The Web Server: Apache – Installation and Configuration
More than half of all Web sites use the Apache Web server. For years, the stable Apache version was 1.3.x, and for a shorter period of time, 2.0.x was in development. In April of this year, Apache 2.0.35 was released and declared stable. One of its benefits is better cross-platform compatibility, including compatibility with Windows.
The current stable release of Apache 2.0 is 2.0.39. Windows binaries for it can be obtained from http://www.apache.org/dist/httpd/binaries/win32/. At the time of this writing, only a non-SSL Apache 2.0.39 build is available. Also, a non-SSL version of Apache 1.3.26 is available from the same page. (SSL stands for for Secure Sockets Layer, a security protocol for Internet messages. When you see a URL in your browser beginning with https://
you are using SSL.) If you have Microsoft System Installer, version 1.2 or greater (and it probably is already installed on your system), then either of these versions should install easily by double-clicking the .msi
file that you can download. Please refer to the download page, and the installation information included with the distribution.
If you want to utilize Mod_SSL in order to add SSL capability to
your Web site, go to http://www.modssl.org/contrib/ftp/contrib/
and download
Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6d-Win32.zip
(or later) and OpenSSL-0.9.6d-Win32.zip
(or later).
Also, download the sample config file, openssl.cnf
, from
http://www.tud.at/programm/openssl.cnf
(right click the link, and select Save Target As… the filename
openssl.cnf
).
To install Apache with Mod_SSL, first create the directory
C:Apache
. Then, extract the files in the
Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6d-Win32.zip
file, using a program such as WinZip.
Place these extracted files in the C:Apache
directory.
Then, create a directory C:Apacheopenssl
,
and a subdirectory, C:Apacheopensslbin
. Move the config
file to C:Apacheopensslbin
. Next, from the OpenSSL-0.9.6d-Win32.zip
file, extract openssl.exe
to C:Apacheopensslbin
,
and extract libeay32.dll
and ssleay32.dll
to C:WINNTsystem32
.
To create a test certificate for using SSL, open a command prompt window, enter a change directory command:
cd C:Apacheopensslbin
and then enter the following commands:
openssl req -config openssl.cnf -new -out localhost.csr openssl rsa -in privkey.pem -out localhost.key openssl x509 -in localhost.csr -out localhost.cert -req -signkey localhost.key -days 5000 openssl x509 -in localhost.cert -out localhost.der.crt -outform DER
(Our sidebar article, “Creating Your SSL Test Certificate” offers additional information for those looking to set up an SSL test certificate.)
Then create a C:Apacheconfssl
directory, and move localhost.key
, localhost.cert
, and localhost.der.crt
into it.
Note: The selection of 5000 days to certificate expiration is arbitrary.
Apache 1.3.26 comes with a default configuration file, named httpd.default.conf
. The actual configuration file that Apache uses is httpd.conf
, which initially is the same as httpd.default.conf
. These two files are found in C:Apacheconf
. Keep the httpd.default.conf
file unchanged, as a reference, and make the actual configuration changes to httpd.conf
.
The following are the significant changes I made to the httpd.conf
file provided with Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6d-Win32.zip
. (Please note that forward slashes are used in the paths.) In some cases, the information is the same, but it is included here to answer any possible questions.
Changes to httpd.confServerRoot "C:/Apache" Listen 80 Listen 443 LoadModule ssl_module modules/mod_ssl.so LoadModule php4_module C:/php/sapi/php4apache.dll AddModule mod_ssl.c AddModule mod_php4.c # Port 80 ServerAdmin webmaster@localhost ServerName localhost DocumentRoot "C:/Apache/htdocs" UserDir "C:/Apache/users/" DirectoryIndex index.php index.htm index.html #CustomLog logs/access.log common CustomLog logs/access.log combined ServerSignature Off Alias /icons/ "C:/Apache/icons/" # Alias /manual/ "C:/Apache/htdocs/manual/" # # Options Indexes FollowSymlinks MultiViews # AllowOverride None # Order allow,deny # Allow from all # # ScriptAlias /cgi-bin/ "C:/Apache/cgi-bin/" # ScriptAlias /php/ "C:/php/" # # AllowOverride None # Options None # Order allow,deny # Allow from all # SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown # see http://www.modssl.org/docs/2.8/ssl_reference.html for more info SSLMutex sem SSLRandomSeed startup builtin SSLSessionCache none SSLProtocol -all +SSLv3 SSLCipherSuite HIGH:MEDIUM SSLLog logs/SSL.log # SSLLogLevel info SSLLogLevel warn SSLEngine On SSLCertificateFile conf/ssl/localhost.cert SSLCertificateKeyFile conf/ssl/localhost.key SSLRequireSSL |
Regarding running Apache from the command line:
To test the syntax of the httpd.conf
file: at a command prompt in the C:Apache
directory enter the command:
apache -t
To start Apache: in the C:Apache
directory enter the command:
apache
To stop Apache: in a separate command prompt window in the C:Apache
directory enter the command:
apache -k shutdown
For more information, see
http://www.tud.at/programm/apache-ssl-win32-howto.php3.
If you are interested in running Apache as a Windows service, the online documentation is at http://httpd.apache.org/docs/win_service.html.
Your Web site home page goes in the C:Apachehtdocs
directory, as do the subfolders for your site.
To test your SSL connection when Apache is running enter the following URL in your browser’s address field:
https://localhost/
A local copy of the Apache manual is included with the software. It is located in the htdocs
folder. If you leave it there it will be available through your Web site. The manual for version 1.3.x is also available online at http://httpd.apache.org/docs/. The online manual for version 2.0.x is at http://httpd.apache.org/docs-2.0/.
The Windows shareware program that I like to use for comparing two versions of a configuration file is Compare It!.
If your browser recognizes http://127.0.0.1/
but not http://localhost/
, check your hosts
file. For Windows 2000, go to the C:WINNTsystem32driversetc
directory, and open the hosts
file (there’s no extension to the filename) with a text editor. The uncommented line should read:
127.0.0.1 localhost