Add the INSTALL file. (856a728b) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP Apache Httpd

INSTALL

0 → 100644

+449 −0

Original line number	Diff line number	Diff line

		APACHE INSTALLATION

		Introduction
		============

		Apache 2.0's configuration and installation environment has changed
		completely from Apache 1.3. Apache 1.3 used a custom set of scripts
		to achieve easy installation. Apache 2.0 now uses libtool and autoconf
		to create an environment that looks like many other Open Source projects.


		Installing the Apache 1.3 HTTP server with APACI
		================================================

		1. Overview for the impatient
		--------------------------

		$ ./buildconf
		$ ./configure --prefix=PREFIX
		$ make
		$ make install
		$ PREFIX/bin/apachectl start

		NOTE: PREFIX is not the string "PREFIX". Instead use the Unix
		filesystem path under which Apache should be installed. For
		instance use "/usr/local/apache" for PREFIX above.

		2. Requirements
		------------

		The following requirements exist for building Apache:

		o Disk Space:

		Make sure you have approximately 12 MB of temporary free disk space
		available. After installation Apache occupies approximately 5 MB of
		disk space (the actual required disk space depends on the amount of
		compiled in third party modules, etc).

		o ANSI-C Compiler:

		Make sure you have an ANSI-C compiler installed. The GNU C compiler
		(GCC) from the Free Software Foundation (FSF) is recommended (version
		2.7.2 is fine). If you don't have GCC then at least make sure your
		vendors compiler is ANSI compliant. You can find the homepage of GNU
		at http://www.gnu.org/ and the GCC distribution under
		http://www.gnu.org/order/ftp.html .

		o Libtool 1.3.3:

		Make sure that you have libtool 1.3.3 or later installed before
		trying to configure and build Apache 2.0. Libtool can be downloaded
		from the Free Software Foundation (FSF), at
		http://www.gnu.org/order/ftp.html.

		o Autoconf 2.13:

		Make sure that you have autoconf 2.13 or later installed before
		trying to configure and build Apache 2.0. Autoconf can be
		downloaded from the Free Software Foundation (FSF), at
		http://www.gnu.org/order/ftp.html.

		o Perl 5 Interpreter [OPTIONAL]:

		For some of the support scripts like `apxs' or `dbmmanage' (which are
		written in Perl) the Perl 5 interpreter is required (versions 5.003
		and 5.004 are fine). If no such interpreter is found by APACI's
		`configure' script this is no harm. Of course, you still can build
		and install Apache 1.3. Only those support scripts cannot be used. If
		you have multiple Perl interpreters installed (perhaps a Perl 4 from
		the vendor and a Perl 5 from your own), then it is recommended to use
		the --with-perl option (see below) to make sure the correct one is
		selected by APACI.

		o Dynamic Shared Object (DSO) support [OPTIONAL]:

		To provide maximum flexibility Apache now is able to load modules
		under runtime via the DSO mechanism by using the pragmatic
		dlopen()/dlsym() system calls. These system calls are not available
		under all operating systems therefore you cannot use the DSO mechanism
		on all platforms. And Apache currently has only limited built-in
		knowledge on how to compile shared objects because this is heavily
		platform-dependent. The current state is this:

		o Out-of-the-box supported platforms are (Not all of these will
		work currently. DSO support is currently available on most
		of these platforms however):
		- Linux - SunOS - UnixWare - Darwin/Mac OS
		- FreeBSD - Solaris - AIX - OpenStep/Mach
		- OpenBSD - IRIX - SCO - DYNIX/ptx
		- NetBSD - HPUX - ReliantUNIX
		- BSDI - Digital Unix - DGUX

		o Entirely unsupported platforms are:
		- Ultrix

		If your system is not on these lists but has the dlopen-style
		interface, you either have to provide the appropriate compiler and
		linker flags (see CFLAGS_SHLIB, LDFLAGS_SHLIB and LDFLAGS_SHLIB_EXPORT
		below) manually or at least make sure a Perl 5 interpreter is
		installed from which Apache can guess the options.

		3. Configuring the source tree
		---------------------------

		Setup:

		The first step in compiling Apache 2.0 is to setup the source tree so
		that it can be built. This is done by running:

		./buildconf

		This script ensures that all required programs are installed on the
		currently machine, and creates the ./configure script. If you are
		using a package downloaded from apache.org then this step is not
		necessary.

		Introduction:

		The next step is to configure the Apache source tree for your particular
		platform and personal requirements. The most important setup here is the
		location prefix where Apache is to be installed later, because Apache has
		to be configured for this location to work correctly. But there are a lot
		of other options available for your pleasure.

		For a short impression of what possibilities you have, here is a typical
		example which compiles Apache for the installation tree /sw/pkg/apache
		with a particular compiler and flags plus the two additional modules
		mod_rewrite and mod_speling for later loading through the DSO mechanism:

		$ CC="pgcc" OPTIM="-O2" \
		./configure --prefix=/sw/pkg/apache \
		--enable-rewrite=shared \
		--enable-speling=shared

		The easiest way to find all of the configuration flags for Apache 2.0
		is to run ./configure --help. What follows is a brief description of
		most of the arguments.

		Reference:

		$ [CC=...] [CFLAGS_SHLIB=...] [TARGET=...]
		[OPTIM=...] [LD_SHLIB=...]
		[CFLAGS=...] [LDFLAGS_SHLIB=...]
		[INCLUDES=...] [LDFLAGS_SHLIB_EXPORT=...]
		[LDFLAGS=...] [RANLIB=...]
		[LIBS=...] [DEPS=...]
		./configure
		[--quiet] [--prefix=DIR] [--enable-NAME=(shared)]
		[--verbose] [--exec-prefix=PREFIX] [--disable-NAME]
		[--shadow[=DIR]] [--bindir=EPREFIX] [--with-mpm=NAME]
		[--show-layout] [--sbindir=DIR]
		[--help] [--libexecdir=DIR]
		[--mandir=DIR]
		[--sysconfdir=DIR]
		[--datadir=DIR]
		[--includedir=DIR]
		[--localstatedir=DIR]
		[--runtimedir=DIR] [--enable-suexec]
		[--logfiledir=DIR] [--suexec-caller=UID]
		[--proxycachedir=DIR] [--suexec-docroot=DIR]
		[--with-layout=[FILE:]ID] [--suexec-logfile=FILE]
		[--suexec-userdir=DIR]
		[--with-perl=FILE] [--suexec-uidmin=UID]
		[--without-support] [--suexec-gidmin=GID]
		[--without-confadjust] [--suexec-safepath=PATH]
		[--without-execstrip]
		[--server-uid=UID] [--with-maintainter-mode]
		[--server-gid=GID]

		Use the CC, OPTIM, CFLAGS, INCLUDES, LDFLAGS, LIBS, CFLAGS_SHLIB,
		LD_SHLIB, LDFLAGS_SHLIB, LDFLAGS_SHLIB_EXPORT, RANLIB, DEPS and TARGET
		environment variables to override the corresponding default entries in
		the src/Configuration.tmpl file (see there for more information about
		their usage).

		Use the --prefix=PREFIX and --exec-prefix=EPREFIX options to configure
		Apache to use a particular installation prefix. The default is
		PREFIX=/usr/local/apache and EPREFIX=PREFIX.

		Use the --bindir=DIR, --sbindir=DIR, --libexecdir=DIR, --mandir=DIR,
		--sysconfdir=DIR, --datadir=DIR, --includedir=DIR, --localstatedir=DIR,
		--runtimedir=DIR, --logfiledir=DIR and proxycachedir=DIR option to change
		the paths for particular subdirectories of the installation tree.
		Defaults are bindir=EPREFIX/bin, sbindir=EPREFIX/sbin,
		libexecdir=EPREFIX/libexec, mandir=PREFIX/man, sysconfdir=PREFIX/etc,
		datadir=PREFIX/share, includedir=PREFIX/include,
		localstatedir=PREFIX/var, runtimedir=PREFIX/var/run,
		logfiledir=PREFIX/var/log and proxycachedir=PREFIX/var/proxy.

		Note: To reduce the pollution of shared installation locations
		(like /usr/local/ or /etc) with Apache files to a minimum the
		string ``/apache'' is automatically appended to 'libexecdir',
		'sysconfdir', 'datadir', 'localstatedir' and 'includedir' if
		(and only if) the following points apply for each path
		individually:

		1. the path doesn't already contain the word ``apache''
		2. the path was not directly customized by the user

		Keep in mind that per default these paths are derived from
		'prefix' and 'exec-prefix', so usually its only a matter
		whether these paths contain ``apache'' or not. Although the
		defaults were defined with experience in mind you always should
		make sure the paths fit your situation by checking the finally
		chosen paths via the --layout option.

		Use the --with-layout=[F:]ID option to select a particular installation
		path base-layout. You always _HAVE_ to select a base-layout. There are
		currently two layouts pre-defined in the file config.layout: `Apache' for
		the classical Apache path layout and `GNU' for a path layout conforming
		to the GNU `standards' document. When you want to use your own custom
		layout FOO, either add a corresponding "<Layout FOO>...</Layout>" section
		to config.layout and use --with-layout=FOO or place it into your own
		file, say config.mypaths, and use --with-layout=config.mypaths:FOO.

		Use the --show-layout option to check the final installation path layout
		while fiddling with the options above.

		Use the --enable-rule=NAME and --disable-rule=NAME options to enable or
		disable a particular Rule from the Apache src/Configuration.tmpl file. The
		defaults (yes=enabled, no=disabled) can either be seen when running
		`./configure --help' or manually looked up in the src/Configuration.tmpl
		file.

		Use the --enable-NAME=(shared) and --disable-NAME options to enable
		or disable a particular already distributed module from the Apache
		package.

		Use the --with-mpm=NAME option to determine which MPM should be built
		for your server.
		_________________________________________________________________________
		LIST OF AVAILABLE MODULES

		Environment creation
		(+) mod_env .......... Set environment variables for CGI/SSI scripts
		(+) mod_setenvif ..... Set environment variables based on HTTP headers
		(-) mod_unique_id .... Generate unique identifiers for request
		Content type decisions
		(+) mod_mime ......... Content type/encoding determination (configured)
		(-) mod_mime_magic ... Content type/encoding determination (automatic)
		(+) mod_negotiation .. Content selection based on the HTTP Accept* headers
		URL mapping
		(+) mod_alias ........ Simple URL translation and redirection
		(-) mod_rewrite ...... Advanced URL translation and redirection
		(+) mod_userdir ...... Selection of resource directories by username
		(-) mod_speling ...... Correction of misspelled URLs
		Directory Handling
		(+) mod_dir .......... Directory and directory default file handling
		(+) mod_autoindex .... Automated directory index file generation
		Access Control
		(+) mod_access ....... Access Control (user, host, network)
		(+) mod_auth ......... HTTP Basic Authentication (user, passwd)
		(-) mod_auth_dbm ..... HTTP Basic Authentication via Unix NDBM files
		(-) mod_auth_db ...... HTTP Basic Authentication via Berkeley-DB files
		(-) mod_auth_anon .... HTTP Basic Authentication for Anonymous-style users
		(-) mod_digest ....... HTTP Digest Authentication
		HTTP response
		(-) mod_headers ...... Arbitrary HTTP response headers (configured)
		(-) mod_cern_meta .... Arbitrary HTTP response headers (CERN-style files)
		(-) mod_expires ...... Expires HTTP responses
		(+) mod_asis ......... Raw HTTP responses
		Scripting
		(+) mod_include ...... Server Side Includes (SSI) support
		(+) mod_cgi .......... Common Gateway Interface (CGI) support
		(+) mod_cgid ......... Common Gateway Interface (CGI) support for
		multi-threaded MPMs
		(+) mod_actions ...... Map CGI scripts to act as internal `handlers'
		Internal Content Handlers
		(+) mod_status ....... Content handler for server run-time status
		(-) mod_info ......... Content handler for server configuration summary
		Request Logging
		(+) mod_log_config ... Customizable logging of requests
		(-) mod_log_agent .... Specialized HTTP User-Agent logging (deprecated)
		(-) mod_log_referer .. Specialized HTTP Referrer logging (deprecated)
		(-) mod_usertrack .... Logging of user click-trails via HTTP Cookies
		Miscellaneous
		(+) mod_imap ......... Server-side Image Map support
		(-) mod_proxy ........ Caching Proxy Module (HTTP, HTTPS, FTP)
		(-) mod_so ........... Dynamic Shared Object (DSO) bootstrapping
		Experimental
		(-) mod_mmap_static .. Caching of frequently served pages via mmap()
		Development
		(-) mod_example ...... Apache API demonstration (developers only)

		MPMs
		mpmt_pthread ..... Mutli-process(dynamic) Multi-threaded(static)
		Unix MPM
		prefork .......... Preforking Unix MPM
		dexter ........... Multi-process(static) Multi-threaded(dynamic)
		Unix MPM
		perchild ......... Multi-process(static) Multi-threaded(dynamic)
		Unix MPM, that allows a User per child process

		winnt ............ Multi-process(1) Multi-threaded Windows MPM

		mpmt_beos ........ Multi-process Multi-threaded Beos MPM
		beos ............. Multi-process Multi-threaded Beos MPM

		spmt_os2 ......... Single-process Multi-threaded OS/2 MPM
		_________________________________________________________________________
		(+) = enabled per default [disable with --disable-module]
		(-) = disabled per default [enable with --enable-module ]

		Use the --enable-suexec option to enable the suEXEC feature by building
		and installing the "suexec" support program. Use --suexec-caller=UID to
		set the allowed caller user id, --suexec-userdir=DIR to set the user
		subdirectory, --suexec-docroot=DIR to set the suexec root directory,
		--suexec-uidmin=UID/--suexec-gidmin=GID to set the minimal allowed
		UID/GID, --suexec-logfile=FILE to set the logfile and
		--suexec-safepath=PATH to set the safe shell PATH for the suEXEC
		feature. At least one --suexec-xxxxx option has to be provided together
		with the --enable-suexec option to let APACI accept your request for
		using the suEXEC feature.

		CAUTION: FOR DETAILS ABOUT THE SUEXEC FEATURE WE HIGHLY RECOMMEND YOU TO
		FIRST READ THE DOCUMENT htdocs/manual/suexec.html BEFORE USING
		THE ABOVE OPTIONS.

		USING THE SUEXEC FEATURE PROPERLY CAN REDUCE CONSIDERABLY THE
		SECURITY RISKS INVOLVED WITH ALLOWING USERS TO DEVELOP AND RUN
		PRIVATE CGI OR SSI PROGRAMS. HOWEVER, IF SUEXEC IS IMPROPERLY
		CONFIGURED, IT CAN CAUSE ANY NUMBER OF PROBLEMS AND POSSIBLY
		CREATE NEW HOLES IN YOUR COMPUTER'S SECURITY. IF YOU AREN'T
		FAMILIAR WITH MANAGING SETUID ROOT PROGRAMS AND THE SECURITY
		ISSUES THEY PRESENT, WE HIGHLY RECOMMEND THAT YOU NOT CONSIDER
		USING SUEXEC AND KEEP AWAY FROM THESE OPTIONS!

		Use the --shadow option to let APACI create a shadow source tree of the
		sources for building. This is useful when you want to build for different
		platforms in parallel (usually through a NFS, AFS or DFS mounted
		filesystem). You may specify a directory to the --shadow option into
		which the shadow tree will be created.

		Use the --quiet option to disable all configuration verbose messages.

		Use the --verbose option to enable additional verbose messages.

		Use the --server-uid option to specify the user ID you want the server to run
		as. If not specified the server will run as user nobody. If the user ID
		specified is different than the ID of the user starting the server, you need to
		start the server as root.

		Use the --server-gid option to specify the group ID you want the server user ID to
		be a member of. If not specified, the group ID will be #-1.

		4. Building the package
		--------------------

		Now you can build the various parts which form the Apache package by
		simply running the command

		$ make

		Please be patient here, this takes approximately 2 minutes to complete
		under a Pentium-166/FreeBSD-2.2 system, dependend on the amount of
		modules you have enabled.

		5. Installing the package
		----------------------

		Now its time to install the package under the configured installation
		PREFIX (see --prefix option above) by running:

		$ make install

		For the paranoid hackers under us: The above command really installs under
		prefix _only_, i.e. no other stuff from your system is touched. Even if
		you upgrade an existing installation your configuration files in
		PREFIX/etc/ are preserved.

		6. Testing the package
		-------------------

		Now you can fire up your Apache HTTP server by immediately running

		$ PREFIX/bin/apachectl start

		and then you should be able to request your first document via URL
		http://localhost/ (when you built and installed Apache as root or at
		least used the --without-confadjust option) or http://localhost:8080/
		(when you built and installed Apache as a regular user). Then stop the
		server again by running:

		$ PREFIX/bin/apachectl stop

		7. Customizing the package
		-----------------------

		Finally you can customize your Apache HTTP server by editing the
		configuration files under PREFIX/etc/.

		$ vi PREFIX/etc/httpd.conf
		$ vi PREFIX/etc/access.conf
		$ vi PREFIX/etc/srm.conf

		Have a look at the Apache manual under htdocs/manual/ or
		http://www.apache.org/docs/ for a complete reference of available
		configuration directives.

		8. Preparing the system
		--------------------

		Proper operation of a public HTTP server requires at least the following:

		1. A correctly working TCP/IP layer, since HTTP is implemented on top of
		TCP/IP. Although modern Unix platforms have good networking layers,
		always make sure you have all official vendor patches referring to the
		network layer applied.

		2. Accurate time keeping, since elements of the HTTP protocol are
		expressed as the time of day. So, it's time to investigate setting
		some time synchronization facility on your system. Usually the ntpdate
		or xntpd programs are used for this purpose which are based on the
		Network Time Protocol (NTP). See the Usenet newsgroup
		comp.protocols.time.ntp and the NTP homepage at
		http://www.eecis.udel.edu/~ntp/ for more details about NTP software
		and public time servers.

		9. Contacts
		--------

		o If you want to be informed about new code releases, bug fixes,
		security fixes, general news and information about the Apache server
		subscribe to the apache-announce mailing list as described under
		http://www.apache.org/announcelist.html

		o If you want freely available support for running Apache please join the
		Apache user community by subscribing at least to the following USENET
		newsgroup:
		comp.infosystems.www.servers.unix

		o If you want commercial support for running Apache please contact
		one of the companies and contractors which are listed at
		http://www.apache.org/info/support.cgi

		o If you have a concrete bug report for Apache please go to the
		Apache Group Bug Database and submit your report:
		http://www.apache.org/bug_report.html

		o If you want to participate in actively developing Apache please
		subscribe to the `new-httpd' mailing list as described at
		http://dev.apache.org/mailing-lists

		Thanks for running Apache.
		The Apache Group
		http://www.apache.org/