O B S D . Free shell - darmowe konta shell. OBSD.eu.org -

apache + ...

Bezpieczny sposób instalacji apacza + ble ble ble........ zobacz sam z czym ;)

src@giga:~$ wget http://www.apache.net.pl/httpd/apache_1.3.41.tar.gz
src@giga:~$ tar zxvf apache_1.3.41.tar.gz
src@giga:~$ wget http://pl2.php.net/get/php-4.4.8.tar.gz/from/pl.php.net/mirror
src@giga:~$ tar zxvf php-4.4.8.tar.gz
src@giga:~$ wget http://www.modssl.org/source/mod_ssl-2.8.30-1.3.39.tar.gz
src@giga:~$ tar zxvf mod_ssl-2.8.30-1.3.39.tar.gz
src@giga:~$ wget http://www.openssl.org/source/openssl-0.9.8g.tar.gz
src@giga:~$ tar zxvf openssl-0.9.8g.tar.gz
src@giga:~$ cd openssl-0.9.8g
src@giga:~/openssl-0.9.8g$ ./config
src@giga:~/openssl-0.9.8g$ make
src@giga:~/openssl-0.9.8g$ make test
src@giga:~/openssl-0.9.8g$ su -c "make install"
src@giga:~/openssl-0.9.8g$ su -c "vi /etc/profile"
src@giga:~/openssl-0.9.8g$ cd

I ustawiamy $PATH, wpis mniej więcej powinien wyglądać następująco:
# Path manipulation if [ `id -u` = 0 ]; then
pathmunge /sbin
pathmunge /usr/sbin
pathmunge /usr/local/sbin
pathmunge /usr/local/ssl/bin
fi

Wpis w debianie wygląda troszeczkę inaczej.
PATH="/usr/local/bin:/usr/bin:/bin:/usr/bin/X11:/usr/games:/usr/local/ssl/bin"

Ale najwygodniej dopisać sobie /usr/local/ssl/bin do .profile coś w ten deseń:

PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/bin/X11:/usr/local/ssl/bin

Kolejny plik który wymaga zmian to /etc/ld.so.conf.d/i486-linux-gnu.conf a powinna się w nim znaleźć linia /usr/local/ssl/lib
Żeby wszystko grało i bucało wydaj polecenie :

src@giga:~$ su -c "/sbin/ldconfig"
src@giga:~$ cd /usr/local/
src@giga:/usr/local$ su -c "ln -s ssl openssl"

Pora na kalafiora (klumczyki). Nie będe się rozpisywał co oznacza składnia polecenia bo nie taki jest cel tego arta. Nie chcesz to nieczytaj, chesz to googlnij.

src@giga:/usr/local$su -
root@giga:/etc/ssl> cd /etc/ssl
root@giga:/etc/ssl> openssl genrsa -des3 -out ca.key 1024
Generating RSA private key, 1024 bit long modulus
..........................++++++
.....++++++
e is 65537 (0x10001)
Enter pass phrase for ca.key:
Verifying - Enter pass phrase for ca.key:

root@giga:/etc/ssl> openssl req -new -x509 -key ca.key -out ca.crt -days 1024
Enter pass phrase for ca.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:PL
State or Province Name (full name) [Some-State]:Lodz
Locality Name (eg, city) []:Ozorkow
Organization Name (eg, company) [Internet Widgits Pty Ltd]:PROINFO
Organizational Unit Name (eg, section) []:Dzial Informatyczny
Common Name (eg, YOUR name) []:poczta.proinfo.com.pl
Email Address []: bok@proinfo.com.pl

root@giga:/etc/ssl> chmod 400 ca.key ca.crt

root@giga:/etc/ssl> openssl genrsa -des3 -out server.key 1024
Generating RSA private key, 1024 bit long modulus
................................................++++++
............++++++
e is 65537 (0x10001)
Enter pass phrase for server.key:
Verifying - Enter pass phrase for server.key:

Tutaj ważna wzmianka !!! Przy Organization Name i Organizational Unit Name podaj coś innego niże w ca.* W pozycji " A challenge password []: " nic nie wpisuj A w pozycji " An optional company name []: " wpisz nazwę swojej domeny.

root@giga:/etc/ssl> openssl req -new -key server.key -out server.csr
Enter pass phrase for server.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:PL
State or Province Name (full name) [Some-State]:Lodz
Locality Name (eg, city) []:Ozorkow
Organization Name (eg, company) [Internet Widgits Pty Ltd]:U.I. PROINFO
Organizational Unit Name (eg, section) []:Dział Informatyczny
Common Name (eg, YOUR name) []:poczta.proinfo.com.pl
Email Address []:bok@proinfo.com.pl

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:poczta.proinfo.com.pl

root@giga:/etc/ssl> cp ca.* server.* /home/src/mod_ssl-2.8.30-1.3.39/pkg.contrib/
root@giga:/etc/ssl> cd /home/src/mod_ssl-2.8.30-1.3.39/pkg.contrib/
root@giga:/home/src/mod_ssl-2.8.30-1.3.39/pkg.contrib> ./sign.sh server.csr
CA signing: server.csr -> server.crt:
Using configuration from ca.config
Enter pass phrase for ./ca.key:
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName :PRINTABLE:'PL'
stateOrProvinceName :PRINTABLE:'Lodz'
localityName :PRINTABLE:'Ozorkow'
organizationName :PRINTABLE:'U.I. PROINFO'
organizationalUnitName:T61STRING:'Dzia\0xFFFFFFB3 Informatyczny'
commonName :PRINTABLE:'poczta.proinfo.com.pl'
emailAddress :IA5STRING:bok@proinfo.com.pl'
Certificate is to be certified until Oct 29 07:57:59 2008 GMT (365 days)
Sign the certificate? [y/n]:y

1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
CA verifying: server.crt <-> CA cert
server.crt: OK

root@giga:/home/src/mod_ssl-2.8.30-1.3.39/pkg.contrib> rm -f ca.crt ca.key
root@giga:/home/src/mod_ssl-2.8.30-1.3.39/pkg.contrib>mkdir /etc/ssl/apache
root@giga:/home/src/mod_ssl-2.8.30-1.3.39/pkg.contrib> mv server.key server.crt /etc/ssl/apache
root@giga:/home/src/mod_ssl-2.8.30-1.3.39/pkg.contrib> cd /etc/ssl
root@giga:/etc/ssl> rm -f server*

Certyfikaty z głowy.

src@giga:~$ cd apache_1.3.41
src@giga:~/apache_1.3.41$ ./configure
src@giga:~/apache_1.3.41$ cd ../php-4.4.8/
src@giga:~/php-4.4.8$ ./configure --with-apache=../apache_1.3.41 --prefix=/usr/local/lib/php4.4.8/ --with-mysql --with-pgsql=/usr/local/pgsql/ --with-bz2 --with-zlib --with-xml --with-jpeg --with-jpeg-dir=/usr/bin/ --with-gd --with-png --with-zip --with-interbase=/opt/firebird/ --enable-exif --enable-soap --with-xslt-sablot

Nie chce mi się tłumaczy co, gdzie, jaki i dlaczego .... ja takie właśnie opcje potrzebuje.

src@giga:~/php-4.4.8$ make
src@giga:~/php-4.4.8$ su -c "make install"
src@giga:~/php-4.4.8$ su -c "cp php.ini-dist /usr/local/lib/php/php.ini"
src@giga:~/php-4.4.8$ su -c " chmod 400 /etc/ssl/apache/* "
src@giga:~/php-4.4.8$ cd ../mod_ssl-2.8.30-1.3.39
src@giga:~/mod_ssl-2.8.30-1.3.39$ ./configure --with-apache=../apache_1.3.41\
--with-crt=/etc/ssl/apache/server.crt --with-key=/etc/ssl/apache/server.key

I to w zupełności wystarczy.

src@giga:~/mod_ssl-2.8.30-1.3.39$ cd ../apache_1.3.41
src@giga:~/apache_1.3.39$ SSL_BASE=/usr/ ./configure --prefix=/usr/local/apache-1.3.41/ --enable-module=ssl --enable-module=so --activate-module=src/modules/php4/libphp4.a --enable-module=rewrite

src@giga:~/mod_ssl-2.8.30-1.3.39$ make
src@giga:~/mod_ssl-2.8.30-1.3.39$ su -c "make install"

Przyda się jeszcze eaccelerator znacznie przyśpiesza php'a i takie tam.

src@giga:~/mod_ssl-2.8.30-1.3.39$ cd
src@giga:~$ wget
http://ovh.dl.sourceforge.net/sourceforge/eaccelerator/eaccelerator-0.9.5.2.tar.bz2
src@giga:~$ bzip2 -dc eaccelerator-0.9.5.2.tar.bz2 |tar xvf -
src@giga:~$ cd eaccelerator-0.9.5.2
src@giga:~/eaccelerator-0.9.5.2$ export PHP_PREFIX="/usr/local/lib/php4/"
src@giga:~/eaccelerator-0.9.5.2$ $PHP_PREFIX/bin/phpize
src@giga:~/eaccelerator-0.9.5.2$ ./configure --enable-eaccelerator=shared \
--with-php-config=$PHP_PREFIX/bin/php-config
src@giga:~/eaccelerator-0.9.5.2$ make
src@giga:~/eaccelerator-0.9.5.2$ make install

Pozostaje zdjąć hasełko co by apacz odpalał się nie pytając o hasło

src@giga:~/eaccelerator-0.9.5.2$ su -
root@giga:~> cd /etc/ssl/apache/
root@giga:/etc/ssl/apache> cp server.key server.key.old
root@giga:/etc/ssl/apache> openssl rsa -in server.key.old -out server.key
root@giga:/etc/ssl/apache> chmod 400 server.key
To na tyle. Konfiguracja php.ini i httpd.conf to inna bajka