CCL Home Page
Up Directory CCL README.html
Apache 1.3.26 on Red Hat 7.3

This is a log of my installation/Compilation of Apache DSO
with SSL, MM, under Red Hat 7.3 on Pentium III
This log includes compilation from scratch of Apache. I personally
usually compile stuff from scratch, since I have the NIH (Not Invented Here)
mental syndrome, and I do not like THEIR layout. It is still mild, and
my shrink tells me that he still does not have to report me to the authorities.
Frankly, I do not like my own layout after a while too, and change it
often. This time, I even adopted Red Hat layout...

This memo was originally writtent around Aug 30, 2002

The UNIX commands are in italic. It assumed that you will just grab them
with the mouse and paste them in your xterm...

Few terms:
  Apache -- the Web Server
  DSO -- Dynamic Shared Object (additional modules can be added/updated
         to Apache without the need to recompile the whole thing, similar
         to shared libraries, but DSO modules are not only called, but
         can also call routines within Apache)
         
  MM  -- memory management or something like that - an add-on to Apache
         and its modules to communicate via shared memory rather than files
         (faster). 

  SSL -- Secure Socket Layer - the encryption and certificate package which
         works with Apache

I assume you have moderately latest GNU tools (gmake, gzip, etc...) installed
and you also have a recent version of perl installed distribution. 

I assume that you do all installation as root...
You can also get the wget utility from
 ftp://ftp.gnu.org/pub/gnu/wget/. The local copy is here.
You will need to have openssl libraries (libcrypto and libssl) installed
for the latest wget to compile. If you do not have them, install openssl
first as described later on in this log.
By default, it installs wget binary to /usr/local/bin and puts man page into
/usr/local/man. You can edit the Makefile after .configure step if you
want them elsewhere. I installed the latest GNU one (now 1.8.2)as: 
    get wget-1.8.2.tar.gz and move it to directory /usr/local/uploads or
       the one you like the most, e.g.; /tmp.
    gunzip wget-1.8.2.tar.gz
    gtar xvf wget-1.8.2.tar
    mv wget-1.8.2 /usr/local     # I like it in /usr/local
    cd /usr/local/wget-1.8.2
    ./configure
    make
    make install

wget has also extensive GNU info pages and if you have install, do

   info wget

and seek knowledge.

1) Be a root... Run ksh or bash or other sh, but not C-shell.
   Before you install the new Apache, you have to know if you have some
   other installation of Apache running. If you do, you need to decide
   if you want to keep the old Apache running, or you stop it. 
   The problem is that Apache server by default listens to standard
   Web TCP ports, and you cannot have some other Apache listen on the same
   port(s). If Apache was installed before you will need either to disable
   it, or choose other ports. If some Apache is running 
   (do: ps -ef | grep httpd) check which ports it is using by:

      netstat -a | grep LISTEN

   or 

      netstat -a -n | grep LISTEN

   if you want to see all ports given as numbers, rather than services names.

   If you get (among others):
      tcp        0      0 *:www             *:*                     LISTEN    
      tcp        0      0 *:https           *:*                     LISTEN    
   (or, with netstat -n option:
      tcp        0      0 0.0.0.0:80        0.0.0.0:*               LISTEN
      tcp        0      0 0.0.0.0:443       0.0.0.0:*               LISTEN )
   The "well known ports" for HTTP and HTTPS are booked and some web
   server is running. 


2) If the old server is running check the files in /etc/init.d and
   see if there is an httpd file (or similar) and stop apache as:

      /etc/init.d/httpd stop    

3) If you do not want to kill previous Apache, and install the 
   new one in such a way that their TCP ports do not conflict, just
   continue on, and you will OK, since this installation uses
   ports 4080 and 6443 rather than standard ports which your existing
   installation is most likely using (change them is already used for
   something else). If you know where is the configuration file for
   the already installed apache located, you can edit it and change
   port assignements, for example: 
      edit file /usr/local/apache1.3.13/conf/httpd.conf and change ports:
      
         cd /usr/local/apache1.3.13/conf
         cp -p httpd.conf httpd.conf.original
     
      emacs (or vi or whatever) httpd.conf and replace lines:
           Listen 80   -->    Listen 6080
           Port 80     -->    Port 6080
           Listen 443  -->    Listen 6443
           <VirtualHost _default_:443> --> <VirtualHost _default_:6443>
     then restart apache and check pages:

         cd /etc/init.d
         ./httpd start

         and try if this works, i.e., try the URLs:
            http://my.machine.com:6080/
            https://my.machine.com:6443/

4) You usually have openssl installed, but if you cannot find the
   libraries:
     /usr/lib/libcrypto* or /usr/local/lib/libcrypto*
     /usr/lib/libssl* or /usr/local/lib/libssl*  
   you need to install the openssl.
   Even if you have the openssl and libraries already
   installed, you may have to go through this step, if you did
   not install the development version of the openssl and are missing
   the header files. At this writing I had the following RPMs installed:
   openssl-0.9.6b-28.i386, openssl-devel-0.9.6b-28.i386,
   openssl-perl-0.9.6b-28.i386, openssl095a-0.9.5a-18.i386,
   openssl096-0.9.6-13.i386. 

   I retrieved the latest openssl RPMs from http://rufus.w3.org, put them
   in a /tmp directory, and did:
   rpm -Uhv openssl*

5) Make top directory for Apache 1.3.26 installation. I did
     /usr/local/apache_1.3.26

     mkdir /usr/local/apache_1.3.26

  Then set APACHE_HOME environment variable

    APACHE_HOME=/usr/local/apache_1.3.26
    export APACHE_HOME

 
  I also made a subdirectory "sources" to have all needed sources in one
   place: 

     mkdir /usr/local/apache_1.3.26/sources
     cd /usr/local/apache_1.3.26/sources

   Put there the tar files:

     wget http://www.apache.org/dist/httpd/apache_1.3.26.tar.gz
     wget http://www.modssl.org/source/mod_ssl-2.8.10-1.3.26.tar.gz
     wget ftp://ftp.ossp.org/pkg/lib/mm/mm-1.2.1.tar.gz

   Local copied of the tarballs from above are here:
      apache_1.3.26.tar.gz
      mod_ssl-2.8.10-1.3.26.tar.gz
      mm-1.2.1.tar.gz

6) Unpack sources to buld DSO Apache with mod_ssl and mm:

     cd /usr/local/apache_1.3.26
     cd sources
     gtar zxvf apache_1.3.26.tar.gz
     gtar zxvf mod_ssl-2.8.10-1.3.26.tar.gz
     gtar zxvf mm-1.2.1.tar.gz


7) Compiled MM shared memory library

     cd /usr/local/apache_1.3.26/sources/mm-1.2.1
     ./configure --disable-shared
     make

8) Configured  mod_ssl

     cd /usr/local/apache_1.3.26/sources/mod_ssl-2.8.10-1.3.26
     EAPI_MM=../mm-1.2.1  \  
     ./configure \
     --with-apache=/usr/local/apache_1.3.26/sources/apache_1.3.26


9) 

                 cd /usr/local/apache_1.3.26/sources/apache_1.3.26
                 SSL_BASE=SYSTEM \
                 EAPI_MM=/usr/local/apache_1.3.26/sources/mm-1.2.1 \
                 ./configure --with-layout=RedHat \
                             --enable-module=so \
                             --enable-rule=SHARED_CORE \
                             --enable-module=most \
                             --enable-shared=max \
                             --enable-module=ssl \
                             --enable-shared=ssl 
                 make


11) Now you can make certificates. If you want to install self signed
    certificates which you will use (read a pagefull below), do:

       make certificate TYPE=custom

   One thing to remember, is to enter the fully qualified domain name of the
   host on which this Apache Web server runs (in my case: ccl.net)
   when you are asked for info for X.509 certificate signing request
   for SERVER [server.csr] at item 6. Common Name.
    You can look at my dialog with the computer here.
   I then tarred my certificates/keys into a file:

     cd /usr/local/apache_1.3.26/sources/apache_1.3.26/conf
     gtar zcvf /usr/local/apache-certificates.tgz ssl*
     chmod 600 /usr/local/apache-certificates.tgz

   just in case, if I lost them (these certificates were made for 6 or so
   years, and I do not want to redo it every time I update apache). When you
   need to restore the certificates, just do:

     cd $APACHE_HOME/conf
     gtar zxvf  /usr/local/apache-certificates.tgz

    If you have your certificates already made and signed you can just
    create dummy certificates as:

      make certificate TYPE=dummy

    and you will replace them later in the $APACHE_HOME/conf with the
    real ones. 

    Then you install Apacje in the directories under $APACHE_HOME

      cd /usr/local/apache_1.3.26/sources/apache_1.3.26
      make install

   Also, if for some reason, you need to redo the certificates (I actually
   had to do it, since I had a typo in server name, discovered it after
   I finished the apache installation): 

     cd /usr/local/apache_1.3.26/sources/apache_1.3.26
     make certificate TYPE=custom

   and copy them by hand to the $APACHE_HOME/conf directory:

     cd /usr/local/apache_1.3.26/sources/apache_1.3.26/conf
     gtar zcvf /usr/local/apache-certificates.tgz ssl*
     chmod 600 /usr/local/apache-certificates.tgz
     cd $APACHE_HOME/conf
     gtar zxvf  /usr/local/apache-certificates.tgz

   and do not redo the make install !!! 


12) With the RedHat setup, the config and authorization files are
    located in /etc/httpd
    You need to edit /etc/httpd/conf/httpd.conf or use your
    previous httpd.conf. You need to set up the 
    ServerRoot "/etc/httpd"
    ServerName your.actual.machine
    DocumentRoot "/your/actual/document/root
    and try it with:

      /usr/sbin/apachectl startssl


    then point your browser at: 
      http://your.machine/
    and
      https://your.machine/
    and you should see something. If not, you have a problem.

    Then I did

       /usr/sbin/apachectl stop

    to stop apache, so I can tweak startup scripts
   
13) I went to /etc/rc.d/init.d directory and created a startup script
    for apache, httpd-ssl,
    so Apache can start on reboot. I also checked if there are some
    old links to the previous/default installation of httpd
    in the /etc/rc.d directories by doing:

      cd /etc/rc.d
      find . -name '*http*' -print

    If you do not run another apache, remove these links by doing:

      cd /etc/rc.d
      find . -name '[KS]*http*' -exec rm {} \;

    and then remake the links by doing:

      cd /etc/rc.d/init.d
      chkconfig --add httpd-ssl
      chkconfig --list httpd-ssl

    if this does not show the line:
       httpd-ssl      0:off 1:off2:off3:on4:on5:on6:off
    make sure your there is a line close to the top of httpd-ssl script:

         # chkconfig: 345 85 15
    Now start and stop apache as:

      /etc/rc.d/init.d/httpd-ssl start
      /etc/rc.d/init.d/httpd-ssl stop

    and check if you are getting the pages served both for http and https
    protocols.

    

                 -- THE END --

If you see something wrong here, please let me know, so I can save
other peoples time.

Jan    
Modified: Sat Aug 31 00:00:39 2002 GMT
Page accessed 390 times since Tue Mar 15 07:18:09 2005 GMT