(Version 2.0. Last modified: 2002-05-27. Older versions: 1.0, 1.1., 1.2)
This is my quick cookbook of a web server (with database backend) out of a Unix box. Most instructions found in this tutorial are either available online or included in those INSTALL/README docs that come with the source packages. It took me quite a while to put all the pieces of the puzzle together. Hence here is this document to save you some time. Please note that this tutorial is by no means a substitution of the original documentation from those packages. It is suggested that you consult them whenever necessary.
Please read the Disclaimer before you proceed!
It is recommended that you read, or at least skim through this document before attempting to build and install the software packages.
To print this document, it is suggest that you use Netscape Version 4 (for better printout layout).
There are two objectives we want to achieve:
In order to compile MySQL successfully with reasonable speed, it is suggested that your machine has a 200MHz (or better) CPU with 64M+ RAM. (Note: I was able in installing MySQL 3.22.32 on a system with 32M of RAM but it took for ever to finish.)
I will use the # sign to indicate that the shell command is to be executed by the superuser (root) and the % sign by ordinary shell user in the rest of this tutorial.
Instructions provided in this tutorial have been tested on FreeBSD 4.5 (http://www.freebsd.org) (Previous versions were tested on FreeBSD 4.1, 4.3 and Linux 6.2, respectively). With minor modifications such as folder paths or location of system init files, the instructions provided here should be applicable to other UNIX systems as well.
My FreeBSD box is a 'minimal installation', i.e., bare-bone OS that contains the necessary compilers, etc.. When you have a fresh FreeBSD installation, choose the 'minimal installation' option if you are going to use your UNIX box as a server (e.g., for web and email services) only (i.e., without using the X-window system).
With a few modifications such as system init scripts, the installation instructions provided here should be applicable to other UNIX flavors. Notes about Linux will be provided where appropriate.
We will use /usr/src/local as the folder to store all the downloaded packages. Before downloading, you need to become the superuser and create the /usr/src/local folder.
% su root # mkdir /usr/src/local # cd /usr/src/local
Now grab all the source packages listed below. Remember to download the source code only (but not pre-compiled binary packages). Note also that by the time you read this tutorial, version numbers may be different.
Suppose we save all the downloaded software packages in the /usr/src/local folder, we now unpack all the gzipped and tarred files. For example, to unpack the apache package, we issue the following commands:
# gunzip apache_1.3.20.tar.gz # tar xvf apache_1.3.20.tar
(Or alternatively, you can use
# tar zxvf apache_1.3.20.tar.gz
to unpack the gzipped tarball all at once if the tar on your system supports the z option.)
Repeat the above procedure for every gzipped tarball you have downloaded.
We are going to install the different packages in the order given below:
It is suggested that you follow the order of installation as given above, since some packages (e.g., mod_ssl) will depend on other packages (being installed properly).
Further, PHP Version 4 will be installed as dynamically linked modules within the Apache web server, whereas PHP3 is an optional installation.
Please read the LEGAL NOTICE at http://www.openssl.org concerning the use of strong cryptography software in your country or location.
If you are not interested in running Apache for secure transactions (that requires mod_ssl), you can skip this section.
FreeBSD (Version 4.3 or later) comes with OpenSSL 0.9.6 preinstalled as part of the base OS. This part is provided just in case your systems does not have it or you want to upgrade it to the latest version (The latest version of OpenSSL is 0.9.6d as of 2002-05-13).
# cd openssl-0.9.6d/ # ./config # make # make test # make install # cd ..
* Copied from mod_ssl INSTALL file. I do not know why this option should be added here.
Net_SSLeay.pm is a Perl module that is optionally required by the Webmin package for secure data transmission between your browser and Webmin. It is strongly recommended that you install this module.
Install the Perl module as follows:
# cd Net_SSLeay.pm-1.15 # perl Makefile.PL # make test # make install
Note
Webmin is an excellent web-based administration tools package for various Unix systems. With the package installed, you can perform many system tasks such as user management, Samba and Apache configuration, etc. through a web browser.
Suppose that you have already unpacked the Webmin tarball, you can install the package using the following command:
# cd webmin-0.970 # ./setup.sh
During installation, just accept all the defaults when prompted (except, of course, the administrator's username and password). Note that the installation script will automatically test to see if you have NET_SSLeay installed. If it finds it, it will install webmin with secure transaction.
If you use the default port number for Webmin installation with secure connection support, you can access your Webmin installation using:
https://hostname:10000
Without encryption, you will use http:// instead.
Don't forget to restrict access privileges to the IPs that you use. To do this, use the Webmin Configuration module and set up restricted IP address(es) (Webmin configuration -> IP access control). You can do this after everything is installed.
(To uninstall Webmin, find the unstall.sh script and run it. If you accept the default settings during installation, the uninstall.sh script is located in the /etc/webmin/ folder.)
Installing MySQL involves four steps:
We will create a user account called mysql and a group account mysql. Again, the account is to be used for running MySQL in a sandbox. The following applies to FreeBSD:
# pw groupadd mysql # pw useradd mysql -g mysql -d /usr/local/mysql -s /nonexistent
The pw command is for FreeBSD system only. If you are using other Unix systems, please use the corresponding commands on your system. Alternatively, you can use Webmin to add the mysql group and username.
Remember to disable the shell login for the mysql user! (FYI, in our case, the -s /nonexistent option does the trick.)
We will install everything under the /usr/local/mysql folder
# cd mysql-3.23.49 # ./configure --prefix=/usr/local/mysql # make # make install
Note
After MySQL is installed, run the following commands only ONCE:
# /usr/local/mysql/bin/mysql_install_db # chown -R mysql /usr/local/mysql/var # chgrp -R mysql /usr/local/mysql/var # /usr/local/mysql/bin/safe_mysqld --user=mysql & # /usr/local/mysql/bin/mysqladmin -u root password newpassword
where newpassword is the password you choose for the root.
This step is to automatically start or stop mysql when system reboots.
There is a file called mysql.server within your unpacked mysql-3.23.49/support-files folder.
On FreeBSD
Copy the same mysql-3.23.38/support-files/mysql.server file into the /usr/local/etc/rc.d folder, rename it as mysql.server.sh and make it executable.
# cp mysql.server /usr/local/etc/rc.d/mysql.server.sh # chmod 755 /usr/local/etc/rc.d/mysql.server.sh
Modify one line in the mysql.server.sh script to let mysql server run as the user mysql. Locate the following line (Line 107or nearby)
$bindir/safe_mysqld --datadir=$datadir --pid-file=$pid_file &
and add the --user=mysql option. After modification, the line should look like the following:
$bindir/safe_mysqld --user=mysql --datadir=$datadir --pid-file=$pid_file &
Notes:
/etc/mysql.server.sh startAdd the following line into the /etc/rc.shutdown file:
/etc/rc.d/mysql.server stop
On a Linux box
Copy the mysql-3.23.49/support-files/mysql.server file into the /etc/rc.d/init.d/ folder and create a softlink in the /etc/rc.d/rc3.d folder. e.g.
# ln -s /etc/rc.d/init.d/mysql.server.sh /etc/rc.d/rc3.d/S91mysql
We need to make mysql.server excutable so that it will be fired up when the system reboots:
# chmod 755 /etc/rc.d/init.d/mysql.server.sh
Again, you need to modify the mysql.server script to include the --user=mysql option as per instruction in the FreeBSD subsection above.
4.4.5 Secure MySQL
It is strongly suggested that you read the following document about securing your MySQL server after you install everything covered in this tutorial:
In particular, read this page to find out how MySQL privilege system works.
If you are impatient :-), here is a minimal configuration to get things started (All the operations are done to the mysql database (which is automatically set up when you run the install_db command mentioned above. You can use the phpMyAdmin tool (to be installed later at this tutorial) for configuration.):
This will allow foo to access the database mydb with the select, insert, update and delete privileges from localhost only.
PHP can be built into Apache in two modes: 1) Statically linked; 2) Dynamically linked. In this tutorial, we build dynamically linked PHP modules. If you are not clear about the difference between 'statically' and 'dynamically' linked installation, it is suggested that you follow the instructions provided here. Otherwise, please take a look at the older version of this tutorial for building PHP as a static module (Note that the older version is no longer updated).
Installing Apache and PHP involves six steps in the following order:
Note: Instructions for compiling both MM and mod_ssl come from the INSTALL file from the mod_ssl package.
# cd mm-1.1.3/ # ./configure --disable-shared # make # make test # cd ..
We will just run the configure command below (but NOT make).
# cd mod_ssl-2.8.8-1.3.24 # ./configure --with-apache=../apache_1.3.24 # cd ..
Note:
Please ignore the following message that will occur after you run the above configure command:
Now proceed with the following commands (Bourne-Shell syntax):$ cd ../apache_1.3.24 $ SSL_BASE=/path/to/openssl ./configure ... --enable-module=ssl $ make $ make certificate $ make install
We will take care of making certificate when compiling and installing the apache server.
We will install apache under the /usr/local/apache folder. Modify the --prefix= option if you want to install it elsewhere.
Suppose that both Apache and other packages (e.g., mod_ssl, mm, etc.) are untarred under the same parent folder. The installation commands are listed below. Read the notes below for some explanation before running them.
# cd apache_1.3.24 # SSL_BASE=../openssl-0.9.6d \ EAPI_MM=../mm-1.1.3 \ ./configure \ --prefix=/usr/local/apache \ --enable-module=ssl \ --enable-module=so \ --enable-module=log_agent \ --enable-module=log_referer \ --enable-module=proxy \ --enable-module=rewrite \ --enable-module=speling \ --enable-module=usertrack \ --enable-module=vhost_alias # make # make certificate TYPE=dummy # make install
SSL_BASE=../openssl-0.9.6d \ EAPI_MM=../mm-1.1.3 \ ./configure \ --prefix=/usr/local/apache \ --enable-module=ssl \ --enable-module=so \ --enable-module=log_agent \ --enable-module=log_referer \ --enable-module=proxy \ --enable-module=rewrite \ --enable-module=speling \ --enable-module=usertrack \ --enable-module=vhost_alias --disable-module=includeSuppose you edit the file and save it as apacheconfig.sh. You can issue the following command at the shell prompt:
# chmod +x apacheconfig.sh # ./apacheconfig.sh
By default, all the files and folder under the web root folder is viewable by everyone. If you need to restrict access to a certain web folder (which is the case for running phpMyAdmin), you need to create a login name for authentication. Note that this login name is different from (Shell) user accounts on your Unix box. You can choose any login name.
The following command will create a login name mynewuser which can be used for authentication to access a protected folder.
# /usr/local/apache/bin/htpasswd -c /home/www/userdb/userfile mynewuser
where /home/www/userdb is the folder which contains the file userfile which in turn contains the username mynewuser. With the option -c, a new userfile will be created. Otherwise the userfile will be updated (when, for example, you want to add a new user to the existing userfile or change the password associated with the username).
Suppose the folder /home/www/securefoldername needs to be protected. Only an authenticated user (which requires login with both a username and password) from a certain IP address (in our example, the 192.168 subnet or with the domain name .example.com) can access it. In the /usr/local/apache/conf/httpd.conf file, add the following:
<Directory "/home/www/securefoldername"> AllowOverride AuthConfig AuthName "MYCOMMUNITY" AuthType Basic AuthUserFile /home/www/userdb/userfile
Order deny,allow Deny from all Allow from .example.com 192.168.
</Directory>
Note that MYCOMMUNITY is an arbitrary string I choose. You can use a different string as long as you keep it consistent in the following .htaccess file. If you do not want IP address restriction (so that you can access the folder from anywhere, simply comment out the three lines in bold.
In the /home/www/securefoldername folder, create the .htaccess file (don't forget about the leading dot (.) in front of htaccess) which contains the following lines:
AuthName "MYCOMMUNITY" AuthType Basic AuthUserFile /home/www/userdb/userfile AuthGroupFile /dev/null Require user mynewuser
The /home/www/securefoldername will now be protected with basic authentication (i.e., username/password are passed along in clear text). Only the username mynewuser from a computer whose IP address is in the 192.168 subnet or whose IP address can be mapped onto the .example.com domain will be able to view pages hosted within that folder. We will use this folder to install the phpMyAdmin files later.
To manually start Apache
# /usr/local/apache/bin/apachectl start
To start apache in secure mode:
# /usr/local/apache/bin/apachectl startssl
To automatically start Apache at system reboot, do the following:
Create a soft link to the apachectl script as follows:
# ln -s /usr/local/apache/bin/apachectl /usr/local/etc/rc.d/apachectl.sh
Note that you have to include the .sh extension to the soft link.
The /etc/rc.d/rc.local file can be modified so that Apache will be fired at system reboot. Add the following line at the very end of the file:
/usr/local/apache/bin/apachectl start
We are going to compile PHP4 as a dynamically linked module in Apache.
First, we compile and install PHP4.
# cd ../php-4.2.1 # EAPI_MM=../mm-1.1.3 \ ./configure --with-apxs=/usr/local/apache/bin/apxs \ --with-mysql=/usr/local/mysql --enable-track-vars # make # make install # cp php.ini-dist /usr/local/lib/php.ini
Again, if the configure command has too many options, simply create a text file, put everything in it and execute it.
Note that there is an optimized php.ini file called php.ini-optimized. Please read the documentation about the differences between the two php.ini files. If you want to be on the safe side, use the generic php.ini-dist file.
This is done by modifying the /usr/local/apache/conf/httpd.conf file and make sure the following line is present exactly as below (What you need to do is to uncomment (i.e., delete the # sign at the beginning of) the two lines in the default httpd.conf file):
AddType application/x-httpd-php .php .php3 AddType application/x-httpd-php-source .phps
The .php3 extension is included in the above line for the sake of backward compatibility, i.e., when you need to run, for example, previous written PHP scripts (such as PHPLIB below) with that particular file extension.
IMPORTANT: Before you restart Apache, run the following command to test your new configuration:
# /usr/local/apache/bin/apachectl configtest
Installing Zend Optimizer is optional. To install, run the install.sh script after you untar the package. The UserGuide.pdf provides instructions on how to install the package.
For your information, if the install.sh script does not work, you can install Zend Optimizer manually as shown below (copied directly from OLDER version of Zend optimizer package):
Under UNIX:
Now you can restart Apache to let the changes taking effect. Run this command:
# /usr/local/apache/bin/apachectl restart
You can test all the configurations by creating a file (name it info.php, for example) and place it under the root directory of your web server. (If you haven't modified the DocumentRoot option in the httpd.conf file, the web server root is at /usr/local/apache/htdocs folder.) The file should just contains one line:
<?php phpinfo(); ?>
Run the script through a web browser and you should see a list of web server configuration parameters you have just set up.
Rename the file you just created as info.php. Run it through your web browser. This will display your PHP installation parameters.
At this time, you can optionally reboot your machine to make sure that the two servers (MySQL and Apache) are fired up at system reboot.
phpMyAdmin is optional, though I find it quite handy when administering MySQL server.
Untar the phpMyAdmin file in a protected folder such as the one we just created above. It is suggested that you password protect the folder and implement IP access restriction at the same time (See relevant instrutions above).
Modify the config.inc.php file to add the root password of your MySQL server.
Remove the READ ('r') permission bit of this particular folder which contains the phpMyAdmin scripts. To do this, you can simply use the following command:
% cd phpMyAdminfolder % chmod go-r .
This will prevent those users with shell login privileges to read your MySQL root passport through Shell (e.g., via telnet) access.
Now you can administer your MySQL database from a web browser.
Let us create our first database for use with the following PHPLIB installation.
You need to consult the MySQL manual for further information about its privilege systems, etc.. The latest Webmin (0.970) also has support to MySQL administration. Reload MySQL from the phpMyAdmin top page.
Installing PHPLIB is optional but recommended if you are serious about PHP scripting. PHPLIB is an excellent library that will enable you to code in PHP more efficiently and cleanly.
Note that PHPLIB was developed for PHP3 and there may be some incompatibility issues involved with PHP4.
To install the library, do the following:
4.8.1 Uncompress the source code
Uncompress the downloaded tarball (phplib-7.2d.tar.gz) into a folder parallel to your web server's document root. For example, if your web root is at /home/www/docroot, you uncompress the phplib-7.2d.tar.gz file in the /home/www folder.
After uncompressing, you will find a new folder named phplib-7.2d, which further contains a subfolder called php. This is where the library code is.
4.8.2 Modify the PHP init file
Edit the /usr/local/lib/php.ini file by adding the following two lines:
include = "/path/to/the/php" auto_prepend_file = "/path/to/prepend.php3"
4.8.3 Create a container database for PHPLIB to use
Now we need to create a database for PHPLIB to use. Add the appropriate entries in MySQL:
Host: localhost Database: mydb Username: mydbuser Password: secrete
where mydb is the database and mydbuser/secrete the username/password pair to be used by PHPLIB.
4.8.4 Add the database/username/password information to the local.inc file
First, modify the DB_Example lines in the local.inc file to add the above information.
Then, run the following command:
$ /usr/local/mysql/bin/mysql -h localhost -u root -p mydb < /whateverpath/phplib-7.2d/stuff/create_database.mysql
Now you should be able to use the PHPLIB for your coding. Check out this sample code page to see how to connect to a database with or without PHPLIB support.
PHPLIB can be customized for each virtual web server that is running on your unix box via the apache httpd.conf directive. If you need information or help with configuration, please contact me.
4.8.5 Upgrading PHP3 to PHP4 when a previous version of PHPLIB is already being used
There will be an error when running sessions if you use verions of PHPLIB before 7.2d. You need to modify two lines in the ct_sql.inc file in the 7.2d distribution. The detailed instruction can be found from http://marc.theaimsgroup.com/?l=phplib&m=96530430817679&w=2. (Local copy is here.)
mod_gzip (http://www.remotecommunications.com/apache/mod_gzip/) is an apache module that compresses HTML source codes on the fly, even including dynamically generated data such as those from PHP script output. It saves bandwidth!
In fact, you can customize your PHP4 installation by enabling its built-in compression function (c.f., the zlib compression directive in the /usr/local/lib/php.ini file). However, I'd suggest that you use mod_gzip instead, which compresses static pages (e.g., .html) as well.
Before you install the module, it is suggested that you visit its official website, especially the FAQ section!
The installtion instruction below is taken directly from the module's website. To install:
4.9.1 Download the source code
Download the source code (Current version: 1.3.19.1a) from http://www.remotecommunications.com/apache/mod_gzip/src/1.3.19.1a/mod_gzip.c and save it as mod_gzip.c in, for example, the /usr/src/local folder.
4.9.2 Compile it as Apache module
Run the apxs command to compile and install it as a dynamically linked module:
# /usr/local/apache/bin/apxs -i -a -c /usr/src/local/mod_gzip.c
4.9.3 Modify Apache runtime configuration file
Modify the httpd.conf file by
adding the following (by Michael Suszycki (02/21/2001), copied directly from
http://www.remotecommunications.com/apache/mod_gzip/src/1.3.19.1a/samples.txt).
mod_gzip_on yes mod_gzip_dechunk yes mod_gzip_keep_workfiles No mod_gzip_temp_dir /tmp mod_gzip_minimum_file_size 1002 mod_gzip_maximum_file_size 0 mod_gzip_maximum_inmem_size 1000000mod_gzip_item_include file \.htm$ mod_gzip_item_include file \.html$ mod_gzip_item_include mime text/.* mod_gzip_item_include file \.php$ mod_gzip_item_include mime "jserv-servlet" mod_gzip_item_include handler "jserv-servlet" mod_gzip_item_include mime "application/x-httpd-php.*" mod_gzip_item_include mime httpd/unix-directorymod_gzip_item_exclude file "\.css$" mod_gzip_item_exclude file "\.js$" mod_gzip_item_exclude file "\.wml$" LogFormat "%h %l %u %t \"%V %r\" %>s %b \ mod_gzip:%{mod_gzip_result}n In:%{mod_gzip_input_size}n \ Out:%{mod_gzip_output_size}n:%{mod_gzip_compression_ratio}npct." \ common_with_mod_gzip_info2 CustomLog /usr/local/apache/logs/mod_gzip common_with_mod_gzip_info2
Notes:
4.9.4 Test and run!
Test the new apache configuration:
# /usr/local/apache/bin/apachectl configtest
and if there is no error, restart the apache server:
# /usr/local/apache/bin/apachectl restart
To find out how much bandwidth has been saved, you can use the 'mgstat' tool!
Sometimes you will find it more convinient to manipulate MySQL databases using Perl. To do that, you need both the DBI and Msql-Mysql modules installed. Those modules can be downloaded from www.cpan.org or www.perl.com.
Installing Perl mdules uses the following standard procedure:
# cd /path/to/perl-module
# perl Makefile.PL # make # make test # make install
You can ignore the error message about using proxy servers when installing the DBI module. You will unlikely need this feature if you only use Perl script to interface with the MySQL database on a localhost.
Another way of installing Perl modules is like this: Become the superuser first and then:
# perl -MCPAN -e shell
Very often it is more convinient to use this method.
Sit back and take a break! You've done a great job within a very short period of time.
Two pieces of simple SAMPLE CODES can be found here to get started!
If you want to learn SQL in general, read this very informative tutorial. Tutorials on PHP scripting can be found by following links provided on the official PHP website (e.g., http://www.phpbuilder.com and http://www.webmonkey.com). PHPLIB also simplifies quite a few things.
Finally, the two must-haves are:
The standard disclaimer applies :-)
If you have any questions concerning this tutorial, feel free to use the online form or email me at jda@mtsu.edu.