Download Apache source

$ tar zxvf apache_xxx.tgz

mod_perl

cd ../mod_perl-xxx/
perl Makefile.PL APACHE_SRC=../apache_1.3.xx/src \
    DO_HTTPD=1 USE_APACI=1 EVERYTHING=1
make && make test && make install

mod_ssl

# install newest openssl. download it from www.openssl.org.
$ tar zxvf openssl-0.9.6h.tar.gz
$ cd openssl-0.9.6h && ./config && make && make install

# The SSL module (mod_ssl) resides under the src/modules/ssl/ subdirectory 
# inside the Apache source tree and is a regular Apache module. 
cd ../mod_ssl-xxx
./configure --with-apache=../apache_xxx

Configure Apache

If install mod_ssl

$ SSL_BASE=/path/to/openssl ./configure ... --enable-module=ssl
$ make
$ make certificate TYPE=custom
$ make install

If install mod_perl

$ SSL_BASE=/path/to/openssl ./configure ... --activate-module=src/modules/perl/libperl.a
make
make install

all together

$ cd apache_xxx
$ SSL_BASE=/path/to/openssl ./configure \
        --prefix=/usr/local/apache  \
        --enable-module=so \
        --enable-module=rewrite \
        --enable-module=speling \
        --activate-module=src/modules/perl/libperl.a \
        --enable-module=ssl
$ make
$ make certificate TYPE=custom
$ make install

Screen output after make

+---------------------------------------------------------------------+
| Before you install the package you now should prepare the SSL       |
| certificate system by running the 'make certificate' command.       |
| For different situations the following variants are provided:       |
|                                                                     |
| % make certificate TYPE=dummy    (dummy self-signed Snake Oil cert) |
| % make certificate TYPE=test     (test cert signed by Snake Oil CA) |
| % make certificate TYPE=custom   (custom cert signed by own CA)     |
| % make certificate TYPE=existing (existing cert)                    |
|        CRT=/path/to/your.crt [KEY=/path/to/your.key]                |
|                                                                     |
| Use TYPE=dummy    when you're a  vendor package maintainer,         |
| the TYPE=test     when you're an admin but want to do tests only,   |
| the TYPE=custom   when you're an admin willing to run a real server |
| and TYPE=existing when you're an admin who upgrades a server.       |
| (The default is TYPE=test)                                          |
|                                                                     |
| Additionally add ALGO=RSA (default) or ALGO=DSA to select           |
| the signature algorithm used for the generated certificate.         |
|                                                                     |
| Use 'make certificate VIEW=1' to display the generated data.        |
|                                                                     |
| Thanks for using Apache & mod_ssl.       Ralf S. Engelschall        |
|                                          rse@engelschall.com        |
|                                          www.engelschall.com        |
+---------------------------------------------------------------------+

Screen output after make install

+--------------------------------------------------------+
| You now have successfully built and installed the      |
| Apache 1.3 HTTP server. To verify that Apache actually |
| works correctly you now should first check the         |
| (initially created or preserved) configuration files   |
|                                                        |
|   /usr/local/apache/conf/httpd.conf
|                                                        |
| and then you should be able to immediately fire up     |
| Apache the first time by running:                      |
|                                                        |
|   /usr/local/apache/bin/apachectl start
|                                                        |
| Or when you want to run it with SSL enabled use:       |
|                                                        |
|   /usr/local/apache/bin/apachectl startssl
|                                                        |
| Thanks for using Apache.       The Apache Group        |
|                                http://www.apache.org/  |
+--------------------------------------------------------+

Screen output during cert generate.

$ make certificate TYPE=custom

make[1]: Entering directory `/web/apache/apache_1.3.27/src'
SSL Certificate Generation Utility (mkcert.sh)
Copyright (c) 1998-2000 Ralf S. Engelschall, All Rights Reserved.

Generating custom certificate signed by own CA [CUSTOM]
______________________________________________________________________

STEP 0: Decide the signature algorithm used for certificates
The generated X.509 certificates can contain either
RSA or DSA based ingredients. Select the one you want to use.
Signature Algorithm ((R)SA or (D)SA) [R]:D

WARNING! You're generating DSA based certificate/key pairs.
         This implies that RSA based ciphers won't be available later,
         which for your web server currently still means that mostly all
         popular web browsers cannot connect to it. At least not until
         you also generate an additional RSA based certificate/key pair
         and configure them in parallel.
______________________________________________________________________

STEP 1: Generating DSA private key for CA (1024 bit) [ca.key]
85187 semi-random bytes loaded
Generating DSA parameters, 1024 bit long prime
This could take some time
..........+..+.+.........+......+................................+..................+....+...............+............+....+........+..+.........................+..............+......+.......+..........+..+................+++++++++++++++++++++++++++++++++++++++++++++++++++*
..+........+.......................+...............................+...+......+..........+...........+...+........+..+......................+...........................+.................+.+......+.........+..........+.+...........+.............+.................+......+.........+...+..+....+.......+++++++++++++++++++++++++++++++++++++++++++++++++++*
Generating DSA private key:
85187 semi-random bytes loaded
Generating DSA key, 1024 bits
______________________________________________________________________

STEP 2: Generating X.509 certificate signing request for CA [ca.csr]
Using configuration from .mkcert.cfg
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
1. Country Name             (2 letter code) [XY]:CN
2. State or Province Name   (full name)     [Snake Desert]:Beijing
3. Locality Name            (eg, city)      [Snake Town]:Beijing
4. Organization Name        (eg, company)   [Snake Oil, Ltd]:Office
5. Organizational Unit Name (eg, section)   [Certificate Authority]:Office
6. Common Name              (eg, CA name)   [Snake Oil CA]:
7. Email Address            (eg, name@FQDN) [ca@snakeoil.dom]:jiangxin@foo.bar
8. Certificate Validity     (days)          [365]:900
______________________________________________________________________

STEP 3: Generating X.509 certificate for CA signed by itself [ca.crt]
Certificate Version (1 or 3) [3]:
Signature ok
subject=/C=CN/ST=Beijing/L=Beijing/O=Office/OU=Office/CN=Snake Oil CA/Email=jiangxin@foo.bar
Getting Private key
Verify: matching certificate & key modulus
read DSA key
Verify: matching certificate signature
../conf/ssl.crt/ca.crt: /C=CN/ST=Beijing/L=Beijing/O=Office/OU=Office/CN=Snake Oil CA/Email=jiangxin@foo.bar
error 18 at 0 depth lookup:self signed certificate
OK
______________________________________________________________________

STEP 4: Generating DSA private key for SERVER (1024 bit) [server.key]
85187 semi-random bytes loaded
Generating DSA key, 1024 bits
______________________________________________________________________

STEP 5: Generating X.509 certificate signing request for SERVER [server.csr]
Using configuration from .mkcert.cfg
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
1. Country Name             (2 letter code) [XY]:CN
2. State or Province Name   (full name)     [Snake Desert]:Beijing
3. Locality Name            (eg, city)      [Snake Town]:Beijing
4. Organization Name        (eg, company)   [Snake Oil, Ltd]:Office
5. Organizational Unit Name (eg, section)   [Webserver Team]:
6. Common Name              (eg, FQDN)      [www.snakeoil.dom]:worldhello.net
7. Email Address            (eg, name@fqdn) [www@snakeoil.dom]:jiangxin@foo.bar
8. Certificate Validity     (days)          [365]:900
______________________________________________________________________

STEP 6: Generating X.509 certificate signed by own CA [server.crt]
Certificate Version (1 or 3) [3]:
Signature ok
subject=/C=CN/ST=Beijing/L=Beijing/O=Office China/OU=Webserver Team/CN=worldhello.net/Email=jiangxin@foo.bar
Getting CA Private Key
Verify: matching certificate & key modulus
read DSA key
Verify: matching certificate signature
../conf/ssl.crt/server.crt: OK
______________________________________________________________________

STEP 7: Enrypting DSA private key of CA with a pass phrase for security [ca.key]
The contents of the ca.key file (the generated private key) has to be
kept secret. So we strongly recommend you to encrypt the server.key file
with a Triple-DES cipher and a Pass Phrase.
Encrypt the private key now? [Y/n]: n
Warning, you're using an unencrypted private key.
Please notice this fact and do this on your own risk.
______________________________________________________________________

STEP 8: Enrypting DSA private key of SERVER with a pass phrase for security [server.key]
The contents of the server.key file (the generated private key) has to be
kept secret. So we strongly recommend you to encrypt the server.key file
with a Triple-DES cipher and a Pass Phrase.
Encrypt the private key now? [Y/n]: n
Warning, you're using an unencrypted DSA private key.
Please notice this fact and do this on your own risk.
______________________________________________________________________

RESULT: CA and Server Certification Files

o  conf/ssl.key/ca.key
   The PEM-encoded DSA private key file of the CA which you can
   use to sign other servers or clients. KEEP THIS FILE PRIVATE!

o  conf/ssl.crt/ca.crt
   The PEM-encoded X.509 certificate file of the CA which you use to
   sign other servers or clients. When you sign clients with it (for
   SSL client authentication) you can configure this file with the
   'SSLCACertificateFile' directive.

o  conf/ssl.key/server.key
   The PEM-encoded DSA private key file of the server which you configure
   with the 'SSLCertificateKeyFile' directive (automatically done
   when you install via APACI). KEEP THIS FILE PRIVATE!

o  conf/ssl.crt/server.crt
   The PEM-encoded X.509 certificate file of the server which you configure
   with the 'SSLCertificateFile' directive (automatically done
   when you install via APACI).

o  conf/ssl.csr/server.csr
   The PEM-encoded X.509 certificate signing request of the server file which
   you can send to an official Certificate Authority (CA) in order
   to request a real server certificate (signed by this CA instead
   of our own CA) which later can replace the conf/ssl.crt/server.crt
   file.

Congratulations that you establish your server with real certificates.

make[1]: Leaving directory `/web/apache/apache_1.3.27/src'

Install libiconv

部分 PHP 网页调用了相关函数进行字符集间的字符转换，因此需要安装此模块。

Download libiconv...

shell$ ./configure
shell$ make && make install

Build mod_php (Apache Shared Module Version)

$ cd ../php-xxx/
$ ./configure \
  --with-apxs=/usr/local/apache/bin/apxs \
  --with-gd \
  --enable-track-vars \
  --with-mysql=/usr/local/mysql \
  --with-iconv=/usr/local \
  --with-xml
  # 如果需要支持 ORACLE： --with-oci8=/db/oracle   --enable-sigchild \
$ make
$ make install
  # 生成 /usr/local/apache/libexec/libphp4.so

配置 Apache

# 按照如下方式修改 http.conf
  LoadModule php4_module        libexec/libphp4.so
  AddType application/x-httpd-php .php .inc

配置 php

# cp php.ini-dist /usr/local/lib/php.ini
# 按照如下方式修改 php.ini
  ----------------------------
  output_buffering	=	4096 
  # send header lines (including cookies) even after you send body content 
  expose_php		=	Off  
  
  include_path = "./:/www/est/current/include"  # maybe others
  max_execution_time 	=	30   # may be want more on no production web!!!
  display_errors		=	Off  # need "on" on no production web!!!
  display_startup_errors 	= 	Off  # !!!!!
  log_errors		=	Off  # may set to "on" when display_errors is "off" !!!
  SMTP			=	localhost		;for win32 only
  sendmail_from		=	nobody@est.com.cn	;for win32 only
  sendmail_path		=	/usr/sbin/sendmail -t -i		
      ;for unix only, may supply arguments as well (default is 'sendmail -t -i')
  session.save_path	= 	/tmp    ; argument passed to save_handler

自动运行Apache

ln -s /usr/local/apache/bin/apachectl  /etc/rc.d/init.d/httpd
ln -s /etc/rc.d/init.d/httpd  /etc/rc.d/rc3.d/S99httpd

为使Apache启动支持中文ORACLE环境，需要在apachectl文件中67行("start)")下面加入几行: ## vi /usr/local/apache/current/bin/apachectl export ORACLE_HOME=/db/oracle export ORACLE_BASE=$ORACLE_HOME export ORACLE_SID=ORC1 export LD_LIBRARY_PATH=$ORACLE_HOME/lib export NLS_LANG="FRENCH_FRANCE.WE8ISO8859P1" # export ORA_NLS33=$ORACLE_HOME/ocommon/nls/admin/data # export NLS_LANG="SIMPLIFIED CHINESE_CHINA.ZHS16CGB231280" # export NLS_LANG="FRENCH_FRANCE.WE8ISO8859P1" # export NLS_LANG="SIMPLIFIED CHINESE_CHINA.ZHS16GBK"

启动Apache