Apache installing with SSL.
Here’s a couple of tips to save you ( and for me to remember to aviod ) a few painful annoying hours of battling trying to install apache with ssl, that refuses to compile. So annoying in fact for me, I thought I better write this up immediately as best I could.
First off, just in case you didn’t know ( like me before today’s “exercise” ), ssl these days only works when it’s source code is statically compiled into the source code for apache2, like in the good old days ( which by the way, where not all that good anyway ). Say again, no dynamic loads for ssl.
A side benefit ( in this business it helps to be positive … when you can ) of having to statically compile stuff, seems to me we may as well while we are here, compile in the modules we need and as a result, simplify the config file so no one ( especially me ) has to spend time working out from day to day whether modules loaded ok ( as well as apache2 actually running a bit quicker – which is also a nice thing, from the boss’s point of view anyway ).
The second tip, in case you too have not installed apache2 in the last few months, is that the latest version of apache2 does not compile with the latest version of openssl. True, I should have guessed things were still like that, but I didn’t. So much for guessing; this following is what finally worked for me on a linode server running Debian 8.6.
Step 1. Install a C complier ( if not already installed of course )
# su # apt-get update # apt-get upgrade # apt-get install --fix-missing gcc # cat /etc/apt/sources.list deb http://mirrors.linode.com/debian/ jessie main deb http://mirrors.linode.com/debian/ jessie main non-free contrib deb-src http://mirrors.linode.com/debian/ jessie main non-free contrib deb http://security.debian.org/ jessie/updates main deb-src http://security.debian.org/ jessie/updates main jessie-updates, previously known as 'volatile' deb http://mirrors.linode.com/debian/ jessie-updates main deb-src http://mirrors.linode.com/debian/ jessie-updates main if needed, make sure to # apt-get update then can for example # apt-get install gcc-doc and # apt-get make etc etc Install any other development stuff you might like using, such as this: # apt-get install libghc-regex-pcre-dev ( or whatever regex version you prefer )
Step 2. Down load the latest apache2 source code.
The latest apache source code can be found here: http://httpd.apache.org/download.cgi#apache24
# su Lets just be careful what we do using su but not be too restrictive. If you want to be very careful of course, you can always use sudo. # cd /usr/src # wget http://apache.mirror.amaze.com.au//httpd/httpd-2.4.25.tar.gz # gzip -d httpd-2.4.25.tar.gz # tar xf httpd-2.4.25.tar # cd httpd-2.4.25 “./configure -h” gives a nice long list of many of the complier options. The -n flag is useful to see what configure would do ( successfully ), without actually doing anything. For example, “./configure -n | grep WARNING” will list what configure is not finding.
Step 3. download apr and apr-util
Doubt apache will compile at all without these two libraries, but are certainly needed to get ssl and other modules to work with apache2.
The latest sources for apr and apr-util can be found here: http://apr.apache.org/download.cgi
# cd /usr/src # wget http://apache.mirror.amaze.com.au//apr/apr-1.5.2.tar.gz # wget http://apache.mirror.amaze.com.au//apr/apr-util-1.5.4.tar.gz # gzip -d apr-1.5.2.tar.gz # gzip -d apr-util-1.5.4.tar.gz Don’t need to unpack them here, but instead into the directory where the source for apache2 is located, so that they can be easily found by the complier to compile into the source for apache2. # cd /usr/src/httpd-2.4.25/srclib # tar xvf /usr/src/apr-1.5.2.tar # tar xvf /usr/src/apr-util-1.5.4.tar so the compiler can find them in apr and apr-util directories ln -s apr-1.5.2/ apr ln -s apr-util-1.5.4/ apr-util
Step 4. Down load and unpack openssl version 1.0.2k
Whatever you do, do not use a later version of openssl as it does not compile in with the latest version of apache2 no matter how many patches you might like applying 🙂 # cd /usr/src # wget https://www.openssl.org/source/openssl-1.0.2k.tar.gz # gzip -d openssl-1.0.2k.tar.gz # tar xvf openssl-1.0.2k.tar
Step 5. Compile and install apache2
# cd /usr/src/http-2.4.25 ./configure --enable-ssl --with-ssl=/usr/local/src/openssl-1.0.2k --enable-ssl-staticlib-deps --enable-mods-static=ssl --with-included-apr --with-mpm=prefork ( needed for php to work ) \ --enable-mods=most Some configurations like following however, may compile ok, but will not run ! # ./configure --enable-ssl --with-ssl=/usr/src/openssl-1.0.2k --enable-ssl-staticlib-deps --enable-mods-static=ssl --with-included-apr --with-crypto --enable-mods-static=most --disable-userdir --disable-actions --disable-dav-fs --disable-autoindex --disable-dav --disable-imagemap --disable-access-compat --disable-watchdog --disable-so # make # make install
Step 6. Check out apache2
Apache will be now found in /usr/local/apache2 ( by the default setting For example: /usr/local/apache2/bin/httpd -l will list all the complied in modules. and /usr/local/apache2/bin/httpd -V shows all the complied in settings, such as where the configuration file is ( /usr/local/apache2/conf/httpd.conf )
As I left out where the log files need to be created ( the default goes under /usr/local ), important therefore to edit the apche2 configuation file ( /usr/local/apche/conf/httpd.conf ) so others can find them, ie applications like awstats and system utilities like cron, which expect to find them under /var/log.
ErrorFile=/var/log/apache2/error.log LogFile=/var/log/apache2/access.log ( and any other specific logs for other domains )
Step 7. to get apache to start up at boot time
root:/etc/systemd/system# vi apache.service ----------------- [Unit] Description=Apache2 Server [Service] Type=forking EnvironmentFile=-/usr/local/bin/apache2/bin/envvars ( systemd has no envs set ) ExecStart=/usr/local/apache2/bin/apachectl -k start ExecReload=/usr/local/apache2/bin/apachectl graceful ExecStop=/usr/local/apache2/bin/apachectl stop KillMode=SIGCONT PIDFile=/usr/local/apache2/logs/httpd.pid ( as set in the compiled configuration ) PrivateTmp=true [Install] WantedBy=multi-user.target Alias=apache2.service
group add -g 25 apache ( create the group for the server to run in )
useradd -c “Apache Server” -d /var/www -g apache -s /bin/false -u 25 apache
( creat the user the server to run as )
chown -v -R apache”apache /var/www
change DocumentRoot in /usr/local/apache/conf/httpd.conf to be /var/www
# cd /usr/local/apache2/bin
# systemctl enable apache
# systemctl start apache
# systemctl reload apache
# systemctl status apache
# systemctl daemon-reload
The logs files can be found in /usr/local/apache2/logs.
Well … that’s it for me today,
maybe something different tomorrow……
another version perhaps.
© 2017, James Harry Burton. All rights reserved.