Building Apache 2.2.3 or 2.0.59, with mod_ssl, mod_security, mod_deflate

Building a Web Server, for Windows

Requirements

Download

Our Configuration

Notes

Setup for mod_deflate

To build mod_deflate, the zlib source code directory is placed under C:\build\httpd-2.x.x\srclib (as httpd-2.x.x\srclib\zlib). The main Apache 2.0/2.2 build process will automatically compile the zlib source code and build mod_deflate. Note that to build zlib v1.2.3 under Apache 2.0, the C:\build\httpd-2.0.x\modules\filters\mod_deflate.dep/dsp/mak files will need to be patched. Do NOT perform this patching step if building mod_deflate under Apache 2.2, or if building against zlib v1.1.4.

Patch mod_deflate (zlib 1.2.3) to build under Apache 2.0...

[Optional] Build zlib with ASM options...

Setup for mod_ssl

To build mod_ssl, the OpenSSL source code directory is placed under C:\build\httpd-2.x.x\srclib (as httpd-2.x.x\srclib\openssl). The OpenSSL source is then manually compiled to prepare for the main Apache 2.0/2.2 build process.

Configure the build...

['--openssldir=DIR' tells openssl.exe where to look for openssl.cnf]
[we must use unix forward style slashes(/), instead of windows style back slashes(\)]

Use x86 assembly functions for performance improvements...

Note that if your Compiler or System does not include MASM (ml.exe error): run 'ms\do_ms' instead.

> ms\do_masm

Build...

> nmake -f ms\ntdll.mak

[optional] Test the built OpenSSL package...

Apache 2.2.3 Patch

The Apache 2.2.3 Windows source has problems in four projects dsp and mak files. Also, a perl script has to be run to convert the projects to the VC++ version that is being used to compile the code. Both of these problems should be fixed under Apache 2.2.4

Download apache-2.2.3-projects.zip and extract the following 4 dsp and mak project files to the given directories...

If using VS.NET 2005 to compile Apache 2.2.3, download cvtdsp.pl and run 'perl cvtdsp.pl -2005' (For VC++ 6.0: 'perl cvtdsp.pl -6' but this is unnecessary).

Build/Install Apache

Apache 2.0/2.2 can be built using the command line, or with the Visual Studio Workspace IDE. The command line build is the perfered choice.

Command-Line Build Instructions

Build Apache 2.0/2.2 in Release mode under C:\www\Apache22 (for 2.2) or C:\www\Apache2 (for 2.0), with the server listening on localhost (127.0.0.1, your local system) on port 80 (regular HTTP port).

Visual Studio Workspace IDE Build Instructions

Apache.dsw is the Visual Studio workspace, which exposes the entire list of working .dsp projects that are required for the complete Apache 2.0/2.2 binary release.

Setup for mod_security

To build mod_security, the built Apache2 libraries and include files are used...

Edit file C:\build\modsecurity-apache-1.9.4\apache2\makefile.win and change the BASE path to the built Apache2 dir...

If building against Apache 2.2, edit file C:\build\modsecurity-apache-1.9.4\apache2\makefile.win and update the following line to reflect the new Apache 2.2 library names...

Build mod_security...

...\modsecurity-apache-1.9.4\apache2> nmake /f makefile.win

Copy generated file mod_security.dll to dir C:\www\Apache[2,22]\modules and file mod_security.lib to dir C:\www\Apache[2,22]\lib

Additional Steps and Information

During the Apache 2.0/2.2 build process, the needed OpenSSL files (libeay32.dll, ssleay32.dll, openssl.exe) are placed into C:\www\Apache[2,22]\bin, except openssl.cnf. openssl.cnf is the OpenSSL configuration file. This file needs be copied manually....

From directory ...\httpd-2.x.x\srclib\openssl\apps copy file openssl.cnf to C:\www\Apache22\bin (2.2) or C:\www\Apache22\bin (2.0) [note that .cnf file extensions are invisible, by default, on Windows 2000/XP]

Apache v2.x (win32) file ssl.conf contains a syntax problem that needs to be addressed....

Change 'SSLMutex file:logs/ssl_mutex' under ssl.conf to 'SSLMutex default' [the default 'file:logs/ssl_mutex' option is not available under win32]

Update Configuration Files

Now that the Apache httpd Web-Server has been successfully built -- [before proceeding with startup] configuration file httpd.conf will need to be updated (for mod_deflate and other changes) and an SSL Private/Public Key-Pair will need to be created (for mod_ssl)...

Note that if "localhost" will be used, make sure that file %SystemRoot%\system32\drivers\etc\hosts contains line...

127.0.0.1 <tab> localhost

mod_deflate requires several additions and updates to be made to httpd.conf, the Apache 2.0/2.2 configuration file.

Open C:\www\Apache[2,22]\conf\httpd.conf, add...

LoadModule deflate_module modules/mod_deflate.so
LoadModule headers_module modules/mod_headers.so

<IfModule deflate_module>
	DeflateFilterNote Input instream
	DeflateFilterNote Output outstream
	DeflateFilterNote Ratio ratio
	LogFormat '"%r" %{outstream}n/%{instream}n (%{ratio}n%%)' deflate
	CustomLog logs/deflate.log deflate

	<Location />
		AddOutputFilterByType DEFLATE text/html text/plain text/css

		 # Netscape 4.x has some problems...
		BrowserMatch ^Mozilla/4 gzip-only-text/html

		# Netscape 4.06-4.08 have some more problems
		BrowserMatch ^Mozilla/4\.0[678] no-gzip

		# MSIE masquerades as Netscape, but it is fine
		BrowserMatch \bMSIE !no-gzip !gzip-only-text/html

		# Don't compress images
		SetEnvIfNoCase Request_URI \
		\.(?:gif|jpe?g|png)$ no-gzip dont-vary

		<IfModule headers_module>
			# Make sure proxies don't deliver the wrong content
			Header append Vary User-Agent env=!dont-vary
		</IfModule>
	</Location>
</IfModule>

The default Apache DocumentRoot/Webroot is set to ...\Apache22\htdocs (for 2.2) or ...\Apache2\htdocs (for 2.0) -- our Guides and our Web-Server Suite has this changed to \www\webroot -- update DocumentRoot if you are also going to use our other Guides. Note that when testing Apache, you will need to make/copy index.html and/or other files into the new directory, as it will be empty.

Open C:\www\Apache[2,22]\conf\httpd.conf...

Locate line DocumentRoot "/www/Apache[2,22]/htdocs", replace with...

DocumentRoot "/www/webroot"

Locate line <Directory "/www/Apache[2,22]/htdocs">, replace with...

<Directory "/www/webroot">

Startup and Operation

Executables 'httpd.exe' (for 2.2) and 'apache.exe' (for 2.0) are located under directory 'C:\www\Apache22\bin' (for 2.2) or 'C:\www\Apache2\bin' (for 2.0) - which should be included into the System PATH. If this dir is not in the PATH, 'httpd.exe' or 'apache.exe' should be run from a command line that is under 'C:\www\Apache[2,22]\bin'.

Install the 'Apache2' Service...

[this will start 'Apache2' automatically from now on, but not the first time]
['-D SSL' option will cause Apache to load mod_ssl; leave this out if mod_ssl is not needed]

Start the 'Apache2' Service...

[or use 'net start Apache2']

Additional Commands...

Stop 'Apache2' Service...

[or use 'net stop Apache2']

Graceful restart 'Apache2' Service...

Uninstall 'Apache2' Service...

Testing

To test the regular (port 80) server enter url : http://localhost

To test the SSL (port 443) server enter url : https://localhost

To test Server via telnet...

Run 'cmd.exe', execute 'telnet'