Installation Apache Worker MPM

Vorwort

  • Bei einem Single oder Dual CPU System ist Prefork in der Regel besser geeignet.
  • Worker eignet sich in der Regel besser auf einem multi-CPU System

Installation Apache

Als erstes kurz die Hauptverzeichnisse erstellen:

mkdir -p /www/server
mkdir /www/server/config
ln -s /usr/local/etc/apache22 apache

Nun installieren:

cd /usr/ports/www/apache22-worker-mpm
make install clean

Meine Konfiguration:

   lqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk
   x Options for apache-worker 2.2.21                                   x
   x lqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk x
   x x[ ] THREADS               Enable threads support in APR         x x
   x x[ ] MYSQL                 Enable MySQL support for apr-dbd      x x
   x x[ ] PGSQL                 Enable PostgreSQL support for apr-dbd x x
   x x[ ] SQLITE                Enable SQLite support for apr-dbd     x x
   x x[ ] IPV6                  Enable IPv6 support                   x x
   x x[ ] BDB                   Enable BerkeleyDB dbm                 x x
   x x[*] AUTH_BASIC            Enable mod_auth_basic                 x x
   x x[ ] AUTH_DIGEST           Enable mod_auth_digest                x x
   x x[*] AUTHN_FILE            Enable mod_authn_file                 x x
   x x[ ] AUTHN_DBD             Enable mod_authn_dbd                  x x
   x x[ ] AUTHN_DBM             Enable mod_authn_dbm                  x x
   x x[ ] AUTHN_ANON            Enable mod_authn_anon                 x x
   x x[ ] AUTHN_DEFAULT         Enable mod_authn_default              x x
   x x[ ] AUTHN_ALIAS           Enable mod_authn_alias                x x
   x x[*] AUTHZ_HOST            Enable mod_authz_host                 x x
   x x[*] AUTHZ_GROUPFILE       Enable mod_authz_groupfile            x x
   x x[*] AUTHZ_USER            Enable mod_authz_user                 x x
   x x[ ] AUTHZ_DBM             Enable mod_authz_dbm                  x x
   x x[ ] AUTHZ_OWNER           Enable mod_authz_owner                x x
   x x[ ] AUTHZ_DEFAULT         Enable mod_authz_default              x x
   x x[ ] CACHE                 Enable mod_cache                      x x
   x x[ ] DISK_CACHE            Enable mod_disk_cache                 x x
   x x[ ] FILE_CACHE            Enable mod_file_cache                 x x
   x x[ ] MEM_CACHE             Enable mod_mem_cache                  x x
   x x[ ] DAV                   Enable mod_dav                        x x
   x x[ ] DAV_FS                Enable mod_dav_fs                     x x
   x x[ ] BUCKETEER             Enable mod_bucketeer                  x x
   x x[ ] CASE_FILTER           Enable mod_case_filter                x x
   x x[ ] CASE_FILTER_IN        Enable mod_case_filter_in             x x
   x x[ ] EXT_FILTER            Enable mod_ext_filter                 x x
   x x[ ] LOG_FORENSIC          Enable mod_log_forensic               x x
   x x[ ] OPTIONAL_HOOK_EXPORT  Enable mod_optional_hook_export       x x
   x x[ ] OPTIONAL_HOOK_IMPORT  Enable mod_optional_hook_import       x x
   x x[ ] OPTIONAL_FN_IMPORT    Enable mod_optional_fn_import         x x
   x x[ ] OPTIONAL_FN_EXPORT    Enable mod_optional_fn_export         x x
   x x[ ] LDAP                  Enable mod_ldap                       x x
   x x[ ] AUTHNZ_LDAP           Enable mod_authnz_ldap                x x
   x x[*] ACTIONS               Enable mod_actions                    x x
   x x[*] ALIAS                 Enable mod_alias                      x x
   x x[ ] ASIS                  Enable mod_asis                       x x
   x x[*] AUTOINDEX             Enable mod_autoindex                  x x
   x x[ ] CERN_META             Enable mod_cern_meta                  x x
   x x[*] CGI                   Enable mod_cgi                        x x
   x x[ ] CHARSET_LITE          Enable mod_charset_lite               x x
   x x[ ] DBD                   Enable mod_dbd                        x x
   x x[*] DEFLATE               Enable mod_deflate                    x x
   x x[*] DIR                   Enable mod_dir                        x x
   x x[ ] DUMPIO                Enable mod_dumpio                     x x
   x x[*] ENV                   Enable mod_env                        x x
   x x[*] EXPIRES               Enable mod_expires                    x x
   x x[*] HEADERS               Enable mod_headers                    x x
   x x[*] IMAGEMAP              Enable mod_imagemap                   x x
   x x[*] INCLUDE               Enable mod_include                    x x
   x x[*] INFO                  Enable mod_info                       x x
   x x[*] LOG_CONFIG            Enable mod_log_config                 x x
   x x[*] LOGIO                 Enable mod_logio                      x x
   x x[*] MIME                  Enable mod_mime                       x x
   x x[ ] MIME_MAGIC            Enable mod_mime_magic                 x x
   x x[*] NEGOTIATION           Enable mod_negotiation                x x
   x x[*] REWRITE               Enable mod_rewrite                    x x
   x x[*] SETENVIF              Enable mod_setenvif                   x x
   x x[*] SPELING               Enable mod_speling                    x x
   x x[*] STATUS                Enable mod_status                     x x
   x x[*] UNIQUE_ID             Enable mod_unique_id                  x x
   x x[ ] USERDIR               Enable mod_userdir                    x x
   x x[ ] USERTRACK             Enable mod_usertrack                  x x
   x x[*] VHOST_ALIAS           Enable mod_vhost_alias                x x
   x x[ ] FILTER                Enable mod_filter                     x x
   x x[ ] SUBSTITUTE            Enable mod_substitute                 x x
   x x[ ] VERSION               Enable mod_version                    x x
   x x[*] PROXY                 Enable mod_proxy                      x x
   x x[ ] PROXY_CONNECT         Enable mod_proxy_connect              x x
   x x[ ] PATCH_PROXY_CONNECT   Patch proxy_connect SSL support       x x
   x x[ ] PROXY_FTP             Enable mod_proxy_ftp                  x x
   x x[ ] PROXY_HTTP            Enable mod_proxy_http                 x x
   x x[ ] PROXY_AJP             Enable mod_proxy_ajp                  x x
   x x[ ] PROXY_BALANCER        Enable mod_proxy_balancer             x x
   x x[ ] PROXY_SCGI            Enable mod_proxy_scgi                 x x
   x x[*] SSL                   Enable mod_ssl                        x x
   x x[ ] SUEXEC                Enable mod_suexec                     x x
   x x[ ] SUEXEC_RSRCLIMIT      SuEXEC rlimits based on login class   x x
   x x[ ] REQTIMEOUT            Enable mod_reqtimeout                 x x
   x x[ ] CGID                  Enable mod_cgid                       x x
   x mqqqqv(+)qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq16%qqqqqj x
   tqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqu
   x                   <  OK  >                                 x
   mqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj

Nun noch die APR Konfig:

   lqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk
   x Options for apr-ipv6-devrandom-gdbm-db42-mysql55 1.4.5.1.3.12_1    x
   x lqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk x
   x x     [*] THREADS    Enable Threads in apr                       x x
   x x     [ ] IPV6       Enable IPV6 Support in apr                  x x
   x x     [*] BDB        Enable Berkley BDB support in apr-util      x x
   x x     [*] GDBM       Enable GNU dbm support in apr-util          x x
   x x     [ ] LDAP       Enable LDAP support in apr-util             x x
   x x     [ ] MYSQL      Enable MySQL suport in apr-util             x x
   x x     [ ] NDBM       Enable NDBM support in apr-util             x x
   x x     [ ] PGSQL      Enable Postgresql suport in apr-util        x x
   x x     [ ] SQLITE     Enable SQLite3 support in apr-util          x x
   x x     [*] DEVRANDOM  Use /dev/random or compatible in apr        x x
   x mqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj x
   tqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqu
   x                   <  OK  >                                 x
   mqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj


 Apache aktivieren:

vi /etc/rc.conf

Folgendes hinzufügen:

#-----------------------------------------------#
#       Web Server                              #
#-----------------------------------------------#
apache2_enable="YES"
apache2ssl_enable="YES"
apache22_http_accept_enable="YES"

Anmerkungen:

  • Die Variable apache2ssl_enable=“YES“ bewirkt, dass beim Startup Script automatisch „apachectl startssl“ ausgeführt wird (/usr/local/etc/rc.d/apache2.sh start)
  • Apache 2.2.6 startet automatisch ohne zu checken, ob das Kernel Modul ccf_http geladen wurde. Und per Default benutzt er dieses nicht. Um diese Einstellung rückgängig zu machen, fügen wir im rc.conf apache22_http_accept_enable=“YES“ hinzu. Dies bewirkt, dass das Kernel Modul geladen wird und Apache es auch benutzt.

Installation mod_fcgid

mod_fcgid ist die Weiterentwicklung von mod_fastcgi

cd /usr/ports/www/mod_fcgid
make install clean

Installation mod_limitipconn2

Modul um die Zugriffe pro IP zu limitieren. Weitere Infos zu diesem Modul gibts hier.

Beachte: Die Verwendung von mod_limitipconn erhöht die CPU Usage um ca. 5%.

cd /usr/ports/www/mod_limitipconn2 
make install clean

Installation mod_extract_forwarded

Damit die Proxy Connections für limitipconn2 auch korrekt aufgelöst werden, muss noch mod_extract_forwarded installiert werden:

cd /usr/ports/www/mod_extract_forwarded 
make install clean

Installation SSL Zertifikat

Zunächst sagen wir dem Installations-Tool, dass wir ein Selbst-signiertes Zertifikat erstellen möchten:

Verzeichnisse erstellen:

umask 022
mkdir /www/server/apache/ssl.key
mkdir /www/server/apache/ssl.crt
mkdir /www/server/apache/ssl.crl

Test-Zertifikat erstellen

openssl genrsa -out /www/server/apache/ssl.key/server.key 1024
openssl req -new -days 7300 -key /www/server/apache/ssl.key/server.key -x509 -out /www/server/apache/ssl.crt/server.crt

Expiry vom Zertifikat machen wir in 7300 Tagen (20 Jahre). Danach sollte es sicherlich wieder mal einen neuen Server geben 😉

Output

You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:CH
State or Province Name (full name) [Some-State]:ZH
Locality Name (eg, city) []:Zürich
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Deine Firma AG
Organizational Unit Name (eg, section) []:
Common Name (eg, YOUR name) []: <
Email Address []:info@domain.com

Bestehendes Apache SSL Config kopieren oder neu erstellen [ssl.conf]

cd /www/server/apache
scp user@mein.alter.server.com:/www/server/apache/ssl.conf .
cd extra/
mv httpd-ssl.conf httpd-ssl.conf-dist
ln -s ../ssl.conf httpd-ssl.conf

httpd.conf  

Hier die Auszüge meiner Anpassungen.

Module:

LoadModule authn_file_module libexec/apache22/mod_authn_file.so
LoadModule authz_host_module libexec/apache22/mod_authz_host.so
LoadModule authz_groupfile_module libexec/apache22/mod_authz_groupfile.so
LoadModule authz_user_module libexec/apache22/mod_authz_user.so
LoadModule auth_basic_module libexec/apache22/mod_auth_basic.so
LoadModule include_module libexec/apache22/mod_include.so
LoadModule deflate_module libexec/apache22/mod_deflate.so
LoadModule log_config_module libexec/apache22/mod_log_config.so
LoadModule logio_module libexec/apache22/mod_logio.so
LoadModule env_module libexec/apache22/mod_env.so
LoadModule expires_module libexec/apache22/mod_expires.so
LoadModule headers_module libexec/apache22/mod_headers.so
LoadModule unique_id_module libexec/apache22/mod_unique_id.so
LoadModule setenvif_module libexec/apache22/mod_setenvif.so
LoadModule ssl_module libexec/apache22/mod_ssl.so
LoadModule mime_module libexec/apache22/mod_mime.so
LoadModule status_module libexec/apache22/mod_status.so
LoadModule autoindex_module libexec/apache22/mod_autoindex.so
LoadModule info_module libexec/apache22/mod_info.so
LoadModule cgi_module libexec/apache22/mod_cgi.so
LoadModule vhost_alias_module libexec/apache22/mod_vhost_alias.so
LoadModule negotiation_module libexec/apache22/mod_negotiation.so
LoadModule dir_module libexec/apache22/mod_dir.so
LoadModule imagemap_module libexec/apache22/mod_imagemap.so
LoadModule actions_module libexec/apache22/mod_actions.so
LoadModule speling_module libexec/apache22/mod_speling.so
LoadModule alias_module libexec/apache22/mod_alias.so
LoadModule rewrite_module libexec/apache22/mod_rewrite.so
LoadModule proxy_module     libexec/apache22/mod_proxy.so
LoadModule limitipconn_module libexec/apache22/mod_limitipconn.so
LoadModule extract_forwarded_module libexec/apache22/mod_extract_forwarded.so
LoadModule fcgid_module libexec/apache22/mod_fcgid.so


Diverse Settings:

ServerAdmin you@example.com
ServerName www.example.com:80
# Diverse Eigene Einstellungen
#
AddDefaultCharset Off
#
# wir setzen E-Tags (gem. YSlow)
FileETag MTime Size
# wir setzen expire tags f\xfcr images etc.
ExpiresActive On
ExpiresByType image/gif "access plus 7 days"
ExpiresByType image/png "access plus 7 days"
ExpiresByType image/jpg "access plus 7 days"
ExpiresByType image/jpeg "access plus 7 days"
ExpiresByType text/css "access plus 7 days"
ExpiresByType text/javascript "access plus 7 days"
ExpiresByType application/x-shockwave-flash "access plus 30 days"
<Directory />
#
#    AllowOverride None
#    Order Deny,Allow
#    Deny from all
#

        Options Indexes FollowSymLinks Includes
        AllowOverride AuthConfig Limit Options Indexes FileInfo
</Directory>

<IfModule dir_module>
    DirectoryIndex index.htm index.html index.php index.php3 index.phtml
</IfModule>

<IfModule log_config_module>
    #
    # The following directives define some format nicknames for use with
    # a CustomLog directive (see below).
    #
    LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
    LogFormat "%h %l %u %t \"%r\" %>s %b" common

   
      # You need to enable mod_logio.c to use %I and %O
      LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
   

    #
    # The location and format of the access logfile (Common Logfile Format).
    # If you do not define any access logfiles within a
    # container, they will be logged here.  Contrariwise, if you *do*
    # define per- access logfiles, transactions will be
    # logged therein and *not* in this file.
    #
    #CustomLog "/var/log/httpd-access.log" common

    #
    # If you prefer a logfile with access, agent, and referer information
    # (Combined Logfile Format) you can use the following directive.
    #
    # damit er das log nicht sinnlos vollschreibt mit den localhost zugriffen im sekundentakt
    SetEnvIf Remote_Addr ^(127\.0\.0\.1|localhost) nolog
    CustomLog "/var/log/httpd-access.log" combined env=!nolog
</IfModule>


<IfModule mime_module>
    #
    # TypesConfig points to the file containing the list of mappings from
    # filename extension to MIME-type.
    #
    TypesConfig etc/apache22/mime.types

    #
    # AddType allows you to add to or override the MIME configuration
    # file specified in TypesConfig for specific file types.
    #
    #AddType application/x-gzip .tgz
    #
    # AddEncoding allows you to have certain browsers uncompress
    # information on the fly. Note: Not all browsers support this.
    #
    #AddEncoding x-compress .Z
    #AddEncoding x-gzip .gz .tgz
    #
    # If the AddEncoding directives above are commented-out, then you
    # probably should define those extensions to indicate media types:
    #
    AddType application/x-compress .Z
    AddType application/x-gzip .gz .tgz
    AddType image/x-icon .ico

    AddType application/x-httpd-php .php .lib .inc .php3
    AddType application/x-httpd-php-source .phps

    AddType video/x-ms-asf .asf .asx

    #
    # AddHandler allows you to map certain file extensions to "handlers":
    # actions unrelated to filetype. These can be either built into the server
    # or added with the Action directive (see below)
    #
    # To use CGI scripts outside of ScriptAliased directories:
    # (You will also need to add "ExecCGI" to the "Options" directive.)
    #
    #AddHandler cgi-script .cgi
AddHandler cgi-script .cgi
AddHandler cgi-script .pl

    # For type maps (negotiated resources):
    AddHandler type-map var

    #
    # Filters allow you to process content before it is sent to the client.
    #
    # To parse .shtml files for server-side includes (SSI):
    # (You will also need to add "Includes" to the "Options" directive.)
    #
    #AddType text/html .shtml
    #AddOutputFilter INCLUDES .shtml
</IfModule>

#EnableMMAP off
#EnableSendfile off
#  das brauch ich für openads - setze die timezone per apache
SetEnv TZ Europe/Zurich

# Server-pool management (MPM specific)
Include etc/apache22/extra/httpd-mpm.conf

# Real-time info on requests and configuration
Include etc/apache22/extra/httpd-info.conf

# Secure (SSL/TLS) connections
Include etc/apache22/extra/httpd-ssl.conf

  <IfModule mod_deflate.c>
    # Insert filter
    SetOutputFilter DEFLATE

    # Netscape 4.x has some problems
    BrowserMatch ^Mozilla/4 gzip-only-text/html

    # Netscape 4.06-4.08 have some more problems
    BrowserMatch ^Mozilla/4.0[678] no-gzip

    # MSIE masquerades as Netscape, but it is fine
    # BrowserMatch \bMSIE !no-gzip !gzip-only-text/html

    # NOTE: Due to a bug in mod_setenvif up to Apache 2.0.48
    # the above regex won't work. You can use the following
    # workaround to get the desired effect:
    BrowserMatch \bMSI[E] !no-gzip !gzip-only-text/html

    # Don't compress images
    SetEnvIfNoCase Request_URI .(?:gif|jpe?g|png)$ no-gzip dont-vary

    # or pdfs
    SetEnvIfNoCase Request_URI .pdf$ no-gzip dont-vary

    # or binary archives
    SetEnvIfNoCase Request_URI .(?:exe|t?gz|zip|bz2|sit|rar|iso|dia)$ no-gzip dont-vary

    # Make sure proxies don't deliver the wrong content
    Header append Vary User-Agent env=!dont-vary

    # logging
    #DeflateFilterNote ratio
    #LogFormat '"%r" %{outstream}n/%{instream}n (%{ratio}n%%)' deflate
    #CustomLog logs/deflate_log deflate
 </IfModule>
   
 
<IfModule mod_fcgid.c>
  AddHandler fcgid-script .fcgi .php .php3
  FCGIWrapper /usr/local/bin/php-cgi .php
  SocketPath /var/run/fcgidsock/
  IPCConnectTimeout 10
  IPCCommTimeout 20
  OutputBufferSize 0
  FcgidIPCDir /var/run/mod_fcgid
  FcgidProcessTableFile /var/run/mod_fcgid/fcgid_shm
</IfModule>

<Files ~ (\.php)>
SetHandler fcgid-script
FCGIWrapper /usr/local/bin/php-cgi .php
Options +ExecCGI
allow from all
</Files>


NameVirtualHost *:80

Include etc/apache22/Includes/*.conf

# used for virtualhosting
# wenn db down, das hier aktiviere
#Include /www/server/config/__localhost
Include /www/server/config

no-accf.conf

vi /www/server/apache/Includes/no-accf.conf

folgende Zeilen auskommentieren damit das accf_http Modul (the ‚httpready‘ Accept Filter) funktioniert.


#AcceptFilter http none
#AcceptFilter https none

http://www.mydigitallife.info/freebsd-apache-http-accept-filter-error/

Setup Virtual Hosts 

Im Verzeichnis

/www/server/config

erstelle ich Pro Host ein File. Also:

vi /www/server/config/mydomain.com

Inhalt des Files:


ServerName www.mydomain.com
ServerAlias mydomain.com
ServerAdmin webmaster@mydomain.com
DocumentRoot /www/mydomain.com/doc
CustomLog /www/mydomain.com/log/access_log combined
ScriptAlias /cgi/ /www/mydomain.com/cgi/
ErrorDocument 404 http://www.mydomain.com/

Installation PHP

Als nächstes wird PHP installiert

Server Starten

# /usr/local/etc/rc.d/apache22 start

Apache Tuning

Die Optimale Apache Einstellungen sind Maschinen abhängig. Ich habe hier eine separate Seite dafür gemacht: Apache Tuning

Apache Performance Test

Erst mal eine PHP Seite aufsetzen, die ich für den Stress-Test aufrufen kann.

# vi index.php
phpinfo(); 
?>

Und nun Benchmark Testing machen:

# ab -c 100 -n 10000 http://127.0.0.1/index.php

 

Apache Module im Nachhinein installieren

cd /usr/ports/www/apache22-worker-mpm
make config

Nun die gewünschten Module auswählen. Danach:

make clean
make deinstall
make reinstall

Nun sollte das Modul hier zu finden sein:

ll /usr/local/libexec/apache22/

 

Referenzen

Meine Konfiguration von PHP mit Apache Worker basiert auf diesem Artikel. Danke dafür 🙂

  • *

    Du kannst diese HTML tags verwenden: <a> <abbr> <acronym> <b> <blockquote> <cite> <code> <del> <em> <i> <q> <s> <strike> <strong>

  • Kommentar-Feed für diesen Beitrag
nach oben