This is a log of my installation/Compilation of Apache DSO with SSL, MM, and Tomcat 3.1 Beta 1 (source distribution) under Linux RH 6.1 (i.e., for kernel 2.2.x). You may want to read my FAQ on Tomcat 3.1 beta 1. since it will be easier to follow this installation log. It is available at: http://www.ccl.net/cca/software/UNIX/apache/tomcat3.1b1-faq.html This stuff if based on INSTALL file which comes with mod_ssl and on the http://www.servlets.com/soapbox/techtips/ December 8, 1999 "Install instructions for Apache 1.3.9 with Tomcat 3.0" by Jason Hunter. If you are outside US, please look into INSTALL which comes with mod_ssl, since you do not need RSAREF and can use more robust code [your 8) and apache configure will be different]. 1) You actually may need a Korn shell to save yourself editing since some scripts require it. It is called Public Domain Korn shell, "pdksh". The easiest way is to get it as RPM from http://rufus.w3.org/ for RH 6.1. Go to: http://rufus.w3.org/linux/RPM/redhat/6.1/i386/PByName.html click on pdksh-5.2.14-1 and then do "Save Link to file" for the link "pdksh-5.2.14-1 RPM for i386". Copy the pdksh-5.2.14-1.i386.rpm to /usr/src/redhat/RPMS/i386 cd /usr/src/redhat/RPMS/i386 rpm -Uhv pdksh-5.2.14-1.i386.rpm 2) Install Java 1.2 under linx RH 6.1 Note... Usually, you do not have Java installed. But with older Linuces, there were various ports to Java (e.g., Kaffe). You have to remove them from your system. If you are not sure if you have java installed and in the path, just type java and see what happens. If it says: java: command not found you are OK. Java -- took jdk1.2 from one of the mirrors of www.blackdown.org North America 1.ftp://iodynamics.com/pub/mirror/linux-jdk/ 2.ftp://ftp.infomagic.com/pub/mirrors/linux/Java/ 3.ftp://metalab.unc.edu/pub/linux/devel/lang/java/blackdown.org/ 4.ftp://xfer.nitric.com/pub/java-linux 5.http://xfer.nitric.com/pub/java-linux There is also JDK for linux available from Sun, in: http://java.sun.com/products/jdk/1.2/download-linux.html It is supposedly suitable for older Linux kernel. I do not know. I used RH6.1 and blackdown 1.2.2_RC4. I actually took Release 4 from ftp://iodynamics.com/pub/mirror/linux-jdk/JDK-1.2.2/i386/rc4/ What you need is a file: jdk-1.2.2-RC4-linux-i386-glibc-2.1.2.sh I placed it in my usual download directory: /usr/local/src/java Then I ran the self installing shell script as: chmod 755 \ /usr/local/src/java/jdk-1.2.2-RC4-linux-i386-glibc-2.1.2.sh cd /usr/local /usr/local/src/java/jdk-1.2.2-RC4-linux-i386-glibc-2.1.2.sh It installed the JDK 1.2.2 in /usr/local/jdk1.2.2 4) Set your environment variables for Java (I am assuming you use some Bourne shell lookalike -- ksh or bash. JAVA_HOME=/usr/local/jdk1.2.2 export JAVA_HOME PATH=/usr/local/bin:${JAVA_HOME}/bin:${PATH} export PATH CLASSPATH=${JAVA_HOME}/lib/tools.jar:${JAVA_HOME}/lib/dt.jar export CLASSPATH 5) Make top directory for Tomcat installation. I did /usr/local/apache_t3.1b1 but if you do some other, you need to remember to use it in the instructions below, mkdir /usr/local/apache_t3.1b1 6) I also make a subdirectory sources to have all needed sources in one place. mkdir /usr/local/apache_t3.1b1/sources cd /usr/local/apache_t3.1b1/sources place there tar files, and then unpack them as shown below: a) apache_1.3.12.tar.gz from http://www.apache.org/dist/ gtar zxvf apache_1.3.12.tar.gz b) mod_ssl-2.6.2-1.3.12.tar.gz from http://www.modssl.org gtar zxvf mod_ssl-2.6.2-1.3.12.tar.gz c) openssl-0.9.5.tar.gz from http://www.openssl.org gtar zxvf openssl-0.9.5.tar.gz d) mm-1.0.12.tar.gz from http://www.engelschall.com/sw/mm/ gtar zxvf mm-1.0.12.tar.gz e) rsaref20.tar.Z -- it is no longer distributed, and I got it from my private museum. It is available from many places on the Web outside US. Search the Web FOR RSAREF 2.0. mkdir rsaref-2.0 cd rsaref-2.0 gtar Zxvf ../rsaref20.tar.Z cd .. f) tar.gz sources for tomcat 3.1 beta 1 from http://jakarta.apache.org/builds/tomcat/release/v3.1_beta_1/src jakarta-ant.tar.gz jakarta-tomcat.tar.gz jakarta-tools.tar.gz jakarta-watchdog.tar.gz I untarred them as: cd /usr/local/apache_t3.1b1/sources gtar zxvf jakarta-ant.tar.gz gtar zxvf jakarta-tomcat.tar.gz gtar zxvf jakarta-tools.tar.gz gtar zxvf jakarta-watchdog.tar.gz 7) Compiled RSAREF library for openssl since we are in US and RSA has a patent, and we cannot use the decent implementation of crypto libraries. If you are in Europe, you can skip this thing. cd /usr/local/apache_t3.1b1/sources/rsaref-2.0 cp -rp install/unix local cd local edited makefile to have CC = gcc changed all occurrances of cc --> $(CC) added -fPIC to CFLAGS make mv rsaref.a librsaref.a 8) Compiled the openssl [if you are in Europe, you need to check the mod_ssl INSTALL not to include RSAREF] cd /usr/local/apache_t3.1b1/sources/openssl-0.9.5 sh config \ -L/usr/local/apache_t3.1b1/sources/rsaref-2.0/local/rsaref -fPIC make make test 9) Compiled MM shared memory library cd /usr/local/apache_t3.1b1/sources/mm-1.0.12 ./configure --disable-shared make cd .. 10) Configured mod_ssl cd /usr/local/apache_t3.1b1/sources/mod_ssl-2.6.2-1.3.12 EAPI_MM=../mm-1.0.12 \ ./configure \ --with-apache=/usr/local/apache_t3.1b1/sources/apache_1.3.12 11) Configure and make and install Apache with DSO support: cd /usr/local/apache_t3.1b1/sources/apache_1.3.12 SSL_BASE=/usr/local/apache_t3.1b1/sources/openssl-0.9.5 \ RSA_BASE=/usr/local/apache_t3.1b1/sources/rsaref-2.0/local \ EAPI_MM=/usr/local/apache_t3.1b1/sources/mm-1.0.12 \ ./configure --prefix=/usr/local/apache_t3.1b1 \ --enable-module=so \ --enable-rule=SHARED_CORE \ --enable-module=most \ --enable-shared=max \ --enable-module=ssl \ --enable-shared=ssl make make certificate TYPE=custom make install My entries for certificates with make certificate TYPE=custom were defaults, no passwords, and: STEP 0: R STEP 2: 1. Country Name [XY]:US 2. State or Province Name [Snake Desert]:Ohio 3. Locality Name [Snake Town]:Columbus 4. Organization Name [Snake Oil, Ltd]:OSC 5. Organizational Unit Name [Cer..Authority]:Gateway 6. Common Name [Snake Oil CA]:pse.ccl.net 7. Email Address [ca@snakeoil.dom]:jkl@ccl.net 8. Certificate Validity [365]:1000 STEP 3: 3 STEP 5: 1. Country Name [XY]:US 2. State or Province Name [Snake Desert]:Ohio 3. Locality Name [Snake Town]:Columbus 4. Organization Name [Snake Oil, Ltd]:OSC 5. Organizational Unit Name [Webserver Team]:PSE 6. Common Name [www.snakeoil.dom]:pse.ccl.net 7. Email Address [www@snakeoil.dom]:jkl@ccl.net 8. Certificate Validity [365]:1001 STEP 6: 3 STEP 7:n STEP 8:n 12) edited a file in /usr/local/apache_t3.1b1/conf/httpd.conf and added (actually uncommented): ServerName pse.ccl.net 13) Testing if Apache works: a) make sure other installation of apache is not running, or if it runs, it does not use port 80 and port 443. (do: ps auwx | grep httpd), and if httpd runs, kill it with its own apachectl script or just use (not recommended) killall httpd b) start apache with: /usr/local/apache_t3.1b1/bin/apachectl startssl If you have warning, you have a problem, and try to do "exactly what I say" next time {:-)}. c) Use your browser (preferable on some other machine) and check if http: and https: work In my case, I tries URLs: http://pse.ccl.net/ and https://pse.ccl.net/ In the https case you should get a lot of windows which ask you for accepting the certificate. Just click Next to see if you can go through to the page. d) Stop apache, since you are not finshed yet. /usr/local/apache_t3.1b1/bin/apachectl stop 14) Compiled mod_jserv.so included in jakarta-tomcat zip archive. First, I added a correction from tomcat-dev@jakarta.apache.org list: In jserv_ajpv12.c in function original_uri(request_rec *r) the line : while (*last && !ap_isspace(*last)) { needs to be changed to while (*last && !ap_isspace(*last) && *last != '?') { cd /usr/local/apache_t3.1b1/sources cd jakarta-tomcat/src/native/apache/jserv /usr/local/apache_t3.1b1/bin/apxs -c mod_jserv.c jserv*.c cp mod_jserv.so /usr/local/apache_t3.1b1/libexec 15) Building and installing tomcat cd /usr/local/apache_t3.1b1/sources/jakarta-ant ./bootstrap.sh ./build.sh PATH=${PATH}:/usr/local/apache_t3.1b1/sources/jakarta-ant/bin export PATH ANT_HOME=/usr/local/apache_t3.1b1/sources/jakarta-ant export ANT_HOME cd /usr/local/apache_t3.1b1/sources/jakarta-tomcat ./build.sh 16) Starting stand alone tomcat and testing: cd /usr/local/apache_t3.1b1/sources/build/tomcat/bin edited startup.sh to be: -------------------- cut start -------------- #!/bin/sh # original comments which where there JAVA_HOME=/usr/local/jdk1.2.2 export JAVA_HOME PATH=/usr/local/bin:${JAVA_HOME}/bin:${PATH} PATH=${PATH}:/usr/local/apache_t3.1b1/sources/build/tomcat/bin export PATH CLASSPATH=${JAVA_HOME}/lib/tools.jar:${JAVA_HOME}/lib/dt.jar export CLASSPATH BASEDIR=/usr/local/apache_t3.1b1/sources/build/tomcat/bin export BASEDIR $BASEDIR/tomcat.sh start "$@" -------------------- cut end -------------- edited shutdown.sh to be: -------------------- cut start -------------- #!/bin/sh # original comments which where there JAVA_HOME=/usr/local/jdk1.2.2 export JAVA_HOME PATH=/usr/local/bin:${JAVA_HOME}/bin:${PATH} PATH=${PATH}:/usr/local/apache_t3.1b1/sources/build/tomcat/bin export PATH CLASSPATH=${JAVA_HOME}/lib/tools.jar:${JAVA_HOME}/lib/dt.jar export CLASSPATH BASEDIR=/usr/local/apache_t3.1b1/sources/build/tomcat/bin export BASEDIR $BASEDIR/tomcat.sh stop "$@" -------------------- cut end -------------- Then I did: ./startup.sh In my browser I called: http://pse.ccl.net:8080/ and it gave me the Tomcat examples page. Examples worked, so I shut down. ./shutdown.sh 17) Added tomcat.conf to httpd.conf by adding a line: Include /usr/local/apache_t3.1b1/sources/build/tomcat/conf/tomcat.conf at the end of /usr/local/apache_t3.1b1/conf/httpd.conf 18) In /usr/local/apache_t3.1b1/bin cp apachctl apache-tomcat and edited apache-tomcat to have a script to start/stop tomcat/apache a) At the beginning, just after "END CONFIGURATION SECTION" I added: TOMCAT_HOME=/usr/local/apache_t3.1b1/sources/build/tomcat export TOMCAT_HOME JAVA_HOME=/usr/local/jdk1.2.2 export JAVA_HOME PATH=$JAVA_HOME/bin:${PATH} export PATH b) under case startssl added 2 lines after: if $HTTPD -DSSL; then cd $TOMCAT_HOME/bin ./startup.sh c) under case stop added 2 lines after: if kill $PID ; then cd $TOMCAT_HOME/bin ./shutdown.sh d) changed apache-tomcat to executable : chmod 755 /usr/local/apache_t3.1b1/bin/apache-tomcat 19) Started the apache/tomcat as: /usr/local/apache_t3.1b1/bin/apache-tomcat startssl and checked if http://pse.ccl.net/examples and https://pse.ccl.net/examples worked. They did, so I killed the server with: /usr/local/apache_t3.1b1/bin/apache-tomcat stop 20) changed permissions/ownership on the example directories cd /usr/local/apache_t3.1b1/sources/build/tomcat/webapps chown -R root.users . chmod -R g+w . find . -type d -exec chmod g+s {} \; cd /usr/local/apache_t3.1b1/sources/build/tomcat/logs chown -R nobody . chmod -R g+w . 21) Changed ports. Since we have the previous (3.1M1) version of apache/tomcat running, I had to change ports in this version not to collide with the other installation: Orig New Files affected http(apache) --> 80 --> 9080 conf/httpd.conf https --> 443 --> 9443 conf/httpd.conf http(tomcat) --> 8080 --> 9090 sources/build/tomcat/conf/server.xml sources/build/tomcat/conf/test-tomcat.xml tomcat/jserv --> 8007 --> 9007 sources/build/tomcat/conf/tomcat.conf sources/build/tomcat/conf/tomcat.properties sources/build/tomcat/conf/server.xml 22) After tomcat/apache is installed, the default configuration of mod_jserv.c and mod_rewrite_c is wrong, since mod_jserv follows mod_rewrite (for details look up: http://www.magiccookie.com/computers/apache-jserv/ To fix it I put mod_serv before mod_rewrite in LoadModule jserv_module libexec/mod_jserv.so LoadModule rewrite_module libexec/mod_rewrite.so and AddModule mod_jserv.c AddModule mod_rewrite.c and commented out the line # LoadModule jserv_module libexec/mod_jserv.so in /usr/local/apache_t3.1b1/sources/build/tomcat/conf/tomcat.conf 23) Adding other tomcat "web applications" beside "examples" so they can also be access via Apache Web server. /usr/local/apache_t3.1b1/sources/build/tomcat/webapps/ROOT /usr/local/apache_t3.1b1/sources/build/tomcat/webapps/test /usr/local/apache_t3.1b1/sources/build/tomcat/webapps/admin Note, I also provide for the Basic Authentication in both http and https. If you want to be picky, you need to disable the Basic Authentication on the http port since it is profoundly unsafe. To mount the original Tomcat directories I added following lines to: /usr/local/apache_t3.1b1/sources/build/tomcat/conf/tomcat.conf ApJServMount /docs /root AuthType Basic AuthName "For internal users only" AuthUserFile /usr/local/apache/auth/avspass AuthGroupFile /usr/local/apache/auth/avspeople AuthType Basic require group avs ApJServMount /test /root AuthType Basic AuthName "For internal users only" AuthUserFile /usr/local/apache/auth/avspass AuthGroupFile /usr/local/apache/auth/avspeople AuthType Basic require group avs ApJServMount /admin /root AuthType Basic AuthName "For internal users only" AuthUserFile /usr/local/apache/auth/avspass AuthGroupFile /usr/local/apache/auth/avspeople AuthType Basic require group avs In /usr/local/apache_t3.1b1/sources/build/tomcat/conf/server.xml added: (note, I left the entry: unchanged, since it corresponds to a TOP directory of Tomcat). Unfortunately, this messed up the links in the original tomcat examples when viewed via Apache port (9080). It is becausein Tomcat the URL to top directory / corresponds to real directory: /usr/local/apache_t3.1b1/sources/build/tomcat/webapps while in Apache it corresponds to /usr/local/apache_t3.1b1/htdocs Moreover, the /docs in apache corresponds to / in tomcat. I cleaned it up by adding following contexts ApJServMount /docs/examples /root ApJServMount /docs/test /root ApJServMount /docs/admin /root to /usr/local/apache_t3.1b1/sources/build/tomcat/conf/tomcat.conf and adding them to 24) To deal with docs/examples --> /examples problem I also tried to use rewrite modules of apache. I have put the following lines into /usr/local/apache_t3.1b1/sources/build/tomcat/conf/tomcat.conf RewriteEngine On RewriteRule ^/docs/examples /examples [R] RewriteRule ^/docs/test /test [R] RewriteRule ^/docs/admin /admin [R] RewriteRule ^/tomcat.gif /docs/tomcat.gif [R] Worked perfectly!!! Note, if you do not put mod_jserv before mod_rewrite in module activation section of httpd.conf, the stuff will not work!!! 25) But this was about original Tomcat examples and stuff, which I did not want to move, so I have something to relate to. For production you need to put your web applications under the Web Document Tree of Apache, i.e., the directory which is given on the line: DocumentRoot "/some/directory/on/your/machine" in the httpd.conf file for your server (or virtual server). To do this, I created a skeleton of the web application called AVS and mounted it as AVS under Apache DocumentRoot. My $APACHE_HOME is /usr/local/apache_t3.1b1. I created directory ASV under it: cd /usr/local/apache_t3.1b1/htdocs mkdir AVS cd AVS mkdir WEB-INF mkdir WEB-INF/classes mkdir WEB-INF/classes/WorkshopRequest mkdir WEB-INF/classes/oscViz In the top directory of my web application, i.e., /usr/local/apache_t3.1b1/htdocs/AVS I placed all the images, *.jsp, *.css, and *.html files. This was a small web application, and I did not have to get elaborate directory structure. In the WEB-INF/classes I placed JavaBeans needed by the JSP pages. I then added the following to the /usr/local/apache_t3.1b1/sources/build/tomcat/conf/tomcat.conf file: ApJServMount /AVS /root AuthType Basic AuthName "For internal users only" AuthUserFile /usr/local/apache/auth/avspass AuthGroupFile /usr/local/apache/auth/avspeople AuthType Basic require group avs This tells Apache that the requests to directory: /usr/local/apache_t3.1b1/htdocs/AVS (i.e., URLs location http://pse.ccl.net:9080/AVS) should be redirected to Tomcat for processing, and that Basic Authentication needs be done for group defined in /usr/local/apache/auth/avspeople whose id/password pairs are stored in /usr/local/apache/auth/avspass. The Authentication Realm is "For internal users only". I also needed to tell Tomcat that we have a new Web application. I edited file: /usr/local/apache_t3.1b1/sources/build/tomcat/conf/server.xml and added there a piece like this: I also had to provide the web application init file. My /usr/local/apache_t3.1b1/htdocs/AVS/WEB-INF/web.xml was very simple: -------------- cut here ----------- -------------- cut here ----------- i.e., take defaults. I restarted the Apache as: /usr/local/apache_t3.1b1/bin/apache-tomcat stop /usr/local/apache_t3.1b1/bin/apache-tomcat startssl and I was extremely happy when I was clicking on the button for the form: http://pse.ccl.net:9080/AVS/workshop_request.html and https://pse.ccl.net:9443/AVS/workshop_request.html Sorry that you will not see it, since it is password protected. But if you read carefully, you can see this test page which does nothing, by using another port, and you will not be asked for password.