The first section presents the steps to install and configure MySQL, Apache, and PHP under the Linux operating system environment, then present a short guide to downloading and installing the PHP script examples used in this tutorial. The last major section shows how a secure Apache web server can be installed using the Secure Sockets Layer library. We conclude with a list of installation resources for Microsoft Windows, Linux, and other environments.
This appendix is a guide to installing the software used in the book. The first section presents the steps to install and configure MySQL, Apache, and PHP under the Linux operating system environment. We then present a short guide to downloading and installing the PHP script examples used in this book. The last major section shows how a secure Apache web server can be installed using the Secure Sockets Layer library. We conclude with a list of installation resources for Microsoft Windows, Linux, and other environments.
There are three approaches to installing MySQL, Apache, and PHP:
Install a distribution of the Linux operating system that includes the software as precompiled packages. This is the easiest approach.
Purchase or obtain an installation package; pointers to PHP Triad for the Microsoft Windows environment, and NuSphere for most platforms-including Linux and Sun Solaris-are included at the end of this appendix. This is an easy approach.
Obtain and build the software from source code. This is the most difficult approach, but it has the advantage that the latest software is installed and the configuration layout and options are controlled in the process.
This section focuses on the third approach, obtaining and building the software from source code. Specifically, this section is a short guide to installation under the Linux operating system, and the result is an installation of Apache with PHP as a static module and a complete MySQL installation. We don't provide detailed information on the configuration of the components, installation on other platforms, or choices that can be made in installation. A short list of more detailed installation resources is presented at the end of this appendix.
Before we begin, several basic components are required:
An ANSI-compliant C programming language compiler such as gcc; included in almost all Linux distributions
flex, the fast lexical analyzer, included in almost all Linux distributions
bison, the GNU project parser generator; included in most Linux distributions
Superuser, that is, root access to the Linux machine on which the software is to be installed
Common Linux utilities such as gzip, tar, and gmake
The instructions here are for installing MySQL 3. MySQL is bundled with only some Linux installations. We assume that MySQL isn't installed or, if it is installed, that a new version is to be installed to replace the current installation.
Download the latest version of MySQL from http://www.mysql.com/downloads/mysql.html. Choose the latest stable release and, from the stable release page, choose the option under "Source Downloads" marked "tarball (.tar.gz)". Download the file into a directory where files can be created and there is sufficient disk space. A good location is /tmp. Change directory to this location using:
% cd /tmp
Note that the % character should not be typed in; this represents the Linux shell prompt and indicates that the command should be entered at the shell prompt.
Uncompress the package in the new installation directory by running:
% gzip -d mysql-<version>.tar.gz
If MySQL 3.23.42 has been downloaded, the command is:
% gzip -d mysql-3.23.42.tar.gz
Un-tar the tape archive file by running:
% tar xvf mysql-<version_number>.tar
A list of files that are extracted is shown.
If the version downloaded is MySQL 3.23.42, the command is:
% tar xvf mysql-3.23.42.tar
Change directory to the MySQL distribution directory:
% cd mysql-<version>
If the version is MySQL 3.23.42, type:
% cd mysql-3.23.42
Add a new Unix group account for the MySQL files:
% groupadd mysql
Add a new Unix user who is a member of the newly created Unix group mysql:
% useradd -g mysql mysql
Decide on an installation directory. Later, we recommend that PHP and Apache be installed in /usr/local/, so a good choice is /usr/local/mysql/. We assume throughout these steps that /usr/local/mysql/ is used; if another directory is chosen, replace /usr/local/mysql/ with the alternative choice in the remaining steps.
Configure the MySQL installation by running the configure script. This detects the available Linux tools and the installation environment for the MySQL configuration:
% ./configure --prefix=/usr/local/mysql
Compile the MySQL DBMS:
% make
Install MySQL in the location chosen in Step 7 by running the command:
% make install
MySQL is now installed but isn't yet configured. Now, run the mysql_install_db script to initialize the system databases used by MySQL:
% ./scripts/mysql_install_db
Change the owner of the MySQL program files to be the root user:
% chown -R root /usr/local/mysql
Change the owner of the MySQL databases and log files to be the mysql user created in Step 6:
% chown -R mysql /usr/local/mysql/var
Change the group of the MySQL installation files to be the mysql group:
% chgrp -R mysql /usr/local/mysql
Copy the default medium-scale parameter configuration file to the default location of /etc. These parameters are read when MySQL is started. The copy command is:
% cp support-files/my-medium.cnf /etc/my.cnf
Edit the configuration file and adjust the default number of maximum connections to match the default value for the maximum Apache web server connections. Using a text editor, edit the file /etc/my.cnf, and find the section beginning with the following text:
# The MySQL server [mysqld]
In this section, add the following line, then save the file, and exit the editor:
set-variable = max_connections=150
The MySQL configuration is now complete, and MySQL is ready to be started. Start the MySQL DBMS with the following command:
% /usr/local/mysql/bin/safe_mysqld --user=mysql &
Check that the MySQL DBMS is running with the mysqladmin utility. The following command reports statistics about the MySQL DBMS version and usage:
% /usr/local/mysql/bin/mysqladmin version
Choose and set a password for root user access to the MySQL DBMS. To set a password of secret, use:
% /usr/local/mysql/bin/mysqladmin -uroot password secret
Record the password for later use.
The MySQL server is currently running. However, when the machine is rebooted, MySQL doesn't restart automatically.
After reboot, the command in Step 17 can be used to restart MySQL or, alternatively, this process can be made automatic. To make the process automatic, find the file rc.local (normally either in or below the directory /etc). This file is used to list locally installed software that should be run on startup. Using an editor, add the following line to the bottom of the rc.local file:
/usr/local/mysql/bin/safe_mysqld --user=mysql &
The installation of MySQL is now complete.
These steps install MySQL and start the DBMS server but don't configure a user or user databases. The steps to add a user are the subject of the next section.
The following steps create a user for the MySQL installation that is used in PHP scripts to access the DBMS. The user can carry out all actions required in Chapter 4 to Chapter 13 on the winestore database but has no access to other databases and can't change database access privileges. In addition, the new user can't access the DBMS from a remote server, under the assumption that the MySQL DBMS and Apache are installed on the same machine through following the instructions in this appendix.
The steps are as follows:
Check that MySQL is running using the password defined in Step 19 of the MySQL installation instructions:
% /usr/local/mysql/bin/mysqladmin -psecret version
If it isn't, then log in as the root user and start the MySQL DBMS using:
% /usr/local/mysql/bin/safe_mysqld --user=mysql &
Start the MySQL command line interpreter using the same password as in the last step:
% /usr/local/mysql/bin/mysql -psecret
Add a new user to the user table in the mysql database. Choose a username to replace username and a password to replace secret in the following command:
GRANT ALL PRIVILEGES ON winestore.* TO username@localhost IDENTIFIED BY 'secret';
MySQL responds with:
Query OK, 0 rows affected (0.00 sec)
Record the username and password for use in the examples in Chapter 3 to Chapter 13.
Quit the MySQL command interpreter with the command:
quit
MySQL responds with:
Bye
Test the user created in Step 3 by running the MySQL command interpreter using the username and password:
% /usr/local/mysql/bin/mysql -uusername -psecret
MySQL responds with a message beginning:
Welcome to the MySQL monitor.
Quit the MySQL interpreter again with:
quit
The MySQL DBMS is now configured with a user who can access the winestore database from the database server machine localhost. The winestore database can't be tested yet; the winestore database is loaded and tested in Section 3.2 in Chapter 3.
The Apache web server is usually installed with most common Linux installations. However, we assume that it isn't installed or that an upgrade is required. In any case, it is essential that the source of Apache is available so that it can be recompiled to include PHP as a module.
If a current version is running, kill the process or stop the web server by running the script apachectl stop, usually found in the directory /usr/local/apache/bin.
Here are the steps to install Apache:
Get the latest version of the Apache HTTP Server from http://www.apache.org/dist/httpd/. Choose the latest source code version ending in the suffix .tar.gz and save the file in the /tmp directory. However, if a secure Apache web server with SSL is required instead of the usual installation, find out which is the latest version of Apache that has SSL support by first following the instructions in the section "Installing Apache and ApacheSSL," later in this chapter.
Move the Apache distribution file to the base directory of the desired installation. The most common location is /usr/local/ and, assuming the distribution downloaded is Apache 1.3.20, and it was downloaded in the first step into the /tmp directory, the command is:
% mv /tmp/apache_1.3.20.tar.gz /usr/local/
After moving the distribution to the desired location, change the directory to that location using:
% cd /usr/local
Uncompress the package in the new installation directory by running:
% gzip -d apache_<version_number>.tar.gz
If the distribution downloaded is Apache 1.3.20, the command is:
% gzip -d apache_1.3.20.tar.gz
Un-tar the archive file by running:
% tar xvf apache_<version_number>.tar
The list of files extracted is shown.
If the version downloaded was Apache 1.3.20, then the command is:
% tar xvf apache_1.3.20.tar
Change directory to the Apache installation:
% cd apache_<version_number>
If the Apache version is 1.3.20, type:
% cd apache_1.3.20
Configure the Apache installation by running the configure script. This detects the available Linux tools, the installation environment, and other details for the Apache configuration:
% ./configure --with-layout=Apache
Apache has not yet been compiled or installed. The next step is to configure and build the PHP installation, and then to complete the Apache installation. Go ahead to Step 1 in Section A.1.4, and return to Step 8 when the PHP steps are complete.
The PHP module is now ready to be installed as part of the Apache web server. The following command reconfigures Apache to activate the PHP module support. However, the library referred to in the activate-module command doesn't yet exist (it is built in the next step):
% ./configure --with-layout=Apache --activate-module=src/modules/php4/libphp4.a
Compile the Apache web server using the command:
% make
Install the Apache server using the command:
% make install
If the installation of Apache with PHP support has been successful, the following message is shown:
+---------------------------------------------------------+ + |You now have successfully built and installed the | |Apache 1.3 HTTP server. To verify that Apache actually | |works correctly you now should first check the | |(initially created or preserved) configuration files | | | | /usr/local/apache/conf/httpd.conf | | | | and then you should be able to immediately fire up | | Apache the first time by running: | | | | /usr/local/apache/bin/apachectl start | | | Thanks for using Apache. The Apache Group | | http://www.apache.org/ | +-------------------------------------------------------+
Edit the Apache configuration file and enable PHP script engine support for files that have the suffix .php. To do this, edit the file /usr/local/apache/conf/httpd.conf and remove the # character from the beginning of the following line:
AddType application/x-httpd-php .php
After removing the comment character #, save the file and exit the editor.
Start the Apache web server by running the command indicated by the installation process in Step 10:
% /usr/local/apache/bin/apachectl start
After the Apache server starts up, the following is displayed:
/usr/local/apache/bin/apachectl start: httpd started
Check that the server is responding to HTTP requests by accessing it using a web browser. The simplest way to check is to use a web browser to load the URL http://localhost/. If Apache is serving correctly, an Apache test page is shown; if a previously installed Apache has been upgraded, another page may be displayed.
To test the PHP module, change the directory to the Apache document root:
% cd /usr/local/apache/htdocs
Create a file with the name phpinfo.php using a text editor. In the file, type the following, then save the script, and exit the editor:
<? phpinfo( ); ?>
Test the newly created PHP script by retrieving with a browser the following URL http://localhost/phpinfo.php.
A web page of information about the Apache and PHP installation is shown. If the page isn't shown-and this is a common installation problem-check that Step 11 of these instructions was correctly completed. If a problem is found, edit and correct the problem, and restart Apache with the following command:
% /usr/local/apache/bin/apachectl restart
Apache is now running and serving both static HTML and PHP scripts, and this installation process is complete.
However, when the machine is rebooted, Apache will not be restarted automatically. After reboot, the command in Step 12 can be used to restart Apache or, alternatively, this process can be made automatic. To make the process automatic, find the file rc.local, normally either in or below the directory /etc. This file is used to list locally installed software that should be run on start up. Using an editor, add the following line to the bottom of the rc.local file:
/usr/local/apache/bin/apachectl start
If Apache needs to be stopped at any time, this can by achieved by running:
/usr/local/apache/bin/apachectl stop
The installation of Apache, PHP, and MySQL is now complete. Instructions to optionally install the winestore source code examples can be found in the later section Section A.2
The instructions here are for installing PHP4. PHP is bundled with most Linux installations. However, we assume PHP isn't installed or, if it is installed, that a newer version is required to replace the existing installation. If Apache is being reinstalled, PHP needs to be reinstalled also.
Here are the steps to installing PHP:
Steps 1 to 7 of the Apache installation instructions should be completed.
Get the latest version of PHP from http://www.php.net/downloads.php . Download the "Complete Source Code" version into the /tmp directory.
Choose an installation directory. If the Apache installation was begun in /usr/local/, the same location can also be used for PHP. We assume in the following steps that the base directory of the Apache installation and PHP installation are the same. Move the PHP source code file to the base directory of the desired installation. Assuming this is /usr/local/ and, assuming the distribution downloaded is PHP 4.0.6 and it was downloaded into the /tmp directory, the command is:
% mv /tmp/php-4.0.6.tar.gz /usr/local/
After moving the distribution to the desired location, change directory to that location using:
% cd /usr/local
Uncompress the package in the new installation directory by running:
% gzip -d php-<version_number>.tar.gz
If the version downloaded is PHP 4.0.6, the command is:
% gzip -d php-4.0.6.tar.gz
Un-tar the distribution by running:
% tar xvf php-<version_number>.tar
A list of files extracted is displayed.
If the version downloaded is PHP 4.0.6, the command is:
% tar xvf php-4.0.6.tar
Change directory to the PHP installation:
% cd php-<version_number>
If the version is PHP 4.0.6, type:
% cd php-4.0.6
Configure the PHP installation by running the configure script. This detects the available Linux tools, the installation environment, adds MySQL support, and prepares for Apache integration. It assumes that MySQL has been installed previously in the directory /usr/local/mysql:
% ./configure --with-mysql=/usr/local/mysql --with-apache=../apache_<vers>
If Apache 1.3.20 is being used, type:
% ./configure --with-mysql=/usr/local/mysql --with-apache=../apache_1.3.20
Compile the PHP scripting engine by running:
% make
Now that the PHP scripting engine is built, install the PHP engine using:
% make install
The PHP installation is almost complete. Now copy across the default PHP configuration file to the default location, This file, php.ini, contains the settings that control the behavior of PHP and includes, for example, how variables are initialized, how sessions are managed, and what scripting tags can be used. The command to copy the file is:
% cp php.ini-dist /usr/local/lib/php.ini
Change directory to the Apache installation:
% cd ../apache_<version_number>
If Apache 1.3.20 is being installed, type:
% cd ../apache_1.3.20
The initial configuration of the PHP scripting engine module is now complete. Return to Step 8 of the Apache installation procedure and complete the installation of Apache, which includes a test of the PHP module.
The winestore example PHP scripts are available from the author's web site, http://www.webdatabasebook.com. To install the example scripts that are presented in Chapter 4 to Chapter 10, perform the following steps.
Download the file http://www.webdatabasebook.com/wda.tar.gz into the /tmp directory
Log in as the root user, make a directory for the file below the document root of the Apache installation, and copy the file to that location:
% mkdir /usr/local/apache/htdocs/wda % cp /tmp/wda.tar.gz /usr/local/apache/htdocs/wda
Change directory to the new location and install the files:
% cd /usr/local/apache/htdocs/wda % gzip -d wda.tar.gz % tar xvf wda.tar
Edit the file db.inc and modify the first two lines so that the password and username match those selected in the previous section Section A.1.2. Save the file and exit the editor.
Load the book homepage by requesting the URL: http://localhost/wda/.
Many of the examples run only if the winestore database has been loaded into the MySQL DBMS by following the instructions in Section 3.2 in Chapter 3.
This section describes how to install a secure version of the Apache web server. There are three major differences encountered when installing Apache to use SSL versus installing Apache normally:
- Secure Sockets Layer software is required.
There are several sources of Secure Sockets Layer software. The OpenSSL is probably the most-commonly used with Apache
- SSL patches must be applied to the Apache code before it is configured and compiled.
Unlike installing other Apache modules, SSL installation requires that the core Apache source code be modified or patched. Normal Apache modules-such as the PHP module-interact with Apache using a defined application programming interface or API. The Apache API provides functions that hide the details of dealing with HTTP from Apache module developers.
However, the code that implements SSL needs to encrypt and decrypt HTTP requests and responses. The Apache API is aimed at the wrong level, and SSL patches need to be applied to Apache. There are several open source and commercial SSL extensions and patches to Apache available. ApacheSSL (http://www.apache-ssl.org ) and mod_ssl (http://www.modssl.org) are both open source and easy to install. We describe the installation of ApacheSSL in this section.
- A site certificate needs to be obtained and configured.
A self-signed certificate can be created, but it needs to replaced with a purchased certificate from a Certification Authority when an application goes live. There are dozens of organizations that can provide authoritative certificates, including companies such as Verisign and Thawte.
Get the latest version of the OpenSSL from http://www.openssl.org/source/. Download the Unix tar-ed and gzip-ed file under the heading "Tarball." For example, download the file openssl-0.9.6a.tar.gz.
Put the distribution file in a directory that can be used to build the OpenSSL libraries. In our installation instructions, we use /usr/local/. The default installation process installs OpenSSL in /usr/local/ssl. To use /usr/local/, log in as the root user of the Linux installation; in any case, root access is required in Step 5 to install in the default location.
Uncompress and un-tar the distribution file in the new installation directory using gzip and tar. If the version downloaded was 0.9.6a, the commands are:
% gzip -d openssl-0.9.6a.tar.gz % tar xvf openssl-0.9.6a.tar
The distribution files are listed as they are extracted from the tar file.
Change the directory to the openssl source directory, run the config script, and then make the installation. Assuming the version downloaded is 0.9.6a, the commands are:
% cd openssl-0.9.6a % ./config % make % make test
To install OpenSSL in a directory other than /usr/local/ssl, run config with the openssldir=<directory-path> directive.
Build the install binaries of SSL. To do this, log in as the root user, and then run the make install script:
% make install
This creates an installation of SSL in the directory /usr/local/ssl.
Both Apache and ApacheSSL need to be installed together, and the ApacheSSL version must match the Apache version. ApacheSSL may not always be available for the latest version of Apache, so it is worth checking out the latest ApacheSSL version first. The current version of ApacheSSL is applied to Apache 1.3.19.
Get the latest version of ApacheSSL by selecting a download site from http://www.apache-ssl.org/ Download the tar-ed and gzip-ed distribution file. For example, apache_1.3.19+ssl_1.44.tar.gz.
Get the matching version of the Apache web server source code that also ends with .tar.gz from http://www.apache.org/dist/httpd/. For example, if the ApacheSSL version downloaded in Step 1 was apache_1.3.19+ssl_1.44.tar.gz, retrieve apache_1.3.19.tar.gz.
Put the Apache distribution file in the base directory where the installation is to be performed. For these instructions, use /usr/local/ as in the Apache installation instructions earlier in this appendix.
Unpack the Apache package first by running gzip -d <filename> and tar xvf <filename>. With Apache Version 1.3.19:
% cd /usr/local % gzip -d apache_1.3.19.tar.gz % tar xvf apache_1.3.19.tar
This creates an apache_1.3.19 source directory. Record the directory name that was created to use in the next steps. It's assumed from here on that the version is 1.3.19, and the directory is apache_1.3.19.
Copy the ApacheSSL distribution into the directory created in Step 4 that already contains the Apache source:
% cp apache_1.3.19+ssl_1.44.tar.gz /usr/local/apache_1.3.19
Unpack the ApacheSSL distribution:
% cd /usr/local/apache_1.3.19 % gzip -d apache_1.3.19+ssl_1.44.tar.gz % tar xvf apache_1.3.19+ssl_1.44.tar
Apply the patches using the FixPatch script that comes with ApacheSSL. This script copies the appropriate files from the OpenSSL installation:
% ./FixPatch /usr/local/ssl
Type yes when prompted:
Do you want me to apply the fixed-up Apache-SSL patch for you? [n] yes
You've now applied the patches to Apache and can continue with the normal installation by following Steps 6 to 10 in the Apache installation instructions earlier in this appendix.
For ApacheSSL to operate, it needs to be configured with a private key and a certificate. ApacheSSL comes with a script that runs the openssl utility to create a key and a self-signed certificate. This is the easiest way to get started. Once the key and certificate have been created, they need to be configured into Apache. Again, the version of Apache and the patch applied are assumed to be Version 1.3.19; if a different version is used, the following steps need to be changed to include the correct directories based on the version number.
Create the key and signed certificate.
% cd /usr/local/apache_1.3.19/src % make certificate
The make certificate script asks for several fields including country, state, organization name, and the machine hostname encoded into the certificate. The script produces a file that contains both the private key and the signed certificate:
/usr/local/apache_1.3.19/SSLconf/conf/httpsd.pem
After logging in as the root user, copy the key and certificate file into the Apache installation:
% cd /usr/local/apache_1.3.19/SSLconf/conf % cp httpsd.pem /usr/local/apache/conf/default.pem
Modify the httpsd.conf file with a text editor so that PHP files are processed by the PHP scripting engine. The configuration file is found in the directory /usr/local/apache/conf/. Remove the initial # character from the following line:
AddType application/x-httpd-php .php
Modify the httpsd.conf file by changing the Port from 80 to the secure web server port 443:
Port 443
Add the following lines to the end of the httpsd.conf file:
# # SSL Parameters # SSLCACertificateFile /usr/local/apache/conf/default.pem SSLCertificateFile /usr/local/apache/conf/default.pem SSLCacheServerPath /usr/local/apache/bin/gcache SSLCacheServerPort 18698 SSLSessionCacheTimeout 3600
Start Apache. Unlike a normal Apache installation, ApacheSSL creates an httpsdctl script:
% /usr/local/apache/bin/httpsdctl start
In some cases, this doesn't correctly start Apache. If this happens, use the following alternative commands to explicitly specify the configuration file to use with the secure Apache:
% cd /usr/local/apache/ % bin/httpsd -f conf/httpsd.conf
A secure Apache is now running and serving requests on port 443-the default HTTPS port-with SSL. This can be tested by requesting the resource https://localhost/ with a web browser. The installation process is now complete.
When a resource such as https://localhost/ is requested with a browser, the browser alerts the user to an unknown certificate. To obtain a certificate that will be trusted by users, the openssl utility needs to be run to create a private key and a certificate request. The certificate request is then sent to a Certification Authority to be signed using their authoritative certificates. There is a fee for this service. While the Apache configuration allows both the key and the certificate to be placed in the one file, the private key should not be sent to anyone, not even the Certification Authority.
If a trusted certificate is required, consult the OpenSSL documentation that describes how to create keys and Certificate Signing Requests. This documentation can be found at http://www.openssl.org/docs/apps/openssl.html.
For more information on installing and configuring, there are several resources:
For Microsoft Windows installation, we recommend the PHP Triad for Windows installation package available from http://sourceforge.net/projects/phptriad/. The package contains MySQL, PHP, Apache, and PHPMyAdmin for MySQL maintenance through a web browser interface.
NuSphere sells integrated Apache, PHP, and MySQL bundles with simple installation procedures and software support. A free download of the installation package without support is also available for Linux, Sun Solaris, and Microsoft Windows environments. Under the Linux environment, NuSphere is installed by following simple steps in a web browser.
discuss this topic to forum
