1. Introduction
In the old days (around the year 2000), SUN Solaris was the major commercial UNIX operating system powering web servers around the world. Although Solaris had a strong package management, many open source packages needed to be compiled from scratch. More complex open source software, such as the Apache webserver could be enhanced with functions and modules from code outside the core project. These external libraries and packages often differed in packing and distribution format, depending on the environment of the authors. As a result, manual compilation and setup was a often executed necessity which required tracing of dependencies and recipies for building and setup.
Below is such a recipe for building the Apache web server version 1.3.22 released on Oct-9, 2001, with external modules for enabling SSL encryption, LDAP and Radius authentication.
The filesystem destination for Apache is planned to be /opt/apache.
2. get the all the required following packages
- apache_1.3.22.tar www.apache.org
- mm-1.1.3.tar www.engelschall.com/sw/mm
- mod_ssl-2.8.5-1.3.22.tar www.modssl.org
- openssl-0.9.6a.tar www.openssl.org
- mod_auth_ldap-0.5.1.tar www.nona.net
- mod_auth_radius.c www.freeradius.org/mod_auth_radius
- openldap-2.0.18.tar www.openldap.org
3. Run configure and make on external required packages
- mm-1.1.3
- openssl-0.9.6a
- openldap-2.0.18
/tmp/mm-1.1.3: ./configure --prefix=/opt/mm-1.1.3 --disable-shared; make /tmp/openssl-0.9.6a: ./config -fPIC --prefix=/opt/openssl-0.9.6a; make /tmp/openldap-2.0.18: ./configure --prefix=/opt/openldap-2.0.18 \ --disable-slapd --disable-slurpd \ --disable-ldbm; make depend; make
4. put the modules in place, configure the SSL package
cd /tmp/apache_1.3.22/src/modules; tar xvf mod_auth_ldap-0.5.1.tar cd /tmp/apache_1.3.22/src/modules; tar xvf mod_auth_radius.tar cd mod_auth_ldap; ./configure --prefix=/opt/apache cd /tmp/mod_ssl-2.8.5-1.3.22 ./configure --with-apache=../apache_1.3.22
5. Compile and install Apache
setenv SSL_BASE ../openssl-0.9.6a setenv EAPI_MM ../mm-1.1.3 setenv LIBS -L/tmp/openldap-2.0.18/libraries setenv INCLUDES -I/tmp/openldap-2.0.18/include cd /tmp/apache_1.3.22 ./configure --enable-module=ssl --prefix=/opt/apache \ --activate-module=src/modules/mod_auth_ldap/mod_auth_ldap.c \ --add-module=src/modules/mod_auth_radius.c \ --enable-module=most make make certificate make install
6. Configure Apache and start it
cd /opt/apachehtdocs; make ldaptest cd /opt/apache/conf
To configure LDAP authentication, please see the example below:
<Location "/ldaptest"> AuthName "very confidential ldap user group" AuthType Basic AuthLDAPHosts "ldapserver f30ws4:389" AuthLDAPBindDN "cn=root,dc=fab30" AuthLDAPBindPassword xxxxxxxx AuthLDAPBaseDN "ou=People,dc=fab30" AuthLDAPSearchScope onelevel AuthLDAPUserKey uid AuthLDAPPassKey userpassword #AuthLDAPCryptPasswords off AuthLDAPSchemePrefix on # AuthLDAPGroupKey People <Limit GET POST> require user frank4dd user2 user3 </Limit> </Location>
To configure Radius authentication, please see the example below:
# load radius module LoadModule radius_auth_module libexec/mod_auth_radius.so # just AFTER 'AddModule mod_auth.c add the module 'mod_auth_radius.c' AddModule mod_auth_radius.c <IfModule mod_auth_radius.c> # AddRadiusAuth server[:port] shared-secret [ timeout ] AddRadiusAuth localhost:1645 testing123 5 <Location "/radiustest"> AuthType Basic AuthName "RADIUS authentication for localhost" AuthAuthoritative off AuthRadiusAuthoritative on AuthRadiusCookieValid 5 AuthRadiusActive On require valid-user </Location>
We can now start apache with /opt/apache/bin/apachectl startssl.
Compiling Apache from the ground up is not necessary anymore. Most Linux and commercial UNIX distributions now provide pre-compiled packages that include all but the most exotic plugins. Apache also has a plugin compiler that can be used to add modules at a later time without re-compiling everything from scratch.