Install Apache 2.4.4 on CentOS 6.4

CentOS’s package installed version of apache is out of date. We will compile our own from source.

First, install the required packages.

# yum groupinstall "Development Tools"
# yum install openssl-devel
# yum install pcre-devel

Download Apache

Download Apache from httpd.apache.org. The current stable release is 2.4.4.

Once you get the direct URL to download the latest stable version of Apache, use wget as shown below to download it directly to your server.

cd /usr/src
wget http://apache.mirrors.tds.net//httpd/httpd-2.4.4.tar.gz
tar zxvf httpd-2.4.4.tar.gz

Download APR and APR-Util

Now we have to download APR and APR-Util because CentOS’s versions aren’t compatible with the latest version of apache. Visit http://apr.apache.org/download.cgi to get the URL for the latest versions, then use wget as shown below.

cd /usr/src
wget http://www.carfab.com/apachesoftware//apr/apr-1.4.6.tar.gz
wget http://www.carfab.com/apachesoftware//apr/apr-util-1.5.2.tar.gz
tar zxvf apr-1.4.6.tar.gz
tar zxvf apr-util-1.5.2.tar.gz

Now we want to put the apr and apr-util we downloaded into our apache source files.

mv apr-1.4.6 /usr/src/httpd-2.4.4/srclib/apr
mv apr-util-1.5.2 /usr/src/httpd-2.4.4/srclib/apr-util

Compile

Sweet, now it’s time to compile. We want to use –enable-ssl –enable-so –with-mpm=prefork –with-included-apr

# cd /usr/src/httpd-2.4.4
# ./configure --enable-so --enable-ssl --with-mpm=prefork --with-included-apr
# make
# make install

Enable SSL in httpd.conf

Apache configuration file httpd.conf is located under /usr/local/apache2/conf.

Uncomment the httpd-ssl.conf Include line and the LoadModule ssl_module line in the /usr/local/apache2/conf/httpd.conf file.

# nano /usr/local/apache2/conf/httpd.conf
LoadModule ssl_module modules/mod_ssl.so
Include conf/extra/httpd-ssl.conf

View the httpd-ssl.conf to review all the default SSL configurations. For most cases, you don’t need to modify anything in this file.

# nano /usr/local/apache2/conf/extra/httpd-ssl.conf

The SSL certificate and key are required before we start the Apache. The server.crt and server.key file mentioned in the httpd-ssl.conf needs to be created before we move forward.

# cd /usr/local/apache2/conf/extra
# egrep 'server.crt|server.key' httpd-ssl.conf
SSLCertificateFile "/usr/local/apache2/conf/server.crt"
SSLCertificateKeyFile "/usr/local/apache2/conf/server.key"

Generate server.crt and server.key file

First, Generate the server.key using openssl.

# cd /usr/src
# openssl genrsa -des3 -out server.key 1024

The above command will ask for the password. Make sure to remember this password. You need this while starting your Apache later.

Next, generate a certificate request file (server.csr) using the above server.key file.

# openssl req -new -key server.key -out server.csr

Finally, generate a self signed ssl certificate (server.crt) using the above server.key and server.csr file.

# openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

Copy the server.key and server.crt file to appropriate Apache configuration directory location.

cp server.key /usr/local/apache2/conf/
cp server.crt /usr/local/apache2/conf/

Start Apache

If you are getting the below error message, make sure to uncomment the line shown below in httpd.conf.

# /usr/local/apache2/bin/apachectl start
AH00526: Syntax error on line 51 of /usr/local/apache2/conf/extra/httpd-ssl.conf:
Invalid command 'SSLCipherSuite', perhaps misspelled or defined by a module not included in the server configuration
# nano /usr/local/apache2/conf/httpd.conf
LoadModule ssl_module modules/mod_ssl.so

If you are getting the below error message, make sure to uncomment the line shown below in httpd.conf.

# /usr/local/apache2/bin/apachectl start
AH00526: Syntax error on line 76 of /usr/local/apache2/conf/extra/httpd-ssl.conf:
SSLSessionCache: 'shmcb' session cache not supported (known names: ). Maybe you need to load the appropriate socache module (mod_socache_shmcb?).
# vi /usr/local/apache2/conf/httpd.conf
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so

Finally, this will prompt you to enter the password for your private key before starting up the apache.

# /usr/local/apache2/bin/apachectl start
Apache/2.4.2 mod_ssl (Pass Phrase Dialog)
Some of your private key files are encrypted for security reasons.
In order to read them you have to provide the pass phrases.
Server www.example.com:443 (RSA)
Enter pass phrase:
OK: Pass Phrase Dialog successful.

Verify that the Apache httpd process is running in the background.

# ps -ef | grep http
root 29529 1 0 13:08 ? 00:00:00 /usr/local/apache2/bin/httpd -k start
daemon 29530 29529 0 13:08 ? 00:00:00 /usr/local/apache2/bin/httpd -k start
daemon 29531 29529 0 13:08 ? 00:00:00 /usr/local/apache2/bin/httpd -k start
daemon 29532 29529 0 13:08 ? 00:00:00 /usr/local/apache2/bin/httpd -k start
root 29616 18260 0 13:09 pts/0 00:00:00 grep http

To stop apache, use apachectl stop.

# /usr/local/apache2/bin/apachectl stop

Use httpd -l to view all the modules that are compiled inside the Apache httpd daemon.

# /usr/local/apache2/bin/httpd -l
Compiled in modules:
 core.c
 mod_so.c
 http_core.c
 event.c

By default Apache SSL runs on 443 port. Open a web browser and verify that you can access your Apache using https://{your-ip-address}

Add apache bin folder to $PATH

Now for the sake of convenience, we’re going to add the directory for apache binaries (apachectl, httpd, etc.) to the $PATH variable so that you don’t have to type /usr/local/apache2/bin/whatever each time.

# echo 'pathmunge /usr/local/apache2/bin' > /etc/profile.d/httpd.sh
# chmod +x /etc/profile.d/httpd.sh

Now, reload the profile by either logging out and back in, or by running:

# . /etc/profile

That will reload the $PATH variable.

Yeah, not too bad at all now that you know what you’re doing.

Advertisements

9 responses to “Install Apache 2.4.4 on CentOS 6.4

  1. I found mistake in your post. Edit mv apr-1.5.2 /usr/src/httpd-2.4.4/srclib/apr-util to mv apr-util-1.5.2 /usr/src/httpd-2.4.4/srclib/apr-util .

  2. Jason…great work. This saved me a ton of time and helped explain some things. Thank you! Very much appreciated!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s