Dear Wiki user, You have subscribed to a wiki page or wiki category on "Httpd Wiki" for change notification.
The following page has been changed by jmcg: http://wiki.apache.org/httpd/DebianDeb0rkification New page: ## Please edit system and help pages ONLY in the moinmaster wiki! For more ## information, please see MoinMaster:MoinPagesEditorGroup. ##master-page:Unknown-Page ##master-date:Unknown-Date ##acl MoinPagesEditorGroup:read,write,delete,revert All:read #format wiki #language en == Debian Deb0rkification == Title suggested by thumbs. Please note that this is a first draft. Any comments are most welcome. Like many articles written here, the main reason is to lighten the pain of supporting #apache. One of the main causes of head-ache are people who are new to both Apache HTTPd and their Debian Linux system. This is a guide how to make efficient use of the Debian configuration files. Please note that we will be working on the latest release. === apache2.conf === Debian calls it's main configuration file ''apache2.conf'', which is the first check-point of confusion, because there is also a ''httpd.conf'' file in the configuration directory: {{{ [EMAIL PROTECTED]:/etc/apache2$ ls -ltr total 48 -rw-r--r-- 1 root root 59 2008-01-17 22:26 ports.conf -rw-r--r-- 1 root root 378 2008-01-17 22:26 envvars -rw-r--r-- 1 root root 0 2008-01-23 08:12 httpd.conf drwxr-xr-x 2 root root 4096 2008-03-31 13:37 sites-enabled -rw-r--r-- 1 root root 10826 2008-05-14 01:35 apache2.conf drwxr-xr-x 2 root root 4096 2008-06-11 14:35 sites-available drwxr-xr-x 2 root root 4096 2008-06-11 14:35 conf.d drwxr-xr-x 2 root root 4096 2008-06-11 14:35 mods-enabled drwxr-xr-x 2 root root 12288 2008-06-11 14:35 mods-available }}} But a quick ''apache2 -V'' reveals, among other useful things, what the configuration file is: {{{ [EMAIL PROTECTED]:/etc/apache2$ sudo apache2 -V Server version: Apache/2.2.8 (Debian) Server built: May 13 2008 23:39:43 Server's Module Magic Number: 20051115:11 Server loaded: APR 1.2.12, APR-Util 1.2.12 Compiled using: APR 1.2.12, APR-Util 1.2.12 Architecture: 64-bit Server MPM: Prefork threaded: no forked: yes (variable process count) Server compiled with.... -D APACHE_MPM_DIR="server/mpm/prefork" -D APR_HAS_SENDFILE -D APR_HAS_MMAP -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled) -D APR_USE_SYSVSEM_SERIALIZE -D APR_USE_PTHREAD_SERIALIZE -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT -D APR_HAS_OTHER_CHILD -D AP_HAVE_RELIABLE_PIPED_LOGS -D DYNAMIC_MODULE_LIMIT=128 -D HTTPD_ROOT="" -D SUEXEC_BIN="/usr/lib/apache2/suexec" -D DEFAULT_PIDLOG="/var/run/apache2.pid" -D DEFAULT_SCOREBOARD="logs/apache_runtime_status" -D DEFAULT_LOCKFILE="/var/run/apache2/accept.lock" -D DEFAULT_ERRORLOG="logs/error_log" -D AP_TYPES_CONFIG_FILE="/etc/apache2/mime.types" -D SERVER_CONFIG_FILE="/etc/apache2/apache2.conf" }}} The main problem of of the ''apache2.conf'' however, is not it's name, but it's lack of sane defaults, of which we will no take care: {{{ ## snip # Change the default of 15 seconds to something sane: KeepAliveTimeout 2 ## sip # Leave this as is, as it makes sense (see below) # maybe change the name of the file.. # # Define an access log for VirtualHosts that don't define their own logfile CustomLog /var/log/apache2/other_vhosts_access.log vhost_combined # For reasons of paranoia, set this to Prod, instead of Debian's default 'Full' ServerTokens Prod # Same here, no one needs to know our version number: ServerSignature Email # This is what will be returned by the above: ServerAdmin [EMAIL PROTECTED] # Only disable this if you really want to ;) TraceEnable Off # This is for usability: AcceptPathinfo On # Debian puts this in their overly verbose Default VHost, but that's just silly <Directory /> Options FollowSymLinks AllowOverride None Order deny,allow Deny from all </Directory> # Assuming /var/www/ is the root of all of your vhosts, we set sane defaults for it: <Directory /var/www> Options +MultiViews Allow from All AllowOverride None </Directory> }}} And that's it. Those are the additions/changes one has to do in ''apache2.conf'' in order to set sane defaults. === sites-enabled === There's one marvelous attribute about Debian's configs and that's the introduction of vhosts per default. With the addition of scripts to manage ''sites''. And then there's this gross thing in ''sites-enabled'' that is the default-vhost, which people take as example, copy and paste and create chaos: {{{ NameVirtualHost * <VirtualHost *> ServerAdmin [EMAIL PROTECTED] DocumentRoot /var/www/ <Directory /> Options FollowSymLinks AllowOverride None </Directory> <Directory /var/www/> Options Indexes FollowSymLinks MultiViews AllowOverride None Order allow,deny allow from all </Directory> ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ <Directory "/usr/lib/cgi-bin"> AllowOverride None Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch Order allow,deny Allow from all </Directory> ErrorLog /var/log/apache2/error.log # Possible values include: debug, info, notice, warn, error, crit, # alert, emerg. LogLevel warn CustomLog /var/log/apache2/access.log combined ServerSignature On Alias /doc/ "/usr/share/doc/" <Directory "/usr/share/doc/"> Options Indexes MultiViews FollowSymLinks AllowOverride None Order deny,allow Deny from all Allow from 127.0.0.0/255.0.0.0 ::1/128 </Directory> </VirtualHost> }}} This configuration is overly verbose, complex, and, unneccessary. Instead of argumenting what's wrong with it, I will simply move on to show how to do it better: In ''apache2.conf'' change: {{{ # Include all the user configurations: # BUT not before declaring that we will be using Name-based vhosts! NameVirtualHost *:80 Include /etc/apache2/httpd.conf }}} Note the subtle difference here: ''NameVirtualHost *'' is ambigous. It covers all interfaces and all ports, potentially breaking future additions of SSL-aware sites. {{{ <VirtualHost *:80> ServerName some.domain.tld DocumentRoot /var/www/some.domain.tld/htdocs ErrorLog "|/usr/bin/rotatelogs /var/log/apache/some.domain.tld/error_log.%Y%m%d 86400" </VirtualHost> }}} Again, note the difference with the now ''VirtualHost *:80'' directive, to match the ''NameVirtualHost *:80'' directive. We removed the CustomLog directive as all are catched by the one defined in the ''apache2.conf'' - thus effectively reducing the number of open file handles. We got rid of all the superfluous ''<Directory>'' blocks - especially with it's borken ''Options'' directives. Again, with the sane settings in the ''apache2.conf''. And defused the danger of ambiguity, by changing, and moving the ''NameVirtualHost *:80'' directive above the ''Include'' line for the vhosts, thus enabling newbies to simply copy and paste and edit this file.
