If upgrading from Red Hat Linux 7.3 or earlier upon which the Apache HTTP Server was
already installed, then the new stock configuration file for the Apache HTTP Server
2.0 package is installed as
/etc/httpd/conf/httpd.conf.rpmnew and the original
version 1.3 httpd.conf is not touched. It is, of
course, entirely up to you whether you use the new configuration file
and migrate the old settings to it or use the existing file as a base
and modify it to suit; however, some parts of the file have changed more
than others and a mixed approach is generally the best. The stock
configuration files for both version 1.3 and version 2.0 are divided
into three sections. The goal of this guide is to suggest what is
hopefully the easiest route.
This command highlights any modifications made. If a copy of the
original file is not available, extract it from an RPM package using the
rpm2cpio and cpio commands, as in
the following example:
Finally, it is useful to know that the Apache HTTP Server has a testing mode to
check for configuration errors. To use access it, type the following
command:
10.2.1. Global Environment Configuration
The global environment section of the configuration file contains
directives which affect the overall operation of the Apache HTTP Server, such as
the number of concurrent requests it can handle and the locations of
the various files. This section requires a large number of changes
compared with the others and it is therefore recommended to base this
section on the Apache HTTP Server 2.0 configuration file and migrate the old
settings into it.
10.2.1.1. Selecting Which Interfaces and Ports To Bind To
The BindAddress and Port
directives no longer exist; their functionality is now provided by a
more flexible Listen directive.
If Port 80 was set in the 1.3 version
configuration file, change it to Listen 80 in the
2.0 configuration file. If Port was set to some
value other than 80, then append the port
number to the contents of the ServerName
directive.
For example, the following is a sample Apache HTTP Server 1.3 directive:
Port 123
ServerName www.example.com |
To migrate this setting to Apache HTTP Server 2.0, use the following
structure:
Listen 123
ServerName www.example.com:123 |
For more on this topic, refer to the following documentation on the
Apache Software Foundation's website:
10.2.1.2. Server-pool Size Regulation
In Apache HTTP Server 2.0, the responsibility for accepting requests and
dispatching child-processes to handle them has been abstracted into
a group of modules called Multi-Processing
Modules (MPMs). Unlike other
modules, only one module from the MPM group can be loaded by the
Apache HTTP Server. There are three MPM modules that ship with version 2.0:
prefork, worker, and
perchild.
The original Apache HTTP Server 1.3 behavior has been moved into the
prefork MPM. Currently only the
prefork MPM is available on Red Hat Linux, although the
other MPMs may be made available at a later date.
The prefork MPM accepts the same directives as
Apache HTTP Server 1.3, so the following directives may be migrated directly:
StartServers
MinSpareServers
MaxSpareServers
MaxClients
MaxRequestsPerChild
For more on this topic, refer to the following documentation on the
Apache Software Foundation's website:
10.2.1.3. Dynamic Shared Object (DSO) Support
There are many changes required here, and it is highly recommended
that anyone trying to modify an Apache HTTP Server 1.3 configuration to suit
version 2.0 (as opposed to migrating the changes into the version
2.0 configuration) copy this section from the stock Red Hat Linux Apache HTTP Server
2.0 configuration file.
Those who do not want to copy the section from the stock Apache HTTP Server 2.0
configuration should note the following:
The AddModule and
ClearModuleList directives no longer
exist. These directives where used to ensure that modules could
be enabled in the correct order. The Apache HTTP Server 2.0 API allows
modules to specify their ordering, eliminating the need for
these two directives.
The order of the LoadModule lines is no
longer relevant.
Many modules have been added, removed, renamed, split
up, or incorporated with each other.
LoadModule lines for modules packaged in
their own RPMs (mod_ssl,
php, mod_perl, and the
like) are no longer necessary as they can be found in the
relevant file in the /etc/httpd/conf.d/
directory.
The various HAVE_XXX definitions are no
longer defined.
 | Important |
|---|
| | If modifying the original file, please note that it is of paramount
importance that the httpd.conf contains the
following directive:
Omission of this directive will result in the failure of all modules packaged in
their own RPMs (such as mod_perl,
php, and mod_ssl).
|
10.2.1.4. Other Global Environment Changes
The following directives have been removed from Apache HTTP Server 2.0's
configuration:
ServerType —
The Apache HTTP Server can only be run as ServerType
standalone making this directive irrelevant.
AccessConfig and
ResourceConfig —
These directives have been removed since they mirror the
functionality of the Include directive. If
the AccessConfig and
ResourceConfig directives are set then
replace them with Include directives.
To ensure that the files are read in the order implied by
the older directives the Include directives
should be placed at the end of
httpd.conf, with the one corresponding to
ResourceConfig preceding the one
corresponding to AccessConfig. If using the
default values, include them explicitly as
conf/srm.conf and
conf/access.conf files.
10.2.2. Main Server Configuration
The main server configuration section of the configuration file sets
up the main server, which responds to any requests that are not handled
by a <VirtualHost> definition. Values here
also provide defaults for any <VirtualHost>
containers defined.
The directives used in this section have changed little between
Apache HTTP Server 1.3 and version 2.0. If the main server configuration is
heavily customized it may be easier to modify the existing
configuration file to suit Apache HTTP Server 2.0. Users with only lightly
customized main server sections should migrate their changes into the
default 2.0 configuration.
10.2.2.1. UserDir Mapping
The UserDir directive is used to enable URLs such
as http://example.com/~bob/ to map to a
subdirectory within the home directory of the user
bob, such as
/home/bob/public_html. A side-effect of this
feature allows a potential attacker to determine whether a given
username is present on the system. For this reason, the default
configuration for Apache HTTP Server 2.0 disables this directive.
To enable UserDir mapping, change the
directive in httpd.conf from:
to the following:
For more on this topic, refer to the following documentation on the
Apache Software Foundation's website, http://httpd.apache.org/docs-2.0/mod/mod_userdir.html#userdir.
10.2.2.2. Logging
The following logging directives have been removed:
AgentLog
RefererLog
RefererIgnore
However, agent and referrer logs are still available using the
CustomLog and LogFormat
directives.
For more on this topic, refer to the following documentation on the
Apache Software Foundation's website:
10.2.2.3. Directory Indexing
The deprecated FancyIndexing directive has now
been removed. The same functionality is available through the
FancyIndexing option within
the IndexOptions directive.
The new VersionSort option to the
IndexOptions directive causes files containing
version numbers to be sorted in a more natural way. For example,
httpd-2.0.6.tar appears before
httpd-2.0.36.tar in a directory index page.
The defaults for the ReadmeName and
HeaderName directives have changed from
README and HEADER to
README.html and
HEADER.html.
For more on this topic, refer to the following documentation on the
Apache Software Foundation's website:
10.2.2.4. Content Negotiation
The CacheNegotiatedDocs directive now takes the
argument on or off. Existing
instances of CacheNegotiatedDocs should be
replaced with CacheNegotiatedDocs on.
For more on this topic, refer to the following documentation on the
Apache Software Foundation's website:
10.2.2.5. Error Documents
To use a hard-coded message with the
ErrorDocument directive, the message should be
enclosed in a pair of double quotation marks ["],
rather than just preceded by a double quotation mark as required in
Apache HTTP Server 1.3.
To migrate an ErrorDocument setting to Apache HTTP Server
2.0, use the following structure:
ErrorDocument 404 "The document was not found" |
Note the trailing double quote in the previous example
ErrorDocument directive.
For more on this topic, refer to the following documentation on the
Apache Software Foundation's website:
10.2.4. Modules and Apache HTTP Server 2.0
In Apache HTTP Server 2.0, the module system has been changed to allow modules to
be chained together or combined in new and interesting
ways. Common Gateway Interface
(CGI) scripts, for example, can generate
server-parsed HTML documents which can then be processed by
mod_include. This opens up a tremendous number of
possibilities with regards to how modules can be combined to achieve a
specific goal.
The way this works is that each request is served by exactly
one handler module followed by zero or more
filter modules.
Under Apache HTTP Server 1.3, for example, a PHP script would be handled in its
entirety by the PHP module. Under Apache HTTP Server 2.0, the request is initially
handled by the core module — which serves
static files — and is then filtered by the
PHP module.
Exactly how to use this, and all the other new features of Apache HTTP Server 2.0
for that matter, is beyond the scope of this document; however, the
change has ramifications if the PATH_INFO directive
is used for a document which is handled by a module that is now
implemented as a filter, as each contains trailing path information
after the true file name. The core module, which initially handles the
request, does not by default understand PATH_INFO
and will return 404 Not Found errors
for requests that contain such information. As an alternative, use the
AcceptPathInfo directive to coerce the core module
into accepting requests with PATH_INFO.
The following is an example of this directive:
For more on this topic, refer to the following documentation on the
Apache Software Foundation's website:
10.2.4.1. The mod_ssl Module
The configuration for mod_ssl has been moved
from httpd.conf into the file
/etc/httpd/conf.d/ssl.conf. For this file to be
loaded, and hence for mod_ssl to work, the
statement Include conf.d/*.conf must be in the
httpd.conf as described in Section 10.2.1.3 Dynamic Shared Object (DSO) Support.
ServerName directives in SSL virtual hosts must
explicitly specify the port number.
For example, the following is a sample Apache HTTP Server 1.3 directive:
<VirtualHost _default_:443>
# General setup for the virtual host
ServerName ssl.example.name
...
</VirtualHost> |
To migrate this setting to Apache HTTP Server 2.0, use the following
structure:
<VirtualHost _default_:443>
# General setup for the virtual host
ServerName ssl.host.name:443
...
</VirtualHost> |
For more on this topic, refer to the following documentation on the
Apache Software Foundation's website:
10.2.4.2. The mod_proxy Module
Proxy access control statements are now placed inside a
<Proxy> block rather than a
<Directory proxy:>.
The caching functionality of the old mod_proxy
has been split out into the following three modules:
mod_cache
mod_disk_cache
mod_file_cache
These generally use the same or similar directives as the older
versions of the mod_proxy module.
For more on this topic, refer to the following documentation on the
Apache Software Foundation's website:
10.2.4.3. The mod_include Module
The mod_include module is now implemented as a
filter and is therefore enabled differently. Refer to Section 10.2.4 Modules and Apache HTTP Server 2.0 for more about filters.
For example, the following is a sample Apache HTTP Server 1.3 directive:
AddType text/html .shtml
AddHandler server-parsed .shtml |
To migrate this setting to Apache HTTP Server 2.0, use the following
structure:
AddType text/html .shtml
AddOutputFilter INCLUDES .shtml |
Note that just as before, the Options +Includes
directive is still required for the
<Directory> container or in a
.htaccess file.
For more on this topic, refer to the following documentation on the
Apache Software Foundation's website:
10.2.4.4. The mod_auth_dbm and
mod_auth_db Modules
Apache HTTP Server 1.3 supported two authentication modules,
mod_auth_db and
mod_auth_dbm, which used Berkeley Databases and
DBM databases respectively. These modules have been combined into a
single module named mod_auth_dbm in Apache HTTP Server
2.0, which can access several different database formats. To migrate
from mod_auth_db, configuration files should be
adjusted by replacing AuthDBUserFile and
AuthDBGroupFile with the
mod_auth_dbm equivalents:
AuthDBMUserFile and
AuthDBMGroupFile. Also, the directive
AuthDBMType DB must be added to indicate the type
of database file in use.
The following example shows a sample
mod_auth_db configuration for Apache HTTP Server 1.3:
<Location /private/>
AuthType Basic
AuthName "My Private Files"
AuthDBUserFile /var/www/authdb
require valid-user
</Location> |
To migrate this setting to version 2.0 of Apache HTTP Server, use the following
structure:
<Location /private/>
AuthType Basic
AuthName "My Private Files"
AuthDBMUserFile /var/www/authdb
AuthDBMType DB
require valid-user
</Location> |
Note that the AuthDBMUserFile directive can also
be used in .htaccess files.
The dbmmanage Perl script, used to manipulate
user name and password databases, has been replaced by
htdbm in Apache HTTP Server 2.0. The
htdbm program offers equivalent functionality
and like mod_auth_dbm can operate a variety of
database formats; the -T option can be used on the
command line to specify the format to use.
Table 10-1 shows how to migrate from a DBM-format
database to htdbm format using
dbmmanage.
| Action | dbmmanage command (1.3) | Equivalent htdbm command (2.0) |
|---|
| Add user to database (using given password) | dbmmanage authdb add username password | htdbm -b -TDB authdb username password |
| Add user to database (prompts for password) | dbmmanage authdb adduser username | htdbm -TDB authdb username |
| Remove user from database | dbmmanage authdb delete username | htdbm -x -TDB authdb username |
| List users in database | dbmmanage authdb view | htdbm -l -TDB authdb |
| Verify a password | dbmmanage authdb check username | htdbm -v -TDB authdb username |
Table 10-1. Migrating from dbmmanage to htdbm
The -m and -s options work
with both dbmmanage and htdbm,
enabling the use of the MD5 or SHA1 algorithms for hashing
passwords, respectively.
When creating a new database with
htdbm, the -c option must be
used.
For more on this topic, refer to the following documentation on the
Apache Software Foundation's website:
10.2.4.5. The mod_perl Module
The configuration for mod_perl has been moved
from httpd.conf into the file
/etc/httpd/conf.d/perl.conf. For this file to
be loaded, and hence for mod_perlto work, the
statement Include conf.d/*.conf must be included
in the httpd.conf as described in Section 10.2.1.3 Dynamic Shared Object (DSO) Support.
Occurences of Apache:: in the
httpd.conf must be replaced with
ModPerl::. Additionally, the manner in which
handlers are registered has been changed.
This is a sample Apache HTTP Server 1.3 mod_perl
configuration:
<Directory /var/www/perl>
SetHandler perl-script
PerlHandler Apache::Registry
Options +ExecCGI
</Directory> |
This is the equivalent mod_perl for Apache HTTP Server 2.0:
<Directory /var/www/perl>
SetHandler perl-script
PerlModule ModPerl::Registry
PerlHandler ModPerl::Registry::handler
Options +ExecCGI
</Directory> |
Most modules for mod_perl 1.x should work
without modification with mod_perl 2.x. XS
modules require recompilation and may possibly require minor
Makefile modifications.
10.2.4.6. The mod_python Module
The configuration for mod_python has been
moved from httpd.conf into the file
/etc/httpd/conf.d/python.conf. For this file to
be loaded, and hence for mod_python to work,
the statement Include conf.d/*.conf must be in the
httpd.conf as described in Section 10.2.1.3 Dynamic Shared Object (DSO) Support.
10.2.4.7. PHP
The configuration for PHP has been moved from
httpd.conf into the file
/etc/httpd/conf.d/php.conf. For this file to be
loaded, the statement Include conf.d/*.conf must
be in the httpd.conf as described in Section 10.2.1.3 Dynamic Shared Object (DSO) Support.
The PHP is now implemented as a filter and must therefore be
enabled in a different manor. See Section 10.2.4 Modules and Apache HTTP Server 2.0 for more about filters.
Under Apache HTTP Server 1.3, PHP was implemented using the following
directives:
AddType application/x-httpd-php .php
AddType application/x-httpd-php-source .phps |
Under Apache HTTP Server 2.0, use the following directives instead:
<Files *.php>
SetOutputFilter PHP
SetInputFilter PHP
</Files> |
In PHP 4.2.0 and later the default set of predefined variables which
are available in the global scope has changed. Individual input and
server variables are, by default, no longer placed directly into the
global scope.
This change may cause scripts to break. Revert to
the old behavior by setting register_globals to
On in the file /etc/php.ini.
For more on this topic, refer to the following URL for details
concerning the global scope changes:
