Apache Compile
by Ramses Soto-Navarro ramses@sotosystems.com, 10/5/2021
Overview
Dependencies
Firewall
Download and Extract
OpenSSL Compile
Revert OpenSSL
Apache Compile
Tomcat Connectors
Apache Modules
Apache Startup Scripts
Apache Enable
Apache Verify
Overview
Brief notes about installing the latest compile of Apache and OpenSSL. This compile was done on SUSE 15 SP3. Audience is experienced Linux SysAdmins.
# cat /etc/*release* NAME="SLES" VERSION="15-SP3" VERSION_ID="15.3" PRETTY_NAME="SUSE Linux Enterprise Server 15 SP3"
Dependencies
Install OS dependencies.
# zypper ref # zypper install gcc gcc-c++ lua53-devel openldap2-devel libjansson-devel libcurl-devel libtool w3m libgcrypt-devel apr-devel apr-util-devel libexpat-devel pcre-devel makedepend insserv-compat apache2-devel # ldconfig
Firewall
Set permanent firewall rules.
# firewall-cmd --get-active-zones # firewall-cmd --list-all --zone=internal # firewall-cmd --zone=internal --permanent --add-service=http # firewall-cmd --zone=internal --permanent --add-service=https # firewall-cmd --reload
Download and Extract
Download latest versions of OpenSSL, Apache and Tomcat Connectors.
# mkdir -p /usr/src/apache # cd /usr/src/apache # wget http://test-repo1/pub/apache/openssl-1.1.1h.tar.gz # wget http://test-repo1/pub/apache/httpd-2.4.46.tar.bz2 # wget http://test-repo1/pub/apache/tomcat-connectors-1.2.48-src.tar.gz # tar zxf *.gz # tar jxf *.bz2
OpenSSL Compile
Compile and install OpenSSL, overwriting existing. NOTE: first stop all applications in memory. Also log out all SSH connections:
# systemctl stop apache2 # systemctl stop sshd # ps aux | grep ssh # cd /usr/src/openssl-1.1.1h # make clean # ./config no-shared no-pinshared --prefix=/usr --openssldir=/etc/ssl CC="clang" | tee config.txt # make | tee make.txt # make install | tee make-install.txt # ldconfig # openssl version # systemctl start sshd # systemctl status sshd
NOTE: Verify that sshd works. Some compiles of openssl crash sshd.
Revert OpenSSL
Sometimes OpenSSL breaks other software. In order to revert quickly:
# zypper in -f libopenssl1_1 libxmlsec1-openssl1 openssl-1_1 openssl # openssl version # systemctl restart sshd # systemctl status sshd
Apache Compile
Compile and install Apache.
# systemctl stop apache2 # cd /usr/src/httpd-2.4.41 # vi config.layout <Layout SuSE> prefix: /usr exec_prefix: ${prefix} bindir: ${prefix}/bin sbindir: ${prefix}/sbin libdir: ${prefix}/lib64 libexecdir: ${prefix}/lib64/apache2 mandir: ${prefix}/share/man sysconfdir: /etc/apache2 datadir: /srv/www installbuilddir: ${datadir}/build errordir: ${datadir}/error iconsdir: ${datadir}/icons htdocsdir: ${datadir}/htdocs manualdir: ${datadir}/manual cgidir: ${datadir}/cgi-bin includedir: ${prefix}/include/apache2 localstatedir: /var/lib/apache2 runtimedir: /var/run logfiledir: /var/log/apache2 proxycachedir: /var/cache/apache2 </Layout> # dos2unix config.layout
# make clean # ./configure --enable-layout="SuSE" --enable-modules="all" --enable-mods-shared="all" --enable-ssl --enable-mpms-shared="all" --with-mpm="worker" --enable-imagemap | tee configure.txt # make | tee make.txt # make install | tee make-install.txt # ldconfig # systemctl start apache2 # systemctl status apache2 # apachectl -V # apachectl -t
Tomcat Connectors
Compile and install the Tomcat Jakarta connectors.
# cd /usr/src/tomcat-connectors-1.2.46-src/native # ./configure --with-apxs=/usr/bin/apxs # make # make install # libtool --finish /usr/lib64/apache2 # vi /etc/apache2/httpd.conf
Apache Modules
Enable loading of the modules.
# vi /etc/apache2/httpd.conf ... LoadModule mpm_worker_module lib64/apache2/mod_mpm_worker.so LoadModule asis_module lib64/apache2/mod_asis.so LoadModule authz_host_module lib64/apache2/mod_authz_host.so LoadModule cgid_module lib64/apache2/mod_cgid.so LoadModule include_module lib64/apache2/mod_include.so #LoadModule mpm_prefork_module lib64/apache2/mod_mpm_prefork.so LoadModule negotiation_module lib64/apache2/mod_negotiation.so LoadModule rewrite_module lib64/apache2/mod_rewrite.so LoadModule ssl_module lib64/apache2/mod_ssl.so LoadModule userdir_module lib64/apache2/mod_userdir.so JkShmFile /var/log/apache2/jk-runtime-status.log JkLogFile /var/log/apache2/mod_jk.log LoadModule jk_module lib64/apache2/mod_jk.so
Apache Startup Scripts
Manually create and enable the Apache start script, both SysV and systemd versions.
# vi /etc/init.d/apache2 #!/bin/bash # ### Edited by Ramses Soto-Navarro ramses@sotosystems.com 10/30/2020 ### BEGIN INIT INFO # Provides: Apache 2.4.46 # Required-Start: $syslog $remote_fs # Should-Start: $time # Required-Stop: $syslog # Should-Stop: # Default-Start: 3 5 # Default-Stop: 0 1 2 6 # Short-Description: Apache 2.4.46 daemon # Description: Start Apache 2.4.46 ### END INIT INFO name="Apache2" bin="/usr/sbin/httpd" pid="/var/run/httpd.pid" cfg="/etc/apache2/httpd.conf" . /etc/rc.status rc_reset case "$1" in start) echo -n "Starting $name: " /sbin/startproc $bin rc_status -v ;; stop) echo -n "Shutting down $name: " /sbin/killproc -TERM $bin rc_status -v ;; restart) $0 stop $0 start ;; reload) echo -n "Reloading $name: " /sbin/killproc -HUP $bin rc_status -v ;; status) echo -n "Status of $name: " /sbin/checkproc $bin rc_status -v ;; *) echo "Usage: $0 {start|stop|restart|reload|status}" exit 1 ;; esac echo "" # vi /usr/lib/systemd/system/apache2.service [Unit] Description=Apache Web Server After=network.target remote-fs.target nss-lookup.target [Service] Type=forking PIDFile=/var/run/httpd.pid ExecStart=/usr/sbin/apachectl start ExecStop=/usr/sbin/apachectl graceful-stop ExecReload=/usr/sbin/apachectl graceful PrivateTmp=true LimitNOFILE=infinity [Install] WantedBy=multi-user.target # chmod 0750 /etc/init.d/apache2 # chown root.root /etc/init.d/apache2
Apache Enable
Enable Apache upon restart; check status.
# systemctl enable apache2.service # chkconfig # systemctl start apache2.service # systemctl status apache2.service ◠apache2.service - Apache Web Server Loaded: loaded (/usr/lib/systemd/system/apache2.service; enabled; vendor preset: disabled) Active: active (running) since Thu 2020-10-29 01:43:43 EDT; 2s ago Process: 856 ExecStart=/usr/sbin/apachectl start (code=exited, status=0/SUCCESS) Main PID: 859 (httpd) Tasks: 82 (limit: 4915) CGroup: /system.slice/apache2.service ├─859 /usr/sbin/httpd -k start ├─860 /usr/sbin/httpd -k start ├─861 /usr/sbin/httpd -k start └─862 /usr/sbin/httpd -k start Oct 29 01:43:43 suse15 systemd[1]: Starting Apache Web Server... Oct 29 01:43:43 suse15 systemd[1]: apache2.service: PID file /var/run/httpd.pid not readable (yet?) after start: No such file or directory Oct 29 01:43:43 suse15 systemd[1]: Started Apache Web Server.
Apache Verify
Verify listening port, modules, compiles:
# ss -ltn | grep 80 LISTEN 0 128 *:80 *:* testwww-temp:~ # apachectl -M | sort access_compat_module (shared) actions_module (shared) alias_module (shared) asis_module (shared) auth_basic_module (shared) authn_core_module (shared) authn_file_module (shared) authz_core_module (shared) authz_groupfile_module (shared) authz_host_module (shared) authz_user_module (shared) autoindex_module (shared) cgid_module (shared) core_module (static) dir_module (shared) env_module (shared) filter_module (shared) headers_module (shared) http_module (static) imagemap_module (shared) include_module (shared) jk_module (shared) log_config_module (shared) mime_module (shared) mpm_worker_module (shared) negotiation_module (shared) reqtimeout_module (shared) rewrite_module (shared) setenvif_module (shared) so_module (static) ssl_module (shared) status_module (shared) unixd_module (shared) userdir_module (shared) version_module (shared) # httpd -l Compiled in modules: core.c mod_so.c http_core.c # apachectl -V Server version: Apache/2.4.46 (Unix) Server built: Oct 29 2020 01:12:28 Server's Module Magic Number: 20120211:93 Server loaded: APR 1.6.3, APR-UTIL 1.6.1 Compiled using: APR 1.6.3, APR-UTIL 1.6.1 Architecture: 64-bit Server MPM: worker threaded: yes (fixed thread count) forked: yes (variable process count) Server compiled with.... -D APR_HAS_SENDFILE -D APR_HAS_MMAP -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled) -D APR_USE_PROC_PTHREAD_SERIALIZE -D APR_USE_PTHREAD_SERIALIZE -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT -D APR_HAS_OTHER_CHILD -D AP_HAVE_RELIABLE_PIPED_LOGS -D DYNAMIC_MODULE_LIMIT=256 -D HTTPD_ROOT="/usr" -D SUEXEC_BIN="/usr/bin/suexec" -D DEFAULT_PIDLOG="/var/run/httpd.pid" -D DEFAULT_SCOREBOARD="logs/apache_runtime_status" -D DEFAULT_ERRORLOG="logs/error_log" -D AP_TYPES_CONFIG_FILE="/etc/apache2/mime.types" -D SERVER_CONFIG_FILE="/etc/apache2/httpd.conf" # apachectl -t Syntax OK # w3m http://localhost
Enable the Apache server status page in order to get a web status.
# vi /etc/apache2/extra/httpd-info.conf. <Location /server-status> SetHandler server-status Require host myhost.example.com Require ip 10 </Location> <Location /server-info> SetHandler server-info Require host myhost.example.com </Location> # systemctl restart apache2
Open the following to verify:
# curl -I http://myhost.example.com # w3m http://myhost.example.com/server-status # w3m http://myhost.example.com/server-info
The End.