1 - download new Apache source http://www.apache.org/httpd.html , the mod_perl source code from http://perl.apache.org/download/index.html Be sure to get the mod_perl for Apache 2.
2 - mv the apache and mod_perl source file to /usr/src/apache (My preference, but it can be unpacked anywhere)
3 -unpack the new Apache 2.0.XX and mod_perl with:
tar zxvf httpd-2.0.XX.tar.gz -- if the file ends in tar.gz(where XXX is the version) for the Apache 2.0.XX
tar zxvf mod_perl.XXXX.tar.gz -- if the file ends in tar.gz(where XXX is the version) for the mod_perl version.. Note that the lastest version may be mod_perl-2.0-current.tar.gz but when unpacked give mod_perl-1.99_XX or something like it..
4 - cd httpd-2.0.XX directory
5 - Read the README and INSTALL files etc...
6 - Edit the configure file in the main directory to select modules to be compiled in the new Apache. This starts after Optional Features. --enable will enable the feature, --disable will disable it.. Note that there appears to be a bug/glitch in that not all modules are controlled from configure..
7 - Create a file named configthese to enable/disable needed modules:
cat configthese
./configure --prefix=/usr/local/apache2 \
--enable--ssl \
--enabel-info \
--enable-status \
--enable-rewrite
8 - chmod 744 configthese to make it executable.
9 - Now to compile and install it.
./configthese
make
10 - To install it either cp httpd /usr/local/apache2/bin/httpd
to replace existing httpd (Slackware and Redhat may have it in sbin instead
of bin)
or make install to install all Apache files and subdirectories --
may replace existing httpd.conf--Yikes!!
Often there are changes made in the httpd.conf file in new versions to reflect
the server changes/additions.
If you have a previous version of apache that is running, first stop it by
/usr/local/apache2/bin/apachectl stop
11 - edit apachectl in apache2/bin or apache2/sbin. You
may need to edit it, but it should work as is.
PIDFILE=where the pid file is
HTTPD=where the httpd file is
STATUSURL="http://localhost/server-status" (should
work ok as is)
12 - Now to compile and install mod_perl.
cd /usr/src/apache/mod_perl-1.99_XX .......or whatever the current version is..
Read the INSTALL and README files. The Simple Install should work ok.
perl Makefile.PL MP_AP_PREFIX=/usr/local/apache2
make && make test
make installThe install should copy mod_perl.so into /usr/local/apache2/modules. Check to make sure it is there.
Now to edit the Apache configuration file.
13 -Edit your /usr/local/apache2/conf/httpd.conf file to check the following
ServerRoot "/usr/local/apache2" or wherever
PidFile /usr/local/apache2/logs/httpd.pid should be the same as the above
PIDFILE in step 11
ServerAdmin who@domain (maybe correct/useable as installed)
ServerName new.host.name:80 replace with either your IP or domain name..
DocumentRoot "/usr/local/apache2/htdocs"
UserDir public_html (public_html is the default. Just make sure each
user has one.)
Remove the # from infront of the example control access to UserDir
directories. Should follow the UserDir public_html section.
DirectoryIndex index.html index.htm index.html.var index.shtml default.html
default.htm
DirectoryIndex is the starting page name and the search order.(index.html is
the default)
| for cgi | |
| uncomment and edit: | AddHandler cgi-script .cgi |
| for serverside includes | |
| uncomment and edit | AddType text/html .shtml .htm .html |
| AddHandler server-parsed .shtml .htm .html |
Also for the serverside includes to work, you will need to have either a Options Includes or Options IncludesNoExec within the <Directory> ...</Directory> sections.
Under the Dynamic Shared Oject (DSO) Support you will need to make sure the following two lines are there, otherwise your mod_perl might not be loaded into Apache.
# now to load the perl module
LoadModule perl_module modules/mod_perl.so
Uncomment the <Location /server-status> section
and edit the Allow from .your_domain.com with one or more IPs or domain
names.. let these and only these be able to http://servername-or-IP/server-status.
All this info would be usefull to a cracker/hacker to attack your Apache server.
You can use either the 192.168.1 or 192.168.1.0/24 notation for IPs.
Uncomment the ExtendedStatus On line -- do be sure you have restricted the Allow from in the <Location /server-status> section.
Uncomment the <Location /server-info> section
and edit the Allow from .your_domain.com with one or more IPs or domain
names.. let these and only these be able to http://servername-or-IP/server-info.
All this info would be usefull to a cracker/hacker to attack your Apache server.
You can use either the 192.168.1 or 192.168.1.0/24 notation for IPs.
Uncomment or add in a NameVirtualHost with the servers IP
Add any <VirtualHost section>
14 - edit the startup files as needed.
Slackware is /etc/rc.d/rc.httpd
Redhat is /etc/rc.d/init.d/httpd.org
15 - start it up either using the startup file or cd to the apache2/bin directory and using
./apachectl start without mod_SSL support
./apachectl startssl with mod_SSL support
The SSL support is not yet complete as we have not yet installed a SSL Certificate.
Note that you may need to vi apachectl to edit the PIDFILE and HTTPD to where they really are.
16 - watch for errors then use a web browser on a pc to try it out... try a virtual host domain and a users directory. http://xx.yy.zz.aa/server-info (where xx.yy.zz.aa is an IP that your Apache Server will respond to) will tell you what modules your Apache has loaded.
http://xx.yy.zz.aa/server-status (where xx.yy.zz.aa is an IP that your Apache Server will respond to) for server status info.
17 run apachectl graceful after any changes to the httpd.conf file
Now for the SSL part...
18 - Download a current copy of OpenSSL from http://www.openssl.org/source/ . You may see openssl and openssl-engine. Download the current version of openssl. It does not matter where it is on your server. But I prefer /usr/src/
19 - unpack openssl with
tar zxvf opensll-0.9.xx.tar.gx where xx is the version.
20 - Change into the new directory cd openssl-0.9.xx and read the INSTALL and README files.
21 - Go with the defaults and just do the following:
./config
make
make test
make install
This should compile it and install it in /usr/local/ssl. Note that the make and make test may take 5 minutes or so to compile and test.
Making a SSL key, CSR and self signed cert for Apache.
22 - Change to the /usr/local/ssl directory
cd /usr/local/ssl
echo $PATH to see if the ssl directory is in your path
PATH=$PATH:/usr/local/ssl
echo $PATH and you should see the ssl directory in your path
23 - Now to generate an SSL Cert. For several years I could not figure this out but with the help of Linux Sever Hacks by Rob Flickenger from O'Reilly (hacks.oreilly.com) I was finally able to hack it. Peace of pie!
Tip! It seems to work best if you use your actual domain name for the file names in Steps 1-3 and to use the actual domain name for the Common Name in Step 2. Internet Explorer will ask for your OK each session time it encounters the certificate if you do not use the actual domain name.
Step 1
openssl genrsa -des3 1024 > www.domainname.com.key to generate a SSL key with password protection. You will be asked to enter in a new password for this. You will need to remember this to generate the Certificate - crt in Step 3 and in starting Apache2 with mod_SSL.Step 2
openssl req -new -key www.domainname.com.key >www.domainname.com.csr to generate the Certificate Signing Request.You will be asked for the following:
Country Name ( 2 letter code) = US
State or Province Name = Texas
Locality Name = Houston
0rganization Name = MegaDomane, Inc.
Organizational Unit Name = Our Secure Web Site
CommonName = www.domainname.com
Email Address = admin@dominname.com
The default answers for these can be set in openssl.cnf. Just look for the lines with _default and change them...
Step 3
openssl req -x509 -days 90 -key www.domainname.com.key \
-in www.domainname.com.csr > www.domainname.com.crtYou will be asked for the pass phrase that you entered in Step 1.
do a ls -l www* to see your new Certificates..
24 - Now to copy your new self signed SSLCerficatefile crt and key to the Apache2 directory tree.
cp www.domainname.com.crt /usr/local/apache2/conf/ssl.crt/www.domainname.com.crt
cp www.domainname.com.key /usr/local/apache2/conf/ssl.key/www.domainname.com.keyyou may first need to:
mkdir /usr/local/apache2/conf/ssl.crt
mkdir /usr/local/apache2/conf/ssl.key
Back to Apache2 Configuration:
25 - cd /usr/local/apache2/conf to change back to the Apache2 configuration directory.
26 - Now to edit the ssl.conf file. Tigers and lions and bears oh my!
The following should be enabled/uncommented and edited in conf/ssl.conf:
<NameVirtualHost ww.xx.yy.zz:443> #where ww.xx.yy.zz is the IP and 443 is the port for SSL
<VirtualHost ww.xx.yy.zz:443>
ServerName www.domainname.com:443
ServerAlias domainname.com:443
DocomentRoot "/home/joeuser/public_html/webssl"
ScriptAlias /cgi-bin "/home/joeuser/cgi-bin"
ServerAdmin adminjoe@domainname.com
ErrorLog logs/error_log
TransferLog logs/access_logSSLEngine on
SSLCertificateFile /usr/local/apache2/conf/ssl.crt/www.domainname.com.crt
SSLCertificateFile /usr/local/apache2/conf/ssl.key/www.domainname.com.key
<Directory "/home/joeuser/public_html/webssl"
SSLRequireSSL
</Directory><Directory "/home/joeuser/cgi-bin">
SSLOptions +StdEnvVars
</Directory></VirtualHost>
27- Now back to the conf/httpd.conf file to edit.
To get a seperate normal web site/non SSL site, you will need to have the following lines in httpd.conf:
NameVirtualHost ww.xx.yy.zz:80 # where ww.xx.yy.zz is the IP and 80 is the port number.
<VirtualHost ww.xx.yy.zz:80>
ServerName www.domainname.com
ServerAlias www.domainname.net www.domainname.info
DocumentRoot /home/joeuser/public_html
</VirutalHost>
to be continued
Last modfied on
Tuesday, 17-Jun-2003 13:08:22 CDT
rddecker@lanranger.net