Introduction to Apache HTTPD
The Apache HTTPD package contains an open-source HTTP server. It is useful for creating local intranet web sites or running huge web serving operations.
Note
Development versions of BLFS may not build or run some packages properly if LFS or dependencies have been updated since the most recent stable versions of the books.
Package Information
Additional Downloads
Apache HTTPD Dependencies
Required
Apr-Util-1.6.3 and pcre2-10.42
Optional
Brotli-1.1.0, Doxygen-1.10.0, jansson-2.14, libxml2-2.12.4, Lua-5.4.6, Lynx-2.8.9rel.1 or Links-2.29 or ELinks, nghttp2-1.58.0, OpenLDAP-2.6.6 (Apr-Util-1.6.3 needs to be installed with ldap support), rsync-3.2.7, Berkeley DB (deprecated), and Distcache
Installation of Apache HTTPD
For security reasons, running the server as an unprivileged user and group is strongly encouraged. Create the following group and user using the following commands as root
:
groupadd -g 25 apache &&
useradd -c "Apache Server" -d /srv/www -g apache \
-s /bin/false -u 25 apache
Build and install Apache HTTPD by running the following commands:
patch -Np1 -i ../httpd-2.4.58-blfs_layout-1.patch &&
sed '/dir.*CFG_PREFIX/s@^@#@' -i support/apxs.in &&
sed -e '/HTTPD_ROOT/s:${ap_prefix}:/etc/httpd:' \
-e '/SERVER_CONFIG_FILE/s:${rel_sysconfdir}/::' \
-e '/AP_TYPES_CONFIG_FILE/s:${rel_sysconfdir}/::' \
-i configure &&
sed -e '/encoding.h/a # include <libxml/xmlstring.h>' \
-i modules/filters/mod_xml2enc.c &&
./configure --enable-authnz-fcgi \
--enable-layout=BLFS \
--enable-mods-shared="all cgi" \
--enable-mpms-shared=all \
--enable-suexec=shared \
--with-apr=/usr/bin/apr-1-config \
--with-apr-util=/usr/bin/apu-1-config \
--with-suexec-bin=/usr/lib/httpd/suexec \
--with-suexec-caller=apache \
--with-suexec-docroot=/srv/www \
--with-suexec-logfile=/var/log/httpd/suexec.log \
--with-suexec-uidmin=100 \
--with-suexec-userdir=public_html &&
make
This package does not come with a test suite.
Now, as the root
user:
make install &&
mv -v /usr/sbin/suexec /usr/lib/httpd/suexec &&
chgrp apache /usr/lib/httpd/suexec &&
chmod 4754 /usr/lib/httpd/suexec &&
chown -v -R apache:apache /srv/www
Command Explanations
sed '/dir.*CFG_PREFIX/s@^@#@'...: Forces the apxs utility to use absolute pathnames for modules, when instructed to do so.
sed -e '/HTTPD_ROOT/s ...: Fixes some paths.
sed -e '/encoding.h/a ...; Fix building against libxml-2.12.x.
--enable-authnz-fcgi
: Build FastCGI authorizer-based authentication and authorization (mod_authnz_fcgi.so fast CGI module).
--enable-mods-shared="all cgi"
: The modules should be compiled and used as Dynamic Shared Objects (DSOs) so they can be included and excluded from the server using the run-time configuration directives.
--enable-mpms-shared=all
: This switch ensures that all MPM (Multi Processing Modules) are built as Dynamic Shared Objects (DSOs), so the user can choose which one to use at runtime.
--enable-suexec
: This switch enables building of the Apache suEXEC module which can be used to allow users to run CGI and SSI scripts under user IDs different from the user ID of the calling web server.
--with-suexec-*
: These switches control suEXEC module behavior, such as default document root, minimal UID that can be used to run the script under the suEXEC. Please note that with minimal UID 100, you can't run CGI or SSI scripts under suEXEC as the apache
user.
... /usr/lib/httpd/suexec: These commands put suexec wrapper into proper location, since it is not meant to be run directly. They also adjust proper permissions of the binary, making it setgid apache
.
chown -R apache:apache /srv/www: By default, the installation process installs files (documentation, error messages, default icons, etc.) with the ownership of the user that extracted the files from the tar file. If you want to change the ownership to another user, you should do so at this point. The only requirement is that the document directories need to be accessible by the httpd process with (r-x) permissions and files need to be readable (r--) by the apache
user.
Configuring Apache
Config Files
/etc/httpd/httpd.conf
and /etc/httpd/extra/*
Configuration Information
See file:///usr/share/httpd/manual/configuring.html for detailed instructions on customising your Apache HTTP server configuration file.
There is no reason, at least for internet facing sites, not to use SSL encryption. Setting up a secured website does not cost anything except installing one additional small tool and a few minutes of configuration work. Use this guideline at https://wiki.linuxfromscratch.org/blfs/wiki/Securing_a_website to create world-wide accepted certificates and renew them on a regular basis.
Boot Script
If you want the Apache server to start automatically when the system is booted, install the /etc/rc.d/init.d/httpd
init script included in the blfs-bootscripts-20231119 package:
make install-httpd