apache|mysql| Server | Introduction PHP installation (UNIX)
Now install the PHP language. You have downloaded the latest beta version, but you may have to download a non beta version. Remember that the beta version requires GNU make.
You still assume that root, if not, SU returns to root.
PHP requires that you have preconfigured Apache so that it knows where it needs to be. You will be back here when you install the Apache server later. Change to the directory where you have the source code.
# Cd/tmp/download
# gunzip-c Apache_1.3.x.tar.gz | Tar XF-
# CD apache_1.3.x
#./configure
# CD ...
OK, now you can start the installation of PHP. Extracts the source code file and enters its directory. If you download version 3, there's a change in numbers and commands that doesn't change much.
# gunzip-c Php-4.0.x.tar.gz | Tar XF-
# CD php-4.0.x
If you are compiling code, configure will always be your friend. :-) Therefore, configure has many options. Use configure--HELP to determine what you want to add. I just need MySQL and LDAP, and of course Apache.
#./configure--with-mysql=/usr/local/mysql
--with-xml
--with-apache=.. /apache_1.3.x
--enable-track-vars
--with-ldap
Make and install binary code.
# make
# make Install
Copy the INI file to the Lib directory.
# CP Php.ini-dist/usr/local/lib/php.ini
You can edit php files to set PHP options, such as you can add PHP max_execution_time by inserting the following line into your php.ini file.
Max_execution_time = 60;
Note: php3 users will use Php3.ini, and PHP4 users will use php.ini files.
Apache and Mod_ssl
This configuration and install Mod_ssl and Apache. For this, you will need to have rsaref-2.0 files. Search for "Rsaref20.tar.z" on the http://ftpsearch.lycos.com/. If you don't like Lycos, you can choose other search engines to search for files. Of course, only you need this document in the United States. (Tube It, you can also download from elsewhere, first in http://ftpsearch.ntnu.no/look for "Rsaref20.tar.z", a lot of ah!.) )
Create the Rasref directory, and you will extract the files in that directory. Attention. This assumes that you have downloaded a temporary directory and you are in this directory.
# mkdir rsaref-2.0
# CD rsaref-2.0
# gzip-d-C. /rsaref20.tar.z | Tar xvf-
The OpenSSL library is now configured and constructed.
# CD rsaref-2.0
# CP-RP Install/unix Local
# CD Local
# make
# MV RSAREF.A LIBRSAREF.A
# CD ... /..
Install OpenSSL. Remember, you will use it to create temporary certificates and CSR files. The--prefix option specifies the primary installation directory.
# CD openssl-0.9.x
#./config-prefix=/usr/local/ssl
-l ' pwd '/... /rsaref-2.0/local/rsaref-fpic
Now make, test, and install it.
# make
# Make Test
# make Install
# CD ...
We will configure the Mod_ssl module and then specify it as a loadable module with the Apache configuration.
# CD mod_ssl-2.5.x-1.3.x
#./configure
--with-apache=.. /apache_1.3.x
# CD ...
Now we can add more Apache modules to the Apache source code tree. The optional--ENABLE-SHARED=SSL option makes the MOD_SSL construct a DSO "libssl.so". For more information on supporting DSO in Apache, read the install and htdocs/manual/dso.html documentation in the Apache source tree. I strongly recommend that ISPs and software packaging maintainers use the DSO tool for the most flexible use of mod_ssl, but note that DSO is not supported on all platforms Apache.
# CD apache_1.3.x
# ssl_base=. /openssl-0.9.x
Rsa_base=.. /rsaref-2.0/local
./configure--enable-module=ssl
--activate-module=src/modules/php4/libphp4.a
--ENABLE-MODULE=PHP4--prefix=/usr/local/apache
--enable-shared=ssl
[... You can add more options ...]
Generate Apache, then build the certificate, and install ...
# make
If you have done it correctly, you will get information similar to the following:
Now you can create a custom certificate. This option prompts you to enter your address, company, and other items. For certificates, see the end of this article.
# Make Certificate Type=custom
Now install Apache ...
# make Install
If everything works, you should see something similar to the following:
Now verify that Apache and PHP are working. However, we need to edit srm.conf and httpd.conf to make sure we add PHP types to the configuration. View the httpd.conf and remove the comments from the following lines. If you follow the instructions in this article exactly, your httpd.conf file will be located in the/usr/local/apache/conf directory. The file has a row for PhP4 AddType added comments, now remove the annotation. httpd.conf file--fragments
>
> # and for PHP 4.x, use:
> #
---> AddType application/x-httpd-php. php
---> AddType application/x-httpd-php-source phps
>
>
Now we're ready to start the Apache server to see if it's working. First we will start a server that does not support SSL to see if it starts. We will check the support for PHP and then we will stop the server and start the SSL enabled server and check if we are all right. Configtest will check that all configurations are set correctly.
# Cd/usr/local/apache/bin
#./apachectl Configtest
Syntax OK
#./apachectl Start
./apachectl START:HTTPD started
To test our work
is Apache working?
If it works properly, when you connect to the server with Netscape, you will see a screen similar to the one captured on this screen. This is essentially the Apache default installation page.
Note: You can connect to the server using the domain name or the actual IP address of the machine. Check both of these situations to make sure everything is working properly.
is PHP support working??
Now test the PHP support ... Create a file (named: test.php) that has the following information. The file needs to be located under the document root path and it should be set by default to/usr/local/apache/htdocs. Note that this depends on the prefix we chose previously, however, this can be changed in httpd.conf. Setting up multiple virtual hosts will be less in another article, please note, as it will involve some very basic options for installing Apache and its instructions.
test.php file
?
Phpinfo ();
?>
It displays information about the server, PHP, and the environment. Below is the screen grab at the top of the output page.
It's cool, PHP works.
is the SSL selection working??
OK, now we're ready to test SSL. First stop the server and restart it with the option to enable SSL.
#/usr/local/apache/bin/apachectl Stop
#/usr/local/apache/bin/apachectl Startssl
Test whether it works: by connecting to the server with a Netscape and selecting the HTTPS protocol, namely: Https://youserver.yourdomain.com or http://yoursever.yourdomain.com:443, You can also try your server's IP address, namely: Https://xxx.xxx.xxx.xxx and http://xxx.xxx.xxx.xxx:443.
If it works, the server sends the certificate to the browser to establish a secure connection. This will let the browser prompt you to accept the certificate you signed. , if it is a certificate from VeriSign or Thawte, the browser will not prompt you because the certificate is from a trusted certificate authority (CA). In our case, we create and sign our own certificates ... We don't want to buy one right away. First of all, we want to ensure that we can make everything normal.
You'll see it in Netscape. The following options are enabled. This will tell you that a secure connection has been established.
can PHP and MySQL work together??
Now, we can be sure that PHP works with MySQL, by creating a simple script that inserts and deletes data from the "Test2" database. It's just a simple script to test whether it's working. In another article we will discuss PHP scripts to connect to a MySQL database. Remember we have created a database and a table. We can finish it now, but I choose not to. I want to check it again. Root has permissions to create databases and tables, however, PHP provides for MySQL, so I can easily write code to create a test database and several records.
Remember we created the book database before. If you skip the previous content, this section will not work. We created a test2 database with a "books" table and inserted a record for a book.
This script basically browses the table and lists all the field names, and it's really simple.
Notice that we can have both HTML and PHP commands in the same file. This is the magic of PHP scripts.
Settings for Virtual hosts
It's time to set up Apache to handle some virtual hosts. Because of the flexibility that Apache offers, the virtual host can do it very simply. First you need a DNS server to point the domain name of the virtual host to the IP address of the Web server. Use a CNAME record in DNS to point your_virtual_domain.com to the IP of the server. Second you need to modify the Apache profile httpd.conf to add new virtual domain names. Remember, this is just a very basic example of how you have the courage to read Apache's instructions.
# virtualhost directive allows to specify another virtual
# domain on your server. Most Apache options can be specified
# within this section.
# Mail to this address on errors
ServerAdmin webmaster@domain1.com
# Where documents are kept in the virtual domain
# This is a absolute path. So I want to put
# in a location where the owner can get to it.
documentroot/home/vhosts/domain1.com/www/
# Since We'll use the PHP to create basically
# All our file we have put a directive to the Index file.
DirectoryIndex index.php
# Name of the server
ServerName www.domain1.com
# Log files relative to ServerRoot option
ErrorLog Logs/domain1.com-error_log
Transferlog Logs/domain1.com-access_log
Refererlog Logs/domain1.com-referer_log
AgentLog Logs/domain1.com-agent_log
# Use CGI scripts in this domain. In the next case
# can, and it does not have CGI scripts. Please
# read up in the security issues relating to cgi-scripting.
scriptalias/cgi-bin//var/www/cgi-bin/domain1.com/
AddHandler Cgi-script. CGI
AddHandler cgi-script. pl
# This is another domain. Note this you could host
# Multiple domains this way ...
# Mail to this address on errors
ServerAdmin webmaster@domain2.com
# Where documents are kept in the virtual domain
Documentroot/virtual/domain2.com/www/html
# Name of the server
ServerName www.domain2.com
# Log files relative to ServerRoot option
ErrorLog Logs/domain2.com-error_log
Transferlog Logs/domain2.com-access_log
Refererlog Logs/domain2.com-referer_log
AgentLog Logs/domain2.com-agent_log
# No CGI ' s for this host
# end:virtual Host Section
Use the example above to create your own virtual host on your server. If you want to read each instruction from the Apache website, its URL is: http://www.apache.org.
SSL Virtual Host
Creating an SSL virtual host is similar to non-SSL. In addition to specifying additional instructions, you need to add a DNS record and modify the httpd.conf. Here's an example.
#--------------------------------------------#
# SSL Virtual Host Context
#--------------------------------------------#
# General setup for the virtual host
Documentroot/usr/local/apache/htdocs
ServerAdmin webmaster@securedomain1.com
ServerName www.securedomain1.com
Errorloglogs/domain1.com-error_log
Transferlog Logs/domain1.com-transfer_log
# SSL Engine Switch:
# enable/disable SSL for this virtual host.
Sslengine on
# Server Certificate:
# point Sslcertificatefile at a PEM encoded certificate. If
# The certificate is encrypted, then you'll be prompted for a
# Pass phrase. Note that a kill-hup would prompt again. A Test
# certificate can be generated with ' Make certificate ' under
# built time. Keep in mind so if you ' ve both a RSA and a DSA
# certificate can configure both in parallel (to also allow
# The use of DSA ciphers, etc.)
# This I keep my certificate files located in a
# location. You are could change this if your are an ISP, or ASP.
# The home of a custom SSL log file. Use the When want a
# compact Non-error SSL logfile on a virtual host basis.
Customlog/usr/local/apache/logs/ssl_request_log
"%t%h%{ssl_protocol}x%{ssl_cipher}x"%r "%b"
Remember that you have a lot of instructions to specify. We'll discuss this in another article about configuring Apache, and this article is just an introductory guide.
Generate certificate
This is a step-by-step description of how certificates are generated.
Create an RSA private key for your Apache server (encrypted by triple-des and in PEM format):
# OpenSSL Genrsa-des3-out Server.key 1024
Please back up this server.key file in a safe place. Remember the passing phrase you entered (pass phrase)! You can see the details of this RSA private key with the following command.
# OpenSSL rsa-noout-text-in Server.key
And you can create an encrypted version of PEM for this RSA private key (not recommended) and pass the following command:
Generate a Certificate signing request (Csr-certificate signing request) with the server RSA private key (output will be in PEM format):
# OpenSSL Req-new-key server.key-out SERVER.CSR
When OpenSSL prompts you to "CommonName", make sure you enter the FQDN of the server ("fully qualified Domain Name"), that is, when you use https://www.foo.dom/for one later When you visit a Web site to generate a CSR, enter "Www.foo.dom" here. You can use the following command to view the details of the CSR:
# OpenSSL req-noout-text-in SERVER.CSR
Send CSR to a CA
Now you have to send the CSR to a CA to sign, and then the result is a real certificate that can be used for Apache.
There are two options:
First, you can sign a certificate through a commercial CA such as VeriSign or Thawte. Then you usually have to post a CSR in a Web form, pay the signing fee and wait for the signed certificate, and then you can put it in a server.crt file. For more information about commercial CAs, see the following links:
Second, you can take advantage of your own CA and sign the CSR by the CA. You can create your own certification center to sign the certificate. The easiest way to do this is to take advantage of the ca.sh or ca.pl script provided by OpenSSL. The more complex and manual approach is:
Create an RSA private key for your CA (encrypted by triple-des and in PEM format):
# OpenSSL Genrsa-des3-out Ca.key 1024
Please back up this ca.key file in a safe place. Remember the passing phrase you entered (pass phrase)! You can see the details of this RSA private key with the following command.
# OpenSSL rsa-noout-text-in Ca.key
And you can create an encrypted version of PEM for this RSA private key (not recommended) and pass the following command:
# OpenSSL rsa-in ca.key-out ca.key.unsecure
Create a self-signed CA certificate (X509 structure) using the CA's RSA key (output will be in pen format):
You can view the details of the certificate through the following commands:
# OpenSSL x509-noout-text-in ca.crt
Prepare a signed script because the "OpenSSL CA" command has some strange requirements and the default OpenSSL configuration does not allow simple direct use of the "OpenSSL CA" command, so a script named sign.sh with Mod_ SSL distribution is published together (subdirectory pkg.contrib/). Use this script for signing.
Now you can make this CA sign the server's CSR to create a true SSL certificate for the internal Apache server (assuming you already have a SERVER.CSR on hand):
#./sign.sh SERVER.CSR
It signs the CSR of the server and results in a SERVER.CRT file.
Now you have two files: Server.ket and SERVER.CRT. In your Apache httpd.conf file, use them as follows:
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.