If you try to use rcp, telnet or other network client on HPUX 11.23, you might encounter a problem with name resolution based on files instead of DNS.
To solve that, you will need to add up a line to your /etc/nsswitch.conf as it may not be present by default.
ipnodes: files [NOTFOUND=continue] dns
Source: http://docs.hp.com/hpux/pdf/5187-4159.pdf
martes, 8 de julio de 2008
lunes, 7 de julio de 2008
How to compile install and configure Apache with HTTPS and PUT module and PHP
This document was created using the following sources:
http://www.securityfocus.com/infocus/1818
http://dan.drydog.com/apache2php.html
1) Download latest source file from www.apache.org (apache 2.0 not 1.3)
requirements: In order for you apache to work ok, you’ll need to have the ssl binaries and libraries installed first.
2) Launch the installation (It will be installed in /usr/local/apache2 as defined by --prefix option)
./configure --prefix=/usr/local/apache2 --with-mpm=prefork --enable-ssl --disable-charset-lite --disable-include --disable-env --enable-setenvif --disable-status --disable-asis --enable-cgi --disable-negotiation --disable-userdir --enable-so --enable-dav
make
make install (this will copy the compiled httpd and it’s library + conf file to /usr/local/apache2 subfolders)
· --enable-dav option was set in order to be able to use the PUT option
· --enable-ssl for ssl (https) to work
· --enable-so in order to be able to load dynamic module (LoadModule)
· Option --disable-autoindex was not set as we don’t want it disabled
To see what was installed, you can run httpd –l
[root@server bin]# ./httpd -l
Compiled in modules:
core.c
.
.
[root@server bin]# ./httpd -v
Server version: Apache/2.2.9 (Unix)
Server built: Jul 1 2008 23:21:43
1) Generate ssl certificate
openssl req -new -x509 -days 30 -keyout /usr/local/apache2/conf/ssl.key/server.key -out /usr/local/apache2/conf/ssl.crt/server.crt -subj '/CN=mail999.altadis.com
You will be prompted for a password, choose one that's good for you
(For your information, this certificate is not trusted by an certificate authority such as verisign, therefore whenever you connect from a webbrowser, you will need to accept the "warning" message about the non trustable certificate.
4) Configure httpd.conf
# =================================================
#
# =================================================
# Basic settings
# =================================================
User apache
Group apache
ServerAdmin webmaster@server
ServerName server
#AllowOverride AuthConfig
UseCanonicalName Off
ServerSignature Off
HostnameLookups Off
ServerTokens Prod
ServerRoot "/usr/local/apache2"
DocumentRoot "/www"
PidFile /usr/local/apache2/logs/httpd.pid
ScoreBoardFile /usr/local/apache2/logs/httpd.scoreboard
#
# DirectoryIndex index.html
#
# =================================================
# HTTP and performance settings
# =================================================
Timeout 300
KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 30
DavLockDB /tmp/DavLock
MinSpareServers 5
MaxSpareServers 10
StartServers 5
MaxClients 150
MaxRequestsPerChild 0
# =================================================
# Access control
# =================================================
Options None
AllowOverride None
Order deny,allow
Deny from all
Order allow,deny
Allow from all
AllowOverride AuthConfig
Alias /user1 "/user1"
Dav On
order allow,deny
allow from all
Options Indexes FollowSymLinks MultiViews
AllowOverride AuthConfig
Order allow,deny
Allow from all
AuthType Basic
AuthName "Restricted Files"
AuthUserFile /usr/local/apache2/passw
Require user user1
# =================================================
# MIME encoding
# =================================================
TypesConfig /usr/local/apache2/conf/mime.types
DefaultType text/plain
AddEncoding x-compress .Z
AddEncoding x-gzip .gz .tgz
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
AddType application/x-tar .tgz
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
# =================================================
# Logs
# =================================================
LogLevel warn
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
ErrorLog /usr/local/apache2/logs/error_log
CustomLog /usr/local/apache2/logs/access_log combined
#CustomLog logs/ssl_request_log
#"%t %h %{HTTPS}x %{SSL_PROTOCOL}x %{SSL_CIPHER}x \
#%{SSL_CIPHER_USEKEYSIZE}x %{SSL_CLIENT_VERIFY}x \"%r\" %b"
# =================================================
# SSL/TLS settings
# =================================================
Listen 0.0.0.0:443
SSLEngine on
SSLOptions +StrictRequire
SSLRequireSSL
SSLProtocol -all +TLSv1 +SSLv3
SSLCipherSuite HIGH:MEDIUM:!aNULL:+SHA1:+MD5:+HIGH:+MEDIUM
SSLMutex file:/usr/local/apache2/logs/ssl_mutex
SSLRandomSeed startup file:/dev/urandom 1024
SSLRandomSeed connect file:/dev/urandom 1024
SSLSessionCache shm:/usr/local/apache2/logs/ssl_cache_shm
SSLSessionCacheTimeout 600
SSLPassPhraseDialog builtin
SSLCertificateFile /usr/local/apache2/conf/ssl.crt/server.crt
SSLCertificateKeyFile /usr/local/apache2/conf/ssl.key/server.key
SSLVerifyClient none
SSLProxyEngine off
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
IMPORTANT:
In order to use the put option, we have compiled apache with the dav module.
We now need to load when apache starts. This is done with the parameter:
Dav On
You will then define the PUT option
order allow,deny
allow from all
Be carefull with this option, always specify a specific user to be allowed to PUT as it can be a security breach.
5)
Create the password file for .htaccess access
htpasswd -c /usr/local/apache2/passw user1 (same for each user)
chown apache:apache /usr/local/apache2/passw
6) Add us info to httpd.conf for each Alias
AuthType Basic
AuthName "Restricted Files"
AuthUserFile /usr/local/apache2/passw
7) PHP Configuration
· Download libxml….2.16 or higher and compile it (this is required to compile PHP)
./configure ; make ; make install
· Download php5 from www.php.net
./configure --with-apxs2=/usr/local/apache2/bin/apxs --prefix=/usr/local/apache2/php --with-config-file-path=/usr/local/apache2/php -enable-force-cgi-redirect --disable-cgi --with-gettext -with-gdbm
Build complete.
Don't forget to run 'make test'.
[root@server php-5.2.6]# make install
Installing PHP SAPI module: apache2handler
perl: warning: Setting locale failed.
perl: warning: Please check that your locale settings:
LANGUAGE = (unset),
LC_ALL = "ISO8859-1",
LANG = "ISO8859-1"
are supported and installed on your system.
perl: warning: Falling back to the standard locale ("C").
/usr/local/apache2/build/instdso.sh SH_LIBTOOL='/usr/local/apache2/build/libtool' libphp5.la /usr/local/apache2/modules
/usr/local/apache2/build/libtool --mode=install cp libphp5.la /usr/local/apache2/modules/
cp .libs/libphp5.so /usr/local/apache2/modules/libphp5.so
cp .libs/libphp5.lai /usr/local/apache2/modules/libphp5.la
libtool: install: warning: remember to run `libtool --finish /products/phpinst/php-5.2.6/libs'
chmod 755 /usr/local/apache2/modules/libphp5.so
[activating module `php5' in /usr/local/apache2/conf/httpd.conf]
Installing PHP CLI binary: /usr/local/apache2/php/bin/
Installing PHP CLI man page: /usr/local/apache2/php/man/man1/
Installing build environment: /usr/local/apache2/php/lib/php/build/
Installing header files: /usr/local/apache2/php/include/php/
Installing helper programs: /usr/local/apache2/php/bin/
program: phpize
program: php-config
Installing man pages: /usr/local/apache2/php/man/man1/
page: phpize.1
page: php-config.1
Installing PEAR environment: /usr/local/apache2/php/lib/php/
[PEAR] Console_Getopt - installed: 1.2.3
[PEAR] Archive_Tar - installed: 1.3.2
[PEAR] Structures_Graph- installed: 1.0.2
pear/PEAR can optionally use package "pear/XML_RPC" (version >= 1.4.0)
[PEAR] PEAR - installed: 1.7.1
Wrote PEAR system config file at: /usr/local/apache2/php/etc/pear.conf
You may want to add: /usr/local/apache2/php/lib/php to your php.ini include_path
[root@server php-5.2.6]# make install
Installing PHP SAPI module: apache2handler
perl: warning: Setting locale failed.
perl: warning: Please check that your locale settings:
LANGUAGE = (unset),
LC_ALL = "ISO8859-1",
LANG = "ISO8859-1"
are supported and installed on your system.
perl: warning: Falling back to the standard locale ("C").
/usr/local/apache2/build/instdso.sh SH_LIBTOOL='/usr/local/apache2/build/libtool' libphp5.la /usr/local/apache2/modules
/usr/local/apache2/build/libtool --mode=install cp libphp5.la /usr/local/apache2/modules/
cp .libs/libphp5.so /usr/local/apache2/modules/libphp5.so
cp .libs/libphp5.lai /usr/local/apache2/modules/libphp5.la
libtool: install: warning: remember to run `libtool --finish /products/phpinst/php-5.2.6/libs'
chmod 755 /usr/local/apache2/modules/libphp5.so
[activating module `php5' in /usr/local/apache2/conf/httpd.conf]
Installing PHP CLI binary: /usr/local/apache2/php/bin/
Installing PHP CLI man page: /usr/local/apache2/php/man/man1/
Installing build environment: /usr/local/apache2/php/lib/php/build/
Installing header files: /usr/local/apache2/php/include/php/
Installing helper programs: /usr/local/apache2/php/bin/
program: phpize
program: php-config
Installing man pages: /usr/local/apache2/php/man/man1/
page: phpize.1
page: php-config.1
Installing PEAR environment: /usr/local/apache2/php/lib/php/
[PEAR] Console_Getopt - already installed: 1.2.3
[PEAR] Archive_Tar - already installed: 1.3.2
[PEAR] Structures_Graph- already installed: 1.0.2
[PEAR] PEAR - already installed: 1.7.1
Wrote PEAR system config file at: /usr/local/apache2/php/etc/pear.conf
You may want to add: /usr/local/apache2/php/lib/php to your php.ini include_path
Installing PDO headers: /usr/local/apache2/php/include/php/ext/pdo/
[root@server php-5.2.6]# libtool --finish /products/phpinst/php-5.2.6/libs
PATH="$PATH:/sbin" ldconfig -n /products/phpinst/php-5.2.6/libs
----------------------------------------------------------------------
Libraries have been installed in:
/products/phpinst/php-5.2.6/libs
If you ever happen to want to link against installed libraries
in a given directory, LIBDIR, you must either use libtool, and
specify the full pathname of the library, or use the `-LLIBDIR'
flag during linking and do at least one of the following:
- add LIBDIR to the `LD_LIBRARY_PATH' environment variable
during execution
- add LIBDIR to the `LD_RUN_PATH' environment variable
during linking
- use the `-Wl,--rpath -Wl,LIBDIR' linker flag
- have your system administrator add LIBDIR to `/etc/ld.so.conf'
See any operating system documentation about shared libraries for
more information, such as the ld(1) and ld.so(8) manual pages.
----------------------------------------------------------------------
Suscribirse a:
Comentarios (Atom)
