CCL Home Page
Up Directory CCL READMET0L.txt
This is a log of my installation/Compilation of Apache DSO
with SSL, MM, and Tomcat3.0 (source distribution) under Linux RH 6.1
(i.e., for kernel 2.2.x). I had to use the source, since the
3.0 binary distribution has jserv module compiled without EAPI.

This stuff if based on INSTALL file which comes with mod_ssl
and on the 
  http://www.servlets.com/soapbox/techtips/
  December 8, 1999
  Install instructions for Apache 1.3.9 with Tomcat 3.0
by Jason Hunter.  

If you are outside US, please look into INSTALL which comes
with mod_ssl, since you do not need RSAREF and can use more
robust code [your 8) and apache configure will be different].

1) You actually may need a Korn shell to save yourself editing
   since some scripts require it. It is called Public Domain
   Korn shell, "pdksh". The easiest way is to get it as RPM from
       http://rufus.w3.org/
   for RH 6.1. Go to:
   http://rufus.w3.org/linux/RPM/redhat/6.1/i386/PByName.html
   click on  pdksh-5.2.14-1 and then do "Save Link to file" for the
   link "pdksh-5.2.14-1 RPM for i386".
   Copy the pdksh-5.2.14-1.i386.rpm to /usr/src/redhat/RPMS/i386
   cd /usr/src/redhat/RPMS/i386
   rpm -Uhv pdksh-5.2.14-1.i386.rpm

2) Install Java 1.2 under linx RH 6.1
   Note... Usually, you do not have Java installed. But with older
   Linuces, there were various ports to Java (e.g., Kaffe). You jave
   to remove them from your system. If you are not sure if you have
   java installed and in the path, just type 
     java
   and see what happens. If it says: java: command not found
   you are OK.
   Java -- took jdk1.2 from one of the mirrors of www.blackdown.org
           North America
     1.ftp://iodynamics.com/pub/mirror/linux-jdk/
     2.ftp://ftp.infomagic.com/pub/mirrors/linux/Java/
     3.ftp://metalab.unc.edu/pub/linux/devel/lang/java/blackdown.org/
     4.ftp://xfer.nitric.com/pub/java-linux
     5.http://xfer.nitric.com/pub/java-linux

   I actually took Release 4 from
   ftp://iodynamics.com/pub/mirror/linux-jdk/JDK-1.2.2/i386/rc4/
   What you need is a file:
     jdk-1.2.2-RC4-linux-i386-glibc-2.1.2.sh
   and placed it in my usual download directory: /usr/local/src/java
   Then I ran the self installing shell script as:

     chmod 755 \
       /usr/local/src/java/jdk-1.2.2-RC4-linux-i386-glibc-2.1.2.sh
     cd /usr/local
     /usr/local/src/java/jdk-1.2.2-RC4-linux-i386-glibc-2.1.2.sh

   It installed the JDK 1.2.2 in /usr/local/jdk1.2.2
   
4) Set your environment variables for Java (I am assuming you use
   some Bourne shell lookalike -- ksh or bash.

      JAVA_HOME=/usr/local/jdk1.2.2
      export JAVA_HOME
      PATH=/usr/local/bin:${JAVA_HOME}/bin:${PATH}
      export PATH
      CLASSPATH=${JAVA_HOME}/lib/tools.jar:${JAVA_HOME}/lib/dt.jar
      export CLASSPATH
      
5) Make top directory for Tomcat installation. I did
     /usr/local/apache_t3.0s but if you do some other, you
   need to remember to use it in the instructions below,
     mkdir /usr/local/apache_t3.0s
     
6) I also make a subdirectory sources to have all needed sources
   in one place. 
     mkdir /usr/local/apache_t3.0s/sources
     cd /usr/local/apache_t3.0s/sources
   place there tar files, and then unpack them as shown below:

  a) apache_1.3.11.tar.gz from http://www.apache.org/dist/
     gtar zxvf apache_1.3.11.tar.gz

  b) mod_ssl-2.5.0-1.3.11.tar.gz from http://www.modssl.org
	gtar zxvf mod_ssl-2.5.0-1.3.11.tar.gz

  c) openssl-0.9.4.tar.gz from http://www.openssl.org
     gtar zxvf openssl-0.9.4.tar.gz

  d) mm-1.0.12.tar.gz from http://www.engelschall.com/sw/mm/
     gtar zxvf mm-1.0.12.tar.gz

  e) rsaref20.tar.Z -- it is no longer distributed, and I got it
     from my private museum. It is available from many places
     on the Web outside US. Search the Web FOR RSAREF 2.0.
       mkdir rsaref-2.0
       cd rsaref-2.0
       gtar Zxvf ../rsaref20.tar.Z
       cd ..

  f) zipped sources for tomcat 3.0 from http://jakarta.apache.com
     http://jakarta.apache.org/builds/tomcat/release/v3.0/src/
       jakarta-tomcat.src.zip   15-Dec-1999 18:53   1.5M  
       jakarta-tools.src.zip    15-Dec-1999 18:53   1.2M  
       jakarta-watchdog.src.zip 15-Dec-1999 18:53   2.4M  
     I unzipped them as:
        cd /usr/local/apache_t3.0s/sources
        unzip jakarta-tomcat.src.zip
        unzip jakarta-tools.src.zip
        unzip jakarta-watchdog.src.zip

7) Compiled RSAREF library for openssl since we are in US and RSA has
   a patent, and we cannot use the decent implementation of crypto
   libraries. If you are in Europe, you can skip this thing.
     cd /usr/local/apache_t3.0s/sources/rsaref-2.0
     cp -rp install/unix local
     cd local
       edited makefile to have
         CC = gcc
	changed  all occurrances of cc --> $(CC)
       added -fPIC to CFLAGS
     make
     mv rsaref.a librsaref.a

8) Compiled the openssl [if you are in Europe, you need to
   check the mod_ssl INSTALL not to include RSAREF]

   cd /usr/local/apache_t3.0s/sources/openssl-0.9.4
   sh config \
    -L/usr/local/apache_t3.0s/sources/rsaref-2.0/local/rsaref -fPIC
   make
   make test

9) Compiled MM shared memory library
   cd /usr/local/apache_t3.0s/sources/mm-1.0.12
   ./configure --disable-shared
   make
   cd ..

10) Configured  mod_ssl
   cd /usr/local/apache_t3.0s/sources/mod_ssl-2.5.0-1.3.11
   EAPI_MM=../mm-1.0.12 \
     ./configure \
     --with-apache=/usr/local/apache_t3.0s/sources/apache_1.3.11

11) Configure and make and install Apache with DSO support:
   cd /usr/local/apache_t3.0s/sources/apache_1.3.11
   SSL_BASE=/usr/local/apache_t3.0s/sources/openssl-0.9.4 \
   RSA_BASE=/usr/local/apache_t3.0s/sources/rsaref-2.0/local \
   EAPI_MM=/usr/local/apache_t3.0s/sources/mm-1.0.12 \
   ./configure --prefix=/usr/local/apache_t3.0s \
               --enable-module=so \
               --enable-rule=SHARED_CORE \
               --enable-module=most \
               --enable-shared=max \
               --enable-module=ssl \
               --enable-shared=ssl
   
   make
   make certificate TYPE=custom
   make install


   My entries for certificates with 
          make certificate TYPE=custom
   were defaults, no passwords, and:
    STEP 0: R
    STEP 2:
     1. Country Name              [XY]:US
     2. State or Province Name    [Snake Desert]:Ohio
     3. Locality Name             [Snake Town]:Columbus
     4. Organization Name         [Snake Oil, Ltd]:OSC
     5. Organizational Unit Name  [Cer..Authority]:Gateway
     6. Common Name               [Snake Oil CA]:pse.ccl.net
     7. Email Address             [ca@snakeoil.dom]:jkl@ccl.net
     8. Certificate Validity      [365]:1000

    STEP 3: 3
    STEP 5:
     1. Country Name              [XY]:US
     2. State or Province Name    [Snake Desert]:Ohio
     3. Locality Name             [Snake Town]:Columbus 
     4. Organization Name         [Snake Oil, Ltd]:OSC
     5. Organizational Unit Name  [Webserver Team]:PSE
     6. Common Name               [www.snakeoil.dom]:pse.ccl.net
     7. Email Address             [www@snakeoil.dom]:jkl@ccl.net
     8. Certificate Validity      [365]:1001
    STEP 6: 3
    STEP 7:n
    STEP 8:n


12) edited a file in /usr/local/apache_t3.0s/conf/httpd.conf and
    added (actually uncommented):
      ServerName pse.ccl.net


13) Testing if Apache works:
    a) make sure other installation of apache is not running,
       or if it runs, it does not use port 80 and port 443.
       (do: ps auwx | grep httpd), and if httpd runs, kill it
       with its own apachectl script or just use (not recommended)
          killall httpd

    b) start apache with:
       /usr/local/apache_t3.0s/bin/apachectl startssl
       If you have warning, you have a problem, and try to
       do "exactly what I say" next time {:-)}.

    c) Use your browser (preferable on some other machine)
       and check if http: and https: work
       In my case, I tries URLs:
         http://pse.ccl.net/
       and
         https://pse.ccl.net/
       In the https case you should get a lot of windows
       which ask you for accepting the certificate.
       Just click Next to see if you can go through to the
       page.

    d) Stop apache, since you are not finshed yet.
       /usr/local/apache_t3.0s/bin/apachectl stop

14) Compiled mod_jserv.so included in jakarta-tomcat zip archive.
    cd /usr/local/apache_t3.0s/sources
    cd jakarta-tomcat/src/native/apache/jserv
    /usr/local/apache_t3.0s/bin/apxs -c mod_jserv.c jserv*.c 
    cp mod_jserv.so /usr/local/apache_t3.0s/libexec
    

15) Building and installing tomcat

      cd /usr/local/apache_t3.0s/sources/jakarta-tomcat
      chmod 755 build.sh
      ./build.sh

16) Starting stand alone tomcat and testing:

      cd /usr/local/apache_t3.0s/sources/build/tomcat
      ./startup.sh
      
    In my browser I called:
      http://pse.ccl.net:8080/
    and it gave me the Tomcat examples page. Examples worked, so I shut down.

      ./shutdown.sh

17) Added tomcat.conf to httpd.conf by adding a line:
     Include /usr/local/apache_t3.0s/sources/build/tomcat/etc/tomcat.conf
    at the end of /usr/local/apache_t3.0s/conf/httpd.conf


18) Edited the apachectl in /usr/local/apache_t3.0s/bin 
    and created apache-tomcat to start tomcat/apache
    
      a) At the beginning added, just after "END CONFIGURATION SECTION"
         I added:

         TOMCAT_HOME=/usr/local/apache_t3.0s/sources/build/tomcat
         export TOMCAT_HOME
         JAVA_HOME=/usr/local/jdk1.2.2
         export JAVA_HOME
         PATH=$JAVA_HOME/bin:${PATH}
         export PATH

      b) under case startssl added 2 lines after: if $HTTPD -DSSL; then

           cd $TOMCAT_HOME
          ./startup.sh
         

      c) under case stop added 2 lines after:  if kill $PID ; then
 
           cd $TOMCAT_HOME
          ./shutdown.sh

      d) changed apache-tomcat to executable :
          chmod 755 /usr/local/apache_t3.0s/bin/apache-tomcat

      e) allow log writing for group nobody
         cd /usr/local/apache_t3.0s/logs
         chmod g+w *
         chgrp nobody *
         chmod g+rwx .
         chgrp nobody .


19) Started the apache/tomcat as:
       /usr/local/apache_t3.0s/bin/apache-tomcat startssl

    and checked if http://pse.ccl.net/examples and
    https://pse.ccl.net/examples worked. They did, so I killed the
    server with:
	/usr/local/apache_t3.0s/bin/apache-tomcat stop



    

Modified: Wed Feb 2 15:39:35 2000 GMT
Page accessed 12579 times since Sun Feb 6 12:34:11 2000 GMT