Compilation
Sauter à la navigation
Sauter à la recherche
Console SSH
Console SSH
Console SSH
Console SSH
Console SSH
(Page créée avec « == Présentation == Cette page a pour objet de décrire comment compiler le serveur web Apache. Plus d'informations sur le site de l'éditeur : *Apache 2.2 : http://httpd… ») |
|||
| (8 révisions intermédiaires par le même utilisateur non affichées) | |||
| Ligne 13 : | Ligne 13 : | ||
{{terminal|text= | {{terminal|text= | ||
| − | [root@ | + | [root@myserver downloads]# wget http://apache.crihan.fr/dist//httpd/httpd-2.4.41.tar.gz |
--2020-01-25 15:55:58-- http://apache.crihan.fr/dist//httpd/httpd-2.4.41.tar.gz | --2020-01-25 15:55:58-- http://apache.crihan.fr/dist//httpd/httpd-2.4.41.tar.gz | ||
Résolution de apache.crihan.fr (apache.crihan.fr)… 195.221.21.36, 2001:660:7401:211::36 | Résolution de apache.crihan.fr (apache.crihan.fr)… 195.221.21.36, 2001:660:7401:211::36 | ||
| Ligne 31 : | Ligne 31 : | ||
== Compilation == | == Compilation == | ||
| + | === Options de compilation disponibles === | ||
| + | Se rendre dans le dossier de compilation et taper la commande suivante pour afficher les options de compilation disponibles : | ||
| + | ./configure --help | ||
| + | |||
| + | {{terminal|text= | ||
| + | [root@myserver downloads]# cd /local/builds/httpd-2.4.41 | ||
| + | [root@myserver httpd-2.4.41]# ./configure --help | ||
| + | `configure' configures this package to adapt to many kinds of systems. | ||
| + | |||
| + | Usage: ./configure [OPTION]... [VAR=VALUE]... | ||
| + | |||
| + | To assign environment variables (e.g., CC, CFLAGS...), specify them as | ||
| + | VAR=VALUE. See below for descriptions of some of the useful variables. | ||
| + | |||
| + | Defaults for the options are specified in brackets. | ||
| + | |||
| + | Configuration: | ||
| + | -h, --help display this help and exit | ||
| + | --help=short display options specific to this package | ||
| + | --help=recursive display the short help of all the included packages | ||
| + | -V, --version display version information and exit | ||
| + | -q, --quiet, --silent do not print `checking ...' messages | ||
| + | --cache-file=FILE cache test results in FILE [disabled] | ||
| + | -C, --config-cache alias for `--cache-file=config.cache' | ||
| + | -n, --no-create do not create output files | ||
| + | --srcdir=DIR find the sources in DIR [configure dir or `..'] | ||
| + | |||
| + | Installation directories: | ||
| + | --prefix=PREFIX install architecture-independent files in PREFIX | ||
| + | [/usr/local/apache2] | ||
| + | --exec-prefix=EPREFIX install architecture-dependent files in EPREFIX | ||
| + | [PREFIX] | ||
| + | |||
| + | By default, `make install' will install all the files in | ||
| + | `/usr/local/apache2/bin', `/usr/local/apache2/lib' etc. You can specify | ||
| + | an installation prefix other than `/usr/local/apache2' using `--prefix', | ||
| + | for instance `--prefix=$HOME'. | ||
| + | |||
| + | For better control, use the options below. | ||
| + | |||
| + | Fine tuning of the installation directories: | ||
| + | --bindir=DIR user executables [EPREFIX/bin] | ||
| + | --sbindir=DIR system admin executables [EPREFIX/sbin] | ||
| + | --libexecdir=DIR program executables [EPREFIX/libexec] | ||
| + | --sysconfdir=DIR read-only single-machine data [PREFIX/etc] | ||
| + | --sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com] | ||
| + | --localstatedir=DIR modifiable single-machine data [PREFIX/var] | ||
| + | --runstatedir=DIR modifiable per-process data [LOCALSTATEDIR/run] | ||
| + | --libdir=DIR object code libraries [EPREFIX/lib] | ||
| + | --includedir=DIR C header files [PREFIX/include] | ||
| + | --oldincludedir=DIR C header files for non-gcc [/usr/include] | ||
| + | --datarootdir=DIR read-only arch.-independent data root [PREFIX/share] | ||
| + | --datadir=DIR read-only architecture-independent data [DATAROOTDIR] | ||
| + | --infodir=DIR info documentation [DATAROOTDIR/info] | ||
| + | --localedir=DIR locale-dependent data [DATAROOTDIR/locale] | ||
| + | --mandir=DIR man documentation [DATAROOTDIR/man] | ||
| + | --docdir=DIR documentation root [DATAROOTDIR/doc/PACKAGE] | ||
| + | --htmldir=DIR html documentation [DOCDIR] | ||
| + | --dvidir=DIR dvi documentation [DOCDIR] | ||
| + | --pdfdir=DIR pdf documentation [DOCDIR] | ||
| + | --psdir=DIR ps documentation [DOCDIR] | ||
| + | |||
| + | System types: | ||
| + | --build=BUILD configure for building on BUILD [guessed] | ||
| + | --host=HOST cross-compile to build programs to run on HOST [BUILD] | ||
| + | --target=TARGET configure for building compilers for TARGET [HOST] | ||
| + | |||
| + | Optional Features: | ||
| + | --disable-option-checking ignore unrecognized --enable/--with options | ||
| + | --disable-FEATURE do not include FEATURE (same as --enable-FEATURE=no) | ||
| + | --enable-FEATURE[=ARG] include FEATURE [ARG=yes] | ||
| + | --enable-layout=LAYOUT | ||
| + | --enable-dtrace Enable DTrace probes | ||
| + | --enable-hook-probes Enable APR hook probes | ||
| + | --enable-exception-hook Enable fatal exception hook | ||
| + | --enable-load-all-modules | ||
| + | Load all modules | ||
| + | --enable-maintainer-mode | ||
| + | Turn on debugging and compile time warnings and load | ||
| + | all compiled modules | ||
| + | --enable-debugger-mode Turn on debugging and compile time warnings and turn | ||
| + | off optimization | ||
| + | --enable-pie Build httpd as a Position Independent Executable | ||
| + | --enable-modules=MODULE-LIST | ||
| + | Space-separated list of modules to enable {{!}} "all" {{!}} | ||
| + | "most" {{!}} "few" {{!}} "none" {{!}} "reallyall" | ||
| + | --enable-mods-shared=MODULE-LIST | ||
| + | Space-separated list of shared modules to enable {{!}} | ||
| + | "all" {{!}} "most" {{!}} "few" {{!}} "reallyall" | ||
| + | --enable-mods-static=MODULE-LIST | ||
| + | Space-separated list of static modules to enable {{!}} | ||
| + | "all" {{!}} "most" {{!}} "few" {{!}} "reallyall" | ||
| + | --disable-authn-file file-based authentication control | ||
| + | --enable-authn-dbm DBM-based authentication control | ||
| + | --enable-authn-anon anonymous user authentication control | ||
| + | --enable-authn-dbd SQL-based authentication control | ||
| + | --enable-authn-socache Cached authentication control | ||
| + | --disable-authn-core core authentication module | ||
| + | --disable-authz-host host-based authorization control | ||
| + | --disable-authz-groupfile | ||
| + | 'require group' authorization control | ||
| + | --disable-authz-user 'require user' authorization control | ||
| + | --enable-authz-dbm DBM-based authorization control | ||
| + | --enable-authz-owner 'require file-owner' authorization control | ||
| + | --enable-authz-dbd SQL based authorization and Login/Session support | ||
| + | --disable-authz-core core authorization provider vector module | ||
| + | --enable-authnz-ldap LDAP based authentication | ||
| + | --enable-authnz-fcgi FastCGI authorizer-based authentication and | ||
| + | authorization | ||
| + | --disable-access-compat mod_access compatibility | ||
| + | --disable-auth-basic basic authentication | ||
| + | --enable-auth-form form authentication | ||
| + | --enable-auth-digest RFC2617 Digest authentication | ||
| + | --enable-allowmethods restrict allowed HTTP methods | ||
| + | --enable-isapi isapi extension support | ||
| + | --enable-file-cache File cache | ||
| + | --enable-cache dynamic file caching. At least one storage | ||
| + | management module (e.g. mod_cache_disk) is also | ||
| + | necessary. | ||
| + | --enable-cache-disk disk caching module | ||
| + | --enable-cache-socache shared object caching module | ||
| + | --enable-socache-shmcb shmcb small object cache provider | ||
| + | --enable-socache-dbm dbm small object cache provider | ||
| + | --enable-socache-memcache | ||
| + | memcache small object cache provider | ||
| + | --enable-socache-redis redis small object cache provider | ||
| + | --enable-socache-dc distcache small object cache provider | ||
| + | --enable-so DSO capability. This module will be automatically | ||
| + | enabled unless you build all modules statically. | ||
| + | --enable-watchdog Watchdog module | ||
| + | --enable-macro Define and use macros in configuration files | ||
| + | --enable-dbd Apache DBD Framework | ||
| + | --enable-bucketeer buckets manipulation filter. Useful only for | ||
| + | developers and testing purposes. | ||
| + | --enable-dumpio I/O dump filter | ||
| + | --enable-echo ECHO server | ||
| + | --enable-example-hooks Example hook callback handler module | ||
| + | --enable-case-filter Example uppercase conversion filter | ||
| + | --enable-case-filter-in Example uppercase conversion input filter | ||
| + | --enable-example-ipc Example of shared memory and mutex usage | ||
| + | --enable-buffer Filter Buffering | ||
| + | --enable-data RFC2397 data encoder | ||
| + | --enable-ratelimit Output Bandwidth Limiting | ||
| + | --disable-reqtimeout Limit time waiting for request from client | ||
| + | --enable-ext-filter external filter module | ||
| + | --enable-request Request Body Filtering | ||
| + | --enable-include Server Side Includes | ||
| + | --disable-filter Smart Filtering | ||
| + | --enable-reflector Reflect request through the output filter stack | ||
| + | --enable-substitute response content rewrite-like filtering | ||
| + | --enable-sed filter request and/or response bodies through sed | ||
| + | --disable-charset-lite character set translation. Enabled by default only | ||
| + | on EBCDIC systems. | ||
| + | --enable-charset-lite character set translation. Enabled by default only | ||
| + | on EBCDIC systems. | ||
| + | --enable-deflate Deflate transfer encoding support | ||
| + | --enable-xml2enc i18n support for markup filters | ||
| + | --enable-proxy-html Fix HTML Links in a Reverse Proxy | ||
| + | --enable-brotli Brotli compression support | ||
| + | --enable-http HTTP protocol handling. The http module is a basic | ||
| + | one that enables the server to function as an HTTP | ||
| + | server. It is only useful to disable it if you want | ||
| + | to use another protocol module instead. Don't | ||
| + | disable this module unless you are really sure what | ||
| + | you are doing. Note: This module will always be | ||
| + | linked statically. | ||
| + | --disable-mime mapping of file-extension to MIME. Disabling this | ||
| + | module is normally not recommended. | ||
| + | --enable-ldap LDAP caching and connection pooling services | ||
| + | --disable-log-config logging configuration. You won't be able to log | ||
| + | requests to the server without this module. | ||
| + | --enable-log-debug configurable debug logging | ||
| + | --enable-log-forensic forensic logging | ||
| + | --enable-logio input and output logging | ||
| + | --enable-lua Apache Lua Framework | ||
| + | --enable-luajit Enable LuaJit Support | ||
| + | --disable-env clearing/setting of ENV vars | ||
| + | --enable-mime-magic automagically determining MIME type | ||
| + | --enable-cern-meta CERN-type meta files | ||
| + | --enable-expires Expires header control | ||
| + | --disable-headers HTTP header control | ||
| + | --enable-ident RFC 1413 identity check | ||
| + | --enable-usertrack user-session tracking | ||
| + | --enable-unique-id per-request unique ids | ||
| + | --disable-setenvif basing ENV vars on headers | ||
| + | --disable-version determining httpd version in config files | ||
| + | --enable-remoteip translate header contents to an apparent client | ||
| + | remote_ip | ||
| + | --enable-proxy Apache proxy module | ||
| + | --enable-proxy-connect Apache proxy CONNECT module. Requires | ||
| + | --enable-proxy. | ||
| + | --enable-proxy-ftp Apache proxy FTP module. Requires --enable-proxy. | ||
| + | --enable-proxy-http Apache proxy HTTP module. Requires --enable-proxy. | ||
| + | --enable-proxy-fcgi Apache proxy FastCGI module. Requires | ||
| + | --enable-proxy. | ||
| + | --enable-proxy-scgi Apache proxy SCGI module. Requires --enable-proxy. | ||
| + | --enable-proxy-uwsgi Apache proxy UWSGI module. Requires --enable-proxy. | ||
| + | --enable-proxy-fdpass Apache proxy to Unix Daemon Socket module. Requires | ||
| + | --enable-proxy. | ||
| + | --enable-proxy-wstunnel Apache proxy Websocket Tunnel module. Requires | ||
| + | --enable-proxy. | ||
| + | --enable-proxy-ajp Apache proxy AJP module. Requires --enable-proxy. | ||
| + | --enable-proxy-balancer Apache proxy BALANCER module. Requires | ||
| + | --enable-proxy. | ||
| + | --enable-proxy-express mass reverse-proxy module. Requires --enable-proxy. | ||
| + | --enable-proxy-hcheck reverse-proxy health-check module. Requires | ||
| + | --enable-proxy and --enable-watchdog. | ||
| + | --enable-session session module | ||
| + | --enable-session-cookie session cookie module | ||
| + | --enable-session-crypto session crypto module | ||
| + | --enable-session-dbd session dbd module | ||
| + | --enable-slotmem-shm slotmem provider that uses shared memory | ||
| + | --enable-slotmem-plain slotmem provider that uses plain memory | ||
| + | --enable-ssl SSL/TLS support (mod_ssl) | ||
| + | --enable-ssl-staticlib-deps | ||
| + | link mod_ssl with dependencies of OpenSSL's static | ||
| + | libraries (as indicated by "pkg-config --static"). | ||
| + | Must be specified in addition to --enable-ssl. | ||
| + | --enable-optional-hook-export | ||
| + | example optional hook exporter | ||
| + | --enable-optional-hook-import | ||
| + | example optional hook importer | ||
| + | --enable-optional-fn-import | ||
| + | example optional function importer | ||
| + | --enable-optional-fn-export | ||
| + | example optional function exporter | ||
| + | --enable-dialup rate limits static files to dialup modem speeds | ||
| + | --enable-static-support Build a statically linked version of the support | ||
| + | binaries | ||
| + | --enable-static-htpasswd | ||
| + | Build a statically linked version of htpasswd | ||
| + | --enable-static-htdigest | ||
| + | Build a statically linked version of htdigest | ||
| + | --enable-static-rotatelogs | ||
| + | Build a statically linked version of rotatelogs | ||
| + | --enable-static-logresolve | ||
| + | Build a statically linked version of logresolve | ||
| + | --enable-static-htdbm Build a statically linked version of htdbm | ||
| + | --enable-static-ab Build a statically linked version of ab | ||
| + | --enable-static-checkgid | ||
| + | Build a statically linked version of checkgid | ||
| + | --enable-static-htcacheclean | ||
| + | Build a statically linked version of htcacheclean | ||
| + | --enable-static-httxt2dbm | ||
| + | Build a statically linked version of httxt2dbm | ||
| + | --enable-static-fcgistarter | ||
| + | Build a statically linked version of fcgistarter | ||
| + | --enable-http2 HTTP/2 protocol handling in addition to HTTP | ||
| + | protocol handling. Implemented by mod_http2. This | ||
| + | module requires a libnghttp2 installation. See | ||
| + | --with-nghttp2 on how to manage non-standard | ||
| + | locations. This module is usually linked shared and | ||
| + | requires loading. | ||
| + | --enable-nghttp2-staticlib-deps | ||
| + | link mod_http2 with dependencies of libnghttp2's | ||
| + | static libraries (as indicated by "pkg-config | ||
| + | --static"). Must be specified in addition to | ||
| + | --enable-http2. | ||
| + | --enable-proxy-http2 HTTP/2 proxy module. This module requires a | ||
| + | libnghttp2 installation. See --with-nghttp2 on how | ||
| + | to manage non-standard locations. Also requires | ||
| + | --enable-proxy. | ||
| + | --enable-md Managed Domain handling | ||
| + | --enable-jansson-staticlib-deps | ||
| + | link mod_md with dependencies of libjansson's static | ||
| + | libraries (as indicated by "pkg-config --static"). | ||
| + | Must be specified in addition to --enable-md. | ||
| + | --enable-curl-staticlib-deps | ||
| + | link mod_md with dependencies of libcurl's static | ||
| + | libraries (as indicated by "pkg-config --static"). | ||
| + | Must be specified in addition to --enable-md. | ||
| + | --enable-lbmethod-byrequests | ||
| + | Apache proxy Load balancing by request counting | ||
| + | --enable-lbmethod-bytraffic | ||
| + | Apache proxy Load balancing by traffic counting | ||
| + | --enable-lbmethod-bybusyness | ||
| + | Apache proxy Load balancing by busyness | ||
| + | --enable-lbmethod-heartbeat | ||
| + | Apache proxy Load balancing from Heartbeats | ||
| + | --enable-mpms-shared=MPM-LIST | ||
| + | Space-separated list of MPM modules to enable for | ||
| + | dynamic loading. MPM-LIST=list {{!}} "all" | ||
| + | --enable-unixd unix specific support | ||
| + | --enable-privileges Per-virtualhost Unix UserIDs and enhanced security | ||
| + | for Solaris | ||
| + | --enable-heartbeat Generates Heartbeats | ||
| + | --enable-heartmonitor Collects Heartbeats | ||
| + | --enable-dav WebDAV protocol handling. --enable-dav also enables | ||
| + | mod_dav_fs | ||
| + | --disable-status process/thread monitoring | ||
| + | --disable-autoindex directory listing | ||
| + | --enable-asis as-is filetypes | ||
| + | --enable-info server information | ||
| + | --enable-suexec set uid and gid for spawned processes | ||
| + | --enable-cgid CGI scripts. Enabled by default with threaded MPMs | ||
| + | --enable-cgi CGI scripts. Enabled by default with non-threaded | ||
| + | MPMs | ||
| + | --enable-dav-fs DAV provider for the filesystem. --enable-dav also | ||
| + | enables mod_dav_fs. | ||
| + | --enable-dav-lock DAV provider for generic locking | ||
| + | --enable-vhost-alias mass virtual hosting module | ||
| + | --enable-negotiation content negotiation | ||
| + | --disable-dir directory request handling | ||
| + | --enable-imagemap server-side imagemaps | ||
| + | --enable-actions Action triggering on requests | ||
| + | --enable-speling correct common URL misspellings | ||
| + | --enable-userdir mapping of requests to user-specific directories | ||
| + | --disable-alias mapping of requests to different filesystem parts | ||
| + | --enable-rewrite rule based URL manipulation | ||
| + | --enable-suexec-capabilities | ||
| + | Use Linux capability bits not setuid root suexec | ||
| + | --enable-v4-mapped Allow IPv6 sockets to handle IPv4 connections | ||
| + | |||
| + | Optional Packages: | ||
| + | --with-PACKAGE[=ARG] use PACKAGE [ARG=yes] | ||
| + | --without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no) | ||
| + | --with-included-apr Use bundled copies of APR/APR-Util | ||
| + | --with-apr=PATH prefix for installed APR or the full path to | ||
| + | apr-config | ||
| + | --with-apr-util=PATH prefix for installed APU or the full path to | ||
| + | apu-config | ||
| + | --with-pcre=PATH Use external PCRE library | ||
| + | --with-port=PORT Port on which to listen (default is 80) | ||
| + | --with-sslport=SSLPORT Port on which to securelisten (default is 443) | ||
| + | --with-distcache=PATH Distcache installation directory | ||
| + | --with-z=PATH use a specific zlib library | ||
| + | --with-libxml2=PATH location for libxml2 | ||
| + | --with-brotli=PATH Brotli installation directory | ||
| + | --with-lua=PATH Path to the Lua 5.3/5.2/5.1 prefix | ||
| + | --with-ssl=PATH OpenSSL installation directory | ||
| + | --with-nghttp2=PATH nghttp2 installation directory | ||
| + | --with-jansson=PATH jansson installation directory | ||
| + | --with-curl=PATH curl installation directory | ||
| + | --with-mpm=MPM Choose the process model for Apache to use by | ||
| + | default. MPM={event{{!}}worker{{!}}prefork{{!}}winnt} This will | ||
| + | be statically linked as the only available MPM | ||
| + | unless --enable-mpms-shared is also specified. | ||
| + | --with-module=module-type:module-file | ||
| + | Enable module-file in the modules/<module-type> | ||
| + | directory. | ||
| + | --with-program-name alternate executable name | ||
| + | --with-suexec-bin Path to suexec binary | ||
| + | --with-suexec-caller User allowed to call SuExec | ||
| + | --with-suexec-userdir User subdirectory | ||
| + | --with-suexec-docroot SuExec root directory | ||
| + | --with-suexec-uidmin Minimal allowed UID | ||
| + | --with-suexec-gidmin Minimal allowed GID | ||
| + | --with-suexec-logfile Set the logfile | ||
| + | --with-suexec-syslog Use syslog for suexec logging | ||
| + | --with-suexec-safepath Set the safepath | ||
| + | --with-suexec-umask umask for suexec'd process | ||
| + | |||
| + | Some influential environment variables: | ||
| + | CC C compiler command | ||
| + | CFLAGS C compiler flags | ||
| + | LDFLAGS linker flags, e.g. -L<lib dir> if you have libraries in a | ||
| + | nonstandard directory <lib dir> | ||
| + | LIBS libraries to pass to the linker, e.g. -l<library> | ||
| + | CPPFLAGS (Objective) C/C++ preprocessor flags, e.g. -I<include dir> if | ||
| + | you have headers in a nonstandard directory <include dir> | ||
| + | CPP C preprocessor | ||
| + | |||
| + | Use these variables to override the choices made by `configure' or to help | ||
| + | it to find libraries and programs with nonstandard names/locations. | ||
| + | |||
| + | Report bugs to the package provider. | ||
| + | }} | ||
| + | |||
| + | === Configuration de la compilation === | ||
| + | La commande <code>./configure</code> lance la configuration de la compilation avec certaines options par défaut. Les valeurs par défaut de certaines de ces options sont indiquées dans la section <code>--help</code> de la commande. | ||
| + | |||
| + | ==== Configuration par défaut ==== | ||
| + | Pour lancer la configuration de la compilation avec les options par défaut, il faut simplement lancer la commande suivante : | ||
| + | ./configure | ||
| + | |||
| + | Cette configuration de compilation simple, sans ajout d'option, fournit les modules suivants : | ||
| + | {{terminal|text= | ||
| + | [root@myserver 2.4.41]# bin/httpd -M | ||
| + | Loaded Modules: | ||
| + | core_module (static) | ||
| + | so_module (static) | ||
| + | http_module (static) | ||
| + | mpm_event_module (static) | ||
| + | authn_file_module (shared) | ||
| + | authn_core_module (shared) | ||
| + | authz_host_module (shared) | ||
| + | authz_groupfile_module (shared) | ||
| + | authz_user_module (shared) | ||
| + | authz_core_module (shared) | ||
| + | access_compat_module (shared) | ||
| + | auth_basic_module (shared) | ||
| + | reqtimeout_module (shared) | ||
| + | filter_module (shared) | ||
| + | mime_module (shared) | ||
| + | log_config_module (shared) | ||
| + | env_module (shared) | ||
| + | headers_module (shared) | ||
| + | setenvif_module (shared) | ||
| + | version_module (shared) | ||
| + | unixd_module (shared) | ||
| + | status_module (shared) | ||
| + | autoindex_module (shared) | ||
| + | dir_module (shared) | ||
| + | alias_module (shared) | ||
| + | }} | ||
| + | |||
| + | On peut constater que les modules suivants sont ''"statiques"'', c'est-à-dire qu'ils sont intégrés dans le binaire <code>httpd</code> et seront, par conséquent, toujours chargés au démarrage d'Apache : | ||
| + | *core_module | ||
| + | **Fonctionnalités de base du serveur HTTP Apache toujours disponibles | ||
| + | **La liste des fonctionnalités de base est accessible ici : http://httpd.apache.org/docs/current/mod/core.html | ||
| + | *so_module | ||
| + | **Module permettant de charger dynamiquement des modules non-statiques (partagés). Les modules partagés, à l'inverse de modules statiques, ne nécessitent pas de recompilation et peuvent être chargés lorsqu'Apache est en cours d'exécution. Les performances d'Apache sont meilleures avec des modules statiques qu'avec des modules partagés. | ||
| + | *http_module | ||
| + | **Comme indiqué dans l'option <code>--help</code> de la commande <code>./configure</code> : | ||
| + | ::''"Le module http est un module de base qui permet au serveur de fonctionner comme un serveur HTTP. Il n'est utile de le désactiver que si vous souhaitez utiliser un autre module de protocole à la place. Ne désactivez ce module que si vous êtes vraiment sûr de ce que vous faites. Remarque: Ce module sera toujours lié statiquement."'' | ||
| + | *mpm_event_module | ||
| + | **Selon la [http://httpd.apache.org/docs/current/programs/configure.html#mpms documentation Apache], les Modules Multi-Processus, ou MPMs, constituent le coeur du serveur. Un seul MPM doit être actif pour que le serveur puisse fonctionner. Le MPM par défaut dépend du système d'exploitation. Pour savoir quel type de MPM est utilisé par défaut, se référer à [http://httpd.apache.org/docs/current/mpm.html#defaults la documentation Apache sur les MPMs]. | ||
| + | |||
| + | ==== Configuration minimaliste ==== | ||
| + | A des fins de tests uniquement, il est possible de configurer la compilation pour qu'il n'y ait que les modules statiques obligatoires de présents. Pour ce faire, il faut désactiver tous les modules activés par défaut avec la commande suivante : | ||
| + | <pre> | ||
| + | ./configure \ | ||
| + | --disable-access_compat \ | ||
| + | --disable-alias \ | ||
| + | --disable-auth_basic \ | ||
| + | --disable-authn_core \ | ||
| + | --disable-authn_file \ | ||
| + | --disable-authz_core \ | ||
| + | --disable-authz_groupfile \ | ||
| + | --disable-authz_host \ | ||
| + | --disable-authz_user \ | ||
| + | --disable-autoindex \ | ||
| + | --disable-dir \ | ||
| + | --disable-env \ | ||
| + | --disable-filter \ | ||
| + | --disable-headers \ | ||
| + | --disable-log_config \ | ||
| + | --disable-mime \ | ||
| + | --disable-reqtimeout \ | ||
| + | --disable-setenvif \ | ||
| + | --disable-status \ | ||
| + | --disable-unixd \ | ||
| + | --disable-version | ||
| + | </pre> | ||
| + | |||
| + | Cela aura pour effet, à la fin de la compilation, de ne disposer que des modules suivants : | ||
| + | {{terminal|text= | ||
| + | [root@myserver httpd-2.4.41]# bin/httpd -M | ||
| + | Loaded Modules: | ||
| + | core_module (static) | ||
| + | so_module (static) | ||
| + | http_module (static) | ||
| + | mpm_event_module (static) | ||
| + | }} | ||
| + | |||
| + | ==== Configuration personnalisée ==== | ||
| + | C'est ici tout l'intérêt de compiler soi-même Apache (ou tout autre programme) : pouvoir construire un binaire Apache optimisé à son besoin. | ||
| + | |||
| + | Voici un exemple de configuration personnalisée de compilation : | ||
| + | <pre> | ||
| + | ./configure --prefix=/local/httpd/current \ | ||
| + | --enable-ssl \ | ||
| + | --enable-ssl-staticlib-deps \ | ||
| + | --enable-socache-shmcb \ | ||
| + | --enable-proxy \ | ||
| + | --enable-proxy-http \ | ||
| + | --enable-proxy-wstunnel \ | ||
| + | --enable-proxy-fcgi \ | ||
| + | --disable-proxy-connect \ | ||
| + | --disable-proxy-ftp \ | ||
| + | --disable-proxy-scgi \ | ||
| + | --disable-proxy-uwsgi \ | ||
| + | --disable-proxy-fdpass \ | ||
| + | --disable-proxy-ajp \ | ||
| + | --disable-proxy-balancer \ | ||
| + | --disable-proxy-express \ | ||
| + | --disable-proxy-hcheck \ | ||
| + | --enable-rewrite \ | ||
| + | --enable-mods-static="ssl socache-shmcb proxy rewrite authz_core log_config alias dir unixd" \ | ||
| + | --enable-static-rotatelogs \ | ||
| + | --disable-access_compat \ | ||
| + | --disable-auth_basic \ | ||
| + | --disable-authn_core \ | ||
| + | --disable-authn_file \ | ||
| + | --disable-authz_groupfile \ | ||
| + | --disable-authz_host \ | ||
| + | --disable-authz_user \ | ||
| + | --disable-autoindex \ | ||
| + | --disable-env \ | ||
| + | --disable-filter \ | ||
| + | --disable-headers \ | ||
| + | --disable-mime \ | ||
| + | --disable-reqtimeout \ | ||
| + | --disable-setenvif \ | ||
| + | --disable-status \ | ||
| + | --disable-version | ||
| + | </pre> | ||
| + | |||
| + | ==== Configuration performances optimisées ==== | ||
| + | Afin d'obtenir les meilleures performances possibles, il est conseillé d'avoir le minimum de modules activés, et qu'ils soient lié statiquement à Apache (c'est-à-dire qu'il ne sera pas possible d'en ajouter/retirer dynamiquement. Pour ce faire, il faudra re-compiler). | ||
| + | Voici un modèle de configuration de compilation : | ||
| + | <pre> | ||
| + | ./configure \ | ||
| + | --prefix=/local/httpd/current \ | ||
| + | --sysconfdir=/local/httpd/conf \ | ||
| + | --enable-proxy \ | ||
| + | --enable-proxy-http \ | ||
| + | --enable-proxy-wstunnel \ | ||
| + | --enable-proxy-fcgi \ | ||
| + | --enable-rewrite \ | ||
| + | --enable-authz-host \ | ||
| + | --enable-mime \ | ||
| + | --enable-static-support \ | ||
| + | --enable-remoteip \ | ||
| + | --enable-status \ | ||
| + | --enable-systemd \ | ||
| + | --enable-mods-static="proxy rewrite authz-core authz-host log-config alias dir unixd mime remoteip status systemd" \ | ||
| + | --disable-so \ | ||
| + | --disable-proxy-connect \ | ||
| + | --disable-proxy-ftp \ | ||
| + | --disable-proxy-scgi \ | ||
| + | --disable-proxy-uwsgi \ | ||
| + | --disable-proxy-fdpass \ | ||
| + | --disable-proxy-ajp \ | ||
| + | --disable-proxy-balancer \ | ||
| + | --disable-proxy-express \ | ||
| + | --disable-proxy-hcheck \ | ||
| + | --disable-access-compat \ | ||
| + | --disable-auth \ | ||
| + | --disable-auth-basic \ | ||
| + | --disable-authn-core \ | ||
| + | --disable-authn-file \ | ||
| + | --disable-authz-groupfile \ | ||
| + | --disable-authz-user \ | ||
| + | --disable-autoindex \ | ||
| + | --disable-env \ | ||
| + | --disable-filter \ | ||
| + | --disable-reqtimeout \ | ||
| + | --disable-setenvif \ | ||
| + | --disable-version \ | ||
| + | --disable-authn-dbm \ | ||
| + | --disable-authn-anon \ | ||
| + | --disable-authn-dbd \ | ||
| + | --disable-authn-socache \ | ||
| + | --disable-authz-dbm \ | ||
| + | --disable-authz-owner \ | ||
| + | --disable-authz-dbd \ | ||
| + | --disable-auth-form \ | ||
| + | --disable-auth-digest \ | ||
| + | --disable-allowmethods \ | ||
| + | --disable-cache \ | ||
| + | --disable-file-cache \ | ||
| + | --disable-headers \ | ||
| + | --disable-cache-disk \ | ||
| + | --disable-cache-socache \ | ||
| + | --disable-socache-dbm \ | ||
| + | --disable-socache-memcache \ | ||
| + | --disable-socache-redis \ | ||
| + | --disable-socache-shmcb | ||
| + | </pre> | ||
| + | |||
| + | Voici l'explication des options : | ||
| + | *--prefix=/local/httpd/current: | ||
| + | :Localisation principale des fichiers Apache à installer | ||
| + | *--sysconfdir=/local/httpd/conf | ||
| + | :Localisation des fichiers de configuration Apache à installer. En cas de recompilation, si les fichiers existent déjà, ils seront conservés. | ||
| + | *--enable-proxy | ||
| + | :Activation des fonctions de base pour faire du proxying | ||
| + | *--enable-proxy-http | ||
| + | :Active la prise en charge du protocole HTTP par le proxy | ||
| + | *--enable-proxy-wstunnel | ||
| + | :Active la prise en charge des webservices par le proxy | ||
| + | *--enable-proxy-fcgi | ||
| + | :Active la prise en charge du FCGI par le proxy. Utile pour PHP-FPM | ||
| + | *--enable-rewrite | ||
| + | :Active le module pour la ré-écriture d’URL | ||
| + | *--enable-authz-host | ||
| + | :Active le filtrage par adresse IP (Require IP …) | ||
| + | *--enable-mime | ||
| + | :Active la reconnaissance des types de fichier | ||
| + | *--enable-static-support | ||
| + | :Compile une version statique des binaires tels que « ab », « rotatelogs », … Cela permet à ces binaires de ne pas dépendre des librairies du serveur. | ||
| + | *--enable-remoteip | ||
| + | :Active la reconnaissance de l’adresse IP publique distante du client derrière les différents proxys | ||
| + | *--enable-status | ||
| + | :Active la mise à disposition des informations en temps réel relatives à Apache | ||
| + | *--enable-systemd | ||
| + | :Active l’intégration avec systemd de Linux | ||
| + | *--enable-mods-static="proxy rewrite authz-core authz-host log-config alias dir unixd mime remoteip status systemd" | ||
| + | :Force la compilation statique des modules mentionnés. Ces modules sont liés statiquement à Apache et seront toujours diponibles. | ||
| + | *--disable-so | ||
| + | :Désactive le module permettant de charger dynamiquement les autres modules. En effet, la présente configuration cherchant à compiler Apache de façon totalement statique, cette option prend tout son sens. | ||
| + | *--disable-<module> | ||
| + | :Désactive le module qui n’est pas nécessaire. | ||
| + | |||
| + | Ce qui donne le résultat suivant : | ||
| + | {{terminal|text= | ||
| + | [root@myserver httpd-2.4.43]# httpd -M | ||
| + | [root@myserver httpd-2.4.43]# httpd -V | ||
| + | Server version: Apache/2.4.43 (Unix) | ||
| + | Server built: Jun 19 2020 10:24:36 | ||
| + | Server's Module Magic Number: 20120211:92 | ||
| + | Server loaded: APR 1.7.0, APR-UTIL 1.6.1 | ||
| + | Compiled using: APR 1.7.0, APR-UTIL 1.6.1 | ||
| + | Architecture: 64-bit | ||
| + | Server MPM: event | ||
| + | threaded: yes (fixed thread count) | ||
| + | forked: yes (variable process count) | ||
| + | Server compiled with.... | ||
| + | -D APR_HAS_SENDFILE | ||
| + | -D APR_HAS_MMAP | ||
| + | -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled) | ||
| + | -D APR_USE_PROC_PTHREAD_SERIALIZE | ||
| + | -D APR_USE_PTHREAD_SERIALIZE | ||
| + | -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT | ||
| + | -D APR_HAS_OTHER_CHILD | ||
| + | -D AP_HAVE_RELIABLE_PIPED_LOGS | ||
| + | -D DYNAMIC_MODULE_LIMIT=256 | ||
| + | -D HTTPD_ROOT="/local/httpd/current" | ||
| + | -D SUEXEC_BIN="/local/httpd/current/bin/suexec" | ||
| + | -D DEFAULT_PIDLOG="logs/httpd.pid" | ||
| + | -D DEFAULT_SCOREBOARD="logs/apache_runtime_status" | ||
| + | -D DEFAULT_ERRORLOG="logs/error_log" | ||
| + | -D AP_TYPES_CONFIG_FILE="/local/httpd/conf/mime.types" | ||
| + | -D SERVER_CONFIG_FILE="/local/httpd/conf/httpd.conf" | ||
| + | [root@myserver httpd-2.4.43]# httpd -l | ||
| + | Compiled in modules: | ||
| + | core.c | ||
| + | mod_authz_host.c | ||
| + | mod_authz_core.c | ||
| + | http_core.c | ||
| + | mod_mime.c | ||
| + | mod_log_config.c | ||
| + | mod_remoteip.c | ||
| + | mod_proxy.c | ||
| + | mod_proxy_http.c | ||
| + | mod_proxy_fcgi.c | ||
| + | mod_proxy_wstunnel.c | ||
| + | event.c | ||
| + | mod_unixd.c | ||
| + | mod_systemd.c | ||
| + | mod_status.c | ||
| + | mod_dir.c | ||
| + | mod_alias.c | ||
| + | mod_rewrite.c | ||
| + | }} | ||
| + | |||
| + | == Service == | ||
| + | Créer le fichier <code>/usr/lib/systemd/system/http.service</code> dont le contenu est le suivant : | ||
| + | <pre> | ||
| + | [Unit] | ||
| + | Description=The Apache HTTP Server | ||
| + | After=network.target | ||
| + | |||
| + | [Service] | ||
| + | Type=notify | ||
| + | ExecStart=/local/httpd/current/bin/httpd -D FOREGROUND -k start | ||
| + | ExecReload=/local/httpd/current/bin/httpd -k graceful | ||
| + | ExecStop=/local/httpd/current/bin/httpd -k stop | ||
| + | KillMode=mixed | ||
| + | TimeoutStopSec=60 | ||
| + | |||
| + | [Install] | ||
| + | WantedBy=multi-user.target | ||
| + | </pre> | ||
| + | |||
| + | Recharger ensuite les services pour prendre en compte la modification : | ||
| + | systemctl daemon-reload | ||
| + | |||
| + | Activer le démarrage du service au démarrage du serveur : | ||
| + | systemctl enable http | ||
Version actuelle datée du 19 juin 2020 à 10:22
Sommaire
Présentation
Cette page a pour objet de décrire comment compiler le serveur web Apache.
Plus d'informations sur le site de l'éditeur :
- Apache 2.2 : http://httpd.apache.org/docs/2.2/fr/
- Apache 2.4 : http://httpd.apache.org/docs/2.4/fr/
Téléchargement des sources
Se rendre sur la page de téléchargement d'Apache et aller à la section de téléchargement de la "Stable Release - Latest Version". Copier le lien de téléchargement de la version en cours (2.4.41 à la rédaction de ce document).
Se connecter au serveur, se rendre dans le dossier de téléchargement et télécharger les sources Apache :
wget http://apache.crihan.fr/dist//httpd/httpd-2.4.41.tar.gz
Console SSH[root@myserver downloads]# wget http://apache.crihan.fr/dist//httpd/httpd-2.4.41.tar.gz --2020-01-25 15:55:58-- http://apache.crihan.fr/dist//httpd/httpd-2.4.41.tar.gz Résolution de apache.crihan.fr (apache.crihan.fr)… 195.221.21.36, 2001:660:7401:211::36 Connexion à apache.crihan.fr (apache.crihan.fr)|195.221.21.36|:80… connecté. requête HTTP transmise, en attente de la réponse… 200 OK Taille : 9267917 (8,8M) [application/x-gzip] Sauvegarde en : « httpd-2.4.41.tar.gz » httpd-2.4.41.tar.gz 100%[=====================================================================================>] 8,84M 32,0MB/s ds 0,3s 2020-01-25 15:55:58 (32,0 MB/s) — « httpd-2.4.41.tar.gz » sauvegardé [9267917/9267917]
Décompression de l'archive
Décompresser l'archive dans le dossier cible de compilation :
tar -zxvf httpd-2.4.41.tar.gz -C /local/builds/
Compilation
Options de compilation disponibles
Se rendre dans le dossier de compilation et taper la commande suivante pour afficher les options de compilation disponibles :
./configure --help
Console SSH[root@myserver downloads]# cd /local/builds/httpd-2.4.41
[root@myserver httpd-2.4.41]# ./configure --help
`configure' configures this package to adapt to many kinds of systems.
Usage: ./configure [OPTION]... [VAR=VALUE]...
To assign environment variables (e.g., CC, CFLAGS...), specify them as
VAR=VALUE. See below for descriptions of some of the useful variables.
Defaults for the options are specified in brackets.
Configuration:
-h, --help display this help and exit
--help=short display options specific to this package
--help=recursive display the short help of all the included packages
-V, --version display version information and exit
-q, --quiet, --silent do not print `checking ...' messages
--cache-file=FILE cache test results in FILE [disabled]
-C, --config-cache alias for `--cache-file=config.cache'
-n, --no-create do not create output files
--srcdir=DIR find the sources in DIR [configure dir or `..']
Installation directories:
--prefix=PREFIX install architecture-independent files in PREFIX
[/usr/local/apache2]
--exec-prefix=EPREFIX install architecture-dependent files in EPREFIX
[PREFIX]
By default, `make install' will install all the files in
`/usr/local/apache2/bin', `/usr/local/apache2/lib' etc. You can specify
an installation prefix other than `/usr/local/apache2' using `--prefix',
for instance `--prefix=$HOME'.
For better control, use the options below.
Fine tuning of the installation directories:
--bindir=DIR user executables [EPREFIX/bin]
--sbindir=DIR system admin executables [EPREFIX/sbin]
--libexecdir=DIR program executables [EPREFIX/libexec]
--sysconfdir=DIR read-only single-machine data [PREFIX/etc]
--sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com]
--localstatedir=DIR modifiable single-machine data [PREFIX/var]
--runstatedir=DIR modifiable per-process data [LOCALSTATEDIR/run]
--libdir=DIR object code libraries [EPREFIX/lib]
--includedir=DIR C header files [PREFIX/include]
--oldincludedir=DIR C header files for non-gcc [/usr/include]
--datarootdir=DIR read-only arch.-independent data root [PREFIX/share]
--datadir=DIR read-only architecture-independent data [DATAROOTDIR]
--infodir=DIR info documentation [DATAROOTDIR/info]
--localedir=DIR locale-dependent data [DATAROOTDIR/locale]
--mandir=DIR man documentation [DATAROOTDIR/man]
--docdir=DIR documentation root [DATAROOTDIR/doc/PACKAGE]
--htmldir=DIR html documentation [DOCDIR]
--dvidir=DIR dvi documentation [DOCDIR]
--pdfdir=DIR pdf documentation [DOCDIR]
--psdir=DIR ps documentation [DOCDIR]
System types:
--build=BUILD configure for building on BUILD [guessed]
--host=HOST cross-compile to build programs to run on HOST [BUILD]
--target=TARGET configure for building compilers for TARGET [HOST]
Optional Features:
--disable-option-checking ignore unrecognized --enable/--with options
--disable-FEATURE do not include FEATURE (same as --enable-FEATURE=no)
--enable-FEATURE[=ARG] include FEATURE [ARG=yes]
--enable-layout=LAYOUT
--enable-dtrace Enable DTrace probes
--enable-hook-probes Enable APR hook probes
--enable-exception-hook Enable fatal exception hook
--enable-load-all-modules
Load all modules
--enable-maintainer-mode
Turn on debugging and compile time warnings and load
all compiled modules
--enable-debugger-mode Turn on debugging and compile time warnings and turn
off optimization
--enable-pie Build httpd as a Position Independent Executable
--enable-modules=MODULE-LIST
Space-separated list of modules to enable | "all" |
"most" | "few" | "none" | "reallyall"
--enable-mods-shared=MODULE-LIST
Space-separated list of shared modules to enable |
"all" | "most" | "few" | "reallyall"
--enable-mods-static=MODULE-LIST
Space-separated list of static modules to enable |
"all" | "most" | "few" | "reallyall"
--disable-authn-file file-based authentication control
--enable-authn-dbm DBM-based authentication control
--enable-authn-anon anonymous user authentication control
--enable-authn-dbd SQL-based authentication control
--enable-authn-socache Cached authentication control
--disable-authn-core core authentication module
--disable-authz-host host-based authorization control
--disable-authz-groupfile
'require group' authorization control
--disable-authz-user 'require user' authorization control
--enable-authz-dbm DBM-based authorization control
--enable-authz-owner 'require file-owner' authorization control
--enable-authz-dbd SQL based authorization and Login/Session support
--disable-authz-core core authorization provider vector module
--enable-authnz-ldap LDAP based authentication
--enable-authnz-fcgi FastCGI authorizer-based authentication and
authorization
--disable-access-compat mod_access compatibility
--disable-auth-basic basic authentication
--enable-auth-form form authentication
--enable-auth-digest RFC2617 Digest authentication
--enable-allowmethods restrict allowed HTTP methods
--enable-isapi isapi extension support
--enable-file-cache File cache
--enable-cache dynamic file caching. At least one storage
management module (e.g. mod_cache_disk) is also
necessary.
--enable-cache-disk disk caching module
--enable-cache-socache shared object caching module
--enable-socache-shmcb shmcb small object cache provider
--enable-socache-dbm dbm small object cache provider
--enable-socache-memcache
memcache small object cache provider
--enable-socache-redis redis small object cache provider
--enable-socache-dc distcache small object cache provider
--enable-so DSO capability. This module will be automatically
enabled unless you build all modules statically.
--enable-watchdog Watchdog module
--enable-macro Define and use macros in configuration files
--enable-dbd Apache DBD Framework
--enable-bucketeer buckets manipulation filter. Useful only for
developers and testing purposes.
--enable-dumpio I/O dump filter
--enable-echo ECHO server
--enable-example-hooks Example hook callback handler module
--enable-case-filter Example uppercase conversion filter
--enable-case-filter-in Example uppercase conversion input filter
--enable-example-ipc Example of shared memory and mutex usage
--enable-buffer Filter Buffering
--enable-data RFC2397 data encoder
--enable-ratelimit Output Bandwidth Limiting
--disable-reqtimeout Limit time waiting for request from client
--enable-ext-filter external filter module
--enable-request Request Body Filtering
--enable-include Server Side Includes
--disable-filter Smart Filtering
--enable-reflector Reflect request through the output filter stack
--enable-substitute response content rewrite-like filtering
--enable-sed filter request and/or response bodies through sed
--disable-charset-lite character set translation. Enabled by default only
on EBCDIC systems.
--enable-charset-lite character set translation. Enabled by default only
on EBCDIC systems.
--enable-deflate Deflate transfer encoding support
--enable-xml2enc i18n support for markup filters
--enable-proxy-html Fix HTML Links in a Reverse Proxy
--enable-brotli Brotli compression support
--enable-http HTTP protocol handling. The http module is a basic
one that enables the server to function as an HTTP
server. It is only useful to disable it if you want
to use another protocol module instead. Don't
disable this module unless you are really sure what
you are doing. Note: This module will always be
linked statically.
--disable-mime mapping of file-extension to MIME. Disabling this
module is normally not recommended.
--enable-ldap LDAP caching and connection pooling services
--disable-log-config logging configuration. You won't be able to log
requests to the server without this module.
--enable-log-debug configurable debug logging
--enable-log-forensic forensic logging
--enable-logio input and output logging
--enable-lua Apache Lua Framework
--enable-luajit Enable LuaJit Support
--disable-env clearing/setting of ENV vars
--enable-mime-magic automagically determining MIME type
--enable-cern-meta CERN-type meta files
--enable-expires Expires header control
--disable-headers HTTP header control
--enable-ident RFC 1413 identity check
--enable-usertrack user-session tracking
--enable-unique-id per-request unique ids
--disable-setenvif basing ENV vars on headers
--disable-version determining httpd version in config files
--enable-remoteip translate header contents to an apparent client
remote_ip
--enable-proxy Apache proxy module
--enable-proxy-connect Apache proxy CONNECT module. Requires
--enable-proxy.
--enable-proxy-ftp Apache proxy FTP module. Requires --enable-proxy.
--enable-proxy-http Apache proxy HTTP module. Requires --enable-proxy.
--enable-proxy-fcgi Apache proxy FastCGI module. Requires
--enable-proxy.
--enable-proxy-scgi Apache proxy SCGI module. Requires --enable-proxy.
--enable-proxy-uwsgi Apache proxy UWSGI module. Requires --enable-proxy.
--enable-proxy-fdpass Apache proxy to Unix Daemon Socket module. Requires
--enable-proxy.
--enable-proxy-wstunnel Apache proxy Websocket Tunnel module. Requires
--enable-proxy.
--enable-proxy-ajp Apache proxy AJP module. Requires --enable-proxy.
--enable-proxy-balancer Apache proxy BALANCER module. Requires
--enable-proxy.
--enable-proxy-express mass reverse-proxy module. Requires --enable-proxy.
--enable-proxy-hcheck reverse-proxy health-check module. Requires
--enable-proxy and --enable-watchdog.
--enable-session session module
--enable-session-cookie session cookie module
--enable-session-crypto session crypto module
--enable-session-dbd session dbd module
--enable-slotmem-shm slotmem provider that uses shared memory
--enable-slotmem-plain slotmem provider that uses plain memory
--enable-ssl SSL/TLS support (mod_ssl)
--enable-ssl-staticlib-deps
link mod_ssl with dependencies of OpenSSL's static
libraries (as indicated by "pkg-config --static").
Must be specified in addition to --enable-ssl.
--enable-optional-hook-export
example optional hook exporter
--enable-optional-hook-import
example optional hook importer
--enable-optional-fn-import
example optional function importer
--enable-optional-fn-export
example optional function exporter
--enable-dialup rate limits static files to dialup modem speeds
--enable-static-support Build a statically linked version of the support
binaries
--enable-static-htpasswd
Build a statically linked version of htpasswd
--enable-static-htdigest
Build a statically linked version of htdigest
--enable-static-rotatelogs
Build a statically linked version of rotatelogs
--enable-static-logresolve
Build a statically linked version of logresolve
--enable-static-htdbm Build a statically linked version of htdbm
--enable-static-ab Build a statically linked version of ab
--enable-static-checkgid
Build a statically linked version of checkgid
--enable-static-htcacheclean
Build a statically linked version of htcacheclean
--enable-static-httxt2dbm
Build a statically linked version of httxt2dbm
--enable-static-fcgistarter
Build a statically linked version of fcgistarter
--enable-http2 HTTP/2 protocol handling in addition to HTTP
protocol handling. Implemented by mod_http2. This
module requires a libnghttp2 installation. See
--with-nghttp2 on how to manage non-standard
locations. This module is usually linked shared and
requires loading.
--enable-nghttp2-staticlib-deps
link mod_http2 with dependencies of libnghttp2's
static libraries (as indicated by "pkg-config
--static"). Must be specified in addition to
--enable-http2.
--enable-proxy-http2 HTTP/2 proxy module. This module requires a
libnghttp2 installation. See --with-nghttp2 on how
to manage non-standard locations. Also requires
--enable-proxy.
--enable-md Managed Domain handling
--enable-jansson-staticlib-deps
link mod_md with dependencies of libjansson's static
libraries (as indicated by "pkg-config --static").
Must be specified in addition to --enable-md.
--enable-curl-staticlib-deps
link mod_md with dependencies of libcurl's static
libraries (as indicated by "pkg-config --static").
Must be specified in addition to --enable-md.
--enable-lbmethod-byrequests
Apache proxy Load balancing by request counting
--enable-lbmethod-bytraffic
Apache proxy Load balancing by traffic counting
--enable-lbmethod-bybusyness
Apache proxy Load balancing by busyness
--enable-lbmethod-heartbeat
Apache proxy Load balancing from Heartbeats
--enable-mpms-shared=MPM-LIST
Space-separated list of MPM modules to enable for
dynamic loading. MPM-LIST=list | "all"
--enable-unixd unix specific support
--enable-privileges Per-virtualhost Unix UserIDs and enhanced security
for Solaris
--enable-heartbeat Generates Heartbeats
--enable-heartmonitor Collects Heartbeats
--enable-dav WebDAV protocol handling. --enable-dav also enables
mod_dav_fs
--disable-status process/thread monitoring
--disable-autoindex directory listing
--enable-asis as-is filetypes
--enable-info server information
--enable-suexec set uid and gid for spawned processes
--enable-cgid CGI scripts. Enabled by default with threaded MPMs
--enable-cgi CGI scripts. Enabled by default with non-threaded
MPMs
--enable-dav-fs DAV provider for the filesystem. --enable-dav also
enables mod_dav_fs.
--enable-dav-lock DAV provider for generic locking
--enable-vhost-alias mass virtual hosting module
--enable-negotiation content negotiation
--disable-dir directory request handling
--enable-imagemap server-side imagemaps
--enable-actions Action triggering on requests
--enable-speling correct common URL misspellings
--enable-userdir mapping of requests to user-specific directories
--disable-alias mapping of requests to different filesystem parts
--enable-rewrite rule based URL manipulation
--enable-suexec-capabilities
Use Linux capability bits not setuid root suexec
--enable-v4-mapped Allow IPv6 sockets to handle IPv4 connections
Optional Packages:
--with-PACKAGE[=ARG] use PACKAGE [ARG=yes]
--without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no)
--with-included-apr Use bundled copies of APR/APR-Util
--with-apr=PATH prefix for installed APR or the full path to
apr-config
--with-apr-util=PATH prefix for installed APU or the full path to
apu-config
--with-pcre=PATH Use external PCRE library
--with-port=PORT Port on which to listen (default is 80)
--with-sslport=SSLPORT Port on which to securelisten (default is 443)
--with-distcache=PATH Distcache installation directory
--with-z=PATH use a specific zlib library
--with-libxml2=PATH location for libxml2
--with-brotli=PATH Brotli installation directory
--with-lua=PATH Path to the Lua 5.3/5.2/5.1 prefix
--with-ssl=PATH OpenSSL installation directory
--with-nghttp2=PATH nghttp2 installation directory
--with-jansson=PATH jansson installation directory
--with-curl=PATH curl installation directory
--with-mpm=MPM Choose the process model for Apache to use by
default. MPM={event|worker|prefork|winnt} This will
be statically linked as the only available MPM
unless --enable-mpms-shared is also specified.
--with-module=module-type:module-file
Enable module-file in the modules/<module-type>
directory.
--with-program-name alternate executable name
--with-suexec-bin Path to suexec binary
--with-suexec-caller User allowed to call SuExec
--with-suexec-userdir User subdirectory
--with-suexec-docroot SuExec root directory
--with-suexec-uidmin Minimal allowed UID
--with-suexec-gidmin Minimal allowed GID
--with-suexec-logfile Set the logfile
--with-suexec-syslog Use syslog for suexec logging
--with-suexec-safepath Set the safepath
--with-suexec-umask umask for suexec'd process
Some influential environment variables:
CC C compiler command
CFLAGS C compiler flags
LDFLAGS linker flags, e.g. -L<lib dir> if you have libraries in a
nonstandard directory <lib dir>
LIBS libraries to pass to the linker, e.g. -l<library>
CPPFLAGS (Objective) C/C++ preprocessor flags, e.g. -I<include dir> if
you have headers in a nonstandard directory <include dir>
CPP C preprocessor
Use these variables to override the choices made by `configure' or to help
it to find libraries and programs with nonstandard names/locations.
Report bugs to the package provider.
Configuration de la compilation
La commande ./configure lance la configuration de la compilation avec certaines options par défaut. Les valeurs par défaut de certaines de ces options sont indiquées dans la section --help de la commande.
Configuration par défaut
Pour lancer la configuration de la compilation avec les options par défaut, il faut simplement lancer la commande suivante :
./configure
Cette configuration de compilation simple, sans ajout d'option, fournit les modules suivants :
Console SSH[root@myserver 2.4.41]# bin/httpd -M Loaded Modules: core_module (static) so_module (static) http_module (static) mpm_event_module (static) authn_file_module (shared) authn_core_module (shared) authz_host_module (shared) authz_groupfile_module (shared) authz_user_module (shared) authz_core_module (shared) access_compat_module (shared) auth_basic_module (shared) reqtimeout_module (shared) filter_module (shared) mime_module (shared) log_config_module (shared) env_module (shared) headers_module (shared) setenvif_module (shared) version_module (shared) unixd_module (shared) status_module (shared) autoindex_module (shared) dir_module (shared) alias_module (shared)
On peut constater que les modules suivants sont "statiques", c'est-à-dire qu'ils sont intégrés dans le binaire httpd et seront, par conséquent, toujours chargés au démarrage d'Apache :
- core_module
- Fonctionnalités de base du serveur HTTP Apache toujours disponibles
- La liste des fonctionnalités de base est accessible ici : http://httpd.apache.org/docs/current/mod/core.html
- so_module
- Module permettant de charger dynamiquement des modules non-statiques (partagés). Les modules partagés, à l'inverse de modules statiques, ne nécessitent pas de recompilation et peuvent être chargés lorsqu'Apache est en cours d'exécution. Les performances d'Apache sont meilleures avec des modules statiques qu'avec des modules partagés.
- http_module
- Comme indiqué dans l'option
--helpde la commande./configure:
- Comme indiqué dans l'option
- "Le module http est un module de base qui permet au serveur de fonctionner comme un serveur HTTP. Il n'est utile de le désactiver que si vous souhaitez utiliser un autre module de protocole à la place. Ne désactivez ce module que si vous êtes vraiment sûr de ce que vous faites. Remarque: Ce module sera toujours lié statiquement."
- mpm_event_module
- Selon la documentation Apache, les Modules Multi-Processus, ou MPMs, constituent le coeur du serveur. Un seul MPM doit être actif pour que le serveur puisse fonctionner. Le MPM par défaut dépend du système d'exploitation. Pour savoir quel type de MPM est utilisé par défaut, se référer à la documentation Apache sur les MPMs.
Configuration minimaliste
A des fins de tests uniquement, il est possible de configurer la compilation pour qu'il n'y ait que les modules statiques obligatoires de présents. Pour ce faire, il faut désactiver tous les modules activés par défaut avec la commande suivante :
./configure \ --disable-access_compat \ --disable-alias \ --disable-auth_basic \ --disable-authn_core \ --disable-authn_file \ --disable-authz_core \ --disable-authz_groupfile \ --disable-authz_host \ --disable-authz_user \ --disable-autoindex \ --disable-dir \ --disable-env \ --disable-filter \ --disable-headers \ --disable-log_config \ --disable-mime \ --disable-reqtimeout \ --disable-setenvif \ --disable-status \ --disable-unixd \ --disable-version
Cela aura pour effet, à la fin de la compilation, de ne disposer que des modules suivants :
Console SSH[root@myserver httpd-2.4.41]# bin/httpd -M Loaded Modules: core_module (static) so_module (static) http_module (static) mpm_event_module (static)
Configuration personnalisée
C'est ici tout l'intérêt de compiler soi-même Apache (ou tout autre programme) : pouvoir construire un binaire Apache optimisé à son besoin.
Voici un exemple de configuration personnalisée de compilation :
./configure --prefix=/local/httpd/current \ --enable-ssl \ --enable-ssl-staticlib-deps \ --enable-socache-shmcb \ --enable-proxy \ --enable-proxy-http \ --enable-proxy-wstunnel \ --enable-proxy-fcgi \ --disable-proxy-connect \ --disable-proxy-ftp \ --disable-proxy-scgi \ --disable-proxy-uwsgi \ --disable-proxy-fdpass \ --disable-proxy-ajp \ --disable-proxy-balancer \ --disable-proxy-express \ --disable-proxy-hcheck \ --enable-rewrite \ --enable-mods-static="ssl socache-shmcb proxy rewrite authz_core log_config alias dir unixd" \ --enable-static-rotatelogs \ --disable-access_compat \ --disable-auth_basic \ --disable-authn_core \ --disable-authn_file \ --disable-authz_groupfile \ --disable-authz_host \ --disable-authz_user \ --disable-autoindex \ --disable-env \ --disable-filter \ --disable-headers \ --disable-mime \ --disable-reqtimeout \ --disable-setenvif \ --disable-status \ --disable-version
Configuration performances optimisées
Afin d'obtenir les meilleures performances possibles, il est conseillé d'avoir le minimum de modules activés, et qu'ils soient lié statiquement à Apache (c'est-à-dire qu'il ne sera pas possible d'en ajouter/retirer dynamiquement. Pour ce faire, il faudra re-compiler). Voici un modèle de configuration de compilation :
./configure \ --prefix=/local/httpd/current \ --sysconfdir=/local/httpd/conf \ --enable-proxy \ --enable-proxy-http \ --enable-proxy-wstunnel \ --enable-proxy-fcgi \ --enable-rewrite \ --enable-authz-host \ --enable-mime \ --enable-static-support \ --enable-remoteip \ --enable-status \ --enable-systemd \ --enable-mods-static="proxy rewrite authz-core authz-host log-config alias dir unixd mime remoteip status systemd" \ --disable-so \ --disable-proxy-connect \ --disable-proxy-ftp \ --disable-proxy-scgi \ --disable-proxy-uwsgi \ --disable-proxy-fdpass \ --disable-proxy-ajp \ --disable-proxy-balancer \ --disable-proxy-express \ --disable-proxy-hcheck \ --disable-access-compat \ --disable-auth \ --disable-auth-basic \ --disable-authn-core \ --disable-authn-file \ --disable-authz-groupfile \ --disable-authz-user \ --disable-autoindex \ --disable-env \ --disable-filter \ --disable-reqtimeout \ --disable-setenvif \ --disable-version \ --disable-authn-dbm \ --disable-authn-anon \ --disable-authn-dbd \ --disable-authn-socache \ --disable-authz-dbm \ --disable-authz-owner \ --disable-authz-dbd \ --disable-auth-form \ --disable-auth-digest \ --disable-allowmethods \ --disable-cache \ --disable-file-cache \ --disable-headers \ --disable-cache-disk \ --disable-cache-socache \ --disable-socache-dbm \ --disable-socache-memcache \ --disable-socache-redis \ --disable-socache-shmcb
Voici l'explication des options :
- --prefix=/local/httpd/current:
- Localisation principale des fichiers Apache à installer
- --sysconfdir=/local/httpd/conf
- Localisation des fichiers de configuration Apache à installer. En cas de recompilation, si les fichiers existent déjà, ils seront conservés.
- --enable-proxy
- Activation des fonctions de base pour faire du proxying
- --enable-proxy-http
- Active la prise en charge du protocole HTTP par le proxy
- --enable-proxy-wstunnel
- Active la prise en charge des webservices par le proxy
- --enable-proxy-fcgi
- Active la prise en charge du FCGI par le proxy. Utile pour PHP-FPM
- --enable-rewrite
- Active le module pour la ré-écriture d’URL
- --enable-authz-host
- Active le filtrage par adresse IP (Require IP …)
- --enable-mime
- Active la reconnaissance des types de fichier
- --enable-static-support
- Compile une version statique des binaires tels que « ab », « rotatelogs », … Cela permet à ces binaires de ne pas dépendre des librairies du serveur.
- --enable-remoteip
- Active la reconnaissance de l’adresse IP publique distante du client derrière les différents proxys
- --enable-status
- Active la mise à disposition des informations en temps réel relatives à Apache
- --enable-systemd
- Active l’intégration avec systemd de Linux
- --enable-mods-static="proxy rewrite authz-core authz-host log-config alias dir unixd mime remoteip status systemd"
- Force la compilation statique des modules mentionnés. Ces modules sont liés statiquement à Apache et seront toujours diponibles.
- --disable-so
- Désactive le module permettant de charger dynamiquement les autres modules. En effet, la présente configuration cherchant à compiler Apache de façon totalement statique, cette option prend tout son sens.
- --disable-<module>
- Désactive le module qui n’est pas nécessaire.
Ce qui donne le résultat suivant :
Console SSH[root@myserver httpd-2.4.43]# httpd -M
[root@myserver httpd-2.4.43]# httpd -V
Server version: Apache/2.4.43 (Unix)
Server built: Jun 19 2020 10:24:36
Server's Module Magic Number: 20120211:92
Server loaded: APR 1.7.0, APR-UTIL 1.6.1
Compiled using: APR 1.7.0, APR-UTIL 1.6.1
Architecture: 64-bit
Server MPM: event
threaded: yes (fixed thread count)
forked: yes (variable process count)
Server compiled with....
-D APR_HAS_SENDFILE
-D APR_HAS_MMAP
-D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)
-D APR_USE_PROC_PTHREAD_SERIALIZE
-D APR_USE_PTHREAD_SERIALIZE
-D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
-D APR_HAS_OTHER_CHILD
-D AP_HAVE_RELIABLE_PIPED_LOGS
-D DYNAMIC_MODULE_LIMIT=256
-D HTTPD_ROOT="/local/httpd/current"
-D SUEXEC_BIN="/local/httpd/current/bin/suexec"
-D DEFAULT_PIDLOG="logs/httpd.pid"
-D DEFAULT_SCOREBOARD="logs/apache_runtime_status"
-D DEFAULT_ERRORLOG="logs/error_log"
-D AP_TYPES_CONFIG_FILE="/local/httpd/conf/mime.types"
-D SERVER_CONFIG_FILE="/local/httpd/conf/httpd.conf"
[root@myserver httpd-2.4.43]# httpd -l
Compiled in modules:
core.c
mod_authz_host.c
mod_authz_core.c
http_core.c
mod_mime.c
mod_log_config.c
mod_remoteip.c
mod_proxy.c
mod_proxy_http.c
mod_proxy_fcgi.c
mod_proxy_wstunnel.c
event.c
mod_unixd.c
mod_systemd.c
mod_status.c
mod_dir.c
mod_alias.c
mod_rewrite.c
Service
Créer le fichier /usr/lib/systemd/system/http.service dont le contenu est le suivant :
[Unit] Description=The Apache HTTP Server After=network.target [Service] Type=notify ExecStart=/local/httpd/current/bin/httpd -D FOREGROUND -k start ExecReload=/local/httpd/current/bin/httpd -k graceful ExecStop=/local/httpd/current/bin/httpd -k stop KillMode=mixed TimeoutStopSec=60 [Install] WantedBy=multi-user.target
Recharger ensuite les services pour prendre en compte la modification :
systemctl daemon-reload
Activer le démarrage du service au démarrage du serveur :
systemctl enable http
