Apache HTTP Server is an open-source web server platform. This article will outline the steps to install, configure, harden a zero-footprint instance of Apache 2.2 & 2.4, with particular focus on the nuances between each.
Prerequisites
If you are building you zero-footprint for the first time you will need a C/C++ compiler available on the initial system. Once compiled, the resulting package is portable to other like-O/S servers. For the most part, most Unix/Linux distributions will come packaged with the gcc compiler.
Unix/Solaris
Check if gcc compiler is installed:
$ which gcc # which is dependent on environment variables being set correctly. # Alternatively check the /usr/bin and /usr/sfw/bin paths.
If no compiler found, install it:
$ pkg install gcc-3 # or whatever version you need
Linux
Chech if gcc compilete is installed:
$ which gcc
If no compiler found, install it:
# Debian/Ubuntu $ sudo apt-get install build-essential # RHEL/CentOS/Fedora $ sudo yum group install "Development Tools"
Initial Installation
1) Get Source Files
The first step is to retrieve the source files from Apache. Grab the compressed files pertinent to the O/S you are using, typically bzip2 for Unix and gunzip for Linux:
# Change dir to whichever working directory you want to use $ cd /opt # Change version number/archive type as required $ wget --no-check-certificate https://archive.apache.org/dist/httpd/httpd-2.2.23.tar.bz2 [ -e use-proxy=yes -e https_proxy=xxxxx ] # Apache also provides MD5 hashes to verify your downloads, so you could do the following to generate a local MD5 hash to compare wget -O - https://archive.apache.org/dist/httpd-2.4.29.tar.bz2 | tee httpd-2.2.23.tar.bz2 | md5sum > md5sum.local
Unpack the archive:
Unix/Solaris
# Use -k switch to preserve the original archive $ bzip2 -d[k] httpd-2.2.32.tar.bz2 $ tar -xvf httpd-2.2.32.tar
Linux
$ tar -xzvf httpd-2.2.32.tar.gz
Next, we will compile apache.
Apache 2.4 Setup
Since Apache 2.4, the Apache Portable Runtime and the Perl Compatible Regex modules are no longer packaged with the original source. However, these modules are mandatory for Apache to compile and run. For reference the APR library provides a set of APIs that map to the underlying O/S and emulate functions that are not available, making Apache platform-agnostic. The PCRE library prohan vides more powerful and flexible regex expressions than other flaovours and is used by mod_rewrite, etc.
Apache provides the flexibility to point to existing instances of these when compiling. If you do not have these modules you can add them as follows:
First, download the module source files:
$ wget http://archive.apache.org/dist/apr/apr-1.6.3.tar.bz2 $ wget http://archive.apache.org/dist/apr/apr-util-1.6.1.tar.bz2 # Apache 2 requires pcre, not pcre2 $ wget --no-check-certificate https://ftp.pcre.org/pub/pcre/pcre-8.41.tar.bz2
Extract the source files:
# APR and APR utils can be compiled with Apache out of the box provided they are in the srclib directory $ tar -x[z]vf apr-1.6.3.tar[.gz] --directory /opt/httpd-2.4.x/srclib/apr $ tar -x[z]vf apr-util-1.6.1.tar[.gz] -- directory /opt/httpd-2.4.x/srclib/apr-util # PCRE will not be automatically compiled in the srclib directory, so either manipulate the build script or simply keep it separate. $ tar -x[z]vf pcre-8.41.tar[.gz]
If you've placed PCRE in its own folder, you will have to build it first:
$ ./configure --prefix=/opt/pcre --enable-pcre16 --enable-pcre32 $ make $ make install