|
Last modified: 27 Dec 2007
In H-Sphere 3.1 Beta 1 the Web service functionality was greatly extended and improved to allow for more flexibility both in
administering Unix web boxes and in end user Web settings.
This document describes the main changes in the Web service software and includes information on Apache configuration important for H-Sphere
system administrators.
Web Service Packages in H-Sphere 3.1+
Apache 2.2 underwent significant changes since 1.3 version. Accordingly, there are PHP modules compatible with each particular Apache
version that is indicated in the name of PHP package (1x or 2x). The cgi/cli part of PHP is assembled and works based on Apache 1.3.
Only the pear part of PHP is common for the two Apache versions.
Here is the list of web service software packages for H-Sphere 3.1 Beta 1 and up (note that versions are just examples
that may differ from current ones):
| Package |
Description |
Comment |
| hsphere-apache2-h3.1-2.2.6-x |
Apache 2.2.x binaries, modules, libraries and headers |
Package updates |
| hsphere-apache-h3.1-1.3.39-x |
Apache 1.3.x binaries, modules, libraries and headers |
Package updates |
| hsphere-apache-shared-h3.1-1-x |
Configuration template files, scripts, startup files, etc. common for Apache 1.3.x and 2.2.x |
Package updates |
| hsphere-apache-utils-h3.1-1-x |
Utilities used when parsing apache logs, lynx browser, etc. |
Package updates |
| hsphere-php4-1x-4.4.7-x |
libphp4 for Apache 1.3.x |
Package updates |
| hsphere-php4-2x-4.4.7-x |
libphp4 for Apache 2.2.x |
| hsphere-php4-cgi-4.4.7-x |
CLI and CGI php4 binaries |
| hsphere-php4-pear-4.4.7-x |
PEAR for PHP4 |
| hsphere-php4-plugins-4.4.7-x |
Set of plugins, their confs, which may work in pair with CLI, CGI or libphp4 |
| hsphere-php5-1x-5.2.4-x |
libphp5 for Apache 1.3.x |
Package updates |
| hsphere-php5-2x-5.2.4-x |
libphp5 for Apache 2.2.x |
| hsphere-php5-cgi-5.2.4-x |
CLI and CGI php4 binaries |
| hsphere-php5-pear-5.2.4-x |
PEAR for PHP5 |
| hsphere-php5-plugins-5.2.4-x |
Set of plugins, their confs, which may work in pair with CLI, CGI or libphp5 |
Support of Apache 2.2.x and 1.3.x
In addition to Apache 1.3.x, support of Apache 2.2.x is implemented. There are two modes of Apache 2.2.x:
For the MPM worker mode, cgi requests are processed via mod_cgid.
Tuning Web Service from the CP Interface
In H-Sphere 3.1 Beta 1 and up there is a possibility to choose some Web settings for a physical Web server right from administrator's
cp interface:
All webbox related settings chosen from the cp interface are stored in the following file:
/hsphere/shared/scripts/scripts.cfg
Such changes are applied immediately by the script:
/hsphere/shared/scripts/manage-service.sh httpd restart
The settings are stored in the configuration file in the form of 'prefix_title=value. There are several groups of settings:
Apache Settings
These are settings for enabling/disabling Apache modules. The prefix is apache. Here is the list of possible settings:
| Title |
Default Value |
Comments |
| apache_libphp4 |
1 |
|
| apache_libphp5 |
0 |
|
| apache_ssl |
1 |
|
| apache_scgi |
0 |
|
| apache_frontpage |
0 |
Ignored in Apache 2 |
| apache_throttle |
0 |
Ignored in Apache 2 |
| apache_status |
0 |
|
| apache_fastcgi |
0 |
|
| apache_security |
0 |
|
| apache_cache |
0 |
|
| apache_security2 |
0 |
Ignored in Apache 1 |
| apache_version |
1 |
Apache version. Only for Apache 2. |
| apache_mpm |
prefork |
MPM mode: prefork or worker. Only for Apache 2. |
All independent modules are implemented via specific templates each allowing for customization.
They have their own config files which
are inserted in the main config file using the include directive.
The main config file is also realized via independent templates for Apache 1.3.x and 2.2.x.
PHP Settings
For each Apache version/mode (Apache 1.3.x or 2.2.x MPM prefork and MPM worker) there is a possibility to operate PHP in 6 modes:
libphp5, libphp4, cgi-php5, cgi-php4, fastcgi-php4, fastcgi-php5. The prefix is 'php'. Here is the list of possible
settings:
| Title |
Default Value |
Comments |
| php_libphp4 |
2 |
|
| php_fastcgi4 |
0 |
Needs mod_fastcgi being enabled for Apache |
| php_cgi4 |
1 |
|
| php_libphp5 |
0 |
If the value is other than 0, the value for php_libphp4 has to be 0 |
| php_fastcgi5 |
2 |
|
| php_cgi5 |
1 |
|
Fastcgi Settings
Fastcgi, unlike the regular cgi, keeps the
activated module e.g. php loaded for some time after the call. All further calls are carried out quicker that preserves time for programs
being loaded. However, the number of programs that can be stored in the fastcgi operating memory is limited.
All programs loaded by fastcgi are performed with the privileges of the user who owns the corresponding virtual host. That is
why they can only serve calls to this particular virtual host. This means that if all users will have fastcgi, this may cause
considerable delays and enormous increase in server load.
We recommend selective approach to enabling fastcgi, i.e. after enabling it for heavily visited virtual hosts monitor the server
load for several days. If after such monitoring the load is found permissible, enable fastcgi for more users and so on.
The same is with with fastcgi parameters. They are set on the server level and can't be changed for a particular virtual host.
There is not direct way to check effectiveness of these parameters - only indirect observance based on server operating. That is why
change these parameters with precaution.
The prefix is 'fcgi_'. Here is the list of possible
settings:
| Title |
Default Value |
Comments |
| autoUpdate |
|
There may be a serious problem when this option is used with -restart. |
| flush |
0 |
|
| gainValue |
0.5 |
|
| idle-timeout |
30 [seconds] |
|
| initial-env |
FCGI_ROLE |
Allows to check which fastcgi setting is being used. RubyOnRails may need additional variables. |
| init-start-delay |
1 [seconds] |
|
| killInterval |
300 [seconds] |
|
| listen-queue-depth |
100 |
|
| maxClassProcesses |
10 |
It must be <= to -maxProcesses (this is not programmatically enforced) |
| maxProcesses |
50 |
It must be >= to -maxClassProcesses (this is not programmatically enforced) |
| minProcesses |
5 |
|
| multiThreshold |
50 |
If only one instance remains, singleThreshold is used instead |
| pass-header |
|
This option makes available the contents of headers which are normally not available (e.g. Authorization) |
| priority |
0 |
|
| processSlack |
5 |
|
| restart |
|
Causes the process manager to restart dynamic applications upon failure (similar to static applications) |
| restart-delay |
5 [seconds] |
|
| singleThreshold |
0 |
Changing this is not recommended (especially if -appConnTimeout is set) |
| startDelay |
3 [seconds] |
Must be less than appConnTimeout to be effective |
| updateInterval |
300 [seconds] |
|
Apache Modules
As in H-Sphere 2.5, the core of hsphere-apache contains only two modules: http_core.c and mod_so.c. The rest are
compiled as DSO, and their list can be obtained by running:
ls /hsphere/shared/apache/libexec/ - for Apache 1.3
ls /hsphere/shared/apache2/modules/ - for Apache 2.2
Modules in different Apache versions may have distinction in their titles and configuration directives. Apache 2.2 lacks some modules
present in 1.3 version, their functionalities being substituted by other modules, except for mod_throttle and
mod_frontpage which are not supported in 2.2 version.
Compatibility of Apache 1.3 and 2.2 is achieved in H-Sphere via the mod_macro module. Apache 2.2 adds several new modules to
extend functionality.
[ -]
Click + to see the comparative list of modules (the titles correspond to *.so files).
| Apache 1.3 |
Apache 2.2 |
| libphp4* |
libphp4* |
| libphp5** |
libphp5** |
| libproxy*** |
|
| libssl |
mod_ssl |
| mod_access |
|
| mod_actions |
mod_actions |
| mod_alias |
mod_alias |
| mod_asis |
|
| mod_auth |
|
| mod_auth_anon |
|
| |
mod_auth_basic |
| mod_auth_db |
|
| mod_auth_dbm |
mod_authz_dbm |
| |
mod_auth_digest |
| mod_auth_external |
mod_authnz_external |
| mod_auth_kerb |
mod_auth_kerb |
| |
mod_authn_anon |
| |
mod_authn_dbd |
| |
mod_authn_dbm |
| |
mod_authn_default |
| |
mod_authn_file |
| |
mod_authz_default |
| |
mod_authz_groupfile |
| |
mod_authz_host |
| |
mod_authz_owner |
| |
mod_authz_user |
| mod_autoindex |
mod_autoindex |
| |
mod_cache |
| mod_cern_meta |
mod_cern_meta |
| mod_cgi |
mod_cgi |
| |
mod_cgid |
| |
mod_dav |
| |
mod_dav_fs |
| |
mod_dbd |
| mod_define |
|
| |
mod_deflate |
| mod_digest |
|
| mod_dir |
mod_dir |
| |
mod_disk_cache |
| |
mod_dumpio |
| mod_env |
mod_env |
| mod_expires |
mod_expires |
| |
mod_ext_filter |
| mod_extract_forwarded |
mod_extract_forwarded |
| mod_fastcgi |
mod_fastcgi |
| |
mod_filter |
| mod_frontpage |
|
| mod_gzip |
|
| mod_headers |
mod_headers |
| |
mod_ident |
| |
mod_imagemap |
| mod_imap |
|
| mod_include |
mod_include |
| mod_info |
mod_info |
| mod_log_agent |
|
| mod_log_config |
mod_log_config |
| mod_log_forensic |
mod_log_forensic |
| mod_log_referer |
|
| |
mod_logio |
| mod_macro |
mod_macro |
| mod_mem_cache |
|
| mod_mime |
mod_mime |
| mod_mime_magic |
mod_mime_magic |
| mod_mmap_static |
|
| mod_negotiation |
mod_negotiation |
| mod_psoft_traffic |
|
| mod_rewrite |
mod_rewrite |
| mod_scgi |
mod_scgi |
| mod_security |
mod_security |
| |
mod_security2 |
| mod_setenvif |
mod_setenvif |
| mod_speling |
mod_speling |
| mod_status |
mod_status |
| |
mod_suexec |
| mod_throttle |
|
| mod_unique_id |
mod_unique_id |
| mod_userdir |
mod_userdir |
| mod_usertrack |
mod_usertrack |
| |
mod_version |
| mod_vhost_alias |
mod_vhost_alias |
Notes:
*Part of the hsphere-php5-Xx-{PHPVER} package where X is apache version (1 or 2).
**Part of the hsphere-php4-Xx-{PHPVER} package where X is apache version (1 or 2).
***This module provides for an HTTP 1.1 caching proxy server.
Apache Configuration
| Apache 1.3 |
Apache 2.2 |
Comments |
| /hsphere/shared/apache |
/hsphere/shared/apache2 |
Apache home directory |
| /hsphere/local/config/httpd |
/hsphere/local/config/httpd2 |
Apache configuration directory |
| ~httpd/conf -> /hsphere/local/config/httpd |
|
The symlink from home directory |
| Configuration File |
| /hsphere/local/config/httpd/httpd.conf |
/hsphere/local/config/httpd2/httpd.conf |
This file contains server wide configuration (modules enabled, their parameters set etc.). We don't
recommend making changes to this file.
When Apache modules are enable/disabled from the interface, the configuration files are left unchanged. This interface feature is
implemented via the comand line Apache using <IfDefine ...> directives and corresponding global symbols.
These files are customized using config file templates.
Read more on config file template customization |
| Custom Configuration File |
| /hsphere/local/config/httpd/custom.conf |
/hsphere/local/config/httpd2/custom.conf |
We recommend using this file for making changes to the wide configuration, and for enabling
additional modules in particular. This may facilitate finding configuration errors in case the server cannot start.
When Apache is launched, the custom configuration file is the second to be processed after httpd.conf. After that,
virtual hosts configuration is picked up. |
| System Virtual Hosts Config |
| /hsphere/local/config/httpd/namevh.conf |
/hsphere/local/config/httpd2/namevh.conf |
This file contains list of all system (not user!) virtual hosts. Apache supports virtual host of 3 types - name-based,
IP-based and port-based. H-Sphere uses name-based virtual hosts by default but the other types can be used as well. The
configuration file contains information on host type for each IP. This file is processed after custom.conf but before
processing the configuration of virtual hosts. |
| Virtual Hosts (Logical Servers) Configs |
/hsphere/local/config/httpd/conf/lservers/
mail.conf, mrtg.conf, mysql.conf... |
/hsphere/local/config/httpd2/conf/lservers/
mail.conf, mrtg.conf, mysql.conf... |
For each logical server a virtual host is created. Before, when accessing the box by its logical name it was possible to view,
for instance, sources of phpMyAdmin. Now with each logical name having its own virtual host such a possibility is eliminated.
These files are customized using templates.
Read more on config file template customization |
| /hsphere/local/config/httpd/sites/ |
This directory contains files for user virtual hosts. A link to this directory is included to the configuration directory of
Apache 2.2. This means that configuration files of user virtual host are common for the two Apache versions.
Syntactical differences in directives between 1.3 and 2.2 versions are leveled by mod_macro module introduced in
H-Sphere 3.1 and up, i.e. macros are used instead of configuration directives. mod_macro is a third-party module to the
Apache Http Server distributed with a BSD-style license like Apache. It allows the definition and use of macros within Apache
runtime configuration files. The syntax is a natural extension to apache html-like configuration style.
Macros are placed to ./macro of the Apache configuration directory. Macros for Apache 1.3 are different from those for
Apache 2.2. |
Changes in Web Statistics Software
Apache 2.2.x
General web statistics is gathered using general mod_log_config and mod_logio modules. mod_log_config is
patched to provide logging to the server log even if custom logs are redefined at the virtual host level. For this purpose,
AlwaysServerLogs directive is added.
Apache 1.3.x
General web statistics is gathered using the mod_psoft_traffic
apache module.
Apache Logs and Web Traffic Calculation in H-Sphere
Apache logs are located in the /hsphere/local/var/httpd/logs/ directory. Also, each hosted Web domain
has its own logs in the /hsphere/local/home/{user}/logs/{domain.name}/ directory
(see Web traffic calculation).
There are two types of Web traffic calculation in H-Sphere:
Please refer to a separate document on Web traffic calculation and log rotation in H-Sphere for
version 2.5 and up and for versions before
2.5.
Log Rotate Config File
/hsphere/local/config/httpd/rotatelog.cfg - log rotate config file which includes all log confs located in the
/hsphere/local/config/httpd/logrotate_conf/ directory:
- {domain.name}.transferlog.conf - config file for transfer log rotation for a domain
- {domain.name}.errorlog.conf - config file for error log rotation for a domain
- {domain.name}.agentlog.conf - config file for agent log rotation for a domain
- {domain.name}.referrerlog.conf - config file for referrer log rotation for a domain
Apache Suexec
H-Sphere WebBox Apache suexec is configured to run users' CGI scripts only within the /hsphere/local/home/ directory,
recursively. Thus, a user may run his/her own cgi scripts only if he/she has fourth nesting level within the H-Sphere user home directory,
for example, /hsphere/local/home/user_home1.
|
