Difference between revisions of "Apache"

From DUNE
Jump to navigation Jump to search
 
(9 intermediate revisions by the same user not shown)
Line 1: Line 1:
 +
=General Notes=
 +
When installing and operating Apache on virtual machines
 +
in a cloud such as CERN OpenStack and others care must be taken
 +
to ensure that automatic software updates are disabled or
 +
otherwise properly handled. Otherwise, custom installation
 +
of modules such as mod_wsgi which are at times necessary
 +
to accommodate non-system versions of Python can be
 +
reversed resulting in a non-functional system.
 +
 
=Installation=
 
=Installation=
On Ubuntu:
+
==Ubuntu==
 
<pre>
 
<pre>
 
sudo apt-get install apache2 # Apache
 
sudo apt-get install apache2 # Apache
 
sudo apt-get install libapache2-mod-wsgi-py3 # mod_wsgi for Python3
 
sudo apt-get install libapache2-mod-wsgi-py3 # mod_wsgi for Python3
 
</pre>
 
</pre>
 +
 +
==CentOS==
 +
With minor variations...
 +
<pre>
 +
sudo yum update
 +
sudo yum install httpd
 +
# start:
 +
sudo systemctl start httpd.service
 +
# enable on boot:
 +
sudo systemctl enable httpd.service
 +
</pre>
 +
 +
Don't forget the firewall:
 +
<pre>
 +
sudo firewall-cmd --permanent --add-port=80/tcp
 +
sudo firewall-cmd --permanent --add-port=443/tcp
 +
sudo firewall-cmd --reload
 +
</pre>
 +
 +
Start it:
 +
<pre>
 +
sudo systemctl start httpd
 +
</pre>
 +
...and you can now check on it using "curl".
 +
 +
https://www.liquidweb.com/kb/how-to-install-apache-on-centos-7/
 +
https://www.godaddy.com/help/build-a-lamp-stack-linux-apache-mysql-php-centos-7-17344
  
 
=Start-Stop-Restart=
 
=Start-Stop-Restart=
Line 37: Line 73:
 
sudo systemctl start httpd.service
 
sudo systemctl start httpd.service
 
</pre>
 
</pre>
 +
 +
The following command can also be used to check the status:
 +
<pre>apachectl status</pre>
 +
 +
There are many ways to set up Apache automatic start on reboot,
 +
for example:
 +
<pre>sudo systemctl enable httpd.service</pre>
 +
 +
That's perhaps the simplest one.
  
 
=Apache Configuration=
 
=Apache Configuration=
Line 96: Line 141:
  
 
==Permissions==
 
==Permissions==
In addition to granting permissions in the Apache configuration file (an example is given below), correct permissions need to be set for the directory tree containing wsgi.py and other crucial files. If for example the tree is contained in your home directory and it's not readable to others, it won't work. One example (perhaps not the best) of how to make it work is to set 755 to your home dir.
+
In addition to granting permissions in the Apache configuration file (an example is given below), correct permissions need to be set for the directory tree containing wsgi.py and other crucial files. If for example the tree is contained in your home directory and it's not readable to others, it won't work. One example (perhaps not the best) of how to make it work is to set 755 to your home dir. There are good practices which involve some skills in using Apache configuration files.
 +
 
 +
Again, for wsgi to work the whole tree containing the scripts it needs to execute needs to have "rx" permissions in it.
 +
 
 +
==SELinux enforcement==
 +
If installed, SELinux will impose its own restrictions. See:
 +
<pre>getenforce</pre>
  
On top of that, SELinux will impose it's own restriction. See:
+
The command "sestatus" will produce more detailed information.
<pre>
 
getenforce
 
</pre>
 
  
 
If it shows "Enforcing", try
 
If it shows "Enforcing", try
<pre>
+
<pre>sudo setenforce 0</pre>
sudo setenforce 0
+
 
</pre>
+
If you have superuser privileges you can also edit the configuration file to change the default setting (e.g. to "permissive" if necessary) so when the machine reboots it's already there.
 +
<pre>/etc/selinux/config</pre>
  
 
==mod_wsgi==
 
==mod_wsgi==
Line 121: Line 170:
 
cd ./mod_wsgi-4.4.21
 
cd ./mod_wsgi-4.4.21
 
./configure --with-python=/usr/local/bin/python3.5
 
./configure --with-python=/usr/local/bin/python3.5
 +
LD_RUN_PATH=/usr/local/lib make
 
make
 
make
 
make install
 
make install
 
</pre>
 
</pre>
 +
 +
You'll likely see "axps missing" or similar message, this component may be obtained by installing httpd-devel.
  
 
==Ports and Firewalls==
 
==Ports and Firewalls==

Latest revision as of 19:22, 8 October 2018

General Notes

When installing and operating Apache on virtual machines in a cloud such as CERN OpenStack and others care must be taken to ensure that automatic software updates are disabled or otherwise properly handled. Otherwise, custom installation of modules such as mod_wsgi which are at times necessary to accommodate non-system versions of Python can be reversed resulting in a non-functional system.

Installation

Ubuntu

sudo apt-get install apache2 # Apache
sudo apt-get install libapache2-mod-wsgi-py3 # mod_wsgi for Python3

CentOS

With minor variations...

sudo yum update
sudo yum install httpd
# start:
sudo systemctl start httpd.service
# enable on boot:
sudo systemctl enable httpd.service

Don't forget the firewall:

sudo firewall-cmd --permanent --add-port=80/tcp
sudo firewall-cmd --permanent --add-port=443/tcp
sudo firewall-cmd --reload

Start it:

sudo systemctl start httpd

...and you can now check on it using "curl".

https://www.liquidweb.com/kb/how-to-install-apache-on-centos-7/ https://www.godaddy.com/help/build-a-lamp-stack-linux-apache-mysql-php-centos-7-17344

Start-Stop-Restart

Ubuntu

To start/stop/restart Apache 2 web server, enter one of the commands in each category:

### START
/etc/init.d/apache2 start
sudo /etc/init.d/apache2 start
sudo service apache2 start
### STOP
/etc/init.d/apache2 stop
sudo /etc/init.d/apache2 stop
sudo service apache2 stop
### RESTART
/etc/init.d/apache2 restart
sudo /etc/init.d/apache2 restart
sudo service apache2 restart

System status:

systemctl status apache2.service


CentOS/RH

On RedHat Linux, the name of the daemon is httpd. Also, "service" command may be aliased to systemctl.

systemctl status -l httpd.service # or:
sudo systemctl start httpd.service

The following command can also be used to check the status:

apachectl status

There are many ways to set up Apache automatic start on reboot, for example:

sudo systemctl enable httpd.service

That's perhaps the simplest one.

Apache Configuration

General Items

KeepAlive sets the tradeoff between memory and CPU usage by Apache.

Serving static files: https://docs.djangoproject.com/en/1.10/howto/deployment/wsgi/modwsgi/#serving-files

Official Layout of the Config Files: https://wiki.apache.org/httpd/DistrosDefaultLayout This, however, is not written in stone. Some details are given below.

Ubuntu

See /etc/apache2/apache2.conf

Snippet from 000-default.conf on Ubuntu:

        ServerName promptproc
        ServerAlias promptproc


        WSGIScriptAlias / /home/maxim/projects/p3s/promptproc/promptproc/wsgi.py

        Alias /static/ /var/www/static/
        <Directory /var/www/static>
        Require all granted
        </Directory>

        <Directory /home/maxim/projects/p3s/promptproc/promptproc>
        <Files wsgi.py>
        Require all granted
        </Files>
        </Directory>

The "static directory must contain static content such as themes for the tables2 package. Keep in mind that while this is served automatically by the Django development server, it's not the case under Apache.


The file wsgi.conf needs to contain a reference to Python runtime like:

WSGIPythonPath /home/maxim/.local/lib/python3.5/site-packages

CentOS

See /etc/httpd/. Examples:

[mxp@neutdqm p3s]$ ls /etc/httpd/
conf  conf.d  conf.modules.d  logs  modules  run
[mxp@neutdqm p3s]$ ls /etc/httpd/conf.d/
autoindex.conf  django.conf  php.conf  README  userdir.conf  welcome.conf
[mxp@neutdqm p3s]$ ls /etc/httpd/conf/
httpd.conf  magic

Permissions

In addition to granting permissions in the Apache configuration file (an example is given below), correct permissions need to be set for the directory tree containing wsgi.py and other crucial files. If for example the tree is contained in your home directory and it's not readable to others, it won't work. One example (perhaps not the best) of how to make it work is to set 755 to your home dir. There are good practices which involve some skills in using Apache configuration files.

Again, for wsgi to work the whole tree containing the scripts it needs to execute needs to have "rx" permissions in it.

SELinux enforcement

If installed, SELinux will impose its own restrictions. See:

getenforce

The command "sestatus" will produce more detailed information.

If it shows "Enforcing", try

sudo setenforce 0

If you have superuser privileges you can also edit the configuration file to change the default setting (e.g. to "permissive" if necessary) so when the machine reboots it's already there.

/etc/selinux/config

mod_wsgi

  • When using mod_wsgi one has to make sure the version matches the Python version, this needs to be specified when mod_wsgi is installed (see "Installation" above). You can use "ldd" on mod_wsgi.so to check dependencies including python version required. There is a possibility that mod_wsgi you installed has a long library name containing various metadata, and there is also still an older mod_wsgi file that get loaded instead. This needs to be taken care of.
  • https://www.sitepoint.com/deploying-a-django-app-with-mod_wsgi-on-ubuntu-14-04/
  • Methods of setting up the environment for wsgi described in the current Django documentation may or may not work on a particular installation/release/distro affiliation of Apache due to a few subtle bugs and relative complexity of *.conf and related files
  • If you decide to build mod_wsgi from source, make sure your Python was also built from source with "./config -enable-shared" option
  • It's easy to miss the fact that one segment of the path leading to wsgi.py doesn't have the right permissions, while httpd is run by user apache (or similar)

If you are willing to brave building mod_wsgi from source, here is a template:

wget -q "https://github.com/GrahamDumpleton/mod_wsgi/archive/4.4.21.tar.gz"
tar -xzf '4.4.21.tar.gz'
cd ./mod_wsgi-4.4.21
./configure --with-python=/usr/local/bin/python3.5
LD_RUN_PATH=/usr/local/lib make
make
make install

You'll likely see "axps missing" or similar message, this component may be obtained by installing httpd-devel.

Ports and Firewalls

NB. In most cases you need to run the utilities mentioned above as root or via sudo.

SELinux may prevent you from configuring Apache with a non-standard port. Useful commands:

semanage port -l # list ports
semanage port -a -t http_port_t -p tcp 81 # add a rule

List ports

sudo nmap -sT -O localhost
# or
sudo lsof -i

In addition to that, CentOS "may" have firewall settings which are beyond and above what you can learn with the tools listed above. See http://ask.xmodulo.com/open-port-firewall-centos-rhel.html. To check the firewall rules:

$ sudo iptables -L 

To open port 80 permanently:

$ sudo firewall-cmd --zone=public --add-port=80/tcp --permanent
$ sudo firewall-cmd --reload