Introduction:

Steps to compile Apache:
– Installation of needed development packages
– Prepare the directories needed
– copy the config file and script below
– Run the script below

Installation of needed development packages

Needed for Apache mod_deflate
libzip-dev (sources)
libzip1 (bin libs.)
zlib1g-dev (sources)

Needed for Mod_security
libpcre3-dev
libpcrecpp0
libxml2-dev

Compiling script Configuration file
APACHE_VERSION="2.2.24"
MOD_JK_VERSION="1.2.31"
MOD_SECURITY_VERSION="2.5.11"
MOD_EVASIVE_VERSION="1.10.1"
MOD_BW_VERSION="0.92"
MOD_FASTCGI_VERSION="2.4.6"
OPENSSL_VERSION="openssl-1.0.0g"
#
# APACHE_VERSION="2.2.24" # Fixes some bufg but especially some security holes
# MOD_JK_VERSION="1.2.31" # !!!later version have problems of keeping the TCP connections
# MOD_SECURITY_VERSION="2.5.11" # !!!version 2.5.12 prevents apache to start
# MOD_EVASIVE_VERSION="1.10.1" # !!!no other versions found after that...so far. Not used in Live System
# MOD_BW_VERSION="0.92" # !!!latest version found so far. Not used in Live Systems
# MOD_FASTCGI_VERSION="2.4.6" # Not used in Live system
# OPENSSL_VERSION="openssl-1.0.0g" # !!!later versions(1.0.0h-1.0.1e) don't compile under Apache 2.2.24
# -----------------------
PREFIX="/www/apache-${APACHE_VERSION}"
APXS="${PREFIX}/bin/apxs"
SRC="$PWD"
SUEXEC_DOCROOT="/www/htdocs"
APACHEDIR="/www/apache"
#------------------ URLs of sources ------------------------
APACHE_URL="http://www.apache.org/dist/httpd/httpd-${APACHE_VERSION}.tar.gz"
OPENSSL_URL="http://ftp.openssl.org/source/${OPENSSL_VERSION}.tar.gz"
MOD_SECURITY_URL="http://www.modsecurity.org/download/modsecurity-apache_${MOD_SECURITY_VERSION}.tar.gz"
MOD_JK_URL="http://apache.mirror.iphh.net/tomcat/tomcat-connectors/jk/tomcat-connectors-${MOD_JK_VERSION}-src.tar.gz"
#
# extra optional modules
MOD_EVASIVE_URL="http://www.zdziarski.com/projects/mod_evasive/mod_evasive_${MOD_EVASIVE_VERSION}.tar.gz"
#MOD_BW_URL="http://bwmod.sourceforge.net/files/mod_bw-${MOD_BW_VERSION}.tgz"
MOD_BW_URL="http://ivn.cl/files/source/mod_bw-${MOD_BW_VERSION}.tgz"
MOD_FASTCGI_URL="http://www.fastcgi.com/dist/mod_fastcgi-${MOD_FASTCGI_VERSION}.tar.gz"
#
# Packages to fetch, compile and install
PACKAGES="$APACHE_URL $OPENSSL_URL $MOD_SECURITY_URL $MOD_JK_URL $MOD_EVASIVE_URL $MOD_BW_URL"
#
CONF="/www/http_etc"
LOGS="/www/http_logs"

Compiling Script

Building apache2

#!/bin/bash
# Reading the above configuration file
. ./build.cfg
WD=$(pwd)
PREFIX=$WWW
WGET="`which wget`"
BASENAME="`which basename`"
GUNZIP="`which gunzip`"
LN=$(which ln)
#
# Function asking to do the operation
# Syntax: YES_FUNC "What to do" "Command to execute"
YES_FUNC () {
ASK_STRING="$1"
TO_EXECUTE="$2"
read -p "$ASK_STRING (y/n)?" YES_NO
#YES_NO=y
if [ "$YES_NO" = "y" -o "$YES_NO" = "Y" ]
then
eval $TO_EXECUTE
else
echo "dann nicht"
fi
}
#
########## Pakete holen ##################
#
for URL in $PACKAGES; do
TAR_FILE="`$BASENAME $URL`"
if [ ! -f ${TAR_FILE} ] ; then
YES_FUNC "wget $URL" "$WGET $URL"
else
echo "$TAR_FILE already present"
fi
YES_FUNC "$TAR_FILE auspacken" "$GUNZIP -d -c $TAR_FILE | tar xvf -"
done
#
############### Building it #############
export SSL_BASE=${WD}/$(find . -type d -name openssl-\* | head -1)
export LIBS=""
export INCLUDES=""
# code optimization
export CFLAGS="-O2"
mkdir -p $WWW
#PACKAGES="$APACHE_URL $OPENSSL_URL $MOD_SECURITY_URL $MOD_JK_URL $MOD_EVASIVE_URL $MOD_BW_URL $MOD_FASTCGI_URL
if $(echo $PACKAGES | grep -q $OPENSSL_URL); then
## --------------------- compile openssl ---------------------------------
cd $SSL_BASE
YES_FUNC "config openssl" "./config threads -fPIC 2>&1 |tee ${WD}/config_openssl.out 2>&1"
YES_FUNC "make clean + openssl" "time (make clean ; make 2>&1 |tee ${WD}/make_openssl.out 2>&1)"
YES_FUNC "make openssl Test" "make test"
cd $SSL_BASE
ln -s . lib
cd ${WD}
fi
#
if $(echo $PACKAGES | grep -q $APACHE_URL); then
## -------------------------- compile apache ----------------------------------------------
# SSL_BASE ist schon deklariert
# build with most modules as DSO and some necessary as integrated in core
cd httpd-${APACHE_VERSION}

# Added:
# --with-included-apr \
# --enable-nonportable-atomics=yes \ - produces 486 and up code that is more efficient instead of 386 compatible code(for fast hardware compare-and-swap)
# --enable-static-support \ - produces a built with all the necessary libraries integrated. Portable to almost any linux platform
# --with-mpm=prefork \ necessary because owrker or event are not compatible with mod_ssl
#
# taken out:
#--enable-modules=all \
#--enable-mods-shared=all \
#
export PKG_CONFIG_PATH=$SSL_BASE
#
YES_FUNC "config apache" "./configure --prefix=${PREFIX} \
--enable-static-support \
--with-mpm=prefork \
--with-included-apr \
--with-ssl=$SSL_BASE \
--enable-nonportable-atomics=yes \
--enable-so \
--enable-alias \
--enable-auth-basic \
--enable-auth-plain \
--enable-authz-user\
--enable-authn-file \
--enable-access \
--enable-dir \
--enable-env \
--enable-http \
--enable-log-config \
--enable-mime \
--enable-setenvif \
--enable-status \
--enable-deflate \
--enable-headers \
--enable-info \
--enable-proxy \
--enable-proxy-http \
--enable-proxy-connect \
--enable-rewrite \
--enable-ssl \
--enable-actions=shared \
--enable-asis=shared \
--enable-autoindex=shared \
--enable-cgi=shared \
--enable-cgid=shared \
--enable-charset-lite=shared \
--enable-echo=shared \
--enable-dumpio=shared \
--enable-dav=shared \
--enable-dav-fs=shared \
--enable-dav-lock=shared \
--enable-dumpio=shared \
--enable-auth-digest=shared \
--enable-authn-alias=shared \
--enable-authn-default=shared \
--enable-authz-groupfile=shared \
--enable-authz-host=shared \
--enable-authz-owner=shared \
--enable-authz-default=shared \
--enable-filter=shared \
--enable-imagemap=shared \
--enable-negotiation=shared \
--enable-userdir=shared \
--enable-cache=shared \
--enable-disk-cache=shared \
--enable-mem-cache=shared \
--enable-file-cache=shared \
--enable-expires=shared \
--enable-ext-filter=shared \
--enable-ident=shared \
--enable-logio=shared \
--enable-log-forensic=shared \
--enable-mime-magic=shared \
--enable-proxy-balancer=shared \
--enable-proxy-ftp=shared \
--enable-proxy-ajp=shared \
--enable-proxy-cgi=shared \
--enable-speling=shared \
--enable-substitute=shared \
--enable-unique-id=shared \
--enable-usertrack=shared \
--enable-vhost-alias=shared \
--enable-version=shared \
--disable-include \
--disable-imagemap \
--enable-suexec=shared \
--with-suexec-logfile=/www/http_logs/suexec.log \
--with-suexec-safepath=/usr/local/bin:/usr/bin:/bin \
--with-suexec-docroot=/www/ \
--with-suexec-caller=nobody \
--with-suexec-uidmin=2000 \
--with-suexec-gidmin=3000 \
--enable-static-ab \
--enable-static-checkgid \
--enable-static-htdbm \
--enable-static-htdigest \
--enable-static-htpasswd \
--enable-static-logresolve \
--enable-static-rotatelogs \
2>&1 |tee ${WD}/config_apache.out 2>&1"
YES_FUNC "make clean + Apache2" "time (make clean ; make 2>&1 |tee ${WD}/make_Apache2.out 2>&1)"
cd ${WD}
#
## apache installation
cd $SRC/httpd-${APACHE_VERSION}
YES_FUNC "make install Apache2" "time (make install 2>&1 | tee ${WD}/make_install_Apache2.out 2>&1)"

fi
#
#------------------------- building mod_jk ----------------------------------
if $(echo $PACKAGES | grep -q $MOD_JK_URL); then
cd $SRC/tomcat-connectors-${MOD_JK_VERSION}-src/native/
YES_FUNC "Adding mod_jk. Configure mod_jk" "./configure --with-apxs=${PREFIX}/bin/apxs"
YES_FUNC "make clean + mod_jk" "time (make clean ; make 2>&1 |tee ${WD}/make_mod_jk.out 2>&1)"
## mod_jk installation
YES_FUNC "Install mod_jk" "cp $SRC/tomcat-connectors-${MOD_JK_VERSION}-src/native/apache-2.0/mod_jk.so ${PREFIX}/modules/ 2>&1 | tee ${WD}/install_mod_jk.out 2>&1"
fi
#
#------------------------- building mod_security -----------------------------
if $(echo $PACKAGES | grep -q $MOD_SECURITY_URL); then
cd $SRC/modsecurity-apache_${MOD_SECURITY_VERSION}/apache2
YES_FUNC "Adding mod_security2. Configure mod_security2" "./configure --with-apxs=${PREFIX}/bin/apxs --with-apr=${PREFIX}/bin --with-apu=${PREFIX}/bin"
YES_FUNC "make clean + mod_security2" "time (make clean ; make 2>&1 |tee ${WD}/make_mod_security2.out 2>&1)"
## mod_security installation
YES_FUNC "make install mod_security2" "make install 2>&1 | tee ${WD}/make_install_mod_security2.out 2>&1"
fi
#------------------------- building mod_evasive -----------------------------
if $(echo $PACKAGES |grep -q $MOD_EVASIVE_URL); then
cd $SRC/mod_evasive
YES_FUNC "make and install mod_evasive" "time (${PREFIX}/bin/apxs -i -a -c mod_evasive20.c 2>&1 |tee ${WD}/make_mod_evasive.out 2>&1)"
fi
#
#------------------------- building mod_bw -----------------------------
if $(echo $PACKAGES | grep -q $MOD_BW_URL ); then
#cd $SRC/mod_bw
## mod_bw make and install
YES_FUNC "make and install mod_bw" "time (${PREFIX}/bin/apxs -i -a -c mod_bw.c 2>&1 | tee ${WD}/make_install_mod_bw.out 2>&1)"
fi
#
#------------------------- building mod_fastcgi -----------------------------
if $(echo $PACKAGES | grep -q $MOD_FASTCGI_URL ); then
cd $SRC/mod_fastcgi-${MOD_FASTCGI_VERSION}
cp Makefile.AP2 Makefile
## mod_fastcgi make and install
YES_FUNC "make clean + mod_fastcgi" "time (make clean ; make top_dir=$SRC/httpd-${APACHE_VERSION} 2>&1 |tee ${WD}/make_mod_fastcgi.out 2>&1)"
## mod_fastcgi installation
YES_FUNC "Install mod_fastcgi" "cp $SRC/mod_fastcgi-${MOD_FASTCGI_VERSION}/.libs/mod_fastcgi.so ${PREFIX}/modules/ 2>&1 | tee ${WD}/install_mod_fastcgi.out 2>&1"
fi
#--------------------------------------------------------------------------------------------------------------------------
#
echo "NOTE: Make sure the following line is present in configuration file: ${PREFIX}/conf/httpd.conf"
if $(echo $PACKAGES | grep -q $MOD_JK_URL); then
echo "LoadModule jk_module modules/mod_jk.so"
fi
#
if $(echo $PACKAGES | grep -q $MOD_SECURITY_URL); then
echo "LoadModule security2_module modules/mod_security2.so"
fi
#
if $(echo $PACKAGES | grep -q $MOD_FASTCGI_URL ); then
echo "LoadModule fastcgi_module modules/mod_fastcgi.so"
fi
#
echo -e "\n------------- DONE --------------"
#### eof ####