Red Hat Linux 7.0: The Official Red Hat Linux Reference Guide | ||
---|---|---|
Prev | Chapter 12. Configuring Your Secure Server | Next |
Since Apache 1.3 supports DSOs, you can easily load Apache modules or compile in your own modules to your Red Hat Linux Secure Web Server. DSO support means that modules may be loaded at runtime. Since the modules are only loaded as necessary, they won't use any memory unless they're loaded and less memory will be needed overall.
The Apache Group provides complete DSO Documentation at http://www.apache.org/docs/dso.html. After installation of your server, you can also check http://your_domain/manual/mod/ for documentation on Apache modules in HTML format (if you installed the apache-manual package). A "quick and dirty" description of how to load modules is provided next, but if you need more details, check the URLs provided.
For your Red Hat Linux Secure Web Server to use a dynamically shared module, that module must have a LoadModule line and an AddModule line in httpd.conf. By default, many modules have these two lines already included in httpd.conf, but a few of the less commonly used modules are commented out. The commented out modules were included during compilation, but they are not loaded by default.
If you need to use one of those non-loaded modules, look in the httpd.conf file to see all the available modules. Each of the available modules has a corresponding LoadModule line. To show you an example, the LoadModule section begins with these seven lines:
#LoadModule mmap_static_module modules/mod_mmap_static.so LoadModule vhost_alias_module modules/mod_vhost_alias.so LoadModule env_module modules/mod_env.so LoadModule config_log_module modules/mod_log_config.so LoadModule agent_log_module modules/mod_log_agent.so LoadModule referer_log_module modules/mod_log_referer.so #LoadModule mime_magic_module modules/mod_mime_magic.so |
Most of the lines are not commented out, indicating that each associated module was compiled in and is loaded in by default. The first line is commented out, which means that the corresponding module (mmap_static_module) was compiled in but not loaded.
To make your Red Hat Linux Secure Web Server load an unloaded module, first uncomment the corresponding LoadModule line. For example, if you wanted to make your Red Hat Linux Secure Web Server load in the mime_magic_module, change that LoadModule line from the original:
#LoadModule mime_magic_module modules/mod_mime_magic.so |
Uncomment the previous line so that it reads:
LoadModule mime_magic_module modules/mod_mime_magic.so |
Next, you need to uncomment the corresponding line from the AddModule section in httpd.conf. To continue with our previous example, uncomment the mod_mime_magic line. The original (default) line looks like the following:
#AddModule mod_mime_magic.c |
The uncommented line should read:
AddModule mod_mime_magic.c |
Once you've uncommented the LoadModule and AddModule lines for the module that you want to load in, stop and start your Web server, as covered in the section called Starting and Stopping Apache in Chapter 11. After starting, the module should be loaded in to your Red Hat Linux Secure Web Server.
If you have your own module, you can add it to the httpd.conf file so that it is compiled in and loaded as a DSO. If you want to do this, you need to install the apache-devel package, as covered in Chapter 10. You need the apache-devel package because it installs the include files, the header files and the APache eXtenSion (APXS) support tool. APXS uses the include files and the header files to compile your module so that it will work with Apache.
If you've written your own module or are borrowing someone else's, you should be able to use APXS to compile your module sources outside the Apache source tree, without needing to tweak any compiler and/or linker flags. If you need more information on APXS, please see the Apache documentation at http://www.apache.org/docs/dso.html.
Once you've compiled your module using APXS, put your module into /usr/lib/apache. Then your module needs both a LoadModule line and an AddModule line in the httpd.conf file, just as described previously for Apache's own modules. After the LoadModule list in httpd.conf, add a line for the shared object file for your module like the following:
LoadModule foo_module modules/mod_foo.so |
Note that you'll need to change the name of the module and the name of your shared object file as appropriate.
At the end of the AddModule list in httpd.conf, add a line for the source code file for your module like the following:
AddModule mod_foo.c |
Note that you'll need to change the name of the source code file as appropriate.
Once you've completed the previous steps, stop and start your Web server as outlined in the section called Starting and Stopping Apache in Chapter 11. If you've done everything correctly, and your module is correctly coded, your Web server should find your module and load it in as it starts.
The mod_ssl security portion of the Red Hat Linux Secure Web Server is provided as a Dynamic Shared Object (DSO). This means that the Apache Web server can be re-compiled by users if the EAPI extension patch from the mod_ssl security module is applied to Apache. Follow the instructions for building mod_ssl into Apache included with the mod_ssl documentation, but add the following flag:
--with-eapi-only |
The complete command line should look like the following:
./configure [userflags] --with-eapi-only |
Then build and install Apache.
Please Note | |
---|---|
Red Hat cannot support re-compiled versions of the Apache Web server. Installation of the shipped version is supported, but if you re-compile Apache, you're on your own. Please don't re-compile Apache unless you know exactly what you're doing. |