First I would thank all those people who send questions and suggestions that made a further development of this document possible. It shows me, sharing knowledge is the right way. I would encourage you to send me more suggestion, just write me an email <luc at delouw.ch>.
All Linux distributions I tested had a non-optimal default setup of Apache. Additionally all major distributions don't have current versions of Apache.
Finally most commercial Unix are delivered without pre-installed Apache, or using a very strange setup.
Since I am installing a lot of customized webservers on different Unixes therefor I wrote a plaintext document and placed it on my website so I can access it at work. Later a friend posted the URL to a mailinglist, and the first questions arrived. So I decided to put more information on the page.
After a lot of people requested the document as an »official« HOWTO written in SGML, I decided to prepare it to be one.
Compiling all the items described below needs a lot of configure-options that nobody can memorize. This is supposed to be a copy-paste-ready text to compile Apache and friends.
Also, people should learn how to build a full-featured Apache webserver by themself to be independent from any Linux distributors.
It is just a Document, not a script that makes the work for you. You have to do all the steps by yourself.
The original document was for all major Unix platforms. Now the HOWTOs are separated for each platform. You will find the same document adapted for:
Important Notice for users running Linux on IBM S/390 (zSeries): PostgreSQL and Jserv wont compile on that system. All other programs and modules mentioned in the HOWTO are working perfectly
Other Unix platforms: Feel free to create a guest-account for me on your Unix platform, so I can have a look at the differences.
Windows-Users: I'm sorry, I'm too young for a heart-attack, You will need to upgrade your machine to a »real« operating system ;-)
This document is copyrighted (c) 2000, 2001, 2002, 2003 Luc de Louw and is distributed under the terms of the Linux Documentation Project (LDP) license, stated below.
Unless otherwise stated, Linux HOWTO documents are copyrighted by their respective authors. Linux HOWTO documents may be reproduced and distributed in whole or in part, in any medium physical or electronic, as long as this copyright notice is retained on all copies. Commercial redistribution is allowed and encouraged; however, the author would like to be notified of any such distributions.
All translations, derivative works, or aggregate works incorporating any Linux HOWTO documents must be covered under this copyright notice. That is, you may not produce a derivative work from a HOWTO and impose additional restrictions on its distribution. Exceptions to these rules may be granted under certain conditions; please contact the Linux HOWTO coordinator at the address given below.
In short, we wish to promote dissemination of this information through as many channels as possible. However, we do wish to retain copyright on the HOWTO documents, and would like to be notified of any plans to redistribute the HOWTOs.
If you have any questions, please contact <linux-howto at metalab.unc.edu>
No liability for the contents of this documents can be accepted. Use the concepts, examples and other content at your own risk. As this is a new edition of this document, there may be errors and inaccuracies, that may of course be damaging to your system. Proceed with caution, and although this is highly unlikely, the author(s) do not take any responsibility for that.
All copyrights are held by their by their respective owners, unless specifically noted otherwise. Use of a term in this document should not be regarded as affecting the validity of any trademark or service mark.
Naming of particular products or brands should not be seen as endorsements.
You are strongly recommended to take a backup of your system before major installation and backups at regular intervals.
This is the 15th Revision
New revisions of this document will be announced at http://freshmeat.net/projects/apache-compile-howto/?topic_id=905
The latest version of this document is to be found at http://www.delouw.ch/linux
I would thank all the nice people at < discuss at linuxdoc.org> for supporting me in writing HOWTOs
Feedback is most certainly welcome for this document. Without your submissions and input, this document wouldn't exist. Please send your additions, comments and critics to the following email address : <luc at delouw.ch>.
At the moment there are translations available for:
Translations to other languages are always welcome. If you translated this document, please let me know, so I can set a link here.
Luc (in english Luke) is 29 years old, playing around with computers since 20years. Currently he is working as Unix System Engineer for an IT-corporation located in Kloten (Zurich), Switzerland. Main-focus is developing all flavors of innovative Systems running on Linux (and other Un*xes) . Further, for all major Un*x platforms all the “impossible” tasks will end up on his desk (yes, its funny and he loves it!)
To be continued
All major distributions should include this general prerequisites.
OpenSSL provides the libraries and include-files needed be the products mentioned above and also provides a Application to build Server and client-Certificates.
The GNU dbm is a very important application used by almost every distribution. So it is installed by default on all distributions I tested.
In all probability the needed header files which are mandatory to build Apache with mod_rewrite and PHP are not installed by default. Please consult your distributions CD/DVD and install the devel package (The version can vary):
This procedure is verified for SuSE and Redhat. Please confirm for other RPM based systems like Mandrake. Debian will follow as soon as possible.
Users of Debian bases systems can install gdbm as follow:
MySQL is a very fast, powerful and very nice to handle Database.
Especially for webapplications where most access is read and few write, MySQL is the first choice. The newest Version is also transaction-capable. If you plan a Webapplication, that writes a lot of Data into the DB, maybe PostgreSQL is better suited for your project see Section 6.2.4 for installation hints
You need the C-API from MySQL for compiling PHP if you wish MySQL-Support in PHP. It is also needed if you want to use mod_authmysql, See Section 4.3 for more information
For security-improvement add a MySQL-user on your system e.g. »mysql«.
You may wish to start MySQL automatically at boottime, copy /usr/local/mysql/share/mysql/mysql.server to /etc/init.d/ (or wherever your rc-script are located) and create the corresponding symbolic link in the runlevel directories.
This part is only optional, and describes how to bind the MySQL daemon to the localhost IP
I suggest to just bind MySQL to the loopback-interface 127.0.0.1. This makes sure nobody can connect to your MySQL-Daemon via the network. But of course it only makes sense if MySQL runs on the same box like the webserver.
edit /etc/init.d/mysql.server and edit line 107 as following:
Alternatively you can completely disable the networking functionality of MySQL.
It is a common library that enables Unix programmers to simplify shm (Shared memory) accesses. It is used by many products, e.g. PHP and mod_ssl
Origin Site: ftp://ftp.ossp.org/pkg/lib/mm/mm-1.2.2.tar.gz
It is simply the best Webserver-Software, it is very flexible to configure to match your needs, and it is E-X-T-R-E-M-E stable. I personally never experienced a crash in a productive (=non-experimental stuff) environment
If your webserver should answer very much requests at the same time, and your machine is strong enough to serve such an amount of requests, you can change the limit of maximum running processes
Download the patch from: http://www.delouw.ch/linux/apache-patch_HARD_SERVER_LIMIT.txt
This patch does increase the maximum concurrent accessing clients to 512. Feel free to increase it further, if you hacked your kernel and edited your /etc/security/limits.conf
Apply the patch using:
This module is needed to enable Apache for SSL-Requests (https). It applies a patch to the Apache source-code and extends its API (Application Programming Interface). The result is called EAPI (Extended Application Programming Interface).
Almost all modules I know adds the -DEAPI flag by themself except mod_jserv and mod_jk
mod_perl is a kind of substitute for cgi-bin's. cgi's typically forks a new process for each request, and produces overhead. With mod_perl the perl-interpreter is loaded persistent in the Apache server and does not need to fork processes for each request.
Now the two static modules mod_ssl and mod_perl are configured and the Apache Source has been patched, and we can proceed with building Apache.
From the authors point of view:
DAV means: »Distributed authoring and Versioning«. It allows you to manage your Website similar to a filesystem. It is meant to replace ftp-uploads to your webserver.
DAV is supported by all major web development tools (newer versions) and is going to be a widely accepted standard for webpublishing.
From the authors point of view:
If you like to consolidate your login-facilities to a common user/passwd base, LDAP (Lightweight Directory Access Protocol) is the right way. LDAP is an open standard and widely supported.
Login-facilities for LDAP:
Unix-Logins for Linux, Solaris (others?) FTP-Logins (some ftp-daemons) http Basic Authentication Tarantella Authentication and Role-Management Samba Authentication (2.2.x should support this) LDAP is role based. That means, i.e. you can define a role »manager« assign a user as member and that user can login wherever a manager is allowed to login.
It is a http-Basic Authentication Module. It allows to maintain your user comfortable in a MySQL-Database
Add this line in your httpd.conf:
And where the other modules are added:
Take care that the path of MySQL libraries and includes are correct.
Example 1. /usr/local/apache/conf/httpd.conf
The File authmysql.sql contents:
It is a module that allows to define new Virtual Host "on-the-fly". Just create a new Directory in your vhost-path, thats it. It is not need to restart your Webserver
It is a good solution for Mass-Virtual-hosting for ISP's
Example 3. /usr/local/apache/conf/httpd.conf
Now create a Directory for each virtualhost in /usr/local/apache/htdocs/vhosts/
You don't need to restart your Webserver
From the authors point of view:
Mod_roaming is indeed valuable. Unfortunately it does not work over proxy-connection. You can keep your Netscape 4.x bookmarks etc. synchronized on different machines. It is not supported by any other browsers, including Mozilla and Netscape 6.x.
There are basically two modules available for output compression: mod_gzip and mod_gunzip. They are using different approaches to reach the the goal of bandwidth reduction.
mod_gunzip expects compressed file on the filesystem, and uncompress them if the browser cannot handle compressed data. The benefit is a low cpu-usage, because most browsers are capable to handle gzipped content. On the oder side, most of today's content is served dynamically i.e. PHP, and this content will be delivered uncompressed.
mod_gzip does not need compressed files on the system, all defined content will be compressed before delivery. The benefit is to have the dynamically generated content also compressed, the other side is a higher cpu-usage, because every request has to be compressed on-the-fly. Mod_gzip can handle already compressed data i.e. index.html.gz and send it as-is.
The conclusion: You carefully have to make a decision which of the two modules makes more sense for you. If you have to pay for every GB delivered and CPU-power does not matter, then mod_gzip is the choice for you. If response time matters (delay between request and delivery), and your bandwidth is cheap or unlimited, mod_gunzip matches your needs better.
A good page that helps you to make this decision is Martin Kiff's document about mod_gunzip http://www.innerjoin.org/apache-compression/howto.html
To successfully compile mod_gzip you need to edit the Makefile and provide the correct path to apxs
Put the following in your /usr/local/apache/conf/httpd.conf:
Example 5. /usr/local/apache/conf/httpd.conf
You may whish to log the result of the compression to your accesslog. This can be done by changing the LogFormat directive in /usr/local/apache/conf/httpd.conf
Put the following in your /usr/local/apache/conf/httpd.conf:
Now you can gzip your html files and rename them to i.e:
Of course you have to change all links to htmz, i.e. <a href="page.htmz">Some page</a>
Since Version 4 PHP capable and robust enough for enterprise webapplications. It is powerful, supports almost all important databases natively, and other through ODBC (Open DataBase Connectivity). It a few times faster than ASP on Windows Systems on the same Hardware.
There are other extensions available like APC (Alternative PHP Cache), which speed up processing about 50-400% (depends on the php-code you wrote)
Depending on your needs there are some software to install first. One already installed Software according this document is MySQL, because its needed by mod_auth_mysql.
IMAP means »Internet Mail Application Protocol« and is a substitute for the POP (Post Office Protocol) protocol. It allows to keep all Mails in different folders on the server, which (should) be backed up - Never again lose important email, because your local harddrive crashed
PostgreSQL is a very powerful and fast Database
Like MySQL wonderful for Webapplications. From my Point of view, not as comfortable to handle as MySQL. If your Webapplication performs mostly writes, or you need proofed transaction-capabilities, PostgreSQL is your friend
Origin-Site: http://www.postgresql.org (Select a mirror close to you)
From the authors point of view:
gettext is a library for i18n (Internationalization, "I", 18 chars and "n") of software, and needed by php
Origin-Site: ftp://ftp.gnu.org/gnu/gettext (select a mirror close to you)
zlib is a lossless data-compression library for use on virtually any computer hardware and operating system
Origin-Site: ftp://ftp.info-zip.org/pub/infozip/zlib/zlib-1.1.4.tar.gz (select a mirror close to you)
Edit the Makefile and add -lstdc++ to the variable EXTRA_LIBS. This is currently only needed, when using Sablotron version 0.9.7
After installing your httpd.conf is modified by axps. It should now look as follows:
If you compiled Apache with mod_ssl then the php-module will only be loaded when staring Apache with ssl (apachectl startssl). If you will start Apache without ssl support (but compiled like described in this document) you need to change this:
Copy the sample php.ini-dist to /usr/local/lib/php.ini
uncomment (remove the # at begin of line) the following lines in /usr/local/apache/conf/httpd.conf
Apache 1.3.27 default httpd.conf does lack of this entries. You have to add them instead of uncommenting
Restart Apache by issuing the following command:
There are many different extensions available for php, which can be added in your php.ini
The author made some performance-Tests with apc and it was real surprise. A PHP-Webpage with MySQL-queries in a loop (total 10 queries) was more than 50% faster
Contra APC: If you have other users on the system coding php they maybe are not comfortable with APC, because the changes are all ignored unless you reset the cache or restart Apache. The other way, namely that APC checks the php-script for a newer version before every run costs speed.
Restart your Apache-Webserver. Try it out, create a php-file with the following content:
Zend-Optimizer is a freeware closed source product. On the same testcode used for the APC-test, there was speed-decrease of about 5% compared to PHP without APC.
You have to make your own test, to see, if you have some improvements with your own code. Be sure not to NOT use Zend Optimizer together with APC, or your whole setup will not work.
There is noting to build, this product is closed-source and so only available as binary for different platforms. The filename varies according your platform, the sample is for Linux on IA32.
The install script is self-explanatory, if you compiled Apache and PHP like described in this document, you can just press ENTER on all questions about the pathnames.
Tomcat is the successor of jserv which is no longer developed. Tomcat supports the latest jsp and servlet-APIs defined by sun. Unfortunately Tomcat is very difficult to build from source, because it is using its own building-system called "ant". There is also a very long list of prerequisites if you want to build from source. See http://jakarta.apache.org/tomcat/tomcat-4.0-doc/BUILDING.txt for more details - Good luck, and give some feedback to the author.
In the meantime the HOWTO is providing some basic support for Tomcat installed from binaries.
The Author is searching for some volunteers who tries to build Tomcat from source and tells what steps are required
Please see java.sun.com
Too much for this HOWTO, please see http://java.sun.com/j2se/1.3/docs/relnotes/features.html
To enable the Tomcat manager, you need to modify /usr/local/jakarta-tomcat-4.1.8/conf/tomcat-users.xml add a user »admin« or with the role »manager«. The result should look like this:
Now you should be able to startup tomcat:
You should now be able to connect to: http://localhost:8080/index.jsp
If you like to have a native interface into your Apache Webserver, you need to build mod_jk with must be downloaded separately here: http://jakarta.apache.org/builds/jakarta-tomcat-4.0/release/v4.1.18/src/jakarta-tomcat-connectors-4.1.18-src.tar.gz.
Now follows the annoying part, the customizing of the config files. First edit /usr/local/jakarta-tomcat-connectors-4.1.18-src/jk/conf/workers.properties, and copy the file to /usr/local/apache/conf
I made a sample workers.properties that works with the example JSPs and servlets that comes with the Tomcat distribution. It is based on the sample workers.properties from Tomcat
Example 8. workers.properties
Next, you need to configure your apache config file httpd.conf. The following example matches the examples provided by Tomcat.
After restarting Apache, you should now be able to connect to your JSP's via Apache. I.e: http://localhost/examples/jsp/num/numguess.jsp
For the further steps like installing your servlets and jsp-files, you are responsible by yourself...
Here are some other resources available on the internet
Some of the most interesting news groups are:
Also check out your country newsgroups e.g ch.comp.os.linux
Most newsgroups have their own FAQ that are designed to answer most of your questions, as the name Frequently Asked Questions indicate. Fresh versions should be posted regularly to the relevant newsgroups. If you cannot find it in your news spool you could go directly to the FAQ main archive FTP site. The WWW versions can be browsed at the FAQ main archive WWW site.
Send an empty email to <firstname.lastname@example.org>
Before writing to the list, check out the archive: http://marc.theaimsgroup.com/?l=apache-httpd-users
Send an mail to <email@example.com> with the content (not subject):
Before writing to the list, check out the archive: http://outside.organic.com/mail-archives/modperl/
Send an mail to <firstname.lastname@example.org> with the content (not subject):
Before writing to the list, check out the archive: http://email@example.com/
Send an mail to <firstname.lastname@example.org> with the content (not subject):
Before writing to the list, check out the archive: http://email@example.com/
Send an empty mail to <firstname.lastname@example.org>
Before writing to the list, check out the archive: http://lists.mysql.com/cgi-ez/ezmlm-cgi/
Fill out the subscription form at http://developer.postgresql.org/mailsub.php
Before writing to the list, check out the archive: http://archives.postgresql.org/pgsql-general/
Fill out the subscription form at http://www.php.net/mailing-lists.php
There are several php related mailinglist to subscribe, some of them are also available on php.net's newsserver
Before writing to the list, check out the archive that are linked also on the subscription-page
These are intended as the primary starting points to get the background information. They also show you how to solve a specific problem. Some relevant HOWTOs are
The main site for these is the LDP archive
Usually distributions install some documentation on your system. Usually they are located in /usr/share/doc/packages or /usr/local/share/doc
The software products mentioned here provide a lot of documentation in their source-directories. Apache does install its documentation in the default DocumentRoot /usr/local/apache/htdocs/manual
There are a large number of informative web sites available. By their very nature they change quickly, so do not be surprised if these links become outdated very fast.
A good starting point is of course the Linux Documentation Project home page, a central information repository for documentation, project pages and much more.
To get more information about the Software mentioned in this document, then the following sites are good starting points.
Please let me know if you have any other leads that can be of interest.
Not yet. The reason is that PHP 4.2.1 supports the Apache 2.0 API only experimentally and the speed of PHP is very poor with Apache 2.0. As the new Apache brings lots of new features and massive speed improvements, I will write such a HOWTO as soon as the PHP support is stable and more performant. I'm collecting now Ideas and wishes from users what they like to see in a Apache 2.0 HOWTO. Feel free to write an email to <luc at delouw dot ch>
Because nobody requested it yet and I either did not know about a mod_xyz, or I did not found it useful. Feel free to write me some suggestions what to add to the HOWTO. If there is more than one request, and it makes sense, it will maybe added in further releases.
A: The certificate produced like described in this HOWTO is just a self-signed certificate. This means the CA (Certification Authority) is you. Your CA is not recognized as a valid CA by your users browser. You can either install the certificate on your users machines (Makes sense in small Intranet environments) or buy a certificate from a CA that is recognized by all major browsers. An example of such a CA is Verisign http://www.verisign.com. Such a certificate cost approx. 300 USD a year, depending on the strength of the key (56 or 128 Bits)
You forgot to tell Apache what to do with the php files. So the php files are not processed by the php engine. To do so, add the application type like described in Section 6.3