Installing Apache 2 httpd with ssl and PHP support

Compiling Apache used to be easy. Over the years it has gotten more and more complex, and the latest versions can be a nightmare even for experienced administrators to compile. Each version of Apache also puts its config files and log files in a different place. Many people have trouble configuring the "prefork" version that is installed by SuSE, because instead of one config file, the prefork version (at least the one supplied by SuSE) has 13 of them. Since apache needs to be updated and reinstalled frequently, most users are better off compiling apache from source from the very beginning. This also helps your users by ensuring that their html files (and your config files) are always in the same place.

PHP5 is recommended over PHP4 because it is much easier to install. It is recommended to compile php as a shared library instead of hard-coding it into apache. The old ".o" and "mod_php4.c" files will be replaced by a single php library. This page will also concentrate exclusively on apache 2.x.

STEP 1: Install SSL

Install new openssl from www.openssl.org (openssl-0.9.6g.tar.gz)

Openssl installs everything in /usr/local/ssl/lib, while SuSE installs it in /usr/lib/. Be sure to copy the new version to /usr/lib or specify "--prefix=/usr/lib" during the config step.
    ./config
    make
    make test
    make install
    ./config shared
    make 
    make install
    cd /usr/local/ssl/lib
    cp * /usr/lib
    lcdonfig
If it gives the following error:
    BEGIN failed--compilation aborted at /usr/lib/perl5/5.00503\
    /Pod/Usage.pm line 412.
copy the files manually
    cp libcry* /usr/lib/ 
    cp libssl* /usr/lib/
    cp libcry* /usr/local/ssl/lib
    cp libssl* /usr/local/ssl/lib
Restart Samba and Apache, otherwise Samba, apache, and possibly other applications will crash silently.

STEP 2: Unpack Apache

PHP places files in the Apache source tree that are necessary to create a version of Apache that supports PHP. Untar Apache and type './configure'. Do not skip this step. Then install PHP before continuing.

STEP 3: Install PHP

Use the latest versions of Apache and PHP to avoid incompatibilities, compilation problems, and potential security problems. If you use modules in apache, it may be necessary to reinstall them as well.

PHP can be configured with apxs or using command-line options. In this document we will use apxs. If you use apxs, make sure the correct apxs (/usr/sbin/apxs, /usr/sbin/apxs2, /usr/local/apache/bin/apxs, or /usr/local/apache2/bin/apxs) is being used by specifying something like "--with-apxs=/usr/sbin/apxs". If you specify the wrong apxs, it will say something like:
  configure: error: You have enabled Apache 2 support 
  while your server is Apache 1.3.  
  Please use the appropiate switch --with-apxs (without the 2)
Since apxs is part of Apache, if apxs is not present, you must compile and install apache twice--once to create apxs, and once to create a version of apache that works with php. For Apache 2.x you need to use apxs2. Apache creates a version of apxs2, but unfortunately calls it apxs. This is the version needed by php. It's necessary to make it executable and then copy it somewhere in your path (such as /usr/sbin/). See also "./configure --help" and "sapi/apache2filter/README".

  1. Install python and python-devel from original linux CD if python is not present.
  2. Obtain the libxml2 tar file from
      ftp://ftp.gnome.org/mirror/gnome.org/sources/libxml2/2.6/
  3. Compile and install libxml2
      ./configure --enable-ipv6=no
       make
       make install
  4. According to the documentation, libxml2-devel is also needed. However, this turned out not to be true.
  5. If you don't have an apxs already, go back to the apache directory and install apxs by compiling and installing a minimal apache with no arguments as described below in Step 4. Then return to the php directory and type:
     ./configure --with-apxs2=/usr/local/apache2/bin/apxs \
      --with-apache2=/home/tjnelson/apache/httpd-2.0.50 \
      --enable-shared  --with-mysql=/usr/bin/mysql
    
    Substitute the actual location of your apxs. In our situation, we had to use a different command for each of our computers that use php with apache (This section is only of local interest. Please skip to the next section if you are not me.):
    entropy
    
      cd /usr/local/lib/perl5/site_perl
      cp /usr/lib/perl5/5.8.1/strict.pm .
      cd -
      ./configure --with-apxs2=/usr/local/apache2/bin/apxs \
          --with-apache2=/home/tjnelson/apache/httpd-2.0.50 
      make
      edit Makefile to remove install-pear from install_targets
      su
      make install
      libtool --finish /home/tjnelson/php/php-5.2.1/libs
      cd /etc/rc.d
      ./apache2 restart
      test web server to make sure it actually started
    
    protein
    
      install libxml2 and libxml2-sources from ftp://xmlsoft.org/
     ./configure  --with-apache=/home/tjnelson/apache/httpd-2.0.50
      
    engram  
    
      ./configure --with-apxs2=/usr/local/apache2/bin/apxs \
        --with-apache2=/home/tjnelson/apache/httpd-2.0.50 \
        --enable-shared --enable-mbstring
      make
      edit Makefile to remove install-pear from install_targets
      su
      make install
      libtool --finish /home/tjnelson/php/php-5.2.1/libs
      cd /etc/rc.d
      ./apache2 restart
      test web server to make sure it actually started
    
    The mysql option is only needed if you have mysql installed.
    Be sure to specify building shared libraries or you'll end up with useless static libraries.

  6. Next build php, and install it as root. Make sure you have a working httpd.conf before installing php, because it will modify your httpd.conf file.
      make clean
      make 
      su
      make install      
      make install-modules   (optional)
      libtool --finish /home/tjnelson/php/php-5.2.1/libs
    
    The 'make install' command should say something about libphp5.so, and not libphp5.a. Shared (.so) libraries are needed to interface with apache.

On some computers, php installation hangs during the "make install" command during PEAR installation. If you don't need pear, this problem can be solved by editing the php makefile and removing "install-pear" from the line that starts with "install_targets".

By default it installs php in /usr/local/bin. You need to find and get rid of any old versions of php (e.g., in /usr/bin). If you make a mistake and start compiling with the wrong options, be sure to type "make clean" before running make a second time. Also, don't add too many options to php or it will prevent apache from compiling. (It may even prevent 'configure' from working.)

Next copy php.ini-dist to the appropriate place (normally /etc/php.ini or /usr/local/lib/php.ini) and edit it as necessary to set PHP options. The most common option is to allow uploads. This is essential for applications like squirrelmail. If uploads are not allowed, or the maximum filesize is too small, squirrelmail will allow incoming mail but silently drop outgoing mail with no warning and no messages to any logfile. It can be a royal pain to find this problem.
  ln -s /etc/php.ini /usr/local/lib/php.ini
  file_uploads = On
  ;upload_tmp_dir =
  upload_max_filesize = 200M

STEP 4: Install Apache

Un-mangle the documentation filenames so you can read the documentation:
   cd htdocs/manual
   mmv -r "*.html.en" "#1.html"
   mmv -r "*.html.html" "#1.html"

  1. Enabling Proxy in Apache: If your server is well protected from the Internet, you can activate the http proxy feature in Apache by adding
    --enable-proxy 
    to the configure command. (note: it used to be called "--enable-module=proxy", but this seems not to work anymore. If in doubt whether the option is enabled, look at config.log). If you use modules, there needs to be a "LoadModule" line in your httpd.conf file. (This is done automatically by the make install script unless it finds a pre-existing httpd.conf file).

    Then make the appropriate changes to your /etc/httpd/httpd.conf file as shown below. If the server is exposed to the Internet, you will eventually get hit with spammers and people trying to access porn. The documentation states that adding the following to your httpd.conf will prevent these attacks:
    <Directory proxy:*>
    Order Deny,Allow
    Deny from all
    Allow from yournetwork.example.com
    </Directory>
    
    However, in my experience, this doesn't always work. If you want secure proxying, you're better off with a full-featured proxy like squid.

  2. Compile apache
    Run 'configure' and 'make'.
       cd /home/tjnelson/apache/httpd-2.0.50
      ./configure --enable-module=so \
            --with-apxs2=/usr/local/apache2/bin/apxs \
            --enable-ssl --enable-includes --sysconfdir=/etc/httpd \
            --enable-proxy  (optional)
       make
    
    Many other options are available. Unfortunately, they are poorly documented. You can find a few by typing configure --help. The only way I know of to find the rest of them is by reading the configure file.
  3. Check httpd before installing it. This will ensure that the desired modules are included and that it can find its libraries:
       make
       ldd ./src/httpd   
    
    It should say something like
       libpam.so.0 => /lib/libpam.so.0 (0x40028000)
       libcrypt.so.1 => /lib/libcrypt.so.1 (0x40031000)
       libresolv.so.2 => /lib/libresolv.so.2 (0x40064000)
       libm.so.6 => /lib/libm.so.6 (0x40075000)
       libdl.so.2 => /lib/libdl.so.2 (0x40099000)
       libnsl.so.1 => /lib/libnsl.so.1 (0x4009d000)
       libexpat.so.0 => /usr/lib/libexpat.so.0 (0x400b3000)
       libc.so.6 => /lib/libc.so.6 (0x400d5000)
       /lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x40000000)
    
    In Apache 2, the httpd in the top directory is just a script, but the commands are similar to Apache 1.x:
       ldd ./.libs/httpd
            libssl.so.0.9.6 => /usr/lib/libssl.so.0.9.6 (0x40029000)
            libcrypto.so.0.9.6 => /usr/lib/libcrypto.so.0.9.6 (0x40057000)
            libaprutil-0.so.0 => /usr/local/apache2/lib/libaprutil-0.so.0 (0x40115000)
            libgdbm.so.2 => /usr/lib/libgdbm.so.2 (0x4012b000)
            libdb-4.0.so => /usr/lib/libdb-4.0.so (0x40133000)
            libexpat.so.0 => /usr/lib/libexpat.so.0 (0x401cb000)
            libapr-0.so.0 => /usr/local/apache2/lib/libapr-0.so.0 (0x401ed000)
            librt.so.1 => /lib/librt.so.1 (0x4020d000)
            libm.so.6 => /lib/libm.so.6 (0x4021f000)
            libcrypt.so.1 => /lib/libcrypt.so.1 (0x40242000)
            libnsl.so.1 => /lib/libnsl.so.1 (0x40276000)
            libdl.so.2 => /lib/libdl.so.2 (0x4028c000)
            libpthread.so.0 => /lib/libpthread.so.0 (0x40290000)
            libc.so.6 => /lib/libc.so.6 (0x402a6000)
            /lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x40000000)
      ./httpd -l
            Compiled in modules:
            core.c
            mod_access.c
            mod_auth.c
            mod_include.c
            mod_log_config.c
            mod_env.c
            mod_setenvif.c
            mod_proxy.c
            proxy_connect.c
            proxy_ftp.c
            proxy_http.c
            mod_ssl.c
            prefork.c
            http_core.c
            mod_mime.c
            mod_status.c
            mod_autoindex.c
            mod_asis.c
            mod_cgi.c
            mod_negotiation.c
            mod_dir.c
            mod_imap.c
            mod_actions.c
            mod_userdir.c
            mod_alias.c
            mod_so.c
    Notice that mod_php is not listed because it's not compiled into apache.

  4. Install apache and set up configuration file

    Remove /usr/local/apache/conf/, /usr/local/apache2/conf/, and /etc/httpd/ if they exist so Apache creates a new one. It is much easier to edit a working httpd.conf than to modify a non-working one. Note that "--sysconfdir=/etc/httpd" will prevent it from creating a conf file if one already exists in the /etc/httpd directory.
       su
       mv /etc/httpd /etc/httpd.bak
       mv /usr/local/apache/conf /usr/local/apache/conf.bak
       mv /usr/local/apache2/conf /usr/local/apache2/conf.bak
       make install 
    
    Apache 2.0 installs in /usr/local/apache2/bin, /usr/local/apache2/lib, etc.

    Edit httpd.conf:

    • Change the default port from 8080 to 80.
    • Set the correct document root so it points to your Web pages
        DocumentRoot "/usr/local/httpd/htdocs"
      
      (This must be done in two places)
    • Change the user from nobody to wwwrun
    • Enable proxy if desired
          ProxyRequests On
          <Directory proxy:*>
              Order deny,allow
              Deny from all
              Allow from .my_hostname.com
          </Directory>
          ProxyVia On
      
    • Add access controls if desired
    • Remove any lines that refer to php3 or php4. These often cause problems.
    • Enable FollowSymlinks in /etc/httpd/httpd.conf or /usr/local/apache/conf/httpd.conf if there are links in the path of any html files. Make sure apache has execute permission in user's home directories if files are located there (i.e., permissions in /home should be 711), or you will get "Forbidden You don't have permission to access x on this server" when a browser tries to follow a symlink.
    • Add the following at the end, if the php installation script didn't already add them:
        LoadModule php5_module        modules/libphp5.so
        # or, for some systems:
        # LoadModule php5_module        /usr/local/apache/libexec/libphp5.so
      
        # This line is necessary to allow inline php statements in your
        # html pages.
        AddType application/x-httpd-php .php .htm .html   
        #AddType application/x-httpd-php .php4
        AddType application/x-httpd-php-source .phps
        AddHandler php5-script php 
        DirectoryIndex index.html index.php
        AddType text/html       php
        AddType application/x-httpd-php-source phps
      
      The installation script for php5 should add the appropriate php5 lines automatically. However, it doesn't remove the php4 lines if they're present. These should be removed manually, because loading two different versions of php simultaneously is a frequent source of problems and php crashes.
  5. Start apache

    Make a link at /usr/local/apache2/conf/, if it exists, so there's no doubt as to which httpd.conf it will use.
     ln -s /etc/httpd/httpd.conf /usr/local/apache2/conf/httpd.conf
    
    Stop the currently-running httpd (by typing "/etc/rc.d/apache stop") and start the new one:
     cd /etc/rc.d
     ./apache stop
     /usr/local/apache/bin/apachectl start
    
    Make sure it's running on port 80 and not 8080:
     netstat -na | grep 80 
     tcp        0      0 0.0.0.0:80            0.0.0.0:*               LISTEN      
    
    Make sure the correct version is running:
     ps -aux | grep http
     root   21194  0.0  0.3 3988 1868 ? S Sep18 0:00 /usr/local/apache/bin/httpd
     wwwrun 21197  0.0  0.3 4068 2016 ? S Sep18 0:00 /usr/local/apache/bin/httpd
    
    Copy the new startup script to /etc/rc.d (or edit the old script)
     cd /etc/rc.d
     mv apache apache.bak
     cp /usr/local/apache2/bin/apachectl /etc/rc.d/apache2
    

  6. Test apache and php
    1. Test with a browser to see if you can reach "http://localhost" and "http://localhost/manual". Create a file called "test.php" in the htdocs directory containing the line:
       <? phpinfo(); ?>
      
      It should be:
       -rw-r--r--    1 root     root           17 Sep 18 21:29 test.php
      
    2. Copy your html files into the htdocs directory and see if you can reach "http://yoursite.com/test.php". It should print a purple PHP page showing the current version of php and current setup, showing today as the build date. This may take a couple of tries -- for example, it may work with "myhost.somewhere.org" but not with "localhost/test.php".
      Now copy your html files to /usr/local/apache/htdocs.
    3. Install the new startup script:
       mv /etc/rc.d/apache /etc/rc.d/apache.bak
       cp /usr/local/apache/bin/apachectl /etc/rc.d/apache
      
      One annoyance with apache is that if there's a problem in your httpd.conf file, quite often it will simply say
       ./apachectl start: httpd could not be started
      
      giving you no clue what the problem is.
    4. If you have other servers: lather, rinse, repeat.

Problems

  1. Blank screen

    Users see a blank screen or unprocessed php directives when viewing any php page, including test.php.
    Solution: Check the apache logs (error_log). One possibility is that php is crashing. The first line in the log below shows that PHP is configured correctly. The second line shows that it's crashing.
     Apache/2.0.48 (Unix) mod_ssl/2.0.48 OpenSSL/0.9.7c PHP/4.3.1 
             PHP/5.0.3 configured -- resuming normal operations
     [notice] child pid 2257 exit signal Segmentation fault (11)
    
    One solution is to recompile and reinstall php. Another reason php may crash is that your httpd.conf file contains references to both php4 and php5. If you try to load both versions, it will crash. It's also important to remove any pre-existing versions of php that may be on your system, e.g.:
     mv /usr/bin/php /usr/bin/php.bak
     ln -s /usr/local/bin/php /usr/bin/php 
    to make sure the system is using the correct one.

    Additional troubleshooting steps

    To troubleshoot php, it is necessary to trick it into printing error messages.

    • The easiest way to know whether apache has loaded the php module is to include the "LoadModule" line twice. It should say:
            [warn] module php5_module is already loaded, skipping
    • Click "View page source" to find out whether Apache is interpreting the php. If the php source code is visible, it means Apache is not translating the php. If you get an empty HTML file (<HTML><body></body></html>) it is bad news. The php website does not acknowledge this problem, even though it seems to be very widespread. Typically there are no error messages regardless of the settings in php.ini, and all php pages produce a white blank page and nothing else. The problem is that no error messages are produced, making it quite difficult to diagnose. The blank page problem will sometimes occur on one computer but not another.
    • From the command line, go to the htdocs directory and type
      php test.php

      On a computer in which php is properly set up, this should print several pages of text. On a computer that has the blank screen problem, you will get something like this:
      Fatal error: Call to undefined function phpinfo() in 
      /usr/local/apache2/htdocs/test.php on line 1
      Finally, a real error message. This message means that either the wrong php is being executed, or that php is using an old library somewhere that doesn't have the phpinfo function. You have to find this library and eliminate it.
    • Well, this is as far as I have gotten so far with this bug.
  2. Pages not being rendered in Unicode.
    Be sure to comment out the default charset in httpd.conf; otherwise, pages will appear in 8859-1 (Western) characters even when the user's browser is set to Auto-Detect.
    #AddDefaultCharset ISO-8859-1
  3. Compilation error in apache.
    ssl_engine_pphrase.c: In function 'ssl_pphrase_Handle_CB':
    ssl_engine_pphrase.c:683: error: 'PEM_F_DEF_CALLBACK' undeclared \
     (first use in this function)
    
    Edit ./modules/ssl/ssl_engine_pphrase.c and change all occurrences of PEM_F_DEF_CALLBACK to PEM_F_PEM_DEF_CALLBACK.
  4. Apache does not start up.
    API module structure `php5_module' in file /usr/lib64/apache2/libphp5.so \
       is garbled - perhaps this is not an Apache module DSO?
    
    This means you have to compile php and apache2 again, using a different apxs2 script. This script might be called apxs or apxs2. In this case, it happened to be called apxs, but was actually apxs2.
    cd; cd apache/httpd-2.0.50
    find . | grep apxs
    su
    cp ./support/apxs /usr/sbin/apxs
    chmod a+x /usr/sbin/apxs
    exit
    cd; cd php/php-5.2.1
    ./configure --with-apxs2=/usr/sbin/apxs \
      --with-apache2=/home/tjnelson/apache/httpd-2.0.50 \
      --enable-shared
    make clean
    make
    su
    make install
    libtool --finish /home/tjnelson/php/php-5.2.1/libs
    make install  (It gives a more informative message the second time.)
    exit
    
    cd; cd apache/httpd-2.0.50
    ./configure --enable-module=so --with-apxs2=/usr/sbin/apxs \ 
       --enable-ssl --enable-includes --sysconfdir=/etc/httpd
    make clean
    make
    su
    make install
    exit
    
    cd;  cd php/php-5.2.1
    find . | grep libphp5.so
    cp /usr/lib64/apache2/libphp5.so  /usr/lib64/apache2/libphp5.so.bak
    cp ./libs/libphp5.so   /usr/lib64/apache2/libphp5.so
    exit
    

Enabling server-side includes (SSIs) in Apache

This section has been moved to linuxsetup116.html.


Back