Differences between current version and predecessor to the previous major change of HowToApacheSSLPHPfp.
Other diffs: Previous Revision, Previous Author, or view the Annotated Edit History
| Newer page: | version 3 | Last edited on Thursday, October 21, 2004 5:05:31 pm | by AristotlePagaltzis | |
| Older page: | version 2 | Last edited on Friday, June 7, 2002 1:06:13 am | by perry | Revert |
@@ -1,563 +1 @@
-
-
-
-Linux Apache SSL PHP/FI frontpage mini-HOWTO
-
-
-
-----
-
-!!!Linux Apache SSL PHP/FI frontpage mini-HOWTO
-
-!!Marcus Faure,
-marcus@faure.dev1.1, July 1998
-
-
-----
-''This document is about building a __multipurpose webserver__ that will support dynamic web content via the __PHP/FI__ scripting language,
-secure transmission of data based on Netscape's __SSL__,
-secure execution of __CGI's__ and
-M$ __Frontpage Server Extensions__''
-----
-
-
-
-
-!!1. Introduction
-
-
-*1.1 Description of the components
-
-*1.2 Working configurations
-
-*1.3 History
-
-
-
-
-
-!!2. Component installation
-
-
-*2.1 Preparations
-
-*2.2 Adding PHP
-
-*2.3 Adding SSL
-
-*2.4 Adding frontpage
-
-
-
-
-
-!!3. Putting it all together
-
-
-*3.1 Apache modules to try
-
-*3.2 Giving CGI's more security
-
-*3.3 Compiling and installing the server daemon
-
-*3.4 Adding frontpage support to a web
-
-*3.5 Starting the daemon
-
-*3.6 Some considerations left
-
-*3.7 Known bugs
-
-*3.8 The final word
-
-----
-
-!!1. Introduction
-
-
-Before you start reading:
-I am not a native speaker, so there are probably spelling/grammatical errors
-in this document. Feel encouraged to inform me of mistakes.
-
-
-
-
-!!1.1 Description of the components
-
-
-
-The webserver you hopefully will get after having read this howto is composed
-of several parts, the original apache sources with some (well, many) patches
-and some external executables. I recommend using the software versions I
-tried, they will probably compile without greater problems and result in a
-fairly stable daemon. If you are courageous, you can try to compile all the
-latest-stuff-with-tons-of-new-features, but don't blame me if something
-fails ;-). However, you may report other working configurations to be included
-in future versions of this document. All of the steps were tested on a
-linux 2..35 box, so the howto is somewhat linux-specific, but you should be
-able to use it for other unixes as well.
-
-
-You do not necesserily have to compile in all components. I tried to structure
-this howto so that you can skip the parts you are not interested in.
-
-
-The document is neither a user manual to Apache, SSL, PHP/FI nor frontpage.
-Its prime intention is to save webservice providers some headaches when
-installing their server and to do my little contribution to the linux
-community.
-
-
-__PHP__ is a scripting language that supports dynamic HTML pages. It is a
-bit like Apache's SSI, but by far more complex and has database modules for
-many popular dbs. The GD libraries are needed by PHP.
-
-
-__SSL__ is an implementation of Netscape's Secure Socket Layer that allow
-secure connections over insecure networks, e.g. to transmit credit card
-numbers to web based forms.
-
-
-__frontpage__ is a wysiwyg web authoring tool that makes use of some
-server-specific extensions called webbots. Some people think frontpage is
-cool because you can create feedback forms and discussion webs without
-having to know a bit about html or cgi. It even protects the designer
-from uploading his/her site via ftp by using a builtin publisher. If you wish
-to support frontpage but do not like to setup a windows server, the apache
-server extensions are your choice.
-
-
-
-
-!!1.2 Working configurations
-
-
-
-Though this document has been downloaded some 100 times since I published
-it, I received only little feedback. In particular, noone told me of other
-working combinations. Combinations that work for me are:
-
-
-*Linux 2..31, Apache 1.2.4, PHP 2.., SSL .8., fp 98 3..3 (*)
-*
-
-*Linux 2..33, Apache 1.2.5, PHP 2..1, SSL .8., fp 98 3..3 (*)
-*
-
-*Linux 2..35, Apache 1.2.6, PHP 3, SSL .8., fp 98 3..4
-*
-
-(*) version 3..3 is
-not recommended
-
-
-
-
-!!1.3 History
-
-
-
-
-
-
-v0./Apr 98: Preview version
-
-
-v1./Jun 98: Now using Apache 1.2.6, updated fp section, minor corrections
-
-
-v1.1/Jul 98: Sgmlized and restructered version
-
-
-You can find the latest version of this document at
-http://www.faure.de
-
-
-----
-
-!!2. Component installation
-
-!!2.1 Preparations
-
-
-
-You will need:
-
-
-*Apache 1.2.6
-http://www.apache.org/dist/apache_1_2_6.tar.gz
-*
-
-*PHP/FI Extensions
-http://php.iquest.net/files/download.phtml?/files/php-2.01.tar.gz
-*
-
-*GD Library
-http://siva.cshl.org/gd/gd.html
-*
-
-*SSL .8.
-ftp://ftp.ox.ac.uk/pub/crypto/SSL/SSLeay-.8..tar.gz
-*
-
-*SSL patch for Apache 1.2.6
-ftp://ftp.ox.ac.uk/pub/crypto/SSL/apache_1.2.6+ssl_1.17.tar.gz
-*
-
-*frontpage 98 server extensions and install script
-http://www.rtr.com/fpsupport/download.htm
-*
-
-
-
-Get the sources you want. Untar apche, php, gd and ssl to
-/usr/src. Untar the SSL patch to /usr/src/apache_1.2.6.
-
-
-
-
-!!2.2 Adding PHP
-
-
-
-cd to /usr/src/gd1.2 and type make. This will build the GD
-library libgd.a, that should be copied to /usr/lib.
-Now cd to php-2..1 and run ./install.
-
-
-The relevant questions are:
-
-Would you like to compile PHP/FI as an Apache module?
[[yN
] y
-Are you compiling for an Apache 1.1 or later server? [[Yn] y
-Are you using Apache-Stronghold? [[yN] y
-Does your Apache server support ELF dynamic loading? [[yN] y
-Apache include directory (which has httpd.h)? [[/usr/local/include/apache] /usr/src/apache_1.2.6/src
-Would you like to build an ELF shared library? [[yN] y
-Additional directories to search for .h files [[]: /usr/src/gd1.2
-Would you like the bundled regex library? [[yN] n
-
-
-
-Like the frontpage extensions, phtml includes a security problem
-because it is run under the uid of the webserver. Be sure to turn on safe
-mode in src/php.h and restrict the search path to a save value. There are some
-other options in php.h you may want to edit. If you are very concerned
-about security, compile php as a cgi. However, this will be a performance
-loss and not as smart as the module version.
-
-
-Type make to build all files. When the compilation is done,
-copy mod_php.* and libphp.a to
-/usr/src/apache_1.2.6/src Add a line
-
-Module php_module mod_php.o
-
-to the end of /usr/src/apache_1.2.6/src/Configuration, add
-
--lphp -lm -lgdbm -lgd
-
-to the EXTRA_LIBS in the same file,
-
-application/x-httpd-php phtml
-
-to Apache's mime.types and
-
-!AddType application/x-httpd-php .phtml
-
-to Apache's srm.conf.
-
-
-You may also want to add index.phtml to !DirectoryIndex in
-that file so that a file index.phtml is automatically loaded when its
-directory is requested.
-
-
-
-
-!!2.3 Adding SSL
-
-
-
-cd /usr/src/SSL-.8.; ./Configure linux-elf; make; make rehash
-This will create libraries needed by apache. You may issue make test
-to verify the compilation.
-You have to apply a patch to apache. It is important that you apply it
-before the frontpage patch, otherwise frontpage will not work.
-cd to /usr/src/apache_1.2.6/src and issue
-patch < /usr/src/apache_1.2.6/SSLpatch.
-Set SSL_BASE=/usr/src/SSLeay-.8.0 in Configuration. Make
-sure that Module proxy_module is disabled otherwise Apache won't
-compile. If you are in need of a proxy, go for Squid
-http://squid.nlanr.net/
-
-Now make certificate to generate SSLconf/conf/httpsd.pem.
-
-
-
-
-!!2.4 Adding frontpage
-
-
-
-Rename the fp30.linux.tar.Z file to fp30.linux.tar.gz,
-otherwise the install script will not find it. Run ./fp_install
-to copy the extension files to /usr/local/frontpage. zcat can
-usually be invoked as /usr/bin/zcat.
-
-
-You now have to apply the FP patch. cd to
-/usr/src/apache_1.2.6/src and type
-patch < /usr/src/frontpage/version3./apache-fp/fp-patch-apache_1.2.5
-This will create the mod_frontpage.* files and do some modifications
-to Configuration etc. The 1.2.5 patch will work with both
-apache 1.2.5 and 1.2.6. Skip the part about installing webs, you can do
-that later
-
-
-
-----
-
-!!3. Putting it all together
-
-!!3.1 Apache modules to try
-
-
-
-The modules I use besides SSL, PHP and frontpage are:
-
-Module env_module mod_env.o
-Module config_log_module mod_log_config.o
-Module mime_module mod_mime.o
-Module negotiation_module mod_negotiation.o
-Module dir_module mod_dir.o
-Module cgi_module mod_cgi.o
-Module asis_module mod_asis.o
-Module imap_module mod_imap.o
-Module action_module mod_actions.o
-Module alias_module mod_alias.o
-Module rewrite_module mod_rewrite.o
-Module access_module mod_access.o
-Module auth_module mod_auth.o
-Module anon_auth_module mod_auth_anon.o
-Module digest_module mod_digest.o
-Module expires_module mod_expires.o
-Module headers_module mod_headers.o
-Module browser_module mod_browser.o
-
-
-
-
-
-!!3.2 Giving CGI's more security
-
-
-
-If you are an ISP (you probably are when you read this) you will
-want to improve security. The suexec utility allows you to do so; it will
-execute cgi's under the UID of the webowner instead of executing it
-under the webservers UID.
-Go to /usr/src/apache_1.2.6/support and make suexec.
-chmod 4711 suxec and copy it to the location specified in
-../src/httpd.h which is /usr/local/etc/httpd/sbin/suexec
-by default. If the path seems a little cryptic to you - it did to me - edit
-httpd.h and set the path to a more comfortable value.
-
-
-
-
-!!3.3 Compiling and installing the server daemon
-
-
-
-Enter /usr/src/apache_1.2.6/src and edit
-Configuration to set all the Modules you want to include in your
-Apache daemon. When done, run ./Configure and make. This is
-the last (and most complicated) compilation step, so cross your fingers. If it
-succeeds, cp httpsd to /usr/sbin. The daemon is somewhat
-big, consider this when assembling your webserver. Create the directory
-/var/httpd with subdirectories cgi-bin, conf,
-htdocs, icons, virt1, virt2 and
-logs. In /usr/src/apache_1.2.6/conf edit
-access.conf-dist, mime.types and srm.conf-dist
-to suit your needs and copy them to var/httpd/conf/access.conf,
-srm.conf and mime.types. Copy the httpsd.pem you
-created with make certificate to /var/httpd/conf. Use the
-following httpd.conf:
-
-!ServerType standalone
-Port 80
-Listen 80
-Listen 443
-User wwwrun
-Group wwwrun
-!ServerAdmin webmaster@yourhost.com
-!ServerRoot /var/httpd
-!ErrorLog logs/error_log
-!TransferLog logs/access_log
-!PidFile logs/httpd.pid
-!ServerName www.yourhost.com
-!MinSpareServers 3
-!MaxSpareServers 20
-!StartServers 3
-SSLCACertificatePath /var/httpd/conf
-SSLCACertificateFile /var/httpd/conf/httpsd.pem
-SSLCertificateFile /var/httpd/conf/httpsd.pem
-SSLLogFile /var/httpd/logs/ssl.log
-<!VirtualHost www.virt1.com>
-SSLDisable
-!ServerAdmin webmaster@virt1.com
-!DocumentRoot /var/httpd/virt1
-!ScriptAlias /cgi-bin/ /var/httpd/virt1/cgi-bin/
-!ServerName www.virt1.com
-!ErrorLog logs/virt1-error.log
-!TransferLog logs/virt1-access.log
-User virt1admin
-Group users
-</!VirtualHost>
-<!VirtualHost www.virt1.com:443>
-!ServerAdmin webmaster@virt1.com
-!DocumentRoot /var/httpd/virt1
-!ScriptAlias /cgi-bin/ /var/httpd/virt1/cgi-bin/
-!ServerName www.virt1.com
-!ErrorLog logs/virt1-ssl-error.log
-!TransferLog logs/virt1-ssl-access.log
-User virt1admin
-Group users
-SSLCACertificatePath /var/httpd/conf
-SSLCACertificateFile /var/httpd/conf/httpsd.pem
-SSLCertificateFile /var/httpd/conf/httpsd.pem
-SSLLogFile /var/httpd/logs/virt1-ssl.log
-SSLVerifyClient
-SSLFakeBasicAuth
-</!VirtualHost>
-<!VirtualHost www.virt2.com>
-SSLDisable
-!ServerAdmin webmaster@virt2.com
-!DocumentRoot /var/httpd/virt2
-!ScriptAlias /cgi-bin/ /var/httpd/virt2/cgi-bin/
-!ServerName www.virt2.com
-!ErrorLog logs/virt2-error.log
-!TransferLog logs/virt2-access.log
-</!VirtualHost>
-
-
-
-Depending on the modules compiled in, not all directives may be available.
-You can retrieve a list of available directives with httpsd -h.
-
-
-
-
-!!3.4 Adding frontpage support to a web
-
-
-
-Enter /usr/local/frontpage/version3./bin and load
-./fpsrvadm. Choose install and apache-fp. The next
-questions should be answered the following way:
-
-Enter server config filename: /var/httpd/conf/httpd.conf
-Enter host name for multi-hosting [[]: www.virt2.com
-Starting install, port: www.virt2.com:80, web: ""
-Enter user's name [[]: virt2admin
-Enter user's password:
-Confirm password:
-Creating root web
-Recalculate links for root web
-Install completed.
-
-
-
-The user name must be the unix login of the webowner. The password does not
-necessarily have to match the system password.
-You have to manually add sendmailcommand:/usr/sbin/sendmail %r
-to /usr/local/frontpage/www.virt2.com:80.conf, otherwise your users
-will not be able to send web-generated eMails.
-kill -HUP your httpsd to make fp reread its config. You can
-now access www.virt2.com with your frontpage client.
-
-
-Under some circumstances fpsrvadm complaints that a root web has
-to be installed first. This is pretty useless, but you should do so to silence
-fpsrvadm.
-
-
-
-
-!!3.5 Starting the daemon
-
-
-
-Start Apache with httpsd -f /var/httpd/conf/httpd.conf. You can
-now access www.virt1.com both through http and https which is pretty
-cool. Of course you have to pay for a real certificate if you want to offer
-webwide SSL or users might laugh at you.
-
-
-Copy one of the demo files from the php examples directory to virt1
-to test phtml.
-
-
-
-
-!!3.6 Some considerations left
-
-
-
-Do not use frontpage 97 extensions. They do not work, at least under
-Linux. When installing specific versions of the c++ libraries, they
-appear to work but your logs will soon fill with premature end of script
-headers and your mailbox will fill with complaints.
-Do not use frontpage 98 extensions before version 3..2.1330. Do not be
-confused, version numbers are somewhat inheterogenous. When telnetting
-to port 80, typing "get / http/1." and hitting return twice, you get a
-version number 3..4 for frontpage.
-
-
-
- You can find out the more specific version
-number by executing
-/usr/local/frontpage/currentversion/exes/_vti_bin/shtml.exe -version.
-Older versions have a nasty bug that requires httpd.conf to be writable
-by the gid of the webserver. This should make you scream if you are at all
-concerned about security.
-Versions since 3..2.1330 are more usable.
-
-
-
-
-!!3.7 Known bugs
-
-
-
-When touching Recalculate Links in the frontpage client, the server
-starts a process that consumes 99% cpu cycles and some 10 mb of memory. But
-even for medium-sized webs and fast machines, the client sometimes recieves
-a timeout message, though the calculation will be finished correctly. Inform
-frontpage users to be patient and not to hit Recalculate Links
-several times. Inform yourself to equip the server with at least 64MB.
-
-
-Please note that at the time of writing both SSL and frontpage work, but
-not at the same time, that means you can neither publish your web using ssl
-nor make use of the webbots through https. You can publish your web on
-port 80 and access it encrypted on port 443, but your counters etc. will be
-broken. I consider this a bug. This problem shall be fixed in SSL .9..
-
-
-
-
-!!3.8 The final word
-
-
-
-For those who think the title of this howto is nearly as long as the
-document: Did you ever listened to Meat Loaf?
-
-
-O.K. readers, you're done for today. Feel free to send me your feedback,
-eternal gratitude, flowers, ecash, cars, oil sources etc
.
-
-
-
-----
+Describe
[HowToApacheSSLPHPfp
] here
.
