Introduction to Apache HTTPD
The Apache HTTPD package contains
an open-source HTTP server. It is useful for creating local
intranet web sites or running huge web serving operations.
Note
Development versions of BLFS may not build or run some packages
properly if LFS or dependencies have been updated since the most
recent stable versions of the books.
Package Information
Additional Downloads
Apache HTTPD Dependencies
Required
Apr-Util-1.6.3 and pcre2-10.44
Optional
Brotli-1.1.0, Doxygen-1.12.0, jansson-2.14,
libxml2-2.13.4, Lua-5.4.7, Lynx-2.9.2 or Links-2.30 or
ELinks, nghttp2-1.64.0, OpenLDAP-2.6.8
(Apr-Util-1.6.3 needs to be installed with ldap
support), rsync-3.3.0, Berkeley
DB (deprecated), and Distcache
Installation of Apache HTTPD
For security reasons, running the server as an unprivileged user
and group is strongly encouraged. Create the following group and
user using the following commands as root
:
groupadd -g 25 apache &&
useradd -c "Apache Server" -d /srv/www -g apache \
-s /bin/false -u 25 apache
Build and install Apache HTTPD by
running the following commands:
patch -Np1 -i ../httpd-2.4.62-blfs_layout-1.patch &&
sed '/dir.*CFG_PREFIX/s@^@#@' -i support/apxs.in &&
sed -e '/HTTPD_ROOT/s:${ap_prefix}:/etc/httpd:' \
-e '/SERVER_CONFIG_FILE/s:${rel_sysconfdir}/::' \
-e '/AP_TYPES_CONFIG_FILE/s:${rel_sysconfdir}/::' \
-i configure &&
sed -e '/encoding.h/a # include <libxml/xmlstring.h>' \
-i modules/filters/mod_xml2enc.c &&
./configure --enable-authnz-fcgi \
--enable-layout=BLFS \
--enable-mods-shared="all cgi" \
--enable-mpms-shared=all \
--enable-suexec=shared \
--with-apr=/usr/bin/apr-1-config \
--with-apr-util=/usr/bin/apu-1-config \
--with-suexec-bin=/usr/lib/httpd/suexec \
--with-suexec-caller=apache \
--with-suexec-docroot=/srv/www \
--with-suexec-logfile=/var/log/httpd/suexec.log \
--with-suexec-uidmin=100 \
--with-suexec-userdir=public_html &&
make
This package does not come with a test suite.
Now, as the root
user:
make install &&
mv -v /usr/sbin/suexec /usr/lib/httpd/suexec &&
chgrp apache /usr/lib/httpd/suexec &&
chmod 4754 /usr/lib/httpd/suexec &&
chown -v -R apache:apache /srv/www
Command Explanations
sed
'/dir.*CFG_PREFIX/s@^@#@'...: Forces the
apxs utility to use absolute
pathnames for modules, when instructed to do so.
sed -e '/HTTPD_ROOT/s
...: Fixes some paths.
sed -e '/encoding.h/a
...; Fix building against libxml-2.12.x.
--enable-authnz-fcgi
: Build
FastCGI authorizer-based authentication and authorization
(mod_authnz_fcgi.so fast CGI module).
--enable-mods-shared="all
cgi"
: The modules should be compiled and used as
Dynamic Shared Objects (DSOs) so they can be included and excluded
from the server using the run-time configuration directives.
--enable-mpms-shared=all
:
This switch ensures that all MPM (Multi Processing Modules) are
built as Dynamic Shared Objects (DSOs), so the user can choose
which one to use at runtime.
--enable-suexec
: This
switch enables building of the Apache suEXEC module which can be used to
allow users to run CGI and SSI scripts under user IDs different
from the user ID of the calling web server.
--with-suexec-*
: These
switches control suEXEC module behavior, such as default document
root, minimal UID that can be used to run the script under the
suEXEC. Please note that with minimal UID 100, you can't run CGI or
SSI scripts under suEXEC as the apache
user.
...
/usr/lib/httpd/suexec: These commands put
suexec wrapper into
proper location, since it is not meant to be run directly. They
also adjust proper permissions of the binary, making it setgid
apache
.
chown -R apache:apache
/srv/www: By default, the installation process
installs files (documentation, error messages, default icons, etc.)
with the ownership of the user that extracted the files from the
tar file. If you want to change the ownership to another user, you
should do so at this point. The only requirement is that the
document directories need to be accessible by the httpd process with (r-x)
permissions and files need to be readable (r--) by the apache
user.
Configuring Apache
Config Files
/etc/httpd/httpd.conf
and
/etc/httpd/extra/*
Configuration Information
See file:///usr/share/httpd/manual/configuring.html
for detailed instructions on customising your Apache HTTP server configuration file.
There is no reason, at least for internet facing sites, not to
use SSL encryption. Setting up a secured website does not cost
anything except installing one additional small tool and a few
minutes of configuration work. Use this guideline at https://wiki.linuxfromscratch.org/blfs/wiki/Securing_a_website
to create world-wide accepted certificates and renew them on a
regular basis.
Systemd Unit
If you want the Apache server to
start automatically when the system is booted, install the
httpd.service
unit included in the blfs-systemd-units-20240916 package:
make install-httpd