Apache-1.x + SSL + PHP + MySQL + ZendOptimizer 설치

Apache-1.x + SSL + PHP + MySQL + ZendOptimizer 설치
1. Source 파일 다운로드
Apache-2.x 와 달리 apache-1.x 에서 SSL 을 사용하기 위해서는 modssl.org 에서 제공되는
mod_ssl 을 이용하여야 한다. 설치하려는 Apache 버전에 맞는 mod_ssl.APACHE.Version 을
다운로드한다.
[root@localhost src]# ls -al
합계 64
drwxrwxr-x
7 root root 32768 1월
5 13:04 .
drwxr-xr-x 27 root root
4096 12월 28 18:10 ..
drwxr-xr-x
4 root root
4096 1월 17
drwxr-xr-x
8
501
20
drwxr-xr-x 10 root root
drwxrwxrwx 33 root root
drwxr-xr-x 14 root root
4096
1월 11
4096 1월
4096
2008 ZendOptimizer-3.3.3-linux-glibc23-i386
2008 apache_1.3.41
5 13:04 mod_ssl-2.8.31-1.3.41
6월
4096 2월 26
4
2010 mysql-5.1.48
2009 php-5.2.9
2. MySQL 설치
MySQL Source 디렉토리로 이동해서 configure, make, make install 실행
[root@localhost src]# cd mysql-5.1.48/
[root@localhost mysql-5.1.48]# ./configure --prefix=/usr/local/mysql --with-charset=euckr -with-extra-charsets=all
[root@localhost mysql-5.1.48]# make && make install
[root@localhost mysql-5.1.48]# cd /usr/local/mysql
[root@localhost mysql]# ./bin/mysql_install
[root@localhost mysql]# chown –R mysql.mysql var
[root@localhost mysql]# /usr/local/mysql/share/mysql.server start
3. Apache 설치
Apache Source 디렉토리로 이동 후 configure, make, make install 실행.
mod_ssl 을 이용하기 위해서는 다운로드 받은 mod_ssl 을 include 하여야 한다.
[root@localhost src]# cd mod_ssl-2.8.31-1.3.41/
[root@localhost mod_ssl-2.8.31-1.3.41]# ./configure --with-apache=../apache_1.3.41/
Configuring mod_ssl/2.8.31 for Apache/1.3.41
+ Apache location: ../apache_1.3.41/ (Version 1.3.41)
+ Auxiliary patch tool: ./etc/patch/patch (local)
+ Applying packages to Apache source tree:
o Extended API (EAPI)
o Distribution Documents
o SSL Module Source
o SSL Support
o SSL Configuration Additions
o SSL Module Documentation
o Addons
Done: source extension and patches successfully applied.
Now proceed with the following commands (Bourne-Shell syntax):
$ cd ../apache_1.3.41/
$ SSL_BASE=/path/to/openssl ./configure ... --enable-module=ssl
$ make
$ make certificate
$ make install
[root@localhost mod_ssl-2.8.31-1.3.41]# SSL_BASE=/usr
[root@localhost mod_ssl-2.8.31-1.3.41]# cd ../apache_1.3.41/
[root@localhost apache_1.3.41]# ./configure --prefix=/usr/local/apache --enable-module=so
--enable-shared=max --enable-module=rewrite --enable-module=ssl
[root@localhost apache_1.3.41]# make
[root@localhost apache_1.3.41]# make certificate
<- 에서는 엔터키만 입력한다.
make[1]: Entering directory `/usr/local/src/apache_1.3.41/src'
SSL Certificate Generation Utility (mkcert.sh)
Copyright (c) 1998-2000 Ralf S. Engelschall, All Rights Reserved.
Generating test certificate signed by Snake Oil CA [TEST]
WARNING: Do not use this for real-life/production systems
______________________________________________________________________
STEP 0: Decide the signature algorithm used for certificate
The generated X.509 CA certificate can contain either
RSA or DSA based ingredients. Select the one you want to use.
Signature Algorithm ((R)SA or (D)SA) [R]:R
______________________________________________________________________
STEP 1: Generating RSA private key (1024 bit) [server.key]
10281219 semi-random bytes loaded
Generating RSA private key, 1024 bit long modulus
...............++++++
.....................++++++
e is 65537 (0x10001)
______________________________________________________________________
STEP 2: Generating X.509 certificate signing request [server.csr]
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
----1. Country Name
(2 letter code) [XY]:
2. State or Province Name
(full name)
3. Locality Name
(eg, city)
4. Organization Name
[Snake Desert]:
[Snake Town]:
(eg, company)
5. Organizational Unit Name (eg, section)
6. Common Name
7. Email Address
8. Certificate Validity
[Snake Oil, Ltd]:
[Webserver Team]:
(eg, FQDN)
[www.snakeoil.dom]:
(eg, name@FQDN) [www@snakeoil.dom]:
(days)
[365]:
______________________________________________________________________
STEP 3: Generating X.509 certificate signed by Snake Oil CA [server.crt]
Certificate Version (1 or 3) [3]:
Signature ok
subject=/C=XY/ST=Snake
Desert/L=Snake
Town/O=Snake
Oil,
Ltd/OU=Webserver
Team/CN=www.snakeoil.dom/emailAddress=www@snakeoil.dom
Getting CA Private Key
Verify: matching certificate & key modulus
Verify: matching certificate signature
../conf/ssl.crt/server.crt:
/C=XY/ST=Snake
Desert/L=Snake
Town/O=Snake
Ltd/OU=Certificate Authority/CN=Snake Oil CA/emailAddress=ca@snakeoil.dom
error 10 at 1 depth lookup:certificate has expired
OK
______________________________________________________________________
Oil,
STEP 4: Enrypting RSA private key with a pass phrase for security [server.key]
The contents of the server.key file (the generated private key) has to be
kept secret. So we strongly recommend you to encrypt the server.key file
with a Triple-DES cipher and a Pass Phrase.
Encrypt the private key now? [Y/n]: n
Warning, you're using an unencrypted RSA private key.
Please notice this fact and do this on your own risk.
______________________________________________________________________
RESULT: Server Certification Files
o
conf/ssl.key/server.key
The PEM-encoded RSA private key file which you configure
with the 'SSLCertificateKeyFile' directive (automatically done
when you install via APACI). KEEP THIS FILE PRIVATE!
o
conf/ssl.crt/server.crt
The PEM-encoded X.509 certificate file which you configure
with the 'SSLCertificateFile' directive (automatically done
when you install via APACI).
o
conf/ssl.csr/server.csr
The PEM-encoded X.509 certificate signing request file which
you can send to an official Certificate Authority (CA) in order
to request a real server certificate (signed by this CA instead
of our demonstration-only Snake Oil CA) which later can replace
the conf/ssl.crt/server.crt file.
WARNING: Do not use this for real-life/production systems
make[1]: Leaving directory `/usr/local/src/apache_1.3.41/src'
4. PHP 설치
PHP source 디렉토리로 이동 후 configure, make, make install 실행
[root@localhost
php-5.2.9]#
./configure
--prefix=/usr/local/php
--with-
mysql=/usr/local/mysql --with-apxs=/usr/local/apache/bin/apxs --enable-sysvshm=yes --
enable-sysvsem=yes
--enable-debug=no
--enable-track-vars=yes
--enable-url-fopen-
wrapper=yes --with-ttf --with-png-dir=/usr --with-zlib-dir --with-jpeg-dir=/usr --withgdbm=/usr --enable-ftp --with-tiff-dir=/usr --enable-memory-limit --enable-mbstring -with-expat-dir=/usr
--enable-sockets
--enable-wddx
--with-freetype-dir=/usr
--enable-
bcmath --enable-mbstr-enc-trans --enable-mbregex --enable-exif --with-gd --enable-gdnative-ttf --enable-gd-imgstrttf --enable-calendar --with-openssl=/usr
[root@localhost php-5.2.9]# make && make install
[root@localhost php-5.2.9]# cp php.ini-dist /usr/local/php/lib/php.ini
Apache 에서 PHP 를 인식하도록 httpd.conf 수정
[root@localhost php-5.2.9]# vi /usr/local/apache/conf/httpd.conf
<IfModule dir_module>
DirectoryIndex index.html index.htm index.php index.php3 index.cgi index.phtml
</IfModule>
AddType application/x-httpd-php .html .htm .phpp .php3 .php4 .phtml
.conf .config .inc .con .cnf
AddType application/x-httpd-php-source .phps
Apache 데몬 구동
[root@localhost php-5.2.9]# /usr/local/apache2/bin/apachectl start
5. ZendOptimizer 설치
ZendOptimizer Source 디렉토리로 이동 후 install.sh 파일을 실행 후 ZendOptimizer, Apache,
php.ini 파일의 경로를 입력하고 나머지는 디폴트로 설정
[root@localhost src]# cd ZendOptimizer-3.3.3-linux-glibc23-i386/
[root@localhost ZendOptimizer-3.3.3-linux-glibc23-i386]# ./install.sh
6. SSL 설정
ssl key 생성 (hostway.co.kr 대싞 사용할 도메인을 입력한다.)
[root@localhost src]# cd /usr/local/apache/conf
[root@localhost conf]# openssl genrsa 2048 > hostway.co.kr.key
[root@localhost conf]# openssl req -new -key hostway.co.kr.key > hostway.co.kr.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
----Country Name (2 letter code) [GB]:KR
<- 국가 코드 KR 입력
State or Province Name (full name) [Berkshire]:Seoul
<- 지역
Locality Name (eg, city) [Newbury]:Seoul
<- 지역
Organization Name (eg, company) [My Company Ltd]:HOSTWAY
Organizational Unit Name (eg, section) []:System Div.
<-영문 상호명
<- 영문 부서명
Common Name (eg, your name or your server's hostname) []:www.hostway.co.kr
<- 공백
이 허용되지 않으며, SSL 을 적용할 정확한 도메인명(FQDN) 으로 입력
Email Address []:system@hostway.co.kr
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []: <- 패스워드 입력 없이 엔터키 입력
An optional company name []: <- 패스워드 입력 없이 엔터키 입력
생성한 CSR 코드를 호스트웨이 http://hostway.co.kr/server/order/option_order_ssl.html “CSR
코드입력” 란에 입력 후 싞청한다.
호스트웨이
영업팀을
통해서
발급받으싞
인증서
파일을
압축
해제
후
/usr/local/apache2/conf 폴더로 복사한다.
호스트웨이 영업팀을 통해서 발급받은 인증서 파일을 /usr/local/apache2/conf/extra/httpdssl.conf 파일에 기본 샘플 내역을 참고하여 작성한다. 설정해야 할 중요 지시자는 아래와 같
다.
[root@localhost conf]# vi /usr/local/apache/conf/httpd.conf
NameVirtualHost *:443
<VirtualHost *:443>
DocumentRoot /home/hostway/
ServerName www.hostway.co.kr
SSLCertificateKeyFile /usr/local/apache2/conf/hostway.co.kr.key
SSLCertificateFile /usr/local/apache2/conf/hostway.co.kr.crt
SSLCACertificateFile /usr/local/apache2/conf/hostway.co.kr.ca-bundle
</VirtualHost>
7. Apache 구동 후 포트 확인 및 인증서 내역 확인
[root@localhost conf]# /usr/local/apache/bin/apachectl stop
[root@localhost conf]# /usr/local/apache/bin/apachectl startssl
[root@localhost conf]# netstat -atnp | grep :443
tcp
23297/httpd
0
0 0.0.0.0:443
0.0.0.0:*
LISTEN