[Pkg-apache-commits] r1144 - in /trunk/apache2: README.Debian README.multiple-instances apache2.2-common.apache2.init changelog config-dir/apache2.conf config-dir/envvars

sf at alioth.debian.org sf at alioth.debian.org
Sun Feb 7 12:17:43 UTC 2010 

Author: sf
Date: Sun Feb  7 12:17:41 2010
New Revision: 1144

URL: http://svn.debian.org/wsvn/pkg-apache/?sc=1&rev=1144
Log:
Add documentation
Introduce APACHE_LOG_DIR to deal with log files/logrotate

Added:
    trunk/apache2/README.multiple-instances
Modified:
    trunk/apache2/README.Debian
    trunk/apache2/apache2.2-common.apache2.init
    trunk/apache2/changelog
    trunk/apache2/config-dir/apache2.conf
    trunk/apache2/config-dir/envvars

Modified: trunk/apache2/README.Debian
URL: http://svn.debian.org/wsvn/pkg-apache/trunk/apache2/README.Debian?rev=1144&op=diff
==============================================================================
--- trunk/apache2/README.Debian (original)
+++ trunk/apache2/README.Debian Sun Feb  7 12:17:41 2010
@@ -202,7 +202,7 @@
 
 This will ask you for the hostname and place both SSL key and certificate in
 the file /path/to/cert-file.crt . Use this file with the SSLCertificateFile
-directive in the apache config (you don't need the SSLCertificateKeyFile in
+directive in the Apache config (you don't need the SSLCertificateKeyFile in
 this case as it also contains the key). The file /path/to/cert-file.crt should
 only be readable by root. A good directory to use for the additional
 certificates/keys is /etc/ssl/private .
@@ -229,7 +229,7 @@
 Debian ships two version of the suexec helper program required by mod_suexec.
 It is not installed by default, to avoid possible security issues. The package
 apache2-suexec contains the standard version that works only with document root
-/var/www, userdir suffix public_html, and apache run user www-data. The package
+/var/www, userdir suffix public_html, and Apache run user www-data. The package
 apache2-suexec-custom contains a customizable version, that can be configured
 with a config file to use different settings (like /srv/www as document root).
 For more information see the suexec(8) man page in the apache2-suexec-custom
@@ -243,7 +243,7 @@
 Documentation
 =============
 
-The full apache 2 documentation can be found on the web at
+The full Apache 2 documentation can be found on the web at
 
 http://httpd.apache.org/docs/2.2/
 
@@ -258,17 +258,29 @@
 There is also a wiki that contains useful information:
 
 http://wiki.apache.org/httpd/
+
+Some hints about securing Apache 2 on Debian are available at
+
+http://wiki.debian.org/Apache/Hardening
 
 
 Upgrades
 ========
 
-Changes in the apache packages that require manual configuration adjustments
+Changes in the Apache packages that require manual configuration adjustments
 are announced in NEWS.Debian. Installing the apt-listchanges package is
 recommended. It will display the relevant NEWS.Debian sections before
 upgrades.
 
 
+Multiple instances
+==================
+
+There is some support for running multiple instances of Apache2 on the same
+machine. See /usr/share/doc/apache2.2-common/README.multiple-instances for more
+information.
+
+
 Common Problems
 ===============
 

Added: trunk/apache2/README.multiple-instances
URL: http://svn.debian.org/wsvn/pkg-apache/trunk/apache2/README.multiple-instances?rev=1144&op=file
==============================================================================
--- trunk/apache2/README.multiple-instances (added)
+++ trunk/apache2/README.multiple-instances Sun Feb  7 12:17:41 2010
@@ -1,0 +1,94 @@
+The scripts apache2ctl, a2enmod, a2ensite, ... and the init script have some
+support for handling multiple instances of apache2 running on the same machine.
+
+The basic idea is to copy /etc/apache2 to /etc/apache2-xxx:
+
+# the SUFFIX must not contain spaces or shell meta characters
+SUFFIX=xxx
+# copy configuration
+cp -a /etc/apache2 /etc/apache2-$SUFFIX
+# symlink skripts
+ln -s apache2 /etc/init.d/apache2-$SUFFIX
+for a in a2enmod a2dismod a2ensite a2dissite apache2ctl ; do
+	ln -s /usr/sbin/$a /usr/local/sbin/$a-$SUFFIX
+done
+# setup log dir and logrotate
+cp -a /etc/logrotate.d/apache2 /etc/logrotate.d/apache2-$SUFFIX
+perl -p -i -e s,apache2,apache2-$SUFFIX,g /etc/logrotate.d/apache2-$SUFFIX
+mkdir /var/log/apache2-$SUFFIX
+chmod 750 /var/log/apache2-$SUFFIX
+chown root:adm /var/log/apache2-$SUFFIX
+
+
+Adjust the configuration in /etc/apache2-xxx, especially 'Listen' in ports.conf.
+
+You can then use a2enmod-xxx, /etc/init.d/apache2-xxx, ... as usual, and they
+will affect the new instance of apache2.
+
+To start the new apache2 instance on boot, use
+- if you use dependency based boot sequence (the default)
+	insserv apache2-xxx
+- otherwise:
+	ln -s ../init.d/apache2-xxx /etc/rc2.d/S80apache2-xxx
+
+
+Upgrades
+========
+
+Since onle the configuration files in /etc/apache2 are in the package, the
+configuration of other instances won't change if the default configuration
+changes.  Possibly ways to deal with this are:
+
+- Use symlinks to the files in /etc/apache2 where possible instead of copying
+  the files.
+- Don't modify /etc/apache2 at all but use it to track the default
+  configuration. You can then merge the changes into the /etc/apache2-xxx dirs.
+  It may be a good idea to use a version control system for /etc/apache2 to
+  keep track of the changes. See the package etckeeper for keeping the whole
+  /etc dir under version control.
+  An advanced scheme may be for every /etc/apache2* dir to be a separate git
+  repository so that you can easily pull/push changes from one dir to another.
+ 
+
+Configuration
+=============
+
+The init script will try to read /etc/defaults/apache2-xxx. If that does not
+exist, it will use /etc/defaults/apache2 instead.
+
+The following environment variables can be used to influence the scripts.  The
+default apache2 configuration will make use of them, too. Most can be set in
+/etc/apache2-xxx/envvars. Variables set in /etc/apache2-xxx/envvars must be
+exported.
+
+variable		default value
+--------		-------------
+APACHE_CONFDIR		/etc/apache2         or /etc/apache2-xxx
+APACHE_ENVVARS		$APACHE_CONFDIR/envvars
+APACHE_HTTPD		/usr/sbin/apache2
+APACHE_ARGUMENTS	empty if $APACHE_CONFDIR = /etc/apache2
+			"-d $APACHE_CONFDIR" otherwise
+
+APACHE_RUN_USER		www-data
+APACHE_RUN_GROUP	www-data
+
+APACHE_PID_FILE         /var/run/apache2.pid or /var/run/apachd2-xxx.pid
+APACHE_RUN_DIR		/var/run/apache2     or /var/run/apache2-xxx
+APACHE_LOCK_DIR		/var/lock/apache2    or /var/lock/apache2-xxx
+APACHE_LOG_DIR		/var/log/apache2     or /var/log/apache2-xxx
+
+APACHE_MODS_AVAILABLE	$APACHE_CONFDIR/mods-available
+APACHE_MODS_ENABLED	$APACHE_CONFDIR/mods-enabled
+APACHE_SITES_AVAILABLE	$APACHE_CONFDIR/sites-available
+APACHE_SITES_ENABLED	$APACHE_CONFDIR/sites-enabled
+
+APACHE_LYNX		www-browser -dump
+APACHE_STATUSURL	http://localhost:80/server-status
+
+
+MPMs
+====
+
+You can use different MPMs for different instances by setting APACHE_HTTP to
+one of /usr/lib/apache2/mpm-*/apache2. Note that some modules like mod_php only
+work with the non-threaded MPMs (prefork, itk).

Modified: trunk/apache2/apache2.2-common.apache2.init
URL: http://svn.debian.org/wsvn/pkg-apache/trunk/apache2/apache2.2-common.apache2.init?rev=1144&op=diff
==============================================================================
--- trunk/apache2/apache2.2-common.apache2.init (original)
+++ trunk/apache2/apache2.2-common.apache2.init Sun Feb  7 12:17:41 2010
@@ -23,6 +23,7 @@
 if [ -z "$APACHE_ENVVARS" ] ; then
 	APACHE_ENVVARS=$APACHE_CONFDIR/envvars
 fi
+export APACHE_CONFDIR APACHE_ENVVARS
 
 ENV="env -i LANG=C PATH=/usr/local/bin:/usr/bin:/bin"
 if [ "$APACHE_CONFDIR" != /etc/apache2 ] ; then

Modified: trunk/apache2/changelog
URL: http://svn.debian.org/wsvn/pkg-apache/trunk/apache2/changelog?rev=1144&op=diff
==============================================================================
--- trunk/apache2/changelog (original)
+++ trunk/apache2/changelog Sun Feb  7 12:17:41 2010
@@ -1,8 +1,12 @@
 apache2 (2.2.14-6) UNRELEASED; urgency=low
 
   * Move ab and logresolve from /usr/sbin to /usr/bin. Closes: #351450, #564061
+  * Use environment variables APACHE_RUN_DIR, APACHE_LOCK_DIR, and
+    APACHE_LOG_DIR in the default configuration. If you have modified
+    /etc/apache2/envvars, make sure that these variables are set and exported.
   * Add support for multiple apache2 instances to initscript and apache2ctl.
-    Documentation ist still missing, though... Closes: #353450
+    See /usr/share/doc/apache2.2-common/README.multiple-instances for details.
+    Closes: #353450
   * Set default compiled-in ServerRoot to /etc/apache2 and make paths in
     apache2.conf relative to ServerRoot.
   * Fix symlinks in apache2-dbg package. Closes: #567076

Modified: trunk/apache2/config-dir/apache2.conf
URL: http://svn.debian.org/wsvn/pkg-apache/trunk/apache2/config-dir/apache2.conf?rev=1144&op=diff
==============================================================================
--- trunk/apache2/config-dir/apache2.conf (original)
+++ trunk/apache2/config-dir/apache2.conf Sun Feb  7 12:17:41 2010
@@ -186,7 +186,7 @@
 # logged here.  If you *do* define an error logfile for a <VirtualHost>
 # container, that host's errors will be logged there and not here.
 #
-ErrorLog /var/log/apache2/error.log
+ErrorLog ${APACHE_LOG_DIR}/error.log
 
 #
 # LogLevel: Control the number of messages logged to the error_log.
@@ -218,7 +218,7 @@
 
 #
 # Define an access log for VirtualHosts that don't define their own logfile
-CustomLog /var/log/apache2/other_vhosts_access.log vhost_combined
+CustomLog ${APACHE_LOG_DIR}/other_vhosts_access.log vhost_combined
 
 
 # Include of directories ignores editors' and dpkg's backup files,

Modified: trunk/apache2/config-dir/envvars
URL: http://svn.debian.org/wsvn/pkg-apache/trunk/apache2/config-dir/envvars?rev=1144&op=diff
==============================================================================
--- trunk/apache2/config-dir/envvars (original)
+++ trunk/apache2/config-dir/envvars Sun Feb  7 12:17:41 2010
@@ -18,6 +18,8 @@
 export APACHE_PID_FILE=/var/run/apache2$SUFFIX.pid
 export APACHE_RUN_DIR=/var/run/apache2$SUFFIX
 export APACHE_LOCK_DIR=/var/lock/apache2$SUFFIX
+# Only /var/log/apache2 is handled by /etc/logrotate.d/apache2.
+export APACHE_LOG_DIR=/var/log/apache2$SUFFIX
 
 ## The locale used by some modules like mod_dav
 export LANG=C

More information about the Pkg-apache-commits mailing list