[웹서버] apache+ssl+openssl+mysql+php 설치
[Apache + mod_ssl + openssl + php + mySQL]
ftp://ftp.openssl.org/source/
ftp://ftp.modssl.org/source/
/****** 설치 순서 *******/
1) openssl 설치
2) mod_ssl을 apache 소스트리에 포함시키기
3) apache configure 실행
4) php configure 그리고 apache 소스트리에 포함시키기
5) mod_ssl, php 를 포함한 apache 컴파일 및 설치
/***** openssl installation ********/
[/usr/local/src/openssl-0.9.6a]#./config
[/usr/local/src/openssl-0.9.6a]# make
[/usr/local/src/openssl-0.9.6a]# make test
[/usr/local/src/openssl-0.9.6a]# make install
/* RSA Private Key 작성 */
[/usr/local/ssl/bin]# ./openssl genrsa -des3 -rand T1:T2:T3:T4:T5 1024 > \\
../private/secure.test.co.kr.key <enter>
————————————————————————–
0 semi-random bytes loaded
Generating RSA private key, 1024 bit long modulus
………++++++
……………………………………++++++
e is 65537 (0x10001)
Enter PEM pass phrase: ****** <enter>
Verifying password – Enter PEM pass phrase: ****** <enter>
————————————————————————–
[/usr/local/ssl/bin]# cat secure.test.co.kr.key
—————————————————————-
—–BEGIN RSA PRIVATE KEY—–
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,5B495C1D8FCAA406
+rfid1mS03Zfxu9DQRRN/BOyhHd/nDRsG4p2zey9FZsbkr2xxzKNdczF9CAfsXIi
PlHez1BoJ5o8NEgPmWfgCRvaICzwsSOofuizCynx6ZFhxcB6KIw7TAbF00qV5dcY
3S0ov8IeO+v7IuQBVotzJqNV6sDE1OIwqRhEqz71IpnAonZg33i8NB5Uqu895HbC
MZyVGj3cVI2jb4fiQUmc6GwY4AvtG2RQHrpE3RTXTlgW+OnX5kIByQ==
—–END RSA PRIVATE KEY—–
—————————————————————-
/* CSR 작성 */
[/usr/local/ssl/bin]# ./openssl req -new -key \\
../private/secure.test.co.kr.key -out \\
secure.test.co.kr.csr
————————————————————————————-
Using configuration from /usr/local/ssl/openssl.cnf
Enter PEM pass phrase: ****** <enter>
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
Country Name (2 letter code) [AU]:KR <enter>
State or Province Name (full name) [Some-State]:. <enter>
Locality Name (eg, city) []:Seoul <enter>
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Mediachannel inc.
<enter>
Organizational Unit Name (eg, section) []:Solution Team <enter>
Common Name (eg, YOUR name) []:Jang Won Cheol <enter>
Email Address []:telnet99 at
test.co.kr <enter>
Please enter the following ‘extra’ attributes
to be sent with your certificate request
A challenge password []: **** <enter>
An optional company name []:. <enter>
————————————————————————————-
[/usr/local/ssl/bin]# cat secure.test.co.kr.csr
—————————————————————–
—–BEGIN CERTIFICATE REQUEST—–
MIIB7DCCAVUCAQAwgZYxCzAJBgNVBAYTAktSMQ4wDAYDVQQHEwVTZW91bDEaMBgG
A1UEChMRTWVkaWFjaGFubmVsIGluYy4xFjAUBgNVBAsTDVNvbHV0aW9uIFRlYW0x
FzAVBgNVBAMTDkphbmcgV29uIENoZW9sMSowKAYJKoZIhvcNAQkBFht0ZWxuZXQ5
NszSMLAaP8YJ0Wq+lZqWqA==
—–END CERTIFICATE REQUEST—–
—————————————————————–
/* self-signed certificate 작성 */
[/usr/local/ssl/bin]# ./openssl req -x509 -key \\
../private/secure.test.co.kr.key -in \\
secure.test.co.kr.csr > \\
secure.test.co.kr.crt
——————————————————————
Using configuration from /usr/local/ssl/openssl.cnf
Enter PEM pass phrase: ******* <enter>
——————————————————————
[/usr/local/ssl/bin]# cat secure.test.co.kr.crt
—————————————————————–
—–BEGIN CERTIFICATE—–
MIIDmzCCAwSgAwIBAgIBADANBgkqhkiG9w0BAQQFADCBljELMAkGA1UEBhMCS1Ix
DjAMBgNVBAcTBVNlb3VsMRowGAYDVQQKExFNZWRpYWNoYW5uZWwgaW5jLjEWMBQG
A1UECxMNU29sdXRpb24gVGVhbTEXMBUGA1UEAxMOSmFuZyBXb24gQ2hlb2wxKjAo
BgkqhkiG9w0BCQEWG3RlbG5ldDk5QG1lZGlhY2hhbm5lbC5jby5rcjAeFw0wMTA1
—–END CERTIFICATE—–
—————————————————————–
/***** mod_ssl을 apache소스에 포함시키기 ********/
[root@test mod_ssl-2.8.2-1.3.19]# pwd
/usr/local/src/mod_ssl-2.8.2-1.3.19
[root@test mod_ssl-2.8.2-1.3.19]# ./configure –with-apache=/usr/local/src/apach
e_1.3.19
—————————————————————————
Configuring mod_ssl/2.8.2 for Apache/1.3.19
+ Apache location: /usr/local/src/apache_1.3.19 (Version 1.3.19)
+ Auxiliary patch tool: ./etc/patch/patch (local)
+ Applying packages to Apache source tree:
o Extended API (EAPI)
o Distribution Documents
o SSL Module Source
o SSL Support
o SSL Configuration Additions
o SSL Module Documentation
o Addons
Done: source extension and patches successfully applied.
Now proceed with the following commands (Bourne-Shell syntax):
$ cd /usr/local/src/apache_1.3.19
$ SSL_BASE=/path/to/openssl ./configure … –enable-module=ssl
$ make
$ make certificate
$ make install
—————————————————————————
/***** apache configure 실행 ********/
[root@test apache_1.3.19]# ./configure –prefix=/usr/local/httpd \\
> –enable-module=all –enable-shared=max
—————————————————————————
Configuring for Apache, Version 1.3.19
+ using installation path layout: Apache (config.layout)
Creating Makefile
Creating Configuration.apaci in src
Creating Makefile in src
+ configured for Linux platform
+ setting C compiler to gcc
+ setting C pre-processor to gcc -E
+ checking for system header files
+ adding selected modules
o rewrite_module uses ConfigStart/End
+ using -lndbm for DBM support
enabling DBM support for mod_rewrite
o dbm_auth_module uses ConfigStart/End
o db_auth_module uses ConfigStart/End
using Berkeley-DB/2.x for mod_auth_db (-ldb)
o ssl_module uses ConfigStart/End
+ SSL interface: mod_ssl/2.8.2
+ SSL interface build type: DSO
+ SSL interface compatibility: enabled
+ SSL interface experimental code: disabled
+ SSL interface conservative code: disabled
+ SSL interface vendor extensions: disabled
+ SSL interface plugin: Built-in SDBM
+ SSL library path: /usr/local/ssl
+ SSL library version: OpenSSL 0.9.6a 5 Apr 2001
+ SSL library type: installed package (stand-alone)
+ enabling Extended API (EAPI)
+ using -ldl for vendor DSO support
+ checking sizeof various data types
+ doing sanity check on compiler and options
Creating Makefile in src/support
Creating Makefile in src/regex
Creating Makefile in src/os/unix
Creating Makefile in src/ap
Creating Makefile in src/main
Creating Makefile in src/lib/expat-lite
Creating Makefile in src/modules/experimental
Creating Makefile in src/modules/standard
Creating Makefile in src/modules/extra
Creating Makefile in src/modules/proxy
Creating Makefile in src/modules/example
Creating Makefile in src/modules/ssl
—————————————————————————
/***** php configure & 아파치 소스트리에 포함시키기 ********/
[/usr/local/src/php-4.0.4pl1]# CFLAGS=’-02 -l/usr/local/ssl/openssl/include’ \\
> ./configure –with-apache=/usr/local/src/apache_1.3.19 \\
> –with-mysql=/usr/local/mysql \\
> –enable-memory-limit=yes \\
> –enable-debug=no \\
> –enable-track-vars \\
> –enable-versioning \\
> –with-config-file-path=/usr/local/httpd
+——————————————————————–+
| License: |
| This software is subject to the PHP License, available in this |
| distribution in the file LICENSE. By continuing this installation |
| process, you are bound by the terms of this license agreement. |
| If you do not agree with the terms of this license, you must abort |
| the installation process at this point. |
+——————————————————————–+
Thank you for using PHP.
[/usr/local/src/php-4.0.4pl1]# make
[/usr/local/src/php-4.0.4pl1]# make install
/***** mod_ssl, php 를 포함한 apache 컴파일 및 설치 ********/
[root@test apache_1.3.19]# SSL_BASE=/usr/local/ssl \\
> ./configure –prefix=/usr/local/httpd \\
> –enable-module=all –enable-shared=max \\
> –activate-module=src/modules/php4/libphp4.a \\
> –enable-module=php4
—————————————————————————
Configuring for Apache, Version 1.3.19
+ using installation path layout: Apache (config.layout)
+ activated php4 module (modules/php4/libphp4.a)
Creating Makefile
Creating Configuration.apaci in src
Creating Makefile in src
+ configured for Linux platform
+ setting C compiler to gcc
+ setting C pre-processor to gcc -E
+ checking for system header files
+ adding selected modules
o rewrite_module uses ConfigStart/End
+ using -lndbm for DBM support
enabling DBM support for mod_rewrite
o dbm_auth_module uses ConfigStart/End
o db_auth_module uses ConfigStart/End
using Berkeley-DB/2.x for mod_auth_db (-ldb)
o ssl_module uses ConfigStart/End
+ SSL interface: mod_ssl/2.8.2
+ SSL interface build type: DSO
+ SSL interface compatibility: enabled
+ SSL interface experimental code: disabled
+ SSL interface conservative code: disabled
+ SSL interface vendor extensions: disabled
+ SSL interface plugin: Built-in SDBM
+ SSL library path: /usr/local/ssl
+ SSL library version: OpenSSL 0.9.6a 5 Apr 2001
+ SSL library type: installed package (stand-alone)
o php4_module uses ConfigStart/End
+ enabling Extended API (EAPI)
+ using -ldl for vendor DSO support
+ checking sizeof various data types
+ doing sanity check on compiler and options
Creating Makefile in src/support
Creating Makefile in src/os/unix
Creating Makefile in src/ap
Creating Makefile in src/main
Creating Makefile in src/lib/expat-lite
Creating Makefile in src/modules/experimental
Creating Makefile in src/modules/standard
Creating Makefile in src/modules/extra
Creating Makefile in src/modules/proxy
Creating Makefile in src/modules/example
Creating Makefile in src/modules/ssl
Creating Makefile in src/modules/php4
—————————————————————————
[/usr/local/src/apache_1.3.19]# make
+———————————————————————+
| Before you install the package you now should prepare the SSL |
| certificate system by running the ‘make certificate’ command. |
| For different situations the following variants are provided: |
| |
| % make certificate TYPE=dummy (dummy self-signed Snake Oil cert) |
| % make certificate TYPE=test (test cert signed by Snake Oil CA) |
| % make certificate TYPE=custom (custom cert signed by own CA) |
| % make certificate TYPE=existing (existing cert) |
| CRT=/path/to/your.crt [KEY=/path/to/your.key] |
| |
| Use TYPE=dummy when you’re a vendor package maintainer, |
| the TYPE=test when you’re an admin but want to do tests only, |
| the TYPE=custom when you’re an admin willing to run a real server |
| and TYPE=existing when you’re an admin who upgrades a server. |
| (The default is TYPE=test) |
| |
| Additionally add ALGO=RSA (default) or ALGO=DSA to select |
| the signature algorithm used for the generated certificate. |
| |
| Use ‘make certificate VIEW=1’ to display the generated data. |
| |
| Thanks for using Apache & mod_ssl. Ralf S. Engelschall |
| rse at engelschall.com
|
| www.engelschall.com |
+———————————————————————+
[/usr/local/src/apache_1.3.19]# make certificate TYPE=existing \\
> CRT=/usr/local/ssl/bin/secure.test.co.kr.crt \\
> KEY=/usr/local/ssl/private/secure.test.co.kr.key
—————————————————————————
make[1]: Entering directory `/usr/local/src/apache_1.3.19/src’
SSL Certificate Generation Utility (mkcert.sh)
Copyright (c) 1998-2000 Ralf S. Engelschall, All Rights Reserved.
Using existing custom certificate [EXISTING]
______________________________________________________________________
RESULT: Server Certification Files
o conf/ssl.key/server.key
The PEM-encoded RSA private key file which you configure
with the ‘SSLCertificateKeyFile’ directive (automatically done
when you install via APACI). KEEP THIS FILE PRIVATE!
o conf/ssl.crt/server.crt
The PEM-encoded X.509 certificate file which you configure
with the ‘SSLCertificateFile’ directive (automatically done
when you install via APACI).
Congratulations that you establish your server with real certificates.
make[1]: Leaving directory `/usr/local/src/apache_1.3.19/src’
—————————————————————————
[/usr/local/src/apache_1.3.19]# make install
+——————————————————–+
| You now have successfully built and installed the |
| Apache 1.3 HTTP server. To verify that Apache actually |
| works correctly you now should first check the |
| (initially created or preserved) configuration files |
| |
| /usr/local/httpd/conf/httpd.conf
| |
| and then you should be able to immediately fire up |
| Apache the first time by running: |
| |
| /usr/local/httpd/bin/apachectl start
| |
| Or when you want to run it with SSL enabled use: |
| |
| /usr/local/httpd/bin/apachectl startssl
| |
| Thanks for using Apache. The Apache Group |
| http://www.apache.org/ |
+——————————————————–+