Spindrift ° Insights ° Setup an SSL-aware Apache Server

Setup an SSL-aware Apache server

for use with ATG's Apache Connection Module

Document Information

Title: Setup an SSL-aware Apache server
Subject: for use with ATG's Apache Connection Module
Author(s): Güray Sen
Comments

Document Version

v1@11/11/2005

Copyright

This work is licensed under a Creative Commons Attribution-ShareAlike 2.5 License.

No Warranty

This document is provided 'as is' without warranty of any kind, either expressed or implied, including, but not limited to, the implied warranties of merchantability, fitness for a particular purpose, or non-infringement.

The contents of this publication could contain technical inaccuracies or typographical errors. Changes are periodically added to the information herein; these changes will be incorporated in the new editions of the publication. Spindrift may make improvements and/or changes in the publication and/or product(s) described in the publication at any time without notice.

Limitation of Liability

In no event will Spindrift be liable for direct, indirect, special, incidental, economic, cover, or consequential damages arising out of the use of or inability to use this documentation even if advised of the possibility of such damages.

Contact

Web: www.spindriftgroup.com

1 Introduction
2 Setup
    2.1 Apache, mod_ssl and OpenSSL
    2.2 Apache Connection Module
        2.2.1 Installing an Apache Connection Module
        2.2.2 Configuring Apache

1 Introduction

This document describes how to setup an SSL-aware Apache webserver and install ATG's Apache Connection Module under GNU/Linux. This document combines the mod_ssl installation instructions from the modssl.org website with the installation instructions for ATG's Apache Connection Module from the ATG documentation set.

2 Setup

2.1 Apache, mod_ssl and OpenSSL

Change to a temporary directory:

$ cd ~/tmp

Download and extract the distributions of Apache, mod_ssl and OpenSSL:

$ wget http://www.apache.org/dist/httpd/apache_1.3.34.tar.gz
$ gunzip -c apache_1.3.34.tar.gz | tar xvf -
$ wget ftp://ftp.modssl.org/source/mod_ssl-2.8.25-1.3.34.tar.gz
$ gunzip -c mod_ssl-2.8.25-1.3.34.tar.gz | tar xvf -
$ wget ftp://ftp.openssl.org/source/openssl-0.9.8a.tar.gz
$ gunzip -c openssl-0.9.8a.tar.gz | tar xvf -

Build OpenSSL:

$ cd openssl-0.9.8a
$ ./config
$ make
$ cd ..

Build and install the SSL-aware Apache with enabled DSO support:

$ cd mod_ssl-2.8.25-1.3.34
$ ./configure --with-apache=../apache_1.3.34 --with-ssl=../openssl-0.9.8a --enable-module=so --enable-module=mod-dir --prefix=/usr/local/apache
$ cd ../apache_1.3.34
$ make
$ make certificate
$ make install

You now have successfully built and installed an Apache 1.3 HTTP server. To verify that Apache actually works correctly you now should first check the configuration files at /usr/local/apache/conf/httpd.conf and then you should be able to immediately fire up Apache the first time by running:

$ /usr/local/apache/bin/apachectl start

Or when you want to run it with SSL enabled use:

$ /usr/local/apache/bin/apachectl startssl

After you have verified Apache works, we will install ATG's Apache Connection Module.

2.2 Apache Connection Module

2.2.1 Installing an Apache Connection Module

The Apache Connection Module enables a Dynamo server to communicate with an Apache HTTP server using the native API. This section describes how to build and install an Apache Connection Module as a DSO (Dynamic Shared Object).¹

Change to a temporary directory:

$ cd ~/tmp

Create a build directory for the Apache Connection Module:

$ mkdir connection-module

Copy the sources from your ATG installation to the build directory:

$ cp <DAS_ROOT_DIR>/DAS/src/apache_dyn_cm/* connection-module

Change to the build directory and run the apxs² program to build a DSO for the Dynamo Connection Module:

$ cd connection-module
$ /usr/local/apache/bin/apxs -DEAPI -DMOD_SSL -I ../openssl-0.9.8a/include/ -o dynamoApache.so -c *.c

Run apxs to install the Dynamo Connection Module DSO and make the Dynamo module active:

$ /usr/local/apache/bin/apxs -i -a -n dynamo dynamoApache.so

Please verify the changes to your httpd.conf configuration file as the -a option activates the module by automatically adding a corresponding LoadModule line to Apache's httpd.conf configuration file, or by enabling it if it already exists.

We can now configure the Apache server to work with Dynamo.

2.2.2 Configuring Apache

After installing the Connection Module, configure your Apache server to work with Dynamo.

Change to your Apache configuration directory:

$ cd /usr/local/apache/conf

Edit the mime.types file and insert the following ATG Dynamo MIME types at the end:

dynamo-internal/jsp jsp
dynamo-internal/html jhtml jhtm
dynamo-internal/wml jwml jwm
dynamo-internal/template dyn

Add a DynamoManager line to the httpd.conf file in the conf directory of your Apache server. The DynamoManager entry takes a list of lmhost:portnum pairs specifying Load Managers. You must specify at least one pair. Set lmhost to the IP address of the machine hosting the Dynamo Load Manager server and portnum to the TCP port you used to install the Dynamo server. For example:

DynamoManager localhost 8880

In the httpd.conf file, add any other parameters that you want to give the Connection Module. For a complete list please refer to the ATG documentation set:

DynamoPath /

Add index.jsp and index.jhtml to the DirectoryIndex parameter:

DirectoryIndex index.html index.jsp index.jhtml

Save all files and restart Apache:

$ /usr/local/apache/bin/apachectl stop
$ /usr/local/apache/bin/apachectl startssl

Congratulations, you now have a working SSL-aware Apache server with an ATG Connection Module. Don't forget to clean up your work after you are done:

$ cd ~/tmp
$ rm -rf connection-module
$ rm -rf openssl-0.9.8a; rm openssl-0.9.8a.tar; rm openssl-0.9.8a.tar.gz
$ rm -rf mod_ssl-2.8.25-1.3.34; rm mod_ssl-2.8.25-1.3.34.tar; rm mod_ssl-2.8.25-1.3.34.tar.gz
$ rm -rf apache_1.3.34; rm apache_1.3.34.tar; rm apache_1.3.34.tar.gz

1: You can also install the binary Apache Connection Module that is bundled with Dynamo. Copy the binary Connection Module from your ATG installation to the temporary directory or install it directly from your ATG installation (this depends if you are using a seperate web server from your ATG server or if you are running both applications from the same machine).
$ /usr/local/apache/bin/apxs -i -a -n dynamo <DAS_ROOT_DIR>/DAS/os_specific_files/i486-unknown-linux2/dynamoApache.so
If you installed ATG's binary Apache Connection Module and you receive the following warning when starting Apache...
[warn] Loaded DSO libexec/dynamoApache.so uses plain Apache 1.3 API, this module might crash under EAPI! (please recompile it with -DEAPI)
...it is recommended that you build your own Connection Module as detailed above.

2: apxs is a Perl script that requires Perl 5.003 or higher. In order to use the apxs utility to install an Apache Connection Module as a DSO, you must have Perl 5.003 or higher and an ANSI C compiler.