spread the knowledge
Installation Apache Worker MPM
“Übersicht“
Vorwort
- Bei einem Single oder Dual CPU System ist Prefork in der Regel besser geeignet.
- Worker eignet sich in der Regel besser auf einem multi-CPU System
Installation Apache
Als erstes kurz die Hauptverzeichnisse erstellen:
mkdir -p /www/server
mkdir /www/server/config
ln -s /usr/local/etc/apache22 apache
Nun installieren:
cd /usr/ports/www/apache22-worker-mpm
make install clean
Meine Konfiguration:
lqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk
x Options for apache-worker 2.2.21 x
x lqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk x
x x[ ] THREADS Enable threads support in APR x x
x x[ ] MYSQL Enable MySQL support for apr-dbd x x
x x[ ] PGSQL Enable PostgreSQL support for apr-dbd x x
x x[ ] SQLITE Enable SQLite support for apr-dbd x x
x x[ ] IPV6 Enable IPv6 support x x
x x[ ] BDB Enable BerkeleyDB dbm x x
x x[*] AUTH_BASIC Enable mod_auth_basic x x
x x[ ] AUTH_DIGEST Enable mod_auth_digest x x
x x[*] AUTHN_FILE Enable mod_authn_file x x
x x[ ] AUTHN_DBD Enable mod_authn_dbd x x
x x[ ] AUTHN_DBM Enable mod_authn_dbm x x
x x[ ] AUTHN_ANON Enable mod_authn_anon x x
x x[ ] AUTHN_DEFAULT Enable mod_authn_default x x
x x[ ] AUTHN_ALIAS Enable mod_authn_alias x x
x x[*] AUTHZ_HOST Enable mod_authz_host x x
x x[*] AUTHZ_GROUPFILE Enable mod_authz_groupfile x x
x x[*] AUTHZ_USER Enable mod_authz_user x x
x x[ ] AUTHZ_DBM Enable mod_authz_dbm x x
x x[ ] AUTHZ_OWNER Enable mod_authz_owner x x
x x[ ] AUTHZ_DEFAULT Enable mod_authz_default x x
x x[ ] CACHE Enable mod_cache x x
x x[ ] DISK_CACHE Enable mod_disk_cache x x
x x[ ] FILE_CACHE Enable mod_file_cache x x
x x[ ] MEM_CACHE Enable mod_mem_cache x x
x x[ ] DAV Enable mod_dav x x
x x[ ] DAV_FS Enable mod_dav_fs x x
x x[ ] BUCKETEER Enable mod_bucketeer x x
x x[ ] CASE_FILTER Enable mod_case_filter x x
x x[ ] CASE_FILTER_IN Enable mod_case_filter_in x x
x x[ ] EXT_FILTER Enable mod_ext_filter x x
x x[ ] LOG_FORENSIC Enable mod_log_forensic x x
x x[ ] OPTIONAL_HOOK_EXPORT Enable mod_optional_hook_export x x
x x[ ] OPTIONAL_HOOK_IMPORT Enable mod_optional_hook_import x x
x x[ ] OPTIONAL_FN_IMPORT Enable mod_optional_fn_import x x
x x[ ] OPTIONAL_FN_EXPORT Enable mod_optional_fn_export x x
x x[ ] LDAP Enable mod_ldap x x
x x[ ] AUTHNZ_LDAP Enable mod_authnz_ldap x x
x x[*] ACTIONS Enable mod_actions x x
x x[*] ALIAS Enable mod_alias x x
x x[ ] ASIS Enable mod_asis x x
x x[*] AUTOINDEX Enable mod_autoindex x x
x x[ ] CERN_META Enable mod_cern_meta x x
x x[*] CGI Enable mod_cgi x x
x x[ ] CHARSET_LITE Enable mod_charset_lite x x
x x[ ] DBD Enable mod_dbd x x
x x[*] DEFLATE Enable mod_deflate x x
x x[*] DIR Enable mod_dir x x
x x[ ] DUMPIO Enable mod_dumpio x x
x x[*] ENV Enable mod_env x x
x x[*] EXPIRES Enable mod_expires x x
x x[*] HEADERS Enable mod_headers x x
x x[*] IMAGEMAP Enable mod_imagemap x x
x x[*] INCLUDE Enable mod_include x x
x x[*] INFO Enable mod_info x x
x x[*] LOG_CONFIG Enable mod_log_config x x
x x[*] LOGIO Enable mod_logio x x
x x[*] MIME Enable mod_mime x x
x x[ ] MIME_MAGIC Enable mod_mime_magic x x
x x[*] NEGOTIATION Enable mod_negotiation x x
x x[*] REWRITE Enable mod_rewrite x x
x x[*] SETENVIF Enable mod_setenvif x x
x x[*] SPELING Enable mod_speling x x
x x[*] STATUS Enable mod_status x x
x x[*] UNIQUE_ID Enable mod_unique_id x x
x x[ ] USERDIR Enable mod_userdir x x
x x[ ] USERTRACK Enable mod_usertrack x x
x x[*] VHOST_ALIAS Enable mod_vhost_alias x x
x x[ ] FILTER Enable mod_filter x x
x x[ ] SUBSTITUTE Enable mod_substitute x x
x x[ ] VERSION Enable mod_version x x
x x[*] PROXY Enable mod_proxy x x
x x[ ] PROXY_CONNECT Enable mod_proxy_connect x x
x x[ ] PATCH_PROXY_CONNECT Patch proxy_connect SSL support x x
x x[ ] PROXY_FTP Enable mod_proxy_ftp x x
x x[ ] PROXY_HTTP Enable mod_proxy_http x x
x x[ ] PROXY_AJP Enable mod_proxy_ajp x x
x x[ ] PROXY_BALANCER Enable mod_proxy_balancer x x
x x[ ] PROXY_SCGI Enable mod_proxy_scgi x x
x x[*] SSL Enable mod_ssl x x
x x[ ] SUEXEC Enable mod_suexec x x
x x[ ] SUEXEC_RSRCLIMIT SuEXEC rlimits based on login class x x
x x[ ] REQTIMEOUT Enable mod_reqtimeout x x
x x[ ] CGID Enable mod_cgid x x
x mqqqqv(+)qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq16%qqqqqj x
tqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqu
x < OK > x
mqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj
Nun noch die APR Konfig:
lqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk
x Options for apr-ipv6-devrandom-gdbm-db42-mysql55 1.4.5.1.3.12_1 x
x lqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk x
x x [*] THREADS Enable Threads in apr x x
x x [ ] IPV6 Enable IPV6 Support in apr x x
x x [*] BDB Enable Berkley BDB support in apr-util x x
x x [*] GDBM Enable GNU dbm support in apr-util x x
x x [ ] LDAP Enable LDAP support in apr-util x x
x x [ ] MYSQL Enable MySQL suport in apr-util x x
x x [ ] NDBM Enable NDBM support in apr-util x x
x x [ ] PGSQL Enable Postgresql suport in apr-util x x
x x [ ] SQLITE Enable SQLite3 support in apr-util x x
x x [*] DEVRANDOM Use /dev/random or compatible in apr x x
x mqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj x
tqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqu
x < OK > x
mqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj
Apache aktivieren:
vi /etc/rc.conf
Folgendes hinzufügen:
#-----------------------------------------------#
# Web Server #
#-----------------------------------------------#
apache2_enable="YES"
apache2ssl_enable="YES"
apache22_http_accept_enable="YES"
Anmerkungen:
- Die Variable apache2ssl_enable=“YES“ bewirkt, dass beim Startup Script automatisch „apachectl startssl“ ausgeführt wird (/usr/local/etc/rc.d/apache2.sh start)
- Apache 2.2.6 startet automatisch ohne zu checken, ob das Kernel Modul ccf_http geladen wurde. Und per Default benutzt er dieses nicht. Um diese Einstellung rückgängig zu machen, fügen wir im rc.conf apache22_http_accept_enable=“YES“ hinzu. Dies bewirkt, dass das Kernel Modul geladen wird und Apache es auch benutzt.
Installation mod_fcgid
mod_fcgid ist die Weiterentwicklung von mod_fastcgi
cd /usr/ports/www/mod_fcgid
make install clean
Installation mod_limitipconn2
Modul um die Zugriffe pro IP zu limitieren. Weitere Infos zu diesem Modul gibts hier.
Beachte: Die Verwendung von mod_limitipconn erhöht die CPU Usage um ca. 5%.
cd /usr/ports/www/mod_limitipconn2
make install clean
Installation mod_extract_forwarded
Damit die Proxy Connections für limitipconn2 auch korrekt aufgelöst werden, muss noch mod_extract_forwarded installiert werden:
cd /usr/ports/www/mod_extract_forwarded
make install clean
Installation SSL Zertifikat
Zunächst sagen wir dem Installations-Tool, dass wir ein Selbst-signiertes Zertifikat erstellen möchten:
Verzeichnisse erstellen:
umask 022 mkdir /www/server/apache/ssl.key mkdir /www/server/apache/ssl.crt mkdir /www/server/apache/ssl.crl
Test-Zertifikat erstellen
openssl genrsa -out /www/server/apache/ssl.key/server.key 1024 openssl req -new -days 7300 -key /www/server/apache/ssl.key/server.key -x509 -out /www/server/apache/ssl.crt/server.crt
Expiry vom Zertifikat machen wir in 7300 Tagen (20 Jahre). Danach sollte es sicherlich wieder mal einen neuen Server geben 😉
Output
You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:CH
State or Province Name (full name) [Some-State]:ZH
Locality Name (eg, city) []:Zürich
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Deine Firma AG
Organizational Unit Name (eg, section) []:
Common Name (eg, YOUR name) []: <
Email Address []:info@domain.com
Bestehendes Apache SSL Config kopieren oder neu erstellen [ssl.conf]
cd /www/server/apache
scp user@mein.alter.server.com:/www/server/apache/ssl.conf .
cd extra/
mv httpd-ssl.conf httpd-ssl.conf-dist
ln -s ../ssl.conf httpd-ssl.conf
httpd.conf
Hier die Auszüge meiner Anpassungen.
Module:
LoadModule authn_file_module libexec/apache22/mod_authn_file.so
LoadModule authz_host_module libexec/apache22/mod_authz_host.so
LoadModule authz_groupfile_module libexec/apache22/mod_authz_groupfile.so
LoadModule authz_user_module libexec/apache22/mod_authz_user.so
LoadModule auth_basic_module libexec/apache22/mod_auth_basic.so
LoadModule include_module libexec/apache22/mod_include.so
LoadModule deflate_module libexec/apache22/mod_deflate.so
LoadModule log_config_module libexec/apache22/mod_log_config.so
LoadModule logio_module libexec/apache22/mod_logio.so
LoadModule env_module libexec/apache22/mod_env.so
LoadModule expires_module libexec/apache22/mod_expires.so
LoadModule headers_module libexec/apache22/mod_headers.so
LoadModule unique_id_module libexec/apache22/mod_unique_id.so
LoadModule setenvif_module libexec/apache22/mod_setenvif.so
LoadModule ssl_module libexec/apache22/mod_ssl.so
LoadModule mime_module libexec/apache22/mod_mime.so
LoadModule status_module libexec/apache22/mod_status.so
LoadModule autoindex_module libexec/apache22/mod_autoindex.so
LoadModule info_module libexec/apache22/mod_info.so
LoadModule cgi_module libexec/apache22/mod_cgi.so
LoadModule vhost_alias_module libexec/apache22/mod_vhost_alias.so
LoadModule negotiation_module libexec/apache22/mod_negotiation.so
LoadModule dir_module libexec/apache22/mod_dir.so
LoadModule imagemap_module libexec/apache22/mod_imagemap.so
LoadModule actions_module libexec/apache22/mod_actions.so
LoadModule speling_module libexec/apache22/mod_speling.so
LoadModule alias_module libexec/apache22/mod_alias.so
LoadModule rewrite_module libexec/apache22/mod_rewrite.so
LoadModule proxy_module libexec/apache22/mod_proxy.so
LoadModule limitipconn_module libexec/apache22/mod_limitipconn.so
LoadModule extract_forwarded_module libexec/apache22/mod_extract_forwarded.so
LoadModule fcgid_module libexec/apache22/mod_fcgid.so
Diverse Settings:
ServerAdmin you@example.com
ServerName www.example.com:80
# Diverse Eigene Einstellungen
#
AddDefaultCharset Off
#
# wir setzen E-Tags (gem. YSlow)
FileETag MTime Size
# wir setzen expire tags fxfcr images etc.
ExpiresActive On
ExpiresByType image/gif "access plus 7 days"
ExpiresByType image/png "access plus 7 days"
ExpiresByType image/jpg "access plus 7 days"
ExpiresByType image/jpeg "access plus 7 days"
ExpiresByType text/css "access plus 7 days"
ExpiresByType text/javascript "access plus 7 days"
ExpiresByType application/x-shockwave-flash "access plus 30 days"
<Directory />
#
# AllowOverride None
# Order Deny,Allow
# Deny from all
#
Options Indexes FollowSymLinks Includes
AllowOverride AuthConfig Limit Options Indexes FileInfo
</Directory>
<IfModule dir_module>
DirectoryIndex index.htm index.html index.php index.php3 index.phtml
</IfModule>
<IfModule log_config_module>
#
# The following directives define some format nicknames for use with
# a CustomLog directive (see below).
#
LogFormat "%h %l %u %t "%r" %>s %b "%{Referer}i" "%{User-Agent}i"" combined
LogFormat "%h %l %u %t "%r" %>s %b" common
# You need to enable mod_logio.c to use %I and %O
LogFormat "%h %l %u %t "%r" %>s %b "%{Referer}i" "%{User-Agent}i" %I %O" combinedio
#
# The location and format of the access logfile (Common Logfile Format).
# If you do not define any access logfiles within a
# container, they will be logged here. Contrariwise, if you *do*
# define per- access logfiles, transactions will be
# logged therein and *not* in this file.
#
#CustomLog "/var/log/httpd-access.log" common
#
# If you prefer a logfile with access, agent, and referer information
# (Combined Logfile Format) you can use the following directive.
#
# damit er das log nicht sinnlos vollschreibt mit den localhost zugriffen im sekundentakt
SetEnvIf Remote_Addr ^(127.0.0.1|localhost) nolog
CustomLog "/var/log/httpd-access.log" combined env=!nolog
</IfModule>
<IfModule mime_module>
#
# TypesConfig points to the file containing the list of mappings from
# filename extension to MIME-type.
#
TypesConfig etc/apache22/mime.types
#
# AddType allows you to add to or override the MIME configuration
# file specified in TypesConfig for specific file types.
#
#AddType application/x-gzip .tgz
#
# AddEncoding allows you to have certain browsers uncompress
# information on the fly. Note: Not all browsers support this.
#
#AddEncoding x-compress .Z
#AddEncoding x-gzip .gz .tgz
#
# If the AddEncoding directives above are commented-out, then you
# probably should define those extensions to indicate media types:
#
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
AddType image/x-icon .ico
AddType application/x-httpd-php .php .lib .inc .php3
AddType application/x-httpd-php-source .phps
AddType video/x-ms-asf .asf .asx
#
# AddHandler allows you to map certain file extensions to "handlers":
# actions unrelated to filetype. These can be either built into the server
# or added with the Action directive (see below)
#
# To use CGI scripts outside of ScriptAliased directories:
# (You will also need to add "ExecCGI" to the "Options" directive.)
#
#AddHandler cgi-script .cgi
AddHandler cgi-script .cgi
AddHandler cgi-script .pl
# For type maps (negotiated resources):
AddHandler type-map var
#
# Filters allow you to process content before it is sent to the client.
#
# To parse .shtml files for server-side includes (SSI):
# (You will also need to add "Includes" to the "Options" directive.)
#
#AddType text/html .shtml
#AddOutputFilter INCLUDES .shtml
</IfModule>
#EnableMMAP off
#EnableSendfile off
# das brauch ich für openads - setze die timezone per apache
SetEnv TZ Europe/Zurich
# Server-pool management (MPM specific)
Include etc/apache22/extra/httpd-mpm.conf
# Real-time info on requests and configuration
Include etc/apache22/extra/httpd-info.conf
# Secure (SSL/TLS) connections
Include etc/apache22/extra/httpd-ssl.conf
<IfModule mod_deflate.c>
# Insert filter
SetOutputFilter DEFLATE
# Netscape 4.x has some problems
BrowserMatch ^Mozilla/4 gzip-only-text/html
# Netscape 4.06-4.08 have some more problems
BrowserMatch ^Mozilla/4.0[678] no-gzip
# MSIE masquerades as Netscape, but it is fine
# BrowserMatch bMSIE !no-gzip !gzip-only-text/html
# NOTE: Due to a bug in mod_setenvif up to Apache 2.0.48
# the above regex won't work. You can use the following
# workaround to get the desired effect:
BrowserMatch bMSI[E] !no-gzip !gzip-only-text/html
# Don't compress images
SetEnvIfNoCase Request_URI .(?:gif|jpe?g|png)$ no-gzip dont-vary
# or pdfs
SetEnvIfNoCase Request_URI .pdf$ no-gzip dont-vary
# or binary archives
SetEnvIfNoCase Request_URI .(?:exe|t?gz|zip|bz2|sit|rar|iso|dia)$ no-gzip dont-vary
# Make sure proxies don't deliver the wrong content
Header append Vary User-Agent env=!dont-vary
# logging
#DeflateFilterNote ratio
#LogFormat '"%r" %{outstream}n/%{instream}n (%{ratio}n%%)' deflate
#CustomLog logs/deflate_log deflate
</IfModule>
<IfModule mod_fcgid.c>
AddHandler fcgid-script .fcgi .php .php3
FCGIWrapper /usr/local/bin/php-cgi .php
SocketPath /var/run/fcgidsock/
IPCConnectTimeout 10
IPCCommTimeout 20
OutputBufferSize 0
FcgidIPCDir /var/run/mod_fcgid
FcgidProcessTableFile /var/run/mod_fcgid/fcgid_shm
</IfModule>
<Files ~ (.php)>
SetHandler fcgid-script
FCGIWrapper /usr/local/bin/php-cgi .php
Options +ExecCGI
allow from all
</Files>
NameVirtualHost *:80
Include etc/apache22/Includes/*.conf
# used for virtualhosting
# wenn db down, das hier aktiviere
#Include /www/server/config/__localhost
Include /www/server/config
no-accf.conf
vi /www/server/apache/Includes/no-accf.conf
folgende Zeilen auskommentieren damit das accf_http Modul (the ‚httpready‘ Accept Filter) funktioniert.
#AcceptFilter http none
#AcceptFilter https none
http://www.mydigitallife.info/freebsd-apache-http-accept-filter-error/
Setup Virtual Hosts
Im Verzeichnis
/www/server/config
erstelle ich Pro Host ein File. Also:
vi /www/server/config/mydomain.com
Inhalt des Files:
ServerName www.mydomain.com
ServerAlias mydomain.com
ServerAdmin webmaster@mydomain.com
DocumentRoot /www/mydomain.com/doc
CustomLog /www/mydomain.com/log/access_log combined
ScriptAlias /cgi/ /www/mydomain.com/cgi/
ErrorDocument 404 http://www.mydomain.com/
Installation PHP
Als nächstes wird PHP installiert…
Server Starten
# /usr/local/etc/rc.d/apache22 start
Apache Tuning
Die Optimale Apache Einstellungen sind Maschinen abhängig. Ich habe hier eine separate Seite dafür gemacht: Apache Tuning
Apache Performance Test
Erst mal eine PHP Seite aufsetzen, die ich für den Stress-Test aufrufen kann.
# vi index.php
phpinfo();
?>
Und nun Benchmark Testing machen:
# ab -c 100 -n 10000 http://127.0.0.1/index.php
Apache Module im Nachhinein installieren
cd /usr/ports/www/apache22-worker-mpm
make config
Nun die gewünschten Module auswählen. Danach:
make clean make deinstall make reinstall
Nun sollte das Modul hier zu finden sein:
ll /usr/local/libexec/apache22/
Referenzen
Meine Konfiguration von PHP mit Apache Worker basiert auf diesem Artikel. Danke dafür 🙂
