Configuring the Apache server

Enable KeepAlive

Enabling KeepAlive in httpd allows persistent connections. These long-lived HTTP sessions allow multiple requests to be sent over the same TCP connection, as it does not require separate connection set-ups for each file. This reduces some overhead and significantly reduces latency periods. By default, Fedora’s Apache httpd package has KeepAlive disabled. They should be enabled, with a timeout of two seconds. Don’t keep this very high since it may overload your server. Take a look at Figure 1 to see the changes required in the Apache configuration file.

Figure 1: Enabling KeepAlive in Apache

Handling of metadata

Metadata are typically defined as ‘data about data’. When you try to install a package or update a system, the first things that get downloaded are package metadata. These are files with information about the packages, their age and other details. If, for example, a computer has old metadata cached, according to which all the packages are up-to-date, no new updates will be installed into the system. To work around this, we explicitly add the Cache Control: must-revalidate option, which insists that Yum or any client must revalidate the metadata against the server before serving it from the cache. For this, add the following section to your /etc/httpd/conf/httpd.conf around the <Location> directive (around line 900; take a look at Figure 2 to get an understanding of the exact location):

<LocationMatch "\.(xml|xml\.gz|xml\.asc|sqlite)">
    Header set Cache-Control "must-revalidate"
    ExpiresActive On
    ExpiresDefault "now"
</LocationMatch>

Figure 2: Configuring metadata handling in Apache

Content types

ISO and RPM files should be served using MIME Content-Type: application/octet-stream. In Apache, this can be done inside a VirtualHost or similar section:

<VirtualHost *:80>
    AddType application/octet-stream .iso
    AddType application/octet-stream .rpm
</VirtualHost>

Limiting download accelerators

Download accelerators will try to open the same file many times, and request chunks, hoping to download them in parallel. This can overload already heavily-loaded mirror servers, and cause a denial of service. In order to limit connections to ISO directories by some amount, per IP, add this to your apache configuration file:

<IfModule mod_limitipconn.c>
    MaxConnPerIP 3
</IfModule>

To block ranged requests as this is, indeed, what download accelerators do, add this section to your apache configuration file:

RewriteEngine on
RewriteCond %{HTTP:Range} [0-9] $
RewriteRule \.iso$ / [F,L]

Restart Apache

Now restart Apache. If everything is fine, you should not get an error. If you can start the Apache server successfully, it means you are done with most things.