俺だけのために Ore! Tips!

Apache 1.3.27 + mod_ssl 1.48 のインストール

2003年02月28日 作業

まず、OpenSSL を最新に。(既に最新なら問題なし)

test# cd /usr/local/src
test# ls -la
total 53472
drwxr-xr-x 2 root wheel 512 Feb 28 15:48 .
drwxr-xr-x 14 root wheel 512 Feb 28 15:36 ..
-rw-r--r-- 1 root wheel 2306052 Nov 29 07:02 apache_1.3.27.tar.gz
-rw-r--r-- 1 root wheel 753529 Jan 16 19:27 mod_ssl-2.8.12-1.3.27.tar.gz
-rw-r--r-- 1 root wheel 2768454 Jan 14 14:49 openssl-0.9.7.tar.gz
test# tar xvfz openssl-0.9.7.tar.gz
openssl-0.9.7/apps/
openssl-0.9.7/apps/app_rand.c
openssl-0.9.7/apps/apps.c
openssl-0.9.7/apps/apps.h
<略>
openssl-0.9.7/VMS/ucx_shr_decc.opt
openssl-0.9.7/VMS/ucx_shr_vaxc.opt
openssl-0.9.7/VMS/WISHLIST.TXT
test# cd openssl-0.9.7
test# ./config
Operating system: i586-pc-freebsd4.7
Configuring for FreeBSD-elf
Configuring for FreeBSD-elf
IsWindows=0
CC =gcc
<略>
making links in tools...
Makefile => Makefile.ssl
generating dummy tests (if needed)...

Configured for FreeBSD-elf.
test# make
making all in crypto...
( echo "#ifndef MK1MF_BUILD"; echo ' /* auto-generated by crypto/Makefile.ssl for crypto/cversion.c */'; echo ' #define CFLAGS "gcc -DOPENSSL_THREADS -pthread -D_REENTRANT -D_THREAD_SAFE -D_THREADSAFE -DDSO_DLFCN -DHAVE_DLFCN_H -DOPENSSL_NO_KRB5 -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall -DSHA1_ASM -DMD5_ASM -DRMD160_ASM"'; echo ' #define PLATFORM "FreeBSD-elf"'; echo " #define DATE \"`LC_ALL=C LC_TIME=C date`\""; echo '#endif' ) >buildinf.h
<略>
making all in tools...
test# make install
making all in crypto...
making all in crypto/md2...
making all in crypto/md4...
making all in crypto/md5...
<略>
installing libcrypto.a
installing libssl.a
cp openssl.pc /usr/local/ssl/lib/pkgconfig
test#


これにて openssl のインストール終了。
つぎは Apache を configure まで。

test# cd ../
test# tar xvfz apache_1.3.27.tar.gz
apache_1.3.27/
apache_1.3.27/cgi-bin/
apache_1.3.27/cgi-bin/printenv
<略>
apache_1.3.27/src/support/suexec.c
apache_1.3.27/src/support/suexec.h
apache_1.3.27/src/Configuration
test# cd apache_1.3.27
test# ./configure --enable-module=so
Configuring for Apache, Version 1.3.27
+ using installation path layout: Apache (config.layout)
Creating Makefile
Creating Configuration.apaci in src
<略>
Creating Makefile in src/main
Creating Makefile in src/lib/expat-lite
Creating Makefile in src/modules/standard


Apache を configure まで済ませたら、mod_ssl の configure を行う。
これにより、mod_ssl のソース一式が Apache のソースツリー上に配置される。

test# cd ../
test# tar xvfz mod_ssl-2.8.12-1.3.27.tar.gz
mod_ssl-2.8.12-1.3.27/ANNOUNCE
mod_ssl-2.8.12-1.3.27/CHANGES
mod_ssl-2.8.12-1.3.27/CREDITS
<略>
mod_ssl-2.8.12-1.3.27/pkg.sslsup/
mod_ssl-2.8.12-1.3.27/pkg.sslsup/mkcert.sh
mod_ssl-2.8.12-1.3.27/pkg.sslsup/sslsup.patch
test# cd mod_ssl-2.8.12-1.3.27
test# ./configure --prefix=/usr/local/apache --with-apache=../apache_1.3.27 \
--enable-shared=ssl --with-ssl=/usr/local/ssl
Configuring mod_ssl/2.8.12 for Apache/1.3.27
+ Apache location: ../apache_1.3.27 (Version 1.3.27)
+ OpenSSL location: /usr/local/ssl
+ Auxiliary patch tool: ./etc/patch/patch (local)
<略>
Creating Makefile in src/modules/ssl

Now proceed with the following commands:
$ cd ../apache_1.3.27
$ make
$ make certificate
$ make install


これで、後は Apache の make を行うのみ!!

test# cd ../apache_1.3.27
test# make
===> src
===> src/os/unix
<略>
<=== src/support
+---------------------------------------------------------------------+
| Before you install the package you now should prepare the SSL       |
| certificate system by running the 'make certificate' command.       |
| For different situations the following variants are provided:       |
|                                                                     |
| % make certificate TYPE=dummy    (dummy self-signed Snake Oil cert) |
| % make certificate TYPE=test     (test cert signed by Snake Oil CA) |
| % make certificate TYPE=custom   (custom cert signed by own CA)     |
| % make certificate TYPE=existing (existing cert)                    |
|        CRT=/path/to/your.crt [KEY=/path/to/your.key]                |
|                                                                     |
| Use TYPE=dummy    when you're a  vendor package maintainer,         |
| the TYPE=test     when you're an admin but want to do tests only,   |
| the TYPE=custom   when you're an admin willing to run a real server |
| and TYPE=existing when you're an admin who upgrades a server.       |
| (The default is TYPE=test)                                          |
|                                                                     |
| Additionally add ALGO=RSA (default) or ALGO=DSA to select           |
| the signature algorithm used for the generated certificate.         |
|                                                                     |
| Use 'make certificate VIEW=1' to display the generated data.        |
|                                                                     |
| Thanks for using Apache & mod_ssl.       Ralf S. Engelschall        |
|                                          rse@engelschall.com        |
|                                          www.engelschall.com        |
+---------------------------------------------------------------------+
<=== src


取りあえず、ダミーの CERT でインストールしておく。
後で、Verisign などで正規のセキュア ID を取った場合は、httpd.conf 内の KEY ファイルや CERT ファイルの path を直すだけ。

test# make certificate TYPE=dummy
SSL Certificate Generation Utility (mkcert.sh)
Copyright (c) 1998-2000 Ralf S. Engelschall, All Rights Reserved.

Generating self-signed Snake Oil certificate [DUMMY]
______________________________________________________________________

RESULT: Server Certification Files

o conf/ssl.key/server.key
   The PEM-encoded RSA private key file which you configure
   with the 'SSLCertificateKeyFile' directive (automatically done
   when you install via APACI). KEEP THIS FILE PRIVATE!

o conf/ssl.crt/server.crt
   The PEM-encoded X.509 certificate file which you configure
   with the 'SSLCertificateFile' directive (automatically done
   when you install via APACI).

WARNING: Do not use this for real-life/production systems

test# make install
===> [mktree: Creating Apache installation tree]
./src/helpers/mkdir.sh /usr/local/apache/bin
mkdir /usr/local/apache
mkdir /usr/local/apache/bin
<略>
<=== [config]
+--------------------------------------------------------+
| You now have successfully built and installed the      |
| Apache 1.3 HTTP server. To verify that Apache actually |
| works correctly you now should first check the         |
| (initially created or preserved) configuration files   |
|                                                        |
|   /usr/local/apache/conf/httpd.conf
|                                                        |
| and then you should be able to immediately fire up     |
| Apache the first time by running:                      |
|                                                        |
|   /usr/local/apache/bin/apachectl start
|                                                        |
| Or when you want to run it with SSL enabled use:       |
|                                                        |
|   /usr/local/apache/bin/apachectl startssl
|                                                        |
| Thanks for using Apache.       The Apache Group        |
|                                http://www.apache.org/  |
+--------------------------------------------------------+

 このままでは、apachectl startssl で起動する度にパスフレーズを訊かれるので、下記の処理を行っておく。(と、思ったけど、TYPE=dumm だと必要ないな。)

test# cd /usr/local/apache/conf/ssl.key
test# cp -p server.key server.key.org
test# openssl rsa -in server.key.org -out server.key
read RSA key
writing RSA key
以上で、インストール終了。

前ページに戻る


Copyright (C) 2003-2004 S.Maaasamasa.