Posts Tagged zend

INSTALL ZEND FOR ORACLE ON LINUX

April 24, 2007 at 1:11 pm · Filed under Oracle ·Tagged , , ,

(comes with php configured for Oracle by default)

1. Untar and install:

Download Zend for Oracle from the following site:
https://www.zend.com/core/oem_registration.php?access_code=OracleDB

#tar -xzvf ZendCoreForOracle-v1.5.0-Linux-x86.tar.gz
#cd ZendCoreForOracle-v1.5.0-Linux-x86
#./install

Follow the instructions to install.

Note that in our installation, we will be using the default installation path of Zend for oracle (/usr/local/Zend). Yours could be different.
2. Follow instructions to the end. If you are on Debian or Fedora (worked perfect for Suse!), copy the sysv init.d script as follows:
#cp /usr/local/Zend/apache2/bin/apache/apachectl.ZSAV /etc/init.d/apachectl.Zend
#chmod 755 /etc/init.d/apachectl.Zend
#chkconfig 2345 apachectl.Zend on

Look inside the /etc/apachectl.Zend file and change anything that needs to be changed. If you installed Zend for Oracle in the default directory, then you won’t need to change anything.

3. Then;
To start apache:
#service apachectl.Zend start
To stop apache:
#service apachectl.Zend stop

4. Alternatively, you may use a modified apachectl.Zend file. This allows you to start apache with ssl directly. Please replace the existing contents of the apachectl.Zend script with those below:

Replace the option “start” with the following:
start)
$HTTPD -k start -DSSL
ERROR=$?
;;

Replace the option “restart” with the following:
restart)
$HTTPD -k stop
$HTTPD -k start -DSSL
ERROR=$?
;;

Replace the option “graceful” with the following:
graceful)
$HTTPD -k -DSSL graceful
ERROR=$?
;;

CREATE A CERTIFICATE FOR YOUR WEBSITE
In our case, the apache configuration files were installed in the /usr/local/Zend/apache2 directory. Yours are most likely installed in /etc/apache2, so just map the directories as appropriate.

#cd /usr/local/Zend/apache2/conf
#mkdir ssl.crt
#mkdir ssl.key
#mkdir ssl.csr

Option 1 – This will create a certificate key with a password. You are advised to remove the password, so that you don’t have to input it everytime you restart apache. This is because apache might restart in the middle of the night, while there is no one to input the password.
#openssl genrsa -des3 -out ssl.key/yourdomain.co.ke.password.key 1024
(generate key with password)
#openssl rsa -in ssl.key/yourdomain.co.ke.password.key -out ssl.key/yourdomain.co.ke.key
(remove password from key)

Option 2 – This will create a certificate key without a password directly.
#openssl genrsa -out ssl.key/yourdomain.co.ke.key 1024
(generate key without password directly)

Create a certificate request key. This certificate request .csr file is what you will send to Verisign or Thawte so that they can verify it for you. In the meanwhile you complete your application and they send your certificate, we will create one for ourselves by using a self-signed certificate. This will still encrypt the channel for you, even though users will see the certificate as coming from an untrusted source.
#openssl req -new -key ssl.key/yourdomain.co.ke.key -out ssl.csr/yourdomain.co.ke.csr

Create the actual certificate using the certificate request file you created above:
#openssl x509 -req -days 365 -in ssl.csr/yourdomain.co.ke.csr -signkey ssl.key/yourdomain.co.ke.key -out ssl.crt/yourdomain.co.ke.crt

Examine the just created certificates to ensure they were created without errors:
#openssl rsa -noout -text -in ssl.key/yourdomain.co.ke.key
#openssl req -noout -text -in ssl.csr/yourdomain.co.ke.csr
#openssl x509 -noout -text -in ssl.crt/yourdomain.co.ke.crt

Configure your httpd.conf or whatever httpd config file you use to Listen on port 443 ie
Listen 443

Configure the virtual hosts as appropriate for your system, and don’t forget to switch on SSL.
The important options to configure are: SSLEnable, SSLCertificateFile(use the crt file we created above) and SSLCertificateKeyFile(use the key file we created above). Refer to the apache documentation. For example, your options should look like this:

SLCertificateFile /usr/local/Zend/apache2/conf/ssl.crt/yourdomain.co.ke.crt
and
SSLCertificateKeyFile /usr/local/Zend/apache2/conf/ssl.key/yourdomain.co.ke.key

If you are using zend for oracle apache, to start the webserver with ssl support you need to provide a special start option, start-ssl:
#/etc/init.d/apachectl.Zend start-ssl

If you are using our modified script, you can call the options using the service commands as follows:
#service apachectl.Zend start
(this will start apache with SSL support by default)

It is important that you turn off directory listing. To do this, ensure you have the following Options Directive in your httpd.conf or other apache default conf file:
Options -Indexes

REDIRECT USERS DIRECTLY INTO HTTPS
1. Inside your httpd.conf file we need to allow rewrite rules from the .htaccess file. So change:

AllowOverride None
to
AllowOverride AllowOverride FileInfo Options

Now add the following Options directives:
Options +FollowSymLinks +SymLinksIfOwnerMatch

1. Create a .htaccess file in your DocumentRoot
2. Add something similar to this in your file:
In our case the DocumentRoot was /usr/local/Zend/apache2/htdocs. So we did the following:

#cd /usr/local/Zend/apache2/htdocs
#vi .htaccess

Then add the following 3 lines:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

All http users will now be redirected to the https page by default.

Comments (4)