In this article, I want to share you on how to install Apache and PHP with SSL and MySQL support on PC-BSD 8.0. I use the current stable version of Apache (version 2.2.14) and PHP (version 5.3.2) using PC-BSD 8.0 as the operating system. This article should be applicable to install them on Linux (Slackware, Centos, Ubuntu, Fedora, Redhat, etc) or other BSD varian (NetBSD, OpenBSD). The MySQL server was installed during system installation. If you want to install MySQL server from source distribution, follow my previous tutorial here.
1. Install Apache Httpd
Download the Apache httpd source file from http://httpd.apache.org/download.cgi and then extract, configure, compile and install it.
$ tar jxf httpd-2.2.14.tar.bz2
$ cd httpd-2.2.14
We will install Apache in /usr/local/apache directory and its system configuration files will be installed in /etc/apache directory.
So here how we configure it.
$ ./configure --prefix=/usr/local/apache --mandir=/usr/local/man --enable-ssl --enable-suexec \
--enable-cgi --enable-rewrite --enable-so --enable-modules=most --enable-mods-shared=max --sysconfdir=/etc/apache
-----
[snip]
-----
config.status: creating docs/conf/httpd.conf
config.status: creating docs/conf/extra/httpd-autoindex.conf
config.status: creating docs/conf/extra/httpd-dav.conf
config.status: creating docs/conf/extra/httpd-default.conf
config.status: creating docs/conf/extra/httpd-info.conf
config.status: creating docs/conf/extra/httpd-languages.conf
config.status: creating docs/conf/extra/httpd-manual.conf
config.status: creating docs/conf/extra/httpd-mpm.conf
config.status: creating docs/conf/extra/httpd-multilang-errordoc.conf
config.status: creating docs/conf/extra/httpd-ssl.conf
config.status: creating docs/conf/extra/httpd-userdir.conf
config.status: creating docs/conf/extra/httpd-vhosts.conf
config.status: creating include/ap_config_layout.h
config.status: creating support/apxs
config.status: creating support/apachectl
config.status: creating support/dbmmanage
config.status: creating support/envvars-std
config.status: creating support/log_server_status
config.status: creating support/logresolve.pl
config.status: creating support/phf_abuse_log.cgi
config.status: creating support/split-logfile
config.status: creating build/rules.mk
config.status: creating build/pkg/pkginfo
config.status: creating build/config_vars.sh
config.status: creating include/ap_config_auto.h
config.status: executing default commands
$ make
$ sudo make install
Making install in srclib
Making install in pcre
Making install in os
Making install in unix
Making install in server
Making install in mpm
Making install in prefork
Making install in modules
Making install in aaa
mkdir /usr/local/apache
mkdir /usr/local/apache/modules
Making install in database
Making install in debug
Making install in filters
Making install in loggers
Making install in metadata
Making install in ssl
Making install in http
Making install in dav/main
Making install in generators
Making install in dav/fs
Making install in mappers
Making install in support
mkdir /usr/local/apache/bin
cd support && make suexec
`suexec' is up to date.
Installing configuration files
mkdir /etc/apache
mkdir /etc/apache/extra
mkdir /etc/apache/original
mkdir /etc/apache/original/extra
Installing HTML documents
mkdir /usr/local/apache/htdocs
Installing error documents
mkdir /usr/local/apache/error
Installing icons
mkdir /usr/local/apache/icons
mkdir /usr/local/apache/logs
Installing CGIs
mkdir /usr/local/apache/cgi-bin
Installing header files
mkdir /usr/local/apache/include
Installing build system files
mkdir /usr/local/apache/build
Installing man pages and online manual
mkdir /usr/local/apache/man
mkdir /usr/local/apache/man/man1
mkdir /usr/local/apache/man/man8
mkdir /usr/local/apache/manual
2. Generate SSL Certificate and key
To generate SSL Certificate and key, run the commands below as root. Change the password ‘admin123’ to whatever password you want.
mkdir /etc/apache/ssl.crt
openssl genrsa -des3 -passout pass:admin123 -out /etc/apache/ssl.crt/server.key.org 1024
openssl req -new -passin pass:admin123 -passout pass:admin123 \
-key /etc/apache/ssl.crt/server.key.org -out /etc/apache/ssl.crt/server.csr -days 3650
openssl req -x509 -passin pass:admin123 -passout pass:admin123 \
-key /etc/apache/ssl.crt/server.key.org -in /etc/apache/ssl.crt/server.csr \
-out /etc/apache/ssl.crt/server.crt -days 3650
openssl rsa -passin pass:admin123 -in /etc/apache/ssl.crt/server.key.org \
-out /etc/apache/ssl.crt/server.key
mkdir /etc/apache/ssl.key
mv /etc/apache/ssl.crt/server.key /etc/apache/ssl.key/
chmod 400 /etc/apache/ssl.key/server.key
If you run the command above, the result should be similar like below:
# mkdir /etc/apache/ssl.crt
# openssl genrsa -des3 -passout pass:admin123 -out /etc/apache/ssl.crt/server.key.org 1024
Generating RSA private key, 1024 bit long modulus
.................................++++++
.++++++
e is 65537 (0x10001)
# openssl req -new -passin pass:admin123 -passout pass:admin123 -key /etc/apache/ssl.crt/server.key.org -out /etc/apache/ssl.crt/server.csr -days 3650
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:ID
State or Province Name (full name) [Some-State]:DKI Jakarta
Locality Name (eg, city) []:South Jakarta
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Techonia Corporation
Organizational Unit Name (eg, section) []:Network
Common Name (eg, YOUR name) []:Fuad NAHDI
Email Address []:fuad.nahdi@techonia.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
# openssl req -x509 -passin pass:admin123 -passout pass:admin123 -key /etc/apache/ssl.crt/server.key.org -in /etc/apache/ssl.crt/server.csr -out /etc/apache/ssl.crt/server.crt -days 3650
# openssl rsa -passin pass:admin123 -in /etc/apache/ssl.crt/server.key.org -out /etc/apache/ssl.crt/server.key
writing RSA key
# mkdir /etc/apache/ssl.key
# mv /etc/apache/ssl.crt/server.key /etc/apache/ssl.key/
# chmod 400 /etc/apache/ssl.key/server.key
3. Install PHP
Download the latest stable version of PHP from http://www.php.net/downloads.php then extract, configure, compile and install.
$ tar jxf php-5.3.2.tar.bz2
$ cd php-5.3.2
$ ./configure --with-apxs2=/usr/local/apache/bin/apxs \
--mandir=/usr/local/man --with-mysql --with-gd --enable-ftp \
--enable-calendar --enable-sockets --enable-mbstring
---------
[snip]
---------
creating main/build-defs.h
creating scripts/phpize
creating scripts/man1/phpize.1
creating scripts/php-config
creating scripts/man1/php-config.1
creating sapi/cli/php.1
creating main/php_config.h
creating main/internal_functions.c
creating main/internal_functions_cli.c
+--------------------------------------------------------------------+
| License: |
| This software is subject to the PHP License, available in this |
| distribution in the file LICENSE. By continuing this installation |
| process, you are bound by the terms of this license agreement. |
| If you do not agree with the terms of this license, you must abort |
| the installation process at this point. |
+--------------------------------------------------------------------+
Thank you for using PHP.
$ make
$ sudo make install
Installing PHP SAPI module: apache2handler
/usr/local/apache/build/instdso.sh SH_LIBTOOL='/usr/local/share/apr/build-1/libtool' libphp5.la /usr/local/apache/modules
/usr/local/share/apr/build-1/libtool --mode=install cp libphp5.la /usr/local/apache/modules/
libtool: install: cp .libs/libphp5.so /usr/local/apache/modules/libphp5.so
libtool: install: cp .libs/libphp5.lai /usr/local/apache/modules/libphp5.la
libtool: install: warning: remember to run `libtool --finish /usr/home/fuad/Downloads/php-5.3.2/libs'
chmod 755 /usr/local/apache/modules/libphp5.so
[activating module `php5' in /etc/apache/httpd.conf]
Installing PHP CLI binary: /usr/local/bin/
Installing PHP CLI man page: /usr/local/man/man1/
Installing build environment: /usr/local/lib/php/build/
Installing header files: /usr/local/include/php/
Installing helper programs: /usr/local/bin/
program: phpize
program: php-config
Installing man pages: /usr/local/man/man1/
page: phpize.1
page: php-config.1
Installing PEAR environment: /usr/local/lib/php/
[PEAR] Archive_Tar - installed: 1.3.3
[PEAR] Console_Getopt - installed: 1.2.3
[PEAR] Structures_Graph- installed: 1.0.2
[PEAR] XML_Util - installed: 1.2.1
[PEAR] PEAR - installed: 1.9.0
Wrote PEAR system config file at: /usr/local/etc/pear.conf
You may want to add: /usr/local/lib/php to your php.ini include_path
/usr/home/fuad/Downloads/php-5.3.2/build/shtool install -c ext/phar/phar.phar /usr/local/bin
ln -s -f /usr/local/bin/phar.phar /usr/local/bin/phar
Installing PDO headers: /usr/local/include/php/ext/pdo/
Open the /etc/apache/httpd.conf file and add this to tell Apache to parse centain extensions as PHP:
AddType application/x-httpd-php .php .phtml
AddType application/x-httpd-php-source .phps
and add ‘index.php’ inside DirectoryIndex module:
DirectoryIndex index.html index.php
Restart the Apache.
$ sudo /usr/local/apache/bin/apachectl restart
4. Activate the SSL in httpd.conf file
Before you activate this, you have to edit the /etc/apache/extra/httpd-ssl.conf file to meet the certificate and key files location.
Below are the parameters you need to edit and you can keep the remaining parameters unchanged.
DocumentRoot "/usr/local/apache/htdocs"
ServerName localhost:443
ServerAdmin admin@mydomain.com
SSLCertificateFile "/etc/apache/ssl.crt/server.crt"
SSLCertificateKeyFile "/etc/apache/ssl.key/server.key"
Then edit the /etc/apache/httpd.conf file and uncomment the SSL configuration below:
# Secure (SSL/TLS) connections
Include /etc/apache/extra/httpd-ssl.conf
Then restart the Apache again.
$ sudo /usr/local/apache/bin/apachectl restart
Now try to browse localhost by using HTTPS https://localhost. If any warning prompted saying that the certificate is untrusted, just accept it. It is safe.
Done. Apache and PHP with SSL and MySQL support are ready and running.