Install Apache, PHP with SSL and MySQL support on PC-BSD 8.0 / FreeBSD 8.0

In this article, I want to share you on how to install Apache and PHP with SSL and MySQL support on PC-BSD 8.0. I use the current stable version of Apache (version 2.2.14) and PHP (version 5.3.2) using PC-BSD 8.0 as the operating system. This article should be applicable to install them on Linux (Slackware, Centos, Ubuntu, Fedora, Redhat, etc) or other BSD varian (NetBSD, OpenBSD). The MySQL server was installed during system installation. If you want to install MySQL server from source distribution, follow my previous tutorial here.

1. Install Apache Httpd

Download the Apache httpd source file from http://httpd.apache.org/download.cgi and then extract, configure, compile and install it.

$ tar jxf httpd-2.2.14.tar.bz2
$ cd httpd-2.2.14

We will install Apache in /usr/local/apache directory and its system configuration files will be installed in /etc/apache directory.
So here how we configure it.

$ ./configure --prefix=/usr/local/apache --mandir=/usr/local/man --enable-ssl --enable-suexec \
--enable-cgi --enable-rewrite --enable-so --enable-modules=most --enable-mods-shared=max --sysconfdir=/etc/apache

-----
[snip]
-----
config.status: creating docs/conf/httpd.conf
config.status: creating docs/conf/extra/httpd-autoindex.conf
config.status: creating docs/conf/extra/httpd-dav.conf      
config.status: creating docs/conf/extra/httpd-default.conf  
config.status: creating docs/conf/extra/httpd-info.conf
config.status: creating docs/conf/extra/httpd-languages.conf
config.status: creating docs/conf/extra/httpd-manual.conf
config.status: creating docs/conf/extra/httpd-mpm.conf
config.status: creating docs/conf/extra/httpd-multilang-errordoc.conf
config.status: creating docs/conf/extra/httpd-ssl.conf
config.status: creating docs/conf/extra/httpd-userdir.conf
config.status: creating docs/conf/extra/httpd-vhosts.conf
config.status: creating include/ap_config_layout.h
config.status: creating support/apxs
config.status: creating support/apachectl
config.status: creating support/dbmmanage
config.status: creating support/envvars-std
config.status: creating support/log_server_status
config.status: creating support/logresolve.pl
config.status: creating support/phf_abuse_log.cgi
config.status: creating support/split-logfile
config.status: creating build/rules.mk
config.status: creating build/pkg/pkginfo
config.status: creating build/config_vars.sh
config.status: creating include/ap_config_auto.h
config.status: executing default commands

$ make
$ sudo make install
Making install in srclib                                     
Making install in pcre                                       
Making install in os                                         
Making install in unix                                       
Making install in server                                     
Making install in mpm                                        
Making install in prefork                                    
Making install in modules                                    
Making install in aaa                                        
mkdir /usr/local/apache                                      
mkdir /usr/local/apache/modules                              
Making install in database                                   
Making install in debug                                      
Making install in filters                                    
Making install in loggers                                    
Making install in metadata                                   
Making install in ssl                                        
Making install in http                                       
Making install in dav/main                                   
Making install in generators                                 
Making install in dav/fs                                     
Making install in mappers                                    
Making install in support                                    
mkdir /usr/local/apache/bin                                  
cd support && make suexec                                    
`suexec' is up to date.                                      
Installing configuration files                               
mkdir /etc/apache                                            
mkdir /etc/apache/extra                                      
mkdir /etc/apache/original                                   
mkdir /etc/apache/original/extra                             
Installing HTML documents                                    
mkdir /usr/local/apache/htdocs                               
Installing error documents                                   
mkdir /usr/local/apache/error                                
Installing icons                                             
mkdir /usr/local/apache/icons                                
mkdir /usr/local/apache/logs                                 
Installing CGIs                                              
mkdir /usr/local/apache/cgi-bin                              
Installing header files                                      
mkdir /usr/local/apache/include                              
Installing build system files                                
mkdir /usr/local/apache/build                                
Installing man pages and online manual                       
mkdir /usr/local/apache/man                                  
mkdir /usr/local/apache/man/man1                             
mkdir /usr/local/apache/man/man8                             
mkdir /usr/local/apache/manual                               

2. Generate SSL Certificate and key

To generate SSL Certificate and key, run the commands below as root. Change the password ‘admin123’ to whatever password you want.

mkdir /etc/apache/ssl.crt
openssl genrsa -des3 -passout pass:admin123 -out /etc/apache/ssl.crt/server.key.org 1024
openssl req -new -passin pass:admin123 -passout pass:admin123 \
-key /etc/apache/ssl.crt/server.key.org -out /etc/apache/ssl.crt/server.csr -days 3650

openssl req -x509 -passin pass:admin123 -passout pass:admin123 \
-key /etc/apache/ssl.crt/server.key.org -in /etc/apache/ssl.crt/server.csr \
-out /etc/apache/ssl.crt/server.crt -days 3650

openssl rsa -passin pass:admin123 -in /etc/apache/ssl.crt/server.key.org \
-out /etc/apache/ssl.crt/server.key

mkdir /etc/apache/ssl.key
mv /etc/apache/ssl.crt/server.key /etc/apache/ssl.key/
chmod 400 /etc/apache/ssl.key/server.key

If you run the command above, the result should be similar like below:

# mkdir /etc/apache/ssl.crt                                     
# openssl genrsa -des3 -passout pass:admin123 -out /etc/apache/ssl.crt/server.key.org 1024
Generating RSA private key, 1024 bit long modulus                                                        
.................................++++++                                                                  
.++++++                                                                                                  
e is 65537 (0x10001)                                                                                     
# openssl req -new -passin pass:admin123 -passout pass:admin123 -key /etc/apache/ssl.crt/server.key.org -out /etc/apache/ssl.crt/server.csr -days 3650                                                       
You are about to be asked to enter information that will be incorporated                                      
into your certificate request.                                                                                
What you are about to enter is what is called a Distinguished Name or a DN.                                   
There are quite a few fields but you can leave some blank                                                     
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:ID
State or Province Name (full name) [Some-State]:DKI Jakarta
Locality Name (eg, city) []:South Jakarta
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Techonia Corporation
Organizational Unit Name (eg, section) []:Network
Common Name (eg, YOUR name) []:Fuad NAHDI
Email Address []:fuad.nahdi@techonia.com

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
# openssl req -x509 -passin pass:admin123 -passout pass:admin123 -key /etc/apache/ssl.crt/server.key.org -in /etc/apache/ssl.crt/server.csr -out /etc/apache/ssl.crt/server.crt -days 3650
# openssl rsa -passin pass:admin123 -in /etc/apache/ssl.crt/server.key.org -out /etc/apache/ssl.crt/server.key
writing RSA key
# mkdir /etc/apache/ssl.key
# mv /etc/apache/ssl.crt/server.key /etc/apache/ssl.key/
# chmod 400 /etc/apache/ssl.key/server.key

3. Install PHP

Download the latest stable version of PHP from http://www.php.net/downloads.php then extract, configure, compile and install.

$ tar jxf php-5.3.2.tar.bz2
$ cd php-5.3.2
$ ./configure --with-apxs2=/usr/local/apache/bin/apxs \
--mandir=/usr/local/man --with-mysql --with-gd --enable-ftp \
--enable-calendar --enable-sockets --enable-mbstring

---------
[snip]
---------
creating main/build-defs.h
creating scripts/phpize
creating scripts/man1/phpize.1
creating scripts/php-config
creating scripts/man1/php-config.1
creating sapi/cli/php.1
creating main/php_config.h
creating main/internal_functions.c
creating main/internal_functions_cli.c
+--------------------------------------------------------------------+
| License:                                                           |
| This software is subject to the PHP License, available in this     |
| distribution in the file LICENSE.  By continuing this installation |
| process, you are bound by the terms of this license agreement.     |
| If you do not agree with the terms of this license, you must abort |
| the installation process at this point.                            |
+--------------------------------------------------------------------+

Thank you for using PHP.
$ make
$ sudo make install
Installing PHP SAPI module:       apache2handler          
/usr/local/apache/build/instdso.sh SH_LIBTOOL='/usr/local/share/apr/build-1/libtool' libphp5.la /usr/local/apache/modules                                                                                                   
/usr/local/share/apr/build-1/libtool --mode=install cp libphp5.la /usr/local/apache/modules/                  
libtool: install: cp .libs/libphp5.so /usr/local/apache/modules/libphp5.so                                    
libtool: install: cp .libs/libphp5.lai /usr/local/apache/modules/libphp5.la                                   
libtool: install: warning: remember to run `libtool --finish /usr/home/fuad/Downloads/php-5.3.2/libs'         
chmod 755 /usr/local/apache/modules/libphp5.so                                                                
[activating module `php5' in /etc/apache/httpd.conf]                                                          
Installing PHP CLI binary:        /usr/local/bin/                                                             
Installing PHP CLI man page:      /usr/local/man/man1/
Installing build environment:     /usr/local/lib/php/build/
Installing header files:          /usr/local/include/php/
Installing helper programs:       /usr/local/bin/
  program: phpize
  program: php-config
Installing man pages:             /usr/local/man/man1/
  page: phpize.1
  page: php-config.1
Installing PEAR environment:      /usr/local/lib/php/
[PEAR] Archive_Tar    - installed: 1.3.3
[PEAR] Console_Getopt - installed: 1.2.3
[PEAR] Structures_Graph- installed: 1.0.2
[PEAR] XML_Util       - installed: 1.2.1
[PEAR] PEAR           - installed: 1.9.0
Wrote PEAR system config file at: /usr/local/etc/pear.conf
You may want to add: /usr/local/lib/php to your php.ini include_path
/usr/home/fuad/Downloads/php-5.3.2/build/shtool install -c ext/phar/phar.phar /usr/local/bin
ln -s -f /usr/local/bin/phar.phar /usr/local/bin/phar
Installing PDO headers:          /usr/local/include/php/ext/pdo/

Open the /etc/apache/httpd.conf file and add this to tell Apache to parse centain extensions as PHP:

AddType application/x-httpd-php .php .phtml
AddType application/x-httpd-php-source .phps

and add ‘index.php’ inside DirectoryIndex module:

    DirectoryIndex index.html index.php

Restart the Apache.

$ sudo /usr/local/apache/bin/apachectl restart

4. Activate the SSL in httpd.conf file

Before you activate this, you have to edit the /etc/apache/extra/httpd-ssl.conf file to meet the certificate and key files location.
Below are the parameters you need to edit and you can keep the remaining parameters unchanged.

DocumentRoot "/usr/local/apache/htdocs"
ServerName localhost:443
ServerAdmin admin@mydomain.com
SSLCertificateFile "/etc/apache/ssl.crt/server.crt"
SSLCertificateKeyFile "/etc/apache/ssl.key/server.key"

Then edit the /etc/apache/httpd.conf file and uncomment the SSL configuration below:

# Secure (SSL/TLS) connections
Include /etc/apache/extra/httpd-ssl.conf

Then restart the Apache again.

$ sudo /usr/local/apache/bin/apachectl restart

Now try to browse localhost by using HTTPS https://localhost. If any warning prompted saying that the certificate is untrusted, just accept it. It is safe.

(click to enlarge)

Done. Apache and PHP with SSL and MySQL support are ready and running.