Sysadmin
Installing and Configuring: MySQL, Apache with SSL, PHP, and mod_perl
by Paul Summers - Fri, 10 Nov 2000 03:56:27am
The first thing you'll need is fairly obvious. A box of some form running a GNU/Linux flavor of some sort (Or BSD, Solaris, etc). Fortunately, there are lots of boxes laying around in most educational and business environments running this weird thing called windows that are perfect candidates for such liberations.
So, from this point forward, we'll assume you have a x86 computer running Debian GNU/Linux. We'll also assume you have a basic understanding of how to use a UNIX shell, and that you have superuser access to the machine. Everything in this example can be done remotely via ssh or telnet as well as locally from the machine console.
Step 1:
First off, you will want to set up a directory structure to install and compile everything. Some people use the standard locations when installing everything. If you're only running a few machines, or only one OS, there's nothing wrong with this. You can install everything in /usr/bin or /usr/local/bin or /export/home/web or wherever your OS of choice decides to put things.
Experience has shown me that using one general directory scheme for commonly messed with things (namely apache as I'm always adding vhosts and the like) is a good thing. This way, I don't have to go hunting around for things and trying to remember each and every OS's directory scheme. So, when I'm setting up a new box for apache and mysql, I use /usr/www/ for apache's root directory, and /usr/db/ for mysql. So we do this:
# mkdir /usr/www
followed by:
# mkdir /usr/db
It's also a good idea to set up directories for everything we're going to build into apache. Keeps things tidy.
# mkdir /usr/www/php
# mkdir /usr/www/mod_ssl
# mkdir /usr/www/openssl
# mkdir /usr/www/mm
# mkdir /usr/www/logs
Now that we have our directory structure, we should set up user accounts to own these directories. Running daemons like apache or mysql as root is generally not a good idea. Now, mysql's build scripts create user accounts for itself, so all we have to deal with is apache. Add a user account www with whatever adduser utility you might prefer. Or, you can just add the entries right into /etc/passwd. I also create a www group for the www user to make things simple for future group-based permissions and the like. Under debian you'd do this:
# adduser
which would give you the standard adduser options:
Enter username to add: www
Adding user www...
Adding new group www (1002).
Adding new user www (1002) with group www.
Creating directory /home/www.
Copying files from /etc/skel
Enter new UNIX password:
Retype new UNIX password:
Changing user information for www . . .
You can then edit /etc/passwd to disable logins for the www account. This is usually done by replacing the shell specification with something like /sbin/nologin. which is basically just a simple shell script that echos something like "Sorry, this account is disabled."
Now it's time to grab the source for the software you want to install. Assuming you have wget installed, it's quick and easy to grab it. If not, you can visit the mysql.com and apache.org web sites and get the source via http or ftp. However, if you have wget, you can do things the easy way. (If you don't, apt-get install wget under Debian)
# cd /usr/db
# wget http://www.mysql.com/Downloads/MySQL-3.22/mysql-3.22.32.tar.gz
# cd /usr/www
# wget http://httpd.apache.org/dist/apache_1.3.14.tar.gz
# wget http://perl.apache.org/dist/mod_perl-1.24.tar.gz
# wget "http://www.php.net/do_download.php?download_file=php-4.0.3pl1.tar.gz&source_site=www.php.net" (note the quotes around the url due to the screwy download string for this one.)
# wget http://www.openssl.org/source/openssl-0.9.6.tar.gz
# wget http://www.modssl.org/source/mod_ssl-2.7.1-1.3.14.tar.gz
# wget http://www.engelschall.com/sw/mm/mm-1.1.3.tar.gz
Now, you can gunzip and untar the source.
# gunzip /usr/db/mysql-3.22.32.tar.gz
# gunzip /usr/www/apache_1.3.14.tar.gz
# gunzip /usr/www/openssl-0.9.6.tar.gz
# gunzip /usr/www/mod_ssl-2.7.1-1.3.14.tar.gz
# gunzip /usr/www/mm-1.1.3.tar.gz
# gunzip /usr/www/php-4.0.3pl1.tar.gz
# gunzip /usr/www/mod_perl-1.24.tar.gz
# cd /usr/db
# tar -xf mysql-3.22.32.tar
# cd /usr/www
# tar -xf apache_1.3.14.tar
# tar -xf openssl-0.9.6.tar.gz
# tar -xf mod_ssl-2.7.1-1.3.14.tar.gz
# tar -xf mm-1.1.3.tar
# tar -xf php-4.0.3pl1.tar.gz
# tar -xf mod_perl-1.24.tar.gz
Now, you can get rid of the source tarballs.
# rm /usr/db/mysql-3.22.32.tar
# rm /usr/www/*.tar
At this point, you can begin the build of MySQL. First, change to the source directory.
# cd /usr/db/mysql-3.22.32/
Now configure the source to build on your system. Note the directory location.
# configure --prefix=/usr/db
The configuration script will now check your system and attempt to configure the MySQL makefile for it. Assuming it doesn't run into any problems, it should complete without errors. Now you are ready to build the mysql source. How long the build takes will vary depending on your system, but it will usually grind away for anywhere between 3-15 minutes.
# make
The last output you should see will be something like:
make[2]: Leaving directory `/usr/db/mysql-3.22.32/support-files'
make[2]: Entering directory `/usr/db/mysql-3.22.32'
make[2]: Leaving directory `/usr/db/mysql-3.22.32/support-files'
make[1]: Leaving directory `/usr/db/mysql-3.22.32'
You can now begin the install of MySQL.
# make install
This will exit with a similar syntax, and you should now have the full MySQL directory structure in /usr/db/.
Now you'll want to install the MySQL database. While in /usr/db/mysql-3.22.32/.
# cd scripts
# make install
# chmod +x mysql_install_db.sh
# ./mysql_install_db.sh
Now remove the executable permission from the install db script.
# chmod -x mysql_install_db.sh
Now, you can start up the MySQL server and set a root password for the MySQL server:
# cd /usr/db/bin
# ./safe_mysqld &
# ./mysqladmin -u root password 'new-password'
If you use the mysql binaries often, you may want to add /usr/db/bin to your shell path variable. Now you can test out your MySQL server and make sure all is working properly.
# mysql --user=root -p
You should see something like:
# mysql --user=root -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 2 to server version: 3.22.32
mysql>
mysql> status
--------------
mysql Ver 9.38 Distrib 3.22.32, for pc-linux-gnu (i686)
Connection id: 2
Current database:
Current user: root@localhost
Server version 3.22.32
Protocol version 10
Connection Localhost via UNIX socket
UNIX socket /tmp/mysql.sock
Uptime: 3 min 27 sec
Threads: 1 Questions: 15 Slow queries: 0 Opens: 7 Flush tables: 1 Open tables: 3
--------------
mysql>
Step 2:
Now we move on to building all of the SSL software. Unlike PHP and mod_perl, mod_ssl is built directly into the Apache server, instead of running as a module. The first thing to do is install MM, the Shared Memory Library. Change to the mm source directory:
# cd /usr/www/mm-1.1.3
Then, configure the makefile:
# ./configure --prefix=/usr/www/mm
Now, build the source:
# make
Once built, test the build:
# make test
You should get a confirmation: "OK - ALL TESTS SUCCESSFULLY PASSED." Finally, install the files:
# make install
Step 3:
Now we build OpenSSL. First, change to the OpenSSL source directory:
# cd /usr/www/openssl-0.9.6
Now run the config script:
# ./config --prefix=/usr/www --openssldir=/usr/www/openssl
Then build it:
# make
Then test it:
# make test
And install it:
# make install
Step 4:
You're getting there. All that is left to do is build and install PHP and mod_perl, configure Apache, and start the server. Now we will build mod_ssl. Change to the mod_ssl source directory:
# cd /usr/www/mod_ssl-2.7.1-1.3.14
Now, you'll want to specify the options needed to configure the Makefile. If you already have a signer SSL certificate, specify it's location and key database in the config line. If not, you can generate/add them later. Note the prefix option, as well as the others. This configure line will enable the rewrite module, the speling module, and the DSO module.:
# ./configure --with-apache=/usr/www/apache_1.3.14 --with-ssl=/usr/www/openssl-0.9.6 --with-mm=/usr/www/mm [--with-crt=/path/to/server.cft] [--with-key=/path/to/server.key] --prefix=/usr/www --enable-shared=ssl --prefix=/usr/www --enable-module=rewrite --enable-shared=rewrite --enable-module=speling --enable-module=so
Once configured, you'll want to build the source. However, this is done in Apache's source directory. Change to that directory:
# cd /usr/www/apache_1.3.14
Now build the source. Again, the time it takes to compile will vary between systems. It usually takes less then 10 minutes.
# make
make will terminate with something like:
make[2]: Leaving directory `/usr/www/apache_1.3.14/src/support'
<=== src/support
make[1]: Leaving directory `/usr/www/apache_1.3.14'
<=== src
Then, make a certificate. You will be prompted for the information needed to make a self-signed certificate, which you can use in place of a signer certificate, or for development until you get one.
# make certificate
Finally, install the server.
# make install
When finished, you'll be given a message confirming the installation. Do not follow its instructions with regard to starting the server. Now the real fun starts, and we begin installing modules to take care of the other services we want.
Step 5:
Now we install PHP into Apache. First, move to the source directory.
# cd /usr/www/php-4.0.3pl1
Now, configure the Makefile. Using this string, we will enable mySQL support, and use Apache's DSO module to interface. As well, we specify where Apache's APXS script is, and where we want to dump the PHP files. You'll want to make sure you have flex installed before doing this, as the configure script seems to like it.
# ./configure --prefix=/usr/www/php --with-mysql --with-apxs=/usr/www/bin/apxs
The configure script should finish without error, and warn you about using built-in MySQL support. So long as you aren't using any other server modules which play with MySQL, you should be fine. Else, you may want to recompile Apache with mod_auth_mysql enabled. Now we build the source.
# make
The compile should complete without error, and will take around 10 minutes on the average system. Now, install the built source.
# make install
Once installed, you can verify the module has been loaded by inspecting /usr/www/conf/httpd.conf. You should have:
LoadModule php4_module libexec/libphp4.so
AddModule mod_php4.c
in the DSO section of the file. Also, you should uncomment the following lines:
#AddType application/x-httpd-php .php
#AddType application/x-httpd-php-source .phps
Step 6:
Now we install mod_perl into Apache. First, move to the source directory. Be sure that you have perl installed.
# cd /usr/www/mod_perl-1.24
Now build mod_perl. Note that you must have perl installed to do this. We want to use Apache's AXPS to auto-magically integrate mod_perl into the server, so...
# perl Makefile.PL NO_HTTPD=1 USE_APXS=1 WITH_APXS=/usr/www/bin/apxs APACHE_PREFIX=/usr/www
Note that this will build the base mod_perl. If you want some of the extra spiffy features enabled like PerlSSI and so forth, read the installation file and enable them by adding them to the makefile string. For example, # perl Makefile.PL NO_HTTPD=1 USE_APXS=/usr/www/bin/apxs PERL_SSI=1 would turn on PerlSSI.
Once configured, you can make and install mod_perl. If you get a warning about perl being linked against libgdbm, you can get away with symlinking; ln -s/usr/lib/libgdbm.so.1.7.3 /usr/lib/libgdbm.so and re-running the configure script should fix it. You may also wish to apt-get install libwww-perl.
# make
Once the compile is done, you can run # make test to make sure everything works, but if the compile finished without error, you can usually get away with skipping it and installing mod_perl.
# make install
Once installed, you can verify the module has been loaded by inspecting /usr/www/conf/httpd.conf. You should have:
LoadModule perl_module libexec/libperl.so
AddModule mod_perl.c
To keep things tidy, you can symlink the build directory to something less verbose.
# ln -s /usr/www/mod_perl-1.24 /usr/www/mod_perl
Step 7:
Now you'll want to configure Apache by editing the /usr/www/conf/httpd.conf file. Instead of go through the file step by step, I have included a slimmed down version (less the descriptions) here, with my own comments added in. This should successfully allow apache to start. So, crank up your favorite editor, and make httpd.conf look like this. :)
# vim /usr/www/conf/httpd.conf
##
## httpd.conf -- Apache HTTP server configuration file
##
ServerType standalone
ServerRoot "/usr/www"
#LockFile /var/run/apache.lock
PidFile /var/run/apache.pid
ScoreBoardFile /var/run/apache.scoreboard
ResourceConfig /dev/null
AccessConfig /dev/null
Timeout 300
KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 15
MinSpareServers 5
MaxSpareServers 10
StartServers 5
MaxClients 256
MaxRequestsPerChild 0
#BindAddress *
# Dynamic Shared Object (DSO) Support
LoadModule vhost_alias_module libexec/mod_vhost_alias.so
LoadModule env_module libexec/mod_env.so
LoadModule define_module libexec/mod_define.so
LoadModule config_log_module libexec/mod_log_config.so
LoadModule mime_magic_module libexec/mod_mime_magic.so
LoadModule mime_module libexec/mod_mime.so
LoadModule negotiation_module libexec/mod_negotiation.so
LoadModule status_module libexec/mod_status.so
LoadModule info_module libexec/mod_info.so
LoadModule includes_module libexec/mod_include.so
LoadModule autoindex_module libexec/mod_autoindex.so
LoadModule dir_module libexec/mod_dir.so
LoadModule cgi_module libexec/mod_cgi.so
LoadModule asis_module libexec/mod_asis.so
LoadModule imap_module libexec/mod_imap.so
LoadModule action_module libexec/mod_actions.so
LoadModule speling_module libexec/mod_speling.so
LoadModule userdir_module libexec/mod_userdir.so
LoadModule alias_module libexec/mod_alias.so
LoadModule rewrite_module libexec/mod_rewrite.so
LoadModule access_module libexec/mod_access.so
LoadModule auth_module libexec/mod_auth.so
LoadModule anon_auth_module libexec/mod_auth_anon.so
LoadModule db_auth_module libexec/mod_auth_db.so
LoadModule digest_module libexec/mod_digest.so
LoadModule proxy_module libexec/libproxy.so
LoadModule cern_meta_module libexec/mod_cern_meta.so
LoadModule expires_module libexec/mod_expires.so
LoadModule headers_module libexec/mod_headers.so
LoadModule usertrack_module libexec/mod_usertrack.so
LoadModule unique_id_module libexec/mod_unique_id.so
LoadModule setenvif_module libexec/mod_setenvif.so
# Mod_Perl
LoadModule perl_module libexec/libperl.so
# PHP4
LoadModule php4_module libexec/libphp4.so
<IfDefine SSL>
LoadModule ssl_module libexec/libssl.so
</IfDefine>
# Reconstruction of the complete module list from all available modules
# (static and shared ones) to achieve correct module execution order.
# [WHENEVER YOU CHANGE THE LOADMODULE SECTION ABOVE UPDATE THIS, TOO]
ClearModuleList
AddModule mod_vhost_alias.c
AddModule mod_env.c
AddModule mod_define.c
AddModule mod_log_config.c
AddModule mod_mime_magic.c
AddModule mod_mime.c
AddModule mod_negotiation.c
AddModule mod_status.c
AddModule mod_info.c
AddModule mod_include.c
AddModule mod_autoindex.c
AddModule mod_dir.c
AddModule mod_cgi.c
AddModule mod_asis.c
AddModule mod_imap.c
AddModule mod_actions.c
AddModule mod_speling.c
AddModule mod_userdir.c
AddModule mod_alias.c
AddModule mod_rewrite.c
AddModule mod_access.c
AddModule mod_auth.c
AddModule mod_auth_anon.c
AddModule mod_auth_db.c
AddModule mod_digest.c
AddModule mod_proxy.c
AddModule mod_cern_meta.c
AddModule mod_expires.c
AddModule mod_headers.c
AddModule mod_usertrack.c
AddModule mod_unique_id.c
AddModule mod_so.c
AddModule mod_setenvif.c
AddModule mod_perl.c
AddModule mod_php4.c
<IfDefine SSL>
AddModule mod_ssl.c
</IfDefine>
#ExtendedStatus On
Port 80
## SSL Support
<IfDefine SSL>
Listen 80
Listen 443
</IfDefine>
#User nobody
#Group nobody
User www
Group www
ServerAdmin you@host.com
ServerName host.com
DocumentRoot "/usr/www/htdocs"
#<Directory />
# Options FollowSymLinks
# AllowOverride None
#</Directory>
<Directory "/usr/www/htdocs">
Options All MultiViews
AllowOverride All
Order allow,deny
Allow from all
Deny from lus3r.haxX0r.org
</Directory>
UserDir public_html
DirectoryIndex index.html index.shtml index.htm index.pl index.cgi index.phtml index.php
AccessFileName .htaccess
<Files ~ "^\.ht">
Order allow,deny
Deny from all
</Files>
#CacheNegotiatedDocs
UseCanonicalName On
TypesConfig /usr/www/conf/mime.types
DefaultType text/plain
<IfModule mod_mime_magic.c>
MIMEMagicFile /usr/www/conf/magic
</IfModule>
HostnameLookups Off
ErrorLog /usr/www/logs/errors.log
LogLevel warn
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
#CustomLog /var/log/apache_access_log common
#CustomLog /var/log/apache_referer_log referer
#CustomLog /var/log/apache_agent_log agent
CustomLog /usr/www/logs/apache.access.log combined
ServerSignature Email
Alias /icons/ "/usr/www/htdocs/icons/"
<Directory "/usr/www/htdocs/icons">
Options Indexes MultiViews
AllowOverride None
Order allow,deny
Allow from all
</Directory>
ScriptAlias /cgi-bin/ "/usr/www/htdocs/cgi-bin/"
<Directory "/usr/www/htdocs/cgi-bin">
AllowOverride None
Options None
Order allow,deny
Allow from all
</Directory>
IndexOptions FancyIndexing
AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip
AddIconByType (TXT,/icons/text.gif) text/*
AddIconByType (IMG,/icons/image2.gif) image/*
AddIconByType (SND,/icons/sound2.gif) audio/*
AddIconByType (VID,/icons/movie.gif) video/*
AddIcon /icons/binary.gif .bin .exe
AddIcon /icons/binhex.gif .hqx
AddIcon /icons/tar.gif .tar
AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv
AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip
AddIcon /icons/a.gif .ps .ai .eps
AddIcon /icons/layout.gif .html .shtml .htm .pdf
AddIcon /icons/text.gif .txt
AddIcon /icons/c.gif .c
AddIcon /icons/p.gif .pl .py
AddIcon /icons/f.gif .for
AddIcon /icons/dvi.gif .dvi
AddIcon /icons/uuencoded.gif .uu
AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl
AddIcon /icons/tex.gif .tex
AddIcon /icons/bomb.gif core
AddIcon /icons/back.gif ..
AddIcon /icons/hand.right.gif README
AddIcon /icons/folder.gif ^^DIRECTORY^^
AddIcon /icons/blank.gif ^^BLANKICON^^
DefaultIcon /icons/unknown.gif
AddDescription "GZIP compressed document" .gz
AddDescription "tar archive" .tar
AddDescription "GZIP compressed tar archive" .tgz
ReadmeName README
HeaderName HEADER
IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t
AddEncoding x-compress Z
AddEncoding x-gzip gz tgz
AddLanguage da .dk
AddLanguage nl .nl
AddLanguage en .en
AddLanguage et .ee
AddLanguage fr .fr
AddLanguage de .de
AddLanguage el .el
AddLanguage it .it
AddLanguage pt .pt
AddLanguage ltz .lu
AddLanguage ca .ca
AddLanguage es .es
AddLanguage sv .se
AddLanguage cz .cz
LanguagePriority en da nl et fr de el it pt ltz ca es sv
# And for PHP 4.x, use:
#
AddType application/x-httpd-php .php
AddType application/x-httpd-php-source .phps
AddType application/x-tar .tgz
AddHandler cgi-script .cgi
AddType text/html .shtml
AddHandler server-parsed .shtml
#AddHandler send-as-is asis
#AddHandler imap-file map
#AddHandler type-map var
#MetaDir .web
#MetaSuffix .meta
XBitHack full
CheckSpelling on
BrowserMatch "Mozilla/2" nokeepalive
BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
BrowserMatch "RealPlayer 4\.0" force-response-1.0
BrowserMatch "Java/1\.0" force-response-1.0
BrowserMatch "JDK/1\.0" force-response-1.0
<Location /server-status>
SetHandler server-status
Order deny,allow
Deny from all
Allow from localhost
</Location>
<Location /server-info>
SetHandler server-info
Order deny,allow
Deny from all
Allow from localhost
</Location>
PerlModule Apache::Registry
<Location /perl-bin>
SetHandler perl-script
PerlHandler Apache::Registry
Options ExecCGI
PerlSendHeader on
</Location>
<Files ~ "\.pshtml$">
SetHandler perl-script
PerlHandler Apache:SSI
</Files>
<Location /cgi-bin/phf*>
Deny from all
ErrorDocument 403 http://phf.apache.org/phf_abuse_log.cgi
</Location>
NameVirtualHost 127.0.0.1
## SSL Global Context
##
## All SSL configuration in this context applies both to
## the main server and all SSL-enabled virtual hosts.
# Some MIME-types for downloading Certificates and CRLs
<IfDefine SSL>
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
</IfDefine>
<IfModule mod_ssl.c>
SSLPassPhraseDialog builtin
#SSLSessionCache none
#SSLSessionCache shm:/var/run/apache_ssl_scache(512000)
SSLSessionCache dbm:/var/run/apache_ssl_scache
SSLSessionCacheTimeout 300
SSLMutex file:/var/run/apache_ssl_mutex
# Use Builtin for *BSD
#SSLRandomSeed startup builtin
#SSLRandomSeed connect builtin
SSLRandomSeed startup file:/dev/random 512
SSLRandomSeed startup file:/dev/urandom 512
SSLRandomSeed connect file:/dev/random 512
SSLRandomSeed connect file:/dev/urandom 512
SSLLog /var/log/apache_ssl_engine_log
SSLLogLevel info
</IfModule>
<IfDefine SSL>
#
## SSL Virtual Host Context
##
<VirtualHost 127.0.0.1:443>
DocumentRoot "/usr/www/htdocs"
ServerName secure.localhost.net
ServerAdmin you@host.com
ErrorLog /usr/www/logs/error.ssl.log
TransferLog /usr/www/logs/access.ssl.log
Options All MultiViews
IndexOptions FancyIndexing
SSLEngine on
#SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /usr/www/conf/ssl.crt/server.crt
#SSLCertificateFile /usr/www/conf/ssl.crt/server-dsa.crt
SSLCertificateKeyFile /usr/www/conf/ssl.key/server.key
#SSLCertificateKeyFile /usr/www/conf/ssl.key/server-dsa.key
#SSLCertificateChainFile /usr/www/conf/ssl.crt/ca.crt
#SSLCACertificatePath /usr/www/conf/ssl.crt
#SSLCACertificateFile /usr/www/conf/ssl.crt/ca-bundle.crt
#SSLCARevocationPath /usr/www/conf/ssl.crl
#SSLCARevocationFile /usr/www/conf/ssl.crl/ca-bundle.crl
#SSLVerifyClient require
#SSLVerifyDepth 10
#SSLOptions +FakeBasicAuth +ExportCertData +CompatEnvVars +StrictRequire
<Files ~ "\.(cgi|shtml)$">
SSLOptions +StdEnvVars
</Files>
<Directory "/usr/www/htdocs/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
CustomLog /var/log/apache_ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
</IfDefine>
<VirtualHost 127.0.0.1:80>
ServerName host.com
Redirect / http://www.host.com/
</VirtualHost>
<VirtualHost 127.0.0.1:80>
ServerName www.host.com
DocumentRoot /usr/www/htdocs
SSLEngine off
Options All MultiViews
IndexOptions FancyIndexing
ServerAdmin you@host.com
ErrorLog /usr/www/logs/host.com.error.log
TransferLog /usr/www/logs/host.com.access.log
</VirtualHost>
Now, just fix the permissions on everything, and you should be ready to start.
# chown www /usr/www/*
# chown www /usr/www/*.*
# chown mysql /usr/db/*
# chown mysql /usr/db/*.*
That's It!
Now, just change to Apache's binary directory, and start it up!
# cd /usr/www/sbin
# ./apachectl startssl
You'll be promted for your SSL passphrase. Enter it, and the server will start right up. In theroy at least. If your server fails to start, check and double check the conf file, and be sure to take a look at the error_log. Most problems to do with this configuration are due to typos in the conf file, and not problems with the build of the server.
You should now be able to telnet to port 80 on the localhost machine, request the http header, and see something like this: Apache/1.3.14 (Unix) mod_ssl/2.7.1 OpenSSL/0.9.6 PHP/4.0.3 mod_perl/1.24 . Or, you can go to a site like netcraft and use their query utility on your machine's IP or hostname. You should also be able to connect to port 443 and try the https query. That's it, you now have a single Apache process which can serve both http and https requests, while parsing mod_perl and PHP4, while talking to a MySQL database. Cool, huh?
Static - 2000-11-13 03:49:46
But what if I'd like to compile all these modules staticly without using dso?
posted by Maxim
Thanx! - 2000-11-12 05:38:03
Don't wanna say much, just lotta thanx for the article
posted by maxound
central frame -- too wide - 2000-11-12 02:19:50
The central frame is wider then 800 pixels , ever tryied to read this article in 800*600 monitor resolution ? I'm trying now :(
posted by poor 800*600 reader
ApacheTools - 2000-11-11 19:48:39
Really really nice article, handles most everything that I have near the top of my "things i gotta do on linux"
But everyone might also want to check out http://apachetools.com
a script that lets you choose which parts you want and downloads, compiles the source, and configures it etc.
posted by Slin Lee
I have to agree with FHS - 2000-11-11 17:33:27
Considering that so many Linux users will be following these instructions, it would have been nice if the Filesystem Hierarchy Standard was adhered to.
posted by reed
Very very good article - 2000-11-11 14:23:18
It makes sense!, I'm really excited to get in front of my computer and try all wrote down here, right this evening ... thank you, this is so useful and it gives me some ideas to improve some features to test on my little server, I was lost in how to get some packages described here .. :)
posted by Marinho
apachetools - 2000-11-11 05:50:56
very nice article, but all i have to add is : http://apachetools.com
a script that lets you choose which parts you want to install, downloads the source and then compiles and configures it.
posted by Slin Lee
Response to "Evil Filesystem Recommendations" - 2000-11-10 19:54:12
I state quite clearly in the article why I recommend using a general directory scheme for installing apache/mysql.
Experience has shown me that using one general directory scheme for commonly messed with things (namely apache as I'm always adding vhosts and the like) is a good thing #153;. This way, I don't have to go hunting around for things and trying to remember each and every OS's directory scheme.
Having administrated thousands of machines with every OS under the sun on them, I can safely say that it is generally a good idea to have things under a common filesystem heirarchy. This is because there is no "STANDARD" filesystem heirarchy for each and every OS.
-- Paul Summers
posted by Paul Summers
i'd do it like this: - 2000-11-10 16:21:55
If that really was a Debian box, I ould do:
# apt-get install openssl libapache-mod-ssl libapache-mod-perl apache mysql-server php4 php4-mysql ...
then setup mod_ssl, because it's the only thing that APT/Debian doesn't handle for you.
or, if I really wanted to compile everything from source:
# apt-get -b source openssl libapache-mod-ssl libapache-mod-perl apache mysql-server php4 php4-mysql ...
# dpkg -i ...
It's really that simple!
apt-get into it ;-)
http://www.debian.org
Author's Comment: The reason I did not use apt-get to install everything (and yes, it is a Debian box) is that I wanted the article to have a level of platform-independance. apt-get won't do much for someone running FreeBSD or Solaris. :) I noted so in the article, but it seems to have disappeared in the editing process. :)
posted by pavel
Received error in make in step 4 - 2000-11-10 12:05:54
I received the following error, and do not know where to go from here. I tried to hack at it the best I can, with no avail. Everything up to this worked fine.
Here is the output:
===> src/main
gcc -c -I/usr/www/mm/include -I../os/unix -I../include -DLINUX=2 -DMOD_SSL=207
101 -DUSE_HSREGEX -DEAPI -DEAPI_MM -DUSE_EXPAT -I../lib/expat-lite `../apaci` ge
n_test_char.c
gcc -DLINUX=2 -DMOD_SSL=207101 -DUSE_HSREGEX -DEAPI -DEAPI_MM -DUSE_EXPAT -I../
lib/expat-lite `../apaci` -L/usr/www/mm/lib -o gen_test_char gen_test_char.o -
lm -lcrypt -lndbm -lmm -ldl
./gen_test_char >test_char.h
./gen_test_char: error in loading shared libraries: libmm.so.11: cannot open sha
red object file: No such file or directory
make[3]: *** [test_char.h] Error 127
make[2]: *** [subdirs] Error 1
make[2]: Leaving directory `/usr/www/apache_1.3.14/src'
make[1]: *** [build-std] Error 2
make[1]: Leaving directory `/usr/www/apache_1.3.14'
make: *** [build] Error 2
Any thoughts? Thanx in advance.
posted by Layton Welborn
Awsome - 2000-11-10 10:38:20
This is a really good article. It helped me clear up some issues I was having
posted by hax
Evil path recommendations - 2000-11-10 09:36:19
Why do you make recommendations such as /usr/www when the FHS specifies /var/www for that?
There is a reason it is called the Filesystem Heirarchy STANDARD.
Teaching bad habits in a setting such as this is deplorable.
posted by FHS
Thank you - 2000-11-10 08:20:56
Thank you for a great resource article. Definitely a keeper!
posted by Michael Felzien
apache, mysql, ssl, etc - 2000-11-10 06:58:57
This is a very good article that i will try out in the next few days.
A very nice future addition would be the creation of a simple database and web page that shows a secure transaction.
posted by neville
Please share a comment:
You are posting anonymously. Create an account.
Please note that comments are moderated. This is done by a
volunteer staff. In other words, not all comments will actually be posted
here. All of your comments are appreciated though, so please contribute a
comment and we will try to post as many as possible.
Please also note that your comment may be displayed alongside your name,
email address and url, as supplied on your account details.
|