Apache/mod perl/mod php/mod ssl installation

From Brandonhutchinson.com

Jump to: navigation, search

Contents

Overview

In this example, I install the following on a RHEL AS 2.1 system:

  • Apache 1.3.41
  • openssl-0.9.7m
  • mm-1.4.2
  • mod_ssl 2.8.31-1.3.41
  • mod_perl-1.30
  • php-4.4.9 (mod_php)

Build the OpenSSL library

I was unable to get any version of OpenSSL 0.9.8 to work with mod_ssl and Apache on RHEL AS 2.1. Apache would SEGFAULT every time it was started with SSL enabled. The 2.4.9 kernel may be at fault[1]. Therefore, the latest version of OpenSSL 0.9.7 as of this writing was chosen.

$ tar zxvf openssl-0.9.7m.tar.gz
$ cd openssl-0.9.7m
$ sh config shared -fPIC
$ make
# make install
$ cd ..

From $OPENSSL_SRC/INSTALL:

 shared        In addition to the usual static libraries, create shared
               libraries on platforms where it's supported.  See "Note on
               shared libraries" below.

From $APACHE_SRC/INSTALL.ssl:

    NOTE: The -fPIC option builds OpenSSL with Position Independent Code
          (PIC) which is only important when building mod_ssl as a
          Dynamic Shared Object (DSO). Please notice, that you really
          have to use -fPIC and not -fpic, as the latter will usually
          cause the build to fail. See below for more details.

Add /usr/local/ssl/lib to linker path

# echo /usr/local/ssl/lib >> /etc/ld.so.conf
# ldconfig

Without this change, libssl.so cannot find its shared library dependencies.

# ldd /usr/local/apache/libexec/libssl.so
       libssl.so.0.9.7 => not found
       libcrypto.so.0.9.7 => not found
       libc.so.6 => /lib/i686/libc.so.6 (0x4003d000)
       /lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x80000000)

Also, you may encounter problems installing PHP.

# make install
...
/tmp/php-4.4.8/sapi/cli/php: error while loading shared libraries: libssl.so.0.9.7: cannot open shared  object file: No such file or directory
make[1]: *** [install-pear-packages] Error 127
make: *** [install-pear] Error 2

Build the MM Shared Memory library

From $APACHE_SRC/INSTALL.SSL:

 4. Optionally you now can build the MM Shared Memory library when you want
    shared memory support in Apache/EAPI. For instance this allows mod_ssl to
    use a high-performance RAM-based session cache instead of a disk-based
    one.
$ tar zxvf mm-1.4.2.tar.gz
$ cd mm-1.4.2
$ ./configure --disable-shared
$ make
$ cd ..

From $APACHE_SRC/INSTALL.SSL:

     NOTE: Do not forget the --disable-shared option above. Else you've
          to establish an explicit LD_LIBRARY_PATH which includes the
          /path/to/mm-1.1.x/.libs/ directory or the compilation of Apache
          will fail because the shared library cannot be found.

Extract the Apache source

The Apache source must be extracted for the remaining steps.

$ tar zxvf apache_1.3.41.tar.gz

Configure the Apache source tree for mod_ssl

$ tar zxvf mod_ssl-2.8.31-1.3.41.tar.gz
$ cd mod_ssl-2.8.31-1.3.41
$ ./configure --with-apache=../apache_1.3.41 --with-ssl=/usr/local/ssl --with-mm=../mm-1.4.2 --prefix=/usr/local/apache 
$ cd ..

Note: --enable-shared=ssl is not needed in the above configure command, as we will build modules in the Apache source tree as DSOs with the below --enable-shared=max.

From $APACHE_SRC/INSTALL.SSL:

       NOTE: The --enable-shared=ssl option enables the building of mod_ssl
             as a DSO `libssl.so'. Read the INSTALL and
             htdocs/manual/dso.html documents in the Apache source tree for
             more information about DSO support in Apache. We strongly advise
             ISPs and package maintainers to use the DSO facility for maximum
             flexibility with mod_ssl.  But notice that DSO is not supported
             by Apache on all platforms.

Build Apache with mod_ssl

$ cd apache-1.3.41
$ ./configure --prefix=/usr/local/apache --enable-module=most --enable-shared=max
$ make
# make install
$ cd ..

Description of --enable-module=most and --enable-shared=max from README.configure:

 This first enables most of the modules (all modules except some problematic
 ones like mod_auth_db which needs third party libraries not available on
 every platform or mod_log_agent and mod_log_referer which are deprecated)
 and then enables DSO support for all of them. This way you get all these
 modules installed and you then can decide under runtime (via the
 `LoadModule') directives which ones are actually used. This is especially
 useful for vendor package maintainers to provide a flexible Apache package.

Here is a list additional modules compiled with --enable-module-all and --enable-shared=max:

mod_example.so
mod_mmap_static.so
mod_log_agent.so
mod_log_referer.so
mod_auth_db.so

Build mod_perl

$ tar zxvf mod_perl-1.0-current.tar.gz
$ cd mod_perl-1.30
$ perl Makefile.PL USE_APXS=1 WITH_APXS=/usr/local/apache/bin/apxs EVERYTHING=1
$ make
# make install
$ cd ..

From $MOD_PERL_SRC/INSTALL.apaci:

Above we've seen how to build mod_perl as DSO I<inside> the Apache source
tree. But there is a nifty alternative: Building mod_perl as DSO I<outside>
the Apache source tree via the new Apache 1.3 support tool C<apxs> (APache
eXtension). The advantage is obvious: You can extend an already installed
Apache with mod_perl even if you don't have the sources (for instance you
installed an Apache binary package from your vendor).
...
This will build the DSO C<libperl.so> B<outside> the Apache source tree with
the new Apache 1.3 support tool C<apxs> and installs it into the existing
Apache hierarchy.

Build mod_php

$ tar zxvf php-4.4.9.tar.gz
$ cd php-4.4.9
$ ./configure --with-apxs=/usr/local/apache/bin/apxs
$ make
# make install
$ cd ..

Download links

Personal tools