Apache2-SSL-PHP5-Howto (+ Zend Optimizer And IonCube Loader)
Version 1.0
Author: Falko Timme
This document describes how to install an Apache web server (2.0.x) with SSL and PHP5 (with Zend Optimizer and ionCube Loader) enabled.
This howto is meant as a practical guide; it does not cover the theoretical backgrounds. They are treated in a lot of other documents in the web.
This document comes without warranty of any kind!
1 Get The Sources
We need the following software: openssl, apache (2.0.x), and PHP5. We will install the software from the /tmp directory.
cd /tmp
wget http://www.openssl.org/source/openssl-0.9.7g.tar.gz
wget http://ftp.plusline.de/ftp.apache.org/httpd/httpd-2.0.53.tar.gz
Then go to http://www.php.net and download the latest PHP version (5.0.4 at the time of this writing). Download it to your /tmp directory.
2 Install Openssl
tar xvfz openssl-0.9.7g.tar.gz
cd openssl-0.9.7g
./config
make
make install
3 Configure And Install Apache2
cd /tmp
tar xvfz httpd-2.0.53.tar.gz
cd httpd-2.0.53/
./configure --enable-ssl --with-ssl=/usr/local/ssl/ --enable-suexec --with-suexec-docroot=/usr/local --enable-cgi --enable-rewrite --enable-so --enable-logio --prefix=/usr/local/apache --enable-module=most --enable-shared=max --bindir=/usr/bin --sbindir=/usr/sbin --sysconfdir=/etc/httpd (1 line!)
Please note: You can change the configure command to suit to your needs. Type
./configure --help
to get a list of all configuration options available!)
make
make install
This will install Apache2 under /usr/local/apache. The web root directory is /usr/local/apache/htdocs, the log directory is /usr/local/apache/logs.
If we want to start up our Apache2 with SSL support we have to generate the file /etc/httpd/ssl.crt/server.crt because otherwise we will get an error message when we start Apache2.
mkdir /etc/httpd/ssl.crt
openssl genrsa -des3 -passout pass:asecretpassword -out /etc/httpd/ssl.crt/server.key.org 1024
openssl req -new -passin pass:asecretpassword -passout pass:asecretpassword -key /etc/httpd/ssl.crt/server.key.org -out /etc/httpd/ssl.crt/server.csr -days 3650
openssl req -x509 -passin pass:asecretpassword -passout pass:asecretpassword -key /etc/httpd/ssl.crt/server.key.org -in /etc/httpd/ssl.crt/server.csr -out /etc/httpd/ssl.crt/server.crt -days 3650
openssl rsa -passin pass:asecretpassword -in /etc/httpd/ssl.crt/server.key.org -out /etc/httpd/ssl.crt/server.key
mkdir /etc/httpd/ssl.key
mv /etc/httpd/ssl.crt/server.key /etc/httpd/ssl.key/server.key
chmod 400 /etc/httpd/ssl.key/server.key
(Please note: It is safe to accept the default values for all the questions you see when you create /etc/httpd/ssl.crt/server.crt because in either case you will receive a warning in your browser if you try to access an SSL site on your server:
If you do not want to get this warning you will have to get a "real" SSL certificate e.g. from Let's encrypt.
4 Install PHP5
cd /tmp
tar xvfz php-5.0.4.tar.gz
./configure --with-apxs2=/usr/sbin/apxs --with-mysql=/var/lib/mysql --enable-track-vars --enable-sockets --with-config-file-path=/etc --enable-ftp --with-zlib --with-openssl=/usr/local/ssl --enable-force-cgi-redirect --enable-exif --with-gd --enable-memory-limit --disable-debug --disable-rpath --disable-static --with-pic --with-layout=GNU --enable-calendar --enable-sysvsem --enable-sysvshm --enable-sysvmsg --enable-trans-sid --enable-bcmath --with-bz2 --enable-ctype --with-db4 --with-iconv --enable-filepro --with-gettext --enable-mbstring --enable-shmop --enable-wddx --disable-xml --with-xmlrpc --enable-yp --with-zlib --without-pgsql --enable-dbx --enable-experimental-zts --without-mm --enable-gd-native-ttf --with-imap-ssl --enable-soap --enable-dbase (1 line!)
(Please note: You can change the configure command to suit to your needs. Type
./configure --help
to get a list of all configuration options available! In PHP5, you must specify the --with-mysql[=DIR] option, otherwise PHP5 will not have MySQL support! And yes, MySQL has to be installed before you run the ./configure statement. If you install MySQL From a package (.rpm or .deb), be sure that you also install the corresponding mysql-devel package! Otherwise the ./configure statement will abort with an error message.
If you use --with-gd, and you get an error message because of a missing libpng library, install it and then re-run the configure command. On Debian,
apt-get install libpng-dev libpng2 libpng2-dev libpng3
worked fine for me to install libpng. If you have an rpm-based distribution, use http://www.rpmfind.net to find an rpm for you, or have a look at http://www.libpng.org/pub/png/libpng.html.)
make
make install
This will install a PHP binary (normally under /usr/local/bin/php) that can be run from the command line as well as an Apache module.
Now we have to create /etc/php.ini. The easiest way is to take the one that comes with the PHP sources:
cp /tmp/php-5.0.4/php.ini-dist /etc/php.ini
If you like you can now modify /etc/php.ini to suit to your needs.
5 Configure Apache
Now we have to add the following entries in /etc/httpd/httpd.conf (in the section where document types are handled; there should be entries like AddHandler or AddType):
AddHandler cgi-script .cgi
AddHandler cgi-script .pl
AddType text/html .shtml
AddOutputFilter INCLUDES .shtml
AddType application/x-httpd-php .php .php5 .php4 .php3
Create /etc/init.d/httpd:
#!/bin/sh case "$1" in start) /usr/sbin/apachectl startssl ;; stop) /usr/sbin/apachectl stop ;; restart) $0 stop && sleep 3 $0 start ;; reload) $0 stop $0 start ;; *) echo "Usage: $0 {start|stop|restart|reload}" exit 1 esac |
chmod 755 /etc/init.d/httpd
In order to start your Apache at boot time do the following:
ln -s /etc/init.d/httpd /etc/rc2.d/S20httpd
ln -s /etc/init.d/httpd /etc/rc3.d/S20httpd
ln -s /etc/init.d/httpd /etc/rc4.d/S20httpd
ln -s /etc/init.d/httpd /etc/rc5.d/S20httpd
ln -s /etc/init.d/httpd /etc/rc0.d/K20httpd
ln -s /etc/init.d/httpd /etc/rc1.d/K20httpd
ln -s /etc/init.d/httpd /etc/rc6.d/K20httpd
Then start your Apache:
/etc/init.d/httpd start
6 Test Your Configuration
netstat -tap
should show you that Apache2 uses the ports 80 (http) and 443 (https).
Now go to /usr/local/apache/htdocs and create a file called info.php with the following contents:
<?php phpinfo(); php?> |
Try to access it with your browser (e.g. using the IP address of the server) via http (e.g. http://192.168.0.1/info.php) and https (https://192.168.0.1/info.php). The output should look similar to this screenshot:
7 Install Zend Optimizer And IonCube Loader
If you want to run PHP files that have been encoded with the Zend Encoder you need the Zend Optimizer. If you want to run PHP files that have been encoded with the ionCube PHP Encoder you need the ionCube Loader. I will show how to install both.
IonCube Loader
Get the latest version of the ionCube Loader from http://downloads.ioncube.com/loader_downloads.
cd /tmp/
wget http://downloads.ioncube.com/loader_downloads/ioncube_loaders_lin_x86.tar.gz
tar xvfz ioncube_loaders_lin_x86.tar.gz
cd ioncube/
mkdir /usr/local/lib/ioncube
mv ioncube_loader_lin_5.0.so /usr/local/lib/ioncube/
Now edit /etc/php.ini and add the line zend_extension=/usr/local/lib/ioncube/ioncube_loader_lin_5.0.so right at the beginning:
[PHP] zend_extension=/usr/local/lib/ioncube/ioncube_loader_lin_5.0.so |
Zend Optimizer
Get the latest version of the Zend Optimizer from http://www.zend.com/store/free_download.php and save it in your /tmp/ directory.
cd /tmp/
tar xvfz ZendOptimizer-2.5.7-linux-glibc21-i386.tar.gz
cd ZendOptimizer-2.5.7-linux-glibc21-i386/data/5_0_x_comp/
mkdir /usr/local/lib/Zend
mv ZendOptimizer.so /usr/local/lib/Zend/
Edit /etc/php.ini and add two more lines to the [PHP] section of the file at the beginning so that it looks like this:
[PHP] zend_extension=/usr/local/lib/ioncube/ioncube_loader_lin_5.0.so zend_extension=/usr/local/lib/Zend/ZendOptimizer.so zend_optimizer.optimization_level=15 |
Now restart Apache2:
/etc/init.d/httpd restart
If you reload your info.php that you created in step 6 you should now see that the ionCobe Loader and the Zend Optimizer are mentioned on the page:
Links
Apache: http://www.apache.org/
OpenSSL: http://www.openssl.org/
PHP: http://www.php.net/
Zend: http://www.zend.com/
ionCube: http://www.ioncube.com/