Recipe for install/configure Apache/mod_ssl/Tomcat/java-servlets on a Unix system; anything that says "install" will need to be run as root, but the basic building of the packages need not be. This is being done on a FreeBSD system, but I've tried to note anything that's FreeBSD specific: Ingredients: apache_1.3.20.tar.gz (http://www.apache.org/) mod_ssl-2.8.4-1.3.20.tar.gz (http://www.modssl.org/) (other mod_'s if desired, e.g. php-4.0.5.tar.gz) jakarta-ant-1.4.1-bin.tar.gz jakarta-servletapi-3.2-src.tar.gz jakarta-tomcat-4.0.1.tar.gz jaxp-1_1.zip mm-1.1.x.tar.gz (see instructions) openssl (standard on FreeBSD 4.x, so no need to reinstall) gzip (standard on FreeBSD 4.x, so no need to reinstall) unzip (see instructions) perl (standard on FreeBSD 4.x, so no need to reinstall) java gmake Install support utilities needed for builds: perl This is standard on most platforms these days, but if needed, fetch it from http://www.perl.com/ and install. gzip/unzip All of the packages are either gzip'd or zip'd, so you'll need these to unpack them. gzip is included in standard FreeBSD installation, but you can get it from http://www.gnu.org/ if needed. unzip is in the FreeBSD ports tree: cd /usr/ports/archivers/unzip; make install or can be found at ftp://ftp.freesoftware.com/pub/infozip/src/ libmm This is in the FreeBSD ports tree, so on that platform, just: cd /usr/ports/devel/mm; make install For other platforms, find the tarball at http://www.engelschall.com/sw/mm/ and install per instructions openssl This is included in the standard FreeBSD installation; other platforms will need to fetch it from http://www.openssl.org/ and install. java This is in the FreeBSD ports tree, so on that platform, just: cd /usr/ports/java/jdk13; make install You'll have to fetch the files manually and it installs a good chunk of Linux along with it, but it installs and works eventually. For other platforms, you'll need to find a suitable java environment; java.sun.com would be a good place to start. C This is mostly an issue on Solaris, which is one of the few Unixes not to come standard with a C compiler. gcc/g++ is the recommended compiler: www.gnu.org gmake mod_jk's makefile uses some gmake specific constructs; it's also in the FreeBSD ports tree, so: cd /usr/src/ports/devel/gmake/; make install or fetch from www.gnu.org and build as needed. And now to get to the real task at hand... Make base build directory (we'll call it "/usr/src/local/apache" here): # -p on FreeBSD makes any needed intermediate directories mkdir -p /usr/src/local/apache cd /usr/src/local/apache I find it convenient to put all the needed packages together in a subdirectory "pkgs": mkdir pkgs cp pkgs Extract apache source: tar xzvf pkgs/apache_1.3.20.tar.gz Extract mod_ssl source: tar xzvf pkgs/mod_ssl-2.8.4-1.3.20.tar.gz Configure/add mod_ssl to apache: cd mod_ssl-2.8.4-1.3.20 configure --with-apache=../apache_1.3.20 (add in any other modules you want to include that need to be compiled into apache here [php can be dynamically loaded, so can be built after this is all done]) Configure apache; of particular note is to make sure to build with the reentrant C library --- this is required so that apache will link properly with the mod_jk module which uses threads to connect to the tomcat server which contains the java engine and thus handles the java servlets: # I like to have apache collected together in /var/apache, and to # enable the optional "info" module that lets you query the server # for its configuration. Module "so" is required for dynamic loading # of modules (such as the mod_jk module we'll be adding later), and # of course, module "ssl" is the ssl module we're building now. # -lc_r gets the reentrant C library discussed above LDFLAGS=-lc_r configure --prefix=/var/apache --enable-module=info --enable-module=so --enable-module=ssl OK! You're ready to build apache now; at least on FreeBSD, there are a bunch of warnings about tmpnam, f_prealloc and des_encrypt which I'm ignoring for now, but need to be analyzed before trusting the system in a secure environment: make The SSL part needs a certificate to operate; unless you've already got one from somewhere, build it now; it will ask a bunch of questions whose answers should be semi-obvious; if uncertain, take the default, which will work for testing at the very least. There will be two series --- one for the certificate authority and one for the server itself. At the end, you'll be prompted for a pass phrase to encrypt the certs. Tell it you don't want to encrypt the certs, otherwise you'll have to enter a passphrase when the system starts up or when you restart the server. You could script it, but then what's the point? ***NOTE*** When the server certificate asks for a "common name" and defaults to "www.snakeoil.dom", what you type there *must* match the ServerName configuration you'll put in the httpd.conf file later or the SSL engine won't start up. make certificate TYPE=custom Now install it: make install We're not *quite* done yet; apache doesn't install the boot time startup script, plus you'll want to do some configuration tweaking most likely... Startup - on FreeBSD, local startup scripts go in /usr/local/etc/rc.d; here's a quick-n-dirty starter: #!/bin/sh [ -x /var/apache/bin/apachectl ] && /var/apache/bin/apachectl startssl >/dev/null && echo -n ' httpd' Configuration - for starters, the lock, pid and scoreboard files all go into the logs directory by default; I think that's bogus --- /var/run is for that sort of thing, at least on FreeBSD, but it doesn't really hurt to leave them in the logs directory if you prefer. NOTE: if you move these files, be sure to edit the apachectl script to let it know you did so or it won't work correctly (specifically, httpd.pid). The main thing you'll want to tweak is to change the ports from the defaults of 8080(http)/8443(ssl) to the standard ports of 80 and 443, respectively. Unless you really do want to run it on non-standard ports... The other thing you really should do is turn off the insecure cipher modes for ssl by changing SSLCipherSuite to: SSLCipherSuite HIGH:MEDIUM You'll also want to change the line that reads "" to read "", where "myservername" is the domain name people use to get to your server, and which matches what you entered as the Server Common Name when making the server certificate. Once all that's done, you're ready to fire it up with: /var/apache/bin/apachectl startssl Finally, you may want to make symlinks to some of the binaries so they're more accessible: ln -s /var/apache/bin/apxs /usr/local/bin/apxs ln -s /var/apache/bin/dbmmanage /usr/local/bin/dbmmanage ln -s /var/apache/bin/htdigest /usr/local/bin/htdigest ln -s /var/apache/bin/htpasswd /usr/local/bin/htpasswd And this to the local system binary dir (users can't and shouldn't be using it): ln -s /var/apache/bin/apachectl /usr/local/sbin/apachectl and add the man pages into the search path by adding to /etc/manpath.config (on FreeBSD, other systems may differ): OPTIONAL_MANPATH /var/apache/man Extract/build the ant package; from this point on, you need make sure that your java environment is operational (e.g. JAVA_HOME and CLASSPATH set appropriately). Ant is a java/xml based "make" utility which the jakarta people just *had* to have because "make" just *isn't* good enough for them: cd /usr/src/local/apache tar xzvf pkgs/jakarta-ant-1.4.1-bin.tar.gz cd jakarta-ant-1.3 build.sh Next, we need to extract the xml parser: cd .. unzip pkgs/jaxp-1_1.zip #And install it: # # cd jaxp-1.1 # cp *.jar /usr/local/share/java/classes # (or wherever your java engine wants add-on class libraries) Update your CLASSPATH to include the new jars now. Here's a useful script I call "setjava" for setting CLASSPATH: #!/bin/bash cp= for d in /usr/local/jdk1.3.1/jre /usr/local/jdk1.3.1/lib /usr/local/share/java/classes; do for p in `find $d -name "*.jar" -o -name "*.zip"`; do cp=${cp}:$p done done export CLASSPATH=$cp:. As this sets an environment variable, you'll need to ". setjava" so that it runs in your current shell, not a subshell (needless to say, this needs to be adapted accordingly if you're a csh user). We also need to unpack the servlet API library: cd /usr/src/local/apache tar xzvf pkgs/jakarta-servletapi-3.2-src.tar.gz For some reason, the archives include version numbers in the top-level directory name, but the references to them in the package scripts don't, so we need to rename a couple of directories: mv jakarta-ant-1.3 jakarta-ant mv jakarta-servletapi-3.2-src jakarta-servletapi With that done, we can go extract and build the tomcat java/servlet server: tar xzvf pkgs/jakarta-tomcat-3.2.1-src.tar.gz cd jakarta-tomcat-3.2.1-src Before we can build, we need to fix a typo in the tomcat build file. Edit the file "build.xml" and look for the line: It needs to be changed to read: as it seems to be expecting an older version of the xml parser. ../jakarta-ant/dist/bin/ant dist Go get coffee now, this takes several minutes. Don't worry about it complaining about not being able to copy jaxp; it's trying to find the wrong version and we've already installed it anyhow. javadoc spews out a number of errors as well, possibly because the java engine on FreeBSD is 1.1.8 and I suspect it's expecting 1.2 or later, but tomcat still seems to work ok. There are probably issues with security sandboxes, as that seems to be a later addition, but it's fine for experimenting with for now. Tomcat will run in its dist directory, but I like to install running systems somewhere other than the development directory: cd .. mv dist/tomcat /var/apache Before we start tomcat, we need to configure it: cd /var/apache/tomcat/conf vi server.xml Key points are at line 65, were we copy the 'path="logs/tomcat.log"' line and insert it in the 'Logger name="tc_log"' block to keep a ton of messages from spewing out on the console/terminal window. Now, just to test things, lets fire up tomcat and make sure it can serve up web pages: cd .. bin/tomcat.sh start Then, use a web browser to verify that you can get the default tomcat web page: lynx http://mymachine.com:8080/ (or whatever browser, "mymachine.com" is, of course, whatever your machine's name is) But, we don't really want tomcat to serve static web pages, so: bin/tomcat.sh stop cd conf vi server.xml Then, at line 220 (221 with the above modification), where it says "", move the " -->" down to after the "" line. This comments out the HTTP connector so that tomcat won't try to serve regular html pages, we only want it to handle servlet processing. Right below that is instructions for adding ssl support, though I think that's only needed for standalone pages (which we just disabled) --- apache should handle the SSL for us. Also, we want to use the newer AJP13 protocol, so we need to add support for that. Look for the comment that reads "Apache AJP12 support". Right below it is a Now we can start up tomcat for real: /var/apache/tomcat/bin/tomcat.sh start Since we want tomcat to start up automatically also, we should modify /usr/local/etc/rc.d/apache.sh: #!/bin/sh cp= for d in /usr/local/java/lib /usr/local/share/java/classes; do for p in `find $d -name "*.jar" -o -name "*.zip"`; do cp=${cp}:$p done done CLASSPATH=$cp /var/apache/tomcat/bin/tomcat.sh start > /dev/null && echo -n ' tomcat' /var/apache/bin/apachectl startssl > /dev/null && echo -n ' httpd' Almost there! Now that both apache and tomcat are running, we need to get them talking to each other. To do this, we use the apache "mod_jk" module that's included in the tomcat distribution: cd /usr/src/local/apache/jakarta-tomcat-3.2.1-src/src/native/apache1.3 vi Makefile.freebsd If you're not on FreeBSD, there's a linux Makefile, or you can copy one and tweak it to your platform's needs. The main thing we need to change is APACHE_HOME, since we put it in /var instead of /usr/local. Also, they got one of the conditionals wrong for FreeBSD in the file /usr/src/local/apache/jakarta-tomcat-3.2.1-src/src/native/jk/jk_util.c: you need to change "#ifndef FREEBSD" to "#ifndef __FreeBSD__" on line 110: vi ../jk/jk_util.c At least one case, this was a problem on solaris as well (the symptom is that when you start apache, you get "fdatasync not found"), even though Solaris does have fdatasync. I haven't tracked this down, so you may just want to ifdef the fdatasync call out on Solaris as well, or figure out why it's not getting linked in and fix it, then let me know so I can add it to these instructions ;-) Once that's done, build mod_jk using gmake (it uses some gmake specific constructs): gmake -f Makefile.freebsd Then install it where apache can easily find it: cp mod_jk.so /var/apache/libexec Getting *real* close now... we just need to configure apache to know when and how to talk to it. To do that, add this to /var/apache/conf/httpd.conf: # Servlet support LoadModule jk_module /var/apache/libexec/mod_jk.so # Auto-generated when tomcat starts up Include /var/apache/tomcat/conf/mod_jk.conf-auto JkWorkersFile /var/apache/tomcat/conf/workers.properties # All jsp's and servlets should connect to tomcat using ajp13 protocol # instead of the older ajp12 protocol, these will vary depending on # whether or not you create additional places for servlets. JkMount /*.jsp ajp13 JkMount /servlets/* ajp13 JkMount /jsp/* ajp13 JkLogFile /var/apache/tomcat/logs/mod_jk.log JkLogLevel warn Note that the implication of the mod_jk.conf-auto file being generated by tomcat is that whenever you change the tomcat configuration and restart it, you need to restart apache as well. That's easy though, with: apachectl restart Finally! Test your servlets by going to http://yourserver/examples/servlets/ (don't forget the trailing / or it won't match the JkMount and go to tomcat). You should get a page with a list of example servlets you can try out, such as "Hello World", etc. Tomcat's context configuration is a little odd, so at this point, you *really* want to go to http://java.sun.com/products/servlet/index.html and download the "Java Servlet Specification 2.2", which among other things, documents the context stuff. You can also download the javadoc API reference, which will likely be handy as you write your servlets, though it's almost as handy to just use the Sun website for that... Once you've read through that, go to /usr/src/local/apache/jakarta-tomcat-3.2.1-src/src/doc/uguide and read tomcat_ug.html, which is Tomcat's User's Guide. And that's all there is to it!