C.3 Setting Up Apache and PHP
Apache
Version 1 is already installed under Panther and
doesn't need to be upgraded to use this book; you
don't need the latest version, Apache 2. However, by
default, it isn't running, it won't
serve PHP requests, and it only serves standard, non-secure requests.
In this section, we discuss how it's set up on your
machine, how to get it started, and how to modify it so that it can
serve secure and PHP requests.
PHP 4.3.2 is installed with Panther. It includes most of the features
you need to work with this book, except that the PEAR installer
doesn't work without an additional step. In this
section, we show you how to upgrade to the latest stable release
using a package. Fixing the PEAR installer is discussed in Section C.4.
C.3.1 Starting Apache
Let's start by getting Apache running. To get it
started, you can do one of two things:
- Automatically start Apache each time your machine starts.
-
To do this, launch System Preferences from
Applications System
Preferences. Then, select Sharing from beneath the Internet
& Network heading. At the left of the window, select
Personal Web Sharing by ticking the box. Quit System Preferences.
Apache will now start and will also start each time you start up your
computer.
- Manually start Apache using Terminal.
-
Start by opening Terminal, which is located in
Applications Utilities. In
the Terminal window, log in as the root user and start Apache using:
% su
% apachectl start
You should see a message such as:
/usr/sbin/apachectl start: httpd started
Quit the Terminal program. When you restart your machine, you need to
repeat this process to restart Apache.
To test that your Apache is running, use a web browser to retrieve
the URL http://127.0.0.1/. You
should see an Apache test page.
C.3.2 The Apache and PHP Setup
Your Apache is installed differently
from most other Unix variants:
You'll find the Document Root (where the documents
are stored that are retrieved when you request http://127.0.0.1/) in the directory
/Library/WebServer/Documents. (On other Unix
variants, the directory is
/usr/local/apache2/htdocs/.) You'll find the Apache configuration file
httpd.conf in the directory
/etc/httpd. (On other Unix variants,
it's usually in
/usr/local/apache2/conf.) The script used to start and stop Apache,
apachectl, is located in
/usr/sbin. (On other Unix variants,
it's usually in
/usr/local/apache2/bin/.) You'll find the PHP php.ini
configuration file in the directory
/usr/local/php/lib.
In addition, while your Apache does have the PHP module available to
it, it isn't configured to serve PHP requests. To
set it up so that it will serve PHP requests you can do one of two
things:
- Upgrade your PHP module
-
By using Marc Liyanage's upgrade package to get the
latest release of PHP, your Apache will be automatically configured
to serve PHP requests. If you plan to do this, then follow the
instructions in the next section now and, when
you've done that, return to Step 9 in this section
to test that everything is working correctly.
- Modify the httpd.conf configuration
-
If you don't want to upgrade your PHP module, you
can manually modify the configuration of your Apache so that it
serves PHP requests. This is outlined in the steps described next.
We recommend upgrading your PHP module to the latest release.
To manually set up your Apache to serve PHP requests, do the
following:
Start by opening Terminal, which is located in
Applications Utilities.
Maximize the Terminal window. In the Terminal window, log in as the
root user by typing: % su
Supply the password you set when unlocking the root user. In the Terminal window, type: % pico /etc/httpd/httpd.conf
This launches the pico editor and opens the
httpd.conf file. Search in the file for the string php. You can do
this by holding the ctrl (Control) key and
pressing the w key
(ctrl-w), typing php,
and pressing Enter. You should see the following line: #LoadModule php4_module libexec/httpd/libphp4.so
From the line in Step 3, remove the # so that it reads: LoadModule php4_module libexec/httpd/libphp4.so
Search again for the string php by pressing
ctrl-w and then Enter. You should see the
following line: #AddModule mod_php4.c
From the line in Step 5, remove the # so that it reads: AddModule mod_php4.c
Save the file by ctrl-o and Enter. Quit pico
by typing ctrl-x. Restart your Apache so that it rereads its configuration by typing
into your Terminal window: % /usr/sbin/apachectl stop
% /usr/sbin/apachectl start
(For some reason, /usr/sbin/apachectl restart
doesn't work.) To test the PHP module, change the directory to the Apache document
root using your Terminal window: % cd /Library/WebServer/Documents
Create a file with the name phpinfo.php using
pico. Type the following into your Terminal window: % pico phpinfo.php
The pico editor runs and an empty window appears. Into the window,
type: <?php phpinfo( ); ?>
Save the file using ctrl-o and pressing Enter.
Then quit pico using ctrl-x. Test the newly created PHP script by retrieving with a browser the
following URL http://127.0.0.1/phpinfo.php. You
should see a page of information about Apache and PHP.
C.3.3 Upgrading PHP
PHP 4.3.2 is installed with Panther.
To upgrade your PHP to the latest stable release, do the following:
Using a web browser, visit Marc Liyanage's web site,
http://www.entropy.ch/software/macosx/php/. Scroll down to the Installation Instructions
heading. Next to item 1 in the list, click on the link to the
installation package. This is labelled, for example, PHP
4.3.4 (entropy.ch Release 1). Save the downloaded file. After the download is complete, double-click on the disk image file
that's been downloaded. It has a file name such as
Entropy-PHP-4.3.4-1.dmg. This mounts the disk
image file and the Finder appears. In the Finder, double-click on the package and the Installer runs;
the package has a name such as php-4.3.4.pkg. On
the Installer welcome screen, click Continue. On the Destination
screen, click on the destination volume that is home to your Apache
server and click Continue. On the Easy Install screen, click Upgrade;
you may need to then provide your root user password. The package
will install. On the Finish Up screen, click Close. The PHP upgrade is complete—you don't even
need to restart your Apache!
C.3.4 Installing a Secure Apache Server
This section describes how to
configure a secure version of the Apache web server so that you can
support https:// requests. If you
don't need a secure server, skip this section. You
can find out more about secure web servers in Chapter 11.
There are two major differences encountered when configuring Apache
to use SSL versus using Apache normally:
- Secure Sockets Layer software is required.
-
There are several sources of Secure Sockets Layer software. The
OpenSSL is probably the most-commonly used with Apache, and
it's already installed with Panther. We use it in
this section.
- A site certificate needs to be obtained and configured.
-
A free, self-signed certificate can be created (and
that's what we do in this section). You need to
replace it with a purchased certificate from a Certification
Authority when an application goes live.
C.3.4.1 Creating a key and certificate
For
Apache to use SSL, it needs a private
key and a certificate. Once the key and certificate have been
created, they need to be configured into Apache. These steps show you
how to do this:
Start by opening Terminal, which is located in
Applications Utilities.
Maximize the Terminal window. In the Terminal window, login as the
root user by typing: % su
Supply the password you set when unlocking the root user. Create the key. Into the Terminal window, type: % openssl genrsa -des3 1024 > /etc/httpd/ localhost .key
If you have an actual domain for your server, replace
localhost with the full domain name.
Decide on a password and enter it twice; record it for future use.
You've now created the private key. Create the certificate request by typing: % openssl req -new -key /etc/httpd/ localhost .key > \
/etc/httpd/
localhost
.csr
If you have an actual domain for your server, replace
localhost with the full domain name. The
process asks for several fields including country, state,
organization name, and email address; answer these as best you can,
but it doesn't matter if you omit some answers by
pressing Enter. The script produces a file that contains the
certificate signing request. Now, create the self-signed certificate by typing: % openssl req -x509 -days 90 -key \
/etc/httpd/localhost.key \
-in /etc/httpd/localhost.csr > \
/etc/httpd/localhost.crt
You need to provide the password you used to create your private key. Activate your SSL module in your Apache installation. To do this,
type: % apxs -e -a -n ssl /usr/libexec/httpd/libssl.so
You need to instruct Apache how to process secure requests. In the
Terminal window, type: % pico /etc/httpd/httpd.conf
This launches the pico editor and opens a window containing the
httpd.conf file. Scroll to the end of the file using the down arrow key. At the end of
the httpd.conf file, add the following lines: <IfModule mod_ssl.c>
Listen 80
Listen 443
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
<VirtualHost _default_:443>
SSLEngine on
DocumentRoot "/Library/WebServer/SecureDocuments"
SSLCertificateFile /etc/httpd/localhost.crt
SSLCertificateKeyFile /etc/httpd/localhost.key
</VirtualHost>
</IfModule>
These instructions configure Apache to serve secure documents from
the directory
/Library/WebServer/SecureDocuments. If you
don't want to use that directory, you can replace it
with your choice; we assume our choice in the next few steps. If you
have an actual domain for your server, also replace
localhost with the full domain name. Save the file using ctrl-o and pressing Enter,
and quit using ctrl-x. Create the directory from which you want to serve secure files. Type: % mkdir /Library/WebServer/SecureDocuments
For testing, create a simple index.html file in
the new directory. Type: % pico /Library/WebServer/SecureDocuments/index.html
Into the file, type: <html>Secure hello!</html>
Save the file using ctrl-o and pressing Enter.
Quit pico using ctrl-x. Ensure the file can be
accessed by typing: % chmod a+rx /Library/WebServer/SecureDocuments/
% chmod a+r /Library/WebServer/SecureDocuments/index.html
Stop and start Apache so it rereads its configuration. Use the
following commands: % apachectl stop
% apachectl start
You need to provide the password you used in creating your key. A
secure Apache is now running and serving requests on port 443 (the
default HTTPS port) via SSL and also serving regular HTTP requests on
post 80. You can test it by requesting the resources https://127.0.0.1/ and http://127.0.0.1/ with a web browser running
on the same machine as the web server. You should see the sample page
you created in Step 7, and your regular pages respectively.
When a resource such as https://127.0.0.1/ is requested with a
browser, the browser alerts the user to an unknown certificate. To
obtain a certificate that will be trusted by users, you need to send
your certificate request to a Certification Authority to be signed
using their authoritative certificates. There is a fee for this
service. While the Apache configuration allows both the key and the
certificate to be placed in a single file, the private key should not
be sent to anyone, not even the Certification Authority. More
documentation can be found at http://www.openssl.org/docs/apps/openssl.html.
|