F/R/E/E/4/U

적수네 동네 1원짜리팁에 올라온 글인데 정리가 잘되어있어서
여기에도 올립니다.
글쓴이 : <yirin [at] orgio [dot] net>

관련링크는 글의 원본입니다.

Apache + PHP + MySQL + mod_ssl

##### Required files #####
o apache_1.3.20.tar.gz
http://www.apache.org
o php-4.0.4pl1.tar.gz
http://www.php.net
o mysql-3.23.37.tar.gz
http://www.mysql.com
o mod_ssl-2.8.4-1.3.20.tar.gz
http://www.modssl.org
o openssl-0.9.6.tar.gz
http://www.openssl.org
o ZendOptimizer-1.0.0-PHP_4.0.4-Linux_glibc21-i386.tar.gz
http://www.zend.com

##### Requires #####
o MySQL-3.23.27 (mysql-3.23.37.tar.gz)
# cd /usr/local/
# tar zxvf mysql-3.23.37.tar.gz
# cd mysql-3.23.37/
# ./configure --prefix=/usr/local/mysql --with-charset=euc_kr
# make
# make install
# /usr/local/mysql/bin/mysql_install_db
# /usr/local/mysql/share/mysql/mysql.server start
# /usr/local/mysql/share/mysql/mysql.server stop

o OpenSSL-0.9.6
# cd /usr/local/
# tar zxvf openssl-0.9.6.tar.gz
# cd openssl-0.9.6
# ./config --prefix=/usr/local --openssldir=/usr/local/openssl
# make
# make test
# make install

##### extract packages #####
# cd /usr/local/
# mkdir apm; cd apm
# tar zxvf apache_1.3.20.tar.gz
# tar zxvf php-4.0.4pl1.tar.gz
# tar zxvf mod_ssl-2.8.4-1.3.20.tar.gz

##### mod_ssl confgure #####
# cd mod_ssl-2.8.4-1.3.20/
# ./configure --with-apache=../apache_1.3.20 --with-ssl=/usr/local/openssl-0.9.6
--prefix=/usr/local/apache --enable-module=so --enable-rule=SHARED_CORE
...(SKIP)...
Now proceed with the following commands:
$ cd ../apache_1.3.20
$ make
$ make certificate
$ make install

##### apache confgure #####
# cd ../apache_1.3.20/
# SSL_BASE=/usr/local/openssl-0.9.6 ./configure --prefix=/usr/local/apache

##### php confgure #####
# cd ../php-4.0.4pl1/
# ./configure --with-apache=../apache_1.3.20/ --enable-track-vars
--with-config-file-path=/etc/httpd --with-mysql=/usr/local/mysql

##### php install #####
# make
# make install

##### apache confgure and install #####
# cd ../apache_1.3.20/
# SSL_BASE=/usr/local/openssl-0.9.6 ./configure --prefix=/usr/local/apache
--activate-module=src/modules/php4/libphp4.a --enable-module=ssl
# make
...(SKIP)...
| Thanks for using Apache & mod_ssl. Ralf S. Engelschall |
| rse@engelschall.com |
| www.engelschall.com |
+---------------------------------------------------------------------+
# make certificate
SSL Certificate Generation Utility (mkcert.sh)
Copyright (c) 1998-2000 Ralf S. Engelschall, All Rights Reserved.

Generating test certificate signed by Snake Oil CA [TEST]
WARNING: Do not use this for real-life/production systems
______________________________________________________________________

STEP 0: Decide the signature algorithm used for certificate
The generated X.509 CA certificate can contain either
RSA or DSA based ingredients. Select the one you want to use.
Signature Algorithm ((R)SA or (D)SA) [R]:R
______________________________________________________________________

STEP 1: Generating RSA private key (1024 bit) [server.key]
53165 semi-random bytes loaded
Generating RSA private key, 1024 bit long modulus
.................++++++
.++++++
e is 65537 (0x10001)
______________________________________________________________________

STEP 2: Generating X.509 certificate signing request [server.csr]
Using configuration from .mkcert.cfg
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
1. Country Name (2 letter code) [XY]:KR
2. State or Province Name (full name) [Snake Desert]:######
3. Locality Name (eg, city) [Snake Town]:######
4. Organization Name (eg, company) [Snake Oil, Ltd]:######
5. Organizational Unit Name (eg, section) [Webserver Team]:######
6. Common Name (eg, FQDN) [www.snakeoil.dom]:######
7. Email Address (eg, name@FQDN) [www@snakeoil.dom]:######
8. Certificate Validity (days) [365]:
______________________________________________________________________

STEP 3: Generating X.509 certificate signed by Snake Oil CA [server.crt]
Certificate Version (1 or 3) [3]:
Signature ok
subject=/C=KR/ST=######/L=######/O=######/OU=######/CN=######/Email=######
Getting CA Private Key
Verify: matching certificate & key modulus
read RSA key
Verify: matching certificate signature
../conf/ssl.crt/server.crt: OK
______________________________________________________________________

STEP 4: Enrypting RSA private key with a pass phrase for security [server.key]
The contents of the server.key file (the generated private key) has to be
kept secret. So we strongly recommend you to encrypt the server.key file
with a Triple-DES cipher and a Pass Phrase.
Encrypt the private key now? [Y/n]: y
read RSA key
writing RSA key
Enter PEM pass phrase:
Verifying password - Enter PEM pass phrase:
Fine, you're using an encrypted RSA private key.
______________________________________________________________________

RESULT: Server Certification Files

o conf/ssl.key/server.key
The PEM-encoded RSA private key file which you configure
with the 'SSLCertificateKeyFile' directive (automatically done
when you install via APACI). KEEP THIS FILE PRIVATE!

o conf/ssl.crt/server.crt
The PEM-encoded X.509 certificate file which you configure
with the 'SSLCertificateFile' directive (automatically done
when you install via APACI).

o conf/ssl.csr/server.csr
The PEM-encoded X.509 certificate signing request file which
you can send to an official Certificate Authority (CA) in order
to request a real server certificate (signed by this CA instead
of our demonstration-only Snake Oil CA) which later can replace
the conf/ssl.crt/server.crt file.

WARNING: Do not use this for real-life/production systems

# make install
+--------------------------------------------------------+
| You now have successfully built and installed the |
| Apache 1.3 HTTP server. To verify that Apache actually |
| works correctly you now should first check the |
| (initially created or preserved) configuration files |
| |
| /usr/local/apache/conf/httpd.conf
| |
| and then you should be able to immediately fire up |
| Apache the first time by running: |
| |
| /usr/local/apache/bin/apachectl start
| |
| Or when you want to run it with SSL enabled use: |
| |
| /usr/local/apache/bin/apachectl startssl
| |
| Thanks for using Apache. The Apache Group |
| http://www.apache.org/ |
+--------------------------------------------------------+

##### ZendOptimizer install #####
# cd ..
# tar zvxf ZendOptimizer-1.0.0-PHP_4.0.4-Linux_glibc21-i386.tar.gz
# mkdir /usr/local/Zend
# mv ZendOptimizer-1.0.0-PHP_4.0.4-Linux_glibc21-i386 /usr/local/Zend/lib

##### PHP setup #####
# mkdir /etc/httpd
# cp php-4.0.4pl1/php.ini-dist /etc/httpd/php.ini
# vim /etc/httpd/php.ini
-- add 2 lines
zend_optimizer.optimization_level=15
zend_extension="/usr/local/Zend/lib/ZendOptimizer.so"
:wq

##### apache setup #####
# vim /usr/local/apache/conf/httpd.conf
--

DirectoryIndex index.php index.html index.htm index.php3 index.php4

--
AddType application/x-httpd-php .php .php3 .ph
AddType application/x-httpd-php-source .phps
:wq

##### start apache #####
# /usr/local/apache/bin/apachectl startssl
Apache/1.3.20 mod_ssl/2.8.4 (Pass Phrase Dialog)
Some of your private key files are encrypted for security reasons.
In order to read them you have to provide us with the pass phrases.

Server white.:443 (RSA)
Enter pass phrase:

Ok: Pass Phrase Dialog successful.
./apachectl startssl: httpd started

##### browsing your server #####
https://yourhost.domain/
or
http://yourhost.domain/

관련 링크: http://linux.sarang.net/board/?p=read&table=tip&no=4091&page=&o[at]=s&o[sc]=a&o[ss]=https&o[st]=a