Install on Windows

1 Installing Apache on Windows

1 Overview
----
This is a fairly trivial operation with one exception; __SSL__. To provide https support, you have to jump though some hoops. Here is how you do it, specific to Apache 2.2.4

# Download Apache __with SSL__
# Generate a Certificate and Signing Request
# Configure Apache for SSL
# Change Logging and Add Additional Modules

1 Process
----
1.1 Step 1: Download and Install Apache

http://www.apache.org/dist/httpd/binaries/win32/

Make sure to download the one that says 'openssl'. This installs a minimal SSL under apache, and the ssl_mod that you don't get with the other distro. You can also get a them all separately, but it's easier to get it from Apache.

Install with the defaults. Realize though,that you will have to edit some files later to accommodate the space in the default location of C:\Program Files\Apache... , but it's usually better to stick with the default locations.

1.1 Step 2: The Certificate and Signing Request

{code:none}
C:
PATH=%PATH%;C:\\\Program Files\\\Apache Software Foundation\\\Apache2.2\\\bin
cd C:\\\Program Files\\\Apache Software Foundation\\\Apache2.2\\\conf
openssl genrsa -out server.key 2048
openssl req -new -config openssl.cnf -key server.key -out server.csr
{code}

This is similar to generating a CSR for shibboleth in the entry [Best Practices/Software/Shibboleth/IIS-SP]. Of importance are that two files ssleay32.dll and libeay32.dll be in your path when you execute the command, and that you specify the openssl config file.

After sending off the certificate request, as in [Best Practices/Software/Tomcat/SSL Certificate], you can generate a temporary one to use while you wait.

{code:none}
openssl x509 -in server.csr -out server.crt -req -signkey server.key -days 365
{code}

__When you get the request back__, simply save as ~~server.crt~~ in the conf directory. (as long as that's what you specified in your conf file)




1.1 Step 3: Configure Apache for SSL

Edit the httpd.conf file (in the C:\\\Program Files\\\Apache Software Foundation\\\Apache2.2\\\conf directory) and uncomment the lines

- LoadModule ssl_module modules/mod_ssl.so
- Include conf/extra/httpd-ssl.conf

__Note:__ The httpd-ssl conf file cannot handle spaces in path names.

If you installed Apache in the default location (under Program Files), you must change the lines in the httpd-ssl.conf file from absolute paths to relative paths or Apache will not start. In other words convert the example below from the top line to the bottom line. If you miss one and Apache doesn't start, the offending line will be noted in the Windows Event Viewer. Do just the ones you are using and ignore the commented out lines

- SSLSessionCache        shmcb:C:/Program Files/Apache Software Foundation/Apache2.2/logs/ssl_scachelogs/ssl_scache(512000)
-- TO
- SSLSessionCache        shmcb:logs/ssl_scache(512000)

Verify that the paths to the server credentials are correct while you are at it. i.e. if you named the server.key file above something else, you need to make sure it's reflected here.


1.1 Step 4: Change Logging and Add Additional Modules as Needed

The default logging has separate logs for secure and non-secure, and logs in the common format in some cases.

Change the format to combined by commenting out the line ~~CustomLog logs/access.log common~~ and commenting in the line ~~CustomLog logs/access.log combined~~ in the httpd.conf file.

Force SSL to be logged the same way by removing the override in the httpd-ssl.conf file. Comment out the ~~TransferLog logs/access_log~~ line at the top, and the ~~CustomLog logs/ssl_request_log...~~ at the bottom.

~~additional content~~

\\


1 Other Useful Tools and Modules
----
The apache lounge, among other places, have other useful modules. They even have a build of Apache with what may be a newer compiler and other benefits over the apache foundation's build.

http://www.apachelounge.com/download/


1.1 Log Rotation Module

A useful module is the apache native log rotation, especially in windows when you don't have access to log rotate d

Original Home: http://www.hexten.net/mod_log_rotate/

This is also available from the apache lounge

I've implemented it similarly to the modern apache conf whereby one uses the include directive and separates the module's directives into it's own .conf

~~add detail~~



Comments