iEFdev

Code, Computers & Random Junk

My Server Setup in OS X - Part 2: Apache

This continues part 1, talking about my server setup. It’s a bit “lengthy” and as I said previously - it’s not a tutorial or a HowTo …more of a conceptual overview. You might want/have to fill in the missing parts your self.


Before you start anything, make sure you have your PATH setup. For example, make sure /usr/local and the path to Apache is added in front.

Example - in your .bashrc/.bash_profile …or which one you use.

# Apache 2.4
_AP24="/usr/httpd/bin:/usr/httpd/sbin"

# export PATH.
export PATH="$_AP24:/usr/local/bin:/usr/local/sbin:$PATH"

And (re)source the file:

. ~/.bashrc

You’ll also need/want to install a few libraries/dependencies before installing anything (eg openssl, lua, pcre, zlib etc). So, read it first to see what you need.

Layout

As I mentioned before I use a custom layout. It’s simular to the one in Arch but not completely since it’s mainly located in /usr/httpd. The trick is to install the server and keep the layout with some sort of logic behind it, without interfering with the bundled one.

Anyway, here it is. If you use it - remove the 3rd column with comments (here in the first part) as it only is there to show the paths - where everything goes.

In the file config.layout, add:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
<Layout Srv24>
  prefix:             /etc/httpd                          # /etc/httpd
  exec_prefix:        /usr                                # /usr
  bindir:             ${exec_prefix}/httpd/bin            # /usr/httpd/bin
  sbindir:            ${exec_prefix}/httpd/sbin           # /usr/httpd/sbin
  libdir:             ${exec_prefix}/lib/httpd            # /usr/lib/httpd
  libexecdir:         ${libdir}/modules                   # /usr/lib/httpd/modules
  mandir:             ${exec_prefix}/httpd/share/man      # /usr/httpd/share/man
  sysconfdir:         ${prefix}/conf                      # /etc/httpd/conf
  datadir:            ${exec_prefix}/share/http.d         # /usr/share/http.d
  installbuilddir:    ${libdir}/build                     # /usr/lib/httpd/build
  errordir:           ${datadir}/error                    # /usr/share/http.d/errors
  iconsdir:           ${datadir}/icons                    # /usr/share/http.d/icons
  htdocsdir:          /srv/http                           # /srv/http
  manualdir:          ${datadir}/manual                   # /usr/share/http.d/manual
  cgidir:             ${htdocsdir}/cgi-bin                # /srv/http/cgi-bin
  includedir:         ${exec_prefix}/include/httpd        # /usr/include/httpd
  localstatedir:      /var                                # /var
  runtimedir:         ${localstatedir}/run/httpd          # /var/run/httpd
  logfiledir:         ${localstatedir}/log/httpd          # /var/log/httpd
  proxycachedir:      ${localstatedir}/cache/httpd        # /var/cache/httpd
</Layout>

The layout used for apr and apr-util:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
# In /apr/config.layout
# In /apr-util/config.layout

<Layout Srv24>
    prefix:             /etc/httpd
    exec_prefix:        /usr
    bindir:             ${exec_prefix}/httpd/bin
    sbindir:            ${exec_prefix}/httpd/sbin
    libdir:             ${exec_prefix}/lib/httpd
    libexecdir:         ${libdir}/modules
    mandir:             ${exec_prefix}/httpd/share/man
    sysconfdir:         ${prefix}/conf
    datadir:            /srv/http
    installbuilddir:    ${libdir}/build
    includedir:         ${exec_prefix}/include/httpd
    localstatedir:      /var
    runtimedir:         ${localstatedir}/run/httpd
</Layout>

apr and apr-util

First I tried to use them by putting them in the Apache folder and compile it as normal, but it didn’t follow my layout completly, so I installed apr and apr-util separately first.

Download and unpack apr-1.5.2 and apr-util-1.5.4, then:

mkdir apr-{1.5.2,util-1.5.4}_build
cd apr-1.5.2_build
../apr-1.5.2/configure --enable-layout=Srv24 --with-installbuilddir="/usr/lib/httpd/build-1"
make -j5
sudo make install

cd ../apr-util-1.5.4
./buildconf --with-apr=../apr-1.5.2

cd ../apr-util-1.5.4_build
../apr-util-1.5.4/configure --enable-layout=Srv24 --with-apr=/usr/httpd/bin/apr-1-config --with-expat=/usr --disable-util-dso --without-berkeley-db --with-ldap --with-crypto --with-openssl=/usr/local
make -j5
sudo make install

Configure

Here’s the configure I’m using. Like above, I use a build directory to compile it in. At the time the Apache version is 2.4.16.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
mkdir httpd-2.4.16_build && cd httpd-2.4.16_build
../httpd-2.4.16/configure --enable-layout=Srv24 \
--config-cache \
--with-apr=/usr/httpd/bin/apr-1-config \
--with-apr-util=/usr/httpd/bin/apu-1-config \
--enable-so \
--enable-mpms-shared=all \
--enable-modules=all \
--enable-mods-shared=all \
--enable-load-all-modules \
--with-mpm=event \
--with-pcre=/usr/local/bin/pcre-config \
--enable-actions \
--enable-auth-digest \
--enable-dav \
--enable-dav-lock \
--enable-deflate \
--enable-cache \
--enable-dialup \
--enable-disk-cache \
--enable-expires \
--enable-include \
--enable-info \
--enable-logio \
--enable-lua=/usr/local \
--enable-mem-cache \
--enable-proxy-balancer \
--enable-proxy \
--enable-proxy-http \
--enable-ratelimit \
--enable-rewrite \
--enable-speling \
--enable-userdir \
--enable-vhost-alias \
--enable-ldap \
--enable-authnz-ldap \
--enable-cache \
--enable-disk-cache \
--enable-mem-cache \
--enable-file-cache \
--enable-suexec \
--enable-ssl \
--with-ssl=/usr/local \
--with-z=/usr/local \
--with-suexec-caller=_www \
--with-suexec-docroot=/srv/http \
--with-suexec-userdir=public_html \
--with-suexec-logfile=/var/log/httpd/suexec.log \
--with-suexec-bin=/usr/httpd/sbin/suexec \
--with-suexec-uidmin=500 \
--with-suexec-gidmin=500

That configure is almost everything, so you might want/need to install any related libraries or dependencies based on that. Like Pcre, Lua, OpenSSL, Zlib. Eg. anything that goes into /urs/local.

Do that before anything…

Symlinks

We need to add a few symlinks to keep things in /etc/httpd.

cd /etc/httpd
sudo ln -s /usr/lib/httpd/build .
sudo ln -s /usr/lib/httpd/build/modules .
sudo ln -s /var/log/httpd logs
sudo ln -s /var/run/httpd run

sudo mkdir -pv /etc/httpd/conf/{other,sites-{available,enalbled},users}

About: sites-{available,enalbled}… I use that for all virtualhosts. I have a script I can create a new ”vhost” and make it active, but since I moved to php-fpm and fastcgi I haven’t updated that script to also include the “pool”. So, I’ll skip that one for now.

LaunchDaemon

To make Apache start, back up the original LaunchDaemon and add your own.

cd /System/Library/LaunchDaemons 
sudo cp org.apache.httpd.plist{,orig}

Edit /System/Library/LaunchDaemons/org.apache.httpd.plist into:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
  <key>Disabled</key>
  <true/>
  <key>Label</key>
  <string>org.apache.httpd</string>
  <key>OnDemand</key>
  <false/>
  <key>ProgramArguments</key>
  <array>
      <string>/usr/httpd/sbin/httpd</string>
      <string>-D</string>
      <string>FOREGROUND</string>
      <string>-D</string>
      <string>WEBSHARING_ON</string>
  </array>
  <key>SHAuthorizationRight</key>
  <string>system.preferences</string>
</dict>
</plist>

For OS X 10.8+, the last key/string might not be in use. So remove them.

Restart the service…

sudo launchctl unload -w /System/Library/LaunchDaemons/org.apache.httpd.plist
sudo launchctl load -w /System/Library/LaunchDaemons/org.apache.httpd.plist

apachectl

Here’s a modified version of apachectl. A simular file for PHP-FPM will be made/used later: fpmctl. There’s a post on it here.

File/location: /usr/httpd/sbin/apachectl

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
#!/bin/sh
#
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements.  See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License.  You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
#
# Apache control script designed to allow an easy command line interface
# to controlling Apache.  Written by Marc Slemko, 1997/08/23
# 
# The exit codes returned are:
#   XXX this doc is no longer correct now that the interesting
#   XXX functions are handled by httpd
# 0 - operation completed successfully
# 1 - 
# 2 - usage error
# 3 - httpd could not be started
# 4 - httpd could not be stopped
# 5 - httpd could not be started during a restart
# 6 - httpd could not be restarted during a restart
# 7 - httpd could not be restarted during a graceful restart
# 8 - configuration syntax error
#
# When multiple arguments are given, only the error from the _last_
# one is reported.  Run "apachectl help" for usage info
#
ACMD="$1"
ARGV="$@"
#
# |||||||||||||||||||| START CONFIGURATION SECTION  ||||||||||||||||||||
# --------------------                              --------------------
# 
# the path to your httpd binary, including options if necessary
HTTPD='/usr/httpd/sbin/httpd'
#
# pick up any necessary environment variables
if test -f /usr/httpd/sbin/envvars; then
  . /usr/httpd/sbin/envvars
fi
#
# a command that outputs a formatted text version of the HTML at the
# url given on the command line.  Designed for lynx, however other
# programs may work.  
LYNX="links -dump"
#
# the URL to your server's mod_status status page.  If you do not
# have one, then status and fullstatus will not work.
STATUSURL="http://localhost:80/server-status"
#
# Set this variable to a command that increases the maximum
# number of file descriptors allowed per child process. This is
# critical for configurations that use many file descriptors,
# such as mass vhosting, or a multithreaded server.
ULIMIT_MAX_FILES=""
# --------------------                              --------------------
# ||||||||||||||||||||   END CONFIGURATION SECTION  ||||||||||||||||||||

# Set the maximum number of file descriptors allowed per child process.
if [ "x$ULIMIT_MAX_FILES" != "x" ] ; then
    $ULIMIT_MAX_FILES
fi

ERROR=0
if [ "x$ARGV" = "x" ] ; then
    ARGV="-h"
fi

case $ACMD in
start|stop|restart|graceful|graceful-stop)
    $HTTPD -k $ARGV
    ERROR=$?
    ;;
startssl|sslstart|start-SSL)
    echo The startssl option is no longer supported.
    echo Please edit httpd.conf to include the SSL configuration settings
    echo and then use "apachectl start".
    ERROR=2
    ;;
configtest)
    $HTTPD -t
    ERROR=$?
    ;;
status)
    $LYNX $STATUSURL | awk ' /process$/ { print; exit } { print } '
    ;;
fullstatus)
    $LYNX $STATUSURL
    ;;
*)
    $HTTPD "$@"
    ERROR=$?
esac

exit $ERROR

If you don’t have “Links” installed, comment that one out.

#LYNX="links -dump"

Xtra modules

I have 2 xtra modules. mod_fastcgi and mod_geopip.

FastCGI

I use this one from ByteInternet. To install it:

cd libapache-mod-fastcgi-byte
patch --input=debian/patches/byte-compile-against-apache24.diff
cp Makefile.AP2 Makefile
make
sudo make install

To use FastCGI on Apache 2.4 it needs to be patched, as above. Another option is to use mod_fcgid, but I want this one.

GeoIP

To install GeoIP you must first have the C library. You can find it here or on Maxminds’s site.

Unpack it, cd into it and:

export GEOIP_ARCH='-arch x86_64'
./configure --disable-dependency-tracking
make
sudo make install

For the Apache module… I use the “GeoIP Legacy Apache Module”. You can download it from GitHub here.

Make sure apxs is in path.

$ which apxs    
/usr/httpd/bin/apxs

Then… cd to the folder and:

cd geoip-api-mod_geoip2-master
sudo apxs -i -a -L/usr/local/lib -I/usr/local/include -lGeoIP -c mod_geoip.c

Apache config file

Here is my config file, in full. Edit to match your needs…

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
#
# This is the main Apache HTTP server configuration file.  It contains the
# configuration directives that give the server its instructions.
# See <URL:http://httpd.apache.org/docs/2.4/> for detailed information.
# In particular, see 
# <URL:http://httpd.apache.org/docs/2.4/mod/directives.html>
# for a discussion of each configuration directive.
#
# Do NOT simply read the instructions in here without understanding
# what they do.  They're here only as hints or reminders.  If you are unsure
# consult the online docs. You have been warned.  
#
# Configuration and logfile names: If the filenames you specify for many
# of the server's control files begin with "/" (or "drive:/" for Win32), the
# server will use that explicit path.  If the filenames do *not* begin
# with "/", the value of ServerRoot is prepended -- so "logs/access_log"
# with ServerRoot set to "/usr/local/apache2" will be interpreted by the
# server as "/usr/local/apache2/logs/access_log", whereas "/logs/access_log" 
# will be interpreted as '/logs/access_log'.

#
# ServerRoot: The top of the directory tree under which the server's
# configuration, error, and log files are kept.
#
# Do not add a slash at the end of the directory path.  If you point
# ServerRoot at a non-local disk, be sure to specify a local disk on the
# Mutex directive, if file-based mutexes are used.  If you wish to share the
# same ServerRoot for multiple httpd daemons, you will need to change at
# least PidFile.
#
ServerRoot "/etc/httpd"
#PidFile /var/httpd/httpd.pid

#
# Mutex: Allows you to set the mutex mechanism and mutex file directory
# for individual mutexes, or change the global defaults
#
# Uncomment and change the directory if mutexes are file-based and the default
# mutex file directory is not on a local disk or is not appropriate for some
# other reason.
#
#Mutex default:/var/httpd

#
# Listen: Allows you to bind Apache to specific IP addresses and/or
# ports, instead of the default. See also the <VirtualHost>
# directive.
#
# Change this to Listen on specific IP addresses as shown below to 
# prevent Apache from glomming onto all bound IP addresses.
#
#Listen 12.34.56.78:80
#Listen 80

# Mainly php-5.6 (php-fpm)
# if not specified in vhost
Listen 0.0.0.0:80
Listen [::]:80

# php-5.4 (mod_php)
Listen 0.0.0.0:81
Listen [::]:81

# SSL
Listen 0.0.0.0:443
Listen [::]:443

#
# Dynamic Shared Object (DSO) Support
#
# To be able to use the functionality of a module which was built as a DSO you
# have to place corresponding `LoadModule' lines at this location so the
# directives contained in it are actually available _before_ they are used.
# Statically compiled modules (those listed by `httpd -l') do not need
# to be loaded here.
#
# Example:
# LoadModule foo_module modules/mod_foo.so
#
LoadModule authn_file_module          /usr/lib/httpd/modules/mod_authn_file.so
LoadModule authn_dbm_module               /usr/lib/httpd/modules/mod_authn_dbm.so
LoadModule authn_anon_module          /usr/lib/httpd/modules/mod_authn_anon.so
LoadModule authn_dbd_module               /usr/lib/httpd/modules/mod_authn_dbd.so
LoadModule authn_socache_module           /usr/lib/httpd/modules/mod_authn_socache.so
LoadModule authn_core_module          /usr/lib/httpd/modules/mod_authn_core.so
LoadModule authz_host_module          /usr/lib/httpd/modules/mod_authz_host.so
LoadModule authz_groupfile_module     /usr/lib/httpd/modules/mod_authz_groupfile.so
LoadModule authz_user_module          /usr/lib/httpd/modules/mod_authz_user.so
LoadModule authz_dbm_module               /usr/lib/httpd/modules/mod_authz_dbm.so
LoadModule authz_owner_module         /usr/lib/httpd/modules/mod_authz_owner.so
LoadModule authz_dbd_module               /usr/lib/httpd/modules/mod_authz_dbd.so
LoadModule authz_core_module          /usr/lib/httpd/modules/mod_authz_core.so
LoadModule authnz_ldap_module         /usr/lib/httpd/modules/mod_authnz_ldap.so
#LoadModule access_compat_module          /usr/lib/httpd/modules/mod_access_compat.so
LoadModule auth_basic_module          /usr/lib/httpd/modules/mod_auth_basic.so
LoadModule auth_form_module               /usr/lib/httpd/modules/mod_auth_form.so
LoadModule auth_digest_module         /usr/lib/httpd/modules/mod_auth_digest.so
LoadModule allowmethods_module            /usr/lib/httpd/modules/mod_allowmethods.so
LoadModule file_cache_module          /usr/lib/httpd/modules/mod_file_cache.so
LoadModule cache_module                   /usr/lib/httpd/modules/mod_cache.so
LoadModule cache_disk_module          /usr/lib/httpd/modules/mod_cache_disk.so
LoadModule cache_socache_module           /usr/lib/httpd/modules/mod_cache_socache.so
LoadModule socache_shmcb_module           /usr/lib/httpd/modules/mod_socache_shmcb.so
LoadModule socache_dbm_module         /usr/lib/httpd/modules/mod_socache_dbm.so
LoadModule socache_memcache_module        /usr/lib/httpd/modules/mod_socache_memcache.so
LoadModule watchdog_module                /usr/lib/httpd/modules/mod_watchdog.so
LoadModule macro_module                   /usr/lib/httpd/modules/mod_macro.so
LoadModule dbd_module                 /usr/lib/httpd/modules/mod_dbd.so
LoadModule dumpio_module              /usr/lib/httpd/modules/mod_dumpio.so
LoadModule echo_module                    /usr/lib/httpd/modules/mod_echo.so
LoadModule buffer_module              /usr/lib/httpd/modules/mod_buffer.so
LoadModule data_module                    /usr/lib/httpd/modules/mod_data.so
LoadModule ratelimit_module               /usr/lib/httpd/modules/mod_ratelimit.so
LoadModule reqtimeout_module          /usr/lib/httpd/modules/mod_reqtimeout.so
LoadModule ext_filter_module          /usr/lib/httpd/modules/mod_ext_filter.so
LoadModule request_module             /usr/lib/httpd/modules/mod_request.so
LoadModule include_module             /usr/lib/httpd/modules/mod_include.so
LoadModule filter_module              /usr/lib/httpd/modules/mod_filter.so
LoadModule reflector_module               /usr/lib/httpd/modules/mod_reflector.so
LoadModule substitute_module          /usr/lib/httpd/modules/mod_substitute.so
LoadModule sed_module                 /usr/lib/httpd/modules/mod_sed.so
LoadModule charset_lite_module            /usr/lib/httpd/modules/mod_charset_lite.so
LoadModule deflate_module             /usr/lib/httpd/modules/mod_deflate.so
LoadModule xml2enc_module             /usr/lib/httpd/modules/mod_xml2enc.so
LoadModule proxy_html_module          /usr/lib/httpd/modules/mod_proxy_html.so
LoadModule mime_module                    /usr/lib/httpd/modules/mod_mime.so
LoadModule ldap_module                    /usr/lib/httpd/modules/mod_ldap.so
LoadModule log_config_module          /usr/lib/httpd/modules/mod_log_config.so
LoadModule log_debug_module               /usr/lib/httpd/modules/mod_log_debug.so
LoadModule log_forensic_module            /usr/lib/httpd/modules/mod_log_forensic.so
LoadModule logio_module                   /usr/lib/httpd/modules/mod_logio.so
LoadModule lua_module                 /usr/lib/httpd/modules/mod_lua.so
LoadModule env_module                 /usr/lib/httpd/modules/mod_env.so
LoadModule mime_magic_module          /usr/lib/httpd/modules/mod_mime_magic.so
LoadModule expires_module             /usr/lib/httpd/modules/mod_expires.so
LoadModule headers_module             /usr/lib/httpd/modules/mod_headers.so
LoadModule usertrack_module               /usr/lib/httpd/modules/mod_usertrack.so
#LoadModule unique_id_module          /usr/lib/httpd/modules/mod_unique_id.so
LoadModule setenvif_module                /usr/lib/httpd/modules/mod_setenvif.so
LoadModule version_module             /usr/lib/httpd/modules/mod_version.so
LoadModule remoteip_module                /usr/lib/httpd/modules/mod_remoteip.so
#LoadModule proxy_module              /usr/lib/httpd/modules/mod_proxy.so
#LoadModule proxy_connect_module      /usr/lib/httpd/modules/mod_proxy_connect.so
#LoadModule proxy_ftp_module          /usr/lib/httpd/modules/mod_proxy_ftp.so
#LoadModule proxy_http_module         /usr/lib/httpd/modules/mod_proxy_http.so
#LoadModule proxy_fcgi_module         /usr/lib/httpd/modules/mod_proxy_fcgi.so
#LoadModule proxy_scgi_module         /usr/lib/httpd/modules/mod_proxy_scgi.so
#LoadModule proxy_fdpass_module           /usr/lib/httpd/modules/mod_proxy_fdpass.so
#LoadModule proxy_wstunnel_module     /usr/lib/httpd/modules/mod_proxy_wstunnel.so
#LoadModule proxy_ajp_module          /usr/lib/httpd/modules/mod_proxy_ajp.so
#LoadModule proxy_balancer_module     /usr/lib/httpd/modules/mod_proxy_balancer.so
#LoadModule proxy_express_module      /usr/lib/httpd/modules/mod_proxy_express.so
LoadModule session_module             /usr/lib/httpd/modules/mod_session.so
LoadModule session_cookie_module      /usr/lib/httpd/modules/mod_session_cookie.so
LoadModule session_crypto_module      /usr/lib/httpd/modules/mod_session_crypto.so
LoadModule session_dbd_module         /usr/lib/httpd/modules/mod_session_dbd.so
LoadModule slotmem_shm_module         /usr/lib/httpd/modules/mod_slotmem_shm.so
LoadModule slotmem_plain_module           /usr/lib/httpd/modules/mod_slotmem_plain.so
LoadModule ssl_module                 /usr/lib/httpd/modules/mod_ssl.so
LoadModule dialup_module              /usr/lib/httpd/modules/mod_dialup.so
LoadModule lbmethod_byrequests_module /usr/lib/httpd/modules/mod_lbmethod_byrequests.so
LoadModule lbmethod_bytraffic_module  /usr/lib/httpd/modules/mod_lbmethod_bytraffic.so
LoadModule lbmethod_bybusyness_module /usr/lib/httpd/modules/mod_lbmethod_bybusyness.so
LoadModule lbmethod_heartbeat_module  /usr/lib/httpd/modules/mod_lbmethod_heartbeat.so
#LoadModule mpm_prefork_module            /usr/lib/httpd/modules/mod_mpm_prefork.so
#LoadModule mpm_worker_module         /usr/lib/httpd/modules/mod_mpm_worker.so
LoadModule mpm_event_module               /usr/lib/httpd/modules/mod_mpm_event.so
LoadModule unixd_module                   /usr/lib/httpd/modules/mod_unixd.so
LoadModule heartbeat_module               /usr/lib/httpd/modules/mod_heartbeat.so
LoadModule heartmonitor_module            /usr/lib/httpd/modules/mod_heartmonitor.so
LoadModule dav_module                 /usr/lib/httpd/modules/mod_dav.so
LoadModule status_module              /usr/lib/httpd/modules/mod_status.so
LoadModule autoindex_module               /usr/lib/httpd/modules/mod_autoindex.so
LoadModule asis_module                    /usr/lib/httpd/modules/mod_asis.so
LoadModule info_module                    /usr/lib/httpd/modules/mod_info.so
#LoadModule suexec_module             /usr/lib/httpd/modules/mod_suexec.so
LoadModule cgid_module                    /usr/lib/httpd/modules/mod_cgid.so
LoadModule dav_fs_module              /usr/lib/httpd/modules/mod_dav_fs.so
LoadModule dav_lock_module                /usr/lib/httpd/modules/mod_dav_lock.so
LoadModule vhost_alias_module         /usr/lib/httpd/modules/mod_vhost_alias.so
LoadModule negotiation_module         /usr/lib/httpd/modules/mod_negotiation.so
LoadModule dir_module                 /usr/lib/httpd/modules/mod_dir.so
LoadModule actions_module             /usr/lib/httpd/modules/mod_actions.so
LoadModule speling_module             /usr/lib/httpd/modules/mod_speling.so
LoadModule userdir_module             /usr/lib/httpd/modules/mod_userdir.so
LoadModule alias_module                   /usr/lib/httpd/modules/mod_alias.so
LoadModule rewrite_module             /usr/lib/httpd/modules/mod_rewrite.so

# PHP module
LoadModule php5_module        /usr/lib/httpd/modules/libphp5.so

# GeoIP
LoadModule geoip_module                   /usr/lib/httpd/modules/mod_geoip.so

# FastCGI (mod_fastcgi)
LoadModule fastcgi_module             /usr/lib/httpd/modules/mod_fastcgi.so

# Turn off SuExec and FastCgiWrapper
Suexec Off
FastCgiWrapper Off

<IfModule unixd_module>
#
# If you wish httpd to run as a different user or group, you must run
# httpd as root initially and it will switch.  
#
# User/Group: The name (or #number) of the user/group to run httpd as.
# It is usually good practice to create a dedicated user and group for
# running httpd, as with most system services.
#
# OS X: _www
#
User _www
Group _www

</IfModule>

# 'Main' server configuration
#
# The directives in this section set up the values used by the 'main'
# server, which responds to any requests that aren't handled by a
# <VirtualHost> definition.  These values also provide defaults for
# any <VirtualHost> containers you may define later in the file.
#
# All of these directives may appear inside <VirtualHost> containers,
# in which case these default settings will be overridden for the
# virtual host being defined.
#

#
# ServerAdmin: Your address, where problems with the server should be
# e-mailed.  This address appears on some server-generated pages, such
# as error documents.  e.g. admin@your-domain.com
#
ServerAdmin admin@myhostname

#
# ServerName gives the name and port that the server uses to identify itself.
# This can often be determined automatically, but we recommend you specify
# it explicitly to prevent problems during startup.
#
# If your host doesn't have a registered DNS name, enter its IP address here.
#
#ServerName www.example.com:80
ServerName localhost

#
# Deny access to the entirety of your server's filesystem. You must
# explicitly permit access to web content directories in other 
# <Directory> blocks below.
#
<Directory />
    AllowOverride none
    Require all denied

  #.svn & .git directories must be avoided!!
  RedirectMatch 404 /\.svn(/|$)
  RedirectMatch 404 /\.git(/|$)
</Directory>

#
# Note that from this point forward you must specifically allow
# particular features to be enabled - so if something's not working as
# you might expect, make sure that you have specifically enabled it
# below.
#

#
# DocumentRoot: The directory out of which you will serve your
# documents. By default, all requests are taken from this directory, but
# symbolic links and aliases may be used to point to other locations.
#
DocumentRoot "/srv/http/public_html"
<Directory "/srv/http/public_html">
    #
    # Possible values for the Options directive are "None", "All",
    # or any combination of:
    #   Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
    #
    # Note that "MultiViews" must be named *explicitly* --- "Options All"
    # doesn't give it to you.
    #
    # The Options directive is both complicated and important.  Please see
    # http://httpd.apache.org/docs/2.4/mod/core.html#options
    # for more information.
    #
    Options -Indexes -FollowSymLinks +SymLinksifOwnerMatch

    #
    # AllowOverride controls what directives may be placed in .htaccess files.
    # It can be "All", "None", or any combination of the keywords:
    #   AllowOverride FileInfo AuthConfig Limit
    #
    #AllowOverride None

    # For php-fpm (http://aikar.co/2014/08/29/apache-2-4-php-5-5-php-fpm-mod_rewrite/)
    AllowOverride FileInfo

    #
    # Controls who can get stuff from this server.
    #
    Require host localhost

  #.svn & .git directories must be avoided!!
  RedirectMatch 404 /\.svn(/|$)
  RedirectMatch 404 /\.git(/|$)
</Directory>

#
# DirectoryIndex: sets the file that Apache will serve if a directory
# is requested.
#
<IfModule dir_module>
    DirectoryIndex index.php index.html
</IfModule>

#
# The following lines prevent .htaccess and .htpasswd files from being 
# viewed by Web clients. 
#
#<Files ".ht*">
#    Require all denied
#</Files>

### OS X way ... ###

#
# The following lines prevent .htaccess and .htpasswd files from being
# viewed by Web clients.
#
<FilesMatch "^\.([Hh][Tt]|[Dd][Ss]_[Ss])">
  Require all denied
</FilesMatch>

#
# Apple specific filesystem protection.
#
<Files "rsrc">
  Require all denied
</Files>
<DirectoryMatch ".*\.\.namedfork">
  Require all denied
</DirectoryMatch>

### [end] OS X way ###


#
# ErrorLog: The location of the error log file.
# If you do not specify an ErrorLog directive within a <VirtualHost>
# container, error messages relating to that virtual host will be
# logged here.  If you *do* define an error logfile for a <VirtualHost>
# container, that host's errors will be logged there and not here.
#
ErrorLog "/var/log/httpd/error_log"

#
# LogLevel: Control the number of messages logged to the error_log.
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
#
LogLevel warn

<IfModule log_config_module>
    #
    # The following directives define some format nicknames for use with
    # a CustomLog directive (see below).
    #
    LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
    LogFormat "%h %l %u %t \"%r\" %>s %b" common

    <IfModule logio_module>
      # You need to enable mod_logio.c to use %I and %O
      LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
    </IfModule>

    #
    # The location and format of the access logfile (Common Logfile Format).
    # If you do not define any access logfiles within a <VirtualHost>
    # container, they will be logged here.  Contrariwise, if you *do*
    # define per-<VirtualHost> access logfiles, transactions will be
    # logged therein and *not* in this file.
    #
    CustomLog "/var/log/httpd/access_log" combined

    #
    # If you prefer a logfile with access, agent, and referer information
    # (Combined Logfile Format) you can use the following directive.
    #
    #CustomLog "/var/log/httpd/access_log" combined
</IfModule>

<IfModule alias_module>
    #
    # Redirect: Allows you to tell clients about documents that used to 
    # exist in your server's namespace, but do not anymore. The client 
    # will make a new request for the document at its new location.
    # Example:
    # Redirect permanent /foo http://www.example.com/bar

    #
    # Alias: Maps web paths into filesystem paths and is used to
    # access content that does not live under the DocumentRoot.
    # Example:
    # Alias /webpath /full/filesystem/path
    #
    # If you include a trailing / on /webpath then the server will
    # require it to be present in the URL.  You will also likely
    # need to provide a <Directory> section to allow access to
    # the filesystem path.

    #
    # ScriptAlias: This controls which directories contain server scripts. 
    # ScriptAliases are essentially the same as Aliases, except that
    # documents in the target directory are treated as applications and
    # run by the server when requested rather than as documents sent to the
    # client.  The same rules about trailing "/" apply to ScriptAlias
    # directives as to Alias.
    #
    ScriptAlias /cgi-bin/ "/srv/http/cgi-bin/"

</IfModule>

<IfModule cgid_module>
    #
    # ScriptSock: On threaded servers, designate the path to the UNIX
    # socket used to communicate with the CGI daemon of mod_cgid.
    #
    #Scriptsock cgisock
    #Scriptsock /private/var/run/cgisock # (osx)
</IfModule>

#
# "/srv/http/cgi-bin" should be changed to whatever your ScriptAliased
# CGI directory exists, if you have that configured.
#
<Directory "/srv/http/cgi-bin">
  AllowOverride None
  Options None
  #Require all granted
  Require host localhost
  Require ip ::1
</Directory>

<IfModule mime_module>
    #
    # TypesConfig points to the file containing the list of mappings from
    # filename extension to MIME-type.
    #
    TypesConfig conf/mime.types

    #
    # AddType allows you to add to or override the MIME configuration
    # file specified in TypesConfig for specific file types.
    #
    AddType application/x-gzip .tgz
    #
    # AddEncoding allows you to have certain browsers uncompress
    # information on the fly. Note: Not all browsers support this.
    #
    AddEncoding x-compress .Z
    AddEncoding x-gzip .gz .tgz
    #
    # If the AddEncoding directives above are commented-out, then you
    # probably should define those extensions to indicate media types:
    #
    AddType application/x-compress .Z
    AddType application/x-gzip .gz .tgz

    #
    # AddHandler allows you to map certain file extensions to "handlers":
    # actions unrelated to filetype. These can be either built into the server
    # or added with the Action directive (see below)
    #
    # To use CGI scripts outside of ScriptAliased directories:
    # (You will also need to add "ExecCGI" to the "Options" directive.)
    #
    AddHandler cgi-script .cgi

    # For type maps (negotiated resources):
    #AddHandler type-map var

    #
    # Filters allow you to process content before it is sent to the client.
    #
    # To parse .shtml files for server-side includes (SSI):
    # (You will also need to add "Includes" to the "Options" directive.)
    #
    #AddType text/html .shtml
    #AddOutputFilter INCLUDES .shtml
</IfModule>

#
# The mod_mime_magic module allows the server to use various hints from the
# contents of the file itself to determine its type.  The MIMEMagicFile
# directive tells the module where the hint definitions are located.
#
#MIMEMagicFile conf/magic

#
# Customizable error responses come in three flavors:
# 1) plain text 2) local redirects 3) external redirects
#
# Some examples:
#ErrorDocument 500 "The server made a boo boo."
#ErrorDocument 404 /missing.html
#ErrorDocument 404 "/cgi-bin/missing_handler.pl"
#ErrorDocument 402 http://www.example.com/subscription_info.html
#

ErrorDocument 500  '<h3><span style="color: #c00;">500</span> Internal Server Error</h3>'
ErrorDocument 405  '<h3><span style="color: #c00;">405</span> Method Not Allowed</h3>'
ErrorDocument 404  '<h3><span style="color: #c00;">404</span> Not Found</h3>'
ErrorDocument 403  '<h3><span style="color: #c00;">403</span> Forbidden</h3>'
ErrorDocument 401  '<h3><span style="color: #c00;">401</span> Authorization Required</h3>'
#
# MaxRanges: Maximum number of Ranges in a request before
# returning the entire resource, or one of the special
# values 'default', 'none' or 'unlimited'.
# Default setting is to accept 200 Ranges.
#MaxRanges unlimited

#
# EnableMMAP and EnableSendfile: On systems that support it, 
# memory-mapping or the sendfile syscall may be used to deliver
# files.  This usually improves server performance, but must
# be turned off when serving from networked-mounted 
# filesystems or if support for these functions is otherwise
# broken on your system.
# Defaults: EnableMMAP On, EnableSendfile Off
#
#EnableMMAP off
#EnableSendfile on

# PHP54
# ======================================================
# Since we use 2 versions of php (5.{4,6}) We load this
# file withing the virtualhost 
#
<IfModule php5_module>
  #Include conf/other/php5.conf
</IfModule>

# Supplemental configuration
#
# The configuration files in the conf/extra/ directory can be 
# included to add extra features or to modify the default configuration of 
# the server, or you may simply copy their contents here and change as 
# necessary.

# Server-pool management (MPM specific)
Include conf/extra/httpd-mpm.conf

# Multi-language error messages
#Include conf/extra/httpd-multilang-errordoc.conf

# Fancy directory listings
Include conf/extra/httpd-autoindex.conf

# Language settings
#Include conf/extra/httpd-languages.conf

# User home directories
Include conf/extra/httpd-userdir.conf

# Real-time info on requests and configuration
Include conf/extra/httpd-info.conf

# Local access to the Apache HTTP Server Manual
Include conf/extra/httpd-manual.conf

# Various default settings
Include conf/extra/httpd-default.conf

# Secure (SSL/TLS) connections
Include conf/extra/httpd-ssl.conf
#
# Note: The following must must be present to support
#       starting without SSL on platforms with no /dev/random equivalent
#       but a statically compiled-in mod_ssl.
#
<IfModule ssl_module>
  SSLRandomSeed startup builtin
  SSLRandomSeed connect builtin
</IfModule>

# Include Macros
Include conf/other/httpd-macros.conf

# Virtual hosts
Include conf/extra/httpd-vhosts.conf

# Enabled vHosts...
IncludeOptional conf/sites-enabled/*.conf

# Virtual host for Sites/Users
IncludeOptional conf/users/*.conf

# Undefine Macros
UndefMacro NoExt
UndefMacro FastPHP
UndefMacro ModPHP
UndefMacro AddFastExt
UndefMacro AddPhpExt
UndefMacro to443


# Distributed authoring and versioning (WebDAV)
Include conf/extra/httpd-dav.conf

# Configure mod_proxy_html to understand HTML4/XHTML1
<IfModule proxy_html_module>
  Include conf/extra/proxy-html.conf
</IfModule>

#
# uncomment out the below to deal with user agents that deliberately
# violate open standards by misusing DNT (DNT *must* be a specific
# end-user choice)
#
<IfModule setenvif_module>
  BrowserMatch "MSIE 10.0;" bad_DNT
</IfModule>
<IfModule headers_module>
  RequestHeader unset DNT env=bad_DNT
</IfModule>

# Include Adminer
Include conf/extra/httpd-adminer.conf

# Test :: Redirect one country
#RewriteEngine on
#RewriteCond %{ENV:GEOIP_COUNTRY_CODE} ^SE$
#RewriteRule ^(.*)$ http://ief.dev$1 [R,L]

Misc files

Some of the file linked in fron httpd.conf

/etc/httpd/conf/other/php5.conf:

1
2
3
4
5
6
7
8
# PHP module (5.4)
<IfModule php5_module>
  AddType application/x-httpd-php .php
  AddType application/x-httpd-php-source .phps
  <IfModule dir_module>
      DirectoryIndex index.php index.html
  </IfModule>
</IfModule>

I use a few Macros. It’s a great new function in Apache 2.4. Here’s the file /etc/httpd/conf/other/httpd-macros.conf:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
#
# Macros - for use in vHosts
#

# === PHP56 :: FPM/FastCGI =====================================
# === pool: [$sockname] (eg [foobar.dev])
<Macro FastPHP $sockname>
  <IfModule fastcgi_module>
      AddType application/x-httpd-php56 .php
      Action application/x-httpd-php56 /.php-fpm

      <IfModule alias_module>
          Alias /.php-fpm /srv/http/.php56-fpm/$sockname
      </IfModule>
      FastCGIExternalServer /srv/http/.php56-fpm/$sockname -socket /var/php56/fpm.d/$sockname.sock
      #  -pass-header Authorization -idle-timeout 3600

      # Sock folder
      <LocationMatch "^\/?\.php\-fpm">
          Require all denied
          Require env REDIRECT_STATUS
      </LocationMatch>
      <Directory /srv/http/.php56-fpm>
          #Options -Indexes -FollowSymLinks +SymLinksIfOwnerMatch
          #SetHandler fastcgi-script
          Require all denied
          Require env REDIRECT_STATUS
          <Files "$sockname">
              Require all denied
          </Files>
      </Directory>
  </IfModule>
</Macro>

# Example:
#Use FastPHP foobar.dev
#UndefMacro FastPHP

# === PHP54 :: mod_php =====================================
<Macro ModPHP>
  Include conf/other/php5.conf
</Macro>

# Example:
#Use ModPHP
#UndefMacro ModPHP

#
# === [End] PHP Versions ===================================
#

<Macro AddFastExt $ext>
  AddType application/x-httpd-php56 $ext
</Macro>
#Use AddFastExt php
#UndefMacro AddFastExt

<Macro AddPhpExt $ext>
  AddType application/x-httpd-php $ext
</Macro>
#Use AddPhpExt php
#UndefMacro AddPhpExt


# Remove extension
<Macro NoExt $ext>
  RewriteEngine On
  RewriteBase /
  RewriteCond %{REQUEST_FILENAME} !-f
  RewriteCond %{REQUEST_FILENAME} !-d
  RewriteCond %{REQUEST_FILENAME}.$ext -f
  RewriteRule ^(.+)$ /$1.$ext [L,QSA]
</Macro>

# Example:
#Use NoExt php
#UndefMacro NoExt

# Redirect to 443
<Macro to443 $domain>
  <VirtualHost *:80>
      ServerName $domain
      ServerAlias www.$domain
      Redirect / https://%{HTTP_HOST}/
  </VirtualHost>
</Macro>

# Example:
#Use to443 foobar.dev
#UndefMacro to443

The settings for mpm_event_module in /etc/httpd/conf/extra/httpd-mpm.conf:

1
2
3
4
5
6
7
8
9
<IfModule mpm_event_module>
  StartServers           4
  MinSpareThreads       25
  MaxSpareThreads      150
  ThreadLimit           25
  ThreadsPerChild       10
  MaxRequestWorkers    150
  MaxRequestsPerChild    0
</IfModule>

The file for /etc/httpd/conf/extra/httpd-info.conf:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
#
# Get information about the requests being processed by the server
# and the configuration of the server.
#
# Required modules: mod_authz_core, mod_authz_host,
#                   mod_info (for the server-info handler),
#                   mod_status (for the server-status handler)

#
# Allow server status reports generated by mod_status,
# with the URL of http://servername/server-status
# Change the ".example.com" to match your domain to enable.

<Location "/ap24/status">
  SetHandler server-status
  Require host localhost
  Require ip 127
  Require ip ::1
</Location>

#
# ExtendedStatus controls whether Apache will generate "full" status
# information (ExtendedStatus On) or just basic information (ExtendedStatus
# Off) when the "server-status" handler is called. The default is Off.
#
#ExtendedStatus On

#
# Allow remote server configuration reports, with the URL of
#  http://servername/server-info (requires that mod_info.c be loaded).
# Change the ".example.com" to match your domain to enable.
#
<Location "/ap24/info">
  SetHandler server-info
  Require host localhost
  Require ip 127
  Require ip ::1
</Location>

#
# === PHP-FPM :: FastCGI ===================================
# 
<IfModule fastcgi_module>
  <LocationMatch "/p56/(ping|status)">
      SetHandler php5-fcgi-virt
      Action php5-fcgi-virt /.php-fpm virtual
      Require host localhost
      Require ip 127
      Require ip ::1
  </LocationMatch>

  <IfModule alias_module>
      Alias /p56/ "/usr/local/php56/php/fpm/status.html"
      <LocationMatch "/p56/">
          Require host localhost
          Require ip 127
          Require ip ::1
      </LocationMatch>
  </IfModule>
</IfModule>

It’s a little bit different from the original, but to get some sort of matching pattern for all parts. This also includes the FPM status/ping page. You get the picture…

GeopIP. /etc/httpd/conf/extra/httpd-mpm.conf:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
#
# GeoIP Settings
# 
# Online Docs: https://github.com/maxmind/geoip-api-mod_geoip2
# http://dev.maxmind.com/geoip/legacy/geolite/
#
<IfModule mod_geoip.c>
  GeoIPEnable On

  # Duh...
  GeoIPEnableUTF8 On

  # File and Caching Directives
  #GeoIPDBFile /usr/local/share/GeoIP/GeoIP.dat MemoryCache
  #GeoIPDBFile /usr/local/share/GeoIP/GeoIPOrg.dat Standard
  GeoIPDBFile /usr/local/share/GeoIP/GeoIP.dat Standard

  # To turn on memory caching use:
  #GeoIPDBFile /usr/local/share/GeoIP/GeoIP.dat MemoryCache

  # Another MemoryCache option is MMapCache, which uses the the `mmap`
  # system call to map the database file into memory.

  # If you would like the API to check to see if your local GeoIP Legacy files
  # have been updated, set the `CheckCache` flag:
  #GeoIPDBFile /usr/local/share/GeoIP/GeoIP.dat CheckCache

  # If you would like to turn on partial memory caching
  #GeoIPDBFile /usr/local/share/GeoIP/GeoIP.dat IndexCache


  # Output Variable Location
  #GeoIPOutput Notes      # Sets the Apache notes table only
  GeoIPOutput Env         # Sets environment variables only
  #GeoIPOutput Request    # Sets input headers with the geo location information
  #GeoIPOutput All        # Sets all three (default behaviour)


  # Proxy-Related Directives

  # You can use the `GeoIPScanProxyHeaders` directive to look at proxy-
  # related headers.
  #GeoIPScanProxyHeaders On

  # In this case, the default behavior is to use the first IP address.
  # Use the last address instead:
  #GeoIPUseLastXForwardedForIP On

  # Use the first non private IP Address.
  #GeoIPUseFirstNonPrivateXForwardedForIP On


  # Apache 2.4 users using mod_remoteip to pick the IP address of the user should
  # disable GeoIPScanProxyHeaders. Mod_geoip2 will use whatever mod_remoteip
  # provides.
  #GeoIPScanProxyHeaderField FieldName
</IfModule>

To update the GeopIP database you can look at this post.

Defaults: /etc/httpd/conf/extra/httpd-default.conf.

There’s a file with a few defaults to set. I have mine like this:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
#
# This configuration file reflects default settings for Apache HTTP Server.
#
# You may change these, but chances are that you may not need to.
#

### Sec-tips: http://localhost/manual/misc/security_tips.html

#
# Timeout: The number of seconds before receives and sends time out.
#
#Timeout 60
Timeout 10

#
# KeepAlive: Whether or not to allow persistent connections (more than
# one request per connection). Set to "Off" to deactivate.
#
KeepAlive On

#
# MaxKeepAliveRequests: The maximum number of requests to allow
# during a persistent connection. Set to 0 to allow an unlimited amount.
# We recommend you leave this number high, for maximum performance.
#
#MaxKeepAliveRequests 100
MaxKeepAliveRequests 50

#
# KeepAliveTimeout: Number of seconds to wait for the next request from the
# same client on the same connection.
#
#KeepAliveTimeout 5
KeepAliveTimeout 3

#
# UseCanonicalName: Determines how Apache constructs self-referencing 
# URLs and the SERVER_NAME and SERVER_PORT variables.
# When set "Off", Apache will use the Hostname and Port supplied
# by the client.  When set "On", Apache will use the value of the
# ServerName directive.
#
UseCanonicalName Off

#
# AccessFileName: The name of the file to look for in each directory
# for additional configuration directives.  See also the AllowOverride 
# directive.
#
AccessFileName .htaccess

#
# ServerTokens
# This directive configures what you return as the Server HTTP response
# Header. The default is 'Full' which sends information about the OS-Type
# and compiled in modules.
# Set to one of:  Full | OS | Minor | Minimal | Major | Prod
# where Full conveys the most information, and Prod the least.
#
ServerTokens Prod

#
# Optionally add a line containing the server version and virtual host
# name to server-generated pages (internal error documents, FTP directory 
# listings, mod_status and mod_info output etc., but not CGI generated 
# documents or custom error documents).
# Set to "EMail" to also include a mailto: link to the ServerAdmin.
# Set to one of:  On | Off | EMail
#
ServerSignature Off

#
# HostnameLookups: Log the names of clients or just their IP addresses
# e.g., www.apache.org (on) or 204.62.129.132 (off).
# The default is off because it'd be overall better for the net if people
# had to knowingly turn this feature on, since enabling it means that
# each client request will result in AT LEAST one lookup request to the
# nameserver.
#
HostnameLookups Off

#
# Set a timeout for how long the client may take to send the request header
# and body.
# The default for the headers is header=20-40,MinRate=500, which means wait
# for the first byte of headers for 20 seconds. If some data arrives,
# increase the timeout corresponding to a data rate of 500 bytes/s, but not
# above 40 seconds.
# The default for the request body is body=20,MinRate=500, which is the same
# but has no upper limit for the timeout.
# To disable, set to header=0 body=0
#
<IfModule reqtimeout_module>
  RequestReadTimeout header=20-40,MinRate=500 body=20,MinRate=500
</IfModule>



# Xtra settings
# ======================================================
# May be from OS X conf-files, or added manually.
# Let's be nice and not too much PITA.
#

# Utf-8. Of course...
AddDefaultCharset On
AddDefaultCharset utf-8

# Was set in OS X (2.2.29)
TraceEnable Off

# Be nice to css files. Adding utf-8 is great fo
# css comments with åäö
AddType 'text/css; charset=UTF-8' .css

# .htc files
AddType 'text/x-component' .htc

# Compress a few files, please
<FilesMatch "\.(html|js|css|jpe?g|gif|png|tiff|ico)$">
  SetOutputFilter DEFLATE
</FilesMatch>

httpd-userdir.conf… The content is just:

1
2
3
4
5
6
7
8
UserDir disabled root
UserDir Sites

<Directory "/Users/*/Sites">
  AllowOverride FileInfo AuthConfig Limit Indexes
  Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
  Require method GET POST OPTIONS
</Directory>

VirtualHost

There are a few default VirtualHosts in httpd-vhosts.conf. These are not the vhost’s I use for prohjects/sites. But the default site, and another one to the default OS X folder and a fallback. I use the fallback for mismatching names etc och when something goes wrong.

The file isn’t using “macros” in all placess - some edits are manually set here.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
#
# Virtual Hosts :: Main file.
# Default Site + Fallback
#

#===============================================
# DocumentRoot /srv/http/public_default
#===============================================
# No php just a static html page as a fallback
#

<VirtualHost *:80 *:81 *:443>
  ServerName foobar.dev
  DocumentRoot /srv/http/xfallback

  ErrorLog /srv/http/logs/xfallback-error_log
  CustomLog /srv/http/logs/xfallback-access_log combined

  <Directory "/srv/http/xfallback">
      Options -Indexes -FollowSymLinks +SymLinksIfOwnerMatch
      Require host localhost
      Require ip ::1
      #Require all granted

  </Directory>
</VirtualHost>


#===============================================
# DocumentRoot /srv/http/public_html
#===============================================
<VirtualHost *:80>
  Define vhost_srv myhostname

  ServerName ${vhost_srv}
  ServerAlias www.${vhost_srv} localhost public
  ServerAdmin admin@${vhost_srv}

  DocumentRoot /srv/http/public_html

  <IfModule alias_module>
      #Alias /pma /srv/www/_phpMyAdmin/public_html
      ScriptAlias /cgi-bin/ "/srv/www/${vhost_srv}/cgi-bin/"
  </IfModule>

  <Directory "/srv/http/public_html">
      Options -Indexes -FollowSymLinks +SymLinksIfOwnerMatch
      Require host localhost
      Require ip ::1
      #Require all granted

      Use AddFastExt srv

      Use NoExt srv
      Use NoExt php
  </Directory>

  # Choose PHP Version
  # ==================
  Use FastPHP 00-default
  #Use ModPHP
</VirtualHost>



#=== [xtra] ====================================
# OS X default: /Library/WebServer/Documents
#===============================================

<VirtualHost *:80>
  Define vhost_srv default.osx

  ServerName ${vhost_srv}
  ServerAlias www.${vhost_srv}
  ServerAdmin admin@${vhost_srv}

  ErrorLog /Library/WebServer/Logs/error_log
  CustomLog /Library/WebServer/Logs/access_log combined

  DocumentRoot /Library/WebServer/Documents

  <Directory "/Library/WebServer/Documents">
      Options -Indexes -FollowSymLinks +SymLinksIfOwnerMatch
      Require host localhost
      Require ip ::1

      Use NoExt php
  </Directory>

  # Choose PHP Version
  # ==================
  #Use FastPHP ${vhost_srv}
  Use ModPHP
</VirtualHost>

Adminer

In case you noticed in the end of httpd.conf, I use Adminer. Here the file for that.

/etc/httpd/conf/extra/httpd-adminer.conf:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
#
# httpd-adminer.conf
#
# Required modules: mod_alias
#
# Adminer is a simple tool for database management.
# It's possible to manage MySQL, PostgreSQL, Sqlite3, MS SQL and Oracle.
# It's a simpler alternative to PhpMyAdmin. You can find more pieces
# of information about this project at official page or Wikipedia.
#
# - http://www.adminer.org/en/
# - http://en.wikipedia.org/wiki/Adminer
#
# In case there is an (403) error, comment the line with “php_admin_value”
#
<IfModule alias_module>
  Alias /adminer "/usr/share/webapps/adminer"
  <Directory "/usr/share/webapps/adminer">
      AllowOverride All
      Options FollowSymlinks
      Require host localhost
      Require ip 127
      Require ip ::1
      php_admin_value open_basedir "/srv/:/tmp/:/usr/share/webapps/:/usr/share/pear/"
  </Directory>
</IfModule>

I’m sure I missed a few parts… Like SSL, but you know how to set it up. But for now, just to bring everything in. It’s still just an overview of everything. You can pick parts of it, or the whole concept.

To setup a VirtualHost I’ll show that later when PHP is done, or in a separate post. There I can also explain the FastCGI/FPM parts since the “vhost” all together is a vhost file, a nother one with the “fpm pool”, and the sockets etc…

Don’t forget to download the GeopIP database, and keep it updated.

Sorry if this post was a bit lengthy and not exakt in the instructions, but you get the picture and as mentioned before - this is not a tutorial/HowTo. You’ll have to adapt it to your own settings and match you own edits.

If you don’t want GeoIP or FastCGI - just edit those parts out and just use the “layout” and PGP as a module. This is just how I have installed it. But, to use 2 versions of PHP you need FastCGI to run on version as a module and the other one with FastCGI.

Updated post: 2015-12-22 - Here is Part 3 about PHP.


Happy hacking…

/Eric

Comments