MySQL + Apache + PHP + (PHPLIB) + OpenSSL/mod_ssl installation and configuration
Jun Da (firstname.lastname@example.org)
Page last updated: 2010-11-09.
Table of contents
- Before you begin
- Operating systems
- Software to download
- Apache (with optional mod_ssl)
- DBI and Msql-Mysql
- After installation
- Simple sample code
- Previous versions
This is my quick cookbook of a web server (with database backend) running
on a Unix box. Most instructions found in this tutorial are either available
online or included in those INSTALL/README docs that come with the source
packages. It took me quite a while to put all the pieces of the puzzle
together. Hence here is this document to save you some time. Please note
that this tutorial is by no means a substitution of the original documentation
from those packages. It is suggested that you consult them whenever necessary.
Please read the Disclaimer before
1. Before you begin
1.1 Tips for using this document
It is recommended that you read, or at least skim through this document
before attempting to build and install the software packages.
To print this document, it is suggest that you use Netscape Version 4
(for better printout layout).
There are two objectives we want to achieve:
- A web server with database support on a UNIX system. Specifically,
we are talking about running the Apache web server with MySQL as the
database backend, PHP as the server-side scripting language (loaded
as a dynamically linked module), and OpenSSL/mod_ssl for secure data
- Web-based interfaces for performing most system administration tasks
including Apache and MySQL configuration/administration.
1.3 Hardware requirement
In order to compile MySQL successfully with reasonable speed, it is suggested
that your machine has a 200MHz (or better) CPU with 64M+ RAM.
1.4 Conventions used in this tutorial
Following the unix convention, I will use the # sign
to indicate that the shell command is to be executed by the superuser
(root) and the % sign
by ordinary shell user in the rest of this tutorial.
Instructions provided in this tutorial are based on FreeBSD 4.9 (Previous
versions were tested on FreeBSD 4.1, 4.3, 4.6, 4.6.2, 4.7 and 4.8, respectively).
also been tested on RedHat
Linux 8. With minor modifications such as folder paths or location
of system init files, the instructions provided here should be applicable
to other UNIX systems as well.
My FreeBSD box is a 'minimal installation', i.e., bare-bone OS that contains
the necessary compilers, etc.. When you have a fresh FreeBSD installation,
choose the 'minimal installation' option if you are going to use your
UNIX box as a server (e.g., for web and email services) only (i.e., without
using the X-window system). My Linux box is also a barebone installation,
i.e., only the operating system and development tools (cc compilers, etc.)
With a few modifications such as system init scripts, the installation
instructions provided here should be applicable to other UNIX flavors.
Notes about Linux will be provided where appropriate.
We will use /usr/src/local as
the folder to store all the downloaded packages. Before downloading, you
need to become the superuser and create the /usr/src/local
% su root
# mkdir /usr/src/local
# cd /usr/src/local
Now grab all the source packages listed below. Remember to download the
source code only (but not pre-compiled binary packages). Note also that
by the time you read this tutorial, version numbers may be different.
Suppose we save all the downloaded software packages in the /usr/src/local
folder, we now unpack all the gzipped and tarred files. For example, to
unpack the apache package, we issue the following commands:
# gunzip apache_1.3.29.tar.gz
# tar xvf apache_1.3.29.tar
(Or alternatively, you can use
# tar zxvf apache_1.3.29.tar.gz
to unpack the gzipped tarball all at once if the tar
on your system supports the z
Repeat the above procedure for every gzipped tarball you have downloaded.
We are going to install the different packages in the order given below:
- OpenSSL (Optional)
- Net_SSLeay (Optional, Perl module. Requires Perl5.005 or better)
- Webmin (Optional but strongly recommended)
- Apache (with MM, mod_ssl, etc.)
- phpMyAdmin (Optional but strongly recommended)
- PHPLIB (Optional)
- mod_gzip (Optional)
- DBI and Msql-Mysql (Optional)
It is suggested that you follow the order of installation as given above,
since some packages (e.g., mod_ssl) will depend on other packages (being
Further, PHP Version 4 will be installed as dynamically linked modules
within the Apache web server. Note that PHP can also be used from the
command line. For more information, check out the webpage at http://www.php.net/manual/en/features.commandline.php.
4.1 Install OpenSSL (Optional)
Please read the LEGAL NOTICE at http://www.openssl.org
concerning the use of strong cryptography software in your country or
If you are not interested in running Apache for secure transactions (that
requires mod_ssl), you can skip this section.
Though FreeBSD (Version 4.3 or later) comes with OpenSSL preinstalled
as part of the base OS, we still want to want to use the latest version.
# cd openssl-0.9.7d/
# make test
# make install
# cd ..
4.2 Install Net_SSLeay.pm (Optional)
Net_SSLeay.pm is a Perl module that is optionally required by the Webmin
package for secure data transmission between your browser and Webmin.
It is strongly recommended that you install this module.
Install the Perl module as follows:
# cd Net_SSLeay.pm-1.25
# perl Makefile.PL
# make test
# make install
- During make test, you
may get error messages saying that the test has failed. This happens
when testing against external sites. You can ignore the message and
continue with make install.
- Other Perl modules may be required before you will be able to install
Net_SSLeay, depending on the version of Perl available on your system.
Webmin is an excellent web-based administration tools package for various
Unix systems. With the package installed, you can perform many system
tasks such as user management, Samba and Apache configuration, etc. through
a web browser.
Suppose that you have already unpacked the Webmin tarball, you can install
the package using the following command:
# cd webmin-1.140
During installation, just accept all the defaults when prompted (except,
of course, the administrator's username and password). Note that
the installation script will automatically test to see if you have NET_SSLeay
installed. If it finds it, it will install webmin with secure transaction.
If you use the default port number for Webmin installation with secure
connection support, you can access your Webmin installation using:
Without encryption, you will use http://
Don't forget to restrict access privileges to the IPs that you use. To
do this, use the Webmin Configuration module and set up restricted IP
address(es) (Webmin configuration -> IP access control). You can do
this after everything is installed.
(To uninstall Webmin, find the unstall.sh
script and run it. If you accept the default settings during installation,
the uninstall.sh script
is located in the /etc/webmin/
4.4 Install MySQL
Installing MySQL involves four steps:
- Create both a user and group account (for running MySQL in a sandbox);
- Configure, compile and install MySQL;
- Run a few post-installation routines; and
- Set up relevant system init scripts so that MySQL will be automatically
started or shutdown during system reboot.
4.4.1 Create a user and group account
We will create a user account called mysql
and a group account mysql.
Again, the account is to be used for running MySQL in a sandbox. The following
applies to FreeBSD:
# pw groupadd mysql
# pw useradd mysql -g mysql -d /usr/local/mysql -s /nonexistent
The pw command is for
FreeBSD system only. If you are using other Unix systems, please use the
corresponding commands on your system. Alternatively, you can use Webmin
to add the mysql group
Remember to disable the shell login for the mysql
user! (FYI, in our case, the -s /nonexistent option does the trick.)
4.4.2 Compile and install the software
We will install everything under the /usr/local/mysql
# cd mysql-4.0.18
# ./configure --prefix=/usr/local/mysql
# make install
- the option --prefix=/usr/local/mysql
will get all MySQL files installed under that particular folder.
Another common option is to use --prefix=/usr/local.
Either option will work but the former is my personal preference.
As far as I can see, the advantage of using the former is that when
you want to uninstall the package, you just trash the entire /usr/local/mysql
folder without worrying about accidentally deleting other system files.
4.4.3 Run MySQL for the first time
After MySQL is installed, run the following commands only ONCE:
# chown -R mysql:mysql /usr/local/mysql/var
# /usr/local/mysql/bin/mysqld_safe --user=mysql &
# /usr/local/mysql/bin/mysqladmin -u root password newpassword
where newpassword is the
password you choose for the root user (of the database but NOT the system
4.4.4 Start MySQL after system reboot
This step is to automatically start or stop mysql when system reboots.
There is a file called mysql.server
within your unpacked mysql-4.0.18/support-files
Copy the same mysql-4.0.18/support-files/mysql.server
file into the /usr/local/etc/rc.d
folder, rename it as mysql.server.sh
and make it executable.
# cp mysql.server /usr/local/etc/rc.d/mysql.server.sh
# chmod 755 /usr/local/etc/rc.d/mysql.server.sh
Modify one line in the mysql.server.sh
script to let mysql server
run as the user mysql.
Locate the following line (Line 134 or nearby)
$bindir/safe_mysqld --datadir=$datadir --pid-file=$pid_file &
and add the --user=mysql
option. After modification, the line should look like the following:
$bindir/safe_mysqld --user=mysql --datadir=$datadir --pid-file=$pid_file &
- Please read Chapter 6 Section 6.5 of FreeBSD Handbook (http://www.freebsd.org/handbook/configtuning-starting-services.html)
for information about the /usr/local/etc/rc.d
folder. In very simple terms, any scripts (with the .sh
extension) placed inside the folder will be executed when the system
boots up or is shutdown.
- An alternative is to use the /etc/rc.local
to automatically start or stop mysql server. To do this, add the following
line into the /etc/rc.local
file. If there is no rc.local
file, create one yourself (and make it executable).
Add the following line into the /etc/rc.shutdown
On a Linux box
Copy the mysql-4.0.18/support-files/mysql.server
file into the /etc/rc.d/init.d/
folder and create a softlink in the
/etc/rc.d/rc3.d folder. e.g.
# ln -s /etc/rc.d/init.d/mysql.server.sh /etc/rc.d/rc3.d/S91mysql
We need to make mysql.server excutable so that it will be fired up when
the system reboots:
# chmod 755 /etc/rc.d/init.d/mysql.server.sh
Again, you need to modify the mysql.server script to include the --user=mysql
option as per instruction in the FreeBSD subsection above.
4.4.5 Secure MySQL
It is strongly suggested that you read the following document about securing
your MySQL server after you install everything covered in this tutorial:
In particular, read this
page to find out how MySQL privilege system works.
If you are impatient :-), here is a minimal configuration to get things
started (All the operations are done to the mysql
database (which is automatically set up when you run the
install_db command mentioned above. You can use the phpMyAdmin
tool (to be installed later at this tutorial) for configuration.):
- Create a new database (e.g., mydb);
- In the user table,
add localhost to the
host field; add a username
(e.g., foo) and password
All the privileges should remain unchanged, i.e., set to 'N'.
Note that foo is not
a Shell user!
- In the db table, add
localhost to the host
field; add the username (foo)
you just created to the user
field; add the new database name (e.g., mydb)
to the db field; set
the permissions for 'select, insert, update and delete' to 'Y'.
This will allow foo to
access the database mydb
with the select, insert, update
and delete privileges from
4.4.6 Reconfigue MySQL at runtime
Basic MySQL tuning can be done through the my.cnf configuration file.
There are several sample my.cnf located at mysql-4.0.18/support-files folder.
Pick up that suits your hardware configuration and copy the file onto
either the /etc or (usr/local/)mysql/var/ folder.
4.5 Install Apache (with mod_ssl as an optional
PHP can be built into Apache in two modes: 1) Statically linked; 2)
Dynamically linked. In this tutorial, we build dynamically linked PHP
modules. (As we noted before, PHP can also be used from the
command line. For more information, check out the webpage at http://www.php.net/manual/en/features.commandline.php.)
Please refer to the older
version of this tutorial for building PHP as a static module (Note
that the older version is no longer updated).
Installing Apache and PHP involves six steps in the following order:
- Install MM (shared memory);
- Install Apache;
- Install PHP;
- Configure Apache for running PHP;
- Create and link system init scripts;
- Manually fire up Apache;
- Test your installation.
4.5.1 Compile the MM Shared Memory Library
Note: Instructions for compiling both MM and mod_ssl come from the INSTALL
file from the mod_ssl package.
# cd mm-1.3.0/
# ./configure --disable-shared
# make test
# cd ..
4.5.2 Configure mod_ssl (optional)
We will just run the configure command below (but NOT make). If you
do not install this module, delete the lines SSL_BASE=../openssl-0.9.7c
\ and --enable-module=ssl
\ in the following apache configuration : (Note: Don't forget
to untar Apache first!)
# cd mod_ssl-2.8.16-1.3.29
# ./configure --with-apache=../apache_1.3.29
# cd ..
Note: remember to unpack Apache tarball first.
4.5.3 Compile and install Apache
We will install apache under the /usr/local/apache
folder. Modify the --prefix=
option if you want to install it elsewhere.
Suppose that both Apache and other packages (e.g., mod_ssl,
mm, etc.) are untarred under the same parent folder. The installation
commands are listed below. Read the notes below
for some explanation before running them.
# cd apache_1.3.29
# SSL_BASE=../openssl-0.9.7c \
# make certificate TYPE=dummy (if you choose to install mod_SSL)
# make install
- There are many --enable-module=
options there. I find them very useful for myself.
- If you optionally installed openssl-0.9.7c
following the instruction earlier this tutorial, you can specify the
location as SSL_BASE=../openssl-0.9.7c
\ in the corresponding line
above. Otherwise, omit this option.
- If you do not want to install mod_ssl,
get rid of that option. You can take a look at http://httpd.apache.org/docs/mod/index.html
for all available modules. The command
will give you a list of all the core modules available.
- It is more efficient and less prone to typos if you create a text
file with all the configure
options in it and execute that file. For example, your text file can
contain the following content (Modify it to meet your own needs):
Suppose you edit the file and save it as apacheconfig.sh.
You can issue the following command at the shell prompt:
# chmod +x apacheconfig.sh
4.5.4 Create a login name for basic user authentication
By default, all the files and folder under the web root folder is viewable
by everyone. If you need to restrict access to a certain web folder (which
is the case for running phpMyAdmin), you need to create a login name for
authentication. Note that this login name is different from (Shell) user
accounts on your Unix box. You can choose any login name.
The following command will create a login name mynewuser
which can be used for authentication to access a protected folder.
# /usr/local/apache/bin/htpasswd -c /home/www/userdb/userfile mynewuser
is the folder which contains the file userfile
which in turn contains the username mynewuser.
With the option -c, a new
userfile will be created.
Otherwise the userfile
will be updated (when, for example, you want to add a new user to the
existing userfile or
change the password associated with the username).
4.5.5 Set up a password protected folder
Suppose the folder /home/www/securefoldername
needs to be protected. Only an authenticated user (which requires login
with both a username and password) from a certain IP address (in our example,
the 192.168 subnet or
with the domain name .example.com)
can access it. In the /usr/local/apache/conf/httpd.conf
file, add the following:
Deny from all
Allow from .example.com 192.168.
Note that MYCOMMUNITY
is an arbitrary string I choose. You can use a different string as long
as you keep it consistent in the following .htaccess
file. If you do not want IP address restriction (so that you can access
the folder from anywhere, simply comment out the three lines in bold.
In the /home/www/securefoldername folder, create the .htaccess
file (don't forget about the leading dot (.)
in front of htaccess) which
contains the following lines:
Require user mynewuser
will now be protected with basic authentication (i.e., username/password
are passed along in clear text). Only the username mynewuser
from a computer whose IP address is in the 192.168
subnet or whose IP address can be mapped onto the .example.com
domain will be able to view pages hosted within that folder. We will use
this folder to install the phpMyAdmin files later.
4.5.6 Modifying system init file
To manually start Apache
# /usr/local/apache/bin/apachectl start
To start apache in secure mode:
# /usr/local/apache/bin/apachectl startssl
To automatically start Apache at system reboot, do the following:
Create a soft link to the apachectl
script as follows:
# ln -s /usr/local/apache/bin/apachectl /usr/local/etc/rc.d/apachectl.sh
Note that you have to include the .sh extension to the soft link.
file can be modified so that Apache will be fired at system reboot. Add
the following line at the very end of the file:
4.6 Install PHP (with ZendOptimizer as an option)
We are going to compile PHP4 as a dynamically linked module in Apache.
4.6.1 Compile and install PHP
First, we compile and install PHP4.
# cd ../php-4.3.4
# EAPI_MM=../mm-1.3.0 \
./configure --with-apxs=/usr/local/apache/bin/apxs \
# make install
# cp php.ini-dist /usr/local/lib/php.ini
Again, if the configure command has too many options, simply create a
text file, put everything in it and execute it.
Note that there is an optimized php.ini
file called php.ini-optimized.
Please read the documentation about the differences between the two
php.ini files. If you want to be on the safe side, use the generic
4.6.2 Configure Apache to enable PHP scripting
This is done by modifying the /usr/local/apache/conf/httpd.conf
file and make sure the following line is present exactly as below (What
you need to do is to uncomment (i.e., delete the
# sign at the beginning of) the two lines in the default httpd.conf
AddType application/x-httpd-php .php .php3
AddType application/x-httpd-php-source .phps
The .php3 extension is included in the above line for the sake of backward
compatibility, i.e., when you need to run, for example, previous written
PHP scripts with that particular file extension.
You may also want to enable default index.php execution by adding index.php
and/or index.php3 to the following apache directive:
DirectoryIndex index.php index.html index.php3
IMPORTANT: Before you restart Apache, run the following command
to test your new configuration:
# /usr/local/apache/bin/apachectl configtest
4.6.3 Optional: Installing Zend Optimizer
Installing Zend Optimizer is optional but recommended since it speeds
things up (at least according to the www.zend.com website). To install,
run the install.sh script
after you untar the package. The ZendOptimizer_UserGuide.pdf
provides instructions on how to install the package.
For your information, if the install.sh
script does not work, you can install Zend Optimizer manually as shown
below (copied directly from OLDER version of Zend optimizer package):
- Compile PHP 4.0 in non-debug mode - or else the Zend Optimizer won't
load. As of 4.0.1, this is the default, no special configure option
- Copy the ZendOptimizer.so
file (under data/4_3_x_com)
to your system; a good place to put it is in the /usr/local/Zend/lib
- Add the following two lines to your php.ini file; do not add any extra spaces or tabs:
- Restart your Apache web server
# /usr/local/apache/bin/apachectl restart
4.6.4 Test your new server configuration
You can test all the configurations by creating a file (name it info.php,
for example) and place it under the root directory of your web server.
(If you haven't modified the DocumentRoot option in the httpd.conf
file, the web server root is at /usr/local/apache/htdocs
folder.) The file should just contains one line:
<?php phpinfo(); ?>
Run the script through a web browser and you should see a list of web
server configuration parameters you have just set up.
Rename the file you just created as info.php.
Run it through your web browser. This will display your PHP installation
At this time, you can optionally reboot your machine to make sure that
the two servers (MySQL and Apache) are fired up at system reboot.
4.7 Optional: Install phpMyAdmin for
phpMyAdmin is optional, though I find it quite handy when administering
Untar the phpMyAdmin file in a protected folder such as the one we just
created above. It is suggested that you password protect the folder and
implement IP access restriction at the same time (See relevant instrutions
Modify the config.inc.php
file to add the root password of your MySQL server.
Remove the READ ('r') permission bit of this particular folder which
contains the phpMyAdmin scripts. To do this, you can simply use the following
% cd phpMyAdminfolder
% chmod go-r .
This will prevent those users with shell login privileges to read your
MySQL root passport through Shell (e.g., via telnet) access.
Now you can administer your MySQL database from a web browser.
Let us create our first database for use with the following PHPLIB installation.
- Create a database. It's easy with phpMyAdmin's web interface.
- Create a user in the mysql
database by adding a user to the user
There is no need to change any permissions in that table. That is, leave
anything else to N.
- Add the user info to the db
table of the mysql database
and change permissions for select,
insert, delete and update
to Y. Leave other permissions
You need to consult the MySQL manual for further information about its
privilege systems, etc.. Webmin also has support to MySQL administration.
Reload MySQL from the phpMyAdmin top page.
4.8 Optional: Install PHPLIB
Installing PHPLIB is optional but recommended if you are serious about
PHP scripting. PHPLIB is an excellent library that will enable you to
code in PHP more efficiently and cleanly.
Note that PHPLIB was first developed for PHP3 and there may be some incompatibility
issues involved with PHP4.
To install the library, do the following:
4.8.1 Uncompress the source code
Uncompress the downloaded tarball (phplib-7.4.tar.gz)
into a folder parallel to your web server's document root. For example,
if your web root is at /home/www/docroot,
you uncompress the phplib-7.4.tar.gz
file in the /home/www folder.
After uncompressing, you will find a new folder named phplib-7.4,
which further contains a subfolder called php. This is where the library
4.8.2 Modify the PHP init file
Edit the /usr/local/lib/php.ini
file by adding the following two lines:
include = "/path/to/the/php"
auto_prepend_file = "/path/to/prepend.php3"
4.8.3 Create a container database for PHPLIB to use
Now we need to create a database for PHPLIB to use. Add the appropriate
entries in MySQL:
where mydb is the database
and mydbuser/secrete the
username/password pair to be used by PHPLIB.
4.8.4 Add the database/username/password information to the local.inc
First, modify the DB_Example
lines in the local.inc
file to add the above information.
Then, run the following command:
$ /usr/local/mysql/bin/mysql -h localhost -u root -p mydb < /whateverpath/phplib-7.4/stuff/create_database.mysql
Now you should be able to use the PHPLIB for your coding. Check out this
sample code page
to see how to connect to a database with or without PHPLIB support.
PHPLIB can be customized for each virtual web server that is running
on your unix box via the apache httpd.conf
directive. If you need information or help with configuration,
please contact me.
4.9 Optional: Install DBI and Msql-Mysql
Sometimes you will find it more convinient to manipulate MySQL databases
using Perl. To do that, you need both the DBI and Msql-Mysql
modules installed. Those modules can be downloaded from www.cpan.org
Installing Perl mdules uses the following standard procedure:
# cd /path/to/perl-module
# perl Makefile.PL
# make test
# make install
You can ignore the error message about using proxy servers when installing
the DBI module. You will unlikely need this feature if you only use Perl
script to interface with the MySQL database on a localhost.
Another way of installing Perl modules is like this: Become the superuser
first and then:
# perl -MCPAN -e shell
Very often it is more convinient to use this method.
Sit back and take a break! You've done a great job within a very short
period of time.
Two pieces of simple SAMPLE CODES
can be found here to get started!
If you want to learn SQL in general, read this very informative tutorial. Tutorials on PHP
scripting can be found by following links provided on the official PHP
website (e.g., http://www.phpbuilder.com
also simplifies quite a few things.
Finally, the two must-haves are:
- MySQL Reference Manual;
- PHP Manual.
6. Previous versions
Older versions: 1.0, 1.1,
1.2, 2.0, 2.1
The standard disclaimer applies :-)
- This tutorial is provided as it is. Use it at your own risk! The
author is not responsible for any explicit or implicit damages of whatever
- Please check your local laws concerning installing security software
packages such as OpenSSL/mod_ssl on your system. The author of this
tutorial does not assume any responsibility (whether stated or implied)
of any kinds concerning the use of those software applications.
If you have any questions concerning this tutorial, feel free to use
the online form or
email me at email@example.com.