RewriteCondthat checks if the requested file exists:

RewriteCond %{REQUEST_FILENAME} !-f

Great, but that’s not what I was looking for. Instead I needed to Rewrite only if a specific folder existed. The solution turns out to be this:

RewriteCond %{DOCUMENT_ROOT}/path/within/your/project/ -d

You need DOCUMENT_ROOT as the RewriteCond -d checks for the full path

<IfModule mod_rewrite.c>

Options +FollowSymLinks

RewriteEngine On

RewriteBase /

RewriteRule ^index.php$ – [L]

RewriteCond %{REQUEST_FILENAME} !-f

RewriteCond %{REQUEST_FILENAME} !-d

RewriteRule . /index.php [L]

</IfModule>

The Apache HTTP Server has been the most popular web server on the Internet since April 1996 and is one of the most widely used open source software packages.  In fact, the latest Netcraft Web Server Survey reports that more than half of all active web sites use Apache, making it more widely used than all other Web servers combined.  So it’s no surprise that we get lots of questions about Apache HTTP Server installation procedures.  Fortunately, we have tons of experience with Apache installations, and we’ve distilled our years of experience into this handy tutorial.

Before You Start

This article assumes that you have Red Hat/CentOS Linux with a proper build environment setup.  If you do not have GCC installed you can get this with all the required packages like this:

yum groupinstall "Development Libraries"

You should now be ready to install Apache!

Meat & Potatoes

When we install Apache HTTP Server either for ourselves a client — small or large — we follow a “standard” configuration setup that’s very easy to build on later.  For the most part we use CentOS or Red Hat Enterprise edition servers, but these steps should work on any Unix system.  This might not be true for AIX, which requires a little more hand-holding to make sure the compiler is installed correctly.

The steps we’ll cover in this article are:

• Download the source code for the latest version of Apache (currently 2.2.11) from OpenLogic Exchange (OLEX) or the Apache project website.
• Execute the configure, make, and make install installation steps (with a few custom switches).
• Setup the httpd.conf and associated files.
• Start your newly built Apache server.
• Done!

Download Apache

The first step is to download the Apache source code, not binaries or RPMs.  We believe that using the source code gives the best performing, most flexible installation of Apache.  If you follow a few simple steps the actual “installation” procedure is not difficult, and you’ll have a good foundation to add or remove features later.

To download the source source code, go to OpenLogic Exchange (OLEX) or the Apache downloads site and look for the latest ZIP, TGZ, or BZ2 file (currently version 2.2.11).

Compiling/Installing the Source for Apache

We like to keep our source downloads in ~/Software/ so it’s easy go back and re-compile and re-install the binaries if we need to add a module or two.  With the source saved under ~/Software/httpd-2.2.11, compile Apache HTTP Server with the following configure string:

[root@coco ~]# cd ~/Software/httpd-2.2.11
[root@coco httpd-2.2.11]# "./configure"
"--enable-ssl"
"--enable-proxy"
"--enable-proxy-balancer"
"--enable-rewrite"
"--enable-headers"
"--enable-deflate"
"--enable-cache"
"--enable-expires"
"--enable-mem-cache"
"--enable-disk-cache"
"--enable-file-cache"
"--with-mpm=worker"
"--disable-cgi --disable-asis"
"--disable-autoindex"
"--disable-userdir"

Here’s a brief explanation of the configuration options shown above:

• enable-ssl: This will allow you to enable a secure port later.
• enable-proxy/enable-proxy-balancer: This will setup a connection to a back-end server like Tomcat or Mongrel
• enable-rewrite: We’re always going to need rewrite rules in the config file.
• enable-headers: We need this to enable monitoring of the server, and for mod_proxy we need to manipulate the header.
• enable-deflate: Enables the old gzip module, which will allow us to setup some content to be compressed with gzip.
• enable-cache/expires/mem-cache/disk-cache/file-cache: These are all included so we can enable the expires module.
• with-mpm=worker: We’re choosing to use the worker MPM as the default since most servers we work with have more than one CPU.  Use the prefork MPM if you’re working on a server that has only one CPU.

Next, run the following to install Apache HTTP Server:

[root@coco httpd-2.2.11]# make && make install

The Apache server should now be installed in /usr/local/apache2, which is the default installation directory.  To change the Apache installation directory you’ll need to add the –prefix=/my/directory/apache2 switch to the configure string, and then run the make && make install command as shown above.

Apache Startup Script

The easiest and fastest way to start Apache is to copy /usr/local/apache2/bin/apachectl to /etc/init.d/apache. This will allow you to do /etc/init.d/apache start|stop|restart.

If you want a script that has more feedback you can use the following:

#!/bin/bash
# httpd        Startup script for the Apache HTTP Server
# chkconfig: 2345 85 15
# description: Apache is a World Wide Web server.  It is used to serve
#              HTML files and CGI.
# processname: httpd
# config: /usr/local/apache2/conf/httpd.conf
# pidfile: /var/run/apache2.pid

# Source function library.
. /etc/rc.d/init.d/functions

# Start httpd in the C locale by default.
HTTPD_LANG=${HTTPD_LANG-"C"}

# This will prevent initlog from swallowing up a pass-phrase prompt if
# mod_ssl needs a pass-phrase from the user.
INITLOG_ARGS=""

# Path to the apachectl script, server binary, and short-form for messages.
apachectl=/usr/local/apache2/bin/apachectl
httpd=${HTTPD-/usr/local/apache2/bin/httpd}
prog=httpd
pidfile=${PIDFILE-/var/run/apache2.pid}
lockfile=${LOCKFILE-/var/lock/subsys/apache2}
RETVAL=0

start() {
 echo -n $"Starting $prog: "
 LANG=$HTTPD_LANG daemon $httpd $OPTIONS
 RETVAL=$?
 echo
 [ $RETVAL = 0 ] && touch ${lockfile}
 return $RETVAL
}
stop() {
 echo -n $"Stopping $prog: "
 killproc $httpd
 RETVAL=$?
 echo
 [ $RETVAL = 0 ] && rm -f ${lockfile} ${pidfile}
}
reload() {
 echo -n $"Reloading $prog: "
 if ! LANG=$HTTPD_LANG $httpd $OPTIONS -t >&/dev/null; then
 RETVAL=$?
 echo $"not reloading due to configuration syntax error"
 failure $"not reloading $httpd due to configuration syntax error"
 else
 killproc $httpd -HUP
 RETVAL=$?
 fi
 echo
}

# See how we were called.
case "$1" in
 start)
 start
 ;;
 stop)
 stop
 ;;
 status)
 status $httpd
 RETVAL=$?
 ;;
 restart)
 stop
 start
 ;;
 condrestart)
 if [ -f ${pidfile} ] ; then
 stop
 start
 fi
 ;;
 reload)
 reload
 ;;
 graceful|help|configtest|fullstatus)
 $apachectl $@
 RETVAL=$?
 ;;
 *)
 echo $"Usage: $prog {start|stop|restart|condrestart|reload|status|fullstatus|graceful|help|configtest}"
 exit 1
esac

exit $RETVAL

Apache Configuration File

The main configuration file we use as a template for Apache servers has a few different sections that are important to understand.

# =================================================
# Basic Settings
# =================================================
ServerName %{SERVER_NAME}
ServerRoot "/usr/local/apache2"
PidFile "/var/run/apache2.pid"
# =================================================
# Performance Settings
# =================================================
Timeout 30
KeepAlive On
MaxKeepAliveRequests 500
KeepAliveTimeout 2
<IfModule mpm_prefork_module>
 StartServers            1
 MinSpareServers         1
 MaxSpareServers         10
 MaxClients              25
 MaxRequestsPerChild     1000
</IfModule>
<IfModule mpm_worker_module>
 ServerLimit             16
 StartServers             2
 MaxClients              40
 MinSpareThreads          5
 MaxSpareThreads         20
 ThreadsPerChild         20
 MaxRequestsPerChild   5000
</IfModule>

The Basic Settings section just defines the root directory of Apache, but the Performance Settings section has a few noteworthy options.  We have a Timeout of 30 seconds, which is enough for most setups (the default of 300 is way too long).  We enable KeepAlive, but the KeepAlive timeout is only 2 seconds.  This allows each user to get their own connection, but the connection will close as soon as they download the page they requested (you can play with this timeout, but you’ll most likely want to have it set somewhere in the 1-5 sec range). Next, we setup prefork and worker based on the number of CPUs that are installed on the Apache server.

# =================================================
# General Settings
# =================================================
Listen 80
# Listen 443
User www
Group www
ServerAdmin webmaster@openlogic.com
UseCanonicalName Off
ServerTokens Prod
ServerSignature Off
HostnameLookups Off
ExtendedStatus On
# =================================================
# Modules
# =================================================
#LoadModule dummy_module /usr/lib/apache2/modules/mod_dummy.so

In the General Settings section we set Listen to port 80, but we also have port 443 as an option to choose from (we’ll show you how to setup a https/SSL/secure virtual host later).  User and Group are set to the www user, which is a system user (note that on Red Hat you create a system user with the -r switch adduser -r www).  We don’t want the server to look up hostname or show a signature to our users, so those options are disabled.  The ExtendedStatus option is enabled for monitoring reasons.  And in the Modules section, the dummy module is there in case we want to install PHP later on.

# =================================================
# Access Control
# =================================================
<Directory />
 Options FollowSymLinks
 AllowOverride None
 Order deny,allow
 Deny from all
</Directory>
<DirectoryMatch "^/.*/.svn/">
 ErrorDocument 403 /404.html
 Order allow,deny
 Deny from all
 Satisfy All
</DirectoryMatch>
<FilesMatch "^.ht">
 Order allow,deny
 Deny from all
 Satisfy All
</FilesMatch>
# =================================================
# MIME Encoding
# =================================================
DefaultType text/plain
TypesConfig conf/mime.types
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl    .crl

Needless to say, the Access Control section contains some important options.  Deny from all makes sure we have to allow access to any directory that’s used in the Apache configuration.  Then, we make sure that users don’t have access to .svn directories or .ht files.  In the MIME Encoding section we have a minimal mime.type setup for the deflate and SSL modules.

# =================================================
# Logs
# =================================================
LogLevel warn
LogFormat "%h %l %u %t "%r" %>s %b "%{Referer}i" "%{User-Agent}i"" combined
ErrorLog /usr/local/apache2/logs/error_log
# Mark requests for the robots.txt file
SetEnvIf Request_URI "^/robots.txt$" dontlog
SetEnvIf Request_URI "^/monit/token$" dontlog
# =================================================
# SSL Configuration
# =================================================
SSLPassPhraseDialog  builtin
SSLSessionCache        shmcb:/usr/local/apache2/logs/ssl_scache(512000)
SSLSessionCacheTimeout  300
SSLMutex  file:/usr/local/apache2/logs/ssl_mutex
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin

Next, we setup the LogFormat for use in our virtual hosts and the server error log file.  We also have two dontlog Env settings to remove the robot.txt and monit/token hits from the log.  (We’ll show how this is used when we create the virtual host.)  We also setup a default SSL configuration for the server.

# =================================================
# Mod Status for Monitoring
# =================================================
<VirtualHost 127.0.0.1:80>
 <Location /server-status>
 SetHandler server-status
 Order Deny,Allow
 Deny from all
 Allow from localhost
 Allow from 127.0.0.1
 </Location>
</VirtualHost>
# =================================================
# Include Extra Configs
# =================================================
Include conf/extra/httpd-myblog.com.conf

In the Mod Status for Monitoring section we get to the server monitoring setup.  We start by allowing only access from localhost, and we specify that it will only listen to the 127.0.0.1 IP.  This is a good setup for tools like GroundWork and Hyperic.  The last line includes a virtual host configuration file.  Now let’s have a look at the virtual host.

Virtual Hosts Using a Name-Based Setup

We like to configure our httpd.conf with server-wide settings while keeping it free of actual content hosting elements or mod_proxy/mod_jk configurations.  In this example we have a blog that’s running on a Ruby on Rails back-end with three Thin servers listening to ports 8000-8002 (Thin an application server that can be used for RoR as an alternative to Tomcat or Mongrel).

# --------------------------------------------------------
# Always Keep the Host Header
# --------------------------------------------------------
ProxyPreserveHost On
# --------------------------------------------------------
# Rails Cluster
# --------------------------------------------------------
<Proxy balancer://rails-cluster>
  BalancerMember http://127.0.0.1:8000
  BalancerMember http://127.0.0.1:8001
  BalancerMember http://127.0.0.1:8002
</Proxy>

This setup has three servers in a proxy_balancer cluster that you can access using balancer://rails-cluster/ just as though it was one server.

# --------------------------------------------------------
# Name-Based Virtual Hosting
# --------------------------------------------------------
NameVirtualHost *:80

<VirtualHost *:80>
 DocumentRoot "/var/www/myblog.com/current/public"
 ServerName www.myblog.com
 ServerAlias myblog.com

 # -------------------------------------------------
 # Rewrite Rules
 # -------------------------------------------------
 RewriteEngine on

 # Force www.myblog.com and make sure we use a 301 HTTP code for the
 # redirect. This is a SEO must.
 RewriteCond %{HTTP_HOST}   !^www.myblog.com [NC]
 RewriteCond %{HTTP_HOST}   !^$
 RewriteRule ^/(.*)         http://www.myblog.com/$1 [L,R=301]

 # --------------------------------------------------------
 # List of URLs Not to Proxy
 # --------------------------------------------------------
 ProxyPass /system !
 ProxyPass /images !
 ProxyPass /stylesheets !
 ProxyPass /javascripts !
 ProxyPass /monit/token !
 # Send everything else to the proxy_balancer cluster of rails servers
 ProxyPass / balancer://rails-cluster/
 ProxyPassReverse / balancer://rails-cluster/

 <Directory "/var/www/myblog.com/current/public">
  Options FollowSymLinks
  AllowOverride None
  Order allow,deny
  Allow from all
 </Directory>
 # Before you restart the server you need to create the logs/myblog.com
 # directory.
 # We are also adding the dontlog environment variable here to stop
 # logging the set entries. (This is configured in your httpd.conf)
 ErrorLog  "logs/myblog.com/error_log"
 CustomLog "logs/myblog.com/access_log" combined env=!dontlog

 # --------------------------------------------------------
 # Deflate Module Configuration
 # --------------------------------------------------------
 <IfModule deflate_module>
  AddOutputFilterByType DEFLATE text/plain
  AddOutputFilterByType DEFLATE text/xml
  AddOutputFilterByType DEFLATE application/xhtml+xml
  AddOutputFilterByType DEFLATE text/css
  AddOutputFilterByType DEFLATE application/xml
  AddOutputFilterByType DEFLATE image/svg+xml
  AddOutputFilterByType DEFLATE application/rss+xml
  AddOutputFilterByType DEFLATE application/atom_xml
  AddOutputFilterByType DEFLATE application/javascript
  AddOutputFilterByType DEFLATE application/x-javascript
  AddOutputFilterByType DEFLATE application/x-httpd-php
  AddOutputFilterByType DEFLATE application/x-httpd-fastphp
  AddOutputFilterByType DEFLATE application/x-httpd-eruby
  AddOutputFilterByType DEFLATE text/html
  BrowserMatch ^Mozilla/4 gzip-only-text/html
  BrowserMatch ^Mozilla/4.0[678] no-gzip
 </IfModule>
 # =============================================
 # Configure Expires Module
 # =============================================
 <IfModule mod_expires.c>
  ExpiresActive On
  ExpiresDefault "access plus 1 seconds"
  ExpiresByType text/html "access plus 1 seconds"
  ExpiresByType image/gif "access plus 1 week"
  ExpiresByType image/jpeg "access plus 1 week"
  ExpiresByType image/png "access plus 1 week"
  ExpiresByType text/css "access plus 1 week"
  ExpiresByType text/javascript "access plus 1 week"
  ExpiresByType application/x-javascript "access plus 1 week"
  ExpiresByType text/xml "access plus 1 seconds"
 </IfModule>
</VirtualHost>

There’s a lot of information here, so lets take it step by step.  First, we setup a server with the name www.myblog.com that also listens to myblog.com, but by using mod_rewrite we force everyone to www.myblog.com with a 301 redirect.  Next, we setup all of the static content that we want Apache to serve from the local file system using ProxyPass with a ! to say “do not proxypass” these directories, and then we send everything else to the balancer cluster.  We setup the access rights to the static directory where our content (like images, JavaScript, uploaded files, and CSS) is stored.  Then, we setup the virtualhosts log file in its own directory inside the logs directory.  The mod_deflate and mod_expires configurations work for most setups, but this piece needs to be monitored and tuned to your setup.  We’ve seen the mod_expires setup cause problems using Rails and authentication.

Now, off to a secure.myblog.com virtual host:

<VirtualHost _default_:443>
 DocumentRoot "/var/www/myblog.com/current/public"
 ServerName secure.myblog.com
 ServerAlias www.myblog.com myblog.com
 RewriteCond %{HTTP_HOST}   !^secure.myblog.com [NC]
 RewriteCond %{HTTP_HOST}   !^$
 RewriteRule ^/(.*)         https://secure.myblog.com/$1 [L,R=301]
 # --------------------------------------------------------
 # List of URLs Not to Proxy
 # --------------------------------------------------------
 ProxyPass /system !
 ProxyPass /images !
 ProxyPass /stylesheets !
 ProxyPass /javascripts !
 ProxyPass / balancer://rails-cluster/
 ProxyPassReverse / balancer://rails-cluster/

 ErrorLog  "logs/myblog.com/error_log"
 CustomLog "logs/myblog.com/access_log" combined env=!donlog

 # --------------------------------------------------------
 # SSL Certificates
 # --------------------------------------------------------
 SSLEngine on
 SSLCertificateFile    /usr/local/apache2/ssl/secure.myblog.com.crt
 SSLCertificateKeyFile /usr/local/apache2/ssl/secure.myblog.com.key
 # --------------------------------------------------------
 # Deflate Module Configuration
 # --------------------------------------------------------
 <IfModule deflate_module>
  AddOutputFilterByType DEFLATE text/plain
  AddOutputFilterByType DEFLATE text/xml
  AddOutputFilterByType DEFLATE application/xhtml+xml
  AddOutputFilterByType DEFLATE text/css
  AddOutputFilterByType DEFLATE application/xml
  AddOutputFilterByType DEFLATE image/svg+xml
  AddOutputFilterByType DEFLATE application/rss+xml
  AddOutputFilterByType DEFLATE application/atom_xml
  AddOutputFilterByType DEFLATE application/javascript
  AddOutputFilterByType DEFLATE application/x-javascript
  AddOutputFilterByType DEFLATE application/x-httpd-php
  AddOutputFilterByType DEFLATE application/x-httpd-fastphp
  AddOutputFilterByType DEFLATE application/x-httpd-eruby
  AddOutputFilterByType DEFLATE text/html
  BrowserMatch ^Mozilla/4 gzip-only-text/html
  BrowserMatch ^Mozilla/4.0[678] no-gzip
 </IfModule>
 # =============================================
 # Configure Expires Module
 # =============================================
 <IfModule mod_expires.c>
  ExpiresActive On
  ExpiresDefault "access plus 1 seconds"
  ExpiresByType text/html "access plus 1 seconds"
  ExpiresByType image/gif "access plus 1 week"
  ExpiresByType image/jpeg "access plus 1 week"
  ExpiresByType image/png "access plus 1 week"
  ExpiresByType text/css "access plus 1 week"
  ExpiresByType text/javascript "access plus 1 week"
  ExpiresByType application/x-javascript "access plus 1 week"
  ExpiresByType text/xml "access plus 1 seconds"
 </IfModule>
 # --------------------------------------------------------
 # Document Root /
 # --------------------------------------------------------
 <Directory "/var/www/myblog.com/current/public">
  Options FollowSymLinks
  AllowOverride None
  Order allow,deny
  Allow from all
 </Directory>
 # -------------------------------------------------
 # Fixing Yet Another IE 6 Bug
 # -------------------------------------------------
 BrowserMatch ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
 # -------------------------------------------------
 # Add this to the request header so that
 # Rails puts the correct redirect in place
 # -------------------------------------------------
 RequestHeader set X_FORWARDED_PROTO 'https'
</VirtualHost>

This is very similar to the port 80 virtual host of the same name.  The biggest difference is with the SSL certificates and the bottom SSL/https settings to fix issues with Mongrel/Rails and IE6.  You can’t configure mod_expires and mod_deflate in the main configuration file and have the virtual host inheret the configuration, so the best solution to be dry is to put these settings in their own mod_deflate.conf and mod_expires.conf and then include the named configuration files in each virtualhosts configuration file like so:

Include conf/mod_deflate.conf
Include conf/mod_expires.conf

Finishing Up

Apache with mod_proxy rocks.  After working through the above steps we have an Apache installation that is ready to be expanded to a high performance web server or proxy server, or both.  We like to start with this setup and then build from here.  If you need to get more concurrent clients and throughput on your Apache server, take a look at your available memory and CPU cycles and consider doing something like this:

<IfModule mpm_worker_module>
  ThreadLimit 100
  StartServers 5
  MaxClients 1000
  MinSpareThreads 100
  MaxSpareThreads 1000
  ThreadsPerChild 100
  MaxRequestsPerChild 0
</IfModule>

This is a high threads and low processes setup, and to get the number of processes that Apache will use simply divide MaxClients by ThreadPerChild.  So, this gives us 10 processes each with a maximum of 100 threads, with a maximum of 1000 clients total.  Depending on the server and type of content that you are serving you can load test and increase these settings if you need more than 1000 concurrent users.

We’re very big fans of mod_proxy, and we use mod_proxy_ajp in place of mod_jk every chance we get.  We also talk a lot of customers into using mod_proxy over mod_jk if they’re using Apache 2.2.x.

Using this setup to include the virtual hosts that the server runs, it’s easy to add and remove new websites.  It also provides a good overview of what’s running on the server.

I have installed apache 2.2 on RHEL 5.7. It is working over ssl connection. I want to use rotatelog feature provided by apache.
My httpd.conf file for specifying logs location is as below :

ErrorLog “|/apps/apache/bin/rotatelogs /mnt/nfs4/logs/apache/error_log.%Y-%m-%d 10M”
<IfModule log_config_module>
LogFormat “%h %l %u %t \”%r\” %>s %b \”%{Referer}i\” \”%{User-Agent}i\”” combined
LogFormat “%h %l %u %t \”%r\” %>s %b” common

<IfModule logio_module>
# You need to enable mod_logio.c to use %I and %O
LogFormat “%h %l %u %t \”%r\” %>s %b \”%{Referer}i\” \”%{User-Agent}i\” %I %O” combinedio
</IfModule>

CustomLog “|/apps/apache/bin/rotatelogs /mnt/nfs4/logs/apache/access_log.%Y-%m-%d 50K” combine
</IfModule>

Configuration file for ssl is httpd-ssl.conf. It contains following entry for log :

ErrorLog “/mnt/nfs4/logs/apache/error_log”
TransferLog “/mnt/nfs4/logs/apache/access_log”
CustomLog “|/apps/apache/bin/rotatelogs /mnt/nfs4/logs/apache/ssl_request_log.%Y-%m-%d 5M” \
“%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \”%r\” %b”

ErrorLog   “|/usr/local/apache2.22/bin/rotatelogs /usr/local/apache2.22/logs/error_log.%Y-%m-%d 10M”

CustomLog “|/usr/local/apache2.22/bin/rotatelogs /usr/local/apache2.22/logs/access_log.%Y-%m-%d 50M” common

SSLLOGS

ErrorLog    “|/usr/local/apache2.22/bin/rotatelogs  /usr/local/apache2.22/logs/ssl_error_log.%Y-%m-%d 100M”
TransferLog “|/usr/local/apache2.22/bin/rotatelogs /usr/local/apache2.22/logs/ssl_access_log.%Y-%m-%d 100M”

CustomLog “| /usr/local/apache2.22/bin/rotatelogs /usr/local/apache2.22/logs/ssl_request_log.%Y-%m-%d 100M” \
          “%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \”%r\” %b”

 1) Install Cronolog.  You can download it here:
http://cronolog.org/download/index.html

The installation is pretty straightforward with the standard commands

Linux# ./configure
Linux# make
Linux# make install

2) Add these lines to your httpd.conf file (and don$B!G(Bt forget to comment out
the ErrorLog and CustomlLog lines that you$B!G(Bre replacing):

ErrorLog $B!H(B|/usr/local/sbin/cronolog -l /var/log/httpd/Ryans-error_log
/var/log/httpd/Ryans-error_log-%Y-%m-%d$B!I(B

CustomLog $B!H(B|/usr/local/sbin/cronolog -l /var/log/httpd/Ryans-access_log
/var/log/httpd/Ryans-access_log-%Y-%m-%d$B!I(B combined

3) Restart your httpd server.

Linux# /etc/init.d/httpd restart

almost exclusively use cronolog over logrotate. Logrotate comes with Debian,
and I allow it to keep working for the system services like the mail server
logs. But for apache and lighttpd log files, it’s all cronolog.

One of of the reasons why I use cronolog is that all the configuration
happens in the log-file line of the web server config

e.g. in a lighttpd config file, you could put :

accesslog.filename = “|/usr/bin/cronolog –symlink=”/var/log/webs/access.log
/var/log/webs/%Y/%W-access.log”

And all get a a new log file every week without any other configuration. Or
you could get creative and do something like :

accesslog.filename = “|/usr/bin/cronolog –symlink=”/var/log/webs/access.log
/var/l

is would work:

ErrorLog  “|/usr/bin/cronolog /path/to/logs/%Y-%m-%d/error.log”
CustomLog “|/usr/bin/cronolog /path/to/logs/%Y-%m-%d/access.log” combined

  How do I rotate log files under Linux operating system?

ou need use tool called logrotate, which is designed to ease administration of systems that generate large numbers of log files. It allows automatic rotation, compression, removal, and mailing of log files.

Each log file may be handled daily, weekly, monthly, or when it grows too large. With this tool you keep logs longer with less disk space.

Default configuration file

The default configuration file is /etc/logrotate.conf:
# see "man logrotate" for details
# rotate log files weekly
weekly
# keep 4 weeks worth of backlogs
rotate 4
# create new (empty) log files after rotating old ones
create
# uncomment this if you want your log files compressed
#compress
# RPM packages drop log rotation information into this directory
include /etc/logrotate.d
# no packages own wtmp -- we'll rotate them here
/var/log/wtmp {
monthly
create 0664 root utmp
rotate 1
}Service or server specific configurations stored in /etc/logrotate.d directory, for example here is sample apache logrotate configuration file:# cat /etc/logrotate.d/httpdOutput:

/var/log/httpd/*.log {
 weekly
 rotate 52
 compress
  missingok
  notifempty
  sharedscripts
  postrotate
      /bin/kill -HUP `cat /var/run/httpd.pid 2>/dev/null` 2> /dev/null || true    endscript
}

Where,

• weekly : Log files are rotated if the current weekday is less then the weekday of the last rotation or if more then a week has passed since the last rotation.
• rotate 52 : Log files are rotated 52 times before being removed or mailed to the address specified in a mail directive. If count is 0, old versions are removed rather then rotated.
• compress : Old versions of log files are compressed with gzip to save disk space.
• missingok : If the log file is missing, go on to the next one without issuing an error message.
• notifempty : Do not rotate the log if it is empty
• sharedscripts : Normally, prerotate and postrotate scripts are run for each log which is rotated, meaning that a single script may be run multiple times for log file entries which match multiple files. If sharedscript is specified, the scripts are only run once, no matter how many logs match the wildcarded pattern. However, if none of the logs in the pattern require rotating, the scripts will not be run at all.
• postrotate
  /bin/kill -HUP `cat /var/run/httpd.pid 2>/dev/null` 2> /dev/null || true
  endscript : The lines between postrotate and endscript (both of which must appear on lines by themselves) are executed after the log file is rotated. These directives may only appear inside a log file definition.

Modular structure of apache is one of the reason for its global dominance among webservers.We have the flexibility to adding or droping modules.Before we deal with apache prefork MPM we need to have a basic idea about apache Multi Processing Modules,Multi processing Modules (MPM) are the multiple request (hundreds to kilos) handling ‘department’ of apache.We can compare MPM as ‘valve’ of apache , it accept requests, spawn the child processes according to the inflow of requests and assign the child process for the incoming connections.
Worker and Prefork are two major MPMs used in Linux platform.Both have their own pros and cons. Prefork is a non-threaded MPM while Worker is a threaded MPM. i.e prefork will generate pre-defined number of httpd procesesses(StartServers parameter) during startup and dispatch more child processes as the request increases. But in the case threaded worker MPM it will startup pre-defined number of httpd processes and a single process will hadle multiple connections.

Since prefork have a one process per thread structure it can provide isolation among different connections. So we can say that it is more secure at the cost of more RAM and CPU power. Worker MPM needs less RAM and CPU power but does not provide same level of request-to-request isolation as a process-based MPM does.Now let us look in to the prefork MPM tuning which is more common MPM than worker.

Prefork Directives

Example for prefork directives

StartServers 8
MinSpareServers 5
MaxSpareServers 10
MaxClients 30
MaxRequestsPerChild 500

StartServers : Number of apache child processes generated during the apache startup.

MinSpareServers: Spare servers are child processes in idle(not handling any requests). If the total idle processes are less than
MinSpareServers directive then apache parent process will create child processes up to MinSpareServers .

MaxSpareServers: If the total idle child processes is more than this directive , then parent pocess will kill additional idle processes.

MaxClients: This is the most important MPM directive for tuning apache performance.Parent process will dynamically spawn new child processes as the incoming request raises. MaxClients is the maximum child processes created for handling requests or in other words it is the max simultaneous requests apache can handle. This value should be optimal. If it is too low apache can only handle few requests and excess requests will be queued and it may get timed out.If it is too high server will begin to swap and it seriously affects entire server performance.

MaxRequestsPerChild: After handling this much requests child process will die .MaxRequestsPerChild is the requests that a child process will handle in its life time.If it is too low in a busy server, apache will utilize a good CPU power for killing and spawning new child processes which may cause more CPU burden. But at the same time it is always good to recycle it in a timely manner, otherwise it may cause common issues like memory leak , process bloat etc.

How to set MaxClients.

Before choosing a value we need to analyze the server , i.e check the RAM size and applications running other than apache like mysql , java applications etc. Then roughly calculate the memory dedicated for those applications . For example ,we might have defined innodb buffer spool size for mysql and java heap size for java applications . Substract that much memory from total RAM size. Suppose you have 2 GB RAM and 500 MB allocated for mysql(it depends on your DB size) and 250 for java and reserved some memory for system applications ,in this setup we can reserve memory up to 1 GB for apache . On next step we need to calculate avereage process memory usage for apache. For calculating it , during the peak traffic time run the following command

ps aux| awk ‘/apach[e]/{total+=$6}END{print total}’ this calculates total physical memory used by all apache process , to calculate average memory usage ,devide above value with total apache processes .
Finally we can optimize MaxClients value by deviding memory reserved for apache (1G) by process’s average memory usage. (Lets imagine its 35M here) .

MaxClients <= 1G/35 M = 30. We can reduce avg memory usage by removing unwanted apache modules and using php cache like PHP op-code cache/accelerator .If serever have good traffic, then fix the MaxRequestsPerChild deirective some higher values like 2000. Thoroughly observe server for some days after tuning , some time you need to tweak it 2 – 3 times for getting the best result. Good Luck!