I’ve been running OpenBSD on my home server since version 3.4. I never had the need to run the absolute latest and greatest third party software. Installing the pre-compiled packages from the current version is fast, easy and secure, but the downside is that it’s rarely the latest version(in terms of functionality).
Now a couple of days ago I was asked to setup a Linux or Unix machine here at work, serving some heavy webpages with PHP/MySQL. Security was also a big focus. I decided on OpenBSD because that’s what I’ve been using for the last ~8 years.
Now to the problems:
They require Apache 2.2.21, and PHP 5.3.8. OpenBSD comes with Apache 1.3 with default chrooting.
Installing Apache 2 from packages is not a problem, however the latest on OpenBSD 5.0 is 2.2.15.
In my case , our company has a Nessus security scanner and it does not take into consideration that Apache 2.2.15 is patched by the OpenBSD team, the only way around it is to upgrade to the latest.
Here is how I did it:
1. download the latest Apache 2 source from http://httpd.apache.org/
2. extract the gtar to your temp directory
3. ./configure —with-included-apr —enable-mods-shared=”most cache disk-cache proxy ssl mime-magic cern-meta usertrack unique-id suexec log-forensic”
This will install Apache 2 from source with the same features as the pre-compiled Apache 2.2.x package with all the shared modules.
In this setup I have not changed the default installation directory, so for now everything will be installed to /usr/local/apache2/ this includes config files, htdocs, binaries, manuals etc.
I like to have everything in one directory for easy uninstall (as there is no pkg_delete etc for stuff built from source)
As Apache 1.3 is already installed in the base OS, Apache 1.3 and Apache 2.2.x will have the same filenames but in different directories. This can be confusing and I simply renamed some key files:
4. cd /usr/local/apache2/bin
mv apachectl apachectl2
mv apachectl.8 apachectl2.8
mv httpd.8 httpd2.8
add /usr/local/apache2/bin to your PATH
Now you have your old apachectl binary, and the new apachectl2 for easy start/stop. Also man files for apachectl and apachectl2, httpd and httpd2 are separated.