LinuxWebLog.com

Latest Compile with pdo drivers for mysql along with mod_security.

NOTE:
Remove the MySQL-shared rpm else openssl will not work.

1. Download and extract the source files:
   
   $ wget http://www.ibiblio.org/pub/mirrors/apache/httpd/apache_1.3.41.tar.gz
$ wget http://us3.php.net/get/php-5.2.5.tar.gz/from/us.php.net/mirror
$ wget http://www.modssl.org/source/mod_ssl-2.8.31-1.3.41.tar.gz />$ wget http://www.modsecurity.org/download/modsecurity-apache_1.9.5.tar.gz
$ wget http://openssl.org/source/openssl-0.9.8g.tar.gz
2. Install the needed rpms:
   
   # yum install gcc gcc-c++ openssl-devel flex bison libxml2-devel
3. Copy modsecurity source to compile statically:
   
   $ cd modsecurity-apache_1.9.5
$ cp apache1/mod_security.c ../apache_1.3.41/src/modules/extra/
4. Build OpenSSL:
   
   $ cd ../openssl-0.9.8g
$ ./config --prefix=/usr/local --openssldir=/usr/local/openssl
$ make

   Notice that we don't need to install OpenSSL.

5. Patch apache with mod_ssl:
   
   $ cd ../mod_ssl-2.8.31-1.3.41
$ ./configure \
--with-ssl=../openssl-0.9.8g \
--with-apache=../apache_1.3.41
6. Preconfigure apache:
   
   $ cd ../apache_1.3.41
$ ./configure
7. Configure/build/install php5:
   
   $ cd ../php-5.2.2
$ CFLAGS='-O2 -I../openssl-0.9.8g' \
./configure \
--with-apache=../apache_1.3.41 \
--disable-debug \
--with-pic \
--enable-inline-optimization \
--with-bz2 \
--with-curl \
--with-freetype-dir=/usr \
--with-png-dir=/usr \
--with-gd=shared \
--enable-gd-native-ttf \
--without-gdbm \
--with-gettext \
--with-gmp \
--with-iconv \
--with-jpeg-dir=/usr \
--with-openssl \
--with-pspell \
--with-libxml-dir=/usr \
--with-xsl=/usr \
--with-pcre-regex \
--with-zlib \
--enable-bcmath \
--enable-exif \
--enable-sockets \
--enable-wddx \
--with-kerberos \
--with-mysql \
--enable-calendar \
--enable-mbstring \
--enable-mbregex \
--with-mime-magic=/usr/share/file/magic.mime \
--enable-zip \
--with-pear=/usr/share/pear \
--enable-soap \
--enable-soap \
--enable-sqlite-utf8 \
--enable-pdo \
--with-pdo-mysql
$ make
# make install
8. Build/install apache with static mod_ssl and php5
   
   $ cd ../apache_1.3.41
$ SSL_BASE=../openssl-0.9.8g \
./configure \
--prefix=/usr/local/apache \
--enable-module=ssl \
--enable-module=rewrite \
--activate-module=src/modules/php5/libphp5.a \
--enable-module=php5 \
--activate-module=src/modules/extra/mod_security \
--enable-module=security
$ make
$ make certificate TYPE=existing \
            CRT=/etc/pki/apache/ssl-crt/server.crt \
            KEY=/etc/pki/apache/ssl-crt/server.key
# make install
9. Copy the minimal modsecurity example file and add your own rules. See gotroot.com for a starting point:
   
   $ cp modsecurity-apache_1.9.5/httpd.conf.example-minimal /usr/local/apache/conf/modsecurity.conf
10. Include the modsecurity.conf file in apache httpd.conf:
    
    Include /usr/local/apache/conf/modsecurity.conf
11. Enable php requests in httpd.conf:
    
    # DirectoryIndex:
<IfModule mod_dir.c>
    DirectoryIndex index.php index.html
</IfModule>

# Enable php
AddType application/x-httpd-php .php
12. Add apache to start at boot:
    
    # ln -s /usr/local/apache/bin/apachectl /sbin/httpd
# ln -s /sbin/httpd /etc/rc.d/init.d/httpd
# ln -s /etc/rc.d/init.d/httpd /etc/rc.d/rc3.d/S90httpd 
13. Edit the apachectl file to start ssl by default by changing the start to something like startnossl and adding start to the startssl option line. Also update the usage info accordingly.

    Below are the relevant lines:
    

        ....
    startnossl)
        if [ $RUNNING -eq 1 ]; then
            echo "$0 $ARG: httpd (pid $PID) already running"
            continue
    ....
    start|startssl|sslstart|start-SSL)
        if [ $RUNNING -eq 1 ]; then
            echo "$0 $ARG: httpd (pid $PID) already running"
            continue
    ....
    startnossl - start httpd without SSL enabled
    start      - start httpd with SSL enabled
    ....

14. Now you can stop and start apache using:
    
    # service httpd [stop|start]

References:

• LAMP SSL
  
• Apache with mod_perl and mod_ssl