September 12, 2005

Apache2 + SSL + PHP5

據說 Apache 2.0 的效能較好, 一些常用的 Module, 已經內含, 很方便.
準備檔案
wget http://ftp.cis.nctu.edu.tw/data/UNIX/apache/httpd/httpd-2.0.54.tar.gz
wget http://tw.php.net/get/php-5.0.5.tar.bz2/from/tw.php.net/mirror
安裝
tar zxf httpd-2.0.54.tar.gz
tar jxf php-5.0.5.tar.bz2
cd httpd-2.0.54 (Apache2)
./configure --prefix=/usr/local/apache --sysconfdir=/usr/local/apache/conf \
     --enable-module=so \
     --enable-ssl --enable-rewrite --enable-proxy
make
make install
cd ../php-5.0.5 (PHP5)
./configure --with-mysql --with-apxs2=/usr/local/apache/bin/apxs \
     --enable-module=so --with-config-file-path=/usr/local/etc \
     --libexecdir=/usr/local/apache/libexec --with-iconv \
     --with-gd --with-zlib --with-jpeg-dir
make
cp .libs/libphp5.so /usr/local/apache/modules (把 PHP5 modules copy 到 Apache modules 目錄下)
SSL
參考 How can I create and use my own Certificate Authority (CA)?
cd /usr/local/apache/conf
openssl genrsa -out server.key
(若要 Apache 啟動時不需密碼, 就不要加 -des3, 若有加 -des3 後, 最後要調整為不要密碼, 可參考 How to remove a pass phrase?)
openssl req -new -key server.key -out server.csr
openssl genrsa -out ca.key
openssl req -new -x509 -days 3650 -key ca.key -out ca.crt
./sign.sh server.csr (sign.sh 在 modssl tar ball 內 pkg.contrib 目錄可以找到)
chmod 400 server.*
mv server.crt ssl.crt
mv server.key ssl.key
若覺得上述步驟太麻煩, 也可以這樣來產生自簽 Key
openssl req -new -x509 -nodes -out ssl.crt/server.crt -keyout ssl.key/server.key -days 3650
設定 httpd.conf
LoadModule php5_module modules/libphp5.so
DirectoryIndex index.html index.htm index.php (在 DirectoryIndex 該行後加上 index.php)
AddType application/x-httpd-php .php
AddType application/x-httpd-php-source .phps
啟動 /usr/local/apache/bin/apachectl startssl

Posted by pank at September 12, 2005 11:55 AM
Comments
Post a comment













Remember personal info?