Upgrading from Woody to Sarge: Part 4 - Apache2
Posted by Steve on Wed 2 Mar 2005 at 12:44
One of the other major software upgrades available to you after upgrading to Sarge is Apache2. This is the reworked version of the world's most popular webserver.
Much like the reworking of exim4 which we covered briefly already there are several different packages you can choose when it comes to installing apache2.
The different packages refer to the different ways that the apache server can now be setup to run, the so-called "mutli-processing-modules". As these must be chosen at compile time there are different packages available for the different choices.
By default when you install the apache2 package you will be given the package apache2-mpm-worker, other packages are available:
The worker MPM provides a threaded implementation for Apache2. It is considerably faster than the traditional model, and is the recommended MPM.
This Multi-Processing Module (MPM) implements a non-threaded, pre-forking web server that handles requests in a manner similar to Apache 1.3. It is appropriate for sites that need to avoid threading for compatibility with non-thread-safe libraries.
Perchild is the grown up, mac daddy version of suexec for apache2. Rather than execute a cgi script as a given user, perchild forks a process for each vhost, then su's to the correct user/group for that vhost.
THIS MPM IS NOT CURRENTLY EXPECTED TO WORK CORRECTLY.
In the general case you can be happy to stick to the default of apache2-mpm-worker which you'll receive if you install it with just:
apt-get install apache2
If you install the Apache2 package whilst you have the original Apache package installed and running your new installation of Apache2 will be disabled, and not started. This is to avoid breaking any site(s) you already have.
A good way of setting up your new Apache2 is to enable it and start it running on a non-standard port, such as 81. This way you can configure the server and get it working correctly before removing the older apache package.
To enable Apache2 you must edit the file /etc/default/apache2 this file looks like this:
# 0 = start on boot; 1 = don't start on boot NO_START=1
(So simply change the 1 to 0 and the server will attempt to start at boot time).
Once you've done this you either need to stop your original Apache server and start the new one, or modify the new server to run on a different port. This is as simple as changing the configuration file /etc/apache2/ports.conf:
change this port number to anything you like, then start the new server with:
Once you have the server running you'll be ready to start making changes, to mirror your older Apache setup for example. The way that the server is configured is now significantly changed.
All the configuration files are located inside /etc/apache2, instead of the previous location /etc/apache. Logfiles will by default end up inside /var/log/apache2.
If you look at the directory structure you will see the following directories:
root@mystery:/etc/apache2# ls -l total 42 -rw-r--r-- 1 root root 12482 2004-11-10 12:00 apache2.conf drwxr-xr-x 2 root root 1024 2004-11-10 12:00 conf.d -rw-r--r-- 1 root root 748 2005-02-25 08:27 envvars -rw-r--r-- 1 root root 268 2005-01-20 11:36 httpd.conf -rw-r--r-- 1 root root 12441 2004-11-10 12:00 magic drwxr-xr-x 2 root root 3072 2005-02-28 10:13 mods-available drwxr-xr-x 2 root root 1024 2005-03-02 11:49 mods-enabled -rw-r--r-- 1 root root 21 2005-03-02 11:50 ports.conf -rw-r--r-- 1 root root 2266 2004-11-10 12:00 README drwxr-xr-x 2 root root 1024 2005-03-02 11:54 sites-available drwxr-xr-x 2 root root 1024 2005-03-02 12:21 sites-enabled drwxr-xr-x 2 root root 1024 2005-03-02 12:20 ssl
The directories (in bold above) will need some explaining as they are new in this package. The basic scheme is simple to understand once you know what everthing is, and why it's there.
The conf.d is an empty directory, but anything placed inside there will be read and included in your Apache2 package. It is designed so that other packages such as webmail packages, for example, can just drop little snippets in there when they are installed and be ready to run out of the box.
The mod-available, and mod-enabled directories are both concerned with Apache extension modules. The first directory contains information relating to each of the modules which apache installs by default. Each module has two files:
blah.load - A "LoadModule" statement. blah.conf - Configuration options for this module.
To enable a particular module you must create symbolic links between the two files and the directory "mod-enabled". Or to put it another way every file inside the mods-enabled directory is included when Apache starts.
The sites-available, and sites-enabled directories both work in a similar way to the modules directories we've just mentioned. The sites-available directory contains a single configuration file for each virtual host that your server supports. The sites-enabled has symbolic links to those hosts which you wish to be enabled.
Rather than dealing with the symbolic links manually, though, there are some new commands:
a2enmod - Apache2 Enable Module a2dismod - Apache2 Disable Module a2ensite - Apache2 Enable Site a2dissite - Apache2 Disable Site
You can run one of these without arguments to see which modules/sites you can enable/disable, or give it an argument for the module or site you wish to have changed.
So, for example, to load a new module, mod_rewrite you could run "a2enmod rewrite", this gives the following output:
root@mystery:/etc/apache2# a2enmod rewrite Module rewrite installed; run /etc/init.d/apache2 force-reload to enable.Enabling SSL for Apache2
To enable the SSL support built into Apache2 you will need to do three things:
- Load the SSL Module
- Setup a certificate
- Setup your virtual host(s) to use SSL
The first is relatively simple, you can either fiddle with the symbolic links yourself, or you can simply run:a2enmod ssl
This will setup the SSL module to be loaded by Apache, if it's not already configured.
To create your certificate you must simply execute the apache2-ssl-certificate command, and answer the different questions. Once this has finished you'll find the generated files inside the directory /etc/apache2/ssl.
Finally to cause your virtual host to use the SSL setup you should add the following to it:# This host uses SSL SSLEngine on # Get the SSL details from here: SSLCertificateFile /etc/apache2/ssl/apache.pem
You will also need to add the following to /etc/apache2/ports.conf to cause it to listen on the SSL port, 443:Listen 443
Once this has been done you can restart the server with the following command and attempt to connect via an SSL enabled client:/etc/init.d/apache2 restart