test

Sun Cluster Quick Start Guide for Solaris OS

ProcedureHow to Configure Apache HTTP Server Software

This procedure configures secure Apache HTTP Server version 1.3 software by using mod_ssl. For additional information, see the installed Apache online documentation at file:///usr/apache/htdocs/manual/index.html.html, the Apache HTTP Server web site at http://httpd.apache.org/docs/1.3/, and the Apache mod_ssl web site at http://www.modssl.org/docs/.

  1. Use the cconsole master window to access both nodes.

    You can perform the next steps on both nodes at the same time.

  2. Modify the /etc/apache/httpd.conf configuration file.

    1. If necessary, copy the /etc/apache/httpd.conf-example template as /etc/apache/httpd.conf.

    2. Set the following directives:

      Apache Directive 

      Value 

      ServerType

      Standalone

      ServerName

      apache-lh

      DocumentRoot

      /var/apache/htdocs

  3. Install all certificates and keys.

  4. In the /usr/apache/bin directory, create the file keypass.

    Set file permissions for owner access only.


    phys-X# cd /usr/apache/bin
phys-X# touch keypass
phys-X# chmod 700 keypass

  5. Edit the keypass file so that it prints the pass phrase for the encrypted key that corresponds to a host and a port.

    This file will be called with server:port algorithm as arguments. Ensure that the file can print the pass phrase for each of your encrypted keys when called with the correct parameters.

    Later, when you attempt to start the web server manually, it must not prompt you for a pass phrase. For example, suppose that a secure web server is listening on ports 8080 and 8888, with private keys for both ports that are encrypted by using RSA. The keypass file could be the following:


    # !/bin/ksh
host=`echo $1 | cut -d: -f1`
port=`echo $1 | cut -d: -f2`
algorithm=$2

if [ "$host" = "apache-lh.example.com" -a "$algorithm" = "RSA" ]; then
   case "$port" in
   8080) echo passphrase-for-8080;;
   8888) echo passphrase-for-8888;;
   esac
fi

  6. Update the paths in the Apache start/stop script file, /usr/apache/bin/apachect1, if they differ from your Apache directory structure.

  7. Verify your configuration changes.

    1. Check the /etc/apache/httpd.conf file for correct syntax.


      phys-X# /usr/apache/bin/apachectl configtest

    2. Ensure that any logical hostnames or shared addresses that Apache uses are configured and online.

    3. On phys-sun, start the Apache server.


      phys-sun# /usr/apache/bin/apachectl startssl

      • Ensure that the web server does not ask you for a pass phrase.

      • If Apache does not start properly, correct the problem.

    4. On phys-sun, stop the Apache server.


      phys-sun# /usr/apache/bin/apachectl stopssl