Apache with SSL/PHP/Perl/Tomcat

This page covers configuring Apache 1.3.27 to use mod_perl-1.27, PHP-4.3.1, mod_ssl-2.8.11, OpenSSL-0.9.7a, and Tomcat 4.1.24. When compiling from sources, try to obtain the latest version available especially if bugs and/or security holes have been fixed.

Table of Contents Setup Java & Tomcat Install Apache Install MM Install OpenSSL mod_ssl, mod_perl, PHP & Apache Setup the connector for Tomcat Starting Apache & Tomcat

Links to Sources (Version Used) Apache (1.3.27) mod_ssl (2.8.14-1.3.27) OpenSSL (0.9.7a) mod_perl (1.27) MM (1.3.0) Perl (5.8.0) PHP (4.3.1) MySQL (3.23.56) J2 Standard Edition (1.4.x) J2 Enterprise Edition (1.4_beta) Ant (1.5.2) [Binary] Tomcat (4.1.24-LE-jdk14) [Binary] mod_jk (1.3-eapi) [Binary]

Setting up the Java and Tomcat Environment   TOC

1. Install the J2SE SDK (Software Development Kit). Your Linux distribution may already come with a Java SDK; check your distribution's documentation or install the latest version of the Standard Edition SDK. Download the the .sh file, and execute it to unpack the .rpm; the default install directory is /usr/java/j2sdk1.x.x.

# ./j2sdk-1_4_1-linux-i586-rpm.bin
                           Sun Microsystems, Inc.
                        Binary Code License Agreement
  [output of the License agreement cut]
Do you agree to the above license terms? [yes or no]
yes
Unpacking...
Checksumming...
0
0
Extracting...
UnZipSFX 5.40 of 28 November 1998, by Info-ZIP (Zip-Bugs@lists.wku.edu).
  inflating: j2sdk-1_4_1-fcs-linux-i586.rpm
Done.
# rpm -i j2sdk-1_4_1-fcs-linux-i586.rpm
# ls /usr/java
.  ..  j2sdk1.4.1
# JAVA_HOME=/usr/java/j2sdk1.4.1
# export JAVA_HOME

2. Install the J2EE SDK. Your Linux distribution most likely won't come with the Enterprise Editions of the Java SDK, so you will have to download (use the link above) and install it. Download the .sh file to install the SDK; remember where you specify the installation directory as you will need it to set the environment variable.

# ./j2sdkee-1_4-beta-linux.sh
Using /var/tmp as temporary directory...
Searching for Java(TM) 2 Platform, Standard Edition...
Initializing InstallShield Wizard...

An installation dialog window will open and you will be required to agree to the license, specify a J2SE JDK to use, and specify the path to install the J2EE SDK. You will need Xwindows running, and you will have to execute the command as the same user who started Xwindows.

3. Install ant. Your distribution may come with ant, so use that one or download and install the latest version. When installing ant, the binaries needs to be decompressed and untarred, and the bin/ and lib/ directories need to be installed in a permanent location. Ant is a Java based build tool and can be used to compile the connector (mod_jk) if you choose to compile your own instead of using binaries.

# mkdir /usr/ant
# cd apache-ant-1.5.2/
# cp -R lib/ bin/ /usr/ant/ 

4. Setup environment variables. Edit .bashrc or .profile, and add the following lines so that the environment variables will be set everytime you log in.

JAVA_HOME=/usr/java/j2sdk1.4.1
J2EE_HOME=/usr/java/j2sdkee1.4
ANT_HOME=/usr/ant 

Append the bin/ directories of the J2SE and J2EE SDKs installation directories onto the path variable. You can also insert the paths for the bin/ directories into the path statement in .bashrc or .profile to permanently set the path.

# PATH=$PATH:/usr/java/j2sdk1.4.1/bin:/usr/java/j2sdkee1.4/bin

5. Install Tomcat. The Tomcat binary will be installed into its own directory and the mod_jk module will allow Apache to forward .jsp and servlet requests to Tomcat by serving as a web server connector.

# mkdir /usr/local/jakarta-tomcat_4.1.24
# cd jakarta-tomcat-4.1.24-LE-jdk14/
# cp -R * /usr/local/jakarta-tomcat_4.1.24

Set an evironment variable for Tomcat.

# TOMCAT_HOME=/usr/local/jakarta-tomcat_4.1.24 ; export TOMCAT_HOME 

You can now start a standalone Tomcat server -to verify the server starts with no problems -by using the following command:

# ${TOMCAT_HOME}/bin/startup.sh

You can stop the standalone Tomcat server with the following command:

# ${TOMCAT_HOME}/bin/shutdown.sh

The default port for Tomcat to listen to is port 8080; this can be changed by editing the server.xml file in ${TOMCAT_HOME}/conf. Use grep -n 8080 server.xml to find the line number of the port specification and edit server.xml to use a different port if necessary (proxy servers sometimes listen to port 8080 and can conflict with Tomcat).

# cd ${TOMCAT_HOME}/conf
# grep -n 8080 server.xml
91:   <!-- Define a non-SSL Coyote HTTP/1.1 Connector on port 8080 -->
93:            port="8080" minProcessors="5" maxProcessors="75"
# vi +93 server.xml

If you started the server, you can view the default Tomcat page at: http://localhost:8080/. If you changed the port from 8080, use that value instead.

Install Apache   TOC

Apache can now be installed. This HowTo is an update for installing Apache with PHP/mod_perl and mod_ssl; the main differences are that it is updated to refer to the latest (as of 27 Mar 03) sources and it includes setting up Tomcat to serve Java server pages and servlets. I used the binaries for Tomcat and the connector module mod_jk, but you could compile them from source as well -it's just easier to use the latest binaries.

Install MM   TOC

1.Change to the source directory for MM:

# cd  mm-1.3.0

2. To install the MM library into /usr/local/mm/{bin,lib,include,man}/ perform the following steps:

# ./configure --prefix=/usr/local/mm --disable-shared

3. Build MM by running:

# make

4. Test the libraries.

# make test

5. If that works, install the binary with:

# make install
# cd ..

Install OpenSSL   TOC

1. Change to the source directory for OpenSSL:

# cd openssl-0.9.7a

2. Run the config script to automatically configure your system.

# ./config no-threads --openssldir=/usr/local/openssl -fPIC

3. Build OpenSSL by running:

# make

4. After a successful build, the libraries should be tested. Run the following command to test them:

# make test

5. If everything tests OK, install OpenSSL with:

# make install
# cd ..

Install mod_ssl, mod_perl, PHP & Apache   TOC

1. If you want PHP to have MySQL support, you will have to install MySQL before you install PHP.

2. You should have the Apache, mod_ssl, mod_perl, and PHP sources in the same directory -it'll be easier to configure them by doing this.

3. Apply mod_ssl to the Apache source tree.

# cd mod_ssl-2.8.14-1.3.27
# ./configure --with-apache=../apache_1.3.27
# cd ..

4. Apply mod_perl to the Apache source tree and build/install the Perl-side of mod_perl.

# cd mod_perl-1.27
# perl Makefile.PL \
EVERYTHING=1 \
APACHE_SRC=../apache_1.3.27/src \
USE_APACI=1 \
PREP_HTTPD=1 \
DO_HTTPD=1
# make
# make install
# cd ..

5. Configure PHP and apply it to the Apache source tree (Note that the CFLAGS option might fail if your shell is csh, try using bash or sh).

# cd php-4.3.1
# CFLAGS='-O2 -I/usr/local/openssl/include' \
./configure --with-apache=../apache_1.3.27 \
--enable-track-vars \
--with-mysql=/usr/local/mysql \
--enable-memory-limit=yes \
--enable-debug=no
# make
# make install

6. Copy the php.ini-dist file to /usr/local/lib/php.ini.

# cp php.ini-dist /usr/local/lib/php.ini
# cd ..

7. Build/install Apache with mod_ssl, mod_perl, and PHP.

# cd apache_1.3.27
# SSL_BASE=/usr/local/openssl \
EAPI_MM=../mm-1.3.0/ \
./configure \
--enable-module=so \
--enable-module=proxy \
--enable-module=info \
--enable-module=alias \
--enable-module=dir \
--enable-module=userdir \
--enable-module=ssl \
--prefix=/usr/local/httpd \
--activate-module=src/modules/php4/libphp4.a \
--activate-module=src/modules/perl/libperl.a
# make

8. Next you are asked to make a site certificate, the default type is test. You will be prompted to answer some question about your certificate, it's fine to accept the defaults if you aren't actually installing a certificate from a CA (Certificate Authority) else use the option for an existing certificate.

# make certificate TYPE=test

9. If the next step goes correctly you will see a messsage of how to start the server.

# make install
# cd ..

Setup the connector for Tomcat   TOC

1. Install mod_jk. Copy the mod_jk module binary to the installed Apache directory.

# cp mod_jk-1.3.eapi.so /usr/local/httpd/libexec/

2. Create a workers.properties file (in same directory as httpd.conf):

# cd /usr/local/httpd/conf
# vi workers.properties

The following is the content for the workers.properties.

# Define 1 real worker using ajp13
worker.list=worker1
# Set properties for worker1 (ajp13)
worker.worker1.type=ajp13
worker.worker1.host=localhost
worker.worker1.port=8009
worker.worker1.lbfactor=50
worker.worker1.cachesize=10
worker.worker1.cache_timeout=600
worker.worker1.socket_keepalive=1
worker.worker1.socket_timeout=300

3. Edit httpd.conf and add some settings to allow mod_jk to connect to the Tomcat server.

Enter the following at about line 205 of httpd.conf -the section about DSOs.

# Loads the jk module when Apache starts
LoadModule jk_module libexec/mod_jk-1.3.eapi.so

The rest of the mod_jk settings should be entered later in the file (at the end of section 2).

# Where to find workers.properties
JkWorkersFile /usr/local/httpd/conf/workers.properties

# Where to put jk logs
JkLogFile /usr/local/httpd/logs/mod_jk.log

# Set the jk log level [debug/error/info]
JkLogLevel info

# Select the log format
JkLogStampFormat "[%a %b %d %H:%M:%S %Y] "

# JkOptions indicate to send SSL KEY SIZE,
JkOptions +ForwardKeySize +ForwardURICompat -ForwardDirectories

# JkRequestLogFormat set the request format
JkRequestLogFormat "%w %V %T"

# Send all requests ending in .jsp to worker1
JkMount /*.jsp worker1

# Send all requests ending /servlet to worker1
JkMount /*/servlet/ worker1

Alias /examples "/usr/local/jakarta-tomcat_4.1.24/webapps/examples"

    <Directory "/examples/">
        Options Indexes MultiViews
        AllowOverride None
        Order allow,deny
        Allow from all
    </Directory>

    <Location "/examples/WEB-INF/">
      AllowOverride None
      deny from all
    </Location>

Enable PHP and starting Apache & Tomcat   TOC

1. If you installed PHP, you will have to edit httpd.conf and uncomment (remove the # symbol from the beginning of the line) the statements which look like the following, or add them if they don't exist: (They are usually around line 765 to 800 in the mod_mime section.

AddType application/x-httpd-php .php
AddType application/x-httpd-php-source .phps 

2. Now you can stop the old version of Apache and start the new server. Stop the old Apache server as you normally would (a script should exist in /etc/rc.d/). If you don't know how to stop Apache, try the following: (or do ps x | grep httpd at the command line and kill the PIDs associated with httpd).

# /etc/rc.d/apache stop

To start the new Apache server, use the script created by the install process. You can copy this file to /etc/rc.d/, rename it apache, and create a symbolic link to it to start and stop Apache with the system.

# /usr/local/httpd/bin/apachectl start
# cp /usr/local/httpd/bin/apachectl /etc/rc.d/apache
# cd /etc/rc.d
# chmod +x apache
# cd rc3.d/
# ln -s ../apache S12Apache
# ln -s ../apache K12Apache

3. After you start the new server, you can view the sever modules by reviewing the logs in /usr/local/httpd/logs. I include this to show what versions the server is running -note that the mod_jk module has been loaded.

# cat /usr/local/httpd/logs/error_log
  [output cut]
[Thu Mar 27 03:47:24 2003] [notice] Apache/1.3.27 (Unix) mod_jk/1.2.2
mod_perl/1.27 PHP/4.3.1 mod_ssl/2.8.14 OpenSSL/0.9.7a configured
-- resuming normal operations
  [output cut]

4. To verify that the Tomcat server and connector works, start the Tomcat server, restart Apache, and view the examples/jsp/ directory.

To start Tomcat, you can create a file in /etc/rc.d that will start the server (make sure you set the environment variables in this file). When creating the symbolic links, make sure that the script is executed by init before the apache server script (use a lower number e.g. S11Tomcat).

# cd /etc/rc.d/
# vi tomcat

The following is the script to start Tomcat. Copy it into the tomcat file in /etc/rc.d/ created in the previous step; you may have to change the environment variables if they reside in a different place.

#! /bin/sh
# Filename: tomcat
# Description: Starts and stops tomcat
# Date: 28 Mar 03
# Author: M. Bell

# Set enviromnet variables ( JAVA_HOME is necessary to start Tomcat )
JAVA_HOME=/usr/java/j2sdk1.4.1 ; export JAVA_HOME
J2EE_HOME=/usr/java/j2sdkee1.4 ; export J2EE_HOME
TOMCAT_HOME=/usr/local/jakarta-tomcat_4.1.24 ; export TOMCAT_HOME

# Print help if no cmd line arg entered
if [ "x$1" = "x" ] ; then
      echo "No option chosen. Usage: [start|stop]"
fi

# Gets the first cmd line variable and evaluate it against case
# statements to determine whether to start or stop Tomcat.
case $1 in

    start|START|Start)
     echo "Starting Tomcat 4.1.24"
     ${TOMCAT_HOME}/bin/startup.sh
     sleep 2s
    ;;

    stop|STOP|Stop)
     echo "Shutting down Tomcat 4.1.24"
     ${TOMCAT_HOME}/bin/shutdown.sh
    ;;

    *)
     echo " >>> Usage:  $0 (start|stop)"
    ;;
# End case statements
esac

# EOF

Now, make the file executable, create some symbolic links, start Tomcat, and restart Apache.

# chmod +x tomcat
# cd /etc/rc.d/rc3.d
# ln -s ../tomcat S11Tomcat
# ln -s ../tomcat K11Tomcat
# /etc/rc.d/tomcat start
# /etc/rc.d/apache restart

If everything is installed and configured correctly, open a web browser to http://localhost/examples/jsp/index.html to see some example jsp pages and http://localhost/examples/servlets/index.html to see some example servlets.