{"id":1410,"date":"2012-09-11T16:19:33","date_gmt":"2012-09-11T08:19:33","guid":{"rendered":"http:\/\/rmohan.com\/?p=1410"},"modified":"2012-09-12T09:25:10","modified_gmt":"2012-09-12T01:25:10","slug":"installing-apache-http-server-with-a-quick-start-config","status":"publish","type":"post","link":"https:\/\/mohan.sg\/?p=1410","title":{"rendered":"Installing Apache HTTP Server with a Quick-Start Config"},"content":{"rendered":"<p>The <a href=\"http:\/\/olex.openlogic.com\/packages\/apache\">Apache HTTP Server<\/a> has been the <a href=\"http:\/\/httpd.apache.org\/\" target=\"_blank\">most popular web server on the Internet since April 1996<\/a> and is one of the most widely used open source software packages.\u00a0 In fact, the <a href=\"http:\/\/news.netcraft.com\/archives\/2009\/06\/17\/june_2009_web_server_survey.html\" target=\"_blank\">latest Netcraft Web Server Survey<\/a> reports that more than half of all active web sites use Apache, making it more widely used than all other Web servers combined.\u00a0 So it\u2019s no surprise that we get lots of questions about Apache HTTP Server installation procedures.\u00a0 Fortunately, we have tons of experience with Apache installations, and we\u2019ve distilled our years of experience into this handy tutorial.<\/p>\n<h2>Before You Start<\/h2>\n<p>This article assumes that you have Red Hat\/CentOS Linux with a proper build environment setup.\u00a0 If you do not have <a href=\"http:\/\/olex.openlogic.com\/packages\/gcc\">GCC<\/a> installed you can get this with all the required packages like this:<\/p>\n<pre>yum groupinstall \"Development Libraries\"<\/pre>\n<p>You should now be ready to install Apache!<\/p>\n<h2>Meat &amp; Potatoes<\/h2>\n<p>When we install Apache HTTP Server either for ourselves a client \u2014 small or large \u2014 we follow a \u201cstandard\u201d configuration setup that\u2019s very easy to build on later.\u00a0 For the most part we use CentOS or Red Hat Enterprise edition servers, but these steps should work on any Unix system.\u00a0 This might not be true for AIX, which requires a little more hand-holding to make sure the compiler is installed correctly.<\/p>\n<p>The steps we\u2019ll cover in this article are:<\/p>\n<ul>\n<li>Download the source code for the latest version of Apache (currently 2.2.11) from OpenLogic Exchange (OLEX) or the Apache project website.<\/li>\n<li>Execute the configure, make, and make install installation steps (with a few custom switches).<\/li>\n<li>Setup the httpd.conf and associated files.<\/li>\n<li>Start your newly built Apache server.<\/li>\n<li>Done!<\/li>\n<\/ul>\n<h3>Download Apache<\/h3>\n<p>The first step is to download the Apache source code, not binaries or RPMs.\u00a0 We believe that using the source code gives the best performing, most flexible installation of Apache.\u00a0 If you follow a few simple steps the actual \u201cinstallation\u201d procedure is not difficult, and you\u2019ll have a good foundation to add or remove features later.<\/p>\n<p>To download the source source code, go to <a href=\"http:\/\/olex.openlogic.com\/packages\/apache\">OpenLogic Exchange (OLEX)<\/a> or the <a href=\"http:\/\/httpd.apache.org\/download.cgi\" target=\"_blank\">Apache downloads site<\/a> and look for the latest ZIP, TGZ, or BZ2 file (currently version 2.2.11).<\/p>\n<h3>Compiling\/Installing the Source for Apache<\/h3>\n<p>We like to keep our source downloads in ~\/Software\/ so it\u2019s easy go back and re-compile and re-install the binaries if we need to add a module or two.\u00a0 With the source saved under ~\/Software\/httpd-2.2.11, compile Apache HTTP Server with the following configure string:<\/p>\n<pre>[root@coco ~]# cd ~\/Software\/httpd-2.2.11\r\n[root@coco httpd-2.2.11]# \".\/configure\"\r\n\"--enable-ssl\"\r\n\"--enable-proxy\"\r\n\"--enable-proxy-balancer\"\r\n\"--enable-rewrite\"\r\n\"--enable-headers\"\r\n\"--enable-deflate\"\r\n\"--enable-cache\"\r\n\"--enable-expires\"\r\n\"--enable-mem-cache\"\r\n\"--enable-disk-cache\"\r\n\"--enable-file-cache\"\r\n\"--with-mpm=worker\"\r\n\"--disable-cgi --disable-asis\"\r\n\"--disable-autoindex\"\r\n\"--disable-userdir\"<\/pre>\n<p>Here\u2019s a brief explanation of the configuration options shown above:<\/p>\n<ul>\n<li><strong>enable-ssl<\/strong>: This will allow you to enable a secure port later.<\/li>\n<li><strong>enable-proxy\/enable-proxy-balancer<\/strong>: This will setup a connection to a back-end server like <a href=\"http:\/\/olex.openlogic.com\/packages\/tomcat\">Tomcat<\/a> or <a href=\"http:\/\/olex.openlogic.com\/packages\/mongrel\">Mongrel<\/a><\/li>\n<li><strong>enable-rewrite<\/strong>: We\u2019re always going to need rewrite rules in the config file.<\/li>\n<li><strong>enable-headers<\/strong>: We need this to enable monitoring of the server, and for mod_proxy we need to manipulate the header.<\/li>\n<li><strong>enable-deflate<\/strong>: Enables the old gzip module, which will allow us to setup some content to be compressed with gzip.<\/li>\n<li><strong>enable-cache\/expires\/mem-cache\/disk-cache\/file-cache<\/strong>: These are all included so we can enable the expires module.<\/li>\n<li><strong>with-mpm=worker<\/strong>: We\u2019re choosing to use the worker MPM as the default since most servers we work with have more than one CPU.\u00a0 Use the prefork MPM if you\u2019re working on a server that has only one CPU.<\/li>\n<\/ul>\n<p>Next, run the following to install Apache HTTP Server:<\/p>\n<pre>[root@coco httpd-2.2.11]# make &amp;&amp; make install<\/pre>\n<p>The Apache server should now be installed in <strong>\/usr\/local\/apache2<\/strong>, which is the default installation directory.\u00a0 To change the Apache installation directory you\u2019ll need to add the \u2013prefix=\/my\/directory\/apache2 switch to the configure string, and then run the make &amp;&amp; make install command as shown above.<\/p>\n<h3>Apache Startup Script<\/h3>\n<p>The easiest and fastest way to start Apache is to copy \/usr\/local\/apache2\/bin\/apachectl to \/etc\/init.d\/apache. This will allow you to do \/etc\/init.d\/apache start|stop|restart.<\/p>\n<p>If you want a script that has more feedback you can use the following:<\/p>\n<pre>#!\/bin\/bash\r\n# httpd        Startup script for the Apache HTTP Server\r\n# chkconfig: 2345 85 15\r\n# description: Apache is a World Wide Web server.  It is used to serve\r\n#              HTML files and CGI.\r\n# processname: httpd\r\n# config: \/usr\/local\/apache2\/conf\/httpd.conf\r\n# pidfile: \/var\/run\/apache2.pid\r\n\r\n# Source function library.\r\n. \/etc\/rc.d\/init.d\/functions\r\n\r\n# Start httpd in the C locale by default.\r\nHTTPD_LANG=${HTTPD_LANG-\"C\"}\r\n\r\n# This will prevent initlog from swallowing up a pass-phrase prompt if\r\n# mod_ssl needs a pass-phrase from the user.\r\nINITLOG_ARGS=\"\"\r\n\r\n# Path to the apachectl script, server binary, and short-form for messages.\r\napachectl=\/usr\/local\/apache2\/bin\/apachectl\r\nhttpd=${HTTPD-\/usr\/local\/apache2\/bin\/httpd}\r\nprog=httpd\r\npidfile=${PIDFILE-\/var\/run\/apache2.pid}\r\nlockfile=${LOCKFILE-\/var\/lock\/subsys\/apache2}\r\nRETVAL=0\r\n\r\nstart() {\r\n echo -n $\"Starting $prog: \"\r\n LANG=$HTTPD_LANG daemon $httpd $OPTIONS\r\n RETVAL=$?\r\n echo\r\n [ $RETVAL = 0 ] &amp;&amp; touch ${lockfile}\r\n return $RETVAL\r\n}\r\nstop() {\r\n echo -n $\"Stopping $prog: \"\r\n killproc $httpd\r\n RETVAL=$?\r\n echo\r\n [ $RETVAL = 0 ] &amp;&amp; rm -f ${lockfile} ${pidfile}\r\n}\r\nreload() {\r\n echo -n $\"Reloading $prog: \"\r\n if ! LANG=$HTTPD_LANG $httpd $OPTIONS -t &gt;&amp;\/dev\/null; then\r\n RETVAL=$?\r\n echo $\"not reloading due to configuration syntax error\"\r\n failure $\"not reloading $httpd due to configuration syntax error\"\r\n else\r\n killproc $httpd -HUP\r\n RETVAL=$?\r\n fi\r\n echo\r\n}\r\n\r\n# See how we were called.\r\ncase \"$1\" in\r\n start)\r\n start\r\n ;;\r\n stop)\r\n stop\r\n ;;\r\n status)\r\n status $httpd\r\n RETVAL=$?\r\n ;;\r\n restart)\r\n stop\r\n start\r\n ;;\r\n condrestart)\r\n if [ -f ${pidfile} ] ; then\r\n stop\r\n start\r\n fi\r\n ;;\r\n reload)\r\n reload\r\n ;;\r\n graceful|help|configtest|fullstatus)\r\n $apachectl $@\r\n RETVAL=$?\r\n ;;\r\n *)\r\n echo $\"Usage: $prog {start|stop|restart|condrestart|reload|status|fullstatus|graceful|help|configtest}\"\r\n exit 1\r\nesac\r\n\r\nexit $RETVAL<\/pre>\n<h3>Apache Configuration File<\/h3>\n<p>The main configuration file we use as a template for Apache servers has a few different sections that are important to understand.<\/p>\n<pre># =================================================\r\n# Basic Settings\r\n# =================================================\r\nServerName %{SERVER_NAME}\r\nServerRoot \"\/usr\/local\/apache2\"\r\nPidFile \"\/var\/run\/apache2.pid\"\r\n# =================================================\r\n# Performance Settings\r\n# =================================================\r\nTimeout 30\r\nKeepAlive On\r\nMaxKeepAliveRequests 500\r\nKeepAliveTimeout 2\r\n&lt;IfModule mpm_prefork_module&gt;\r\n StartServers            1\r\n MinSpareServers         1\r\n MaxSpareServers         10\r\n MaxClients              25\r\n MaxRequestsPerChild     1000\r\n&lt;\/IfModule&gt;\r\n&lt;IfModule mpm_worker_module&gt;\r\n ServerLimit             16\r\n StartServers             2\r\n MaxClients              40\r\n MinSpareThreads          5\r\n MaxSpareThreads         20\r\n ThreadsPerChild         20\r\n MaxRequestsPerChild   5000\r\n&lt;\/IfModule&gt;<\/pre>\n<p>The Basic Settings section just defines the root directory of Apache, but the Performance Settings section has a few noteworthy options.\u00a0 We have a Timeout of 30 seconds, which is enough for most setups (the default of 300 is way too long).\u00a0 We enable KeepAlive, but the KeepAlive timeout is only 2 seconds.\u00a0 This allows each user to get their own connection, but the connection will close as soon as they download the page they requested (you can play with this timeout, but you\u2019ll most likely want to have it set somewhere in the 1-5 sec range). Next, we setup prefork and worker based on the number of CPUs that are installed on the Apache server.<\/p>\n<pre># =================================================\r\n# General Settings\r\n# =================================================\r\nListen 80\r\n# Listen 443\r\nUser www\r\nGroup www\r\nServerAdmin webmaster@openlogic.com\r\nUseCanonicalName Off\r\nServerTokens Prod\r\nServerSignature Off\r\nHostnameLookups Off\r\nExtendedStatus On\r\n# =================================================\r\n# Modules\r\n# =================================================\r\n#LoadModule dummy_module \/usr\/lib\/apache2\/modules\/mod_dummy.so<\/pre>\n<p>In the General Settings section we set Listen to port 80, but we also have port 443 as an option to choose from (we\u2019ll show you how to setup a https\/SSL\/secure virtual host later).\u00a0 User and Group are set to the www user, which is a system user (note that on Red Hat you create a system user with the -r switch <em>adduser -r www<\/em>).\u00a0 We don\u2019t want the server to look up hostname or show a signature to our users, so those options are disabled.\u00a0 The ExtendedStatus option is enabled for monitoring reasons.\u00a0 And in the Modules section, the dummy module is there in case we want to install <a href=\"http:\/\/olex.openlogic.com\/packages\/php\">PHP<\/a> later on.<\/p>\n<pre># =================================================\r\n# Access Control\r\n# =================================================\r\n&lt;Directory \/&gt;\r\n Options FollowSymLinks\r\n AllowOverride None\r\n Order deny,allow\r\n Deny from all\r\n&lt;\/Directory&gt;\r\n&lt;DirectoryMatch \"^\/.*\/.svn\/\"&gt;\r\n ErrorDocument 403 \/404.html\r\n Order allow,deny\r\n Deny from all\r\n Satisfy All\r\n&lt;\/DirectoryMatch&gt;\r\n&lt;FilesMatch \"^.ht\"&gt;\r\n Order allow,deny\r\n Deny from all\r\n Satisfy All\r\n&lt;\/FilesMatch&gt;\r\n# =================================================\r\n# MIME Encoding\r\n# =================================================\r\nDefaultType text\/plain\r\nTypesConfig conf\/mime.types\r\nAddType application\/x-compress .Z\r\nAddType application\/x-gzip .gz .tgz\r\nAddType application\/x-x509-ca-cert .crt\r\nAddType application\/x-pkcs7-crl    .crl<\/pre>\n<p>Needless to say, the Access Control section contains some important options.\u00a0 Deny from all makes sure we have to allow access to any directory that\u2019s used in the Apache configuration.\u00a0 Then, we make sure that users don\u2019t have access to .svn directories or .ht files.\u00a0 In the MIME Encoding section we have a minimal mime.type setup for the deflate and SSL modules.<\/p>\n<pre># =================================================\r\n# Logs\r\n# =================================================\r\nLogLevel warn\r\nLogFormat \"%h %l %u %t \"%r\" %&gt;s %b \"%{Referer}i\" \"%{User-Agent}i\"\" combined\r\nErrorLog \/usr\/local\/apache2\/logs\/error_log\r\n# Mark requests for the robots.txt file\r\nSetEnvIf Request_URI \"^\/robots.txt$\" dontlog\r\nSetEnvIf Request_URI \"^\/monit\/token$\" dontlog\r\n# =================================================\r\n# SSL Configuration\r\n# =================================================\r\nSSLPassPhraseDialog  builtin\r\nSSLSessionCache        shmcb:\/usr\/local\/apache2\/logs\/ssl_scache(512000)\r\nSSLSessionCacheTimeout  300\r\nSSLMutex  file:\/usr\/local\/apache2\/logs\/ssl_mutex\r\nSSLRandomSeed startup builtin\r\nSSLRandomSeed connect builtin<\/pre>\n<p>Next, we setup the LogFormat for use in our virtual hosts and the server error log file.\u00a0 We also have two dontlog Env settings to remove the robot.txt and monit\/token hits from the log.\u00a0 (We\u2019ll show how this is used when we create the virtual host.)\u00a0 We also setup a default SSL configuration for the server.<\/p>\n<pre># =================================================\r\n# Mod Status for Monitoring\r\n# =================================================\r\n&lt;VirtualHost 127.0.0.1:80&gt;\r\n &lt;Location \/server-status&gt;\r\n SetHandler server-status\r\n Order Deny,Allow\r\n Deny from all\r\n Allow from localhost\r\n Allow from 127.0.0.1\r\n &lt;\/Location&gt;\r\n&lt;\/VirtualHost&gt;\r\n# =================================================\r\n# Include Extra Configs\r\n# =================================================\r\nInclude conf\/extra\/httpd-myblog.com.conf<\/pre>\n<p>In the Mod Status for Monitoring section we get to the server monitoring setup.\u00a0 We start by allowing only access from localhost, and we specify that it will only listen to the 127.0.0.1 IP.\u00a0 This is a good setup for tools like <a href=\"http:\/\/olex.openlogic.com\/packages\/groundwork\">GroundWork<\/a> and <a href=\"http:\/\/olex.openlogic.com\/packages\/hyperic-hq\">Hyperic<\/a>.\u00a0 The last line includes a virtual host configuration file.\u00a0 Now let\u2019s have a look at the virtual host.<\/p>\n<h4>Virtual Hosts Using a Name-Based Setup<\/h4>\n<p>We like to configure our httpd.conf with server-wide settings while keeping it free of actual content hosting elements or mod_proxy\/mod_jk configurations.\u00a0 In this example we have a blog that\u2019s running on a <a href=\"http:\/\/olex.openlogic.com\/packages\/ruby\">Ruby<\/a> on <a href=\"http:\/\/olex.openlogic.com\/packages\/ruby\">Rails<\/a> back-end with three Thin servers listening to ports 8000-8002 (Thin an application server that can be used for RoR as an alternative to Tomcat or Mongrel).<\/p>\n<pre># --------------------------------------------------------\r\n# Always Keep the Host Header\r\n# --------------------------------------------------------\r\nProxyPreserveHost On\r\n# --------------------------------------------------------\r\n# Rails Cluster\r\n# --------------------------------------------------------\r\n&lt;Proxy balancer:\/\/rails-cluster&gt;\r\n  BalancerMember http:\/\/127.0.0.1:8000\r\n  BalancerMember http:\/\/127.0.0.1:8001\r\n  BalancerMember http:\/\/127.0.0.1:8002\r\n&lt;\/Proxy&gt;<\/pre>\n<p>This setup has three servers in a proxy_balancer cluster that you can access using balancer:\/\/rails-cluster\/ just as though it was one server.<\/p>\n<pre># --------------------------------------------------------\r\n# Name-Based Virtual Hosting\r\n# --------------------------------------------------------\r\nNameVirtualHost *:80\r\n\r\n&lt;VirtualHost *:80&gt;\r\n DocumentRoot \"\/var\/www\/myblog.com\/current\/public\"\r\n ServerName www.myblog.com\r\n ServerAlias myblog.com\r\n\r\n # -------------------------------------------------\r\n # Rewrite Rules\r\n # -------------------------------------------------\r\n RewriteEngine on\r\n\r\n # Force www.myblog.com and make sure we use a 301 HTTP code for the\r\n # redirect. This is a SEO must.\r\n RewriteCond %{HTTP_HOST}   !^www.myblog.com [NC]\r\n RewriteCond %{HTTP_HOST}   !^$\r\n RewriteRule ^\/(.*)         http:\/\/www.myblog.com\/$1 [L,R=301]\r\n\r\n # --------------------------------------------------------\r\n # List of URLs Not to Proxy\r\n # --------------------------------------------------------\r\n ProxyPass \/system !\r\n ProxyPass \/images !\r\n ProxyPass \/stylesheets !\r\n ProxyPass \/javascripts !\r\n ProxyPass \/monit\/token !\r\n # Send everything else to the proxy_balancer cluster of rails servers\r\n ProxyPass \/ balancer:\/\/rails-cluster\/\r\n ProxyPassReverse \/ balancer:\/\/rails-cluster\/\r\n\r\n &lt;Directory \"\/var\/www\/myblog.com\/current\/public\"&gt;\r\n  Options FollowSymLinks\r\n  AllowOverride None\r\n  Order allow,deny\r\n  Allow from all\r\n &lt;\/Directory&gt;\r\n # Before you restart the server you need to create the logs\/myblog.com\r\n # directory.\r\n # We are also adding the dontlog environment variable here to stop\r\n # logging the set entries. (This is configured in your httpd.conf)\r\n ErrorLog  \"logs\/myblog.com\/error_log\"\r\n CustomLog \"logs\/myblog.com\/access_log\" combined env=!dontlog\r\n\r\n # --------------------------------------------------------\r\n # Deflate Module Configuration\r\n # --------------------------------------------------------\r\n &lt;IfModule deflate_module&gt;\r\n  AddOutputFilterByType DEFLATE text\/plain\r\n  AddOutputFilterByType DEFLATE text\/xml\r\n  AddOutputFilterByType DEFLATE application\/xhtml+xml\r\n  AddOutputFilterByType DEFLATE text\/css\r\n  AddOutputFilterByType DEFLATE application\/xml\r\n  AddOutputFilterByType DEFLATE image\/svg+xml\r\n  AddOutputFilterByType DEFLATE application\/rss+xml\r\n  AddOutputFilterByType DEFLATE application\/atom_xml\r\n  AddOutputFilterByType DEFLATE application\/javascript\r\n  AddOutputFilterByType DEFLATE application\/x-javascript\r\n  AddOutputFilterByType DEFLATE application\/x-httpd-php\r\n  AddOutputFilterByType DEFLATE application\/x-httpd-fastphp\r\n  AddOutputFilterByType DEFLATE application\/x-httpd-eruby\r\n  AddOutputFilterByType DEFLATE text\/html\r\n  BrowserMatch ^Mozilla\/4 gzip-only-text\/html\r\n  BrowserMatch ^Mozilla\/4.0[678] no-gzip\r\n &lt;\/IfModule&gt;\r\n # =============================================\r\n # Configure Expires Module\r\n # =============================================\r\n &lt;IfModule mod_expires.c&gt;\r\n  ExpiresActive On\r\n  ExpiresDefault \"access plus 1 seconds\"\r\n  ExpiresByType text\/html \"access plus 1 seconds\"\r\n  ExpiresByType image\/gif \"access plus 1 week\"\r\n  ExpiresByType image\/jpeg \"access plus 1 week\"\r\n  ExpiresByType image\/png \"access plus 1 week\"\r\n  ExpiresByType text\/css \"access plus 1 week\"\r\n  ExpiresByType text\/javascript \"access plus 1 week\"\r\n  ExpiresByType application\/x-javascript \"access plus 1 week\"\r\n  ExpiresByType text\/xml \"access plus 1 seconds\"\r\n &lt;\/IfModule&gt;\r\n&lt;\/VirtualHost&gt;<\/pre>\n<p>There\u2019s a lot of information here, so lets take it step by step.\u00a0 First, we setup a server with the name www.myblog.com that also listens to myblog.com, but by using mod_rewrite we force everyone to www.myblog.com with a 301 redirect.\u00a0 Next, we setup all of the static content that we want Apache to serve from the local file system using ProxyPass with a ! to say \u201cdo not proxypass\u201d these directories, and then we send everything else to the balancer cluster.\u00a0 We setup the access rights to the static directory where our content (like images, JavaScript, uploaded files, and CSS) is stored.\u00a0 Then, we setup the virtualhosts log file in its own directory inside the logs directory.\u00a0 The mod_deflate and mod_expires configurations work for most setups, but this piece needs to be monitored and tuned to your setup.\u00a0 We\u2019ve seen the mod_expires setup cause problems using Rails and authentication.<\/p>\n<p>Now, off to a secure.myblog.com virtual host:<\/p>\n<pre>&lt;VirtualHost _default_:443&gt;\r\n DocumentRoot \"\/var\/www\/myblog.com\/current\/public\"\r\n ServerName secure.myblog.com\r\n ServerAlias www.myblog.com myblog.com\r\n RewriteCond %{HTTP_HOST}   !^secure.myblog.com [NC]\r\n RewriteCond %{HTTP_HOST}   !^$\r\n RewriteRule ^\/(.*)         https:\/\/secure.myblog.com\/$1 [L,R=301]\r\n # --------------------------------------------------------\r\n # List of URLs Not to Proxy\r\n # --------------------------------------------------------\r\n ProxyPass \/system !\r\n ProxyPass \/images !\r\n ProxyPass \/stylesheets !\r\n ProxyPass \/javascripts !\r\n ProxyPass \/ balancer:\/\/rails-cluster\/\r\n ProxyPassReverse \/ balancer:\/\/rails-cluster\/\r\n\r\n ErrorLog  \"logs\/myblog.com\/error_log\"\r\n CustomLog \"logs\/myblog.com\/access_log\" combined env=!donlog\r\n\r\n # --------------------------------------------------------\r\n # SSL Certificates\r\n # --------------------------------------------------------\r\n SSLEngine on\r\n SSLCertificateFile    \/usr\/local\/apache2\/ssl\/secure.myblog.com.crt\r\n SSLCertificateKeyFile \/usr\/local\/apache2\/ssl\/secure.myblog.com.key\r\n # --------------------------------------------------------\r\n # Deflate Module Configuration\r\n # --------------------------------------------------------\r\n &lt;IfModule deflate_module&gt;\r\n  AddOutputFilterByType DEFLATE text\/plain\r\n  AddOutputFilterByType DEFLATE text\/xml\r\n  AddOutputFilterByType DEFLATE application\/xhtml+xml\r\n  AddOutputFilterByType DEFLATE text\/css\r\n  AddOutputFilterByType DEFLATE application\/xml\r\n  AddOutputFilterByType DEFLATE image\/svg+xml\r\n  AddOutputFilterByType DEFLATE application\/rss+xml\r\n  AddOutputFilterByType DEFLATE application\/atom_xml\r\n  AddOutputFilterByType DEFLATE application\/javascript\r\n  AddOutputFilterByType DEFLATE application\/x-javascript\r\n  AddOutputFilterByType DEFLATE application\/x-httpd-php\r\n  AddOutputFilterByType DEFLATE application\/x-httpd-fastphp\r\n  AddOutputFilterByType DEFLATE application\/x-httpd-eruby\r\n  AddOutputFilterByType DEFLATE text\/html\r\n  BrowserMatch ^Mozilla\/4 gzip-only-text\/html\r\n  BrowserMatch ^Mozilla\/4.0[678] no-gzip\r\n &lt;\/IfModule&gt;\r\n # =============================================\r\n # Configure Expires Module\r\n # =============================================\r\n &lt;IfModule mod_expires.c&gt;\r\n  ExpiresActive On\r\n  ExpiresDefault \"access plus 1 seconds\"\r\n  ExpiresByType text\/html \"access plus 1 seconds\"\r\n  ExpiresByType image\/gif \"access plus 1 week\"\r\n  ExpiresByType image\/jpeg \"access plus 1 week\"\r\n  ExpiresByType image\/png \"access plus 1 week\"\r\n  ExpiresByType text\/css \"access plus 1 week\"\r\n  ExpiresByType text\/javascript \"access plus 1 week\"\r\n  ExpiresByType application\/x-javascript \"access plus 1 week\"\r\n  ExpiresByType text\/xml \"access plus 1 seconds\"\r\n &lt;\/IfModule&gt;\r\n # --------------------------------------------------------\r\n # Document Root \/\r\n # --------------------------------------------------------\r\n &lt;Directory \"\/var\/www\/myblog.com\/current\/public\"&gt;\r\n  Options FollowSymLinks\r\n  AllowOverride None\r\n  Order allow,deny\r\n  Allow from all\r\n &lt;\/Directory&gt;\r\n # -------------------------------------------------\r\n # Fixing Yet Another IE 6 Bug\r\n # -------------------------------------------------\r\n BrowserMatch \".*MSIE.*\" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0\r\n # -------------------------------------------------\r\n # Add this to the request header so that\r\n # Rails puts the correct redirect in place\r\n # -------------------------------------------------\r\n RequestHeader set X_FORWARDED_PROTO 'https'\r\n&lt;\/VirtualHost&gt;<\/pre>\n<p>This is very similar to the port 80 virtual host of the same name.\u00a0 The biggest difference is with the SSL certificates and the bottom SSL\/https settings to fix issues with Mongrel\/Rails and IE6.\u00a0 You can\u2019t configure mod_expires and mod_deflate in the main configuration file and have the virtual host inheret the configuration, so the best solution to be dry is to put these settings in their own mod_deflate.conf and mod_expires.conf and then include the named configuration files in each virtualhosts configuration file like so:<\/p>\n<pre>Include conf\/mod_deflate.conf\r\nInclude conf\/mod_expires.conf<\/pre>\n<h2>Finishing Up<\/h2>\n<p>Apache with mod_proxy rocks.\u00a0 After working through the above steps we have an Apache installation that is ready to be expanded to a high performance web server or proxy server, or both.\u00a0 We like to start with this setup and then build from here.\u00a0 If you need to get more concurrent clients and throughput on your Apache server, take a look at your available memory and CPU cycles and consider doing something like this:<\/p>\n<pre>&lt;IfModule mpm_worker_module&gt;\r\n  ThreadLimit 100\r\n  StartServers 5\r\n  MaxClients 1000\r\n  MinSpareThreads 100\r\n  MaxSpareThreads 1000\r\n  ThreadsPerChild 100\r\n  MaxRequestsPerChild 0\r\n&lt;\/IfModule&gt;<\/pre>\n<p>This is a high threads and low processes setup, and to get the number of processes that Apache will use simply divide MaxClients by ThreadPerChild.\u00a0 So, this gives us 10 processes each with a maximum of 100 threads, with a maximum of 1000 clients total.\u00a0 Depending on the server and type of content that you are serving you can load test and increase these settings if you need more than 1000 concurrent users.<\/p>\n<p>We\u2019re very big fans of mod_proxy, and we use mod_proxy_ajp in place of <a href=\"http:\/\/olex.openlogic.com\/packages\/mod_jk\">mod_jk<\/a> every chance we get.\u00a0 We also talk a lot of customers into using mod_proxy over mod_jk if they\u2019re using Apache 2.2.x.<\/p>\n<p>Using this setup to include the virtual hosts that the server runs, it\u2019s easy to add and remove new websites.\u00a0 It also provides a good overview of what\u2019s running on the server.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The Apache HTTP Server has been the most popular web server on the Internet since April 1996 and is one of the most widely used open source software packages. In fact, the latest Netcraft Web Server Survey reports that more than half of all active web sites use Apache, making it more widely used than [&#8230;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[12],"tags":[],"_links":{"self":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/1410"}],"collection":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1410"}],"version-history":[{"count":4,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/1410\/revisions"}],"predecessor-version":[{"id":1413,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/1410\/revisions\/1413"}],"wp:attachment":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1410"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1410"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1410"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}