Apache2’s latest with SSL

 

Apache installing with SSL.

Here’s a couple of tips to save you ( and for me to remember to aviod ) a few painful annoying hours of battling trying to install apache with ssl, that refuses to compile.  So annoying in fact for me, I thought I better write this up immediately as best I could.

First off, just in case you didn’t know ( like me before today’s “exercise” ), ssl these days only works when it’s source code is statically compiled into the source code for apache2, like in the good old days ( which by the way, where not all that good anyway ).  Say again, no dynamic loads for ssl.

A side benefit ( in this business it helps to be positive … when you can ) of having to statically compile stuff, seems to me we may as well while we are here, compile in the modules we need and as a result, simplify the config file so no one ( especially me ) has to spend time working out from day to day whether modules loaded ok ( as well as apache2 actually running a bit quicker – which is also a nice thing, from the boss’s point of view anyway ).

The second tip, in case you too have not installed apache2 in the last few months, is that the latest version of apache2 does not compile with the latest version of openssl. True, I should have guessed things were still like that, but I didn’t.  So much for guessing; this following is what finally worked for me on a linode server running Debian 8.6.

Step 1.    Install a C complier ( if not already installed of course )

# su
# apt-get update
# apt-get upgrade
# apt-get install --fix-missing gcc
# cat /etc/apt/sources.list
       deb http://mirrors.linode.com/debian/ jessie main
       deb http://mirrors.linode.com/debian/ jessie main non-free contrib
       deb-src http://mirrors.linode.com/debian/ jessie main non-free contrib
       deb http://security.debian.org/ jessie/updates main
       deb-src http://security.debian.org/ jessie/updates main
       jessie-updates, previously known as 'volatile'
       deb http://mirrors.linode.com/debian/ jessie-updates main
       deb-src http://mirrors.linode.com/debian/ jessie-updates main

if needed, make sure to # apt-get update
then can for example    # apt-get install gcc-doc
and # apt-get make  etc etc

Install any other development stuff you might like using, such as this:
# apt-get install libghc-regex-pcre-dev  
         ( or whatever regex version you prefer )

Step 2.   Down load the latest apache2 source code.

The latest apache source code can be found here:  http://httpd.apache.org/download.cgi#apache24

# su   
      Lets just be careful what we do using su but not be too restrictive.
      If you want to be very careful of course, you can always use sudo.
# cd /usr/src
# wget  http://apache.mirror.amaze.com.au//httpd/httpd-2.4.25.tar.gz
# gzip -d httpd-2.4.25.tar.gz 
# tar xf httpd-2.4.25.tar 
# cd httpd-2.4.25

“./configure -h” gives a nice long list of many of the complier options.
The -n flag is useful to see what configure would do ( successfully ),
without actually doing anything.
For example, “./configure -n | grep WARNING”
will list what configure is not finding.

Step 3.    download apr and apr-util

Doubt apache will compile at all without these two libraries, but are certainly needed to get ssl and other modules to work with apache2.

The latest sources for apr and apr-util  can be found here: http://apr.apache.org/download.cgi

#  cd /usr/src
#  wget http://apache.mirror.amaze.com.au//apr/apr-1.5.2.tar.gz
#  wget http://apache.mirror.amaze.com.au//apr/apr-util-1.5.4.tar.gz

# gzip -d apr-1.5.2.tar.gz 
# gzip -d apr-util-1.5.4.tar.gz 

Don’t need to unpack them here,
but instead into the directory where the source for apache2 is located,
so that they can be easily found by the complier
to compile into the source for apache2.

# cd /usr/src/httpd-2.4.25/srclib
# tar  xvf  /usr/src/apr-1.5.2.tar
# tar  xvf  /usr/src/apr-util-1.5.4.tar
so the compiler can find them in apr and apr-util directories
ln -s apr-1.5.2/   apr
ln -s apr-util-1.5.4/   apr-util

Step 4.     Down load and unpack openssl version 1.0.2k

Whatever you do, do not use a later version of openssl
as it does not compile in with the latest version of apache2
no matter how many patches you might like applying 🙂

#  cd /usr/src
#  wget https://www.openssl.org/source/openssl-1.0.2k.tar.gz
#  gzip -d openssl-1.0.2k.tar.gz
#  tar xvf  openssl-1.0.2k.tar

Step 5. Compile and install apache2

# cd /usr/src/http-2.4.25
./configure  --enable-ssl
                    --with-ssl=/usr/local/src/openssl-1.0.2k
                    --enable-ssl-staticlib-deps
                    --enable-mods-static=ssl
                    --with-included-apr
                    --with-mpm=prefork   ( needed for php to work )        \
           --enable-mods=most 

Some configurations like following however, 
may compile ok, but will not run ! 

# ./configure  --enable-ssl 
               --with-ssl=/usr/src/openssl-1.0.2k 
               --enable-ssl-staticlib-deps 
               --enable-mods-static=ssl 
               --with-included-apr   
               --with-crypto   
               --enable-mods-static=most 
               --disable-userdir 
               --disable-actions 
               --disable-dav-fs 
               --disable-autoindex 
               --disable-dav 
               --disable-imagemap 
               --disable-access-compat 
               --disable-watchdog 
               --disable-so 
# make 
# make install

Step 6.   Check out apache2

Apache will be now found in /usr/local/apache2   ( by the default setting
        For example: /usr/local/apache2/bin/httpd -l 
        will list all the complied in modules.
              and 
                     /usr/local/apache2/bin/httpd -V
              shows all the complied in settings,
              such as where the configuration file is ( /usr/local/apache2/conf/httpd.conf )

As I left out where the log files need to be created ( the default goes under /usr/local ), important therefore to edit the apche2 configuation file ( /usr/local/apche/conf/httpd.conf ) so others can find them, ie applications like awstats and system utilities like cron, which expect to find them under /var/log.

ErrorFile=/var/log/apache2/error.log
LogFile=/var/log/apache2/access.log    ( and any other specific logs for other domains )

Step 7.   to get apache to start up at boot time

root:/etc/systemd/system#  vi  apache.service
                        -----------------

[Unit]
Description=Apache2 Server

[Service]
Type=forking
EnvironmentFile=-/usr/local/bin/apache2/bin/envvars  ( systemd has no envs set )
ExecStart=/usr/local/apache2/bin/apachectl -k start
ExecReload=/usr/local/apache2/bin/apachectl graceful
ExecStop=/usr/local/apache2/bin/apachectl stop
KillMode=SIGCONT
PIDFile=/usr/local/apache2/logs/httpd.pid   ( as set in the compiled configuration )
PrivateTmp=true

[Install]
WantedBy=multi-user.target
Alias=apache2.service

group add -g 25 apache ( create the group for the server to run in )
useradd -c “Apache Server” -d  /var/www  -g  apache  -s  /bin/false  -u 25  apache
( creat the user the server to run as )
chown  -v -R  apache”apache  /var/www
change DocumentRoot in /usr/local/apache/conf/httpd.conf to be /var/www
#  cd /usr/local/apache2/bin
#  systemctl enable apache
#  systemctl start apache
#  systemctl reload apache
#  systemctl status apache
#  systemctl daemon-reload

The logs files can be found in /usr/local/apache2/logs.

 Well … that’s it for me today,
maybe something different tomorrow……
another version perhaps.

© 2017, James Harry Burton. All rights reserved.