in general:

social competence demands to first praise then critizise – no matter what – nobody is perfect or god.

praise: Thanks for this massively cool webserver software – that can do so many things (vhosts and .htaccess and php) – you contributed an very important part to an internet completely powered by free soft- and hardware.

Actually the website you are viewering right now is using a combination of Apache and Nginx 😀

while actually one webserver software should be enough – some software like magento webshop (atleast in the past) explicitly required apache2 – now lightspeed is also supported (Apache compatible rewrite rules, a web administration interface (cool!), and customized PHP processing optimized for the server)?

Is it fully Open Source? https://github.com/litespeedtech/openlitespeed

Re: Why use nginx and apache together?

Postby erldcrtz » Tue Jul 08, 2014 11:28 am

nginx serves static files (images, css, html etc.) really fast and efficient and passes php and .htaccess requests to apache2 for processing

apache serves php and .htaccess (most cms site like wordpress needs it for rewrite) and if you throw in a php opcode cache like zend opcache or xcache it should serve php even faster

nginx + apache with php opcache = performance and server resource efficiency

… while well… this php7 benchmark says lighttpd was the most efficient.

as said – with static sites nginx is dominating.

so as i said – one webserver software should actually be enough 😀

critics: more software needs more ressources – brings more complexity – complexity brings more problems and more vulnerabilities – but i also really like vestacp. I just hope it stays that simplistic 😉
What is slowing down this wordpress-site is actually MySQL using 4GB RAM out of 2 real existing GB.
So the time to run a database dependant webserver with less than 4GBytes of RAM are over?
I don’t blame Apache or Nginx for that.
Apache keeps me confused – with their naming – with their documentation – with their software – with their configuration files.

first the naming: apache could either have it’s name from native americans (and their fast horses? 🙂 or from „a patchy server“.

originally called httpd (http daemon) it is still called httpd in CentOS/Redhat – while under Debian/Ubuntu the program is actually called apache2.

On GitHub the project is called httpd by Apache.

So httpd is the project – Apache is the organization – but still the webserver is known as apache. This is how you can confuse people with your naming and renaming…

The Apache HTTP Server Project is a collaborative software development effort aimed at creating a robust, commercial-grade, feature-rich and freely available source code implementation of an HTTP (Web) server. The project is jointly managed by a group of volunteers located around the world, using the Internet and the Web to communicate, plan, and develop the server and its related documentation. This project is part of the Apache Software Foundation. In addition, hundreds of users have contributed ideas, code, and documentation to the project.[55][56][57]

a bit of apache hisory: http://httpd.apache.org/ABOUT_APACHE.html

also checkout the massive list of open source software projects apache is dedicated to: https://en.wikipedia.org/wiki/List_of_Apache_Software_Foundation_projects

Financials

In the 2010–11 fiscal year, the Foundation took in $539,410, almost entirely from grants and contributions (your donation campgains are not as aggressive as those of wikipedia 😀 „donate or we switch off the internet“) with $12,349 from two ApacheCons. With no employees and 2,663 volunteers, it spent $270,846 on infrastructure, $92,364 on public relations, and $17,891 on two ApacheCons.[13]

setup and install:

theoretically you could compile from source – but i guess it is easier going with the precompiled packages.

apt install apache2; # debian9

yum -y install httpd; # redhat/centos
httpd -v; # check version centos/redhat
Server version: Apache/2.4.6 (CentOS)
Server built:   Apr 12 2017 21:03:28

apache2 -v; # check version
Server version: Apache/2.4.25 (Debian)
Server built:   2017-07-18T18:37:33

# set firewall rule under centos7, iptables was replaced with firewalld
firewall-cmd --permanent --zone=public --add-service=http
firewall-cmd --permanent --zone=public --add-service=https
firewall-cmd --reload

start and stop, restart:

# redhat/centos
systemctl start httpd.service
systemctl enable httpd.service

# debian/ubuntu
systemctl start apache2.service

for restarting you can use systemd’s systemctl:

systemctl restart apache2.service

it won’t give you any feedback if the config is okay…

apachectl restart
ll /usr/sbin/apachectl; # apachectl = apache2ctl
lrwxrwxrwx 1 root root 10 Jul 18 20:37 /usr/sbin/apachectl -> apache2ctl

apache2ctl restart
AH00548: NameVirtualHost has no effect and will be removed in the next release /etc/apache2/apache2.conf:229
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress this message

this is the „official“ tool to do it…

you should be able to view a test-site after this…

CentOS7 Apache2 test default page:

under Debian9 it looks like this:

hello html world

echo "<html>hello world</html>" > /var/www/html/index.html;

if you refresh your browser:

monitoring runtime:

ps uax|grep apache2; # debian/ubuntu
root      1436  0.0  0.4  75608  4388 ?        Ss   16:32   0:00 /usr/sbin/apache2 -k start
www-data  1437  0.0  0.3 364768  4044 ?        Sl   16:32   0:00 /usr/sbin/apache2 -k start
www-data  1438  0.0  0.3 364768  4020 ?        Sl   16:32   0:00 /usr/sbin/apache2 -k start
root      1771  0.0  0.0  12784   980 pts/0    S+   16:50   0:00 grep apache2

ps uax|grep httpd; # centos/redhat
root      2988  0.0  1.0 226224  5176 ?        Ss   10:36   0:00 /usr/sbin/httpd -DFOREGROUND
apache    2989  0.0  0.6 226224  3024 ?        S    10:36   0:00 /usr/sbin/httpd -DFOREGROUND
apache    2990  0.0  0.7 226360  3772 ?        S    10:36   0:00 /usr/sbin/httpd -DFOREGROUND
apache    2991  0.0  0.7 226360  3516 ?        S    10:36   0:00 /usr/sbin/httpd -DFOREGROUND
apache    2992  0.0  0.7 226360  3772 ?        S    10:36   0:00 /usr/sbin/httpd -DFOREGROUND
apache    2993  0.0  0.6 226224  3260 ?        S    10:36   0:00 /usr/sbin/httpd -DFOREGROUND
apache    3012  0.0  0.6 226224  3024 ?        S    10:37   0:00 /usr/sbin/httpd -DFOREGROUND
apache    3038  0.0  0.6 226224  3024 ?        S    10:41   0:00 /usr/sbin/httpd -DFOREGROUND
root      3044  0.0  0.1 112644   964 pts/1    R+   10:49   0:00 grep --color=auto httpd

systemctl status httpd.service; # debian/ubuntu
● httpd.service - The Apache HTTP Server
   Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor preset: disabled)
   Active: active (running) since Thu 2017-07-27 10:36:16 EDT; 12min ago
     Docs: man:httpd(8)
           man:apachectl(8)
 Main PID: 2988 (httpd)
   Status: "Total requests: 47; Current requests/sec: 0; Current traffic:   0 B/sec"
   CGroup: /system.slice/httpd.service
           ├─2988 /usr/sbin/httpd -DFOREGROUND
           ├─2989 /usr/sbin/httpd -DFOREGROUND
           ├─2990 /usr/sbin/httpd -DFOREGROUND
           ├─2991 /usr/sbin/httpd -DFOREGROUND
           ├─2992 /usr/sbin/httpd -DFOREGROUND
           ├─2993 /usr/sbin/httpd -DFOREGROUND
           ├─3012 /usr/sbin/httpd -DFOREGROUND
           └─3038 /usr/sbin/httpd -DFOREGROUND

Jul 27 10:36:16 CentosSlave systemd[1]: Starting The Apache HTTP Server...
Jul 27 10:36:16 CentosSlave httpd[2988]: AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using fe80::919f:e7b3:ff...is message
Jul 27 10:36:16 CentosSlave systemd[1]: Started The Apache HTTP Server.
Hint: Some lines were ellipsized, use -l to show in full.


systemctl status apache2.service; # debian/ubuntu
● apache2.service - The Apache HTTP Server
   Loaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor preset: enabled)
   Active: active (running) since Thu 2017-07-27 16:32:29 CEST; 15min ago
 Main PID: 1436 (apache2)
   CGroup: /system.slice/apache2.service
           ├─1436 /usr/sbin/apache2 -k start
           ├─1437 /usr/sbin/apache2 -k start
           └─1438 /usr/sbin/apache2 -k start

config files:

praise then critics – thanks for this massively cool webserver software – that can do so many things (vhosts and .htaccess and php) – you contributed an very important part to an internet completely powered by free soft- and hardware.

now the critics: quiet complicated. in contrast to the unix philosophy of small and beautiful – the configuration of apache2 has grown into a massive confusing monster of options.

that’s what i like about lighttpd 😀 (it can not do .htacess but wordpress is running just fine with it)

„Apache’s config is really simple, and really powerful. Nginx is powerful, but can be very hard to understand, as it seems more like a programming language than a config file.“ (src)

 

it is not easy to find out what main-config file apache2 is actually using.

it used to be one large config file – now atleast under debian – it was split up into multiple files for better overview.

apache2 -V | grep SERVER_CONFIG_FILE; # could work

vim /etc/httpd/conf/httpd.conf; # redhat/centos
vim /etc/apache2/apache2.conf; # debian/ubuntu

debian/ubuntu:

Debian’s Apache2 default configuration is different from the upstream default configuration, and split into several files optimized for interaction with Debian tools.

Why is that? -> Automation

Debian’s default Apache2 installation attempts to make adding and removing modules, virtual hosts, and extra configuration directives as flexible as possible, in order to make automating the changes and administering the server as easy as possible.

Please be aware that this layout is quite different from the standard Apache configuration. Due to the use of environment variables, apache2 needs to be started/stopped with ‚/etc/init.d/apache2‘, apachectl, or apache2ctl. Calling ‚/usr/bin/apache2‘ directly will not work with the default configuration. To call apache2 with specific command line
arguments, just call apache2ctl with the same arguments.

The configuration system is fully documented in /usr/share/doc/apache2/README.Debian.gz (or by clicking this link). Refer to this for the full documentation. Documentation for the web server itself can be found by accessing the manual if the apache2-doc package was installed on this server.

The configuration layout for an Apache2 web server installation on Debian systems is as follows:

/etc/apache2/
|-- apache2.conf
|       `--  ports.conf
|-- mods-enabled
|       |-- *.load
|       `-- *.conf
|-- conf-enabled
|       `-- *.conf
|-- sites-enabled
|       `-- *.conf
  • apache2.conf is the main configuration file. It puts the pieces together by including all remaining configuration files when starting up the web server.
  • ports.conf is always included from the main configuration file. It is used to determine the listening ports for incoming connections, and this file can be customized anytime.
  • Configuration files in the mods-enabled/, conf-enabled/ and sites-enabled/ directories contain particular configuration snippets which manage modules, global configuration fragments, or virtual host configurations, respectively.
  • They are activated by symlinking available configuration files from their respective *-available/ counterparts. These should be managed by using our helpers a2enmod, a2dismod, a2ensite, a2dissite, and a2enconf, a2disconf . See their respective man pages for detailed information.
  • The binary is called apache2. Due to the use of environment variables, in the default configuration, apache2 needs to be started/stopped with /etc/init.d/apache2 or apache2ctl. Calling /usr/bin/apache2 directly will not work with the default configuration.

in the main config file those directories containing more config files are defined:

# Include generic snippets of statements
IncludeOptional conf-enabled/*.conf

# Include the virtual host configurations:
IncludeOptional sites-enabled/*.conf

under centos/redhat it looks like this:

ll /etc/httpd/
total 0
drwxr-xr-x. 2 root root  37 Jul 27 11:14 conf
drwxr-xr-x. 2 root root  82 Jul 27 10:35 conf.d
drwxr-xr-x. 2 root root 146 Jul 27 10:35 conf.modules.d
lrwxrwxrwx. 1 root root  19 Jul 27 10:35 logs -> ../../var/log/httpd
lrwxrwxrwx. 1 root root  29 Jul 27 10:35 modules -> ../../usr/lib64/httpd/modules
lrwxrwxrwx. 1 root root  10 Jul 27 10:35 run -> /run/httpd

under debian9 it looks like this:

ll /etc/apache2/
total 88K
drwxr-xr-x  8 root root 4.0K Jul 27 17:12 .
drwxr-xr-x 92 root root 4.0K Jul 27 16:32 ..
-rw-r--r--  1 root root 7.1K Jul 18 20:37 apache2.conf
drwxr-xr-x  2 root root 4.0K Jul 27 17:13 conf-available
drwxr-xr-x  2 root root 4.0K Jul 27 17:12 conf-enabled
-rw-r--r--  1 root root 1.8K Jul 18 20:36 envvars
-rw-r--r--  1 root root  31K Jul 16 10:15 magic
drwxr-xr-x  2 root root  12K Jul 27 16:32 mods-available
drwxr-xr-x  2 root root 4.0K Jul 27 16:32 mods-enabled
-rw-r--r--  1 root root  320 Jul 16 10:15 ports.conf
drwxr-xr-x  2 root root 4.0K Jul 27 16:32 sites-available
drwxr-xr-x  2 root root 4.0K Jul 27 16:32 sites-enabled

ll /etc/apache2/conf-enabled
total 8.0K
drwxr-xr-x 2 root root 4.0K Jul 27 16:32 .
drwxr-xr-x 8 root root 4.0K Jul 27 17:08 ..
lrwxrwxrwx 1 root root   30 Jul 27 16:32 charset.conf -> ../conf-available/charset.conf
lrwxrwxrwx 1 root root   44 Jul 27 16:32 localized-error-pages.conf -> ../conf-available/localized-error-pages.conf
lrwxrwxrwx 1 root root   46 Jul 27 16:32 other-vhosts-access-log.conf -> ../conf-available/other-vhosts-access-log.conf
lrwxrwxrwx 1 root root   31 Jul 27 16:32 security.conf -> ../conf-available/security.conf
lrwxrwxrwx 1 root root   36 Jul 27 16:32 serve-cgi-bin.conf -> ../conf-available/serve-cgi-bin.conf
ll /etc/apache2/sites-available
total 20K
drwxr-xr-x 2 root root 4.0K Jul 27 16:32 .
drwxr-xr-x 8 root root 4.0K Jul 27 17:12 ..
-rw-r--r-- 1 root root 1.4K Jul 16 10:15 000-default.conf
-rw-r--r-- 1 root root 6.2K Jul 18 20:36 default-ssl.conf

before restarting apache and risking outage – you can test your config like this:

/usr/sbin/apachectl configtest; # test config

.htaccess

is a nice but not-so-easy way to secure your http://www.web.com/directories with username and password authentification.

mkdir /var/www/html/test; # create a test subdirectory, it did not work in document-root
vim /var/www/html/test/.htaccess; # create the file with this content
AuthType Basic
AuthUserFile /var/www/passwd
AuthName "title of the user password dialog box"
order deny,allow
allow from all
require valid-user

htpasswd -cs /var/www/passwd user; # generate file, you will be asked twice for password
htpasswd -s /var/www/passwd secondaryuser;
# -s Use SHA encryption for passwords.
# if you find:
tail -f /var/log/httpd/*_log
==> /var/log/httpd/error_log <==
[Fri Jul 28 07:41:16.678450 2017] [authn_file:error] [pid 2923] (13)Permission denied: [client 172.20.0.7:51440] AH01620: Could not open password file: /var/www/passwd

chcon -Rv --type=httpd_sys_content_t /var/www/passwd; # under centos/redhat 

# you will have to change this line
vim /etc/httpd/conf/httpd.conf

# Further relax access to the default document root:
<Directory "/var/www/html">
    #
    # Possible values for the Options directive are "None", "All",
    # or any combination of:
    #   Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
    #
    # Note that "MultiViews" must be named *explicitly* --- "Options All"
    # doesn't give it to you.
    #
    # The Options directive is both complicated and important.  Please see
    # http://httpd.apache.org/docs/2.4/mod/core.html#options
    # for more information.
    #
    Options Indexes FollowSymLinks

    #
    # AllowOverride controls what directives may be placed in .htaccess files.
    # It can be "All", "None", or any combination of the keywords:
    #   Options FileInfo AuthConfig Limit
    #
    AllowOverride All
...
systemctl restart httpd.service; # restart apache2 to make config active



files involved – file list debian/centos:

debian_apache2_file_search.txt

centos_httpd_file_search.txt

errors:

AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress this message
Syntax OK

while this is not a severe error you should uncomment the ServerName line in your config:

vim /etc/httpd/conf/httpd.conf; # redhat/centos
vim /etc/apache2/apache2.conf; # debian/ubuntu

#
# ServerName gives the name and port that the server uses to identify itself.
# This can often be determined automatically, but we recommend you specify
# it explicitly to prevent problems during startup.
#
# If your host doesn't have a registered DNS name, enter its IP address here.
#
ServerName www.example.com:80

under debian/ubuntu this setting is defined here:

vim /etc/apache2/sites-available/000-default.conf

        # The ServerName directive sets the request scheme, hostname and port that
        # the server uses to identify itself. This is used when creating
        # redirection URLs. In the context of virtual hosts, the ServerName
        # specifies what hostname must appear in the request's Host: header to
        # match this virtual host. For the default virtual host (this file) this
        # value is not decisive as it is used as a last resort host regardless.
        # However, you must set it for any further virtual host explicitly.
        ServerName www.example.com

tools:

manpage: apachectl.man.txt

log files:

error and access logs are usually generated.

# fedora/redhat/centos/suse?
tail -f /var/log/httpd/*

# debian/ubuntu
tail -f /var/log/apache2/*

apache2 vs nginx

„Nginx is event-based, while apache is process-based.

Under high load, this makes all the difference in the world…

Apache has to fork or start a new thread for each connection, while nginx doesn’t.

This difference shows up mainly in memory usage, but also in user response time and other performance metrics.“ (src)

Links:

more webserver software – https://en.wikipedia.org/wiki/Comparison_of_web_server_software

need more php speed? hhvm https://www.youtube.com/watch?v=P9WhAUpMFdg

https://www.howtoforge.com/apache_php_mysql_on_centos_7_lamp

admin