Apache 1.3.14 for MPE/iX

by Barbara Dubbert
Commercial Systems Division

Apache 1.3.14 for MPE/iX is based on Apache 1.3.14 from the Apache Software Foundation. It is the latest version of Apache for MPE/iX and provides the same powerful features that were part of Apache 1.3.9 for MPE/iX in addition to minor base enhancements, several important security fixes, and a new installation scheme.

Release Information

Apache 1.3.14 for MPE/iX is part of MPE/iX Release 7.0 Express 1.

System Requirements and Patches

Apache 1.3.14 for MPE/iX requires the following:

MPE/iX 7.0
HP highly recommends installing the latest Network Services Transport patch (NSTxxxxx). NST patch bundles fix services that can affect Apache behavior.

Support

Apache 1.3.14 for MPE/iX is supported through the HP Response Center as part of MPE/iX FOS support.

Product Description

Apache 1.3.14 for MPE/iX is an upgrade to earlier versions of Apache. It consists of the Apache 1.3.14 base version from the Apache Software Foundation, the major features and functionality first introduced in Apache 1.3.9, and a new installation structure.Apache 1.3.14 for MPE/iX includes these features introduced in Apache 1.3.9 for MPE/iX:

Dynamic Shared Object (DSO) capability
Extended API (EAPI)
Additional compiled-in modules
File Creation Mask

The following content is new to Apache 1.3.14 for MPE/iX:

General bug fixes and upgrades provided by the Apache Software Foundation as part of the Apache 1.3.14 base
Security fixes
New installation model

Feature Set

Dynamic Shared Objects (DSOs)

DSOs are add-on modules that extend the functionality of Apache. These modules are self-contained code that can provide a wide-range of additional Apache capabilities such as custom authentication and authorization, custom logging, or new configuration directives.Users can create their own Apache modules or use those written by others. For instance, the Apache Module Registry (http://modules.apache.org/) is a web site with downloadable Apache modules. Some of these modules are freely available while others have various license restrictions. DSOs on MPE/iX can utilize Apache's full Application Programming Interface (API) as well as Apache's full Extended Application Programming Interface (EAPI).A DSO is an Apache module with the same structure as the modules compiled into the Apache binary. But instead of being statically linked into the Apache program, the DSO module is created as a shared library (NMXL). DSOs are loaded at Apache startup into Apache's process space.No recompilation of Apache is necessary to use DSOs. However, DSOs require a DSO-enabled Apache such as Apache 1.3.9 or Apache 1.3.14 for MPE/iX or HP WebWise MPE/iX Secure Web Server.Using DSO modules keeps Apache memory usage low by running an Apache binary with core features only and adding additional features with DSOs. DSOs also provide flexibility. An installation can pick and choose which features to include in their web server.Apache DSOs can be written in either the C programming language or in the Perl scripting language. DSOs written in Perl require the mod_perl module to be linked either statically or dynamically (DSO) into Apache. Since mod_perl is not currently part of Apache for MPE/iX, DSO modules for Apache 1.3.9 for MPE/iX,and Apache 1.3.14 for MPE/iX, must be written in C. Mod_perl is part of the HP WebWise MPE/iX Secure Web Server product version 2so DSOs for Secure WebServer can be written in either C orPerl. Information on creating and installing DSOs for Apache on MPE/iX is provided in the "Configuring and Managing Internet Services" manual for Release 7.0 Express 1.

EAPI

Apache 1.3.14 for MPE/iX is built with an extended set of Apache APIs. That means that this version also expects these EAPIs to be built into any module it calls, including DSOs. This EAPI feature is included in Apache 1.3.14 or MPE/iX so that a commom DSO can be used by both Apache and WebWise without the need to recompile the module.When creating DSOs, you must compile with the -DEAPI option. This will include the necessary EAPI header files. These header files are part of the Apache 1.3.14 for MPE/iX distribution and reside in the/APACHE/PUB/include directory. The include directory also contains the README.EAPI file. The README.EAPI file describes the additional functionality that is available with EAPI such as more features in the mod_rewrite, mod_status, and mod_proxy modules. DSOs created with the apxs utility will automatically include the -DEAPI option.DSOs created without -DEAPI may work but may generate an error message in the error_log file.

Additional Modules

The Apache 1.3.14 for MPE/iX contains the same static modules that are part of Apache 1.3.9 for MPE/iX. To view the complete set of modules, execute the Apache binary with the "-l" option:shell/iX>/APACHE/PUB/HTTPD -l

The following modules were introduced in Apache 1.3.9 and are also included in Apache 1.3.14:

mod_proxy, for using the HP e3000 as a proxy server
mod_rewrite, for large-scale translation of URLs to a new address
mod_digest, a new browser authentication scheme (future browser feature)
mod_vhost_alias, for easy management of large numbers of virtual servers with similar configurations
mod_so, makes DSOs loadable

mod_proxy - With this module, Apache can act as a proxy server, or intermediary, when clients make web server requests. Instead of a client making a direct request to a web server, the client makes a request to the proxy server. The proxy server then makes the actual request to the web server. The web server responds to the proxy server who then forwards the response back to the original client. The proxy server can also cache documents and resources that pass through the proxy interface. If the proxy server has a copy of a requested document, it can return the copy immediately without contacting the web server.mod_rewrite - Mod_rewrite is a very powerful module for translating requested URLs to new addresses on the fly. The URL manipulations can depend on various tests, such as server variables, environment variables, HTTP headers and time stamps. New translation rules can be added to existing ones. Because of this module's functionality and flexibility, it is complex to use. Extensive documentation on mod_rewrite is available from the Apache Software Foundation web site, http://www.apache.org. mod_digest - This module provides a method of authentication, called Digest Authentication. Although Digest Authentication is not currently used by web browsers on the market, it is available to use whenever web browsers adopt this type of authentication. Web browsers currently use Basic Authentication, a less secure authentication scheme.mod_vhost_alias - Mod_vhost_alias simplifies the use of large numbers of virtual hosts by replacing static virtual host configurations (<VirtualHost>) with dynamic configuration. With this feature, adding more virtual hosts does not require reconfiguring or restarting Apache. Apache startup is also faster and uses less memory because the httpd.conf file is smaller. mod_so - This module implements the Dynamic Shared Object (DSO) mechanism for loading executable code and modules into Apache at Apache start-up time.

File Creation Mask

A file creation mask, umask 007, is set in the start-up stream job, JHTTPD, for increased security. With this change, files created by Apache cannot be accessed by anyone outside of the APACHE account. Files in this category are log files, files created in the proxy directory, /APACHE (when Apache is used as a proxy server) and any files created by CGI scripts.

Apache 1.3.14 Base Features

An overview of the new Apache 1.3.14 base features is described in the online Apache newsletter, Apacheweek, at http://www.apacheweek.com/issues/00-10-13. The Apache 1.3.14 base provides a few new features and bug fixes.A new feature in Apache 1.3.14 is additional media types in the mime.types file. Media types are configured for WAP so that wireless documents and applications can be handled by Apache.

Security Fixes

There are several important fixes for security vulnerabilities that were discovered in mod_vhost_alias and mod_rewrite. These vulnerabilities are exposed under certain situations that are described in the Apacheweek article, http://www.apacheweek.com/issues/00-10-13

New Installation Scheme

With this release begins a new installation scheme for Apache. This scheme allows for easier migration to new Apache releases.In previous Apache for MPE/iX releases, Apache was always installed in the same location, PUB.APACHE. This was inconvenient when rolling to new versions. The new Apache installation strategy will provide the following advantages:

easy return to an earlier version of Apache
ability to have multiple versions of Apache installed for evaluation, testing, and migration
user-customized data is kept segregated in the PUB group away from official files

New Installation Implementation

Starting with Apache 1.3.14 for MPE/iX, new releases will reside in their own version-specific group under the APACHE account. A version-specific group corresponds to Apache's MPE version number. Symbolic links point to the new version-specific files.

The APACHE account and PUB group is still used but is used only for customer files and Apache files that must be customized. For example, /APACHE/PUB should contain user documents under htdocs, a customized JHTTPD, log files and customized configuration files in conf/. Users should modify or add files below the PUB group and never below the version-specific group.
A new version-specific group is created for each new release. All release files are extracted into this group. For example, Apache 1.3.14 has MPE version number A.02.00 so it resides in /APACHE/A0200. The next Apache for MPE/iX release will reside in /APACHE/A0300. The files in a version specific group should not to be customized such as the utitlities in bin/, man pages in man/, and manual pages in htdocs/manual. These files are accessed via a symbolic links from PUB.APACHE.
The installation script creates a symbolic link named CURRENT that points to the active version-specific group: shell/iX> ll /APACHE total 7drwxrwxr-x 14 MGR.APACHE APACHE 600 Apr 6 11:54 A0200lrwxrwxrwx 1 MGR.APACHE APACHE 5 Apr 6 11:55 CURRENT -> A0200drwxrwxr-x 13 MGR.APACHE APACHE 1000 Apr 6 11:55 PUB
The installation also creates symbolic links below the PUB group that point indirectly into the version-specific group via the CURRENT symbolic link. Any existing symbolic links are updated with new links and existing files and directories are saved to a backup copy. For example, the /APACHE/PUB/bin directory will be saved to bin.bak and then linked to the new version's bin directory. In this way, a reference to /APACHE/PUB/bin/htpasswd accesses /APACHE/A0200/bin/htpasswd
/APACHE/PUB/bin -> /APACHE/CURRENT/bin
The installation does not purge the previous version-specific group. When satisfied with a new version, the user can execute :PURGEGROUP on the previous version-specific group to remove it from the machine.:PURGEGROUP /APACHE/A0200
To backdate to files in PUB.APACHE, the user would purge a file's symlink then restore its previous version from the .bak file.
shell/iX> cd /APACHE/PUBshell/iX> rm HTTPDshell/iX> mv HTTPD.bak HTTPD

Here is what PUB.APACHE looks like after an installation:

shell/iX> ll /APACHE/PUBtotal 23488-rwx------   1 MANAGER.SYS     SYS    1188864 Mar 22 00:26 HFSFILESlrwxrwxrwx   1 MGR.APACHE      APACHE      21 Apr  6 18:55 HTTPD -> /APACHE/CURRENT/HTTPD-rwxr-xr-x   1 MGR.APACHE      APACHE  931328 Mar 22 00:26 HTTPD.bak-rwxr-xr-x   1 MGR.APACHE      APACHE     308 Apr  6 17:41 JHTTPDlrwxrwxrwx   1 MGR.APACHE      APACHE      29 Apr 16 15:37 JHTTPD.sample -> /APACHE/CURRENT/JHTTPD.samplelrwxrwxrwx   1 MGR.APACHE      APACHE      22 Apr  6 18:55 README -> /APACHE/CURRENT/README-rw-r--r--   1 MGR.APACHE      APACHE    6226 Mar 22 00:26 README.baklrwxrwxrwx   1 MGR.APACHE      APACHE      19 Apr  6 18:55 bin -> /APACHE/CURRENT/bindrwxr-xr-x   2 MGR.APACHE      APACHE    1184 Mar 22 17:18 bin.bakdrwxr-xr-x   2 MGR.APACHE      APACHE     800 Mar 22 17:18 cgi-bindrwxr-xr-x   2 MGR.APACHE      APACHE    2144 Apr  6 17:40 confdrwxr-x---   2 MGR.APACHE      APACHE    1472 Apr 16 15:37 conf.bakdrwxr-xr-x   3 MGR.APACHE      APACHE     608 Apr  6 18:55 htdocsdrwxr-xr-x   3 MGR.APACHE      APACHE    7616 Mar 22 17:18 iconslrwxrwxrwx   1 MGR.APACHE      APACHE      23 Apr  6 18:55 include -> /APACHE/CURRENT/includedrwxr-xr-x   2 MGR.APACHE      APACHE    3296 Mar 22 17:18 include.bakdrwxrwx---   2 MGR.APACHE      APACHE     224 Jan 20  1999 libexecdrwxrwxr-x   2 MGR.APACHE      APACHE     512 Apr  6 17:47 logslrwxrwxrwx   1 MGR.APACHE      APACHE      19 Apr  6 18:55 man -> /APACHE/CURRENT/mandrwxr-xr-x   4 MGR.APACHE      APACHE     416 Jan 20  1999 man.bakdrwxrwx---   2 MGR.APACHE      APACHE     224 Jan 20  1999 proxydrwxr-x---   2 MGR.APACHE      APACHE     416 Mar 22 17:18 public_htmldrwxr-xr-x   2 MGR.APACHE      APACHE     320 Mar 22 17:18 ssishell/iX> ll htdocstotal 17-rw-r--r--   1 MGR.APACHE      APACHE    2326 Mar 21 16:26 apache_pb.gif-rw-r--r--   1 MGR.APACHE      APACHE    1622 Mar 21 16:26 index.htmllrwxrwxrwx   1 MGR.APACHE      APACHE      29 Apr  6 11:55 manual -> /APACHE/CURRENT/htdocs/manualdrwxr-xr-x   6 MGR.APACHE      APACHE    3872 Mar 22 09:18 manual.bak

Product Configuration

The /APACHE/A0200/conf directory contains the Apache configuration files. After installation, create your own copies of these under the /APACHE/PUB directory. The Apache installation job sets up links to /APACHE/A0200 so that the copy command gets the new conf files. The sample files are derived from the default files with modifications for Apache on MPE/iX. Make sure to log on as MGR.APACHE before beginning configuration.

:HELLO MGR.APACHE:xeq sh.hpbin.sys -Lshell/iX> cd confshell/iX> cp httpd.conf.sample httpd.confshell/iX> cp mime.types.sample mime.typesshell/iX> cp magic.sample magicshell/iX> cp access.conf.sample access.conf   (optional)shell/iX> cp srm.conf.sample srm.conf         (optional)

The access.conf.sample file and the srm.conf.sample file need not be copied. These files were used in earlier versions of Apache but their content is now included in the httpd.conf file. However, if these files exist, Apache will read and process them after processing the conf/httpd.conf file.

httpd.conf

Edit the httpd.conf file with your own server name. You may also wish to change other default values. For information about configuration directives, visit the online Apache documentation at http://www.apache.org/docs. Httpd.conf is a bytestream file that can be edited on the e3000 using "vi" or modified from a PC if Samba is installed on the server.Modify the following httpd.conf directives by replacing "yourserver.com" with your own server name:

ServerAdmin MGR.APACHE@yourserver.com
ServerName yourserver.com

JHTTPD Job Stream File

JHTTPD.sample is provided as an Apache start-up job. Copy the sample file from /APACHE/A0200 to /APACHE/PUB using the copy command below then change the timezone variable, TZ, to the local timezone if necessary. JHTTPD is a bytestream file unlike previous versions that were in MPE file format. Note that the file mask is set to 007. This means that any files created by Apache will have no permissions for "other." This feature tightens security so Apache-created files are accessible only within the APACHE account.

shell/iX> cd /APACHE/PUBshell/iX> cp JHTTPD.sample JHTTPDshell/iX> cat JHTTPD!job jhttpd,www.apache,pub;outclass=,2!setvar TZ 'PST8PDT!xeq sh.hpbin.sys "-c 'umask 007;./HTTPD -f conf/httpd.conf'"!eoj

Version Identification

Apache 1.3.14 for MPE/iX has the product number A.02.00. This is viewable by running the Apache binary with the "-v" option.

shell/iX> /APACHE/PUB/HTTPD -vServer version: Apache/1.3.14 (HP MPE/iX A.02.00)Server built: Apr 2 2001 11:58:16

Running Apache

Startup

Apache can be started from either the CI or the POSIX shell.

:STREAM JHTTPD.PUB.APACHE

shell/iX>callci stream JHTTPD.PUB.APACHE

Verifying Startup

Successful installation and startup of Apache 1.3.14 can be verified by

Doing a :SHOWJOB to see if JHTTPD,WWW.APACHE is running
Checking JHTTPD's output spoolfile
Looking at the content of the error_log
Accessing web pages

To check the content of the error_log,

shell/iX>cd /APACHE/PUB/logsshell/iX>tail error_log

If the JHTTPD job is running, try accessing Apache's home page,
http://yourserver.com

If Apache does not start, more information is available in the Configuring and Managing MPE/iX Internet Services manual for Release 7.0 Express 1. Or, try consulting the online Apache Troubleshooting Guide for tips on debugging the problem, http://jazz.external.hp.com/src/apache.

Shutdown

Apache can be shut down by issuing an :ABORTJOB or kill. Using kill (which defaults to kill -TERM) is the preferred method since it uses Apache's internal routines to clean up open resources. Kill can be issued by users WWW.APACHE, MGR.APACHE, and MANAGER.SYS. Using :ABORTJOB will result in leaked SVIPC semaphores. The CI command file IPCS.HPBIN.SYS displays SVIPC semaphores and the CI command file IPCRM.HPBIN.SYS frees leaked semphores.

To shut down Apache,

shell/iX>kill `cat /APACHE/PUB/logs/httpd.pid`
or:ABORTJOB JHTTPD,WWW.APACHE

Restart

Apache can be restarted by issuing a kill -HUP. A restart will cause Apache to reread its configuration files without having to stop and restream the Apache job stream file. Restart is useful for making configuration changes without disrupting web users. After a restart, Apache continues running with the new configuration settings.

To restart Apache,

shell/iX>kill -HUP `cat /APACHE/PUB/logs/httpd.pid`
or
:XEQ SH.HPBIN.SYS "-c 'kill -HUP `cat /APACHE/PUB/logs/httpd.pid`'"

Stopping or restarting Apache using kill may cause the error_log to contain numerous warning messages about the child processes not exiting properly.

Additional Resources

For general Apache information, the official Apache web site, http://www.apache.org, contains documentation on configuration and functionality, FAQ's, a list of books, and more.Apacheweek, http://www.apacheweek.com, is a weekly digest of Apache activities, book reviews, and in-depth articles on Apache features.After installing Apache, your manual directory contains a User's Guide, Reference Manual, and other information which pertains to the installed version of Apache, http://yourserver.com/manual.The following are platform-independent resources on Apache dynamic modules (DSOs):

For writing DSO's, a good book is "Writing Apache Modules with Perl and C", by Lincoln Stein and Doug MacEachern, published by O'Reilly & Associates, ISBN 1-56592-567-X.
http://modules.apache.org is a repository of Apache modules. These modules are available from a wide-variety of sources with different types of licenses. Some modules are free (e.g., available under the Apache license) and some are commercial products.
http://www.apache.org/docs/dso.html explains DSOs and how they can be created.

For MPE-specific information on Apache, including creation of DSOs for MPE/iX, the following document is available on HP's online document site, http://docs.hp.com:

Configuring and Managing MPE/iX Internet Services for Release 7.0 Express 1, Chapter 9

The paper, "HP e3000:Entering the Wireless Internet," provides an example of how to write your first wireless WAP application on the HP e3000 using Apache.