• Github
  • StackOverflow
  • Linkedin

Thursday, September 7, 2017

Installing complete Apache 2.4 web server + PHP + Mod_fcgid + ModSecurity from source code on Ubuntu

Hey again, on this topic I will guide you how to install a complete web server from scratch without using apt-get repository. Maybe some of you may ask why don't we use the apt-get repository instead ?  Well, this topic is intended for somebody who need some guide on how to install Apache web server on ubuntu older release which is not supported by Canonical repository anymore. Ok then, the first thing to do we have to make sure that you'd already installed your ubuntu server version of your choice on your bare metal cpu.

Just login to your ubuntu server using ssh client such as putty if you access your server from another computer or you just simply login using your direct keyboard on your server.
Before you can do a compilation from source code you have to make sure to install development tools utility from your ubuntu server installation cd.
To mount your ubuntu server installation cd as your installation source you have to insert your cd to cdrom/dvdrom or if you only have an iso file just mount using loop :

 root@ubuntu:~$ mount -r -t iso9660 -o loop /home/user/ubuntu-x.xx-server-i386.iso /media/cdrom

* notes : you can use another directory instead of /media/cdrom for mounting the iso file.

Then you have to backup your current apt configuration or you just delete it. To make your mounted cd iso available to your apt-get command just update your apt-get using apt-cdrom. After that install basic required packages for compiling the source code.

 root@ubuntu:~$ mv /etc/apt/sources.list /etc/apt/sources.list.bak  
 root@ubuntu:~$ apt-cdrom -d /media/cdrom add  
 root@ubuntu:~$ apt-get update  
 root@ubuntu:~$ apt-get install build-essential gcc make

So after this you can open your web browser to download all required software source for your web server. Just download it all from these URL :

  1. Apache 2.4
    Dependencies :

    Website : http://httpd.apache.org/download.cgi or http://archive.apache.org/dist/httpd/

    File : http://archive.apache.org/dist/httpd/httpd-2.4.25.tar.gz
  2. Apache Mod_Fcgid
    Website : http://httpd.apache.org/mod_fcgid/

    File : http://www-us.apache.org/dist/httpd/mod_fcgid/mod_fcgid-2.3.9.tar.gz
  3. Nghttp2
    Dependencies :
    Website : https://nghttp2.org

    File : https://github.com/nghttp2/nghttp2/releases/download/v1.22.0/nghttp2-1.22.0.tar.gz
  4. Mod Security
    Dependencies :

    Website : https://www.modsecurity.org/

    File : https://www.modsecurity.org/tarball/2.9.1/modsecurity-2.9.1.tar.gz
  5. PHP
    Dependencies :

    Website : http://php.net

    File : http://php.net/get/php-5.6.30.tar.gz/from/this/mirror
  6. CURL
    Dependencies :

    Website : https://curl.haxx.se/

    File : https://github.com/curl/curl/releases/download/curl-7_54_0/curl-7.54.0.tar.gz

Now after you'd download all those required files, create an empty directory as an extraction folder to deploy.

Source Code Compilation Steps :
  1. Install zlib
    /your_extract_dir/zlib-1.2.11/configure --prefix=/usr/local/lib/zlib && make && make install
  2. Install Openssl
    /your_extract_dir/openssl-1.0.2l/config --prefix=/usr/local/lib/openssl-1.0.2l && make && make install
  3. Install LibreSSL
    /your_extract_dir/libressl-2.5.4/configure --prefix=/usr/local/lib/libressl --with-openssldir=/usr/local/lib/openssl-1.0.2l && make && make install
  4. Install m4
    /your_extract_dir/m4-1.4.17/configure --prefix=/usr/local/lib/m4 && make && make install
    export PATH=$PATH:/usr/local/lib/m4/bin
  5. Install autoconf
    /your_extract_dir/autoconf-2.69/configure --prefix=/usr/local/lib/autoconf && make && make install
    export PATH=$PATH:/usr/local/lib/autoconf/bin
  6. Install automake
    /your_extract_dir/automake-1.15/configure --prefix=/usr/local/lib/automake && make && make install
    export PATH=$PATH:/usr/local/lib/automake/bin
  7. Install libtool
    /your_extract_dir/libtool-2.4.6/configure --prefix=/usr/local/lib/libtool && make && make install
    export PATH=$PATH:/usr/local/lib/libtool/bin
  8. Install Apr
    /your_extract_dir/apr-1.5.2/configure --prefix=/usr/local/httpd/apr && make && make install
  9. Install Apr-Util
    /your_extract_dir/apr-util-1.5.4/configure --prefix=/usr/local/httpd/apr --with-apr=/usr/local/httpd/apr/bin/apr-1-config --with-openssl=/usr/local/lib/libressl --with-crypto && make && make install
  10. Install PCRE
    /your_extract_dir/pcre-8.40/configure --prefix=/usr/local/lib/pcre && make && make install
  11. Install LibXML2
    /your_extract_dir/libxml2-2.7.2/configure --prefix=/usr/local/lib/libxml2 --with-zlib=/usr/local/lib/zlib --with-xpath --with-writer --with-regexps --with-schemas --with-http --with-reader --with-ftp && make && make install
  12. Install Pkg-config
    /your_extract_dir/pkg-config-0.23/configure --prefix=/usr/local/lib/pkgconfig && make && make install
    export PATH=$PATH:/usr/local/lib/pkgconfig/bin
  13. Install Nghttp2
    /your_extract_dir/nghttp2-1.22.0/configure --prefix=/usr/local/lib/nghttp2 --with-libxml2 OPENSSL_CFLAGS='-I/usr/local/lib/openssl-1.0.2l/include' LIBXML2_CFLAGS='-I/usr/local/lib/libxml2/include' ZLIB_CFLAGS='-I/usr/local/lib/zlib/include' OPENSSL_LIBS='-I/usr/local/lib/openssl-1.0.2l/lib' LIBXML2_LIBS='-I/usr/local/lib/libxml2/lib' ZLIB_LIBS='-I/usr/local/lib/zlib/lib' && make && make install
  14. Install Httpd
    /your_extract_dir/httpd-2.4.25/configure --prefix=/usr/local/httpd --enable-so --enable-deflate --enable-unique-id --enable-actions --enable-authnz-fcgi --enable-ssl --enable-mpms-shared=all --enable-mods-shared="all cgi" --enable-cgid --enable-cgi --enable-dav --enable-rewrite --with-mpm=worker --with-pcre=/usr/local/lib/pcre --with-apr=/usr/local/httpd/apr/bin/apr-1-config --with-apr-util=/usr/local/httpd/apr/bin/apu-1-config --enable-suexec --with-suexec-caller=www-data --with-suexec-bin=/usr/local/httpd/bin/suexec --with-suexec-docroot=/your/prefered/varwww/ --with-suexec-logfile=/var/logs/suexec.log --with-suexec-uidmin=100 --with-suexec-gidmin=100 --enable-http2 --with-nghttp2=/usr/local/lib/nghttp2 --with-ssl=/usr/local/lib/openssl-1.0.2l --with-z=/usr/local/lib/zlib --with-libxml2=/usr/local/lib/libxml2 --enable-modules="actions rewrite dav ssl unixd version log_config suexec info cache cache_disk" && make && make install
  15. Install Mod_Fcgid
    APXS=/usr/local/httpd/bin/apxs /your_extract_dir/mod_fcgid-2.3.9/configure.apxs && make && make install
  16. Install ModSecurity dependencies
    • /your_extract_dir/ncurses-6.0/configure && make && make install
    • /your_extract_dir/readline-7.0/configure && make && make install 
    • cd /your_extract_dir/lua-5.1.5/ && make linux install
    • /your_extract_dir/libssh2-1.8.0/configure --prefix=/usr/local/lib/libssh2 --with-openssl --with-libz --with-libssl-prefix=/usr/local/lib/libressl --with-libz-prefix=/usr/local/lib/zlib && make && make install 
    • /your_extract_dir/libidn2-2.0.0/configure --prefix=/usr/local/lib/libidn2 && make && make install
    • /your_extract_dir/curl-7.54.0/configure --prefix=/usr/local/lib/libcurl --with-zlib=/usr/local/lib/zlib/ --enable-optimize --with-random=/dev/urandom --enable-cookies --enable-unix-sockets --enable-verbose --enable-ipv6 --enable-smtp --enable-imap --enable-pop3 --enable-telnet --enable-rtsp --enable-file --enable-ftp --enable-http --enable-warnings --enable-debug --with-libidn2=/usr/local/lib/libidn2 --with-libssh2=/usr/local/lib/libssh2 --with-nghttp2=/usr/local/lib/nghttp2 && make && make install
    Notes : if you encountered problem run time library cannot be linked, create a file on /etc/ld.so.conf.d/yourfile.conf and list
                 every installed library into the file, save the file and then run ldconfig on shell prompt. See example :

  17. Install ModSecurity
    /your_extract_dir/modsecurity-2.9.1/configure --prefix=/usr/local/httpd/modsec --with-pcre=/usr/local/lib/pcre --with-libxml=/usr/local/lib/libxml2 --with-apr=/usr/local/httpd/apr/bin/apr-1-config --with-apu=/usr/local/httpd/apr/bin/apu-1-config --with-idn2=/usr/local/lib/libidn2 --with-curl=/usr/local/lib/libcurl --with-apxs=/usr/local/httpd/bin/apxs && make && make install
  18. Copy generated modsecurity.so to httpd
    cp /usr/local/httpd/modsec/lib/mod_security2.so /usr/local/httpd/modules
  19. Enable modsecurity on /usr/local/httpd/conf/httpd.conf (Remove # sign if already exists)
    LoadModule security2_module modules/mod_security2.so
  20. Install PHP
    /your_extract_dir/php-5.6.30/configure --prefix=/usr/local/php/5.6.30 --enable-wddx --enable-sockets --enable-soap --enable-pcntl --enable-mbstring --enable-ftp --enable-calendar --enable-bcmath  --with-regex --with-libxml-dir=/usr/local/lib/libxml2 --with-zlib=/usr/local/lib/zlib --enable-dba --with-openssl=/usr/local/lib/openssl-1.0.2l --enable-sysvmsg --enable-sysvsem --enable-sysvshm --with-curl=/usr/local/lib/libcurl && make && make install
Now we can configure your apache 2.4 installation
  1. Edit /usr/local/httpd/conf/httpd.conf
  2. Replace
    User daemon
    Group daemon
    with
    User www-data
    Group www-data
  3. Uncomment ServerName and replace with localhost
    ServerName localhost:80
  4. On the end of line just add your own configuration file
    Include /your/prefered/varwww/conf/httpd.conf
  5. Save the file and create the file on step 4 above and fill with 
     <VirtualHost *:80>  
    ServerAdmin webmaster@localhost  
    ServerName yourdomain.com  
    DocumentRoot /your/prefered/varwww/public_html  
    <IfModule mod_fcgid.c>  
       SuexecUserGroup username groupname  
       Action php-fcgi  /fcgi-bin/fcgi-exec  
       DefaultInitEnv PHPRC /your/prefered/varwww/conf/ #put your php.ini here  
       Alias /fcgi-bin/ /your/prefered/varwww/fcgi.d/default/  
       AddType application/x-httpd-php .php  
       FCGIWrapper /your/prefered/varwww/fcgi.d/default/fcgi-exec .php  
     </IfModule>  
     <Directory /your/prefered/varwww/public_html>  
        AddHandler fcgid-script .php  
        Options Indexes FollowSymLinks MultiViews ExecCGI  
        AllowOverride All  
        Require all granted  
     </Directory>  
      ErrorLog /your/prefered/varwww/logs/error.log  
      LogLevel warn  
      CustomLog /your/prefered/varwww/logs/access.log combined
</VirtualHost>
  6. Now you can create fast cgi exec as described on IfModule
     root@ubuntu~$ mkdir -p /your/prefered/varwww/fcgi.d/default  
 root@ubuntu~$ echo "#!/bin/bash" >> /your/prefered/varwww/fcgi.d/default/fcgi-exec  
 root@ubuntu~$ echo "export PHPRC=/your/prefered/varwww/conf/" >> /your/prefered/varwww/fcgi.d/default/fcgi-exec  
 root@ubuntu~$ echo "exec /usr/local/php/5.6.30/bin/php-cgi -c /your/prefered/varwww/conf/php.ini -d open_basedir=/your/prefered/varwww/public_html" >> /your/prefered/varwww/fcgi.d/default/fcgi-exec
  7. Adjust file and directory permission
    root@ubuntu~$ groupadd your_groupname
root@ubuntu~$ useradd -d /your/prefered/varwww -g 1001 -s /usr/sbin/nologin your_username 
root@ubuntu~$ chmod 755 /your/prefered/varwww/fcgi.d/default/fcgi-exec  
root@ubuntu~$ chown -cR username:groupname /your/prefered/varwww/fcgi.d/default
  8. Run apache with /usr/local/httpd/bin/apachectl -k start
Notes : if you cannot run php file change file owner to your newly created user, or you can chmod 777 /usr/local/httpd/logs/fcgidsock and restart apache.
You have successfully build your Apache 2.4 server.
Posted by at
Labels: ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)