Originally Published: Friday, 10 November 2000 Author: Paul Summers
Published to: enhance_articles_sysadmin/Sysadmin Page: 1/1 - [Printable]

Installing and Configuring: MySQL, Apache with SSL, PHP, and mod_perl

Paul Summers joins the sysadmin team with this new piece on installing and configuring MySQL, Apache with SSL, PHP and mod_perl. I can't tell you how often I see questions about these features on our IRC network. Ask no more. Paul, lead the way!

   Page 1 of 1  

The first thing you'll need is fairly obvious. A box of some form running a GNU/Linux flavor of some sort (Or BSD, Solaris, etc). Fortunately, there are lots of boxes laying around in most educational and business environments running this weird thing called windows that are perfect candidates for such liberations.

So, from this point forward, we'll assume you have a x86 computer running Debian GNU/Linux. We'll also assume you have a basic understanding of how to use a UNIX shell, and that you have superuser access to the machine. Everything in this example can be done remotely via ssh or telnet as well as locally from the machine console.

Step 1:

First off, you will want to set up a directory structure to install and compile everything. Some people use the standard locations when installing everything. If you're only running a few machines, or only one OS, there's nothing wrong with this. You can install everything in /usr/bin or /usr/local/bin or /export/home/web or wherever your OS of choice decides to put things.

Experience has shown me that using one general directory scheme for commonly messed with things (namely apache as I'm always adding vhosts and the like) is a good thing™. This way, I don't have to go hunting around for things and trying to remember each and every OS's directory scheme. So, when I'm setting up a new box for apache and mysql, I use /usr/www/ for apache's root directory, and /usr/db/ for mysql. So we do this:

# mkdir /usr/www
followed by:
# mkdir /usr/db
It's also a good idea to set up directories for everything we're going to build into apache. Keeps things tidy.
# mkdir /usr/www/php
# mkdir /usr/www/mod_ssl
# mkdir /usr/www/openssl
# mkdir /usr/www/mm
# mkdir /usr/www/logs

Now that we have our directory structure, we should set up user accounts to own these directories. Running daemons like apache or mysql as root is generally not a good idea. Now, mysql's build scripts create user accounts for itself, so all we have to deal with is apache. Add a user account www with whatever adduser utility you might prefer. Or, you can just add the entries right into /etc/passwd. I also create a www group for the www user to make things simple for future group-based permissions and the like. Under debian you'd do this:

# adduser
which would give you the standard adduser options:
Enter username to add: www Adding user www... Adding new group www (1002). Adding new user www (1002) with group www. Creating directory /home/www. Copying files from /etc/skel Enter new UNIX password: Retype new UNIX password: Changing user information for www . . . You can then edit /etc/passwd to disable logins for the www account. This is usually done by replacing the shell specification with something like /sbin/nologin. which is basically just a simple shell script that echos something like "Sorry, this account is disabled."

Now it's time to grab the source for the software you want to install. Assuming you have wget installed, it's quick and easy to grab it. If not, you can visit the mysql.com and apache.org web sites and get the source via http or ftp. However, if you have wget, you can do things the easy way. (If you don't, apt-get install wget under Debian)

# cd /usr/db
# wget http://www.mysql.com/Downloads/MySQL-3.22/mysql-3.22.32.tar.gz
# cd /usr/www
# wget http://httpd.apache.org/dist/apache_1.3.14.tar.gz
# wget http://perl.apache.org/dist/mod_perl-1.24.tar.gz
# wget "http://www.php.net/do_download.php?download_file=php-4.0.3pl1.tar.gz&source_site=www.php.net"
(note the quotes around the url due to the screwy download string for this one.)
# wget http://www.openssl.org/source/openssl-0.9.6.tar.gz
# wget http://www.modssl.org/source/mod_ssl-2.7.1-1.3.14.tar.gz
# wget http://www.engelschall.com/sw/mm/mm-1.1.3.tar.gz

Now, you can gunzip and untar the source.

# gunzip /usr/db/mysql-3.22.32.tar.gz
# gunzip /usr/www/apache_1.3.14.tar.gz
# gunzip /usr/www/openssl-0.9.6.tar.gz
# gunzip /usr/www/mod_ssl-2.7.1-1.3.14.tar.gz
# gunzip /usr/www/mm-1.1.3.tar.gz
# gunzip /usr/www/php-4.0.3pl1.tar.gz
# gunzip /usr/www/mod_perl-1.24.tar.gz
# cd /usr/db
# tar -xf mysql-3.22.32.tar
# cd /usr/www
# tar -xf apache_1.3.14.tar
# tar -xf openssl-0.9.6.tar.gz
# tar -xf mod_ssl-2.7.1-1.3.14.tar.gz
# tar -xf mm-1.1.3.tar
# tar -xf php-4.0.3pl1.tar.gz
# tar -xf mod_perl-1.24.tar.gz

Now, you can get rid of the source tarballs.

# rm /usr/db/mysql-3.22.32.tar
# rm /usr/www/*.tar

At this point, you can begin the build of MySQL. First, change to the source directory.
# cd /usr/db/mysql-3.22.32/

Now configure the source to build on your system. Note the directory location.
# configure --prefix=/usr/db

The configuration script will now check your system and attempt to configure the MySQL makefile for it. Assuming it doesn't run into any problems, it should complete without errors. Now you are ready to build the mysql source. How long the build takes will vary depending on your system, but it will usually grind away for anywhere between 3-15 minutes.
# make

The last output you should see will be something like:

make[2]: Leaving directory `/usr/db/mysql-3.22.32/support-files'
make[2]: Entering directory `/usr/db/mysql-3.22.32'
make[2]: Leaving directory `/usr/db/mysql-3.22.32/support-files'
make[1]: Leaving directory `/usr/db/mysql-3.22.32'

You can now begin the install of MySQL.
# make install

This will exit with a similar syntax, and you should now have the full MySQL directory structure in /usr/db/.

Now you'll want to install the MySQL database. While in /usr/db/mysql-3.22.32/.
# cd scripts
# make install
# chmod +x mysql_install_db.sh
# ./mysql_install_db.sh

Now remove the executable permission from the install db script.
# chmod -x mysql_install_db.sh

Now, you can start up the MySQL server and set a root password for the MySQL server:
# cd /usr/db/bin
# ./safe_mysqld &
# ./mysqladmin -u root password 'new-password'

If you use the mysql binaries often, you may want to add /usr/db/bin to your shell path variable. Now you can test out your MySQL server and make sure all is working properly.

# mysql --user=root -p

You should see something like:

# mysql --user=root -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 2 to server version: 3.22.32
mysql>
mysql> status
--------------
mysql Ver 9.38 Distrib 3.22.32, for pc-linux-gnu (i686)

Connection id: 2
Current database:
Current user: root@localhost
Server version 3.22.32
Protocol version 10
Connection Localhost via UNIX socket
UNIX socket /tmp/mysql.sock
Uptime: 3 min 27 sec

Threads: 1 Questions: 15 Slow queries: 0 Opens: 7 Flush tables: 1 Open tables: 3
--------------

mysql>

Step 2:

Now we move on to building all of the SSL software. Unlike PHP and mod_perl, mod_ssl is built directly into the Apache server, instead of running as a module. The first thing to do is install MM, the Shared Memory Library. Change to the mm source directory:

# cd /usr/www/mm-1.1.3

Then, configure the makefile:

# ./configure --prefix=/usr/www/mm

Now, build the source:

# make

Once built, test the build:

# make test

You should get a confirmation: "OK - ALL TESTS SUCCESSFULLY PASSED." Finally, install the files:

# make install

Step 3:

Now we build OpenSSL. First, change to the OpenSSL source directory:

# cd /usr/www/openssl-0.9.6

Now run the config script:

# ./config --prefix=/usr/www --openssldir=/usr/www/openssl

Then build it:

# make

Then test it:

# make test

And install it:

# make install

Step 4:

You're getting there. All that is left to do is build and install PHP and mod_perl, configure Apache, and start the server. Now we will build mod_ssl. Change to the mod_ssl source directory:

# cd /usr/www/mod_ssl-2.7.1-1.3.14

Now, you'll want to specify the options needed to configure the Makefile. If you already have a signer SSL certificate, specify it's location and key database in the config line. If not, you can generate/add them later. Note the prefix option, as well as the others. This configure line will enable the rewrite module, the speling module, and the DSO module.:

# ./configure --with-apache=/usr/www/apache_1.3.14 --with-ssl=/usr/www/openssl-0.9.6 --with-mm=/usr/www/mm [--with-crt=/path/to/server.cft] [--with-key=/path/to/server.key] --prefix=/usr/www --enable-shared=ssl --prefix=/usr/www --enable-module=rewrite --enable-shared=rewrite --enable-module=speling --enable-module=so

Once configured, you'll want to build the source. However, this is done in Apache's source directory. Change to that directory:

# cd /usr/www/apache_1.3.14

Now build the source. Again, the time it takes to compile will vary between systems. It usually takes less then 10 minutes.

# make

make will terminate with something like:

make[2]: Leaving directory `/usr/www/apache_1.3.14/src/support'
<=== src/support
make[1]: Leaving directory `/usr/www/apache_1.3.14'
<=== src

Then, make a certificate. You will be prompted for the information needed to make a self-signed certificate, which you can use in place of a signer certificate, or for development until you get one.

# make certificate

Finally, install the server.

# make install

When finished, you'll be given a message confirming the installation. Do not follow its instructions with regard to starting the server. Now the real fun starts, and we begin installing modules to take care of the other services we want.

Step 5:

Now we install PHP into Apache. First, move to the source directory.

# cd /usr/www/php-4.0.3pl1

Now, configure the Makefile. Using this string, we will enable mySQL support, and use Apache's DSO module to interface. As well, we specify where Apache's APXS script is, and where we want to dump the PHP files. You'll want to make sure you have flex installed before doing this, as the configure script seems to like it.

# ./configure --prefix=/usr/www/php --with-mysql --with-apxs=/usr/www/bin/apxs

The configure script should finish without error, and warn you about using built-in MySQL support. So long as you aren't using any other server modules which play with MySQL, you should be fine. Else, you may want to recompile Apache with mod_auth_mysql enabled. Now we build the source.

# make

The compile should complete without error, and will take around 10 minutes on the average system. Now, install the built source.

# make install

Once installed, you can verify the module has been loaded by inspecting /usr/www/conf/httpd.conf. You should have:

LoadModule php4_module libexec/libphp4.so
AddModule mod_php4.c

in the DSO section of the file. Also, you should uncomment the following lines:

#AddType application/x-httpd-php .php
#AddType application/x-httpd-php-source .phps

Step 6:

Now we install mod_perl into Apache. First, move to the source directory. Be sure that you have perl installed.

# cd /usr/www/mod_perl-1.24

Now build mod_perl. Note that you must have perl installed to do this. We want to use Apache's AXPS to auto-magically integrate mod_perl into the server, so...

# perl Makefile.PL NO_HTTPD=1 USE_APXS=1 WITH_APXS=/usr/www/bin/apxs APACHE_PREFIX=/usr/www

Note that this will build the base mod_perl. If you want some of the extra spiffy features enabled like PerlSSI and so forth, read the installation file and enable them by adding them to the makefile string. For example, # perl Makefile.PL NO_HTTPD=1 USE_APXS=/usr/www/bin/apxs PERL_SSI=1 would turn on PerlSSI.

Once configured, you can make and install mod_perl. If you get a warning about perl being linked against libgdbm, you can get away with symlinking; ln -s/usr/lib/libgdbm.so.1.7.3 /usr/lib/libgdbm.so and re-running the configure script should fix it. You may also wish to apt-get install libwww-perl.

# make

Once the compile is done, you can run # make test to make sure everything works, but if the compile finished without error, you can usually get away with skipping it and installing mod_perl.

# make install

Once installed, you can verify the module has been loaded by inspecting /usr/www/conf/httpd.conf. You should have:

LoadModule perl_module libexec/libperl.so
AddModule mod_perl.c

To keep things tidy, you can symlink the build directory to something less verbose.

# ln -s /usr/www/mod_perl-1.24 /usr/www/mod_perl

Step 7:

Now you'll want to configure Apache by editing the /usr/www/conf/httpd.conf file. Instead of go through the file step by step, I have included a slimmed down version (less the descriptions) here, with my own comments added in. This should successfully allow apache to start. So, crank up your favorite editor, and make httpd.conf look like this. :)

# vim /usr/www/conf/httpd.conf

##
## httpd.conf -- Apache HTTP server configuration file
##

ServerType standalone
ServerRoot "/usr/www"

#LockFile /var/run/apache.lock

PidFile /var/run/apache.pid
ScoreBoardFile /var/run/apache.scoreboard
ResourceConfig /dev/null
AccessConfig /dev/null

Timeout 300
KeepAlive On

MaxKeepAliveRequests 100
KeepAliveTimeout 15
MinSpareServers 5
MaxSpareServers 10
StartServers 5
MaxClients 256

MaxRequestsPerChild 0

#BindAddress *

# Dynamic Shared Object (DSO) Support

LoadModule vhost_alias_module libexec/mod_vhost_alias.so
LoadModule env_module libexec/mod_env.so
LoadModule define_module libexec/mod_define.so
LoadModule config_log_module libexec/mod_log_config.so
LoadModule mime_magic_module libexec/mod_mime_magic.so
LoadModule mime_module libexec/mod_mime.so
LoadModule negotiation_module libexec/mod_negotiation.so
LoadModule status_module libexec/mod_status.so
LoadModule info_module libexec/mod_info.so
LoadModule includes_module libexec/mod_include.so
LoadModule autoindex_module libexec/mod_autoindex.so
LoadModule dir_module libexec/mod_dir.so
LoadModule cgi_module libexec/mod_cgi.so
LoadModule asis_module libexec/mod_asis.so
LoadModule imap_module libexec/mod_imap.so
LoadModule action_module libexec/mod_actions.so
LoadModule speling_module libexec/mod_speling.so
LoadModule userdir_module libexec/mod_userdir.so
LoadModule alias_module libexec/mod_alias.so
LoadModule rewrite_module libexec/mod_rewrite.so
LoadModule access_module libexec/mod_access.so
LoadModule auth_module libexec/mod_auth.so
LoadModule anon_auth_module libexec/mod_auth_anon.so
LoadModule db_auth_module libexec/mod_auth_db.so
LoadModule digest_module libexec/mod_digest.so
LoadModule proxy_module libexec/libproxy.so
LoadModule cern_meta_module libexec/mod_cern_meta.so
LoadModule expires_module libexec/mod_expires.so
LoadModule headers_module libexec/mod_headers.so
LoadModule usertrack_module libexec/mod_usertrack.so
LoadModule unique_id_module libexec/mod_unique_id.so
LoadModule setenvif_module libexec/mod_setenvif.so
# Mod_Perl
LoadModule perl_module libexec/libperl.so
# PHP4
LoadModule php4_module libexec/libphp4.so
<IfDefine SSL>
LoadModule ssl_module libexec/libssl.so
</IfDefine>

# Reconstruction of the complete module list from all available modules
# (static and shared ones) to achieve correct module execution order.
# [WHENEVER YOU CHANGE THE LOADMODULE SECTION ABOVE UPDATE THIS, TOO]
ClearModuleList
AddModule mod_vhost_alias.c
AddModule mod_env.c
AddModule mod_define.c
AddModule mod_log_config.c
AddModule mod_mime_magic.c
AddModule mod_mime.c
AddModule mod_negotiation.c
AddModule mod_status.c
AddModule mod_info.c
AddModule mod_include.c
AddModule mod_autoindex.c
AddModule mod_dir.c
AddModule mod_cgi.c
AddModule mod_asis.c
AddModule mod_imap.c
AddModule mod_actions.c
AddModule mod_speling.c
AddModule mod_userdir.c
AddModule mod_alias.c
AddModule mod_rewrite.c
AddModule mod_access.c
AddModule mod_auth.c
AddModule mod_auth_anon.c
AddModule mod_auth_db.c
AddModule mod_digest.c
AddModule mod_proxy.c
AddModule mod_cern_meta.c
AddModule mod_expires.c
AddModule mod_headers.c
AddModule mod_usertrack.c
AddModule mod_unique_id.c
AddModule mod_so.c
AddModule mod_setenvif.c
AddModule mod_perl.c
AddModule mod_php4.c
<IfDefine SSL>
AddModule mod_ssl.c
</IfDefine>

#ExtendedStatus On

Port 80


## SSL Support

<IfDefine SSL>
Listen 80
Listen 443
</IfDefine>

#User nobody
#Group nobody
User www
Group www

ServerAdmin you@host.com
ServerName host.com

DocumentRoot "/usr/www/htdocs"

#<Directory />
# Options FollowSymLinks
# AllowOverride None
#</Directory>

<Directory "/usr/www/htdocs">
Options All MultiViews
AllowOverride All
Order allow,deny
Allow from all
Deny from lus3r.haxX0r.org
</Directory>

UserDir public_html

DirectoryIndex index.html index.shtml index.htm index.pl index.cgi index.phtml index.php


AccessFileName .htaccess

<Files ~ "^\.ht">
Order allow,deny
Deny from all
</Files>

#CacheNegotiatedDocs
UseCanonicalName On

TypesConfig /usr/www/conf/mime.types

DefaultType text/plain

<IfModule mod_mime_magic.c>
MIMEMagicFile /usr/www/conf/magic
</IfModule>

HostnameLookups Off

ErrorLog /usr/www/logs/errors.log
LogLevel warn

LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent

#CustomLog /var/log/apache_access_log common
#CustomLog /var/log/apache_referer_log referer
#CustomLog /var/log/apache_agent_log agent
CustomLog /usr/www/logs/apache.access.log combined

ServerSignature Email

Alias /icons/ "/usr/www/htdocs/icons/"

<Directory "/usr/www/htdocs/icons">
Options Indexes MultiViews
AllowOverride None
Order allow,deny
Allow from all
</Directory>

ScriptAlias /cgi-bin/ "/usr/www/htdocs/cgi-bin/"

<Directory "/usr/www/htdocs/cgi-bin">
AllowOverride None
Options None
Order allow,deny
Allow from all
</Directory>

IndexOptions FancyIndexing

AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip

AddIconByType (TXT,/icons/text.gif) text/*
AddIconByType (IMG,/icons/image2.gif) image/*
AddIconByType (SND,/icons/sound2.gif) audio/*
AddIconByType (VID,/icons/movie.gif) video/*

AddIcon /icons/binary.gif .bin .exe
AddIcon /icons/binhex.gif .hqx
AddIcon /icons/tar.gif .tar
AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv
AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip
AddIcon /icons/a.gif .ps .ai .eps
AddIcon /icons/layout.gif .html .shtml .htm .pdf
AddIcon /icons/text.gif .txt
AddIcon /icons/c.gif .c
AddIcon /icons/p.gif .pl .py
AddIcon /icons/f.gif .for
AddIcon /icons/dvi.gif .dvi
AddIcon /icons/uuencoded.gif .uu
AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl
AddIcon /icons/tex.gif .tex
AddIcon /icons/bomb.gif core

AddIcon /icons/back.gif ..
AddIcon /icons/hand.right.gif README
AddIcon /icons/folder.gif ^^DIRECTORY^^
AddIcon /icons/blank.gif ^^BLANKICON^^

DefaultIcon /icons/unknown.gif

AddDescription "GZIP compressed document" .gz
AddDescription "tar archive" .tar
AddDescription "GZIP compressed tar archive" .tgz

ReadmeName README
HeaderName HEADER

IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t

AddEncoding x-compress Z
AddEncoding x-gzip gz tgz

AddLanguage da .dk
AddLanguage nl .nl
AddLanguage en .en
AddLanguage et .ee
AddLanguage fr .fr
AddLanguage de .de
AddLanguage el .el
AddLanguage it .it
AddLanguage pt .pt
AddLanguage ltz .lu
AddLanguage ca .ca
AddLanguage es .es
AddLanguage sv .se
AddLanguage cz .cz

LanguagePriority en da nl et fr de el it pt ltz ca es sv

# And for PHP 4.x, use:
#
AddType application/x-httpd-php .php
AddType application/x-httpd-php-source .phps

AddType application/x-tar .tgz

AddHandler cgi-script .cgi

AddType text/html .shtml
AddHandler server-parsed .shtml

#AddHandler send-as-is asis
#AddHandler imap-file map
#AddHandler type-map var
#MetaDir .web
#MetaSuffix .meta

XBitHack full
CheckSpelling on

BrowserMatch "Mozilla/2" nokeepalive
BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
BrowserMatch "RealPlayer 4\.0" force-response-1.0
BrowserMatch "Java/1\.0" force-response-1.0
BrowserMatch "JDK/1\.0" force-response-1.0

<Location /server-status>
SetHandler server-status
Order deny,allow
Deny from all
Allow from localhost
</Location>

<Location /server-info>
SetHandler server-info
Order deny,allow
Deny from all
Allow from localhost
</Location>

PerlModule Apache::Registry

<Location /perl-bin>
SetHandler perl-script
PerlHandler Apache::Registry
Options ExecCGI
PerlSendHeader on
</Location>

<Files ~ "\.pshtml$">
SetHandler perl-script
PerlHandler Apache:SSI
</Files>

<Location /cgi-bin/phf*>
Deny from all
ErrorDocument 403 http://phf.apache.org/phf_abuse_log.cgi
</Location>

NameVirtualHost 127.0.0.1

## SSL Global Context
##
## All SSL configuration in this context applies both to
## the main server and all SSL-enabled virtual hosts.

# Some MIME-types for downloading Certificates and CRLs
<IfDefine SSL>
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
</IfDefine>

<IfModule mod_ssl.c>

SSLPassPhraseDialog builtin

#SSLSessionCache none
#SSLSessionCache shm:/var/run/apache_ssl_scache(512000)
SSLSessionCache dbm:/var/run/apache_ssl_scache
SSLSessionCacheTimeout 300

SSLMutex file:/var/run/apache_ssl_mutex

# Use Builtin for *BSD
#SSLRandomSeed startup builtin
#SSLRandomSeed connect builtin
SSLRandomSeed startup file:/dev/random 512
SSLRandomSeed startup file:/dev/urandom 512
SSLRandomSeed connect file:/dev/random 512
SSLRandomSeed connect file:/dev/urandom 512

SSLLog /var/log/apache_ssl_engine_log
SSLLogLevel info

</IfModule>

<IfDefine SSL>
#
## SSL Virtual Host Context
##

<VirtualHost 127.0.0.1:443>
DocumentRoot "/usr/www/htdocs"
ServerName secure.localhost.net
ServerAdmin you@host.com
ErrorLog /usr/www/logs/error.ssl.log
TransferLog /usr/www/logs/access.ssl.log
Options All MultiViews
IndexOptions FancyIndexing


SSLEngine on

#SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /usr/www/conf/ssl.crt/server.crt
#SSLCertificateFile /usr/www/conf/ssl.crt/server-dsa.crt
SSLCertificateKeyFile /usr/www/conf/ssl.key/server.key
#SSLCertificateKeyFile /usr/www/conf/ssl.key/server-dsa.key
#SSLCertificateChainFile /usr/www/conf/ssl.crt/ca.crt
#SSLCACertificatePath /usr/www/conf/ssl.crt
#SSLCACertificateFile /usr/www/conf/ssl.crt/ca-bundle.crt
#SSLCARevocationPath /usr/www/conf/ssl.crl
#SSLCARevocationFile /usr/www/conf/ssl.crl/ca-bundle.crl

#SSLVerifyClient require
#SSLVerifyDepth 10

#SSLOptions +FakeBasicAuth +ExportCertData +CompatEnvVars +StrictRequire
<Files ~ "\.(cgi|shtml)$">
SSLOptions +StdEnvVars
</Files>
<Directory "/usr/www/htdocs/cgi-bin">
SSLOptions +StdEnvVars
</Directory>

SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
CustomLog /var/log/apache_ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

</VirtualHost>

</IfDefine>

<VirtualHost 127.0.0.1:80>
ServerName host.com
Redirect / http://www.host.com/
</VirtualHost>

<VirtualHost 127.0.0.1:80>
ServerName www.host.com
DocumentRoot /usr/www/htdocs
SSLEngine off
Options All MultiViews
IndexOptions FancyIndexing
ServerAdmin you@host.com
ErrorLog /usr/www/logs/host.com.error.log
TransferLog /usr/www/logs/host.com.access.log
</VirtualHost>

Now, just fix the permissions on everything, and you should be ready to start.

# chown www /usr/www/*

# chown www /usr/www/*.*

# chown mysql /usr/db/*

# chown mysql /usr/db/*.*

That's It!

Now, just change to Apache's binary directory, and start it up!

# cd /usr/www/sbin

# ./apachectl startssl

You'll be promted for your SSL passphrase. Enter it, and the server will start right up. In theroy at least. If your server fails to start, check and double check the conf file, and be sure to take a look at the error_log. Most problems to do with this configuration are due to typos in the conf file, and not problems with the build of the server.

You should now be able to telnet to port 80 on the localhost machine, request the http header, and see something like this: Apache/1.3.14 (Unix) mod_ssl/2.7.1 OpenSSL/0.9.6 PHP/4.0.3 mod_perl/1.24 . Or, you can go to a site like netcraft and use their query utility on your machine's IP or hostname. You should also be able to connect to port 443 and try the https query. That's it, you now have a single Apache process which can serve both http and https requests, while parsing mod_perl and PHP4, while talking to a MySQL database. Cool, huh?





   Page 1 of 1