apache2.4.6をソースからコンパイル

Ubuntu12.04LTS上で、Apache2.4.6をビルドしたときの手順メモ

Makefileの作成

./configure \
--prefix=/(apache directory) \
--enable-so \
--enable-ssl \
--enable-rewrite \
--enable-proxy \
--enable-proxy-http \
--enable-proxy-connect \
--with-mpm=prefork \
--disable-imagemap \
--with-apr=/usr/local/apr/current \
--with-apr-util=/usr/local/apr-util/current \
--with-pcre=/usr/local/pcre/current \
--with-ssl=/usr/local/openssl/current \

ビルドおよびインストール

 > make  
 > sudo make install

設定ファイルのポイント

httpd.conf

#バーチャルホストで定義するので、
#とりあえず適当
ServerName 127.0.0.1
#以下のモジュールを有効にする
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
LoadModule slotmem_shm_module modules/mod_slotmem_shm.so
LoadModule ssl_module modules/mod_ssl.so
LoadModule dav_module modules/mod_dav.so
LoadModule dav_fs_module modules/mod_dav_fs.so
LoadModule userdir_module modules/mod_userdir.so
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule dav_svn_module modules/mod_dav_svn.so
 
※ "Main server configuration"から
※ <ifmodule>タグが登場するところまでを削除
※ 残りの定義はバーチャルホストで定義する為
 
#旧Apacheが以下のユーザで実行していた為
User www-data
Group www-data
 
#SSL設定
<ifmodule mod_ssl.c>
Listen 443
SSLRandomSeed startup builtin
SSLRandomSeed startup file:/dev/urandom 512
SSLRandomSeed connect builtin
SSLRandomSeed connect file:/dev/urandom 512
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl    .crl
SSLPassPhraseDialog  exec:/usr/share/apache2/ask-for-passphrase
SSLSessionCache        "shmcb:/(apache directory)/logs/ssl_scache(512000)"
SSLSessionCacheTimeout  300
Mutex default ssl-cache
SSLCipherSuite HIGH:MEDIUM:!ADH:!MD5
SSLProtocol all -SSLv2
</ifmodule>
 
<ifmodule mod_gnutls.c>
    Listen 443
</ifmodule>
 
<ifmodule mod_dir.c>
        DirectoryIndex index.html index.cgi index.pl index.php index.xhtml index.htm
</ifmodule>
 
DAVLockDB /(apache directory)/logs/DAVLock
 
<filesmatch ".+\.ph(p[345]?|t|tml)$">
    SetHandler application/x-httpd-php
</filesmatch>
<filesmatch ".+\.phps$">
    SetHandler application/x-httpd-php-source
    # Deny access to raw php sources by default
    # To re-enable it's recommended to enable access to the files
    # only in specific virtual host or directory
    Order Deny,Allow
    Deny from all
</filesmatch>
# Deny access to files without filename (e.g. '.php')
<filesmatch "^\.ph(p[345]?|t|tml|ps)$">
    Order Deny,Allow
    Deny from all
</filesmatch>
 
<ifmodule mod_userdir.c>
    <directory home="" *="" public_html="">
        php_admin_value engine Off
    </directory>
</ifmodule>
 
#バーチャルホスト(デフォルトサイトとセキュアサイト)
Include conf/virtual.conf
Include conf/virtual-ssl.conf
 
</ifmodule>

virtual.conf

<virtualhost *:80>
        ServerAdmin (mail address)
        DocumentRoot /(document root direcotry)
        <directory>
                Options FollowSymLinks
                AllowOverride None
        </directory>
        <directory (document="" root="" directory)="">
                Options Indexes FollowSymLinks MultiViews
                AllowOverride All
                Order allow,deny
                allow from all
        </directory>
        <directory "="" (document="" root="" directory)="" webtools"="">
                AllowOverride AuthConfig
        </directory>
        ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
        <directory "="" usr="" lib="" cgi-bin"="">
                AllowOverride None
                Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
                Order allow,deny
                Allow from all
        </directory>
 
        ErrorLog /(apache install directory)/logs/error_log
 
        # Possible values include: debug, info, notice, warn, error, crit,
        # alert, emerg.
        LogLevel warn
        CustomLog /(apache install directory)/logs/access_log combined
</virtualhost>

virtual-ssl.conf

<ifmodule mod_ssl.c>
<virtualhost _default_:443>
        ServerAdmin (mail address)
        DocumentRoot /(document root direcotry)
        <directory>
                Options FollowSymLinks
                AllowOverride None
        </directory>
        <directory (document="" root="" directory)="">
                Options Indexes FollowSymLinks MultiViews
                AllowOverride None
                Order allow,deny
                allow from all
        </directory>
        <directory "="" (document="" root="" directory)="" webtools"="">
                AllowOverride AuthConfig
        </directory>
        ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
        <directory "="" usr="" lib="" cgi-bin"="">
                AllowOverride None
                Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
                Order allow,deny
                Allow from all
        </directory>
 
        ErrorLog /(apache install directory)/logs/error_log
 
        # Possible values include: debug, info, notice, warn, error, crit,
        # alert, emerg.
        LogLevel warn
 
        CustomLog /(apache install directory)/logs/ssl_access_log combined
 
        #   SSL Engine Switch:
        #   Enable/Disable SSL for this virtual host.
        SSLEngine on
        # 暗号キーファイルを別途作成し、そのファイルパスを指定
        SSLCertificateFile    /(apache install directory)/conf/ssl/cert-file.crt
        SSLCertificateKeyFile /(apache install directory)/conf/ssl/cert-file.crt
        <filesmatch "\.(cgi|shtml|phtml|php)$"="">
                SSLOptions +StdEnvVars
        </filesmatch>
        <directory usr="" lib="" cgi-bin="">
                SSLOptions +StdEnvVars
        </directory>
        BrowserMatch "MSIE [2-6]" \
                nokeepalive ssl-unclean-shutdown \
                downgrade-1.0 force-response-1.0
        BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
        <location svn>
                DAV svn
                SVNListParentPath on
                SVNParentPath /(svnリポジトリのパス)
                AuthType Basic
                AuthName "Subversion Repositories"
                AuthUserFile /(svn password file path)/svnpass.passwd
                Require valid-user
        </location>
</virtualhost>
</ifmodule>

apachectlで*.confファイルの内容チェック

 > apachectl -t  
 Syntax OK

起動シェル (/etc/init.d/apache2)

#!/bin/bash
start()
{
    echo "apache2 start"
    /usr/local/httpd/current/bin/apachectl start
    return 0
}
stop()
{
    echo "apache2 stop"
    /usr/local/httpd/current/bin/apachectl stop
    return 0
}
case "$1" in
    start)
        start
        ;;
    stop)
        stop
        ;;
esac

確認ポイント

1.80番ポート、443番ポートのサイトがそれぞれ確認できること
2.phpが動作すること
3.apache経由でsvnリポジトリのチェックアウト、コミットができること
4.sudo service apache2 start[stop]が可能であること