Apache Web Server: Difference between revisions

From Elvanör's Technical Wiki
Jump to navigation Jump to search
No edit summary
No edit summary
Line 43: Line 43:


in httpd.conf, before you load the vhosts file.
in httpd.conf, before you load the vhosts file.
* To create a self-signed certificate (mandatory to use -D SSL_DEFAULT_VHOST, which in turn seems required to get the server listening on the SSL 443 port, at least without complex additional configuration), you can issue the following commands in /etc/ssl/apache2:
openssl genrsa -out server.key 2048
openssl req -key server.key -new -out server.csr
openssl x509 -signkey server.key -in server.csr -req -out server.crt
It's possible that the ebuild generates this certificate automatically if not present during installation (but I did not confirm this).

Revision as of 13:33, 8 January 2024

Apache on Gentoo

  • Add the ServerName directive to the main configuration file (httpd.conf)
  • To create a virtual host, just create a new file in /etc/apache2/vhosts.d/ with the name starting with 2 digits. For example:
01_images.shoopz.com.conf
  • On this file, you just need to define your virtual host, nothing else is required.
  • You don't need to duplicate the default_vhost.include which is in fact included from httpd.conf.

Modules

mod_rewrite

  • The RewriteEngine On directive must be used (in a VirtualHost section for instance) in order to activate the rewrite rules.
  • For debugging, use RewriteLog and RewriteLogLevel directives. They make it very easy to understand what's happening.
  • A RewriteRule with the [P] flag will work in proxy mode (actually using mod_proxy) and allows you to create advanced setups. For instance:
RewriteCond %{HTTP_HOST} (.*)\.shoopz\.com
RewriteRule /(.*) http://%1.shoopz.com:8080/shop-engine/$1 [P]

This would not be possible using mod_proxy alone.

mod_proxy

  • On Gentoo mod_proxy is not compiled by default. You need to specify it as an Apache module in /etc/make.conf. It also needs to be activated via -D PROXY in /etc/conf.d/apache2.
  • Contrary to lighttpd, you must specify the full hostname of the target (remote) server. Using 127.0.0.1 will not work (I think lighttpd actually transfers the request with the hostname too, but for Apache you need to specify it). So you get something like:
ProxyPass / http://www.shoopz.com:8080/shop-engine/
  • With ProxyPass and ProxyPassMatch, you cannot use a part of the original hostname in the target URL. So you cannot redirect from *.example.com to *.example.com since you have to provide an actual hostname. If you need such a relatively advanced setup, you should use mod_rewrite with the [P] flag. This allows you to do anything you may need.

PHP Support

  • The APC module provided by Gentoo (pecl-apc) directly installs the necessary configuration options to use APC right away.
  • Note however that pecl-apc-3.0.19 is incompatible with mediawiki-1.11.2. APC must be disabled until a newer version works better with Mediawiki.

SSL

  • Apache supports SNI (multiple certificates on one IP). You need to add
NameVirtualHost *:443

in httpd.conf, before you load the vhosts file.

  • To create a self-signed certificate (mandatory to use -D SSL_DEFAULT_VHOST, which in turn seems required to get the server listening on the SSL 443 port, at least without complex additional configuration), you can issue the following commands in /etc/ssl/apache2:
openssl genrsa -out server.key 2048
openssl req -key server.key -new -out server.csr
openssl x509 -signkey server.key -in server.csr -req -out server.crt

It's possible that the ebuild generates this certificate automatically if not present during installation (but I did not confirm this).