安裝支援 EAPI 及 DSO 的 Apache/1.3.33 (Unix) mod_ssl/2.8.22 OpenSSL/0.9.7g mod_perl/1.29 PHP/4.3.11

Tagged:  


初版日期  :2003年12月23日
最後更新日期:2005年4月12日 (更新Apache及所有模組至最新的版本)

由於最近協助朋友將伺服器設定至支援 Movable Type, 以致必須重新編譯 Apache。鑑於我不想將 mod_ssl 的程式碼直接加到 apache 內再編譯, 又不想將編譯兩套 apache (即 apache 及 apache-ssl) 後分開執行, 便結合多個網址的介紹才把 apache+mod_ssl+mod_perl+php 以全 DSO (Dynamic Shared Object) 及 Apache-EAPI (Apache with Extended API) 的模式編譯。

既然自己用這麼多時間研究, 決定放上來向網友分享吧! 如果大家發現任何錯漏, 請指正。

Apache/1.3.33 (Unix) mod_ssl/2.8.22 OpenSSL/0.9.7g mod_perl/1.29 PHP/4.3.11

$ mkdir ~/temp
$ mkdir ~/src

$ cd ~/temp
$ wget -c http://www.apache.org/dist/httpd/apache_1.3.33.tar.gz
$ wget -c http://static.php.net/www.php.net/distributions/php-4.3.11.tar.gz
$ wget -c http://perl.apache.org/dist/mod_perl-1.29.tar.gz
$ wget -c http://www.apache.org/dist/httpd/libapreq/libapreq-1.3.tar.gz
$ wget -c http://www.modssl.org/source/mod_ssl-2.8.22-1.3.33.tar.gz
$ wget -c http://www.openssl.org/source/openssl-0.9.7g.tar.gz

$ cd ~/src/
$ tar zxfv ~/temp/apache_1.3.33.tar.gz
$ tar zxfv ~/temp/php-4.3.11.tar.gz
$ tar zxfv ~/temp/mod_perl-1.29.tar.gz
$ tar zxfv ~/temp/libapreq-1.3.tar.gz
$ tar zxfv ~/temp/mod_ssl-2.8.22-1.3.33.tar.gz
$ tar zxfv ~/temp/openssl-0.9.7g.tar.gz

$ cd ~/src/openssl-0.9.7g
$ ./config
$ make

$ cd ~/src/mod_ssl-2.8.22-1.3.33
$ ./configure --with-apache=../apache_1.3.33 --with-eapi-only

$ cd ~/src/apache_1.3.33
$ ./configure --prefix=/usr/local/apache --enable-module=so \
--enable-module=rewrite --enable-rule=EAPI
$ make
$ su
# make install
# exit

$ cd ~/src/php-4.3.11
$ ./configure  --with-apxs=/usr/local/apache/bin/apxs --with-gettext \
--with-iconv --with-imap --enable-mbstring --with-mysql --with-pear
$ make
$ su
# make install
# cp -p php.ini-dist /usr/local/lib/php.ini-4.3.11
# cp -p php.ini-dist /usr/local/lib/php.ini

=> Edit your httpd.conf to load the PHP module

      LoadModule php4_module libexec/libphp4.so

=> And in the AddModule section of httpd.conf, somewhere under the 
   ClearModuleList, add this:

      AddModule mod_php4.c

=> Tell Apache to parse certain extensions as PHP

      AddType application/x-httpd-php .php .phtml
      AddType application/x-httpd-php-source .phps

# exit

$ cd ~/src/mod_perl-1.29
$ perl Makefile.PL USE_APXS=1 WITH_APXS=/usr/local/apache/bin/apxs \
EVERYTHING=1
$ make
$ su
# make install
# exit

$ cd ~/src/libapreq-1.3
$ perl Makefile.PL -apxs /usr/local/apache/bin/apxs
$ make
$ su
# make install
# exit

$ cd ~/src/mod_ssl-2.8.22-1.3.33
$ ./configure --with-ssl=../openssl-0.9.7g \
--with-apxs=/usr/local/apache/bin/apxs
$ vi pkg.sslmod/Makefile, add to the end of the CFLAGS=
      -I/usr/include/db1/
  and LIBS_SHLIB=
      -lgdbm
$ make
$ su
# make install
# /usr/local/apache/bin/apxs -i -a -n mod_ssl pkg.sslmod/libssl.so
=> Edit your httpd.conf to correct the ssl module

   from
      LoadModule mod_ssl_module         libexec/libssl.so
   to
      LoadModule ssl_module         libexec/libssl.so

# cd ../src/openssl-0.9.7g
# cp -p apps/openssl /usr/local/apache/bin/
# cp -p apps/openssl.cnf /usr/local/apache/bin/

# mkdir /usr/local/apache/conf/ssl/
# /usr/local/apache/bin/openssl genrsa -des3 -out \
/usr/local/apache/conf/ssl.key/server.key 1024
# /usr/local/apache/bin/openssl req -new -key \
/usr/local/apache/conf/ssl.key/server.key -out \
/usr/local/apache/conf/ssl.key/server.csr -config \
/usr/local/apache/bin/openssl.cnf
# /usr/local/apache/bin/openssl req -x509 -days 17 -key \
/usr/local/apache/conf/ssl.key/server.key \
-in /usr/local/apache/conf/ssl.key/server.csr -out \
/usr/local/apache/conf/ssl.crt/server.crt \
-config /usr/local/apache/bin/openssl.cnf

=> Create a shell command file /usr/local/apache/bin/sslpasswd (with mode 700)
   and add the following TWO links into it for passing the SSL passphrase when 
   starting apachectl

#!/bin/bash
echo password

=> Edit your httpd.conf to support mod_ssl with adding the followings directives:

Listen 443
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl    .crl
SSLPassPhraseDialog exec:/usr/local/apache/bin/sslpasswd
SSLSessionCache dbm:logs/ssl_scache
SSLSessionCacheTimeout 300
SSLMutex file:logs/ssl_mutex
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin

<VirtualHost *:443>
    SSLEngine On
    SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eN
ULL
    SSLCertificateFile conf/ssl.crt/server.crt
    SSLCertificateKeyFile conf/ssl.key/server.key
        <Files ~ "\.(cgi|shtml|phtml|php3?|php|inc)$">
            SSLOptions +StdEnvVars
        </Files>
        <Directory "/usr/local/apache2/cgi-bin">
            SSLOptions +StdEnvVars
        </Directory>
    SetEnvIf User-Agent ".*MSIE.*" \
            nokeepalive ssl-unclean-shutdown \
            downgrade-1.0 force-response-1.0
    CustomLog logs/ssl_request_log \
              "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>

# exit