Installing and Configuring Apache

The Apache webserver can be installed and set up as either a non-secure or a secure webserver. This section provides procedures for both types of installations. To install a non-secure version of the webserver, see one of the following procedures.

• How to Install and Configure the Apache Software from the Solaris 8 CD-ROM and Solaris 9 CD-ROM

• How to Install and Configure the Apache Software from the Apache Web Site

To install a secure version of the webserver, see one of the following procedures.

• How to Install and Configure the Apache Software Using mod_ssl

• How to Install and Configure the Apache Software Using apache-ssl

Sun Cluster HA for Apache works with the Apache software configured as either a Web server or a proxy server.

See Apache documentation at http://www.apache.org for standard installation instructions. Contact your Sun sales representative for a complete list of Apache versions that are supported with the Sun Cluster software.

Installing a Non-Secure Apache Webserver

This section provides procedures for installing a non-secure Apache webserver. For procedures for installing a secure Apache webserver, see Installing a Secure Apache Webserver.

How to Install and Configure the Apache Software from the Solaris 8 CD-ROM and Solaris 9 CD-ROM

This procedure installs a non-secure version of the Apache webserver. For procedures for installing a secure Apache webserver, see Installing a Secure Apache Webserver.

The Apache binaries are included in three packages—SUNWapchr, SUNWapchu, and SUNWapchd—that form the SUNWCapache package metacluster. You must install the SUNWapchr package before you install the SUNWapchu package.

Place the Web server binaries on the local file system on each of your cluster nodes or on a cluster file system.

1. Run the pkginfo(1) command to determine if the Apache packages SUNWapchr, SUNWapchu, and SUNWapchd have been installed.

   If not, install as follows.

   # pkgadd -d Solaris 8 Product directory SUNWapchr SUNWapchu SUNWapchd ... Installing Apache Web Server (root) as SUNWapchr ... [ verifying class initd ] /etc/rc0.d/K16apache linked pathname /etc/rc1.d/K16apache linked pathname /etc/rc2.d/K16apache linked pathname /etc/rc3.d/S50apache linked pathname /etc/rcS.d/K16apache linked pathname ...

2. Disable the START and STOP run control scripts that were just installed as part of the SUNWapchr package.

   This step is necessary because Sun Cluster HA for Apache starts and stops the Apache application after you have configured the data service. Perform the following steps.

   1. List the Apache run control scripts.

   2. Rename the Apache run control scripts.

   3. Verify that all of the Apache-related scripts have been renamed.

   ---

   Note –

   The following example changes the first letter in the name of the run control script from uppercase to lowercase. However, you can rename the scripts to be consistent with your normal administration practices.

   ---

   # ls -1 /etc/rc?.d/*apache /etc/rc0.d/K16apache /etc/rc1.d/K16apache /etc/rc2.d/K16apache /etc/rc3.d/S50apache /etc/rcS.d/K16apache # mv /etc/rc0.d/K16apache /etc/rc0.d/k16apache # mv /etc/rc1.d/K16apache /etc/rc1.d/k16apache # mv /etc/rc2.d/K16apache /etc/rc2.d/k16apache # mv /etc/rc3.d/S50apache /etc/rc3.d/s50apache # mv /etc/rcS.d/K16apache /etc/rcS.d/k16apache # ls -1 /etc/rc?.d/*apache /etc/rc0.d/k16apache /etc/rc1.d/k16apache /etc/rc2.d/k16apache /etc/rc3.d/s50apache /etc/rcS.d/k16apache

How to Install and Configure the Apache Software from the Apache Web Site

This procedure installs a non-secure version of the Apache webserver. For procedures for installing a secure Apache webserver, see Installing a Secure Apache Webserver.

Place the Web server binaries on the local file system on each of your cluster nodes or on a cluster file system.

1. Become superuser on a cluster member.

2. Install the Apache software using the installation procedures found in the Apache installation documentation.

   Install the Apache software using the Apache installation documentation you received with your Apache software or see the installation instructions at http://www.apache.org.

3. Update the httpd.conf configuration file.

   • Set the ServerName directive. (In Version 2.0 of Apache, the ServerName directive specifies the hostname and the port.)

   • Set the BindAddress directive (optional). (The BindAddress directive only exists in versions prior to Apache 2.0. For Apache 2.0, see the following bullet for the Listen directive.)

   • Set the Listen directive. The Listen directive must use the address of the logical host or shared address. (The Listen directive only exists in Apache 2.0 and beyond. For Apache versions prior to Apache 2.0, see the previous bullet for the BindAddress directive.)

   • Set the ServerType, ServerRoot, DocumentRoot, ScriptAlias, and LockFile directives.

     ---

     Note –

     The ServerType directive does not exist in Apache 2.0.

     ---

   • Set the Port directive to the same number as the Port_list standard resource property. See Step 4 for more information.

   • Make changes to run as a proxy server if you choose to run the Apache software as a proxy server. See the Apache documentation for more information. If you will run the Apache software as a proxy server, the CacheRoot setting must point to a location on the cluster file system.

4. Verify that the port number or numbers in the httpd.conf file match those of the Port_list standard resource property.

   You can edit the httpd.conf configuration file to change its port number or numbers to match the standard Sun Cluster resource property default (port 80). Alternatively, while you configure Sun Cluster HA for Apache, you can set the Port_list standard property to match the setting in the httpd.conf file.

5. Update the paths in the Apache start/stop script file (Bin_dir/apachectl).

   You must change the paths from the Apache defaults to match your Apache directory structure. For example, change the line in the BIN_dir/apachectl script beginning with HTTPD=/usr/local/apache/bin/httpd to the following.

   HTTPD='/usr/local/apache/bin/httpd -f /global/foo/apache/conf/httpd.conf'

6. Perform the following tasks to verify your configuration changes.

   1. Run apachectl configtest to check the Apache httpd.conf file for correct syntax.

   2. Ensure that any logical hostnames or shared addresses that Apache uses are configured and online.

   3. Issue apachectl start to start up your Apache server by hand.

      If Apache does not start up correctly, correct the problem.

   4. After Apache has started, stop it before moving to the next procedure.

Installing a Secure Apache Webserver

This section provides procedures for installing a secure Apache webserver. For procedures for installing a non-secure Apache webserver, see Installing a Non-Secure Apache Webserver.

How to Install and Configure the Apache Software Using mod_ssl

This procedure installs a secure version of the Apache webserver. For procedures for installing a non-secure Apache webserver, see Installing a Non-Secure Apache Webserver.

1. Become superuser on a cluster member.

2. Install the Apache software, including mod_ssl.

   To install mod_ssl, see the Apache installation documentation or the installation instructions at http://www.modssl.org.

3. Update the httpd.conf configuration file.

   • Set the ServerName directive.

   • Set the BindAddress directive (optional).

   • Set the ServerType, ServerRoot, DocumentRoot, ScriptAlias, and LockFile directives.

   • Set the Port directive to the same number as the Port_list standard resource property. See Step 4 for more information.

   • Make changes to run as a proxy server if you choose to run the Apache software as a proxy server. See the Apache documentation for more information. If you will run the Apache software as a proxy server, the CacheRoot setting must point to a location on the cluster file system.

4. Verify that the port number or numbers in the httpd.conf file match those of the Port_list standard resource property.

   You can edit the httpd.conf configuration file to change its port number or numbers to match the standard Sun Cluster resource property default (port 80). Alternatively, while you configure Sun Cluster HA for Apache, you can set the Port_list standard property to match the setting in the httpd.conf file.

5. Install all certificates and keys.

6. In Bin_dir directory, create a file called keypass. Make sure that no one other than the owner has any permissions for this file.

   # cd Bin_dir # touch keypass # chmod 700 keypass

7. If you are using encrypted private key(s), perform the following Step a and Step b.

   1. In the httpd.conf file, look for SSLPassPhraseDialog directive and modify it as follows.

      # SSLPassPhraseDialog exec:/Bin_dir/keypass

      See the mod_ssl documentation for details about the SSLPassPhraseDialog directive.

   2. Edit the keypass file so that it prints the pass phrase for the encrypted key corresponding to a host and a port.

      This file will be called with server:port algorithm as arguments. Make sure that the file can print the pass phrase for each of your encrypted keys when called with the correct parameters.

      Later, when you attempt to start the webserver manually, it must not prompt you for a pass phrase. For example, for a secure webserver listening on ports 8080 and 8888, with private keys for both encrypted using RSA, the keypass file could be the following.

      # !/bin/ksh host=`echo $1 | cut -d: -f1` port=`echo $1 | cut -d: -f2` algorithm=$2 if [ "$host" = "button-1.eng.sun.com" -a "$algorithm" = "RSA" ]; then case "$port" in 8080) echo passphrase-for-8080;; 8888) echo passphrase-for-8888;; esac fi

      ---

      Note –

      The keypass file must not be readable, writable, or executable by anyone other than the owner.

      ---

8. In the httpd.conf file, set the SSLLogLevel to warn to avoid logging a message every time the webserver is probed by Sun Cluster HA for Apache.

   SSLLogLevel warn

9. Update the paths in the Apache start/stop script file (Bin_dir/apachect1).

   You must change the paths from the Apache defaults to match your Apache directory structure.

10. Perform the following tasks to verify your configuration changes.

    1. Run apachectl configtest to check the Apache httpd.conf file for correct syntax.

    2. Ensure that any logical hostnames or shared addresses that Apache uses are configured and online.

    3. Issue apachectl start to start up your Apache server by hand.

       Make sure that the webserver does not ask you for a passphrase.

       If Apache does not start up correctly, correct the problem.

    4. After Apache has started, stop it before moving to the next procedure.

How to Install and Configure the Apache Software Using apache-ssl

This procedure installs a secure version of the Apache webserver. For procedures for installing a non-secure Apache webserver, see Installing a Non-Secure Apache Webserver.

1. Become superuser on a cluster member.

2. Install the Apache software, including apache-ssl, using the installation procedures found in the Apache installation documentation.

   To install apache-ssl, see the Apache installation documentation or the installation instructions at http://www.apache-ssl.org.

3. Update the httpd.conf configuration file.

   • Set the ServerName directive.

   • Set the BindAddress directive (optional).

   • Set the ServerType, ServerRoot, DocumentRoot, ScriptAlias, and LockFile directives.

   • Set the Port directive to the same number as the Port_list standard resource property. See Step 4 for more information.

   • Make changes to run as a proxy server if you choose to run the Apache software as a proxy server. See the Apache documentation for more information. If you will run the Apache software as a proxy server, the CacheRoot setting must point to a location on the cluster file system.

4. Verify that the port number or numbers in the httpd.conf file match those of the Port_list standard resource property.

   You can edit the httpd.conf configuration file to change its port number or numbers to match the standard Sun Cluster resource property default (port 80). Alternatively, while you configure Sun Cluster HA for Apache, you can set the Port_list standard property to match the setting in the httpd.conf file.

5. Install all certificates and keys.

6. Make sure that all your private keys are stored unencrypted.

   Later, when you attempt to start the webserver manually, it must not prompt you for a pass phrase.

7. Update the paths in the Apache start/stop script file (Bin_dir/httpsdct1).

   You must change the paths from the Apache defaults to match your Apache directory structure.

8. Perform the following tasks to verify your configuration changes.

   1. Run httpsdctl configtest to check the Apache httpd.conf file for correct syntax.

   2. Ensure that any logical hostnames or shared addresses that Apache uses are configured and online.

   3. Issue httpsdctl start to start up your Apache server by hand.

      If Apache does not start up correctly, correct the problem.

   4. After Apache has started, stop it before moving to the next procedure.

Where to Go From Here

If you did not install the Sun Cluster HA for Apache during your initial Sun Cluster installation, go to Installing Sun Cluster HA for Apache Packages. Otherwise, go to Registering and Configuring Sun Cluster HA for Apache.