###########################################################
# Apache 2.4.x Compile and Install:
# You'll need these:
yum install gcc
yum install make
yum install openssl-devel
yum install pcre-devel
# Download httpd:
http://httpd.apache.org/download.cgi
# Download apr and apr-utils:
http://apr.apache.org/download.cgi
# Unpack and put things in the right spots:
tar -xf httpd-2.4.9.tar.bz2
cp apr* httpd-2.4.9/srclib/
cd httpd-2.4.9/srclib/
tar -xf apr-1.5.1.tar.bz2
tar -xf apr-util-1.5.3.tar.bz2
mv apr-1.5.1 apr
mv apr-util-1.5.3 apr-util
cd ..
# Configure, compile, and install:
./configure \
--prefix=/usr/local/apache-2.4.9 \
--with-included-apr \
--enable-nonportable-atomics=yes \
--enable-so \
--enable-ssl
make
make install
cd /usr/local/
ln -s apache-2.4.9 apache
See: http://httpd.apache.org/docs/current/upgrading.html
###########################################################
# Installing mod_jk (tomcat-connectors)
# Download tomcat-connectors:
http://tomcat.apache.org/download-connectors.cgi
tar -xf tomcat-connectors-1.2.40-src.tar.gz
cd tomcat-connectors-1.2.40-src/native
./configure --with-apxs=/usr/local/apache-2.4.9/bin/apxs
make
cp ./apache-2.0/mod_jk.so /usr/local/apache-2.4.9/modules/mod_jk-1.2.40.so
cd /usr/local/apache-2.4.9/modules/
ln -s mod_jk-1.2.40.so mod_jk.so
###########################################################
# Installing modsecurity
# You'll need these:
yum install libxml2
yum install libxml2-devel
yum install curl
yum install curl-devel
yum install expat-devel
# Download modsecurity:
http://www.modsecurity.org/download/
tar -xf modsecurity-2.8.0.tar.gz
cd modsecurity-2.8.0
./configure --with-apr=/usr/local/apache-2.4.9/bin/apr-1-config \
--with-apu=/usr/local/apache-2.4.9/bin/apu-1-config \
--with-apxs=/usr/local/apache-2.4.9/bin/apxs
make
cp apache2/.libs/mod_security2.so /usr/local/apache-2.4.9/modules/mod_security-2.8.0.so
cd /usr/local/apache-2.4.9/modules/
ln -s mod_security-2.8.0.so mod_security2.so
###########################################################
# SSL Configuration for Apache 2.4.x
Condensed from http://httpd.apache.org/docs-2.4/ssl/ssl_faq.html
1. Create a RSA private key for your Apache server (will be Triple-DES encrypted and PEM formatted):
openssl genrsa -des3 -out server.key 2048
2. Create a Certificate Signing Request (CSR) with the server RSA private key (output will be PEM formatted):
openssl req -new -key server.key -out server.csr
Now that you've got a CSR, it needs to be signed by a Certifying Authority (CA):
Choice A: You can send the CSR to a commercial CA to be signed,
in which case they would send you back the SSL certificate.
Choice B: Create your own certificate authority (CA) and sign it yourself (See http://httpd.apache.org/docs/2.4/ssl/ssl_faq.html#aboutcerts)
###########################################################
# Varnish
# You'll need these:
yum install python-imaging
yum install python-docutils
yum install ncurses-devel
yum install readline-devel
# Download varnish:
https://www.varnish-cache.org/releases
tar -xf varnish-4.0.0.tar.gz
cd varnish-4.0.0
./configure --prefix=/usr/local/varnish-4.0.0
make
make install
cd /usr/local/
ln -s varnish-4.0.0 varnish
###########################################################
###########################################################
###########################################################
###########################################################
# Apache 2.2.x Compile and Install:
"./configure" \
"--prefix=/usr/local/apache-2.2.22" \
"--enable-so" \
"--enable-mods-shared=all ssl proxy cache mem_cache file_cache disk_cache"
make
make install
cd /usr/local/
ln -s apache-2.2.22 apache
###########################################################
# Apache 2.0.x Compile and Install:
"./configure" \
"--prefix=/usr/local/apache-2.0.52" \
"--enable-so" \
"--enable-rewrite=shared" \
"--enable-ssl=shared" \
"--enable-proxy=shared" \
"--enable-auth-digest=shared" \
"--enable-deflate=shared" \
"--enable-expires=shared" \
"--enable-headers=shared" \
"--enable-status=shared" \
"--enable-cgi=shared"
make
make install
cd /usr/local/
ln -s apache-2.0.46 apache
mkdir /var/log/httpd
chown web:web /var/log/httpd
Bonus Note: To get the ssl module to compile on Red Hat 9, run the following commands first:
cd /usr/include/openssl/
ln -s /usr/kerberos/include/* ./
###########################################################
# SSL Configuration for Apache 2.0.x
# (condensed from http://httpd.apache.org/docs-2.0/ssl/ssl_faq.html)
1. Create a RSA private key for your Apache server (will be Triple-DES encrypted and PEM formatted):
openssl genrsa -des3 -out server.key 1024
2. Create a Certificate Signing Request (CSR) with the server RSA private key (output will be PEM formatted):
openssl req -new -key server.key -out server.csr
# Now that you've got a CSR, you have two choices:
# Choice A: You can send the CSR to Verisign or Thawte (or somewhere else) to be signed,
# in which case they would send you back the SSL certificate.
# Choice B: Create your own certificate authorityi (CA) and sign it yourself by following the next three steps:
1. Create a RSA private key for your CA (will be Triple-DES encrypted and PEM formatted):
openssl genrsa -des3 -out ca.key 1024
2. Create a self-signed CA Certificate (X509 structure) with the RSA key of the CA (output will be PEM formatted):
openssl req -new -x509 -days 365 -key ca.key -out ca.crt
3. Now you can use this CA to sign the server CSR and create a SSL certificate:
./sign.sh server.csr (sign.sh comes from the mod_ssl source tarball. Go get one from www.modssl.org)
###########################################################
# PHP Compile and Install:
./configure --with-apxs2 --enable-mbstring --with-mysql --with-imap --with-pgsql --with-kerberos --with-imap-ssl
###########################################################
# Interesting mod_rewrite Example:
Can anyone identify this http exploit? Seen in the apache logs:
foo.bar.com - - [30/May/2004:02:45:28 -0400] "SEARCH /\x90\x02\xb1\x02\xb1\x02\xb1\x02\xb...
This is an older IIS WebDAV exploit. More info athttp://www.microsoft.com/technet/security/bulletin/ms03-007.mspx
You can mod_rewrite these attempts to /dev/null
RedirectMatch permanent (.*)\/x90\/(.*)$ /dev/null
###########################################################