Apache 2.4.16 installation with SSL manually on RHEL 7.0/CentOS 7.0

Fazal Yehiya Apache, Linux, Red Hat , , , , , , , , , , , , , , , ,

In this article, we are going to build Apache service (2.4.16) with custom settings and install it on RHEL 7.0 from scratch with SSL support. Before we start, let’s install dependencies required.

Post build packages required,

yum groupinstall “Development Tools”
yum install openssl-devel
yum install pcre-devel

Once above dependencies are installed, download the current stable Apache source files as shown below. At the time of this write up the current stable release was Apache 2.4.16.

cd /usr/src
wget http://www.eu.apache.org/dist//httpd/httpd-2.4.16.tar.gz
tar zxvf httpd-2.4.16.tar.gz

Now we have to download the compatible versions of APR and APR-Util for Apache since latest versions of Apache is not compatible with versions packaged with the OS.

cd /usr/src
wget http://www.eu.apache.org/dist//apr/apr-1.5.2.tar.gz
wget http://www.eu.apache.org/dist//apr/apr-util-1.5.4.tar.gz
tar zxvf apr-1.5.2.tar.gz
tar zxvf apr-util-1.5.4.tar.gz

Now move the extracted “Apr” and “Apr-util” into Apache source directory.

mv apr-1.5.2 /usr/src/httpd-2.4.16/srclib/apr
mv apr-util-1.5.4 /usr/src/httpd-2.4.16/srclib/apr-util

Now we are all good to start the compilation of source files. At this point you can decide which modules that you need to enable with your Apache service.

cd /usr/src/httpd-2.4.16
./configure --enable-so --enable-ssl --with-mpm=prefork --with-included-apr --enable-proxy --enable-proxy-connect --enable-proxy-ftp --enable-proxy-http --enable-proxy-scgi --enable-proxy-ajp --enable-proxy-balancer --enable-vhost-alias
make
make install

There it is. Compilation of Apache source files are complete and installed under “/usr/local/apache2”. Now we can configure few modules we enabled and lets starts with SSL.

Un-comment below Include and LoadModule lines in “/usr/local/apache2/conf/httpd.conf”

Include conf/extra/httpd-ssl.conf
LoadModule ssl_module modules/mod_ssl.so

On most cases default SSL configurations in httpd-ssl.conf would be suffice. Before we move forward on starting the Apache server, we have to create the SSL certificate and key.

Generate the server.key using openssl.

cd /usr/src
openssl genrsa -des3 -out server.key 1024

When you execute above command, it will ask for the password. Make sure you remember this password as you need when you start Apache service later. Next step is to generate a certificate request file (server.csr) using the above server.key file.

openssl req -new -key server.key -out server.csr

Now we can generate a self signed ssl certificate (server.crt) using the above server.key and server.csr file.

openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

Done. Lets copy the server.key and server.crt file to Apache configuration directory location as shown below.

cp server.key /usr/local/apache2/conf/
cp server.crt /usr/local/apache2/conf/

All configurations done and we can start the Apache service now.

/usr/local/apache2/bin/apachectl start

This will prompt for a password where you entered during the SSL certificate creation process.

By default all ports to RHEL 7.0 will be blocked except for SSH port. To enable access to Apache service you will have to open ports 80 and 443 in the system. Below command will permanently open these ports.

firewall-cmd --zone=public --add-port=80/tcp --permanent
firewall-cmd --zone=public --add-port=443/tcp --permanent
firewall-cmd --reload

Sometimes you might encounter the below error when you start Apache service for the first time. All you have to do is to un-comment the below mentioned LoadModule from the httpd.conf file.

ERROR 1

/usr/local/apache2/bin/apachectl start
AH00526: Syntax error on line 92 of /usr/local/apache2/conf/extra/httpd-ssl.conf:
SSLSessionCache: ‘shmcb’ session cache not supported (known names: ). Maybe you need to load the appropriate socache module (mod_socache_shmcb?).

vim /usr/local/apache2/conf/httpd.conf
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so

ERORR 2

[proxy_balancer:emerg] [pid 1299] AH01177: Failed to lookup provider ‘shm’ for ‘slotmem’: is mod_slotmem_shm loaded??

vim /usr/local/apache2/conf/httpd.conf
LoadModule slotmem_shm_module modules/mod_slotmem_shm.so

jasonpowell42.wordpress.com/2013/04/05/install-apache-2-4-4-on-centos-6-4/

2 thoughts on “Apache 2.4.16 installation with SSL manually on RHEL 7.0/CentOS 7.0

  2. Pingback: Fazal Yehiya » Technical: Apache 2.4.16 installation with SSL manually on RHEL 7.0/CentOS 7.0

Leave a Reply

Your email address will not be published. Required fields are marked *