Google Git
Sign in
apache / httpd / 0d8f112d269ec0a57320de7857966befe140a91b / . / docs / manual / platform / win_service.html
blob: 6fb76bc9fdbdf1a7293461c1b82aa20cf0baad54 [file] [log] [blame]
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<HTML>
<HEAD>
<TITLE>Running Apache for Windows as a Service</TITLE>
</HEAD>
<!-- Background white, links blue (unvisited), navy (visited), red (active) -->
<BODY
BGCOLOR="#FFFFFF"
TEXT="#000000"
LINK="#0000FF"
VLINK="#000080"
ALINK="#FF0000"
>
<!--#include virtual="header.html" -->
<H1 ALIGN="CENTER">Running Apache for Windows as a Service</H1>
<P>Apache can be run as a service on Windows NT/2000. (There is also some
HIGHLY EXPERIMENTAL support for similar behavior on
<a href="#win95svc">Windows 95/98</a>, introduced with Apache 1.3.13).</P>
<P>Installing Apache as a service should only be done once you can
successfully run it in a console window. See
<A HREF="windows.html">Using Apache with Microsoft Windows</A>
before you attempt to install or run Apache as a service. Changes to the
httpd.conf file should always be followed by starting Apache as a console
window. If this succeeds, the service should succeed.</P>
<P><STRONG>NOTE: Prior to version 1.3.13, the configuration was <EM>not
tested</EM> prior to performing the installation</STRONG>, and a lack of
service dependencies often caused the console window to succeed, but the
service would still fail. See <A HREF="#service">below</A> if you are
having problems running a version of Apache prior to 1.3.13 to resolve the
issue. If you have this problem with version 1.3.13 or greater, first try
uninstalling (-u) and re-installing (-i) the Apache service.</P>
<HR>
<P>To start Apache as a service, you first need to install it as a
service. Multiple Apache services can be installed, each with a
different name and configuration. To install the default Apache
service named "Apache", run the "Install Apache as Service (NT only)"
option from the Start menu. Once this is done you can start the "Apache"
service by opening the Services window (in the Control Panel), selecting
Apache, then clicking on Start. Apache will now be running, hidden in the
background. You can later stop Apache by clicking on Stop. As an
alternative to using the Services window, you can start and stop the
"Apache" service from the command line with</P>
<PRE>
NET START APACHE
NET STOP APACHE
</PRE>
<P>See <A HREF="#signal">Controlling Apache as a Service</A>
for more information on installing and controlling Apache services.</P>
<P><STRONG>Apache, unlike many other Windows NT/2000 services, logs any
errors to it's own error.log file in the logs folder within the
Apache server root folder. You will <EM>not</EM> find Apache error
details in the Windows NT Event Log.</STRONG></P>
<P>After starting Apache as a service (or if you have trouble starting it)
you can test it using the same <A HREF="windows.html#test">procedure</a>
as for running in a console window. Remember to use the command:</P>
<PRE>
apache -n "service name"
</PRE>
<P>to assure you are using the service's configuration.</P>
<H2><A NAME="service">Running Apache for Windows as a Service</A></H2>
<P><STRONG>Note: The -n option to specify a service name is only available
with Apache 1.3.7 and later.</STRONG> Earlier versions of Apache only
support the default service name 'Apache'.</P>
<P>You can install Apache as a Windows NT service as follows:</P>
<PRE>
apache -i -n "service name"
</PRE>
<P>To install a service to use a particular configuration, specify the
configuration file when the service is installed:</P>
<PRE>
apache -i -n "service name" -f "\my server\conf\my.conf"
</PRE>
<P>To remove an Apache service, use:</P>
<PRE>
apache -u -n "service name"
</PRE>
<P>The default "service name", if one is not specified, is "Apache".</P>
<P>Once a service is installed, you can use the <SAMP>-n</SAMP> option, in
conjunction with other options, to refer to a service's configuration file.
For example:</P>
<P>To test a service's configuration file:</P>
<PRE>
apache -n "service name" -t
</PRE>
<P>To start a console Apache using a service's configuration file:</P>
<PRE>
apache -n "service name"
</PRE>
<H2><A NAME="depends">Important Note on service dependencies:</A></H2>
<P>Prior to Apache release 1.3.13, the dependencies required to
successfully start an installed service were not configured.
After installing a service using earlier versions of Apache,
you must follow these steps:
<PRE>
Run regedt32
Select <U>W</U>indow - "HKEY_LOCAL_MACHINE on Local Machine" from the menu
Double-click to open the SYSTEM, then the CurrentControlSet keys
Scroll down and click on the Apache servicename
Select <U>E</U>dit - Add <U>V</U>alue... from the menu
Fill in the Add Value dialog with
<U>V</U>alue Name: DependOnGroup
<U>D</U>ata Type: REG_MULTI_SZ
and click OK
Leave the Multi-String Editor dialog empty and click OK
Select <U>E</U>dit - Add <U>V</U>alue... from the menu
Fill in the Add Value dialog with
<U>V</U>alue Name: DependOnService
<U>D</U>ata Type: REG_MULTI_SZ
and click OK
Type the following list (one per line) in the Multi-String Editor dialog
Tcpip
Afd
and click OK
</PRE>
<P>If you are using COM or DCOM components from a third party module, ISAPI,
or other add-in scripting technologies such as ActiveState Perl, you may
also need to add the entry Rpcss to the DependOnService list. To avoid
exposing the TCP port 135 when it is unnecessary, Apache does not create
that entry upon installation. Follow the directions above to find or
create the DependOnService value, double click that value if it already
exists, and add the Rpcss entry to the list.</P>
<H2>User Account for Apache Service to Run As (NT/2000)</H2>
<P>When Apache is first installed as a service (e.g. with the -i option)
it will run as user "System" (the LocalSystem account). There should
be few issues if all resources for the web server reside on the local
system, but it has broad security privilages to affect the local machine!</P>
<BLOCKQUOTE>
LocalSystem is a very privileged account locally, so
you shouldn't run any shareware applications there.
However, it has no network privileges and cannot leave
the machine via any NT-secured mechanism, including
file system, named pipes, DCOM, or secure RPC.
</BLOCKQUOTE>
<P><STRONG>NEVER grant network privilages to the SYSTEM account!</STRONG>
Create a new user account instead, grant the appropriate privilages to
that user, and use the the 'Log On As:' option. Select the Start Menu ->
Settings -> Control Panel -> Services -> apache service ... and click
the "Startup" button to access this setting.</P>
<BLOCKQUOTE>
A service that runs in the context of the LocalSystem account
inherits the security context of the SCM. It is not associated with
any logged-on user account and does not have credentials (domain name,
user name, and password) to be used for verification.
</BLOCKQUOTE>
<P>The SYSTEM account has no privilages to the network, so shared pages or
a shared installation of Apache is invisible to the service. If you intend
to use <EM>any</EM> network resources, the following steps should help:</P>
<UL>
<LI>Select Apache from the Control Panel's Service dialog and click Startup.
<LI>Verify that the service account is correct. You may wish to create an
account for your Apache services.
<LI>Retype the password and password confirmation.
<LI>Go to User Manager for Domains.
<LI>Click on Policies from the title bar menu, and select User Rights.
<LI>Select the option for Advanced User Rights.
<LI>In the drop-down list, verify that the following rights have been
granted to the selected account:
<UL>
<LI>Act as part of the operating system
<LI>Back up files and directories
<LI>Log on as a service
<LI>Restore files and directories
</UL>
<LI>Confirm that the selected account is a member of the Users group.
<LI>Confirm the selected account has access to all document and script
directories (minimally read and browse access).
<LI>Confirm the selected account has read/write/delete access to the Apache
logs directory!
</UL>
<P>If you allow the account to log in as a user, then you can log in yourself
and test that the account has the privilages to execute the scripts, read
the web pages, and that you can start Apache in a console window. If this
works, and you have followed the steps above, Apache should execute as
a service with no problems.</P>
<P><STRONG>Note: error code 2186</STRONG> is a good indication that you need
to review the 'Log On As' configuration, since the server can't access a
required network resource.</STRONG></P>
<H2><A NAME="trouble">Troubleshooting Apache for Windows as a Service</A></H2>
<P>When starting Apache as a service you may encounter an error message from
Windows service manager. For example if you try to start Apache using the Services
applet in Windows Control Panel you may get the following message;
<PRE>
Could not start the apache service on \\COMPUTER
Error 1067; The process terminated unexpectedly.
</PRE>
<P>You will get this error if there is any problem starting Apache. In order to see
what is causing the problem you should follow the instructions
for <a href="windows.html#test">Testing Apache at the Command Prompt</a>.</P>
<P>Also, Apache 1.3.13 now records startup errors in the Application Event Log
under Windows NT/2000, if Apache is run as a service. Run the Event Viewer
and select <U>L</U>og ... <U>A</U>pplication to see these events.
<P><STRONG>Check the Application Event Log with the Event Viewer in case of any
problems, even if no error message pops up to warn you that an error
occured.</STRONG></P>
<H2><A NAME="cmdline">Running Apache for Windows from the Command Line</A></H2>
For details on controlling Apache service from the command line, please refer to
<a href="windows.html#cmdline">console command line</a> section.
<H2><A NAME="signal">Controlling Apache as a Service</A></H2>
<P>Multiple instances of Apache can be installed and run as services. Signal
an installed Apache service to start, restart, or shutdown/stop
as follows:</P>
<PRE>
apache -n "service name" -k start
apache -n "service name" -k restart
apache -n "service name" -k shutdown
apache -n "service name" -k stop
</PRE>
<P>For the default "Apache" service, the -n Apache option is still required,
since the -k commands without the -n option are directed at Apache running
in a console window. The quotes are only required if the service name
contains spaces.</P>
<P><STRONG>Note: the -k stop alias for the -k shutdown command was introduced
in Apache version 1.3.13.</STRONG> Earlier versions of Apache will only
recognize the -k shutdown option. Prior to 1.3.3, Apache did not recognize
<EM>any</EM> -k options at all!</P>
<P>In addition, you can use the native NT NET command to
start and stop Apache services as follows:</P>
<PRE>
NET START "service name"
NET STOP "service name"
</PRE>
<P>Again, quotes are only required if the service name contains spaces.</P>
<H2><A NAME="win95svc">HIGHLY EXPERIMENTAL Windows 95/98 Service</A></H2>
<P><STRONG>Note: The service options for Windows 95 and 98 are only available
with Apache 1.3.13 and later.</STRONG> Earlier versions of Apache only
supported Apache in a console window for Windows 95/98.</P>
<P>There is some support for Apache on Windows 95/98 to behave in a similar
manner as a service on Windows NT/2000. It is <EM>highly experimental</EM>,
if it works (at all) the Apache Sofware Foundation will not attest to it's
reliability or future support. Proceed at your own risk!</P>
<P>Once you have confirmed that Apache runs correctly at the
<a href="windows.html#test">Command Prompt</a> you can install, control
and uninstall it with the same commands as the Windows NT/2000 version.</P>
<P>There are, however, significant differences that you should note:</P>
<P>Apache will attempt to start and if successful it will run in the
background. If you run the command
<PRE>
Apache -n "service name" -k start
</PRE>
via a shortcut on your desktop, for example, then if the service starts
successfully a console window will flash up but immediately disappears.
If Apache detects any errors on startup such as a incorrect entries in the
httpd.conf file, then the console window will remain visible. This will
display an error message which will be useful in tracking down the cause of
the problem.</P>
<P>Windows 95/98 does not support NET START or NET STOP commands so you must
use Apache's Service Control options at a command prompt. You may wish to
set up a shortcut for each of these commands so that you can just choose
it from the start menu or desktop to perform the required action.</P>
<P>Apache and Windows 95/98 offer no support for running the Apache service
as a specific user with network privilages. In fact, Windows 95/98 offers
no security on the local machine, either. This is the simple reason that
the Apache Software Foundation never endorses the use of Windows 95/98 as a
public httpd server. These facilities exist only to assist the user in
developing web content and learning the Apache server, and perhaps as a
intranet server on a secured, private network.</P>
<!--#include virtual="footer.html" -->
</BODY>
</HTML>