The Soothingly Seamless Setup of Apache, SSL, MySQL, and PHP - Apache (Page 7 of 11 )
So far so good, time to configure and install Mod_SSL and Apache. If your server is going to be in the U.S., you will need to have the rsaref-2.0 files. You can search on http://ftpsearch.lycos.com/ for "rsaref20.tar.Z" Make sure you get the *nix distribution.
| + | --------------------------------------------------------------------------------------------------------- | + |
| | | IGNORE THE RSAREF SECTION IF YOU ARE NOT IN THE U.S. | | |
| + | --------------------------------------------------------------------------------------------------------- | + |
Create the "rsaref" directory where you will extract the files. Note that this assumes you have downloaded to the temp directory where you are currently at.
# mkdir rsaref-2.0# cd rsaref-2.0# gzip -dc ../rsaref20.tar.Z | tar xvf -
Now configure and build the OpenSSL library. When you're a U.S. citizen you have to build OpenSSL in conjunction with the RSAref library.
# cd rsaref-2.0# cp -rp install/unix local# cd local# make# mv rsaref.a librsaref.a# cd ../..,
| + | ------------------------------------------------------------------------------------------------------------- | + |
| | | END OF THE RSAREF SECTION, PLEASE CONTINUE READING | | |
| + | -------------------------------------------------------------------------------------------------------------- | + |
Time to set up OpenSSL. Remember, this is what you will use to create temporary certificates and CSR files. The "--prefix" specifies the main installation directory.
NOTE: Only include the "-L'pwd'/../rsaref-2.0/local/rsaref -fPIC'" line if you are a U.S. citizen.
# gunzip -dc openssl-0.9.5a.tar.gz | tar xvf -# cd openssl-0.9.x#./config --prefix=/usr/local/ssl \-L`pwd`/../rsaref-2.0/local/rsaref -fPIC
Now make it, test it, and install it.
# make# make test# make install# cd ..
We will configure the Mod_SSL module and then specify it to be a loadable module with the Apache configuration.
# gunzip -dc mod_ssl-2.6.4-1.3.12.tar.gz |tar xvf -# cd
# ./configure --with-apache=../apache_1.3.12
# cd ..
Now we can add more Apache modules to the Apache source tree. The optional "--enable-shared=ssl" option enables the building of mod_ssl as a DSO `libssl.so." Read the INSTALL and htdocs/manual/dso.html documents in the Apache source tree for more information about DSO support in Apache. We strongly advise ISPs and package maintainers to use the DSO facility for maximum flexibility with Mod_SSL, but notice that DSO is not supported by Apache on all platforms.
# cd apache_1.3.12# SSL_BASE=../openssl-0.9.x \
RSA_BASE=../rsaref-2.0/local \
./configure \
--enable-module=ssl \
--activate-module=src/modules/php4/libphp4.a \
--enable-module=php4 \
--prefix=/usr/local/apache \
--enable-shared=ssl
[...you can add more options here...]
Make Apache, then make certificates, and install...
# make
If you have done everything right you will a message similar to the following:
| + | ---------------------------------------------------------------------------------------------------------------- | + |
| | | Before you install the package you now should prepare the SSL | | |
| | | certificate system by running the 'make certificate' command. | | |
| | | For different situations the following variants are provided: | | |
| | | | | |
| | | % make certificate TYPE=dummy (dummy self-signed Snake Oil cert) | | |
| | | % make certificate TYPE=test (test cert signed by Snake Oil CA) | | |
| | | % make certificate TYPE=custom (custom cert signed by own CA) | | |
| | | % make certificate TYPE=existing (existing cert) | | |
| | | CRT=/path/to/your.crt [KEY=/path/to/your.key] | | |
| | | Use TYPE=dummy when you're a vendor package maintainer, | | |
| | | the TYPE=test when you're an admin but want to do tests only, | | |
| | | the TYPE=custom when you're an admin willing to run a real server | | |
| | | and TYPE=existing when you're an admin who upgrades a server. | | |
| | | (The default is TYPE=test) | | |
| | | | | |
| | | Additionally add ALGO=RSA (default) or ALGO=DSA to select | | |
| | | the signature algorithm used for the generated certificate. | | |
| | | | | |
| | | Use 'make certificate VIEW=1' to display the generated data. | | |
| | | | | |
| | | Thanks for using Apache & mod_ssl. Ralf S. Engelschall | | |
| | | rse@engelschall.com | | |
| | | www.engelschall.com | | |
| | | | | |
| + | ---------------------------------------------------------------------------------------------------------------- | + |
Now you can create a custom certificate. This option will prompt your for location, company, and a couple other things. Certificates are explained in a separate tutorial.
# make certificate TYPE=custom
Now install Apache..
# make install
If everything went well, the message that you should see is something similar to this:
| + | -------------------------------------------------------------------------------------------- | + |
| | | You now have successfully built and installed the | | |
| | | Apache 1.3 HTTP server. To verify that Apache actually | | |
| | | works correctly you now should first check the | | |
| | | (initially created or preserved) configuration files | | |
| | | | | |
| | | /usr/local/apache/conf/httpd.conf | | |
| | | and then you should be able to immediately fire up | | |
| | | Apache the first time by running: | | |
| | | | | |
| | | /usr/local/apache/bin/apachectl start | | |
| | | Or when you want to run it with SSL enabled use: | | |
| | | | | |
| | | /usr/local/apache/bin/apachectl startssl | | |
| | | Thanks for using Apache. The Apache Group | | |
| | | http://www.apache.org/ | | |
| + | -------------------------------------------------------------------------------------------- | + |
Now it's time to see if Apache and PHP are working, however, we need to edit the httpd.conf of srm.conf to ensure we added the PHP type to the configuration.
Look at the httpd.conf and uncomment the following lines. If you have followed along with exactly the same instructions as this document, your httpd.conf file will be located in the "/usr/local/apache/conf" directory. The file has the addtype for PHP4 commented out, please uncomment it out at this time. It should look something like this:
>
> # And for PHP 4.x, use:
> #
---> AddType application/x-httpd-php .php
---> AddType application/x-httpd-php-source .phps
>
>
Now we are ready to start the Apache server to see if its working. First we will start the server without the SSL support to see if it comes up. We will check for PHP support and then we will stop the server and start it with the SSL support enabled and see if we got everything working. The configtest will check that all the configuration is setup properly.
# cd /usr/local/apache/bin# ./apachectl configtest
Syntax OK# ./apachectl start
./apachectl start: httpd started
Next: Testing Our Work: Is Apache working? >>
More PHP Articles
More By Israel Denis Jr. and Eugene Otto
