ooking for a secure solution for hosting dynamic Web pages but don’t have much money to implement it? Use FreeBSD and its ports collection to install Apache-modSSL, MySQL, and PHP. This open source solution will have you serving dynamic Web pages quickly, reliably, securely, and efficiently?without any out-of-pocket expense. All you need are the following:
- Root control of a FreeBSD box
- A FreeBSD box connected to the Internet
- An installed ports collection
- An updated ports collection via CVsup
Although this solution may sound like a lot of work, compiling each application from source is actually painless with the FreeBSD ports system. This tutorial offers a simple paint-by-numbers guide to this server installation, which any developer, from the curious newbie to the seasoned Linux or Windows veteran, can use. As an added bonus, because FreeBSD can run on a 486 PC with just 16MB of RAM, it also enables you to turn an old computer into a PHP testing environment.
| Author’s Note: Following the procedure outlined in this article creates a computer containing strong cryptographic software that can have severe legal consequences in certain countries. If you don’t know the legal regulations in your country, find out before you install! |
This article requires a running FreeBSD installation. To follow the instructions, you must be logged in as root and be able to navigate the command line. Some familiarity with both Unix and the computer you’re working on is also required. The TYPE instruction means “at the root prompt.” Do not type TYPE. Simply enter the data following the TYPE command ad verbatim on each line at the # root prompt. Press enter following each line of commands.
Connect Your FreeBSD Installation to the Internet
If you are already connected to the Internet skip ahead to the “Install CVsup to Stay Current” step. If you installed FreeBSD via CD-ROM, you need a configured Ethernet card to connect to the Internet. To configure your network connection:
TYPE /stand/sysinstallChoose Configure then Networking from the list of options.
This installation requires the ports collection. If you haven’t already, install the ports collection now. (See the FreeBSD handbook for an outline of how to install the ports collection.)
Install CVsup to Stay Current
If you have just installed the ports collection using a CD-ROM, you must upgrade to the latest releases of the ported software you need. If you have just installed FreeBSD and the ports collection via FTP, you are already current and you can skip ahead to the “Install Each Application from Source” section.
Fortunately, FreeBSD makes staying current extremely easy:
TYPE cd /usr/ports/net/cvsup-without-gui TYPE make TYPE make install TYPE make cleanAs root, copy /usr/share/examples/cvsup/ports-supfile to a new location. In this case, copy to /root on your home directory:
TYPE cp /usr/share/examples/cvsup/ports-supfile /root/ports-supfile* Notice the space between ports-supfile and /root/ports-supfile.
Edit ports-supfile with your favorite editor:
TYPE ee /root/ports-supfileChange the ports-supfile (line 50 or so) to look something like the following:
#**********************************************************************default host=cvsup.ca.FreeBSD.org.*default base=/usr*default prefix=/usr*default release=cvs*default delete use-rel-suffix*default tag=.src-all#**********************************************************************Pay particular attention to the first and last lines. Choosing a CVsup mirror that is located near you will save a lot of time. At the very least, download one from the country where you live. Click here for a list of mirrors.
After you’ve done this, press Escape and then Return to leave editor. Press Return to save your changes.
Before running CVsup, you have to reboot your system:
TYPE shutdown -r nowOnce you have once again logged in as root:
Now it’s time to run CVsup:
TYPE cvsup -g -L 2 /root/ports-supfileThis command upgrades all the skeletons in your ports collection. Depending on your Internet connection speed, the upgrade can take an hour or longer.
Install Apache-modSSL, MySQL, and PHP
Once you get the command prompt back, you can move on to the fun part. Enter the following commands one at a time, waiting for the command prompt between each instance of TYPE.
Install the Perl language (required for MySQL):
TYPE cd /usr/ports/lang/perl5 TYPE make TYPE make test TYPE make install TYPE make clean TYPE cd ~ TYPE rehash TYPE use.perl portThe last three commands tells your FreeBSD machine to use the freshly upgraded Perl language and not the default that ships with your version of FreeBSD. If you ever need to switch back TYPE use.perl system.
Install the MySQL database:
TYPE cd /usr/ports/databases/mysql40-server TYPE make TYPE make install TYPE make cleanIt is a good idea to edit /etc/make.conf to tell various ports which versions of Berkeley DB and MySQL to use:
TYPE ee /etc/make.confAdd the following two lines, one on top of the other as shown:
WITH_BDB_VER=40 WITH_MYSQL_VER=40| Editor’s Note: Be sure to modify the code above, if necessary, to match the version number of MySQL that you are currently using. |
Press Escape to exit, and save your changes before you leave the editor.
Install the Apache13x+mod_ssl server:
TYPE cd /usr/ports/www/apache13-modssl TYPE make TYPE make certificateYou’ll see a series of self-explanatory on-screen directions here. Create an [R]SA server key for good performance. Change all of the snake-oil information to your own private information. When you are asked to encrypt this key, choose [y]es, and then:
TYPE make install TYPE make cleanInstall the PHP language:
TYPE cd /usr/ports/www/mod_php4 TYPE makeNow you get to choose your installation preferences. Notice that the MySQL dependent choices have been made for you. Certain options require a licensing fee (e.g., PDFlib). If you do not recognize a particular component, do not install it. Certain components create dependencies on other components. To simplify this installation and circumvent errors, stick to a minimal configuration. Include DOMXML and DOMXSLT support. PHP integrates well with XML. For universality amongst databases, choose the UNIXODBC support also. UNIXODBC will allow you to connect PHP with many databases:
TYPE make install TYPE make clean Congratulations! You have Apache-modSSL, MySQL, and PHP installed on your FreeBSD system. Wasn’t that easy? Still skeptical? Then test it out.
Test Your Installation
To test the installation, you need a Web browser. I like to use LYNX.
Install LYNX-ssl Web Browser:
TYPE cd /usr/ports/www/lynx-ssl TYPE make TYPE make cleanNow, shutdown and reboot your machine to have Apache and MySQL start as daemon processes in the background. If you made a certificate, you will need to enter your local pass- key when prompted:
TYPE shutdown -r now TYPE lynx 127.0.0.1This command tells your Web browser to view the local Apache configuration. And what do you knowit worked! You should see the default congratulatory Apache screen. (Note: The keystroke Q or Control-C gets you out of LYNX.)
Three Steps to Enable Apache to Serve PHP
1. Edit the Apache httpd.conf file. Begin by getting back to the root command line:
TYPE cd ~ TYPE ee /usr/local/etc/apache/httpd.confAdd the following lines anywhere within the Apache httpd.conf file, perhaps at the very top:
#***************************************AddType application/x-httpd-php3 .php3AddType application/x-httpd-php3-source .php3sAddType application/x-httpd-php .phpAddType application/x-httpd-php-source .phps#***************************************Find the line that says ServerAdmin and put your e-mail address there.
2. Create a PHP test file:
TYPE cd ~TYPE ee /usr/local/www/data/index.phpAdd the following code?exactly the way you see it here?to the editor window you just opened:
PHP_TESTER Press Escape to leave the editor and save this file.
3. Test the PHP installation on a secure port:To test the PHP installation, you have to stop and restart the Apache server:
TYPE cd /usr/local/etc/apache TYPE apachectl stop * Note: In ctl, it is an "el" and not a one. TYPE apacheclt start TYPE lynx 127.0.0.1If this worked, you should see the information about your new PHP/MySQL-enabled Apache Web server. Congratulations again! You now have a PHP-enabled Apache-modSSL Web server. The second-to-last step is adding a password to MySQL root and creating a simple test page that shows the connection between the PHP language and the MySQL database.
Add a Password to MySQL Root and Creating a Test Page
Set a MySQL root password:
TYPE mysqladmin -u root password your_password_hereLogging into MySQL as root now requires a password. Replace “your_password_here” with your own password (For more information about MySQL, see the online documentation):
TYPE mysql ?user=root ?password=your_password_hereYou should now see the mysql> prompt:
Mysql>TYPE create database banking;Mysql>TYPE show databases;Mysql>TYPE quitMake sure you add a semi-colon when required.
Now you are back to the root prompt. All that is left is to use PHP to connect to the newly created “banking” database. You need to invoke an editor again:
TYPE ee /usr/local/www/data/phpmysqlconnection.phpThen add the following code into the editor window (don’t forget the semi-colons):
PHP_MySQL_Connection Congratulations! You are ready to build dynamic database-driven Web sites";} else {echo "Back to the lab again*****Something went wrong
";}// closing the connection is considered good formmysql_close ($Connection);// close the php?>Test this out:
TYPE lynx 127.0.0.1/phpmysqlconnection.phpSecure the Pages You Serve
Your last step is to configure Apache-modSSL to serve truly secure pages to the outside world. Note: the traditional secure port is 443. The FAQ pages at the following Web sites provide more information:
Security is a process and not an end. Many of your configuration questions can be answered in the mod_ssl documentation included with the installation of Apache-modSSL. Further reading and support is available from a number of locations, including:
Contribute to Open Source
FreeBSD and the other open-source projects used in this article rely on user contributions to evolve. If you find these products useful, financial and volunteer contributions are always welcome. FreeBSD is distributed under the BSD license, leaving you free to alter and distribute the source code so long as the BSD license remains intact. Click here for copyright information about FreeBSD and the GNU public license.
