Apache-2.4.16
Installation of Apache HTTPD
For security reasons, running the server as an unprivileged user
and group is strongly encouraged. Create the following group and
user using the following commands as root
:
groupadd -g 25 apache &&
useradd -c "Apache Server" -d /srv/www -g apache \
-s /bin/false -u 25 apache
Build and install Apache HTTPD by
running the following commands:
patch -Np1 -i ../httpd-2.4.16-blfs_layout-1.patch &&
sed '/dir.*CFG_PREFIX/s@^@#@' -i support/apxs.in &&
./configure --enable-authnz-fcgi \
--enable-layout=BLFS \
--enable-mods-shared="all cgi" \
--enable-mpms-shared=all \
--enable-suexec=shared \
--with-apr=/usr/bin/apr-1-config \
--with-apr-util=/usr/bin/apu-1-config \
--with-suexec-bin=/usr/lib/httpd/suexec \
--with-suexec-caller=apache \
--with-suexec-docroot=/srv/www \
--with-suexec-logfile=/var/log/httpd/suexec.log \
--with-suexec-uidmin=100 \
--with-suexec-userdir=public_html &&
make
This package does not come with a test suite.
Now, as the root
user (notice that
DESTDIR does not work properly as unpriviledged user):
make install &&
mv -v /usr/sbin/suexec /usr/lib/httpd/suexec &&
chgrp apache /usr/lib/httpd/suexec &&
chmod 4754 /usr/lib/httpd/suexec &&
chown -v -R apache:apache /srv/www
Command Explanations
sed
'/dir.*CFG_PREFIX/s@^@#@'...: Forces the
apxs utility to use absolute
pathnames for modules, when instructed to do so.
--enable-authnz-fcgi
: Build
FastCGI authorizer-based authentication and authorization
(mod_authnz_fcgi.so fast CGI module).
--enable-mods-shared="all
cgi"
: The modules should be compiled and used as
Dynamic Shared Objects (DSOs) so they can be included and excluded
from the server using the run-time configuration directives.
--enable-mpm-shared=all
:
This switch ensures that all MPM (Multi Processing Modules) are
built as Dynamic Shared Objects (DSOs), so the user can choose
which one to use at runtime.
--enable-suexec
: This
switch enables building of the Apache suEXEC module which can be used to
allow users to run CGI and SSI scripts under user IDs different
from the user ID of the calling web server.
--with-suexec-*
: These
switches control suEXEC module behavior, such as default document
root, minimal UID that can be used to run the script under the
suEXEC. Please note that with minimal UID 100, you can't run CGI or
SSI scripts under suEXEC as the apache
user.
...
/usr/lib/httpd/suexec: These commands put
suexec wrapper into
proper location, since it is not meant to be run directly. They
also adjust proper permissions of the binary, making it setgid
apache
.
chown -R apache:apache
/srv/www: By default, the installation process
installs files (documentation, error messages, default icons, etc.)
with the ownership of the user that extracted the files from the
tar file. If you want to change the ownership to another user, you
should do so at this point. The only requirement is that the
document directories need to be accessible by the httpd process with (r-x)
permissions and files need to be readable (r--) by the apache
user.
Configuring Apache
Config Files
/etc/httpd/httpd.conf
and
/etc/httpd/extra/*
Boot Script
If you want the Apache server to
start automatically when the system is booted, install the
/etc/rc.d/init.d/httpd
init script
included in the blfs-bootscripts-20150924 package.
make install-httpd
Contents
Installed Programs:
ab, apachectl, apxs, checkgid, dbmmanage,
fcgistarter, htcacheclean, htdbm, htdigest, htpasswd, httpd,
httxt2dbm, logresolve, rotatelogs, and suexec
Installed Libraries:
Several libraries under
/usr/lib/httpd/modules/
Installed Directories:
/etc/httpd, /srv/www, /usr/include/httpd,
/usr/lib/httpd, /usr/share/httpd, /var/log/httpd, and
/var/run/httpd
Short Descriptions
ab
|
is a tool for benchmarking your Apache HTTP server.
|
apachectl
|
is a front end to the Apache HTTP server which is designed
to help the administrator control the functioning of the
Apache httpd daemon.
|
apxs
|
is a tool for building and installing extension modules
for the Apache HTTP
server.
|
checkgid
|
is a program that checks whether it can setgid to the
group specified. This is to see if it is a valid group
for Apache2 to use at runtime. If the user (should be run
as superuser) is in that group, or can setgid to it, it
will return 0.
|
dbmmanage
|
is used to create and update the DBM format files used to
store usernames and passwords for basic authentication of
HTTP users.
|
fcgistarter
|
is a tool to start a FastCGI program.
|
htcacheclean
|
is used to clean up the disk cache.
|
htdbm
|
is used to manipulate the DBM password databases.
|
htdigest
|
is used to create and update the flat-files used to store
usernames, realms and passwords for digest authentication
of HTTP users.
|
htpasswd
|
is used to create and update the flat-files used to store
usernames and passwords for basic authentication of HTTP
users.
|
httpd
|
is the Apache HTTP
server program.
|
httxt2dbm
|
is used to generate DBM files from text, for use in
RewriteMap.
|
logresolve
|
is a post-processing program to resolve IP-addresses in
Apache's access log
files.
|
rotatelogs
|
is a simple program for use in conjunction with
Apache's piped log file
feature.
|
suexec
|
allows users to run CGI and SSI applications as a
different user.
|
Last updated on 2015-09-18 20:33:16 -0700