Here's how I did Apache+DSO+mod_ssl+mod_perl+php4+MySQL.

Some parts are blatantly stolen from the APACHE-MOD mini-HOWTO. You should read it for additional information.

This configuration loads all your toys as DSO's. If you are running a high-availability server, this may not be right for you. However, low-access servers and home servers are good candidates for this, especially since DSO's are easy to upgrade without rebuilding your whole system.

You will need the following software. Make sure you get the latest and greatest.:

• Apache 1.3.12
• PHP 4
  • GD 1.3 (to make use of GIF files)
    • Source

  
  OR

  • GD 1.8.1+ (to make use of PNG files)
  • Source
  • IMAP 4.5+
    • Source
• mod_perl
  • Perl5 Modules Required
  • MIME::Base64
  • URI
  • HTML-Parser
  • Digest-MD5
  • libnet
  • libwww-perl
• mod_ssl
  • OpenSSL
    • Source
  • MM
• MySQL

This is the directory layout scheme I used. Extract your source files into the appropriate directorie. Wherever you see <version>, it means the number of whatever the latest version is. The easiest way to set this up is to cd to the parent directory (say, /usr/src/apache), then "tar -zxvf /path/to/tar/apache-1.3.12.tar.gz". That will create the /usr/src/apache/apache-1.3.12" directory with all the files unpacked in it.

+ /usr/src
|
+-+ apache
  |
  +-+ apache-1.3.12
  |
  +-+ modules
  | |
  | +-+ mod_perl
  | | |
  | | +- mod_perl-<version>
  | | |
  | | +-+ depend
  | |   |
  | |   +- <perl modules here>
  | |
  | +-+ mod_ssl
  | | |
  | | +- mod_ssl-<version>
  | | |
  | | +-+ depend
  | |   |
  | |   +- openssl-<version>
  | |   |
  | |   +- mm-<version>
  | |
  | +-+ mod_fastcgi_SNAP
  | |
  | +-+ php
  | | |
  | | +- php-<version>
  | | |
  | | +-+ depend
  | |   |
  | |   +- gd-<version>
  | |   |
  | |   +- imap-<version>
  | |
  +-+ mysql

I didn't use any RPM's for a number of reasons. Partly because I wanted to make sure I knew how to do it on non-RedHat systems, but also because I already had a running system with some of this stuff already installed as RPM's. I wanted to avoid any library conflicts.

OpenSSL
You'll start by installing OpenSSL. This is required to run the mod_ssl cryptography. In the OpenSSL dir, run

./configure
make
make test
make install

The Apache_mod HOWTWO mentions installing RSAREF as well, but I think it's no longer relevant. I didn't install it, but you can if you want.

MM

In the mm directory,

./configure --disable-shared
make

It's not necessary to run 'make install'. If you choose to actually install this, you're on your own. I'm just interested in the libraries.

mod_ssl

With some of the configurations, it's easier to write a quick shell script in case you have to keep re-configuring. Here's my mod_ssl script. Note the end of some lines end with '\'. That just means the next line is a continuation of the current line. You can put all this on one line if you like, by omitting the '\'.

Run this from your mod_ssl-<version> directory.

#!/bin/sh
./configure \
--with-apache=/usr/src/spache/apache-<version> \
--with-ssl \
--with-mm=../depend/mm-<version>
--enable-shared=ssl

Add a --with-rsa= line if you chose to use rsaref.

Don't run 'make' here. This is just sets up Apache's configuration for mod_ssl (even though you're running this configure program from the ssl dir).

Note that MM is *not* required for mod_ssl. If you have trouble getting it to compile, you can omit it. MM just gives you shared memory support.

Apache

We'll compile Apache with mod_ssl, mod_proxy, mod_so, and mod_rewrite. mod_perl and PHP4 will be added later.

Here is my configuration script. Run it from within your apache-<version> directory.

#!/bin/sh

SSL_BASE=../depend/openssl-<version> \
RSA_BASE=../path/to/rsaref-<version>/local \ *note: only if you're using RSAREF
EAPI_MM=../depend/mm-<version> \ *note: again, leave out if not using MM.

./configure \
--enable-module=ssl \
--enable-module=proxy \
--enable-shared=proxy \
--enable-module=rewrite \
--enable-shared=rewrite \
--prefix=/opt/apache \
--enable-shared=ssl \
--enable-rule=SHARED_CORE \
--enable-rule=SHARED_CHAIN \
--enable-module=so

*NOTE: My Apache install is in /opt/apache. EVERYTHING for Apache will be installed here when you do the 'make install'. It will also set your doc root to /opt/apache/htdocs. If this isn't what you want, read the Apache INSTALL to change it, otherwise you'll have to heavily edit your httpd.conf file when you're done. If you don't use /opt/apache, please make the appropriate adjustments to the other scripts listed in this document.

Next, do

make
make certificate
make install

The 'make certificate' will set up a test certificate for your ssl server. What you enter here is irrelevant as we'll replace it later anyway. This is just for testing.

You can now start Apache by entering

/opt/apache/apachectl sslstart

It will prompt you for the certificate password. In our live certificate, we'll get rid of that.

Your web server is now running. You can web to the SSL part at https://your.computer.name/

MySQL

This one is just another

./configure
make
make install

If you want to change the default install location, you'll have to add a --prefix=/path/to/install to the configure line. This will install MySQL. Setting up databases, et. al. is outside the scope of this document.

PHP

Compiling PHP as a DSO will make upgrading later a snap.

We'll start with the GD library

GD

The version of GD I use is 1.3. All versions after that have dropped support for .GIF images and only support .PNG. If you can still find GD1.3, I suggest using that, but I don't think it's available on the author's website anymore. I won't provide it because I don't know if I can legally distribute it. To get it ready, cd to the GD directory and run 'make'. There is no 'make install' in 1.3. You can copy the libraries to the location of your choice by hand if you want. I just left them in the src dir for linking.

IMAP

IMAP is a little weird. There's no configure for it. to set it up, run

make slx
make install

'slx' is the indicator for "linux glibc" system. Read the INSTALL for more information.

RedHat has a nasty habit of confusing kerberos stuff in IMAP. I had a problem where PHP kept looking at the headers for the old IMAP rpm I had installed. I got an unresolved symbols error gss_mech_krb5. To fix this, I pointed the PHP config file directly at my new IMAP src dir. You'll see what I mean.

PHP

Here is the script I used to compile PHP.

cd to your php source directory

#!/bin/sh

./configure \
--with-apxs=/opt/apache/bin/apxs \
--with-config-file-path=/opt/etc \
--with-gd=/usr/src/php/depend/gd-<version> \
--with-imap=/usr/src/php/depend/imap-<version> \
--with-mysql=/usr \
--with-zlib \
--enable-track-vars

A few notes. MySQL is nasty here. Some documentation makes it look like it's looking for the MySQL executable, some for the libraries, etc. I don't actually know what it's looking for, but on a default install, /usr works for me. If it doesn't work for you, you'll know when the configuration dies. You can try /usr/bin, /usr/local, /usr/bin/mysql, etc. Also, zlib is included on there. I'm pretty sure that's installed in a default RedHat installation, but if not, you'll have to either install it or take that line out.

Secondly, the config-file-path refers to where PHP will look for its php.ini. You can put it anywhere you want. I wanted to keep everything for the webserver in one place.

Next, run

make
make install

If everything ran ok, 'make install' will copy libphp4.so to /opt/apache/libexec/libphp4.so and add the proper AddModule entries to httpd.conf.

One thing you'll have to do by hand is to copy php-<version>/php.ini-dist to /opt/etc/php.ini (or wherever you specified in the configure script). The ini-dist is a default config .ini file, but should work fine with no tweaking.

You'll also need to make some changes to httpd.conf to make use of PHP. One is to uncomment the following lines:

AddType application/x-httpd-php .php
AddType application/x-httpd-php-source .phps

Otherwise whenever someone webs to a php page on your site, their browser will try to download it instead of running it through the pre-processor.

Final note on PHP: I have a weird problem with PHP and Apache. If I try to start Apache with PHP, it loads and then dies immediately with no errors and no core dump. I have not fixed this problem yet, but I have figured out a workaround. If you load Apache without PHP, then change the httpd.conf file to put PHP back in, then do a RESTART (not a stop/start), it seems to work fine. I created two httpd.conf files. The first is called httpd.conf.w4 and includes PHP support (the 'w4' means "With PHP4"). The second is httpd.conf.wo4 and does not have PHP in it. If you are not experiencing this problem, you can skip down to the mod_perl section. Note that on another system I built this on, I didn't start having the problem until *after* I installed mod_perl.

In the .wo4, I simply commented out

LoadModule php4_module libexec/libphp4.so
AddModule mod_php4.c

You'll notice that in the default setup, those two are in an SSL-define statement. If you want PHP to run when you aren't running SSL, you'll have to move them up a few lines. In the default setup, PHP will still run on unsecured (non-ssl) pages, that change is just if you start Apache without SSL (/opt/apache/bin/apachectl start instead of apachectl sslstart).

Here's quick little script I wrote which hacks around the PHP problem I'm having. If you know how to fix it, PLEASE let me know!

#!/bin/sh

cd /opt/apache/conf
../bin/apachectl stop
sleep 2
cp -f ./httpd.conf.wo4 ./httpd.conf
../bin/apachectl sslstart
sleep 2
cp -f ./httpd.conf.w4 ./httpd.conf
../bin/apachectl restart

The sleep commands are necessary to slow it down a little, otherwise it tries to restart before it's completed the first start.

mod_perl

Next we'll install mod_perl and the required modules. If you already have some of these, updating them won't hurt. Also, you can install these via CPAN if you want, but I just did it by hand.

Installation is the same for all the modules. Change to the appropriate directory and run

perl Makefile.PL
make
make install

You should install in this order:

MIME::Base64
URI
HTML::Parser
Digest-MD5
libnet
libwww

After installing the modules, change to the mod_perl source directory and run the following configuration script:

perl Makefil.pl USE_APXS=1 WITH_APXS=/opt/apache/bin/apxs EXERYTHING=1

Again, change /opt/apache to suit your install.
Now, run

make
make install

This will install the mod_perl module just like PHP.

Certificates

Finally, we'll fix the SSL certificate. I won't go into setting up a CA to sign your own certs. I'm just going to tell you how to generate new certs for your webserver, and to get rid of the password prompt when starting Apache.

First, find your OpenSSL executable. Mine is located in /usr/local/ssl/bin/openssl. "slocate openssl" may be useful to find it.

Next,

Step one - create the key and request:

openssl req -new > new.cert.csr

Step two - remove the passphrase from the key:

openssl rsa -in privkey.pem -out new.crt.key

Step three - convert request into signed cert:

openssl x509 -in new.cert.csr -out new.cert.crt -req -signkey new.cert.key -days 365

Lastly, copy your new cert:

cp new.cert.key /opt/apache/conf/ssl.key/server.key
cp new.cert.csr /opt/apache/conf/ssl.csr/server.csr
cp new.cert.crt /opt/apache/conf/ssl.crt/server.crt

Then you just need to restart your webserver (probably using the script I mentioned above).

You should take a few minutes to configure your httpd.conf to suit your needs (.htaccess, directives, etc.). This is outside the scope of this document, however. Just remember to make the changes to both your workaround .conf files if you had the same crashing problem I had.

Have fun with your new ssl-secured webserver!