Links

Ben Laurie blathering


Configuring Apache httpd

(I’m sure most people just call it Apache but at least one vocal person in the ASF has always insisted we should call it Apache httpd, as opposed to, say, Apache Tomcat (which everyone calls Tomcat, anyway))

Since my work on the Bandit identity selector, I have been keen to get the other end working – that is, the server side. As Java drives me nuts, I was pleased to be reminded of the existence of an Apache module, mod_auth_infocard (sorry, “Apache Authentication Module for CardSpace”), from Ping Identity. So, I’ve been playing with it – but I haven’t finished; more on that later. Today I want to talk about configuring Apache, using it as an example.

The Apache developers (against my occasional protests) have always insisted on distributing the most awesomely revolting “default” configuration file with Apache. Distributions tend to go in for even huger ones, too. It has always been a source of great distress to me because almost none of that configuration is actually needed. The end result is that people end up with configurations that are hard to maintain, because they don’t know which bits are actually necessary for their site, and which bits are just left lying around afterwards.

So, I have always maintained that the right way to configure Apache (and pretty much any other software) is to start with no configuration and keep fixing it until it does what you want. Since I’ve just had to do exactly that for mod_auth_infocard, I thought I’d document the process, which involves a bit of magick, but mostly just reading.

First off, I want to get Apache running standalone, without the module added in. My first step is to just run it…

$ httpd
(13)Permission denied: make_sock: could not bind to address [::]:80
(13)Permission denied: make_sock: could not bind to address 0.0.0.0:80
no listening sockets available, shutting down
Unable to open logs

I’m not root, so no surprise that I can’t open port 80. So, I want to write my own configuration file and put it on a different port. Just to show I make mistakes, too, my first attempt was this

$ httpd -d .
httpd: Could not open configuration file ./etc/apache22/httpd.conf: No such file or directory

Close, but no cigar. At least I can take a good guess where the default config is now :-) . Next attempt

$ httpd -d `pwd` -f `pwd`/conf/httpd.conf
httpd: Could not open configuration file /home/ben/hgq/Apache_Module_for_CardSpace/www-example/conf/httpd.conf: No such file or directory

That’s because I haven’t created it yet, so, I put an empty file there

$ httpd -d `pwd` -f `pwd`/conf/httpd.conf
no listening sockets available, shutting down
Unable to open logs

Progress, of a kind. I happen to know the directive to use to set the listening socket, but if I didn’t, I’d do this

$ httpd -L|more
<directory (core.c)
Container for directives affecting resources located in the specified directories
Allowed in *.conf only outside <Directory>, <Files> or <Location>
<Location (core.c)
Container for directives affecting resources accessed through the specified URL paths
Allowed in *.conf only outside <Directory>, <Files> or <Location>
.
.
.

and so forth. I add this to conf/httpd.conf

Listen 8080

and the next run gives me

[Fri Oct 12 10:29:20 2007] [warn] (2)No such file or directory: Failed to enable the 'httpready' Accept Filter
(13)Permission denied: httpd: could not open error log file /var/log/httpd-error.log.
Unable to open logs

The first is a warning only, so I’ll ignore it. The second doesn’t say so, but is in fact fatal, so I’d better fix it. Next update to httpd.conf

ErrorLog logs/error.log

This will be relative to the server root (set with the -d flag), so I also have to create the logs directory

[Fri Oct 12 10:31:56 2007] [warn] (2)No such file or directory: Failed to enable the 'httpready' Accept Filter

is all I get this time. But, having been here before, I know I need to also look at the error log

$ cat logs/error.log
[Fri Oct 12 10:31:56 2007] [error] (13)Permission denied: could not create /var/run/httpd.pid
[Fri Oct 12 10:31:56 2007] [error] httpd: could not log pid to file /var/run/httpd.pid

again, an easy fix

PidFile run/httpd.pid

and, of course, create the run directory. Now we get (in the error log)

[Fri Oct 12 10:39:06 2007] [emerg] (2)No such file or directory: Couldn't create accept lock (/var/run/accept.lock.26590) (5)

fixed with

LockFile run/accept.lock

and now I see

[Fri Oct 12 10:40:00 2007] [notice] Apache/2.2.6 (FreeBSD) configured -- resuming normal operations

This means its running – I check by browsing there, and get a page

Not Found

The requested URL / was not found on this server.

with the corresponding error

[Fri Oct 12 10:40:57 2007] [error] [client 193.133.15.218] File does not exist: /www

Since I’m not currently interested in serving any documents, I won’t fix this error, but FYI you can change this directory with DocumentRoot. OK, so I have a running Apache. My next task is to get the module running, and this is where the magick comes in. First off, because the server is now working, I have to either restart it, or stop and start it each time, so I write a little script to save typing

#!/bin/sh

[ -f run/httpd.pid ] && kill `cat run/httpd.pid`
httpd -d `pwd` -f `pwd`/conf/httpd.conf

In order to load the module, I add

LoadModule auth_infocard_module ../src/.libs/mod_auth_infocard.so

obviously, your paths may vary. Now when I try a run, we’re back to a non-starting server

httpd: Syntax error on line 12 of /disk1.1/usr/home/ben/hgq/Apache_Module_for_CardSpace/www-example/conf/httpd.conf: Cannot load /disk1.1/usr/home/ben/hgq/Apache_Module_for_CardSpace/src/.libs/mod_auth_infocard.so into server: /disk1.1/usr/home/ben/hgq/Apache_Module_for_CardSpace/src/.libs/mod_auth_infocard.so: Undefined symbol "_ZTVN10__cxxabiv117__class_type_infoE"

Its a little curious to call this a syntax error. What’s really happening is that the module is referencing some dynamic libraries that have not been loaded. The undefined symbol, to the seasoned programmer, is clearly a C++ mangled function name. Since it is C++, I could guess that the missing library is the standard C++ library, and indeed, adding this (before the LoadModule)

LoadFile /usr/lib/libstdc++.so

moves us onwards

httpd: Syntax error on line 12 of /disk1.1/usr/home/ben/hgq/Apache_Module_for_CardSpace/www-example/conf/httpd.conf: Cannot load /disk1.1/usr/home/ben/hgq/Apache_Module_for_CardSpace/src/.libs/mod_auth_infocard.so into server: /disk1.1/usr/home/ben/hgq/Apache_Module_for_CardSpace/src/.libs/mod_auth_infocard.so: Undefined symbol "_ZNK11xercesc_2_713XMLAttDefList14isSerializableEv"

Again, I can guess that this is from Xerces (I had to configure it when I was building the module – that gives me a clue!) … but suppose I couldn’t? Then what? c++filt to the rescue

$ c++filt _ZNK11xercesc_2_713XMLAttDefList14isSerializableEv
xercesc_2_7::XMLAttDefList::isSerializable() const

The Xerces library gets loaded

LoadFile /usr/local/lib/libxerces-c.so

The rest is more grind of the same nature (btw, if you can’t find where a symbol lives, I would recommend the judicious use of find, nm and grep). The final httpd.conf looks like this

Listen 8080
ErrorLog logs/error.log
PidFile run/httpd.pid
LockFile run/accept.lock

LoadFile /usr/lib/libstdc++.so
LoadFile /usr/local/lib/libxerces-c.so
LoadFile /usr/local/lib/libxml-security-c.so
LoadFile /usr/local/lib/libxml2.so
LoadFile /usr/lib/libssl.so

LoadModule auth_infocard_module ../src/.libs/mod_auth_infocard.so

Note that the module is loaded, but isn’t doing anything yet. That’s for another thrilling episode.

1 Comment »

  1. I think this page makes an excellent reference for getting Apache (Oops, I mean httpd) up and running. It’s a pity that more references don’t advocate this approach.

    Despite this potential simplicity, I doubt there are two flavours of Linux that package Apache in the same manner. I don’t have a problem with each distro tweaking it to suit their packaging guidelines, but surely their goal should be to keep it as near to standard as possible within those guidelines?

    Comment by Steve Crook — 13 Oct 2007 @ 11:09

RSS feed for comments on this post. TrackBack URI

Leave a comment

Powered by WordPress

Close
E-mail It