Securing and Optimizing Linux: RedHat Edition -A Hands on Guide | ||
---|---|---|
Prev | Chapter 29. Software -Network Server, web/Apache | Next |
Apache Web Server, like many applications we'll install, cannot run as super-user root. For this reason we must create a special user that has minimal access to the system, and still function enougn to run the Apache web Server. It is best to choose and create a new user just for the purpose of running the web server daemon.
[root@deep ]/# useradd -c "Apache Server" -u 80 -s /bin/false -r -d /home/httpd www 2>/dev/null || : |
You have to apply mod-ssl to Apache source tree, if you want to use and include the SSL data encryption support in your Apache web server, then move into the new mod_ssl source directory cd mod_ssl-version-version/ and type the following commands on your terminal:
CC="egcs" \ CFLAGS="-O9 -funroll-loops -ffast-math -malign-double -mcpu=pentiumpro -march=pentiumpro -fomit-frame-pointer -fno-exceptions" \ ./configure \ --with-apache=../apache_1.3.12 \ --with-crt=/etc/ssl/certs/server.crt \ --with-key=/etc/ssl/private/server.key |
The --with-apache option specifies the location of the Apache source directory, it's important to note that we suppose your Apache version in this example is 1.3.12,
The --with-crt option specifies the location of your existing public key for SSL encryption
The --with-key option specifies the location of your existing private key for SSL encryption.
: OpenSSL software must already be installed on your server, and your public and private keys must already be existent or be created on your server, or you'll receive an error message during the configuration time of mod_ssl. See Software -Networking/Encryption, in this book, for more information.
Improve the MaxClients Parameter of Apache, by default in the Apache configuration file; httpd.conf, the maximum number you can set for the MaxClients Parameter is 256. For a busy site, and for better performance, its recommended that you increase the limit of this parameter. You can do it by editing the src/include/httpd.h file in the source directory of Apache and changing the default value. Move into the new Apache source directory, cd ../apache_1.3.12/ and edit the httpd.h file:
#define HARD_SERVER_LIMIT 256 |
#define HARD_SERVER_LIMIT 1024 |
Pre-configure Apache for PHP4 configure step if you want to use and include the PHP4 server-side scripting language support on your Apache web server, then move into the new Apache source directory cd apache_1.3.12/ if you are not already in it and type the following commands on your terminal:
CC="egcs" \ OPTIM="-O9 -funroll-loops -ffast-math -malign-double -mcpu=pentiumpro -march=pentiumpro -fomit-frame-pointer -fno-exceptions" \ CFLAGS="-DDYNAMIC_MODULE_LIMIT=0" \ ./configure \ --prefix=/home/httpd \ --bindir=/usr/bin \ --sbindir=/usr/sbin \ --libexecdir=/usr/lib/apache \ --includedir=/usr/include/apache \ --sysconfdir=/etc/httpd/conf \ --localstatedir=/var \ --runtimedir=/var/run \ --logfiledir=/var/log/httpd \ --datadir=/home/httpd \ --proxycachedir=/var/cache/httpd \ --mandir=/usr/man |
: This step is necessary only if you want to include PHP4 support in your Apache source code, since it'll pre-configure Apache for PHP4s configure step below. Take a note that the -DDYNAMIC_MODULE_LIMIT=0 option will disable the use of dynamically loaded modules in our compilation of Apache, and will improve its performance.