Apache-mod_ssl-PHP-Howto
Version 1.0
Author: Falko Timme
This document describes how to install an Apache web server (1.3.x) with mod_ssl and PHP enabled.
This howto is meant as a practical guide; it does not cover the theoretical backgrounds. They are treated in a lot of other documents in the web.
This document comes without warranty of any kind!
1 Get the Sources
We need the following software: openssl, apache (1.3.x), mod_ssl and PHP. We will install the software from the /tmp directory.
cd /tmp
wget http://www.openssl.org/source/openssl-0.9.7c.tar.gz
wget http://www.apache.de/dist/httpd/apache_1.3.29.tar.gz
wget http://www.modssl.org/source/mod_ssl-2.8.16-1.3.29.tar.gz
Then go to http://www.php.net and download the latest PHP version (4.3.4 at the time of this writing). Download it to your /tmp directory
2 Install Openssl
tar xvfz openssl-0.9.7c.tar.gz
cd openssl-0.9.7c
./config
make
make install
3 Configure and Install mod_ssl and apache
cd /tmp
tar xvfz apache_1.3.29.tar.gz
tar xvfz mod_ssl-2.8.16-1.3.29.tar.gz
cd mod_ssl-2.8.16-1.3.29
./configure --with-apache=../apache_1.3.29 --with-ssl=/usr/local/ssl/ --prefix=/usr/local/apache --enable-module=most --enable-shared=max --logfiledir=/var/log/httpd --htdocsdir=/usr/local/httpd/htdocs --bindir=/usr/bin --sbindir=/usr/sbin --sysconfdir=/etc/httpd (1 line!)
(The option --htdocsdir=/usr/local/httpd/htdocs specifies the the default location for documents that will be delivered by this web server is in /usr/local/httpd/htdocs.
Please note: You can change the configure command to suit to your needs. Type
./configure --help
to get a list of all configuration options available!)
cd ../apache_1.3.29
make
make certificate TYPE=custom
<- Signature Algorithm: R
<- Country Name: Type your country's name (e.g DE for Germany)
<- State or Province Name: e.g. Lower Saxony, California, etc.
<- Locality Name: e.g. Lueneburg, Los Angeles, Paris, London, etc.
<- Organization Name: e.g. the name of your company
<- Organizational Unit Name: e.g. IT Department
<- Common Name: e.g. My Company CA
<- Email Address: e.g. [email protected]
<- Certificate Validity: e.g. 365 (one year)
<- Certificate Version: 3
<- Country Name: see above
<- State or Province Name: see above
<- Locality Name: see above
<- Organization Name: see above
<- Organizational Unit Name: see above
<- Common Name: the fully qualified domain name (FQDN) of your server, e.g. www.example.com
<- Email Address: see above
<- Certificate Validity: see above
<- Certificate Version: 3
<- Encrypt the private key now? n
<- Encrypt the private key now? n
(Please note: It is safe to accept the default values for all the questions above because in either case you will receive a warning in your browser if you try to access an SSL site on your server:
If you do not want to get this warning you will have to get a "real" SSL certificate e.g. from Let's encryot.
make install
4 Install PHP
cd /tmp
tar xvfz php-4.3.4.tar.gz
cd php-4.3.4
./configure --with-apxs=/usr/sbin/apxs --enable-track-vars --enable-sockets --with-config-file-path=/etc --enable-ftp --with-zlib --with-openssl=/usr/local/ssl --enable-force-cgi-redirect --enable-exif --with-gd (1 line!)
(Please note: You can change the configure command to suit to your needs. Type
./configure --help
to get a list of all configuration options available! If you do not specify the --with-mysql[=DIR] option, the bundled MySQL library will be used. This works in most cases.
If you use --with-gd, and you get an error message because of a missing libpng library, install it and then re-run the configure command. On Debian,
apt-get install libpng-dev libpng2 libpng2-dev libpng3
worked fine for me to install libpng. If you have an rpm-based distribution, use http://www.rpmfind.net to find an rpm for you, or have a look at http://www.libpng.org/pub/png/libpng.html.)
make
make install
This will install a PHP binary (normally under /usr/local/bin/php) that can be run from the command line as well as an Apache module.
Now we have to create /etc/php.ini. The easiest way is to take the one that comes with the PHP sources:
cp /tmp/php-4.3.4/php.ini-dist /etc/php.ini
If you like you can now modify /etc/php.ini to suit to your needs.
5 Configure Apache
Now we have to add the following entry in /etc/httpd/httpd.conf (in the section where document types are handled; there should be entries like AddHandler or AddType):
AddType application/x-httpd-php .php .php4 .php3
Create /etc/init.d/httpd:
#!/bin/sh case "$1" in start) /usr/sbin/apachectl startssl ;; stop) /usr/sbin/apachectl stop ;; restart) $0 stop && sleep 3 $0 start ;; reload) $0 stop $0 start ;; *) echo "Usage: $0 {start|stop|restart|reload}" exit 1 esac |
chmod 755 /etc/init.d/httpd
In order to start your Apache at boot time do the following:
ln -s /etc/init.d/httpd /etc/rc2.d/S20httpd
ln -s /etc/init.d/httpd /etc/rc3.d/S20httpd
ln -s /etc/init.d/httpd /etc/rc4.d/S20httpd
ln -s /etc/init.d/httpd /etc/rc5.d/S20httpd
ln -s /etc/init.d/httpd /etc/rc0.d/K20httpd
ln -s /etc/init.d/httpd /etc/rc1.d/K20httpd
ln -s /etc/init.d/httpd /etc/rc6.d/K20httpd
Then start your Apache:
/etc/init.d/httpd start
6 Test your Configuration
netstat -tap
should show you that Apache uses the ports 80 (http) and 443 (https).
Now go to /usr/local/httpd/htdocs and create a file called info.php with the following contents:
<?php phpinfo(); php?> |
Try to access it with your browser (e.g. using the IP address of the server) via http (e.g. http://192.168.0.1/info.php) and https (https://192.168.0.1/info.php). The output should look similar to this screenshot:
Links
Apache: http://www.apache.org/
OpenSSL: http://www.openssl.org/
mod_ssl: http://www.modssl.org/
PHP: http://www.php.net/