Apache Web Server: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
m (→PHP Support) |
||
| (7 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
= Apache on Gentoo = | |||
* Add the ServerName directive to the main configuration file (httpd.conf) | * Add the ServerName directive to the main configuration file (httpd.conf) | ||
| Line 8: | Line 8: | ||
* On this file, you just need to define your virtual host, nothing else is required. | * On this file, you just need to define your virtual host, nothing else is required. | ||
* You don't need to duplicate the default_vhost.include which is in fact included from httpd.conf. | * You don't need to duplicate the default_vhost.include which is in fact included from httpd.conf. | ||
= Modules = | |||
== mod_rewrite == | |||
* The RewriteEngine On directive must be used (in a VirtualHost section for instance) in order to activate the rewrite rules. | |||
* For debugging, use RewriteLog and RewriteLogLevel directives. They make it very easy to understand what's happening. | |||
* A RewriteRule with the [P] flag will work in proxy mode (actually using mod_proxy) and allows you to create advanced setups. For instance: | |||
RewriteCond %{HTTP_HOST} (.*)\.shoopz\.com | |||
RewriteRule /(.*) http://%1.shoopz.com:8080/shop-engine/$1 [P] | |||
This would not be possible using mod_proxy alone. | |||
== mod_proxy == | |||
* On Gentoo mod_proxy is not compiled by default. You need to specify it as an Apache module in /etc/make.conf. It also needs to be activated via -D PROXY in /etc/conf.d/apache2. | |||
* Contrary to lighttpd, you must specify the full hostname of the target (remote) server. Using 127.0.0.1 will not work (I think lighttpd actually transfers the request with the hostname too, but for Apache you need to specify it). So you get something like: | |||
ProxyPass / http://www.shoopz.com:8080/shop-engine/ | |||
* With ProxyPass and ProxyPassMatch, you cannot use a part of the original hostname in the target URL. So you cannot redirect from *.example.com to *.example.com since you have to provide an actual hostname. If you need such a relatively advanced setup, you should use mod_rewrite with the [P] flag. This allows you to do anything you may need. | |||
= PHP Support = | |||
* To change the PHP version used by the Apache module, you can use eselect php (eselect php list apache2). | |||
* The APC module provided by Gentoo (pecl-apc) directly installs the necessary configuration options to use APC right away. | |||
* Note however that pecl-apc-3.0.19 is incompatible with mediawiki-1.11.2. APC must be disabled until a newer version works better with Mediawiki. | |||
= SSL = | |||
* Apache supports SNI (multiple certificates on one IP). You need to add | |||
NameVirtualHost *:443 | |||
in httpd.conf, before you load the vhosts file. | |||
* To create a self-signed certificate (mandatory to use -D SSL_DEFAULT_VHOST, which in turn seems required to get the server listening on the SSL 443 port, at least without complex additional configuration), you can issue the following commands in /etc/ssl/apache2: | |||
openssl genrsa -out server.key 2048 | |||
openssl req -key server.key -new -out server.csr | |||
openssl x509 -signkey server.key -in server.csr -req -out server.crt | |||
It's possible that the ebuild generates this certificate automatically if not present during installation (but I did not confirm this). | |||
Latest revision as of 13:37, 8 January 2024
Apache on Gentoo
- Add the ServerName directive to the main configuration file (httpd.conf)
- To create a virtual host, just create a new file in /etc/apache2/vhosts.d/ with the name starting with 2 digits. For example:
01_images.shoopz.com.conf
- On this file, you just need to define your virtual host, nothing else is required.
- You don't need to duplicate the default_vhost.include which is in fact included from httpd.conf.
Modules
mod_rewrite
- The RewriteEngine On directive must be used (in a VirtualHost section for instance) in order to activate the rewrite rules.
- For debugging, use RewriteLog and RewriteLogLevel directives. They make it very easy to understand what's happening.
- A RewriteRule with the [P] flag will work in proxy mode (actually using mod_proxy) and allows you to create advanced setups. For instance:
RewriteCond %{HTTP_HOST} (.*)\.shoopz\.com
RewriteRule /(.*) http://%1.shoopz.com:8080/shop-engine/$1 [P]
This would not be possible using mod_proxy alone.
mod_proxy
- On Gentoo mod_proxy is not compiled by default. You need to specify it as an Apache module in /etc/make.conf. It also needs to be activated via -D PROXY in /etc/conf.d/apache2.
- Contrary to lighttpd, you must specify the full hostname of the target (remote) server. Using 127.0.0.1 will not work (I think lighttpd actually transfers the request with the hostname too, but for Apache you need to specify it). So you get something like:
ProxyPass / http://www.shoopz.com:8080/shop-engine/
- With ProxyPass and ProxyPassMatch, you cannot use a part of the original hostname in the target URL. So you cannot redirect from *.example.com to *.example.com since you have to provide an actual hostname. If you need such a relatively advanced setup, you should use mod_rewrite with the [P] flag. This allows you to do anything you may need.
PHP Support
- To change the PHP version used by the Apache module, you can use eselect php (eselect php list apache2).
- The APC module provided by Gentoo (pecl-apc) directly installs the necessary configuration options to use APC right away.
- Note however that pecl-apc-3.0.19 is incompatible with mediawiki-1.11.2. APC must be disabled until a newer version works better with Mediawiki.
SSL
- Apache supports SNI (multiple certificates on one IP). You need to add
NameVirtualHost *:443
in httpd.conf, before you load the vhosts file.
- To create a self-signed certificate (mandatory to use -D SSL_DEFAULT_VHOST, which in turn seems required to get the server listening on the SSL 443 port, at least without complex additional configuration), you can issue the following commands in /etc/ssl/apache2:
openssl genrsa -out server.key 2048 openssl req -key server.key -new -out server.csr openssl x509 -signkey server.key -in server.csr -req -out server.crt
It's possible that the ebuild generates this certificate automatically if not present during installation (but I did not confirm this).