Stronghold uses a modular architecture that consists of a core Apache server enhanced by a number of modules. Each module implements a different feature set, and you can add, remove, enable, or disable modules to change the total feature set of your server.
This chapter explains
By default, most of the included modules are compiled into Stronghold during installation. "Stronghold Modules" on page 8-3 describes each of the modules distributed with Stronghold Web Server 3.0 and indicates which ones are compiled into the server by default.
There are several different methods of adding and removing modules from the server. "Adding and Removing Modules" on page 8-6 compares these methods and describes how to use each one.
Since Stronghold's resource requirements are directly proportional to the size of the binary, you may want to pare the server down by removing modules you don't need. You can find out which modules are active in at any time by accessing the server information report described in "Server Information Reports" on page 1-13, or by using the -l flag with the httpsd command:
# httpd -lIn addition to the modules bundled with Stronghold, many third-party modules are available through the Apache Module Registry at http://modules.apache.org/ Apache modules are compatible with Stronghold. If you are interested in writing your own modules for Stronghold, consult the Apache API Notes at http://www.apache.org/docs/API.html
Each of Stronghold's modules supports a discrete feature set, and most modules utilize configuration directives. In Chapter 3, each directive entry specifies the module associated with that directive. You can only use a directive if its supporting module is active. If you remove a module, be sure to comment out its directives in httpd.conf, or use <IfModule> to exclude it dynamically as described in "Containers" on page 6-2.
The following modules are bundled with Stronghold, though not all are compiled in by default:
| Module | Default? | Description |
|---|---|---|
mod_access |
Provides host-based access using the allow, deny, and order directives |
|
mod_actions |
Executes scripts based on the file type of the requested document, using the Action and Script directives |
|
mod_alias |
Provides file and directory aliasing and redirection |
|
mod_asis |
Allows .asis files when httpsd.conf includes this line: |
|
mod_auth |
Conducts basic authentication |
|
mod_auth_anon |
|
Allows anonymous logins |
mod_auth_db |
|
Provides user authentication using Berkeley DB files |
mod_auth_dbm |
Provides user authentication using DBM files |
|
mod_auth_msql |
Provides client authentication using an mSQL database |
|
mod_autoindex |
Generates directory indices on the fly |
|
mod_browser |
Sets environment variables based on the browser used for the current request |
|
mod_cern_meta |
Allows CERN-compatible metainformation files |
|
mod_cgi |
The Common Gateway Interface, which executes external programs and returns their output to clients. CGI is explained in detail in Chapter 10, "Common Gateway Interface". |
|
mod_digest |
|
Performs HTTP Digest authentication |
mod_dir |
Sets the default file to return when the requested URL specifies a directory but not a file |
|
mod_ecash |
|
Facilitates online commerce with clients that support Ecash (US version only) |
mod_env |
Passes environment variables to CGI programs |
|
mod_expires |
Applies an Expires HTTP header field to resources |
|
mod_fastcgi |
FastCGI |
|
mod_headers |
Generates arbitrary HTTP response headers |
|
mod_imap |
Processes server-side imagemaps |
|
mod_include |
Parses server-side includes |
|
mod_info |
Generates HTML-based server information pages showing the current configuration |
|
mod_log_agent |
Logs user agents for NCSA compatibility. However, we recommend using mod_log_config and the CustomLog directive for this purpose. |
|
mod_log_config |
Formats the transfer log according to the LogFormat directive |
|
mod_log_referer |
Logs referers for NCSA compatibility. However, we recommend using mod_log_config and the CustomLog directive for this purpose. |
|
mod_mime |
Maps filenames to MIME types |
|
mod_mime_magic |
|
Maps file structures to MIME types |
mod_mmap_static |
An experimental module that maps files into memory on startup of restart--not recommended; except for expert users |
|
mod_negotiation |
Performs content negotiation |
|
mod_php |
Provides HTML-embedded, server-side scripting controlled by the directives in "PHP/FI 2.0 Embedded Scripting" on page 7-93. PHP is explained in detail in Chapter 11, "PHP3 Embedded Scripting.". |
|
mod_proxy |
Performs proxying and caching |
|
mod_rewrite |
Maps URIs to filenames using rewrite rules |
|
mod_setenvif |
Sets environment variables conditionally based on regular expression matching |
|
mod_so |
|
Loads shared object files on startup or restart; see "Dynamic Shared Object Support" on page 8-6 |
mod_speling |
|
Performs spell-checking on failed URLs |
mod_ssl |
Performs SSL/TLS authentication and encryption |
|
mod_status |
Generates HTML-based server status reports showing current server activity |
|
mod_sxnet |
Provides support for Thawte Stronghold Extranet user authentication. See |
|
mod_statisgraph |
An experimental module |
|
mod_unique_id |
|
Assigns a unique identifier to each request and stores it in an environment variable |
mod_userdir |
Enables user Web directories |
|
mod_usertrack |
Performs session tracking with Netscape cookies |
Before you decide to remove one of these modules, be sure you know how its absence affects Stronghold's functionality. For example, you can safely remove mod_status if you are not interested in real-time, HTML-formatted status reports. Removing mod_ssl, however, is not recommended because any HTTPS request will fail.
Stronghold Web Server 3.0 provides three different methods of adding and removing modules:
Dynamic shared object support, provided by mod_so, allows the server to load modules at startup without first having them compiled into the server binary. Under this efficient new scheme, only the server core and mod_so need to be compiled together; all other modules can be loaded at startup.
Dynamic module linking saves time by allowing you to edit httpd.conf and reload the server to change the set of active modules. However, it requires that all modules be compiled into the server binary.
The traditional method of adding and removing modules is to recompile the Stronghold binary executable file with a different set of modules. This can take longer, but it can also result in a leaner binary if you do not need to change the module set frequently.
Dynamic shared object (DSO) support allows the server to load modules at startup instead of having them compiled into the server binary. DSO is supported by mod_so, which must be compiled in statically. When mod_so and the server core are compiled statically, they can load other modules at startup that are designated in httpd.conf. DSO support also allows multiple instances of the server to run with different module sets configured with different httpd.conf files.
Although DSO provides a convenient way to add and remove modules quickly, dynamically loaded modules do not perform as efficiently as statically compiled modules. It is recommended that all necessary modules be compiled statically, and that only new, temporary, or seldom-used modules be loaded dynamically.
In order to use DSO support, you must;
This usually needs to be done only once, although you can repeat the process to add DSO support for any third-party modules that you later acquire. After that, the modules that have been converted to shared object files are always available for loading at startup.
This can easily be done whenever you want to change the set of dynamically loaded modules.
AddModule modules/standard/mod_so.o
This module must be compiled into Stronghold in order to support DSO.
If you have acquired raw source code for third-party modules that you want to load dynamically, add a new SharedModule line for each.
| The mod_so module cannot be loaded dynamically; it must be compiled in statically. |
|---|
SharedModule modules/standard/mod_dir.o
should be changed to
SharedModule modules/standard/mod_dir.so
The modules designated with SharedModule are now available as shared object files. Before you start the server again (with the <ServerRoot>/bin/start-server script), you must edit httpd.conf and specify the shared object files that the server will load on startup.
To enable or disable modules with DSO support
The LoadModule directive has a syntax similar to that of the obsolete Configuration Module directive. For example:
LoadModule status_module src/modules/mod_status.so
The LoadFile directive facilitates patches and other auxiliary object code. Its value is one or filenames, either in an absolute path or relative to ServerRoot. For example:
Stronghold's dynamic module linking system allows you to change the set of active modules without recompiling the server, provided that all the modules you want to use are already compiled. You can use this feature to streamline Stronghold's feature set, but you cannot use it to add modules that are not already compiled. For example, you could recompile Stronghold with all available modules, then use dynamic module linking to narrow down the number of modules that Stronghold actually uses.
The list of modules that are currently compiled is the default list of "active" modules. Dynamic linking first "clears" this list, then applies a new list that Stronghold reads from the httpd.conf file each time it starts. This simplifies module configuration, because you only need to edit httpd.conf and restart Stronghold to implement module changes.
To link modules dynamicallyThis clears the default list of active modules.
AddModule mod_ssl mod_cgi mod_dir mod_userdir mod_alias
Use the module names as they appear in the ServerRoot/src/Configuration file.
# bin/stop-server
# bin/start-server
| You must use this method instead of the reload-server script whenever you change the dynamic module list. |
|---|
If you want to remove an active module, simply delete it from the AddModule list and restart Stronghold. Likewise, you can add modules to the list at any time, then restart Stronghold to implement them.
The Configuration file already contains the code you need to install any module that comes with Stronghold, including the optional modules described later in this chapter. The precompiled modules described on page 8-3 are compiled into Stronghold when you first install it. Optional modules are commented out of Configuration. By uncommenting a line of module code, you can recompile the server to include that module. Commenting out a line of module code and recompiling the server excludes the module.
If you want to reconfigure the PHP module for database support, you must follow the instructions in "Recompiling The PHP Modules" on page 11-3, then recompile Stronghold as described in this section.
The order of the module list in Configuration affects how the modules are compiled. In general, use these guidelines for dealing with the module list:
Many third-party modules have not been thoroughly tested for use with Stronghold 3.0 and Apache 1.3.1. If you have an existing server with third-party modules that you wish to compile into Stronghold 3.0, do so with caution. When using an existing Configuration file or modifying the new Configuration file to include new modules, note these changes:
To edit Configure and recompile Stronghold
| This is the directory created during installation, and it may vary from the default. |
|---|