# Apache Php SSL Hair Puller!

## Guest

Sorry for the long post but I have include config files where appropriate. I have trierd for 4 days to get this combo to work and am at a complete 

loss on what to try next. 

Thanks for your help!

This post contains the following error and config files:

USE section from make.conf

ERROR MESSAGE from starting apache

apache.conf

end of my rc.conf for the line APACHE_OPTS="-D SSL -D PHP4"

mod_php.conf

mod_ssl.conf

I have emerged, re emerged and selectively emerged individual packages to satisfy dependencies. I have mod_ssl, apache, php all emerged with no problems except serving up pages via ssl and serving php pages. 

SSL comes up with page not found and php info page comes up without being parsed and I do have the correct mime types entered-> .php .php3 .php4 

Apache can serve up web pages from /home/httpd/htdocs. My section with the USE clause in make.conf follows:

USE="ant cups berkdb crypt fbcon gb gd gdbm gif png gpm gtk imap imlib innodb java jpeg kde libg++ mod_ssl mozilla mysql ncurses odbc pdflib perl php postgres python qt samba ssl svga tcltk tcpd truetype x" 

I have even ran the ebuild script that makes the necessary changes to apache.conf I have commented the php section because starting apache with that section uncommented produces the following error and apache will not start with the php add module lines unless I comment or remove them:

 /etc/init.d/apache start

 * Starting apache...

Syntax error on line 57 of /etc/apache/conf/apache.conf:

Cannot load /etc/apache/extramodules/libphp4.so into server: /etc/apache/extramodules/libphp4.so: undefined symbol: pam_start 

Here is my apache.conf:

### Main Configuration Section

### You really shouldn't change these settings unless you're a guru

###

ServerType standalone

ServerRoot /etc/apache

#ServerName localhost

#LockFile /etc/httpd/httpd.lock

PidFile /var/run/apache.pid

ScoreBoardFile /etc/apache/apache.scoreboard

ErrorLog logs/error_log

LogLevel warn

ResourceConfig /dev/null

AccessConfig /dev/null

DocumentRoot /home/httpd/htdocs

### Dynamic Shared Object (DSO) Support

###

###

LoadModule mmap_static_module modules/mod_mmap_static.so

LoadModule env_module         modules/mod_env.so

LoadModule config_log_module  modules/mod_log_config.so

LoadModule agent_log_module   modules/mod_log_agent.so

LoadModule referer_log_module modules/mod_log_referer.so

LoadModule mime_magic_module  modules/mod_mime_magic.so

LoadModule mime_module        modules/mod_mime.so

LoadModule negotiation_module modules/mod_negotiation.so

LoadModule status_module      modules/mod_status.so

LoadModule info_module        modules/mod_info.so

LoadModule includes_module    modules/mod_include.so

LoadModule autoindex_module   modules/mod_autoindex.so

LoadModule dir_module         modules/mod_dir.so

LoadModule cgi_module         modules/mod_cgi.so

LoadModule asis_module        modules/mod_asis.so

LoadModule imap_module        modules/mod_imap.so

LoadModule action_module      modules/mod_actions.so

LoadModule speling_module     modules/mod_speling.so

LoadModule userdir_module     modules/mod_userdir.so

LoadModule proxy_module       modules/libproxy.so

LoadModule alias_module       modules/mod_alias.so

LoadModule rewrite_module     modules/mod_rewrite.so

LoadModule access_module      modules/mod_access.so

LoadModule auth_module        modules/mod_auth.so

LoadModule anon_auth_module   modules/mod_auth_anon.so

LoadModule dbm_auth_module    modules/mod_auth_dbm.so

LoadModule db_auth_module     modules/mod_auth_db.so

LoadModule digest_module      modules/mod_digest.so

LoadModule cern_meta_module   modules/mod_cern_meta.so

LoadModule expires_module     modules/mod_expires.so

LoadModule headers_module     modules/mod_headers.so

LoadModule usertrack_module   modules/mod_usertrack.so

LoadModule example_module     modules/mod_example.so

LoadModule unique_id_module   modules/mod_unique_id.so

LoadModule setenvif_module    modules/mod_setenvif.so

LoadModule vhost_alias_module   modules/mod_vhost_alias.so

#<IfDefine PHP4>

#LoadModule php4_module    extramodules/libphp4.so

#</IfDefine>

#  Reconstruction of the complete module list from all available modules

#  (static and shared ones) to achieve correct module execution order.

#  [WHENEVER YOU CHANGE THE LOADMODULE SECTION ABOVE UPDATE THIS, TOO]

ClearModuleList

AddModule mod_mmap_static.c

AddModule mod_env.c

AddModule mod_log_config.c

AddModule mod_log_agent.c

AddModule mod_log_referer.c

AddModule mod_mime_magic.c

AddModule mod_mime.c

AddModule mod_negotiation.c

AddModule mod_status.c

AddModule mod_info.c

AddModule mod_include.c

AddModule mod_autoindex.c

AddModule mod_dir.c

AddModule mod_cgi.c

AddModule mod_asis.c

AddModule mod_imap.c

AddModule mod_actions.c

AddModule mod_speling.c

AddModule mod_userdir.c

AddModule mod_proxy.c

AddModule mod_alias.c

AddModule mod_rewrite.c

AddModule mod_access.c

AddModule mod_auth.c

AddModule mod_auth_anon.c

AddModule mod_auth_dbm.c

AddModule mod_auth_db.c

AddModule mod_digest.c

AddModule mod_cern_meta.c

AddModule mod_expires.c

AddModule mod_headers.c

AddModule mod_usertrack.c

AddModule mod_example.c

AddModule mod_unique_id.c

AddModule mod_so.c

AddModule mod_setenvif.c

AddModule mod_vhost_alias.c

#<IfDefine PHP4>

#AddModule mod_php4.c

#</IfDefine>

###

### Global Configuration

###

# Splitting up apache.conf into two files makes it possible to support

# multiple configurations on the same serer.  In commonapache.conf

# you keep directives that apply to all implementations and in this

# file you keep server-specific directives.  While we don't yet have

# multiple configurations out-of-the-box, this allows us to do that

# in the future easily.

Include conf/commonapache.conf

###

### IP Address/Port

###

#BindAddress *

Port 80

Listen 80

###

### Log configuration Section

###

# Single logfile with access, agent and referer information

# This is the default, if vlogs are not defined for the main server

CustomLog logs/access_log combined env=!VLOG

# If VLOG is defined in conf/vhosts/Vhosts.conf, we use this entry

#CustomLog "|/usr/sbin/apachesplitlogfile" vhost env=VLOG

###

### Virtual Hosts

###

# We include different templates for Virtual Hosting. Have a look in the

# vhosts directory and modify to suit your needs.

#Include conf/vhosts/Vhosts.conf

#Include conf/vhosts/DynamicVhosts.conf

#Include conf/vhosts/VirtualHomePages.conf

###

### Performance settings Section

###

#

# Timeout: The number of seconds before receives and sends time out.

#

Timeout 300

#

# KeepAlive: Whether or not to allow persistent connections (more than

# one request per connection). Set to "Off" to deactivate.

#

KeepAlive On

#

# MaxKeepAliveRequests: The maximum number of requests to allow

# during a persistent connection. Set to 0 to allow an unlimited amount.

# We recommend you leave this number high, for maximum performance.

#

MaxKeepAliveRequests 100

#

# KeepAliveTimeout: Number of seconds to wait for the next request from the

# same client on the same connection.

#

KeepAliveTimeout 15

#

# Server-pool size regulation.  Rather than making you guess how many

# server processes you need, Apache dynamically adapts to the load it

# sees --- that is, it tries to maintain enough server processes to

# handle the current load, plus a few spare servers to handle transient

# load spikes (e.g., multiple simultaneous requests from a single

# Netscape browser).

#

# It does this by periodically checking how many servers are waiting

# for a request.  If there are fewer than MinSpareServers, it creates

# a new spare.  If there are more than MaxSpareServers, some of the

# spares die off.  The default values are probably OK for most sites.

#

MinSpareServers 4

MaxSpareServers 10

#

# Number of servers to start initially --- should be a reasonable ballpark

# figure.

#

StartServers 4

#

# Limit on total number of servers running, i.e., limit on the number

# of clients who can simultaneously connect --- if this limit is ever

# reached, clients will be LOCKED OUT, so it should NOT BE SET TOO LOW.

# It is intended mainly as a brake to keep a runaway server from taking

# the system with it as it spirals down...

#

MaxClients 150

#

# MaxRequestsPerChild: the number of requests each child process is

# allowed to process before the child dies.  The child will exit so

# as to avoid problems after prolonged use when Apache (and maybe the

# libraries it uses) leak memory or other resources.  On most systems, this

# isn't really needed, but a few (such as Solaris) do have notable leaks

# in the libraries. For these platforms, set to something like 10000

# or so; a setting of 0 means unlimited.

#

# NOTE: This value does not include keepalive requests after the initial

#       request per connection. For example, if a child process handles

#       an initial request and 10 subsequent "keptalive" requests, it

#       would only count as 1 request towards this limit.

#

MaxRequestsPerChild 500

Include  conf/addon-modules/mod_php.conf

Include conf/addon-modules/mod_ssl.conf

Here is just the end of my rc.conf:

XSESSION=KDE

# Note: achim lives in Germany, and enjoys these settings

# KEYMAP="de-latin1-nodeadkeys"

# CONSOLEFONT="iso09.f14"

#OLD SETTINGS; not currently supported

#SULOGIN=no                             # Set to yes if you want sulogin to be spawned on bootup

#DELAYLOGIN=yes                         # Set to no if you want to be able to login over telnet/rlogi

n

                                        # before system startup is complete (as soon as inetd is star

ted)

#Apache Options

APACHE_OPTS="-D SSL -D PHP4"

Here is my mod_php.conf:

<IfModule mod_php4.c>

AddType  application/x-httpd-php         .php .php4 .php3 .phtml

AddType  application/x-httpd-php-source  .phps

</IfModule>

Here is my mod_ssl.conf:

<IfModule mod_ssl.c>

##--------------------------------------------------------------------------

## Add additional SSL configuration directives which provide a

## robust default configuration: virtual server on port 443

## which speaks SSL.

##--------------------------------------------------------------------------

##

##  SSL Support

##

##  When we also provide SSL we have to listen to the

##  standard HTTP port (see above) and to the HTTPS port

##

Listen 443

##

##  SSL Global Context

##

##  All SSL configuration in this context applies both to

##  the main server and all SSL-enabled virtual hosts.

##

#

#   Some MIME-types for downloading Certificates and CRLs

#

AddType application/x-x509-ca-cert .crt

AddType application/x-pkcs7-crl    .crl

#   Pass Phrase Dialog:

#   Configure the pass phrase gathering process.

#   The filtering dialog program (`builtin' is a internal

#   terminal dialog) has to provide the pass phrase on stdout.

SSLPassPhraseDialog  builtin

#   Inter-Process Session Cache:

#   Configure the SSL Session Cache: First either `none'

#   or `dbm:/path/to/file' for the mechanism to use and

#   second the expiring timeout (in seconds).

#SSLSessionCache        none

#SSLSessionCache         dbm:logs/ssl_scache

SSLSessionCache        shm:logs/ssl_scache(512000)

SSLSessionCacheTimeout  300

#   Semaphore:

#   Configure the path to the mutual explusion semaphore the

#   SSL engine uses internally for inter-process synchronization.

SSLMutex  sem

#   Pseudo Random Number Generator (PRNG):

#   Configure one or more sources to seed the PRNG of the

#   SSL library. The seed data should be of good random quality.

SSLRandomSeed startup builtin

SSLRandomSeed connect builtin

#SSLRandomSeed startup file:/dev/random  512

#SSLRandomSeed startup file:/dev/urandom 512

#SSLRandomSeed connect file:/dev/random  512

#SSLRandomSeed connect file:/dev/urandom 512

#   Logging:

#   The home of the dedicated SSL protocol logfile. Errors are

#   additionally duplicated in the general error log file.  Put

#   this somewhere where it cannot be used for symlink attacks on

#   a real server (i.e. somewhere where only root can write).

#   Log levels are (ascending order: higher ones include lower ones):

#   none, error, warn, info, trace, debug.

SSLLog      logs/ssl_engine_log

SSLLogLevel info

</IfModule>

[/b]

----------

## klieber

 *Anonymous wrote:*   

> USE="ant cups berkdb crypt fbcon gb gd gdbm gif png gpm gtk imap imlib innodb java jpeg kde libg++ mod_ssl mozilla mysql ncurses odbc pdflib perl php postgres python qt samba ssl svga tcltk tcpd truetype x" 

 

Well, for starters, I think your USE settings are incorrect.  There is no "mod_ssl" USE variable -- I believe you want just "ssl".  Additionally, I'm not sure if USE variables are case-sensitive.  If they are, then it should be "X" instead of "x".

Do you really need all those variables?  You've got everything but the kitchen sink in there, including support for four different databases.  Not sure if it will fix your problem, but certainl the less cruft that's installed, the less that can go wrong. 

Just my $.02, though.

Finally, you might try searching the archives of the gentoo-user mailing list.  I remember seeing some stuff about apache and ssl on there in the last couple of days.  Might be worth a look.

--kurt

----------

## Guest

Hi kurt, thanks for the response. I have checked the archives on apache ssl php libphp4.so etc-->anything relating to installing these beasts.  :Smile:   Also there is a package for mod_ssl. I included everything but the kitchen sink on a reccomendation I read in a post not sure if on here or google...

I am still at a loss. I have never had this much of a problem getting apache php ssl mysql going. I am not a newbie but I am also not a linux guru!

Thanks for checking anyway!

----------

## klieber

 *Anonymous wrote:*   

> I have checked the archives on apache ssl php libphp4.so etc-->anything relating to installing these beasts. 

 

Have you checked the mailing list archives?  Not the forum archives.

 *Anonymous wrote:*   

> Also there is a package for mod_ssl

 

Yes, but I don't think there's a use variable for it.  Just because a package exists in Gentoo doesn't mean that you can control support for that package by sticking the package name in your use config.  :Smile: 

Check /usr/portage/profiles/use.desc for a comprehensive list of use variables. 

--kurt

----------

