📄 install
字号:
[...more APACI options...] OPTIONAL $ make ALL $ make certificate OPTIONAL $ make install OPTIONAL $ cd .. ALL NOTE: The optional --enable-shared=ssl option enables the building of mod_ssl as a DSO `libssl.so'. Read the INSTALL and htdocs/manual/dso.html documents in the Apache source tree for more information about DSO support in Apache. We strongly advise ISPs and package maintainers to use the DSO facility for maximum flexibility with mod_ssl. But notice that DSO is not supported by Apache on all platforms. Additionally OpenSSL has problems under DSO situations on some platforms. For instance under smart ix86 platforms like Linux and FreeBSD when you compile a the standard OpenSSL libcrypto.a/libssl.a libraries and link those to a mod_ssl DSO libssl.so all works fine. While on other platforms like Solaris 2.6 on a SPARC OpenSSL's code will dump core under run-time. When this is the case for you, then try to recompile OpenSSL with Position Independent Code (PIC) by adding a `-fPIC' (for GCC) or `-KPIC' (for SVR4-style compilers) to the platform configuration line in OpenSSL's `Configure' script. The -fPIC option above when you build OpenSSL. NOTE: The --disable-rule=SSL_COMPAT option disables the building of SSL compatibility code for older mod_ssl versions and other Apache SSL solutions like Apache-SSL, Sioux, Stronghold, etc. NOTE: The --enable-rule=SSL_SDBM option enabled the use of the built-in SDBM library instead of a custom defined or vendor supplied DBM library. This can be useful when the vendor DBM library is buggy or restricts the data size too dramatically (for SSL sessions to be cacheable the DBM library should allow more than 1KB of data to be stored under a particular key). NOTE: The --enable-rule=SSL_EXPERIMENTAL and --enable-rule=SSL_VENDOR options enable various experimental and vendor extension code. Please read the src/Configuration.tmpl file inside the Apache source tree for more details. c) The poor mans way known from Apache 1.2 [FOR COMPATIBILITY]: You configure Apache manually by editing the src/Configuration file and running the deep-level src/Configure script. The advantage here is that this directly follows the steps you might be familiar with from Apache 1.2 and additionally you also have a chance to add more third-party Apache modules like mod_perl or mod_php because anything is done manually. But you have to edit the SSL_BASE and EAPI_MM variables manually and more important: you have to install the Apache package manually, too. But feel free to be masochistic ;-) $ cd mod_ssl-2.8.x-1.3.x ALL $ ./configure \ ALL --with-apache=../apache_1.3.x \ ALL --with-crt=/path/to/your/server.crt \ OPTIONAL --with-key=/path/to/your/server.key OPTIONAL $ cd .. ALL [...Add more Apache modules to the Apache source tree...] OPTIONAL $ cd apache_1.3.x/src ALL $ cp Configuration.tmpl Configuration ALL $ vi Configuration ALL [...edit the SSL_BASE variable...] ALL [...edit the EAPI_MM variable...] OPTIONAL [...edit the `AddModule' line of libssl.a...] ALL $ ./Configure ALL $ make ALL $ make certificate OPTIONAL Up to this point it can be acceptable, yeah? But now the friendly world stops. The remaining installation steps have to be done manually by coping the various files to /path/to/apache, including your certificate, etc. That's the price for staying with the good old days... 6. Try out Apache without SSL (only HTTP protocol possible): $ /path/to/apache/bin/apachectl start ALL $ netscape http://<local-host-name>/ ALL $ /path/to/apache/bin/apachectl stop ALL 7. Try out Apache with SSL (both HTTP and HTTPS protocol possible): $ /path/to/apache/bin/apachectl startssl ALL $ netscape http://<local-host-name><http-port>/ ALL $ netscape https://<local-host-name><https-port>/ ALL $ /path/to/apache/bin/apachectl stop ALL NOTE: Replace the `<local-host-name>' with the official name of your host. Do not enter `localhost' here, because this name has to match the Common Name (CN) of the Subject's Distinguished Name (DN) inside your server certificate. NOTE: If you have built and installed under root (uid 0), leave out the the `<http-port>' and `<https-port>' strings above. If you have built and installed under a different user than root, replace `<http-port>' with `:8080' and `<https-port>' with `:8443' above. The reason just is that Apache pre-configures the installed configuration file for direct use (at least as long the APACI option --without-confadjust is not used). For using the official ports (80 for HTTP and 443 for HTTPS) root priviledges are required under run-time, so APACI assumes that it has to use alternate ports (8080 for HTTP and 8443 for HTTPS) if the built and installation is done under non-root users. NOTE: When the above tests (steps 6 and 7) fail for some reasons you are _STRONGLY ADVISED_ to look into the Apache error logfile before you ask someone other for help. In the error logfile there should be a hint where to find the reason for the failure. NOTE: When you *re*install Apache many times, make sure you restart your browsers between the tests if you created test or custom certificates. Else connections might fail because the browser cached the certificate details of the previous installation. 8. Finally you're advised to do the following: o Read the mod_ssl user manual very carefully to understand the SSL-part of your Apache configuration: $ netscape http://www.modssl.org/docs/2.8/ (official) $ netscape http://localhost/manual/mod/mod_ssl/ (local copy) o Adjust your Apache configuration to your personal requirements. The configuration is already pre-configured for SSL, but usually it has to be tweaked a little bit more to fit the local situation. When you had already a httpd.conf file, this one is preserved. Then look inside /path/to/apache/etc/httpd.conf.default for the pre-configured SSL configuration and take it over manually into httpd.conf. $ vi /path/to/apache/etc/httpd.conf o Subscribe to the modssl-users@modssl.org support mailing list with the provided web interface: $ netscape http://www.modssl.org/news/list.html 8. Bask in the glow ;-) Upgrading with APXS (EXPERTS ONLY) __________________________________ Once you've built and installed Apache with mod_ssl as a DSO (libssl.so) you can easily upgrade this libssl.so file with a stand-alone built procedure as long as the Extended API (EAPI) didn't change and you've OpenSSL installed somewhere. For this you can use the following procedure: $ cd mod_ssl-2.8.x-1.3.x ALL $ ./configure \ ALL --with-apxs[=/path/to/apache/bin/apxs] \ ALL --with-ssl=/path/to/openssl ALL $ make ALL $ make install ALL $ make distclean ALL This will build mod_ssl locally inside the pkg.modssl/ directory and then upgrades your existing libssl.so file. This approach is also interesting for package vendors. Because those can create an Apache+EAPI package (with the use of --with-eapi-only) and a APXS-based mod_ssl package (with the use of --with-apxs). Examples ________ As you noticed above there are a lot of possibilities, variants and options for installing mod_ssl. So, in the following we provide some step-by-step examples where you can see how to build mod_ssl with other third-party modules to form your SSL-aware Apache. For simplification we assume some prerequisites for each example. If these don't fit your situation you have to adjust the steps with the help of the above detailed instructions, of course. o Apache + mod_ssl/OpenSSL + mod_perl/Perl --------------------------------------- Prerequisites: o Apache should be installed to /path/to/apache o Perl is installed and `perl' is in $PATH o OpenSSL is installed under /path/to/openssl Steps: # extract the packages $ gzip -d -c apache_1.3.x.tar.gz | tar xvf - $ gzip -d -c mod_ssl-2.8.x-1.3.x.tar.gz | tar xvf - $ gzip -d -c mod_perl-1.xx.tar.gz | tar xvf - # apply mod_ssl to Apache source tree $ cd mod_ssl-2.8.x-1.3.x $ ./configure \ --with-apache=../apache_1.3.x $ cd .. # apply mod_perl to Apache source tree # and build/install the Perl-side of mod_perl $ cd mod_perl-1.xx $ perl Makefile.PL \ EVERYTHING=1 \ APACHE_SRC=../apache_1.3.x/src \ USE_APACI=1 \ PREP_HTTPD=1 \ DO_HTTPD=1 $ make $ make install $ cd .. # build/install Apache with mod_ssl and mod_perl $ cd apache_1.3.x $ SSL_BASE=/path/to/openssl \ ./configure \ --prefix=/path/to/apache \ --enable-module=ssl \ --activate-module=src/modules/perl/libperl.a \ --enable-module=perl $ make $ make certificate $ make install $ cd .. # cleanup after work $ rm -rf mod_perl-1.xx $ rm -rf mod_ssl-2.8.x-1.3.x $ rm -rf apache_1.3.x o Apache + mod_ssl/OpenSSL + PHP3/MySQL ------------------------------------- Prerequisites: o Apache should be installed to /path/to/apache o MySQL is installed under /path/to/mysql o OpenSSL is installed under /path/to/openssl o GNU Make is available as `gmake' in $PATH Steps: # extract the packages $ gzip -d -c apache_1.3.x.tar.gz | tar xvf - $ gzip -d -c mod_ssl-2.8.x-1.3.x.tar.gz | tar xvf - $ gzip -d -c php-3.0.x.tar.gz | tar xvf - # apply mod_ssl to Apache source tree $ cd /mod_ssl-2.8.x-1.3.x $ ./configure \ --with-apache=../apache_1.3.x $ cd .. # pre-configure Apache for PHP3's configure step $ cd apache_1.3.x $ ./configure \ --prefix=/path/to/apache $ cd .. # configure PHP3 and apply it to the Apache source tree $ cd ../php-3.0.x $ CFLAGS='-O2 -I/path/to/openssl/include' \ ./configure \ --with-apache=../apache_1.3.x \ --with-mysql=/path/to/mysql \ --enable-memory-limit=yes \ --enable-debug=no $ gmake $ gmake install $ cd .. # build/install Apache with mod_ssl and PHP3 $ cd apache_1.3.x $ SSL_BASE=/path/to/openssl \ ./configure \ --prefix=/path/to/apache \ --enable-module=ssl \ --activate-module=src/modules/php3/libphp3.a \ --enable-module=php3 $ make $ make certificate $ make install $ cd .. # cleanup after work $ rm -rf php-3.0.x $ rm -rf mod_ssl-2.8.x-1.3.x $ rm -rf apache_1.3.x⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -