Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Apache Php SSL Hair Puller!
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
Guest






PostPosted: Tue Apr 23, 2002 12:15 pm    Post subject: Apache Php SSL Hair Puller! Reply with quote

Sorry for the long post but I have include config files where appropriate. I have trierd for 4 days to get this combo to work and am at a complete
loss on what to try next.
Thanks for your help!

This post contains the following error and config files:

USE section from make.conf
ERROR MESSAGE from starting apache
apache.conf
end of my rc.conf for the line APACHE_OPTS="-D SSL -D PHP4"
mod_php.conf
mod_ssl.conf

I have emerged, re emerged and selectively emerged individual packages to satisfy dependencies. I have mod_ssl, apache, php all emerged with no problems except serving up pages via ssl and serving php pages.

SSL comes up with page not found and php info page comes up without being parsed and I do have the correct mime types entered-> .php .php3 .php4

Apache can serve up web pages from /home/httpd/htdocs. My section with the USE clause in make.conf follows:

USE="ant cups berkdb crypt fbcon gb gd gdbm gif png gpm gtk imap imlib innodb java jpeg kde libg++ mod_ssl mozilla mysql ncurses odbc pdflib perl php postgres python qt samba ssl svga tcltk tcpd truetype x"

I have even ran the ebuild script that makes the necessary changes to apache.conf I have commented the php section because starting apache with that section uncommented produces the following error and apache will not start with the php add module lines unless I comment or remove them:

/etc/init.d/apache start
* Starting apache...
Syntax error on line 57 of /etc/apache/conf/apache.conf:
Cannot load /etc/apache/extramodules/libphp4.so into server: /etc/apache/extramodules/libphp4.so: undefined symbol: pam_start

Here is my apache.conf:

### Main Configuration Section
### You really shouldn't change these settings unless you're a guru
###
ServerType standalone
ServerRoot /etc/apache
#ServerName localhost
#LockFile /etc/httpd/httpd.lock
PidFile /var/run/apache.pid
ScoreBoardFile /etc/apache/apache.scoreboard
ErrorLog logs/error_log
LogLevel warn
ResourceConfig /dev/null
AccessConfig /dev/null
DocumentRoot /home/httpd/htdocs


### Dynamic Shared Object (DSO) Support
###
###
LoadModule mmap_static_module modules/mod_mmap_static.so
LoadModule env_module modules/mod_env.so
LoadModule config_log_module modules/mod_log_config.so
LoadModule agent_log_module modules/mod_log_agent.so
LoadModule referer_log_module modules/mod_log_referer.so
LoadModule mime_magic_module modules/mod_mime_magic.so
LoadModule mime_module modules/mod_mime.so
LoadModule negotiation_module modules/mod_negotiation.so
LoadModule status_module modules/mod_status.so
LoadModule info_module modules/mod_info.so
LoadModule includes_module modules/mod_include.so
LoadModule autoindex_module modules/mod_autoindex.so
LoadModule dir_module modules/mod_dir.so
LoadModule cgi_module modules/mod_cgi.so
LoadModule asis_module modules/mod_asis.so
LoadModule imap_module modules/mod_imap.so
LoadModule action_module modules/mod_actions.so
LoadModule speling_module modules/mod_speling.so
LoadModule userdir_module modules/mod_userdir.so
LoadModule proxy_module modules/libproxy.so
LoadModule alias_module modules/mod_alias.so
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule access_module modules/mod_access.so
LoadModule auth_module modules/mod_auth.so
LoadModule anon_auth_module modules/mod_auth_anon.so
LoadModule dbm_auth_module modules/mod_auth_dbm.so
LoadModule db_auth_module modules/mod_auth_db.so
LoadModule digest_module modules/mod_digest.so
LoadModule cern_meta_module modules/mod_cern_meta.so
LoadModule expires_module modules/mod_expires.so
LoadModule headers_module modules/mod_headers.so
LoadModule usertrack_module modules/mod_usertrack.so
LoadModule example_module modules/mod_example.so
LoadModule unique_id_module modules/mod_unique_id.so
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule vhost_alias_module modules/mod_vhost_alias.so
#<IfDefine PHP4>
#LoadModule php4_module extramodules/libphp4.so
#</IfDefine>

# Reconstruction of the complete module list from all available modules
# (static and shared ones) to achieve correct module execution order.
# [WHENEVER YOU CHANGE THE LOADMODULE SECTION ABOVE UPDATE THIS, TOO]
ClearModuleList
AddModule mod_mmap_static.c
AddModule mod_env.c
AddModule mod_log_config.c
AddModule mod_log_agent.c
AddModule mod_log_referer.c
AddModule mod_mime_magic.c
AddModule mod_mime.c
AddModule mod_negotiation.c
AddModule mod_status.c
AddModule mod_info.c
AddModule mod_include.c
AddModule mod_autoindex.c
AddModule mod_dir.c
AddModule mod_cgi.c
AddModule mod_asis.c
AddModule mod_imap.c
AddModule mod_actions.c
AddModule mod_speling.c
AddModule mod_userdir.c
AddModule mod_proxy.c
AddModule mod_alias.c
AddModule mod_rewrite.c
AddModule mod_access.c
AddModule mod_auth.c
AddModule mod_auth_anon.c
AddModule mod_auth_dbm.c
AddModule mod_auth_db.c
AddModule mod_digest.c
AddModule mod_cern_meta.c
AddModule mod_expires.c
AddModule mod_headers.c
AddModule mod_usertrack.c
AddModule mod_example.c
AddModule mod_unique_id.c
AddModule mod_so.c
AddModule mod_setenvif.c
AddModule mod_vhost_alias.c
#<IfDefine PHP4>
#AddModule mod_php4.c
#</IfDefine>

###
### Global Configuration
###
# Splitting up apache.conf into two files makes it possible to support
# multiple configurations on the same serer. In commonapache.conf
# you keep directives that apply to all implementations and in this
# file you keep server-specific directives. While we don't yet have
# multiple configurations out-of-the-box, this allows us to do that
# in the future easily.
Include conf/commonapache.conf


###
### IP Address/Port
###
#BindAddress *
Port 80
Listen 80


###
### Log configuration Section
###
# Single logfile with access, agent and referer information
# This is the default, if vlogs are not defined for the main server
CustomLog logs/access_log combined env=!VLOG
# If VLOG is defined in conf/vhosts/Vhosts.conf, we use this entry
#CustomLog "|/usr/sbin/apachesplitlogfile" vhost env=VLOG


###
### Virtual Hosts
###
# We include different templates for Virtual Hosting. Have a look in the
# vhosts directory and modify to suit your needs.
#Include conf/vhosts/Vhosts.conf
#Include conf/vhosts/DynamicVhosts.conf
#Include conf/vhosts/VirtualHomePages.conf


###
### Performance settings Section
###
#
# Timeout: The number of seconds before receives and sends time out.
#
Timeout 300

#
# KeepAlive: Whether or not to allow persistent connections (more than
# one request per connection). Set to "Off" to deactivate.
#
KeepAlive On

#
# MaxKeepAliveRequests: The maximum number of requests to allow
# during a persistent connection. Set to 0 to allow an unlimited amount.
# We recommend you leave this number high, for maximum performance.
#
MaxKeepAliveRequests 100

#
# KeepAliveTimeout: Number of seconds to wait for the next request from the
# same client on the same connection.
#
KeepAliveTimeout 15

#
# Server-pool size regulation. Rather than making you guess how many
# server processes you need, Apache dynamically adapts to the load it
# sees --- that is, it tries to maintain enough server processes to
# handle the current load, plus a few spare servers to handle transient
# load spikes (e.g., multiple simultaneous requests from a single
# Netscape browser).
#
# It does this by periodically checking how many servers are waiting
# for a request. If there are fewer than MinSpareServers, it creates
# a new spare. If there are more than MaxSpareServers, some of the
# spares die off. The default values are probably OK for most sites.
#
MinSpareServers 4
MaxSpareServers 10

#
# Number of servers to start initially --- should be a reasonable ballpark
# figure.
#
StartServers 4

#
# Limit on total number of servers running, i.e., limit on the number
# of clients who can simultaneously connect --- if this limit is ever
# reached, clients will be LOCKED OUT, so it should NOT BE SET TOO LOW.
# It is intended mainly as a brake to keep a runaway server from taking
# the system with it as it spirals down...
#
MaxClients 150

#
# MaxRequestsPerChild: the number of requests each child process is
# allowed to process before the child dies. The child will exit so
# as to avoid problems after prolonged use when Apache (and maybe the
# libraries it uses) leak memory or other resources. On most systems, this
# isn't really needed, but a few (such as Solaris) do have notable leaks
# in the libraries. For these platforms, set to something like 10000
# or so; a setting of 0 means unlimited.
#
# NOTE: This value does not include keepalive requests after the initial
# request per connection. For example, if a child process handles
# an initial request and 10 subsequent "keptalive" requests, it
# would only count as 1 request towards this limit.
#
MaxRequestsPerChild 500

Include conf/addon-modules/mod_php.conf
Include conf/addon-modules/mod_ssl.conf


Here is just the end of my rc.conf:

XSESSION=KDE



# Note: achim lives in Germany, and enjoys these settings
# KEYMAP="de-latin1-nodeadkeys"
# CONSOLEFONT="iso09.f14"





#OLD SETTINGS; not currently supported
#SULOGIN=no # Set to yes if you want sulogin to be spawned on bootup
#DELAYLOGIN=yes # Set to no if you want to be able to login over telnet/rlogi
n
# before system startup is complete (as soon as inetd is star
ted)

#Apache Options
APACHE_OPTS="-D SSL -D PHP4"

Here is my mod_php.conf:

<IfModule mod_php4.c>

AddType application/x-httpd-php .php .php4 .php3 .phtml
AddType application/x-httpd-php-source .phps

</IfModule>

Here is my mod_ssl.conf:

<IfModule mod_ssl.c>

##--------------------------------------------------------------------------
## Add additional SSL configuration directives which provide a
## robust default configuration: virtual server on port 443
## which speaks SSL.
##--------------------------------------------------------------------------
##
## SSL Support
##
## When we also provide SSL we have to listen to the
## standard HTTP port (see above) and to the HTTPS port
##
Listen 443

##
## SSL Global Context
##
## All SSL configuration in this context applies both to
## the main server and all SSL-enabled virtual hosts.
##

#
# Some MIME-types for downloading Certificates and CRLs
#
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl

# Pass Phrase Dialog:
# Configure the pass phrase gathering process.
# The filtering dialog program (`builtin' is a internal
# terminal dialog) has to provide the pass phrase on stdout.
SSLPassPhraseDialog builtin

# Inter-Process Session Cache:
# Configure the SSL Session Cache: First either `none'
# or `dbm:/path/to/file' for the mechanism to use and
# second the expiring timeout (in seconds).
#SSLSessionCache none
#SSLSessionCache dbm:logs/ssl_scache
SSLSessionCache shm:logs/ssl_scache(512000)
SSLSessionCacheTimeout 300

# Semaphore:
# Configure the path to the mutual explusion semaphore the
# SSL engine uses internally for inter-process synchronization.
SSLMutex sem

# Pseudo Random Number Generator (PRNG):
# Configure one or more sources to seed the PRNG of the
# SSL library. The seed data should be of good random quality.
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
#SSLRandomSeed startup file:/dev/random 512
#SSLRandomSeed startup file:/dev/urandom 512
#SSLRandomSeed connect file:/dev/random 512
#SSLRandomSeed connect file:/dev/urandom 512

# Logging:
# The home of the dedicated SSL protocol logfile. Errors are
# additionally duplicated in the general error log file. Put
# this somewhere where it cannot be used for symlink attacks on
# a real server (i.e. somewhere where only root can write).
# Log levels are (ascending order: higher ones include lower ones):
# none, error, warn, info, trace, debug.
SSLLog logs/ssl_engine_log
SSLLogLevel info

</IfModule>

[/b]
Back to top
klieber
Bodhisattva
Bodhisattva


Joined: 17 Apr 2002
Posts: 3657
Location: San Francisco, CA

PostPosted: Tue Apr 23, 2002 12:28 pm    Post subject: Re: Apache Php SSL Hair Puller! Reply with quote

Anonymous wrote:
USE="ant cups berkdb crypt fbcon gb gd gdbm gif png gpm gtk imap imlib innodb java jpeg kde libg++ mod_ssl mozilla mysql ncurses odbc pdflib perl php postgres python qt samba ssl svga tcltk tcpd truetype x"


Well, for starters, I think your USE settings are incorrect. There is no "mod_ssl" USE variable -- I believe you want just "ssl". Additionally, I'm not sure if USE variables are case-sensitive. If they are, then it should be "X" instead of "x".

Do you really need all those variables? You've got everything but the kitchen sink in there, including support for four different databases. Not sure if it will fix your problem, but certainl the less cruft that's installed, the less that can go wrong.

Just my $.02, though.

Finally, you might try searching the archives of the gentoo-user mailing list. I remember seeing some stuff about apache and ssl on there in the last couple of days. Might be worth a look.

--kurt
_________________
The problem with political jokes is that they get elected
Back to top
View user's profile Send private message
Guest






PostPosted: Tue Apr 23, 2002 12:42 pm    Post subject: What can I try? Reply with quote

Hi kurt, thanks for the response. I have checked the archives on apache ssl php libphp4.so etc-->anything relating to installing these beasts. :) Also there is a package for mod_ssl. I included everything but the kitchen sink on a reccomendation I read in a post not sure if on here or google...

I am still at a loss. I have never had this much of a problem getting apache php ssl mysql going. I am not a newbie but I am also not a linux guru!

Thanks for checking anyway!
Back to top
klieber
Bodhisattva
Bodhisattva


Joined: 17 Apr 2002
Posts: 3657
Location: San Francisco, CA

PostPosted: Tue Apr 23, 2002 12:56 pm    Post subject: Re: What can I try? Reply with quote

Anonymous wrote:
I have checked the archives on apache ssl php libphp4.so etc-->anything relating to installing these beasts. :)


Have you checked the mailing list archives? Not the forum archives.

Anonymous wrote:
Also there is a package for mod_ssl


Yes, but I don't think there's a use variable for it. Just because a package exists in Gentoo doesn't mean that you can control support for that package by sticking the package name in your use config. :)

Check /usr/portage/profiles/use.desc for a comprehensive list of use variables.

--kurt
_________________
The problem with political jokes is that they get elected
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum