This is a log of my installation/Compilation of Apache DSO
with SSL, MM, and Tomcat 3.1 Beta 1 (source distribution) Solaris
SunOS heechee 5.7 Generic_106541-08 sun4u sparc SUNW,Ultra-250
You may want to read my FAQ on Tomcat 3.1 beta 1. since it will be
easier to follow this installation log. It is available at:
http://www.ccl.net/cca/software/UNIX/apache/tomcat3.1b1-faq.html
This stuff if based on INSTALL file which comes with mod_ssl
and on the
http://www.servlets.com/soapbox/techtips/
December 8, 1999
"Install instructions for Apache 1.3.9 with Tomcat 3.0"
by Jason Hunter.
If you are outside US, please look into INSTALL which comes
with mod_ssl, since you do not need RSAREF and can use more
robust code [your 8) and apache configure will be different].
2) Install Java 1.2 under Solaris if you do not have it.
If you type
java -version
and it tells you that you have JDK 1.2, you are OK.
If not you need to install. It is simple. You get a package
from http://www.javasoft.com/:
a) click on Products & APIs
b) choose JAVA 2 SDK, Standard Edition
http://www.javasoft.com/products/jdk/1.2/index.html
c) take: Java 2 SDK SolarisTM Production Release (J2SE)
[I really wonder whu Sun constantly changes names. It is
some ill-advised marketing ploy which unfortunately wastes
a lot of time of other people]. You need:
d) You need essentially all files. I placed them in /usr/local/java
393617 Feb 2 09:56 1.2.1_04_Developer-Guide.ps
37347 Feb 2 09:56 1.2.1_04_Release-Notes.html
274881 Feb 2 09:56 1.2.1_04_docs_sparc.tar.Z
13287936 Feb 2 09:58 1.2.1_04_patches_sparc_5.5.1.tar
4773888 Feb 2 09:58 1.2.1_04_patches_sparc_5.7.tar
11592 Feb 2 09:58 README.sparc
19826325 Feb 2 10:01 Solaris_JDK_1.2.1_04_sparc.bin
e) Read the README.sparc and do what they say.
i) chmod +x Solaris_JDK_1.2.1_04_sparc.bin
ii) ./Solaris_JDK_1.2.1_04_sparc.bin
iii) Move the old install directory of Java 2 (if exists):
mv /usr/java1.2 /usr/java1.2_previous
iii) move the directory Solaris_JDK_1.2.1_04 just created to
where you want it, and you better want it at /usr/java1.2
mv Solaris_JDK_1.2.1_04 /usr/java1.2
iv) Since my solaris is 2.7
% uname -a
SunOS heechee 5.7 Generic_106541-08 sun4u sparc SUNW,Ultra-250
I used patches for it:
tar xvf 1.2.1_04_patches_sparc_5.7.tar
This created a directory ./5.7 with for tar.Z files in it
284963 Oct 26 19:57 106980-05.tar.Z
2660971 Oct 26 19:57 107078-10.tar.Z
1308491 Oct 26 19:57 107607-01.tar.Z
514653 Oct 26 19:57 107636-01.tar.Z
v) I unpacked each patch as:
gtar Zxvf 1xxxxxx-xx.tar.Z
this creates a directory 1xxxxxx-xx for each patch
cd 1xxxxxx-xx
and read README.106980-05. Then run pkgadd
pkgadd -d . SUN*
and answer yes.
f) test if java installed corretly:
java -version
java version "1.2.1"
Solaris VM (build Solaris_JDK_1.2.1_04, native threads, sunwjit)
4) Set your environment variables for Java (I am assuming you use
some Bourne shell lookalike -- ksh or bash.
JAVA_HOME=/usr/java1.2
export JAVA_HOME
PATH=/usr/local/bin:${JAVA_HOME}/bin:${PATH}
export PATH
CLASSPATH=${JAVA_HOME}/lib/tools.jar:${JAVA_HOME}/lib/dt.jar
export CLASSPATH
5) Make top directory for Tomcat installation. I did
/usr/local/apache_t3.1b1 but if you do some other, you
need to remember to use it in the instructions below,
mkdir /usr/local/apache_t3.1b1
6) I also make a subdirectory sources to have all needed sources
in one place.
mkdir /usr/local/apache_t3.1b1/sources
cd /usr/local/apache_t3.1b1/sources
place there tar files, and then unpack them as shown below:
a) apache_1.3.12.tar.gz from http://www.apache.org/dist/
gtar zxvf apache_1.3.12.tar.gz
b) mod_ssl-2.6.2-1.3.12.tar.gz from http://www.modssl.org
gtar zxvf mod_ssl-2.6.2-1.3.12.tar.gz
c) openssl-0.9.5.tar.gz from http://www.openssl.org
gtar zxvf openssl-0.9.5.tar.gz
d) mm-1.0.12.tar.gz from http://www.engelschall.com/sw/mm/
gtar zxvf mm-1.0.12.tar.gz
e) rsaref20.tar.Z -- it is no longer distributed, and I got it
from my private museum. It is available from many places
on the Web outside US. Search the Web FOR RSAREF 2.0.
mkdir rsaref-2.0
cd rsaref-2.0
gtar Zxvf ../rsaref20.tar.Z
cd ..
f) tar.gz sources for tomcat 3.1 beta 1 from
http://jakarta.apache.org/builds/tomcat/release/v3.1_beta_1/src
jakarta-ant.tar.gz
jakarta-tomcat.tar.gz
jakarta-tools.tar.gz
jakarta-watchdog.tar.gz
I untarred them as:
cd /usr/local/apache_t3.1b1/sources
gtar zxvf jakarta-ant.tar.gz
gtar zxvf jakarta-tomcat.tar.gz
gtar zxvf jakarta-tools.tar.gz
gtar zxvf jakarta-watchdog.tar.gz
7) Compiled RSAREF library for openssl since we are in US and RSA has
a patent, and we cannot use the decent implementation of crypto
libraries. If you are in Europe, you can skip this thing.
cd /usr/local/apache_t3.1b1/sources/rsaref-2.0
cp -rp install/unix local
cd local
edited makefile to have
CC = gcc
changed all occurrances of cc --> $(CC)
added -fPIC to CFLAGS
make
mv rsaref.a librsaref.a
8) Compiled the openssl [if you are in Europe, you need to
check the mod_ssl INSTALL not to include RSAREF]
cd /usr/local/apache_t3.1b1/sources/openssl-0.9.5
sh config \
-L/usr/local/apache_t3.1b1/sources/rsaref-2.0/local/rsaref -fPIC
make
make test
9) Compiled MM shared memory library
cd /usr/local/apache_t3.1b1/sources/mm-1.0.12
./configure --disable-shared
make
cd ..
10) Configured mod_ssl
cd /usr/local/apache_t3.1b1/sources/mod_ssl-2.6.2-1.3.12
EAPI_MM=../mm-1.0.12 \
./configure \
--with-apache=/usr/local/apache_t3.1b1/sources/apache_1.3.12
11) Configure and make and install Apache with DSO support:
cd /usr/local/apache_t3.1b1/sources/apache_1.3.12
SSL_BASE=/usr/local/apache_t3.1b1/sources/openssl-0.9.5 \
RSA_BASE=/usr/local/apache_t3.1b1/sources/rsaref-2.0/local \
EAPI_MM=/usr/local/apache_t3.1b1/sources/mm-1.0.12 \
./configure --prefix=/usr/local/apache_t3.1b1 \
--enable-module=so \
--enable-rule=SHARED_CORE \
--enable-module=most \
--enable-shared=max \
--enable-module=ssl \
--enable-shared=ssl
make
make certificate TYPE=custom
make install
My entries for certificates with
make certificate TYPE=custom
were defaults, no passwords, and:
STEP 0: R
STEP 2:
1. Country Name [XY]:US
2. State or Province Name [Snake Desert]:Ohio
3. Locality Name [Snake Town]:Columbus
4. Organization Name [Snake Oil, Ltd]:OSC
5. Organizational Unit Name [Cer..Authority]:Gateway
6. Common Name [Snake Oil CA]:heechee.ccl.net
7. Email Address [ca@snakeoil.dom]:jkl@ccl.net
8. Certificate Validity [365]:1000
STEP 3: 3
STEP 5:
1. Country Name [XY]:US
2. State or Province Name [Snake Desert]:Ohio
3. Locality Name [Snake Town]:Columbus
4. Organization Name [Snake Oil, Ltd]:OSC
5. Organizational Unit Name [Webserver Team]:PSE
6. Common Name [www.snakeoil.dom]:heechee.ccl.net
7. Email Address [www@snakeoil.dom]:jkl@ccl.net
8. Certificate Validity [365]:1001
STEP 6: 3
STEP 7:n
STEP 8:n
After I created the certiricates, and did make install for apache
I copied previous certificates, from my original install of Apache
So I did not mess up people who already have the certificate for this
machine. My previous certificates where
/usr/local/apache_JServ1.1-SC99/conf
And I did:
cd /usr/local/apache_JServ1.1-SC99/conf
gtar zcvf /usr/local/certificates.tar.gz ssl*
cd /usr/local/apache_t3.1b1/conf
gtar zxvf /usr/local/certificates.tar.gz
12) edited a file in /usr/local/apache_t3.1b1/conf/httpd.conf and
added (actually uncommented):
ServerName heechee.ccl.net
13) Testing if Apache works:
a) make sure other installation of apache is not running,
or if it runs, it does not use port 80 and port 443.
(do: ps -ef | grep httpd), and if httpd runs, kill it
with its own apachectl script or just use
kill pid
for each httpd running (do: ps -ef | grep httpd)
b) start apache with:
/usr/local/apache_t3.1b1/bin/apachectl startssl
If you have warning, you have a problem, and try to
do "exactly what I say" next time {:-)}.
c) Use your browser (preferable on some other machine)
and check if http: and https: work
In my case, I tries URLs:
http://heechee.ccl.net/
and
https://heechee.ccl.net/
In the https case you should get a lot of windows
which ask you for accepting the certificate.
Just click Next to see if you can go through to the
page.
d) Stop apache, since you are not finshed yet.
/usr/local/apache_t3.1b1/bin/apachectl stop
14) Compiled mod_jserv.so included in jakarta-tomcat zip archive.
cd /usr/local/apache_t3.1b1/sources
cd jakarta-tomcat/src/native/apache/jserv
emacs jserv_ajpv12.c
First, I added a correction from tomcat-dev@jakarta.apache.org list:
In jserv_ajpv12.c in function original_uri(request_rec *r)
the line :
while (*last && !ap_isspace(*last)) {
needs to be changed to
while (*last && !ap_isspace(*last) && *last != '?') {
cd /usr/local/apache_t3.1b1/sources
cd jakarta-tomcat/src/native/apache/jserv
/usr/local/apache_t3.1b1/bin/apxs -c mod_jserv.c jserv*.c
cp mod_jserv.so /usr/local/apache_t3.1b1/libexec
15) Building and installing tomcat
cd /usr/local/apache_t3.1b1/sources/jakarta-ant
./bootstrap.sh
./build.sh
PATH=${PATH}:/usr/local/apache_t3.1b1/sources/jakarta-ant/bin
export PATH
ANT_HOME=/usr/local/apache_t3.1b1/sources/jakarta-ant
export ANT_HOME
cd /usr/local/apache_t3.1b1/sources/jakarta-tomcat
./build.sh
16) Starting stand alone tomcat and testing:
cd /usr/local/apache_t3.1b1/sources/build/tomcat/bin
edited startup.sh to be:
-------------------- cut start --------------
#!/bin/sh
# original comments which where there
JAVA_HOME=/usr/java1.2
export JAVA_HOME
PATH=/usr/local/bin:${JAVA_HOME}/bin:${PATH}
PATH=${PATH}:/usr/local/apache_t3.1b1/sources/build/tomcat/bin
export PATH
CLASSPATH=${JAVA_HOME}/lib/tools.jar:${JAVA_HOME}/lib/dt.jar
export CLASSPATH
BASEDIR=/usr/local/apache_t3.1b1/sources/build/tomcat/bin
export BASEDIR
$BASEDIR/tomcat.sh start "$@"
-------------------- cut end --------------
edited shutdown.sh to be:
-------------------- cut start --------------
#!/bin/sh
# original comments which where there
JAVA_HOME=/usr/java1.2
export JAVA_HOME
PATH=/usr/local/bin:${JAVA_HOME}/bin:${PATH}
PATH=${PATH}:/usr/local/apache_t3.1b1/sources/build/tomcat/bin
export PATH
CLASSPATH=${JAVA_HOME}/lib/tools.jar:${JAVA_HOME}/lib/dt.jar
export CLASSPATH
BASEDIR=/usr/local/apache_t3.1b1/sources/build/tomcat/bin
export BASEDIR
$BASEDIR/tomcat.sh stop "$@"
-------------------- cut end --------------
Then I did:
./startup.sh
In my browser I called:
http://heechee.ccl.net:8080/
and it gave me the Tomcat examples page. Examples worked, so I shut down.
./shutdown.sh
17) Added tomcat.conf to httpd.conf by adding a line:
Include /usr/local/apache_t3.1b1/sources/build/tomcat/conf/tomcat.conf
at the end of /usr/local/apache_t3.1b1/conf/httpd.conf
18) In /usr/local/apache_t3.1b1/bin
cp apachectl apache-tomcat
and edited apache-tomcat to have a script to start/stop tomcat/apache
a) At the beginning, just after "END CONFIGURATION SECTION" I added:
TOMCAT_HOME=/usr/local/apache_t3.1b1/sources/build/tomcat
export TOMCAT_HOME
JAVA_HOME=/usr/java1.2
export JAVA_HOME
PATH=$JAVA_HOME/bin:${PATH}
export PATH
b) under case startssl added 2 lines after: if $HTTPD -DSSL; then
cd $TOMCAT_HOME/bin
./startup.sh
c) under case stop added 2 lines after: if kill $PID ; then
cd $TOMCAT_HOME/bin
./shutdown.sh
d) changed apache-tomcat to executable :
chmod 755 /usr/local/apache_t3.1b1/bin/apache-tomcat
19) Started the apache/tomcat as:
/usr/local/apache_t3.1b1/bin/apache-tomcat startssl
and checked if http://heechee.ccl.net/examples and
https://heechee.ccl.net/examples worked. They did, so I killed the
server with:
/usr/local/apache_t3.1b1/bin/apache-tomcat stop
20) changed permissions/ownership on the example directories
cd /usr/local/apache_t3.1b1/sources/build/tomcat/webapps
chown -R root .
chgrp -R www .
chmod -R g+w .
find . -type d -exec chmod g+s {} \;
cd /usr/local/apache_t3.1b1/sources/build/tomcat/logs
chown -R nobody .
chmod -R g+w .
21) Changed ports. Since we have the previous (3.1M1) version of apache/tomcat
running, I had to change ports in this version not to collide with the
other installation:
Orig New Files affected
http(apache) --> 80 --> 9080 conf/httpd.conf
https --> 443 --> 9443 conf/httpd.conf
http(tomcat) --> 8080 --> 9090 sources/build/tomcat/conf/server.xml
sources/build/tomcat/conf/test-tomcat.xml
tomcat/jserv --> 8007 --> 9007 sources/build/tomcat/conf/tomcat.conf
sources/build/tomcat/conf/tomcat.properties
sources/build/tomcat/conf/server.xml
22) After tomcat/apache is installed, the default configuration of
mod_jserv.c and mod_rewrite_c is wrong, since mod_jserv follows
mod_rewrite (for details look up:
http://www.magiccookie.com/computers/apache-jserv/
To fix it I put mod_serv before mod_rewrite in
LoadModule jserv_module libexec/mod_jserv.so
LoadModule rewrite_module libexec/mod_rewrite.so
and
AddModule mod_jserv.c
AddModule mod_rewrite.c
and commented out the line
# LoadModule jserv_module libexec/mod_jserv.so
in /usr/local/apache_t3.1b1/sources/build/tomcat/conf/tomcat.conf
23) Adding other tomcat "web applications" beside "examples"
so they can also be access via Apache Web server.
/usr/local/apache_t3.1b1/sources/build/tomcat/webapps/ROOT
/usr/local/apache_t3.1b1/sources/build/tomcat/webapps/test
/usr/local/apache_t3.1b1/sources/build/tomcat/webapps/admin
Note, I also provide for the Basic Authentication in both
http and https. If you want to be picky, you need to disable
the Basic Authentication on the http port since it is profoundly unsafe.
To mount the original Tomcat directories I added following lines to:
/usr/local/apache_t3.1b1/sources/build/tomcat/conf/tomcat.conf
ApJServMount /docs /root