Installing Apache 2 httpd with ssl and PHP support

Compiling Apache used to be easy. Over the years it has gotten more and more complex, and the latest versions can be a nightmare even for experienced administrators to compile. Each version of Apache also puts its config files and log files in a different place. Many people have trouble configuring the "prefork" version that is installed by SuSE, because instead of one config file, the prefork version (at least the one supplied by SuSE) has 13 of them. Since apache needs to be updated and reinstalled frequently, most users are better off compiling apache from source from the very beginning. This also helps your users by ensuring that their html files (and your config files) are always in the same place.

PHP5 is recommended over PHP4 because it is much easier to install. It is recommended to compile php as a shared library instead of hard-coding it into apache. The old ".o" and "mod_php4.c" files will be replaced by a single php library. This page will also concentrate exclusively on apache 2.x.

STEP 1: Install SSL

Install new openssl from www.openssl.org (openssl-0.9.6g.tar.gz)

Openssl installs everything in /usr/local/ssl/lib, while SuSE installs it in /usr/lib/. Be sure to copy the new version to /usr/lib or specify "--prefix=/usr/lib" during the config step.

./config make make test make install ./config shared make make install cd /usr/local/ssl/lib cp * /usr/lib lcdonfig

If it gives the following error:

BEGIN failed--compilation aborted at /usr/lib/perl5/5.00503\ /Pod/Usage.pm line 412.

copy the files manually

cp libcry* /usr/lib/ cp libssl* /usr/lib/ cp libcry* /usr/local/ssl/lib cp libssl* /usr/local/ssl/lib

Restart Samba and Apache, otherwise Samba, apache, and possibly other applications will crash silently.

STEP 2: Unpack Apache

PHP places files in the Apache source tree that are necessary to create a version of Apache that supports PHP. Untar Apache and type './configure'. Do not skip this step. Then install PHP before continuing.

STEP 3: Install PHP

Use the latest versions of Apache and PHP to avoid incompatibilities, compilation problems, and potential security problems. If you use modules in apache, it may be necessary to reinstall them as well.

PHP can be configured with apxs or using command-line options. In this document we will use apxs. If you use apxs, make sure the correct apxs (/usr/sbin/apxs, /usr/sbin/apxs2, /usr/local/apache/bin/apxs, or /usr/local/apache2/bin/apxs) is being used by specifying something like "--with-apxs=/usr/sbin/apxs". If you specify the wrong apxs, it will say something like:

configure: error: You have enabled Apache 2 support while your server is Apache 1.3. Please use the appropiate switch --with-apxs (without the 2)

Since apxs is part of Apache, if apxs is not present, you must compile and install apache twice--once to create apxs, and once to create a version of apache that works with php. For Apache 2.x you need to use apxs2. Apache creates a version of apxs2, but unfortunately calls it apxs. This is the version needed by php. It's necessary to make it executable and then copy it somewhere in your path (such as /usr/sbin/). See also "./configure --help" and "sapi/apache2filter/README".

1. Install python and python-devel from original linux CD if python is not present.
2. Obtain the libxml2 tar file from

   ftp://ftp.gnome.org/mirror/gnome.org/sources/libxml2/2.6/

3. Compile and install libxml2

   ./configure --enable-ipv6=no make make install

4. According to the documentation, libxml2-devel is also needed. However, this turned out not to be true.
   
5. If you don't have an apxs already, go back to the apache directory and install apxs by compiling and installing a minimal apache with no arguments as described below in Step 4. Then return to the php directory and type:

   ./configure --with-apxs2=/usr/local/apache2/bin/apxs \ --with-apache2=/home/tjnelson/apache/httpd-2.0.50 \ --enable-shared --with-mysql=/usr/bin/mysql

   Substitute the actual location of your apxs. In our situation, we had to use a different command for each of our computers that use php with apache (This section is only of local interest. Please skip to the next section if you are not me.):

   entropy cd /usr/local/lib/perl5/site_perl cp /usr/lib/perl5/5.8.1/strict.pm . cd - ./configure --with-apxs2=/usr/local/apache2/bin/apxs \ --with-apache2=/home/tjnelson/apache/httpd-2.0.50 make edit Makefile to remove install-pear from install_targets su make install libtool --finish /home/tjnelson/php/php-5.2.1/libs cd /etc/rc.d ./apache2 restart test web server to make sure it actually started protein install libxml2 and libxml2-sources from ftp://xmlsoft.org/ ./configure --with-apache=/home/tjnelson/apache/httpd-2.0.50 engram ./configure --with-apxs2=/usr/local/apache2/bin/apxs \ --with-apache2=/home/tjnelson/apache/httpd-2.0.50 \ --enable-shared --enable-mbstring make edit Makefile to remove install-pear from install_targets su make install libtool --finish /home/tjnelson/php/php-5.2.1/libs cd /etc/rc.d ./apache2 restart test web server to make sure it actually started

   The mysql option is only needed if you have mysql installed.
   Be sure to specify building shared libraries or you'll end up with useless static libraries.

6. Next build php, and install it as root. Make sure you have a working httpd.conf before installing php, because it will modify your httpd.conf file.

   make clean make su make install make install-modules (optional) libtool --finish /home/tjnelson/php/php-5.2.1/libs

   The 'make install' command should say something about libphp5.so, and not libphp5.a. Shared (.so) libraries are needed to interface with apache.

On some computers, php installation hangs during the "make install" command during PEAR installation. If you don't need pear, this problem can be solved by editing the php makefile and removing "install-pear" from the line that starts with "install_targets".

By default it installs php in /usr/local/bin. You need to find and get rid of any old versions of php (e.g., in /usr/bin). If you make a mistake and start compiling with the wrong options, be sure to type "make clean" before running make a second time. Also, don't add too many options to php or it will prevent apache from compiling. (It may even prevent 'configure' from working.)

Next copy php.ini-dist to the appropriate place (normally /etc/php.ini or /usr/local/lib/php.ini) and edit it as necessary to set PHP options. The most common option is to allow uploads. This is essential for applications like squirrelmail. If uploads are not allowed, or the maximum filesize is too small, squirrelmail will allow incoming mail but silently drop outgoing mail with no warning and no messages to any logfile. It can be a royal pain to find this problem.

ln -s /etc/php.ini /usr/local/lib/php.ini

file_uploads = On ;upload_tmp_dir = upload_max_filesize = 200M

STEP 4: Install Apache

Un-mangle the documentation filenames so you can read the documentation:

cd htdocs/manual mmv -r "*.html.en" "#1.html" mmv -r "*.html.html" "#1.html"

1. Enabling Proxy in Apache: If your server is well protected from the Internet, you can activate the http proxy feature in Apache by adding

   --enable-proxy

   to the configure command. (note: it used to be called "--enable-module=proxy", but this seems not to work anymore. If in doubt whether the option is enabled, look at config.log). If you use modules, there needs to be a "LoadModule" line in your httpd.conf file. (This is done automatically by the make install script unless it finds a pre-existing httpd.conf file).
   
   Then make the appropriate changes to your /etc/httpd/httpd.conf file as shown below. If the server is exposed to the Internet, you will eventually get hit with spammers and people trying to access porn. The documentation states that adding the following to your httpd.conf will prevent these attacks:

   <Directory proxy:*> Order Deny,Allow Deny from all Allow from yournetwork.example.com </Directory>

   However, in my experience, this doesn't always work. If you want secure proxying, you're better off with a full-featured proxy like squid.

2. Compile apache
   Run 'configure' and 'make'.

   cd /home/tjnelson/apache/httpd-2.0.50 ./configure --enable-module=so \ --with-apxs2=/usr/local/apache2/bin/apxs \ --enable-ssl --enable-includes --sysconfdir=/etc/httpd \ --enable-proxy (optional) make

   Many other options are available. Unfortunately, they are poorly documented. You can find a few by typing configure --help. The only way I know of to find the rest of them is by reading the configure file.
3. Check httpd before installing it. This will ensure that the desired modules are included and that it can find its libraries:

   make ldd ./src/httpd

   It should say something like

   libpam.so.0 => /lib/libpam.so.0 (0x40028000) libcrypt.so.1 => /lib/libcrypt.so.1 (0x40031000) libresolv.so.2 => /lib/libresolv.so.2 (0x40064000) libm.so.6 => /lib/libm.so.6 (0x40075000) libdl.so.2 => /lib/libdl.so.2 (0x40099000) libnsl.so.1 => /lib/libnsl.so.1 (0x4009d000) libexpat.so.0 => /usr/lib/libexpat.so.0 (0x400b3000) libc.so.6 => /lib/libc.so.6 (0x400d5000) /lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x40000000)

   In Apache 2, the httpd in the top directory is just a script, but the commands are similar to Apache 1.x:

   ldd ./.libs/httpd libssl.so.0.9.6 => /usr/lib/libssl.so.0.9.6 (0x40029000) libcrypto.so.0.9.6 => /usr/lib/libcrypto.so.0.9.6 (0x40057000) libaprutil-0.so.0 => /usr/local/apache2/lib/libaprutil-0.so.0 (0x40115000) libgdbm.so.2 => /usr/lib/libgdbm.so.2 (0x4012b000) libdb-4.0.so => /usr/lib/libdb-4.0.so (0x40133000) libexpat.so.0 => /usr/lib/libexpat.so.0 (0x401cb000) libapr-0.so.0 => /usr/local/apache2/lib/libapr-0.so.0 (0x401ed000) librt.so.1 => /lib/librt.so.1 (0x4020d000) libm.so.6 => /lib/libm.so.6 (0x4021f000) libcrypt.so.1 => /lib/libcrypt.so.1 (0x40242000) libnsl.so.1 => /lib/libnsl.so.1 (0x40276000) libdl.so.2 => /lib/libdl.so.2 (0x4028c000) libpthread.so.0 => /lib/libpthread.so.0 (0x40290000) libc.so.6 => /lib/libc.so.6 (0x402a6000) /lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x40000000) ./httpd -l Compiled in modules: core.c mod_access.c mod_auth.c mod_include.c mod_log_config.c mod_env.c mod_setenvif.c mod_proxy.c proxy_connect.c proxy_ftp.c proxy_http.c mod_ssl.c prefork.c http_core.c mod_mime.c mod_status.c mod_autoindex.c mod_asis.c mod_cgi.c mod_negotiation.c mod_dir.c mod_imap.c mod_actions.c mod_userdir.c mod_alias.c mod_so.c

   Notice that mod_php is not listed because it's not compiled into apache.

4. Install apache and set up configuration file

   Remove /usr/local/apache/conf/, /usr/local/apache2/conf/, and /etc/httpd/ if they exist so Apache creates a new one. It is much easier to edit a working httpd.conf than to modify a non-working one. Note that "--sysconfdir=/etc/httpd" will prevent it from creating a conf file if one already exists in the /etc/httpd directory.

   su mv /etc/httpd /etc/httpd.bak mv /usr/local/apache/conf /usr/local/apache/conf.bak mv /usr/local/apache2/conf /usr/local/apache2/conf.bak make install

   Apache 2.0 installs in /usr/local/apache2/bin, /usr/local/apache2/lib, etc.

   Edit httpd.conf:

   • Change the default port from 8080 to 80.
   • Set the correct document root so it points to your Web pages

     DocumentRoot "/usr/local/httpd/htdocs"

     (This must be done in two places)
   • Change the user from nobody to wwwrun
   • Enable proxy if desired

     ProxyRequests On <Directory proxy:*> Order deny,allow Deny from all Allow from .my_hostname.com </Directory> ProxyVia On

   • Add access controls if desired
   • Remove any lines that refer to php3 or php4. These often cause problems.
   • Enable FollowSymlinks in /etc/httpd/httpd.conf or /usr/local/apache/conf/httpd.conf if there are links in the path of any html files. Make sure apache has execute permission in user's home directories if files are located there (i.e., permissions in /home should be 711), or you will get "Forbidden You don't have permission to access x on this server" when a browser tries to follow a symlink.
   • Add the following at the end, if the php installation script didn't already add them:

     LoadModule php5_module modules/libphp5.so # or, for some systems: # LoadModule php5_module /usr/local/apache/libexec/libphp5.so # This line is necessary to allow inline php statements in your # html pages. AddType application/x-httpd-php .php .htm .html #AddType application/x-httpd-php .php4 AddType application/x-httpd-php-source .phps AddHandler php5-script php DirectoryIndex index.html index.php AddType text/html php AddType application/x-httpd-php-source phps

     The installation script for php5 should add the appropriate php5 lines automatically. However, it doesn't remove the php4 lines if they're present. These should be removed manually, because loading two different versions of php simultaneously is a frequent source of problems and php crashes.
5. Start apache

   Make a link at /usr/local/apache2/conf/, if it exists, so there's no doubt as to which httpd.conf it will use.

   ln -s /etc/httpd/httpd.conf /usr/local/apache2/conf/httpd.conf

   Stop the currently-running httpd (by typing "/etc/rc.d/apache stop") and start the new one:

   cd /etc/rc.d ./apache stop /usr/local/apache/bin/apachectl start

   Make sure it's running on port 80 and not 8080:

   netstat -na | grep 80 tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN

   Make sure the correct version is running:

   ps -aux | grep http root 21194 0.0 0.3 3988 1868 ? S Sep18 0:00 /usr/local/apache/bin/httpd wwwrun 21197 0.0 0.3 4068 2016 ? S Sep18 0:00 /usr/local/apache/bin/httpd

   Copy the new startup script to /etc/rc.d (or edit the old script)

   cd /etc/rc.d mv apache apache.bak cp /usr/local/apache2/bin/apachectl /etc/rc.d/apache2

6. Test apache and php
   1. Test with a browser to see if you can reach "http://localhost" and "http://localhost/manual". Create a file called "test.php" in the htdocs directory containing the line:

      <? phpinfo(); ?>

      It should be:

      -rw-r--r-- 1 root root 17 Sep 18 21:29 test.php

   2. Copy your html files into the htdocs directory and see if you can reach "http://yoursite.com/test.php". It should print a purple PHP page showing the current version of php and current setup, showing today as the build date. This may take a couple of tries -- for example, it may work with "myhost.somewhere.org" but not with "localhost/test.php".
      Now copy your html files to /usr/local/apache/htdocs.
   3. Install the new startup script:

      mv /etc/rc.d/apache /etc/rc.d/apache.bak cp /usr/local/apache/bin/apachectl /etc/rc.d/apache

      One annoyance with apache is that if there's a problem in your httpd.conf file, quite often it will simply say

      ./apachectl start: httpd could not be started

      giving you no clue what the problem is.
   4. If you have other servers: lather, rinse, repeat.

Problems

1. Blank screen

   Users see a blank screen or unprocessed php directives when viewing any php page, including test.php.
   Solution: Check the apache logs (error_log). One possibility is that php is crashing. The first line in the log below shows that PHP is configured correctly. The second line shows that it's crashing.

   Apache/2.0.48 (Unix) mod_ssl/2.0.48 OpenSSL/0.9.7c PHP/4.3.1 PHP/5.0.3 configured -- resuming normal operations [notice] child pid 2257 exit signal Segmentation fault (11)

   One solution is to recompile and reinstall php. Another reason php may crash is that your httpd.conf file contains references to both php4 and php5. If you try to load both versions, it will crash. It's also important to remove any pre-existing versions of php that may be on your system, e.g.:

   mv /usr/bin/php /usr/bin/php.bak ln -s /usr/local/bin/php /usr/bin/php

   to make sure the system is using the correct one.
   
   Additional troubleshooting steps
   
   To troubleshoot php, it is necessary to trick it into printing error messages.

   • The easiest way to know whether apache has loaded the php module is to include the "LoadModule" line twice. It should say:

     [warn] module php5_module is already loaded, skipping

   • Click "View page source" to find out whether Apache is interpreting the php. If the php source code is visible, it means Apache is not translating the php. If you get an empty HTML file (<HTML><body></body></html>) it is bad news. The php website does not acknowledge this problem, even though it seems to be very widespread. Typically there are no error messages regardless of the settings in php.ini, and all php pages produce a white blank page and nothing else. The problem is that no error messages are produced, making it quite difficult to diagnose. The blank page problem will sometimes occur on one computer but not another.
   • From the command line, go to the htdocs directory and type

     php test.php

     
     On a computer in which php is properly set up, this should print several pages of text. On a computer that has the blank screen problem, you will get something like this:

     Fatal error: Call to undefined function phpinfo() in /usr/local/apache2/htdocs/test.php on line 1

     Finally, a real error message. This message means that either the wrong php is being executed, or that php is using an old library somewhere that doesn't have the phpinfo function. You have to find this library and eliminate it.
   • Well, this is as far as I have gotten so far with this bug.
2. Pages not being rendered in Unicode.
   Be sure to comment out the default charset in httpd.conf; otherwise, pages will appear in 8859-1 (Western) characters even when the user's browser is set to Auto-Detect.

   #AddDefaultCharset ISO-8859-1

3. Compilation error in apache.
   

   ssl_engine_pphrase.c: In function 'ssl_pphrase_Handle_CB': ssl_engine_pphrase.c:683: error: 'PEM_F_DEF_CALLBACK' undeclared \ (first use in this function)

   Edit ./modules/ssl/ssl_engine_pphrase.c and change all occurrences of PEM_F_DEF_CALLBACK to PEM_F_PEM_DEF_CALLBACK.
4. Apache does not start up.
   

   API module structure `php5_module' in file /usr/lib64/apache2/libphp5.so \ is garbled - perhaps this is not an Apache module DSO?

   This means you have to compile php and apache2 again, using a different apxs2 script. This script might be called apxs or apxs2. In this case, it happened to be called apxs, but was actually apxs2.

   cd; cd apache/httpd-2.0.50 find . | grep apxs su cp ./support/apxs /usr/sbin/apxs chmod a+x /usr/sbin/apxs exit cd; cd php/php-5.2.1 ./configure --with-apxs2=/usr/sbin/apxs \ --with-apache2=/home/tjnelson/apache/httpd-2.0.50 \ --enable-shared make clean make su make install libtool --finish /home/tjnelson/php/php-5.2.1/libs make install (It gives a more informative message the second time.) exit cd; cd apache/httpd-2.0.50 ./configure --enable-module=so --with-apxs2=/usr/sbin/apxs \ --enable-ssl --enable-includes --sysconfdir=/etc/httpd make clean make su make install exit cd; cd php/php-5.2.1 find . | grep libphp5.so cp /usr/lib64/apache2/libphp5.so /usr/lib64/apache2/libphp5.so.bak cp ./libs/libphp5.so /usr/lib64/apache2/libphp5.so exit

Enabling server-side includes (SSIs) in Apache

This section has been moved to linuxsetup116.html.

---

Back