UNIX System Administration Handbook - Evi Nemeth [409]
% ./configure --prefix=/usr/local/apache/
Some of Apache’s features can be included in or removed from the server by invoking the -enable-module= and -disable-module= options to configure. Although the default set of modules is reasonable, you may also want to enable the modules shown in Table 22.2.
Table 22.2 Useful Apache modules that are not enabled by default
a. We recommend that you use one of these modules, but there’s no need to enable both.
Likewise, you may want to disable the modules listed in Table 22.3. For security and performance, it’s a good idea to disable modules that you know you will not be using.
Table 22.3 Apache modules we suggest removing
For a complete list of standard modules, see the src/Configuration file in your Apache distribution or http://www.apache.org/docs/mod/index.html.
When configure has finished executing, run make and then run make install to actually compile and install the appropriate files.
On FreeBSD systems, Apache is one of the additional software packages that can be installed from /usr/ports (see page 808 for more information about the /usr/ports mechanism). To install Apache, cd to /usr/ports/www/apache13 and type make.
Configuring Apache
Now that you’ve installed the server, you’ll need to configure it for your application. All configuration files are kept in the conf directory (e.g., /usr/local/apache/conf). You will need to examine and customize three different configuration files to meet your site’s needs: httpd.conf, srm.conf, and access.conf.
httpd.conf specifies how the Apache daemon (httpd) interacts with your system. In this file, you can set the TCP port on which the HTTP server listens for queries (usually port 80, though you can choose another—and yes, you can run multiple HTTP servers on different ports on a single machine), the location of log files, and various network and performance parameters. httpd.conf is also the file in which you can configure httpd to respond to virtual interface connections; see page 694 for details.
Resources that the server needs to access are controlled in the srm.conf file. This file includes the all-important DocumentRoot definition, which defines the root of the directory tree in which servable documents are located. The file also addresses issues such as the handling of “special” URLs like http://www.xor.com/~steve.
You manage security concerns through the access.conf file. This file contains directives that control access on a per-file or per-directory basis. These permissions prevent access to sensitive files via httpd, whether from the outside world or from inside your site.
You should specify at least two access controls: one that covers the entire document directory and one that applies only to the cgi-bin directory. Only the designated cgi-bin directory should allow script execution. That way, individual users cannot create security holes—accidental or otherwise—with their own scripts. Use the option ExecCGI in srm.conf to enable this restriction.
Running Apache
You can start httpd by hand or from your machine’s rc scripts. The latter is preferable, since this configuration will ensure that the web server restarts whenever the machine reboots. To start the server by hand, you would type something like
% /usr/local/apache/apachectl start
If you want httpd to start automatically at boot time, insert the following command in the localrc() function of your rc files, or insert it in /etc/rc.local if you use a separate local script:
if [ -x /usr/local/apache/httpd ]; then
/usr/local/apache/apachectl start
echo -n ' www_server'
fi
22.4 VIRTUAL INTERFACES
In the early days, a UNIX machine typically acted as the server for a single web site (e.g., www.acme.com). As the web’s popularity grew,