Automic How to Install & Configure Apache on Apache Configuration on Linux for Application Manger Installation Guide and Notes Copyright © 2007 Automic Software, Inc. All Rights Reserved. Printed in USA Restricted Rights Legend Use, duplication, or disclosure of the Programs is subject to restrictions stated in your contract with Automic Software. Use, duplication, or disclosure of the Programs by Government is subject to restrictions for commercial computer software and the Programs shall be deemed to be licensed with Restricted Rights under Federal Law. The information contained in this document is subject to change without notice. Automic Software does not warrant that this documentation is error-free. If you find errors in this document, please contact Automic Software Documentation. Automic is a registered trademark of Automic Software. All other product names and services identified throughout this book are trademarks or registered trademarks of their respective companies.

Automic Software, Inc. 14475 NE 24th Street Bellevue, WA 98007 USA Tel: +1.(425).644.2121 Fax: +1.(425).644.2266 Email: office.us(at)Automic.com

Automic Software GmbH /o SAP PartnerPort Walldorf Altrottstrasse 31 69190 Walldorf/Baden Germany Tel: +49.(0)6227.381.180 Fax: +49.(0)6227.381.200 Email: office.wdf(at)Automic.com

Prepared by: Souny Barati Title : Sr Consultant at CA-Automic Software Inc. Date: September 15, 2017

Souny Barati 2 Table of Contents Apache for Application Manager v9.x...... 4 Assumptions...... 4 Document Notes...... 4 Procedures to Install/Configure Apache2.4.x...... 4 Steps to Compile and Configure Apache 2.4.27...... 5 Prerequisite for Apache Installation...... 5 Compile and Install Apache2.4...... 7 Access Application Manger via Apache2.4.x...... 9 Setting up SSL/HTTPS on Linux...... 12 Creating a self-signed SSL Certificate using OpenSSL...... 12 Configuring Apache to run SSL/HTTPS server...... 14

Souny Barati 3 Apache for Application Manager v9.x This document will show you how to install and configure Apache on Linux version RedHat, Fedora, Oracle Linux, and CentOS for Application Manger V9.x.

Assumptions

This document assumes that:

 You have Linux server 64 bit, and you have installed lasted Java JRE.  Automic Application Manager V9.x has been properly installed and configured on Linux server.  You are going to install Apache on the same server as Application Manager Master server.  You have the old version or no Apache installed on Linux Server.  The installation will be done by Automic Linux OS user with sudo root privileges.  Having the root access is essential, without it you can not configure Apache correctly.  For more detail information about Apache please refer to official Apache project. http://httpd.apache.org/download.cgi#apache24

Document Notes The examples in the document illustrate compilation, installation and configuration of Apache 2.4 on Oracle Linux Server using source code from the Apache site. These steps should apply to other Apache distributions, Linux versions, and sources.

Procedures to Install/Configure Apache2.4.x The Apache HTTP Server Project itself does not provide binary releases of software, only source code. Individual independent developers may provide binary packages as a convenience, but it is not a release deliverable. This document shows you how to compile Apache 2.4 on Linux server.

Souny Barati 4 Steps to Compile and Configure Apache 2.4.27

SECTION 1:

You must download Apache2.4.27 from a trusted Apache distribution site(e.g. www- us.apache.org ). ➢ Apache source code -2.4.27.tar.gz

Prerequisite for Apache Installation

After downloading the above zip file you need to extract it on a temporary directory. ➢ Use mkdir command to create directory to extract the Apache source files. $> mkdir /tmp/Apache_src

➢ Than you can use wget command to get Apache zip source file.

$> mkdir apache-src $> cd apache-src $> wget http://apache.cs.utah.edu//httpd/httpd-2.4.27.tar.gz

you need to extract the new Apache zip file

$> tar zxf httpd-2.4.27.tar.gz

Souny Barati 5 ➢ Beside Apache source files you need to get the (APR 1.6.2), and the APR Apache Portable Runtime Utility library (APR-util 1.6.0) packages from Apache site. ➢ Unpack APR 1.6.2 and APR-util1.6.0 sources into the apache srclib sources before compiling Apache.

$ cd httpd-2.4.27 $ cd srclib $ wget http://www.namesdir.com/mirrors/apache//apr/apr-1.6.2.tar.gz $ tar zxf apr-1.6.2.tar.gz $ mv apr-1.6.2 apr $ rm -f apr-1.6.2.tar.gz $ wget http://www.namesdir.com/mirrors/apache//apr/apr-util-1.6.0.tar.gz $ tar zxf apr-util-1.6.0.tar.gz $ mv apr-util-1.6.0 apr-util

➢ Next step is to update your Linux server with latest development packages: $> sudo su $> yum update --skip-broken $> yum install apr-devel $> yum install apr-util-devel $> yum install pcre-devel $> yum -y install -devel $> yum -y install policycoreutils-python

Souny Barati 6 Now you have update and installed all the required packages, you are going to compile and install Apache 2.4.27.

Compile and Install Apache2.4 You need to change directory to /tmp/Apache_src/httpd-2.4.27/, and issue command below.

[/tmp/Apache/httpd-2.4.27] $> ./configure --prefix=/usr/local/apache2 --enable-so --enable-ssl --with-mpm=prefork --with-included-apr –with-included-apr-util [/tmp/Apache/httpd-2.4.27] $> make [/tmp/Apache/httpd-2.4.27] $> make install

Souny Barati 7 After the compilation finished successfully without any errors, before starting Apache you need to change some settings in httpd.conf in a newly installed Apache.

Souny Barati 8 Access Application Manger via Apache2.4.x

SECTION 2: In order to have access to the Application from newly installed Apache2.4.x, you need to modify httpd.conf file in Apache conf directory (e.g.

If you install Apache2.4.x in this directory in this path (e.g. /usr/local/apache2/conf), you need fewer modifications in httpd.conf file and in other Apache files. Assuming you have installed Apache2.4.x on the /usr/local/apache2/conf directory, you need to modify and add a few directives in httpd.conf file.

Starting from top of the httpd.conf

 ServerRoot "/usr/local/apache2"

Souny Barati 9  Listen 5050 (Assuming when you have installed the Application Manager (AMv9) you assigned the Apache port to 5050 default for AMv9. If you choose to have a different port you have to make sure to modify Master /opt/app/Automic/Master/site/awenv.ini and all the jnlp files on /opt/app/Automic/Master/web/

 ServerAdmin [email protected] (if you want to receive an email from Apache you can modify this line and add your support group email address.)

 ServerName AutomicVM (add the hostname of this server).

 Add the following lines to the end of the httpd.conf as shown below; most values are case sensitive. You just need to modify your Automation Engine name and path.

 Add this directive in httpd.conf file, to allow you to have access to the Application Manager web directory.

### SBSB Automic Alias Directive.

AllowOverride none

Require all granted

### SBSB Automic Alias Directive. alias /AUTOPROD/ "/opt/app/Automic/Master/web/"

AddType application/x-java-jnlp-file JNLP

AddType application/x-java-jnlp-file JNLP jnlp

AddType application/x-java-jnlp-file JNLP jnlp

AddType text/html .cfm

AddDefaultCharset utf-8 After you have modified the file, save it and restart the Apache24 service from Linux services. Now you can start AMv9 from your web browser application “Firefox “ like this: http://AutomicVM:5050/AUTOPROD/Intro.html

Now you have configured the Apache2.4.x to run Application Manger v9.

Note: You have to give read and execute permission to the Application Manager web directory recursively to Apache user and group, other wise you will get access deny error when you try to access AMv9 home page.

AH00132: file permissions deny server access

Souny Barati 10 AH00035: access denied because search permissions are missing on a component of the path

You need to use chmod command with 755 permission. [/opt/app/Automic/Master/web/] $> chmod -R 755 web

Souny Barati 11 Setting up SSL/HTTPS server on Linux

Section 2

Assuming that you already have Apache2.4 OpenSSL installed and configured to work on Linux (as mentioned in the section 1), there are two ways to get CA certificate:

1. Commercial one that you buy

2. Self-Signed Certificates that you create with OpenSSL

Creating a self-signed SSL Certificate using OpenSSL These steps must be followed carefully in order to create SSL certificate.

Open the command prompt and change directory to the Apache2 directory

/usr/local/apache2/conf

It will ask you some questions and you can safely ignore them and just answer the following questions: PEM pass phrase: Password associated with the private key you’re generating (anything of your choice).

Common Name: The fully-qualified domain name associated with this certificate (i.e. www.your- domain.com).

Now you need to remove the passphrase from the private key. The file “server.key” created from the following command should be only readable by the Apache server and the administrator. You should also delete the “.rnd” file because it contains the entropy information for creating the key and could be used for cryptographic attacks against your private key.

$> /usr/local/apache2/conf/openssl genrsa -des3 -out serverpass.key 2048

Souny Barati 12 /usr/local/apache2/conf/openssl req -new -key serverpass.key -out server.csr

Now you need to set up an expiry date, it could be any time of your choice, you can use 365 days; see below:

$> /usr/local/apache2/conf/openssl x509 -req -days 365 -in server.csr -signkey serverpass.key -out server.crt

You can remove the passphrase from new serverpass.key to server.key file with command below.

$> /usr/local/apache2/conf/openssl rsa -in serverpass.key -out server.key

Souny Barati 13 Configuring Apache to run SSL/HTTPS server

Now you need to configure Apache to start with the SSL server with the Self-signed SSL certificate you just created. You need to modify two Apache files.  /usr/local/apache2/conf/httpd.conf  /usr/local/apache2/confextra/httpd-ssl.conf

Open the httpd.conf file and uncomment these lines  LoadModule ssl_module modules/mod_ssl.so  Include conf/extra/httpd-ssl.conf  LoadModule socache_shmcb_module modules/mod_socache_shmcb.so

Souny Barati 14 Open httpd-ssl.conf and modify VirtualHost_default directive. Keep all the default options as it is, but make sure to modify the following section. You can keep the default port to 443, and make sure path to the Self-signed SSL certificate is correct.

Souny Barati 15 Souny Barati 16 Note:Not only does Apache listen to SSL port 443, it also has to listen to the standard HTTP port (in this case port 5050 that you have setup above for Application Manager).

The next step is to open an exception in Linux Firewall for TCP port 443, and restart Apache24 service from Linux services.

$> sudo semanage port -a -t http_port_t -p tcp 5050 $> sudo semanage port -a -t http_port_t -p tcp 443

The final step is to create two symbolic links to two Apache files in /usr/sbin/ directory. Note: If old Apache files are exist there you can remove them safely.

$> ln -s /usr/local/apache2/bin/apachectl apachectl $> ln -s /usr/local/apache2/bin/apachectl apachectl

Once you have completed all of these steps, you can launch Apache2.4 with command below. $> apachectl -k start or $> service httpd start (## After configured to run as a service startup) you can launch Application Manager with secure Apache SSL like the example below. For the first time you will get an exception, you can accept this exception since you have generated the SSL certificate.

https://AutomicVM:443/SBAM9/Intro.html.

Souny Barati 17 Souny Barati 18