LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 06-13-2007, 09:53 PM   #1
Kupo
Member
 
Registered: Nov 2003
Location: Hell (AZ, USA)
Distribution: FC6/Centos
Posts: 87

Rep: Reputation: 15
Compiling Apache 1.3.x + mod_ssl + openssl


Im trying to get Apache 1.3 installed with shared library mode so i can compile 3rd party modules. do i have to install mod_ssl and openssl on the initial compile? or can it be added later?
I am fallowing the documentation supplied with mod_ssl, so far i have decompressed mod_ssl, apache 1.3, and openssl to /usr/local/src
after i did
cd openssl-0.9.8e
./config -fPIC
make
make test
cd ..
cd mod_ssl-2.8.28-1.3.37
./configure --with-apache=../apache_1.3.37 \ --with-ssl=../openssl-0.9.8e \ --prefix=/usr/local/httpd/ \ [--enable-shared=ssl]
cd ../apache_1.3.37
SSL_BASE=../openssl-0.9.8e ./configure --prefix=/usr/local/httpd/ --enable-rule=SHARED_CORE --enable-module=ssl
make
make certificate
make install
and finally
/usr/local/httpd/bin/apachectl startssl

now im not expecting it to work the first go at this, but i type https://127.0.0.1 and it cannot connect
any help would be great! sorry if i made any dumb mistakes
Thanks!
 
Old 06-14-2007, 02:09 AM   #2
bathory
LQ Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 12,733

Rep: Reputation: 1835Reputation: 1835Reputation: 1835Reputation: 1835Reputation: 1835Reputation: 1835Reputation: 1835Reputation: 1835Reputation: 1835Reputation: 1835Reputation: 1835
First of all you should take a look at the apache logs to see if you can find out what your problem is. Also you didn't mention if you've created the pair of key/certificate for your server and changed apache configuration accordingly.
Now regarding your setup, configuring mod_ssl like this:
Code:
./configure –with-apache=../ apache_1.3.37
should be enough.
For apache you can add "--enable-module=so" if you want to add other modules later (like php for example).

Regards
 
Old 06-14-2007, 02:28 AM   #3
opensourcedevelopmen
LQ Newbie
 
Registered: Jun 2007
Location: Delhi
Distribution: Linux
Posts: 21

Rep: Reputation: 16
Can u please try apache with
/configure --with-ldap --enable-mods-shared="all ssl dev" --enable-dav-lock --enable-ldap --enable-authnz-ldap
 
Old 06-14-2007, 09:50 AM   #4
Kupo
Member
 
Registered: Nov 2003
Location: Hell (AZ, USA)
Distribution: FC6/Centos
Posts: 87

Original Poster
Rep: Reputation: 15
Quote:
Originally Posted by bathory
First of all you should take a look at the apache logs to see if you can find out what your problem is. Also you didn't mention if you've created the pair of key/certificate for your server and changed apache configuration accordingly.
Now regarding your setup, configuring mod_ssl like this:
Code:
./configure –with-apache=../ apache_1.3.37
should be enough.
For apache you can add "--enable-module=so" if you want to add other modules later (like php for example).

Regards
when i did make certificiate, i made the test one and it created in its own dir, what do i have to do from there? is there any conf files i need to edit?
so when im setting up mod_ssl i only need that option on the configure? not all the others?

Thanks alot
 
Old 06-14-2007, 09:51 AM   #5
Kupo
Member
 
Registered: Nov 2003
Location: Hell (AZ, USA)
Distribution: FC6/Centos
Posts: 87

Original Poster
Rep: Reputation: 15
Quote:
Originally Posted by opensourcedevelopmen
Can u please try apache with
/configure --with-ldap --enable-mods-shared="all ssl dev" --enable-dav-lock --enable-ldap --enable-authnz-ldap
what exactly will all these do?
 
Old 06-14-2007, 06:55 PM   #6
Kupo
Member
 
Registered: Nov 2003
Location: Hell (AZ, USA)
Distribution: FC6/Centos
Posts: 87

Original Poster
Rep: Reputation: 15
This is what my errorlog reads in apache's folder
[Thu Jun 14 10:08:01 2007] [notice] Apache/1.3.37 (Unix) mod_ssl/2.8.28 OpenSSL/
0.9.8e configured -- resuming normal operations
[Thu Jun 14 10:08:01 2007] [notice] Accept mutex: sysvsem (Default: sysvsem)

another question, judging by the steps i have taken on compile/install, did i compile SSl into the source tree, or install it via DSO?

Last edited by Kupo; 06-14-2007 at 08:23 PM.
 
Old 06-15-2007, 02:08 AM   #7
bathory
LQ Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 12,733

Rep: Reputation: 1835Reputation: 1835Reputation: 1835Reputation: 1835Reputation: 1835Reputation: 1835Reputation: 1835Reputation: 1835Reputation: 1835Reputation: 1835Reputation: 1835
Quote:
what do i have to do from there? is there any conf files i need to edit?
Normally there is no need to edit any config files, since "make install" takes care of it. But take a look at httpd.conf for the various ssl related directives just in case. Make sure that there is a "Listen 443" directive, because your apache starts OK as it seems from the error_log, but it does not listen on port 443 (https)
Quote:
so when im setting up mod_ssl i only need that option on the configure? not all the others?
If you want just mod_ssl then your configure options are OK
Quote:
another question, judging by the steps i have taken on compile/install, did i compile SSl into the source tree, or install it via DSO?
You're installing the module as built-in and not as a dso.
Code:
httpd -l
should tell you the built-in modules.

Last edited by bathory; 06-15-2007 at 02:10 AM.
 
Old 06-15-2007, 08:18 AM   #8
Kupo
Member
 
Registered: Nov 2003
Location: Hell (AZ, USA)
Distribution: FC6/Centos
Posts: 87

Original Poster
Rep: Reputation: 15
what would the configure options be for openssl/mod_ssl/apache 1.3 if i were to just enable DSO support and install it under prefix /usr/local/httpd ? or is it not possible to install SSL as a module thru DSO?

Thanks for the help
 
Old 06-15-2007, 08:32 AM   #9
bathory
LQ Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 12,733

Rep: Reputation: 1835Reputation: 1835Reputation: 1835Reputation: 1835Reputation: 1835Reputation: 1835Reputation: 1835Reputation: 1835Reputation: 1835Reputation: 1835Reputation: 1835
mod_ssl is usually installed as a built-in apache module. If you want to install it as a dso then follow the instructions in the last part of this page.

Last edited by bathory; 06-15-2007 at 08:33 AM.
 
Old 06-15-2007, 08:51 AM   #10
Kupo
Member
 
Registered: Nov 2003
Location: Hell (AZ, USA)
Distribution: FC6/Centos
Posts: 87

Original Poster
Rep: Reputation: 15
im confused, in order to install mod_ssl as a DSO you have to enable it in the .configure of mod_ssl and also the configure of apache?
so it would look like
(openssl dir) ./config -fPIC
make
make test
(at mod_ssl dir) ./configure --enable-shared=ssl
and then at apache dir ./configure --prefix=/usr/local/httpd --enable-module=so (enables DSO)
or am i getting somthing wrong, how would i install mod_ssl/openssl into apache after the compile?
 
Old 06-15-2007, 09:30 AM   #11
bathory
LQ Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 12,733

Rep: Reputation: 1835Reputation: 1835Reputation: 1835Reputation: 1835Reputation: 1835Reputation: 1835Reputation: 1835Reputation: 1835Reputation: 1835Reputation: 1835Reputation: 1835
Leave openssl apart. It's used to provide the cryptographic libraries to any software that may need them. Once installed there is no need to recompile it.
Now for mod_ssl, you can:
Code:
../configure --with-apache=../apache_1.3.37 --with-ssl=../openssl-0.9.8e
For apache something like:
Code:
SSL_BASE=../openssl-0.9.8e ./configure --prefix=/usr/local/httpd --enable-module=so --enable-module=ssl --enable-shared=ssl
Take a look at the INSTALL file inside the directory you extracted mod_ssl to see the 3 ways you can install it.
 
Old 06-15-2007, 09:35 AM   #12
Kupo
Member
 
Registered: Nov 2003
Location: Hell (AZ, USA)
Distribution: FC6/Centos
Posts: 87

Original Poster
Rep: Reputation: 15
That apache configure would compile ssl in the source? or later as DSO?
 
Old 06-15-2007, 09:44 AM   #13
bathory
LQ Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 12,733

Rep: Reputation: 1835Reputation: 1835Reputation: 1835Reputation: 1835Reputation: 1835Reputation: 1835Reputation: 1835Reputation: 1835Reputation: 1835Reputation: 1835Reputation: 1835
Since you use the "enable-shared=ssl" option it will be compiled as a dso module and installed under the apache modules directory as lbssl.so. Later on if a newer version comes out you can use the apache apxs to just compile the new mod_ssl sources without recompiling apache.
 
Old 06-15-2007, 06:50 PM   #14
Kupo
Member
 
Registered: Nov 2003
Location: Hell (AZ, USA)
Distribution: FC6/Centos
Posts: 87

Original Poster
Rep: Reputation: 15
ive compiled it with the options in your post and just did make certificate, and did all the defaults just for a test certificate
RESULT: Server Certification Files

o conf/ssl.key/server.key
The PEM-encoded RSA private key file which you configure
with the 'SSLCertificateKeyFile' directive (automatically done
when you install via APACI). KEEP THIS FILE PRIVATE!

o conf/ssl.crt/server.crt
The PEM-encoded X.509 certificate file which you configure
with the 'SSLCertificateFile' directive (automatically done
when you install via APACI).

o conf/ssl.csr/server.csr
The PEM-encoded X.509 certificate signing request file which
you can send to an official Certificate Authority (CA) in order
to request a real server certificate (signed by this CA instead
of our demonstration-only Snake Oil CA) which later can replace
the conf/ssl.crt/server.crt file.

and after i did make install, started with apachectl startssl and got this error
[root@localhost apache_1.3.37]# /usr/local/httpd/bin/apachectl startssl
Syntax error on line 206 of /usr/local/httpd/conf/httpd.conf:
Cannot load /usr/local/httpd/libexec/libssl.so into server: /usr/local/httpd/libexec/libssl.so: cannot restore segment prot after reloc: Permission denied
/usr/local/httpd/bin/apachectl startssl: httpd could not be started
EDIT: i changed SELinux to "permissive" and it went thru all the way and i can access via https://127.0.0.1, but is there a way i can change SElinux so it allows this program?
Thanks for the help

Last edited by Kupo; 06-15-2007 at 06:58 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Apache 2.x/1.3x/mod_ssl Harry Seldon Linux - General 1 08-16-2006 12:42 PM
apache 2.2.2 and mod_ssl lt_wentoncha Linux - Software 1 06-26-2006 01:58 AM
Compiling the mod_ssl DSO for Apache2 ganz_friedrich Linux - Networking 2 04-02-2006 02:55 PM
apache + mod_ssl without openssl , will it run ? kernelvn Linux - Security 1 10-01-2004 11:47 PM
Upgrading Openssl and mod_ssl luba Linux - Security 1 08-15-2002 03:46 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 08:30 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration