Introduction to Apache HTTPD

The Apache HTTPD package contains an open-source HTTP server. It is useful for creating local intranet web sites or running huge web serving operations.

This package is known to build and work properly using an LFS 12.1 platform.

Package Information

Additional Downloads

Apache HTTPD Dependencies


Apr-Util-1.6.3 and pcre2-10.42


Brotli-1.1.0, Doxygen-1.10.0, jansson-2.14, libxml2-2.12.5, Lua-5.4.6, Lynx-2.8.9rel.1 or Links-2.29 or ELinks, nghttp2-1.59.0, OpenLDAP-2.6.7 (Apr-Util-1.6.3 needs to be installed with ldap support), rsync-3.2.7, Berkeley DB (deprecated), and Distcache

Installation of Apache HTTPD

For security reasons, running the server as an unprivileged user and group is strongly encouraged. Create the following group and user using the following commands as root:

groupadd -g 25 apache &&
useradd -c "Apache Server" -d /srv/www -g apache \
        -s /bin/false -u 25 apache

Build and install Apache HTTPD by running the following commands:

patch -Np1 -i ../httpd-2.4.58-blfs_layout-1.patch             &&

sed '/dir.*CFG_PREFIX/s@^@#@' -i support/apxs.in              &&

sed -e '/HTTPD_ROOT/s:${ap_prefix}:/etc/httpd:'       \
    -e '/SERVER_CONFIG_FILE/s:${rel_sysconfdir}/::'   \
    -e '/AP_TYPES_CONFIG_FILE/s:${rel_sysconfdir}/::' \
    -i configure  &&

sed -e '/encoding.h/a # include <libxml/xmlstring.h>' \
    -i modules/filters/mod_xml2enc.c  &&

./configure --enable-authnz-fcgi                              \
            --enable-layout=BLFS                              \
            --enable-mods-shared="all cgi"                    \
            --enable-mpms-shared=all                          \
            --enable-suexec=shared                            \
            --with-apr=/usr/bin/apr-1-config                  \
            --with-apr-util=/usr/bin/apu-1-config             \
            --with-suexec-bin=/usr/lib/httpd/suexec           \
            --with-suexec-caller=apache                       \
            --with-suexec-docroot=/srv/www                    \
            --with-suexec-logfile=/var/log/httpd/suexec.log   \
            --with-suexec-uidmin=100                          \
            --with-suexec-userdir=public_html                 &&

This package does not come with a test suite.

Now, as the root user:

make install  &&

mv -v /usr/sbin/suexec /usr/lib/httpd/suexec &&
chgrp apache           /usr/lib/httpd/suexec &&
chmod 4754             /usr/lib/httpd/suexec &&

chown -v -R apache:apache /srv/www

Command Explanations

sed '/dir.*CFG_PREFIX/s@^@#@'...: Forces the apxs utility to use absolute pathnames for modules, when instructed to do so.

sed -e '/HTTPD_ROOT/s ...: Fixes some paths.

sed -e '/encoding.h/a ...; Fix building against libxml-2.12.x.

--enable-authnz-fcgi: Build FastCGI authorizer-based authentication and authorization (mod_authnz_fcgi.so fast CGI module).

--enable-mods-shared="all cgi": The modules should be compiled and used as Dynamic Shared Objects (DSOs) so they can be included and excluded from the server using the run-time configuration directives.

--enable-mpms-shared=all: This switch ensures that all MPM (Multi Processing Modules) are built as Dynamic Shared Objects (DSOs), so the user can choose which one to use at runtime.

--enable-suexec: This switch enables building of the Apache suEXEC module which can be used to allow users to run CGI and SSI scripts under user IDs different from the user ID of the calling web server.

--with-suexec-*: These switches control suEXEC module behavior, such as default document root, minimal UID that can be used to run the script under the suEXEC. Please note that with minimal UID 100, you can't run CGI or SSI scripts under suEXEC as the apache user.

... /usr/lib/httpd/suexec: These commands put suexec wrapper into proper location, since it is not meant to be run directly. They also adjust proper permissions of the binary, making it setgid apache.

chown -R apache:apache /srv/www: By default, the installation process installs files (documentation, error messages, default icons, etc.) with the ownership of the user that extracted the files from the tar file. If you want to change the ownership to another user, you should do so at this point. The only requirement is that the document directories need to be accessible by the httpd process with (r-x) permissions and files need to be readable (r--) by the apache user.

Configuring Apache

Config Files

/etc/httpd/httpd.conf and /etc/httpd/extra/*

Configuration Information

See file:///usr/share/httpd/manual/configuring.html for detailed instructions on customising your Apache HTTP server configuration file.

There is no reason, at least for internet facing sites, not to use SSL encryption. Setting up a secured website does not cost anything except installing one additional small tool and a few minutes of configuration work. Use this guideline at https://wiki.linuxfromscratch.org/blfs/wiki/Securing_a_website to create world-wide accepted certificates and renew them on a regular basis.

Systemd Unit

If you want the Apache server to start automatically when the system is booted, install the httpd.service unit included in the blfs-systemd-units-20240205 package:

make install-httpd


Installed Programs: ab, apachectl, apxs, checkgid, dbmmanage, fcgistarter, htcacheclean, htdbm, htdigest, htpasswd, httpd, httxt2dbm, logresolve, and rotatelogs
Installed Libraries: Several libraries under /usr/lib/httpd/modules/
Installed Directories: /etc/httpd, /srv/www, /usr/include/httpd, /usr/lib/httpd, /usr/share/httpd, /var/log/httpd, and /var/run/httpd

Short Descriptions


is a tool for benchmarking your Apache HTTP server


is a front end to the Apache HTTP server which is designed to help the administrator control the functioning of the Apache httpd daemon


is a tool for building and installing extension modules for the Apache HTTP server


is a program that checks whether it can setgid to the group specified. This is to see if it is a valid group for Apache2 to use at runtime. If the user (should be run as superuser) is in that group, or can setgid to it, it will return 0


is used to create and update the DBM format files used to store usernames and passwords for basic authentication of HTTP users


is a tool to start a FastCGI program


is used to clean up the disk cache


is used to manipulate the DBM password databases


is used to create and update the flat-files used to store usernames, realms and passwords for digest authentication of HTTP users


is used to create and update the flat-files used to store usernames and passwords for basic authentication of HTTP users


is the Apache HTTP server program


is used to generate DBM files from text, for use in RewriteMap


is a post-processing program to resolve IP-addresses in Apache's access log files


is a simple program for use in conjunction with Apache's piped log file feature


allows users to run CGI and SSI applications as a different user