Tuesday, April 10, 2012

Compile Apache on Linux

This blog has been moved to http://geekaider.com

Apache is a featureful and open-source web server for Windows and Linux.
There are two ways of installing Apache on Linux:
  1. Install by RPM
  2. Install by compiling the source
To install Apache RPM one may use yum install <package name> or rpm -ivh <rpm file name> commands.
But to install Apache by compiling it from source code requires more attention. Compiling of any software on Linux usually has 3 steps:
  1. Download, unzip and Configure
  2. Make
  3. Make all
Download httpd-2.2.11.tar or the latest available version

Unzip httpd-2.2.11.tar
tar xvfz httpd-2.2.11.tar.gz
cd httpd-2.2.11
ls
Compile Apache
./configure --prefix=/usr/local/apache2211 --enable-mods-shared=most --enable-ssl
Prefix option specifies the directory in which Apache will be installed. Default value for this option is /usr/local/apache2. This directory will be created if not already exists.

 Enable-mods-shared option specifies that Apache will be installed with MOST commonly used modules.
Other option could be enable-mods-shared=all which will compile all available Apache modules.

To be noted that these modules will be loaded as DSO. Dynamic Shared Object a.k.a. DSO are such modules which could be loaded into memory as and when needed. This reduces load on server by loading module into memory only if it is required.

Threading is another option used widely to reduce load on server. Threaded Apache server can respond to large number of request as compared to process based(pre-forked) Apache server. To enable threading in Apache MPM module is used. Multi Processing Module a.k.a. MPM can be enabled by using --with-mpm=worker along with ./configure command described above.

To learn more configuration options go to Apache Documentation page or run command ./configure --help

If the above command fails, always run "make clean" before moving on to next step.
If the above command shows error related to "libapr", the reason could be missing apr and apr-utils package. Install apr and apr-utils rpm then try running command again.
If the above command fails with "SSL Protocol error", the reason could be missing openssl package. Install openssl rpm then try running command again.

Make binary files
make
Install binary files
make install
The main configuration file for Apache is located at /usr/local/apache2211/conf/httpd.conf
There are several important options in Apache configuration file which can be modified according to the requirement. Like;
To run Apache on non-default port modify following parameter in httpd.conf:
Listen 80
To re-write all requests hitting on HTTP to HTTPS modify following parameter in httpd.conf:
<Directory />
    Options FollowSymLinks
    RewriteEngine On
    RewriteCond %{HTTPS} off
    RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
    AllowOverride None
    Order deny,allow
    Deny from all
</Directory>
Apache will default load index.html file from /usr/local/apache2211/htdocs directory. To change this file, modify following parameter in httpd.conf:
DirectoryIndex index.html
You can optionally add following lines to the bottom of /usr/local/apache2211/conf/httpd.conf file. These settings will enable server status page (For example http://www.example.com/server-status)
ExtendedStatus On
<Location /server-status>
SetHandler server-status
Order Deny,Allow
Allow from all
</Location>
If MPM is enabled, remove the comment in httpd.conf file from the line containing /usr/local/apache2211/conf/extras/httpd-mpm.conf. Then modify mpm configuration file located at /usr/local/apache2211/conf/extras/httpd-mpm.conf.
Following are the unofficial 'rules' for configuring MPM:
MaxClients = ServerLimit x ThreadsPerChild
ThreadLimit = ThreadsPerChild
MaxSpareThread = MaxClients
Example, if an Apache is supposed to serve 384 clients simultaneously with 64 threads at a time, then
MaxClients = 384
MaxSpare Thread = 384
ThreadLimit = 64
ThreadsPerChild = 64
ServerLimit = MaxClients / ThreadsPerChild = 384 / 64 = 6

Using these values modify httpd-mpm.conf as below:
<IfModule mpm_worker_module>
 ServerLimit 6
 StartServers 2
 MaxClients 384
 MinSpareThreads 25
 MaxSpareThreads 384
 ThreadsPerChild 64
 MaxRequestsPerChild 0
 ThreadLimit 64
</IfModule>
If there is a need SSL can be enabled on Apache by removing comment from line containing "Include conf/extra/httpd-ssl.conf" in httpd.conf. Then modify SSL configuration file located at /usr/local/apache2211/conf/extra/httpd-ssl.conf.
Following are the important parameters needed to be modified in httpd-ssl.conf:
The path of SSL Certificate File (obtained by Certification Authority or self signed)
SSLCertificateFile "/usr/local/apache2211/conf/ssl-crt/www.example.com-dsa.cer"
The path of Key file (obtained by Certification Authority or self signed)
SSLCertificateKeyFile "/usr/local/apache2211/conf/ssl-crt/www.example.com-dsa.key"
The path of Certification Authority root bundle certificate (obtained by Certification Authority)
SSLCACertificateFile "/usr/local/apache2211/conf/ssl.crt/ca-bundle.cer"
 Start Apache service
/usr/local/apache2211/bin/apachectl -k start
Other popular options available with apachectl are discussed below:
It is always good to check for syntax errors in Apache configuration before starting service
/usr/local/apache2211/bin/apachectl -t
Stop Apache service
/usr/local/apache2211/bin/apachectl -k stop
Restart Apache service
/usr/local/apache2211/bin/apachectl -k restart
Restart Apache service gracefully. This will not terminate open client sessions. It is very useful in production environment where Apache could be restarted without affecting client's sessions.
/usr/local/apache2211/bin/apachectl -k graceful
Check version of the installed Apache
/usr/local/apache2211/bin/apachectl -v
Check version, architecture (32 or 64 bit) and module details of the installed Apache
/usr/local/apache2211/bin/apachectl -V
List all the available modules
/usr/local/apache2211/bin/apachectl -l
To make sure that Apache starts in runlevel 3 & 5 after server reboot create symbolic links in rcX directories.
ln -s /usr/local/apache2211/bin/apachectl /etc/init.d/httpd
ln -s /etc/init.d/httpd /etc/rc0.d/K37httpd
ln -s /etc/init.d/httpd /etc/rc1.d/K37httpd
ln -s /etc/init.d/httpd /etc/rc2.d/S63httpd
ln -s /etc/init.d/httpd /etc/rc3.d/S63httpd
ln -s /etc/init.d/httpd /etc/rc4.d/S63httpd
ln -s /etc/init.d/httpd /etc/rc5.d/S63httpd
ln -s /etc/init.d/httpd /etc/rc6.d/K37httpd
Verify the apache installation by browsing http://www.example.com/server-status or http://localhost/server-status. Verify https://www.example.com if SSL was enabled in httpd-ssl.conf.

Configure LogRotate for newly installed Apache, this is must on production environments because avoiding this step will lead the Apache access & error log files to grow in GBs\!
Here the log rotate policy will rotate and zip file daily up to 30 days and restart service after each rotation
Create Logrotate configuration file for apache
vi /etc/logrotate.d/httpdcordys
/usr/local/apache2211/logs/*log {
daily
missingok
rotate 30
compress
notifempty
sharedscripts
postrotate
/usr/local/apache2211/bin/apachectl -k graceful > /dev/null 2>/dev/null || true
endscript
}
Test the rotation by running logrotate once
logrotate -f /etc/logrotate.d/httpdcordys
ls -lr /usr/local/apache2211/logs
Posted by at
Labels: ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)