kernel_Notes/Zim/Utils/LAMP.txt

Content-Type: text/x-zim-wiki
Wiki-Format: zim 0.4
Creation-Date: 2011-05-02T22:20:15+08:00

====== LAMP ======
Created Monday 02 May 2011

===== LAMP =====
This article describes how to set up the Apache web server on an Arch Linux system. It also tells how to optionally install PHP and MySQL and integrate these in the Apache server. This combination is commonly referred to as LAMP (Linux Apache MySQL PHP).
If you only need a web server for development and testing, Xampp might be a better and easier option.
Contents [hide]
1 Installation
2 Configuration
2.1 Apache
2.1.1 User dirs
2.1.2 SSL
2.1.3 Virtual Hosts
2.1.4 Advanced Options
2.2 PHP
2.2.1 Advanced options
2.3 MySQL
3 Useful terminal shortcuts
4 See also
5 External links
Installation

# pacman -S apache php php-apache mysql
This document assumes you will install Apache, PHP and MySQL together. If desired however, you may install Apache, PHP, and MySQL separately and simply refer to the relevant sections below.
Note: New default user and group: Instead of group "nobody", apache now runs as user/group "http" by default. You might want to adjust your httpd.conf according to this change, though you may still run httpd as nobody.
Configuration

Apache
For security reasons, as soon as Apache is started by the root user (directly or via startup scripts) it switches to the UID/GID specified in /etc/httpd/conf/httpd.conf
Check for the existence of the http user by looking for http in the output of the following command:
 # grep http /etc/passwd
Create the system user http if it does not exist already:
 # useradd -d /srv/http -r -s /bin/false -U http
This creates the http user with home directory /srv/http/, as a system account (-r), with a bogus shell (-s /bin/false) and creates a group with the same name (-U).
Add this line to /etc/hosts (If the file does not exist, create it.):
 127.0.0.1 localhost.localdomain localhost
If you want a different hostname, append it to the end:
 127.0.0.1 localhost.localdomain localhost myhostname
Edit /etc/rc.conf: If you set a hostname, the HOSTNAME variable should be the same; otherwise, use "localhost":
 #
 # Networking
 #
 HOSTNAME="localhost"
Make sure the hostname appears in /etc/hosts or apache will fail to start. Alternatively, you can
edit /etc/httpd/conf/httpd.conf and comment the following module:
 LoadModule unique_id_module        modules/mod_unique_id.so
Customize your config. At least change httpd.conf and extra/httpd-default.conf to your liking. For security reasons, you might want to change ServerTokens Full to ServerTokens Prod and ServerSignature On to ServerSignature Off in extra/httpd-default.conf.
Run the following in a terminal to start the HTTP server:
 # /etc/rc.d/httpd start
Apache should now be running. Test by visiting http://localhost/ in a web browser. It should display a simple Apache test page. If you receive a 403 Error, comment out the following line in /etc/httpd/conf/httpd.conf:
Include conf/extra/httpd-userdir.conf
To start Apache automatically at boot, edit /etc/rc.conf and add the httpd daemon:
 DAEMONS=(... httpd ...)
Or add this line to /etc/rc.local:
 /etc/rc.d/httpd start
User dirs 
If you do not want user directories to be available on the web (e.g., ~/public_html on the machine is accessed as http://localhost/~user/), comment the following line in /etc/httpd/conf/httpd.conf since they are activated by default:
 Include conf/extra/httpd-userdir.conf
You must make sure that your home directory permissions are set properly so that Apache can get there. Your home directory and ~/public_html/ must be executable for others ("rest of the world"). This seems to be enough:
 $ chmod o+x ~
 $ chmod o+x ~/public_html
More secure way to share your home folder with apache is to add http user in group that your home folder belongs. For example, if your home folder and other sub-folders in your home folder belong to group piter, all you have to do is following:
 $ usermod -aG piter http
Ofcourse, you have to give read and execute permissions on ~/, ~/public_html, and all other sub-folders in ~/public_html to the group members (group piter in our case). Do something like following (modify commands for your specific case):
 $ chmod g+xr-w /home/yourusername
 $ chmod -R g+xr-w /home/yourusername/public_html
Note: This way you don't have to give access to your folder to every single user in order to give access to http user. Only http user and other potential users that are in piter group will have access to your home folder.
And then
 $ /etc/rc.d/httpd restart
to restart apache.
SSL
Create self-signed certificate (you can change key size and days of validity)
 # cd /etc/httpd/conf
 # openssl genrsa -des3 -out server.key 1024
 # openssl req -new -key server.key -out server.csr
 # cp server.key server.key.org
 # openssl rsa -in server.key.org -out server.key
 # openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
In /etc/httpd/conf/httpd.conf uncomment line
 Include conf/extra/httpd-ssl.conf
Restart apache
 # /etc/rc.d/httpd restart
Virtual Hosts
If you want to have more than one host, make sure you have
# Virtual hosts
Include conf/extra/httpd-vhosts.conf
in /etc/httpd/conf/httpd.conf.
In /etc/httpd/conf/extra/httpd-vhosts.conf set your virtual hosts according the example, e.g.:
NameVirtualHost 127.0.0.1

<VirtualHost 127.0.0.1>
    ServerAdmin your@domainname1.dom
    DocumentRoot "/home/username/yoursites/domainname1.dom/www"
    ServerName domainname1.dom
    ServerAlias domainname1.dom
    <Directory /home/username/yoursites/domainname1.dom/www/>
		    DirectoryIndex index.htm index.html
		    AddHandler cgi-script .cgi .pl
		    Options ExecCGI Indexes FollowSymLinks MultiViews +Includes
		    AllowOverride None
		    Order allow,deny
		    allow from all
	</Directory>
</VirtualHost>

<VirtualHost 127.0.0.1>
    ServerAdmin your@domainname2.dom
    DocumentRoot "/home/username/yoursites/domainname2.dom/www"
    ServerName domainname2.dom
    ServerAlias domainname2.dom
    <Directory /home/username/yoursites/domainname2.dom/www/>
		    DirectoryIndex index.htm index.html
		    AddHandler cgi-script .cgi .pl
		    Options ExecCGI Indexes FollowSymLinks MultiViews +Includes
		    AllowOverride None
		    Order allow,deny
		    allow from all
	</Directory>
</VirtualHost>
Add your virtual host names to your /etc/hosts file:
127.0.0.1	domainname1.dom
127.0.0.1	domainname2.dom
Restart Apache:
sudo /etc/rc.d/httpd restart
If you setup your virtual hosts to be in your user directory, sometimes it interferes with Apaches 'Userdir' settings. To avoid problems disable 'Userdir' by commenting it out:
# User home directories
#Include conf/extra/httpd-userdir.conf
As said above, take care, you have the proper permissions:
sudo chmod 0775 /home/yourusername/
If you have a huge amount of virtual hosts you easily want to dis- and enable, its recommended to create one config file per virtualhost and store them all in one folder, eg: /etc/httpd/conf/vhosts.
First create the folder:
sudo mkdir /etc/httpd/conf/vhosts
Then place the single config files in them:
sudo nano /etc/httpd/conf/vhosts/domainname1.dom
sudo nano /etc/httpd/conf/vhosts/domainname2.dom
...
In the last step, "Include" the single configs in your /etc/httpd/conf/httpd.conf:
#Enabled Vhosts:
Include conf/vhosts/domainname1.dom
#Include conf/vhosts/domainname1.dom
You can enable and disable single virtual hosts by commenting them out or uncommenting them.
Advanced Options
These options in /etc/httpd/conf/httpd.conf might be interesting for you:
# Listen 80
This is the port Apache will listen to. For Internet-access with router, you have to forward the port.
If you setup Apache for local development you may want it to be only accessible from your computer. Then change this line to:
# Listen 127.0.0.1:80
This is the admin's email-address which can be found on e.g. error-pages:
# ServerAdmin sample@sample.com
This is the directory where you should put your web pages:
# DocumentRoot "/srv/http"
Change it, if you want to, but do not forget to also change the
<Directory "/srv/http">
to whatever you changed your DocumentRoot to, or you will likely get a 403 error (lack of privileges) when you try to access the new document root. Do not forget to change the Deny from all line, otherwise you will get 403 error too.
# AllowOverride None
This directive in <Directory> sections causes apache to completely ignore .htaccess files. If you intend to use rewrite mod or other settings in .htaccess files, you can allow which directives declared in that file can override server configuration. For more info refer to http://httpd.apache.org/docs/current/mod/core.html#allowoverride
Note: If you have issues with your configuration you can have apache check the configuration with: apachectl configtest
PHP
Install the "php-apache" package from extra using pacman.
Add these lines in /etc/httpd/conf/httpd.conf:
Place this in the "LoadModule" list anywhere after LoadModule dir_module modules/mod_dir.so:
 LoadModule php5_module modules/libphp5.so
Place this at the end of the "Include" list:
 Include conf/extra/php5_module.conf
Note: If you do not see libphp5.so in the Apache modules directory, you may have forgotten to install the php-apache package.
If your DocumentRoot is not /srv/http, add it to open_basedir in /etc/php/php.ini as such:
 open_basedir=/srv/http/:/home/:/tmp/:/usr/share/pear/:/path/to/documentroot
Restart the Apache service to make changes take effect:
 # /etc/rc.d/httpd restart
A test file for PHP is included by default and can be found in /srv/http
Remember to copy this file to ~/public_html if you permitted such a configuration.
Test PHP: http://localhost/test.php or http://localhost/~myname/test.php
If this file does not exist, just place the following in /srv/http/test.php:
 <?php phpinfo(); ?>
If the PHP instruction is not executed (you see : <html>...</html>), check that you have added "Includes" to the "Options" line for your root directory. Moreover, make sure you have this line in your <IfModule mime_module> section:
 AddHandler application/x-httpd-php .php
Advanced options
Remember to add a file handler for .phtml if you need it in /etc/httpd/conf/extra/php5_module.conf:
 DirectoryIndex index.php index.phtml index.html
If you want the libGD module, install php-gd package and uncomment in /etc/php/php.ini:
Note: php-gd requires libpng, libjpeg, and freetype2
 ;extension=gd.so
to
 extension=gd.so
Pay attention to which extension you uncomment, as this extension is sometimes mentioned in an explanatory comment before the actual line you want to uncomment.

If you want to display errors to debug your php code, change this line of /etc/php/php.ini:
 display_errors=Off
to
 display_errors=On
If you want the mcrypt module, install php-mcrypt package and uncomment in /etc/php/php.ini:
 ;extension=mcrypt.so
to
 extension=mcrypt.so
Warning: If you get error like:
[XXX Debug] PHP Notice: in file /index.php on line 86: date(): It is not safe to rely on the system'XXXX
[XXX Debug] PHP Notice: in file /index.php on line 86: getdate(): It is not safe to rely on the system's timezone settings.XXXX
change this line of /etc/php/php.ini
;date.timezone = 
to
date.timezone = Europe/Berlin
Note: more infos about Time Zone in PHP
restart httpd with
# /etc/rc.d/httpd restart
MySQL
Configure MySQL as described in MySQL.
Edit /etc/php/php.ini (this is in /usr/etc on older systems) to uncomment the following line (By removing ;):
 ;extension=mysql.so
 ;extension=mysqli.so
Caution:Some users have reported typos on this line. Please make sure that it reads ;extension=mysql.so and not ;extension=msql.so.
You can add minor privileged users for your web scripts by editing the tables found in the mysql database. You have to restart MySQL for changes to take effect. Do not forget to check the mysql/users table. If there is a second entry for root and your hostname is left with no password set, everybody from your host probably could gain full access. Perhaps see next section for these jobs.
Run in terminal:
 # /etc/rc.d/mysqld start
You may also need to restart Apache. Run in terminal:
 # /etc/rc.d/httpd restart
MySQL should now be running. Set the root password and test it by running:
 # mysqladmin -u root password password
 # mysql -u root -p
Type exit to exit from the CLI MySQL client
Edit /etc/rc.conf (to start MySQL at boot):
 DAEMONS=(... mysqld ...)
Or add this line to rc.local:
 /etc/rc.d/mysqld start
You can get the "error no. 2013: Lost Connection to mysql server during query" message instantly whenever you try to connect to the MySQL daemon by TCP/IP. This is the TCP wrappers system (tcpd), which uses the hosts_access(5) system to allow or disallow connections.
If you are running into this problem, be sure to add this to your /etc/hosts.allow file:
 # mysqld : ALL : ALLOW
 # mysqld-max : ALL : ALLOW
 # and similar for the other MySQL daemons.
Note: The examples above are the simplest case, telling tcpd to allow connections from anywhere. You may wish to use a more-appropriate choice of permissible sources instead of 'ALL'. Just make sure that localhost and the IP address (numeric or DNS) of the interface by which you connect are specified.
For example, a line like the following would overcome the "2013: Lost Connection" errors:
 # mysqld : 127.0.0.1 : ALLOW
You might also need to edit /etc/mysql/my.cnf and comment out the skip-networking line as such:
 skip-networking
to
 #skip-networking
Tip: You may want to install phpmyadmin to work with your databases.
Useful terminal shortcuts

Adding these to your ~/.bashrc file could save you a lot of typing:
alias mysqls='sudo /etc/rc.d/mysqld' #mysqls start/stop/restart starts/stops/restarts mysql
alias apache='sudo /etc/rc.d/httpd' #apache start/stop/restart starts/stops/restarts apache
See also

MySQL - Article for MySQL
PhpMyAdmin - Web frontend for MySQL typically found in LAMP environments
Xampp - Self contained web-server that supports PHP, Perl, and MySQL

External links

http://www.apache.org/
http://www.php.net/
http://www.mysql.com/
http://www.akadia.com/services/ssh_test_certificate.html
http://wiki.apache.org/httpd/CommonMisconfigurations