apache2 - The 2.x version of the Apache HTTP server ChangeLog

HOWTO


# Apache HTTP 2.x + mod_ssl
# =========================
# Historically you would just call the web server software "Apache"
#
# Now there are many different Apache projects, so now it should be
# really be referred to as "Apache HTTP"
#
# This HOWTO is "apache2" because before Tomcat and OpenOffice and
# SpamAssassin and the hundreds of others that there are now...
# Apache Project List

# Unlike Apache 1.x, mod_ssl is part of Apache 2.x (if you enable it)

# Success building it with OpenSSL 1.1.1 and 3.0

# If you also want mod_jk, see the Apache Tomcat HOWTO, which I have not
# yet uploaded because it is drastically outdated, so never mind

# Versions of Apache 2.x that are included with Slackware:
# Slackware 14.0: httpd 2.4.3
# Slackware 14.1: httpd 2.4.6
# Slackware 14.2: httpd 2.4.20
# Slackware 15.0: httpd 2.4.52
#
# Always check 'patches' for updates

# Create directories for the extracted source and the tarball
mkdir -p -m 0700 ~/backup/apache2 ~/installed/apache2 ~/src/apache2


# Apache httpd 2.4.62
# ===================
# Prerequisites:
# pkg-config
# APR
# APR-util
# OpenLDAP (optional)
# Berkeley DB (bdb)
# Expat
# glibc's iconv or libiconv
# OpenSSL >= 0.9.8a (optional)
# rustls (optional)
# LibreSSL (optional)
# rsync (see below)
# PCRE2 or PCRE
# Nghttp2 >= 1.2.1 (optional)
# Brotli (optional)

# Apache HTTP Server 2.4.x release announcements
# [ANNOUNCEMENT] Apache HTTP Server 2.4.62 Released (mailing list)
# New features in Apache HTTP Server 2.4
# Apache HTTP Server 2.4 vulnerabilities
# Changes for all releases of Apache HTTP Server (since 2.3.0)
# Changes for Apache HTTP Server 2.4.62 only

# We use the CDN (content delivery network) URL below.
# If you can, use one of the Apache mirrors instead of www.apache.org
# Automatic mirror selection
# Specific alternate download URLs:
# https://dlcdn.apache.org/httpd/httpd-2.4.62.tar.bz2
# https://downloads.apache.org/httpd/httpd-2.4.62.tar.bz2
# https://apache.osuosl.org/httpd/httpd-2.4.62.tar.bz2

# OpenSSL 3.x support for mod_ssl was added as of 2.4.52

# Get the source tarball
cd
test -f installed/apache2/httpd-2.4.62.tar.bz2 &&
mv installed/apache2/httpd-2.4.62.tar.bz2 .
test ! -f httpd-2.4.62.tar.bz2 &&
wget https://dlcdn.apache.org/httpd/httpd-2.4.62.tar.bz2

# Verify base64-encoded digest w/ cksum from coreutils >= 9.2:
echo "fbGHaAXVwPYPSby1H3XN9WcSDy/2NJ5o8ITpqGrjgmXZ8cZ+f8oAgsnbE288QIqI\
UB7hHyaxtockuiQIZxcddw==  httpd-2.4.62.tar.bz2" | cksum -a sha512 -c

# Verify tarball w/ sha512sum:
# (this came from my gpg-verified tarball and the Apache site)
# (you can get it this way too:
#  openssl sha512 httpd-2.4.62.tar.bz2
#  shasum -a 512 httpd-2.4.62.tar.bz2)
echo "7db1876805d5c0f60f49bcb51f75cdf567120f2ff6349e68f084e9a86ae3\
8265d9f1c67e7fca0082c9db136f3c408a88501ee11f26b1b68724ba240867171d\
77  httpd-2.4.62.tar.bz2" | sha512sum -c

# Import gpg/pgp keys in case you can't find it
# on a keyserver:
wget -nc https://downloads.apache.org/httpd/KEYS &&
gpg --import KEYS && rm KEYS

# Verify tarball w/ gpg:
( gpg --list-keys 65B2D44FE74BD5E3DE3AC3F082781DE46D5954FA > /dev/null 2>&1 ||
  gpg --recv-keys 65B2D44FE74BD5E3DE3AC3F082781DE46D5954FA ) &&
wget -nc https://dlcdn.apache.org/httpd/httpd-2.4.62.tar.bz2.asc &&
  gpg --verify httpd-2.4.62.tar.bz2.asc && rm httpd-2.4.62.tar.bz2.asc

# Extract it
cd ~/src/apache2
find -maxdepth 1 -type d -name "httpd-*" -exec rm -r {} \;
tar xjvf ~/httpd-2.4.62.tar.bz2
cd httpd-2.4.62
test $UID = 0 && chown -R root:root .

# The default prefix is /usr/local/apache2, so if you have a truly ancient
# Apache 1.x installed under /usr/local/apache, it will not be overwritten.

# I include some of the options that I pass to configure below.  You may only
# want to run ./configure with no options.  See './configure --help' and
# the docs for more information about building certain features into Apache,
# and how to leave others out.  --enable-vhost-alias and --enable-rewrite
# are notably spiffy ones.

# If you're upgrading an older version of Apache HTTP and you don't know
# what modules it was built with, look in /usr/local/apache2/modules to see
# what so modules are available, the LoadModule lines that are not commented
# out in httpd.conf for which ones were being used, and if that older
# version is available, run '/usr/local/apache2/bin/httpd -l'

# If you're planning on installing subversion and it's Apache modules,
# pass "--enable-dav --enable-dav-fs" to configure

# Note: even though --with-ldap isn't listed in the output of ./configure
# --help, it was necessary for me in the past with a previous release

# If your OpenSSL is entirely installed under the OpenSSL < 1.1.0 default
# prefix of /usr/local/ssl, use --with-ssl=/usr/local/ssl  Otherwise, if you
# use /usr or /usr/local (default as of >= 1.1.0) it should find it.

# If APR-util was built with LDAP support, that is good enough
#
# To successfully pass --enable-ldap --enable-authnz-ldap to configure here,
# APR-util will had to have been built with it

## If you use a multi-threaded MPM, use mod_cgid instead of mod_cgi.  You can
## build it in by default with --enable-cgid or you can un-comment the
## appropriate line in httpd.conf to use it as a module:
# LoadModule cgid_module modules/mod_cgid.so
## and then (re-)start httpd.  For more info:
# https://httpd.apache.org/docs/2.4/mod/mod_cgid.html
# https://httpd.apache.org/docs/2.4/mpm.html

# Configure the build
./configure --enable-ssl --enable-rewrite --enable-vhost-alias --enable-so \
--enable-cgid --with-mpm=event

# Build it
make

# Become root to install it
su

# Though 'make install' will not overwrite existing files, back everything
# up.  This will exclude binaries, libraries, icons, etc. to save space.  If
# you want to back up any of those things, leave out the appropriate
# --exclude=dir part.
test -d /usr/local/apache2 &&
( cd /usr/local
   tar cjv --exclude=bin --exclude=build --exclude=error --exclude=icons \
    --exclude=include --exclude=lib --exclude=man --exclude=manual \
    --exclude=modules -f apache2-`date +%Y%m%d`.tar.bz2 apache2
   test -s apache2-`date +%Y%m%d`.tar.bz2 &&
    mv -f apache2-`date +%Y%m%d`.tar.bz2 ~/backup/apache2/ )

# If you are upgrading Apache HTTP, and httpd is still running, keep in mind
# that it may segfault once you 'make install'.  So you may want to stop it
# or redirect port 80/443 to another web server (ie. with a 'Down for server
# maintenance') page).

# If you're replacing an Apache 2.x that came from a Slackware package,
# back up those files, remove the package, and then remove the leftovers
# (and shut it down first if it's running)
test -d /etc/httpd -a -d /var/www &&
( mkdir -p -m 0700 /root/backup/apache2
   tar cjvf ~/backup/apache2/httpd-$(date +%Y%m%d).tar.bz2 \
    /etc/httpd /etc/logrotate.d/httpd /etc/rc.d/rc.httpd /var/www
   test -x /etc/rc.d/rc.httpd && /etc/rc.d/rc.httpd stop
   test -x /sbin/removepkg && /sbin/removepkg httpd
   test -d /etc/httpd && rm -r /etc/httpd
   test -d /var/run/httpd && rm -r /var/run/httpd
   test -d /var/www && rm -r /var/www )

# 'make install' runs rsync, so make sure you've got it and that it's
# functional (make sure 'rsync --help' runs OK)

# Install it
make install

# Open up /usr/local/apache2/conf/httpd.conf and fix at least ServerAdmin,
# setting ServerName is usually a good idea too, even though you usually
# don't have to.

# If you're upgrading from 1.x to 2.x you may want to change Listen to
# 8080 (or some other port), then make sure everything works under
# http://localhost:8080/ before moving it over for real.

# Start the server.  Replace 'action' below with what you want to do.  If
# you're upgrading an old copy, use 'stop' to stop the old one first.  To
# start httpd use 'start'.  If this is an upgrade and you had previously
# configured mod_ssl and were starting it with 'startssl', be aware that
# 'startssl' has been removed (if SSL is configured, it'll start it).  If
# you're upgrading and you had previously configured PHP (or other modules),
# wait to start it until PHP is installed below.
#
# /usr/local/apache2/bin/apachectl action

# If this is your first installation, make sure it works:
# lynx http://localhost/
#
# And if you enabled mod_ssl - make sure that works by opening this URL:
# https://localhost/
# with whatever SSL-supporting browser that you have.  lynx, links, etc.
# can all be built with OpenSSL and if you have a GUI handy,
# Firefox/Mozilla/Netscape, Konqueror, Opera, etc. can all be used as well.
#
# If you don't have any of the above, but you do have non-SSL lynx and an
# SSL enabled curl, try this:
# curl -k https://localhost/ | lynx -stdin

# To make Apache start at boot-up, create a /etc/rc.d/rc.httpd  If it exists
# and is executable, Slackware's /etc/rc.d/rc.M will source it.  If you
# do have the Slackware rc.httpd, open it up and fix the paths
# (/usr/sbin -> /usr/local/apache2/bin, pid is in the logs directory).
wget -nc https://englanders.us/pub/linux/misc/rc.httpd \
-O /etc/rc.d/rc.httpd.new
test -f /etc/rc.d/rc.httpd &&
( mv -f /etc/rc.d/rc.httpd /etc/rc.d/rc.httpd.old
   chmod 600 /etc/rc.d/rc.httpd.old )
test -s /etc/rc.d/rc.httpd.new &&
( mv -f /etc/rc.d/rc.httpd.new /etc/rc.d/rc.httpd
   chmod 700 /etc/rc.d/rc.httpd )

# Add /usr/local/apache2/bin to the PATH and
# /usr/local/apache2/man to the MANPATH.
cat << EOF > /etc/profile.d/apache2.sh
#!/bin/sh
export PATH=\$PATH:/usr/local/apache2/bin
export MANPATH=\$MANPATH:/usr/local/apache2/man
EOF
chmod +x /etc/profile.d/apache2.sh

# Read those variables into your current shell, or log out and then
# log in again
. /etc/profile.d/apache2.sh

# If you upgraded from a Slackware package Apache to this source one,
# you may have to change ownership of files from apache to
# daemon, or you can change the user and group that Apache runs as.  See
# the User= and Group= lines in your old /etc/httpd/httpd.conf vs
# /usr/local/apache2/conf/httpd.conf
# In the past, I've used 'nobody' as well.

# Make sure your non-root user can remove the source later
chown -R $(logname) .
chmod -R u+w .

# Become yourself again
exit

# Save the source for later
cd
rm -f installed/apache2/httpd-*.tar.*
mv httpd-2.4.62.tar.bz2 installed/apache2/


# Setting up mod_ssl
# ==================
# You can skip this part if you're upgrading Apache from an older version
# (which had mod_ssl configured).

# For more info about mod_ssl, go here:
# http://httpd.apache.org/docs/2.4/mod/mod_ssl.html

## If you have Let's Encrypt certificates, you can use these configuration
## options:
# SSLCertificateFile "/etc/letsencrypt/live/example.com/fullchain.pem"
# SSLCertificateKeyFile "/etc/letsencrypt/live/example.com/privkey.pem"
## See the certbot HOWTO for more info

# This part will cover creating SSL certificates for mod_ssl
# FYI, when I used OpenSSL >= 0.9.8 and it's CA.pl may have created
# different filenames (newreq.pem and newkey.pem) vs one from an older
# version of OpenSSL (newreq.pem with both the key and the CSR together).
# If you end up with different/missing files, split and/or rename them
# appropriately.

# To create SSL certs for Apache, go to the bottom of the OpenSSL howto,
# follow the instructions ("Creating SSL certs for an application to use"),
# then come back here.  Those instructions use 'nodes' (no DES) so you won't
# be prompted for a password when Apache starts, which might be bad if
# you're not around after a power failure.

# Start from your home directory
cd

# Become root to install the certs
su

# Create a backup directory
mkdir -p -m 0700 ~/backup/apache2

# Now we back up (as *.old) an old cert/key if they're there and we install
# the new ones where apache will find them:
# [ Some of the locations used are based on where things used to go
#   long ago ]
( cp newcert.pem newkey.pem /usr/local/apache2/conf/
  cd /usr/local/apache2/conf
  mkdir -p ssl.crt ssl.key
  test -f ssl.crt/server.crt &&
   mv -f ssl.crt/server.crt ssl.crt/server.crt.old
  test -f ssl.key/server.key &&
   mv -f ssl.key/server.key ssl.key/server.key.old
  mv newcert.pem ssl.crt/server.crt
  mv newkey.pem ssl.key/server.key
  chown -R root:daemon ssl.crt ssl.key
  chmod 750 ssl.crt ssl.key
  chmod 640 ssl.crt/server.crt ssl.key/server.key
  ln -s ssl.crt/server.crt server.crt
  ln -s ssl.key/server.key server.key
  find -type f -name "*.old" -exec chown root:root {} \;
  find -type f -name "*.old" -exec chmod 600 {} \; )

# Back up the installed certificate and key in ~/backup/apache2/ just in
# case:
test -f /usr/local/apache2/conf/ssl.crt/server.crt &&
cp /usr/local/apache2/conf/ssl.crt/server.crt ~/backup/apache2/
test -f /usr/local/apache2/conf/ssl.crt/server.crt &&
cp /usr/local/apache2/conf/ssl.crt/server.crt ~/backup/apache2/
chmod -f 600 ~/backup/apache2/server.*

## Open up /usr/local/apache2/conf/httpd.conf and uncomment this line:
#LoadModule ssl_module modules/mod_ssl.so
## and this line, because of the default httpd-ssl.conf in 2.4.23:
#LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
## and this line for the SSL configuration to be read-in:
#Include conf/extra/httpd-ssl.conf
#
# Then open up /usr/local/apache2/conf/extra/httpd-ssl.conf and at least fix
# what it says next to ServerName and ServerAdmin, and verify the path to the
# certs (SSLCertificateFile and SSLCertificateKeyFile).  ServerName should
# say the same thing that you entered for your SSL key (where I put
# serverhostnameorappropriatecname.foo.org - ie. www.foo.org).

# Now restart apache so SSL will be enabled.  If this is an upgrade and
# you had previously configured mod_perl and/or PHP, don't start it until
# they're installed below.
/usr/local/apache2/bin/apachectl stop
/usr/local/apache2/bin/apachectl start

# Become your( non-root )self again
exit

## Now try it:
# lynx https://serverhostnameorappropriatecname.foo.org/
## or:
# curl --cacert ~/demoCA/cacert.pem \
#  https://serverhostnameorappropriatecname.foo.org/

# To view the details of the various keys/CSRs/certs:
cd
echo $PATH | grep -q "/usr/local/ssl/bin" ||
export PATH=$PATH:/usr/local/ssl/bin
openssl rsa -noout -text -in demoCA/private/cakey.pem
openssl x509 -noout -text -in demoCA/cacert.pem
openssl rsa -noout -text -in newkey.pem
openssl req -noout -text -in newreq.pem
openssl x509 -noout -text -in newcert.pem
# or replace newreq.pem in the 3rd one with
# /usr/local/apache2/conf/ssl.key/server.key and newcert.pem in the 5th one
# with /usr/local/apache2/conf/ssl.crt/server.crt

# You can remove *.pem and ./demoCA/ now if you won't be using them again


# mod_perl
# ========
# If you would like to install mod_perl, that is covered in a separate
# HOWTO.


# PHP
# ===
# If you would like to install PHP, that is covered in a separate
# HOWTO.

List of HOWTOs

Web page itself last updated: 2023-12-20 8:06pm (EST -0500)
HOWTO last updated: 2024-07-17 9:11pm
Copyright © 2001-2024 Jason Englander. All Rights reserved.
[HTML5]