[Pkg-apache-commits] r1144 - in /trunk/apache2: README.Debian README.multiple-instances apache2.2-common.apache2.init changelog config-dir/apache2.conf config-dir/envvars
sf at alioth.debian.org
sf at alioth.debian.org
Sun Feb 7 12:17:43 UTC 2010
Author: sf
Date: Sun Feb 7 12:17:41 2010
New Revision: 1144
URL: http://svn.debian.org/wsvn/pkg-apache/?sc=1&rev=1144
Log:
Add documentation
Introduce APACHE_LOG_DIR to deal with log files/logrotate
Added:
trunk/apache2/README.multiple-instances
Modified:
trunk/apache2/README.Debian
trunk/apache2/apache2.2-common.apache2.init
trunk/apache2/changelog
trunk/apache2/config-dir/apache2.conf
trunk/apache2/config-dir/envvars
Modified: trunk/apache2/README.Debian
URL: http://svn.debian.org/wsvn/pkg-apache/trunk/apache2/README.Debian?rev=1144&op=diff
==============================================================================
--- trunk/apache2/README.Debian (original)
+++ trunk/apache2/README.Debian Sun Feb 7 12:17:41 2010
@@ -202,7 +202,7 @@
This will ask you for the hostname and place both SSL key and certificate in
the file /path/to/cert-file.crt . Use this file with the SSLCertificateFile
-directive in the apache config (you don't need the SSLCertificateKeyFile in
+directive in the Apache config (you don't need the SSLCertificateKeyFile in
this case as it also contains the key). The file /path/to/cert-file.crt should
only be readable by root. A good directory to use for the additional
certificates/keys is /etc/ssl/private .
@@ -229,7 +229,7 @@
Debian ships two version of the suexec helper program required by mod_suexec.
It is not installed by default, to avoid possible security issues. The package
apache2-suexec contains the standard version that works only with document root
-/var/www, userdir suffix public_html, and apache run user www-data. The package
+/var/www, userdir suffix public_html, and Apache run user www-data. The package
apache2-suexec-custom contains a customizable version, that can be configured
with a config file to use different settings (like /srv/www as document root).
For more information see the suexec(8) man page in the apache2-suexec-custom
@@ -243,7 +243,7 @@
Documentation
=============
-The full apache 2 documentation can be found on the web at
+The full Apache 2 documentation can be found on the web at
http://httpd.apache.org/docs/2.2/
@@ -258,17 +258,29 @@
There is also a wiki that contains useful information:
http://wiki.apache.org/httpd/
+
+Some hints about securing Apache 2 on Debian are available at
+
+http://wiki.debian.org/Apache/Hardening
Upgrades
========
-Changes in the apache packages that require manual configuration adjustments
+Changes in the Apache packages that require manual configuration adjustments
are announced in NEWS.Debian. Installing the apt-listchanges package is
recommended. It will display the relevant NEWS.Debian sections before
upgrades.
+Multiple instances
+==================
+
+There is some support for running multiple instances of Apache2 on the same
+machine. See /usr/share/doc/apache2.2-common/README.multiple-instances for more
+information.
+
+
Common Problems
===============
Added: trunk/apache2/README.multiple-instances
URL: http://svn.debian.org/wsvn/pkg-apache/trunk/apache2/README.multiple-instances?rev=1144&op=file
==============================================================================
--- trunk/apache2/README.multiple-instances (added)
+++ trunk/apache2/README.multiple-instances Sun Feb 7 12:17:41 2010
@@ -1,0 +1,94 @@
+The scripts apache2ctl, a2enmod, a2ensite, ... and the init script have some
+support for handling multiple instances of apache2 running on the same machine.
+
+The basic idea is to copy /etc/apache2 to /etc/apache2-xxx:
+
+# the SUFFIX must not contain spaces or shell meta characters
+SUFFIX=xxx
+# copy configuration
+cp -a /etc/apache2 /etc/apache2-$SUFFIX
+# symlink skripts
+ln -s apache2 /etc/init.d/apache2-$SUFFIX
+for a in a2enmod a2dismod a2ensite a2dissite apache2ctl ; do
+ ln -s /usr/sbin/$a /usr/local/sbin/$a-$SUFFIX
+done
+# setup log dir and logrotate
+cp -a /etc/logrotate.d/apache2 /etc/logrotate.d/apache2-$SUFFIX
+perl -p -i -e s,apache2,apache2-$SUFFIX,g /etc/logrotate.d/apache2-$SUFFIX
+mkdir /var/log/apache2-$SUFFIX
+chmod 750 /var/log/apache2-$SUFFIX
+chown root:adm /var/log/apache2-$SUFFIX
+
+
+Adjust the configuration in /etc/apache2-xxx, especially 'Listen' in ports.conf.
+
+You can then use a2enmod-xxx, /etc/init.d/apache2-xxx, ... as usual, and they
+will affect the new instance of apache2.
+
+To start the new apache2 instance on boot, use
+- if you use dependency based boot sequence (the default)
+ insserv apache2-xxx
+- otherwise:
+ ln -s ../init.d/apache2-xxx /etc/rc2.d/S80apache2-xxx
+
+
+Upgrades
+========
+
+Since onle the configuration files in /etc/apache2 are in the package, the
+configuration of other instances won't change if the default configuration
+changes. Possibly ways to deal with this are:
+
+- Use symlinks to the files in /etc/apache2 where possible instead of copying
+ the files.
+- Don't modify /etc/apache2 at all but use it to track the default
+ configuration. You can then merge the changes into the /etc/apache2-xxx dirs.
+ It may be a good idea to use a version control system for /etc/apache2 to
+ keep track of the changes. See the package etckeeper for keeping the whole
+ /etc dir under version control.
+ An advanced scheme may be for every /etc/apache2* dir to be a separate git
+ repository so that you can easily pull/push changes from one dir to another.
+
+
+Configuration
+=============
+
+The init script will try to read /etc/defaults/apache2-xxx. If that does not
+exist, it will use /etc/defaults/apache2 instead.
+
+The following environment variables can be used to influence the scripts. The
+default apache2 configuration will make use of them, too. Most can be set in
+/etc/apache2-xxx/envvars. Variables set in /etc/apache2-xxx/envvars must be
+exported.
+
+variable default value
+-------- -------------
+APACHE_CONFDIR /etc/apache2 or /etc/apache2-xxx
+APACHE_ENVVARS $APACHE_CONFDIR/envvars
+APACHE_HTTPD /usr/sbin/apache2
+APACHE_ARGUMENTS empty if $APACHE_CONFDIR = /etc/apache2
+ "-d $APACHE_CONFDIR" otherwise
+
+APACHE_RUN_USER www-data
+APACHE_RUN_GROUP www-data
+
+APACHE_PID_FILE /var/run/apache2.pid or /var/run/apachd2-xxx.pid
+APACHE_RUN_DIR /var/run/apache2 or /var/run/apache2-xxx
+APACHE_LOCK_DIR /var/lock/apache2 or /var/lock/apache2-xxx
+APACHE_LOG_DIR /var/log/apache2 or /var/log/apache2-xxx
+
+APACHE_MODS_AVAILABLE $APACHE_CONFDIR/mods-available
+APACHE_MODS_ENABLED $APACHE_CONFDIR/mods-enabled
+APACHE_SITES_AVAILABLE $APACHE_CONFDIR/sites-available
+APACHE_SITES_ENABLED $APACHE_CONFDIR/sites-enabled
+
+APACHE_LYNX www-browser -dump
+APACHE_STATUSURL http://localhost:80/server-status
+
+
+MPMs
+====
+
+You can use different MPMs for different instances by setting APACHE_HTTP to
+one of /usr/lib/apache2/mpm-*/apache2. Note that some modules like mod_php only
+work with the non-threaded MPMs (prefork, itk).
Modified: trunk/apache2/apache2.2-common.apache2.init
URL: http://svn.debian.org/wsvn/pkg-apache/trunk/apache2/apache2.2-common.apache2.init?rev=1144&op=diff
==============================================================================
--- trunk/apache2/apache2.2-common.apache2.init (original)
+++ trunk/apache2/apache2.2-common.apache2.init Sun Feb 7 12:17:41 2010
@@ -23,6 +23,7 @@
if [ -z "$APACHE_ENVVARS" ] ; then
APACHE_ENVVARS=$APACHE_CONFDIR/envvars
fi
+export APACHE_CONFDIR APACHE_ENVVARS
ENV="env -i LANG=C PATH=/usr/local/bin:/usr/bin:/bin"
if [ "$APACHE_CONFDIR" != /etc/apache2 ] ; then
Modified: trunk/apache2/changelog
URL: http://svn.debian.org/wsvn/pkg-apache/trunk/apache2/changelog?rev=1144&op=diff
==============================================================================
--- trunk/apache2/changelog (original)
+++ trunk/apache2/changelog Sun Feb 7 12:17:41 2010
@@ -1,8 +1,12 @@
apache2 (2.2.14-6) UNRELEASED; urgency=low
* Move ab and logresolve from /usr/sbin to /usr/bin. Closes: #351450, #564061
+ * Use environment variables APACHE_RUN_DIR, APACHE_LOCK_DIR, and
+ APACHE_LOG_DIR in the default configuration. If you have modified
+ /etc/apache2/envvars, make sure that these variables are set and exported.
* Add support for multiple apache2 instances to initscript and apache2ctl.
- Documentation ist still missing, though... Closes: #353450
+ See /usr/share/doc/apache2.2-common/README.multiple-instances for details.
+ Closes: #353450
* Set default compiled-in ServerRoot to /etc/apache2 and make paths in
apache2.conf relative to ServerRoot.
* Fix symlinks in apache2-dbg package. Closes: #567076
Modified: trunk/apache2/config-dir/apache2.conf
URL: http://svn.debian.org/wsvn/pkg-apache/trunk/apache2/config-dir/apache2.conf?rev=1144&op=diff
==============================================================================
--- trunk/apache2/config-dir/apache2.conf (original)
+++ trunk/apache2/config-dir/apache2.conf Sun Feb 7 12:17:41 2010
@@ -186,7 +186,7 @@
# logged here. If you *do* define an error logfile for a <VirtualHost>
# container, that host's errors will be logged there and not here.
#
-ErrorLog /var/log/apache2/error.log
+ErrorLog ${APACHE_LOG_DIR}/error.log
#
# LogLevel: Control the number of messages logged to the error_log.
@@ -218,7 +218,7 @@
#
# Define an access log for VirtualHosts that don't define their own logfile
-CustomLog /var/log/apache2/other_vhosts_access.log vhost_combined
+CustomLog ${APACHE_LOG_DIR}/other_vhosts_access.log vhost_combined
# Include of directories ignores editors' and dpkg's backup files,
Modified: trunk/apache2/config-dir/envvars
URL: http://svn.debian.org/wsvn/pkg-apache/trunk/apache2/config-dir/envvars?rev=1144&op=diff
==============================================================================
--- trunk/apache2/config-dir/envvars (original)
+++ trunk/apache2/config-dir/envvars Sun Feb 7 12:17:41 2010
@@ -18,6 +18,8 @@
export APACHE_PID_FILE=/var/run/apache2$SUFFIX.pid
export APACHE_RUN_DIR=/var/run/apache2$SUFFIX
export APACHE_LOCK_DIR=/var/lock/apache2$SUFFIX
+# Only /var/log/apache2 is handled by /etc/logrotate.d/apache2.
+export APACHE_LOG_DIR=/var/log/apache2$SUFFIX
## The locale used by some modules like mod_dav
export LANG=C
More information about the Pkg-apache-commits
mailing list