The Soothingly Seamless Setup of Apache, SSL, MySQL, and PHP - Apache (
Page 7 of 11 )
So far so good, time to
configure and install Mod_SSL and Apache. If your server is going to be in the
U.S., you will need to have the rsaref-2.0 files. You can search on
http://ftpsearch.lycos.com/ for "rsaref20.tar.Z" Make sure you get the *nix
distribution.
| + |
--------------------------------------------------------------------------------------------------------- |
+ |
| | |
IGNORE THE RSAREF SECTION
IF YOU ARE NOT IN THE U.S. |
| |
| + |
--------------------------------------------------------------------------------------------------------- |
+ |
Create the "rsaref"
directory where you will extract the files. Note that this assumes you have
downloaded to the temp directory where you are currently at.
# mkdir rsaref-2.0# cd rsaref-2.0# gzip -dc ../rsaref20.tar.Z | tar xvf -
Now configure and build the OpenSSL library. When you're a U.S.
citizen you have to build OpenSSL in conjunction with the RSAref library.
# cd rsaref-2.0# cp -rp install/unix local# cd
local#
make#
mv rsaref.a librsaref.a# cd ../..,
| + |
------------------------------------------------------------------------------------------------------------- |
+ |
| | |
END OF THE RSAREF SECTION,
PLEASE CONTINUE READING |
| |
| + |
-------------------------------------------------------------------------------------------------------------- |
+ |
Time to set up OpenSSL.
Remember, this is what you will use to create temporary certificates and CSR
files. The "--prefix" specifies the main installation directory.
NOTE:
Only include the "-L'pwd'/../rsaref-2.0/local/rsaref -fPIC'" line if you are a
U.S. citizen.
# gunzip -dc openssl-0.9.5a.tar.gz | tar xvf -# cd openssl-0.9.x#./config --prefix=/usr/local/ssl \-L`pwd`/../rsaref-2.0/local/rsaref
-fPIC
Now make it, test it, and install it.
#
make#
make test# make install# cd ..
We will configure the Mod_SSL module and then specify it to be a
loadable module with the Apache configuration.
# gunzip -dc mod_ssl-2.6.4-1.3.12.tar.gz |tar xvf -# cd
# ./configure --with-apache=../apache_1.3.12
# cd
..
Now we can add more Apache modules to the Apache source tree. The
optional "--enable-shared=ssl" option enables the building of mod_ssl as a DSO
`libssl.so." Read the INSTALL and htdocs/manual/dso.html documents in the Apache
source tree for more information about DSO support in Apache. We strongly advise
ISPs and package maintainers to use the DSO facility for maximum flexibility
with Mod_SSL, but notice that DSO is not supported by Apache on all platforms.
# cd apache_1.3.12# SSL_BASE=../openssl-0.9.x \
RSA_BASE=../rsaref-2.0/local
\
./configure \
--enable-module=ssl
\
--activate-module=src/modules/php4/libphp4.a \
--enable-module=php4
\
--prefix=/usr/local/apache \
--enable-shared=ssl
[...you can add more
options here...]
Make Apache, then make certificates, and install...
# make
If you have done everything right you will a message similar to the
following:
| + |
---------------------------------------------------------------------------------------------------------------- |
+ |
| | |
Before you install the
package you now should prepare the SSL |
| |
| | |
certificate system by
running the 'make certificate' command. |
| |
| | |
For different situations
the following variants are provided: |
| |
| | |
|
| |
| | |
% make certificate
TYPE=dummy (dummy self-signed Snake Oil cert) |
| |
| | |
% make certificate
TYPE=test (test cert signed by Snake Oil CA) |
| |
| | |
% make certificate
TYPE=custom (custom cert signed by own CA) |
| |
| | |
% make certificate
TYPE=existing (existing cert) |
| |
| | |
CRT=/path/to/your.crt
[KEY=/path/to/your.key] |
| |
| | |
Use TYPE=dummy when you're
a vendor package maintainer, |
| |
| | |
the TYPE=test when you're
an admin but want to do tests only, |
| |
| | |
the TYPE=custom when you're
an admin willing to run a real server |
| |
| | |
and TYPE=existing when
you're an admin who upgrades a server. |
| |
| | |
(The default is
TYPE=test) |
| |
| | |
|
| |
| | |
Additionally add ALGO=RSA
(default) or ALGO=DSA to select |
| |
| | |
the signature algorithm
used for the generated certificate. |
| |
| | |
|
| |
| | |
Use 'make certificate
VIEW=1' to display the generated data. |
| |
| | |
|
| |
| | |
Thanks for using Apache
& mod_ssl. Ralf S. Engelschall |
| |
| | |
rse@engelschall.com |
| |
| | |
www.engelschall.com |
| |
| | |
|
| |
| + |
---------------------------------------------------------------------------------------------------------------- |
+ |
Now you can create a custom certificate. This option will prompt
your for location, company, and a couple other things. Certificates are
explained in a separate tutorial.
# make certificate
TYPE=custom
Now install Apache..
# make
install
If everything went well, the message that you should see is
something similar to this:
| + |
-------------------------------------------------------------------------------------------- |
+ |
| | |
You now have successfully
built and installed the |
| |
| | |
Apache 1.3 HTTP server. To
verify that Apache actually |
| |
| | |
works correctly you now
should first check the |
| |
| | |
(initially created or
preserved) configuration files |
| |
| | |
|
| |
| | |
/usr/local/apache/conf/httpd.conf |
| |
| | |
and then you should be able
to immediately fire up |
| |
| | |
Apache the first time by
running: |
| |
| | |
|
| |
| | |
/usr/local/apache/bin/apachectl start |
| |
| | |
Or when you want to run it
with SSL enabled use: |
| |
| | |
|
| |
| | |
/usr/local/apache/bin/apachectl startssl |
| |
| | |
Thanks for using Apache.
The Apache Group |
| |
| | |
http://www.apache.org/ |
| |
| + |
-------------------------------------------------------------------------------------------- |
+ |
Now it's time to see if Apache and PHP are working, however, we
need to edit the httpd.conf of srm.conf to ensure we added the PHP type to the
configuration.
Look at the httpd.conf and uncomment the following lines.
If you have followed along with exactly the same instructions as this document,
your httpd.conf file will be located in the "/usr/local/apache/conf" directory.
The file has the addtype for PHP4 commented out, please uncomment it out at this
time. It should look something like this:
>
> # And for PHP 4.x, use:
>
#
---> AddType application/x-httpd-php .php
---> AddType
application/x-httpd-php-source .phps
>
>
Now we are ready to start the Apache server to see if its working.
First we will start the server without the SSL support to see if it comes up. We
will check for PHP support and then we will stop the server and start it with
the SSL support enabled and see if we got everything working. The configtest
will check that all the configuration is setup properly.
# cd /usr/local/apache/bin# ./apachectl configtest
Syntax
OK#
./apachectl start
./apachectl start: httpd started
