How to Install Apache 2.4.2 from Source on CentOS 6.2 with SSL

by Ramesh Natarajan on May 7, 2012

If you try to follow the how to install Apache with SSL article that we discussed a while back, you’ll face an issue during “make” because of version compatibility between Apache 2.4.4 and APR utilities (Apache Portable Runtime Library) that comes with CentOS 6.

We’ve explained in this article how to solve that issue to get the latest Apache working on CentOS or RedHat.

Make sure you have gcc and openssl-devel installed.

# yum install gcc
# yum install openssl-devel

You also need “Apache Portable Runtime Library” APR to install Apache from source.

You’ll already have “apr” and “apr-util” package installed. Install the apr-devel and apr-util-devel packages.

# yum install apr-devel
# yum install apr-util-devel

Note: In our case (because of the version compatibility issues), we’ll be downloading these and installing it manually later. But, let us go with the flow for now and see what happens when you try to do it this way.

Download Apache

Download Apache from httpd.apache.org. The current stable release is 2.4.2.

Once you get the direct URL to download the latest stable version of Apache, use wget as shown below to download it directly to you server.

cd /usr/src
wget http://mirror.nyi.net/apache//httpd/httpd-2.4.2.tar.gz
tar xvfz httpd-2.4.2.tar.gz

Install Apache with SSL/TLS

View all available Apache installation and configuration options as shown below.

cd httpd-2.4.2
./configure --help

To install an Apache module, you would typically say –enable-{module-name}. For example, to install SSL with Apache, it is –enable-ssl. To install ldap module, it is –enable-ldap.

To uninstall any default module that comes with Apache, you would typically say –disable-{module-name}. For example, to disable basic authentication in Apache, it is –disable-auth-basic

In this example, we will install Apache with all default modules, with addition of –enable-ssl (to install mod_ssl for SSL support), and –enable-so, which helps to load modules in Apache during run-time via the Dynamic Shared Object (DSO) mechanism, rather than requiring a recompilation.

./configure --enable-ssl --enable-so
make
make install

Note: By default the above installs Apache under /usr/local/apache2. If you like to change this location, use –prefix option in the ./configure.

Fixing APR Utility Error Messages

You might’ve not faced this problem while installing older version of Apache as we discussed a while back.

When you execute the “make”, you might get “rotatelogs.c:(.text+0x5ed): undefined reference to `apr_file_link’” error message if you are doing this on CentOS 6.2 as shown below.

# make
rotatelogs.c:298: warning: implicit declaration of function âapr_file_linkâ
/usr/lib64/apr-1/build/libtool --silent --mode=link gcc -std=gnu99 -pthread
-o rotatelogs  rotatelogs.lo /usr/lib64/libaprutil-1.la -ldb-4.7 -lexpat -ldb-4.7 /usr/lib64/libapr-1.la -lpthread
rotatelogs.o: In function `post_rotate':
rotatelogs.c:(.text+0x5ed): undefined reference to `apr_file_link'
collect2: ld returned 1 exit status
make[2]: *** [rotatelogs] Error 1
make[2]: Leaving directory `/usr/src/httpd-2.4.2/support'
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory `/usr/src/httpd-2.4.2/support'
make: *** [all-recursive] Error 1

This is because on CentOS 6, the latest APR version available through yum installation is 1.3.9 as shown below.

# rpm -qa apr*
apr-1.3.9-3.el6_1.2.x86_64
apr-util-1.3.9-3.el6_0.1.x86_64

However, Apache 2.4.2 needs the latest version of APR (which is currently 1.4.6).

So, go to APR download page and download both apr and apr-util.

cd /usr/src
wget http://mirror.atlanticmetro.net/apache//apr/apr-1.4.6.tar.gz
wget http://mirror.atlanticmetro.net/apache//apr/apr-util-1.4.1.tar.gz
tar xvfz apr-1.4.6.tar.gz
tar xvfz apr-util-1.4.1.tar.gz

Now, you should place this new version of apr and apr-util directories (without the version name in the directory) under “srclib” directory located under the httpd-2.4.2 directory that was created when you uncompressed the downloaded apache software.

In my example, I downloaded the httpd-2.4.2.tar.gz and uncompressed it under /usr/src. So, I need to place the latest apr and apr-util under this directory.

mv apr-1.4.6 /usr/src/httpd-2.4.2/srclib/apr
mv apr-util-1.4.1 /usr/src/httpd-2.4.2/srclib/apr-util

After this is done, we need to configure and make it again. If you execute the ./configure –help, you’ll see the following options that are related to APR

# cd /usr/src/httpd-2.4.2
# ./configure --help
  --with-included-apr     Use bundled copies of APR/APR-Util
  --with-apr=PATH         prefix for installed APR or the full path to apr-config
  --with-apr-util=PATH    prefix for installed APU or the full path to apu-config

If you decide to install the apr-1.4.6 and apr-util-1.4.1 on your system, you need to use “–with-apr” and “–with-apr-util” and provide the path where you installed these utility.

In this example, we didn’t do that. i.e We didn’t install the apr and apr-util that we downloaded. Instead we placed them under the httpd-2.4.2/srclib/apr-util. So, we should use “–with-included-apr” in the ./configure which will use these apr and apr-util only for the apache compilation and installation.

So, let us re-do the ./configure (using –with-included-apr), make and make install as shown below.

./configure --enable-ssl --enable-so --with-included-apr
make
make install

Now, make will not give “rotatelogs.c:(.text+0x5ed): undefined reference to `apr_file_link” error message anymore.

Enable SSL in httpd.conf

Apache configuration file httpd.conf is located under /usr/local/apache2/conf.

Uncomment the httpd-ssl.conf Include line and the LoadModule ssl_module line in the /usr/local/apache2/conf/httpd.conf file.

# vi /usr/local/apache2/conf/httpd.conf
LoadModule ssl_module modules/mod_ssl.so
Include conf/extra/httpd-ssl.conf

View the httpd-ssl.conf to review all the default SSL configurations. For most cases, you don’t need to modify anything in this file.

# vi /usr/local/apache2/conf/extra/httpd-ssl.conf

The SSL certificate and key are required before we start the Apache. The server.crt and server.key file mentioned in the httpd-ssl.conf needs to be created before we move forward.

# cd /usr/local/apache2/conf/extra
# egrep 'server.crt|server.key' httpd-ssl.conf
SSLCertificateFile "/usr/local/apache2/conf/server.crt"
SSLCertificateKeyFile "/usr/local/apache2/conf/server.key"

Create server.crt and server.key file

First, Generate the server.key using openssl.

# cd /usr/src
# openssl genrsa -des3 -out server.key 1024

The above command will ask for the password. Make sure to remember this password. You need this while starting your Apache later.

Next, generate a certificate request file (server.csr) using the above server.key file.

# openssl req -new -key server.key -out server.csr

Finally, generate a self signed ssl certificate (server.crt) using the above server.key and server.csr file.

# openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

After you’ve done with the above steps, you’ll see the following three files under /usr/src

# ls server*
server.crt  server.csr  server.key

Copy the server.key and server.crt file to appropriate Apache configuration directory location.

cp server.key /usr/local/apache2/conf/
cp server.crt /usr/local/apache2/conf/

Start the Apache

If you are getting the below error message, make sure to uncomment the line shown below in httpd.conf

# /usr/local/apache2/bin/apachectl start
AH00526: Syntax error on line 51 of /usr/local/apache2/conf/extra/httpd-ssl.conf:
Invalid command 'SSLCipherSuite', perhaps misspelled or defined by a module not included in the server configuration

# vi /usr/local/apache2/conf/httpd.conf
LoadModule ssl_module modules/mod_ssl.so

If you are getting the below error message, make sure to uncomment the line shown below in httpd.conf

# /usr/local/apache2/bin/apachectl start
AH00526: Syntax error on line 76 of /usr/local/apache2/conf/extra/httpd-ssl.conf:
SSLSessionCache: 'shmcb' session cache not supported (known names: ). Maybe you need to load the appropriate socache module (mod_socache_shmcb?).

# vi /usr/local/apache2/conf/httpd.conf
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so

Finally, this will prompt you to enter the password for your private key before starting up the apache.

# /usr/local/apache2/bin/apachectl start
Apache/2.4.2 mod_ssl (Pass Phrase Dialog)
Some of your private key files are encrypted for security reasons.
In order to read them you have to provide the pass phrases.

Server www.example.com:443 (RSA)
Enter pass phrase:

OK: Pass Phrase Dialog successful.

Verify that the Apache httpd process is running in the background

# ps -ef | grep http
root   29529     1  0 13:08 ?     00:00:00 /usr/local/apache2/bin/httpd -k start
daemon 29530 29529  0 13:08 ?     00:00:00 /usr/local/apache2/bin/httpd -k start
daemon 29531 29529  0 13:08 ?     00:00:00 /usr/local/apache2/bin/httpd -k start
daemon 29532 29529  0 13:08 ?     00:00:00 /usr/local/apache2/bin/httpd -k start
root   29616 18260  0 13:09 pts/0 00:00:00 grep http

To stop the apache use apachectl stop.

# /usr/local/apache2/bin/apachectl stop

Use httpd -l to view all the modules that are compiled inside the Apache httpd daemon.

# /usr/local/apache2/bin/httpd -l
Compiled in modules:
  core.c
  mod_so.c
  http_core.c
  event.c

By default Apache SSL runs on 443 port. Open a web browser and verify that you can access your Apache using https://{your-ip-address}


Linux Sysadmin Course Linux provides several powerful administrative tools and utilities which will help you to manage your systems effectively. If you don’t know what these tools are and how to use them, you could be spending lot of time trying to perform even the basic administrative tasks. The focus of this course is to help you understand system administration tools, which will help you to become an effective Linux system administrator.
Get the Linux Sysadmin Course Now!

If you enjoyed this article, you might also like..

  1. 50 Linux Sysadmin Tutorials
  2. 50 Most Frequently Used Linux Commands (With Examples)
  3. Top 25 Best Linux Performance Monitoring and Debugging Tools
  4. Mommy, I found it! – 15 Practical Linux Find Command Examples
  5. Linux 101 Hacks 2nd Edition eBook Linux 101 Hacks Book

Bash 101 Hacks Book Sed and Awk 101 Hacks Book Nagios Core 3 Book Vim 101 Hacks Book

{ 18 comments… read them below or add one }

1 Edson Vaz May 7, 2012 at 4:04 am

Hi there,

Thank you a lot for this article I have tried to configure apache with ssl in solaris 10 and i having some issues related with SSL can u please send the same config but for solaris platfom

2 Vonskippy May 7, 2012 at 2:20 pm

CentOS (and it’s upstream vendor RHEL) strongly discourage you from adding software outside the yum procedure.

So if you’re going to do this, be sure to remove httpd and anything else that you manually added from the YUM config, otherwise you’re likely to have all your hard custom work over written next time you do a standard update.

3 Jalal Hajigholamali May 11, 2012 at 7:17 am

Hi,

Thanks, i configured under rhe5….

4 Gabriel May 11, 2012 at 9:50 pm

Hi excelent article, I configure perfectly under centos 6.2 just one thing how i can create a httpd as service from apache when I compile from the source, i really apreciate your help with this.

Thank you very much.

5 Tony May 15, 2012 at 7:07 am

Thanks for such a detailed post – it’s really helpful. Installing stuff outside of CentOS repos always fills me with dread.

Can you answer this for me? I’ve got my apache 2.2 running already. In order to install 2.4, is it best practice to use yum to erase the existing apache package and then use ./configure to put the new apache install in the old, existing location, or would you install 2.4 in a separate directory, point your init scripts to it, and leave 2.2 where it is?

I know that with CentOS we’re not supposed to install the latest packages, just the most stable, but I’d like the best performance from Apache.

Thanks!

6 kamal July 2, 2012 at 2:01 am

Hi friends,

While restarting the apache I am getting the below error:

[root@centos /]# /usr/local/apache/bin/apachectl stop
httpd: Syntax error on line 56 of /usr/local/apache/conf/httpd.conf: Cannot load /usr/local/apache/modules/mod_ssl.so into server: /usr/local/apache/modules/mod_ssl.so: cannot open shared object file: No such file or directory

please help

7 Blake August 12, 2012 at 11:54 pm

Great post, thanks a lot! This saved me a lot of time after I ran into the APR errors. Appreciate the time you took to post.

8 Janaka R Rajapaksha September 1, 2012 at 11:02 pm

Many thanks. keep it up and are there another article for php and mysql that were written by you?

thanks again?

9 Rodolfo Fiallos September 18, 2012 at 3:54 pm

Very helpful article, save me a lot of time debugging those apr errors. Thanks a log.

10 Ketam November 30, 2012 at 10:08 am

How to uninstall?

11 Tim January 28, 2013 at 5:04 pm

Fantastic article, many many many thanks!!!!

12 Prabhu DS March 3, 2013 at 1:47 pm

Dear Ramesh,

Could you guide me how to order ciphers and secure renegotiation among other things for apache 2.4.4. ,OpenSSL 1.0.1e

13 Thulasi March 22, 2013 at 3:11 am

Thank you.

14 namik April 1, 2013 at 11:05 pm

I am getting this error when trying to ./configure –enable-ssl –enable-so –with-included-apr

configure: error: pcre-config for libpcre not found. PCRE is required and available from http://pcre.org/

15 namik April 1, 2013 at 11:10 pm

yum -y install pcre-devel fixed my issue

16 Apoorva September 5, 2013 at 10:59 pm

Very clear tutorial! Loved it.

17 mk November 27, 2013 at 7:31 am

good! thanks

18 Frank March 1, 2014 at 6:55 pm

Thanks Ramesh for this awesome guide. I am migrating my CentOS 6.5 from Apache 2.2 to Apache 2.4 so that I can use ECDHE ciphers.

Also, thanks to Namik for that tip. Got the same error.

Leave a Comment

Previous post:

Next post: