Difference between revisions of "Talk:Apache HTTP Server"

From ArchWiki
Jump to: navigation, search
(Updated 18 March 2010: Close log info.)
m (Remove closed discussions.)
(37 intermediate revisions by 9 users not shown)
Line 1: Line 1:
Be advised to set "allow_url_fopen" to "On" in /etc/php/php.ini in order to upgrade/update Wordpress properly from the admin panel. (does this info belong here?) --[[User:Rataxes|Rataxes]] 14:13, 23 July 2009 (EDT)
+
== /srv/http and other issues ==
  
----
+
It seems that the latest apache-package doesn't create the /srv/httpd directory anymore.
 +
Also I have an question about the chmod's:
 +
# chmod o+x /srv/http
 +
# chown http:http /srv/http
 +
 
 +
Or is this better (more secure?):
 +
# chown http:http /srv/http
 +
# cd /srv/http
 +
# chmod 755 /srv/http
 +
# find . -type f -exec chmod 644 {} \;
 +
# find . -type d -exec chmod 755 {} \;
 +
 
 +
Also keep getting PID-errors:
 +
systemd[1]: PID file /run/httpd/httpd.pid not readable (yet?) after start. (even when modules/mod_unique_id.so is disabled)
 +
 
 +
About the PHP Installation, mod_mpm_prefork seems not the best choice:
 +
https://serverfault.com/questions/383526/how-do-i-select-which-apache-mpm-to-use/383634#383634
 +
I would vote for mod_proxy_handler
 +
 
 +
[[User:Beta990|Beta990]] ([[User talk:Beta990|talk]]) 15:14, 16 March 2014 (UTC)
 +
 
 +
== unique_id_module ==
  
 
If the service httpd don't start, take a look at '''/var/log/httpd/error_log'''. If appears this line:
 
If the service httpd don't start, take a look at '''/var/log/httpd/error_log'''. If appears this line:
Line 7: Line 28:
 
you must uncomment the line: '''LoadModule unique_id_module'''.
 
you must uncomment the line: '''LoadModule unique_id_module'''.
 
Restart httpd and now it should work. --[[User:Nak|Nak]] 17:22, 22 April 2007 (GMT+1)
 
Restart httpd and now it should work. --[[User:Nak|Nak]] 17:22, 22 April 2007 (GMT+1)
 
----
 
 
hmm.. doesnt mysql come in /usr/lib/mysql niot /var/lib/mysql as directed??
 
- ScriptDevil
 
  
 
== Split this article ==
 
== Split this article ==
Line 22: Line 38:
  
 
[[User:Harlekin|harlekin]] 21:13, 13. Mai 2007 (GMT+1)
 
[[User:Harlekin|harlekin]] 21:13, 13. Mai 2007 (GMT+1)
 
== Restarting apache ==
 
 
AFAIK, the only way that we should encourage users to restart apache is with '# apachectl restart' - this is far cleaner than to abruptly shut down the server
 
 
--[[User:Zenlord|Zenlord]] 05:16, 14 September 2010 (EDT)
 
 
According to the <tt>/etc/rc.d/httpd</tt> file :
 
{{bc|
 
  restart)
 
    stat_busy "Restarting Apache Web Server"
 
    if $APACHECTL restart >/dev/null ; then
 
      add_daemon $daemon_name
 
      stat_done
 
    else
 
      stat_fail
 
      exit 1
 
    fi
 
    ;;
 
}}
 
Doing <tt>/etc/rc.d/httpd restart</tt> is equivalent to <tt>apachectl restart</tt>
 
 
--[[User:Nikus|Nikus]] 20:27, 28 September 2012 (EDT)
 
 
== <s> HOSTNAME in rc.conf </s> ==
 
 
It is not necessary to modyfiy HOSTNAME in rc.conf. I have different names in hosts and rc.conf and it works perfectly :). I've never had to modyfiy them in order to make it work. [[User:Zyx|Zyx]] 01:52, 23 May 2007 (EDT)
 
: You no longer need to edit /etc/hosts. The nss-myhostname package will provide host name resolution, and is installed on all systems by default. See [https://mailman.archlinux.org/pipermail/arch-dev-public/2012-February/022590.html here]. -- [[User:Fengchao|Fengchao]] ([[User talk:Fengchao|talk]]) 11:53, 17 December 2012 (UTC)
 
 
== <s> Testing mysql daemon </s> ==
 
 
Hi,
 
 
"Test by visiting http://localhost/phpMyAdmin in a web browser"
 
Phpmyadmin is not a dependency of mysql and installing it is not specified anywhere in the article ... This advice for testing mysql is irrelevant.
 
: Already removed. -- [[User:Fengchao|Fengchao]] ([[User talk:Fengchao|talk]]) 13:04, 17 December 2012 (UTC)
 
 
== Do we need the "http"-user section. ==
 
 
Afaik, the http user is automatically added when you install apache. Do we need to tell the user to add a "http"-user then?
 
 
Birger :)
 
 
== <s> Updated 18 March 2010 </s> ==
 
 
I just did a fresh install of Apache and PHP5 and I have updated this article to reflect the defaults in the current Arch packages.  In particular I have clarified the section regarding PHP not being associated with .php extensions. [[User:Dibblethewrecker|dtw]]
 
 
== PHP ==
 
=== Testing PHP ===
 
php-5.3.2-6: There is no test.php in /srv/http, nor indeed is it listed when I run '# pacman -Ql php'.  The only file I found with 'test' in the name is /usr/lib/php/build/run-tests.php.  As /srv/http is actually empty after php is installed, I wonder if I'm missing something from th package.--[[User:Ial|Ial]] 02:09, 10 June 2010 (EDT)
 
 
== PHP ==
 
 
The section for including PHP directives in httpd.conf is ALL wrong(IMHO), this is not correct(though it DOES work):
 
'AddHander php5-script php' in: httpd.conf @ before '<IfModule ssl_module>'(is WRONG).
 
the way you are including php5 is messy & completely unnecesary.
 
 
The much easier(and proper way) is to only do these two things:
 
 
01. edit /etc/httpd/mime.types & add:
 
'application/x-httpd-php php'
 
 
02. edit /etc/httpd/httpd.conf & add this to the 'includes conf/extra/*.conf' list:
 
Include conf/extra/php5_module.conf
 
 
03. (optionally) uncomment this line in /etc/httpd/httpd.conf:
 
MIMEMagicFile conf/magic
 
(this will allow mime.type hints to help out on any later needed mime.types not specifically defined by hand in: /etc/httpd/httpd.conf or: /etc/httpd/mime.types)
 
 
It is ONLY neccesary to add the mime type for php in: mime.types, and include the line: Include conf/extra/php5_module.conf in: httpd.conf
 
 
This is much cleaner(and PROPER), and much easier to understand for your readers, please consider(and possibly correct) this.
 
 
Thank You,
 
-Sully.
 
 
== PHP: @ test.php ==
 
 
I will also confirm that there is no 'test.php' in: /srv/http/ it is NOT included in either the x86_64 or i686 iso's, I have confirmed both, dual_core image is unconfirmed.
 
 
For the sanity/sake of your wiki article, you might want to consider removing the section about /srv/http/test.php, and just say:
 
 
"create the file /srv/http/test.php and in it put: <?php phpinfo(); ?>, then navigate to http://localhost/test.php in your browser to confirm that php5 is functioning!
 
 
Thanks,
 
-Sully.
 
 
== SSL Redundant Steps ==
 
 
In the steps to creat a self-signed certificate, the process seems to contain unnecessary steps.  Here are the relevant parts of the steps:
 
# The "-des3" option encrypts the key with a passphrase.
 
# The encrypted key is copied to server.key.org.
 
# The passphrase is removed.
 
# The rest of the process goes on to only use the decrypted version of the key, including the setting in httpd-ssl.conf
 
Shouldn't the "-des3" option, the "cp" line, and the line to decrypt be removed?
 
 
Also, 2048 seems to be the minimum standard key length these days.  Should that also be changed?
 
 
It might also be a good idea to mention that any unencrypted version of the key needs to be protected from viewing by other users (setting its permissions correctly).
 
 
--[[User:Mister Magotchi|Mister Magotchi]] 05:07, 17 March 2012 (EDT)
 
  
 
== Using SSL ==
 
== Using SSL ==
Line 128: Line 43:
 
Could the SSL section be expanded to include how to use .htaccess and mod_rewrite to redirect traffic for certain sections or the whole site? I found [http://blackflag.wordpress.com/2006/06/13/apache2-forcing-all-inbound-traffic-to-ssl/ apache2-forcing-all-inbound-traffic-to-ssl] to be a useful resource in this respect. [[User:Corburn|Corburn]] 13:58, 23 March 2012 (EDT)
 
Could the SSL section be expanded to include how to use .htaccess and mod_rewrite to redirect traffic for certain sections or the whole site? I found [http://blackflag.wordpress.com/2006/06/13/apache2-forcing-all-inbound-traffic-to-ssl/ apache2-forcing-all-inbound-traffic-to-ssl] to be a useful resource in this respect. [[User:Corburn|Corburn]] 13:58, 23 March 2012 (EDT)
  
== PHP: do not use mime type application/x-httpd-php ==
+
== <s>Wrong argument order?</s> ==
 +
<div style="border-style: dotted;">
 +
# usermod -aG http piter
 +
</div>
 +
Seems like usermod accepts group as first argument and user as second, unlike gpasswd. Please check. [[User:Axper|axper]] ([[User talk:Axper|talk]]) 12:06, 30 August 2013 (UTC)
  
I would recommend deleting this advice from the article:
+
:I've removed the entire section as it doesn't add anything compared to the other method. --[[User:Lonaowna|Lonaowna]] ([[User talk:Lonaowna|talk]]) 09:33, 10 March 2014 (UTC)
  
"Add this line in /etc/httpd/conf/mime.types:
+
== userdir disable ==
  
  application/x-httpd-php php php5"
+
I think that section need add:
 +
  #LoadModule userdir_module modules/mod_userdir.so
 +
to fully disable userdir.
  
Isn't the whole point of PHP to run it on the server side and turn it into text/html?  Setting the MIME type as suggested here causes Firefox, for example, to offer to download the file or open it (in Notepad!!), instead of just presenting the HTML page.
+
[[User:Jabalv|Jabalv]] ([[User talk:Jabalv|talk]]) 18:48, 25 December 2013 (UTC)
  
--[[User:Gdweber|gdweber]] 2012 June 30
+
== apache 2.4 upgrade==
  
== Convert to systemd ==
+
PHP breaks with apache2.4 install due to the PHP not being "threadsafe" by default, and MPM in apache being turned on by default, and is now core apache. PHP_ZTS[https://aur.archlinux.org/packages/php_zts/] in AUR fixes this. this is simply php recompiled.
  
Since Arch has officially switched to systemd, this article should probably be updated. I don't know enough about it to update the article without the danger of making it inaccurate though
+
:You can also get PHP to work by using the {{ic|mod_mpm_prefork}} as described in the first note in the PHP configuration section. You are right that you can also create an thread-safe PHP, but this is not recommended by PHP devs.[http://www.php.net/manual/en/install.unix.apache2.php] I think way currently described is the "right" way, but I'm not sure about that. --[[User:Lonaowna|Lonaowna]] ([[User talk:Lonaowna|talk]]) 09:25, 10 March 2014 (UTC)
  
I guess it's mostly a case of replacing
+
== SSL Produces Syntax Errors When Following Guide ==
  
rc.d start httpd
+
Hi everybody,
 +
Apache 2.4 sure did a number on a few of my dev servers, but oh well, it's Arch :)
  
with
+
Anyways, I decided to go back to this guide to see if I could simply remove all related packages to the LAMP server, double check that all old conf files are removed, then I started following this guide again to see if I can get my database server running again. (just in-house tracking of some misc. data, nothing too serious...)
  
systemctl start httpd.service
+
So far, I can make it to the SSL configuration portion of Apache just fine, but once I've generated the keys, uncomment the line "Include conf/extra/httpd-ssl.conf", and restart httpd, I get the following errors regarding syntax issues with SSLChiper every time:
  
and replacing any references to DAEMONS/rc.conf with
+
AH00526: Syntax error on line 51 of /etc/httpd/conf/extra/httpd-ssl.conf:
 +
Invalid command 'SSLCipherSuite', perhaps misspelled or defined by a module not included in the server configuration
  
systemctl enable httpd.service
+
I'm not sure if there's another "legacy" portion from the Apache 2.2 that I've since removed, or if there's something that needs fixed on the guide itself. Any advice would be appreciated! :)
  
but additional steps may be required
+
Thanks,
 +
[[User:Snellsg|Snellsg]] ([[User talk:Snellsg|talk]]) 18:58, 15 March 2014 (UTC)
  
[[User:Mshenrick|Mshenrick]] ([[User talk:Mshenrick|talk]]) 16:48, 21 October 2012 (UTC)
+
:Hi! You need to install {{pkg|openssl}} and uncomment the following line in {{ic|httpd.conf}}:
 +
:{{bc|#LoadModule ssl_module modules/mod_ssl.so}}
 +
:This line was uncommented by default in the old config file. I think this was changed with 2.4.
 +
:I will add this to the page. --[[User:Lonaowna|Lonaowna]] ([[User talk:Lonaowna|talk]]) 19:56, 15 March 2014 (UTC)

Revision as of 08:40, 22 March 2014

/srv/http and other issues

It seems that the latest apache-package doesn't create the /srv/httpd directory anymore. Also I have an question about the chmod's:

  1. chmod o+x /srv/http
  2. chown http:http /srv/http

Or is this better (more secure?):

  1. chown http:http /srv/http
  2. cd /srv/http
  3. chmod 755 /srv/http
  4. find . -type f -exec chmod 644 {} \;
  5. find . -type d -exec chmod 755 {} \;

Also keep getting PID-errors: systemd[1]: PID file /run/httpd/httpd.pid not readable (yet?) after start. (even when modules/mod_unique_id.so is disabled)

About the PHP Installation, mod_mpm_prefork seems not the best choice: https://serverfault.com/questions/383526/how-do-i-select-which-apache-mpm-to-use/383634#383634 I would vote for mod_proxy_handler

Beta990 (talk) 15:14, 16 March 2014 (UTC)

unique_id_module

If the service httpd don't start, take a look at /var/log/httpd/error_log. If appears this line: -[alert] (EAI 2)Name or service not known: mod_unique_id: unable to find IPv4 address of "myhost" you must uncomment the line: LoadModule unique_id_module. Restart httpd and now it should work. --Nak 17:22, 22 April 2007 (GMT+1)

Split this article

I hope this is what the page is for.

In my opinion setting up LAMP should not contain detailed information about how to set up parts of LAMP. It would be cleaner to only explain how to bring these parts to work together. Especially because of the explanation's integrity. Further more because then users will be able to find a standalone HOWTO for setting up these parts. For example you don't have to read through this page order to get MySQL working. Because of the mentioned integrity I think it would be best to create independent HOWTOs on how to setup MySQL, php and maybe even apache and refer to them from this page.

I've started with MySQL because I know how to setup it and because some parts in this HOWTO are not needed any more and because of that are just confusing.

harlekin 21:13, 13. Mai 2007 (GMT+1)

Using SSL

Could the SSL section be expanded to include how to use .htaccess and mod_rewrite to redirect traffic for certain sections or the whole site? I found apache2-forcing-all-inbound-traffic-to-ssl to be a useful resource in this respect. Corburn 13:58, 23 March 2012 (EDT)

Wrong argument order?

# usermod -aG http piter

Seems like usermod accepts group as first argument and user as second, unlike gpasswd. Please check. axper (talk) 12:06, 30 August 2013 (UTC)

I've removed the entire section as it doesn't add anything compared to the other method. --Lonaowna (talk) 09:33, 10 March 2014 (UTC)

userdir disable

I think that section need add:

#LoadModule userdir_module modules/mod_userdir.so

to fully disable userdir.

Jabalv (talk) 18:48, 25 December 2013 (UTC)

apache 2.4 upgrade

PHP breaks with apache2.4 install due to the PHP not being "threadsafe" by default, and MPM in apache being turned on by default, and is now core apache. PHP_ZTS[1] in AUR fixes this. this is simply php recompiled.

You can also get PHP to work by using the mod_mpm_prefork as described in the first note in the PHP configuration section. You are right that you can also create an thread-safe PHP, but this is not recommended by PHP devs.[2] I think way currently described is the "right" way, but I'm not sure about that. --Lonaowna (talk) 09:25, 10 March 2014 (UTC)

SSL Produces Syntax Errors When Following Guide

Hi everybody, Apache 2.4 sure did a number on a few of my dev servers, but oh well, it's Arch :)

Anyways, I decided to go back to this guide to see if I could simply remove all related packages to the LAMP server, double check that all old conf files are removed, then I started following this guide again to see if I can get my database server running again. (just in-house tracking of some misc. data, nothing too serious...)

So far, I can make it to the SSL configuration portion of Apache just fine, but once I've generated the keys, uncomment the line "Include conf/extra/httpd-ssl.conf", and restart httpd, I get the following errors regarding syntax issues with SSLChiper every time:

AH00526: Syntax error on line 51 of /etc/httpd/conf/extra/httpd-ssl.conf: Invalid command 'SSLCipherSuite', perhaps misspelled or defined by a module not included in the server configuration

I'm not sure if there's another "legacy" portion from the Apache 2.2 that I've since removed, or if there's something that needs fixed on the guide itself. Any advice would be appreciated! :)

Thanks, Snellsg (talk) 18:58, 15 March 2014 (UTC)

Hi! You need to install openssl and uncomment the following line in httpd.conf:
#LoadModule ssl_module modules/mod_ssl.so
This line was uncommented by default in the old config file. I think this was changed with 2.4.
I will add this to the page. --Lonaowna (talk) 19:56, 15 March 2014 (UTC)