Introduction to Apache HTTPD
        
        
          The Apache HTTPD package contains
          an open-source HTTP server. It is useful for creating local
          intranet web sites or running huge web serving operations.
        
        
          ![[Note]](../images/note.png) 
          
            Note
          
          
            Development versions of BLFS may not build or run some packages
            properly if LFS or dependencies have been updated since the most
            recent stable versions of the books.
          
         
        
          Package Information
        
        
        
          Additional Downloads
        
        
        
          Apache HTTPD Dependencies
        
        
          Required
        
        
          Apr-Util-1.6.3
        
        
          Optional
        
        
          Brotli-1.1.0, Doxygen-1.15.0, jansson-2.14.1, libxml2-2.15.1, Lua-5.4.8, Lynx-2.9.2 or Links-2.30 or
          ELinks, nghttp2-1.67.1, OpenLDAP-2.6.10
          (Apr-Util-1.6.3 needs to be installed with ldap
          support), rsync-3.4.1, Berkeley
          DB (deprecated), and Distcache
        
       
      
        
          Installation of Apache HTTPD
        
        
          For security reasons, running the server as an unprivileged user
          and group is strongly encouraged. Create the following group and
          user using the following commands as root:
        
        groupadd -g 25 apache &&
useradd -c "Apache Server" -d /srv/www -g apache \
        -s /bin/false -u 25 apache
        
          Build and install Apache HTTPD by
          running the following commands:
        
        patch -Np1 -i ../httpd-blfs_layout-1.patch             &&
sed '/dir.*CFG_PREFIX/s@^@#@' -i support/apxs.in       &&
sed -e '/HTTPD_ROOT/s:${ap_prefix}:/etc/httpd:'       \
    -e '/SERVER_CONFIG_FILE/s:${rel_sysconfdir}/::'   \
    -e '/AP_TYPES_CONFIG_FILE/s:${rel_sysconfdir}/::' \
    -i configure  &&
./configure --enable-authnz-fcgi                    \
            --enable-layout=BLFS                    \
            --enable-mods-shared="all cgi"          \
            --enable-mpms-shared=all                \
            --enable-suexec=shared                  \
            --with-apr=/usr/bin/apr-1-config        \
            --with-apr-util=/usr/bin/apu-1-config   \
            --with-suexec-bin=/usr/lib/httpd/suexec \
            --with-suexec-caller=apache             \
            --with-suexec-docroot=/srv/www          \
            --with-suexec-uidmin=100                \
            --with-suexec-userdir=public_html       \
            --with-suexec-logfile=/var/log/httpd/suexec.log &&
make
        
          This package does not come with a test suite.
        
        
          Now, as the root user:
        
        make install  &&
mv -v /usr/sbin/suexec /usr/lib/httpd/suexec &&
chgrp apache           /usr/lib/httpd/suexec &&
chmod 4754             /usr/lib/httpd/suexec &&
chown -v -R apache:apache /srv/www
       
      
        
          Command Explanations
        
        
          sed
          '/dir.*CFG_PREFIX/s@^@#@'...: Forces the
          apxs utility to use absolute
          pathnames for modules, when instructed to do so.
        
        
          sed -e '/HTTPD_ROOT/s
          ...: Fixes some paths.
        
        
          --enable-authnz-fcgi: Build
          FastCGI authorizer-based authentication and authorization
          (mod_authnz_fcgi.so fast CGI module).
        
        
          --enable-mods-shared="all
          cgi": The modules should be compiled and used as
          Dynamic Shared Objects (DSOs) so they can be included and excluded
          from the server using the run-time configuration directives.
        
        
          --enable-mpms-shared=all:
          This switch ensures that all MPM (Multi Processing Modules) are
          built as Dynamic Shared Objects (DSOs), so the user can choose
          which one to use at runtime.
        
        
          --enable-suexec: This
          switch enables building of the Apache suEXEC module which can be used to
          allow users to run CGI and SSI scripts under user IDs different
          from the user ID of the calling web server.
        
        
          --with-suexec-*: These
          switches control suEXEC module behavior, such as default document
          root, minimal UID that can be used to run the script under the
          suEXEC. Please note that with minimal UID 100, you can't run CGI or
          SSI scripts under suEXEC as the apache user.
        
        
          ...
          /usr/lib/httpd/suexec: These commands put
          suexec wrapper into
          proper location, since it is not meant to be run directly. They
          also adjust proper permissions of the binary, making it setgid
          apache.
        
        
          chown -R apache:apache
          /srv/www: By default, the installation process
          installs files (documentation, error messages, default icons, etc.)
          with the ownership of the user that extracted the files from the
          tar file. If you want to change the ownership to another user, you
          should do so at this point. The only requirement is that the
          document directories need to be accessible by the httpd process with (r-x)
          permissions and files need to be readable (r--) by the apache user.
        
       
      
        
          Configuring Apache
        
        
          
            Config Files
          
          
            /etc/httpd/httpd.conf and
            /etc/httpd/extra/*
          
         
        
          
            Configuration Information
          
          
            See file:///usr/share/httpd/manual/configuring.html
            for detailed instructions on customising your Apache HTTP server configuration file.
          
          
            There is no reason, at least for internet facing sites, not to
            use SSL encryption. Setting up a secured website does not cost
            anything except installing one additional small tool and a few
            minutes of configuration work. Use this guideline at https://wiki.linuxfromscratch.org/blfs/wiki/Securing_a_website
            to create world-wide accepted certificates and renew them on a
            regular basis.
          
         
        
          
            Boot Script
          
          
            If you want the Apache server to
            start automatically when the system is booted, install the
            /etc/rc.d/init.d/httpd init script
            included in the blfs-bootscripts-20250225 package:
          
          make install-httpd