2003-11-06: Small update. Nowadays I use: ---snip--- Environment: export PATH=$PATH:/usr/local/bin:/usr/local/sbin:/usr/cc/bin src/Configure changes in Solaris section 1: CFLAGS="$CFLAGS -DSOLARIS2=$PLATOSVERS -O2 -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64" src/Configure changes in Solaris section 2 (above LDFLAGS_SHLIB): LD_SHLIB=gcc Configure: ./configure --prefix=/usr/local/apache_1.3.29 --enable-module=all --disable-module=auth_db --enable-shared=max --enable-rule=SHARED_CORE --enable-suexec --suexec-caller=nobody --suexec-uidmin=100 --suexec-gidmin=100 --suexec-userdir=cgi ---snip--- These are my tips and tricks to make a shiny, kicking Apache installation on a Sun Solaris system. I usually use Solaris 7 these days. a) Compiler: My choice of compiler is currently gcc 2.95.2 from http://www.ibiblio.org/pub/packages/solaris/sparc/. I've had too many problems with gcc-2.95.2-sol7-sparc-local from www.sunfreeware.com and recent patch clusters applied. b) Linker and accompanying tools: I've also had too many problems with GNU binutils, so I use Solaris' own tools for this. Add /usr/ccs/bin to your PATH, and make sure there is no ld, ar or other tools from GNU binutils to be found in it. c) Compiling Apache: I prefer Apache with as many possible of the modules to be used as DSO's. This means I can easily cut down on and add modules in use, and remove dangerous ones very fast (mod_rewrite had a security problem recently come to think of it). Before I do anything, I edit src/Configure and add in the solaris2 section at the end of the CFLAGS= setting: -O2 -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 This will make the compiled Apache optimized for speed, plus enables support for files larger than 2 GB. Then I run configure like this: # ./configure --prefix=/usr/local/apache --enable-module=all \ --disable-module=auth_db --enable-shared=max --disable-shared=proxy \ --disable-shared=negotiation --server-uid=nobody --server-gid=nobody \ --enable-rule=SHARED_CORE --enable-suexec --suexec-caller=nobody That will configure Apache to respectively: * Install in /usr/local/apache. * Enable all modules. * Disable the module auth_db. It doesn't seem to be working, and I don't need it. * Enable as many as possible modules as shared objects (DSO's). * Disable the module proxy from being built as a shared object, as it otherwise often keeps Apache from being able to load it because of missing symbols. * Disable the module negotiation from being built as a shared object, as it otherwise often keeps Apache from being able to load it because of missing symbols. * Set the default server user to 'nobody'. * Set the default server group to 'nobody'. * Enable the SHARED_CORE rule. Keeps me from getting unnecessary problems finding core symbols when loading shared objects (DSO's). * Enable suexec. I want to run code (CGI/SSI) on different sites with different users, for security reasons. * Enable the user 'nobody' as the default suexec user. Let's run CGI/SSI programs as nobody by default. Run "make" and "make install" to install Apache. d) Add module: mod_python I'm a Python freak, so I need specific Python support of course. I use mod_python from www.modpython.org. We need a recent Python installation that does not have threads enabled (Apache 1.3 and mod_python does not support it). Compile Python like this if you need to add a nothreads enabled Python (this is for Python 2.0): # ./configure --prefix=/opt/python-nothreads \ --exec-prefix=/opt/python-nothreads --with-cxx=g++ --without-threads # make # make install Make sure you have the python program without threads support in your path if you have installations for both. Then, to compile and install mod_python: # ./configure --with-apxs=/usr/local/apache/bin/apxs # make # make install And add the loading of the module to your httpd.conf. If you get problems finding symbols when loading mod_python.so from your Apache, try recompiling it with this added to the LIBS= line in src/Makefile after having run configure: -L/usr/local/lib/gcc-lib/sparc-sun-solaris2.7/2.95.2 -lgcc -lc -lgcc Adjust the path to your libgcc accordingly if located elsewhere. e) Add module: mod_perl I usually compile a special Perl installation for use with mod_perl to be sure I get to use the version I want, to have it installed with the options I need etc. I compile and install Perl like this (this is for version 5.6.0): # rm -f config.sh Policy.sh # sh Configure -Dprefix=/opt/perl -Dcc=gcc -Ubincompat5005 -de \ -Accflags="-D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -O2" # make # make test # make install This will compile and install Perl with support for files larger than 2 GB, without support for Perl 5.005 as it creates some problems, with default settings except for this, and with some speed optimization. It will be installed in /opt/perl. As with the Python program, make sure the compiled perl binary is first in the PATH if you have other perl versions installed. Then compile and install mod_perl: # perl Makefile.PL USE_APXS=1 WITH_APXS=/usr/local/apache/bin/apxs EVERYTHING=1 # make # make install It will add loading itself in httpd.conf. f) Add module: mod_php4 I usually use mod_php with MySQL, so of course I need to compile it by hand first to have it configured optimally: # ./configure --with-libwrap --with-berkeley-db=/usr/local/BerkeleyDB \ --with-mysqld-user=mysql --enable-shared --with-charset=latin1 \ --prefix=/usr/local/mysql # make # make install This compiles and installs MySQL with support for TCP Wrappers (libwrap) and BerkeleyDB (gives you transaction support), sets up mysql as the default user to run the mysqld daemon, enables building shared libraries, sets up latin1 as the default charset, and installs it in /usr/local/mysql. Make sure you unpack MySQL with GNU tar. BerkeleyDB with proper patches can be fetched off www.mysql.com, in the download/MySQL 3.23 section. TCP Wrappers can be found on ftp://ftp.porcupine.org/pub/security/index.html. Particularly we want TCP Wrappers support to be able to shut off access to the MySQL server completely from unauthorized hosts. Then compile and install php4: # ./configure --enable-sysvsem --enable-sysvshm --with-mysql=/usr/local/mysql \ --with-apxs=/usr/local/apache/bin/apxs --with-zlib --with-bz2 \ --with-openssl=/usr/local/ssl --enable-ftp --with-gd \ --with-jpeg-dir=/usr/local --with-tiff-dir=/usr/local \ --with-png-dir=/usr/local --enable-shared --with-ttf --enable-libgcc # make # make install This adds support for lots of dependencies I am not going to help you get going, enables support for System V semaphores and shared memory, and explicitly enables linking against libgcc (which may or may not save you from som missing symbols trouble). And installs + sets up loading of itself in httpd.conf. g) Add module: mod_fastcgi Compile and install it like this: # /usr/local/apache/bin/apxs -o mod_fastcgi.so -c *.c # /usr/local/apache/bin/apxs -i -a -n fastcgi mod_fastcgi.so This always worked without a hassle. These commands install the module also, and adds loading itself in httpd.conf. Questions? ========== You may sit there with some questions. I've tried to foresee them. Q: Where do I find the software? A: Everything can be found on www.freshmeat.net. Q: You only supply compilation and installation information. Not much help on configuring run-time parameters here. What do I do? A: Look up docs inside the packages mentioned, and on the sites they are found. Yes: RTFM. Q: Should I compile all this software by hand? A: That's up to you, but I like to know what I install. Pre-packaged versions of some or more of the software and dependencies mentioned in this document can be fetched of www.sunfreeware.com and/or http://www.ibiblio.org/pub/packages/solaris/sparc/. -- Anders Nordby Created: Thu Mar 01 16:05:08 CET 2001 Last modified: Sun Nov 09 00:31:37 CET 2003