3. Getting, build and install Apache with its basic modules3.1. Get and untar the Apache Source3.1.1. What is Apache | The Apache Project is a collaborative software development effort aimed at creating a robust, commercial-grade,
featureful, and freely-available source code implementation of an HTTP (Web) server. The project is jointly managed
by a group of volunteers located around the world, using the Internet and the Web to communicate, plan, and develop
the server and its related documentation. These volunteers are known as the Apache Group. In addition, hundreds
of users have contributed ideas, code, and documentation to the project. This file is intended to briefly describe
the history of the Apache Group and recognize the many contributors. | | --www.apache.org | |
It is simply the best Webserver-Software, it is very flexible to configure to match your needs,
and it is E-X-T-R-E-M-E stable. I personally never experienced a crash in a productive (=non-experimental stuff) environment 3.1.3. Patch for large-scale sites If your webserver should answer very much requests at the same time, and your machine is strong enough to serve
such an amount of requests, you can change the limit of maximum running processes Download the patch from: http://www.delouw.ch/linux/apache-patch_HARD_SERVER_LIMIT.txt --- httpd.h Thu Mar 21 18:07:34 2002
+++ httpd.h-new Sun Apr 7 13:34:11 2002
@@ -320,7 +320,7 @@
#elif defined(NETWARE)
#define HARD_SERVER_LIMIT 2048
#else
-#define HARD_SERVER_LIMIT 256
+#define HARD_SERVER_LIMIT 512
#endif
#endif |
This patch does increase the maximum concurrent accessing clients to 512. Feel free to increase it further,
if you hacked your kernel and edited your /etc/security/limits.conf | Avoid running out of tasks |
---|
| With wrong settings this could end as a »self-denial-of-service-attack«
Be sure you have enough processes left for root) |
Apply the patch using: cd /usr/local/apache_1.3.27/src/include
patch -p0 < apache-patch_HARD_SERVER_LIMIT.txt |
3.2. mod_ssl3.2.1. What is mod_ssl | This module provides strong cryptography for the Apache 1.3 webserver via the Secure Sockets Layer (SSL v2/v3) and
Transport Layer Security (TLS v1) protocols by the help of the Open Source SSL/TLS toolkit OpenSSL, which is
based on SSLeay from Eric A. Young and Tim J. Hudson. | | --www.modssl.org | |
This module is needed to enable Apache for SSL-Requests (https). It applies a patch to the Apache
source-code and extends its API (Application Programming Interface). The result is
called EAPI (Extended Application Programming Interface). | Use of compilerflags while compiling modules |
---|
| Make sure any module for your Apache server is compiled with the compiler-flag -DEAPI, or your
Webserver might crash or can not be started. |
Almost all modules I know adds the -DEAPI flag by themself except mod_jserv
and mod_jk 3.2.3. Applying the patch to the Apache sourcecd /usr/local/
tar -xvzf mod_ssl-2.8.12-1.3.27.tar.gz
cd mod_ssl-2.8.12-1.3.27/
./configure --with-apache=../apache_1.3.27 |
3.3. mod_perl3.3.1. What is mod_perl | With mod_perl it is possible to write Apache modules entirely in Perl. In addition, the persistent
interpreter embedded in the server avoids the overhead of starting an external interpreter and the
penalty of Perl start-up time. | | --perl.apache.org | |
mod_perl is a kind of substitute for cgi-bin's. cgi's typically forks a new process for each request,
and produces overhead. With mod_perl the perl-interpreter is loaded persistent in
the Apache server and does not need to fork processes for each request. 3.3.3. Building and installingcd /usr/local
tar -xvzf mod_perl-1.27.tar.gz
cd mod_perl-1.27
perl Makefile.PL \
EVERYTHING=1 \
APACHE_SRC=../apache_1.3.27/src \
USE_APACI=1 \
PREP_HTTPD=1 \
DO_HTTPD=1
make
make install |
| Mod_perl can not be compiled as DSO |
---|
| Do not compile mod_perl as DSO (Dynamic Shared Object)! According
to various sources, Apache will crash (I never tried). |
3.4. Configure and build ApacheNow the two static modules mod_ssl and mod_perl
are configured and the Apache Source has been patched, and we can proceed with building Apache. 3.4.1. Building and installingEAPI_MM="/usr/local/mm-1.2.2" SSL_BASE="/usr/local/ssl" \
./configure \
--enable-module=unique_id \
--enable-module=rewrite \
--enable-module=speling \
--enable-module=expires \
--enable-module=info \
--enable-module=log_agent \
--enable-module=log_referer \
--enable-module=usertrack \
--enable-module=proxy \
--enable-module=userdir \
--enable-module=so \
--enable-shared=ssl \
--enable-module=ssl \
--activate-module=src/modules/perl/libperl.a \
--enable-module=perl
make
make install |
3.4.2. Create self-signed SSL-certificatecd /usr/local/ssl/bin
./openssl req -new > new.cert.csr
./openssl rsa -in privkey.pem -out new.cert.key
./openssl x509 -in new.cert.csr -out new.cert.cert \
-req -signkey new.cert.key -days 999
cp new.cert.key /usr/local/apache/conf/ssl.key/server.key
cp new.cert.cert /usr/local/apache/conf/ssl.crt/server.crt
|
| Common name |
---|
| OpenSSL asks for different things. A common error is to enter a wrong "common name".
This should be the FQHN (Fully Qualified HostName) of your Server, i.e www.foo.org |
|
|