3. Getting, build and install Apache with its basic modules
3.1. Get and untar the Apache Source
3.1.1. What is Apache
The Apache Project is a collaborative software development effort aimed at creating a robust, commercial-grade, featureful, and freely-available source code implementation of an HTTP (Web) server. The project is jointly managed by a group of volunteers located around the world, using the Internet and the Web to communicate, plan, and develop the server and its related documentation. These volunteers are known as the Apache Group. In addition, hundreds of users have contributed ideas, code, and documentation to the project. This file is intended to briefly describe the history of the Apache Group and recognize the many contributors. | ||
--www.apache.org |
It is simply the best Webserver-Software, it is very flexible to configure to match your needs, and it is E-X-T-R-E-M-E stable. I personally never experienced a crash in a productive (=non-experimental stuff) environment
3.1.2. Download the source
Origin-Site http://www.apache.org/dist/httpd/
cd /usr/local/ tar -xvzf apache_1.3.27.tar.gz |
3.1.3. Patch for large-scale sites
If your webserver should answer very much requests at the same time, and your machine is strong enough to serve such an amount of requests, you can change the limit of maximum running processes
Download the patch from: http://www.delouw.ch/linux/apache-patch_HARD_SERVER_LIMIT.txt
--- httpd.h Thu Mar 21 18:07:34 2002 +++ httpd.h-new Sun Apr 7 13:34:11 2002 @@ -320,7 +320,7 @@ #elif defined(NETWARE) #define HARD_SERVER_LIMIT 2048 #else -#define HARD_SERVER_LIMIT 256 +#define HARD_SERVER_LIMIT 512 #endif #endif |
This patch does increase the maximum concurrent accessing clients to 512. Feel free to increase it further, if you hacked your kernel and edited your /etc/security/limits.conf
Avoid running out of tasks | |
---|---|
With wrong settings this could end as a »self-denial-of-service-attack« Be sure you have enough processes left for root) |
Apply the patch using:
cd /usr/local/apache_1.3.27/src/include patch -p0 < apache-patch_HARD_SERVER_LIMIT.txt |
3.2. mod_ssl
3.2.1. What is mod_ssl
This module provides strong cryptography for the Apache 1.3 webserver via the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols by the help of the Open Source SSL/TLS toolkit OpenSSL, which is based on SSLeay from Eric A. Young and Tim J. Hudson. | ||
--www.modssl.org |
This module is needed to enable Apache for SSL-Requests (https). It applies a patch to the Apache source-code and extends its API (Application Programming Interface). The result is called EAPI (Extended Application Programming Interface).
Use of compilerflags while compiling modules | |
---|---|
Make sure any module for your Apache server is compiled with the compiler-flag -DEAPI, or your Webserver might crash or can not be started. |
Almost all modules I know adds the -DEAPI flag by themself except mod_jserv and mod_jk
3.2.2. Download the source
Origin-Site:http://www.modssl.org
3.3. mod_perl
3.3.1. What is mod_perl
With mod_perl it is possible to write Apache modules entirely in Perl. In addition, the persistent interpreter embedded in the server avoids the overhead of starting an external interpreter and the penalty of Perl start-up time. | ||
--perl.apache.org |
mod_perl is a kind of substitute for cgi-bin's. cgi's typically forks a new process for each request, and produces overhead. With mod_perl the perl-interpreter is loaded persistent in the Apache server and does not need to fork processes for each request.
3.3.2. Download the source
Origin-Site: http://www.apache.org/dist/perl
3.3.3. Building and installing
cd /usr/local tar -xvzf mod_perl-1.27.tar.gz cd mod_perl-1.27 perl Makefile.PL \ EVERYTHING=1 \ APACHE_SRC=../apache_1.3.27/src \ USE_APACI=1 \ PREP_HTTPD=1 \ DO_HTTPD=1 make make install |
Mod_perl can not be compiled as DSO | |
---|---|
Do not compile mod_perl as DSO (Dynamic Shared Object)! According to various sources, Apache will crash (I never tried). |
3.4. Configure and build Apache
Now the two static modules mod_ssl and mod_perl are configured and the Apache Source has been patched, and we can proceed with building Apache.
3.4.1. Building and installing
EAPI_MM="/usr/local/mm-1.2.2" SSL_BASE="/usr/local/ssl" \ ./configure \ --enable-module=unique_id \ --enable-module=rewrite \ --enable-module=speling \ --enable-module=expires \ --enable-module=info \ --enable-module=log_agent \ --enable-module=log_referer \ --enable-module=usertrack \ --enable-module=proxy \ --enable-module=userdir \ --enable-module=so \ --enable-shared=ssl \ --enable-module=ssl \ --activate-module=src/modules/perl/libperl.a \ --enable-module=perl make make install |
3.4.2. Create self-signed SSL-certificate
cd /usr/local/ssl/bin ./openssl req -new > new.cert.csr ./openssl rsa -in privkey.pem -out new.cert.key ./openssl x509 -in new.cert.csr -out new.cert.cert \ -req -signkey new.cert.key -days 999 cp new.cert.key /usr/local/apache/conf/ssl.key/server.key cp new.cert.cert /usr/local/apache/conf/ssl.crt/server.crt |
Common name | |
---|---|
OpenSSL asks for different things. A common error is to enter a wrong "common name". This should be the FQHN (Fully Qualified HostName) of your Server, i.e www.foo.org |