CLASS="SECT1" BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#0000FF" VLINK="#840084" ALINK="#0000FF" >

3. Getting, build and install Apache with its basic modules

3.1. Get and untar the Apache Source

3.1.1. What is Apache

 

The Apache Project is a collaborative software development effort aimed at creating a robust, commercial-grade, featureful, and freely-available source code implementation of an HTTP (Web) server. The project is jointly managed by a group of volunteers located around the world, using the Internet and the Web to communicate, plan, and develop the server and its related documentation. These volunteers are known as the Apache Group. In addition, hundreds of users have contributed ideas, code, and documentation to the project. This file is intended to briefly describe the history of the Apache Group and recognize the many contributors.

 
--www.apache.org 

It is simply the best Webserver-Software, it is very flexible to configure to match your needs, and it is E-X-T-R-E-M-E stable. I personally never experienced a crash in a productive (=non-experimental stuff) environment

3.1.2. Download the source

Origin-Site http://www.apache.org/dist/httpd/
cd /usr/local/

tar -xvzf apache_1.3.27.tar.gz

3.1.3. Patch for large-scale sites

If your webserver should answer very much requests at the same time, and your machine is strong enough to serve such an amount of requests, you can change the limit of maximum running processes

Download the patch from: http://www.delouw.ch/linux/apache-patch_HARD_SERVER_LIMIT.txt

--- httpd.h     Thu Mar 21 18:07:34 2002
+++ httpd.h-new Sun Apr  7 13:34:11 2002
@@ -320,7 +320,7 @@
 #elif defined(NETWARE)
 #define HARD_SERVER_LIMIT 2048
 #else
-#define HARD_SERVER_LIMIT 256
+#define HARD_SERVER_LIMIT 512
 #endif
 #endif

This patch does increase the maximum concurrent accessing clients to 512. Feel free to increase it further, if you hacked your kernel and edited your /etc/security/limits.conf

CautionAvoid running out of tasks
 

With wrong settings this could end as a »self-denial-of-service-attack« Be sure you have enough processes left for root)

Apply the patch using:

cd /usr/local/apache_1.3.27/src/include

patch -p0 < apache-patch_HARD_SERVER_LIMIT.txt

3.2. mod_ssl

3.2.1. What is mod_ssl

 

This module provides strong cryptography for the Apache 1.3 webserver via the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols by the help of the Open Source SSL/TLS toolkit OpenSSL, which is based on SSLeay from Eric A. Young and Tim J. Hudson.

 
--www.modssl.org 

This module is needed to enable Apache for SSL-Requests (https). It applies a patch to the Apache source-code and extends its API (Application Programming Interface). The result is called EAPI (Extended Application Programming Interface).

CautionUse of compilerflags while compiling modules
 

Make sure any module for your Apache server is compiled with the compiler-flag -DEAPI, or your Webserver might crash or can not be started.

Almost all modules I know adds the -DEAPI flag by themself except mod_jserv and mod_jk

3.2.2. Download the source

Origin-Site:http://www.modssl.org

3.2.3. Applying the patch to the Apache source

cd /usr/local/

tar -xvzf mod_ssl-2.8.12-1.3.27.tar.gz
cd mod_ssl-2.8.12-1.3.27/

./configure --with-apache=../apache_1.3.27 

3.3. mod_perl

3.3.1. What is mod_perl

 

With mod_perl it is possible to write Apache modules entirely in Perl. In addition, the persistent interpreter embedded in the server avoids the overhead of starting an external interpreter and the penalty of Perl start-up time.

 
--perl.apache.org 

mod_perl is a kind of substitute for cgi-bin's. cgi's typically forks a new process for each request, and produces overhead. With mod_perl the perl-interpreter is loaded persistent in the Apache server and does not need to fork processes for each request.

3.3.2. Download the source

Origin-Site: http://www.apache.org/dist/perl

3.3.3. Building and installing

cd /usr/local

tar -xvzf mod_perl-1.27.tar.gz

cd mod_perl-1.27

perl Makefile.PL \
EVERYTHING=1 \
APACHE_SRC=../apache_1.3.27/src \
USE_APACI=1 \
PREP_HTTPD=1 \
DO_HTTPD=1

make
make install

CautionMod_perl can not be compiled as DSO
 

Do not compile mod_perl as DSO (Dynamic Shared Object)! According to various sources, Apache will crash (I never tried).

3.4. Configure and build Apache

Now the two static modules mod_ssl and mod_perl are configured and the Apache Source has been patched, and we can proceed with building Apache.

3.4.1. Building and installing

EAPI_MM="/usr/local/mm-1.2.2" SSL_BASE="/usr/local/ssl" \
./configure \
--enable-module=unique_id \
--enable-module=rewrite \
--enable-module=speling \
--enable-module=expires \
--enable-module=info \
--enable-module=log_agent \
--enable-module=log_referer \
--enable-module=usertrack \
--enable-module=proxy \
--enable-module=userdir \
--enable-module=so \
--enable-shared=ssl \
--enable-module=ssl \
--activate-module=src/modules/perl/libperl.a \
--enable-module=perl

make
make install

3.4.2. Create self-signed SSL-certificate

cd /usr/local/ssl/bin

./openssl req -new > new.cert.csr
./openssl rsa -in privkey.pem -out new.cert.key
./openssl x509 -in new.cert.csr -out new.cert.cert \
-req -signkey new.cert.key -days 999

cp new.cert.key /usr/local/apache/conf/ssl.key/server.key
cp new.cert.cert /usr/local/apache/conf/ssl.crt/server.crt

TipCommon name
 

OpenSSL asks for different things. A common error is to enter a wrong "common name". This should be the FQHN (Fully Qualified HostName) of your Server, i.e www.foo.org