Configuring Apache before Installing the Load Balancer Plug-in

The Apache source must be compiled and built to run with SSL. This section describes the minimum requirements and high-level steps needed to successfully compile Apache Web Server to run the load balancer plug-in. These requirements and steps only apply to the Solaris and Linux versions of the software. For information on the Windows version of Apache, see the Apache web site.

The instructions included here are adapted from the instructions at http://httpd.apache.org/docs. For detailed instructions on installing SSL-aware Apache, please see that web site.

To Install SSL-aware Apache

Before You Begin

You must have already downloaded and uncompressed the Apache software.

1. Download and unpack the OpenSSL source, available at http://openssl.org.

2. Compile and build OpenSSL.

   For full installation instructions, see the file named INSTALL in the directory where you uncompressed OpenSSL. That file has information on installing OpenSSL in a user-specified location.

   For more information about OpenSSL, see the http://www.openssl.org/.

3. Download and unpack Apache.

   Apache is available from http://httpd.apache.org.

4. Compile and build Apache. Configure the source tree:

   1. cd http-2.0_x.

   2. Run the following command:

      ./configure --with-ssl= OpenSSL-install-path --prefix= Apache-install-path --enable-ssl --enable-so

      In the above commands, x is the Apache version number, open-ssl-install-path is the absolute path to directory where OpenSSL is installed, and Apache-install-path is the directory in which to install Apache.

      Note that you only need to use the --enable-ssl --enable-so options if your Apache 2 server will be accepting HTTPS requests.

5. For Apache on Linux 2.1, before compiling:

   1. Open src/MakeFile and find the end of the automatically generated section.

   2. Add the following lines after the first four lines after the automatically generated section:

      LIBS+= -licuuc -licui18n -lnspr4 -lpthread -lxerces-c 
      -lsupport -lnsprwrap -lns-httpd40
      LDFLAGS+= -L/application-server-install-dir/lib -L/opt/sun/private/lib

      Note that -L/opt/sun/private/lib is only required if you installed Application Server as part of a Java Enterprise System installation.

      For example:

      ## (End of automatically generated section)
      ## 
      CFLAGS=$(OPTIM) $(CFLAGS1) $(EXTRA_CFLAGS)
      LIBS=$(EXTRA_LIBS) $(LIBS1)
      INCLUDES=$(INCLUDES1) $(INCLUDES0) $(EXTRA_INCLUDES)
      LDFLAGS=$(LDFLAGS1) $(EXTRA_LDFLAGS)
      "LIBS+= -licuuc -licui18n -lnspr4 -lpthread 
      -lxerces-c -lsupport -lnsprwrap -lns-httpd40
      LDFLAGS+= -L/application-server-install-dir /lib -L/opt/sun/private/lib

   3. Set environment variable LD_LIBRARY_PATH.

      With stand–alone installations, set it to the Application Server: as-install/lib

      With Java Enterprise System installations, set it to the Application Server: as-install/lib:opt/sun/private/lib.

      If you are using Solaris 9, add /usr/local/lib to the LD_LIBRARY_PATH.

6. Compile Apache as described in the installation instructions for the version you are using.

   For more information, see the http://httpd.apache.org/

   In general, the steps are:

   1. make

   2. make install

7. Make sure Apache's ssl.conf and httpd.conf files contain the correct values for your environment.

   • In ssl.conf, for VirtualHost default:port replace the default hostname and port with the hostname of the local system where Apache is installed and the server's port number.

     Without this change, the load balancer will not work. On Solaris Apache may not start and on Linux, HTTPS requests may not work.

   • In ssl.conf, for ServerName www.example.com:443, replace www.example.com with the hostname of the local system where Apache is installed.

     Without this change, the following warning appears when you start Apache if a security certificate is installed:

     [warn] RSA server certificate CommonName (CN) hostname does NOT match server name!

     For more information on installing certificates for Apache, see To Create a Security Certificate for Apache .

   • In httpd.conf, for ServerName www.example.com:80, replace www.example.com with the hostname of the local system where Apache is installed.

     Without this change, you see warnings when you start Apache that the system could not determine the server's fully qualified domain name, and that there are overlapping VirtualHost entries.

8. Ensure that the Apache user has the required access permissions to the apache-install-location/conf/ directory and files in this directory.

   The Apache user is the UNIX user under which the Apache server responds to requests. This user is defined in the file httpd.conf.

   If you installed Apache as a root user, read the note about configuring the Apache user and group in apache-install-location/conf/httpd.conf.

   ---

   Note –

   Ensure that your configuration of users and groups meets the security requirements for this directory. For example, to restrict access to this directory, add the Apache user to the same user group as the owner of the directory.

   ---

   1. To ensure that the Auto Apply feature operates correctly, grant the Apache user read access, write access, and execute access to the apache-install-location/conf/ directory.

      • If the Apache user is in the same group as the owner of this directory, change the mode to 775.

      • If the Apache user is in a different group than the owner of this directory, change the mode to 777.

   2. To ensure that the load balancer plug-in is initialized when Apache is started, grant the Apache user read access and write access to the following files:

      • apache-install-location/conf/loadbalancer.xml

      • apache-install-location/conf/sun-loadbalancer_1_2.dtd