Apache2 prefork

From Nekochan
Jump to: navigation, search
neko_apache2_prefork
ASF-logo.png
Developer: Apache Software Foundation
Packaged by: Joerg Behrens
Internal Version: 5
Download: neko_apache2_prefork-2.0.61
Initial release: 2.0.53 / April 16 2005
Current release: 2.0.61 / October 7 2007
OS: AmigaOS, FreeBSD, IRIX, Linux, Mac OS X, NetBSD, NetWare, OpenBSD, OS/400, Solaris , Microsoft Windows, others
Use: Web server
License: Apache License
Website: http://httpd.apache.org/

The Apache HTTP Server, commonly referred to simply as Apache, is a feature rich and modular software for serving both static content and dynamic web pages on the World Wide Web. The Nekoware distribution contains 2 major versions of this software: neko_apache and neko_apache2_prefork. The first one is based on the 1.3.x tree and the second one is based on 2.0.x. In this article we are only targetting the apache2 package; while this wiki has been written, there was no package based on the current 2.2.x version available.

In the early days of the distribution there also was a neko_apache2_worker package, which used the Worker MPM (Multi-Processing-Modul) instead of the Prefork - which is the default when compiling Apache from sources on a Unix platform. When using the Worker MPM, each process creates a fixed number of threads which serve incoming requests. But using a threaded application means that every module or library has to be thread safe, which isn't the case for a lot of software. This is the reason why the neko_apache2_prefork version exists. Both apache2 packages use the same location (usr/nekoware/apache2) for installation, what makes it impossible to use both at the same time.

The functionality is spread into several different modules which can be load independently from the core. This means the neko_apache2 comes with support for DSOs (Dynamic Shared Objects). If you don't need a special module, you can easily drop it from your configuration file without the need for recompilation of the whole software. In the same way you can add 3rd party modules like mod_php, mod_perl and countless other.



Installing the Software

Download and install the nekoware_apache2 tardist from the Nekoware repository. http://www.mechanics.citg.tudelft.nl/~everdij/nekoware/current. At the time of writing, the 2.0.61 is currently in the beta directory of our repository.

The installation of the precompiled binary package is simple and straight-forward using either the Software Manager or inst. In the case of inst, it's a simple command:

 ~ $ inst -f /path/to/neko_apache2_prefork-2.0.61.tardist
 install all
 keep *.opt.src
 go
 quit

You will need "root" privileges to install the software. The whole application will be installed into a single directory which is located under "/usr/nekoware/apache2". Since version 2.0.61, the configuration files are stored into a new location which is now "/usr/nekoware/etc/apache2".


Package Dependencies

The following packages are needed to run the software properly.

Package Layout

Name Size [Kbytes] Default Description
neko_apache2_prefork.man.docs html documentation
neko_apache2_prefork.man.manpages [d] man pages
neko_apache2_prefork.opt.dist distribution files
neko_apache2_prefork.opt.relnotes [d] release notes
neko_apache2_prefork.opt.src 4476 original source code
neko_apache2_prefork.sw.eoe [d] execution only env
neko_apache2_prefork.sw.hdr [d] header files
neko_apache2_prefork.sw.lib [d] shared libraries

Preparing for the first start

Before you can use the initscript, the ckconfig flag for neko_apache2 has to be switched on.

 ~ $ chkconfig neko_apache2 on

You can validate the current setting by trying the following:

 ~ $ chkconfig | grep neko_apache2
     neko_apache2         on

Start and Stopping the Software

The Apache package comes with an initscript. It can be used to start the software automaticly when booting the system. It is located under "/etc/init.d/" and named "neko_apache2". It takes the following commands:

  • start - starts the software
  • stop - stops the software
  • restart - restarts the software
  • graceful - same as restart but doesn't disconnect the procces which currently responding to a client
  • status - returns process information using the lynx browser*
  • fullstatus - returns full information using the lynx browser*

Tasks which are marked with the * need the mod_status module enabled in the configuration; they only work if your server is running on the standard port (80). Otherwise you have to modify the STATUSURL variable in the initscript.


Starting

After you turn the chkconfig flag on you can run the initscript:

 ~ $ /etc/init.d/neko_apache2 start
     Apache2 Webserver ...start


Stopping

 ~ $ /etc/init.d/neko_apache2 stop
     Apache2 Webserver ...stop


Verifying

Your can check if httpd is up and running by trying:

 ~ $ fuser 8080/tcp
     8080/tcp:   240050o  240010o  240063o  240085o  240080o  240073o

The command from the list above shows all process IDs which are listening on port 8080. Another way is to open your favorite browser and insert the following address http://localhost:8080/. We choose the port 8080 because on a standard IRIX installation there are already other webservices which are using port 80.

Startpage

Another method is to use the status command, which is supported by the initscript.

 ~ $ /etc/init.d/neko_apache2 status
 
                       Apache Server Status for localhost
 
    Server Version: Apache
    Server Built: Oct 6 2007 17:00:09
      _________________________________________________________________
 
    Current Time: Friday, 02-Nov-2007 19:38:23 MET
    Restart Time: Friday, 02-Nov-2007 19:37:52 MET
    Parent Server Generation: 0
    Server uptime: 31 seconds
    1 requests currently being processed, 4 idle workers
 
 __W__...........................................................
 ................................................................
 ................................................................
 ................................................................
 
    Scoreboard Key:
    "_" Waiting for Connection, "S" Starting up, "R" Reading Request,
    "W" Sending Reply, "K" Keepalive (read), "D" DNS Lookup,
    "C" Closing connection, "L" Logging, "G" Gracefully finishing,
    "I" Idle cleanup of worker, "." Open slot with no current process  

Note: You only get this when you have lynx installed.


Post Installation Steps

The neko_apache2 package comes pre-configurated. That means you can start using the software without deeper knowledge of the configuration. But in most cases you want to take some modifications for matching your needs like disabling some modules to get some lower memory footprint, more secure configuration or loading additional modules for a special purpose.


The related files for these steps are "/usr/nekoware/etc/apache2.options" and "/usr/nekoware/etc/apache2/httpd.conf"; the later one is the main configuration file.

The first file doesn't exist in previous versions of neko_apache2. It's a new way to enable some of the main modules or 3rd party modules like mod_status, mod_ssl or mod_php. In earlier versions some of these modules have to be activated directly in the initscript, which was not a very smart way. For now we follow the IRIX way which can be also found on various linux distributions. The value of the APACHE2_OPTS variable would bypass through the initscript into the httpd.conf. These arguments can be used as VARIABLES then.

Example:

 APACHE2_OPTS="-D STATUS"

The httpd.conf is needed whenever you would like to change something on the main configuration or one of the modules. Keep in mind that you need a restart of the apache2 for the changes to take effekt.


Changing the default Port

Before you change the port be sure that no other software is using this one already. Shutdown sgi_apache, webface_apache, neko_lighttpd, neko_apache or fw_apache and check for corresponding chkconfig flags.

If you would like to set the port from 8080 to the standard one, change the following from

 Listen 8080

to

 Listen 80

Name of the Webserver

If you do not have to specify a virtual host, the apache2 responds on every hostname a client uses in the request. By default we don't specify a servername in the config so you can use "localhost", but this doesn't realy help when you would like to serve WWW pages to other clients. The Apache documention also says clearly that a FQDN (Fully Qualified Domain Name)is needed for a proper setup. Sometimes, Apache2 uses this name for internal redirects, so be sure that your system can resolve the name you use.

Change

 #ServerName www.example.com:8080

to

 ServerName www.home.local

If you don't have a DNS-Server, you can speficy any name you want in your local "/etc/hosts" file. It's important that your apache can resolve the given Name because it's needed for internal redirects. Later in the VHOST example you can see that there is also a ServerAlias directive to assign more than one name to your webserver.

User and Group

By default we have to select the "nobody" user and group for running apache2. It may be useful to create an extra webserver-user like wwwrun or apache2 and a group like http2. With these changes you can easier identify your apache2 processess.

 User nobody
 Group nobody

Use the addUserAccount command or the GUI for creating a new account on your system. To create a group, just edit the "/etc/group" file. I prefer something like apache2:http2.

 User apache2
 Group http2

If you made any changes there, consider to run a chown to list the content of the "/usr/nekoware/apache2/htdocs" directory.

Activate additional Modules

Open the file "/usr/nekoware/etc/apache2.options" with an editor and set APACHE2_OPTS to

 APACHE2_OPTS="-D STATUS"

Now you have to restart your webserver.

Note: Not all FLAGS which are currently listet in the apache2.options file are ready for use. It might be possible that this changed within the next release.


SSL Support

Open the file "/usr/nekoware/etc/apache2.options" with an editor and set APACHE2_OPTS to

 APACHE2_OPTS="-D STATUS -D SSL"

Now you have to restart your webserver with the following command or otherwise try a "stop" and "start".

 ~ $ fuser 443/tcp
     443/tcp:   257209o  257277o  257268o  257250o  257272o  257271o

Start a webbrowser and insert https://localhost/ into the addressbar. If all goes right you will get a warning, that the SSL certificate isn't signed from a known authority. If you also use a different hostname than "localhost", like your IP or the FQDN from above, you get a 2nd warning about a wrong common name, which doesn't match with the hostname. Don't worry about that, it's the normal behavior when using a self-signed SSL certificate.


Create a self-signed SSL certificate

Not written yet.


Expand the Environment

Add the "bin" and "man" directory to the path environment variables.

 ~ $ export PATH=$PATH:/usr/nekoware/apache2/bin
 ~ $ export MANPATH=$MANPATH:/usr/nekoware/apache2/man

It depends on your shell if you have to insert this into a .profile(bash), .cshrc or .tcshrc. For a system-wide setup look into "/etc/".


Create a Virtual Host

If you want to serve more than one web-application, each within its own environment, you can create a virtual host. There is name based or IP based virtual host support in Apache. In this example we are using the name based support which allows us to setup different Vhosts on a single IP address.

In the "/usr/nekoware/etc/apache2" diretory create a new directory called "vhosts" and place a file which is named "010_www.example.com_80.conf" into. The "010" is only used as a prefix and the "_80" as a suffix. It shows us that this is a config for a normal HTTP Host and not one for HTTPS. If you create a 2nd. Vhost just name it "020_www.anotherexample.com_80.conf".

 <VirtualHost *:80>
     ServerAdmin email@example.com
     DocumentRoot /data/http/www.example.com/htdocs
     ServerName example.com
     ServerAlias *.example.com
     ErrorLog /data/http/www.example.com/logs/error.log
     CustomLog /data/http/www.example.com/logs/access.log combined
     Alias /usage "/data/http/www.example.com/usage"
     <Directory "/data/http/www.example.com/htdocs">
         Options Indexes ExecCGI
         AllowOverride AuthConfig Limit
     </Directory>
     
     ScriptAlias /cgi-bin/ "/data/http/www.example.com/cgi-bin/"
     <Directory "/data/http/www.example.com/cgi-bin">
         AllowOverride None
         Options FollowSymlinks ExecCGI
         Order allow,deny
         Allow from all
     </Directory>
 
     <IfModule mod_php5.c>
         php_admin_flag engine on
         php_admin_flag safe_mode on
         php_admin_value session.save_path /data/http/www.example.com/tmp
         php_admin_value open_basedir "/data/http/www.example.com:/usr/nekoware/php5/lib/php:/tmp"
         php_admin_value doc_root /data/http/www.example.com
         php_admin_value upload_tmp_dir /data/http/www.example.com/tmp
         php_admin_value error_log /data/http/www.example.com/logs/php_error.log
         php_admin_value upload_max_filesize 10M
         php_admin_value post_max_size 10M
     </IfModule>
 </VirtualHost>

Create the necessary directorys

 ~ $ mkdir -p /data/http/www.example.com/htdocs
 ~ $ mkdir -p /data/http/www.example.com/logs
 ~ $ mkdir -p /data/http/www.example.com/cgi-bin
 ~ $ mkdir -p /data/http/www.example.com/usage
 ~ $ mkdir -p /data/http/www.example.com/tmp

The Apache User needs permission to the cgi-bin, tmp and htdocs directory. In the example from above we created a configuration file for a virtual host which can be reached under http://example.com, http://www.example.com, http://www1.example.com or every other random hostname. The documentroot is placed under "/data/http/www.example.com/htdocs". For the access.log the "combined" format is used because it holds more information than the default one. Executing of CGIs is allowed within the htdocs and the cgi-bin directory. If there is no index.* file in a directory the Apache generates a listing.

Note: Showing a directory-listing may be a security problem

Within the htdocs directory the user can override the configuration by using ".htaccess" files. Only directives which are part of the "AuthConf" or "Limit" group are allowed for use in ".htaccess" files. This is usefull if you would like to restrict access to a diretory to a special user or group.

For the upcomming example of creating webstatistics we have created a special "usage" directory which is originaly not located under the htdocs directory. It can be accessed through a URL like http://www.example.com/usage/ .

If Apache2 has loaded the module "mod_php5.c", the settings between the <IfModule ...> take effect. But we don't take care of that at the moment.

Now we only need to tell our Apache that we would like to use name-based vhosts and to load the additional settings from the extra file.

For the first one change in httpd.conf the

 #NameVirtualHost *:80

to

 NameVirtualHost *:80

You'll find the NameVirtualHost directive at the bottom of the configuration file. After that insert

 include ../etc/apache2/vhosts/*.conf to the bottom line.

The last command includes the content from all *.conf files which are located under "/usr/nekoware/etc/apache2/vhosts" into the main configuration.

After these changes you have to reboot Apache. The first virtual Host replaces the webserver from the main config which normaly uses "/usr/nekoware/apache2/htdocs".

Troubleshooting

If something goes wrong take a look into the error log which is located under "/usr/nekoware/apache2/logs". If you would like to start the httpd directly and not with the help of the initscript perform the following:

 ~ $ cd /usr/nekoware/apache2/bin
 ~ $ ./httpd -f /usr/nekoware/etc/apache2/httpd.conf

Address already in use

The process can't bind to the given port address because another one uses it allready. This happens if there is a webserver which already is up and running or your Apache doesn't shutdown cleanly. Especially when having SSL hosts, too, it takes some time until the port is available again. Use the "fuser 443/tcp" command to see if there are processes left.


Warning: DocumentRoot

 Warning: DocumentRoot [/data/http/www.example.com/THdocs] does not exist

You have specified a wrong path which doesnt exists.


Webstats

Not written yet.

Compiling

As in general for most of the nekoware packages the MIPSpro Compiler 7.4.x has been used.

The package comes with all standard modules as shared versions. Support for SSL and some modules which are currently marked as experimental or extra is also included.

Module Description
mod_proxy HTTP/1.1 proxy/gateway server
mod_dav distributed authoring and versioning (WebDAV) functionality
mod_deflate compress content before it is delivered to the client
mod_disk_cache content cache storage manager keyed to URIs
mod_mem_cache content cache keyed to URIs
mod_ext_filter pass the response body through an external program before delivery to the client
mod_ssl strong cryptography using the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols

Keep notice that support for suexec isnt included!

Environment

 ~ $ export CC=cc
 ~ $ export CFLAGS='-O3 -mips4 -I/usr/nekoware/include -OPT:Olimit=0:roundoff=3  -TARG:platform=IP35:proc=r14000'
 ~ $ export CXXFLAGS=$CFLAGS
 ~ $ export CPPFLAGS='-I/usr/nekoware/include'
 ~ $ export CXX=CC
 ~ $ export F77=f77
 ~ $ export LDFLAGS='-L/usr/nekoware/lib'
 ~ $ export PKG_CONFIG=/usr/nekoware/bin/pkg-config
 ~ $ export PKG_CONFIG_PATH='/usr/nekoware/lib/pkgconfig'
 ~ $ export PKG_CONFIG_LIBDIR='/usr/nekoware/lib'
 ~ $ export LD_LIBRARY_PATH='/usr/nekoware/lib'
 ~ $ export LD_LIBRARYN32_PATH='/usr/nekoware/lib'
 ~ $ export LD_LIBRARY64_PATH='/usr/nekoware/lib64'
 ~ $ export GNOME2_DIR='/usr/nekoware'
 ~ $ export GNUMAKE='/usr/nekoware/bin/make'
 ~ $ export PATH=/usr/nekoware/bin:$PATH

Works only when using bash as your shell.

Configure

 ~ $ ./configure --with-z=/usr/nekoware --enable-mods-shared=all --enable-proxy --enable-dav  --enable-deflate
 --enable-disk-cache --enable-file-cache  --enable-mem-cache --enable-ext-filter --enable-ssl
 --with-ssl=/usr/nekoware --with-mpm=prefork --prefix=/usr/nekoware/apache
 --with-apr=/usr/nekoware/bin/apr-config --with-apr-util=/usr/nekoware  --sysconfdir=/usr/nekoware/etc/apache2
 ~ $ gmake && gmake install

Miscellaneous

Since version 2.0.61 some libtool magic always places "/usr/nekoware/lib" to the first location of the RPATH. This prevents apache2 to load its own libaprutil.so library which is bundled. Instead it finds the one in /usr/nekoware/lib which does not have support for gdbm and bailes out with a unresolvable symbol error. This was the reason to build the package with the need of a external APR.

The httpd.conf need some changes for a proper use.

  • error.log instead error_log
  • combined access.log
  • Port 8080
  • User and Group sets to nobody
  • A selfsigned SSL cert based on the common name "localhost" was created
  • <IfDefine FOO> for some modules

... and some more.

External Links