Best Practices - Apache 2.0.47 + SSL + W2K

Best Practices - Apache 2.0.47 + SSL + W2K

Post by Scot » Wed, 03 Sep 2003 09:49:27


Hi,

I've posted previously about compile problems with Apache 2.0.47 on W2K.
I've got those issues resolved now, and can compile Apache with SSL
(mod_ssl.so) support.

My question is, do you have any recommendations on "best practices" for
setting up Apache + SSL + W2K + OpenSSL? Here are the steps I'm
considering, but am open to better ideas:

1. Install the Apache pre-built binaries from www.apache.org, namely
apache_2.0.47-win32-x86-no_ssl.exe.
2. Install OpenSSL from either a)
http://www.yqcomputer.com/ )
http://www.yqcomputer.com/
with the other tools I'm using (awk, bison, flex, and sed from the cygwin
installation).
3. Download the Apache source code
4. Download the OpenSSL source code and install under
\Apache\src\httpd-2.0.47\srclib\openssl
5. Compile OpenSSL and Apache using the defaults. This will install Apache
as C:\Apache2 and create mod_ssl.so file. openssl.exe will be under
Apache2\bin.
6. Copy Apache2 directories and files from C:\Apache2 to C:\Program
Files\Apache Group\Apache2, which is where the pre-built binary is
installed. But, keep the *.conf files from the original, pre-built binary
install.
7. Delete all openssl files from the Apache directories. They are
redundant - use the cygwin version of OpenSSL.

This may be overkill, or I may be making this too hard. But, even
Apache.org recommends using the pre-built binaries for installation on
Windows, but then fails to create a pre-built binary supporting SSL (for
export reasons I presume). I suppose I can forego the pre-built binaries
for both Apache and OpenSSL, just compile and install Apache/OpenSSL, and
just manually create the Apache service, Program Group links, etc. that the
pre-built binaries create.

Or, is it as simple as just copying mod_ssl.so from C:\Apache2\... to
C:\Program Files\Apache Group\Apache2\...?

Which is the whole purpose of this post :-). If you have any
recommendations for best practice to follow for installing Apache with SSL
support under W2K, please let me know.

Thanks,
Scott
 
 
 

Best Practices - Apache 2.0.47 + SSL + W2K

Post by Richard An » Wed, 03 Sep 2003 15:39:19


Yes, it is this simple, you just copy a couple of files to your normal
install. Apache will load the mod_ssl.so from the modules folder if it is in
your conf files, regardless of how it got there.

I install the binary distribution .msi from apache website. Then I pop my
compiled mod_ssl.so into the apache2\modules folder, and the compiled
openssl.exe, libeay32.dll and ssleay.dll into the apache2\bin folder. All
done.

Btw. I don't know if this is true, but you might find that a native win32
compile might be better performance than a cygwin compile.

Richard.

 
 
 

Best Practices - Apache 2.0.47 + SSL + W2K

Post by Scot » Wed, 03 Sep 2003 18:04:47

Hi Richard,

Thanks for the input, I really appreciate it!

I'm compiling Apache (and OpenSSL) using MS Visual Studio/C++ 6.0, but the
Apache makefile calls awk, bison, flex, and sed, which I've installed from
cygwin. I had tried to use the Gnuwin32 versions of these utilities but the
compile was failing on the bison invocation. I'm also using MASM for the
OpenSSL compile.

Let me know if you disagree with this.

BTW, do I even need openssl.exe, libeay32.dll and ssleay.dll in the
apache2\bin folder, since they are already in the cygwin OpenSSL install?
Are these files called during Apache's SSL negotiation, or just when
creating certificates?

Thanks again,
Scott

"Richard Antony Burton" < XXXX@XXXXX.COM > wrote in



in
 
 
 

Best Practices - Apache 2.0.47 + SSL + W2K

Post by Richard An » Wed, 03 Sep 2003 18:46:36


the

Best way to compile is to not use the makefile. Try this instead, much
easier:

Copy the folders inc32 & out32dll from your compile of OpenSSL to
apache-src/srclib/openssl

Open up the Visual Studio project file (Apache.dsw) in the root of the
source folder (this will open up in the Visual Studio IDE). From the Build
menu select Set Actrive Configuration..., in the dialog choose "mod_ssl -
Win32 Release". Now hit the build button. In a very short time you will have
a shiny new mod_ssl.so file.


You shouldn't need to put openssl.exe in there. As for the two dlls, you
should be able to put them anywhere in your path to be picked up. They are
needed for mod_ssl to work. Assuming the cygwin version are in your path,
these will probably do the job, but I'd recommend using the pure windows
versions (that you have already compiled yourself anyway), they should have
better optimizations.

Richard.