Apache-mod_ssl-PHP-Howto

Version 1.0
Author: Falko Timme

This document describes how to install an Apache web server (1.3.x) with mod_ssl and PHP enabled.

This howto is meant as a practical guide; it does not cover the theoretical backgrounds. They are treated in a lot of other documents in the web.

This document comes without warranty of any kind!


1 Get the Sources

We need the following software: openssl, apache (1.3.x), mod_ssl and PHP. We will install the software from the /tmp directory.

cd /tmp
wget http://www.openssl.org/source/openssl-0.9.7c.tar.gz
wget http://www.apache.de/dist/httpd/apache_1.3.29.tar.gz
wget http://www.modssl.org/source/mod_ssl-2.8.16-1.3.29.tar.gz

Then go to http://www.php.net and download the latest PHP version (4.3.4 at the time of this writing). Download it to your /tmp directory


2 Install Openssl

tar xvfz openssl-0.9.7c.tar.gz
cd openssl-0.9.7c
./config
make
make install


3 Configure and Install mod_ssl and apache

cd /tmp
tar xvfz apache_1.3.29.tar.gz
tar xvfz mod_ssl-2.8.16-1.3.29.tar.gz
cd mod_ssl-2.8.16-1.3.29
./configure --with-apache=../apache_1.3.29 --with-ssl=/usr/local/ssl/ --prefix=/usr/local/apache --enable-module=most --enable-shared=max --logfiledir=/var/log/httpd --htdocsdir=/usr/local/httpd/htdocs --bindir=/usr/bin --sbindir=/usr/sbin --sysconfdir=/etc/httpd
(1 line!)

(The option --htdocsdir=/usr/local/httpd/htdocs specifies the the default location for documents that will be delivered by this web server is in /usr/local/httpd/htdocs.

Please note: You can change the configure command to suit to your needs. Type

./configure --help

to get a list of all configuration options available!)

cd ../apache_1.3.29
make
make certificate TYPE=custom

<- Signature Algorithm: R
<- Country Name: Type your country's name (e.g DE for Germany)
<- State or Province Name: e.g. Lower Saxony, California, etc.
<- Locality Name: e.g. Lueneburg, Los Angeles, Paris, London, etc.
<- Organization Name: e.g. the name of your company
<- Organizational Unit Name: e.g. IT Department
<- Common Name: e.g. My Company CA
<- Email Address: e.g. [email protected]
<- Certificate Validity: e.g. 365 (one year)
<- Certificate Version: 3
<- Country Name: see above
<- State or Province Name: see above
<- Locality Name: see above
<- Organization Name: see above
<- Organizational Unit Name: see above
<- Common Name: the fully qualified domain name (FQDN) of your server, e.g. www.example.com
<- Email Address: see above
<- Certificate Validity: see above
<- Certificate Version: 3
<- Encrypt the private key now? n
<- Encrypt the private key now? n

(Please note: It is safe to accept the default values for all the questions above because in either case you will receive a warning in your browser if you try to access an SSL site on your server:

If you do not want to get this warning you will have to get a "real" SSL certificate e.g. from Let's encryot.

make install


4 Install PHP

cd /tmp
tar xvfz php-4.3.4.tar.gz
cd php-4.3.4
./configure --with-apxs=/usr/sbin/apxs --enable-track-vars --enable-sockets --with-config-file-path=/etc --enable-ftp --with-zlib --with-openssl=/usr/local/ssl --enable-force-cgi-redirect --enable-exif --with-gd
(1 line!)

(Please note: You can change the configure command to suit to your needs. Type

./configure --help

to get a list of all configuration options available! If you do not specify the --with-mysql[=DIR] option, the bundled MySQL library will be used. This works in most cases.

If you use --with-gd, and you get an error message because of a missing libpng library, install it and then re-run the configure command. On Debian,

apt-get install libpng-dev libpng2 libpng2-dev libpng3

worked fine for me to install libpng. If you have an rpm-based distribution, use http://www.rpmfind.net to find an rpm for you, or have a look at http://www.libpng.org/pub/png/libpng.html.)

make
make install

This will install a PHP binary (normally under /usr/local/bin/php) that can be run from the command line as well as an Apache module.

Now we have to create /etc/php.ini. The easiest way is to take the one that comes with the PHP sources:

cp /tmp/php-4.3.4/php.ini-dist /etc/php.ini

If you like you can now modify /etc/php.ini to suit to your needs.


5 Configure Apache

Now we have to add the following entry in /etc/httpd/httpd.conf (in the section where document types are handled; there should be entries like AddHandler or AddType):

AddType application/x-httpd-php .php .php4 .php3

Create /etc/init.d/httpd:

#!/bin/sh
          
case "$1" in
start)
  /usr/sbin/apachectl startssl
;;
stop)
  /usr/sbin/apachectl stop
;;
restart)
  $0 stop && sleep 3
  $0 start
;;
reload)
  $0 stop
  $0 start
;;
*)
echo "Usage: $0 {start|stop|restart|reload}"
exit 1
esac


chmod 755 /etc/init.d/httpd

In order to start your Apache at boot time do the following:

ln -s /etc/init.d/httpd /etc/rc2.d/S20httpd
ln -s /etc/init.d/
httpd /etc/rc3.d/S20httpd
ln -s /etc/init.d/
httpd /etc/rc4.d/S20httpd
ln -s /etc/init.d/
httpd /etc/rc5.d/S20httpd
ln -s /etc/init.d/
httpd /etc/rc0.d/K20httpd
ln -s /etc/init.d/
httpd /etc/rc1.d/K20httpd
ln -s /etc/init.d/
httpd /etc/rc6.d/K20httpd

Then start your Apache:

/etc/init.d/httpd start


6 Test your Configuration

netstat -tap

should show you that Apache uses the ports 80 (http) and 443 (https).

Now go to /usr/local/httpd/htdocs and create a file called info.php with the following contents:

<?php
  phpinfo();
php?>


Try to access it with your browser (e.g. using the IP address of the server) via http (e.g. http://192.168.0.1/info.php) and https (https://192.168.0.1/info.php). The output should look similar to this screenshot:


Links

Apache: http://www.apache.org/

OpenSSL: http://www.openssl.org/

mod_ssl: http://www.modssl.org/

PHP: http://www.php.net/


Original location of this document: http://www.falkotimme.com/howtos/apache_modssl_php/

Falko Timme

About Falko Timme

Falko Timme is an experienced Linux administrator and founder of Timme Hosting, a leading nginx business hosting company in Germany. He is one of the most active authors on HowtoForge since 2005 and one of the core developers of ISPConfig since 2000. He has also contributed to the O'Reilly book "Linux System Administration".

Share this page:

Suggested articles

0 Comment(s)

Add comment