The latest and greatest released version of Apache is always available
from the Apache Web site in the
http://www.apache.org/dist/>. If you look at that
page, one of the first things you’ll see is a link to a way of finding
a distribution point, or mirror, that’s closer to you.
|The Apache Software Foundation only supports downloading using HTTP
and the Web; FTP repositories are not provided. Mirror sites may or may
not provide FTP access to their distribution areas.
Exactly how you download the software depends on your Web browser,
but it may be as simple as holding down the ‘Shift’ key and clicking
on the name of the file.
There are two types of packages you can download from the Apache site:
- Packages containing only the Web server source code, and
- Packages containing the source code and a pre-built binary.
The source-only packages are located in the top directory of the
URL listed above; the prebuilt binaries are located in subdirectories
The Apache packages are named according to a formula:
The word ‘
apache‘, followed by
the three-component version number (e.g., ‘
optional suffix information (such as ‘
win32‘ to stress
that the package is for Windows, or ‘
which indicates a package built for Linux systems running on x86
hardware with a 2.* kernel version), followed by
package-type information (such as ‘
A package that is missing the optional suffix information, such as
apache_1.3.12.tar.gz‘, is a source-only
package. If you download such you will have to compile and build
the server yourself from scratch. Packages that include the
optional suffix have been pre-built for the named platform,
but they also include the source code in case you want or need to
rebuild the server yourself.
The version number is very important. It’s read from left to right,
and each component is treated as a number in its own right. So the
package named ‘
version ‘1.3.12’, which is pronounced ‘one point three point twelve,’ and
is more recent than ‘1.3.9’.
In addition to the packages themselves, there are frequently
accompanying signature files. These are used to verify
that the packages were really built by the Apache developers, and
have the same name as the package with either a ‘
.md5‘ suffix attached. To use these, you will
need either something that can read and verify PGP signatures (such
as PGP itself), or a tool that can generate MD5 checksums.
The MD5 checksum, if one is provided for the package, is easier to check.
You simply use your MD5 checksumming tool to generate a checksum
of the package, and then you compare that value with what’s in the
.md5 file. For example:
% md5sum apache_1.3.12.tar.gz de3ccff384b0d4ab94c3251cb85d49d2 apache_1.3.12.tar.gz % cat apache_1.3.12.tar.gz.md5 MD5 (apache_1.3.12.tar.gz) = de3ccff384b0d4ab94c3251cb85d49d2