Apache Web Server: Difference between revisions

From Elvanör's Technical Wiki
Jump to navigation Jump to search
 
(5 intermediate revisions by the same user not shown)
Line 1: Line 1:
== Apache on Gentoo ==
= Apache on Gentoo =


* Add the ServerName directive to the main configuration file (httpd.conf)
* Add the ServerName directive to the main configuration file (httpd.conf)
Line 9: Line 9:
* You don't need to duplicate the default_vhost.include which is in fact included from httpd.conf.
* You don't need to duplicate the default_vhost.include which is in fact included from httpd.conf.


== webapp-config ==
= Modules =


* webapp-config is a Gentoo only tool to allow a single web applications to be correctly installed into multiple virtual hosts. This is nice as it allows the code to remain on a standard, Portage managed place while you can easily deploy your web applications into production.
== mod_rewrite ==


* Currently the way it works is by creating a directory corresponding to the application inside the specified virtual host. By default it will be installed in /var/www/<virtual_host_name>/htdocs; you can configure that by editing /etc/vhosts/webapp-config. I use the following convention:
* The RewriteEngine On directive must be used (in a VirtualHost section for instance) in order to activate the rewrite rules.
* For debugging, use RewriteLog and RewriteLogLevel directives. They make it very easy to understand what's happening.
* A RewriteRule with the [P] flag will work in proxy mode (actually using mod_proxy) and allows you to create advanced setups. For instance:


  vhost_root="/srv/${vhost_subdomain_2}.${vhost_subdomain_1}/"
  RewriteCond %{HTTP_HOST} (.*)\.shoopz\.com
  vhost_htdocs_insecure="./"
  RewriteRule /(.*) http://%1.shoopz.com:8080/shop-engine/$1 [P]


* In /etc/vhosts/webapp-config, you need to have a vhost_hostname variable that can conform to a fully qualified domain, eg localhost won't work. Put something like "elvanor.net" there.
This would not be possible using mod_proxy alone.


* The only problem is that webapp-config always creates icons, error, and cgi-bin directories in the virtual host directory if they are not there. I would prefer that not to happen.
== mod_proxy ==


* When you need to update a web application, use the -U switch, eg:
* On Gentoo mod_proxy is not compiled by default. You need to specify it as an Apache module in /etc/make.conf. It also needs to be activated via -D PROXY in /etc/conf.d/apache2.
* Contrary to lighttpd, you must specify the full hostname of the target (remote) server. Using 127.0.0.1 will not work (I think lighttpd actually transfers the request with the hostname too, but for Apache you need to specify it). So you get something like:


  webapp-config -U -h elvanor.net -d phpmyadmin phpmyadmin 2.11.5
  ProxyPass / http://www.shoopz.com:8080/shop-engine/
 
* With ProxyPass and ProxyPassMatch, you cannot use a part of the original hostname in the target URL. So you cannot redirect from *.example.com to *.example.com since you have to provide an actual hostname. If you need such a relatively advanced setup, you should use mod_rewrite with the [P] flag. This allows you to do anything you may need.
 
= PHP Support =
 
* To change the PHP version used by the Apache module, you can use eselect php (eselect php list apache2).
* The APC module provided by Gentoo (pecl-apc) directly installs the necessary configuration options to use APC right away.
* Note however that pecl-apc-3.0.19 is incompatible with mediawiki-1.11.2. APC must be disabled until a newer version works better with Mediawiki.
 
= SSL =
 
* Apache supports SNI (multiple certificates on one IP). You need to add
 
NameVirtualHost *:443
 
in httpd.conf, before you load the vhosts file.
 
* To create a self-signed certificate (mandatory to use -D SSL_DEFAULT_VHOST, which in turn seems required to get the server listening on the SSL 443 port, at least without complex additional configuration), you can issue the following commands in /etc/ssl/apache2:
 
openssl genrsa -out server.key 2048
openssl req -key server.key -new -out server.csr
openssl x509 -signkey server.key -in server.csr -req -out server.crt
It's possible that the ebuild generates this certificate automatically if not present during installation (but I did not confirm this).

Latest revision as of 13:37, 8 January 2024

Apache on Gentoo

  • Add the ServerName directive to the main configuration file (httpd.conf)
  • To create a virtual host, just create a new file in /etc/apache2/vhosts.d/ with the name starting with 2 digits. For example:
01_images.shoopz.com.conf
  • On this file, you just need to define your virtual host, nothing else is required.
  • You don't need to duplicate the default_vhost.include which is in fact included from httpd.conf.

Modules

mod_rewrite

  • The RewriteEngine On directive must be used (in a VirtualHost section for instance) in order to activate the rewrite rules.
  • For debugging, use RewriteLog and RewriteLogLevel directives. They make it very easy to understand what's happening.
  • A RewriteRule with the [P] flag will work in proxy mode (actually using mod_proxy) and allows you to create advanced setups. For instance:
RewriteCond %{HTTP_HOST} (.*)\.shoopz\.com
RewriteRule /(.*) http://%1.shoopz.com:8080/shop-engine/$1 [P]

This would not be possible using mod_proxy alone.

mod_proxy

  • On Gentoo mod_proxy is not compiled by default. You need to specify it as an Apache module in /etc/make.conf. It also needs to be activated via -D PROXY in /etc/conf.d/apache2.
  • Contrary to lighttpd, you must specify the full hostname of the target (remote) server. Using 127.0.0.1 will not work (I think lighttpd actually transfers the request with the hostname too, but for Apache you need to specify it). So you get something like:
ProxyPass / http://www.shoopz.com:8080/shop-engine/
  • With ProxyPass and ProxyPassMatch, you cannot use a part of the original hostname in the target URL. So you cannot redirect from *.example.com to *.example.com since you have to provide an actual hostname. If you need such a relatively advanced setup, you should use mod_rewrite with the [P] flag. This allows you to do anything you may need.

PHP Support

  • To change the PHP version used by the Apache module, you can use eselect php (eselect php list apache2).
  • The APC module provided by Gentoo (pecl-apc) directly installs the necessary configuration options to use APC right away.
  • Note however that pecl-apc-3.0.19 is incompatible with mediawiki-1.11.2. APC must be disabled until a newer version works better with Mediawiki.

SSL

  • Apache supports SNI (multiple certificates on one IP). You need to add
NameVirtualHost *:443

in httpd.conf, before you load the vhosts file.

  • To create a self-signed certificate (mandatory to use -D SSL_DEFAULT_VHOST, which in turn seems required to get the server listening on the SSL 443 port, at least without complex additional configuration), you can issue the following commands in /etc/ssl/apache2:
openssl genrsa -out server.key 2048
openssl req -key server.key -new -out server.csr
openssl x509 -signkey server.key -in server.csr -req -out server.crt

It's possible that the ebuild generates this certificate automatically if not present during installation (but I did not confirm this).