Soto Systems LLC

by Ramses Soto-Navarro ramses@sotosystems.com, 10/5/2021

Overview
Dependencies
Firewall
Download and Extract
OpenSSL Compile
Revert OpenSSL
Apache Compile
Tomcat Connectors
Apache Modules
Apache Startup Scripts
Apache Enable
Apache Verify

Overview

Brief notes about installing the latest compile of Apache and OpenSSL. This compile was done on SUSE 15 SP3. Audience is experienced Linux SysAdmins.

# cat /etc/*release*
NAME="SLES"
VERSION="15-SP3"
VERSION_ID="15.3"
PRETTY_NAME="SUSE Linux Enterprise Server 15 SP3"

Dependencies

Install OS dependencies.

# zypper ref

# zypper install gcc gcc-c++ lua53-devel openldap2-devel libjansson-devel libcurl-devel libtool w3m
libgcrypt-devel apr-devel apr-util-devel libexpat-devel pcre-devel makedepend insserv-compat apache2-devel

# ldconfig

Firewall

Set permanent firewall rules.

# firewall-cmd --get-active-zones
# firewall-cmd --list-all --zone=internal
# firewall-cmd --zone=internal --permanent --add-service=http
# firewall-cmd --zone=internal --permanent --add-service=https
# firewall-cmd --reload

Download and Extract

Download latest versions of OpenSSL, Apache and Tomcat Connectors.

# mkdir -p /usr/src/apache
# cd /usr/src/apache
# wget http://test-repo1/pub/apache/openssl-1.1.1h.tar.gz
# wget http://test-repo1/pub/apache/httpd-2.4.46.tar.bz2
# wget http://test-repo1/pub/apache/tomcat-connectors-1.2.48-src.tar.gz
# tar zxf *.gz
# tar jxf *.bz2

OpenSSL Compile

Compile and install OpenSSL, overwriting existing. NOTE: first stop all applications in memory. Also log out all SSH connections:

# systemctl stop apache2
# systemctl stop sshd
# ps aux | grep ssh
# cd /usr/src/openssl-1.1.1h
# make clean
# ./config no-shared no-pinshared --prefix=/usr --openssldir=/etc/ssl CC="clang" | tee config.txt
# make | tee make.txt
# make install | tee make-install.txt
# ldconfig
# openssl version
# systemctl start sshd
# systemctl status sshd

NOTE: Verify that sshd works. Some compiles of openssl crash sshd.

Revert OpenSSL

Sometimes OpenSSL breaks other software. In order to revert quickly:

# zypper in -f libopenssl1_1 libxmlsec1-openssl1 openssl-1_1 openssl
# openssl version
# systemctl restart sshd
# systemctl status sshd

Apache Compile

Compile and install Apache.

# systemctl stop apache2
# cd /usr/src/httpd-2.4.41
# vi config.layout
<Layout SuSE>
    prefix:        /usr
    exec_prefix:   ${prefix}
    bindir:        ${prefix}/bin
    sbindir:       ${prefix}/sbin
    libdir:        ${prefix}/lib64
    libexecdir:    ${prefix}/lib64/apache2
    mandir:        ${prefix}/share/man
    sysconfdir:    /etc/apache2
    datadir:       /srv/www
    installbuilddir: ${datadir}/build
    errordir:      ${datadir}/error
    iconsdir:      ${datadir}/icons
    htdocsdir:     ${datadir}/htdocs
    manualdir:     ${datadir}/manual
    cgidir:        ${datadir}/cgi-bin
    includedir:    ${prefix}/include/apache2
    localstatedir: /var/lib/apache2
    runtimedir:    /var/run
    logfiledir:    /var/log/apache2
    proxycachedir: /var/cache/apache2
</Layout>

# dos2unix config.layout

# make clean
# ./configure --enable-layout="SuSE" --enable-modules="all" --enable-mods-shared="all"
--enable-ssl --enable-mpms-shared="all" --with-mpm="worker" --enable-imagemap | tee configure.txt
# make | tee make.txt
# make install | tee make-install.txt
# ldconfig
# systemctl start apache2
# systemctl status apache2
# apachectl -V
# apachectl -t

Tomcat Connectors

Compile and install the Tomcat Jakarta connectors.

# cd /usr/src/tomcat-connectors-1.2.46-src/native
# ./configure --with-apxs=/usr/bin/apxs
# make
# make install

# libtool --finish /usr/lib64/apache2

# vi /etc/apache2/httpd.conf

Apache Modules

Enable loading of the modules.

# vi /etc/apache2/httpd.conf
...
LoadModule mpm_worker_module lib64/apache2/mod_mpm_worker.so
LoadModule asis_module lib64/apache2/mod_asis.so
LoadModule authz_host_module lib64/apache2/mod_authz_host.so
LoadModule cgid_module lib64/apache2/mod_cgid.so
LoadModule include_module lib64/apache2/mod_include.so
#LoadModule mpm_prefork_module lib64/apache2/mod_mpm_prefork.so
LoadModule negotiation_module lib64/apache2/mod_negotiation.so
LoadModule rewrite_module lib64/apache2/mod_rewrite.so
LoadModule ssl_module lib64/apache2/mod_ssl.so
LoadModule userdir_module lib64/apache2/mod_userdir.so

JkShmFile /var/log/apache2/jk-runtime-status.log
JkLogFile /var/log/apache2/mod_jk.log
LoadModule jk_module lib64/apache2/mod_jk.so

Apache Startup Scripts

Manually create and enable the Apache start script, both SysV and systemd versions.

# vi /etc/init.d/apache2

#!/bin/bash
#
### Edited by Ramses Soto-Navarro ramses@sotosystems.com 10/30/2020

### BEGIN INIT INFO
# Provides:          Apache 2.4.46
# Required-Start:    $syslog $remote_fs
# Should-Start:      $time
# Required-Stop:     $syslog
# Should-Stop:
# Default-Start:     3 5
# Default-Stop:      0 1 2 6
# Short-Description: Apache 2.4.46 daemon
# Description:       Start Apache 2.4.46
### END INIT INFO

name="Apache2"
bin="/usr/sbin/httpd"
pid="/var/run/httpd.pid"
cfg="/etc/apache2/httpd.conf"

. /etc/rc.status

rc_reset

case "$1" in
        start)
                echo -n "Starting $name: "
                /sbin/startproc $bin
                rc_status -v
                ;;
        stop)
                echo -n "Shutting down $name: "
                /sbin/killproc -TERM $bin
                rc_status -v
                ;;
        restart)
                $0 stop
                $0 start
                ;;
        reload)
                echo -n "Reloading $name: "
                /sbin/killproc -HUP $bin
                rc_status -v
                ;;
        status)
                echo -n "Status of $name: "
                /sbin/checkproc $bin
                rc_status -v
                ;;
      *)
                echo "Usage: $0 {start|stop|restart|reload|status}"
                exit 1
                ;;
esac

echo ""

# vi /usr/lib/systemd/system/apache2.service 

[Unit]
Description=Apache Web Server
After=network.target remote-fs.target nss-lookup.target

[Service]
Type=forking
PIDFile=/var/run/httpd.pid
ExecStart=/usr/sbin/apachectl start
ExecStop=/usr/sbin/apachectl graceful-stop
ExecReload=/usr/sbin/apachectl graceful
PrivateTmp=true
LimitNOFILE=infinity

[Install]
WantedBy=multi-user.target

# chmod 0750 /etc/init.d/apache2
# chown root.root /etc/init.d/apache2

Apache Enable

Enable Apache upon restart; check status.

# systemctl enable apache2.service

# chkconfig

# systemctl start apache2.service

# systemctl status apache2.service

● apache2.service - Apache Web Server
   Loaded: loaded (/usr/lib/systemd/system/apache2.service; enabled; vendor preset: disabled)
   Active: active (running) since Thu 2020-10-29 01:43:43 EDT; 2s ago
  Process: 856 ExecStart=/usr/sbin/apachectl start (code=exited, status=0/SUCCESS)
 Main PID: 859 (httpd)
    Tasks: 82 (limit: 4915)
   CGroup: /system.slice/apache2.service
           ├─859 /usr/sbin/httpd -k start
           ├─860 /usr/sbin/httpd -k start
           ├─861 /usr/sbin/httpd -k start
           └─862 /usr/sbin/httpd -k start

Oct 29 01:43:43 suse15 systemd[1]: Starting Apache Web Server...
Oct 29 01:43:43 suse15 systemd[1]: apache2.service: PID file /var/run/httpd.pid not readable (yet?) after start: No such file or directory
Oct 29 01:43:43 suse15 systemd[1]: Started Apache Web Server.

Apache Verify

Verify listening port, modules, compiles:

# ss -ltn | grep 80
LISTEN     0      128          *:80                       *:*      

testwww-temp:~ # apachectl -M | sort
 access_compat_module (shared)
 actions_module (shared)
 alias_module (shared)
 asis_module (shared)
 auth_basic_module (shared)
 authn_core_module (shared)
 authn_file_module (shared)
 authz_core_module (shared)
 authz_groupfile_module (shared)
 authz_host_module (shared)
 authz_user_module (shared)
 autoindex_module (shared)
 cgid_module (shared)
 core_module (static)
 dir_module (shared)
 env_module (shared)
 filter_module (shared)
 headers_module (shared)
 http_module (static)
 imagemap_module (shared)
 include_module (shared)
 jk_module (shared)
 log_config_module (shared)
 mime_module (shared)
 mpm_worker_module (shared)
 negotiation_module (shared)
 reqtimeout_module (shared)
 rewrite_module (shared)
 setenvif_module (shared)
 so_module (static)
 ssl_module (shared)
 status_module (shared)
 unixd_module (shared)
 userdir_module (shared)
 version_module (shared)

# httpd -l
Compiled in modules:
  core.c
  mod_so.c
  http_core.c

# apachectl -V
Server version: Apache/2.4.46 (Unix)
Server built:   Oct 29 2020 01:12:28
Server's Module Magic Number: 20120211:93
Server loaded:  APR 1.6.3, APR-UTIL 1.6.1
Compiled using: APR 1.6.3, APR-UTIL 1.6.1
Architecture:   64-bit
Server MPM:     worker
  threaded:     yes (fixed thread count)
    forked:     yes (variable process count)
Server compiled with....
 -D APR_HAS_SENDFILE
 -D APR_HAS_MMAP
 -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)
 -D APR_USE_PROC_PTHREAD_SERIALIZE
 -D APR_USE_PTHREAD_SERIALIZE
 -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
 -D APR_HAS_OTHER_CHILD
 -D AP_HAVE_RELIABLE_PIPED_LOGS
 -D DYNAMIC_MODULE_LIMIT=256
 -D HTTPD_ROOT="/usr"
 -D SUEXEC_BIN="/usr/bin/suexec"
 -D DEFAULT_PIDLOG="/var/run/httpd.pid"
 -D DEFAULT_SCOREBOARD="logs/apache_runtime_status"
 -D DEFAULT_ERRORLOG="logs/error_log"
 -D AP_TYPES_CONFIG_FILE="/etc/apache2/mime.types"
 -D SERVER_CONFIG_FILE="/etc/apache2/httpd.conf"

# apachectl -t
Syntax OK

# w3m http://localhost

Enable the Apache server status page in order to get a web status.

# vi /etc/apache2/extra/httpd-info.conf. 

<Location /server-status>
    SetHandler server-status
    Require host myhost.example.com
    Require ip 10
</Location>

<Location /server-info>
    SetHandler server-info
    Require host myhost.example.com
</Location>

# systemctl restart apache2

Open the following to verify:

# curl -I http://myhost.example.com
# w3m http://myhost.example.com/server-status
# w3m http://myhost.example.com/server-info

The End.