Itís a good idea to install a binary Apache distribution using the install-bindist.sh script and to install a compiled one using make install, as detailed in Chapter 3. However, you can manually install Apache if necessary. You might want to do this when upgrading Apache to a new version where only one or two filesómaybe only the Apache binary itselfóhave changed.
A full manual installation involves creating the directories where you can place Apacheís executables, configuration files, and logs and then ensuring that Apache knows how to find them. If youíre on a Unix system, you should also check and adjust file and directory permissions for server security. Because this inevitably introduces concepts I would otherwise leave to the next chapter, this section is only for people who like to do things the hard way or have already rebuilt Apache from source and want to perform a partial installation by hand rather than use the supplied scripts.
Locating Apacheís Files
The first and most important thing to decide with a manually installed Apache is where to put the server root that defines Apacheís base installation directory, the document root where the main Web site files are located, and Apacheís error log. Table 2-1 shows the important directives along with their default location and a possible alternative.
Alternative Example Location
Table 2-1.Important Apache Directives
As this table shows, in the default Apache configuration the server root is also used as the basis for both the document root and the error log. In practice, the document root is often moved outside the server root as shown in the alternative example because the document root and server root have little to do with each other, and keeping them apart makes it easier to replace either the site or the server installation without disturbing the other. Other than actual Web content, and setting aside for the moment the issue of multiple virtual hosts, all of Apacheís other files are usually located under the server root. This includes the various executables, including the Apache server binary itself, as well as supporting scripts, log files, file icons, and example Common Gateway Interface (CGI) scripts. The point of the ServerRoot directive is to consolidate all these files into one place, so you donít have to define all of them separately. If you want to move all or most of Apacheís files to a different location, redefining ServerRoot is a lot simpler than redefining the location of each file individually.
Apache provides two optional directives to move an individual file location:
PidFile, which contains Apacheís process ID on Unix systems and defaults to the runtime directory
pesConfig, which defines the file where media type definitions are kept
Both these directives default to a file in Apacheís default log directory. If you want to put any of them anywhere other than <SeverRoot> /logs, youíll have to define each one in turn. The supplied httpd.conf file that comes with Apache, which is found in <ServerRoot> /conf, gives an example of each set to the default location, so itís easy to find and change them.
If the server uses a particular directory for CGI scripts, youíll need to locate it with a ScriptAlias directive. Apache has a cgi-bin directory for this purpose located under the server root, and the configuration file as supplied with Apache contains a ScriptAlias directive to match. Itís worth observing that the cgi-bin directory has no special significance other than that itís supplied by the ScriptAlias directive in the default configuration; itís not a fundamental default in Apache.
If you donít need a specific place for CGI scripts, perhaps because theyíre enabled to run from any location, you donít need either the ScriptAlias directive or the cgi-bin directory. Iíll discuss this in more detail in Chapter 6.
Apache also comes with a set of icons for use in directory listings, usually located in the <ServerRoot> /icons directory. To avoid redefining each and every icon location, the default Apache configuration uses an Alias directive to specify the location of the icons directory. Change the directory alias to move all the icons to a different location.
Locating the Server Executables
The Apache binary, httpd, can be located anywhere, as can the support utilities that come with it. Itís not necessary to specify their location in the configuration, but apachectl may need to be edited to reflect the location you choose.
One popular alternative to placing the binaries in /usr/local/apache/bin is /usr/local/sbin or even /usr/sbin. Some prebuilt packages do this; for example, the RPM packages shipped with Red Hat Linux follow this convention.
Note that the Apache binary for Windows is called apache.exe and is usually found in a directory called \apache.
Security and Permissions
Only privileged users should be able to write the Apache executable, configuration, log files, and all higher directories up to and including the root directory.
For example, on Unix systems, the following commands run by root create the configuration and log directories, with the correct permissions, under /usr/local/apache:
Follow the same steps for any of the Apache utilities that are also installed. Note that they need not be located in the same place as Apache itself (or as each other, though for the sake of sanity I donít recommend scattering them at random across the disk).
Note that even if Apache runs under the identity of a specified user and group (for example, nobody), the directories and files Apache uses are still owned by root. The point of a different user is that the Apache processes that handle client requests donít have the privilege to interfere with the Web server or other sensitive systems running on the server such as email. This makes it harder for malicious users to compromise security.
This chapter is from Pro Apache by Peter Wainwright. (Apress, 2004, ISBN: 1590593006). Check it out at your favorite bookstore today. Buy this book now.