ADN Informatique

Retour
Lamp
2008-01-22 14:59:36 (ID: 46, Parent: 33, Type: page)

 LAMP - mini-howto Linux - Apache - MySql - Php/Perl and internet related technologies
1.0 - Downloading, Compiling and installing 2.0 - Basic configuration 3.0 - SSL Configuration 4.0 - Installing IMAWEB 5.0 - Other ressources  1.0 - Downloading, Compiling and installing 1.1 - Downloading the stuff You can find apache 2.x software from www.apache.org
And the php 4.x software from www.php.net

You must have OpenSSL and OpenSSH before installing apache with SSL enabled.
1.1.1 - Compiling software under Sun/Solaris9 Under Sun/Solaris9 you must also have some development package installed

you can download them from www.sunfreeware.com

autoconf-2.57-sol8-sparc-local
automake-1.7.2-sol8-sparc-local
bison-1.875-sol8-sparc-local
flex-2.5.4a-sol8-sparc-local
gcc- (deja la)
m4-1.4-sol8-sparc-local
make-3.80-sol8-sparc-local
perl-5.8.0-sol8-sparc-local
zlib-1.1.4-sol8-sparc-local

The command used to install them is:
pkgadd -d filename

Adding the good path to you environment vars so everything compile

/usr/ccs/bin doit etre dans le path pour 'ar',...
/usr/local/bin doit etre dans le path pour 'gcc','make',...
/usr/ucb doit etre dans le path pour 'ld',...
1.1.2 - Compiling png-1.2.5 library (under solaris-8) make -f scripts/makefile.solaris
make -f scripts/makefile.solaris install (comme root)

was installed under /usr/local
1.2 - Compiling and installing (Apache/Php)
Apache 2.x
First of all, we configure apache.  For our basic setup, we want to use DSO dynamic module loader and SSL (https) module that are not enabled by default.
So we use "configure --enable-so --enable-ssl  --with-ssl=/usr/local/ssl/"
and after that we simply use "make" and "make install".
Note: "make install" must be done as root, and installation was by default in /usr/local/apache2

If you're using Apache with Php compiled for Oracle, be sure to include the oracle environnement vars in the apache setup.  I've edited the /usr/local/apache2/bin/apachectl and added the following lines to insure that everything was alright to use oracle:

# |||||||||||||||||||| ADDING ORACLE PATH FOR PHP ||||||||||||||||||||||
# --------------------                            ----------------------
export ORACLE_HOME=/usr/local/oracle/OraHome1
export NLS_LANG="AMERICAN_AMERICA.WE8ISO8859P1"

Also don't forget to setup correctly your tnsnames.ora file under oracle_home/network/admin/

1.2.1 - Compiling Apache 2.0.47 (under solaris-8) configure --enable-so
make
make install (comme root)

s'installe sous /usr/local/apache2/

There is a web site dedicated to apache SSL that can also be usable.
1.2.2 - Compiling php 4.3.2 with Oracle support (under solaris-8) Could see this website.

Note: You could replace the --with-oci8 by --with-oracle if your not using oci8.  You must also validate the oracle home directory path (on my linux system, my install was under /usr/local/oracle/OraHome1).

configure   --with-apxs2=/usr/local/apache2/bin/apxs\
--with-oci8=/export/home/oracle8i/OraHome1\
--enable-pic\
--with-gettext\
--with-gd\
--with-png\
--with-zlib\
--enable-magic-quotes\
--enable-ftp\
--without-mysql\
--with-xml\
--enable-sigchild\
--with-openssl
make
make install

Install under /usr/local/

2.0 - Basic Apache configuration You can always refer to official Apache 2.x documentation at http://httpd.apache.org/docs-2.0/
2.1 - Basic Apache configuration Edit the file /usr/local/apache2/conf/httpd.conf

2.1.1 Changing the listening port

Change line
Listen 80
to
Listen 8000
2.2 - Adding support for php Add lines:
AddType application/x-httpd-php .php
AddType application/x-httpd-php .php3
AddType application/x-httpd-php .php4
AddType application/x-httpd-php .phtml

After lines:
#
# Filters allow you to process content before it is sent to the client.
#
# To parse .shtml files for server-side includes (SSI):
# (You will also need to add "Includes" to the "Options" directive.)
#
#AddType text/html .shtml
#AddOutputFilter INCLUDES .shtml
2.3 - Setting up HTTPS usage First of all, be sure that your apache server is listening on port 443 (https port).
Your httpd.conf must contain a directive like: listen 443

After that, be sure to have a valid certificate accessible by your apache deamon.
The files ssl.key and ssl.crt contain the certificate informations.  Those files generaly must be under /etc/httpd/conf or in my case under /usr/local/apache2/conf/  You can generate those files usign step in 3.1.

You must also include a section like the following in you httpd.conf
<VirtualHost 192.168.1.1:443>
DocumentRoot /var/www/html
ServerName 192.168.1.98
ServerAdmin someone@your.domain
ErrorLog /etc/httpd/logs/ssl_error_log
TransferLog /etc/httpd/logs/ssl_access_log
SSLEngine On
SSLCertificateFile /etc/httpd/conf/ssl.crt/cert.pem
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/key.pem
<Files ~ "\.(cgi|shtml|php)$">
SSLOptions +StdEnvVars
</Files>
<Directory "/var/www/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
CustomLog /etc/httpd/logs/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
3.0 - SSL Configuration 3.1 - Creating and signing SSL Certificates Excerpt from http://www.flatmtn.com/computer/Linux-SSLCertificatesApache.html
1) Create a directory

Let's call it sslcert:
mkdir sslcert

2) Create two subdirectories

Cd into the first directory and make two subdirectories. Let's call them certs and private.
cd sslcert
mkdir certs private

3) Create a database to keep track of each certificate signed

Type:
echo '01' >serial
touch certindex.txt

4) Make a custom config file for openssl to use

Create a file using your editor. We will call it openssl.cnf. Here are the basics needed for this exercise (edit as needed):

#
# OpenSSL configuration file.
#

# Establish working directory.

dir			= .

[ ca ]
default_ca		= CA_default

[ CA_default ]
serial			= $dir/serial
database		= $dir/certindex.txt
new_certs_dir		= $dir/certs
certificate		= $dir/cacert.pem
private_key		= $dir/private/cakey.pem
default_days		= 365
default_md		= md5
preserve		= no
email_in_dn		= no
nameopt			= default_ca
certopt			= default_ca
policy			= policy_match

[ policy_match ]
countryName		= match
stateOrProvinceName	= match
organizationName	= match
organizationalUnitName	= optional
commonName		= supplied
emailAddress		= optional

[ req ]
default_bits		= 1024			# Size of keys
default_keyfile		= key.pem		# name of generated keys
default_md		= md5			# message digest algorithm
string_mask		= nombstr		# permitted characters
distinguished_name	= req_distinguished_name
req_extensions		= v3_req

[ req_distinguished_name ]
# Variable name		  Prompt string
#----------------------	  ----------------------------------
0.organizationName	= Organization Name (company)
organizationalUnitName	= Organizational Unit Name (department, division)
emailAddress		= Email Address
emailAddress_max	= 40
localityName		= Locality Name (city, district)
stateOrProvinceName	= State or Province Name (full name)
countryName		= Country Name (2 letter code)
countryName_min		= 2
countryName_max		= 2
commonName		= Common Name (hostname, IP, or your name)
commonName_max		= 64

# Default values for the above, for consistency and less typing.
# Variable name			  Value
#------------------------------	  ------------------------------
0.organizationName_default	= My Company
localityName_default		= My Town
stateOrProvinceName_default	= State or Providence
countryName_default		= US

[ v3_ca ]
basicConstraints	= CA:TRUE
subjectKeyIdentifier	= hash
authorityKeyIdentifier	= keyid:always,issuer:always

[ v3_req ]
basicConstraints	= CA:FALSE
subjectKeyIdentifier	= hash5) Create a root certificate

All other certificates you create will be based off of this. Because you are not a commercial certificate authority, browsers will still complain when they use your secure site. However you can give folks one of the files that will be created and they can manually import it. From then on your certificates will load just like the commercial sites.

To create, type:
openssl req -new -x509 -extensions v3_ca -keyout \
private/cakey.pem -out cacert.pem -days 365 -config ./openssl.cnf

Note the backslash (\) at the end of the first line. This is a way to type long command lines. Simply press <Enter> after it and you will be prompted to continue typing.

You will be prompted for information and a password. Do not loose this password, make sure it is a secure one, and back up the two files that are created.

The two files that are created are cacert.pem, which is the one you can give to others for import in their browsers, and cakey.pem, which will be in the private directory.


Name Field
Explanation
Example


Country Name
The two-letter ISO abbreviation for your country
US = United States


State or Province Name
The state or province where your organization is located. Can not be abbreviated.
Georgia


City or Locality
The city where your organization is located.
Atlanta


Organization Name
The exact legal name of your organization. Do not abbreviate
SSL Secure Inc.


Organizational Unit
Optional for additional organization information.
Marketing


Common Name (Server Host Name)
The fully qualified domain name for your web server. You will get a certificate name check warning if this is not an exact match.
If you intend to secure the URL https://secure.yourURL.com, then your CSR's Server Hostname must be secure.yourURL.com or *.yourURL.com for all subdomains in your domain.


Server Admin.'s email address
Your email address
someone@your.domain


6) Create a key and signing request

To do this type:
openssl req -new -nodes -out req.pem -config ./openssl.cnf

You will be prompted for information. The critical part is the "Common Name". This must be the server's hostname, such as mail.your.domain, or the IP address. If you want to cover all subdomains you can enter *.your.domain. Use the "Orgainizational Unit" to remind you what the certificate is for, such as "Web Server".

This will generate two files - key.pem, your private key, and req.pem, your signing request.

7) Sign the request

This will generate the certificate.

Type:
openssl ca -out cert.pem -config ./openssl.cnf -infiles req.pem

You will be prompted for the password used when creating the root certificate.

Two files are created - cert.pem, which is your certificate, and <number>.pem, a copy of it in the certs directory.
4.0 - Installing IMAWEB 4.1 - Getting the package
4.2 - Configuration
4.3 - Other packages needed libpbm package is needed to create jpg thumbnails and images preview it can be found on source forge here.
dcmtk package is needed to manipulate dicom files and from the imagem toolkit, utilities viewau and viewsr that are compiled within libimagem with ucdmc_dicom dicom library are needed.
Note: For more informations about dicom see HERE

5.0 - Other ressources 5.1 - Distribution of Apache/Php/etc Apache Friends

5.2 - Documentation Internet Related Technologies http://www.irt.org/index.htm