LDP
/
LDP
mirror of https://github.com/tLDP/LDP
0
1
Fork 0
Code Releases Activity
LDP/LDP/howto/docbook/Apache-Compile-HOWTO.sgml

2343 lines
68 KiB
Plaintext
Raw Blame History

<!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook V3.1//EN">
<article>
<artheader>
<title>Apache Compile HOWTO (Linux edition)</title>
<author>
<firstname>Luc</firstname>
<surname>de Louw</surname>
<affiliation>
<address>
<email>luc at delouw.ch</email>
</address>
</affiliation>
</author>
<revhistory>
<revision>
<revnumber>1.9.15</revnumber>
<date>2002-06-19</date>
<revremark>Updated to mod_ssl-2.8.9-1.3.26 and removed the temporary patch.
</revremark>
</revision>
<revision>
<revnumber>1.9.14</revnumber>
<date>2002-06-19</date>
<revremark>Updated to Apache 1.3.26 to fix security-hole CERT CA-2002-17 it is strongly recommanded that users shoud update
immediately, Added (temporay) patch to get mod_ssl 2.8.8 working with 1.3.26, Added --without-debug to mysql configure
</revremark>
</revision>
<revision>
<revnumber>1.9.13</revnumber>
<date>2002-06-15</date>
<revremark>updates of software mentioned in the HOWTO, added how to bind MySQL to a specific IP, some minor changes and corrections
</revremark>
</revision>
<revision>
<revnumber>1.9.12</revnumber>
<date>2002-04-22</date>
<revremark>Added mod_gzip and mod_gunzip, Corrected some typos, updates of software mentioned in the HOWTO, separated the
additional modules into an own section.
</revremark>
</revision>
<revision>
<revnumber>1.9.11</revnumber>
<date>2002-04-07</date>
<revremark>Corrected lots of typos (non-technical), updates of software mentioned in the HOWTO
</revremark>
</revision>
<revision>
<revnumber>1.9.11-pre1</revnumber>
<date>2002-03-15</date>
<revremark>Corrected some grammar, updates of software mentioned in the HOWTO
</revremark>
</revision>
<revision>
<revnumber>1.9.10</revnumber>
<date>2002-03-09</date>
<revremark>Corrected some grammar, updates of software mentioned in the HOWTO
</revremark>
</revision>
<revision>
<revnumber>1.9.9</revnumber>
<date>2002-02-11</date>
<revremark>Fixed a major bug in openssl config, restructured the document, added sources for further informations
</revremark>
</revision>
<revision>
<revnumber>1.9.8</revnumber>
<date>2002-02-08</date>
<revremark>Updates of software mentioned in the HOWTO, and fixed some bugs</revremark>
</revision>
<revision>
<revnumber>1.9.7</revnumber>
<date>2001-12-26</date>
<revremark>Updates of software mentioned in the HOWTO, tested the HOWTO
procedures on Linux running on IBM S/390 (zSeries)
Machines (See "platforms" for more info),
Added some basic support for Tomcat (Binaries only)</revremark>
</revision>
<revision>
<revnumber>1.9.6</revnumber>
<date>2001-10-27</date>
<revremark>Updates of software mentioned in the HOWTO, and fixed some bugs</revremark>
</revision>
<revision>
<revnumber>1.9.5</revnumber>
<date>2001-08-27</date>
<revremark>Yet another rewrite in DocBook 3.1</revremark>
</revision>
<revision>
<revnumber>1.9.4</revnumber>
<date>2001-08-26</date>
<revremark>Updated the Software-Versions mentioned in the document, corrected some typos</revremark>
</revision>
<revision>
<revnumber>1.9.3</revnumber>
<date>2001-06-23</date>
<revremark>Current Version 2.0.0-pre3 in Linux DocBook format</revremark>
</revision>
<revision>
<revnumber>1.0.0</revnumber>
<date>2000-08-05</date>
<revremark>First publication of the html-based document</revremark>
</revision>
</revhistory>
<abstract>
<indexterm>
<primary>Apache, mod_perl, mod_dav, mod_auth_ldap, mod_dynvhost, mod_roaming, mod_jserv, and mod_php</primary>
</indexterm>
<para>
This document describes howto compile the Apache Webserver with the most important
modules like mod_perl, mod_dav, mod_auth_ldap, mod_dynvhost, mod_roaming, mod_jserv, and mod_php
</para>
</abstract>
</artheader>
<sect1 id="intro">
<title>Introduction</title>
<sect2>
<title>Contributors and Contacts</title>
<para>
First I would thank all those people who send questions and suggestions that made a
further development of this document possible. It shows me, sharing knowledge is the right way.
I would encourage you to send me more suggestion, just write me an email <email>luc at delouw.ch</email>
</para>
</sect2>
<sect2>
<title>Why I wrote this document</title>
<para>
All Linux-distributions I tested had a non-optimal default setup of Apache. Additionally all major
distributions don't have current versions of Apache.
</para>
<para>
Finally no commercial Unix are delivered with pre-installed Apache
</para>
<para>
Since I am installing a lot of customized webservers on different Un*xes therefor I wrote a
plaintext document and placed it on my website so I can access it at work. Later a friend
posted the URL to a mailinglist, and the first questions arrived. So I decided to put more information
on the page.
</para>
<para>
After a lot of people requested the document as an &ldquo;official&rdquo; HOWTO, I decided to prepare it to be one
</para>
</sect2>
<sect2>
<title>What this document is supposed to be</title>
<para>
Compiling all the items described below needs a lot of configure-options that
nobody can memorize. This is supposed to be a &ldquo;copy-paste-ready&rdquo; text to compile
apache and friends
</para>
<para>
Also, people should learn how to build a full-featured
Apache-webserver by themself to be independent from any Linux distributors.
</para>
</sect2>
<sect2>
<title>What this document doesn't do for you</title>
<para>
It is just a Document, not a script that makes the work for you. You have to do all the steps by yourself.
</para>
</sect2>
<sect2>
<title>Platforms</title>
<para>
The original document was for all major Un*x platforms. Now the HOWTOs are
separated for each platform. You will find the same document adapted for:
</para>
<itemizedlist>
<listitem><para>Linux (This Document)</para></listitem>
<listitem><para>IBM AIX 4.3 and 5.1L</para></listitem>
<listitem><para>Sun Solaris 6/7/8</para></listitem>
<listitem><para>Hewlett-Packard HP-UX 11</para></listitem>
<listitem><para>&lcub;Free|Net|Open&rcub;-BSD</para></listitem>
</itemizedlist>
<para>
Important Notice for users running Linux on IBM S/390 (zSeries): PostgreSQL and Jserv wont compile on that system.
All other programs and modules mentioned in the HOWTO are working perfectly
</para>
<para>
Other Un*x-platforms: Feel free to create a guest-account for me on your Un*x platform, so I can have a look at the
differences.
</para>
<para>
Windows-Users: I'm sorry, I'm too young for a heart-attack, You will need to upgrade your machine
to a &ldquo;real&ldquo; operating system ;-)
</para>
</sect2>
<sect2 id="copyright">
<title>Copyright Information</title>
<para>
This document is copyrighted (c) 2000, 2001, 2002 Luc de Louw and is
distributed under the terms of the Linux Documentation Project
(LDP) license, stated below.
</para>
<para>
Unless otherwise stated, Linux HOWTO documents are
copyrighted by their respective authors. Linux HOWTO documents may
be reproduced and distributed in whole or in part, in any medium
physical or electronic, as long as this copyright notice is
retained on all copies. Commercial redistribution is allowed and
encouraged; however, the author would like to be notified of any
such distributions.
</para>
<para>
All translations, derivative works, or aggregate works
incorporating any Linux HOWTO documents must be covered under this
copyright notice. That is, you may not produce a derivative work
from a HOWTO and impose additional restrictions on its
distribution. Exceptions to these rules may be granted under
certain conditions; please contact the Linux HOWTO coordinator at
the address given below.
</para>
<para>
In short, we wish to promote dissemination of this
information through as many channels as possible. However, we do
wish to retain copyright on the HOWTO documents, and would like to
be notified of any plans to redistribute the HOWTOs.
</para>
<para>
If you have any questions, please contact
<email>linux-howto at metalab.unc.edu</email>
</para>
</sect2>
<sect2 id="disclaimer">
<title>Disclaimer</title>
<para>
No liability for the contents of this documents can be accepted.
Use the concepts, examples and other content at your own risk.
As this is a new edition of this document, there may be errors
and inaccuracies, that may of course be damaging to your system.
Proceed with caution, and although this is highly unlikely,
the author(s) do not take any responsibility for that.
</para>
<para>
All copyrights are held by their by their respective owners, unless
specifically noted otherwise. Use of a term in this document
should not be regarded as affecting the validity of any trademark
or service mark.
</para>
<para>
Naming of particular products or brands should not be seen
as endorsements.
</para>
<para>
You are strongly recommended to take a backup of your system
before major installation and backups at regular intervals.
</para>
</sect2>
<sect2 id="newversions">
<title>New Versions</title>
<indexterm>
<primary>(your index root)!news on</primary>
</indexterm>
<para>
This is the 13th Revision
</para>
<para>
New revisions of this document will be announced at <ulink url="http://freshmeat.net/apacompile">
http://freshmeat.net/apacompile</ulink>
</para>
<para>
The latest version of this document is to be found at
<ulink url="http://www.delouw.ch/linux">http://www.delouw.ch/linux</ulink>
</para>
<para>
</para>
<para>
<itemizedlist>
<listitem>
<para>
<ulink url="http://www.delouw.ch/linux/Apache-Compile-HOWTO/html/index.html">HTML</ulink>.
</para>
</listitem>
<listitem>
<para>
<ulink url="http://www.delouw.ch/linux/Apache-Compile-HOWTO/Apache-Compile-HOWTO.ps">Postscript (ISO A4 format)</ulink>.
</para>
</listitem>
<listitem>
<para>
<ulink URL="http://www.delouw.ch/linux/Apache-Compile-HOWTO/Apache-Compile-HOWTO.pdf">Acrobat PDF</ulink>.
</para>
</listitem>
<listitem>
<para>
<ulink URL="http://www.delouw.ch/linux/Apache-Compile-HOWTO/Apache-Compile-HOWTO.sgml">SGML Source</ulink>.
</para>
</listitem>
<listitem>
<para>
<ulink url="http://www.delouw.ch/linux/Apache-Compile-HOWTO/Apache-Compile-HOWTO.html.tar.gz">HTML gzipped tarball</ulink>.
</para>
</listitem>
</itemizedlist>
</para>
</sect2>
<sect2 id="credits">
<title>Credits</title>
<para>
I would thank all the nice people at <email> discuss (at) linuxdoc.org</email> for
supporting me in writing HOWTOs
</para>
</sect2>
<!-- Section2: feedback -->
<sect2 id="feedback">
<title>Feedback</title>
<para>
Feedback is most certainly welcome for this document. Without
your submissions and input, this document wouldn't exist. Please
send your additions, comments and critics to the following
email address : <email>luc at delouw.ch</email>.
</para>
</sect2>
<!-- Section2: translations -->
<sect2 id="translations">
<title>Translations</title>
<para>
At the moment there are translations available for:
<itemizedlist>
<listitem>
<para>
<ulink url="http://www.delouw.ch/linux/DE-Apache-Compile-HOWTO/html/index.html">German</ulink>
</para>
</listitem>
<listitem>
<para>
<ulink url="http://www.delouw.ch/linux/FR-Apache-Compile-HOWTO/html/index.html">French</ulink>
</para>
</listitem>
</itemizedlist>
</para>
<para>
Translations to other languages are always welcome. If you translated this document, please let
me know, so I can set a link here
</para>
</sect2>
<sect2><title>About the author</title>
<para>Luc (in english Luke) is 29 years old, playing around with computers since 20years.
Currently he is working as Unix System Engineer for an IT-corporation located in Kloten (Zurich), Switzerland.
Main-focus is developing all flavors of innovative Systems running on Linux (and other Un*xes) .
Further, for all major Un*x platforms all the &ldquo;impossible&rdquo; tasks will end up on his
desk (yes, its funny and he loves it!)</para>
</sect2>
</sect1>
<sect1 id="prereqs">
<title>Prerequisites</title>
<sect2><title>General</title>
<itemizedlist>
<listitem><para>flex 2.54</para></listitem>
<listitem><para>bison 1.28</para></listitem>
<listitem><para>autoconf 2.52</para></listitem>
<listitem><para>automake 1.4</para></listitem>
<listitem><para>libtool 1.4</para></listitem>
<listitem><para>yacc-91.7.30</para></listitem>
<listitem><para>freetype2-devel</para></listitem>
<listitem><para>re2c (Only if PHP to be built from CVS tree)</para></listitem>
</itemizedlist>
<para>To be continued</para>
<para>
All major distributions will include this general prerequisites
</sect2>
<sect2><title>Distribution specific</title>
<sect3><title>SuSE Linux</title>
<sect4><title>SuSE Linux 7.1 (maybe applicable to other distributions)</title>
<para>SuSE 7.1 and maybe other distributions have problems to build apache 1.3.19
(1.3.20 and later are okay) with mod_rewrite</para>
<para>To correct this misbehavior create a symlink:</para>
<screen>cd /usr/include/db1
ln -s ../ndbm.h ndbm.h
</screen>
<para>In SuSE 7.2 and later this issue is fixed</para>
</sect4>
</sect3>
</sect2>
<sect2><title>OpenSSL</title>
<sect3><title>What is OpenSSL</title>
<para>Quoting www.openssl.org</para>
<para><emphasis>The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured,
and Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1)
protocols as well as a full-strength general purpose cryptography library. The project is managed by a
worldwide community of volunteers that use the Internet to communicate, plan, and develop the OpenSSL toolkit
and its related documentation.</emphasis></para>
<para><emphasis>OpenSSL is based on the excellent SSLeay library developed by Eric A. Young and Tim J. Hudson.
The OpenSSL toolkit is licensed under an Apache-style license, which basically means that you are free
to get and use it for commercial and non-commercial purposes subject to some simple license conditions.</emphasis></para>
<para><emphasis>From authors points of view, its the basic to build a secure Unix-Server with Opensource Software, its needed
for all major products like mod_ssl, OpenSSH and lot of other stuff that provides encrypted Data-processing</emphasis></para>
<para>OpenSSL provides the libraries and include-files needed be the products mentioned above and also provides
a Application to build Server and client-Certificates.</para>
</sect3>
<sect3><title>Download the source</title>
<para>Origin-Site
<ulink url="http://www.openssl.org">http://www.openssl.org</ulink>
</para>
</sect3>
<sect3><title>Building and installing</title>
<screen>cd /usr/local
tar -xvzf openssl-0.9.6d.tar.gz
cd openssl-0.9.6d
./config shared
make
make test
make install
echo "/usr/local/ssl/lib" >> /etc/ld.so.conf
ldconfig
</screen>
</sect3>
</sect2>
<sect2><title>MySQL</title>
<sect3><title>What is MySQL</title>
<para>
Mysql is a very fast, powerful and very nice to handle Database.</para>
<para>Especially for Webapplication where most access is read and few write,
MySQL is the first choice. The newest
Version is also transaction-capable. If you plan a Webapplication,
that writes a lot of Data into the DB, maybe PostgreSQL is
better suited for your project</para>
<para>You need the C-API from Mysql for compiling php if you
wish MySQL-Support in php. It is also needed if you want to use mod_authmysql, See <xref linkend="authmysql"> for more information</para>
</sect3>
<sect3><title>Download</title>
<para>
Origin-Site: <ulink url="http://www.mysql.com/downloads/">http://www.mysql.com/downloads/</ulink>
</para>
</sect3>
<sect3><title>Building and installing</title>
<screen>
cd /usr/local
tar -xvzf mysql-3.23.51.tar.gz
cd mysql-3.23.51
./configure \
--prefix=/usr/local/mysql \
--enable-assembler \
--with-innodb \
--without-debug
make
make install
/usr/local/mysql/bin/mysql_install_db
echo /usr/local/mysql/lib/mysql >> /etc/ld.so.conf
ldconfig
</screen>
<para>
For security-improvement add a mysql-user on your system i.e. "mysql", then
</para>
<screen>
chown -R mysql /usr/local/mysql/var
</screen>
<para>
you may wish to start mysql automatically at boottime, copy <filename>/usr/local/mysql/share/mysql/mysql.server</filename>
to <filename>/etc/init.d/</filename> (or wherever your rc-script are located) and create the corresponding symbolic
link in the runlevel directories.
<screen>
cp /usr/local/mysql/share/mysql/mysql.server /etc/init.d/
ln -s /etc/init.d/mysql.server /etc/init.d/rc3.d/S20mysql
ln -s /etc/init.d/mysql.server /etc/init.d/rc3.d/K20mysql
</screen>
</para>
</sect3>
<sect3><title>Securing MySQL</title>
<para>This part is only optional, and describes how to bind the MySQL daemon to the localhost IP</para>
<para>I suggest to just bind mysql to the loopback-interface 127.0.0.1. This makes sure nobody can connect to your
MySQL-Daemon via the network. But of course it only makes sense if MySQL runs on the same box like the webserver.</para>
<para>
edit <filename>/etc/init.d/mysql.server</filename> and edit line 107 as following:</para>
<para>Original line:</para>
<screen>
$bindir/safe_mysqld --datadir=$datadir --pid-file=$pid_file&
</screen>
<para>Changed line:</para>
<screen>
$bindir/safe_mysqld --datadir=$datadir --pid-file=$pid_file \
--bind-address=127.0.0.1&
</screen>
</sect3>
</sect2>
<sect2><title>Building mm</title>
<sect3><title>What is mm</title>
<para>Quoting www.engelschall.com</para>
<para>The MM library is a 2-layer abstraction library which simplifies the usage of shared memory between forked
(and this way strongly related) processes under Unix platforms. On the first layer it hides all platform dependent
implementation details (allocation and locking) when dealing with shared memory segments and on the second layer
it provides a high-level malloc(3)-style API for a convenient and well known way to work with data-structures
inside those shared memory segments. </para>
<para>From the authors point of view:</para>
<para>It is a common lib that enables Unix-Programmers to simplify shm accesses. It is used by many products, i.e.
PHP and mod_ssl</para>
<para>Since the author is not a programmer, he is unable to explain the exact usage of that lib</para>
</sect3>
<sect3><title>Download</title>
<para>Origin Site: <ulink url="http://www.engelschall.com/sw/mm/mm-1.1.3.tar.gz">http://www.engelschall.com/sw/mm/mm-1.1.3.tar.gz</ulink>
</para>
</sect3>
<sect3><title>Building and installing</title>
<screen>
cd /usr/local
tar -xvzf mm-1.1.3.tar.gz
cd mm-1.1.3
./configure
make
make test
make install
ldconfig
</screen>
</sect3>
</sect2>
</sect1>
<sect1 id="apache">
<title>Getting, build and install Apache with its basic modules</title>
<sect2><title>Get and untar the Apache Source</title>
<sect3><title>What is Apache</title>
<para>Quoting www.apache.org</para>
<para>The Apache Project is a collaborative software development effort aimed at creating a robust, commercial-grade,
featureful, and freely-available source code implementation of an HTTP (Web) server. The project is jointly managed
by a group of volunteers located around the world, using the Internet and the Web to communicate, plan, and develop
the server and its related documentation. These volunteers are known as the Apache Group. In addition, hundreds
of users have contributed ideas, code, and documentation to the project. This file is intended to briefly describe
the history of the Apache Group and recognize the many contributors.</para>
<para>From the authors point of view:</para>
<para>It is simply the best Webserver-Software, it is very flexible to configure to match your needs,
and its E-X-T-R-E-M-E stable! I personally never experienced a crash in a productive (=non-experimental stuff) environment</para>
</sect3>
<sect3><title>Download the source</title>
<para>Origin-Site
<ulink url="http://www.apache.org/dist/httpd/">http://www.apache.org/dist/httpd/</ulink>
<screen>cd /usr/local/
tar -xvzf apache_1.3.26.tar.gz
</screen>
</para>
</sect3>
<sect3><title>Patch for large-scale sites</title>
<para>
If your webserver should answer very much requests at the same time, and your machine is strong enough to serve
such an amount of requests, you can change the limit of maximum running processes
</para>
<para>
Download the patch from: <ulink url="http://www.delouw.ch/linux/apache-patch_HARD_SERVER_LIMIT.txt">
http://www.delouw.ch/linux/apache-patch_HARD_SERVER_LIMIT.txt</ulink>
</para>
<screen>
--- httpd.h Thu Mar 21 18:07:34 2002
+++ httpd.h-new Sun Apr 7 13:34:11 2002
@@ -320,7 +320,7 @@
#elif defined(NETWARE)
#define HARD_SERVER_LIMIT 2048
#else
-#define HARD_SERVER_LIMIT 256
+#define HARD_SERVER_LIMIT 512
#endif
#endif
</screen>
<para>This patch does increase the maximum concurrent accessing clients to 512. Feel free to increase it further,
if you hacked your kernel and edited your /etc/security/limits.conf (this is ONLY for experienced users!
With wrong settings this could end as a &ldquo;self-denial-of-service-attack&rdquo;!!
Be sure you have enough processes left for root)</para>
<para>Apply the patch using:</para>
<screen>
cd /usr/local/apache_1.3.26/src/include
patch -p0 &lt; apache-patch_HARD_SERVER_LIMIT.txt
</screen>
</sect3>
</sect2>
<sect2><title>mod_ssl</title>
<sect3><title>What is mod_ssl</title>
<para>Quoting www.modssl.org</para>
<para>This module provides strong cryptography for the Apache 1.3 webserver via the Secure Sockets Layer (SSL v2/v3) and
Transport Layer Security (TLS v1) protocols by the help of the Open Source SSL/TLS toolkit OpenSSL, which is
based on SSLeay from Eric A. Young and Tim J. Hudson.</para>
<para>From the authors point of view:</para>
<para>
This module is needed to enable Apache for SSL-Requests (https). It applies a patch to the Apache
source-code and extends its API (EAPI)
</para>
<para>
Make sure any module for your Apache-Server is compiled with the compiler-flag -DEAPI, or your
Webserver might crash or can not be started
</para>
<para>Almost all modules I know adds the -DEAPI flag by themself except mod_jserv and mod_jk</para>
</sect3>
<sect3><title>Download the source</title>
<para>Origin-Site:<ulink url="http://www.modssl.org">http://www.modssl.org</ulink></para>
</sect3>
<sect3><title>Applying the patch to the apache source</title>
<screen>cd /usr/local/
tar -xvzf mod_ssl-2.8.9-1.3.26.tar.gz
cd mod_ssl-2.8.9-1.3.26/
./configure --with-apache=../apache_1.3.26
</screen>
</sect3>
</sect2>
<sect2><title>mod_perl</title>
<sect3><title>What is mod_perl</title>
<para>Quoting perl.apache.org</para>
<para>With mod_perl it is possible to write Apache modules entirely in Perl. In addition, the persistent
interpreter embedded in the server avoids the overhead of starting an external interpreter and the
penalty of Perl start-up time. </para>
<para>From the authors point of view:</para>
<para>
mod_perl is a kind of substitute for cgi-bin's. cgi's typically forks a new process for each request,
and produces overhead. With mod_perl the perl-interpreter is loaded persistent in
the apache-server and does not need to fork processes for each request
</para>
</sect3>
<sect3><title>Download the source</title>
<para>Origin-Site: <ulink url="http://www.apache.org/dist/perl">http://www.apache.org/dist/perl</ulink></para>
</sect3>
<sect3><title>Building and installing</title>
<screen>cd /usr/local
tar -xvzf mod_perl-1.27.tar.gz
cd mod_perl-1.27
perl Makefile.PL &bsol;
EVERYTHING=1 &bsol;
APACHE_SRC=../apache_1.3.26/src &bsol;
USE_APACI=1 &bsol;
PREP_HTTPD=1 &bsol;
DO_HTTPD=1
make
make install
</screen>
<para>Notice: Do not compile mod_perl as dso (Dynamic Shared Object)! According
to various sources, apache will crash (I never tried)</para>
</sect3>
</sect2>
<sect2><title>Configure and build Apache</title>
<para>
Now the two static modules mod_ssl and mod_perl are configured and the Apache Source has been patched, and
we can proceed with building Apache.
</para>
<sect3><title>Building and installing</title>
<screen>
EAPI_MM=&quot;/usr/local/mm-1.1.3&quot; SSL_BASE=&quot;/usr/local/ssl&quot; &bsol;
./configure &bsol;
--enable-module=unique_id &bsol;
--enable-module=rewrite &bsol;
--enable-module=speling &bsol;
--enable-module=expires &bsol;
--enable-module=info &bsol;
--enable-module=log_agent &bsol;
--enable-module=log_referer &bsol;
--enable-module=usertrack &bsol;
--enable-module=proxy &bsol;
--enable-module=userdir &bsol;
--enable-module=so &bsol;
--enable-shared=ssl &bsol;
--enable-module=ssl &bsol;
--activate-module=src/modules/perl/libperl.a &bsol;
--enable-module=perl
make
make install
</screen>
</sect3>
<sect3><title>Create self-signed SSL-certificate</title>
<screen>
cd /usr/local/ssl/bin
./openssl req -new &gt; new.cert.csr
./openssl rsa -in privkey.pem -out new.cert.key
./openssl x509 -in new.cert.csr -out new.cert.cert \
-req -signkey new.cert.key -days 999
cp new.cert.key /usr/local/apache/conf/ssl.key/server.key
cp new.cert.cert /usr/local/apache/conf/ssl.crt/server.crt
</screen>
<para>
Notice: OpenSSL asks for different things. A common error is to enter a wrong &quot;common name&quot;.
This should be the FQHN (Fully Qualified HostName) of your Server, i.e www.foo.org</para>
</sect3>
</sect2>
</sect1>
<sect1 id="modules">
<title>Additional modules</title>
<sect2><title>mod_dav</title>
<sect3><title>What is mod_dav</title>
<para>Quoting www.webdav.org</para>
<para>mod_dav is an Apache module to provide DAV capabilities (RFC 2518) for your Apache web server. It is an
Open Source module, provided under an Apache-style license.</para>
<para>From the authors point of view:</para>
<para>
DAV means: &quot;Distributed authoring and Versioning&quot;. It allows you to manage your Website similar
to a filesystem. It is meant to replace ftp-uploads to your Webserver.
</para>
<para>
DAV is supported by all major Web-development-Tools (newer versions) and is going to be a widely accepted
standard for Web-publishing
</para>
</sect3>
<sect3><title>Download the source</title>
<para>Origin-Site: <ulink url="http://www.webdav.org/mod_dav/">http://www.webdav.org/mod_dav/</ulink></para>
</sect3>
<sect3><title>Building and installing</title>
<screen>
cd /usr/local
tar -xvzf mod_dav-1.0.3-1.3.6.tar.gz
cd mod_dav-1.0.3-1.3.6
./configure --with-apxs=/usr/local/apache/bin/apxs
make
make install
</screen>
<para>Notice: the filename mod_dav-1.0.3-1.3.6 suggests that it will only run with apache 1.3.6 but it
actually will run with all apaches &gt;= 1.3.6</para>
</sect3>
</sect2>
<sect2><title>auth_ldap</title>
<sect3><title>What is auth_ldap</title>
<para>Quoting www.rudedog.org</para>
<para>auth_ldap is an LDAP authentication module for Apache, the world's most popular web server.
auth_ldap has excellent performance, and supports Apache on both Unix and Windows NT. It
also has support for LDAP over SSL, and a mode that lets Micros&tilde;1 Frontpage clients manage
their web permissions while still using LDAP for authentication. </para>
<para>From the authors point of view:</para>
<para>
If you like to consolidate your login-facilities to a common user/passwd base, LDAP is the right
way. LDAP is an open standard and widely supported.
</para>
<para>Login-facilities for LDAP:</para>
<para>Unix-Logins for Linux, Solaris (others?) FTP-Logins (some ftp-daemons) http Basic Authentication Tarantella
Authentication and Role-Management Samba Authentication (2.2.x should support this)
LDAP is role based. That means, i.e. you can define a role &quot;manager&quot; assign a user as
member and that user can login wherever a manager is allowed to login</para>
</sect3>
<sect3><title>Download the source</title>
<para>Origin-Site: <ulink url="http://www.rudedog.org/auth_ldap/">http://www.rudedog.org/auth_ldap/</ulink></para>
</sect3>
<sect3><title>Building and installing</title>
<screen>
cd /usr/local
tar -xvzf auth_ldap-1.6.0.tar.gz
cd auth_ldap-1.6.0
./configure --with-apxs=/usr/local/apache/bin/apxs &bsol;
--with-sdk=openldap
make
make install
</screen>
</sect3>
</sect2>
<sect2 id="authmysql"><title>mod_auth_mysql</title>
<sect3><title>What is mod_auth_mysql</title>
<para>It is a http-Basic Authentication Module. It allows to maintain your user comfortable in a MySQL-Database</para>
</sect3>
<sect3><title>Download the source</title>
<para>Origin-Site: <ulink url="ftp://ftp.kciLink.com/pub/mod_auth_mysql.c.gz">ftp://ftp.kciLink.com/pub/mod_auth_mysql.c.gz</ulink></para>
</sect3>
<sect3><title>Building and installing</title>
<screen>
gunzip mod_auth_mysql.c.gz
/usr/local/apache/bin/apxs &bsol;
-c -I/usr/local/mysql/include &bsol;
-L/usr/local/mysql/lib/mysql &bsol;
-lmysqlclient -lm mod_auth_mysql.c
cp mod_auth_mysql.so /usr/local/apache/libexec/
</screen>
<para>
Add this line in your httpd.conf:
</para>
<screen>
LoadModule mysql_auth_module libexec/mod_auth_mysql.so
</screen>
<para>
And where the other modules are added:
</para>
<screen>AddModule mod_auth_mysql.c
</screen>
<para>Take care that the path of Mysql libs and includes are correct!</para>
<para>Notice: Be sure that /usr/local/mysql/lib/mysql is in /etc/ld.so.conf before compiling</para>
<para>Use AuthMySQLCryptedPasswords Off or it does not work! (under investigation why not)</para>
</sect3>
<sect3><title>Sample configuration</title>
<sect4><title>/usr/local/apache/conf/httpd.conf</title>
<screen>
&lt;location /manual/&gt;
AuthType Basic
AuthUserfile /dev/null
AuthName Testing
AuthGroupFile /dev/null
AuthMySQLHost localhost
AuthMySQLCryptedPasswords Off
AuthMySQLUser root
AuthMySQLDB users
AuthMySQLUserTable user_info
&lt;Limit GET POST&gt;
require valid-user
&lt;/limit&gt;
&lt;/location&gt;
</screen>
</sect4>
<sect4><title>Script for creating the MySQL-Database</title>
<para>
just type:
</para>
<screen>
mysql < authmysql.sql
</screen>
<para>
The File authmysql.sql contents:</para>
<screen>
create database http_users;
connect http_users;
CREATE TABLE user_info (
user_name CHAR(30) NOT NULL,
user_passwd CHAR(20) NOT NULL,
user_group CHAR(10),
PRIMARY KEY (user_name);
</screen
</sect4>
</sect3>
</sect2>
<sect2><title>mod_dynvhost</title>
<sect3><title>What is mod_dynvhost</title>
<para>
It is a module that allows to define new Virtual Host &quot;on-the-fly&quot;. Just create a
new Directory in your vhost-path, thats it. It is not need to restart your Webserver</para>
<para>It is a good solution for Mass-Virtual-hosting for ISP's</para>
</sect3>
<sect3><title>Download the source</title>
<para>Origin-Site: <ulink url="http://funkcity.com/0101/projects/dynvhost/mod_dynvhost.tar.gz">
http://funkcity.com/0101/projects/dynvhost/mod_dynvhost.tar.gz</ulink>
</para>
</sect3>
<sect3><title>Building and installing</title>
<screen>
cd /usr/local
tar -xvzf mod_dynvhost.tar.gz
cd dynvhost/
/usr/local/apache/bin/apxs -i -a -c mod_dynvhost.c
</screen>
<para>Notice: Take a look at httpd.conf if mod_dynvhost.so is loaded at startup: </para>
<screen>
LoadModule dynvhost_module libexec/mod_dynvhost.so
</screen>
</sect3>
<sect3><title>Sample configuration</title>
<sect4><title>/usr/local/apache/conf/httpd.conf</title>
<screen>
&lt;DynamicVirtualHost /usr/local/apache/htdocs/vhosts/&gt;
HomeDir /
&lt;/DynamicVirtualHost&gt;
</screen>
<para>Now create a Directory for each virtualhost in /usr/local/apache/htdocs/vhosts/</para>
<para>i.e.</para>
<para>/usr/local/apache/htdocs/vhosts/foo.bar.org</para>
<para>You don't need to restart your Webserver</para>
</sect4>
</sect3>
</sect2>
<sect2><title>mod_roaming</title>
<sect3><title>What is mod_roaming</title>
<para>Quoting www.klomp.org/mod_roaming/</para>
<para>With mod_roaming you can use your Apache webserver as a Netscape Roaming Access server. This allows
you to store your Netscape Communicator 4.5 preferences, bookmarks, address books, cookies etc. on the
server so that you can use (and update) the same settings from any Netscape Communicator 4.5 that can
access the server.</para>
<para>From the authors point of view: </para>
<para>This is really cool stuff! Unfortunately it does not work over proxy-connection.
You can keep your Netscape 4.x bookmarks etc. synchronized on different machines. It is not supported
by any other browsers, including Mozilla and Netscape 6.x
</para>
</sect3>
<sect3><title>Download the source</title>
<para>Origin-Site: <ulink url="http://www.klomp.org/mod_roaming/">http://www.klomp.org/mod_roaming/</ulink>
</para>
</sect3>
<sect3><title>Building and installing</title>
<screen>
cd /usr/local
tar -xvzf mod_roaming-1.0.2.tar.gz
cd mod_roaming-1.0.2
/usr/local/apache/bin/apxs -i -a -c mod_roaming.c
</screen>
<para>Notice: Check httpd.conf if mod_roaming is loaded at startup: </para>
<screen>
LoadModule roaming_module libexec/mod_roaming.so
</screen>
<para>Should be installed automatically</para>
</sect3>
<sect3><title>Sample configuration</title>
<sect4><title>/usr/local/apache/conf/httpd.conf</title>
<screen>
RoamingAlias /roaming /usr/local/apache/roaming
&lt;Directory /usr/local/apache/roaming&gt;
AuthUserFile /usr/local/apache/conf/roaming-htpasswd
AuthType Basic
AuthName &quot;Roaming Access&quot;
&lt;Limit GET PUT MOVE DELETE&gt;
require valid-user
&lt;/Limit&gt;
&lt;/Directory&gt;
</screen>
</sect4>
</sect3>
</sect2>
</sect1>
<sect1 id="compress">
<title>Compressed delivery</title>
<para>
There are basically two modules available for output compression: mod_gzip and mod_gunzip. They are using different approaches
to reach the the goal of bandwidth reduction.
</para>
<para>
mod_gunzip expects compressed file on the filesystem, and uncompress them if the browser cannot handle compressed data.
The benefit is a low cpu-usage, because most browsers are capable to handle gzipped content. On the oder side, most of today's
content is served dynamically i.e. PHP, and this content will be delivered uncompressed.
</para>
<para>
mod_gzip does not need compressed files on the system, all defined content will be compressed before delivery. The benefit is
to have the dynamically generated content also compressed, the other side is a higher cpu-usage, because every request has to be
compressed on-the-fly. Mod_gzip can handle already compressed data i.e. index.html.gz and send it as-is.
<para>
<para>
The conclusion: You carefully have to make a decision which of the two modules makes more sense for you. If you have to
pay for every GB delivered and CPU-power does not matter, then mod_gzip is the choice for you. If response time matters
(delay between request and delivery), and your bandwidth is cheap or unlimited, mod_gunzip matches your needs better.
<para>
<para>A good page that helps you to make this decision is Martin Kiff's document about mod_gunzip
<ulink url="http://www.innerjoin.org/apache-compression/howto.html">http://www.innerjoin.org/apache-compression/howto.html</ulink>
</para>
<sect2><title>mod_gzip</title>
<sect3><title>Download the source</title>
<para>Origin-Site: <ulink url="http://www.ehyperspace.com/htmlonly/products/mod_gzip.html">http://www.ehyperspace.com/htmlonly/products/mod_gzip.html</ulink>
</para>
</sect3>
<sect3><title>Building and installing</title>
<screen>
/usr/local/apache/bin/apxs -i -a -c -lz mod_gzip.c
</screen>
</sect3>
<sect3>
<title>Sample configuration</title>
<para>Put the following in your <filename>/usr/local/apache/conf/httpd.conf</filename>:</para>
<screen>
mod_gzip_on Yes
mod_gzip_can_negotiate Yes
mod_gzip_dechunk Yes
mod_gzip_minimum_file_size 600
mod_gzip_maximum_file_size 0
mod_gzip_maximum_inmem_size 100000
mod_gzip_keep_workfiles No
mod_gzip_temp_dir /usr/local/apache/gzip
mod_gzip_item_include file \.html$
mod_gzip_item_include file \.txt$
mod_gzip_item_include file \.jsp$
mod_gzip_item_include file \.php$
mod_gzip_item_include file \.pl$
mod_gzip_item_include mime ^text/.*
mod_gzip_item_include mime ^application/x-httpd-php
mod_gzip_item_include mime ^httpd/unix-directory$
mod_gzip_item_include handler ^perl-script$
mod_gzip_item_include handler ^server-status$
mod_gzip_item_include handler ^server-info$
mod_gzip_item_exclude file \.css$
mod_gzip_item_exclude file \.js$
mod_gzip_item_exclude mime ^image/.*
</screen>
</sect3>
</sect2>
<sect2><title>mod_gunzip</title>
<sect3><title>Download the source</title>
<para>Origin-Site: <ulink url="http://www.oldach.net/mod_gunzip.tar.gz">http://www.oldach.net/mod_gunzip.tar.gz</ulink>
</para>
</sect3>
<sect3><title>Building and installing</title>
<screen>
tar -xvzf mod_gunzip.tar.gz
cd mod_gunzip-2
/usr/local/apache/bin/apxs -i -a -c -lz mod_gunzip.c
</screen>
</sect3>
<sect3>
<title>Sample configuration</title>
<para>Put the following in your <filename>/usr/local/apache/conf/httpd.conf</filename>:</para>
<screen>
AddType text/html .htmz
AddHandler send-gunzipped .htmz
</screen>
<para>
Now you can gzip your html files and rename them to i.e:</para>
<screen>
gzip index.html
mv index.html.gz index.htmz
</screen>
<para>
Of course you have to change all links to htmz, i.e. &lt;a href="page.htmz"&gt;Some page&lt;/a&gt;
</para>
</sect3>
</sect2>
</sect1>
<sect1 id="php">
<title>mod_php and its prerequisites</title>
<sect2><title>What is mod_php</title>
<para>Quoting www.php.net</para>
<para>PHP is a server-side, cross-platform, HTML embedded scripting language. </para>
<para>In the beginning it was just a simple guestbook-processor, and it was growing and growing Since Version 3
it is really powerful Webdevelopment-language</para>
<para>From the authors point of view:</para>
<para>Since Version 4 PHP capable and robust enough for enterprise webapplications. It is powerful, supports almost all
important Databases natively, and other through ODBC. It a few times faster than ASP on M&dollar;-Systems on
the same Hardware. </para>
<para>There are other extensions available like apc which speed up processing about 50-400&percnt;
(depends on the php-code you wrote)</para>
</sect2>
<sect2><title>Prerequisites</title>
<para>
Depending on your needs there are some software to install first. One already installed Software according this document is MySQL, because
its needed by mod_auth_mysql.</para>
<sect3><title>IMAP client</title>
<sect4><title>What is IMAP client</title>
<para>IMAP means "Internet Mail Application Protocol" and is a
substitute for the POP protocol. It allows to keep all
Mails in different folders on the server, which (should)
be backed up - Never again lose important email, because your
local harddrive crashed</para>
</sect4>
</sect3>
<sect3><title>Download the source</title>
<para>Origin-Site:</para>
<para>Origin-Site: <ulink url="http://www.washington.edu/imap/">http://www.washington.edu/imap/</ulink>
</para>
</sect3>
<sect3><title>Building and installing</title>
<screen>
cd /usr/local
tar -xvfz imap.tar.Z
cd imap
make slx SSLTYPE=unix
</screen>
<para>Notice: </para>
<para>imap.tar.Z is usually a symlink to the latest release, today its linked to imap-2001a.tar.Z</para>
<para>If you don't need SSL-Support, remove the "SSLTYPE=unix" behind the make command</para>
</sect3>
<sect3><title>PostgreSQL</title>
<sect4><title>What is PostgreSQL</title>
<para>PostgreSQL is a very Powerful and fast Database</para>
<para>
Like MySQL wonderful for Webapplications. From my Point of view, not as comfortable to handle as MySQL.
If your Webapplication performs mostly writes, or you need proofed transaction-capabilities, PostgreSQL is your friend
</para>
</sect4>
<sect4><title>Download the source</title>
<para>Origin-Site: <ulink url="http://www.postgresql.org">http://www.postgresql.org</ulink> (Select a mirror close to you)</para>
</sect4>
<sect4><title>Building and installing</title>
<screen>
cd /usr/local
tar -xvzf postgresql-7.2.1.tar.gz
cd postgresql-7.2.1
./configure &bsol;
--with-perl &bsol;
--enable-odbc &bsol;
--with-unixodbc &bsol;
--with-pam &bsol;
--with-openssl &bsol;
make
make install
echo /usr/local/pgsql/lib &gt;&gt; /etc/ld.so.conf
ldconfig
</screen>
</sect4>
</sect3>
<sect3><title>pdflib</title>
<sect4><title>What is pdflib</title>
<para>Quoting www.pdflib.com</para>
<para>PDFlib: A library for generating PDF on the fly PDFlib is the premier software component if you want
to generate PDF on your server, convert text and graphics, or implement PDF output in your own products.</para>
<para>From the authors point of view:</para>
<para>
This is a commercial Product. Read the license carefully to see if you need a commercial license or not
</para>
</sect4>
<sect4><title>Download the source</title>
<para>Origin-Site: <ulink url="http://www.pdflib.com/pdflib/download/pdflib-4.0.2.tar.gz">
http://www.pdflib.com/pdflib/download/pdflib-4.0.2.tar.gz</ulink></para>
</sect4>
<sect4><title>Building and installing</title>
<screen>
cd /usr/local/
tar -xvzf pdflib-4.0.2.tar.gz
cd pdflib-4.0.2
./configure --enable-shared-pdflib --enable-cxx
make
make install
ldconfig
</screen>
</sect4>
</sect3>
<sect3><title>gettext</title>
<sect4><title>What is gettext</title>
<para>gettext is a library for i18n (Internationalization, "I", 18 chars and "n") of software, and needed by php</para>
</sect4>
<sect4><title>Download the source</title>
<para>Origin-Site: <ulink url="ftp://ftp.gnu.org/gnu/gettext">ftp://ftp.gnu.org/gnu/gettext</ulink>
(select a mirror close to you)</para>
</sect4>
<sect4><title>Building and installing</title>
<screen>
cd /usr/local
tar -xvzf gettext-0.11.2.tar.gz
cd gettext-0.11.2
./configure
make
make check
make install
ldconfig
</screen>
</sect4>
</sect3>
<sect3><title>zlib</title>
<sect4><title>What is zlib</title>
<para>zlib is a lossless data-compression library for use on virtually any computer hardware and operating system</para>
</sect4>
<sect4><title>Download the source</title>
<para>Origin-Site: <ulink url="ftp://ftp.info-zip.org/pub/infozip/zlib/zlib-1.1.4.tar.gz">ftp://ftp.info-zip.org/pub/infozip/zlib/zlib-1.1.4.tar.gz</ulink>
(select a mirror close to you)</para>
</sect4>
<sect4><title>Building and installing</title>
<screen>
cd /usr/local
tar -xvzf zlib-1.1.4.tar.gz
cd zlib-1.1.4/
./configure
make
make test
make install
ldconfig
</screen>
</sect4>
</sect3>
</sect2>
<sect2 id="build-php"><title>Building and installing PHP4</title>
<screen>
cd /usr/local
tar -xvzf php-4.1.2.tar.gz
cd php-4.1.2
./configure &bsol;
--with-apxs=/usr/local/apache/bin/apxs &bsol;
--with-mysql=/usr/local/mysql &bsol;
--with-pgsql=/usr/local/pgsql &bsol;
--enable-track-vars &bsol;
--with-openssl=/usr/local/ssl &bsol;
--with-imap=/usr/local/imap-2001a &bsol;
--with-gd --with-ldap &bsol;
--enable-ftp &bsol;
--enable-sysvsem &bsol;
--enable-sysvshm &bsol;
--enable-sockets &bsol;
--with-pdflib=/usr/local &bsol;
--with-gettext &bsol;
--with-mm=/usr/local/mm-1.1.3 &bsol;
--with-jpeg-dir=/usr/lib &bsol;
--with-zlib-dir=/usr/local &bsol;
make
make install
</screen>
<para>After installing your httpd.conf is modified by axps. It should now look as follows:</para>
<screen>
&lt;IfDefine SSL&gt;
LoadModule ssl_module libexec/libssl.so
LoadModule php4_module libexec/libphp4.so
&lt;/IfDefine&gt;
</screen>
<para>If you compiled Apache with mod_ssl then the php-module will only be loaded when staring Apache with ssl (apachectl startssl). If you will start Apache without ssl support (but compiled like described in this document) you need to change this:
</para>
<screen>
&lt;IfDefine SSL&gt;
LoadModule ssl_module libexec/libssl.so
&lt;/IfDefine&gt;
LoadModule php4_module libexec/libphp4.so
</screen>
<para>Copy the sample php.ini to /usr/local/lib/php.ini</para>
<screen>
cp /usr/local/php-4.1.2/php.ini-dist /usr/local/lib/php.ini
</screen>
<para>uncomment (remove the &num; at begin of line) the following lines in /usr/local/apache/conf/httpd.conf</para>
<para>Apache 1.3.26 default httpd.conf does lack of this entries. You have to add them instead of uncommenting</para>
<screen>
AddType application/x-httpd-php .php
AddType application/x-httpd-php .phtml
AddType application/x-httpd-php .php3
AddType application/x-httpd-php-source .phps
</screen>
<para>Restart apache by issuing the following command: </para>
<screen>
/usr/local/apache/bin/apachectl restart
</screen>
</sect2>
</sect1>
<sect1 id="phpext"><title>PHP extensions</title>
<para>There are many different extensions available for php, which can be added in your php.ini</para>
<sect2><title>APC (Alternative PHP-cache)</title>
<sect3><title>What is APC</title>
<para>Quoting www.apc.communityconnect.com/</para>
<para>APC is the Alternative PHP Cache. It was conceived of to provide a free, open, and robust framework for compiling
and caching php scripts. APC was conceived of to provide a way of boosting the performance of PHP on heavily loaded sites
by providing a way for scripts to be cached in a compiled state, so that the overhead of parsing and compiling can be
almost completely eliminated. There are commercial products which provide this functionality, but they are neither
open-source nor free. Our goal was to level the playing field by providing an implementation that allows greater
flexibility and is universally accessible. We also wanted the cache to provide visibility into it's own workings and
those of PHP, so time was invested in providing internal diagnostic tools which allow for cache diagnostics and
maintenance. Thus arrived APC. Since we were committed to developing a product which can easily grow with new version
of PHP, we implemented it as a zend extension, allowing it to either be compiled into PHP or added post facto as a
drop in module. As with PHP, it is available completely free for commercial and non-commercial use, under the same terms
as PHP itself. APC has been tested under PHP 4.0.3, 4.0.3pl1 and 4.0.4. It currently compiles under Linux and FreeBSD.
Patches for ports to other OSs/ PHP versions are welcome.</para>
<para>From the authors point of view:</para>
<para>The author made some performance-Tests with apc and it was real surprise. A PHP-Webpage with
mysql-queries in a loop (total 10 queries) was more than 50&percnt; faster </para>
<para>
Contra APC: If you have other users on the system coding php they maybe are not comfortable with APC,
because the changes are all ignored unless you reset the cache or restart Apache. The other way,
namely that APC checks the php-script for a newer version before every run costs speed.
</para>
</sect3>
<sect3><title>Download the source</title>
<para>Origin-Site: <ulink url="http://apc.communityconnect.com/sources/apc-cvs.tar.gz">http://apc.communityconnect.com/sources/apc-cvs.tar.gz</ulink></para>
</sect3>
<sect3><title>Building and installing</title>
<screen>
cd /usr/local
tar -xvzf apc-cvs.tar.gz
cd apc
./configure --enable-apc --with-php-config=/usr/local/bin/php-config
make
make install
cp modules/php_apc.so /usr/local/lib/php/extensions
echo 'zend_extension=&quot;/usr/local/lib/php/extensions/php_apc.so&quot;' \
&gt;&gt; /usr/local/lib/php.ini
echo &ldquo;apc.mode = shm&rdquo; &gt;&gt; \
apc.mode = shm
</screen>
<para>
Restart your Apache-Webserver. Try it out, create a php-file with the following content: </para>
<screen>
&lt;?php
apcinfo();
?&gt;
</screen>
</sect3>
</sect2>
<sect2><title>Zend-Optimizer (Do _NOT_ combine with APC-Cache!)</title>
<sect3><title>What is Zend-optimizer</title>
<para>Quoting www.zend.com</para>
<para>The Zend Optimizer goes over the intermediate code generated by the standard Zend run-time compiler
located in the Zend Engine, and then optimizes it for faster execution. </para>
<para>From the authors point of view:<para>
Zend-Optimizer is a freeware closed source product.
On the same testcode used for the APC-test, there was speed-decrease of about 5&percnt; compared to PHP without
APC
</para>
<para>
You have to make your own test, to see, if you have some improvements with your own code.
Be sure not to NOT use Zend Optimizer together with APC, or your whole setup will not work
</para>
</sect3>
<sect3><title>Download the binary</title>
<para>Origin-Site: <ulink url="https://www.zend.com/store/free_download.php?pid=13">https://www.zend.com/store/free_download.php?pid=13</ulink></para>
<para>You have to register yourself at zend.com to get access to the download-page</para>
</sect3>
<sect3><title>Installing</title>
<para>
There is noting to build, this product is closed-source and so only available as binary for different
platforms. The filename varies according your platform, the sample is for Linux on IA32.
</para>
<screen>
cd /usr/local
tar -xvzf ZendOptimizer-1.3.1-Linux_glibc21-i386.tar.gz
cd ZendOptimizer-1.3.1-Linux_glibc21-i386
./install.sh
</screen>
<para>The install script is self-explanatory, if you compiled Apache and PHP like descibed in this document, you can just press enter
on all questions about the pathnames.</para>
</sect3>
</sect2>
</sect1>
<sect1 id="ssjava"><title>Server Side Java</title>
<sect2><title>mod_jserv</title>
<sect3><title>What is mod_jserv</title>
<para>Quoting java.apache.org</para>
<para>
Apache JServ is a 100&percnt; pure Java servlet engine fully compliant with the JavaSoft Java Servlet APIs 2.0
specification. Since we believe in the great value complete portability between different servlet platforms,
together with portability of Java binary code, we worked very close with JavaSoft and other JVM implementers to
provide correct interpretations or Java specifications both for servlets and for the Java language itself.
</para>
<para>From the authors point of view:</para>
<para>mod_jserv is very comfortable to maintain</para>
<para>Unfortunately mod_jserv is no longer actively developed,
only bugfixes if bugs where found. Tomcat is the successor of mod_jserv
As soon as the author gets enough time and experience with Tomcat he will extend this HOWTO.</para>
<para>JSDK2.0 is out of Date too. It is needed for mod_jserv only. </para>
</sect3>
<sect3><title>Prerequisites</title>
<sect4><title>JSDK 2.0 (mod_jserv req.)</title>
<sect5><title>What is JSDK</title>
<para>It is the API from Sun Microsystems for developing Servlets</para>
</sect5>
<sect5><title>Download</title>
<para>Origin-Site: <ulink url="http://java.sun.com/products/servlet/archive.html">
http://java.sun.com/products/servlet/archive.html</ulink></para>
</sect5>
<sect5><title>Building and installing</title>
<para>Since JSDK is closed source there is nothing to build.</para>
<para>Notice: The filename &ldquo;jsdk20-solaris2-sparc.tar.Z&rdquo; suggests to be a binary for sparc platform -&gt;
ignore it, it will work on all platforms</para>
<screen>
cd /usr/local/
uncompress jsdk20-solaris2-sparc.tar.Z
tar -xvf jsdk20-solaris2-sparc.tar
</screen>
</sect5>
</sect4>
</sect3>
<sect3><title>Download the source</title>
<para>Origin-Site: <ulink url="http://java.apache.org/jserv/dist/">http://java.apache.org/jserv/dist/</ulink></para>
</sect3>
<sect3><title>Building and installing</title>
<screen>
cd /usr/local
tar -xvzf ApacheJServ-1.1.2.tar.gz
cd ApacheJServ-1.1.2
./configure &bsol;
--prefix=/usr/local/jserv &bsol;
--with-apxs=/usr/local/apache/bin/apxs &bsol;
--with-JSDK=/usr/local/JSDK2.0 &bsol;
--enable-EAPI &bsol;
make
make install
</screen>
<para>It is important to use flag --enable-EAPI if apache is compiled with mod_ssl!</para>
</sect3>
</sect2>
<sect2><title>jakarta-tomcat</title>
<sect3><title>What is Tomcat</title>
<para>Quoting jakarta.apache.org</para>
<para>Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process.</para>
<para>From the authors point of view:</para>
<para>
Tomcat is the successor of jserv which is no longer developed. Tomcat supports the latest jsp and servlet-APIs
defined by sun. Unfortunately Tomcat is very difficult to build from source, because it is using its own
building-system called "ant". There is also a very long list of prerequisites if you want to build from source.
See <ulink url="http://jakarta.apache.org/tomcat/tomcat-4.0-doc/BUILDING.txt">
http://jakarta.apache.org/tomcat/tomcat-4.0-doc/BUILDING.txt</ulink> for more details - Good luck, and give some
feedback to the author.
</para>
<para>
In the meantime the HOWTO is providing some
basic support for Tomcat installed from binaries.</para>
<para>The Author is searching for some volunteers who tries to build Tomcat from source and tells what steps are required</para>
</sect3>
<sect3><title>Prerequisites</title>
<sect4><title>Java2</title>
<sect5><title>What is Java2>
<para>Quoting java.sun.com</para>
<para>Too much for this HOWTO, please see <ulink url="http://java.sun.com/j2se/1.3/docs/relnotes/features.html">http://java.sun.com/j2se/1.3/docs/relnotes/features.html</ulink></para>
</sect5>
<sect4><title>Download the binaries</title>
<para>Go to <ulink url="http://java.sun.com/j2se/1.3/">http://java.sun.com/j2se/1.3/</ulink> ,choose your platform and follow the steps on the site.</para>
</sect4>
<sect4><title>Installing the binaries</title>
<para>
Execute the binary:
<screen>
chmod +x j2sdk-1_3_1_02-linux-i386.bin
./2sdk-1_3_1_02-linux-i386.bin
</screen>
<para>
Notice: There is a newer version of java available, if you do not care about possible instability you can downloads version
1.4.0
</para>
<para>After accepting the license, unpack the stuff and move the resulting directory to "/usr/lib" and set an appropriate symbolic link</para>
</sect4>
</sect3>
<sect3><title>Download the binaries</title>
<para>Origin-Site:
<ulink url="http://jakarta.apache.org/builds/jakarta-tomcat-4.0/release/v4.0.3/bin/jakarta-tomcat-4.0.3.tar.gz">
http://jakarta.apache.org/builds/jakarta-tomcat-4.0/release/v4.0.3/bin/jakarta-tomcat-4.0.3.tar.gz</ulink></para>
<sect3><title>Installing the binaries</title>
<screen>
cd /usr/local
tar -xvzf jakarta-tomcat-4.0.3.tar.gz
cd jakarta-tomcat-4.0.3
cd bin
rm *.bat
echo export JAVA_HOME=/usr/lib/java/ >> /etc/profile
. /etc/profile
</screen>
<para>Now you should be able to startup tomcat:
<screen>
/usr/local/apache/jakarta-tomcat-4.0.3/bin/startup.sh
</screen>
<para>You should now be able to connect to: <ulink url="http://localhost:8080/index.html">http://localhost:8080/index.html</ulink></para>
<para>
For the further steps like installing your servlets and jsp-files, you are responsible by yourself...</para>
<para>Notice: Since the author is NOT a Java-Programmer he will not be able to help you with Java-Problems!
The author is an experienced Sysadmin and could you give some hints: Be sure your CLASSPATH Variable is set right.
This is the most common error done. Have fun, and as mentioned above, the author welcomes some feedback to be
able to provide more information to the community.</para>
</sect3>
</sect2>
</sect1>
<sect1 id="moreinfo">
<title>Further Information</title>
<indexterm>
<primary>(your index root)!information resources</primary>
</indexterm>
<para>
Here are some other resources available on the internet
</para>
<sect2 id="newsgroups">
<title>News groups</title>
<indexterm>
<primary>disk!information resources!news groups</primary>
</indexterm>
<para>Some of the most interesting news groups are:
<itemizedlist>
<listitem>
<para>
<ulink url="news:alt.apache.configuration">alt.apache.configuration</ulink>
</para>
</listitem>
<listitem>
<para>
<ulink url="news:comp.infosystems.www.servers.unix">comp.infosystems.www.servers.unix</ulink>
</para>
</listitem>
<listitem>
<para>
<ulink url="news:alt.comp.lang.php">alt.comp.lang.php</ulink>
</para>
</listitem>
<listitem>
<para>
<ulink url="news:alt.php">alt.php</ulink>
</para>
</listitem>
<listitem>
<para>
<ulink url="news:comp.databases">comp.databases</ulink>
</para>
</listitem>
</itemizedlist>
</para>
<para>Also check out your country newsgroups e.g ch.comp.os.linux</para>
<para>
Most newsgroups have their own FAQ that are designed to answer most
of your questions, as the name Frequently Asked Questions indicate.
Fresh versions should be posted regularly to the relevant newsgroups.
If you cannot find it in your news spool you could go directly to the
<ulink url="ftp://rtfm.mit.edu/">FAQ main archive FTP site</ulink>.
The WWW versions can be browsed at the
<ulink url="http://www.cis.ohio-state.edu/hypertext/faq/usenet/FAQ-List.html">FAQ
main archive WWW site</ulink>.
</para>
</sect2>
<sect2 id="maillists">
<title>Mailing Lists</title>
<indexterm>
<primary>disk!information resources!mailing lists</primary>
</indexterm>
<sect3>
<title><email>users@httpd.apache.org</email></title>
<para>
Send an empty email to <email>users-subscribe@httpd.apache.org</email>
<para>Before writing to the list, check out the archive: <ulink url="http://marc.theaimsgroup.com/?l=apache-httpd-users">
http://marc.theaimsgroup.com/?l=apache-httpd-users</ulink></para>
</sect3>
<sect3>
<title><email>modperl@apache.org</email></title>
<para>Send an mail to <email>modperl@apache.org</email> with the content (not subject):
<screen>
subscribe modperl</screen> </para>
<para>Before writing to the list, check out the archive:
<ulink url="http://outside.organic.com/mail-archives/modperl/">
http://outside.organic.com/mail-archives/modperl/</ulink></para>
</sect3>
<sect3>
<title><email>openssl-users@openssl.org</email></title>
<para>Send an mail to <email>majordomo@openssl.org</email> with the content (not subject):
<screen>
subscribe openssl-users</screen> </para>
<para>Before writing to the list, check out the archive:
<ulink url="http://www.mail-archive.com/openssl-users@openssl.org/">
http://www.mail-archive.com/openssl-users@openssl.org/</ulink></para>
</sect3>
<sect3>
<title><email>modssl-users@modssl.org</email></title>
<para>Send an mail to <email>majordomo@modssl.org</email> with the content (not subject):
<screen>
subscribe modssl-users</screen> </para>
<para>Before writing to the list, check out the archive:
<ulink url="http://www.mail-archive.com/modssl-users@modssl.org/">
http://www.mail-archive.com/modssl-users@modssl.org/</ulink></para>
</sect3>
<sect3>
<title><email>mysql@lists.mysql.com</email></title>
<para>Send an empty mail to <email>mysql-subscribe@lists.mysql.com</email>
<para>Before writing to the list, check out the archive:
<ulink url="http://lists.mysql.com/cgi-ez/ezmlm-cgi/">
http://lists.mysql.com/cgi-ez/ezmlm-cgi/</ulink></para>
</sect3>
<sect3>
<title><email>pgsql-general@postgres.org</email></title>
<para>Fill out the subscription form at <ulink url="http://developer.postgresql.org/mailsub.php">
http://developer.postgresql.org/mailsub.php</ulink>
<para>Before writing to the list, check out the archive:
<ulink url="http://archives.postgresql.org/pgsql-general/">
http://archives.postgresql.org/pgsql-general/</ulink></para>
</sect3>
<sect3>
<title><email>pgsql-general@postgres.org</email></title>
<para>Fill out the subscription form at <ulink url="http://www.php.net/mailing-lists.php">
http://www.php.net/mailing-lists.php</ulink>
<para>
There are several php related mailinglist to subscribe, some of them are also available on php.net's newsserver
</para>
<para>
Before writing to the list, check out the archive that are linked also on the subscription-page
<para>
</sect3>
<sect3>
<title><email>apc-cache@lists.communityconnect.com</email></title>
<para>Send an mail to <email>apc-cache-request@lists.communityconnect.com</email> with the content (not subject):
<screen>
subscribe</screen> </para>
</sect3>
</sect2>
<sect2 id="howto">
<title>HOWTO</title>
<indexterm>
<primary>disk!information resources!HOWTOs</primary>
</indexterm>
<para>
These are intended as the primary starting points to get the
background information. They also show you how to solve a
specific problem. Some relevant HOWTOs are
</para>
<para>
<Literal remap="tt">
<ulink url="http://www.linuxdoc.org/HOWTO/Apache-Overview-HOWTO.html">Apache-Overview-HOWTO</ulink>
</Literal>,
<Literal remap="tt">
<ulink url="http://www.linuxdoc.org/HOWTO/Apache-WebDAV-LDAP-HOWTO/index.html">Apache-WebDAV-LDAP-HOWTO</ulink>
</Literal>,
<Literal remap="tt">
<ulink url="http://www.linuxdoc.org/HOWTO/LDAP-HOWTO.html">LDAP-HOWTO</ulink>
</Literal>,
<Literal remap="tt">
<ulink url="http://www.linuxdoc.org/HOWTO/LDAP-Implementation-HOWTO/index.html">LDAP-Implementation-HOWTO</ulink>
</Literal>and the
<Literal remap="tt">
<ulink url="http://www.linuxdoc.org/HOWTO/PHP-HOWTO.html">PHP-HOWTO</ulink></Literal>
</para>
<para>
The main site for these is the
<ulink url="http://www.linuxdoc.org/">LDP archive</ulink>
</para>
</sect2>
<sect2 id="local-res">
<title>Local Resources</title>
<indexterm>
<primary>disk!information resources!local</primary>
</indexterm>
<para>
Usually distributions install some documentation on your system. Usually they are
located in <filename>/usr/share/doc/packages</filename> or <filename> /usr/local/share/doc </filename>
</para>
<para>
The software products mentioned here provide a lot of documentation in their source-directories. Apache does install
its documentation in the default DocumentRoot <filename>/usr/local/apache/htdocs/manual</filename>
<para>
</sect2>
<sect2 id="web">
<title>Web Sites</title>
<indexterm>
<primary>disk!information resources!WWW</primary>
</indexterm>
<indexterm>
<primary>disk!information resources!web pages</primary>
</indexterm>
<para>
There are a large number of informative web sites available. By
their very nature they change quickly, so do not be surprised
if these links become outdated very fast.
</para>
<para>
A good starting point is of course the
<ulink url="http://www.linuxdoc.org/">Linux Documentation
Project</ulink> home page, a central information repository for
documentation, project pages and much more.
</para>
<para>
To get more information about the Software mentioned in this document, then the following sites
are good starting points.
</para>
<itemizedlist>
<listitem>
<para>
<ulink url="http://httpd.apache.org">http://httpd.apache.org</ulink>
<para>
</listitem>
</itemizedlist>
<itemizedlist>
<listitem>
<para>
<ulink url="http://www.openssl.org">http://www.openssl.org</ulink>
<para>
</listitem>
</itemizedlist>
<itemizedlist>
<listitem>
<para>
<ulink url="http://www.modssl.org">http://www.modssl.org</ulink>
<para>
</listitem>
</itemizedlist>
<itemizedlist>
<listitem>
<para>
<ulink url="http://perl.apache.org/">http://perl.apache.org/</ulink>
<para>
</listitem>
</itemizedlist>
<itemizedlist>
<listitem>
<para>
<ulink url="http://www.webdav.org">http://www.webdav.org</ulink>
<para>
</listitem>
</itemizedlist>
<itemizedlist>
<listitem>
<para>
<ulink url="http://www.mysql.com">http://www.mysql.com</ulink>
<para>
</listitem>
</itemizedlist>
<itemizedlist>
<listitem>
<para>
<ulink url="http://www.postgresql.org">http://www.postgresql.org</ulink>
<para>
</listitem>
</itemizedlist>
<itemizedlist>
<listitem>
<para>
<ulink url="http://www.pdflib.com">http://www.pdflib.com</ulink>
<para>
</listitem>
</itemizedlist>
<itemizedlist>
<listitem>
<para>
<ulink url="http://www.php.net">http://www.php.net</ulink>
<para>
</listitem>
</itemizedlist>
<itemizedlist>
<listitem>
<para>
<ulink url="http://www.phpbuilder.com">http://www.phpbuilder.com</ulink>
<para>
</listitem>
</itemizedlist>
<para>
Please let me know if you have any other leads that can be
of interest.
</para>
</sect2>
</sect1>
<sect1 id="faq">
<title>Questions and Answers</title>
<indexterm>
<primary>(your index root)!FAQ</primary>
</indexterm>
<indexterm>
<primary>(your index root)!frequently asked questions</primary>
</indexterm>
<para>
Here I answer the questions which I got from users. If you don't find an answer feel free to contact me
</para>
<para>
<itemizedlist>
<listitem>
<para>
Q: Is there such a HOWTO for apache 2.0?
</para>
<para>
A: Not yet. The reason is that PHP 4.2.1 supports the Apache 2.0 API only experimentally and the speed of PHP is very poor
with Apache 2.0. As the new Apache brings lots of new features and massive speed improvements,
I will write such a HOWTO as soon as the PHP support is stable and more performant. I'm collecting now
Ideas and wishes from users what they like to see in a Apache 2.0 HOWTO. Feel free to write an email to
<email>luc at delouw dot ch</email>
</para>
<listitem>
<para>
Q: Why you don't add a description howto compile and setup mod_xyz?
</para>
<para>
A: Because nobody requested it yet and I either did not know about a mod_xyz, or I did not found it useful. Feel free
to write me some suggestions what to add to the HOWTO. If there is more than one request, and it makes sense, it will maybe
added in further releases.
</para>
</listitem>
<listitem>
<para>
Q: If my clients are connecting to https://myserver.org an errormessage similar to this appears "Certificate not valid"
</para>
<para>
A: The certificate produced like described in this HOWTO is just a self-signed certificate. This means the CA (Certification Authority) is you. Your CA is not recognized as a valid CA by your users browser. You can either install the certificate on your users machines (Makes sense in small Intranet environments) or buy a certificate from a CA that is recognized by all major browsers. An example of such a CA is Verisign <ulink url="http://www.verisign.com">http://www.verisign.com</ulink>. Such a certificate cost approx. 300 USD a year, depending on the strength of the key (56 or 128 Bits)
</para>
</listitem>
<listitem>
<para>
Q: When I request a php file, the browser want to download it. Whats wrong?
</para>
<para>
A: You forgot to tell apache what to do with the php files. So the php files are not processed by the php engine.
To do so, add the application type like described in <xref linkend="build-php">
</para>
</listitem>
<listitem>
<para>
Q: Does this HOWTO also work on other platforms?
</para>
<para>
A: Not sure, Solaris should work, AIX and HP-UX do not. I did not got the time to try FreeBSD yet. My goal is to provide
a version of the HOWTO for all major Un*x platforms.
</para>
</listitem>
</itemizedlist>
<comment>
If you have question, I'll be glad to get it, and publish the most important here (anonymously)
</comment>
</sect1>
</article>
<!-- Keep this comment at the end of the file
Local variables:
mode: sgml
sgml-omittag:t
sgml-shorttag:t
sgml-namecase-general:t
sgml-general-insert-case:lower
sgml-minimize-attributes:nil
sgml-always-quote-attributes:t
sgml-indent-step:1
sgml-indent-data:nil
sgml-parent-document:nil
sgml-exposed-tags:nil
sgml-local-catalogs:nil
sgml-local-ecat-files:nil
End:
-->
View Git Blame Copy Permalink