Apache HTTP Server Installation and Configuration¶
The Apache HTTP server and the mod_ssl Apache module should have already
been installed as dependencies for the td-hostserver RPM package.
You can verify this with the following command:
[root@hostserver ~]# dnf install httpd mod_ssl
Package httpd-2.4.37-47.module_el8.6.0+1111+ce6f4ceb.1.x86_64 is already installed.
Package mod_ssl-1:2.4.37-47.module_el8.6.0+1111+ce6f4ceb.1.x86_64 is already installed.
Dependencies resolved.
Nothing to do.
Update httpd.conf¶
Open the web server configuration file /etc/httpd/conf/httpd.conf in a text
editor to change the following parameters:
KeepAlive On
KeepAliveTimeout 2
ServerName <Your ServerName>
For security reasons, we also advise to disable the so-called “Server Signature” - a feature that adds a line containing the server version and virtual host name to server-generated pages (e.g. internal error documents, FTP directory listings, etc):
ServerSignature Off
By default, the server version and operating system is also displayed in the
Server response header field, e.g. Server: Apache/2.2.15 (CentOS).
To suppress this output, we suggest to update the ServerTokens option as
follows:
ServerTokens Prod
Enable “Prefork” Mode¶
The mod_pspace module requires that apache run in prefork mode. Note that
Apache will crash when running in a different mode.
To set the mode, execute:
sed -e '/LoadModule mpm_event_module/ s/^#*/#/' -i /etc/httpd/conf.modules.d/00-mpm.conf
sed -e '/#LoadModule mpm_prefork_module/ s/^#*//' -i /etc/httpd/conf.modules.d/00-mpm.conf
which will comment out the mpm_event_module and uncomment the mpm_prefork_module. The result should look:
# Select the MPM module which should be used by uncommenting exactly
# one of the following LoadModule lines. See the httpd.conf(5) man
# page for more information on changing the MPM.
...
LoadModule mpm_prefork_module modules/mod_mpm_prefork.so
...
#LoadModule mpm_worker_module modules/mod_mpm_worker.so
...
#LoadModule mpm_event_module modules/mod_mpm_event.so
Disable Unneeded Apache Modules¶
In the directory: /etc/httpd/conf.modules.d comment out all modules in the
following config files. Using the linux stream editor (sed) with the following
regular expression will add a ‘#’ comment sign in each line starting with
‘LoadModule’:
sed -e '/LoadModule/ s/^#*/#/' -i /etc/httpd/conf.modules.d/00-dav.conf
sed -e '/LoadModule/ s/^#*/#/' -i /etc/httpd/conf.modules.d/00-lua.conf
sed -e '/LoadModule/ s/^#*/#/' -i /etc/httpd/conf.modules.d/00-proxy.conf
sed -e '/LoadModule/ s/^#*/#/' -i /etc/httpd/conf.modules.d/01-cgi.conf
sed -e '/LoadModule/ s/^#*/#/' -i /etc/httpd/conf.modules.d/10-proxy_h2.conf
Modify /etc/httpd/conf.modules.d/00-base.conf and leave only the following
modules enabled by disabling all modules at first and enable only the required
modules afterwards:
sed -e '/LoadModule/ s/^#*/#/' -i /etc/httpd/conf.modules.d/00-base.conf
sed -e '/#LoadModule alias_module/ s/^#*//' -i /etc/httpd/conf.modules.d/00-base.conf
sed -e '/#LoadModule authz_core_module/ s/^#*//' -i /etc/httpd/conf.modules.d/00-base.conf
sed -e '/#LoadModule autoindex_module/ s/^#*//' -i /etc/httpd/conf.modules.d/00-base.conf
sed -e '/#LoadModule headers_module/ s/^#*//' -i /etc/httpd/conf.modules.d/00-base.conf
sed -e '/#LoadModule log_config_module/ s/^#*//' -i /etc/httpd/conf.modules.d/00-base.conf
sed -e '/#LoadModule mime_module/ s/^#*//' -i /etc/httpd/conf.modules.d/00-base.conf
sed -e '/#LoadModule rewrite_module/ s/^#*//' -i /etc/httpd/conf.modules.d/00-base.conf
sed -e '/#LoadModule setenvif_module/ s/^#*//' -i /etc/httpd/conf.modules.d/00-base.conf
sed -e '/#LoadModule slotmem_shm_module/ s/^#*//' -i /etc/httpd/conf.modules.d/00-base.conf
sed -e '/#LoadModule socache_shmcb_module/ s/^#*//' -i /etc/httpd/conf.modules.d/00-base.conf
sed -e '/#LoadModule unixd_module/ s/^#*//' -i /etc/httpd/conf.modules.d/00-base.conf
sed -e '/#LoadModule version_module/ s/^#*//' -i /etc/httpd/conf.modules.d/00-base.conf
sed -e '/LoadModule/ s/^#*/#/' -i /etc/httpd/conf.modules.d/10-h2.conf
Disable access logs¶
The TeamDrive clients are polling the same url periodically for updates in the space. To prevent the same requests from overflowing the log file, the access logs should be deactivated:
sed -e '/ CustomLog/ s/^#*/ #/' -i /etc/httpd/conf/httpd.conf
sed -e '/TransferLog/ s/^#*/#/' -i /etc/httpd/conf.d/ssl.conf
sed -e '/CustomLog/ s/^#*/#/' -i /etc/httpd/conf.d/ssl.conf
Configure mod_ssl¶
The web-based TeamDrive Hosting Service Administration Console should be accessed
via an encrypted SSL connection. To facilitate this, add the following to the
end of the default <VirtualHost> section in /etc/httpd/conf.d/ssl.conf:
Include conf.d/td-hostserver.httpd.conf.ssl
</VirtualHost>