Apache & Mod_SSL - PHP

The much anticipated update to our original article on getting Apache, MySQL, Mod_SSL, and PHP to work seamlessly with each other is finally here! Ever try to get Apache, Mod_SSL, PHP, and MySQL all working in harmony on the same box? It's a very difficult task, but article author Israel Denis Jr. has come up with detailed instructions for compiling all these and getting them working together seamlessly to make the killer server software system.

TABLE OF CONTENTS:

By: Israel Denis Jr. and Eugene Otto

Poor Best

Rating:

/ 41

June 07, 2000

print this article

SEARCH DEV SHED

TOOLS YOU CAN USE

So far so good, time to configure and install Mod_SSL and Apache. If your server is going to be in the U.S., you will need to have the rsaref-2.0 files. You can search on http://ftpsearch.lycos.com/ for "rsaref20.tar.Z" Make sure you get the *nix distribution.

+	---------------------------------------------------------------------------------------------------------	+
\|	IGNORE THE RSAREF SECTION IF YOU ARE NOT IN THE U.S.	\|
+	---------------------------------------------------------------------------------------------------------	+

Create the "rsaref" directory where you will extract the files. Note that this assumes you have downloaded to the temp directory where you are currently at.

# mkdir rsaref-2.0
# cd rsaref-2.0
# gzip -dc ../rsaref20.tar.Z | tar xvf -

Now configure and build the OpenSSL library. When you're a U.S. citizen you have to build OpenSSL in conjunction with the RSAref library.

# cd rsaref-2.0
# cp -rp install/unix local
# cd local
# make
# mv rsaref.a librsaref.a
# cd ../..,

+	-------------------------------------------------------------------------------------------------------------	+
\|	END OF THE RSAREF SECTION, PLEASE CONTINUE READING	\|
+	--------------------------------------------------------------------------------------------------------------	+

Time to set up OpenSSL. Remember, this is what you will use to create temporary certificates and CSR files. The "--prefix" specifies the main installation directory.

NOTE: Only include the "-L'pwd'/../rsaref-2.0/local/rsaref -fPIC'" line if you are a U.S. citizen.

# gunzip -dc openssl-0.9.5a.tar.gz | tar xvf -
# cd openssl-0.9.x
#./config --prefix=/usr/local/ssl \
-L`pwd`/../rsaref-2.0/local/rsaref -fPIC

Now make it, test it, and install it.

# make
# make test
# make install
# cd ..

We will configure the Mod_SSL module and then specify it to be a loadable module with the Apache configuration.

# gunzip -dc mod_ssl-2.6.4-1.3.12.tar.gz |tar xvf -
# cd
# ./configure --with-apache=../apache_1.3.12
# cd ..

Now we can add more Apache modules to the Apache source tree. The optional "--enable-shared=ssl" option enables the building of mod_ssl as a DSO `libssl.so." Read the INSTALL and htdocs/manual/dso.html documents in the Apache source tree for more information about DSO support in Apache. We strongly advise ISPs and package maintainers to use the DSO facility for maximum flexibility with Mod_SSL, but notice that DSO is not supported by Apache on all platforms.

# cd apache_1.3.12
# SSL_BASE=../openssl-0.9.x \
RSA_BASE=../rsaref-2.0/local \
./configure \
--enable-module=ssl \
--activate-module=src/modules/php4/libphp4.a \
--enable-module=php4 \
--prefix=/usr/local/apache \
--enable-shared=ssl
[...you can add more options here...]

Make Apache, then make certificates, and install...

# make

If you have done everything right you will a message similar to the following:

+	----------------------------------------------------------------------------------------------------------------	+
\|	Before you install the package you now should prepare the SSL	\|
\|	certificate system by running the 'make certificate' command.	\|
\|	For different situations the following variants are provided:	\|
\|		\|
\|	% make certificate TYPE=dummy (dummy self-signed Snake Oil cert)	\|
\|	% make certificate TYPE=test (test cert signed by Snake Oil CA)	\|
\|	% make certificate TYPE=custom (custom cert signed by own CA)	\|
\|	% make certificate TYPE=existing (existing cert)	\|
\|	CRT=/path/to/your.crt [KEY=/path/to/your.key]	\|
\|	Use TYPE=dummy when you're a vendor package maintainer,	\|
\|	the TYPE=test when you're an admin but want to do tests only,	\|
\|	the TYPE=custom when you're an admin willing to run a real server	\|
\|	and TYPE=existing when you're an admin who upgrades a server.	\|
\|	(The default is TYPE=test)	\|
\|		\|
\|	Additionally add ALGO=RSA (default) or ALGO=DSA to select	\|
\|	the signature algorithm used for the generated certificate.	\|
\|		\|
\|	Use 'make certificate VIEW=1' to display the generated data.	\|
\|		\|
\|	Thanks for using Apache & mod_ssl. Ralf S. Engelschall	\|
\|	rse@engelschall.com	\|
\|	www.engelschall.com	\|
\|		\|
+	----------------------------------------------------------------------------------------------------------------	+

Now you can create a custom certificate. This option will prompt your for location, company, and a couple other things. Certificates are explained in a separate tutorial.

# make certificate TYPE=custom

Now install Apache..

# make install

If everything went well, the message that you should see is something similar to this:

+	--------------------------------------------------------------------------------------------	+
\|	You now have successfully built and installed the	\|
\|	Apache 1.3 HTTP server. To verify that Apache actually	\|
\|	works correctly you now should first check the	\|
\|	(initially created or preserved) configuration files	\|
\|		\|
\|	/usr/local/apache/conf/httpd.conf	\|
\|	and then you should be able to immediately fire up	\|
\|	Apache the first time by running:	\|
\|		\|
\|	/usr/local/apache/bin/apachectl start	\|
\|	Or when you want to run it with SSL enabled use:	\|
\|		\|
\|	/usr/local/apache/bin/apachectl startssl	\|
\|	Thanks for using Apache. The Apache Group	\|
\|	http://www.apache.org/	\|
+	--------------------------------------------------------------------------------------------	+

Now it's time to see if Apache and PHP are working, however, we need to edit the httpd.conf of srm.conf to ensure we added the PHP type to the configuration.

Look at the httpd.conf and uncomment the following lines. If you have followed along with exactly the same instructions as this document, your httpd.conf file will be located in the "/usr/local/apache/conf" directory. The file has the addtype for PHP4 commented out, please uncomment it out at this time. It should look something like this:

>
> # And for PHP 4.x, use:
> #
---> AddType application/x-httpd-php .php
---> AddType application/x-httpd-php-source .phps
>
>

Now we are ready to start the Apache server to see if its working. First we will start the server without the SSL support to see if it comes up. We will check for PHP support and then we will stop the server and start it with the SSL support enabled and see if we got everything working. The configtest will check that all the configuration is setup properly.

# cd /usr/local/apache/bin
# ./apachectl configtest
Syntax OK
# ./apachectl start
./apachectl start: httpd started

Next: Testing Our Work: Is Apache working? >>