Best Practices - Apache 2.0.47 + SSL + W2K

Hi,

I've posted previously about compile problems with Apache 2.0.47 on W2K.
I've got those issues resolved now, and can compile Apache with SSL
(mod_ssl.so) support.

My question is, do you have any recommendations on "best practices" for
setting up Apache + SSL + W2K + OpenSSL? Here are the steps I'm
considering, but am open to better ideas:

1. Install the Apache pre-built binaries from www.apache.org, namely
apache_2.0.47-win32-x86-no_ssl.exe.
2. Install OpenSSL from either a)
http://gnuwin32.sourceforge.net/packages/openssl.htm or b)
http://www.cygwin.com/. Probably the cygwin version to keep it consistent
with the other tools I'm using (awk, bison, flex, and sed from the cygwin
installation).
3. Download the Apache source code
4. Download the OpenSSL source code and install under
\Apache\src\httpd-2.0.47\srclib\openssl
5. Compile OpenSSL and Apache using the defaults. This will install Apache
as C:\Apache2 and create mod_ssl.so file. openssl.exe will be under
Apache2\bin.
6. Copy Apache2 directories and files from C:\Apache2 to C:\Program
Files\Apache Group\Apache2, which is where the pre-built binary is
installed. But, keep the *.conf files from the original, pre-built binary
install.
7. Delete all openssl files from the Apache directories. They are
redundant - use the cygwin version of OpenSSL.

This may be overkill, or I may be making this too hard. But, even
Apache.org recommends using the pre-built binaries for installation on
Windows, but then fails to create a pre-built binary supporting SSL (for
export reasons I presume). I suppose I can forego the pre-built binaries
for both Apache and OpenSSL, just compile and install Apache/OpenSSL, and
just manually create the Apache service, Program Group links, etc. that the
pre-built binaries create.

Or, is it as simple as just copying mod_ssl.so from C:\Apache2\... to
C:\Program Files\Apache Group\Apache2\...?

Which is the whole purpose of this post :-). If you have any
recommendations for best practice to follow for installing Apache with SSL
support under W2K, please let me know.

Thanks,
Scott

"Scott" <if_you_want_my_email_ask_in_a_post@please.com> wrote in message
news:3f53e91d$0$23592$5a62ac22@freenews.iinet.net. au...
> Or, is it as simple as just copying mod_ssl.so from C:\Apache2\... to
> C:\Program Files\Apache Group\Apache2\...?

Yes, it is this simple, you just copy a couple of files to your normal
install. Apache will load the mod_ssl.so from the modules folder if it is in
your conf files, regardless of how it got there.

I install the binary distribution .msi from apache website. Then I pop my
compiled mod_ssl.so into the apache2\modules folder, and the compiled
openssl.exe, libeay32.dll and ssleay.dll into the apache2\bin folder. All
done.

Btw. I don't know if this is true, but you might find that a native win32
compile might be better performance than a cygwin compile.

Richard.

Hi Richard,

Thanks for the input, I really appreciate it!

I'm compiling Apache (and OpenSSL) using MS Visual Studio/C++ 6.0, but the
Apache makefile calls awk, bison, flex, and sed, which I've installed from
cygwin. I had tried to use the Gnuwin32 versions of these utilities but the
compile was failing on the bison invocation. I'm also using MASM for the
OpenSSL compile.

Let me know if you disagree with this.

BTW, do I even need openssl.exe, libeay32.dll and ssleay.dll in the
apache2\bin folder, since they are already in the cygwin OpenSSL install?
Are these files called during Apache's SSL negotiation, or just when
creating certificates?

Thanks again,
Scott

"Richard Antony Burton" <richardaburton-NOSPAM-@hotmail.com> wrote in
message news:rWW4b.343211$Bf5.43766@news.easynews.com...
>
> "Scott" <if_you_want_my_email_ask_in_a_post@please.com> wrote in message
> news:3f53e91d$0$23592$5a62ac22@freenews.iinet.net. au...
> > Or, is it as simple as just copying mod_ssl.so from C:\Apache2\... to
> > C:\Program Files\Apache Group\Apache2\...?
>
> Yes, it is this simple, you just copy a couple of files to your normal
> install. Apache will load the mod_ssl.so from the modules folder if it is
in
> your conf files, regardless of how it got there.
>
> I install the binary distribution .msi from apache website. Then I pop my
> compiled mod_ssl.so into the apache2\modules folder, and the compiled
> openssl.exe, libeay32.dll and ssleay.dll into the apache2\bin folder. All
> done.
>
> Btw. I don't know if this is true, but you might find that a native win32
> compile might be better performance than a cygwin compile.
>
> Richard.
>
>

"Scott" <if_you_want_my_email_ask_in_a_post@please.com> wrote in message
news:3f545d34$0$23587$5a62ac22@freenews.iinet.net. au...

> I'm compiling Apache (and OpenSSL) using MS Visual Studio/C++ 6.0, but the
> Apache makefile calls awk, bison, flex, and sed, which I've installed from
> cygwin. I had tried to use the Gnuwin32 versions of these utilities but
the
> compile was failing on the bison invocation. I'm also using MASM for the
> OpenSSL compile.

Best way to compile is to not use the makefile. Try this instead, much
easier:

Copy the folders inc32 & out32dll from your compile of OpenSSL to
apache-src/srclib/openssl

Open up the Visual Studio project file (Apache.dsw) in the root of the
source folder (this will open up in the Visual Studio IDE). From the Build
menu select Set Actrive Configuration..., in the dialog choose "mod_ssl -
Win32 Release". Now hit the build button. In a very short time you will have
a shiny new mod_ssl.so file.

> BTW, do I even need openssl.exe, libeay32.dll and ssleay.dll in the
> apache2\bin folder, since they are already in the cygwin OpenSSL install?
> Are these files called during Apache's SSL negotiation, or just when
> creating certificates?

You shouldn't need to put openssl.exe in there. As for the two dlls, you
should be able to put them anywhere in your path to be picked up. They are
needed for mod_ssl to work. Assuming the cygwin version are in your path,
these will probably do the job, but I'd recommend using the pure windows
versions (that you have already compiled yourself anyway), they should have
better optimizations.

Richard.

"Richard Antony Burton" <richardaburton-NOSPAM-@hotmail.com> wrote in
message news:0GZ4b.351415$Bf5.44887@news.easynews.com...
> Assuming the cygwin version are in your path,
> these will probably do the job, but I'd recommend using the pure windows
> versions (that you have already compiled yourself anyway), they should
have
> better optimizations.

Plus of course, using the method above you don't need cygwin for any part of
the apache / openssl / mod_ssl compile, so unless you need it for something
else you can get rid of it completely.

Richard.