Monday, 4 January 2010

Running Apache as a Service

Am avut nevoie sa reinstalez Apache service, asa ca daca tot am dat de alte chestii interesante, le pun aici.

You can install Apache as a service automatically during the installation. If you chose to install for all users, the installation will create an Apache service for you. If you specify to install for yourself only, you can manually register Apache as a service after the installation. You have to be a member of the Administrators group for the service installation to succeed.

Apache comes with a utility called the Apache Service Monitor. With it you can see and manage the state of all installed Apache services on any machine on your network. To be able to manage an Apache service with the monitor, you have to first install the service (either automatically via the installation or manually).

You can install Apache as a Windows NT service as follows from the command prompt at the Apache bin subdirectory:

httpd.exe -k install
If you need to specify the name of the service you want to install, use the following command. You have to do this if you have several different service installations of Apache on your computer.

httpd.exe -k install -n "MyServiceName"
If you need to have specifically named configuration files for different services, you must use this:

httpd.exe -k install -n "MyServiceName" -f "c:\files\my.conf"
If you use the first command without any special parameters except -k install, the service will be called Apache2.2 and the configuration will be assumed to be conf\httpd.conf.

Removing an Apache service is easy. Just use:

httpd.exe -k uninstall
The specific Apache service to be uninstalled can be specified by using:

httpd.exe -k uninstall -n "MyServiceName"
Normal starting, restarting and shutting down of an Apache service is usually done via the Apache Service Monitor, by using commands like NET START Apache2.2 and NET STOP Apache2.2 or via normal Windows service management. Before starting Apache as a service by any means, you should test the service's configuration file by using:

httpd.exe -n "MyServiceName" -t
You can control an Apache service by its command line switches, too. To start an installed Apache service you'll use this:

httpd.exe -k start
To stop an Apache service via the command line switches, use this:

httpd.exe -k stop
or

httpd.exe -k shutdown
You can also restart a running service and force it to reread its configuration file by using:

httpd.exe -k restart
By default, all Apache services are registered to run as the system user (the LocalSystem account). The LocalSystem account has no privileges to your network via any Windows-secured mechanism, including the file system, named pipes, DCOM, or secure RPC. It has, however, wide privileges locally.

Never grant any network privileges to the LocalSystem account! If you need Apache to be able to access network resources, create a separate account for Apache as noted below.
It is recommended that users create a separate account for running Apache service(s). If you have to access network resources via Apache, this is required.

Create a normal domain user account, and be sure to memorize its password.
Grant the newly-created user a privilege of Log on as a service and Act as part of the operating system. On Windows NT 4.0 these privileges are granted via User Manager for Domains, but on Windows 2000 and XP you probably want to use Group Policy for propagating these settings. You can also manually set these via the Local Security Policy MMC snap-in.
Confirm that the created account is a member of the Users group.
Grant the account read and execute (RX) rights to all document and script folders (htdocs and cgi-bin for example).
Grant the account change (RWXD) rights to the Apache logs directory.
Grant the account read and execute (RX) rights to the httpd.exe binary executable.
It is usually a good practice to grant the user the Apache service runs as read and execute (RX) access to the whole Apache2.2 directory, except the logs subdirectory, where the user has to have at least change (RWXD) rights.
If you allow the account to log in as a user and as a service, then you can log on with that account and test that the account has the privileges to execute the scripts, read the web pages, and that you can start Apache in a console window. If this works, and you have followed the steps above, Apache should execute as a service with no problems.

Error code 2186 is a good indication that you need to review the "Log On As" configuration for the service, since Apache cannot access a required network resource. Also, pay close attention to the privileges of the user Apache is configured to run as.
When starting Apache as a service you may encounter an error message from the Windows Service Control Manager. For example, if you try to start Apache by using the Services applet in the Windows Control Panel, you may get the following message:

Could not start the Apache2.2 service on \\COMPUTER
Error 1067; The process terminated unexpectedly.
You will get this generic error if there is any problem with starting the Apache service. In order to see what is really causing the problem you should follow the instructions for Running Apache for Windows from the Command Prompt.

If you are having problems with the service, it is suggested you follow the instructions below to try starting httpd.exe from a console window, and work out the errors before struggling to start it as a service again.

No comments: