Linux Apache SSL PHP/FI frontpage mini-HOWTO
Contents
1. frontpage are odule env_module mod_env o odule config_log_module mod_log_config o odule mime_module mod_mime o odule negotiation_module mod_negotiation o odule dir_module mod_dir o odule cgi_module mod_cgi o odule asis_module mod_asis o odule imap_module mod_imap o odule action_module mod_actions o odule alias_module mod_alias o odul rewrite_modul mod_rewrite o odule access_module mod_access o odule auth_module mod_auth o odule anon_auth_module mod_auth_anon o odule digest_module mod_digest o odule expires_module mod_expires o odule headers_module mod_headers o odule browser_module mod_browser o 3 2 Giving CGl s more security If you are an ISP you probably are when you read this you will want to improve security The suexec utility allows you to do so it will execute cgi s under the UID of the webowner instead of executing it under the webservers UID Go to usr src apache_1 2 6 support andmake suexec chmod 4711 suxec and copy it to the location specified in src httpd h which is usr local etc httpd sbin suexec by default If the path seems a little cryptic to you it did to me edit httpd h and set the path to a more comfortable value 3 3 Compiling and installing the server daemon Enter usr src apache_1 2 6 src and edit Configuration to set all the Modules you want to include in your Apache daemon When done run Configure and make This is the last and most complicated compilation step so2. of the webowner The password does not necessarily have to match the system password You have to manually add sendmailcommand usr sbin sendmail r to usr local frontpage www virt2 com 80 conf otherwise your users will not be able to send web generated eMails kill HUP your httpsd to make fp reread its config You can now access www virt2 com with your frontpage client Under some circumstances fpsrvadm complaints that a root web has to be installed first This is pretty useless but you should do so to silence fpsrvadm 3 5 Starting the daemon Start Apache with httpsd f var httpd conf httpd conf You can now access www virt1 com both through http and https which is pretty cool Of course you have to pay for a real certificate if you want to offer webwide SSL or users might laugh at you Copy one of the demo files from the php examples directory to virt 1 to test phtml 3 6 Some considerations left Do not use frontpage 97 extensions They do not work at least under Linux When installing specific versions of the c libraries they appear to work but your logs will soon fill with premature end of script headers and your mailbox will fill with complaints Do not use frontpage 98 extensions before version 3 0 2 1330 Do not be confused version numbers are somewhat inheterogenous When telnetting to port 80 typing get http 1 0 and hitting return twice you get a version number 3 0 4 for frontpage You can find out the more specific
3. working combinations Combinations that work for me are e Linux 2 0 31 Apache 1 2 4 PHP 2 0 0 SSL 0 8 0 fp 98 3 0 3 e Linux 2 0 33 Apache 1 2 5 PHP 2 0 1 SSL 0 8 0 fp 98 3 0 3 e Linux 2 0 35 Apache 1 2 6 PHP 3 SSL 0 8 0 fp 98 3 0 4 version 3 0 3 is not recommended 1 Introduction 2 Linux Apache SSL PHP FI frontpage mini HOWTO 1 3 History v0 0 Apr 98 Preview version v1 0 Jun 98 Now using Apache 1 2 6 updated fp section minor corrections v1 1 Jul 98 Sgmlized and restructered version You can find the latest version of this document at http www faure de 2 Component installation 2 1 Preparations You will need e Apache 1 2 6 http www apache org dist apache 1 2 6 tar gz e PHP FI Extensions http php iquest net files download phtml files php 2 01 tar gz e GD Library http siva cshl org gd gd html e SSL 0 8 0 ftp ftp ox ac uk pub crypto SSL SSLeay 0 8 0 tar gz e SSL patch for Apache 1 2 6 ftp ftp ox ac uk pub crypto SSL apache 1 2 6 ss1 1 17 tar gz e frontpage 98 server extensions and install script http www rtr com fpsupport download htm Get the sources you want Untar apche php gd and ssl to usr src Untar the SSL patch to usr src apache_1 2 6 2 2 Adding PHP cd to usr src gd1 2 and type make This will build the GD library 1ibgd a that should be copied to usr lib Now cdto php 2 0 1 andrun install The relevant questions are Would you like to compile PHP FI as a
4. Linux Apache SSL PHP FI frontpage mini HOWTO Linux Apache SSL PHP FI frontpage mini HOWTO Table of Contents Linux Apache SSL PHP FI frontpage mini HOWTOA cssccsscsccsssscssscssscsccssccescssssscsssssecssssscessesssescsees 1 Marcuis Faute marow Oie GE eksirei oa ce ey tatin 1 A TEE EEEE De A N EN ENOAT EI AT ERA TOI E AT pes ads A A OEE E TEAS 1 L A 6 AR MAO EEE 1 Z Ube rae tal onee iseci E r aes eeatneeats 1 TIERO Te ET o a PAEAN BEN EA T E EE E A EN EE E E EE A A E E TA 2 11 Description of the componenti sssini i E E N e 2 T W otne conii VULNS iiaeaa EA EEA 2 la SI E E O N ES 3 L AN EL UE moal oi esat NE EEA EEAS ETAREN AAE 3 A Po E regen EE T A AE T E E eee 3 2a Addio PP oana E E EE 3 2o Adine Sa EEE 4 PAES ANT AEE N a V A rte an E E E UN E A E 4 Faine taae oi a 5 Oe BC oe modus O D a ed aaesieeeans one 5 2 nine COGS migre BEC UNITY rare ea EE E rE O EES 5 3 2 Compiling and installing the server AMOR essentiel enrehes 5 3a Adding Tontpage support DAME 8e uv amer IE EEA RA KRANER Nees INTERRETE KOAA NOCA nine 7 E AO AO E E EEE q eth oy LEA eM eal DIES Ee fon opp cco dh sine Re T L ERO et ES T A Res 8 Linux Apache SSL PHP FI frontpage mini HOWTO Marcus Faure marcus faure de v1 1 July 1998 This document is about building a multipurpose webserver that will support dynamic web content via the PHP FI scripting language secure transmission of data based on Netscape s SSL secure execution of CGI s and M Frontpage S
5. cross your fingers If it succeeds cp httpsdto usr sbin The daemon is somewhat big consider this when assembling your webserver Create the directory var httpd with subdirectories cgi bin conf htdocs icons virtl virt2 and logs In usr src apache_1 2 6 conf edit access conf dist mime types and srm conf dist to suit your needs and copy them to var httpd conf access conf srm conf and mime types Copy the httpsd pem you created with make certificate to var httpd conf Use the following httpd conf ServerType standalone 3 Putting it all together Linux Apache SSL PHP FI frontpage mini HOWTO Port 80 Listen 80 Listen 443 User wwwrun Group wwwrun ServerAdmin webmaster yourhost com ServerRoot var httpd ErrorLog logs error_log TransferLog logs access_log PidFile logs httpd pid ServerName www yourhost com MinSpareServers 3 MaxSpareServers 20 StartServers 3 SSLCACertificatePath var httpd conf SSLCACertificateFile var httpd conf httpsd pem SSLCertificateFile var httpd conf httpsd pem SSLLogFile var httpd logs ssl log lt VirtualHost www virtl com gt SSLDisable ServerAdmin webmaster virtl com DocumentRoot var httpd virtl ScriptAlias cgi bin var httpd virtl cgi bin ServerName www virtl com ErrorLog logs virtl error log TransferLog logs virtl access log User virtladmin Group users lt VirtualHost gt lt VirtualHost www virtl com 443 gt ServerAdmin webmaster virtl com DocumentRoot var h
6. erver Extensions 1 Introduction e 1 1 Description of the components e 1 2 Working configurations e 1 3 Histor 2 Component installation e 2 1 Preparations e 2 2 Adding PHP e 2 3 Adding SSL e 2 4 Adding frontpage 3 Putting it all together e 3 1 Apache modules to tr e 3 2 Giving CGT s more securit e 3 3 Compiling and installing the server daemon e 3 4 Adding frontpage support to a web e 3 5 Starting the daemon 3 6 Some considerations left e 3 7 Known bugs 3 8 The final word Linux Apache SSL PHP FI frontpage mini HOWTO Linux Apache SSL PHP FI frontpage mini HOWTO 1 Introduction Before you start reading I am not a native speaker so there are probably spelling grammatical errors in this document Feel encouraged to inform me of mistakes 1 1 Description of the components The webserver you hopefully will get after having read this howto is composed of several parts the original apache sources with some well many patches and some external executables I recommend using the software versions I tried they will probably compile without greater problems and result in a fairly stable daemon If you are courageous you can try to compile all the latest stuff with tons of new features but don t blame me if something fails However you may report other working configurations to be included in future versions of this document All of the steps were tested on a linux 2 0 35 box so the howto is somew
7. hat linux specific but you should be able to use it for other unixes as well You do not necesserily have to compile in all components I tried to structure this howto so that you can skip the parts you are not interested in The document is neither a user manual to Apache SSL PHP FI nor frontpage Its prime intention is to save webservice providers some headaches when installing their server and to do my little contribution to the linux community PHP is a scripting language that supports dynamic HTML pages It is a bit like Apache s SSI but by far more complex and has database modules for many popular dbs The GD libraries are needed by PHP SSL is an implementation of Netscape s Secure Socket Layer that allow secure connections over insecure networks e g to transmit credit card numbers to web based forms frontpage is a wysiwyg web authoring tool that makes use of some server specific extensions called webbots Some people think frontpage is cool because you can create feedback forms and discussion webs without having to know a bit about html or cgi It even protects the designer from uploading his her site via ftp by using a builtin publisher If you wish to support frontpage but do not like to setup a windows server the apache server extensions are your choice 1 2 Working configurations Though this document has been downloaded some 100 times since I published it I received only little feedback In particular noone told me of other
8. l sources etc 3 7 Known bugs
9. loaded when its directory is requested 2 3 Adding SSL cd usr src SSL 0 8 0 Configure linux elf make make rehash This will create libraries needed by apache You may issue make test to verify the compilation You have to apply a patch to apache It is important that you apply it before the frontpage patch otherwise frontpage will not work cd to usr src apache_1 2 6 src and issue patch lt usr src apache_1 2 6 SSLpatch Set SSL_BASE usr src SSLeay 0 8 0in Configuration Make sure that Module proxy_module is disabled otherwise Apache won t compile If you are in need of a proxy go for Squid http squid nlanr net Now make certificate to generate SSLconf conf httpsd pem 2 4 Adding frontpage Rename the fp30 linux tar Z file to fp30 linux tar gz otherwise the install script will not find it Run fp_install to copy the extension files to usr local frontpage zcat can usually be invoked as usr bin zcat You now have to apply the FP patch cd to usr src apache_1 2 6 srcandtype patch lt usr src frontpage version3 0 apache fp fp patch apache_1 2 5 This will create the mod_frontpage files and do some modifications to Configuration etc The 1 2 5 patch will work with both apache 1 2 5 and 1 2 6 Skip the part about installing webs you can do that later 2 3 Adding SSL 4 Linux Apache SSL PHP FI frontpage mini HOWTO 3 Putting it all together 3 1 Apache modules to try The modules I use besides SSL PHP and
10. n Apache module yN y Are you compiling for an Apache 1 1 or later server Yn y Are you using Apache Stronghold yN y Does your Apache server support ELF dynamic loading yN y Apache include directory which has httpd h usr local include apache usr src apache_1 2 6 s Would you like to build an ELF shared library yN y Additional directories to search for h files usr src gd1 2 Would you like the bundled regex library yN n Like the frontpage extensions phtml includes a security problem because it is run under the uid of the 1 3 History 3 Linux Apache SSL PHP FI frontpage mini HOWTO webserver Be sure to turn on safe mode in src php h and restrict the search path to a save value There are some other options in php h you may want to edit If you are very concerned about security compile php as a cgi However this will be a performance loss and not as smart as the module version Type make to build all files When the compilation is done copy mod_php and libphp a to usr src apache_1 2 6 src Adda line Module php_module mod_php o to the end of usr src apache_1 2 6 src Configuration add lphp lm lgdbm lgd to the EXTRA_LIBS in the same file application x httpd php phtml to Apache s mime types and AddType application x httpd php phtml to Apache s srm conf You may also want to add index phtml to DirectoryIndex in that file so that a file index phtml is automatically
11. ttpd virtl ScriptAlias cgi bin var httpd virtl cgi bin ServerName www virtl com ErrorLog logs virtl ssl error log TransferLog logs virtl ssl access log User virtladmin Group users SSLCACertificatePath var httpd conf SSLCACertificateFile var httpd conf httpsd pem SSLCertificateFile var httpd conf httpsd pem SSLLogFile var httpd logs virtl ssl log SSLVerifyClient 0 SSLFakeBasicAuth lt VirtualHost gt lt VirtualHost www virt2 com gt SSLDisable ServerAdmin webmaster virt2 com DocumentRoot var httpd virt2 ScriptAlias cgi bin var httpd virt2 cgi bin ServerName www virt2 com ErrorLog logs virt2 error log TransferLog logs virt2 access log lt VirtualHost gt Depending on the modules compiled in not all directives may be available You can retrieve a list of available directives with httpsd h 3 Putting it all together Linux Apache SSL PHP FI frontpage mini HOWTO 3 4 Adding frontpage support to a web Enter usr local frontpage version3 0 bin and load fpsrvadm Choose install and apache fp The next questions should be answered the following way Enter server config filename var httpd conf httpd conf Enter host name for multi hosting www virt2 com Starting install port www virt2 com 80 web Enter user s name virt2admin Enter user s password Confirm password Creating root web Recalculate links for root web Install completed The user name must be the unix login
12. version number by executing usr local frontpage currentversion exes _vti_bin shtml exe version Older versions have a nasty bug that requires httpd conf to be writable by the gid of the webserver This should make you scream if you are at all concerned about security Versions since 3 0 2 1330 are more usable 3 4 Adding frontpage support to a web Linux Apache SSL PHP FI frontpage mini HOWTO 3 7 Known bugs When touching Recalculate Links in the frontpage client the server starts a process that consumes 99 cpu cycles and some 10 mb of memory But even for medium sized webs and fast machines the client sometimes recieves a timeout message though the calculation will be finished correctly Inform frontpage users to be patient and not to hit Recalculate Links several times Inform yourself to equip the server with at least 64MB Please note that at the time of writing both SSL and frontpage work but not at the same time that means you can neither publish your web using ssl nor make use of the webbots through https You can publish your web on port 80 and access it encrypted on port 443 but your counters etc will be broken I consider this a bug This problem shall be fixed in SSL 0 9 0 3 8 The final word For those who think the title of this howto is nearly as long as the document Did you ever listened to Meat Loaf O K readers you re done for today Feel free to send me your feedback eternal gratitude flowers ecash cars oi
Download Pdf Manuals
Related Search