The software said it requires Microsoft IIS 4 or better, so I installed Apache.
In this chapter:
Configuration Special Topics
In this chapter, we first discuss the process of building a full-featured Apache web server with Perl scripting and SSL/TLS capabilities; our discussion takes the form of a step-by-step tutorial that introduces the Apache AutoConf-style Interface (APACI). The procedure includes getting and extracting the distributions, configuring the source trees, building the packages, and finally installing the packages. A complete reference follows the tutorial and covers all command-line variables and options of APACI in detail. Selected Apache configuration special topics are also discussed in more detail at the end of the chapter.
3.1 Sample Step-by-Step Installation
Here we build a full-featured Apache web server with Perl scripting and SSL/TLS capabilities.
In the first part of this chapter, we show a complete step-by-step installation procedure for an Apache server including two extensions, mod_perl and mod_ssl. These two particular modules were selected because they are also covered in Chapter 4 (the configuration chapter). Other popular third-party modules such as mod_php3, mod_dav, and mod_jserv can be added in an analogous fashion. You can therefore treat this section as an installation tutorial intended to help you better understand the configuration reference in Section 3.2 and to get a general impression of how to perform a complex Apache installation.
3.1.1 File System Preparation
For installing Apache you need 25MB free disk space for installation plus 60MB temporary disk space.
As the first step, you must decide where the server package should be installed. That is, you have to choose a common installation path prefix, such as /usr/local/apache. This prefix is important because it is required repeatedly in the installation procedure. All packages will be installed in subdirectories under this prefix. The file system on which this path prefix will reside must have at least 25MB of free disk space available. In addition, you need a working directory where the packages can be built prior to the installation. For this temporary area, additional disk space of at least 60MB is required.
3.1.2 Obtaining the Source Distribution
Next, you must obtain the Apache source distribution. Although so-called binary distributions are available, we recommend that you start with the source distribution, except in those very rare cases where no C compiler is available. First, determine the latest version number of Apache by looking at the Apache home page (http://www.apache.org/httpd). It always includes a note about the latest version.
Table 3.1. The involved software packages
For instance, at the time of this writing, the most recent Apache version was 1.3.12. To grab the source distribution, you can use a browser and fetch it via HTTP from the area http://www.apache.org/dist/. Apache is also available from mirror locations around the world. The list of available locations can be found at http://www.apache.org/mirrors/.
All of these software packages are available free of charge on the Internet.
In this book, we also cover two popular Apache extensions, mod_perl (the Apache interface to Perl) and mod_ssl (the Apache interface to OpenSSL). You must therefore obtain the distributions of four additional packages: the Perl interpreter (www.perl.com), the mod_perl module (perl.apache.org), the OpenSSL toolkit (www.openssl.org), and the mod_ssl module (www.modssl.org).
Table 3.1 on the preceding page summarizes the download locations for the latest stable version of all involved packages. If they have changed since this book's publication, start over with the home page of the package to find the latest version and current download location.
To build the packages, move the distribution files into your chosen working directory and extract the five distribution "tarballs" there.
$ gunzip -c apache_1.3.12.tar.gz | tar xvf- apache_1.3.12/ apache_1.3.12/src/ apache_l.3.12/src/ap/ : $ gunzip -c mod_perl-1.24.tar.gz | tar xvf- mod_perl-l.24/ mod_perl–1.24/t/ mod_perl-l.24/t/docs/ : $ gunzip -c perl-5.005_03.tar.gz | tar xvf- perl5.005_03/ perl5.005_03/Artistic perl5.005_03/Changes : $ gunzip -c mod_ssl-2.6.6-1.3.l2.tar.gz | tar xvf- mod_ssl-2.6.6-1.3.12/ANNOUNCE mod_ssl-2.6.6-1.3.12/CHANGES mod_ssl-2.6.6-1.3.12/CREDITS : $ gunzip -c openssl-0.9.6.tar.gz | tar xvf- openssl-0.9.6/CHANGES openssl-0.9.6/CHANGES.SSLeay openssl-0.9.6/Configure :
3.1.3 Package Prerequisites
To build the complex Apache modules, the third-party packages must usually be installed first.
The Apache build process discussed later in this chapter depends on the availability of the mod_perl and mod_ssl modules. But these, in turn, depend on the Perl and OpenSSL third-party packages. For this reason, a prerequisite to building Apache with these modules is to build these two packages first. Follow these steps to install Perl and OpenSSL:
Go into the source tree of Perl and follow the directions in the INSTALL document found there. The typical installation steps will look like the following:
$ cd perl-5.005.03 $ sh Configure -d -s -e -Dprefix=/usr/local/apache First let's make sure your kit is complete. Checking... Locating common programs... : $ make 'sh cflags libperl.a miniperlmain.o' miniperlmain.c CCCMD = cc -DPERL_CORE -c -I/usr/local/include -0 : $ make install ./perl installperl mkdir /usr/local/apache/bin : $ (cd /usr/include; /usr/local/apache/bin/h2ph *.h sys/*.h machine/*.h) a.out.h -> a.out.ph acl.h -> acl.ph : $ cd..
Good packages usually do not require you to manually edit their configuration. Instead, they provide some sort of autoconfiguration mechanism.
Go into the source tree of OpenSSL and follow the directions in its INSTALL document. The typical installation steps will be similar to the following:
$ cd openssl-0.9.6 $ sh config --prefix=/usr/local/apache Operating system: i386-whatever-freebsd3 Configuring for FreeBSD-elf : $ make making all in crypto... echo "#define DATE ..'date'ii >date.h gcc -I. -I../include -DTERMIOS -DL_ENDIAN ... : $ make install installing crypto... making install in crypto/md2... : $ cd..
Complex Apache modules usually provide automated ways to get to the Apache source tree. Most rely on APACI features.
After you complete these steps, the Perl interpreter and the OpenSSL toolkit will be installed under /usr/local/apache. Now, you must proceed with the application of mod_perl and mod_ssl to the Apache source tree.
Follow these steps:
Go into the source tree of mod_perl and follow the directions in the INSTALL.apaci document found there. Many configuration options are available for mod_perl, although the typical installation steps will look like the following:
$ cd mod_perl-1.24 $ /usr/local/apache/bin/perl Makefile.PL APACHE.SRC=../apache.1.3.12 DO_HTTPD=1 USE_APACI=1 PREP_HTTPD=1 EVERYTHING=1 Will configure via APACI (cd ../apache_l.3.12/src && ./Configure -file Configuration) : $ make mkdir blib mkdir blib/lib cp ../apache-1.3.12/src/include/http_protocol.h ... : $ make install Installing /usr/local/apache/lib/per15/site_perl/5.005/... : $ cd..
Go into the source tree of mod_ssl and follow the directions in its INSTALL document. Once again, many configuration options are available, but the typical installation steps will look like the following:
$ cd mod_ssl-2.6.6-1.3.12 $ ./configure -with-apache=../apache_l.3.12 Configuring mod_ssl/2.6.3 for Apache/1.3.12 + Apache location: ../apache_l.3.12 (Version 1.3.12) : $ cd..
3.1.4 Configuring the Apache Source Tree
The recommended standard way to configure the Apache 1.3 source tree is the new Apache AutoConf-style Interface.
The next major step is to configure the Apache source tree. You must select the desired modules, the compiler and flags used for building, the installation path layout, and other features. Typically, you will use the Apache AutoConf-style Interface (APACI)— a script named "configure" you will find in the top-level of the Apache source tree.1 This script provides numerous options that allow you to flexibly configure the build and installation. A complete option reference appears in Section 3.2.
The minimal configuration step usually takes the following form:
$ cd apache_1.3.12 $ ./configure --prefix=/usr/local/apache Configuring for Apache, Version 1.3.12 : $ cd..
APACI offers lots of command-line options, which at first look are ugly. Once you become familiar with APACI, you will enjoy its consistent and batch-capable nature.
Because we want to build Apache with our two additional modules and because it's reasonable to build Apache as flexibly as possible with the help of the Dynamic Shared Object (DSO) facility, we recommend the following steps:
$ cd apache_1.3.12 $ env SSL_BASE=/usr/local/apache ./configure --target=apache --with layout=GNU --without-confadjust --prefix-=/usr/local/apache --with-perl=/usr/local/apache/bin/perl --activate-module=src/modules/perl/libperl.a --enable-module=perl --enable-module=ssl —enable-shared=remain Configuring for Apache, Version 1.3.12 + using installation path layout: GNU (config.layout) + activated perl module (modules/perl/libperl.a) Creating Makefile Creating Configuration.apaci in src Creating Makefile in src + configured for FreeBSD 3.1 platform + setting C compiler to gcc + setting C pre-processor to gcc -E + checking for system header files + using custom target name: apache + adding selected modules o rewrite_module uses ConfigStart/End enabling DBM support for mod_rewrite o dbm_auth_module uses ConfigStart/End o db_auth_module uses ConfigStart/End using Berkeley-DB/1 .x for mod.auth_db (–lc) o ssl_module uses ConfigStart/End + SSL interface: mod_ssl/2.6.3 + SSL interface build type: OBJ + SSL interface compatibility: enabled + SSL interface experimental code: disabled + SSL interface vendor extensions: disabled + SSL interface plugin: Vendor DBM (libc) + SSL library path: /usr/local/apache + SSL library version: OpenSSL 0.9.6 + SSL library type: installed package (stand-alone) + SSL library plugin mode: none o perl-module uses ConfigStart/End + mod_perl build type: OBJ + id: mod.perl/1.24 + id: Perl/5.00503 (freebsd) [[/usr/local/apache/bin/perl] + setting up mod_perl build environment + adjusting Apache build environment + enabling Perl support for SSI (mod_include) + enabling Extended API (EAPI) + doing sanity check on compiler and options Creating Makefile in src/support :
APACI options are just what their name implies: optional. Don't get confused by the large number of available options -they are just available for fine-tuning, but are not mandatory.
These steps configure Apache as follows:
The SSL_BASE variable locates the installed OpenSSL package for module mod_ssl.
--target names the program "apache" (the default is "httpd").
--with-layout selects a GNU-style file system layout (the default is an old-style "Apache" layout).
--prefix specifies the installation path prefix.
--sbindir ensures that all binaries are installed into a single directory for binaries.
--with-perl locates the installed Perl package for mod_perl.
--activate-module activates the mod_perl module for the configuration process.
The two --enable-module options enable mod_perl and mod_ssl.
--enable-shared forces all unenabled modules to be built as DSOs for later loading on demand.
3.1.5 Building and Installing Apache
The final step is to actually build the Apache package ingredients and install them under our selected installation path prefix. Because we used APACI, this task is easy and usually involves only two simple commands:
$ make ===> src ===> src/os/unix gcc -c -I../.. -I../../os/unix -I../../ ... : $ make install ===> [mktree: Creating Apache installation tree] ./src/helpers/mkdir.sh /usr/local/apache/bin ./src/helpers/mkdir.sh /usr/local/apache/bin :
Of course, we used mod_ssl. Consequently, a X.509 server certificate and private key are required, though they can be dummy ones for testing purposes. The following steps are required in our situation:
$ make ===> src ===> src/os/unix gcc -c -I../.. -I../../os/unix -I../../ ... : $ make certificate TYPE=dummy SSL Certificate Generation Utility (mkcert.sh) : $ make install ===> [mktree: Creating Apache installation tree] ./src/helpers/mkdir.sh /usr/local/apache/bin ./src/helpers/mkdir.sh /usr/local/apache/bin :
Installing a ready-to-run Apache web server with the help of APACI is just a matter of a few make commands.
Voilà! You have now successfully installed an Apache web server including mod_perl and mod_ssl under /usr/local/apache. Your reward is an out-of-the-box usable Apache web server including Perl scripting and SSL/TLS functionality. To verify that it works properly, fire up your new server from the root user account…
$ su Password: # /usr/local/apache/sbin/apachectl startssl /usr/local/apache/bin/apachectl startssl: httpd started % $ ps -ax|grep -i apache % 8593 ?? Ss 0:01.87 /usr/local/apache/sbin/apache -DSSL % 8594 ?? S 0:00.00 /usr/local/apache/sbin/apache -DSSL % 8595 ?? S 0:00.00 /usr/local/apache/sbin/apache -DSSL % 8596 ?? S 0:00.00 /usr/local/apache/sbin/apache -DSSL % 8597 ?? S 0:00.00 /usr/local/apache/sbin/apache -DSSL % 8598 ?? S 0:00.00 /usr/local/apache/sbin/apache -DSSL
… and try to connect to it with your favorite browser via both HTTP and HTTPS through the URLs http://localhost/ and https://localhost/. Both protocols should be usable.