Whole document tree
3. Getting, build and install Apache with its basic modules
3.1. Get and untar the Apache Source
3.1.1. What is Apache
Quoting www.apache.org
The Apache Project is a collaborative software development effort aimed at creating a robust, commercial-grade, featureful, and freely-available source code implementation of an HTTP (Web) server. The project is jointly managed by a group of volunteers located around the world, using the Internet and the Web to communicate, plan, and develop the server and its related documentation. These volunteers are known as the Apache Group. In addition, hundreds of users have contributed ideas, code, and documentation to the project. This file is intended to briefly describe the history of the Apache Group and recognize the many contributors.
From the authors point of view:
It is simply the best Webserver-Software, it is very flexible to configure to match your needs, and its E-X-T-R-E-M-E stable! I personally never experienced a crash in a productive (=non-experimental stuff) enviroment
3.1.2. Download the source
Origin-Site http://www.apache.org/dist/httpd/
cd /usr/local/ tar -xvzf apache_1.3.23.tar.gz |
3.1.3. Patch for largescale sites
If your webserver should answer very much requests at the same time, and your machine is strong enought to serv such an amount of requests, you can change the limit of maximum running processes
Download the patch from: http://www.delouw.ch/linux/apache-patch_HARD_SERVER_LIMIT.txt
--- httpd.h-old Wed Jan 31 00:58:19 2001 +++ httpd.h Wed Jan 31 01:09:25 2001 @@ -314,7 +314,7 @@ #ifdef WIN32 #define HARD_SERVER_LIMIT 1024 #else -#define HARD_SERVER_LIMIT 256 +#define HARD_SERVER_LIMIT 512 #endif #endif |
This patch does increase the maximum concurrent accessing clients to 512. Feel free to increase it further, if you hacked your kernel and edited your /etc/security/limits.conf (this is ONLY for experienced users! With wrong settings this could end as a “self-denial-of-service-attack”!! Be sure you have enought processes left for root)
Apply the patch using:
cd /usr/local/apache_1.3.23/src/include patch -p0 < apache-patch_HARD_SERVER_LIMIT.txt |
3.2. mod_ssl
3.2.1. What is mod_ssl
Quoting www.modssl.org
This module provides strong cryptography for the Apache 1.3 webserver via the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols by the help of the Open Source SSL/TLS toolkit OpenSSL, which is based on SSLeay from Eric A. Young and Tim J. Hudson.
From the authors point of view:
This module is needed to enable Apache for SSL-Requests (https). It applies a patch to the Apache source-code and extends its API (EAPI)
Make sure any module for your Apache-Server is compiled with the compiler-flag -DEAPI, or your Webserver might crash or can not be started
Allmost all modules I know adds the -DEAPI flag by themself execpt mod_jserv and mod_jk
3.2.2. Download the source
Origin-Site:http://www.modssl.org
3.2.3. Applying the patch to the apache source
cd /usr/local/ tar -xvzf mod_ssl-2.8.7-1.3.23.tar.gz cd mod_ssl-2.8.7-1.3.23/ ./configure \ --with-apache=/usr/local/apache_1.3.23 \ --with-ssl=/usr/local/ssl \ --enable-shared=ssl \ --with-mm=/usr/local/mm-1.1.3 |
3.3. mod_perl
3.3.1. What is mod_perl
Quoting perl.apache.org
With mod_perl it is possible to write Apache modules entirely in Perl. In addition, the persistent interpreter embedded in the server avoids the overhead of starting an external interpreter and the penalty of Perl start-up time.
From the authors point of view:
mod_perl is a kind of substitute for cgi-bin's. cgi's typically forks a new process for each request, and produces overhead. With mod_perl the perl-interpreter is loaded persistant in the apache-server and does not need to fork processes for each request
3.3.3. Building and installing
cd /usr/local tar -xvzf mod_perl-1.26.tar.gz cd mod_perl-1.26 perl Makefile.PL \ EVERYTHING=1 \ APACHE_SRC=../apache_1.3.23/src \ USE_APACI=1 \ PREP_HTTPD=1 \ DO_HTTPD=1 make make install |
Notice: Do not compile mod_perl as dso (Dynamic Shared Object)! According to various sources, apache will crash (I never tried)
3.4. Configure and build Apache
Now the two static modules mod_ssl and mod_perl are configured and the Apache Source has been patched, and we can proceed with building Apache.
3.4.1. Building and installing
EAPI_MM="/usr/local/mm-1.1.3" SSL_BASE="/usr/local/ssl" \ ./configure \ --enable-module=unique_id \ --enable-module=rewrite \ --enable-module=speling \ --enable-module=expires \ --enable-module=info \ --enable-module=log_agent \ --enable-module=log_referer \ --enable-module=usertrack \ --enable-module=proxy \ --enable-module=userdir \ --enable-module=so \ --enable-shared=ssl \ --enable-module=ssl \ --activate-module=src/modules/perl/libperl.a \ --enable-module=perl make make install |
3.4.2. Create self-signed SSL-certificate
cd /usr/local/ssl/bin ./openssl req -new > new.cert.csr ./openssl rsa -in privkey.pem -out new.cert.key ./openssl x509 -in new.cert.csr -out new.cert.cert -req -signkey new.cert.key -days 999 cp new.cert.key /usr/local/apache/conf/ssl.key/server.key cp new.cert.cert /usr/local/apache/conf/ssl.crt/server.crt |
Notice: OpenSSL asks for different things. A common error is to enter a wrong "common name". This should be the FQHN (Fully Qualified HostName) of your Server, i.e www.foo.org
3.5. mod_dav
3.5.1. What is mod_dav
Quoting www.webdav.org
mod_dav is an Apache module to provide DAV capabilities (RFC 2518) for your Apache web server. It is an Open Source module, provided under an Apache-style license.
mod_dav is maintained by gstein at lyra.org
From the authors point of view:
DAV means: "Distributed authoring and Versioning". It allows you to manage your Website similar to a filesystem. It is meant to replace ftp-uploads to your Webserver.
DAV is supported by all major Web-developpment-Tools (newer versions) and is going to be a widly accepted standard for Web-publishing
3.5.3. Building and installing
cd /usr/local tar -xvzf mod_dav-1.0.3-1.3.6.tar.gz cd mod_dav-1.0.3-1.3.6 ./configure --with-apxs=/usr/local/apache/bin/apxs make make install |
Notice: the filename mod_dav-1.0.3-1.3.6 suggests that it will only run with apache 1.3.6 but it actually will run with all apaches >= 1.3.6
3.6. auth_ldap
3.6.1. What is auth_ldap
Quoting www.rudedog.org
auth_ldap is an LDAP authentication module for Apache, the world's most popular web server. auth_ldap has excellent performance, and supports Apache on both Unix and Windows NT. It also has support for LDAP over SSL, and a mode that lets Micros˜1 Frontpage clients manage their web permissions while still using LDAP for authentication.
From the authors point of view:
If you like to consolidate your login-facilities to a common user/passwd base, LDAP is the right way. LDAP is an open standard and widely supported.
Login-facilities for LDAP:
Unix-Logins for Linux, Solaris (others?) FTP-Logins (some ftp-daemons) http Basic Authentication Tarantella Authentication and Role-Management Samba Authentication (2.2.x should support this) LDAP is role based. That means, i.e. you can define a role "manager" assign a user as member and that user can login wherever a manager is allowed to login
3.6.3. Building and installing
cd /usr/local tar -xvzf auth_ldap-1.6.0.tar.gz cd auth_ldap-1.6.0 ./configure --with-apxs=/usr/local/apache/bin/apxs \ --with-sdk=openldap make make install |
3.7. mod_auth_mysql
3.7.1. What is mod_auth_mysql
It is a http-Basic Authentication Module. It allows to maintain your user comfortable in a MySQL-Database
3.7.3. Building and installing
gunzip mod_auth_mysql.c.gz /usr/local/apache/bin/apxs \ -c -I/usr/local/mysql/include \ -L/usr/local/mysql/lib/mysql \ -lmysqlclient -lm mod_auth_mysql.c cp mod_auth_mysql.so /usr/local/apache/libexec/ |
Add this line in your httpd.conf:
LoadModule mysql_auth_module libexec/mod_auth_mysql.so |
And where the other modules are added:
AddModule mod_auth_mysql.c |
Take care that the path of Mysql libs and includes are correct!
Notice: Be sure that /usr/local/mysql/lib/mysql is in /etc/ld.so.conf befor compiling
Use AuthMySQLCryptedPasswords Off or it does not work! (under investigation why not)
3.7.4. Sample configuration
3.7.4.1. /usr/local/apache/conf/httpd.conf
<location /manual/>
AuthType Basic
AuthUserfile /dev/null
AuthName Testing
AuthGroupFile /dev/null
AuthMySQLHost localhost
AuthMySQLCryptedPasswords Off
AuthMySQLUser root
AuthMySQLDB users
AuthMySQLUserTable user_info
<Limit GET POST>
require valid-user
</limit>
</location>
|
3.7.4.2. Script for creating the MySQL-Database
just type:
mysql < authmysql.sql |
The File authmysql.sql contents:
create database http_users; connect http_users; CREATE TABLE user_info ( user_name CHAR(30) NOT NULL, user_passwd CHAR(20) NOT NULL, user_group CHAR(10), PRIMARY KEY (user_name); |
3.8. mod_dynvhost
3.8.1. What is mod_dynvhost
It is a module that allows to define new Vritual Host "on-the-fly". Just create a new Directoy in your vhost-path, thats it. It is not need to restart your Webserver
It is a good solution for Mass-Virtual-hosting for ISP's
3.8.2. Download the source
Origin-Site: http://funkcity.com/0101/projects/dynvhost/mod_dynvhost.tar.gz
3.8.3. Builing and installing
cd /usr/local tar -xvzf mod_dynvhost.tar.gz cd dynvhost/ /usr/local/apache/bin/apxs -i -a -c mod_dynvhost.c |
Notice: Take a look at httpd.conf if mod_dynvhost.so is loaded at startup:
LoadModule dynvhost_module libexec/mod_dynvhost.so |
3.8.4. Sample configuration
3.8.4.1. /usr/local/apache/conf/httpd.conf
<DynamicVirtualHost /usr/local/apache/htdocs/vhosts/> HomeDir / </DynamicVirtualHost> |
Now create a Directory for each virtualhost in /usr/local/apache/htdocs/vhosts/
i.e.
/usr/local/apache/htdocs/vhosts/foo.bar.org
You dont need to restart your Webserver
3.9. mod_roaming
3.9.1. What is mod_roaming
Quoting www.klomp.org/mod_roaming/
With mod_roaming you can use your Apache webserver as a Netscape Roaming Access server. This allows you to store your Netscape Communicator 4.5 preferences, bookmarks, address books, cookies etc. on the server so that you can use (and update) the same settings from any Netscape Communicator 4.5 that can access the server.
From the authors point of view:
This is really cool stuff! Unfortunately it does not work over proxy-connection. You kan keep your Netscape 4.x bookmarks etc. synchronized on different machines. It is not supported by any other browsers, including Mozilla and Netscape 6.x
3.9.3. Building and installing
cd /usr/local tar -xvzf mod_roaming-1.0.2.tar.gz cd mod_roaming-1.0.2 /usr/local/apache/bin/apxs -i -a -c mod_roaming.c |
Notice: Check httpd.conf if mod_roaming is loaded at startup:
LoadModule roaming_module libexec/mod_roaming.so |
Should be installed automatically
3.9.4. Sample configuration
3.9.4.1. /usr/local/apache/conf/httpd.conf
RoamingAlias /roaming /usr/local/apache/roaming
<Directory /usr/local/apache/roaming>
AuthUserFile /usr/local/apache/conf/roaming-htpasswd
AuthType Basic
AuthName "Roaming Access"
<Limit GET PUT MOVE DELETE>
require valid-user
</Limit>
</Directory>
|