Bár nem kerestem, mert debian rendszer alatt tökéletesen összeharmonizálhatóak ezek a szolgáltatások, de beleakadtam ebbe a nagyon precíz és jó leírásba, ami végülis egy apache2 server beüzemelését irja le, ssl-es támogatással és php5-ös lehetőséggel. A leírás szerint szépen, ahogy kell mindent forrásból rakunk fel, és ehhez minden segítséget és paramétert szépen elmagyaráz nekünk a leírás az ssl kulcsok elkészítésétől fogva addig hogy milyen filet hova tegyünk. A végén 7. pontban pedig a php kódok feldolgozásának gyorsításának érdekében ajánl két kiegészítés a php-hoz a leírás készítője. Remélem hasznos kis leírás lesz ez másoknak is, de íme a mű:
Apache2-SSL-PHP5-Howto
(+ Zend Optimizer And IonCube Loader)
Version 1.0
Author: Falko Timme <ft [at] falkotimme [dot] com>
Last edited 04/11/2005
This document describes
how to install an Apache web server (2.0.x) with SSL and PHP5 (with Zend Optimizer
and ionCube Loader) enabled.
This howto is meant
as a practical guide; it does not cover the theoretical backgrounds. They are
treated in a lot of other documents in the web.
This document comes
without warranty of any kind!
1 Get The Sources
We need the following
software: openssl, apache (2.0.x), and PHP5. We will install the software from
the /tmp directory.
cd /tmp
wget http://www.openssl.org/source/openssl-0.9.7g.tar.gz
wget http://ftp.plusline.de/ftp.apache.org/httpd/httpd-2.0.53.tar.gz
Then go to http://www.php.net
and download the latest PHP version (5.0.4 at the time of this writing). Download
it to your /tmp directory.
2 Install Openssl
tar xvfz openssl-0.9.7g.tar.gz
cd openssl-0.9.7g
./config
make
make install
3 Configure
And Install Apache2
cd /tmp
tar xvfz httpd-2.0.53.tar.gz
cd httpd-2.0.53/
./configure –enable-ssl –with-ssl=/usr/local/ssl/ –enable-suexec –with-suexec-docroot=/usr/local
–enable-cgi –enable-rewrite –enable-so –enable-logio –prefix=/usr/local/apache
–enable-module=most –enable-shared=max –bindir=/usr/bin –sbindir=/usr/sbin
–sysconfdir=/etc/httpd
(1 line!)
Please note:
You can change the configure command to suit to your needs. Type
./configure
–help
to get a list of
all configuration options available!)
make
make install
This will install
Apache2 under /usr/local/apache.
The web root directory is /usr/local/apache/htdocs,
the log directory is /usr/local/apache/logs.
If we want to start
up our Apache2 with SSL support we have to generate the file /etc/httpd/ssl.crt/server.crt
because otherwise we will get an error message when we start Apache2.
mkdir /etc/httpd/ssl.crt
openssl genrsa -des3 -passout pass:asecretpassword -out /etc/httpd/ssl.crt/server.key.org
1024
openssl req -new -passin pass:asecretpassword -passout pass:asecretpassword
-key /etc/httpd/ssl.crt/server.key.org -out /etc/httpd/ssl.crt/server.csr -days
3650
openssl req -x509 -passin pass:asecretpassword -passout pass:asecretpassword
-key /etc/httpd/ssl.crt/server.key.org -in /etc/httpd/ssl.crt/server.csr -out
/etc/httpd/ssl.crt/server.crt -days 3650
openssl rsa -passin pass:asecretpassword -in /etc/httpd/ssl.crt/server.key.org
-out /etc/httpd/ssl.crt/server.key
mkdir /etc/httpd/ssl.key
mv /etc/httpd/ssl.crt/server.key /etc/httpd/ssl.key/server.key
chmod 400 /etc/httpd/ssl.key/server.key
(Please note:
It is safe to accept the default values for all the questions you see when you
create /etc/httpd/ssl.crt/server.crt
because in either case you will receive a warning in your browser if you try
to access an SSL site on your server:
If you do not want
to get this warning you will have to get a "real" SSL certificate
(but this is not for free!). Have a look at the following sites:
- http://www.instantssl.com/
(I would recommend this one.) - http://www.verisign.com/
- http://www.thawte.com/
- http://www.baltimore.com/
- http://www.ipsca.com/
- http://www.entrust.com/
- http://www.geotrust.com/
)
4 Install PHP5
cd /tmp
tar xvfz php-5.0.4.tar.gz
./configure –with-apxs2=/usr/sbin/apxs –with-mysql=/var/lib/mysql –enable-track-vars
–enable-sockets –with-config-file-path=/etc –enable-ftp –with-zlib –with-openssl=/usr/local/ssl
–enable-force-cgi-redirect –enable-exif –with-gd –enable-memory-limit –disable-debug
–disable-rpath –disable-static –with-pic –with-layout=GNU –enable-calendar
–enable-sysvsem –enable-sysvshm –enable-sysvmsg –enable-trans-sid –enable-bcmath
–with-bz2 –enable-ctype –with-db4 –with-iconv –enable-filepro –with-gettext
–enable-mbstring –enable-shmop –enable-wddx –disable-xml –with-xmlrpc –enable-yp
–with-zlib –without-pgsql –enable-dbx –enable-experimental-zts –without-mm
–enable-gd-native-ttf –with-imap-ssl –enable-soap –enable-dbase (1
line!)
(Please note:
You can change the configure command to suit to your needs. Type
./configure
–help
to get a list of
all configuration options available! In PHP5, you must specify the –with-mysql[=DIR]
option, otherwise PHP5 will not have MySQL support! And yes, MySQL has to be
installed before you run the ./configure
statement. If you install MySQL From a package (.rpm or .deb), be sure that
you also install the corresponding mysql-devel package! Otherwise the ./configure
statement will abort with an error message.
If you use –with-gd,
and you get an error message because of a missing libpng
library, install it and then re-run the configure command. On Debian,
apt-get install libpng-dev
libpng2 libpng2-dev libpng3
worked fine for
me to install libpng.
If you have an rpm-based distribution, use http://www.rpmfind.net
to find an rpm for you, or have a look at http://www.libpng.org/pub/png/libpng.html.)
make
make install
This will install
a PHP binary (normally under /usr/local/bin/php)
that can be run from the command line as well as an Apache module.
Now we have to
create /etc/php.ini. The easiest way is to take the one that comes with the
PHP sources:
cp /tmp/php-5.0.4/php.ini-dist
/etc/php.ini
If you like you
can now modify /etc/php.ini
to suit to your needs.
5 Configure
Apache
Now we have to
add the following entries in /etc/httpd/httpd.conf
(in the section where document types are handled; there should be entries like
AddHandler or AddType):
AddHandler cgi-script .cgi
AddHandler cgi-script .pl
AddType text/html .shtml
AddOutputFilter INCLUDES .shtml
AddType application/x-httpd-php .php .php5 .php4 .php3
Create /etc/init.d/httpd:
#!/bin/sh case "$1" in start) /usr/sbin/apachectl startssl ;; stop) /usr/sbin/apachectl stop ;; restart) $0 stop && sleep 3 $0 start ;; reload) $0 stop $0 start ;; *) echo "Usage: $0 {start|stop|restart|reload}" exit 1 esac |
chmod 755 /etc/init.d/httpd
In order to start
your
Apache at boot time do the following:
ln -s /etc/init.d/httpd
/etc/rc2.d/S20httpd
ln -s /etc/init.d/httpd
/etc/rc3.d/S20httpd
ln -s /etc/init.d/httpd
/etc/rc4.d/S20httpd
ln -s /etc/init.d/httpd
/etc/rc5.d/S20httpd
ln -s /etc/init.d/httpd
/etc/rc0.d/K20httpd
ln -s /etc/init.d/httpd
/etc/rc1.d/K20httpd
ln -s /etc/init.d/httpd
/etc/rc6.d/K20httpd
Then start your
Apache:
/etc/init.d/httpd start
6 Test Your
Configuration
netstat -tap
should show you
that Apache2 uses the ports 80 (http) and 443 (https).
Now go to /usr/local/apache/htdocs
and create a file called info.php
with the following contents:
<?php phpinfo(); php?> |
Try to access it
with your browser (e.g. using the IP address of the server) via http
(e.g. http://192.168.0.1/info.php)
and https (https://192.168.0.1/info.php).
The output should look similar to this screenshot:
7 Install Zend
Optimizer And IonCube Loader
If you want to
run PHP files that have been encoded with the Zend
Encoder you need the Zend Optimizer. If you want to run PHP files that have
been encoded with the ionCube
PHP Encoder you need the ionCube Loader. I will show how to install both.
IonCube Loader
Get the latest
version of the ionCube Loader from http://downloads.ioncube.com/loader_downloads.
cd /tmp/
wget http://downloads.ioncube.com/loader_downloads/ioncube_loaders_lin_x86.tar.gz
tar xvfz ioncube_loaders_lin_x86.tar.gz
cd ioncube/
mkdir /usr/local/lib/ioncube
mv ioncube_loader_lin_5.0.so /usr/local/lib/ioncube/
Now edit /etc/php.ini
and add the line zend_extension=/usr/local/lib/ioncube/ioncube_loader_lin_5.0.so
right at the beginning:
[PHP] zend_extension=/usr/local/lib/ioncube/ioncube_loader_lin_5.0.so |
Zend Optimizer
Get the latest
version of the Zend Optimizer from http://www.zend.com/store/free_download.php
and save it in your /tmp/
directory.
cd /tmp/
tar xvfz ZendOptimizer-2.5.7-linux-glibc21-i386.tar.gz
cd ZendOptimizer-2.5.7-linux-glibc21-i386/data/5_0_x_comp/
mkdir /usr/local/lib/Zend
mv ZendOptimizer.so /usr/local/lib/Zend/
Edit /etc/php.ini
and add two more lines to the [PHP]
section of the file at the beginning so that it looks like this:
[PHP] zend_extension=/usr/local/lib/ioncube/ioncube_loader_lin_5.0.so zend_extension=/usr/local/lib/Zend/ZendOptimizer.so zend_optimizer.optimization_level=15 |
Now restart Apache2:
/etc/init.d/httpd restart
If you reload your
info.php that you created
in step 6 you should now see that the ionCobe Loader and the Zend Optimizer
are mentioned on the page:
Links
Apache: http://www.apache.org/
OpenSSL: http://www.openssl.org/
PHP: http://www.php.net/
Zend: http://www.zend.com/
ionCube: http://www.ioncube.com/