CCL Home Page
Up Directory CCL READMET3.1LRH6.2.txt
This is a log of my installation/Compilation of Apache DSO
with SSL, MM, and Tomcat 3.1 (source distribution) under Linux RH 6.2
(with all updates through Apr 24 applied).
(i.e., for kernel 2.2.x). 

You may want to read my FAQ on Tomcat 3.1 beta 1. since it will be
easier to follow this installation log. It is available at:
   http://www.ccl.net/cca/software/UNIX/apache/tomcat3.1b1-faq.html

This stuff if based on INSTALL file which comes with mod_ssl
and on the 
  http://www.servlets.com/soapbox/techtips/
  December 8, 1999
  "Install instructions for Apache 1.3.9 with Tomcat 3.0"
by Jason Hunter.  

If you are outside US, please look into INSTALL which comes
with mod_ssl, since you do not need RSAREF and can use more
robust code [your 8) and apache configure will be different].


1) I install all tarballs to into /usr/local/updates 
   


2) Install Java 1.2 under linx RH 6.1
   Note... Usually, you do not have Java installed. But with older
   Linuces, there were various ports to Java (e.g., Kaffe). You have
   to remove them from your system. If you are not sure if you have
   java installed and in the path, just type 
     java
   and see what happens. If it says: java: command not found
   you are OK.
   Java -- took jdk1.2 from one of the mirrors of www.blackdown.org
           North America
     1.ftp://iodynamics.com/pub/mirror/linux-jdk/
     2.ftp://ftp.infomagic.com/pub/mirrors/linux/Java/
     3.ftp://metalab.unc.edu/pub/linux/devel/lang/java/blackdown.org/
     4.ftp://xfer.nitric.com/pub/java-linux
     5.http://xfer.nitric.com/pub/java-linux
   There is also JDK for linux available from Sun, in:
   http://java.sun.com/products/jdk/1.2/download-linux.html
   It is supposedly suitable for older Linux kernel. I do not know.
   I used RH6.1 and blackdown 1.2.2_RC4.

   I previously was taking Blackdown Release 4 from
   ftp://iodynamics.com/pub/mirror/linux-jdk/JDK-1.2.2/i386/rc4/
   What you need is a file:
     jdk-1.2.2-RC4-linux-i386-glibc-2.1.2.sh
   This time, I decided to try Sun port to linux which is available
    from http://www.javasoft.com/
   I placed the
        21580986 jdk1_2_2-linux-i386.tar.gz
   in /usr/local/updates
   
   I unpacked it as:
       tar zxvf jdk1_2_2-linux-i386.tar.gz
   cd jdk1.2.2
   I read README file, 
   and in web browser followed the instructions from:
     http://java.sun.com/products/jdk/1.2/install-linux.html

   then I decided to move the whole directory tree jdk1.2.2 to /usr/local
     cd /usr/local
     mv /usr/local/updates/jdk1.2.2 jdk1.2.2

   It installed the JDK 1.2.2 in /usr/local/jdk1.2.2
   
4) Set your environment variables for Java (I am assuming you use
   some Bourne shell lookalike -- ksh or bash.

      JAVA_HOME=/usr/local/jdk1.2.2
      export JAVA_HOME
      PATH=/usr/local/bin:${JAVA_HOME}/bin:${PATH}
      export PATH
      CLASSPATH=${JAVA_HOME}/lib/tools.jar:${JAVA_HOME}/lib/dt.jar
      export CLASSPATH
      
5) Make top directory for Tomcat installation. I did
     /usr/local/apache_t3.1 but if you do some other, you
   need to remember to use it in the instructions below,
     mkdir /usr/local/apache_t3.1
     
6) I also make a subdirectory sources to have all needed sources
   in one place. 
     mkdir /usr/local/apache_t3.1/sources
     cd /usr/local/apache_t3.1/sources

   place there tar files, and then unpack them as shown below:

  a)  wget http://www.apache.org/dist/apache_1.3.12.tar.gz 
     apache_1.3.12.tar.gz from http://www.apache.org/dist/
     gtar zxvf apache_1.3.12.tar.gz

  b) mod_ssl-2.6.3-1.3.12.tar.gz from http://www.modssl.org
     wget http://www.modssl.org/source/mod_ssl-2.6.3-1.3.12.tar.gz

	gtar zxvf mod_ssl-2.6.3-1.3.12.tar.gz

  c) openssl-0.9.5a.tar.gz from http://www.openssl.org
     wget http://www.openssl.org/source/openssl-0.9.5a.tar.gz
     gtar zxvf openssl-0.9.5a.tar.gz

  d) mm-1.0.12.tar.gz from http://www.engelschall.com/sw/mm/
     wget http://www.engelschall.com/sw/mm/mm-1.0.12.tar.gz
     gtar zxvf mm-1.0.12.tar.gz

  e) rsaref20.tar.Z -- it is no longer distributed, and I got it
     from my private museum. It is available from many places
     on the Web outside US. Search the Web FOR RSAREF 2.0.
       mkdir rsaref-2.0
       cd rsaref-2.0
       gtar Zxvf ../rsaref20.tar.Z
       cd ..

  f) tar.gz sources for tomcat 3.1 beta 1 from
        cd /usr/local/apache_t3.1/sources

wget http://jakarta.apache.org/builds/tomcat/release/v3.1/src/jakarta-ant.tar.gz 
wget http://jakarta.apache.org/builds/tomcat/release/v3.1/src/jakarta-taglibs.tar.gz  
wget http://jakarta.apache.org/builds/tomcat/release/v3.1/src/jakarta-tomcat.tar.gz 
wget http://jakarta.apache.org/builds/tomcat/release/v3.1/src/jakarta-tools.tar.gz
wget http://jakarta.apache.org/builds/tomcat/release/v3.1/src/jakarta-watchdog.zip 

    I untarred them as:
        cd /usr/local/apache_t3.1/sources
        gtar zxvf jakarta-ant.tar.gz 
        gtar zxvf jakarta-taglibs.tar.gz  
        gtar zxvf jakarta-tomcat.tar.gz 
        gtar zxvf jakarta-tools.tar.gz
        unzip jakarta-watchdog.zip 

7) Compiled RSAREF library for openssl since we are in US and RSA has
   a patent, and we cannot use the decent implementation of crypto
   libraries. If you are in Europe, you can skip this thing.
     cd /usr/local/apache_t3.1/sources/rsaref-2.0
     cp -rp install/unix local
     cd local
       edited makefile to have
         CC = gcc
	changed  all occurrances of cc --> $(CC)
       added -fPIC to CFLAGS
     make
     mv rsaref.a librsaref.a

8) Compiled the openssl [if you are in Europe, you need to
   check the mod_ssl INSTALL not to include RSAREF]

   cd /usr/local/apache_t3.1/sources/openssl-0.9.5a
   sh config \
    -L /usr/local/apache_t3.1/sources/rsaref-2.0/local/rsaref -fPIC
   make
   make test

9) Compiled MM shared memory library
   cd /usr/local/apache_t3.1/sources/mm-1.0.12
   ./configure --disable-shared
   make
   cd ..

10) Configured  mod_ssl
   cd /usr/local/apache_t3.1/sources/mod_ssl-2.6.3-1.3.12
   EAPI_MM=../mm-1.0.12 \
     ./configure \
     --with-apache=/usr/local/apache_t3.1/sources/apache_1.3.12

11) Configure and make and install Apache with DSO support:
   cd /usr/local/apache_t3.1/sources/apache_1.3.12
   SSL_BASE=/usr/local/apache_t3.1/sources/openssl-0.9.5a \
   RSA_BASE=/usr/local/apache_t3.1/sources/rsaref-2.0/local \
   EAPI_MM=/usr/local/apache_t3.1/sources/mm-1.0.12 \
   ./configure --prefix=/usr/local/apache_t3.1 \
               --enable-module=so \
               --enable-rule=SHARED_CORE \
               --enable-module=most \
               --enable-shared=max \
               --enable-module=ssl \
               --enable-shared=ssl
   
   make
   make certificate TYPE=custom
   make install


   My entries for certificates with 
          make certificate TYPE=custom
   were defaults, no passwords, and:
    STEP 0: R
    STEP 2:
     1. Country Name              [XY]:US
     2. State or Province Name    [Snake Desert]:Ohio
     3. Locality Name             [Snake Town]:Columbus
     4. Organization Name         [Snake Oil, Ltd]:OSC
     5. Organizational Unit Name  [Cer..Authority]:Gateway
     6. Common Name               [Snake Oil CA]:pse.ccl.net
     7. Email Address             [ca@snakeoil.dom]:jkl@ccl.net
     8. Certificate Validity      [365]:1000

    STEP 3: 3
    STEP 5:
     1. Country Name              [XY]:US
     2. State or Province Name    [Snake Desert]:Ohio
     3. Locality Name             [Snake Town]:Columbus 
     4. Organization Name         [Snake Oil, Ltd]:OSC
     5. Organizational Unit Name  [Webserver Team]:PSE
     6. Common Name               [www.snakeoil.dom]:pse.ccl.net
     7. Email Address             [www@snakeoil.dom]:jkl@ccl.net
     8. Certificate Validity      [365]:1001
    STEP 6: 3
    STEP 7:n
    STEP 8:n


12) edited a file in /usr/local/apache_t3.1/conf/httpd.conf and
    added (actually uncommented):
      ServerName pse.ccl.net


13) Testing if Apache works:
    a) make sure other installation of apache is not running,
       or if it runs, it does not use port 80 and port 443.
       (do: ps auwx | grep httpd), and if httpd runs, kill it
       with its own apachectl script or just use (not recommended)
          killall httpd

    b) start apache with:
       /usr/local/apache_t3.1/bin/apachectl startssl
       If you have warning, you have a problem, and try to
       do "exactly what I say" next time {:-)}.

    c) Use your browser (preferable on some other machine)
       and check if http: and https: work
       In my case, I tries URLs:
         http://pse.ccl.net/
       and
         https://pse.ccl.net/
       In the https case you should get a lot of windows
       which ask you for accepting the certificate.
       Just click Next to see if you can go through to the
       page.

    d) Stop apache, since you are not finshed yet.
       /usr/local/apache_t3.1/bin/apachectl stop

14) Compiled mod_jserv.so included in jakarta-tomcat zip archive.

    cd /usr/local/apache_t3.1/sources
    cd jakarta-tomcat/src/native/apache/jserv
    /usr/local/apache_t3.1/bin/apxs -c mod_jserv.c jserv*.c 
    cp mod_jserv.so /usr/local/apache_t3.1/libexec
    

15) Building and installing tomcat

      cd /usr/local/apache_t3.1/sources/jakarta-ant
      ./bootstrap.sh
      ./build.sh
      PATH=${PATH}:/usr/local/apache_t3.1/sources/jakarta-ant/bin
      export PATH
      ANT_HOME=/usr/local/apache_t3.1/sources/jakarta-ant
      export ANT_HOME
      cd /usr/local/apache_t3.1/sources/jakarta-tomcat
      ./build.sh

16) Starting stand alone tomcat and testing:

    cd /usr/local/apache_t3.1/sources/build/tomcat/bin

    edited startup.sh to be:
-------------------- cut start --------------
#!/bin/sh
# original comments which where there 

JAVA_HOME=/usr/local/jdk1.2.2
export JAVA_HOME
PATH=/usr/local/bin:${JAVA_HOME}/bin:${PATH}
PATH=${PATH}:/usr/local/apache_t3.1/sources/build/tomcat/bin
export PATH
CLASSPATH=${JAVA_HOME}/lib/tools.jar:${JAVA_HOME}/lib/dt.jar
export CLASSPATH

BASEDIR=/usr/local/apache_t3.1/sources/build/tomcat/bin
export BASEDIR

$BASEDIR/tomcat.sh start "$@"
-------------------- cut end --------------

    edited shutdown.sh to be:

-------------------- cut start --------------
#!/bin/sh
# original comments which where there 

JAVA_HOME=/usr/local/jdk1.2.2
export JAVA_HOME
PATH=/usr/local/bin:${JAVA_HOME}/bin:${PATH}
PATH=${PATH}:/usr/local/apache_t3.1/sources/build/tomcat/bin
export PATH
CLASSPATH=${JAVA_HOME}/lib/tools.jar:${JAVA_HOME}/lib/dt.jar
export CLASSPATH
BASEDIR=/usr/local/apache_t3.1/sources/build/tomcat/bin
export BASEDIR

$BASEDIR/tomcat.sh stop "$@"
-------------------- cut end --------------

    Then I did: 

      ./startup.sh
      
    In my browser I called:
      http://pse.ccl.net:8080/
    and it gave me the Tomcat examples page. Examples worked, so I shut down.


      ./shutdown.sh


17) Added tomcat.conf to httpd.conf by adding a line:
      cd /usr/local/apache_t3.1/conf
      edit httpd.conf
    Add this line at the end:       
    Include /usr/local/apache_t3.1/sources/build/tomcat/conf/tomcat.conf


18) In /usr/local/apache_t3.1/bin
    cp apachectl apache-tomcat
    and edited apache-tomcat to have a script to start/stop tomcat/apache
    
      a) At the beginning, just after "END CONFIGURATION SECTION" I added:

         TOMCAT_HOME=/usr/local/apache_t3.1/sources/build/tomcat
         export TOMCAT_HOME
         JAVA_HOME=/usr/local/jdk1.2.2
         export JAVA_HOME
         PATH=$JAVA_HOME/bin:${PATH}
         export PATH

      b) under case startssl added 2 lines after: if $HTTPD -DSSL; then

           cd $TOMCAT_HOME/bin
          ./startup.sh
         

      c) under case stop added 2 lines after:  if kill $PID ; then

           cd $TOMCAT_HOME/bin
          ./shutdown.sh

      d) changed apache-tomcat to executable :
          chmod 755 /usr/local/apache_t3.1/bin/apache-tomcat

19) Started the apache/tomcat as:
       /usr/local/apache_t3.1/bin/apache-tomcat startssl

    and checked if http://pse.ccl.net/examples and
    https://pse.ccl.net/examples worked. They did, so I killed the
    server with:
	 /usr/local/apache_t3.1/bin/apache-tomcat stop



22) After tomcat/apache is installed, the default configuration of
    mod_jserv.c and mod_rewrite_c is wrong, since mod_jserv follows
    mod_rewrite (for details look up: 
        http://www.magiccookie.com/computers/apache-jserv/
    To fix it I put mod_serv before mod_rewrite in 

       LoadModule jserv_module libexec/mod_jserv.so
       LoadModule rewrite_module     libexec/mod_rewrite.so

    and

      AddModule mod_jserv.c
      AddModule mod_rewrite.c

    and commented out the line
       # LoadModule jserv_module libexec/mod_jserv.so
    in /usr/local/apache_t3.1/sources/build/tomcat/conf/tomcat.conf

23) Adding other tomcat "web applications" beside "examples"
    so they can also be access via Apache Web server.
    /usr/local/apache_t3.1/sources/build/tomcat/webapps/ROOT
    /usr/local/apache_t3.1/sources/build/tomcat/webapps/test
    /usr/local/apache_t3.1/sources/build/tomcat/webapps/admin
    Note, I also provide for the Basic Authentication in both
    http and https. If you want to be picky, you need to disable
    the Basic Authentication on the http port since it is profoundly unsafe.
    To mount the original Tomcat directories I added following lines to:
     /usr/local/apache_t3.1/sources/build/tomcat/conf/tomcat.conf 

       ApJServMount /docs /root
       
       <Location /docs>
       AuthType Basic
       AuthName "For internal users only"
       AuthUserFile /usr/local/apache/auth/avspass
       AuthGroupFile /usr/local/apache/auth/avspeople
       AuthType Basic
       
       <Limit GET POST>
       require group avs
       </Limit>
       </Location>
       
       
       ApJServMount /test /root
       
       <Location /test>
       AuthType Basic
       AuthName "For internal users only"
       AuthUserFile /usr/local/apache/auth/avspass
       AuthGroupFile /usr/local/apache/auth/avspeople
       AuthType Basic
       
       <Limit GET POST>
       require group avs
       </Limit>
       </Location>
       
       ApJServMount /admin /root
       
       <Location /admin>
       AuthType Basic
       AuthName "For internal users only"
       AuthUserFile /usr/local/apache/auth/avspass
       AuthGroupFile /usr/local/apache/auth/avspeople
       AuthType Basic
       
       <Limit GET POST>
       require group avs
       </Limit>
       </Location>
       
    In /usr/local/apache_t3.1/sources/build/tomcat/conf/server.xml added:

       <Context path="/docs" docBase="webapps/ROOT" debug="0" reloadable="true" >
       </Context>

       <Context path="/admin" docBase="webapps/admin" debug="0" reloadable="true" >
       </Context>

    (note, I left the entry:
      <Context path="" docBase="webapps/ROOT" debug="0" reloadable="true" >
      </Context>

     unchanged, since it corresponds to a TOP directory of Tomcat).

    Unfortunately, this messed up the links in the original tomcat examples
    when viewed via Apache port (9080). It is because in Tomcat the URL
    to top directory / corresponds to real directory:
      /usr/local/apache_t3.1/sources/build/tomcat/webapps
    while in Apache it corresponds to a real directory
      /usr/local/apache_t3.1/htdocs
    Moreover, the /docs in apache corresponds to / in tomcat.

    I cleaned it up by adding following contexts
       ApJServMount /docs/examples /root
       ApJServMount /docs/test /root
       ApJServMount /docs/admin /root
    to /usr/local/apache_t3.1/sources/build/tomcat/conf/tomcat.conf
    and adding them to
      /usr/local/apache_t3.1/sources/build/tomcat/conf/server.xml
    as:

      <Context path="/docs/examples" docBase="webapps/examples" debug="0" reloadable="true" >
      </Context>
      <Context path="/docs/admin" docBase="webapps/admin" debug="0" reloadable="true" >
      </Context>
      <Context path="/docs/test" docBase="webapps/test" debug="0" reloadable="true" >
      </Context>



24) To deal with docs/examples --> /examples problem I also tried to use
    rewrite modules of apache. I have put the following lines into
       /usr/local/apache_t3.1/sources/build/tomcat/conf/tomcat.conf

    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteRule ^/docs/examples /examples [R]
    RewriteRule ^/docs/test /test [R]
    RewriteRule ^/docs/admin /admin [R]
    RewriteRule ^/tomcat.gif /docs/tomcat.gif [R]
    </IfModule>

    Worked perfectly!!! Note, if you do not put mod_jserv before mod_rewrite
    in module activation section of httpd.conf, the stuff will not work!!!

25) But this was about original Tomcat examples and stuff, which I did not
    want to move, so I have something to relate to. For production you 
    need to put your web applications under the Web Document Tree of Apache,
    i.e., the directory which is given on the line:
       DocumentRoot "/some/directory/on/your/machine"
    in the httpd.conf file for your server (or virtual server).
    To do this, I created a skeleton of the web application called AVS
    and mounted it as AVS under Apache DocumentRoot. My $APACHE_HOME
    is  /usr/local/apache_t3.1. I created directory ASV under it:
        cd /usr/local/apache_t3.1/htdocs
        mkdir AVS
        cd AVS
        mkdir WEB-INF
        mkdir WEB-INF/classes
        mkdir WEB-INF/classes/WorkshopRequest
        mkdir WEB-INF/classes/oscViz
    In the top directory of my web application, i.e.,
         /usr/local/apache_t3.1/htdocs/AVS
    I placed all the images, *.jsp, *.css, and *.html files. This was
    a small web application, and I did not have to get elaborate 
    directory structure. In the WEB-INF/classes
     I placed JavaBeans needed by the JSP pages.
     I then added the following to the
     /usr/local/apache_t3.1/sources/build/tomcat/conf/tomcat.conf file:

        ApJServMount /AVS /root
        <Location /AVS>
        AuthType Basic
        AuthName "For internal users only"
        AuthUserFile /usr/local/apache/auth/avspass
        AuthGroupFile /usr/local/apache/auth/avspeople
        AuthType Basic

        <Limit GET POST>
        require group avs
        </Limit>
        </Location>
    
    This tells Apache that the requests to directory:
        /usr/local/apache_t3.1/htdocs/AVS
    (i.e., URLs location http://pse.ccl.net:9080/AVS) should be
    redirected to Tomcat for processing, and that Basic Authentication
    needs be done for group defined in /usr/local/apache/auth/avspeople
    whose id/password pairs are stored in /usr/local/apache/auth/avspass.
    The Authentication Realm is "For internal users only".

    I also needed to tell Tomcat that we have a new Web application.
    I edited file:
      /usr/local/apache_t3.1/sources/build/tomcat/conf/server.xml
    and added there a piece like this:
      <Context path="/AVS"
       docBase=" /usr/local/apache_t3.1/htdocs/AVS" debug="0"
       reloadable="true" >
      </Context>

    I also had to provide the web application init file. 
    My /usr/local/apache_t3.1/htdocs/AVS/WEB-INF/web.xml was very simple:
-------------- cut here -----------
<?xml version="1.0" encoding="ISO-8859-1"?>

<!DOCTYPE web-app
     PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.2//EN"
    "http://java.sun.com/j2ee/dtds/web-app_2.2.dtd">

<web-app>
</web-app>
-------------- cut here -----------

   i.e.,  take defaults.

   I restarted the Apache as:
   
	 /usr/local/apache_t3.1/bin/apache-tomcat stop
	 /usr/local/apache_t3.1/bin/apache-tomcat startssl

   and I was extremely happy when I was clicking on the button
   for the form: 
      http://pse.ccl.net:9080/AVS/workshop_request.html
and
      https://pse.ccl.net:9443/AVS/workshop_request.html

   Sorry that you will not see it, since it is password protected.
   But if you read carefully, you can see this test page which does
   nothing, by using another port, and you will not be asked for password.






Modified: Sun Sep 24 01:32:52 2000 GMT
Page accessed 7965 times since Fri Jan 31 04:35:22 2003 GMT