Creating LAMP VM – Apache

This is part of a series of posts on creating your own LAMP virtual machine for development purposes. Here we will cover the initial installation of Apache, building it from source.

Estimated time (this post only): 15 minutes

Prerequisites

First we need to install a few prerequisites, including a text browser we will use for some websites that support it. Then change to a working directory that we will use for our various source files:

sudo yum install wget elinks pcre pcre-devel openssl-devel

Download/Build/Install

Let’s download the latest stable version of Apache:

cd /usr/local/src
sudo elinks httpd.apache.org/download.cgi

Don’t you love text browsers? Use the arrows to scroll down to the version you want to download and use <Enter> to browse to the source files and save them to the current location (see screenshots below).

Downloading Apache Step 1

Downloading Apache Step 2

Downloading Apache Step 3

Use the <G> key to open another URL: apr.apache.org/download.cgi

Download the latest version of APR and APR-Util as well (be sure it is the tar.gz version).

Exit Elinks with <Q>. Now we should verify the downloads. The version numbers are critical here, so if you need a reminder of what you downloaded, just type:

ls -lh

Now, type the following commands to verify those downloads, editing for the proper version numbers as needed:

sudo wget apache.org/dist/httpd/KEYS
sudo wget apache.org/dist/httpd/httpd-2.4.16.tar.gz.asc
sudo wget apache.org/dist/apr/apr-1.5.2.tar.gz.asc
sudo wget apache.org/dist/apr/apr-util-1.5.4.tar.gz.asc
gpg --import KEYS
gpg --verify httpd-2.4.16.tar.gz.asc
gpg --verify apr-1.5.2.tar.gz.asc
gpg --verify apr-util-1.5.4.tar.gz.asc

See the following websites to check the signature:
http://httpd.apache.org/download.cgi#verify
http://apr.apache.org/download.cgi#verify

Now that we’ve verified the downloads, extract them (edit commands as necessary):

sudo tar -zxvf httpd-2.4.16.tar.gz
sudo rm httpd-2.4.16.tar.*
sudo tar -zxvf apr-1.5.2.tar.gz
sudo rm apr-1.5.2.tar.*
sudo mv apr-1.5.2 httpd-2.4.16/srclib/apr
sudo tar -zxvf apr-util-1.5.4.tar.gz
sudo rm apr-util-1.5.4.tar.*
sudo mv apr-util-1.5.4 httpd-2.4.16/srclib/apr-util
cd httpd-2.4.16

Now we need to configure our source tree, build, and install. Below is the simple syntax I used but you may want to alter some options. See the Apache documentation for more options. The second step will take a while so be patient:

sudo ./configure --with-included-apr --enable-ssl --enable-so --with-mpm=prefork
sudo make
sudo make install

Let’s start it up and make sure it works (assuming you installed to the default path):

sudo /usr/local/apache2/bin/apachectl start
elinks http://localhost

Ignore the error about the lack of a FQDN for now. If everything worked you should see the words “It works!” at the top of the screen. Then exit Elinks with <Q> again.

Configure Apache

Let’s set Apache to start automatically on boot:

sudo touch /etc/init.d/apache2
sudo chmod 755 /etc/init.d/apache2
sudo nano /etc/init.d/apache2

In this new file, add the following:

#!/bin/sh
### BEGIN INIT INFO
# Provides:          apache2
# Required-Start:    $all
# Required-Stop:     $all
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
# Short-Description: apache2
# Description:       httpd server for serving web content
### END INIT INFO

case "$1" in
start)
        echo "Starting Apache ..."
        # Change the location to your specific location
        /usr/local/apache2/bin/apachectl start
;;
stop)
        echo "Stopping Apache ..."
        # Change the location to your specific location
        /usr/local/apache2/bin/apachectl stop
;;
graceful)
        echo "Restarting Apache gracefully..."
        # Change the location to your specific location
        /usr/local/apache2/bin/apachectl graceful
;;
restart)
        echo "Restarting Apache ..."
        # Change the location to your specific location
        /usr/local/apache2/bin/apachectl restart
;;
*)
        echo "Usage: '$0' {start|stop|restart|graceful}"
        exit 64
;;
esac
exit 0

Save and exit. Then:

sudo chkconfig --add apache2

Apache should load at startup now. You can also easily start/stop it with:

sudo service apache2 start
sudo service apache2 stop

Let’s get rid of that annoying error message now…

sudo nano /usr/local/apache2/conf/httpd.conf

Go down and un-comment/edit the line that begins with “#ServerName” so it says something like:

ServerName lamp.localdomain:80

Of course you will need to change the above to match whatever FQDN you gave the system during install (or just use the static IP address).

After saving and exiting nano, do the following to ensure you don’t get the FQDN error anymore, then return to the working directory:

sudo service apache2 restart
cd /usr/local/src

Setup SSL

Now let’s get SSL setup. We need to edit the configuration file again:

sudo nano /usr/local/apache2/conf/httpd.conf

Find and un-comment the following three lines, which are NOT together (note that Ctrl-W comes in handy here):

LoadModule ssl_module modules/mod_ssl.so
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
Include conf/extra/httpd-ssl.conf

While you are in here you may also want to un-comment any other needed modules. Common modules you may need include “mod_cgi” and “mod_rewrite.”

For now we are not going to edit the “httpd-ssl.conf” configuration file so let’s just generate and sign a certificate. First, generate the key:

sudo openssl genrsa -out server.key 4096

Note that I didn’t use the -des3 option above because I don’t want to have to enter a password every time Apache starts (and this is just a test bed). Now let’s create the CSR:

sudo openssl req -new -key server.key -out server.csr

The above command will ask for some info to be included in the certificate. Go with defaults or customize as desired.

Finally, we can create the actual certificate:

sudo openssl x509 -req -days 3650 -in server.csr -signkey server.key -out server.crt

Customize the above command as desired. I set the certificate to expire in 10 years since this is only for testing purposes.

Type the following:

ls server*

The above should show the following 3 files:

server.crt server.csr server.key

Copy the needed files to their proper location, restart Apache, and test SSL:

sudo cp server.key /usr/local/apache2/conf/
sudo cp server.crt /usr/local/apache2/conf/
sudo service apache2 restart
elinks https://localhost

If SSL verification is enabled in Elinks (it is by default) you will get an error. You can change this option by pressing <O> then using the space key to expand Connections->SSL and use <E> to change the “Verify certificates” to 0. Then save, close, quit and try again.

This is also a good time to test the connection from the host system using a browser like Firefox or Chrome. Just open your browser of choice and type each of the following in turn into the address bar (adjusting the IP address if needed):

http://192.168.56.10
https://192.168.56.10

You will get a security warning for the SSL site. That is expected, so confirm the certificate. If something went wrong, the problem is most likely with your firewall settings, so go back to that section in the previous article and check everything as mentioned above.

Leave a Reply