# [HOWTO] Use the source: Apache 1.3.x + mod_ssl + PHP5 + PEAR

## beandog

[HOWTO] Use the source: Apache 1.3.x + mod_ssl + PHP5 + PEAR

This is an updated version of my old Apache 1.3 + PHP4 tutorial.

Note: I'm probably going to ditch this tutorial sooner or later, and just write tweaked ebuilds with lotsa options that can be used in your overlay directory.

Table of Contents

- Download the packages

- Setup tools

- Unpack packages

- Configure mod_ssl

- Configure apache

- Install apache + mod_ssl

- Configure php

- Install php

- Setup PEAR

- Apache config files

- Init script

- Test your setup

Introduction

Portage can be a little finicky with emerging the virtual package apache.  Even with your USE flags set to include "apache1", running emerge apache will want to install Apache2.  If you really want to use Apache 1.3.x instead of Apache 2.0.x (for whatever reason), just download through portage a module that apache1 uses.

To see what I'm trying to explain, run these commands (with neither apache or mod_php emerged):

```
emerge -pv mod_ssl mod_php # wants to install apache1 + php

emerge -pv mod_php # wants to install apache2
```

I prefer to sidestep the issue completely, and at the same time gain more configuration options by using the source instead of hacking ebuilds.  Note that if you are *not* looking for tweaking your Apache or PHP configuration options, this guide is pretty much useless.  Just emerge mod_php which will automatically install Apache 2 w/ssl support, and mod_php.  Otherwise, read on.

Notes:

I know how *completely* frustrating it can be when you want do a vanilla install, and someone's documentation uses some weird option somewhere which isn't standard, and you can't help but think that's the reason something isn't working when it doesn't.  I'll keep to a clean install using standard tools, and give you the options to tweak along the way.  If you're not feeling adventurous, don't wander too far from the basics.  :Smile: 

Download the packages

```
# emerge -f mod_ssl

# emerge -f /usr/portage/dev-php/php/php-5.0.0.ebuild
```

Unpack packages

Please note -- package versions will definately change as they get updated.  Just replace my examples with real world filenames.

```
# cd /tmp

# tar zxf /usr/portage/distfiles/apache_1.3.31.tar.gz

# tar zxf /usr/portage/distfiles/mod_ssl-2.8.19-1.3.31.tar.gz

# tar jxf /usr/portage/distfiles/php-5.0.0.tar.bz2
```

Configure mod_ssl

```
# cd mod_ssl-2.8.19-1.3.31/

# ./configure --with-apache=../apache_1.3.31/
```

You should see some output similar to this:

```
Configuring mod_ssl/2.8.19 for Apache/1.3.31

 + Apache location: ../apache_1.3.31/ (Version 1.3.31)

 + Auxiliary patch tool: ./etc/patch/patch (local)    

 + Applying packages to Apache source tree:

   o Extended API (EAPI)

   o Distribution Documents

   o SSL Module Source

   o SSL Support

   o SSL Configuration Additions

   o SSL Module Documentation

   o Addons

Done: source extension and patches successfully applied.

Now proceed with the following commands (Bourne-Shell syntax):

 $ cd ../apache_1.3.31/

 $ SSL_BASE=/path/to/openssl ./configure ... --enable-module=ssl

 $ make

 $ make certificate

 $ make install
```

Configure Apache 1.3.x + test certificate

If you have any custom configuration options you want to pass when compiling Apache, now is to make sure you know what they are.  This guide uses three common ones:

--enable-module=so # to let php run as an apache module + required for php installation

--enable-module=ssl # required to install mod_ssl as a module, optional if you don't want https support

--prefix=/www # instead of putting apache binaries and config files in different directories, this creates and puts everything in /www.  You can change the value to whatever you would like.

For this instance, we're also making a test certificate.

```
# cd ../apache_1.3.31

# ./configure --enable-module=ssl --prefix=/www --enable-module=so

# make certificate TYPE=test
```

Fill in all the answers.  I don't know a lot about making certificates, so you'll have to look for another guide there. :T  I'm only making a self-signed one that will have to be manually accepted on most browsers just so I can have https support.

Install apache + mod_ssl

```
# make install
```

Now you've got apache + mod_ssl configured with SSL support, and you should be good to go.  If you aren't looking for PHP support, you could stop here.  If you'd like to test your apache configuration right now, try this:

Start apache without SSL support (http:// only):

```
/www/bin/apachectl start
```

OR Start apache with SSL support (http:// AND https://):

```
/www/bin/apachectl startssl
```

After you've browsed to http://localhost/ or https://localhost/ stop apache since we'll have to start it back up after installing PHP.  I also include a custom init.d script you can use later in the guide to start/stop apache easily.

```
/www/bin/apachectl stop
```

Configure PHP5

```
# cd ../php-5.0.0/
```

DO NOT FORGET that MySQL support is disabled by default in PHP 5.0.0.  I can't remember why.  The point is that you have to make sure to enable it if you want to be able to connect to a MySQL database with PHP.

I'll start with some basic configuration options, and present some other common PHP options you might want to use, and which packages you will need to emerge in order to use them.

Basic PHP configuration for a PHP5 module:

```
#./configure --with-apxs=/www/bin/apxs
```

Basic + MySQL support -- see http://www.php.net/manual/en/ref.mysql.php for more info

```
# emerge mysql

# ./configure --with-apxs=/www/bin/apxs --with-mysql
```

Basic + PostgreSQL support -- see http://www.php.net/manual/en/ref.pgsql.php

```
# emerge postgresql

# ./configure --with-apxs=/www/bin/apxs --with-pgsql
```

Basic + zlib support (gzip compress/uncompress) -- see http://www.php.net/manual/en/ref.zlib.php for more info

```
# emerge zlib

# ./configure --with-apxs=/www/bin/apxs --with-zlib
```

zlib is probably already installed.  I'd be surprised if it wasn't.

Add SQLite support -- see http://www.php.net/manual/en/ref.sqlite.php for info

```
# emerge sqlite
```

SQLite support in php5 is enabled by default, and will be included in your configuration if it can link against the sqlite libraries.

Add zip support -- see http://www.php.net/manual/en/ref.zip.php for info

```
# emerge zziplib
```

You install ZIP support later with PEAR, but you need zziplib emerged before you get there.

Disable CGI support if you don't need it (you probably don't):

```
# ./configure --with-apxs=/www/bin/apxs --disable-cgi
```

Add GNU MP (gmp) support -- see http://www.php.net/manual/en/ref.gmp.php and http://www.swox.com/gmp/ for info

```
# emerge gmp

# ./configure --with-apxs=/www/bin/apxs --with-gmp
```

Add IMAP(S)/POP3(S) support -- see http://us3.php.net/manual/en/ref.imap.php

Required if you want to run something like Horde or SquirrelMail

```
# emerge c-client

# ./configure --with-apxs=/www/bin/apxs --with-imap # <-- imap/pop3 only

# ./configure --with-apxs=/www/bin/apxs --with-imap-ssl # <-- plus imaps/pop3s support (pick one or the other)
```

One last word of warning -- don't enable a feature if you THINK you're going to use it someday.  Add what you need, and leave it at that.  Get it stable first -- THEN break it.   :Very Happy: 

Add them all up:

```
# ./configure --with-mysql --with-zlib --with-pgsql --disable-cgi --with-gmp --with-imap-ssl --with-apxs=/www/bin/apxs
```

Then, compile and install php:

```
# make && make install
```

Use the default php.ini:

```
# cp php.ini-dist /usr/local/lib/php.ini
```

Tweaks -- Make life a bit easier:

```
# ln -s /usr/local/lib/php.ini /etc/php.ini

# ln -s /www/conf/httpd.conf /etc/httpd.conf

```

There you go -- now you have Apache + php5 setup.  Congratulations.  :Smile:   All that's left is to setup PEAR (optional) tweak your apache config files and setup a custom init script.

Setup PEAR

PEAR stands for PHP Extension and Application Repository.  I think.  I prefer to think of it as official php classes that absolutely rock and save a lot of time.  Unfortunately, PEAR can be a bit annoying to setup (especially with dependencies).  Here's the basics.

Upgrade all your packages to the latest version:

```
# pear upgrade-all
```

Tweaks -- Fix PEAR's funky settings for PECL extensions:

```
# mkdir /usr/local/lib/php/extensions

# pear config-set ext_dir /usr/local/lib/php/extensions
```

Running pear-config modifies ~/.pearrc so MAKE SURE you run that command as root, since you'll be installing PEAR packages as root.

Now you can install some PECL modules (such as bz2 and zip) and they will drop the modules in /usr/local/lib/php/extensions

Use PEAR -- Add the classes directory to your include_path:

```
# vim /usr/local/lib/php.ini

Old: include_path = ".:/php/includes"

New: include_path = ".:/usr/local/lib/php"
```

Apache config files

After you run make install on php5, it will automatically add a line to the apache config (/www/conf/httpd.conf) that will include the php5 module.  However, it doesn't set it up to start parsing .php files through the module.  You'll have to do that yourself:

```
# echo "AddType application/x-httpd-php .php" >> /www/conf/httpd.conf

# echo "AddType application/x-httpd-php-source .phps" >> /www/conf/httpd.conf
```

Next, change the conf file to read index.php as the index page of a directory:

```
# vim /www/conf/httpd.conf

Old: DirectoryIndex index.html

New: DirectoryIndex index.php index.html
```

That's it -- you should be set and ready to go, and start serving up PHP pages without any problems.  :Smile:   What's next is some of my own tweaks I like to use INSTEAD OF manually editing httpd.conf and adding those lines I just mentioned.

I like to save all my custom apache config files in one place and then "include" them in the original httpd.conf.  That way, anytime I upgrade Apache, all I have to add one line to the config file.  It makes things pretty simple.  Here's how it works:

Create a place to store custom config files:

```
# mkdir /etc/conf

# mkdir /etc/conf/apache
```

Create a config file for the general settings:

```
# vim /etc/conf/apache/general.conf

Add:

ServerName localhost

DocumentRoot "/home/steve/public_html"

<Directory />

Options FollowSymLinks

AllowOverride None

</Directory>

<Directory "/home/steve/public_html">

 Options Indexes FollowSymLinks

 AllowOverride None

 Order allow,deny

 Allow from all

</Directory>
```

Create a file to include the php settings:

```
# vim /etc/conf/apache/php.conf

Add:

AddType application/x-httpd-php .php

AddType application/x-httpd-php-source .phps

DirectoryIndex index.php index.html
```

Create a file for virtualhosts:

```
# echo "127.0.0.1 dev" >> /etc/hosts

# vim /etc/conf/apache/vhosts.conf

Add:

NameVirtualHost *:80

<VirtualHost *:80>

ServerName localhost

Options Indexes

DocumentRoot /home/steve/public_html

</VirtualHost>

<VirtualHost *:80>

ServerName dev

DocumentRoot /home/steve/dev

</VirtualHost>
```

Tell apache to include all those config files with one line:

```
# echo "Include /etc/conf/apache/*" >> /www/conf/httpd.conf
```

And you're done.  :Smile: 

Init script

The Gentoo ebuilds will create entries for apache in /etc/init.d/ to make it easy to add it to a runlevel.  Since you're installing from source, here's one you can use yourself.  Save it as /etc/init.d/httpd

```
#!/sbin/runscript

depend() {

        need net

}

start() {

        ebegin "Starting apache"

        /www/bin/apachectl start

        eend $?

}

stop() {

        ebegin "Stopping apache"

        /www/bin/apachectl stop

        eend $?

}

graceful() {

        ebegin "Restarting apache gracefully"

        /www/bin/apachectl graceful

        eend $?

}

restart() {

        svc_stop

        sleep 1

        svc_start

}
```

Note that if you want Apache to start with https support, change

```
/www/bin/apachectl start
```

to this:

```
/www/bin/apachectl startssl
```

After you save the file, chmod it to 755 so it can be executed.

```
# chmod 755 /etc/init.d/httpd
```

Add httpd to the default runlevel:

```
# rc-update add httpd default
```

Test your setup

Now you should be ready to go.  The best way to test your setup is to start up apache manually and goto http://localhost/ with your browser.

```
# /www/bin/apachectl start
```

You should see some kind of generic welcome to apache screen.

Now, create a test php script to make sure that's working as well:

```
# vim /www/htdocs/phpinfo.php

Add:

<? phpinfo(); ?>
```

Save the file then browse to http://localhost/phpinfo.php  You should see the PHP configuration page. If not, make sure your PHP settings are setup correctly in the apache config file.

I hope that helps -- please let me know about any errors I may have hit along the way.  Good luck with your Apache+PHP setup!

Steve

----------

## Insanity5902

I started setting up apache and php a few weeks ago, and I emerge php, and it installs cli php and says it isn't for web servers.  Do you need to emerge php-core?  Here is exactly what it says when you emerge php

```
 * The INI file for this build is /etc/php/cli-php4/php.ini

 * This is a CLI only build.

 * You cannot use it on a webserver.
```

Don't know if that is b/c of the ebuild or what, but I notice you are using that to grap the source, just thought I would share that.  Hopefully you can prove me wrong.

----------

## Insanity5902

after some more playing I figured out, I forgot to emerge mod_php, sorry for the post above, but if anyemerges those and sees that , it is okay, you just need to emerge mod_php to have it work with apache.

----------

## beandog

*bump*

Just revised the tutorial from php4 to php5

----------

## Double Click

Thanks a lot for the wonderful guide   :Very Happy: 

Had to setup a webserver for our developer and I was very concerned about security since I have very little knowledge concerning web development and I am kind new to Gentoo. 

Amazangly I got the installation first time right thanks to your guide   :Wink: 

Only minor problem I had when I was 

```
 # make && make install 
```

it gave me a error about libxml2 or something and I just emerge that package which solved the problem.

Just one question ... when I was 

```
 # emerge zziplib 
```

I noticed a heck of a lot of xorg code flying by. Is this normal?

... Thanks again dude for the awesome guide ...

----------

## beandog

 *Double Click wrote:*   

> Just one question ... when I was 
> 
> ```
>  # emerge zziplib 
> ```
> ...

 

I'm guessing you had +sdl as a USE flag in your make.conf, and if that's the case then yes, there will be a lot of X dependencies that it probably needs.  That's my guess since I have mine turned off, just re-emerged it (with -sdl) and I didn't see anything weird go by.  :Smile: 

If you want to set the USE flag to -sdl for just that package, just setup your PORTDIR_OVERLAY in /etc/make.conf (I set mine to /etc/portage, but hey ... its up to you) and then do this as root:

```
# echo "dev-libs/zziplib -sdl" >> /etc/portage/package.use
```

and then re-emerge zziplib and it will do it without the sdl dependencies.  :Smile: 

I apologize I wasn't more clear on that ... near the end of the post I was running out of gas and started hitting some shortcuts.  I"ll have to clean it up sometime.

Oh, and thanks for the input.  :Smile: 

----------

## Double Click

Worked like a charm ... I think at least.   :Embarassed: 

Anyway .... I noticed that a lot of other guides use Apache 2. Since we did not install Apache 2 how can I upgrade without breaking the whole setup  :Confused: 

As you might have guessed I am a wee bit green behind the ears ....   :Embarassed: 

Enjoy your day.

----------

## beandog

In most cases, everything will work with either version of apache.  You can emerge apache, and as long as you don't start it up, it actually won't affect this custom install in the least.  That's one way you can solve portage dependencies for packages that want Apache installed.

Other than that, if you wanted to do install apache2 from source, its not that different at all.  In fact, just about the only two things you change are:

- use --with-apxs2=/www/bin/apxs instead of --with-apxs and

- don't use mod_ssl - its included in apache2 already

I think your best bet though is just to inject or emerge apache2 to make portage happy.  :Smile: 

----------

## Double Click

Hi,

Just a question ... how do I uninstall all related packages from my system? Do I just stop all the services and delete the /www/* directory?

----------

## beandog

Yahp.  :Smile: 

----------

## trebor

Can one build Apache with PHP built-in, as in not as a module?  I do this on a FreeBSD server and building from source, but I'd like to do it and continue to use Gentoo's emerge.

Thanks.

----------

## jaybird

This setup with a manually installed php5 is what I basically have on my box.  

I am having a problem when I run:

```
emerge -avu world
```

I get it wanting to re-install php everytime there is an update to the portage (eg.  right now it wants to install php 4.3.9).  

The other packages it is going to update I want but if I let it, it does them all and breaks my php5 installation and I have to redo it.

I already ran emerge -C php mod_php but the reason I think it wants to update php is I have phpmyadmin installed via emerge so it sees php and mod_php as dependants.

Any suggestions to get emerge -u world to always ignore php and mod_php?

----------

## beandog

 *jaybird wrote:*   

> Any suggestions to get emerge -u world to always ignore php and mod_php?

 

Yah, inject them with emerge

emerge -i dev-php/php-5.0.2-r1

emerge -i dev-php/mod_php-5.0.2

steve

----------

## jaybird

The injecting worked.  Thanks

----------

## GentooRocks

I just followed this howto and it works great.

However if I use the following:

/www/bin/apachectl startssl

And start my apache server with SSL support (https) then it always prompts me with the following:

Apache/1.3.32 mod_ssl/2.8.21 (Pass Phrase Dialog)

Some of your private key files are encrypted for security reasons.

In order to read them you have to provide us with the pass phrases.

Server 127.0.0.1:443 (RSA)

Enter pass phrase:

(Please note that the above server IP address has been edited for security reasons. However the rest of  the text is exactly as shown.)

At this point I have to enter the pass phrase I used during the process when I made the test certificate.

How do I get it to start without prompting me for the password?

Thanks in advance

Brian

----------

## jaybird

 *GentooRocks wrote:*   

> How do I get it to start without prompting me for the password?

 

It's been a long time since I've set one of these up to automatically use the password for you for unattended restarts.  I don't remember how but a quick search on google found

http://docs.sun.com/source/819-0599/trFAQs.html#wp19369

I think when I set it up I found everything I needed to know in apache docs that came with the apache server.

----------

## jtillwick

/etc/init.d/apache graceful does not seem to work with gentoo.  I get the error: 

 * ERROR: wrong args ( graceful )

 * Usage: apache { start|stop|restart|pause|zap }

 *        apache without arguments for full help

my init.d script is as follows:

#!/sbin/runscript

JAIL="/jail/users/jeffdev"

APACHE="/bin/httpd"

CONFIGFILE="/etc/apache/apache.conf"

PIDFILE="/var/run/apache.pid"

depend() {

        need net

        use mysql dns netmount

        after sshd

}

start() {

        ebegin "Starting Apache 2:"

        chroot $JAIL $APACHE -f $CONFIGFILE

        eend $?

}

stop() {

        ebegin "Stopping Apache 2:"

        killproc ${JAIL}${APACHE}

        eend $?

}

graceful() {

        ebegin "Gracefully Restarting Apache 2:"

        kill -USR1 `cat ${PIDFILE}`

        eend $?

}

restart() {

        svc_stop

        sleep 1

        svc_start

}

----------

## smalahove

 *GentooRocks wrote:*   

> How do I get it to start without prompting me for the password?
> 
> 

 

You probably did like me and included -des3 when generating the private key? I followed this guide when I created my apache cert and encountered the same error. For some reason, the part supposed to remove the passphrase didn't work for me.

Just drop 3des and make sure your certificate is readable only by root:

```
openssl genrsa -out server.key 1024

openssl rsa -in server.key -out server.pem

openssl req -new -key server.pem -out server.csr

openssl x509 -req -days 365 -in server.csr -signkey server.pem -out server.crt
```

Cheers,

smalahove

----------

