Install Questions

Install Questions

am 01.03.2004 17:58:14 von Bob Cohen

Hi,

Please forgive the newbie questions, I'm a web designer bumbling my way
through system administration. I really did make an effort to search
the archives. :-) Time's running short to get this project done.

The box on which I'm working has RedHat 7.3 with openssl-0.9.6b-35.7
installed as an RPM.

---Question 1---
Step 3 of the INSTALL document says OpenSSL must be configured with
-fPIC to install mod_ssl as a DSO. Can this be done with the OpenSSL
RPM provided by RedHat? I looked into doing a source install of OpenSSL
but don't have time to deal chase down and reinstall the dependencies of
which there are quite a few.

--Question 2--

Step 5 (a), the "All-In-One mod_ssl+APACI way [FOR JOE AVERAGE]" to
install mod_ssl suggests

"--with-ssl=../openssl-0.9.x \"

as one of the arguments for the "./configure" statement.

As mentioned above my OpenSSL is an RPM install; therefore, there is no
source directory. Do I leave out "--with-sql=../openssl-0.9.x"? The
install document also suggests using "SSL_BASE=SYSTEM" in place of
"SSL_BASE=../openssl-0.9.x"; do I then put "SYSTEM" in place of
"../openssl-0.9.x"? E.g., "--with-ssl=SYSTEM"

--Question 3--

This install is for a low traffic server. Is it worth it for me to use
shared memory support? MM is also installed as an RPM on this system.


Thanks in advance for the assistance.

Bob Cohen
b.p.e.Creative
http://www.bpecreative.com
Design and production services for the web
Put creative minds to work for you

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

RE: Install Questions

am 01.03.2004 18:18:56 von Dave Paris

First and foremost, if this is a world-accessable server, upgrade your
version of OpenSSL to the most recent available for RH7.3 (I'd also consider
upgrading to RH9.0 while you're at it). 0.9.6b has several security
vulnerabilities outlined at www.openssl.org. Also, use the most current
versions of Apache and mod_ssl.

... that being said..

Generally speaking, the standard, non-DSO build can be summarized as such:

# build and install OpenSSL from source (http://www.openssl.org)
cd ${OPEN_SSL_SRC_DIR} ; CFLAGS=${CFLAGS} ./config -fPIC
make test
make install

# build mod_ssl/patch Apache source (http://www.modssl.org)
cd ${MOD_SSL_DIR}
CFLAGS=${CFLAGS} ./configure --with-apache=../${APACHE_SRC_DIR}

# build and install Apache from source (http://httpd.apache.org)
cd ${APACHE_SRC_DIR}
CFLAGS=${CFLAGS} SSL_BASE=../${OPEN_SSL_SRC_DIR}
../configure --enable-module=ssl
make
make install

# done..
There are numerous other configuration directives, but the above will build
a mod_ssl capable Apache instance for you.

Kind Regards,
-dsp

> -----Original Message-----
> From: owner-modssl-users@modssl.org
> [mailto:owner-modssl-users@modssl.org]On Behalf Of Bob Cohen
> Sent: Monday, March 01, 2004 11:58 AM
> To: modssl-users@modssl.org
> Subject: Install Questions
>
>
> Hi,
>
> Please forgive the newbie questions, I'm a web designer bumbling my way
> through system administration. I really did make an effort to search
> the archives. :-) Time's running short to get this project done.
>
> The box on which I'm working has RedHat 7.3 with openssl-0.9.6b-35.7
> installed as an RPM.
[...]


____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org