apache+mod_ssl+PHP+MySQL Netwinder HOWTO ======================================== Revision 2: Gareth Boden John Bradley . Revision 1: Gareth Boden Thanks to much help from Ralph Siemsen , we eventually have a working secure web server with PHP and MySQL, an ideal e-commerce web application platform. Installation ============ This section covers installing the software from the RPMs in ftp://ftp.netwinder.org/users/g/garethboden/ and other official netwinder RPMs from the list on the website. If you wish to know how to build the system yourself, consult the later section on Building. 1. Grab yourself a copy of the following RPMs and install them all: openssl-0.9.5-1.armv4l.rpm mm-1.0.12-1.armv4l.rpm apache-mod_ssl-1.3.12.2.6.4-1.armv4l.rpm MySQL-3.22.32-1_nw1.armv4l.rpm MySQL-client-3.22.32-1_nw1.armv4l.rpm (for testing) php-3.0.16-1.armv4l.rpm (requires gd, gdbm, freetype, zlib) php-manual-3.0.16-1.armv4l.rpm (for reading) 2. Choose which php extension modules you want and install them: php-mysql-3.0.16-1.armv4l.rpm php-imap-3.0.16-1.armv4l.rpm (requires krb5-configs, krb5-libs) php-ldap-3.0.16-1.armv4l.rpm (requires openldap) 3. Edit the /etc/httpd.conf file to enable PHP3: Add the line: LoadModule php3_module /usr/lib/apache/libphp3.so above the ", LoadModule ssl_module" section. Add the line: AddModule mod_php3.c above the ", AddModule mod_ssl.c" section. Uncomment the lines: AddType application/x-httpd-php3 .php3 AddType application/x-httpd-php3-source .phps Make sure the web server is set to listen on the HTTPS port: Listen 443 4. Generate yourself a private key for your web server: openssl genrsa -des3 -rand /dev/urandom -out server.key 1024 Keep a copy of this key somewhere very safe - you will need it to start the web server - and don't forget the passphrase you used. 5. Generate a Certificate Signing Request: openssl req -new -key server.key -out server.csr 6. Generate a self-signed certificate: openssl x509 -req -days 30 -in server.csr -signkey server.key -out server.crt 7. Copy the key and certificate to the webserver's space: cp server.key /etc/httpd/conf/ssl.key/server.key cp server.crt /etc/httpd/conf/ssl.crt/server.crt cd /etc/httpd/conf/ssl.crt make 8. Start the webserver and test it out on both http and https from your web browser: /usr/sbin/httpd -DSSL 9. If everything works nicely, use the server.csr file you created above to request a real certificate from your favourite Certificate Authority. Building ======== The build methodology was roughly that available at http://www.jasons.org/modssl.phtml. The main difference was that MySQL 3.22 SRPM as supplied compiles without the -fPIC flag specified. This produces non-position-independent code in a static library (libmysqlclient.a) which is then linked into PHP. The end result of this is that with the whole combination of apache+mod_ssl+PHP+MySQL you get an error from the dynamic linker when starting httpd. The reasons for this error are described well in the Netwinder FAQ at http://www.netwinder.org/cgi-bin/faq.cgi, section 2.24. This problem does not arise if PHP+MySQL are used with a standard Apache build. In summary, to rebuild the complete set of applications, follow the instructions at http://www.jasons.org/modssl.phtml, but using openssl-0.9.5-1.src.rpm instead of -2.src.rpm and substitute the following step 11: 11. Install the SRPM, edit the spec and compile it: rpm -i MySQL-3.22.32-1.src.rpm Edit /usr/src/redhat/SPECS/mysql-3.22.32.spec, inserting the following: libtoolize -c -f %ifarch armv4l export MYSQL_BUILD_CC=gcc export MYSQL_BUILD_CXX=gcc export MYSQL_BUILD_CFLAGS="-O6 -fomit-frame-pointer -fPIC" export MYSQL_BUILD_CXXFLAGS="-O6 -fomit-frame-pointer -felide-constructors -fno-exceptions -fno-rtti -fPIC" %endif above the "BuildMySQL()" section. rpm -ba mysql-3.22.32.spec