Update (12.29.2002) :
The newest versions of PHP and Apache 2 will work together fairly smoothly. All the commands found in this document will still probably work with the newest versions, and I encourage you to attempt to compile it all for the experience. I have, however, broken down and tried out ApacheToolbox. I found it is extremely helpful for installing Apache with all sorts of modules including PHP, mod_ssl, MySQL, and many more. It is especially helpful if you are trying to maintain multiple servers. I suggest giving it a try.

Original Document :
This all started out as a simple upgrade but ended up being a nightmare. I only wanted to upgrade all my webserver software (Apache, mod_ssl, and PHP. MySQL was still fairly up-to-date.) but ended up having to play games all night. First I had to upgrade libtools and OpenSSL. Then I had to get CVS releases of both Apache 2 and PHP4. Once I finally got Apache 2, PHP4, and the newest OpenSSL to play nicely together, I noticed many of the webpages using PHP weren't functioning correctly. (My main website wasn't handling include()'s properly and the phpBB message forum was having random problems.) So after fighting with it for a couple hours I gave up and downgraded Apache and mod_ssl.

If you want to use newest versions of Apache 2 and PHP4 you need CVS of both. The current tarballs available do not work together. Probably by the time I get this all compiled and get my webserver back up, they will have released new versions of both that work. Check the news forum at news.php.net for information. If you want help getting the newest source of PHP and Apache, see the bottom of this document.

I don't suggest it until Apache 2 gets to be a little more stable, but if you want to try Apache 2 the following are the config/configure commands I used.

OpenSSL: (If you want to use DSO modules with OpenSSL, make sure you use the 'shared' flag.)

./config --prefix=/usr/local --openssldir=/usr/local/ssl shared

Apache 2:

./configure --prefix=/var/apache --enable-ssl \
--enable-so --enable-mods-shared=most

PHP:

./configure --with-mysql=/usr/local/mysql --with-openssl \
--with-apxs2 --enable-shared --enable-track-vars

Going back to Apache 1.3.24 I used these commands.

mod_ssl:

./configure --with-apache=../apache_1.3.24 \
--with-crt=/home/www/info/server.crt \
--with-key=/home/www/info/server.pem

Apache 1.3.24:

export SSL_BASE=/usr/local

./configure --prefix=/var/apache \
--enable-module=most --enable-module=ssl \
--enable-shared=max --enable-shared=ssl

PHP:

./configure --with-mysql=/usr/local/mysql --with-openssl \
--with-apxs --enable-shared --enable-track-vars

If you have VirtualHosts and want to use mod_ssl, do the following in httpd.conf:

 NameVirtualHost *:80
 NameVirtualHost *:443

 <VirtualHost *:80>
   # Your non-SSL virtual host here. Add a
   # new VirtualHost block for each host.
 </VirtualHost>

 ## In your <IfModule mod_ssl.c>:
 <VirtualHost *:443>
   # Your SSL protected virtual host here.
   # Add a new block for each host.
 </VirtualHost>

If you then start the server without using 'startssl' it will complain about no VirtualHost's assigned to *:443 but you can just ignore the warning.

There are other options needed in your apache config if you want SSL enabled. there are examples in the files ssl.conf and ssl-std.conf that come with the apache and mod_ssl packages.

If you plan on using SSL you will probably want to purchase a signed certificate from a trusted Certificate Authority. You can get one for free at freessl.com or if you don't mind your browser complaining about untrusted CA's everytime you visit your site using SSL you can even be your own CA. The following commands can be used to create a self-signed certificate.

Step one - create the key and request:

  openssl req -new > new.cert.csr

Step two - remove the passphrase from the key (optional):

  openssl rsa -in privkey.pem -out new.cert.key

Step three - convert request into signed cert:

  openssl x509 -in new.cert.csr -out new.cert.cert -req \
	-signkey new.cert.key -days 365

note: this is what i did in gentoo:

openssl genrsa -des3 -out secure.key 1024
openssl rsa -text -in secure.key -out unsecure.key
mv unsecure.key server.key
openssl req -new -x509 -days 365 -key server.key -out server.crt

The Apache configuration directives that you need to use the resulting cert are:

  SSLCertificateFile /path/to/certs/new.cert.cert
  SSLCertificateKeyFile /path/to/certs/new.cert.key

Notes About CVS

Instructions for obtaining newest CVS release of PHP:
http://www.php.net/anoncvs.php

 $ cvs -d :pserver:cvsread@cvs.php.net:/repository login
  Enter phpfi as the password.

 $ cvs -d :pserver:cvsread@cvs.php.net:/repository co php4
 $ cd php4
 $ cvs -d :pserver:cvsread@cvs.php.net:/repository co Zend TSRM
 $ ./buildconf

Instructions for obtaining newest CVS release of Apache:
http://httpd.apache.org/dev/anoncvs.txt

 $ cvs -d :pserver:anoncvs@cvs.apache.org:/home/cvspublic login
  Enter anoncvs as the password.

 $ cvs -d :pserver:anoncvs@cvs.apache.org:/home/cvspublic co httpd-2.0
 $ cd httpd-2.0/srclib
 $ cvs -d :pserver:anoncvs@cvs.apache.org:/home/cvspublic co apr
 $ cvs -d :pserver:anoncvs@cvs.apache.org:/home/cvspublic co apr-util
 $ cd ..
 $ ./buildconf

Source Package Downloads

Apache 1.3.24:
    http://www.apache.org/dist/httpd/apache_1.3.24.tar.gz

mod_ssl 2.8.8: (Only for Apache 1.3.24)
    http://www.modssl.org/source/mod_ssl-2.8.8-1.3.24.tar.gz

Apache 2.0.35: (Don't use if you use PHP. Use CVS release.)
    http://www.apache.org/dist/httpd/httpd-2.0.35.tar.gz

GNU Libtool 1.4 (I read about problems with 1.4.2)
    ftp://ftp.gnu.org/gnu/libtool/libtool-1.4.tar.gz

OpenSSL 0.9.6c:
    http://www.openssl.org/source/openssl-0.9.6c.tar.gz

PHP 4.1.2:
    http://www.php.net/do_download.php?download_file=php-4.1.2.tar.gz