バージョンは
また,Cryptographic Framework については, Sun Bingadmin
http://www.sun.com/bigadmin/motd/042006.html
から crypto framework で検索して出てくる文書 「The Solaris Cryptographic Framework」(pdf)を参照.
あと,こちら. Sun/Solaris10/Cryptgraphic Framework
/usr/sfw/lib/libcrypto.so や /usr/sfw/lib/libssl.so を リンクに使う.
$ CFLAGS='-DSSL_EXPERIMENTAL -DSSL_ENGINE' \ > ./configure --prefix=/opt/apache --enable-so \ > --enable-mods-shared=all \ > --enable-ssl --with-mpm=prefork --with-z=/usr \ > --enable-rule=SSL_EXPERIMENTAL \ > --with-ssl=/usr/sfw $ make # make install
Apache のssl.conf 内で
SSLCryptoDevice pkcs11
という行を加えておく. あと,SSLCipherSuite の設定を次のようにするべし.
SSLCipherSuite ALL:!ADH:!EXPORT56:-AES256-SHA:-DHE-RSA-AES256-SHA: -DHE-DSS-AES256-SHA:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL (実際は 1行)
また,Solaris10 8/07 ぐらい以降, もしくはこの時期以降のパッチをあてた Solaris10 では, openssl が入れ替わっているせいか, ssl.conf 内の
<VirtualHost _default_:443>
の行を
<VirtualHost *:443>
としないと core dump する. (記述が厳しくなったってことか)
既にOS標準の apache が SMF で管理されているので,これを修正する.
# cp -p /var/svc/manifest/network/http-apache2.xml \ /var/svc/manifest/network/http-apache2.xml.org # vi /http-apache2.xml.patch (<--これはなくてもいいかな) --- --- /var/svc/manifest/network/http-apache2.xml.OSORG Sat Jan 8 17:51:58 2005 +++ /var/svc/manifest/network/http-apache2.xml Fri Jul 29 19:13:05 2005 @@ -7,7 +7,7 @@ ident "@(#)http-apache2.xml 1.2 04/11/11 SMI" --> -<service_bundle type='manifest' name='SUNWapch2r:apache'> +<service_bundle type='manifest' name='TNKapache2:apache'> <service name='network/http' @@ -21,6 +21,14 @@ --> <instance name='apache2' enabled='false'> + <dependency + name='fs-local' + grouping='require_all' + restart_on='none' + type='service'> + <service_fmri value='svc:/system/filesystem/local' /> + </dependency> + + <dependency + name='autofs' + grouping='require_all' + restart_on='none' + type='service'> + <service_fmri value='svc:/system/filesystem/autofs' /> + </dependency> <dependency name='loopback' grouping='require_all' restart_on='error' --- # (cd / ; patch -p1 < ./http-apache2.xml.patch) # chgrp bin /var/svc/manifest/network/http-apache2.xml # rm /http-apache2.xml.patch # svccfg import /var/svc/manifest/network/http-apache2.xml
# cp -p /lib/svc/method/http-apache2 /lib/svc/method/http-apache2.org # vi /http-apache2.patch --- --- /lib/svc/method/http-apache2.OSORG Sat Jan 8 17:51:58 2005 +++ /lib/svc/method/http-apache2 Fri Jul 29 18:22:03 2005 @@ -8,9 +8,9 @@ . /lib/svc/share/smf_include.sh -APACHE_HOME=/usr/apache2 -CONF_FILE=/etc/apache2/httpd.conf -PIDFILE=/var/run/apache2/httpd.pid +APACHE_HOME=/usr/local/apache2 +CONF_FILE=/usr/local/apache2/conf/httpd.conf +PIDFILE=/usr/local/apache2/logs/httpd.pid [ ! -f ${CONF_FILE} ] && exit $SMF_EXIT_ERR_CONFIG @@ -17,7 +17,6 @@ case "$1" in start) /bin/rm -f ${PIDFILE} - /bin/mkdir -p /var/run/apache2 ssl=`svcprop -p httpd/ssl svc:/network/http:apache2` if [ "$ssl" = false ]; then cmd="start" --- # (cd / ; patch -p1 < ./http-apache2.patch) # chgrp bin /lib/svc/method/http-apache2 # rm /http-apache2.patch
なお,apache 2.2 からは startssl オプションは無くなった
wget ftp://xmlsoft.org/libxml2/libxml2-2.6.26.tar.gz
PATH=/usr/bin:/usr/sbin:/usr/ccs/bin:/usr/sfw/bin:. LD_LIBRARY_PATH=/usr/sfw/lib % ./configure % make # make install
% ./configure --with-apxs2=/opt/apache/bin/apxs \ --enable-mbstring --enable-mbregex \ --with-openssl=/usr/sfw \ --with-zlib \ --with-libxml-dir=/usr/local \ --with-mysql=/usr/sfw % make # make install # cp php.ini-recommended /usr/local/lib/php/php.ini