTTP server program
492	</para>
493	<indexterm zone="apache httpd">
494	<primary sortas="b-httpd">httpd</primary>
495	</indexterm>
496	</listitem>
497	</varlistentry>
498
499	<varlistentry id="httxt2dbm">
500	<term><command>httxt2dbm</command></term>
501	<listitem>
502	<para>
503	is used to generate DBM files from text, for use in RewriteMap
504	</para>
505	<indexterm zone="apache httxt2dbm">
506	<primary sortas="b-httxt2dbm">httxt2dbm</primary>
507	</indexterm>
508	</listitem>
509	</varlistentry>
510
511	<varlistentry id="logresolve">
512	<term><command>logresolve</command></term>
513	<listitem>
514	<para>
515	is a post-processing program to resolve IP-addresses in
516	<application>Apache</application>'s access log files
517	</para>
518	<indexterm zone="apache logresolve">
519	<primary sortas="b-logresolve">logresolve</primary>
520	</indexterm>
521	</listitem>
522	</varlistentry>
523
524	<varlistentry id="rotatelogs">
525	<term><command>rotatelogs</command></term>
526	<listitem>
527	<para>
528	is a simple program for use in conjunction with
529	<application>Apache</application>'s piped log file feature
530	</para>
531	<indexterm zone="apache rotatelogs">
532	<primary sortas="b-rotatelogs">rotatelogs</primary>
533	</indexterm>
534	</listitem>
535	</varlistentry>
536
537	<varlistentry id="suexec">
538	<term><command>suexec</command></term>
539	<listitem>
540	<para>
541	allows users to run CGI and SSI applications as a different user
542	</para>
543	<indexterm zone="apache suexec">
544	<primary sortas="b-suexec">suexec</primary>
545	</indexterm>
546	</listitem>
547	</varlistentry>
548
549	</variablelist>
550
551	</sect2>
552
553	</sect1>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: