2. Prerequisites
2.2. OpenSSL
2.2.1. What is OpenSSL
The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured, and Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library. The project is managed by a worldwide community of volunteers that use the Internet to communicate, plan, and develop the OpenSSL toolkit and its related documentation. OpenSSL is based on the excellent SSLeay library developed by Eric A. Young and Tim J. Hudson. The OpenSSL toolkit is licensed under an Apache-style license, which basically means that you are free to get and use it for commercial and non-commercial purposes subject to some simple license conditions. From authors points of view, its the basic to build a secure Unix-Server with Opensource Software, its needed for all major products like mod_ssl, OpenSSH and lot of other stuff that provides encrypted Data-processing | ||
--www.openssl.org |
OpenSSL provides the libraries and include-files needed be the products mentioned above and also provides a Application to build Server and client-Certificates.
2.2.2. Download the source
Origin-Site http://www.openssl.org
2.2.3. Building and installing
cd /usr/local tar -xvzf openssl-0.9.7.tar.gz cd openssl-0.9.7 ./config shared make make test make install echo "/usr/local/ssl/lib" >> /etc/ld.so.conf ldconfig |
Select your CPU to improve speed | |
---|---|
By default the Makefile generates code for the i486 CPU. You can change this by editing the Makefile after running config shared. Search for -m486 and replace it i.e with -march=athlon |
2.3. GNU Database System
2.3.1. What is gdbm
GNU dbm is a set of database routines that use extensible hashing. It works similar to the standard UNIX dbm routines. | ||
--www.gnu.org/software/gdbm |
The GNU dbm is a very important application used by almost every distribution. So it is installed by default on all distributions I tested.
In all probability the needed header files which are mandatory to build Apache with mod_rewrite and PHP are not installed by default. Please consult your distributions CD/DVD and install the devel package (The version can vary):
rpm -i gdbm-devel-1.8.0-546 |
This procedure is verified for SuSE and Redhat. Please confirm for other RPM based systems like Mandrake. Debian will follow as soon as possible.
Users of Debian bases systems can install gdbm as follow:
apt-get install libgdbmg1-dev |
2.4. MySQL
2.4.1. What is MySQL
MySQL is a very fast, powerful and very nice to handle Database.
Especially for webapplications where most access is read and few write, MySQL is the first choice. The newest Version is also transaction-capable. If you plan a Webapplication, that writes a lot of Data into the DB, maybe PostgreSQL is better suited for your project see Section 6.2.4 for installation hints
You need the C-API from MySQL for compiling PHP if you wish MySQL-Support in PHP. It is also needed if you want to use mod_authmysql, See Section 4.3 for more information
2.4.2. Download
Origin-Site: http://www.mysql.com/downloads/
2.4.3. Building and installing
cd /usr/local tar -xvzf mysql-3.23.55.tar.gz cd mysql-3.23.55 ./configure \ --prefix=/usr/local/mysql \ --enable-assembler \ --with-innodb \ --without-debug make make install /usr/local/mysql/bin/mysql_install_db echo /usr/local/mysql/lib/mysql >> /etc/ld.so.conf ldconfig |
For security-improvement add a MySQL-user on your system e.g. »mysql«.
chown -R mysql /usr/local/mysql/var |
You may wish to start MySQL automatically at boottime, copy /usr/local/mysql/share/mysql/mysql.server to /etc/init.d/ (or wherever your rc-script are located) and create the corresponding symbolic link in the runlevel directories.
cp /usr/local/mysql/share/mysql/mysql.server /etc/init.d/ ln -s /etc/init.d/mysql.server /etc/init.d/rc3.d/S20mysql ln -s /etc/init.d/mysql.server /etc/init.d/rc3.d/K20mysql |
2.4.4. Securing MySQL
This part is only optional, and describes how to bind the MySQL daemon to the localhost IP
I suggest to just bind MySQL to the loopback-interface 127.0.0.1. This makes sure nobody can connect to your MySQL-Daemon via the network. But of course it only makes sense if MySQL runs on the same box like the webserver.
edit /etc/init.d/mysql.server and edit line 107 as following:
Original line:
$bindir/safe_mysqld --datadir=$datadir --pid-file=$pid_file& |
Changed line:
$bindir/safe_mysqld --datadir=$datadir --pid-file=$pid_file \ --bind-address=127.0.0.1& |
Alternatively you can completely disable the networking functionality of MySQL.
$bindir/safe_mysqld --datadir=$datadir --pid-file=$pid_file \ --skip-networking & |
2.5. Building mm
2.5.1. What is mm
The MM library is a 2-layer abstraction library which simplifies the usage of shared memory between forked (and this way strongly related) processes under Unix platforms. On the first layer it hides all platform dependent implementation details (allocation and locking) when dealing with shared memory segments and on the second layer it provides a high-level malloc(3)-style API for a convenient and well known way to work with data-structures inside those shared memory segments. | ||
--www.engelschall.com |
It is a common library that enables Unix programmers to simplify shm (Shared memory) accesses. It is used by many products, e.g. PHP and mod_ssl
2.5.2. Download
Origin Site: ftp://ftp.ossp.org/pkg/lib/mm/mm-1.2.2.tar.gz
Notes
[1] | This RPM contains the header files needed for php |
[2] | Only needed if PHP is being built from the CVS tree |