Currently, ServerRoot on Gentoo defaults to /usr/lib/apache2, rather than the root of the configuration directory (/etc/apache2), like it seems most other distros do.
Because of this, relative paths in config files, like those for Include and SSLCertificate* directives, are not relative to the config directory (as I had expected, coming from RHEL 6/7 and Ubuntu); instead, they're relative to /usr/lib/apache2, which only really has module binaries (modules dir) and apparent byproducts from compilation (build dir).
For example, if I keep a common TLS/SSL configuration in a vhost include at /etc/apache2/vhosts.d/ssl_common.include, and I try to include it using `Include vhosts.d/ssl_common.include`, Apache is off looking for /usr/lib/apache2/vhosts.d/ssl_common.include, which doesn't exist. (For comparison, Apache 2.4 on RHEL and Ubuntu would be looking at their configuration roots, /etc/httpd and /etc/apache2 respectively.)
Personally, I'd like to keep my vhost includes and TLS keys/certs under /etc/apache2 and use ServerRoot-relative paths in my configurations so my vhosts are at least somewhat portable between OSes, but to get this to work on Gentoo without mucking around with ServerRoot, I'd have to put these files (or symlinks) under /usr/lib/apache2, which seems like the wrong approach.
It's possible I'm misunderstanding the purpose of setting ServerRoot to something other than /etc/apache2, but I haven't been able to find documented reason why Gentoo configures ServerRoot this way. (It's not on the Gentoo Wiki page for Apache, and Google hasn't been helpful to me.)
If it's because Apache expects modules at ServerRoot, but we want the modules located under /usr/lib, that's entirely reasonable; but then why not symlink that modules directory to /etc/apache2/modules and switch ServerRoot /etc/apache2?
Could someone more knowledgeable with Apache on Gentoo please enlighten me?
To be honest, ServerRoot has been set to this value since I took over maintenance of apache. So unfortunately I don't know the historical background why ServerRoot was set to this value.
I don't see a compelling reason to not change it but I'd like to collect some other opinions beforehand.
So to some extent, this is relative paths for modules versus relative paths for configuration, right? If so, I think I agree the latter makes more sense.
Also, aligning with other distros can be helpful.
If we do this, it definitely merits a news item, right?
It's kind of an arbitrary choice, but I think having the modules under /usr/lib/apache makes sense and symlinking them under /etc would defeat the purpose. Now, we need to use an absolute path for configuration Includes. If we change it, we'd need to use absolute paths for LoadModule and anything that wants to include a file under the current ServerRoot.
If most users are going to have to hard-code one of the paths, then /etc/apache2 is a lot easier to hard-code than /usr/$(get_libdir). I have a package (a bunch of config files that include each other) that would need a new build system to figure out libdir and substitute it everywhere. I'm sure there are others in the tree.
I'll try to think up a way to make this work that doesn't require hard-coding one of the paths. In the meantime, let me throw out a stupid workaround: everywhere you have an Include, you can replace it with two IncludeOptionals that try both paths.
I don't understand why there would be a problem with adding symlinks to /etc/apache2, but if this is indeed a legitimate concern, some inspiration may be pulled from Tomcat on RHEL:
On RHEL 7, Tomcat's ServerRoot equivalent is off in /usr/share/tomcat, which contains the binaries in a bin directory and symlinks to all other expected directories (conf, lib, logs, temp, webapps, work).
If we adapt Apache HTTPd on Gentoo to this layout (Which could also serve as a cross-distro template), ServerRoot would become something like /usr/share/apache2 and would contain, at the very least:
- conf -> /etc/apache2
- logs -> /var/log/apache2
- modules -> /usr/lib/apache2/modules
- vhosts.d -> /etc/apache2/vhosts.d
Personally, I'd like to see these as well:
- htdocs -> /var/www
- ssl.crt -> /etc/ssl/apache2
- ssl.key -> /etc/ssl/private
And if we wanted to keep going, perhaps:
- conf.d -> /etc/apache2/modules.d
- conf.modules.d -> /etc/apache2/modules.d
(In reply to Nathan M from comment #4)
> I don't understand why there would be a problem with adding symlinks to
It's not a major concern -- I just think that the modules "belong" under /usr/lib, and symlinking them to /etc just means that they'd be in the wrong place *in addition to* the right place.
For most of our users, that will just create confusion, where half of their directives reference the real path and half reference the symlink. It will then be impossible to undo if we ever decide it was a bad idea. Since this is a rare use case, the benefit of the change needs to be big.
If all you want is to make your configurations portable, can you create /etc/apache2/modules -> /usr/lib/apache2/modules symlinks on your Gentoo machines, and then set ServerRoot to /etc/apache2? Those symlinks are only needed if you change the ServerRoot (i.e. if you're doing something weird), so they should probably only be created on those machines, and not preemptively for everyone.