Apache 2.4 on Ubuntu

Foreword

I precise 2.4 because major as well minor versions matter in Apache 2 configuration.
If you don’t use Apache 2.4, don’t go further.

The installation

Apache 2 is in the default packages repositories of Ubuntu. 
So to install the default version, we just need to execute sudo apt-get install apache2
To specify the version of Apache to install you can use the syntax : apt-get install apache2=version but not sure that many versions be available in the default repositories of Ubuntu.
If you don’t find the version what you need, the last version may be found on the apache website, as well as archived versions. But beware downloading the archive/binaries will require you to configure Apache and to define a startup service for that. That is documented in the official documentation and on that post.

Rights and users

The default user associated to files/rights on the web server filesystem/service (apache, ngnix, and so for…) is www-data

Enable/Disable modules, confs and sites

Enable a module : sudo a2enmod moduleName
Disable a module : sudo a2dismod moduleName
For site components : a2ensite/a2dissite
For conf components : a2enconf/a2disconf

Enable URL Rewrite

Only that is required :
sudo a2enmod rewrite

Besides, contrary to some other modules (proxy or ssl for example), the rewrite module doesn’t go with its own configuration file. Instead, we should add rewrite directives in the context where we want to apply that : server config, virtual host, directory or .htaccess.
To enable that, first we have to set it to on such as : RewriteEngine On at the begin (or at least before using rewriting) of the directive/context we want to use url rewriting.

Enable SSL

Enable two components :
sudo a2ensite default‐ssl
sudo a2enmodule ssl

Either use default key/cert or generate them with openssl and update the default-ssl.conf file with these information.

Example to generate the certif with a new private key :
sudo openssl req -nodes -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365

Also we don’t need to forget to update some VirtualHost information in default-ssl.conf :

<IfModule mod_ssl.c>
	<VirtualHost east.david.org:443>
                #...
		DocumentRoot /var/www/html/east
		SSLEngine on
		SSLCertificateFile	/etc/apache2/keys/cert.pem
		SSLCertificateKeyFile  /etc/apache2/keys/key.pem
                #...
	</VirtualHost>
</IfModule>

AJP or the proxy_ajp module

Enable the required modules :
sudo a2enmod proxy
sudo a2enmod proxy_ajp
proxy is required because proxy_ajp uses that.
Here is the minimal required proxy.conf :

<IfModule mod_proxy.c>
        ProxyRequests Off
        ProxyPass / ajp://localhost:13080/
        ProxyPassReverse / ajp://localhost:13080/
</IfModule>

Explanations :
ProxyRequests : we set that to On only for a forward proxy.
ProxyPass maps remote servers into the local server URL-space.
The simplest ProxyPass syntax is : ProxyPass localVirtualPath targetServerUrl
ProxyPassReverse adjusts the URL in HTTP response headers sent from a reverse proxied server.
That is used to not allow bypass of the reverse proxy in case of a redirection response(3XX).
The simplest ProxyPassReverse syntax is the same as ProxyPass

Configure Apache for both having a virtual host that serves static resources requests (forward proxy) and using reverse proxy for the other requests.

In sites-enabled/000-default.conf, we need to configure a virtual host to serve static resources such as :

<VirtualHost *:89>
        ServerName localhost:89
        DocumentRoot /var/www/quizz
 
        ErrorLog ${APACHE_LOG_DIR}/site/error.log
        CustomLog ${APACHE_LOG_DIR}/site/access.log combined
 
        LogLevel trace8
</VirtualHost>

The virtualHost should listen to the port where the Apache is currently listening (here 89).
The LogLevel directive has the max verbosity here. It may be helpful to diagnostic configuration issue.
Here the ServerName point to a specific folder of /var/www.
If you host multiple sites with the same apache instance, it is useful.
It could also be in a completely different base directory.

And here is the proxy configuration part of proxy.conf updated to exclude request that start with path that are resources hosted by the virtual host :

        LogLevel proxy:trace5 # not required may be helpful
        ProxyPass /static !
        ProxyPass /javascript !
        ProxyPass /images !
        ProxyPass / ajp://localhost:13080/
        ProxyPassReverse / ajp://localhost:13080/

Beware, the order of the ProxyPass directives matters here.
Apache applies these directives sequentially and if for a request, one directive matches, it doesn’t go further. So the exclusions has to appear first in our case to prevent apache from redirecting to the AJP target for them.

Available variables in Apache expressions

These are available contextually.
Here is some :

DOCUMENT_ROOT	The DocumentRoot of the current vhost

REQUEST_URI	The path part of the request's URI

https://httpd.apache.org/docs/2.4/expr.html DOCUMENT_ROOT

Multi-Processing Modules (MPMs)

Apache 2 introduces the Multi-Processing Modules.
These modules are responsible for binding to network ports on the machine, accepting requests, and dispatching children to handle the requests.
Previously these basic features was strongly coupled to the core component (httpd).
We can use one and only one module for that : prefork, worker or event.
The MPM module is selected/chosen at build time of the apache.
On recent configuration, the event module that is the most peformant is selected.

For scalability : threaded MPM : worker or event.
For stability or compatibility with older software: prefork.

Multiple instances on a same machine

The Ubuntu/Debian init scripts (e.g. /etc/init.d/apache2) have been updated to support multiple instances of (e.g. multiple configurations, named /etc/apache2-$SUFFIX).
Documentation can be found in /usr/share/doc/apache2/README.multiple-instances

The idea is simple : running a script with as arg the suffix for the new instance and then enabling the service (initd or systemd).
sudo sh /usr/share/doc/apache2/examples/setup-instance other
sudo sytemctl enable apache2@other

1) An useful thing to note is that the setup-instance script file relies on the current default apache configuration, that is /etc/apache2 as model of the new instance.
If it is desirable, we could create a new version of the setup-instance file that uses a particular instance as model.

2) The folders/files located in the apache configuration instance can be copied such as in any other instance. But to make a real copy, first clean the original folder where you will copy that.
Clean all files/folders from the apache folder of the instance : rm *.* -rf
Copy of the content conf : cp -a apache-conf-model/. apache-conf-target/
In /etc/systemd/system/multi-user.target.wants, the two instances are referenced such as :

oct.  18 15:03 'apache2@other.service' -> '/lib/systemd/system/apache2@.service'
oct.  17 16:26  apache2.service -> /lib/systemd/system/apache2.service

Additional Instance service name : apache2@suffix
Additional Instance program location : /etc/apache-suffix
Additional Instance enable/disable program : a2enXXX-suffix, a2disXXX-suffix
To start/stop/restart, favor systemctl such as systemctl restart apache2@other

Ce contenu a été publié dans Non classé. Vous pouvez le mettre en favoris avec ce permalien.

Laisser un commentaire

Votre adresse de messagerie ne sera pas publiée. Les champs obligatoires sont indiqués avec *