Install Apache, PHP with SSL and MySQL support on PC-BSD 8.0 / FreeBSD 8.0
March 6th, 2010 by Fuad NAHDI Categories: Apache / PHPTags: Apache, MySQL, PHP
In this article, I want to share you on how to install Apache and PHP with SSL and MySQL support on PC-BSD 8.0. I use the current stable version of Apache (version 2.2.14) and PHP (version 5.3.2) using PC-BSD 8.0 as the operating system. This article should be applicable to install them on Linux (Slackware, Centos, Ubuntu, Fedora, Redhat, etc) or other BSD varian (NetBSD, OpenBSD). The MySQL server was installed during system installation. If you want to install MySQL server from source distribution, follow my previous tutorial here.
1. Install Apache Httpd
Download the Apache httpd source file from http://httpd.apache.org/download.cgi and then extract, configure, compile and install it.
$ tar jxf httpd-2.2.14.tar.bz2 $ cd httpd-2.2.14
We will install Apache in /usr/local/apache directory and its system configuration files will be installed in /etc/apache directory.
So here how we configure it.
$ ./configure --prefix=/usr/local/apache --mandir=/usr/local/man --enable-ssl --enable-suexec \ --enable-cgi --enable-rewrite --enable-so --enable-modules=most --enable-mods-shared=max --sysconfdir=/etc/apache ----- [snip] ----- config.status: creating docs/conf/httpd.conf config.status: creating docs/conf/extra/httpd-autoindex.conf config.status: creating docs/conf/extra/httpd-dav.conf config.status: creating docs/conf/extra/httpd-default.conf config.status: creating docs/conf/extra/httpd-info.conf config.status: creating docs/conf/extra/httpd-languages.conf config.status: creating docs/conf/extra/httpd-manual.conf config.status: creating docs/conf/extra/httpd-mpm.conf config.status: creating docs/conf/extra/httpd-multilang-errordoc.conf config.status: creating docs/conf/extra/httpd-ssl.conf config.status: creating docs/conf/extra/httpd-userdir.conf config.status: creating docs/conf/extra/httpd-vhosts.conf config.status: creating include/ap_config_layout.h config.status: creating support/apxs config.status: creating support/apachectl config.status: creating support/dbmmanage config.status: creating support/envvars-std config.status: creating support/log_server_status config.status: creating support/logresolve.pl config.status: creating support/phf_abuse_log.cgi config.status: creating support/split-logfile config.status: creating build/rules.mk config.status: creating build/pkg/pkginfo config.status: creating build/config_vars.sh config.status: creating include/ap_config_auto.h config.status: executing default commands $ make $ sudo make install Making install in srclib Making install in pcre Making install in os Making install in unix Making install in server Making install in mpm Making install in prefork Making install in modules Making install in aaa mkdir /usr/local/apache mkdir /usr/local/apache/modules Making install in database Making install in debug Making install in filters Making install in loggers Making install in metadata Making install in ssl Making install in http Making install in dav/main Making install in generators Making install in dav/fs Making install in mappers Making install in support mkdir /usr/local/apache/bin cd support && make suexec `suexec' is up to date. Installing configuration files mkdir /etc/apache mkdir /etc/apache/extra mkdir /etc/apache/original mkdir /etc/apache/original/extra Installing HTML documents mkdir /usr/local/apache/htdocs Installing error documents mkdir /usr/local/apache/error Installing icons mkdir /usr/local/apache/icons mkdir /usr/local/apache/logs Installing CGIs mkdir /usr/local/apache/cgi-bin Installing header files mkdir /usr/local/apache/include Installing build system files mkdir /usr/local/apache/build Installing man pages and online manual mkdir /usr/local/apache/man mkdir /usr/local/apache/man/man1 mkdir /usr/local/apache/man/man8 mkdir /usr/local/apache/manual
2. Generate SSL Certificate and key
To generate SSL Certificate and key, run the commands below as root. Change the password ‘admin123′ to whatever password you want.
mkdir /etc/apache/ssl.crt openssl genrsa -des3 -passout pass:admin123 -out /etc/apache/ssl.crt/server.key.org 1024 openssl req -new -passin pass:admin123 -passout pass:admin123 \ -key /etc/apache/ssl.crt/server.key.org -out /etc/apache/ssl.crt/server.csr -days 3650 openssl req -x509 -passin pass:admin123 -passout pass:admin123 \ -key /etc/apache/ssl.crt/server.key.org -in /etc/apache/ssl.crt/server.csr \ -out /etc/apache/ssl.crt/server.crt -days 3650 openssl rsa -passin pass:admin123 -in /etc/apache/ssl.crt/server.key.org \ -out /etc/apache/ssl.crt/server.key mkdir /etc/apache/ssl.key mv /etc/apache/ssl.crt/server.key /etc/apache/ssl.key/ chmod 400 /etc/apache/ssl.key/server.key
If you run the command above, the result should be similar like below:
# mkdir /etc/apache/ssl.crt # openssl genrsa -des3 -passout pass:admin123 -out /etc/apache/ssl.crt/server.key.org 1024 Generating RSA private key, 1024 bit long modulus .................................++++++ .++++++ e is 65537 (0x10001) # openssl req -new -passin pass:admin123 -passout pass:admin123 -key /etc/apache/ssl.crt/server.key.org -out /etc/apache/ssl.crt/server.csr -days 3650 You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:ID State or Province Name (full name) [Some-State]:DKI Jakarta Locality Name (eg, city) []:South Jakarta Organization Name (eg, company) [Internet Widgits Pty Ltd]:Techonia Corporation Organizational Unit Name (eg, section) []:Network Common Name (eg, YOUR name) []:Fuad NAHDI Email Address []:fuad.nahdi@techonia.com Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []: # openssl req -x509 -passin pass:admin123 -passout pass:admin123 -key /etc/apache/ssl.crt/server.key.org -in /etc/apache/ssl.crt/server.csr -out /etc/apache/ssl.crt/server.crt -days 3650 # openssl rsa -passin pass:admin123 -in /etc/apache/ssl.crt/server.key.org -out /etc/apache/ssl.crt/server.key writing RSA key # mkdir /etc/apache/ssl.key # mv /etc/apache/ssl.crt/server.key /etc/apache/ssl.key/ # chmod 400 /etc/apache/ssl.key/server.key
3. Install PHP
Download the latest stable version of PHP from http://www.php.net/downloads.php then extract, configure, compile and install.
$ tar jxf php-5.3.2.tar.bz2 $ cd php-5.3.2 $ ./configure --with-apxs2=/usr/local/apache/bin/apxs \ --mandir=/usr/local/man --with-mysql --with-gd --enable-ftp \ --enable-calendar --enable-sockets --enable-mbstring --------- [snip] --------- creating main/build-defs.h creating scripts/phpize creating scripts/man1/phpize.1 creating scripts/php-config creating scripts/man1/php-config.1 creating sapi/cli/php.1 creating main/php_config.h creating main/internal_functions.c creating main/internal_functions_cli.c +--------------------------------------------------------------------+ | License: | | This software is subject to the PHP License, available in this | | distribution in the file LICENSE. By continuing this installation | | process, you are bound by the terms of this license agreement. | | If you do not agree with the terms of this license, you must abort | | the installation process at this point. | +--------------------------------------------------------------------+ Thank you for using PHP. $ make $ sudo make install Installing PHP SAPI module: apache2handler /usr/local/apache/build/instdso.sh SH_LIBTOOL='/usr/local/share/apr/build-1/libtool' libphp5.la /usr/local/apache/modules /usr/local/share/apr/build-1/libtool --mode=install cp libphp5.la /usr/local/apache/modules/ libtool: install: cp .libs/libphp5.so /usr/local/apache/modules/libphp5.so libtool: install: cp .libs/libphp5.lai /usr/local/apache/modules/libphp5.la libtool: install: warning: remember to run `libtool --finish /usr/home/fuad/Downloads/php-5.3.2/libs' chmod 755 /usr/local/apache/modules/libphp5.so [activating module `php5' in /etc/apache/httpd.conf] Installing PHP CLI binary: /usr/local/bin/ Installing PHP CLI man page: /usr/local/man/man1/ Installing build environment: /usr/local/lib/php/build/ Installing header files: /usr/local/include/php/ Installing helper programs: /usr/local/bin/ program: phpize program: php-config Installing man pages: /usr/local/man/man1/ page: phpize.1 page: php-config.1 Installing PEAR environment: /usr/local/lib/php/ [PEAR] Archive_Tar - installed: 1.3.3 [PEAR] Console_Getopt - installed: 1.2.3 [PEAR] Structures_Graph- installed: 1.0.2 [PEAR] XML_Util - installed: 1.2.1 [PEAR] PEAR - installed: 1.9.0 Wrote PEAR system config file at: /usr/local/etc/pear.conf You may want to add: /usr/local/lib/php to your php.ini include_path /usr/home/fuad/Downloads/php-5.3.2/build/shtool install -c ext/phar/phar.phar /usr/local/bin ln -s -f /usr/local/bin/phar.phar /usr/local/bin/phar Installing PDO headers: /usr/local/include/php/ext/pdo/
Open the /etc/apache/httpd.conf file and add this to tell Apache to parse centain extensions as PHP:
AddType application/x-httpd-php .php .phtml AddType application/x-httpd-php-source .phps
and add ‘index.php’ inside DirectoryIndex module:
DirectoryIndex index.html index.php
Restart the Apache.
$ sudo /usr/local/apache/bin/apachectl restart
4. Activate the SSL in httpd.conf file
Before you activate this, you have to edit the /etc/apache/extra/httpd-ssl.conf file to meet the certificate and key files location.
Below are the parameters you need to edit and you can keep the remaining parameters unchanged.
DocumentRoot "/usr/local/apache/htdocs" ServerName localhost:443 ServerAdmin admin@mydomain.com SSLCertificateFile "/etc/apache/ssl.crt/server.crt" SSLCertificateKeyFile "/etc/apache/ssl.key/server.key"
Then edit the /etc/apache/httpd.conf file and uncomment the SSL configuration below:
# Secure (SSL/TLS) connections Include /etc/apache/extra/httpd-ssl.conf
Then restart the Apache again.
$ sudo /usr/local/apache/bin/apachectl restart
Now try to browse localhost by using HTTPS https://localhost. If any warning prompted saying that the certificate is untrusted, just accept it. It is safe.
(click to enlarge)
Done. Apache and PHP with SSL and MySQL support are ready and running.