Install Apache 2.4.4 on CentOS 6.4

CentOS’s package installed version of apache is out of date. We will compile our own from source.

First, install the required packages.

# yum groupinstall "Development Tools"
# yum install openssl-devel
# yum install pcre-devel

Download Apache

Download Apache from httpd.apache.org. The current stable release is 2.4.4.

Once you get the direct URL to download the latest stable version of Apache, use wget as shown below to download it directly to your server.

cd /usr/src
wget http://apache.mirrors.tds.net//httpd/httpd-2.4.4.tar.gz
tar zxvf httpd-2.4.4.tar.gz

Download APR and APR-Util

Now we have to download APR and APR-Util because CentOS’s versions aren’t compatible with the latest version of apache. Visit http://apr.apache.org/download.cgi to get the URL for the latest versions, then use wget as shown below.

cd /usr/src
wget http://www.carfab.com/apachesoftware//apr/apr-1.4.6.tar.gz
wget http://www.carfab.com/apachesoftware//apr/apr-util-1.5.2.tar.gz
tar zxvf apr-1.4.6.tar.gz
tar zxvf apr-util-1.5.2.tar.gz

Now we want to put the apr and apr-util we downloaded into our apache source files.

mv apr-1.4.6 /usr/src/httpd-2.4.4/srclib/apr
mv apr-util-1.5.2 /usr/src/httpd-2.4.4/srclib/apr-util

Compile

Sweet, now it’s time to compile. We want to use –enable-ssl –enable-so –with-mpm=prefork –with-included-apr

# cd /usr/src/httpd-2.4.4
# ./configure --enable-so --enable-ssl --with-mpm=prefork --with-included-apr
# make
# make install

Enable SSL in httpd.conf

Apache configuration file httpd.conf is located under /usr/local/apache2/conf.

Uncomment the httpd-ssl.conf Include line and the LoadModule ssl_module line in the /usr/local/apache2/conf/httpd.conf file.

# nano /usr/local/apache2/conf/httpd.conf
LoadModule ssl_module modules/mod_ssl.so
Include conf/extra/httpd-ssl.conf

View the httpd-ssl.conf to review all the default SSL configurations. For most cases, you don’t need to modify anything in this file.

# nano /usr/local/apache2/conf/extra/httpd-ssl.conf

The SSL certificate and key are required before we start the Apache. The server.crt and server.key file mentioned in the httpd-ssl.conf needs to be created before we move forward.

# cd /usr/local/apache2/conf/extra
# egrep 'server.crt|server.key' httpd-ssl.conf
SSLCertificateFile "/usr/local/apache2/conf/server.crt"
SSLCertificateKeyFile "/usr/local/apache2/conf/server.key"

Generate server.crt and server.key file

First, Generate the server.key using openssl.

# cd /usr/src
# openssl genrsa -des3 -out server.key 1024

The above command will ask for the password. Make sure to remember this password. You need this while starting your Apache later.

Next, generate a certificate request file (server.csr) using the above server.key file.

# openssl req -new -key server.key -out server.csr

Finally, generate a self signed ssl certificate (server.crt) using the above server.key and server.csr file.

# openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

Copy the server.key and server.crt file to appropriate Apache configuration directory location.

cp server.key /usr/local/apache2/conf/
cp server.crt /usr/local/apache2/conf/

Start Apache

If you are getting the below error message, make sure to uncomment the line shown below in httpd.conf.

# /usr/local/apache2/bin/apachectl start
AH00526: Syntax error on line 51 of /usr/local/apache2/conf/extra/httpd-ssl.conf:
Invalid command 'SSLCipherSuite', perhaps misspelled or defined by a module not included in the server configuration
# nano /usr/local/apache2/conf/httpd.conf
LoadModule ssl_module modules/mod_ssl.so

If you are getting the below error message, make sure to uncomment the line shown below in httpd.conf.

# /usr/local/apache2/bin/apachectl start
AH00526: Syntax error on line 76 of /usr/local/apache2/conf/extra/httpd-ssl.conf:
SSLSessionCache: 'shmcb' session cache not supported (known names: ). Maybe you need to load the appropriate socache module (mod_socache_shmcb?).
# vi /usr/local/apache2/conf/httpd.conf
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so

Finally, this will prompt you to enter the password for your private key before starting up the apache.

# /usr/local/apache2/bin/apachectl start
Apache/2.4.2 mod_ssl (Pass Phrase Dialog)
Some of your private key files are encrypted for security reasons.
In order to read them you have to provide the pass phrases.
Server www.example.com:443 (RSA)
Enter pass phrase:
OK: Pass Phrase Dialog successful.

Verify that the Apache httpd process is running in the background.

# ps -ef | grep http
root 29529 1 0 13:08 ? 00:00:00 /usr/local/apache2/bin/httpd -k start
daemon 29530 29529 0 13:08 ? 00:00:00 /usr/local/apache2/bin/httpd -k start
daemon 29531 29529 0 13:08 ? 00:00:00 /usr/local/apache2/bin/httpd -k start
daemon 29532 29529 0 13:08 ? 00:00:00 /usr/local/apache2/bin/httpd -k start
root 29616 18260 0 13:09 pts/0 00:00:00 grep http

To stop apache, use apachectl stop.

# /usr/local/apache2/bin/apachectl stop

Use httpd -l to view all the modules that are compiled inside the Apache httpd daemon.

# /usr/local/apache2/bin/httpd -l
Compiled in modules:
 core.c
 mod_so.c
 http_core.c
 event.c

By default Apache SSL runs on 443 port. Open a web browser and verify that you can access your Apache using https://{your-ip-address}

Add apache bin folder to $PATH

Now for the sake of convenience, we’re going to add the directory for apache binaries (apachectl, httpd, etc.) to the $PATH variable so that you don’t have to type /usr/local/apache2/bin/whatever each time.

# echo 'pathmunge /usr/local/apache2/bin' > /etc/profile.d/httpd.sh
# chmod +x /etc/profile.d/httpd.sh

Now, reload the profile by either logging out and back in, or by running:

# . /etc/profile

That will reload the $PATH variable.

Yeah, not too bad at all now that you know what you’re doing.

Advertisements

Shooting at Midnight Release of The Dark Knight Rises

Aurora, CO – Imagine the following scenario. You’re a die-hard Batman fan. You’ve been prepping for the release of The Dark Knight Rises for over a week. You even have tickets to the midnight release. You go to the theater, get your popcorn, and sit down as the movie begins. You’re excited. This is the moment you’ve been waiting for all year. Then, 20 minutes into the movie, some jerk kicks in the emergency exit, throws some tear gas, and starts shooting up the place. Unfortunately, this is not just a scenario. This happened in Aurora, Co this morning at the midnight release of TDKR. 12 people are dead, and many more are injured. The suspect has been identified as James Holmes, 24. According to police, Holmes kicked in one of the emergency exits, threw in some tear gas, and opened fire. One hospital even had to activate their disaster plan because of all the people flooding in. You can read the whole story at 9News.com. My thoughts and prayers go to the victims and their families and friends. This type of thing always makes me sick.

Install PuTTY in Debian 6

What’s that? You want to install PuTTY in Debian 6 so that you can use PuTTY key files to connect to your server? Well sir/madam, you’re in luck! It’s actually easier than you think. Just open up a terminal and type in:

sudo apt-get install putty

That’s it! No compiling, no messing with source code. Awesome!

(Yes, I just found this out today 😛 )

Join Windows 7 to Domain with PowerShell

So I just got an interesting email from my school (I work in IT). Officially, we don’t support Windows 7 32-bit on campus in the sense that we don’t have a supported “campus built image” for it. However, either due to hardware manufacturers not providing 64 bit drivers or some software manufacturers refusing to support 64-bit OSes, we end up with random 32-bit machines that we can’t join to the domain because our automated script only runs on 64-bit Windows. The email was also saying that the computers they joined via the GUI weren’t being placed in the proper OU containers…it’s just a big mess. Anyway, if they would have just come and asked me (yeah right), I would have told them about a simple PowerShell command that will manipulate a computer’s domain membership. Here’s the cmdlet’s syntax.

Add-Computer [-DomainName] <string> [-Credential <PSCredential>] [-OUPath <string>] [-PassThru] [-Server <string>] [-Unsecure][-Confirm] [-WhatIf] [<CommonParameters>]

Add-Computer [-WorkGroupName] <string> [-Credential <PSCredential>] [-PassThru] [-Confirm] [-WhatIf] [<CommonParameters>]

As you can see, there are two modes for the command to run in. The first one joins a workgroup machine to a domain, and the second one joins a domain machine to a workgroup. Let’s go through what each of the parameters does.

-Credential <PSCredential>

Specifies a user account that has permission to perform this action. The default is the current user.

Type a user name, such as “User01” or “Domain01User01”, or enter a PSCredential object, such as one generated by the Get-Credential cmdlet. If you type a user name, you will be prompted for a password.

-DomainName <string>

Specifies a domain for the computer account. This parameter is required.

-OUPath <string>

Specifies an organizational unit (OU) for the domain account. Enter the full distinguished name of the OU in quotation marks. The default value is the default OU for machine objects in the domain.

-PassThru

Returns the results of the command. By default, this cmdlet does not generate any output.

-Server <string>

Specifies the name of a domain controller that adds the computer to the domain. Enter the name in DomainNameComputerName format. The default is the local computer.

-Unsecure

Performs an unsecure join.

-WorkGroupName <string>

Specifies the name of a work group for the computer. If you omit this parameter, the computer is joined to a domain.

-Confirm

Prompts you for confirmation before executing the command.

-WhatIf

Describes what would happen if you executed the command without actually executing the command.

<CommonParameters>

This cmdlet supports the common parameters: Verbose, Debug, ErrorAction, ErrorVariable, OutBuffer, OutVariable, WarningAction, and WarningVariable. For more information, see about_CommonParameters.

As you can see, the only required parameter is the -DomainName parameter. If -DomainName is not specified, then you must specify -WorkGroupName.  Regardless of the case, the -DomainName parameter (or -WorkGroupName) must be defined before any other parameters. Here is an example that would work for my school.

Add-Computer -DomainName jepowell.net -Credential JEPOWELLadmin -OUPath “OU=Win7-x64-Desktop,OU=Windows,OU=Workstations,DC=jepowell,DC=net” -PassThru -Server dc01.jepowell.net -Confirm

Let me know in the comments if you have any questions. I hope this helps!

By: Jason Powell
 
Source: http://technet.microsoft.com/en-us/library/dd347556.aspx
 

Welcome to JEPowell.NET

Hello! Welcome to my website/blog/whatever you want to call it. So yeah, I’m Jason and this is my website. A little bit about me: I’m a Systems Engineering Intern at Maryville Technologies in St. Louis, Mo. My hobbies are pretty much anything to do with technology or cars. I’m also very religious and strong in my beliefs, but I respect the fact that other people may see things differently than I do. All I ask that you do the same for me. 🙂 So yeah, check back soon for more content. Peace!

By: Jason Powell