OpenBSD-4.6/usr.sbin/httpd/httpd.8
.\" $OpenBSD: httpd.8,v 1.33 2008/12/17 20:25:14 miod Exp $
.\" Copyright (c) 1995-1997 David Robinson. All rights reserved.
.\" Copyright (c) 1997-1999 The Apache Group. All rights reserved.
.\" Copyright (c) 1998-1999 Bob Beck. All rights reserved.
.\" Copyright (c) 2002-2003 Henning Brauer. All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in
.\" the documentation and/or other materials provided with the
.\" distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\" software must display the following acknowledgment:
.\" "This product includes software developed by the Apache Group
.\" for use in the Apache HTTP server project (http://www.apache.org/)."
.\"
.\" 4. The names "Apache Server" and "Apache Group" must not be used to
.\" endorse or promote products derived from this software without
.\" prior written permission.
.\"
.\" 5. Redistributions of any form whatsoever must retain the following
.\" acknowledgment:
.\" "This product includes software developed by the Apache Group
.\" for use in the Apache HTTP server project (http://www.apache.org/)."
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE APACHE GROUP ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE APACHE GROUP OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\" ====================================================================
.\"
.\" This software consists of voluntary contributions made by many
.\" individuals on behalf of the Apache Group and was originally based
.\" on public domain software written at the National Center for
.\" Supercomputing Applications, University of Illinois, Urbana-Champaign.
.\" For more information on the Apache Group and the Apache HTTP server
.\" project, please see <http://www.apache.org/>.
.Dd $Mdocdate: December 17 2008 $
.Dt HTTPD 8
.Os
.Sh NAME
.Nm httpd
.Nd Apache Hypertext Transfer Protocol Server
.Sh SYNOPSIS
.Nm httpd
.Bk -words
.Op Fl 46FhLlSTtUuVvX
.Op Fl C Ar directive
.Op Fl c Ar directive
.Op Fl D Ar parameter
.Op Fl d Ar serverroot
.Op Fl f Ar config
.Op Fl R Ar libexecdir
.Ek
.Sh DESCRIPTION
.Nm
is the Apache HyperText Transfer Protocol (HTTP) server program.
It is designed to be run as a stand-alone daemon process.
When used like this it will create a pool of child processes to
handle requests.
To stop it, send a
.Dv TERM
signal to the initial (parent) process.
The PID of this process is written to a file as given in the
configuration file.
Normally this service can be enabled for startup on
.Ox
by editing
.Pa /etc/rc.conf.local .
.Pp
Alternatively,
.Nm
may be invoked by the Internet daemon
.Xr inetd 8
each
time a connection to the HTTP service is made.
.Pp
.Nm
can be made to support HTTPS transactions
if RSA certificates are generated
and the utility is started with the
.Va -DSSL
flag.
See
.Xr ssl 8
for further information.
.Pp
By default,
.Nm
will
.Xr chroot 2
to the
.Dq ServerRoot
path,
serving documents from the
.Dq DocumentRoot
path.
As a result of the default secure behaviour,
.Nm
cannot access any objects outside
.Dq ServerRoot
\- this security measure is taken in case
.Nm
is compromised.
This is not without drawbacks, though:
.Pp
CGI programs may fail due to the limited environment available inside
this chroot space.
.Dq UserDir ,
of course, cannot access files outside the directory space.
Other modules will also have issues.
.Dq DocumentRoot
directories or any other files needed must be inside
.Dq ServerRoot .
For this to work,
pathnames inside the configuration file do not need adjustment relative to
.Dq ServerRoot .
For this option to remain secure, it is important that no files or directories
writable by user
.Ar www
or group
.Ar www
are created inside the
.Dq ServerRoot .
.Pp
The
.Fl u
option
(see below)
can be specified to disable
.Xr chroot 2
functionality.
.Pp
This manual page only lists the command line arguments.
For details of the directives necessary to configure
.Nm ,
see the Apache manual in
.Pa /usr/share/doc/html/httpd/ .
Paths in this manual page reflect those
compiled into
.Nm
by default with
.Ox .
.Pp
The options are as follows:
.Bl -tag -width Ds
.It Fl 4
Assume IPv4 addresses on ambiguous directives (default).
Along with
.Fl 6
and
.Fl U ,
this can be used to remove ambiguities in cases such as "BindAddress *".
.It Fl 6
Assume IPv6 addresses on ambiguous directives.
.It Fl C Ar directive
Process the configuration
.Ar directive
before reading config files.
.It Fl c Ar directive
Process the configuration
.Ar directive
after reading config files.
.It Fl D Ar parameter
Sets a configuration
.Ar parameter
which can be used with
<IfDefine>...</IfDefine> sections in the configuration files
to conditionally skip or process commands.
.It Fl d Ar serverroot
Set the initial value for the
.Dq ServerRoot
directive to
.Ar serverroot .
This can be overridden by the
.Dq ServerRoot
command in the configuration file.
The default is
.Pa /var/www .
.It Fl F
Run the main process in foreground.
For process supervisors.
.It Fl f Ar config
Execute the commands in the file
.Ar config
on startup.
If
.Ar config
does not begin with a /, then it is taken to be a path relative to
the ServerRoot.
The default is
.Pa conf/httpd.conf .
.It Fl h
Output a short summary of available command line options.
.It Fl L
Output a list of directives together with expected arguments and
places where the directive is valid.
.It Fl l
Output a list of modules compiled into the server.
.It Fl R Ar libexecdir
This option is only available if
.Nm
was built with the
.Dv SHARED_CORE
rule enabled which forces the
.Nm
core code to be placed into a dynamic shared object (DSO) file.
This file is searched in a hardcoded path under ServerRoot per default.
Use this option to override.
.It Fl S
Show the settings as parsed from the config file (currently only shows the
virtualhost settings).
.It Fl T
Run syntax tests for configuration files only, without DocumentRoot checks.
The program immediately exits after this syntax parsing with either a return
code of 0 (Syntax OK) or return code not equal to 0 (Syntax Error).
.It Fl t
Run syntax tests for configuration files only, including DocumentRoot checks.
The program immediately exits after this syntax parsing with either a return
code of 0 (Syntax OK) or return code not equal to 0 (Syntax Error).
.It Fl U
Do not assume a specific address family for ambiguous specifications.
.It Fl u
By default
.Nm
will
.Xr chroot 2
to the
.Dq ServerRoot
path.
The
.Fl u
option disables this behaviour, and returns
.Nm
to the expanded "unsecure" behaviour.
.It Fl V
Print the version and build parameters of
.Nm httpd ,
and then exit.
.It Fl v
Print the version of
.Nm httpd ,
and then exit.
.It Fl X
Run in single-process mode, for internal debugging purposes only; the daemon
does not detach from the terminal or fork any children.
Do NOT use this mode to provide ordinary web service.
.El
.Pp
The documents served by
.Nm
should not be owned by the user which
.Nm
is running as (usually user
.Ar www
and group
.Ar www ) .
They must, however, be readable by this user.
.Sh FILES
.Bl -tag -width /etc/passwd -compact
.It Pa /var/www/cgi-bin/
.It Pa /var/www/conf/httpd.conf
.It Pa /var/www/conf/magic
.It Pa /var/www/conf/mime.types
.It Pa /var/www/icons/
.It Pa /var/www/logs/access_log
.It Pa /var/www/logs/error_log
.It Pa /var/www/logs/etag-state
.It Pa /var/www/logs/httpd.pid
.It Pa /var/www/logs/ssl_engine_log
.It Pa /var/www/logs/ssl_request_log
.It Pa /var/www/logs/ssl_scache.db
.It Pa /var/www/users/
.It Pa /etc/rc.conf.local
.El
.Sh SEE ALSO
.Xr dbmmanage 1 ,
.Xr htdigest 1 ,
.Xr htpasswd 1 ,
.Xr chroot 2 ,
.Xr apachectl 8 ,
.Xr apxs 8 ,
.Xr inetd 8 ,
.Xr logresolve 8 ,
.Xr rc.conf.local 8 ,
.Xr rotatelogs 8 ,
.Xr ssl 8 ,
.Xr suexec 8
.Pp
The Apache manual:
.Pa /usr/share/doc/html/httpd/ .