httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Plantier, Spencer" <spencer.plant...@stratech.com>
Subject RE: [users@httpd] Apache install
Date Thu, 14 Apr 2005 19:51:43 GMT
In ssl.conf I have:
<VirtualHost _default_:443>

#   General setup for the virtual host
DocumentRoot "/home/www"
ServerName 172.30.16.12:443
ServerAdmin spencer.plantier@stratech.com
ErrorLog /usr/local/apache2/logs/error_log
TransferLog /usr/local/apache2/logs/access_log

#   SSL Engine Switch:
#   Enable/Disable SSL for this virtual host.
SSLEngine on

#   SSL Cipher Suite:
#   List the ciphers that the client is permitted to negotiate.
#   See the mod_ssl documentation for a complete list.
SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

#   Server Certificate:
#   Point SSLCertificateFile at a PEM encoded certificate.  If
#   the certificate is encrypted, then you will be prompted for a
#   pass phrase.  Note that a kill -HUP will prompt again.  Keep
#   in mind that if you have both an RSA and a DSA certificate you
#   can configure both in parallel (to also allow the use of DSA
#   ciphers, etc.)
SSLCertificateFile /home/ssl/localhost.cert
#SSLCertificateFile /usr/local/apache2/conf/ssl.crt/server-dsa.crt

#   Server Private Key:
#   If the key is not combined with the certificate, use this
#   directive to point at the key file.  Keep in mind that if
#   you've both a RSA and a DSA private key you can configure
#   both in parallel (to also allow the use of DSA ciphers, etc.)
SSLCertificateKeyFile //home/ssl/localhost.key.unsecure
#SSLCertificateKeyFile /usr/local/apache2/conf/ssl.key/server-dsa.key

#   Server Certificate Chain:
#   Point SSLCertificateChainFile at a file containing the
#   concatenation of PEM encoded CA certificates which form the
#   certificate chain for the server certificate. Alternatively
#   the referenced file can be the same as SSLCertificateFile
#   when the CA certificates are directly appended to the server
#   certificate for convinience.
#SSLCertificateChainFile /usr/local/apache2/conf/ssl.crt/ca.crt

#   Certificate Authority (CA):
#   Set the CA certificate verification path where to find CA
#   certificates for client authentication or alternatively one
#   huge file containing all of them (file must be PEM encoded)
#   Note: Inside SSLCACertificatePath you need hash symlinks
#         to point to the certificate files. Use the provided
#         Makefile to update the hash symlinks after changes.
#SSLCACertificatePath /usr/local/apache2/conf/ssl.crt
#SSLCACertificateFile /usr/local/apache2/conf/ssl.crt/ca-bundle.crt

#   Certificate Revocation Lists (CRL):
#   Set the CA revocation path where to find CA CRLs for client
#   authentication or alternatively one huge file containing all
#   of them (file must be PEM encoded)
#   Note: Inside SSLCARevocationPath you need hash symlinks
#         to point to the certificate files. Use the provided
#         Makefile to update the hash symlinks after changes.
#SSLCARevocationPath /usr/local/apache2/conf/ssl.crl
#SSLCARevocationFile /usr/local/apache2/conf/ssl.crl/ca-bundle.crl

#   Client Authentication (Type):
#   Client certificate verification type and depth.  Types are
#   none, optional, require and optional_no_ca.  Depth is a
#   number which specifies how deeply to verify the certificate
#   issuer chain before deciding the certificate is not valid.
#SSLVerifyClient require
#SSLVerifyDepth  10

#   Access Control:
#   With SSLRequire you can do per-directory access control based
#   on arbitrary complex boolean expressions containing server
#   variable checks and other lookup directives.  The syntax is a
#   mixture between C and Perl.  See the mod_ssl documentation
#   for more details.
#<Location />
#SSLRequire (    %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
#            and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
#            and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
#            and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
#            and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20       ) \
#           or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
#</Location>

#   SSL Engine Options:
#   Set various options for the SSL engine.
#   o FakeBasicAuth:
#     Translate the client X.509 into a Basic Authorisation.  This means
that
#     the standard Auth/DBMAuth methods can be used for access control.
The
#     user name is the `one line' version of the client's X.509
certificate.
#     Note that no password is obtained from the user. Every entry in
the user
#     file needs this password: `xxj31ZMTZzkVA'.
#   o ExportCertData:
#     This exports two additional environment variables: SSL_CLIENT_CERT
and
#     SSL_SERVER_CERT. These contain the PEM-encoded certificates of the
#     server (always existing) and the client (only existing when client
#     authentication is used). This can be used to import the
certificates
#     into CGI scripts.
#   o StdEnvVars:
#     This exports the standard SSL/TLS related `SSL_*' environment
variables.
#     Per default this exportation is switched off for performance
reasons,
#     because the extraction step is an expensive operation and is
usually
#     useless for serving static content. So one usually enables the
#     exportation for CGI and SSI requests only.
#   o CompatEnvVars:
#     This exports obsolete environment variables for backward
compatibility
#     to Apache-SSL 1.x, mod_ssl 2.0.x, Sioux 1.0 and Stronghold 2.x.
Use this
#     to provide compatibility to existing CGI scripts.
#   o StrictRequire:
#     This denies access when "SSLRequireSSL" or "SSLRequire" applied
even
#     under a "Satisfy any" situation, i.e. when it applies access is
denied
#     and no other module can change it.
#   o OptRenegotiate:
#     This enables optimized SSL connection renegotiation handling when
SSL
#     directives are used in per-directory context. 
#SSLOptions +FakeBasicAuth +ExportCertData +CompatEnvVars +StrictRequire
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
    SSLOptions +StdEnvVars
</Files>
<Directory "/usr/local/apache2/cgi-bin">
    SSLOptions +StdEnvVars
</Directory>

#   SSL Protocol Adjustments:
#   The safe and default but still SSL/TLS standard compliant shutdown
#   approach is that mod_ssl sends the close notify alert but doesn't
wait for
#   the close notify alert from client. When you need a different
shutdown
#   approach you can use one of the following variables:
#   o ssl-unclean-shutdown:
#     This forces an unclean shutdown when the connection is closed,
i.e. no
#     SSL close notify alert is send or allowed to received.  This
violates
#     the SSL/TLS standard but is needed for some brain-dead browsers.
Use
#     this when you receive I/O errors because of the standard approach
where
#     mod_ssl sends the close notify alert.
#   o ssl-accurate-shutdown:
#     This forces an accurate shutdown when the connection is closed,
i.e. a
#     SSL close notify alert is send and mod_ssl waits for the close
notify
#     alert of the client. This is 100% SSL/TLS standard compliant, but
in
#     practice often causes hanging connections with brain-dead
browsers. Use
#     this only for browsers where you know that their SSL
implementation
#     works correctly. 
#   Notice: Most problems of broken clients are also related to the HTTP
#   keep-alive facility, so you usually additionally want to disable
#   keep-alive for those clients, too. Use variable "nokeepalive" for
this.
#   Similarly, one has to force some clients to use HTTP/1.0 to
workaround
#   their broken HTTP/1.1 implementation. Use variables "downgrade-1.0"
and
#   "force-response-1.0" for this.
SetEnvIf User-Agent ".*MSIE.*" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0

#   Per-Server Logging:
#   The home of a custom SSL log file. Use this when you want a
#   compact non-error SSL logfile on a virtual host basis.
CustomLog /usr/local/apache2/logs/ssl_request_log \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

</VirtualHost>                   
 



And in my httpd.conf I have:

### Section 3: Virtual Hosts
#
# VirtualHost: If you want to maintain multiple domains/hostnames on
your
# machine you can setup VirtualHost containers for them. Most
configurations
# use only name-based virtual hosts so the server doesn't need to worry
about
# IP addresses. This is indicated by the asterisks in the directives
below.
#
# Please see the documentation at
# <URL:http://httpd.apache.org/docs-2.0/vhosts/>
# for further details before you try to setup virtual hosts.
#
# You may use the command line option '-S' to verify your virtual host
# configuration.

#
# Use name-based virtual hosting.
#
#NameVirtualHost *:80

#
# VirtualHost example:
# Almost any Apache directive may go into a VirtualHost container.
# The first VirtualHost section is used for requests without a known
# server name.
#
#<VirtualHost *:443>
#    ServerAdmin spencer.plantier@stratech.com
#    DocumentRoot /home/www/spencer.plantier@stratech.com
#    ServerName 172.30.16.12:443
#    ErrorLog logs/dummy-host.example.com-error_log
#    CustomLog logs/dummy-host.example.com-access_log common
#</VirtualHost>

And I changed the listen to listen 443 on httpd.conf and I get this
error:

# ./apachectl startssl
(125)Address already in use: make_sock: could not bind to address
[::]:443
no listening sockets available, shutting down
Unable to open logs

I have to be close. 

Thanks,
 
 
Spencer

-----Original Message-----
From: Craig Dunigan [mailto:cdunigan@doit.wisc.edu] 
Sent: Thursday, April 14, 2005 3:06 PM
To: users@httpd.apache.org
Subject: RE: [users@httpd] Apache install

So now you have static modules.  Just note, this is a matter of choice,
you can go with either static or dynamic.  In the future, it would be
easier to help if you mentioned things like a completely new set of
configure options in Apache.  Obviously, you can remove all of the
LoadModule statements for this list of modules.  

If you're getting 'connection refused' from the https URL, then you
don't have port 443 open.  That's the default port for HTTPS, and
somewhere in Apache's config you'll have to tell it to open that port.
This is commonly done with a VirtualHost; the httpd.conf that Apache
created for you with this set of configure options should include an
example.


On Thu, 14 Apr 2005, Plantier, Spencer wrote:

>  I reinstalled openssl and apache. When I do a httpd -l, I get:
> 
> core.c
>   mod_access.c
>   mod_auth.c
>   mod_auth_digest.c
>   mod_include.c
>   mod_deflate.c
>   mod_log_config.c
>   mod_env.c
>   mod_headers.c
>   mod_setenvif.c
>   mod_ssl.c
>   prefork.c
>   http_core.c
>   mod_mime.c
>   mod_status.c
>   mod_autoindex.c
>   mod_asis.c
>   mod_cgi.c
>   mod_negotiation.c
>   mod_dir.c
>   mod_imap.c
>   mod_actions.c
>   mod_userdir.c
>   mod_alias.c
>   mod_rewrite.c
>   mod_so.c
> 
> Is this any better. 
> 
> 
> Thanks,
>  
>  
> Spencer
> 
> -----Original Message-----
> From: Craig Dunigan [mailto:cdunigan@doit.wisc.edu]
> Sent: Thursday, April 14, 2005 12:05 PM
> To: users@httpd.apache.org
> Subject: RE: [users@httpd] Apache install
> 
> Um, you didn't delete _both_ of them, did you?  That puts you back 
> where you started....
> 
> On Thu, 14 Apr 2005, Plantier, Spencer wrote:
> 
> > I deleted the modules in the httpd.conf. There are no more errors 
> > but now when go to open the page https://172.30.16.12 it says 
> > connection refused.
> > 
> > 
> > Thanks,
> >  
> >  
> > Spencer
> > 
> > -----Original Message-----
> > From: Craig Dunigan [mailto:cdunigan@doit.wisc.edu]
> > Sent: Thursday, April 14, 2005 11:20 AM
> > To: users@httpd.apache.org
> > Subject: RE: [users@httpd] Apache install
> > 
> > Or did you leave _both_ LoadModule statements in the conf file?!
> > 
> > On Thu, 14 Apr 2005, Craig Dunigan wrote:
> > 
> > > Hmm.  I could have sworn mod_ssl is a DSO by default.  Of course, 
> > > you can just remove the LoadModule line, like Rambo said, and see 
> > > what
> > happens.
> > > But this isn't what I would have expected.  Are you sure you 
> > > didn't change the ./configure options, or do the two compiles 
> > > under different
> > 
> > > environments, or something like that?  Does 'httpd -l' now show 
> > > you that you have a static mod_ssl?
> > > 
> > > On Thu, 14 Apr 2005, Plantier, Spencer wrote:
> > > 
> > > >  I have recompiled openssl and apache and now I get the 
> > > > following
> > error:
> > > > Syntax error on line 231 of /usr/local/apache2/conf/httpd.conf:
> > > > module ssl_module is built-in and can't be loaded #
> > > > 
> > > > 
> > > > 
> > > > Thanks,
> > > >  
> > > >  
> > > > Spencer
> > > > 
> > > > -----Original Message-----
> > > > From: Craig Dunigan [mailto:cdunigan@doit.wisc.edu]
> > > > Sent: Wednesday, April 13, 2005 6:37 PM
> > > > To: users@httpd.apache.org
> > > > Subject: Re: [users@httpd] Apache install
> > > > 
> > > > I've never found it necessary to use -fPIC, and I've built 
> > > > OpenSSL
> > on
> > > > several Solaris boxes.  Again, I'm no Solaris expert, and you 
> > > > may
> > have a
> > > > really good reason for wanting to use that.  But, in my 
> > > > experience, configure handles what compiler options to use 
> > > > without
> 
> > > > needing much input from me.  Then again, I use only GNU tools 
> > > > for this.  Solaris tools may vary substantially, I couldn't say.
> > > > 
> > > > With GNU make, './config; make; make install' has always been
> > sufficient
> > > > to give me an OpenSSL with shared libraries in /usr/local/lib on

> > > > Solaris, that Apache can use quite nicely when building mod_ssl.
> > > > 
> > > > On Wed, 13 Apr 2005, Plantier, Spencer wrote:
> > > > 
> > > > > So I compile openssl with just fPIC right Spencer
> > > > > Plantier------------------------- Sent from my BlackBerry 
> > > > > Wireless
> > 
> > > > > Handheld
> > > > > 
> > > > > 
> > > > > -----Original Message-----
> > > > > From: Craig Dunigan <cdunigan@doit.wisc.edu>
> > > > > To: users@httpd.apache.org <users@httpd.apache.org>
> > > > > Sent: Wed Apr 13 18:00:30 2005
> > > > > Subject: RE: [users@httpd] Apache install
> > > > > 
> > > > > No!  Leave it exactly as it was.  What you are doing with 
> > > > > those
> > lines
> > > > > is telling Apache to build mod_ssl (--enable-ssl), and where 
> > > > > to
> > find
> > > > > the ssl libraries it should use when building mod_ssl
> > > > (--with-ssl=/usr/local).
> > > > > By doing 'make install' with OpenSSL, you create those ssl
> > libraries,
> > > > > then you tell Apache to use them for mod_ssl.
> > > > > 
> > > > > I think you may have had some bad instructions the first time 
> > > > > when
> > you
> > > > 
> > > > > used 'make build-shared'.  It sounded kind of strange to me, 
> > > > > but
> > hey,
> > > > > I don't know everything, you may have had a really good reason

> > > > > for
> > 
> > > > > doing it that way.  The way I described above is a pretty 
> > > > > standard
> > 
> > > > > method for doing this.
> > > > > 
> > > > > On Wed, 13 Apr 2005, Plantier, Spencer wrote:
> > > > > 
> > > > > >  So do I take out these two lines when I build apache?
> > > > > > --enable-ssl \
> > > > > > >    --with-ssl=/usr/local \
> > > > > > 
> > > > > > 
> > > > > > Thanks
> > > > > > 
> > > > > > -----Original Message-----
> > > > > > From: Craig Dunigan [mailto:cdunigan@doit.wisc.edu]
> > > > > > Sent: Wednesday, April 13, 2005 5:49 PM
> > > > > > To: users@httpd.apache.org
> > > > > > Subject: RE: [users@httpd] Apache install
> > > > > > 
> > > > > > Did you have a special reason for building OpenSSL with 
> > > > > > 'make build-shared' (I assumed you did)?  As far as I can 
> > > > > > tell, that
> > seems
> > > > 
> > > > > > to be the root of the problem.  If you don't have a reason, 
> > > > > > then
> > I'd
> > > > 
> > > > > > suggest going back to the OpenSSL source, doing 'make' and 
> > > > > > 'make
> > 
> > > > > > install,' (the default configure options will put the libs 
> > > > > > in /usr/local/lib for you, with the appropriate linking) 
> > > > > > then recompiling Apache with the same configure options.  
> > > > > > Then again,
> > I
> > > > > > really don't understand the purpose of 'build-shared' and 
> > > > > > moving
> > the
> > > > 
> > > > > > resulting so files, so I may be missing something.
> > > > > > 
> > > > > > On Wed, 13 Apr 2005, Plantier, Spencer wrote:
> > > > > > 
> > > > > > >  /configure \
> > > > > > >    --prefix=/usr/local/apache2 \
> > > > > > >    --enable-so \
> > > > > > >    --enable-auth-digest \
> > > > > > >    --enable-rewrite \
> > > > > > >    --enable-setenvif \
> > > > > > >    --enable-mime \
> > > > > > >    --enable-deflate \
> > > > > > >    --enable-ssl \
> > > > > > >    --with-ssl=/usr/local \
> > > > > > >    --enable-headers
> > > > > > > 
> > > > > > > -----Original Message-----
> > > > > > > From: Craig Dunigan [mailto:cdunigan@doit.wisc.edu]
> > > > > > > Sent: Wednesday, April 13, 2005 4:42 PM
> > > > > > > To: users@httpd.apache.org
> > > > > > > Subject: RE: [users@httpd] Apache install
> > > > > > > 
> > > > > > > In the meantime, I did a little looking myself.  There is 
> > > > > > > an
> 
> > > > > > > equivalent, but it's entirely inappropriate in this case, 
> > > > > > > and
> > so
> > > > > > > dangerous to the entire system that I won't even tell you 
> > > > > > > it's
> > 
> > > > > > > name here, lest you be tempted.  You really should work 
> > > > > > > out
> > what
> > > > > > > went wrong
> > > > > > 
> > > > > > > with the build(s), instead.  On with that, then.  What 
> > > > > > > were
> > the
> > > > > > > configure options for the Apache build?
> > > > > > > 
> > > > > > > On Wed, 13 Apr 2005, Plantier, Spencer wrote:
> > > > > > > 
> > > > > > > >  I don't find ldconfig on my solaris 9 box. 
> > > > > > > > 
> > > > > > > > -----Original Message-----
> > > > > > > > From: Craig Dunigan [mailto:cdunigan@doit.wisc.edu]
> > > > > > > > Sent: Wednesday, April 13, 2005 12:12 PM
> > > > > > > > To: users@httpd.apache.org
> > > > > > > > Subject: RE: [users@httpd] Apache install
> > > > > > > > 
> > > > > > > > "man ldconfig" ?  ;-)
> > > > > > > > 
> > > > > > > > Seriously, I couldn't help you there; I'm a Linux guy
> only.
> > 
> > > > > > > > Maybe someone else can direct you, or even tell you for 
> > > > > > > > sure
> > 
> > > > > > > > whether I'm on the right track with Solaris.  I can't 
> > > > > > > > even
> 
> > > > > > > > _find_ ldconfig on my
> > > > > > 
> > > > > > > > Solaris hosts, and I'm not sure what the Solaris 
> > > > > > > > equivalent would
> > > > > > be.
> > > > > > > > But I do know that you need to run it on Linux if you're
> > moving
> > > > > > > > shared
> > > > > > > 
> > > > > > > > objects around like that, and I assume the situation is
> > similar
> > > > > > > > for other Unix systems.
> > > > > > > > 
> > > > > > > > On Wed, 13 Apr 2005, Plantier, Spencer wrote:
> > > > > > > > 
> > > > > > > > >  
> > > > > > > > > I am running Solaris 9. I tried running ldconfig but
> > couldn't
> > > > > > > > > figure
> > > > > > > 
> > > > > > > > > out how to get it to work.
> > > > > > > > > -----Original Message-----
> > > > > > > > > From: Craig Dunigan [mailto:cdunigan@doit.wisc.edu]
> > > > > > > > > Sent: Tuesday, April 12, 2005 3:42 PM
> > > > > > > > > To: users@httpd.apache.org
> > > > > > > > > Subject: RE: [users@httpd] Apache install
> > > > > > > > > 
> > > > > > > > > Now that we know your config is more or less correct, 
> > > > > > > > > we'd
> > 
> > > > > > > > > have to
> > > > > > 
> > > > > > > > > turn to how things were built.
> > > > > > > > > 
> > > > > > > > > What OS is this?  Did you run the appropriate link
> > configuring
> > > > 
> > > > > > > > > program
> > > > > > > > 
> > > > > > > > > (ldconfig, probably) after moving the .so files to
> > > > /usr/local/lib?
> > > > > > 
> > > > > > > > > Can you show us the configure options for your Apache
> > build?
> > > > > > > > > 
> > > > > > > > > By the way, you don't need to have two LoadModule 
> > > > > > > > > lines
> > for
> > > > > > > > mod_ssl.so.
> > > > > > > > > 
> > > > > > > > > I suggested changing the example line as the simplest
> > method
> > > > > > > > > to get the right configuration, but since you've 
> > > > > > > > > obviously
> > 
> > > > > > > > > found some
> > > > > > 
> > > > > > > > > good example configs, it's really no longer necessary.
> > > > > > > > > 
> > > > > > > > > On Tue, 12 Apr 2005, Plantier, Spencer wrote:
> > > > > > > > > 
> > > > > > > > > > Here is what my DSO looks like now: 
> > > > > > > > > > 
> > > > > > > > > > #
> > > > > > > > > > # Dynamic Shared Object (DSO) Support # # To be able

> > > > > > > > > > to
> > use
> > > > > > > > > > the functionality of a module which was built as a
> > > > > > > > > 
> > > > > > > > > > DSO you # have to place corresponding `LoadModule' 
> > > > > > > > > > lines
> > at
> > > > > > > > > > this
> > > > > > 
> > > > > > > > > > location so the # directives contained in it are
> > actually
> > > > > > > > > > available _before_ they are used.
> > > > > > > > > > # Statically compiled modules (those listed by 
> > > > > > > > > > `httpd
> > -l')
> > > > > > > > > > do not need
> > > > > > > > > 
> > > > > > > > > > # to be loaded here.
> > > > > > > > > > #
> > > > > > > > > > # Example:
> > > > > > > > > >  LoadModule ssl_module modules/mod_ssl.so # 
> > > > > > > > > > LoadModule
> 
> > > > > > > > > > access_module
> > > > > > > > 
> > > > > > > > > > modules/mod_access.so LoadModule auth_module 
> > > > > > > > > > modules/mod_auth.so
> > > > > > 
> > > > > > > > > > LoadModule auth_anon_module modules/mod_auth_anon.so

> > > > > > > > > > LoadModule auth_dbm_module modules/mod_auth_dbm.so 
> > > > > > > > > > LoadModule auth_digest_module 
> > > > > > > > > > modules/mod_auth_digest.so
> > 
> > > > > > > > > > LoadModule ext_filter_module 
> > > > > > > > > > modules/mod_ext_filter.so
> 
> > > > > > > > > > LoadModule include_module modules/mod_include.so
> > LoadModule
> > > > > > > > > > log_config_module
> > > > > > > 
> > > > > > > > > > modules/mod_log_config.so LoadModule 
> > > > > > > > > > log_forensic_module
> > 
> > > > > > > > > > modules/mod_log_forensic.so LoadModule env_module 
> > > > > > > > > > modules/mod_env.so
> > > > > > > > 
> > > > > > > > > > LoadModule mime_magic_module 
> > > > > > > > > > modules/mod_mime_magic.so
> 
> > > > > > > > > > LoadModule cern_meta_module modules/mod_cern_meta.so

> > > > > > > > > > LoadModule expires_module modules/mod_expires.so
> > LoadModule
> > > > > > > > > > headers_module modules/mod_headers.so LoadModule 
> > > > > > > > > > usertrack_module modules/mod_usertrack.so LoadModule

> > > > > > > > > > unique_id_module modules/mod_unique_id.so LoadModule

> > > > > > > > > > setenvif_module modules/mod_setenvif.so <IfDefine 
> > > > > > > > > > SSL>
> 
> > > > > > > > > > LoadModule ssl_module modules/mod_ssl.so </IfDefine>

> > > > > > > > > > LoadModule mime_module modules/mod_mime.so 
> > > > > > > > > > LoadModule dav_module modules/mod_dav.so LoadModule 
> > > > > > > > > > status_module
> 
> > > > > > > > > > modules/mod_status.so LoadModule autoindex_module 
> > > > > > > > > > modules/mod_autoindex.so LoadModule asis_module
> > > > > > 
> > > > > > > > > > modules/mod_asis.so LoadModule info_module 
> > > > > > > > > > modules/mod_info.so LoadModule cgi_module
> > modules/mod_cgi.so
> > > > 
> > > > > > > > > > LoadModule dav_fs_module modules/mod_dav_fs.so
> > LoadModule
> > > > > > > > > > vhost_alias_module modules/mod_vhost_alias.so 
> > > > > > > > > > LoadModule
> > 
> > > > > > > > > > negotiation_module modules/mod_negotiation.so 
> > > > > > > > > > LoadModule
> > 
> > > > > > > > > > dir_module modules/mod_dir.so LoadModule imap_module

> > > > > > > > > > modules/mod_imap.so LoadModule actions_module
> > > > > > > > 
> > > > > > > > > > modules/mod_actions.so LoadModule speling_module 
> > > > > > > > > > modules/mod_speling.so LoadModule userdir_module 
> > > > > > > > > > modules/mod_userdir.so LoadModule alias_module 
> > > > > > > > > > modules/mod_alias.so LoadModule rewrite_module
> > > > > > > modules/mod_rewrite.so
> > > > > > > > > > LoadModule php5_module        modules/libphp5.so
> > > > > > > > > > 
> > > > > > > > > > And my httpd -l shows:
> > > > > > > > > > 
> > > > > > > > > > Compiled in modules:
> > > > > > > > > >   core.c
> > > > > > > > > >   prefork.c
> > > > > > > > > >   http_core.c
> > > > > > > > > >   mod_so.c
> > > > > > > > > > 
> > > > > > > > > > I still get the same error:
> > > > > > > > > > 
> > > > > > > > > > Syntax error on line 231 of
> > > > /usr/local/apache2/conf/httpd.conf:
> > > > > > > > > > Cannot load /usr/local/apache2/modules/mod_ssl.so 
> > > > > > > > > > into
> > > > server:
> > > > > > > > > ld.so.1:
> > > > > > > > > > /usr/local/apache2/bin/httpd: fatal: relocation
error:
> > file
> > > > > > > > > > /usr/local/apache2/modules/mod_ssl.so: symbol
> > > > X509_INFO_free: 
> > > > > > > > > > referenced symbol not found
> > > > > > > > > > 
> > > > > > > > > > Any help would be appreciated. 
> > > > > > > > > > 
> > > > > > > > > > Thanks. 
> > > > > > > > > > 
> > > > > > > > > > -----Original Message-----
> > > > > > > > > > From: Craig Dunigan [mailto:cdunigan@doit.wisc.edu]
> > > > > > > > > > Sent: Friday, April 08, 2005 2:47 PM
> > > > > > > > > > To: users@httpd.apache.org
> > > > > > > > > > Subject: RE: [users@httpd] Apache install
> > > > > > > > > > 
> > > > > > > > > > So, as the instructions say, anything that doesn't 
> > > > > > > > > > show
> > up
> > > > > > > > > > in 'httpd
> > > > > > > > > -l'
> > > > > > > > > > 
> > > > > > > > > > has to be loaded in httpd.conf with a LoadModule
> > statement.
> > > > 
> > > > > > > > > > Replace
> > > > > > > > 
> > > > > > > > > > 'foo'
> > > > > > > > > > with 'ssl' in the example line, uncomment it, and 
> > > > > > > > > > try
> > again.
> > > > > > > > > > 
> > > > > > > > > > On Fri, 8 Apr 2005, Plantier, Spencer wrote:
> > > > > > > > > > 
> > > > > > > > > > >  httpd -l shows:
> > > > > > > > > > > # ./httpd -l
> > > > > > > > > > > Compiled in modules:
> > > > > > > > > > >   core.c
> > > > > > > > > > >   prefork.c
> > > > > > > > > > >   http_core.c
> > > > > > > > > > >   mod_so.c
> > > > > > > > > > > 
> > > > > > > > > > > 
> > > > > > > > > > > -----Original Message-----
> > > > > > > > > > > From: Craig Dunigan 
> > > > > > > > > > > [mailto:cdunigan@doit.wisc.edu]
> > > > > > > > > > > Sent: Friday, April 08, 2005 2:25 PM
> > > > > > > > > > > To: users@httpd.apache.org
> > > > > > > > > > > Subject: RE: [users@httpd] Apache install
> > > > > > > > > > > 
> > > > > > > > > > > And what does 'httpd -l' show you?
> > > > > > > > > > > 
> > > > > > > > > > > On Fri, 8 Apr 2005, Plantier, Spencer wrote:
> > > > > > > > > > > 
> > > > > > > > > > > >  
> > > > > > > > > > > > This is what is shows when I do a search on DSO:
> > > > > > > > > > > > #
> > > > > > > > > > > > # Dynamic Shared Object (DSO) Support # # To be 
> > > > > > > > > > > > able
> > to
> > > > > > > > > > > > use the functionality of a module which was 
> > > > > > > > > > > > built as
> > a
> > > > > > > > > > > 
> > > > > > > > > > > > DSO you # have to place corresponding
`LoadModule'
> > lines
> > > > 
> > > > > > > > > > > > at this
> > > > > > > > 
> > > > > > > > > > > > location so the # directives contained in it are

> > > > > > > > > > > > actually available _before_ they are used.
> > > > > > > > > > > > # Statically compiled modules (those listed by
> > `httpd
> > > > > > > > > > > > -l') do not need
> > > > > > > > > > > 
> > > > > > > > > > > > # to be loaded here.
> > > > > > > > > > > > #
> > > > > > > > > > > > # Example:
> > > > > > > > > > > > # LoadModule foo_module modules/mod_foo.so #
> > > > > > > > > > > > 
> > > > > > > > > > > > -----Original Message-----
> > > > > > > > > > > > From: Robert Zagarello [mailto:bzag0@yahoo.com]
> > > > > > > > > > > > Sent: Friday, April 08, 2005 2:18 PM
> > > > > > > > > > > > To: users@httpd.apache.org
> > > > > > > > > > > > Subject: Re: [users@httpd] Apache install
> > > > > > > > > > > > 
> > > > > > > > > > > > 
> > > > > > > > > > > > Do you need to put a LoadModule directive in
> > httpd.conf
> > > > > > > > > > > > for
> > > > > > > ssl?
> > > > > > > > 
> > > > > > > > > > > > Do
> > > > > > > > > > 
> > > > > > > > > > > > a
> > > > > > > > > > > 
> > > > > > > > > > > > search in your httpd.conf for "DSO".  Check if 
> > > > > > > > > > > > your mod_ssl was statically compiled using 
> > > > > > > > > > > > "httpd
> -l"
> > which
> > > > > > > > > > > > lists the statically compiled modules.
> > > > > > > > > > > > 
> > > > > > > > > > > > BZAG
> > > > > > > > > > > > +++++++++++++++++++++++
> > > > > > > > > > > > 
> > > > > > > > > > > > >From Spencer Plantier:
> > > > > > > > > > > > 
> > > > > > > > > > > > I have installed openssl without any errors and 
> > > > > > > > > > > > php without any
> > > > > > > > > > > errors.
> > > > > > > > > > > > Could someone help me troubleshoot this error. I

> > > > > > > > > > > > am
> > new
> > > > > > > > > > > > to apache and am starting to hit deadlines on 
> > > > > > > > > > > > trying
> > to
> > > > > > > > > > > > get apache up and
> > > > > > > > > > running.
> > > > > > > > > > > > Any help would be greatly appreciated.
> > > > > > > > > > > > 
> > > > > > > > > > > > This is how I built openssl:
> > > > > > > > > > > > 
> > > > > > > > > > > > ../config
> > > > > > > > > > > > make
> > > > > > > > > > > > make build-shared mv libssl.so* /usr/local/lib 
> > > > > > > > > > > > mv libcrypto.so* /usr/local/lib
> > > > > > > > > > > > 
> > > > > > > > > > > > 
> > > > > > > > > > > > Syntax error on line 251 of
> > > > > > > > > > > > /usr/local/apache2/conf/httpd.conf:
> > > > > > > > > > > > Cannot load 
> > > > > > > > > > > > /usr/local/apache2/modules/mod_ssl.so
> > into
> > > > > > > > > > > > server: ld.so.1:
> > > > > > > > > > > > /usr/local/apache2/bin/httpd: fatal: relocation
> > error:
> > > > > > > > > > > > file
> > > > > > > > > > > > /usr/local/apache2/modules/mod_ssl.so: symbol
> > > > > > > > > > > > X509_INFO_free: 
> > > > > > > > > > > > referenced
> > > > > > > > > > > > symbol not found #
> > > > > > > > > 
> > > > > > > > > 
> > > > > > > > >
> > --------------------------------------------------------------
> > > > > > > > > ----
> > > > > > > > > --
> > > > > > > > > - The official User-To-User support forum of the 
> > > > > > > > > Apache
> > HTTP
> > > > > > > > > Server Project.
> > > > > > > > > See <URL:http://httpd.apache.org/userslist.html> for 
> > > > > > > > > more
> > > > info.
> > > > > > > > > To unsubscribe, e-mail:
> users-unsubscribe@httpd.apache.org
> > > > > > > > >    "   from the digest:
> > > > users-digest-unsubscribe@httpd.apache.org
> > > > > > > > > For additional commands, e-mail:
> > users-help@httpd.apache.org
> > > > > > > > > 
> > > > > > > > > 
> > > > > > > > >
> > --------------------------------------------------------------
> > > > > > > > > ----
> > > > > > > > > --
> > > > > > > > > - The official User-To-User support forum of the 
> > > > > > > > > Apache
> > HTTP
> > > > > > > > > Server
> > > > > > > > Project.
> > > > > > > > > See <URL:http://httpd.apache.org/userslist.html> for 
> > > > > > > > > more
> > > > info.
> > > > > > > > > To unsubscribe, e-mail:
> users-unsubscribe@httpd.apache.org
> > > > > > > > >    "   from the digest:
> > > > users-digest-unsubscribe@httpd.apache.org
> > > > > > > > > For additional commands, e-mail:
> > users-help@httpd.apache.org
> > > > > > > > > 
> > > > > > > > 
> > > > > > > > --
> > > > > > > > Craig Dunigan
> > > > > > > > IS Technical Services Specialist (I don't know what it
> > means,
> > > > > > > > either) Middleware - Enterprise Info Systems - 
> > > > > > > > Department of
> > 
> > > > > > > > Info Technology University of Wisconsin, Madison
> > > > > > > > 
> > > > > > > > opinions expressed are my own, not the University's
> > > > > > > > 
> > > > > > > > 
> > > > > > > >
> > ----------------------------------------------------------------
> > > > > > > > ----
> > > > > > > > - The official User-To-User support forum of the Apache 
> > > > > > > > HTTP
> > 
> > > > > > > > Server Project.
> > > > > > > > See <URL:http://httpd.apache.org/userslist.html> for 
> > > > > > > > more
> > info.
> > > > > > > > To unsubscribe, e-mail:
users-unsubscribe@httpd.apache.org
> > > > > > > >    "   from the digest:
> > > > users-digest-unsubscribe@httpd.apache.org
> > > > > > > > For additional commands, e-mail: 
> > > > > > > > users-help@httpd.apache.org
> > > > > > > > 
> > > > > > > > 
> > > > > > > >
> > ----------------------------------------------------------------
> > > > > > > > ----
> > > > > > > > - The official User-To-User support forum of the Apache 
> > > > > > > > HTTP
> > 
> > > > > > > > Server
> > > > > > > Project.
> > > > > > > > See <URL:http://httpd.apache.org/userslist.html> for 
> > > > > > > > more
> > info.
> > > > > > > > To unsubscribe, e-mail:
users-unsubscribe@httpd.apache.org
> > > > > > > >    "   from the digest:
> > > > users-digest-unsubscribe@httpd.apache.org
> > > > > > > > For additional commands, e-mail: 
> > > > > > > > users-help@httpd.apache.org
> > > > > > > > 
> > > > > > > 
> > > > > > > --
> > > > > > > Craig Dunigan
> > > > > > > IS Technical Services Specialist (I don't know what it 
> > > > > > > means,
> > > > > > > either) Middleware - Enterprise Info Systems - Department 
> > > > > > > of
> > Info
> > > > > > > Technology University of Wisconsin, Madison
> > > > > > > 
> > > > > > > opinions expressed are my own, not the University's
> > > > > > > 
> > > > > > > 
> > > > > > >
> > ------------------------------------------------------------------
> > > > > > > --- The official User-To-User support forum of the Apache 
> > > > > > > HTTP
> > 
> > > > > > > Server Project.
> > > > > > > See <URL:http://httpd.apache.org/userslist.html> for more
> > info.
> > > > > > > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> > > > > > >    "   from the digest:
> > users-digest-unsubscribe@httpd.apache.org
> > > > > > > For additional commands, e-mail: 
> > > > > > > users-help@httpd.apache.org
> > > > > > > 
> > > > > > > 
> > > > > > >
> > ------------------------------------------------------------------
> > > > > > > --- The official User-To-User support forum of the Apache 
> > > > > > > HTTP
> > 
> > > > > > > Server
> > > > > > Project.
> > > > > > > See <URL:http://httpd.apache.org/userslist.html> for more
> > info.
> > > > > > > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> > > > > > >    "   from the digest:
> > users-digest-unsubscribe@httpd.apache.org
> > > > > > > For additional commands, e-mail: 
> > > > > > > users-help@httpd.apache.org
> > > > > > > 
> > > > > > 
> > > > > > --
> > > > > > Craig Dunigan
> > > > > > IS Technical Services Specialist (I don't know what it 
> > > > > > means,
> > > > > > either) Middleware - Enterprise Info Systems - Department of
> > Info
> > > > > > Technology University of Wisconsin, Madison
> > > > > > 
> > > > > > opinions expressed are my own, not the University's
> > > > > > 
> > > > > > 
> > > > > >
> > --------------------------------------------------------------------
> > > > > > - The official User-To-User support forum of the Apache HTTP
> > Server
> > > > > > Project.
> > > > > > See <URL:http://httpd.apache.org/userslist.html> for more
> info.
> > > > > > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> > > > > >    "   from the digest:
> > users-digest-unsubscribe@httpd.apache.org
> > > > > > For additional commands, e-mail: users-help@httpd.apache.org
> > > > > > 
> > > > > > 
> > > > > >
> > --------------------------------------------------------------------
> > > > > > - The official User-To-User support forum of the Apache HTTP
> > Server
> > > > > > Project.
> > > > > > See <URL:http://httpd.apache.org/userslist.html> for more
> info.
> > > > > > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> > > > > >    "   from the digest:
> > users-digest-unsubscribe@httpd.apache.org
> > > > > > For additional commands, e-mail: users-help@httpd.apache.org
> > > > > > 
> > > > > 
> > > > > 
> > > > 
> > > > --
> > > > Craig Dunigan
> > > > IS Technical Services Specialist (I don't know what it means,
> > either)
> > > > Middleware - Enterprise Info Systems - Department of Info 
> > > > Technology University of Wisconsin, Madison
> > > > 
> > > > opinions expressed are my own, not the University's
> > > > 
> > > > 
> > > >
> > --------------------------------------------------------------------
> > -
> > > > The official User-To-User support forum of the Apache HTTP 
> > > > Server Project.
> > > > See <URL:http://httpd.apache.org/userslist.html> for more info.
> > > > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> > > >    "   from the digest:
users-digest-unsubscribe@httpd.apache.org
> > > > For additional commands, e-mail: users-help@httpd.apache.org
> > > > 
> > > > 
> > > >
> > --------------------------------------------------------------------
> > -
> > > > The official User-To-User support forum of the Apache HTTP 
> > > > Server
> > Project.
> > > > See <URL:http://httpd.apache.org/userslist.html> for more info.
> > > > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> > > >    "   from the digest:
users-digest-unsubscribe@httpd.apache.org
> > > > For additional commands, e-mail: users-help@httpd.apache.org
> > > > 
> > > 
> > > 
> > 
> > 
> 
> --
> Craig Dunigan
> IS Technical Services Specialist (I don't know what it means, either) 
> Middleware - Enterprise Info Systems - Department of Info Technology 
> University of Wisconsin, Madison
> 
> opinions expressed are my own, not the University's
> 
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server 
> Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
> 
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server
Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
> 

--
Craig Dunigan
IS Technical Services Specialist (I don't know what it means, either)
Middleware - Enterprise Info Systems - Department of Info Technology
University of Wisconsin, Madison

opinions expressed are my own, not the University's


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server
Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message