Installing Apache under RHEL 6.1, September 2012.

See also Installing Apache under Solaris below.

Backup and update

Back up the system, see http://ptolemy.eecs.berkeley.edu/~cxh/sa/dumps .html

Update the system: yum update.

Reboot.

Install Apache, MySQL and PhP for RHEL

webuser UID

Note that we run as webuser instead of as user apache. See FAQ/ Web/ Creating An EECS Homepage.

See What do I change after changing the uid or gid?

This means that httpd.conf should have

User webuser
Group webuser

Resources:

yum install httpd httpd-devel
/etc/init.d/httpd start

Install MySQL

See Install MySQL

Install PhP

yum install php php-mysql php-common php-gd php-mbstring php-mcrypt php-devel php-xml
/etc/init.d/httpd restart

Some of these packages (php-mycrypt, php-devel, php-xml) were not available for me.

See Upgrading PhPMySQL.

Probably obsolete below here

Installing Apache under Solaris

These are cxh's notes about upgrading in 5/07 and 10/07, based on allenh's notes about upgrading apache to 1.3.26, and PHP to 4.2.1 in June, 2002,
revised for the upgrade to Apache 2.0.54 and PHP 4.3.11 in June, 2005
revised for the upgrade to Apache 2.2.6 and PHP 5.2.4 in September, 2007
John Reekie's original installation notes from 1999 are below.

Apache, openssl, PHP on carson

Do the following on carson, since it involves having the website down for a while. Instructions for copying the results to andrews, with a minimum of website downtime, are below.

Note that Solaris 10 usually has OpenSSL installed in /usr/sfw. We install our own version so that we can better manage it. This might be a mistake.

We use shared so that we can create shared libraries for use by other packages. Download the most recent version from http://www.openssl.org.

Note: do not run openssl's config as root. If you do, then /dev/null will be removed.

% cd /home/tools/openssl-1.0.0e
% ./config \
    --prefix=/usr/local/openssl-1.0.0e  \
    --openssldir=/usr/local/openssl-1.0.0e \
    -fPIC shared
% gmake >& make.out &
% tail -f make.out
^C
% make test
(As root):
$ gmake install >& install.out &
$ tail -f install.out
^C

$ cd /usr/local
$ rm ssl
$ ln -s openssl-1.0.0e ssl

Note: make sure that the Amanda backup system still works

ldd /usr/local/amanda/libexec/amanda/amandad

should find libssl.so. If it does not work, then make links.

root@andrews:/usr/local# ldd /usr/local/amanda/libexec/amanda/amandad
...
        libssl.so.0.9.8 =>       (file not found)
        libcrypto.so.0.9.8 =>    (file not found)
...
root@andrews:/usr/local# cd /usr/local/lib
root@andrews:/usr/local/lib# ls -l libssl*
-rwxr-xr-x   1 root      1330380 Aug 16  2007 libssl.so.0.9.7
lrwxrwxrwx   1 root           26 Jun 22  2009 libssl.so.0.9.8 -> ../ssl/lib/libssl.so.0.9.8
root@andrews:/usr/local/lib# rm libssl.so.0.9.8
root@andrews:/usr/local/lib# ln -s ../openssl-0.9.8i/lib/libssl.so.0.9.8 .
root@andrews:/usr/local/lib# ls -l libcrypto*
-rwxr-xr-x   1 root      1441912 Aug 16  2007 libcrypto.so.0.9.7
lrwxrwxrwx   1 root           29 Jun 22  2009 libcrypto.so.0.9.8 -> ../ssl/lib/libcrypto.so.0.9.8
root@andrews:/usr/local/lib# rm libcrypto.so.0.9.8 
root@andrews:/usr/local/lib# ln -s ../openssl-0.9.8i/lib/libcrypto.so.0.9.8 .
root@andrews:/usr/local/lib# ldd /usr/local/amanda/libexec/amanda/amandad

Install cronolog

Cronolog is used to rotate the logs

cd /home/tools/cronolog-1.6.2
./configure
make
make install

Install apache

% cd /home/tools/httpd-2.2.20
% ./configure \
  --prefix=/usr/local/apache-2.2.20 \
  --datadir=/home/www \
  --enable-so \
  --enable-ssl \
  --enable-rewrite \
  --with-ssl=/usr/local/ssl \
  --disable-ipv6 \
  --with-included-apr

We use --disable-ipv6 to avoid Network is unreachable: connect to listener in the error_log file.
We use --with-included-apr to avoid
checking for APR-util... yes
configure: error: Cannot use an exte
al APR-util with the bundled APR
See http://issues.apache.org/bugzilla/show_bug.cgi?id=42089

% gmake >& make.out &
% tail -f make.out
^C

Problem: BIO_set_callback

Undefined                       first referenced
 symbol                             in file
BIO_set_callback                    .libs/ab.o
BIO_set_callback_arg                .libs/ab.o
BIO_get_callback_arg                .libs/ab.o
SSL_CTX_set_info_callback           .libs/ab.o

Fix: Make sure that /usr/local/openssl points to the recently installed version of OpenSSL.

Problem: find_if_index

Undefined                       first referenced
 symbol                             in file
find_if_index                       /export/home/tools/httpd-2.2.4/srclib/apr/.libs/libapr-1.so

http://issues.apache.org/bugzilla/show_bug.cgi?id=39199 Patch srclib/apr/network_io/unix/multicast.c according to http://svn.apache.org/viewvc/apr/apr/trunk/network_io/unix/multicast.c?r1=493802&r2=493801&pathrev=493802 and rerun make

ap_bucket_type_error missing

Undefined                       first referenced
 symbol                             in file
ap_bucket_type_error                modules/http/.libs/libmod_http.a(http_filters.o)
ap_register_provider                modules/aaa/.libs/libmod_authn_file.a(mod_authn_file.o)
ap_bucket_error_create              modules/http/.libs/libmod_http.a(http_filters.o)
ap_lookup_provider                  modules/aaa/.libs/libmod_auth_basic.a(mod_auth_basic.o)

I'm not sure about this one. I ended up copying the command that failed into a separate file and adding -Lserver/.libs -lmain. Or, edit build/config_vars.mk and add -Lserver/.libs -lmain to the AP_LIBS line that has -lsocket.

problems with ln

While building or installing, I got this:

  (cd /usr/local/apache-2.2.6/lib && { ln -s -f libaprutil-1.so.0.2.
  11 libaprutil-1.so || { rm -f libaprutil-1.so && ln -s libaprutil-
  1.so.0.2.11 libaprutil-1.so; }; })
  Usage: ln [-f] [-s] f1
       ln [-f] [-s] f1 f2
       ln [-f] [-s] f1 ... fn d1

so, under bash as root, I did

export PATH=/usr/bin:${PATH}

so that I get the write version of ln

libpopt.so.0: open failed

Also, I got this:

  Installing man pages and online manual                                    
  ld.so.1: rsync: fatal: libpopt.so.0: open failed: No such file or         
  directory

so I did this

export LD_LIBRARY_PATH=/usr/local/lib

$ make install >& install.out &
$ tail -f install.out
^C

If this is not an upgrade installation, as root, make a new certificate See How do I self-sign a certficate? or copy the old certificates (and configuration files).

If apache is being upgraded, run:

$ cd /usr/local/apache-2.2.20/conf
$ (cd ../../apache/conf; tar -cf - *.crt *.key) | tar -xpf -
$ cp ../../apache/conf/tomcat-mod_jk.conf .
$ cp ../../apache/conf/rewrite.conf .
$ cp /usr/local/apache/modules/mod_jk.so ../modules/
$ cd /usr/local

Note: We do not change the /usr/local/apache link until we are ready to build MySQL or PhP. The MySQL and PhP configuration should be done with the version of apache in place that will be used at run time.

Now configure httpd.conf, according to http://www.php.net/manual/en/install.apache.php, and the existing httpd.conf settings.

One way is to use diff between the old and the new:

diff ../../apache-2.2.17/conf/httpd.conf .

Another way is to make changes.

Changes made from the default:
    - LoadModule php4_module modules/libphp4.so
    No Longer Neccessary:
         - ExtendedStatus:		uncommented, "On"
         - Port:			8080 -> 80
    - User, Group:		daemon -> apache, for both
    - ServerAdmin:		you@example.com -> root@andrews.eecs.berkeley.edu
    No Longer Necessary:
         - Change "Listen" args from 8080 and 8443 to 80 and 443, respectively, in
	    "<IfDefine SSL>" section.
         - UseCanonicalName:		Off -> On
         - ServerName:
		comment out, move to <VirtualHost -> contexts
    - DocumentRoot:		comment out, move to <VirtualHost> contexts
    - First <Directory> section /home/www/htdocs -> home/www/gsrcwww
    - Duplicate <Directory> section for
	- /home/www/chesswww,
	- /home/www/embeddedwww,
	- /home/www/php,
	- /home/www/bugzilla.
	Check the options against the previous-version http.conf.
    - Add "index.jsp and index.shtml arguments to "DirectoryIndex index.html" line:
          DirectoryIndex index.html index.jsp index.shtml
    - Exclude CVS directories
      >DirectoryMatch /CVS/<
          Order Deny,Allow
          Deny from All
      >/DirectoryMatch<

    - ErrorLog:			Use cronolog, see prev. file
    - No longer necessary:
           - Comment out "/manual" alias and its <Directory> section
    - Comment out "ScriptAlias /cgi-bin/", move to <VirtualHosts> contexts
    - No longer necessar, we have no kiosk:
           - Add kiosk <Directory> section after '<Directory "/home/www/cgi-bin">'
    - Add 'Include "/usr/local/apache/conf/rewrite.conf"'.
    - Add "AddType" lines for .php, .php3, .phps, JNLP, .jnlp
	(to match previous ver)
    - Un-comment "AddHandler cgi-script .cgi"
    - On markov, add NameVirtualHost lines, with SSL port numbers.
    - Add a <VirtualHost> context for each virtual host: gigascale, chess, e3s-center, embedded and trust:
	<VirtualHost <IP_address>:80>
	    ServerName: <website_name>
	    DocumentRoot /home/www/[gsrc|chess|embedded]www

	    TransferLog "|/usr/local/cronolog/sbin/cronolog -l /usr/local/apache/logs/access_log_<name> /usr/local/apache/logs/%Y/%m/%d/access_log_<name>"
	    CustomLog    "|/usr/local/cronolog/sbin/cronolog -l /usr/local/apache/logs/agent_log /usr/local/apache/logs/%Y/%m/%d/agent_log" agent

	    Alias /pipermail/ "<mailman_home>/archives/public/"
	    ScriptAlias /cgi-bin/ "/home/www/<name>www/cgi-bin/"
	    ScriptAlias /mailman/ "<mailman_home>/cgi-bin/"

	    # This can't just be included once at the top.  It must be in each
	    # <VirtualHost> context:
	    Include "/usr/local/apache/conf/rewrite.conf"
	</VirtualHost>

Make the following changes to /usr/local/apache/conf/extra/httpd-ssl.conf
One was is to use diff:

diff /usr/local/apache-2.2.17/conf/extra/httpd-ssl.conf /usr/local/apache-2.2.20/conf/extra/httpd-ssl.conf

The otherway is to just edit the file. This file used to be /usr/local/apache/ssl.conf

    - On carson, add "Listen" lines for ports 4430 and 4431 for the testbed virtual hosts.
    - Add a <VirtualHost> section for each virtual host:
	<VirtualHost <IP_address>:<port>>
	    ServerName <website_name>
	    DocumentRoot /home/www/[gsrc|chess|embedded]www

	    TransferLog "|/usr/local/cronolog/sbin/cronolog -l /usr/local/apache/logs/access_log_<name> /usr/local/apache/logs/%Y/%m/%d/access_log_<name>"
	    CustomLog    "|/usr/local/cronolog/sbin/cronolog -l /usr/local/apache/logs/agent_log /usr/local/apache/logs/%Y/%m/%d/agent_log" agent

	    SSLEngine on

	    SSLCertificateFile    /usr/local/apache-2.0.54/conf/<name>-crt/server.crt
	    SSLCertificateKeyFile /usr/local/apache-2.0.54/conf/<name>-crt/server.key

	    <Files ~ ".(cgi|shtml|phtml|php3?)$">
		SSLOptions +StdEnvVars
	    </Files>
	    <Directory "/home/www/<name>www/cgi-bin">
		SSLOptions +StdEnvVars
	    </Directory>

	    SetEnvIf User-Agent ".*MSIE.*" 
		     nokeepalive ssl-unclean-shutdown 
		     downgrade-1.0 force-response-1.0

	    CustomLog logs/ssl_request_log 
		      "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x "%r" %b"

	    Include "/usr/local/apache/conf/rewrite.conf"

	</VirtualHost>

The easiest way to see what changes are necessary is to do a diff between the old httpd.conf and the new one. Pay particular attention to includes for the vhosts and ssl files, usually extras/http-vhosts.conf and extras/httpd-ssl.conf.

The vhosts and ssl files will also need to be updated.

You will also need to update rewrite.conf and files in /usr/local/apache/modules and /usr/local/apache/libexec.

Also, edit /usr/local/extras/httpd-mpm.conf and change MaxRequestPerChild from 0 to 10000. For details, see Server Crash: Not enough space: fork: Unable to fork new process

Install MySQL

PHP requires that MySQL is installed first Install MySQL

Install PHP

See also PHP Upgrade, which duplicates the instructions below. However, you are better off using these instructions.

Download and unpack the 5.3.3 release from http://www.php.net.

% cd /home/tools/php-5.3.3

(INSTALL file here directs user to more up-to-date documentation at http://www.php.net/manual/en/install.apache.php. Proceeding according to that document.)

gawk must be in your path before /bin/awk. Try which awk; awk --version. You should get GNU awk:
```
bash-3.00$ which awk
/usr/local/bin/awk
bash-3.00$ awk --version
GNU Awk 3.1.4
Copyright (C) 1989, 1991-2003 Free Software Foundation.
```
If you don't use gawk, then make test will fail with segfaults, see http://bugs.php.net/bug.php?id=32850.
- /bin must come before /usr/ucb on PATH, due to a bug in /usr/ucb/tr.
- /usr/sfw/bin must be before /usr/local/bin because gmake tests will fail with a segfault if PHP is compiled with gcc-4.1.1. Instead, we use /usr/sfw/bin/gcc, which is gcc-3.4.3

Back up /usr/local/lib/php:

cp -r /usr/local/lib/php /usr/local/lib/php.old

Check that libxml2, gdbm, iconv and zlib are up to date.
1. Go to http://www.sunfreeware.com and check for the latest versions.
2. See what was downloaded into /home/tools/downloads
3. If any tools need updating, run:
```
        pkginfo | grep pkgName
        pkgrm SMCpkgName
        pkgadd -d downloadedAndUnzippedFile
        
```

Before running ./configure, make sure that /usr/local/apache points to the updated version of apache

% export PATH=/usr/sfw/bin:/usr/local/bin:/usr/bin:/bin:${PATH}
% export CFLAGS='-O2 -I/usr/local/ssl/include'
% ./configure 
	--with-mysql=/usr/local/mysql 
	--with-gdbm=/usr/local 
	--with-ndbm 
        --with-mysqli=/opt/mysql/mysql/bin/mysql_config  
	--with-apxs2=/usr/local/apache/bin/apxs

Note: We used to include --with-dba --enable-memory-limit, but as of php-5.4.2, these were not necessary

Note: You may need to install libxml2. If configure above fails with:

Configuring extensions
checking whether to enable LIBXML support... yes
checking libxml2 install dir... no
checking for xml2-config path... /usr/bin/xml2-config
configure: error: libxml2 version 2.6.11 or greater required.

Download libxml2 from http://www.sunfreeware.com

wget ftp://ftp.sunfreeware.com/pub/freeware/sparc/10/libxml2-2.6.26-sol10-sparc-local.gz
gunzip libxml2-2.6.26-sol10-sparc-local.gz
pkgadd -d libxml2-2.6.26-sol10-sparc-local

Note: You may need to run pkgrm SUNWxml2 before running pkgadd.
and then rerun configure.

libxml2 requires iconv, which was also obtained from http://www.sunfreeware.com.

Note: You may need to install gdbm. If configure above fails with

 
configure: error: DBA: Could not find necessary header file(s).

then download gdbm from http://www.sunfreeware.com. I installed gdbm-1.8.3

gunzip gdbm-1.8.3-sol10-sparc-local.gz 
pkgadd -d gdbm-1.8.3-sol10-sparc-local

Continuing with the php build:


% gmake > make.out &
% tail -f make.out
^C

Then run the tests:

gmake test

Problems with php failing tests.

If you get a segfault while running the php tests, see http://bugs.php.net/bug.php?id=39418

(gdb) where
#0  _zval_ptr_dtor (zval_ptr=0x3c9540)
    at /export/home1/root/tools/tmp/php-5.2.4/Zend/zend_execute_AP
I.c:412
#1  0x0027fc9c in zend_do_fcall_common_helper_SPEC (
    execute_data=0xffbfbae4) at zend_execute.h:155
#2  0x0027012c in execute (op_array=0xffbff2e8)
    at zend_vm_execute.h:92
#3  0x0024ff5c in zend_execute_scripts (type=-2115502080, retval=V
ariable "retval" is not available.

) at /export/home1/root/tools/tmp/php-5.2.4/Zend/zend.c:1134
#4  0x0020a7b0 in php_execute_script (primary_file=0x81e80000)
    at /export/home1/root/tools/tmp/php-5.2.4/main/main.c:1982
#5  0x002da424 in main (argc=-2115502080, argv=0x91d0203a)
    at /export/home1/root/tools/tmp/php-5.2.4/sapi/cli/php_cli.c:1
140

The solution is to use gcc-3.4.3 by having /usr/sfw/bin in your path before /usr/local/bin.

Another problem while running the tests is:

ERROR: Cannot open file '/export/home1/root/tools/php-5.2.8/ext/standard/tests/file/copy_variation4.clean.php' (save_text)

That file is in the php tar file, but seems to get removed? I ended up doing the install anyway . . .

Doing the PHP Install

As root: Make sure /bin comes before /usr/ucb on PATH.

$ make install >& install.out &
$ tail -f install.out
^C

This should add the following line to /usr/local/apache/conf/httpd.conf:
LoadModule php4_module modules/libphp4.so
If not, add it.

Rename /usr/local/lib/php.ini to php.ini- (or whatever).

$ diff php.ini-production /usr/local/lib/php.ini

Update /usr/local/lib/php.ini as necessary. It is usually best to copy:


root@carson:/export/home/tools/php-5.3.3# diff php.ini-production /usr/local/lib/php.ini
334c334,336
< allow_call_time_pass_reference = Off
---
> ; cxh
> ;allow_call_time_pass_reference = Off
> allow_call_time_pass_reference = On
378a381,383
> ;cxh: set open_basedir http://phpsec.org/projects/phpsecinfo/tests/open_basedi
r.html
> ;cxh: /home/bldmastr is needed for ptexternal/nightly/doccheck
> ;open_basedir = "/home/apache:/home/www:/home/bldmastr:/home1/bldmastr:/export
/home/bldmastr:/export/home1/bldmastr:/tmp:/home/mailman_1:/home/mailman_2:/home
/mailman_3:/home/mailman_4"
430a436,437
> ; cxh: Turn expose_php off, see http://phpsec.org/projects/phpsecinfo/tests/ex
pose_php.html
> ;expose_php = Off
514c521,523
< error_reporting = E_ALL & ~E_DEPRECATED
---
> ; cxh: notices were filling things up
> ;error_reporting = E_ALL & ~E_DEPRECATED
> error_reporting = E_ALL & ~E_NOTICE | E_STRICT
635a645
> ; cxh: log in a non-temporary directory
636a647
> error_log = /export/home1/tmp/php.err
744c755,757
< magic_quotes_gpc = Off
---
> ; cxh: needed for phyMyAdmin: http://carson.eecs.berkeley.edu/mysql
> ;magic_quotes_gpc = Off
> magic_quotes_gpc = On
783a797
> ;cxh: include our website
784a799
> include_path = "/home/www/php:."
875a891,892
> ; cxh: ; Set upload_tmp_dir to a safe location http://phpsec.org/projects/phps
ecinfo/tests/upload_tmp_dir.html
> upload_tmp_dir = /home/www/tmp
879c896,897
< upload_max_filesize = 2M
---
> ; cxh increase to 20Mb
> upload_max_filesize = 20M
889a908,909
> ; Leave this enabled so that the mailman interface works.  If you dont,
> ; then people will not be added to the lists (cxh, 1/09)
1476a1497
> ; cxh: http://phpsec.org/projects/phpsecinfo/tests/save_path.html
1477a1499
> session.save_path = "/home/www/tmp"
1478a1501
>

Before 9/07, we used to change the "register_globals" parameter should be set to "On" for our PHP code to continue to work, until we modify it to use the global $_POST array for form data, instead of assuming the form variables are accessable as globals.
Set the log file
```
error_log = /export/home1/tmp/php.err
```

Thinks to check:

Go to Options -> View PHP Info
http://chesstst.eecs.berkeley.edu/options/power/phpinfo
http://chess.eecs.berkeley.edu/options/power/phpinfo and make sure that PHP has been updated. If it has not been updated, then check /etc/init.d/apachectl and make sure that newly updated version of Apache is being run.

PhpSecInfo

Java

The calendar and workshop pages use JSP, so we need java.

Download the latest Apache-2-compatible version of mod_jk.so. I got mine from http://apache.mirrors.pair.com/jakarta/tomcat-connectors/jk/binaries/solaris/jk-1.2.6/jakarta-tomcat-connectors-jk-1.2.6-solaris8-sparc-apache-2.0.43_native.so See also http://jakarta.apache.org/site/downloads/downloads_tomcat-connectors.cgi Install it as mod_jk.so in /usr/local/apache-2.0.54/libexec.

The next step is to Set up Java

Setting up start up scripts and starting up

Copy the server start up script into /etc so that it the server is started up each time
```
cp /usr/local/apache/bin/apachectl /etc/init.d
cd /etc/rc3.d
ln -s ../init.d/apachectl S50apachectl
```
We used to edit /etc/init.d/apachectl so that we run startssl in the default, but this is no longer necessary. For details, see When I click on login, I get a server not responding message.
Start the server.
```
    /etc/init.d/apachectl start
```
If it doesn't start, take a look in /usr/local/apache/logs.

Test the website on markov.

Apache, PHP, openssl on gigascale

Copy /usr/local/apache-2.0.54 from markov to gigascale:

% ssh gigascale -l root
$ cd /usr/local
$ ssh markov 'cd /usr/local; tar cf - apache-2.0.54' | tar xvpf -
$ cd /usr/local/apche-2.0.54/conf
$ cp -p ../../apache-1.3.26/conf/tomcat-apache.conf .
$ mv ssl.csr ssl.csr-
$ mv ssl.crt ssl.crt-
$ mv ssl.crl ssl.crl-
$ mv ssl.prm ssl.prm-
$ mv ssl.key ssl.key-
$ cp -rp ../../apache-1.3.26/conf/ssl.* .
Edit /usr/local/apache-2.0.54/conf/http.conf:
    - change markov-specific stuff to gigascale.
    - comment out "Include /usr/local/tomcat/conf/auto/mod_jk.conf"
    - insert, instead, "Include "/usr/local/apache/conf/tomcat-apache.conf"

$ ssh markov 'cd /usr/local; tar cf - openssl-0.9.7g' | tar xvpf -

$ cd /usr/local/lib
$ ssh markov 'cd /usr/local/lib; tar cf - php' | tar xvpf -
$ scp markov:/usr/local/lib/php.ini .

$ cd /usr/local/bin
$ ssh markov 'cd /usr/local/bin; tar cf - php*' | tar xvpf -

Prepare to make the switch on gigascale:

On markov, commit the dbm-related changes to /home/www /home/www/php/include/sql.inc.php3, /home/www/php/include/user.inc.php3, and /home/www/php/subpages/options.power.password.php3.

On gigascale, copy these three files aside before cvs-updating them, or else be prepared to restore them from CVS if the upgrade has to be backed off.

Bring down the website for the switchover:

$ /etc/init.d/gsrc stop
$ cd /usr/local
$ rm apache
$ ln -s apache-2.0.54 apache
$ mv ssl ssl.old  # (This was not a symbolic link, as is now the convention)
$ ln -s openssl-0.9.7g ssl
$ su - www
% cd /home/www/php/include
% cvs update sql.inc.php3 user.inc.php3
% cd ../subpages
% cvs update options.power.password.php3
% exit
$ /etc/init.d/gsrc start

OBSOLETE BELOW HERE -- for historical reference only!
The following is John Reekie's original notes from August, 1999.

First take the eyes of three newts, and the livers of... oh, no wait, wrong story.

First take the tar files of three kick-arse open-source software packages and the livers of two system administrators. Boil a big pot of water and season to taste. Fold in tar files, chopped system adminstrator liver, and serve ga ished with RISC instructions and users on the side.

Installing Apache is a little complicated, as there are quite a number of additional modules that need to be added to it. These instructions are based in part on Ralf EngelSchall's instructions for installing Apache and mod_ssl. The following instructions assume you can be root and basically know what you are doing :-)

Preparation

If the webserver is currently running, connect to it and see when it was built and what modules were installed: http://embedded.eecs.berkeley.edu/server-status?refresh=5

(Hint: If you are offsite, then use lynx to display the server settings.)

As of 3/25/01:

openssl-0.9.6
apache_1.3.19
mod_ssl-2.8.1-1.3.19
php-3.0.18

As of 9/15/00:

Apache/1.3.12 (Unix) PHP/3.0.16 mod_ssl/2.6.6 OpenSSL/0.9.5a

Then, download the latest versions of the following into /home/tools/downloads:

Apache (http://www.apache.org)
OpenSSL (http://www.openssl.org)
mod_ssl (http://www.engelschall.com/sw/mod_ssl)
PHP (http://php.net)

Unpack all of them and move them to the tools directory:
```
    zcat downloads/package.tar.gz | tar -xf
```
Install OpenSSL
1. Build it:
```
    cd /export/home/tools/openssl-xxx
    ./config

    make >& make.out &
    tail -f make.out
    make test
```
2. Install it:
```
    umask 002
    make install
```
  OpenSSL is now installed in /usr/local/ssl.
Patch mod_ssl into apache
```
    cd /export/home/tools/mod_ssl-xxx
    ./configure 
          --with-apache=/export/home/tools/apache_1.3.19
```
Build PHP and patch it into apache
1. Pre-configure Apache. Installing additional modules requires this.
```
    cd ../apache_1.3.19
    ./configure --prefix=/usr/local/apache
```
2. Install MySQL
3. Configure PHP. Note that the MySQL directory is the installation directory, whereas the apache directory is the source directory (PHP will be patched into the Apache source tree).
```
    cd ../php-xxx
    sh	
    CFLAGS='-O2 -I/usr/local/ssl/include' 
    ./configure 
          --with-apache=/export/home/tools/apache_1.3.19 
          --with-mysql=/usr/local/mysql 
          --enable-memory-limit=yes 
          --enable-debug=no
    exit	
```
4. We use the syslog LOG_LOCAL4 facility to log php messages, so you will need to make the following changes:
  1. Edit /export/home/tools/php-xxx/main.c and change:
```
#if HAVE_SYSLOG_H
   if (!strcmp(php3_ini.error_log, "syslog")) 
           syslog(LOG_NOTICE,log_message);
                  retu
;
```
    to
```
#if HAVE_SYSLOG_H
   if (!strcmp(php3_ini.error_log, "syslog")) 
           syslog(LOG_NOTICE|LOG_LOCAL4,log_message);
                  retu
;
```
  2. Edit /etc/syslog.conf and add the line
```
local4.notice       /var/log/php.log
```
    Note that the two columns are separated by a tab
  3. Create the file /var/log/php.log
```
touch /var/log/php.log
```
  4. Restart the syslog daemon.
  5. After you install, edit /usr/local/lib/php3.ini and set
```
error_log       =       syslog
```
  6. You will probably want to rotate /var/log/php.log. Look at root's crontab file and see how /var/log/syslog is rotated and then do the same for php.log.
5. Build PHP and patch it into the apache tree
```
    make 
    make install
```
To build a standalone php binary for testing purposes, you will need to reconfigure without the --with-apache directive. Locally, we have a separate source tree at /export/home/tools/php-xxx-standalone that we use to build the standalone php binary.
```
cd /export/home/tools/php-xxx-standalone
configure --with-mysql=/usr/local/mysql
make
cp php /usr/local/bin
```
Note that the website does not require the standalone php binary, but the php binary is useful for testing. I have PHP installed as a module, can I run scripts from the command line?
Build and install Apache
Finally! All of the Apache installation works better if you are root when running it.
1. Configure Apache:
```
    cd /export/home/tools/apache_1.3.19
    SSL_BASE=/usr/local/ssl 
    ./configure 
        --prefix=/usr/local/apache 
        --datadir=/home/www 
        --enable-module=proxy 
        --enable-module=rewrite 
        --enable-module=ssl 
        --activate-module=src/modules/php3/libphp3.a 
        --enable-module=php3 
	--enable-module=so
```
2. Build it.
```
    make > make.log
```
3. Make a test certificate if we don't already have a proper one.
```
    make certificate
```
  How and when do we renew the certificate? for details.
  When you encrypt the private key, use an empty password, or else you will be prompted for the password each time the httpd daemon starts up. The result from this process will be
```
RESULT: Server Certification Files

o  conf/ssl.key/server.key
   The PEM-encoded RSA private key file which you configure
   with the 'SSLCertificateKeyFile' directive (automatically done
   when you install via APACI). KEEP THIS FILE PRIVATE!

o  conf/ssl.crt/server.crt
   The PEM-encoded X.509 certificate file which you configure
   with the 'SSLCertificateFile' directive (automatically done
   when you install via APACI).

o  conf/ssl.csr/server.csr
   The PEM-encoded X.509 certificate signing request file which
   you can send to an official Certificate Authority (CA) in order
   to request a real server certificate (signed by this CA instead
   of our demonstration-only Snake Oil CA) which later can replace
   the conf/ssl.crt/server.crt file.

WA
ING: Do not use this for real-life/production systems
```
4. The /usr/local/apache/conf files are under CVS in the apache repository in the /home/cvsgigascale on gigascale. To check these files out, do
```
cd /usr/local
cvs -d :ext:gigascale.eecs.berkeley.edu:/home/cvsgigascale apache
```
  The reason that we use /home/cvsgigascale instead of /home/cvs is so that root on gigascale can write the repository.
5. Install apache
```
    cd /export/home/tools/apache*
    umask 002
    make install >& install.log &
```
  You should have directories in /usr/local/apache called conf, htdocs, icons, and cgi-bin. You should change these now to be owned by www, group webmastr, and permissions g+w and g+s.
```
chown -R www /usr/local/apache
chgrp -R webmastr /usr/local/apache
chmod -R g+w /usr/local/apache
```
6. If you are checking the Apache conf files out of CVS, then do cd /usr/local/apache/conf; cvs update
  If you are not checking the Apache conf files out of CVS, then at the minimum, you should tell Apache to use PHP. Uncomment these two lines in /usr/local/apache/conf/httpd.conf:
```
  AddType application/x-httpd-php3 .php3
  AddType application/x-httpd-php3-source .phps
```
7. Copy the server start up script into /etc so that it the server is started up each time
```
cp /usr/local/apache/bin/apachectl /etc/init.d
cd /etc/rc3.d
ln -s ../init.d/apachectl S50apachectl
```
8. Edit /etc/init.d/apachectl so that apachectl start starts the ssl version.
  Change:
```
start)
```
  To:
```
startnossl)
```
```
startssl|sslstart|start-SSL)
```
  to
```
startssl|sslstart|start-SSL|start)
```
  For details, see When I click on login, I get a server not responding message.
9. Start the server.
```
    /etc/init.d/apachectl start
```
  If it doesn't start, take a look in /usr/local/apache/logs.
Note that we used to have to disable MD5 Crypt, but we don't have to any more. See Users are having problems changing passwords, but we don't any
Edit main/php_config.h, changing
```
   #define PHP_MD5_CRYPT 1
```
to
```
  
 #define PHP_MD5_CRYPT 0
```
See Installing Mailman.