Apache-2.4.62

Introduction to Apache HTTPD

The Apache HTTPD package contains an open-source HTTP server. It is useful for creating local intranet web sites or running huge web serving operations.

[Note]

Note

Development versions of BLFS may not build or run some packages properly if LFS or dependencies have been updated since the most recent stable versions of the books.

Package Information

Additional Downloads

Apache HTTPD Dependencies

Required

Apr-Util-1.6.3 and pcre2-10.44

Optional

Brotli-1.1.0, Doxygen-1.12.0, jansson-2.14, libxml2-2.13.4, Lua-5.4.7, Lynx-2.9.2 or Links-2.30 or ELinks, nghttp2-1.64.0, OpenLDAP-2.6.8 (Apr-Util-1.6.3 needs to be installed with ldap support), rsync-3.3.0, Berkeley DB (deprecated), and Distcache

Installation of Apache HTTPD

For security reasons, running the server as an unprivileged user and group is strongly encouraged. Create the following group and user using the following commands as root:

groupadd -g 25 apache &&
useradd -c "Apache Server" -d /srv/www -g apache \
        -s /bin/false -u 25 apache

Build and install Apache HTTPD by running the following commands:

patch -Np1 -i ../httpd-2.4.62-blfs_layout-1.patch             &&

sed '/dir.*CFG_PREFIX/s@^@#@' -i support/apxs.in              &&

sed -e '/HTTPD_ROOT/s:${ap_prefix}:/etc/httpd:'       \
    -e '/SERVER_CONFIG_FILE/s:${rel_sysconfdir}/::'   \
    -e '/AP_TYPES_CONFIG_FILE/s:${rel_sysconfdir}/::' \
    -i configure  &&

sed -e '/encoding.h/a # include <libxml/xmlstring.h>' \
    -i modules/filters/mod_xml2enc.c  &&

./configure --enable-authnz-fcgi                              \
            --enable-layout=BLFS                              \
            --enable-mods-shared="all cgi"                    \
            --enable-mpms-shared=all                          \
            --enable-suexec=shared                            \
            --with-apr=/usr/bin/apr-1-config                  \
            --with-apr-util=/usr/bin/apu-1-config             \
            --with-suexec-bin=/usr/lib/httpd/suexec           \
            --with-suexec-caller=apache                       \
            --with-suexec-docroot=/srv/www                    \
            --with-suexec-logfile=/var/log/httpd/suexec.log   \
            --with-suexec-uidmin=100                          \
            --with-suexec-userdir=public_html                 &&
make

This package does not come with a test suite.

Now, as the root user:

make install  &&

mv -v /usr/sbin/suexec /usr/lib/httpd/suexec &&
chgrp apache           /usr/lib/httpd/suexec &&
chmod 4754             /usr/lib/httpd/suexec &&

chown -v -R apache:apache /srv/www

Command Explanations

sed '/dir.*CFG_PREFIX/s@^@#@'...: Forces the apxs utility to use absolute pathnames for modules, when instructed to do so.

sed -e '/HTTPD_ROOT/s ...: Fixes some paths.

sed -e '/encoding.h/a ...; Fix building against libxml-2.12.x.

--enable-authnz-fcgi: Build FastCGI authorizer-based authentication and authorization (mod_authnz_fcgi.so fast CGI module).

--enable-mods-shared="all cgi": The modules should be compiled and used as Dynamic Shared Objects (DSOs) so they can be included and excluded from the server using the run-time configuration directives.

--enable-mpms-shared=all: This switch ensures that all MPM (Multi Processing Modules) are built as Dynamic Shared Objects (DSOs), so the user can choose which one to use at runtime.

--enable-suexec: This switch enables building of the Apache suEXEC module which can be used to allow users to run CGI and SSI scripts under user IDs different from the user ID of the calling web server.

--with-suexec-*: These switches control suEXEC module behavior, such as default document root, minimal UID that can be used to run the script under the suEXEC. Please note that with minimal UID 100, you can't run CGI or SSI scripts under suEXEC as the apache user.

... /usr/lib/httpd/suexec: These commands put suexec wrapper into proper location, since it is not meant to be run directly. They also adjust proper permissions of the binary, making it setgid apache.

chown -R apache:apache /srv/www: By default, the installation process installs files (documentation, error messages, default icons, etc.) with the ownership of the user that extracted the files from the tar file. If you want to change the ownership to another user, you should do so at this point. The only requirement is that the document directories need to be accessible by the httpd process with (r-x) permissions and files need to be readable (r--) by the apache user.

Configuring Apache

Config Files

/etc/httpd/httpd.conf and /etc/httpd/extra/*

Configuration Information

See file:///usr/share/httpd/manual/configuring.html for detailed instructions on customising your Apache HTTP server configuration file.

There is no reason, at least for internet facing sites, not to use SSL encryption. Setting up a secured website does not cost anything except installing one additional small tool and a few minutes of configuration work. Use this guideline at https://wiki.linuxfromscratch.org/blfs/wiki/Securing_a_website to create world-wide accepted certificates and renew them on a regular basis.

Systemd Unit

If you want the Apache server to start automatically when the system is booted, install the httpd.service unit included in the blfs-systemd-units-20240916 package:

make install-httpd

Contents

Installed Programs: ab, apachectl, apxs, checkgid, dbmmanage, fcgistarter, htcacheclean, htdbm, htdigest, htpasswd, httpd, httxt2dbm, logresolve, and rotatelogs
Installed Libraries: Several libraries under /usr/lib/httpd/modules/
Installed Directories: /etc/httpd, /srv/www, /usr/include/httpd, /usr/lib/httpd, /usr/share/httpd, /var/log/httpd, and /var/run/httpd

Short Descriptions

ab

is a tool for benchmarking your Apache HTTP server

apachectl

is a front end to the Apache HTTP server which is designed to help the administrator control the functioning of the Apache httpd daemon

apxs

is a tool for building and installing extension modules for the Apache HTTP server

checkgid

is a program that checks whether it can setgid to the group specified. This is to see if it is a valid group for Apache2 to use at runtime. If the user (should be run as superuser) is in that group, or can setgid to it, it will return 0

dbmmanage

is used to create and update the DBM format files used to store usernames and passwords for basic authentication of HTTP users

fcgistarter

is a tool to start a FastCGI program

htcacheclean

is used to clean up the disk cache

htdbm

is used to manipulate the DBM password databases

htdigest

is used to create and update the flat-files used to store usernames, realms and passwords for digest authentication of HTTP users

htpasswd

is used to create and update the flat-files used to store usernames and passwords for basic authentication of HTTP users

httpd

is the Apache HTTP server program

httxt2dbm

is used to generate DBM files from text, for use in RewriteMap

logresolve

is a post-processing program to resolve IP-addresses in Apache's access log files

rotatelogs

is a simple program for use in conjunction with Apache's piped log file feature

suexec

allows users to run CGI and SSI applications as a different user