Download the Apache distribution from httpd.apache.org and unpack it into your home directory.

  $ tar -xzf httpd_x.x.xx.tar.gz
  $ cd httpd_x.x.xx

Now is time to define the compile-time options to use. To faciliate future upgrades, it is best to save the ./configure arguments to a text file such as $HOME/httpd-config.sh. For the full list of modules and options, see the Apache documentation. Since your Apache instance runs entirely under your account, you don't need to worry about the suexec options. If you have multiple domain names, you probably want to enable the mod_vhost_alias to faciliate the configuration. If you want to use Subversion with mod_dav_svn (as described here), enable the dav module as well. A typical configuration might look like this:

./configure \
  "--prefix=$HOME/apache" \
  "--enable-vhost-alias" \
  "--enable-ssl" \
  "--disable-actions" \
  "--enable-dav"

Now you can compile and install Apache into your home directory:

  $ sh $HOME/httpd-config.sh
  $ make all install

Open up the Apache configuration file (./apache/conf/httpd.conf) in your favorite text editor.

First and foremost, you should set the KeepAlive parameter. If you want to serve web pages containing more than 30 images, set KeepAlive to On and KeepAliveTimeout to a value between 1 and 4. Otherwise, set KeepAlive to Off - this will make your web server less susceptible to denial-of-service attacks.

It is also important to set the critical MaxClients parameter to a sane value (see the Apache documentation for details). We recommend that you start with a low value and use the mod_status facility to fine-tune it.

Assuming you have compiled Apache with the prefork MPM (the default), StartServers, MinSpareServers and MaxSpareServers need to be tweaked as well. Too many processes will not necessarily improve performance and may cause problems. You do not want to bump into your process limits since Apache does not handle that smoothly.

  KeepAlive Off
  StartServers 4
  MinSpareServers 2
  MaxSpareServers 3
  MaxRequestsPerChild 0
  MaxClients 20

Now look for the Listen directive and replace it with your v-host IP address (as shown by dns list in csoftadm). Specify 8080 for the port number (packets to port 80 will be redirected accordingly).

  Listen w.x.y.z:8080

You can specify a global DocumentRoot directory. In this example, Indexes enables directory listings, FollowSymLinks instructs the web server to follow symbolic links, MultiViews turns on the HTTP/1.1 language negotiation feature, and ExecCGI enables CGI script execution. The AllowOverride parameter defines the ability of .htaccess files to override certain aspects of the server configuration.

  DocumentRoot $HOME/www
  
  <Directory "$HOME/www">
    Options Indexes FollowSymLinks MultiViews ExecCGI
    AllowOverride All
    Order allow,deny
    Allow from all
  </Directory>
  
  DirectoryIndex index.html index.cgi
  AddHandler cgi-script .cgi

If you want to use SSL, you need to specify at least SSLCertificateFile and SSL_CertificateKeyFile, set SSLEngine to On. Our servers use specialized hardware for RC4, MD5 and SHA, so we recommend also setting SSLCipherSuite to the value below.

  <IfModule mod_ssl.c>
    Listen vhost-ip:8443
    SSLCertificateFile $HOME/ssl/cert
    SSLCertificateKeyFile $HOME/ssl/key
    AddType application/x-x509-ca-cert .crt
    AddType application/x-pkcs7-crl    .crl
    SSLCipherSuite ALL:!ADH:RC4+SHA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
    SSLRandomSeed startup builtin
    SSLRandomSeed connect builtin
    SSLSessionCache dbm:$HOME/apache/logs/ssl_gcache_data
    SSLSessionCacheTimeout 300
    SSLMutex file:$HOME/apache/logs/ssl_mutex
</IfModule>

SSL can be enabled or disabled for specific virtual hosts with the SSLEngine parameter:

  <VirtualHost vhost-ip:8080>
    SSLEngine Off
    ServerAdmin webmaster@domain.ext
    ServerName domain.ext
    VirtualDocumentRoot $HOME/www/%0
    VirtualScriptAlias $HOME/www/%0/cgi-bin 
    ErrorLog $HOME/apache/logs/error_log
    CustomLog $HOME/apache/logs/access_log common
    DocumentRoot $HOME/www
  </VirtualHost>
  
  <VirtualHost vhost-ip:8443>
    SSLEngine On
    ServerAdmin webmaster@domain.ext
    ServerName domain.ext
    VirtualDocumentRoot $HOME/www/%0
    VirtualScriptAlias $HOME/www/%0/cgi-bin
    ErrorLog $HOME/apache/logs/error_log
    CustomLog $HOME/apache/logs/access_log common
    DocumentRoot $HOME/www
  </VirtualHost>
</IfDefine>

If you don't have a certificate signed by a recognized authority, you can always use a self-signed certificate as described in the SSL micro-howto.

You can fetch the PHP distribution from php.net and unpack it in some temporary location:

  $ tar -xzf php-x.x.tar.gz
  $ cd php-x.x

Now is time to define the compile-time settings. We recommend saving the ./configure arguments to a text file such as $HOME/php-config.sh to faciliate further upgrades. To ensure best performance, make sure to explicitely disable all the options which you do not require (these will otherwise be enabled by default if they exist on the system). The --prefix, --with-apxs2 and --disable-cgi options are required. A typical configuration might look like:

./configure \
  --prefix=$HOME/apache \
  --with-apxs2=$HOME/apache/bin/apxs \
  --with-config-file-path=$HOME/apache/etc \
  --disable-cgi \
  --disable-cli \
  --disable-libxml \
  --disable-ipv6 \
  --with-zlib=/usr \
  --with-mysql=/usr/local \
  --with-pgsql=/usr/local \
  --without-mcrypt \
  --without-mhash \
  --without-java \
  --without-imap \
  --without-imap-ssl \
  --without-gd \
  --without-ttf \
  --without-png \
  --without-gettext \
  --without-iconv

If you are migrating from the shared Apache and want to make sure to use the same settings, you can check the phpinfo() for the PHP configuration you were previously using:

  $ echo '<?phpinfo()?>' php4-fat > php4-fat.html
  $ lynx php4-fat.html

You will probably want to enable GD and JPEG/PNG if some of your scripts are using imaging features. The --with-gd and --with-ttf options require special consideration. If your account is on an OpenBSD server, substitute /usr/local for /usr/X11R6.

  --with-gd=/usr/local \
  --with-ttf=/usr/local \
  --with-jpeg-dir=/usr/local \
  --with-png-dir=/usr/local

If your scripts use internationalization, enable iconv and gettext:

  --with-iconv=/usr/local \
  --with-gettext=/usr/local

When you are satisfied with the settings, install PHP and copy the example php.ini to the directory specified in --with-config-file-path. Open up php.ini in an editor and tweak the settings to your liking.

  $ sh $HOME/php-config.sh
  $ make all install
  $ cp php.ini-dist $HOME/apache/etc/php.ini

Finally, add the necessary directives to your Apache configuration file:

  LoadModule php5_module  modules/libphp5.so
  AddHandler php-script   php
  AddType text/html       php

Start the daemon and test it. If the server is unreachable, consult the ErrorLog. By default, it is located in $HOME/apache/logs/error_log.

  $ cd $HOME/apache/bin
  $ ./apachectl startssl
  $ lynx http://domain.ext:8080
  $ lynx http://domain.ext:8443

It is critical to add a @reboot directive to your crontab so that your server will be started automatically whenever the machines hosting your account are rebooted. Use crontab -e to bring up your crontab in the default text editor and add the line:

  @reboot $HOME/apache/bin/apachectl start

Finally, when you are ready for your Apache server to handle requests for your domains, send us a request through the contact form. We will set up a packet-level redirection so that privileged ports 80 and 443 (for SSL) can be used. We will also perform a few additional steps needed to set up redundancy such that a backup server will automatically start up your server if there is a failure.