安裝支援 EAPI 及 DSO 的 Apache/1.3.33 (Unix) mod_ssl/2.8.22 OpenSSL/0.9.7g mod_perl/1.29 PHP/4.3.11
By wayhorn - Posted on April 12th, 2005
Tagged: Linux (& UNIX)
初版日期 :2003年12月23日
最後更新日期:2005年4月12日 (更新Apache及所有模組至最新的版本)
由於最近協助朋友將伺服器設定至支援 Movable Type, 以致必須重新編譯 Apache。鑑於我不想將 mod_ssl 的程式碼直接加到 apache 內再編譯, 又不想將編譯兩套 apache (即 apache 及 apache-ssl) 後分開執行, 便結合多個網址的介紹才把 apache+mod_ssl+mod_perl+php 以全 DSO (Dynamic Shared Object) 及 Apache-EAPI (Apache with Extended API) 的模式編譯。
既然自己用這麼多時間研究, 決定放上來向網友分享吧! 如果大家發現任何錯漏, 請指正。
Apache/1.3.33 (Unix) mod_ssl/2.8.22 OpenSSL/0.9.7g mod_perl/1.29 PHP/4.3.11
$ mkdir ~/temp
$ mkdir ~/src
$ cd ~/temp
$ wget -c http://www.apache.org/dist/httpd/apache_1.3.33.tar.gz
$ wget -c http://static.php.net/www.php.net/distributions/php-4.3.11.tar.gz
$ wget -c http://perl.apache.org/dist/mod_perl-1.29.tar.gz
$ wget -c http://www.apache.org/dist/httpd/libapreq/libapreq-1.3.tar.gz
$ wget -c http://www.modssl.org/source/mod_ssl-2.8.22-1.3.33.tar.gz
$ wget -c http://www.openssl.org/source/openssl-0.9.7g.tar.gz
$ cd ~/src/
$ tar zxfv ~/temp/apache_1.3.33.tar.gz
$ tar zxfv ~/temp/php-4.3.11.tar.gz
$ tar zxfv ~/temp/mod_perl-1.29.tar.gz
$ tar zxfv ~/temp/libapreq-1.3.tar.gz
$ tar zxfv ~/temp/mod_ssl-2.8.22-1.3.33.tar.gz
$ tar zxfv ~/temp/openssl-0.9.7g.tar.gz
$ cd ~/src/openssl-0.9.7g
$ ./config
$ make
$ cd ~/src/mod_ssl-2.8.22-1.3.33
$ ./configure --with-apache=../apache_1.3.33 --with-eapi-only
$ cd ~/src/apache_1.3.33
$ ./configure --prefix=/usr/local/apache --enable-module=so \
--enable-module=rewrite --enable-rule=EAPI
$ make
$ su
# make install
# exit
$ cd ~/src/php-4.3.11
$ ./configure --with-apxs=/usr/local/apache/bin/apxs --with-gettext \
--with-iconv --with-imap --enable-mbstring --with-mysql --with-pear
$ make
$ su
# make install
# cp -p php.ini-dist /usr/local/lib/php.ini-4.3.11
# cp -p php.ini-dist /usr/local/lib/php.ini
=> Edit your httpd.conf to load the PHP module
LoadModule php4_module libexec/libphp4.so
=> And in the AddModule section of httpd.conf, somewhere under the
ClearModuleList, add this:
AddModule mod_php4.c
=> Tell Apache to parse certain extensions as PHP
AddType application/x-httpd-php .php .phtml
AddType application/x-httpd-php-source .phps
# exit
$ cd ~/src/mod_perl-1.29
$ perl Makefile.PL USE_APXS=1 WITH_APXS=/usr/local/apache/bin/apxs \
EVERYTHING=1
$ make
$ su
# make install
# exit
$ cd ~/src/libapreq-1.3
$ perl Makefile.PL -apxs /usr/local/apache/bin/apxs
$ make
$ su
# make install
# exit
$ cd ~/src/mod_ssl-2.8.22-1.3.33
$ ./configure --with-ssl=../openssl-0.9.7g \
--with-apxs=/usr/local/apache/bin/apxs
$ vi pkg.sslmod/Makefile, add to the end of the CFLAGS=
-I/usr/include/db1/
and LIBS_SHLIB=
-lgdbm
$ make
$ su
# make install
# /usr/local/apache/bin/apxs -i -a -n mod_ssl pkg.sslmod/libssl.so
=> Edit your httpd.conf to correct the ssl module
from
LoadModule mod_ssl_module libexec/libssl.so
to
LoadModule ssl_module libexec/libssl.so
# cd ../src/openssl-0.9.7g
# cp -p apps/openssl /usr/local/apache/bin/
# cp -p apps/openssl.cnf /usr/local/apache/bin/
# mkdir /usr/local/apache/conf/ssl/
# /usr/local/apache/bin/openssl genrsa -des3 -out \
/usr/local/apache/conf/ssl.key/server.key 1024
# /usr/local/apache/bin/openssl req -new -key \
/usr/local/apache/conf/ssl.key/server.key -out \
/usr/local/apache/conf/ssl.key/server.csr -config \
/usr/local/apache/bin/openssl.cnf
# /usr/local/apache/bin/openssl req -x509 -days 17 -key \
/usr/local/apache/conf/ssl.key/server.key \
-in /usr/local/apache/conf/ssl.key/server.csr -out \
/usr/local/apache/conf/ssl.crt/server.crt \
-config /usr/local/apache/bin/openssl.cnf
=> Create a shell command file /usr/local/apache/bin/sslpasswd (with mode 700)
and add the following TWO links into it for passing the SSL passphrase when
starting apachectl
#!/bin/bash
echo password
=> Edit your httpd.conf to support mod_ssl with adding the followings directives:
Listen 443
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
SSLPassPhraseDialog exec:/usr/local/apache/bin/sslpasswd
SSLSessionCache dbm:logs/ssl_scache
SSLSessionCacheTimeout 300
SSLMutex file:logs/ssl_mutex
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
<VirtualHost *:443>
SSLEngine On
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eN
ULL
SSLCertificateFile conf/ssl.crt/server.crt
SSLCertificateKeyFile conf/ssl.key/server.key
<Files ~ "\.(cgi|shtml|phtml|php3?|php|inc)$">
SSLOptions +StdEnvVars
</Files>
<Directory "/usr/local/apache2/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog logs/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
# exit
debian:~/src/apache_1.3.31# ./configure --prefix=/usr/local/apache --enable-module=so --enable-rule=EAPI
Configuring for Apache, Version 1.3.31
+ using installation path layout: Apache (config.layout)
Creating Makefile
sed: -e expression #44, char 48: Unknown option to 's'
Creating Configuration.apaci in src
我在編譯時 會出現以上的錯誤 ,當我嘗試apt-get upgrade sed 到
GNU sed version 3.02時還是不行 , 我是否漏裝了什麼軟體, 請撥空幫忙.謝謝
have you tried to update your debian by using the following steps:
1. apt-get -u update
2. apt-get -u dist-upgrade
I will update the whole debian once I finished
a fresh installation. Also i haven't encountered
this problem when on my debian.
if you are still failed on running the configure of
Apache after apt-get dist-upgrade, then you may be
required to download the lastest GNU sed and compile
it yourself. The lastest version of GNU sed is 4.1-4.1.1 .
Some of the softwares you apt-get from debian
ftp sites is quite outdated, for e.g. automake and autoconf.
So you may need to download the source and compile it
yourself.
Furthermore, when I was compiling Apache + mod_ssl + php in debian,
I encountered a problem that debian has no gdbm C library file for
compiling mod_ssl:
$ cd ~/src/mod_ssl-2.8.18-1.3.31
$ ./configure --with-ssl=../openssl-0.9.7d --with-apxs=/usr/local/apache/bin/apxs
$ vi pkg.sslmod/Makefile, add to the end of the CFLAGS=
-I/usr/include/db1/
and LIBS_SHLIB=
-lgdbm
the gdbm C library file must be included when we are editing the
line:
"LIBS_SHLIB=-lgdbm" for file "pkg.sslmod/Makefile".
I found the gdbm C library file in RedHat is located at:
/usr/lib/libgdbm.a
but there is no "libgdbm.a" file in my whole debian linux.
請問在最後修改 httpd.conf 的時候, 有一行要加上:
SSLPassPhraseDialog exec:/usr/local/apache/bin/sslpasswd
我在 /usr/local/apache/bin/ 找不到有這個 sslpasswd 的檔案.
在整個 harddisk 也找不到 sslpasswd.
請問 sslpasswd 這個檔案, 是什麼時候出現的?
對不起, 原來我漏寫這個的內容。
其實這是一個簡單的 shell script, 用以在啟動 apache 時把證書的密碼輸入的。 如果你想在啟動 apache 時人手輸入密碼, 可以刪除 httpd.conf 那一行設定。
/usr/local/apache/bin/sslpasswd 的內容如下:
#!/bin/bash
echo password
I have followed your instruction and it is working now.
Thanks you very much!
我 download 了 Apache 1.3.29, 但當 configure with EAPI 的時候:
$ ./configure --prefix=/usr/local/apache --enable-module=so --enable-rule=EAPI
發生了以下錯誤:
Configuring for Apache, Version 1.3.29
+ using installation path layout: Apache (config.layout)
configure:Error: No such rule named 'EAPI'
我再打開 Apache 1.3.29 的 configure 文件檔,
完全找不到 EAPI 或 eapi 等字串.
Apache 1.3.29 及 1.3.31 也有同樣情況.
我的 Apache source codes 是從這裡 download 得來的:
http://archive.apache.org/dist/httpd/
再問, 該如何是好? 謝謝!
不好意思. 自己擺了烏龍.....
各位好:
請教一下,有關本文安裝的流程中,在mod_ssl的安裝步驟中,必需要去修改Makefile,裡面有一行要改成-I/usr/include/db1,可是我的系統中並沒有此一目錄,相當然如此執行make是不會通過的。我都依照本文所示步驟執行,除了沒有安裝mod_prel和有些程式安裝的路徑改成自己比較習慣的地方,不知道db1是要安裝何種程式才會出現呢?因為我search過系統中的檔案中沒有這個東西,應該不是我放到別的地方去了。麻煩各位前輩指點,謝謝
這個是因為mod_ssl需要Berkeley DB,所以安裝好了就會有所需的檔案了
以linux redhat為例,預設的目錄是/usr/include/gdbm/,改成這個就可以
順利編譯執行
無名仕, 多謝你找到答案也即時上來報告, 希望日後多點分享啊。其實你也可以在這裏貼文, 把你的發現寫出來, 不過由於避免 blog spam, 故暫時所有文章都要經人手過濾, 請見諒。
現在天天都 Blog 得很開心,辛苦你了!
Dom - www.hkdom.com/blog/
--enable-shared=ssl
就可以了