apache+tomcat+proxy+openssl+postgresql+modsecurity整套生产环境安装过程

xmxm76

Set up java architecture for web production;
Collect the Application software
Ø        jdk-1_5_0_15-linux-i586.rpm
Ø        apache-tomcat-6.0.26.tar.gz
Ø      httpd-2.2.16.tar.gz
Ø      apache-ant-1.7.0-bin.tar.gz
Ø      apr-1.3.3
Ø      apr-util-1.3.4
Ø      postgresql-8.2.7
Ø      modsecurity_apache_2.5.12
Install Server Applications
1. Install JDK
rpm –ivh  jdk-1_5_0_15-linux-i586.rpm
(Its default homedirectory is ‘/usr/java/jdk_1_5_15’)

• Install Tomcat 6.0.26
  

tar xzvf apache-tomcat-6.0.26.tar.gz –C /opt/
ln –s  apache-tomcat-6.0.26  tomcat6

• Install apache-ant-1.7.0
  

   cdapr-1.3.3
./configure--prefix=/usr/local
make &&make install

• Install apr-util-1.3.4
  

cd apr-util-1.3.4
./configure --prefix=/usr/local  --with-apr=/usr/local
make
make install

• Ready to Install apache
  

5.1   Find exist apache and uninstall it
rpm –qa | grep httpd
rpm –e httpd
5.2   Install essential environment for apache
yum install kernel-headers glibc-headers glibc-devel libgomp gccreadline-devel glib-devel glib2-devel zlib-devel libtool
5.3   Install Openssl
yum install openssl
note: default directory is /usr/include/openssl
5.4   Install Mod_proxy
5.41. Enter apache source code’s directory: modules/proxy
5.4.2. Run commands as below to compile and modify httpd.conf and activemod_proxy:
apachepath/bin/apxs -c -i -a mod_proxy.c proxy_util.c

apachepath/bin/apxs -c -i -a mod_proxy_http.c proxy_util.c
5.5   Install mod_rewrite
5.5.1 find ./ -name "mod_rewrite.c"
./modules/mappers/mod_rewrite.c
5.5.2 apxs -c -i -a modules/mappers/mod_rewrite.c

• Install Apache 2.2.16
  

tar xzvf httpd-2.2.16.tar.gz
cd httpd-2.2.16
then you can use vi to set a file and type like this
  #! /bin/sh
#
# Created byconfigure

"./configure"\
"--prefix=/usr/local/apache2"\
"--enable-so"\
"--with-ssl=/usr/include/openssl"\
"--with-z=/usr/local/zlib"\
"--enable-rewrite"\
"--enable-modules=so"\
"$@"

• Install Ant1.7.0
  

tar xzvfapache-ant-1.7.0-bin.tar.gz –C /opt
note:download from http://archive.apache.org/dist/ant/binaries/, you must check apache-ant-1.7.0/lib, it must not be null,for some source codeis lack of lib files.
8.   Install postgresql
8.1 Download file:http://www.postgresql.org/download/
8.2 Create user and group:
groupadd -g 88 postgres
useradd -u88 -g 88 -d /usr/local/pgsql –mpostgres
  passwd postgres
chmod 755/usr/local/pgsql/
8.3unzip and complile
# su - postgres
$ tar xvfz postgresql-8.2.7.tar.gz
$ cd postgresql-8.2.7
$ ./configure –prefix=/usr/local/pgsql
$ make
At this time,meet an error,solution as below:
yum install gcc gcc-c++ autoconf automake
the second error,solution as below
yum install readline-devel
the thirderror,solution as below
yum install zlib-devel
$ make install
8.4 Create db dataand initialize db:
# mkdir /usr/local/pgsql/data
# chown postgres /usr/local/pgsql/data
# su - postgres
$ initdb -D /usr/local/pgsql/data
$ cd /usr/local/pgsql/data
8.5 Configure listenaddress and port.
$ vi postgresql.conf
listen_addresses = '*'
port = 5432
password_encryption = on
8.5 Configureconnection hosts trusted.
vim data/pg_hba.conf
$ vi pg_hba.conf
# IPv4 local connections:
host    all        all        127.0.0.1/32          trust
host    all        all        192.168.5.0/24          trust
8.6 Configurestartup options:
# cd postgresql-8.2.7
# cp contrib/start-scripts/linux /etc//init.d/postgres
# chmod 755 /etc/init.d/postgres
# /etc/rc.d/init.d/postgres start

Create the path for the entire environment
Add codes as below to /etc/profile
vim /etc/profile
export JAVA_HOME=/usr/java/jdk1.5.0_15
export JRE_HOME=$JAVA_HOME/jre
export TOMCAT_BASE=/opt/tomcat6
export JAVA_OPTS="-Djava.awt.headless=true-server -Xms768m -Xmx768m -XX:MaxPermSize=128m -XX:PermSize=128m-XX:MaxNewSize=128m -XX:NewSize=128m -Xincgc"
export TOMCAT_HOME=/opt/tomcat6
export CATALINA_HOME=/opt/tomcat6
export ANT_HOME=/opt/ant-1.7.0
export CLASSPATH=/opt/tomcat6
export HTTPD_HOME=/usr/local/apache2
export PGSQ_HOME=/usr/local/pgsql
export PATH=$JAVA_HOME/bin:$TOMCAT_HOME/bin:$HTTPD_HOME/bin:$PGSQ_HOME/bin:$PATH
export PATH=$PATH:$JAVA_HOME/bin:$ANT_HOME/bin
Integrateapache and tomcat with mod_proxy
   1.Modify apache’s configuration file:
  vim /usr/local/apache2/conf/httpd.conf
  include conf/extra/httpd-vhosts.conf (to get rid of “#”)
NameVitualHost127.0.0.1:80

ServerAdmin admin@test.us
DocumentRoot /opt/tomcat6/website
ErrorLog logs/tomcat-error_log
CustomLog logs/tomcat-access_log common
ProxyPass / ajp://localhost:8009/
ProxyPa***everse / ajp://localhost:8009/
RewriteEngine On
RewriteCond%{QUERY_STRING} ^thumbnail=true$
RewriteRule^/([^\.]*)([\.(jpg|gif|png)]*)$ /$1_thumb.jpg [PT]

Configureapache with ssl
1.    GenerateCA,including Server and client’s certificate and private keys.
[root@localhostbin]# openssl
OpenSSL> req-new -newkey rsa:1024 -nodes -out ca.csr -keyout ca.key -sha1
OpenSSL>x509 -trustout -signkey ca.key -days 3650 -req -in ca.csr -out ca.pem -sha1
OpenSSL>exit
[root@localhostbin]# echo "01" >ca.srl
[root@localhostbin]# ./openssl
OpenSSL> req-new -newkey rsa:1024 -nodes -out server.csr -keyout server.key -sha1
OpenSSL>x509 -CA ca.pem -CAkey ca.key -CAserial ca.srl -req -in server.csr -outserver.pem -days 1085 -sha1
OpenSSL> req-new -newkey rsa:1024 -nodes -out client.csr -keyout client.key -sha1
OpenSSL>x509 -CA ca.pem -CAkey ca.key -CAserial ca.srl -req -in client.csr -outclient.pem -days 365 -sha1
OpenSSL>pkcs12 -export -clcerts -in client.pem -inkey client.key -out client.p12 -name"client"
After lastcommands,it will generate files as follows：
ca.csr ca.keyca.pem ca.srl server.csr server.key server.pem client.csr client.key client.pemclient.p12

2.  modifyhttpd conf :  /usr/local/apache/conf/httpd.conf
# Secure(SSL/TLS) connections
Includeconf/extra/httpd-ssl.conf
vim /usr/local/apache/conf/extra/httpd-ssl.conf：

ServerName 192.168.0.88:443
DocumentRoot"/opt/tomcat6/website"
ServerNamewww.test.us:443
ServerAdminadmin@test.us
ErrorLog"/usr/local/apache2/logs/error_log"
TransferLog"/usr/local/apache2/logs/access_log"
ProxyPass /ajp://localhost:8009/
ProxyPa***everse/ ajp://localhost:8009/
RewriteEngine On
RewriteCond %{QUERY_STRING} ^thumbnail=true$
RewriteRule ^/([^\.]*)([\.(jpg|gif|png)]*)$ /$1_thumb.jpg [PT]
SSLCertificateFile/usr/local/apache/conf/server.pem
SSLCertificateKeyFile/usr/local/apache/conf/server.key
SSLCACertificateFile/usr/local/apache/conf/ca.pem
SSLVerifyClientrequire
SSLVerifyDepth 1
OK,All install processes finished.