Beyond Linux^® From Scratch (systemd Edition) - Version 12.4

Chapter 20. Major Servers

Prev
Major Servers
Next
BIND-9.20.12
Up
Home

Apache-2.4.65

Introduction to Apache HTTPD

The Apache HTTPD package contains an open-source HTTP server. It is useful for creating local intranet web sites or running huge web serving operations.

This package is known to build and work properly using an LFS 12.4 platform.

Package Information

Download (HTTP): https://archive.apache.org/dist/httpd/httpd-2.4.65.tar.bz2
Download MD5 sum: 7274bb6fa215925fd697451a0f133483
Download size: 7.2 MB
Estimated disk space required: 88 MB
Estimated build time: 0.3 SBU (Using parallelism=4)

Additional Downloads

Required patch: https://www.linuxfromscratch.org/patches/blfs/12.4/httpd-blfs_layout-1.patch

Apache HTTPD Dependencies

Required

Apr-Util-1.6.3 and pcre2-10.45

Optional

Brotli-1.1.0, Doxygen-1.14.0, jansson-2.14.1, libxml2-2.14.5, Lua-5.4.8, Lynx-2.9.2 or Links-2.30 or ELinks, nghttp2-1.66.0, OpenLDAP-2.6.10 (Apr-Util-1.6.3 needs to be installed with ldap support), rsync-3.4.1, Berkeley DB (deprecated), and Distcache

Installation of Apache HTTPD

For security reasons, running the server as an unprivileged user and group is strongly encouraged. Create the following group and user using the following commands as root:

groupadd -g 25 apache &&
useradd -c "Apache Server" -d /srv/www -g apache \
        -s /bin/false -u 25 apache

Build and install Apache HTTPD by running the following commands:

patch -Np1 -i ../httpd-blfs_layout-1.patch             &&

sed '/dir.*CFG_PREFIX/s@^@#@' -i support/apxs.in       &&

sed -e '/HTTPD_ROOT/s:${ap_prefix}:/etc/httpd:'       \
    -e '/SERVER_CONFIG_FILE/s:${rel_sysconfdir}/::'   \
    -e '/AP_TYPES_CONFIG_FILE/s:${rel_sysconfdir}/::' \
    -i configure  &&

./configure --enable-authnz-fcgi                    \
            --enable-layout=BLFS                    \
            --enable-mods-shared="all cgi"          \
            --enable-mpms-shared=all                \
            --enable-suexec=shared                  \
            --with-apr=/usr/bin/apr-1-config        \
            --with-apr-util=/usr/bin/apu-1-config   \
            --with-suexec-bin=/usr/lib/httpd/suexec \
            --with-suexec-caller=apache             \
            --with-suexec-docroot=/srv/www          \
            --with-suexec-uidmin=100                \
            --with-suexec-userdir=public_html       \
            --with-suexec-logfile=/var/log/httpd/suexec.log &&
make

This package does not come with a test suite.

Now, as the root user:

make install  &&

mv -v /usr/sbin/suexec /usr/lib/httpd/suexec &&
chgrp apache           /usr/lib/httpd/suexec &&
chmod 4754             /usr/lib/httpd/suexec &&

chown -v -R apache:apache /srv/www

Command Explanations

sed '/dir.*CFG_PREFIX/s@^@#@'...: Forces the apxs utility to use absolute pathnames for modules, when instructed to do so.

sed -e '/HTTPD_ROOT/s ...: Fixes some paths.

--enable-authnz-fcgi: Build FastCGI authorizer-based authentication and authorization (mod_authnz_fcgi.so fast CGI module).

--enable-mods-shared="all cgi": The modules should be compiled and used as Dynamic Shared Objects (DSOs) so they can be included and excluded from the server using the run-time configuration directives.

--enable-mpms-shared=all: This switch ensures that all MPM (Multi Processing Modules) are built as Dynamic Shared Objects (DSOs), so the user can choose which one to use at runtime.

--enable-suexec: This switch enables building of the Apache suEXEC module which can be used to allow users to run CGI and SSI scripts under user IDs different from the user ID of the calling web server.

--with-suexec-*: These switches control suEXEC module behavior, such as default document root, minimal UID that can be used to run the script under the suEXEC. Please note that with minimal UID 100, you can't run CGI or SSI scripts under suEXEC as the apache user.

... /usr/lib/httpd/suexec: These commands put suexec wrapper into proper location, since it is not meant to be run directly. They also adjust proper permissions of the binary, making it setgid apache.

chown -R apache:apache /srv/www: By default, the installation process installs files (documentation, error messages, default icons, etc.) with the ownership of the user that extracted the files from the tar file. If you want to change the ownership to another user, you should do so at this point. The only requirement is that the document directories need to be accessible by the httpd process with (r-x) permissions and files need to be readable (r--) by the apache user.

Configuring Apache

Config Files

/etc/httpd/httpd.conf and /etc/httpd/extra/*

Configuration Information

See file:///usr/share/httpd/manual/configuring.html for detailed instructions on customising your Apache HTTP server configuration file.

There is no reason, at least for internet facing sites, not to use SSL encryption. Setting up a secured website does not cost anything except installing one additional small tool and a few minutes of configuration work. Use this guideline at https://wiki.linuxfromscratch.org/blfs/wiki/Securing_a_website to create world-wide accepted certificates and renew them on a regular basis.

Systemd Unit

If you want the Apache server to start automatically when the system is booted, install the httpd.service unit included in the blfs-systemd-units-20241211 package:

make install-httpd

Contents

Installed Programs: ab, apachectl, apxs, checkgid, dbmmanage, fcgistarter, htcacheclean, htdbm, htdigest, htpasswd, httpd, httxt2dbm, logresolve, and rotatelogs

Installed Libraries: Several libraries under /usr/lib/httpd/modules/

Installed Directories: /etc/httpd, /srv/www, /usr/include/httpd, /usr/lib/httpd, /usr/share/httpd, /var/log/httpd, and /var/run/httpd

Short Descriptions

ab	is a tool for benchmarking your Apache HTTP server
apachectl	is a front end to the Apache HTTP server which is designed to help the administrator control the functioning of the Apache httpd daemon
apxs	is a tool for building and installing extension modules for the Apache HTTP server
checkgid	is a program that checks whether it can setgid to the group specified. This is to see if it is a valid group for Apache2 to use at runtime. If the user (should be run as superuser) is in that group, or can setgid to it, it will return 0
dbmmanage	is used to create and update the DBM format files used to store usernames and passwords for basic authentication of HTTP users
fcgistarter	is a tool to start a FastCGI program
htcacheclean	is used to clean up the disk cache
htdbm	is used to manipulate the DBM password databases
htdigest	is used to create and update the flat-files used to store usernames, realms and passwords for digest authentication of HTTP users
htpasswd	is used to create and update the flat-files used to store usernames and passwords for basic authentication of HTTP users
httpd	is the Apache HTTP server program
httxt2dbm	is used to generate DBM files from text, for use in RewriteMap
logresolve	is a post-processing program to resolve IP-addresses in Apache's access log files
rotatelogs	is a simple program for use in conjunction with Apache's piped log file feature
suexec	allows users to run CGI and SSI applications as a different user

Prev
Major Servers
Next
BIND-9.20.12
Up
Home