MySQL + Apache + PHP + (PHPLIB) + OpenSSL/mod_ssl Quick Installation Guide

(Version 1.1. Last modified: 2000-11-14. Older version is here.)

Table of contents

  1. Objectives
  2. Operating systems
  3. Software to download
  4. Installation
    1. Overview
    2. Installing OpenSSL
    3. Installing NET_SSLeay.pm
    4. Installing Webmin
    5. Installing MySQL
    6. Installing Apache (with mod_ssl support)
    7. Installing PHP
    8. Installing phpMyAdmin
    9. Installing PHPLIB
    10. Installing DBI
  5. After installation
    1. Simple sample code
  6. Disclaimer

This document is a quick guide to cook up a great web server (with database backend) out of a Unix box. It is meant for users with root access to their system. This tutorial has been tested on FreeBSD 4.1. With minor modifications such as folder paths or location of system init files, the instructions provided here should be applicable to other Unix systems as well.

All the instructions provided in this tutorial are either available online or included in those INSTALL/README docs that come with the various source packages. It took me quite a while to put the different pieces of the puzzle together. Hence here is a quick tutorial to save you some time. Please note that this tutorial is by no means a substitution of the original documentation from those packages. It is suggested that you consult them whenever necessary.

Please read the Disclaimer before you proceed!

Recommended: In order to compile MySQL successfully with reasonable speed, it is suggested that your machine has a 100MHz (or better) CPU with 64M+ RAM. (Note: I was able in installing MySQL 3.22.32 on a system with 32M of RAM but it took for ever to finish.)

1. Objectives

There are two objectives we want to achieve:

  1. A web server with database support on a Unix system. Specifically, we are talking about running the Apache web server with MySQL as the database backend, PHP as the server-side scripting language, and OpenSSL/mod_ssl for secure data transmission. Further, for backward compatibility reasons, both verisons of PHP (PHP3 and PHP4) will be installed as two dynamically linked modules on the same Apache server.
  2. Web-based interfaces for performing most system administration tasks including Apache and MySQL configuration/administration.

2. Operating system(s)

Instructions provided in this tutorial have been tested on FreeBSD 4.1. With a few modifications such as system init scripts, the installation instructions provided here should be applicable to other Unix flavors. Notes about (RedHat) Linux will be provided where appropriate.

My FreeBSD box is a minimal installation, i.e., bare-bone OS including the necessary compilers, etc.. When you have a fresh FreeBSD installation, choose the 'minimal installation' option if you are going to use your Unix box as a server (e.g., for web and email services) only (i.e., without using the X-window system).

3. Software to download

Grab the following packages (source code only (in .tar.gz tarballs) but not pre-compiled binaries) onto your system. Save them in the same folder, e.g., /tmp/downloads. Note that by the time you read this tutorial, version numbers may be different.

  • Apache: (http://www.apache.org/): Version 1.3.14. Web server software;
  • MySQL (http://www.mysql.com/): Version: 3.23.25 (beta). Database server engine. Download the full source tarball;
  • PHP (http://www.php.net/): Version 3.0.17 and 4.0.3pl1. Server-side scripting language. For backward compatibility reasons, both versions will be installed as dynamically linked Apache modules;
  • PHPLIB (phplib.netuse.de): Version 7.2b. A library of PHP codes for clean and efficient PHP scripting and extra functionality such as session management, authentication, etc.. A must-have if you are serious about web application development using PHP;
  • DBI (www.cpan.org/modules/by-module/DBI/): Version 1.14. A Perl module which enables Perl scripts to interface with MySQL. You will need it sooner or later on if you want to use MySQL extensively;
  • phpMyAdmin (phpwizard.net/phpMyAdmin): Version 2.1.0. A web-based tool for administering MySQL;
  • Webmin (http://www.webmin.com/): Version 0.82. Web-based administration tools for Unix systems. A great handy tool;
  • OpenSSL (http://www.openssl.org): Version 0.9.6. Encryption software;
  • mod_ssl (http://www.modssl.org). Version 2.7.0-1.3.14. An apache module for encrypted (and secure?) data transfer;
  • MM (shared memory library) (http://www.engelschall.com/sw/mm/): Version 1.1.3. Shared memory management software for such Apache modules as mod_ssl and mod_php, etc.;
  • Net_SSLeay.pm (http://www.perl.com/CPAN-local/authors/id/S/SA/SAMPO/): Version 1.05. Perl module that would be used by Webmin for secure connection.

We will use /usr/src/local as the folder to store all the downloaded packages. Before installation, you need to become the superuser. Also we need to create the /usr/src/local folder.

% su root 
# mkdir /usr/src/local
# cd /usr/src/local

Suppose you downloaded all the software packages in the /tmp/downloads folder:

# cp /tmp/downloads/* ./

Now, unpack all the gzip'ed and tarred files. For example,

# gunzip apache_1.3.14.tar.gz 
# tar xvf apache_1.3.14.tar

Repeat the above procedure for every gzipped tarball you've downloaded.

4. Installation

4.1 Overview

We are going to install the different packages in the order given below:

  1. OpenSSL
  2. Net_SSLeay (Perl module. Requires Perl5.005 or better)
  3. Webmin
  4. MySQL
  5. Apache (with MM, mod_ssl, etc.)
  6. PHP
  7. phpMyAdmin
  8. PHPLIB
  9. DBI

It is suggested that you follow the order of installation as given above, since some task(s) to be performed may rely on previous task(s) performed.

Further, PHP will be installed as dynamically linked modules within the Apache web server.

4.2 Install OpenSSL

# cd openssl-0.9.6/
# ./config \
          -no-idea \                  (European users*)
          -fPIC
# make
# make test
# make install
# cd ..

* Copied from mod_ssl INSTALL file. Haven't looked into why this option should be added here.

4.3 Install Net_SSLeay

Install the Perl module as follows:

# cd Net_SSLeay.pm-1.05
# perl Makefile.PL
# make test
# make install  

Note that during 'make test', you may get error messages saying that the test is not OK. This happens when testing against external sites. You can ignore this message and continue with 'make install'.

4.4 Install Webmin

Webmin is an excellent web-based administration tools package for various Unix systems. With the package installed, you can perform many system tasks such as user management, Samba and Apache configuration, etc. through a web browser.

Suppose that you have already unpacked the Webmin tarball, you can install the package using the following command:

# cd webmin-0.82
# ./setup.sh

During installation, just accept all the defaults when prompted (except, of course, the administrator's username and password). 

If you use the default port number for Webmin installation with secure connection support, you can access your Webmin installation using:

https://hostname:10000

Without encryption, you use 'http://' instead.

Don't forget to restrict access privileges to the IPs that you use. To do this, use the Webmin Configuration module and set up restricted IP address(es). You can do this after everything is installed.

(To uninstall Webmin, find the unstall.sh script and run it. If you accept the default settings during installation, the uninstall.sh script is located in the /etc/webmin/ folder.)

4.5 Install MySQL

Install MySQL is as easy as taking the following three steps:

4.5.1 Compile and install the software

# pw groupadd mysql
# pw useradd mysql -g mysql -d /usr/local/mysql -s /nonexistent
# ./configure --prefix=/usr/local/mysql 
# make
# make install

Notes:

  1. The pw command is for FreeBSD system only. If you are using other Unix systems, please use the corresponding commands. Alternatively, you can use WebMin to add the mysql group and username. Just remember to disable the shell login for the mysql user.
  2. the option --prefix=/usr/local/mysql will get all MySQL files installed under that particular folder. Another common option is to use --prefix=/usr/local. Either option will work but the former is my personal preference. As far as I can see, the advantage of using the former is that when you want to uninstall the package, you just trash the entire /usr/local/mysql folder without worrying about accidentally deleting other system files.

4.5.2 Run MySQL for the first time

After MySQL is installed, run the following commands only ONCE:

# /usr/local/mysql/bin/mysql_install_db
# chown -R mysql /usr/local/mysql 
# chgrp -R mysql /usr/local/mysql 
# /usr/local/mysql/bin/safe_mysqld --user=mysql &
# /usr/local/mysql/bin/mysqladmin -u root password newpassword

where newpassword is the password you choose for the root.

4.5.3 Start MySQL after system reboot

This step is to link MySQL initiating script with system initiating process so that it will be restarted after each system reboot.

There is a file called mysql.server within your unpacked mysql-3.23.25/support-files folder.

On FreeBSD

Copy the same mysql-3.23.25/support-files/mysql.server file into, for example, the /etc folder and make it executable.

# cp mysql.server /etc/
# chmod 755 /etc/mysql.server

Add the following line into the /etc/rc.local file. If there is no rc.local file, create one yourself (and make it executable).

/etc/mysql.server start

Change two lines in the mysql.server script. 

1) Add the --user=mysql option to the script. Locate the following line (Line 85 or nearby) and add the option. After modification, the line should look like the following:

         $bindir/safe_mysqld --user=mysql \ --datadir=$datadir --pid-file=$pid_file &

2) Change the pid location (Around Line 26) where you see something like the following:
         
         pid_file=/usr/local/mysql/var/mysqld.pid     

Instead of using mysqld.pid, it uses full-hostname.pid now. For example, my hostname is lingua.mtsu.edu and the line in my script looks like this:
     
      pid_file=/usr/local/mysql/var/lingua.mtsu.edu.pid

On a Linux box

Copy the file mysql-3.23.25/support-files/mysql.server into the /etc/rc.d/init.d/ folder and create a softlink in the /etc/rc.d/rc3.d folder. e.g.

# ln -s /etc/rc.d/init.d/mysql.server /etc/rc.d/rc3.d/S91mysql

We need to make mysql.server excutable so that it will be called up when the system reboots:

# chmod a+x /etc/rc.d/init.d/mysql.server

Again, you need to modify the mysql.server script as per instruction in the FreeBSD subsection.

4.6 Install Apache (with Zend Optimizer)

PHP can be built into Apache in two modes: 1) Statically linked; 2) Dynamically linked. In this tutorial, we build dynamically linked PHP modules. If you are not clear about the difference between 'statically' and 'dynamically' linked installation, it is suggested that you follow the instructions provided here. Otherwise, please take a look at the older version of this tutorial (Note that the older version is no longer updated).

Installing Apache and PHP involves six steps in the following order:

  1. Install MM (shared memory);
  2. Install Apache;
  3. Install PHP3 and PHP4;
  4. Configure Apache for running PHP;
  5. Create and link system init scripts;
  6. Manually fire up Apache;
  7. Test your installation.

4.6.1 Compile the MM Shared Memory Library

# cd mm-1.1.3/
# ./configure --disable-shared
# make
# make test
# cd ..

4.6.2 Compile and build mod_ssl

# cd mod_ssl-2.7.1-1.3.14
# ./configure --with-apache=../apache_1.3.14
# cd ..

4.6.3 Compile and install Apache

Suppose that both Apache and PHP files are untarred under the same parent folder. Do the following:

# cd apache_1.3.14
# SSL_BASE=../openssl-0.9.6 \
  EAPI_MM=../mm-1.1.3 \
  ./configure \
  --prefix=/usr/local/apache \
  --enable-module=ssl \
  --enable-module=so \
  --enable-module=log_agent \
  --enable-module=log_referer \
  --enable-module=proxy \
  --enable-module=rewrite \
  --enable-module=speling \
  --enable-module=usertrack \
  --enable-module=vhost_alias
# make
# make certificate TYPE=dummy
# make install

Note the use of --prefix=/usr/local/apache option, which will get all Apache files installed in the /usr/local/apache folder.

If you encounter problem running the above configure command (with tons of options :-)), you can create a text file with all the 'configure' options in it and execute that file. For example, your text file can contain the following content (Modify it to meet your own needs):

SSL_BASE=../openssl-0.9.6 \
EAPI_MM=../mm-1.1.3 \
./configure \
  --prefix=/usr/local/apache \
  --enable-module=ssl \
  --enable-module=so \
  --enable-module=log_agent \
  --enable-module=log_referer \
  --enable-module=proxy \
  --enable-module=rewrite \
  --enable-module=speling \
  --enable-module=usertrack \
  --enable-module=vhost_alias

Suppose you edit the file and save it as 'myscript.txt'. Now you can issue the following command at the shell prompt:

# chmod +x myscript.txt
# ./myscript.txt

Take a look at http://httpd.apache.org/docs/mod/index.html for all available modules.

The command './configure --help' will give you a list of all the modules available.

4.6.4 Create a protected folder (for installing phpMyAdmin)

By default, all the files and folder under the web root folder is viewable by everyone. If you need to restrict access to a certain web folder, you need to create a login name for authentication. Note that this login name is different from (Shell) user accounts on your Unix box. You can choose any login name.

4.6.5 Create a login name for authentication

The following command will create a login name mynewuser which can be used for authentication to access a protected folder.

# /usr/local/apache/bin/htpasswd -c \
	/home/www/userdb/userfile mynewuser

where /home/www/userdb is the folder which contains the file userfile which in turn contains the username mynewuser. With the option -c, username will be created. Otherwise the useerfile will be updated (when, for example, you want to change the password associated with the username).

4.6.6 Set up a password protected folder

Suppose the folder /home/www/securefoldername needs to be protected. In the /usr/local/apache/conf/httpd.conf file, add the following:

<Directory "/home/www/securefoldername">
AllowOverride AuthConfig
AuthName "MYCOMMUNITY"
AuthType Basic
AuthUserFile /home/www/userdb/userfile
Order deny,allow
Deny from all
Allow from .mydomain.com
</Directory>

Note that 'MYCOMMUNITY' is an arbitrary string I choose. You can use a different string as long as you keep it consistent in the following .htaccess file.

In the /home/www/securefoldername folder, create the .htaccess file (don't forget  about the dot (.) in front of htaccess) which contains the following lines:

AuthName "MYCOMMUNITY"
AuthType Basic
AuthUserFile /home/www/userdb/userfile
AuthGroupFile /dev/null
Require user mynewuser

The /home/www/securefoldername will now be protected with basic authentication. Only the username 'mynewuser' from a computer within .mydomain.com will be able to view pages hosted within that folder. We will use this folder to install the phpMyAdmin files.

4.6.7 Modifying system init file

To manually start Apache 

# /usr/local/apache/bin/apachectl start

To start apache in secure mode:

# /usr/local/apache/bin/apachectl startssl

To automatically start Apache at system reboot, do the following:

Linux

The /etc/rc.d/rc.local file can be modified so that Apache will be fired at system reboot. Add the following line at the very end of the file:

/usr/local/apache/bin/apachectl start

FreeBSD

Add the following line to the /etc/rc.local file (after the line that initiates MySQL):

/usr/local/apache/bin/apachectl start

Add the following line to the /etc/rc.shutdown file (before the line that shuts down MySQL):

/usr/local/apache/bin/apachectl stop

4.7 Install PHP

We are going to compile both PHP3 and PHP4 as two different dynamically linked modules in Apache. If you don't want PHP3, you can simply compile and install PHP4 alone.

4.7.1 Compile and install PHP

First, we compile and install PHP3.

# cd ../php-3.0.17
# EAPI_MM=../mm-1.1.3 \
  ./configure --with-apxs=/usr/local/apache/bin/apxs \
	--enable-versioning --with-mysql --enable-track-vars
# make
# make install
# cp php3.ini-dist /usr/local/lib/php3.ini

Next, we compile and install PHP4.

# cd ../php-4.0.3pl1
# EAPI_MM=../mm-1.1.3 \
  ./configure --with-apxs=/usr/local/apache/bin/apxs \
	--enable-versioning --with-mysql --enable-track-vars
# make
# make install
# cp php.ini-dist /usr/local/lib/php.ini

Again, if the configure command has too many options, simple create a text file, put everything in it and then execute it.

4.7.2 Installing Zend Optimizer

The following is quoted directly from the FAQ.txt of Zend Optimizer: 

Under UNIX:
1.      Compile PHP 4.0 in non-debug mode - or else the Zend Optimizer won't
        load. As of 4.0.1, this is the default, no special configure option
        is required.
2.      Copy the ZendOptimizer.so file to your system; a good place to put it
        is in the /usr/local/Zend/lib directory.
3.      Add the following two lines to your php.ini file; do not add any extra
        spaces or tabs:
        zend_optimizer.optimization_level=15
        zend_extension="/usr/local/Zend/lib/ZendOptimizer.so"
4.      Restart your Apache web server; for recent Apache 1.3.* versions use the
        command apachectl restart.

4.7.3 Configure Apache to enable PHP scripting

This is done by modifying the /usr/local/apache/conf/httpd.conf file and make sure the following line is present exactly as below (What you need to do is to uncomment (i.e., delete the # sign at the beginning of) the two lines in the default httpd.conf file):

AddType application/x-httpd-php3 .php3
AddType application/x-httpd-php3-source .phps
AddType application/x-httpd-php .php
AddType application/x-httpd-php-source .phps

You need to restart Apache to let the changes take effect.

4.7.4 Test your new server configuration

You can test all the configurations by creating a file (name it info.php3, for example) and place it under the root directory of your web server. (If you haven't modified the DocumentRoot option in the httpd.conf file, the web server root is at /usr/local/apache/htdocs folder.) The file should just contains one line:

<?php phpinfo() ?>

Run the script from a web browser and you should see a list of web server configuration parameters.

Rename the file you just created as info.php. Run it through your web browser. This will display your PHP4 installation.

At this time, you can optionally reboot your Linux box to make sure that the two servers (MySQL and Apache) are fired up at system reboot.

4.8 Install phpMyAdmin for MySQL administration

Untar the phpMyAdmin file in a protected folder such as the one we just created above. It is suggested that you password protect the folder and implement IP access restriction at the same time (See relevant instrutions above).

Modify the config.inc.php3 file to add the root password of your MySQL server.

Remove the READ ('r') permission bit of this particular folder which contains the phpMyAdmin scripts. To do this, you can simply use the following command:

% cd phpMyAdminfolder
% chmod go-r .

This will prevent those users with shell login privileges to read your MySQL root passport through terminal (e.g., telnet) access.

Now you can administer your MySQL database from a web browser.

Let us create our first database for use with the following PHPLIB installation.

  1. Create a database. It's easy with phpMyAdmin's web interface.
  2. Create a user in the mysql database by adding a user to the user table.
    E.g., username=mydbuser, password=secret, host=localhost.
    There is no need to change any permissions in that table. That is, leave anything else to N.
  3. Add the user info to the db table of the mysql database and change permissions for select, insert, delete and update to Y. Leave other permissions untouched.

You need to consult the MySQL manual for further information about permissions, etc.. The latest Webmin (0.79) also has limited support to MySQL administration. Reload MySQL from the phpMyAdmin top page.

4.9 Install PHPLIB

Installing PHPLIB is optional but STRONGLY recommended if you are serious about PHP scripting. PHPLIB is an excellent library that will enable you to code in PHP more efficiently and cleanly.

To install the library, untar the downloaded file into a folder parallel to your web server's document root. For example, if your web root is at /home/www/DocRoot, you can place PHPLIB files under /home/www/phplib72.

Edit the /usr/local/lib/php3.ini file by adding the following two lines:

include = "/path/to/the/phpfolder"
auto_prepend_file =  "/path/to/thefile/prepend.php3"

Add the appropriate entries in MySQL:

Host: localhost
Database: mydb
Username: mydbuser
Password: secrete

Modify the DB_Example lines in the local.inc file to add the above information.

Run the following command: 

$ /usr/local/mysql/bin/mysql -h localhost -u root -p mydb < /whateverpath/to/create_database.mysql

Now you should be able to use the PHPLIB for your coding. Check out this sample code page to see how to connect to a database with or without PHPLIB support.

PHPLIB can be customized for each virtual web server that is running on your unix box. If you need information or help with configuration, please contact me.

4.10 Install DBI

DBI is a Perl module that enables interfacing with MySQL from a Perl script. One way or the other, you will need it for writing Perl scripts to interact with MySQL.

To install it, follow the instructions below:

# perl Makefile.PL
# make
# make test
# make install

You can ignore the error message about using proxy servers. You will unlikely need this feature if you only use Perl script to interface with the MySQL database on a localhost.

5 After installation

Sit back and take a break! You've done a great job within a very short period of time.

Now it is time for you to read those manuals to get started with scripting. The two must-haves are:

  1. MySQL Reference Manual;
  2. PHP Manual.

If you want to learn SQL, read this very informative tutorial. Tutorials on PHP scripting can be found by following links provided on the official PHP website. If you are serious about PHP scripting, http://www.phpbuilder.com/ is the place to check out. http://www.webmonkey.com/ is also a great place for tutorials.

If you want to code cleanly and quickly and develop serious web applications, please read the PHPLIB document. One way or the other, you will like it.

Two pieces of simple SAMPLE CODES can be found here.

6. Disclaimer

1) This tutorial is provided for you reference only. Use it at your own risk! The author is not responsible for any possible damage that may happen to you or your computer. 

2) Please check your local laws concerning installing security software packages such as OpenSSL/mod_ssl on your system. The author of this tutorial does not assume any responsibility (whether stated or implied) of any kind concerning the use of those software applications.

If you have any questions concerning this tutorial, feel free to contact me through the online form.

Happy coding!