لطفا منتظر باشید ...
A.4 Installing Apache
This section explains how to install the
Apache 2 web server. We also show you how to optionally install and
configure a secure web server that can serve https:// requests, including how to create a
private key, a certificate request, and a simple self-signed
certificate.
A.4.1 Installing a Secure Apache Server
This section describes how
to prepare to install a secure version of the Apache web server so
that you can support https://
URLs. If you don't need a secure server, skip this
section and continue the basic Apache 2 install in
"Installing a Regular Apache
Server." You can find out more about secure web
servers in Chapter 11.There are two major differences encountered when installing Apache to
use SSL versus installing Apache normally:Secure Sockets Layer software is required.
There are several sources of Secure Sockets Layer software. The
OpenSSL is probably the most-commonly used with Apache, and we show
you how to obtain and install it in this section.
A site certificate needs to be obtained and configured.
A free, self-signed certificate can be created (and
that's what we do in this section). You need to
replace it with a purchased certificate from a Certification
Authority when an application goes live.
A.4.1.1 Installing OpenSSL
To start your secure install, you
need to set up the secure tools as follows:Get the latest version of OpenSSL from http://www.openssl.org/source/. Download the
Unix tar-ed and gzip-ed file under the heading
"Tarball." For example, download
the file openssl-0.9.7c.tar.gz.Run a terminal program and login as the root user.Store the distribution file in a directory that can be used to build
the OpenSSL libraries. To move the file to /usr/local/src, use:
% mv openssl-0.9.7c.tar.gz /usr/local/srcThen, change directory to where the file is stored:
% cd /usr/local/srcUncompress and un-tar the distribution file in the
new installation directory using gzip and
tar. If the version downloaded was 0.9.7c, the
commands are:
% gzip -d openssl-0.9.7c.tar.gzThe distribution files are listed as they are extracted from the
% tar xvf openssl-0.9.7c.tar
tar file.Change the directory to the openssl source
directory, run the config script, and then
make the installation. Assuming the version
downloaded is 0.9.7c, the commands are:
% cd openssl-0.9.7cTo install OpenSSL in a directory-path of
% ./config
% make
% make test
your choice instead of /usr/local/ssl, run
config with the
openssldir=directory-path
directive.Build the install binaries of SSL:
% make installThis creates an installation of SSL in the directory
/usr/local/ssl.Now continue with Section A.4.2. You need to complete the
regular install before you can continue with the next section.
A.4.1.2 Creating a key and a certificate
For Apache to use SSL, it needs to be
configured with a private key and a certificate. Once the key and
certificate have been created, they need to be configured into
Apache. These steps show you how:First, complete the steps in the previous section and in
Section A.4.2. You need to complete
these before you can continue with these steps.Log in as the root user, and change directory to the location of the
openssl binary and create the key:
% cd /usr/local/ssl/binIf you have an actual domain for your server, replace
% ./openssl genrsa -des3 1024 > /usr/local/apache2/conf/localhost.key
localhost with the full domain name.
Supply a password, and record it for future use.
You've now created the private key.Create the certificate request by typing:
% ./openssl req -new -key /usr/local/apache2/conf/localhost.key > \If you have an actual domain for your server, replace
/usr/local/apache2/conf/localhost.csr
localhost with the full domain name. The
process asks for several fields including country, state,
organization name, and email address. The script produces a file that
contains the certificate signing request.Now, create the self-signed certificate by typing:
% ./openssl req -x509 -days 90 -key \You need to provide the password you used to create your private key.Modify the ssl.conf file with a text editor so
/usr/local/apache2/conf/localhost.key \
-in /usr/local/apache2/conf/localhost.csr > \
/usr/local/apache2/conf/localhost.crt
that it uses your certificate. The configuration file is found in the
directory /usr/local/apache2/conf/. Using a text
editor, find the following lines in the ssl.conf
file:
DocumentRoot "/usr/local/apache2/htdocs"Change the lines so that they are as follows:
ServerName new.host.name:443
SSLCertificateFile /usr/local/apache2/conf/ssl.crt/server.crt
SSLCertificateKeyFile /usr/local/apache2/conf/ssl.key/server.key
DocumentRoot "secure-document-rootReplace secure-document-root with the
"ServerName localhost:443
SSLCertificateFile /usr/local/apache2/conf/localhost .crt
SSLCertificateKeyFile /usr/local/apache2/conf/localhost.key
directory from which you want to serve secure files. You could use
/usr/local/apache2/htdocs-secure. If you have an
actual domain for your server, also replace
localhost with the full domain name.Create the directory from which you want to serve secure files. For
example, if you replaced
secure-document-root with
/usr/local/apache2/htdocs-secure in the previous
step, use:
% mkdir /usr/local/apache2/htdocs-secureNow, for testing, create a simple indexl
file in the new directory with a text editor that contains:
<html>Secure hello!</html>Save the file, and ensure it's world-readable using:
% chmod a+rx /usr/local/apache2/htdocs-secure/Start Apache. Use the following command:
% chmod a+r /usr/local/apache2/htdocs-secure/indexl
% /usr/local/apache2/bin/apachectl startsslYou need to provide your password again. A secure Apache is now
running and serving requests on port 443 (the default HTTPS port) via
SSL and also serving regular HTTP requests on post 80. You can test
it by requesting the resources https://127.0.0.1/ and http://127.0.0.1/ with a web browser running
on the same machine as the web server. You should see your sample
page, and your regular pages respectively.
When a resource such as https://127.0.0.1/ is requested with a
browser, the browser alerts the user to an unknown certificate. To
obtain a certificate that will be trusted by users, you need to send
your certificate request to a Certification Authority to be signed
using their authoritative certificates. There is a fee for this
service. While the Apache configuration allows both the key and the
certificate to be placed in a single file, the private key should not
be sent to anyone, not even the Certification Authority. More
documentation can be found at http://www.openssl.org/docs/apps/openssll.
A.4.2 Installing a Regular Apache Server
This section explains how
to install a regular Apache 2 web server that supports HTTP requests.
Here are the steps to install Apache 2:If you determined earlier in Section A.1 that an Apache web server is
already running, stop the web server using:
% /usr/local/apache2/bin/apachectl stopIf your Apache isn't installed in this directory,
replace the directory with the correct one you noted earlier.Get the latest version of the Apache HTTP Server from http://httpd.apache.org/. Scroll down the
page until you see a heading such as Apache 2.0.48 is the
best available version. Form beneath the heading, choose
the latest source code version ending in the suffix .tar.gz and save the file in the /tmp directory.Move the Apache distribution file to the desired installation
directory. The most common location is /usr/local/src. Assuming the distribution
downloaded is Apache 2.0.47, and it was downloaded in the first step
into the /tmp directory, the
command is:
% mv httpd-2.0.47.tar.gz /usr/local/srcAfter moving the distribution to the desired location, change the
directory to that location using:
% cd /usr/local/srcUncompress the package in the new installation directory by running:
% gzip -d httpd-version_number.tar.gzIf the distribution downloaded is Apache 2.0.47, the command is:
% gzip -d httpd-2.0.47.tar.gzUn-tar the archive file by running:
% tar xvf httpd-version_number.tarThe list of files extracted is shown. If the version downloaded was
Apache 2.0.47, the command is:
% tar xvf httpd-2.0.47.tarChange directory to the Apache installation:
% cd httpd-version_numberIf the Apache version is 2.0.47, type:
% cd httpd-2.0.47Configure the Apache installation by running the
configure script. This detects the
available tools, the installation environment, and other details for
the Apache configuration:
% ./configure --enable-so --with-layout=ApacheRespectively, the two parameters enable the shared module support
(PHP can then be loaded as a shared module) and set up the standard
directory layout.If you are planning on serving HTTPS requests, and
you've installed OpenSSL following our instructions
in "Installing a Secure Apache
Server", add
--enable-ssl to the list of parameters:
% ./configure --enable-so --with-layout=Apache --enable-sslCompile the Apache web server using the command:
% makeInstall the Apache server using the command:
% make installIf the installation of Apache with PHP support has been successful,
you'll be returned to a shell prompt without any
error messages appearing. The last line of the install should be
similar to this:
make[1]: Leaving directory `/usr/local/src/httpd-2.0.47'Start the Apache web server by running the command:
% /usr/local/apache2/bin/apachectl startCheck that the server is responding to HTTP requests by accessing it
using a web browser. The simplest way to check is to use a web
browser to load the URL http://127.0.0.1/. If Apache is serving
correctly, a web page is displayed.You can now create and serve HTML pages from the directory
/usr/local/apache2/htdocs/ and these will be
accessible using the base URL http://127.0.0.1/ or using the domain name of
your server. Record this directory for later use.For example, you could create the file
/usr/local/apache2/htdocs/hellol using a
text editor and this is then accessible as http://127.0.0.1/hellol. If you find that
a Forbidden error appears when you try and retrieve a new page,
you'll need to make the file readable by everyone
using, for example, chmod a+r
/usr/local/apache2/htdocs/hellol.When the machine is rebooted, Apache will not be restarted
automatically. After reboot, you can manually restart Apache using
apachectl or, alternatively, this process can be
made automatic. If you know the standard method to add an
automatically-started service on your system, add the startup
command.One common standard method to make the process automatic is to add
commands to the file rc.local (normally either
in or below the directory /etc). The
rc.local file is used to list locally installed
software that should be run on startup. You'll
typically find the file rc.local either in or
below the directory /etc. Using an editor, add
the following line to the bottom of the rc.local
file:
/usr/local/apache2/bin/apachectl startIf Apache needs to be stopped at any time, this can by achieved by
executing:
% /usr/local/apache2/bin/apachectl stop
