Installing and configuring the Apache 2.4 + PHP + MySQL on the FreeBSD 9.2

General Information

The Apache web server is a free open-source HTTP server, that powers most of the web servers across the Internet. It's easy to install and to configure and runs on most UNIX and UNIX-like platforms

For more information about Apache Web Server, please visit their home page at http://httpd.apache.org

Here I going show how to install and configure the Apache 2.4 with PHP and MySQL support.

Requirements:

  • FreeBSD 9.2
  • IP: 192.168.1.60/24
  • Hostname: freebsd.douglasqsantos.com.br

Now we are going to configure the /etc/hosts

vim /etc/hosts
[...]
192.168.1.60            freebsd.douglasqsantos.com.br freebsd

Let's get the FreeBSD ports and let's install them

portsnap fetch && portsnap extract && portsnap update

I go disable the DIALOG is that little boring window that is displayed when do you going install something

echo "NO_DIALOG=yes" >> /etc/make.conf

Let's install the Apache 2.4, let's access your ports for install

cd /usr/ports/www/apache24

When we execute the bellow command, will be compiled, installed and cleaned the Apache ports

make install clean

Add the following lines to your /boot/loader.conf, otherwise when you first start Apache you will get warnings messages.

echo 'accf_http_load="YES"' >> /boot/loader.conf
echo 'accf_data_load="YES"' >> /boot/loader.conf

Now load the above modules

kldload accf_http
kldload accf_data

To launch Apache at system startup, add the following line to /etc/rc.conf how bellow

echo 'apache24_enable="YES"' >> /etc/rc.conf

For get information about the variable that you need to insert in the /etc/rc.conf execute the command bellow

/usr/local/etc/rc.d/apache24 rcvar
# apache24
#
apache24_enable="NO"
#   (default: "")

The Apache Server can be started with the following command

/usr/local/sbin/apachectl start

The Apache service can be tested by entering http://192.168.1.60 in a web browser. The default web page that is displayed is /usr/local/www/apache22/data/index.html

Now let's install PHP

Let's access the php ports and let's install them

cd /usr/ports/lang/php55 && make WITH_APACHE=yes install clean 

Now let's configure the right local for php.ini

cp /usr/local/etc/php.ini-production /usr/local/etc/php.ini

Let's access the php extensions and let's install MySQL, MySQLI and PDO_MYSQL

cd /usr/ports/lang/php55-extensions && make WITH_MYSQL=yes WITH_MYSQLI=yes WITH_PDO_MYSQL=yes install clean

Now lets enable the php support on Apache

vim /usr/local/etc/apache24/httpd.conf 
[...]
    #edit the line 255 how to bellow for the apache know that index.php is the page index to php pages
    DirectoryIndex index.html index.php
[...]
    #Add on line 385
    AddType application/x-httpd-php .php
    AddType application/x-httpd-php-source .phps
[...]

Let's delete the index.html that is default index page for Apache

rm -rf /usr/local/www/apache24/data/index.html 

Now let's create a index.php

vim /usr/local/www/apache24/data/index.php
<?php
phpinfo();
?>

Now let's reboot the Apache server to test php support

/usr/local/sbin/apachectl restart

The httpd service can be tested by entering http://192.168.1.60 here let's seeing the php configuration

Installing MySQL

Let's access the MySQL ports and let's install them

cd /usr/ports/databases/mysql56-server/ && make install clean

To launch the MySQL at system startup, add the following line to the rc.conf how bellow

echo 'mysql_enable="YES"' >> /etc/rc.conf

Now let's adjust local to the configuration file of the MySQL

cp /usr/local/share/mysql/my-default.cnf /etc/my.cnf

Let's enable MySQL listening on all interfaces

echo "bind-address = 0.0.0.0" >> /etc/my.cnf

Let's start the MySQL with the following command

/usr/local/etc/rc.d/mysql-server onestart

Now let's set password for root on MySQL

mysqladmin -u root password 'senha'

Now we'll test of the Mysql connection with the following command

mysql -u root -p
Enter password: 
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 2
Server version: 5.6.14 Source distribution

Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> \q
Bye

let's show the listening ports of the MySQL

sockstat -4 -l
USER     COMMAND    PID   FD PROTO  LOCAL ADDRESS         FOREIGN ADDRESS      
mysql    mysqld     34711 10 tcp4   *:3306                *:*
www      httpd      3286  4  tcp4   *:80                  *:*
www      httpd      3283  4  tcp4   *:80                  *:*
www      httpd      3282  4  tcp4   *:80                  *:*
www      httpd      3281  4  tcp4   *:80                  *:*
www      httpd      3280  4  tcp4   *:80                  *:*
www      httpd      3279  4  tcp4   *:80                  *:*
root     httpd      3278  4  tcp4   *:80                  *:*
root     sendmail   689   3  tcp4   127.0.0.1:25          *:*
root     sshd       686   4  tcp4   *:22                  *:*
root     syslogd    582   7  udp4   *:514                 *:*

Our Apache and Mysql is listening on all interfaces

Creating VirtualHost

Now let's see how to create a Virtual host

Let's enable the line on httpd.conf to Apache know the Virtual Host

vim /usr/local/etc/apache24/httpd.conf
[...]
#Uncomment the line bellow. Line: 473
Include etc/apache24/extra/httpd-vhosts.conf
[...]

Let's leave the file how to bellow

vim /usr/local/etc/apache24/extra/httpd-vhosts.conf
<VirtualHost *:80>
     ServerAdmin webmaster@douglasqsantos.com.br
     ServerName freebsd.douglasqsantos.com.br
  DocumentRoot "/usr/local/www/freebsd"
   <Directory "/usr/local/www/freebsd">
     Options +FollowSymLinks +MultiViews
     AllowOverride All
     Require all granted
   </Directory>

   <IfModule mod_php5.c>
     AddType application/x-httpd-php .php
     php_flag expose_php Off
     php_flag allow_url_fopen Off
     php_flag allow_url_include Off
     php_flag magic_quotes_gpc Off
     php_flag register_globals Off
     php_flag disable_functions show_source
     php_flag disable_functions system
     php_flag disable_functions shell_exec
     php_flag disable_functions passthru
     php_flag disable_functions exec
     php_flag disable_functions popen
     php_flag disable_functions proc_open
     php_flag disable_functions symlink
     php_value upload_max_filesize  15M
     php_value post_max_size 15M
   </IfModule>
     CustomLog /var/log/apache24/freebsd.douglasqsantos.com.br-access.log combined
     ErrorLog /var/log/apache24/freebsd.douglasqsantos.com.br-error.log
     LogLevel warn
     ServerSignature Off
</VirtualHost>

Let's create the directory for receive the data for web site and the directory for receive the logs, then let's set the permissions to directories

mkdir -p /usr/local/www/freebsd && chown -R www:www /usr/local/www/freebsd 
mkdir -p /var/log/apache24/ && chown -R www:www /var/log/apache24/

Let's create the index file

vim /usr/local/www/freebsd/index.php 
<?php

echo "<h1>FreeBSD</h1>";

?>

Let's reboot the Apache server with the following command

/usr/local/etc/rc.d/apache24 restart

Now let's enable the SSL support

Let's create a directory for received the keys for ssl connections of the Apache

mkdir -p /usr/local/etc/apache24/ssl

Let's build the main key

openssl genrsa -des3 -out server.key 1024
Generating RSA private key, 1024 bit long modulus
........++++++
....................++++++
e is 65537 (0x10001)
Enter pass phrase for server.key: #PASS
Verifying - Enter pass phrase for server.key: #PASS

Let's build the request for signing for our key

openssl req -new -key server.key -out server.csr
Enter pass phrase for server.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:BR
State or Province Name (full name) [Some-State]:Parana
Locality Name (eg, city) []:Curitiba
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Douglas
Organizational Unit Name (eg, section) []:IT
Common Name (e.g. server FQDN or YOUR name) []:freebsd.douglasqsantos.com.br
Email Address []:douglas@douglasqsantos.com.br

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:Douglas

Let's self-signing our certificate

openssl x509 -req -days 3650 -in server.csr -signkey server.key -out server.crt
Signature ok
subject=/C=BR/ST=Parana/L=Curitiba/O=Douglas/OU=IT/CN=freebsd.douglasqsantos.com.br/emailAddress=douglas@douglasqsantos.com.br
Getting Private key
Enter pass phrase for server.key:

Let's adjust the permissions for our keys

chmod 0400 server.*
cp server.key server.key.orig

Let's take out the password, because on startup, Apache need input this key for start

openssl rsa -in server.key.orig -out server.key
Enter pass phrase for server.key.orig:
writing RSA key

Let's adjust our Virtual host for enable SSL support

vim /usr/local/etc/apache24/extra/httpd-vhosts.conf
Listen 443
<VirtualHost *:80>
     ServerName freebsd.douglasqsantos.com.br
     Redirect / https://freebsd.douglasqsantos.com.br/
</VirtualHost>
<VirtualHost *:443>
     ServerAdmin webmaster@douglasqsantos.com.br
     ServerName freebsd.douglasqsantos.com.br
     DocumentRoot "/usr/local/www/freebsd"
   <Directory "/usr/local/www/freebsd">
     Options +FollowSymLinks +MultiViews
     AllowOverride All
     Require all granted
   </Directory>

   <IfModule mod_php5.c>
   AddType application/x-httpd-php .php
     php_flag expose_php Off
     php_flag allow_url_fopen Off
     php_flag allow_url_include Off
     php_flag magic_quotes_gpc Off
     php_flag register_globals Off
     php_flag disable_functions show_source
     php_flag disable_functions system
     php_flag disable_functions shell_exec
     php_flag disable_functions passthru
     php_flag disable_functions exec
     php_flag disable_functions popen
     php_flag disable_functions proc_open
     php_flag disable_functions symlink
     php_value upload_max_filesize  15M
     php_value post_max_size 15M
   </IfModule>
     SSLEngine on
     SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
     SSLCertificateFile "/usr/local/etc/apache24/ssl/server.crt"
     SSLCertificateKeyFile "/usr/local/etc/apache24/ssl/server.key"
   <FilesMatch "\.(cgi|shtml|phtml|php)$">
     SSLOptions +StdEnvVars
   </FilesMatch>
     BrowserMatch ".*MSIE.*" \
     nokeepalive ssl-unclean-shutdown \
     downgrade-1.0 force-response-1.0
     CustomLog /var/log/apache24/freebsd.douglasqsantos.com.br-access.log combined
     ErrorLog /var/log/apache24/freebsd.douglasqsantos.com.br-error.log
     LogLevel warn
     ServerSignature Off
</VirtualHost>

Let's uncomment the line of the ssl module in httpd.conf

vim /usr/local/etc/apache24/httpd.conf
[...]
#uncomment the line bellow
LoadModule ssl_module libexec/apache24/mod_ssl.so

Let's reboot our Apache recognize a new configuration

/usr/local/etc/rc.d/apache24 restart

Can we test the Apache entering https://freebsd.douglasqsantos.com.br on your web browser if you don't use the dns for resolve the fqdn, add a ip and fqdn on /etc/hosts on your client or access with ip https://192.168.1.60.

References