Apache-mod_ssl-PHP-Howto

Version 1.0
Author: Falko Timme <ft [at] falkotimme [dot] com>
Last edited 02/22/2004

This document describes how to install an Apache web server (1.3.x) with mod_ssl and PHP enabled.

This howto is meant as a practical guide; it does not cover the theoretical backgrounds. They are treated in a lot of other documents in the web.

This document comes without warranty of any kind!

1 Get the Sources

We need the following software: openssl, apache (1.3.x), mod_ssl and PHP. We will install the software from the /tmp directory.

cd /tmp
wget http://www.openssl.org/source/openssl-0.9.7c.tar.gz
wget http://www.apache.de/dist/httpd/apache_1.3.29.tar.gz
wget http://www.modssl.org/source/mod_ssl-2.8.16-1.3.29.tar.gz

Then go to http://www.php.net and download the latest PHP version (4.3.4 at the time of this writing). Download it to your /tmp directory

2 Install Openssl

tar xvfz openssl-0.9.7c.tar.gz
cd openssl-0.9.7c
./config
make
make install

3 Configure and Install mod_ssl and apache

cd /tmp
tar xvfz apache_1.3.29.tar.gz
tar xvfz mod_ssl-2.8.16-1.3.29.tar.gz
cd mod_ssl-2.8.16-1.3.29
./configure --with-apache=../apache_1.3.29 --with-ssl=/usr/local/ssl/ --prefix=/usr/local/apache --enable-module=most --enable-shared=max --logfiledir=/var/log/httpd --htdocsdir=/usr/local/httpd/htdocs --bindir=/usr/bin --sbindir=/usr/sbin --sysconfdir=/etc/httpd (1 line!)

(The option --htdocsdir=/usr/local/httpd/htdocs specifies the the default location for documents that will be delivered by this web server is in /usr/local/httpd/htdocs.

Please note: You can change the configure command to suit to your needs. Type

./configure --help

to get a list of all configuration options available!)

cd ../apache_1.3.29
make
make certificate TYPE=custom

<- Signature Algorithm: R
<- Country Name: Type your country's name (e.g DE for Germany)
<- State or Province Name: e.g. Lower Saxony, California, etc.
<- Locality Name: e.g. Lueneburg, Los Angeles, Paris, London, etc.
<- Organization Name: e.g. the name of your company
<- Organizational Unit Name: e.g. IT Department
<- Common Name: e.g. My Company CA
<- Email Address: e.g. info@mycompany.tld
<- Certificate Validity: e.g. 365 (one year)
<- Certificate Version: 3
<- Country Name: see above
<- State or Province Name: see above
<- Locality Name: see above
<- Organization Name: see above
<- Organizational Unit Name: see above
<- Common Name: the fully qualified domain name (FQDN) of your server, e.g. www.example.com
<- Email Address: see above
<- Certificate Validity: see above
<- Certificate Version: 3
<- Encrypt the private key now? n
<- Encrypt the private key now? n

(Please note: It is safe to accept the default values for all the questions above because in either case you will receive a warning in your browser if you try to access an SSL site on your server:

If you do not want to get this warning you will have to get a "real" SSL certificate (but this is not for free!). Have a look at the following sites:

• http://www.instantssl.com/ (I would recommend this one.)
• http://www.verisign.com/
• http://www.thawte.com/
• http://www.baltimore.com/
• http://www.ipsca.com/
• http://www.entrust.com/
• http://www.geotrust.com/ )

make install

4 Install PHP

cd /tmp
tar xvfz php-4.3.4.tar.gz
cd php-4.3.4
./configure --with-apxs=/usr/sbin/apxs --enable-track-vars --enable-sockets --with-config-file-path=/etc --enable-ftp --with-zlib --with-openssl=/usr/local/ssl --enable-force-cgi-redirect --enable-exif --with-gd (1 line!)

(Please note: You can change the configure command to suit to your needs. Type

./configure --help

to get a list of all configuration options available! If you do not specify the --with-mysql[=DIR] option, the bundled MySQL library will be used. This works in most cases.

If you use --with-gd, and you get an error message because of a missing libpng library, install it and then re-run the configure command. On Debian,

apt-get install libpng-dev libpng2 libpng2-dev libpng3

worked fine for me to install libpng. If you have an rpm-based distribution, use http://www.rpmfind.net to find an rpm for you, or have a look at http://www.libpng.org/pub/png/libpng.html.)

make
make install

This will install a PHP binary (normally under /usr/local/bin/php) that can be run from the command line as well as an Apache module.

Now we have to create /etc/php.ini. The easiest way is to take the one that comes with the PHP sources:

cp /tmp/php-4.3.4/php.ini-dist /etc/php.ini

If you like you can now modify /etc/php.ini to suit to your needs.

5 Configure Apache

Now we have to add the following entry in /etc/httpd/httpd.conf (in the section where document types are handled; there should be entries like AddHandler or AddType):

AddType application/x-httpd-php .php .php4 .php3

Create /etc/init.d/httpd:

#!/bin/sh
          
case "$1" in
start)
  /usr/sbin/apachectl startssl
;;
stop)
  /usr/sbin/apachectl stop
;;
restart)
  $0 stop && sleep 3
  $0 start
;;
reload)
  $0 stop
  $0 start
;;
*)
echo "Usage: $0 {start|stop|restart|reload}"
exit 1
esac

chmod 755 /etc/init.d/httpd

In order to start your Apache at boot time do the following:

ln -s /etc/init.d/httpd /etc/rc2.d/S20httpd
ln -s /etc/init.d/httpd /etc/rc3.d/S20httpd
ln -s /etc/init.d/httpd /etc/rc4.d/S20httpd
ln -s /etc/init.d/httpd /etc/rc5.d/S20httpd
ln -s /etc/init.d/httpd /etc/rc0.d/K20httpd
ln -s /etc/init.d/httpd /etc/rc1.d/K20httpd
ln -s /etc/init.d/httpd /etc/rc6.d/K20httpd

Then start your Apache:

/etc/init.d/httpd start

6 Test your Configuration

netstat -tap

should show you that Apache uses the ports 80 (http) and 443 (https).

Now go to /usr/local/httpd/htdocs and create a file called info.php with the following contents:

<?php
  phpinfo();
php?>

Try to access it with your browser (e.g. using the IP address of the server) via http (e.g. http://192.168.0.1/info.php) and https (https://192.168.0.1/info.php). The output should look similar to this screenshot:

Links

Apache: http://www.apache.org/

OpenSSL: http://www.openssl.org/

mod_ssl: http://www.modssl.org/

PHP: http://www.php.net/