The Network Manager at Westminster School presents solutions to sticky problems...

Tuesday, 9 April 2013

Building Apache 2.4.4 from the Unix source with Openssl, zlib, libxml2, ipv6 support on Windows with Visual Studio 2012 to x86 binaries

Why would I want to even think about it? Well, because all the binaries compiled for windows have IPv6 disabled by default and the only way to enable it is to compile it yourself. Now I have to warn you, it took me well over a week to figure out what was going on and had endless failures. This procedure that follows is likely to test your patience, however, the result is a working Apache httpd running on Windows Server 2012.

That is, one that has been compiled from the original sources, and not one that has been added to by Bob down the road who has slipped in his own datalogger, if you know what I mean...

The main requirements are: Visual Studio 2012, the Platform latest SDK, perl and awk in the environment path, and CMake. Next...

Download it all

Download the latest version of apache source and unpack (Unix sources suffice) into a httpdxx root directory. All the following packages will end up in the srclib directory.
Download latest version of openssl source and unpack in to sub directory srclib\openssl
Download latest version of zlib source and unpack into in to subdirectory srclib\zlib
Download latest pcre source
Download the expat binaries compiled for windows and put into srclib\win32\bin\release
Download the prceombiled binaries and the dev packages for libiconv and copy into srclib\libiconv
Download the source for libxml2 and place into srclib\libxml

Build pcre

Unzip source into a seperate directory from your httpdxx directory. Add a build subirectory as a destination for your CMake build. Use CMake to create a solution for native Visual C 11 with the following options:
• CMAKE_INSTALL_PREFIX (your httpdxx\srclib\pcre folder)
Open the solution in Visual Studio and change to Release. Check the project to make sure that PDB’s are created. Compile the BUILDALL project. If all compiles, build the INSTALL project. Make sure the binaries end up in the same place.
Copy the pcre.dll and pcre.pdb into the srclib\pcre (needed because of badly written includes and this was the easiest option.)

Build zlib

Open your Visual Studio Dev Environment command line and cd to httpdxx\srclib\zlib
open VS Command Prompt and navigate to srrclib\zlib. build using:
nmake /f win32\Makefile.msc
nmake /f win32\Makefile.msc test

Build Openssl

cd to httpdxx\srclib\openssl
perl Configure VC-WIN32 enable-camellia no-idea no-rc5
(You do not really want zlib compiled into openssl do you? I’m shocked. Really!)
nmake -f ms\ntdll.mak
Create an empty file store.h in srclib\openssl\inc32\openssl or OpenSSL will fail to build into the rest of the projects.

Prepare httpd

Update srclib\apr\include\apr.hw and change: (default is 0) This enables IPv6
#define APR_HAVE_IPV6           1
Run the following from the root of the httpd source to deal with UNIX line endings and prepared the projects for use with .net compilers:
>Perl .\srclib\apr\build\
>Perl .\srclib\apr\build\ -2005
Now open Visual Studio and open the Apache.dsw workspace file. It will convert the file to a Apache.sln and convert all the projects to .vcxproj.
Change properties of libhttpd:
Configuration Properties -> Linker -> General -> Additional Library Directories add .\srclib\pcre\lib (Location of pcre.lib)
Configuration Properties -> C/C++ -> General -> Additional Include Directories add ./srclib/pcre/include (location of pcre.h)
Open ApacheMonitor.rc and comment out the following line with a #:
Change the Properties of ApacheMonitor:
Configuration Properties -> C/C++ -> Manifest Tool -> Input and Output -> Additional Manifest Files. Add ApacheMonitor.manifest
Change the properties of Mod_xml2enc
Configuration Properties -> C/C++ -> General -> Additional Include Directories add ./srclib/apr-iconv/lib

Build Libxml2

The Libxml2 source contains a folder called win32\VC10. Add the libxml2.vcxproj to your Apache solution. Change the properties of the libxml2 project. (You may need to upgrade the project first by going to Project -> Upgrade Projects.)
Configuration Properties -> General
-Configuration Type Dynamic Library (.dll)
Configuration Properties -> C/C++ -> All Options
-Enable Function-Level Linking: No
-Enable Instrisic Function: No
-Output Directory ..\Release (Or it will go into the httpd\Release folder. Not a good idea. You will need to create a win32\Release folder)
Configuration Properties -> Linker -> All Options
-Output File: ../Release/libxml2.dll
-Additional Library Directories: ../../../libiconv/lib;../../../libiconv/bin
-SubSystem: Windows
-Additional Dependencies: libiconv.lib;libcharset.lib;ws2_32.lib;mswsock.lib;
-Link Time Code Generation: Default
-Generate Debug Info: Yes
Modify mod_proy_html and mo_xml2enc. These two projects need Lib2xml.
Configuration Properties -> C/C++ -> All Options
-Additional Include Directories: ../../include;../../srclib/apr/include;../../srclib/libiconv/include;../../srclib/apr-iconv/include;../../srclib/apr-util/include;../../srclib/libxml2/include;
Configuration Properties -> Linker -> All Options
-Additional Library Directories: ../../srclib/libxml2/win32/Release;../../srclib/libiconv/lib;../../srclib/libxml2/win32/bin.msvc;
-Additional Depdencies: (Add) ws2_32.lib;mswsock.lib;

Build Apache

Go to Solution Congifuration. Change to Release and remove the build tick from the following projects:
• all projects beginning apr_db
• BuildAll
• BuildBin
• Fcgistarter
• gen_test_char
• InstallBin
• Libarpiconv_ccs_modules
• Libarpiconv_ces_modules
• Mod_lbmethod_rr
• Mod_lua
• Mod_session_crypto
• Mod_socache_dc
Build the Solution. This should allow everything to build successfully. There may well be something I have missed. Believe me, it is possible to fix it! I did.
Open your Visual Studio Dev Environment command line.
>Cd \htppdxx\srclib\apr-iconv\ces
Use NMake to create a batch file from the MakeFile instructions:
>NMAKE /nologo /f BUILD_MODE="Win32 Release" BIND_MODE=shared /N /U >>make.bat
Edit the make.bat file to remove all the leading tabs and remove all of " /Yuinconv.h " This stops the building of components using precompiled headers, otherwise you get an external reference error.
Run the batch file to compile these, do NOT compile them in Visual Studio.
Do the same in the ccs directory.
Amend Find the section list below and add the line in bold:
!IF EXIST("srclib\libxml2")
 copy srclib\libxml2\win32\$(LONG)\libxml2.$(src_dll) "$(inst_dll)" <.y 

 copy modules\filters\$(LONG)\mod_proxy_html.$(src_so)  "$(inst_so)" <.y
 copy modules\filters\$(LONG)\mod_xml2enc.$(src_so)  "$(inst_so)" <.y
Finally go to the root of the source directory and run the install script to pull out all the compiled files into an installation directory (in my case D:\Apache24)
>cd \httpdxx
>nmake -f INSTDIR=D:\apache24 SHORT=R LONG=Release _install

Strip the Binaries

You now have about 86MB of Apache Server. You can make that a lot lighter by doing the following.
Remove all the debug information (i.e. del /S /Q *.pdb)
Delete the Manual Directory (That why Google was invented)
Delete the Include and Lib directories (Unless you are going to do some development work using this set of binaries.)
You should now have about 8MB of web server.

Install on Server 2008 R2/2012

Install the Visual C redistributable (You will need the 2012 version, of course)
Copy your cut down binaries to your chosen location on your server.
From a (elevated) Command Prompt, navigate to bin directory and run:
httpd.exe –k install (installs as a service and starts…)
Configure Server using the configuration files
Now – I cheated – of sorts. In order to get an initially working conf file, I installed apache using the MSI and ran through the initial configuration. When I then compiled my own version of apache, I used the same working configuration file and amended it from there.

Configuration Gotchas

SSLPassPhraseDialog The default setting (builtin) does not work on windows so you need to point to a pass phrase programme. I used Notepad.exe. I removed the pass phrases from my passwords (Just Google “retrieving a key and certificate from a PFX file.” Very effective)
SSLSessionCache This requires a path not broken by spaces. If you have installed to the default location (as with the msi installed provided by apache) then you’re not quite stuck, but it feels it. Create a shortcut in the root of the c drive that points to your apache directory. Then use shmcb:C:\Apache\etc…

And that is it. As I have said, I have probably missed some things out here, but I do have a working solution, so it is possible, if akin to having your fingernail being pulled out.

1 comment:

  1. WARNING: While we managed to build and deploy Apache in this way, we have experienced some issues with regards to SSL Termination. We have as yet not determined how these issues have arisen and they may not be anything to do with the build process. Please, please test this thoroughly before putting in to production.