Needed Apache modules for a local yum repository

General support questions
Post Reply
sawozny
Posts: 29
Joined: 2019/07/13 22:19:14

Needed Apache modules for a local yum repository

Post by sawozny » 2019/09/22 21:02:16

Does anyone know what Apache modules (beyond the Core and the appropriate Multi-Processing Module) are needed for a local yum repository to work properly? For example, does yum rely on mod_autoindex on the web server to get a list of available files or does yum’s localrepo process generate the index file and I just need mod_dir to point to it, or do I even need that (i.e. yum both generates AND knows the name of the index)? Also, is there any active content (PHP / CGI) or does Apache just need to serve up files (and, possibly, the index) on request?

Any thoughts or suggestions would be appreciated.

Thanks,

Scott

hunter86_bg
Posts: 2011
Joined: 2015/02/17 15:14:33
Location: Bulgaria
Contact:

Re: Needed Apache modules for a local yum repository

Post by hunter86_bg » 2019/09/23 12:59:17

For a yum repo, you don't even need apache on your local repo server. Why ? Because repos can also be on a FTP server.

Can you clarify the following statements:
1) You want to create a yum repo
2) Yum repo will be available over http/https
3) What software is needed to create a yum repo

If you wish to create a repo on serverA , you need to:
1) Download all rpms
2) Run a

Code: Select all

createrepo  /path/to/folder/with/rpms 
3) Configure web server (usually this is apache) to use '/path/to/folder/with/rpms' as DocumentRoot and configure SELINUX for the '/path/to/folder/with/rpms' so the webserver can access the files.You don't need any fancy stuff - just a plain web server via:

Code: Select all

yum groupinstall 'Web Server'

User avatar
TrevorH
Forum Moderator
Posts: 28026
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Needed Apache modules for a local yum repository

Post by TrevorH » 2019/09/23 14:04:25

I don't think the site even needs to serve any index contents at all. Yum requests repodata/repomd.xml which then tells it the names of all the other metadata files in the repodata directory and they tell it all about the packages and their filenames/versions etc.
CentOS 6 will die in November 2020 - migrate sooner rather than later!
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 is dead, do not use it.
Full time Geek, part time moderator. Use the FAQ Luke

sawozny
Posts: 29
Joined: 2019/07/13 22:19:14

Re: Needed Apache modules for a local yum repository

Post by sawozny » 2019/09/23 17:35:14

hunter86_bg wrote:
2019/09/23 12:59:17
For a yum repo, you don't even need apache on your local repo server. Why ? Because repos can also be on a FTP server.
I've seen that FTP servers are an option for local repositories but my preference is to use Apache httpd since I'll have a few of those in my environment, but no other FTP servers so it's just one less thing to learn to use and properly secure. :)

I've seen a few guides to creating a local repo on CentOS 7, so when the time comes I'll probably look over processes on the web and in this forum and do some testing to see what works best for my environment. All the processes I've seen so far just gloss over the web server install step which implies to me that only basic HTTP functionality is all that's needed, but I thought it might be worth asking in case somebody got bitten by missing a module in the past.

Thanks,

Scott

sawozny
Posts: 29
Joined: 2019/07/13 22:19:14

Re: Needed Apache modules for a local yum repository

Post by sawozny » 2019/09/23 17:37:25

TrevorH wrote:
2019/09/23 14:04:25
I don't think the site even needs to serve any index contents at all. Yum requests repodata/repomd.xml which then tells it the names of all the other metadata files in the repodata directory and they tell it all about the packages and their filenames/versions etc.
That's a great point! The more I look into this, the more it appears all the server needs to do is serve named files which says to me that all you need in Apache httpd is the core and an MPM module to act as a local repo. If I go through the process and find anything different, I'll be sure to follow up. :)

Thanks,

Scott

pjsr2
Posts: 448
Joined: 2014/03/27 20:11:07

Re: Needed Apache modules for a local yum repository

Post by pjsr2 » 2019/09/23 18:46:20

And perhaps mod_ssl to be able to use https.
Otherwise just a bare apache installation.

sawozny
Posts: 29
Joined: 2019/07/13 22:19:14

Re: Needed Apache modules for a local yum repository

Post by sawozny » 2019/09/23 19:17:46

pjsr2 wrote:
2019/09/23 18:46:20
And perhaps mod_ssl to be able to use https.
Otherwise just a bare apache installation.
I briefly considered SSL/TLS as I'm generally a "security first" kind of guy, but I decided that since the data is all publicly available and my biggest concern is modification of the data rather than secrecy of it (confidentiality vs integrity in the CIA triangle :) ) I'm just going to use plain HTTP. If you have a compelling reason to encrypt that data in transit within a firewalled environment, I'd certainly like to hear your thoughts, but with complexity being the enemy of security, if I can't think of a good reason to add a moving part, I try to avoid it. :)

Thanks,

Scott

sawozny
Posts: 29
Joined: 2019/07/13 22:19:14

Re: Needed Apache modules for a local yum repository

Post by sawozny » 2020/03/19 02:32:14

Just a quick final note on this. I finally actually set up my repo and, as was mentioned by TrevorH, nothing outside of core and mpm were needed since the client knows exactly what it's looking and repomd.xml contain the needed breadcrumbs to the rest of the repo.

While not absolutely necessary, I decided to leave a few other modules enabled:
- mod_systemd because it's the way the distro packaged version was meant to be managed
- mod_authz_core since none of the Require directives work without it and they're nice to have from a security perspective
- mod_unixd enabled to allow me to drop down to an unprivileged user on start which is also more hygienic from a security perspective

Something that I discovered while testing my setup when I wanted to browse the web server with a browser (and was, to my chagrin, NOT in the Apache documentation) is that mod_autoindex doesn't work on it's own. If you do not ALSO enable mod_dir (and, preferably, neuter it with a DirectoryIndex disabled directive) it won't show the auto generated indexes. I'm going to ask the Apache httpd list if they think it's a bug or a missing point in the documentation. So, maybe that little tidbit will help someone, someday.

Thanks to those who responded to this topic,

Scott

Post Reply

Return to “CentOS 7 - General Support”