Static compile and install of apache + mod_ssl + php on FC4

Latest Compile with pdo drivers for mysql along with mod_security.

NOTE:
Remove the MySQL-shared rpm else openssl will not work.

# rpm -e MySQL-shared-5.0.20a-0.glibc23

  1. Download and extract the source files:
    $ wget http://www.ibiblio.org/pub/mirrors/apache/httpd/apache_1.3.41.tar.gz
    $ wget http://us3.php.net/get/php-5.2.5.tar.gz/from/us.php.net/mirror
    $ wget http://www.modssl.org/source/mod_ssl-2.8.31-1.3.41.tar.gz />$ wget http://www.modsecurity.org/download/modsecurity-apache_1.9.5.tar.gz
    $ wget http://openssl.org/source/openssl-0.9.8g.tar.gz
  2. Install the needed rpms:
    # yum install gcc gcc-c++ openssl-devel flex bison libxml2-devel
  3. Copy modsecurity source to compile statically:
    $ cd modsecurity-apache_1.9.5
    $ cp apache1/mod_security.c ../apache_1.3.41/src/modules/extra/
  4. Build OpenSSL:
    $ cd ../openssl-0.9.8g
    $ ./config --prefix=/usr/local --openssldir=/usr/local/openssl
    $ make

    Notice that we don't need to install OpenSSL.

  5. Patch apache with mod_ssl:
    $ cd ../mod_ssl-2.8.31-1.3.41
    $ ./configure \
    --with-ssl=../openssl-0.9.8g \
    --with-apache=../apache_1.3.41
  6. Preconfigure apache:
    $ cd ../apache_1.3.41
    $ ./configure
  7. Configure/build/install php5:
    $ cd ../php-5.2.2
    $ CFLAGS='-O2 -I../openssl-0.9.8g' \
    ./configure \
    --with-apache=../apache_1.3.41 \
    --disable-debug \
    --with-pic \
    --enable-inline-optimization \
    --with-bz2 \
    --with-curl \
    --with-freetype-dir=/usr \
    --with-png-dir=/usr \
    --with-gd=shared \
    --enable-gd-native-ttf \
    --without-gdbm \
    --with-gettext \
    --with-gmp \
    --with-iconv \
    --with-jpeg-dir=/usr \
    --with-openssl \
    --with-pspell \
    --with-libxml-dir=/usr \
    --with-xsl=/usr \
    --with-pcre-regex \
    --with-zlib \
    --enable-bcmath \
    --enable-exif \
    --enable-sockets \
    --enable-wddx \
    --with-kerberos \
    --with-mysql \
    --enable-calendar \
    --enable-mbstring \
    --enable-mbregex \
    --with-mime-magic=/usr/share/file/magic.mime \
    --enable-zip \
    --with-pear=/usr/share/pear \
    --enable-soap \
    --enable-soap \
    --enable-sqlite-utf8 \
    --enable-pdo \
    --with-pdo-mysql
    $ make
    # make install
  8. Build/install apache with static mod_ssl and php5
    $ cd ../apache_1.3.41
    $ SSL_BASE=../openssl-0.9.8g \
    ./configure \
    --prefix=/usr/local/apache \
    --enable-module=ssl \
    --enable-module=rewrite \
    --activate-module=src/modules/php5/libphp5.a \
    --enable-module=php5 \
    --activate-module=src/modules/extra/mod_security \
    --enable-module=security
    $ make
    $ make certificate TYPE=existing \
                CRT=/etc/pki/apache/ssl-crt/server.crt \
                KEY=/etc/pki/apache/ssl-crt/server.key
    # make install
  9. Copy the minimal modsecurity example file and add your own rules. See gotroot.com for a starting point:
    $ cp modsecurity-apache_1.9.5/httpd.conf.example-minimal /usr/local/apache/conf/modsecurity.conf
  10. Include the modsecurity.conf file in apache httpd.conf:
    Include /usr/local/apache/conf/modsecurity.conf
  11. Enable php requests in httpd.conf:
    # DirectoryIndex:
    <IfModule mod_dir.c>
        DirectoryIndex index.php index.html
    </IfModule>

    # Enable php
    AddType application/x-httpd-php .php
  12. Add apache to start at boot:
    # ln -s /usr/local/apache/bin/apachectl /sbin/httpd
    # ln -s /sbin/httpd /etc/rc.d/init.d/httpd
    # ln -s /etc/rc.d/init.d/httpd /etc/rc.d/rc3.d/S90httpd 
  13. Edit the apachectl file to start ssl by default by changing the start to something like startnossl and adding start to the startssl option line. Also update the usage info accordingly.

    Below are the relevant lines:

        ....
        startnossl)
        &nbsp;   if [ $RUNNING -eq 1 ]; then
        &nbsp;    &nbsp;  echo "$0 $ARG: httpd (pid $PID) already running"
        &nbsp;    &nbsp;  continue
        ....
        start|startssl|sslstart|start-SSL)
        &nbsp;   if [ $RUNNING -eq 1 ]; then
        &nbsp;    &nbsp;  echo "$0 $ARG: httpd (pid $PID) already running"
        &nbsp;    &nbsp;  continue
        ....
        startnossl - start httpd without SSL enabled
        start    &nbsp; - start httpd with SSL enabled
        ....

  14. Now you can stop and start apache using:
    # service httpd [stop|start]

References:

Comments

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
For rewrite mod with DBM support

Make sure to have gdbm-devel rpm package installed.

# yum install gdbm-devel

Then build apache with rewrite module enabled:

$ SSL_BASE=SYSTEM \
./configure \
--prefix=/usr/local/apache \
--enable-module=ssl \
--enable-module=rewrite \
--activate-module=src/modules/php5/libphp5.a \
--enable-module=php5

Comment