标题: Building Apache 2.0.48 for Windows 2000/XP [打印本页] 作者: 网普科技 时间: 2004-12-5 10:30 PM 标题: Building Apache 2.0.48 for Windows 2000/XP
DeveloperSide.NET
Your source for in-depth server-side information. Updated Daily
Building a Web Server » Windows 2000/XP » Source
Building Apache 2.0.48 for Windows 2000/XP
with mod_deflate and mod_ssl
Requirements
Microsoft Visual C++
[we will use Visual Studio .NET]
Gawk
[needed for the Apache2 build process]
zlib : mod_deflate
OpenSSL : mod_ssl
Perl
Additional build tools: bison, flex, sed
Download
Home : http://httpd.apache.org/
Package(win32 source) : httpd-2.0.48-win32-src.zip
Unpack as ...\httpd-2.0.48
Gawk, bison, flex, sed : can be downloaded as stand alone win32 ports from GnuWin32 or with the Cygwin environment.
GnuWin32 : http://gnuwin32.sourceforge.net/packages.html
Cygwin : http://cygwin.com/
[do not use UnxUtils]
Download zlib source code, use version 1.1.4, from : http://www.gzip.org/zlib/
Unpack as ...\httpd-2.0.48\srclib\zlib
[do not use zlib version 1.2.1, will break mod_deflate build process]
Download OpenSSL source code, latest version (0.9.7c), from : http://www.openssl.org/source/
Unpack as ...\httpd-2.0.48\srclib\openssl
Original Instructions
...\httpd-2.0.48\INSTALL
apache.org -- Compiling Apache for Microsoft Windows
Our Configuration
Install to : <drive>:\www\Apache2
System : localhost
Port : 80
Webroot : <drive>:\www\Apache2\htdocs
[alternate webroot used in our packages : <drive>:\www\webroot]
Module type : dynamically loaded modules, *.so
Additional modules : mod_ssl, mod_deflate
Setting the Environment
When using the command-line with Visual C++, the environment has to be set. There are several ways to do this. Note that this will only hold for the current cmd.exe window.
VS.NET : open the Microsoft Visual Studio .NET Command Prompt, which will have the proper environment set.
VS.NET : run vsvars32.bat under the regular command prompt, which will set the environment.
[vsvars32.bat is located under \Microsoft Visual Studio .NET\Common7\Tools]
VC++ : run vcvars32.bat under the regular command prompt, which will set the environment.
[vcvars32.bat is located under \Microsoft VisualStudio\VC98\bin]
Additional Help.
The environment can be viewed with:
:\> set
An individual variable can be viewed with:
:\> echo %VAR%
A variable can be set with:
:\> set VAR=value
Multiple values for a variable can be set with:
:\> set VAR=value1;value2;value3
Values can be added to a variable with:
:\> set VAR=%VAR%;more_values
Setup for Gawk
Gawk will need to be renamed to awk.
GnuWin32 :
Rename 'gawk.exe' to 'awk.exe'
Cygwin :
Delete the symlink 'awk.exe' and rename 'gawk.exe' to 'awk.exe' under ...\cygwin\bin
Setting the PATH
The PATH environmental variable has to be updated to reflect the additional tools that will be used during the main Apache2 build process.
Add executables perl and awk, bison, flex, sed to the PATH.
If using the command-line or Visual Studio .NET Command Prompt
:\> set PATH=%PATH%;<drive>:\www\perl\bin;<drive>:\<path to awk, bison, flex, sed>
[note that this will only hold for the current cmd.exe window]
Set PATH under Start » Settings » Control Panel » System » Advanced » Environment Variables » System variables » Path
[this will set the PATH permanently]
If using the Visual Studio Workspace IDE
Open menu Tools » Options » Projects » VC++ Directories
Select 'Executable files' under 'Show directories for:'
Add <drive>:\www\perl\bin
Add <drive>:\<path to awk, bison, flex, sed>
Setup for mod_deflate
To build mod_deflate, the zlib source code directory needs to be placed under httpd-2.0.48\srclib. The main Apache2 build process will take care of the rest.
Setup for mod_ssl
To build mod_ssl, the OpenSSL source code directory needs to be placed under httpd-2.0.48\srclib. The OpenSSL source is then manually compiled.
...\httpd-2.0.48\srclib\openssl> perl Configure zlib --openssldir=<drive>:/www/Apache2/bin VC-WIN32
[--openssldir=DIR tells openssl.exe where to look for openssl.cnf]
[note the unix forward style slashes(/), instead of windows style back slashes(\)]
...\httpd-2.0.48\srclib\openssl> ms\do_masm
[use x86 assembly functions for performance improvements]
...\httpd-2.0.48\srclib\openssl> nmake -f ms\ntdll.mak
Optional Steps
...\httpd-2.0.48\srclib\openssl> cd out32dll
...\httpd-2.0.48\srclib\openssl\out32dll> ..\ms\test
Build Instructions
Apache2 can be built using the command line, or with the Visual Studio Workspace IDE. We prefer to use the command line.
NOTE that Apache 2.0.48 is missing httpd-2.0.48\docs\conf\ssl-std.conf, copy over this file from httpd-2.0.47
Command-Line Build Instructions
Build Apache2 in Release mode under <drive>:\www\Apache2, with the server listening on localhost (127.0.0.1, your local system) on port 80 (regular HTTP port).
...\httpd-2.0.48> nmake /f Makefile.win SERVERNAME="localhost" PORT=80 INSTDIR="<drive>:\www\Apache2" installr
Visual Studio Workspace IDE Build Instructions
Apache.dsw is the Visual Studio workspace which exposes the entire list of working .dsp projects that are required for the complete Apache2 binary release.
Load Apache.dsw
"The project Apache.dsp needs to be converted to the Visual C++ 7.0 project format"
Click 'Yes To All'
Right click 'BuildBin' under Solution Explorer
Select 'Set as StartUp Project'
Select 'Solution 'Apache'' under Solution Explorer
Change 'Active Config' value under Properties Window from 'Debug' to 'Release'
Note that with the Workspace IDE build, by default, Apache2 is installed into <drive>:\Apache2. We are installing to <drive>:\www\Apache2. Specify "<drive>:" below, if needed.
Right click 'BuildBin' under Solution Explorer
Select 'Properties'
Select 'NMake' under 'Configurations Properties'
Update : 'Build Command Line', 'Rebuild All Command Line', 'Output'
Replace "\Apache2\..." with "\www\Apache2\..."
Click 'OK'
Right click 'InstallBin' under Solution Explorer
Select 'Properties'
Select 'NMake' under 'Configurations Properties'
Update : 'Build Command Line', 'Rebuild All Command Line', 'Output'
Replace "\Apache2\..." with "\www\Apache2\..."
Click 'OK'
Select 'Build Solution' under the Build menu
Additional Steps
During the Apache2 build process, the needed OpenSSL files are placed into ...\Apache2\bin, except openssl.cnf. Openssl.cnf is the OpenSSL configuration file. This file needs be copied manually.
...\httpd-2.0.48\srclib\openssl> copy apps\openssl.cnf <drive>:\www\Apache2\bin
[note that .cnf file extensions are invisible, by default, on Windows 2000/XP]
SSL Private/Public Key Setup
To be able to accept https:// requests, we need to create a private/public key-pair for Apache2 and store the keys in the proper location.
:\> mkdir <drive>:\www\Apache2\conf\ssl.crt
:\> mkdir <drive>:\www\Apache2\conf\ssl.key
<drive>:\www\Apache2\bin> openssl req -new -out server.csr
[creates a certificate signing request (server.csr) and private key (privkey.pem)]
<drive>:\www\Apache2\bin> openssl rsa -in privkey.pem -out server.key
[removes pass-phrase from private key (privkey.pem), creating server.key]
<drive>:\www\Apache2\bin> openssl x509 -in server.csr -out server.crt -req -signkey server.key -days 365
[creates a self-signed certificate, server.crt(public key)]
<drive>:\www\Apache2\bin> move server.crt <drive>:\www\Apache2\conf\ssl.crt
<drive>:\www\Apache2\bin> move server.key <drive>:\www\Apache2\conf\ssl.key
<drive>:\www\Apache2\bin> del .rnd
[.rnd contains entropy information, could be used to re-create keys]
<drive>:\www\Apache2\bin> del privkey.pem
<drive>:\www\Apache2\bin> del server.csr
[keep server.csr if you plan on self-signing any more keys and you want the authority to match up exactly]
Bugs and Errors
Apache 2.0.48 win32 contains several bugs that need to be addressed. Luckily, the two bugs that we address here have workarounds.
Edit 'LogLevel warn' in httpd.conf to 'LogLevel error', or anything above 'warn'
['warn' and below creates an illegal memory reference upon exit of Apache after an SSL request]
Edit 'SSLMutex file:logs/ssl_mutex' in ssl.conf to 'SSLMutex default'
[the default 'file:logs/ssl_mutex' option is not available under win32]
Update Configuration Files
Mod_deflate and mod_ssl require several additions and updates to be made to httpd.conf, the Apache2 configuration file.
Open <drive>:\www\Apache2\conf\httpd.conf
Add LoadModule deflate_module modules/mod_deflate.so at the end of the LoadModule list.
Uncomment LoadModule headers_module modules/mod_headers.so
[required for mod_deflate to properly handle requests coming from behind proxies]
Add AddOutputFilterByType DEFLATE text/html text/plain text/css into the <Directory /> block.
[html, text, and css will be compressed]
Add Header append Vary User-Agent into the <Directory /> block.
[required for mod_deflate to properly handle requests coming from behind proxies]
Add BrowserMatch ^Mozilla/4 gzip-only-text/html at the bottom part of httpd.conf
Add BrowserMatch ^Mozilla/4\.0[678] no-gzip at the bottom part of httpd.conf
Add BrowserMatch \bMSIE !no-gzip !gzip-only-text/html at the bottom part of httpd.conf
Uncomment LoadModule ssl_module modules/mod_ssl.so
Startup and Operation
Install Apache2 as a service.
<drive>:\www\Apache2\bin> apache -D SSL -k install
[this will start Apache2 automatically from now on, but not the first time]
Start Apache2 server.
<drive>:\www\Apache2\bin> apache -k start
[or use 'net start Apache2']
Additional Commands
Stop Apache2 server.
<drive>:\www\Apache2\bin> apache -k stop
[or use 'net stop Apache2']
Graceful restart Apache2 server.
<drive>:\www\Apache2\bin> apache -k restart
Uninstall Apache2 service.
<drive>:\www\Apache2\bin> apache -k uninstall
Help
List available command line options.
<drive>:\www\Apache2\bin> apache -h
List compiled in modules.
<drive>:\www\Apache2\bin> apache -l
Show version and compile settings.
<drive>:\www\Apache2\bin> apache -V
apache.org -- Apache HTTP Server Version 2.0 Documentation
apache.org -- Using Apache with Microsoft Windows
Because Apache for Windows is multithreaded, it does not use a separate process for each request, as Apache does on Unix. Instead there are usually only two Apache processes running: a parent process, and a child which handles the requests. Within the child process each request is handled by a separate thread.
The directives that accept filenames as arguments must use Windows filenames instead of Unix ones. However, because Apache uses Unix-style names internally, you must use forward slashes, not backslashes. Drive letters can be used; if omitted, the drive with the Apache executable will be assumed.
When running CGI scripts, the method Apache uses to find the interpreter for the script is configurable using the ScriptInterpreterSource directive. The default setting is Script. This causes Apache to use the interpreter pointed to by the shebang line (first line, starting with #!) in the script.
On Win32 systems this line usually looks like:
#!C:/www/perl/bin/perl.exe
or, if perl is in the PATH, simply:
#!perl
httpd.conf notes
Configuration and logfile names: If the filenames you specify for many of the server's control files begin with "/" (or "drive:/" for Win32), the server will use that explicit path. If the filenames do *not* begin with "/", the value of ServerRoot is prepended -- so "logs/foo.log" with ServerRoot set to "/Apache2" will be interpreted by the server as "/Apache2/logs/foo.log".
NOTE: Where filenames are specified, you must use forward slashes instead of backslashes (e.g., "c:/apache" instead of "c:\apache"). If a drive letter is omitted, the drive on which Apache.exe is located will be used by default. It is recommended that you always supply an explicit drive letter in absolute paths, however, to avoid confusion.
apache.org -- SSL/TLS Strong Encryption: FAQ
Why can't I use SSL with name-based/non-IP-based virtual hosts?
The reason is very technical. Actually it's some sort of a chicken and egg problem: The SSL protocol layer stays below the HTTP protocol layer and encapsulates HTTP. When an SSL connection (HTTPS) is established Apache/mod_ssl has to negotiate the SSL protocol parameters with the client. For this mod_ssl has to consult the configuration of the virtual server (for instance it has to look for the cipher suite, the server certificate, etc.). But in order to dispatch to the correct virtual server Apache has to know the Host HTTP header field. For this the HTTP request header has to be read. This cannot be done before the SSL handshake is finished. But the information is already needed at the SSL handshake phase.
Why is it not possible to use Name-Based Virtual Hosting to identify different SSL virtual hosts?
Name-Based Virtual Hosting is a very popular method of identifying different virtual hosts. It allows you to use the same IP address and the same port number for many different sites. When people move on to SSL, it seems natural to assume that the same method can be used to have lots of different SSL virtual hosts on the same server.
The reason is that the SSL protocol is a separate layer which encapsulates the HTTP protocol. So the problem is that the SSL session is a separate transaction that takes place before the HTTP session even starts. Therefore all the server receives is an SSL request on IP address X and port Y (usually 443). Since the SSL request does not contain any Host: field, the server has no way to decide which SSL virtual host to use. Usually, it will just use the first one it finds that matches the port and IP address.
Either use separate IP addresses for different SSL hosts or use different port numbers for different SSL hosts.
apache.org -- SSL/TLS Strong Encryption: An Introduction
apache.org -- SSL/TLS Strong Encryption: How-To
modssl.org -- mod_ssl: Reference
Usenet
comp.infosystems.www.servers.ms-windows
alt.apache.configuration
Mailing List Archive: apache-httpd-users
Apache Bug Database: nagoya.apache.org/bugzilla/index.html
Testing
To test the regular (port 80) server enter url : http://localhost
To test the SSL (port 443) server enter url : https://localhost
questions,errors,comments : e-mail admin@devside.net作者: 网普科技 时间: 2004-12-5 10:31 PM http://www.devside.net/web/server/windows/openssl作者: 网普科技 时间: 2004-12-5 10:37 PM http://www.samspublishing.com/ar ... =30115&seqNum=4作者: 网普科技 时间: 2004-12-5 10:38 PM http://www.devside.net/web/server/free/setup/instructions-ssl
