Changes between Version 1 and Version 2 of ApacheConfig


Ignore:
Timestamp:
05/16/08 13:53:29 (11 years ago)
Author:
joshuadf
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • ApacheConfig

    v1 v2  
     1== Installing ==
     2
     3The base package for the Apache httpd web server is called `httpd`; if you need to compile modules you also need `httpd-devel`. Precompiled modules packages are named for the module, such as `mod_python`. If you want it all, try a command such as
     4{{{
     5yum -y install mod_python mod_perl mod_php mod_ssl httpd httpd-devel
     6}}}
     7
    18== .conf Files ==
    29
    3 In RHEL3 and RHEL4, the main /etc/httpd/conf/httpd.conf automatically includes any files named `*.conf` in the
    4 `/etc/httpd/conf.d/` directory. This makes it easier to install official modules such as PHP, `mod_python`, etc.
     10In Red Hat Enterprise Linux the main `/etc/httpd/conf/httpd.conf` automatically includes any files named `*.conf` in the
     11`/etc/httpd/conf.d/` directory. This makes it easier to install official modules such as PHP, Python, `mod_ssl`, etc.
    512and also separate out custom local configurations. However, you need to be careful to name only full configuration
    6 sections with `.conf`; other files could be named `.off` or `.vhost`.
     13sections with `.conf`; other files could be named anything else such as `.off` or `.vhost`.
    714
    815== SSL ==
    916
    10 By default, RHEL3 and RHEL4 ship Apache with a working SSL configuration file, but a fake `server.crt` certificate for `localhost`.
    11 (In RHEL5, this process should change somewhat to use the new pki tools.) If you're not sure where your certificate came from, you
    12 can view the issuer of with the following command:
     17By default, Red Hat Enterprise Linux ship Apache with a working SSL configuration file, but a fake `localhost.crt` certificate.
     18If you're not sure where your certificate came from, you can view the issuer of with the following command:
    1319{{{
    1420# view
    15 openssl x509 -noout -text -in /etc/httpd/conf/ssl.crt/server.crt -issuer | tail -1
     21openssl x509 -noout -text -in /etc/pki/tls/certs/localhost.crt -issuer | tail -1
    1622/C=--/ST=SomeState/L=SomeCity/O=SomeOrganization/OU=SomeOrganizationalUnit/CN=localhost.localdomain/emailAddress=root@localhost.localdomain
    1723# for a UW cert output should be:
     
    1925}}}
    2026
    21 To get a UW certificate, first generate a key (or use your existing one) and a certificate request:
     27To get a valid certificate, first generate a key (or use your existing one) and a certificate request:
    2228{{{
    23 cd /etc/httpd/conf/ssl.key
    24 openssl genrsa -out server.key 1024
    25 openssl req -new -key server.key -out server.csr
     29cd /etc/pki/tls/private/
     30openssl genrsa -out localhost.key 1024
     31openssl req -new -key localhost.key -out localhost.csr
    2632}}}
    27 Then go to http://certs.cac.washington.edu/ and upload the certificate request. When you get notice that
    28 the certificate is ready, save it to `server.crt`:
     33Then go to the certificate provider (for UW http://certs.cac.washington.edu/ ) and upload the certificate request. When you get notice that
     34the certificate is ready, save it to `localhost.crt`:
    2935{{{
    30 cd /etc/httpd/conf/ssl.crt
    31 mv server.crt server.crt.oldyear
    32 cat > server.crt <<EOF
     36cd /etc/pki/tls/certs/
     37mv localhost.crt localhost.crt.oldyear
     38cat > localhost.crt <<EOF
    3339[paste here]
    3440EOF
     
    5056
    5157  SSLEngine on
    52   SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt
    53   SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key
     58  SSLCertificateFile /etc/pki/tls/certs/localhost.crt
     59  SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
    5460  <Files ~ "\.(cgi|shtml)$">
    5561  SSLOptions +StdEnvVars