diff options
Diffstat (limited to 'docs/manual/platform/win_service.html')
-rw-r--r-- | docs/manual/platform/win_service.html | 284 |
1 files changed, 164 insertions, 120 deletions
diff --git a/docs/manual/platform/win_service.html b/docs/manual/platform/win_service.html index 0d62b51f4f..454588c1dd 100644 --- a/docs/manual/platform/win_service.html +++ b/docs/manual/platform/win_service.html @@ -4,93 +4,116 @@ <TITLE>Running Apache for Windows as a Service</TITLE> </HEAD> +<!-- Background white, links blue (unvisited), navy (visited), red (active) --> +<BODY + BGCOLOR="#FFFFFF" + TEXT="#000000" + LINK="#0000FF" + VLINK="#000080" + ALINK="#FF0000" +> <!--#include virtual="header.html" --> <H1 ALIGN="CENTER">Running Apache for Windows as a Service</H1> -<P>Running Apache as a service should only be done once you have successfully run -it as a console application. See <A HREF="windows.html">Using Apache with Microsoft Windows</A> -before you attempt to run it as a service. -</P> +<P>Apache can be run as a service on Windows NT/2000. (There is also some + HIGHLY EXPERIMENTAL support for similar behavior on + <a href="#win95svc">Windows 95/98</a>, introduced with Apache 1.3.13).</P> -<P>Apache can be run as a service on Win NT/2000. (There is also some HIGHLY EXPERIMENTAL -support for a similar effect on <a href="#win95svc">Win95/98</a>). -</P> +<P>Installing Apache as a service should only be done once you can + successfully run it in a console window. See + <A HREF="windows.html">Using Apache with Microsoft Windows</A> + before you attempt to install or run Apache as a service. Changes to the + httpd.conf file should always be followed by starting Apache as a console + window. If this succeeds, the service should succeed.</P> + +<P><STRONG>NOTE: Prior to version 1.3.13, the configuration was <EM>not + tested</EM> prior to performing the installation</STRONG>, and a lack of + service dependencies often caused the console window to succeed, but the + service would still fail. See <A HREF="#service">below</A> if you are + having problems running a version of Apache prior to 1.3.13 to resolve the + issue. If you have this problem with version 1.3.13 or greater, first try + uninstalling (-u) and re-installing (-i) the Apache service.</P> + +<HR> <P>To start Apache as a service, you first need to install it as a service. Multiple Apache services can be installed, each with a different name and configuration. To install the default Apache service named "Apache", run the "Install Apache as Service (NT only)" option from the Start menu. Once this is done you can start the "Apache" - service by opening the Services window (in the Control Panel), selecting Apache, - then clicking on Start. Apache will now be running in the background. You - can later stop Apache by clicking on Stop. As an alternative to using - the Services window, you can start and stop the "Apache" service from the control - line with + service by opening the Services window (in the Control Panel), selecting + Apache, then clicking on Start. Apache will now be running, hidden in the + background. You can later stop Apache by clicking on Stop. As an + alternative to using the Services window, you can start and stop the + "Apache" service from the command line with</P> <PRE> NET START APACHE NET STOP APACHE </PRE> -See <A HREF="#signalsrv">Signalling Service Apache when Running</A> -for more information on installing and controlling Apache services. +<P>See <A HREF="#signal">Controlling Apache as a Service</A> + for more information on installing and controlling Apache services.</P> <P><STRONG>Apache, unlike many other Windows NT/2000 services, logs any errors to it's own error.log file in the logs folder within the Apache server root folder. You will <EM>not</EM> find Apache error details in the Windows NT Event Log.</STRONG></P> -<P> +<P>After starting Apache as a service (or if you have trouble starting it) + you can test it using the same <A HREF="windows.html#test">procedure</a> + as for running in a console window. Remember to use the command:</P> -After starting Apache as a service (or if you have trouble starting it) you can test it -using the same <A HREF="windows.html#test">procedure</a> as for running in a console window. +<PRE> + apache -n "service name" +</PRE> + +<P>to assure you are using the service's configuration.</P> <H2><A NAME="service">Running Apache for Windows as a Service</A></H2> - <STRONG>Note: The -n option to specify a service name is only available - with Apache 1.3.7 and later. Earlier versions of Apache only support - the default service name 'Apache'.</STRONG> -<P> +<P><STRONG>Note: The -n option to specify a service name is only available + with Apache 1.3.7 and later.</STRONG> Earlier versions of Apache only + support the default service name 'Apache'.</P> -You can install Apache as a Windows NT service as follows: +<P>You can install Apache as a Windows NT service as follows:</P> <PRE> apache -i -n "service name" </PRE> -To install a service to use a particular configuration, specify the -configuration file when the service is installed: +<P>To install a service to use a particular configuration, specify the + configuration file when the service is installed:</P> <PRE> apache -i -n "service name" -f "\my server\conf\my.conf" </PRE> -To remove an Apache service, use +<P>To remove an Apache service, use:</P> <PRE> apache -u -n "service name" </PRE> -The default "service name", if one is not specified, is "Apache". - -<P> +<P>The default "service name", if one is not specified, is "Apache".</P> -Once a service is installed, you can use the <SAMP>-n</SAMP> option, in conjunction -with other options, to refer to a service's configuration file. For example:<br> +<P>Once a service is installed, you can use the <SAMP>-n</SAMP> option, in + conjunction with other options, to refer to a service's configuration file. + For example:</P> -To test a service's configuration file: +<P>To test a service's configuration file:</P> <PRE> apache -n "service name" -t </PRE> -To start a console Apache using a service's configuration file: +<P>To start a console Apache using a service's configuration file:</P> <PRE> apache -n "service name" </PRE> -<P><STRONG>Important Note on service dependencies:</STRONG></P> +<H2><A NAME="depends">Important Note on service dependencies:</A></H2> <P>Prior to Apache release 1.3.13, the dependencies required to successfully start an installed service were not configured. @@ -128,31 +151,71 @@ To start a console Apache using a service's configuration file: exists, and add the Rpcss entry to the list.</P> -<P><STRONG>Note on default "System account" (LocalSystem) that Apache will run under.</STRONG></P> +<H2>User Account for Apache Service to Run As (NT/2000)</H2> - When Apache is installed as a service e.g. with the apache -i command, it will run - as "System Account" (LocalSystem) user. -<PRE> - docs say: +<P>When Apache is first installed as a service (e.g. with the -i option) + it will run as user "System" (the LocalSystem account). There should + be few issues if all resources for the web server reside on the local + system, but it has broad security privilages to affect the local machine!</P> + +<BLOCKQUOTE> LocalSystem is a very privileged account locally, so you shouldn't run any shareware applications there. However, it has no network privileges and cannot leave the machine via any NT-secured mechanism, including file system, named pipes, DCOM, or secure RPC. - - and: - +</BLOCKQUOTE> + +<P><STRONG>NEVER grant network privilages to the SYSTEM account!</STRONG> + Create a new user account instead, grant the appropriate privilages to + that user, and use the the 'Log On As:' option. Select the Start Menu -> + Settings -> Control Panel -> Services -> apache service ... and click + the "Startup" button to access this setting.</P> + +<BLOCKQUOTE> A service that runs in the context of the LocalSystem account - inherits the security context of the SCM. It is not - associated with any logged-on user account and does not have - credentials (domain name, user name, and password) to be used - for verification. This has several implications: [... removed ...] - - That _really_ sucks. Can we recommend running Apache as some - other user? - - <i>Recommendations to be added...</i> -</PRE> + inherits the security context of the SCM. It is not associated with + any logged-on user account and does not have credentials (domain name, + user name, and password) to be used for verification. +</BLOCKQUOTE> + +<P>The SYSTEM account has no privilages to the network, so shared pages or + a shared installation of Apache is invisible to the service. If you intend + to use <EM>any</EM> network resources, the following steps should help:</P> + +<UL> +<LI>Select Apache from the Control Panel's Service dialog and click Startup. +<LI>Verify that the service account is correct. You may wish to create an + account for your Apache services. +<LI>Retype the password and password confirmation. +<LI>Go to User Manager for Domains. +<LI>Click on Policies from the title bar menu, and select User Rights. +<LI>Select the option for Advanced User Rights. +<LI>In the drop-down list, verify that the following rights have been + granted to the selected account: + <UL> + <LI>Act as part of the operating system + <LI>Back up files and directories + <LI>Log on as a service + <LI>Restore files and directories + </UL> +<LI>Confirm that the selected account is a member of the Users group. +<LI>Confirm the selected account has access to all document and script + directories (minimally read and browse access). +<LI>Confirm the selected account has read/write/delete access to the Apache + logs directory! +</UL> + +<P>If you allow the account to log in as a user, then you can log in yourself + and test that the account has the privilages to execute the scripts, read + the web pages, and that you can start Apache in a console window. If this + works, and you have followed the steps above, Apache should execute as + a service with no problems.</P> +<P><STRONG>Note: error code 2186</STRONG> is a good indication that you need + to review the 'Log On As' configuration, since the server can't access a + required network resource.</STRONG></P> + + <H2><A NAME="trouble">Troubleshooting Apache for Windows as a Service</A></H2> @@ -168,36 +231,17 @@ To start a console Apache using a service's configuration file: for <a href="windows.html#test">Testing Apache at the Command Prompt</a>. </P> -<P><STRONG>Note on error code 2186.</STRONG> -</P> -<P>If you encounter error 2186 when trying to start Apache, the following workaround may help; -</P> -<PRE> - Select the service in Control Panel and click Startup. - Verify that the service account is correct. - Retype the password and password confirmation. - Go to User Manager for Domains. - Click on Policies from the title bar menu, and select User Rights. - Select the option for Advanced User Rights. - In the drop-down list, verify that the following rights have been - granted to the service account: - Act as part of the operating system - Back up files and directories - Log on as a service - Restore files and directories -</PRE> - - <H2><A NAME="cmdline">Running Apache for Windows from the Command Line</A></H2> For details on controlling Apache service from the command line, please refer to <a href="windows.html#cmdline">console command line</a> section. -<H2><A NAME="signalsrv">Signalling Service Apache when running</A></H2> +<H2><A NAME="signal">Controlling Apache as a Service</A></H2> -On Windows NT, multiple instances of Apache can be run as services. -Signal an Apache service to start, restart, or shutdown/stop as follows: +<P>Multiple instances of Apache can be installed and run as services. Signal + an installed Apache service to start, restart, or shutdown/stop + as follows:</P> <PRE> apache -n "service name" -k start @@ -206,69 +250,69 @@ Signal an Apache service to start, restart, or shutdown/stop as follows: apache -n "service name" -k stop </PRE> -(Note; shutdown and stop are identical actions). -In addition, you can use the native NT NET command to -start and stop Apache services as follows: +<P>For the default "Apache" service, the -n Apache option is still required, + since the -k commands without the -n option are directed at Apache running + in a console window. The quotes are only required if the service name + contains spaces.</P> + +<P><STRONG>Note: the -k stop alias for the -k shutdown command was introduced + in Apache version 1.3.13.</STRONG> Earlier versions of Apache will only + recognize the -k shutdown option. Prior to 1.3.3, Apache did not recognize + <EM>any</EM> -k options at all!</P> + +<P>In addition, you can use the native NT NET command to + start and stop Apache services as follows:</P> <PRE> NET START "service name" NET STOP "service name" </PRE> +<P>Again, quotes are only required if the service name contains spaces.</P> <H2><A NAME="win95svc">HIGHLY EXPERIMENTAL Windows 95/98 Service</A></H2> -There is some support for Apache on Windows 95/98 to behave in a similar -manner as a service on NT/2000. This is HIGHLY EXPERIMENTAL, -if it works (at all) the Apache Group can not attest to it's reliability -or future support of the feature. Use at your own risk! - -<P>Once you have confirmed that Apache runs correctly at the - <a href="windows.html#test">Command Prompt</a> you can install it as a - service with the command; -</P> - -<PRE> - apache -i -</PRE> +<P><STRONG>Note: The service options for Windows 95 and 98 are only available + with Apache 1.3.13 and later.</STRONG> Earlier versions of Apache only + supported Apache in a console window for Windows 95/98.</P> -<P>You can run Apache as a Windows 95/98 service as follows: -</P> +<P>There is some support for Apache on Windows 95/98 to behave in a similar + manner as a service on Windows NT/2000. It is <EM>highly experimental</EM>, + if it works (at all) the Apache Sofware Foundation will not attest to it's + reliability or future support. Proceed at your own risk!</P> -<PRE> - apache -k runservice -</PRE> +<P>Once you have confirmed that Apache runs correctly at the + <a href="windows.html#test">Command Prompt</a> you can install, control + and uninstall it with the same commands as the Windows NT/2000 version.</P> -<P>Apache will attempt to start and if successful it will run in the background. - If you ran this command via a shortcut on your desktop, for example, then if the service starts - successfully a console window may flash up but will immediately disappear. - If Apache detects any errors on startup such as a incorrect entries in the - httpd.conf file then a console window will be left visible. This will display - an error message which will be useful in tracking down the cause of the problem. -</P> +<P>There are, however, significant differences that you should note:</P> -<P>You can signal the Apache service to start, restart or shutdown/stop as follows: -</P> +<P>Apache will attempt to start and if successful it will run in the + background. If you run the command <PRE> - apache -k start - apache -k restart - apache -k shutdown - apache -k stop + Apache -n "service name" -k start </PRE> -(Note; shutdown and stop are identical actions). - -<P>Windows 95/98 does not support NET START or NET STOP commands so - you must use the above commands at a command prompt. You may wish to set up a shortcut - for each of these commands so that you can just click on it to perform the required action. -</P> - -<P>You can uninstall the Apache service as follows: -</P> -<PRE> - apache -u -</PRE> + via a shortcut on your desktop, for example, then if the service starts + successfully a console window will flash up but immediately disappears. + If Apache detects any errors on startup such as a incorrect entries in the + httpd.conf file, then the console window will remain visible. This will + display an error message which will be useful in tracking down the cause of + the problem.</P> + +<P>Windows 95/98 does not support NET START or NET STOP commands so you must + use Apache's Service Control options at a command prompt. You may wish to + set up a shortcut for each of these commands so that you can just choose + it from the start menu or desktop to perform the required action.</P> + +<P>Apache and Windows 95/98 offer no support for running the Apache service + as a specific user with network privilages. In fact, Windows 95/98 offers + no security on the local machine, either. This is the simple reason that + the Apache Software Foundation never endorses the use of Windows 95/98 as a + public httpd server. These facilities exist only to assist the user in + developing web content and learning the Apache server, and perhaps as a + intranet server on a secured, private network.</P> <!--#include virtual="footer.html" --> </BODY> |