Chapter 3

Installing and Configuring HTTPD for UNIX

• Apache
  • Compiling Apache
  • Configuration
  • Running Apache

If your site is running UNIX and looking for a free Web server, then you are probably looking for Apache. Apache is currently the most popular free server for UNIX machines. It is also a drop in replacement for the Web server from NCSA.

Apache runs on most versions of UNIX and comes in source code form so it can be easily compiled for other platforms. Having source code also makes it easy for a programmer to make changes to the program.

In this chapter, you will learn the following:

• The hardware and software requirements
• Where to get Apache
• How to build Apache from source code
• How to configure the Apache server
• How to test and troubleshoot the Web server

Apache

Apache is a high performance UNIX based httpd server. It is developed by the Apache Group and is available free of charge under the normal free software terms.

Apache is a drop in replacement for NCSA httpd server. If you are already running NCSA, you can simply compile Apache and replace the httpd binary from NCSA with the new Apache binary.

Apache comes in source form and can be compiled on many platforms such as, AIX, HPUX, IRIX, Linux, SCO UNIX, SunOS, NeXT, BSDI, FreeBSD, and Solaris.

There is also a version of Apache for OS/2. It is available from SoftLink Services (http://www.slink.com). There is also a version of Apache that supports Secure Sockets Layer, called ApacheSSL. It is available from Community Connexion (http://apachessl.c2.org).

Apache is currently one of the leading UNIX Web servers. NCSA httpd can be installed using almost the same instructions as the Apache httpd. These instructions along with the NCSA documentation will allow you to install that server as well. There are also other UNIX Web servers, that have similar instructions for installing, by using this chapter in conjunction with the instructions that come with the other servers you should have no problem installing them.

You can download Apache from many sites including:

• http://www.apache.org
• http://sunsite.doc.ic.ac.uk/packages/
• http://www.ukweb.com/apache/

Once you have the file saved, you need to unzip and untar it to get at the files. The filename should be apache_1.1.tar.gz. To unzip the file you use the program gunzip. The syntax is "gunzip apache_1.1.tar.gz", this will create a file called apache_1.1.tar. This tar file can be untarred using "tar xvf apache_1.1.tar". This will extract the files into a directory called apache_1.1. CD.

Compiling Apache

It is recommended that you use gcc for compilation though any ANSI C compiler should work. If you need gcc, it is available from the GNU archives at ftp://prep.ai.mit.edu/pub/gnu.

The first step in building Apache is to edit the configuration file. To start, cd into the src directory and copy "Configuration.tmpl" to "Configuration." This file contains compiler directives and other Makefile lines, such as CFLAGS, CC, and LFLAGS. These allow you to compile in options that are machine specific. This file is commented very well and by reading, you can easily set the right options for your system.

Module Definitions

After the Makefile rules come the module definitions. Apache is very customizable and you can add or remove modules that you don't want. By removing any unused modules you can have a very small, fast server.

The different modules vary depending on the release, but for the current release 1.1, the following basic modules are present:

• mime_module. This module is used to allow Apache to handle mime types.
• access_module. This is used to provide access restriction by IP address.
• auth_module. This module is used to perform basic authentication.
• negotiation_module. This module allows Apache to perform content negotiation.
• includes_module. This allows you to use Server Side Includes (SSI).
• dir_module. This module allows directory handling.
• cgi_module. This module is for CGI support.
• userdir_module. This is used to allow users to have HTTP directories.
• alias_module. This allows directory aliasing.
• common_log_module. This is used to handle the common log format.

These basic modules should probably be left in unless you are sure you do not need them. There are also some other useful modules that can be commented out if not being used. These include:

• asis_module. Used for ASIS files. ASIS files are files that should be sent just as they are. They can be used to send different HTTP headers.
• imap_module. This allows server side imagemaps.
• action_module. This is used to allow the server to perform certain actions on a set of files. For example you could force Apache to append a footer to every html file. See also the Action and AddHandler directives in the srm.conf file.
• cern_meta_module. This can be used to send additional HTTP headers.
• env_module. This is used to pass environment variables to scripts such as CGI scripts or Server Side Includes.
• cookies_module. This is used to handle Netscape style cookies. Cookies can be used to track status through a Web site or to store information on a user.
• status_module. This is used to allow the server to display details on how well it is performing and what it is doing. You might also want to add DSTATUS in the Configuration file.
• dbm_auth_module. This is used to allow authorization using DBM files instead of ASCII files.
• db_auth_module. This is another authorization file format.
• msql_auth_module. Yet another authorization file format. This allows you to store the passwords and usernames in a Microsoft SQL server.
• agent_log_module. Used to be compatible with NCSA. This adds the user_agent to the log file.
• referrer_log_module. Also used to keep compatible with NCSA. This logs the HTTP_REFERRER variable to the log file.

There are also experimental modules. These are probably okay if you are running a test server and like debugging programs. For a server that people are depending on though these probably should be used sparingly.

After Configure finishes, typing make will build Apache. This may take a few minutes. If you get any errors during the compiling or linking phase you will need to fix them before trying to run Apache.

Once Apache finishes building you should end up with a binary file called httpd. If you are switching from NCSA httpd to Apache you can simply copy this file over your existing one and restart.

If you are installing Apache from scratch, there are a few things you need to do before you can test it out.

• Create the ServerRoot directory. This is usually /usr/local/etc/httpd. You need to create the following directories under that tree. "conf," "htdocs," "cgi-bin," "logs", and "icons."
• Copy the files in the conf distribution directory to the ServerRoot/conf files. Rename them so they don't have the "-dist" ending. You should end up with access.conf, httpd.conf, mime.types, and srm.conf.
• Edit httpd.conf and set the different attributes such as port number and user. These are all covered in the Configuration section. Even more detail is available in the Apache documentation.
• Edit access.conf. If you are using a ServerRoot other than /usr/local/etc/httpd, you will need to make changes here since this tells Apache which services are allowed for each directory. It normally sets standard services to the directories under /usr/local/etc/httpd.
• You may also need to edit srm.conf if you aren't using the default ServerRoot. This file tells Apache how filesystem directories map to Web space. It defaults to having DocumentRoot set to /usr/local/etc/httpd/htdocs. You will also need to check any aliases that by default point to directories in /usr/local/etc/httpd.

Testing It Out

First create a "Home Page". This is simply an HTML file called index.html in the ServerRoot/htdocs directory. If you aren't familiar with HTML, then you can simply add this to the index.html file:

<HTML>
<HEAD>
<Title>It works!</TITLE>
</HEAD>
<BODY>
Apache is running!!!!
</BODY?
</HTML>

Start httpd, unless you changed the port in the httpd.conf file, it will run on port 80. This will require you to be logged in as root. If you receive any errors, go back and check your configuration files. Also check to make sure your httpd is running. On SunOS and BSD based UNIXes you can use "ps -aux | grep httpd" to see if the process is still running. On SystemV based UNIX versions you might need to use "ps -aef | grep httpd".

If it seems to be running OK, then point your Web browser to http://server/. You should see your index.html file displayed in your browser.

Apache logs errors to ServerRoot/logs/error_log. If you have problems you should check in this file to try to find the cause. ServerRoot normally is /usr/local/etc/httpd.

Configuration

In addition to the compile time module definitions and other compile time options, there are many runtime options that you need to decide on. These include running as a standalone server or via inetd, where the server should reside, how many processes to start, and many other options.

These options are covered in the next few sections. They are split up by file to make it easier to reference later.

access.conf file

The access.conf file defines what features are available to the users. It is defined on a directory by directory basis using directives.

A directory directive is made up of several lines. The first line must contain:

<Directory [directory/name]>

[directory/name] is the absolute path to the directory, for example /usr/local/etc/httpd/htdocs.

The directory directive ends with a line that looks like:

</Directory>

Inside these directives can be Options or Limit.

Options can be one of the following:

• None. No special options are available.
• All. All options except Multiviews are available.
• Indexes. This creates an automatic index of the directory, if the index.html file is missing.
• Includes. This allows files in this directory to have Server Side Includes.
• FollowSymLinks. Normally apache doesn't follow symbolic links. Using this option tells Apache to follow them.
• ExecCGI. Allow CGI programs to be run from this directory.
• MultiViews. This is used along with content negotiation to allow different views. This can be used to allow for different languages.

The Limit directive allows you to limit who can get what from this directory. This can be used to limit which IP addresses have access to this directory.

The Limit directive must start with a line like:

<Limit [access]>

[access] can be GET, PUT, POST, or DELETE.

The limit directive must end with:

</Limit>

Limit directives can contain:

• order. The order to parse the directive. The first match is used so the order can be important, if for example you allow 123.123.123.* and deny 123.123.123.4. You would want the order to be deny allow.
• allow. Which hosts are allowed access. These can be by hostname or IP address. Matching is supported so that .company.com can be used to match any machine in the company.com network. You can also use none or all.
• deny. Which hosts are denied access. This uses the same syntax and the same restrictions as the allow directive.

XBITHACK is used to tell Apache that text/html files with the owner execute bit set to be server parsed. To use XBITHACK you must have compiled with the -DXBITHACK flag set. There are three different options to XBITHACK:

• Off. This disables XBITHACK.
• On. This enables XBITHACK.
• Full. This tells Apache to send a Last-Modified header if the group execute bit is set.

AllowOveride tells Apache which options can be overridden by the .htaccess file. Uses the same names as Options. This can be used with the AuthConfig directive to allow authentication files and methods to be overridden on a per directory basis.

httpd.conf

The httpd.conf file describes the server process and other global parameters. It has directives for:

• ServerType. This is either standalone or inetd. If it is set to inetd then you need to define it in the /etc/inetd.conf file otherwise you need to define the Port directive. Inetd can be used to automatically start the server and can also be used with security packages, such as TCP_Wrappers, to restrict access and perform additional logging.
• Port. This is the port that httpd listens on. By default this is 80 but may be changed for security reasons.
• HostnameLookups. This is either on or off. If it is on, Apache logs client names, otherwise it logs the IP address. If your machine is really busy, this may cause a strain on your DNS servers, shutting this off may give you better performance.
• User. The UID httpd runs as. It must initially run as root to open port 80 but then switches to this user. For security reasons you should set this to a separate ID that basically has no permissions.
• Group. The group ID httpd will run under.
• ServerAdmin. This is the e-mail address of the server administrator. This is where problem notification should go.
• ServerRoot. This is the root directory for everything related to httpd. Normally /usr/local/etc/httpd. If you change this, you also need to make changes to srm.conf and access.conf
• BindAddress. This is used to tell Apache which IP address to listen on. It is used to support virtual hosts. * is valid and means listen on all interfaces.
• ErrorLog. Where the error log messages should go. If it is a relative name, ( no leading / ) then it is assumed to be relative from ServerRoot. Defaults to logs/error_log.
• TransferLog. Similar to ErrorLog. Tells Apache where the transfer log file should go. Defaults to logs/access_log.
• PidFile. Similar to ErrorLog. Tells Apache where to log its process ID number (pid). Defaults to logs/httpd.pid.
• ScoreBoardFile. This is used for internal process information. Defaults to log/apache_status.
• ServerName. This can be used to tell Apache to use a different hostname. For example to return www.server.com instead of the actual hostname. Must be a valid, fully qualified domain name (FQDN).
• CacheNegotiatedDocs. If this is uncommented, then any documents that have been negotiated can be cached. Normally negotiated documents aren't cached.
• Timeout. This is how long to wait for a send or receive message before giving up and timing out. Default is 400. If this is not in the file, the compile time default is 1200.
• KeepAlive. This tells Apache how many times a client can request to keep the connection open. Default is 5. If you set this to zero, then the KeepAlive option is disabled.
• MinSpareServers. Apache tries to keep a certain amount of servers running to keep up with sudden increases. This is the least amount of servers that will be waiting for a connection. Default is 5.
• MaxSpareServers. This is the maximum amount of spare servers that will be kept around. Default is 10.
• MaxClients. This is used to limit how many httpd processes there can be. This can help to keep your machine from being slowed to a crawl by a denial of service attack. Default is 150. If you expect more then 150 simultaneous users, this needs to be changed.
• MaxRequestsPerChild. Normally a child process will run forever but some machines have memory leaks that will eventually consume all available memory and crash the system. This tells Apache how many requests a process can handle before it is killed. Default is 30.
• ProxyRequests. This is either on or off. If it is on and uncommented, then Apache acts as a proxy server. Otherwise it does not.
• CacheRoot. This is used to enable caching as well as proxy support. This is the root directory for the cache files. Normally disabled.
• CacheSize. This is the size in Kb that the cache can use. Defaults to 5Kb. If you use caching you probably want to change this to something more reasonable like 100,000. (100MB)
• CacheGcInterval. The amount of time, in hours, before garbage
  collection runs. Garbage collection is used to keep the cache clean. Default is 4.
• CacheMaxExpire. This is the maximum time in hours before removing a document from the cache. Defaults to 24.
• CacheLastModifiedFactor. This is used to determine the expires date from the last modified date. The default is 0.1.
• CacheDefaultExpire. This is the default number of hours to keep a document in cache. Default is 1.
• Listen. Used to tell Apache to listen on another port as well as the default. Can be a port number or an IP address:port combination.
• Virtual Host. This is used to have one Apache server act as a server for different machines or domains. Anything that is valid in httpd.conf or srm.conf can be used in here.

srm.conf

The srm.conf file is used to tell Apache how to handle requests. It defines such things as user HTTP directories, icon definitions, and languages.

Some of the directives in srm.conf are:

• DocumentRoot. This tells Apache where to look when someone references /. It is usually /usr/local/etc/httpd/htdocs.
• UserDir. This is the name of the directory in users home directories look at when they are referenced. User home directories are normally referenced with a URL like "http://www.server.com/~username." The default name is public_html. So files in public_html in richc's home directory can be retrieved using the base URL "http://www.server.com/~richc."
• DirectoryIndex. This is used as the default page or index of a directory. If this is not present the user gets a list of the files in the directory. If this page exists, it is displayed. If there is more then one DirectoryIndex, they need to be separated by spaces. Apache will try to access each one starting at the first one and going until one is found.
• FancyIndexing is either on or off. This defines how the index is created if DirectoryIndex does not exist. Figure 3.1 shows an index using fancy indexing on.
  Figure 3.1 : Fancy indexing can be used to show more details.
• AddIcon. This is used to tell Apache what image to place next to the file to show what type of file it is. This is only used if FancyIndexing is on. The syntax is AddIcon [path/to/image] [ext1 ext2], for example AddIcon /images/text.gif .txt.
• DefaultIcon is the image file used if there is no AddIcon definition for a file type.
• AddDescription. This is a short text description of a file. It is used by the server when generating fancy indexes. The syntax is AddDescription "Descriptive text" filename.
• ReadmeName. This is the file that Apache will look for to use as the readme file. The syntax is ReadmeName filename. The default is README.
• HeaderName. This is the file that Apache prepends to directory indexes. The syntax is HeaderName filename. The default is HEADER.
• IndexIgnore. This is a set of filenames and wildcards, which should not show up in a server generated index.
• AccessFileName. This file allows users to override options set in the access.conf file. The default is .htaccess.
• DefaultType. If Apache can't figure out what type of file is being sent, it will send this mime-type. The default is text/plain.
• AddLanguage. This is used in content-negotiation. It defines which file extensions go with which languages. The syntax is AddLanguage [keyword] [suffix].
• LanguagePriority. This is also used in content-negotiation and is consulted in case there is a tie between two languages. This should be a list of languages, separated by spaces, starting with the most preferred.
• Redirect. This is used to tell clients that a document has moved. The syntax is Redirect [fakename] [url].
• Alias. This allows an alias for a filename. The syntax is Alias [fakename] [realname].
• ScriptAlias. This is an alias for a script directory. It uses the same syntax as Alias.
• AddType. Can be used to get around editing mime-types or to force a file to be a specific type.
• AddHandler. This can be used to pass off files with certain extensions to handlers. These handlers can be custom ones or standard handlers.
• Action. This can be used in conjunction with AddHandler to perform common functions to a file. For example to append a footer to html files you could add:

AddHandler footer-action html
Action footer-action /cgi-bin/footer

• This tells Apache when it sees a file with a "html" extension to also run the Action command which is "/cgi-bin/footer".
• ErrorDocument. This directive is used to customize error messages. They can be handled by plain text, local redirects, or external redirects.

Mime-Types

The mime-types file maps extensions to file types. These file types are then used on the client to assign a viewer to be used. There are many "standard" mime-types and you may never need to add a new one. If you want to add a custom mime-type, it is very easy to add one to the mime-types files.

The format for the mime-types file is simple:

File-type    file-extension1 file-extension2

Adding a new mime-type is as simple as adding a line to mime-types and restarting the server. For example to add a mime-type called "foo" that deals with files ending with ".bar" you would add the following line to mime-types:

application/foo   bar

You would also need to configure the client software to start an external viewer to view the .bar files. This is done differently on different browsers but most are either controlled by a GUI or a mime-types file.

Running Apache

Once Apache is installed and configured there is not much to do to keep it running. It must be started when the machine boots, the log files should be checked and any problems troubleshot and fixed.

This section will cover these topics and help to give you an overview of how to run a Web server.

Starting Apache

It is possible with most systems to have programs start automatically when the machine starts up. In UNIX there are three basic ways:

• Inittab
• RC Scripts
• Inetd

These ways may not all be available on your version of UNIX but at least one of them should be.

The first way we will discuss is starting the server via inittab. Inittab is a file init used to start programs at certain run levels. The most common levels are 1 or S for single user mode, 0 for halted, and 2 for multiuser mode. Init is the first program started and always has the process id of 1.

The inittab file normally consists of lines made up of:

id:rstate:action:process

id is a unique identifier. state is the run level that the process should run in. If a process is not defined for a run level, it is terminated. A process can be defined to be run in multiple run levels by adding another level. Multiple run levels are not separated.

The action field tells init how to run the process. Common action fields are:

• respawn. If the process dies it is restarted by init. If the process is running nothing happens. Once the process is started init continues its work.
• wait. When init starts this process it waits until the process completes before continuing on. The process is only run once.
• once. The process is started but not waited for. Once it finishes it is not restarted.

The process is the program and arguments that should be run.

To start Apache from inittab we need to add a line for run level 2. We can use the respawn or once action. A normal inittab line would look like:

as:2:once:/usr/local/etc/httpd

It is also possible to start Apache from RC scripts. These are commonly located in /etc/rc.local or in a separate directory under /etc, such as /etc/rc2.d.

These scripts are run at bootup. To start Apache using RC scripts like /etc/rc.local you would simply add a line at the end of the file such as:

/usr/local/etc/httpd

If your system has separate directories, you need to create a start script. The directories are named using the syntax rc#.d, where # is replaced with the run level. In the case of Apache the run level directory would be /etc/rc2.d. The script names usually begin with S and a number, followed by a name. One example would be S99Apache. The scripts are run by numerical order so you can place the script wherever you need to in the startup process.

To start Apache with a script you would create a file called /etc/rc.d/S99Apache. In it would be:

#!/bin/sh
/usr/local/etc/httpd

The last way to start Apache automatically is via inetd. Inetd is a process that listens on network ports, when it gets a connection it starts the correct server. Inetd looks at a configuration file called inetd.conf. This is usually in /etc or /etc/inet.

The lines in inetd.conf consist of comments or server lines. The server line has a number of fields that are separated by spaces or tabs. They may vary from UNIX to UNIX but they are usually:

• service-name. The service name as found in /etc/services.
• endpoint-type. This is either stream, dgram, raw, seqpacket or tli.
• protocol. This is usually either tcp or udp.
• wait-status. This is usually nowait. Occasionally if a program holds the socket for a specific period of time it will be wait.
• uid. This is the user id the server should run as.
• server-program. This is the program name.
• server-arguments. This is the program name followed by the arguments.

To get Apache to run from inetd we also need to look at the services file. This is usually in /etc or /etc/inet. It consists of lines of the form:

service-name  port/protocol   aliases

Service name is the name of the service. This is used by inetd and must be spelled the same in both the inetd.conf file and the services file. Port/protocol is the port number and the protocol, for example 80/tcp. Aliases are other names the service might be known as.

In the services file we need to add a line that looks like:

httpd    80/tcp    

In inetd.conf we need to add the following line:

httpd   stream  tcp  nowait  nobody /usr/local/etc/httpd/httpd httpd

Troubleshooting Apache

Occasionally, Apache will have problems running. These problems are often related to other processes and rebooting the machine eliminates them. Other times though rebooting either is not possible or simply doesn't work. This section will cover some common error messages and how to fix them.

• Browsers can't connect to the server. The first step in troubleshooting this is to make sure Apache is running. The ps command is used to look for a process called httpd. For example on SunOS you would use the command ps -auxw | grep httpd. System V based UNIXes might need to use ps -aef | grep httpd. If Apache is not running, you can restart it by hand. If Apache is supposed to start automatically, you should reread the section titled "Starting Apache".
• The server is running but a browser can't connect. It is possible that the network between the two machines is not working properly. Use another network command such as ping to check and make sure the server is reachable.
• I can ping but still can't connect. Check to make sure the URL is correct. It is possible that you are using the wrong port. An easy way to make sure Apache is working right is to use telnet on the Web server to connect to the port, and get a file. For example on SunOS you would use "telnet localhost 80", then after you connected type GET /. This should get your home page. If so, Apache is running OK. If not, then the server is having problems.
• Apache isn't running or dies on startup. Check the error logs, usually DocumentRoot/logs/error_log. This should give you a more specific error message or point you to a configuration problem. You might also want to check the system error log, this can be /var/log/syslog or /var/adm/messages or other files depending on which version of UNIX you are running. You might also want to verify that httpd -v works okay. If this doesn't work, you probably have a problem with the program and it will need to be recompiled.
• I get server unknown when I try to connect. This is usually caused by a DNS configuration problem. Check to make sure you can telnet or ping the host by name. If not you can get around this by using the server IP address instead of the hostname. This workaround should only be used until you can get the DNS fixed.

These are, of course, just the more common error messages. It is possible to have other messages that aren't listed. If so, you need to try to narrow down the problem.

Checking to see if the server is compiled okay is a good first step to narrowing down the problem. If httpd -v works, it is probably compiled okay. It is also very common for the network to have problems. Telnetting to the port from the localhost eliminates the network. If it appears to be compiled okay and eliminating the network doesn't fix the problem, then it is most likely a configuration problem.

File Pruning

Apache logs connections and error messages. These log files continue to grow until they are removed or truncated. Simply removing the file though isn't enough since Apache references the files by inode. When you move the file it may appear to be different in a listing, but it isn't really closed until the server restarts (and Apache will happily continue writing to the moved file). If you truncate the file, you will find that Apache will keep writing in the same spot it was in and simply fill the file with blanks up to the size of the original log file. There is an easy way to truncate log files though.

• Normally you want to move the logfiles that are in use. This allows you to analyze them later. To move the log files you can use the command "mv", for example "mv error_log error_log.0". If you don't care about the files, you can remove them after that.
• Next you need to tell Apache to look for a new log file. This is done by sending the HUP signal the httpd processes. You can use the following command to do this on SunOS kill -HUP 'cat /usr/local/etc/httpd/pid.file.
• Apache will automatically create new log files and start writing to them.

In addition to the log files, if you are using Apache as a caching proxy server, the disk space used for cache needs to be maintained.

This is normally done automatically by Apache as long as you set the CacheMaxSize and CacheGC directives correctly.

CacheMaxSize tells the server how much space it can use. If you set CacheMaxSize too high, you will use all of your diskspace for cache. If you set it too low, you will not have good cache performance. Experimentation is required to get an acceptable compromise of space and speed.

CacheGC tells the server how often to clean out the cache's old files. If CacheGC doesn't run often enough, you will have a stale cache. If it runs too often, you may have performance problems. It is important to experiment and find the best value for this parameter.