Optimizing and Building Apache Web-Server On CentOS/RedHat/Fedora.

Posted on November 14, 2012 by | Leave a comment

Apache Web-Server is one of the most widely used web-servers around the globe. Thus, the Internet is overloaded with countless of techniques regarding deploying and configuring this world class web-server. On this blog for instance, you may find a well written one published by Matthew Harman, a brilliant IT Professional and writer. I personally like Matthew’s approach as discussed in his article. However, because I have promised in the PART-2 of a series of articles I have published here regarding Virtualization With XEN Hypervizor On CentOS 5.8 that was going to write PART-3 dealing with web-server setups, I have decided to keep my word and share an approach that I have adopted when it comes to deploying Apache (httpd) servers.

In the referred virtualization article I said that on PART-3 of the series I was going to show how to configure and optimize CentOS/RedHat/Fedora for web-services. However I have decided not to do that because another writer has already published an article that delve with that subject. Though his article didn’t include everything I wanted to address, I must admit that I enjoyed reading his article. Again, when it comes to setting up OS configuration and optimization for web-servers, I have adopted a slightly different approach than the other writer’s approach, but I still recognized the valuable insights that he shared on his writing. Thus, I am not longer sharing anything regarding OS setups for web-services as promised. However, in this article I am jumping one step forward by delving with Optimizing and Building Apache Web-Server on CentOS/RedHat/Fedora.

Because httpd is such an important server, it requires several other packages to be in place in order to build and install it. This is what many authors coin ass prE-requisite to compiling Apache Server. Thus, know that httpd server requires that the following be installed in your system in order to build and install it.
Pre-Requisites:
OpenSSL
expat
expat-devel
gdbm-devel
db3-devel
Perl

Optional Packages:
apr
apr-devel
apr-util
apr-util-devel

Here we go again:

Step 1) Create service account and group for httpd
[root@jcweb ~]# groupadd -g 48 www > /dev/null 2>&1 || :
[root@jcweb ~]# useradd -u 48 -g 48 -s /bin/false -M -r -d /home/httpd www > /dev/null >2&1 || :

Step 2) Append the non-existing user name to the shell configuration file.
[root@jcweb ~]# echo -e “/bin/false” >>/etc/shells

Step 3) Download Apache source code
[root@jcweb root]# cd /var/tmp/; wget http://www.apache.org/dist/httpd/httpd-2.2.23.tar.gz
[root@jcweb tmp]# wget http://www.apache.org/dist/httpd/httpd-2.2.23.tar.gz.asc

Step 4) Validate the authenticity/integrity of the downloaded packages using pgp utility.
[root@jcweb tmp]# gpg –import httpd-2.2.23.key
[root@jcweb tmp]# gpg –verify httpd-2.2.23.tar.gz.asc

Step 5) Uncompress the newly downloaded Apache source code and move into the uncompressed directory. Now let the fun begins!
[root@jcweb tmp]# tar xzpf http-2.2.23.tar.gz; cd http-2.2.23

Note: One of the main advantages of compiling/building and installing a package from source-code is being able to optimize it for the hardware being used. Thus, let’s take some critical steps on that direction by changing various files that donate key hardware related configuration options for httpd, so we may attain the desired optimization once the package is compiled.

Step 6) Modify GNU Layout section of ‘config.layout’ file so that it would look identical as the following: This change simply alters some directory layouts for the installation. The reason behind this is because most people knows the common httpd server default directory layouts. Thus, hacker develop their hacking-toolkits with this predictions in mind. By altering the layout a little, you minimize the possibility that their tools would be successful when targeting your systems.

prefix: /usr
exec_prefix: ${prefix}
bindir: ${exec_prefix}/bin
sbindir: ${exec_prefix}/sbin
libdir: ${exec_prefix}/lib
libexecdir: ${libdir}/apache
mandir: ${prefix}/share/man
sysconfdir: /etc/httpd
datadir: /home/httpd
installbuilddir: ${libexecdir}/build
errordir: ${datadir}/error
iconsdir: ${datadir}/icons
htdocsdir: ${datadir}/html
manualdir: ${datadir}/manual
cgidir: ${datadir}/cgi-bin
includedir: ${prefix}/include/apache
localstatedir: /var
runtimedir: ${localstatedir}/run
logfiledir: ${localstatedir}/log/httpd
proxycachedir: ${localstatedir}/proxy

[root@jcweb http-2.2.23]# vi +39 config.layout

The maximum number of child processes that could be created to serve requests is limited by default to “256″ into the source code of httpd server. This limit is only valid for the prefork model of the httpd server. For highly loaded web server, this value shall be changed to “1024″ for better performance. In the next step, we’re going to increase that value.
Step 6) Edit line 77 of ‘server/mpm/prefork/prefork.c’ changing ’256′ to ’1024′ as following:
#Before:
define DEFAULT_SERVER_LIMIT 256
#After:
define DEFAULT_SERVER_LIMIT 1024

[root@jcweb http-2.2.23]# vi +77 server/mpm/prefork/prefork.c

Once those steps are successfully taken, we can now define some compiler vairables and launch the pre-build configuration.

Step 7) Define and export CFLAGS environment variable.
[root@jcweb http-2.2.23]# CFLAGS=”-O3 -march=core2″;export CFLAGS

Note: The options cited in the CFLAGS environment are very important in terms of hardware optimization For instance, option ‘O3′ is the highest level of optimization that gcc compiler can achieve. That is the reason we picked it. Option ‘march’ defines the processor architecture. Since my dom0 system has two Intel Xeon dual-core CPUs, of which the virtual machine jcweb is using, I set this option to core2

Step 8) Pre-build configuration test.
[root@jcweb http-2.2.23]# ./configure –enable-layout=GNU –prefix=/usr –exec-prefix=/usr –bindir=/usr/bin –sbindir=/usr/sbin –mandir=/usr/share/man –sysconfdir=/etc/httpd –includedir=/usr/include/apache –libexecdir=/usr/lib/apache –datadir=/home/httpd –localstatedir=/var –enable-access=shared –enable-alias=shared –enable-auth=shared –enable-auth-dbm=shared –enable-auth-digest=shared –enable-autoindex=shared –enable-cern-meta=shared –enable-cgi=shared –enable-dav=shared –enable-dav-fs=shared –enable-dir=shared –enable-expires=shared –enable-file-cache=shared –enable-headers=shared –enable-include=shared –enable-log-config=shared –enable-mime=shared –enable-mime-magic=shared –enable-negotiation=shared –enable-rewrite=shared –enable-setenvif=shared –enable-speling=shared –enable-ssl=shared –enable-unique-id=shared –enable-usertrack=shared –enable-vhost-alias=shared –enable-proxy –enable-proxy-connect –enable-proxy-ftp –enable-proxy-http –disable-auth-anon –disable-disk-cache –disable-mem-cache –disable-chache –disable-deflate –disable-ext-filter –disable-case-filter –disable-case-filter-in –disable-example –disable-status –disable-asis –disable-info –disable-suexec –disable-cgid –disable-imap –disable-userdir –with-z –with-ssl –with-mpm=prefork –host=x86_64-redhat-linux –enable-nonprotable-atomics=yes –no-create

Step 9) If the previous step ran without errors, then remove the last switch ‘–no-create’ and relaunch the same configure command again to actually configure and create all the needed files this time.

Step 10) Now, build httpd server.
[root@jcweb http-2.2.23]# make

Step 11) Prior to installing httpd server, create a list of all the files in your system.
[root@jcweb http-2.2.23]# find /* >~/httpd.befr

Step 12) Install httpd server on your system.
[root@jcweb http-2.2.23]# make install

Step 13) After installing, create a list of all the files in your system.
[root@jcweb http-2.2.23]# find /* >~/httpd.aftr

Step 14) Now using the ‘diff’ get a difference between to two list of all files in the system created prior and after installing httpd server.
[root@jcweb http-2.2.23]# diff ~/httpd.befr ~/httpd.aftr > ~/Http-Installed

Step 14) Once all the previous steps are successfully taken, now, clean the environment a little by disposing the unneeded files. Also, clear some comments in the httpd binaries.
[root@jcweb http-2.2.23]# cd;rm -rf /var/tmp/httpd-*
[root@jcweb http-2.2.23]# strip /usr/sbin/httpd; strip -R .comment /usr/lib/apache/*.so

At this point, you have successfully built and installed you Apache/httpd Web-Server. Now, please, take the time to appropriately configure it before deploying the system for everyone to use. Again, always remember, Jesus of Nazareth, the Lord of lords and the King of kings, loves you so much that He died on your place, so that you might have a relationship with Him and God the Father. Please, visit the following link to know more about Jesus: This is not about religion, but about relationships. Don’t forget that religious leaders of His time persecuted Him, Condemned Him and killed Him essentially because He wasn’t pro religion. Jesus is all about relationships – FIND OUT MORE ABOUT HIM!.

Guto Lopes

Inspired by the Lord, Jesus Christ, to be a little whisper in the vast cloudy field of IT by sharing the little I know with my neighbors.
“SOLI DIO GLORIA = To God Alone Be The Glory”

PING ME ON ODESK.COM 4 ANY HELP YOU MIGHT NEED.
https://www.odesk.com/users/~014545e3518f735b9c

Facebook 


All rights reserved ©

Share on TumblrShare via email
This entry was posted in advanced level, fedora, how to, server settings. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

*


− 6 = 3

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong> <pre class="">