Apache2-SSL-PHP5-Howto (+ Zend Optimizer And IonCube Loader)

Apache2-SSL-PHP5-Howto (+ Zend Optimizer And IonCube Loader)

Version 1.0
Author: Falko Timme

This document describes how to install an Apache web server (2.0.x) with SSL and PHP5 (with Zend Optimizer and ionCube Loader) enabled.

This howto is meant as a practical guide; it does not cover the theoretical backgrounds. They are treated in a lot of other documents in the web.

This document comes without warranty of any kind!

1 Get The Sources

We need the following software: openssl, apache (2.0.x), and PHP5. We will install the software from the /tmp directory.

cd /tmp
wget http://www.openssl.org/source/openssl-0.9.7g.tar.gz
wget http://ftp.plusline.de/ftp.apache.org/httpd/httpd-2.0.53.tar.gz

Then go to http://www.php.net and download the latest PHP version (5.0.4 at the time of this writing). Download it to your /tmp directory.

2 Install Openssl

tar xvfz openssl-0.9.7g.tar.gz
cd openssl-0.9.7g
make install

3 Configure And Install Apache2

cd /tmp
tar xvfz httpd-2.0.53.tar.gz
cd httpd-2.0.53/
./configure --enable-ssl --with-ssl=/usr/local/ssl/ --enable-suexec --with-suexec-docroot=/usr/local --enable-cgi --enable-rewrite --enable-so --enable-logio --prefix=/usr/local/apache --enable-module=most --enable-shared=max --bindir=/usr/bin --sbindir=/usr/sbin --sysconfdir=/etc/httpd
(1 line!)

Please note: You can change the configure command to suit to your needs. Type

./configure --help

to get a list of all configuration options available!)

make install

This will install Apache2 under /usr/local/apache. The web root directory is /usr/local/apache/htdocs, the log directory is /usr/local/apache/logs.

If we want to start up our Apache2 with SSL support we have to generate the file /etc/httpd/ssl.crt/server.crt because otherwise we will get an error message when we start Apache2.

mkdir /etc/httpd/ssl.crt
openssl genrsa -des3 -passout pass:asecretpassword -out /etc/httpd/ssl.crt/server.key.org 1024
openssl req -new -passin pass:asecretpassword -passout pass:asecretpassword -key /etc/httpd/ssl.crt/server.key.org -out /etc/httpd/ssl.crt/server.csr -days 3650
openssl req -x509 -passin pass:asecretpassword -passout pass:asecretpassword -key /etc/httpd/ssl.crt/server.key.org -in /etc/httpd/ssl.crt/server.csr -out /etc/httpd/ssl.crt/server.crt -days 3650
openssl rsa -passin pass:asecretpassword -in /etc/httpd/ssl.crt/server.key.org -out /etc/httpd/ssl.crt/server.key
mkdir /etc/httpd/ssl.key
mv /etc/httpd/ssl.crt/server.key /etc/httpd/ssl.key/server.key
chmod 400 /etc/httpd/ssl.key/server.key

(Please note: It is safe to accept the default values for all the questions you see when you create /etc/httpd/ssl.crt/server.crt because in either case you will receive a warning in your browser if you try to access an SSL site on your server:

If you do not want to get this warning you will have to get a "real" SSL certificate e.g. from Let's encrypt.

4 Install PHP5

cd /tmp
tar xvfz php-5.0.4.tar.gz
./configure --with-apxs2=/usr/sbin/apxs --with-mysql=/var/lib/mysql --enable-track-vars --enable-sockets --with-config-file-path=/etc --enable-ftp --with-zlib --with-openssl=/usr/local/ssl --enable-force-cgi-redirect --enable-exif --with-gd --enable-memory-limit --disable-debug --disable-rpath --disable-static --with-pic --with-layout=GNU --enable-calendar --enable-sysvsem --enable-sysvshm --enable-sysvmsg --enable-trans-sid --enable-bcmath --with-bz2 --enable-ctype --with-db4 --with-iconv --enable-filepro --with-gettext --enable-mbstring --enable-shmop --enable-wddx --disable-xml --with-xmlrpc --enable-yp --with-zlib --without-pgsql --enable-dbx --enable-experimental-zts --without-mm --enable-gd-native-ttf --with-imap-ssl --enable-soap --enable-dbase
(1 line!)

(Please note: You can change the configure command to suit to your needs. Type

./configure --help

to get a list of all configuration options available! In PHP5, you must specify the --with-mysql[=DIR] option, otherwise PHP5 will not have MySQL support! And yes, MySQL has to be installed before you run the ./configure statement. If you install MySQL From a package (.rpm or .deb), be sure that you also install the corresponding mysql-devel package! Otherwise the ./configure statement will abort with an error message.

If you use --with-gd, and you get an error message because of a missing libpng library, install it and then re-run the configure command. On Debian,

apt-get install libpng-dev libpng2 libpng2-dev libpng3

worked fine for me to install libpng. If you have an rpm-based distribution, use http://www.rpmfind.net to find an rpm for you, or have a look at http://www.libpng.org/pub/png/libpng.html.)

make install

This will install a PHP binary (normally under /usr/local/bin/php) that can be run from the command line as well as an Apache module.

Now we have to create /etc/php.ini. The easiest way is to take the one that comes with the PHP sources:

cp /tmp/php-5.0.4/php.ini-dist /etc/php.ini

If you like you can now modify /etc/php.ini to suit to your needs.

5 Configure Apache

Now we have to add the following entries in /etc/httpd/httpd.conf (in the section where document types are handled; there should be entries like AddHandler or AddType):

AddHandler cgi-script .cgi
AddHandler cgi-script .pl
AddType text/html .shtml
AddOutputFilter INCLUDES .shtml
AddType application/x-httpd-php .php .php5 .php4 .php3

Create /etc/init.d/httpd:

case "$1" in
  /usr/sbin/apachectl startssl
  /usr/sbin/apachectl stop
  $0 stop && sleep 3
  $0 start
  $0 stop
  $0 start
echo "Usage: $0 {start|stop|restart|reload}"
exit 1

chmod 755 /etc/init.d/httpd

In order to start your Apache at boot time do the following:

ln -s /etc/init.d/httpd /etc/rc2.d/S20httpd
ln -s /etc/init.d/
httpd /etc/rc3.d/S20httpd
ln -s /etc/init.d/
httpd /etc/rc4.d/S20httpd
ln -s /etc/init.d/
httpd /etc/rc5.d/S20httpd
ln -s /etc/init.d/
httpd /etc/rc0.d/K20httpd
ln -s /etc/init.d/
httpd /etc/rc1.d/K20httpd
ln -s /etc/init.d/
httpd /etc/rc6.d/K20httpd

Then start your Apache:

/etc/init.d/httpd start

6 Test Your Configuration

netstat -tap

should show you that Apache2 uses the ports 80 (http) and 443 (https).

Now go to /usr/local/apache/htdocs and create a file called info.php with the following contents:


Try to access it with your browser (e.g. using the IP address of the server) via http (e.g. and https ( The output should look similar to this screenshot:

7 Install Zend Optimizer And IonCube Loader

If you want to run PHP files that have been encoded with the Zend Encoder you need the Zend Optimizer. If you want to run PHP files that have been encoded with the ionCube PHP Encoder you need the ionCube Loader. I will show how to install both.

IonCube Loader

Get the latest version of the ionCube Loader from http://downloads.ioncube.com/loader_downloads.

cd /tmp/
wget http://downloads.ioncube.com/loader_downloads/ioncube_loaders_lin_x86.tar.gz
tar xvfz ioncube_loaders_lin_x86.tar.gz
cd ioncube/
mkdir /usr/local/lib/ioncube
mv ioncube_loader_lin_5.0.so /usr/local/lib/ioncube/

Now edit /etc/php.ini and add the line zend_extension=/usr/local/lib/ioncube/ioncube_loader_lin_5.0.so right at the beginning:


Zend Optimizer

Get the latest version of the Zend Optimizer from http://www.zend.com/store/free_download.php and save it in your /tmp/ directory.

cd /tmp/
tar xvfz ZendOptimizer-2.5.7-linux-glibc21-i386.tar.gz
cd ZendOptimizer-2.5.7-linux-glibc21-i386/data/5_0_x_comp/
mkdir /usr/local/lib/Zend
mv ZendOptimizer.so /usr/local/lib/Zend/

Edit /etc/php.ini and add two more lines to the [PHP] section of the file at the beginning so that it looks like this:


Now restart Apache2:

/etc/init.d/httpd restart

If you reload your info.php that you created in step 6 you should now see that the ionCobe Loader and the Zend Optimizer are mentioned on the page:


Apache: http://www.apache.org/

OpenSSL: http://www.openssl.org/

PHP: http://www.php.net/

Zend: http://www.zend.com/

ionCube: http://www.ioncube.com/

Share this page:

Suggested articles

6 Comment(s)

Add comment


By: Anonymous

Thanks, excellent work!



By: Anonymous

Check http://www.cacert.org/ for free certificates.

By: Anonymous

Thankyou falko! This has been very helpful and I love your no nonsense style of writing.

By: Anonymous

Excellent Work! Thanks 4 all.

By: wojo00

Can someone shed some more light on the following:


Is this line really needed? Some more info about this would be appreciated.