Apache 2 setup

Filed under Uncategorized

Apache 2 introduced the multi-processing modules (MPMs), which provide networking features, accept requests and dispatch them to children to handle the request. You can choose from several MPMs at compile time in order to suit your needs.

The pre-forking server mode, which was the standard behavior in Apache 1.3, lives on in the prefork MPM, which is the default for Unix operating systems. The prefork MPM is a non-threaded, pre-forking web server, which is for compatibility with non-thread-safe modules.

The worker MPM is highly efficient serving static pages, but needs thread-safe libraries for dynamic content. Popular modules, such as mod_php and mod_perl, are not thread-safe and thus can't be used. But you can use any language interpreter with FastCGI, because it moves the workoutside of Apache.

 

Installation
The installation process differs from distribution to distribution: you can either use the apt-get command to install a package, or download the source code directly from the Apache web site. If you don't trust the distribution server, or you need a special version or MPM, it is better to download the source code and compile it yourself. You should also check the integrity and authenticity of the source code by means of the digital signature. Before compiling it, you can choose where to install it to, which MPM and which other modules you want to use, third-party modules, however, can be added afterwards.
Normally, Apache will be installed into /usr/local/apache2, but you should configure it following the conventions of your Unix distribution. On Debian, for example, the binaries go into /usr/sbin, modules into /usr/lib/apache2, configuration files into /etc/apache2, log files into /var/log/apache2 and the actual web sites into /var/www. The top of the directory tree must be indicated with the ServerRoot directive in the configuration file (see configuration section)

Configuration

The configuration of Apache usually happens in the httpd.conf file. For better organization, you can, however, move some configuration to other files and include the file in httpd.conf, using the Include directive.

 

User
It is not recommended to run the Apache server with the privileges of the Unix root user, as an attacker would have full access to the system, if he could exploit a security hole. Apache can be configured to answer requests as an unprivileged user, the main, parent process, however, will remain running as root. So at first add a new new user and group:

# groupadd apache
# useradd apache -c "Apache" -d /dev/null -g apache -s /bin/false
Then edit your configuration file, and add the user name:
# User apache
# Group apache

There is the apache2ctl script in Apache's binary folder, which is the preferred way to start and stop the server. Switch to the root user and start the server:
# apache2ctl start   # use stop to stop it
Now review your process list in order to verify that the server has switched to the apache user. The column USER should be apache for each of the possibly many apache processes:

# ps aux | grep apache   # maybe use “grep httpd” if your Apache
                         # binary has a different name
 
To be continued…