Apache Version 1 is already installed under Panther and doesn't need to be upgraded to use this book; you don't need the latest version, Apache 2. However, by default, it isn't running, it won't serve PHP requests, and it only serves standard, non-secure requests. In this section, we discuss how it's set up on your machine, how to get it started, and how to modify it so that it can serve secure and PHP requests.
PHP 4.3.2 is installed with Panther. It includes most of the features you need to work with this book, except that the PEAR installer doesn't work without an additional step. In this section, we show you how to upgrade to the latest stable release using a package. Fixing the PEAR installer is discussed in Section C.4.
Let's start by getting Apache running. To get it started, you can do one of two things:
To do this, launch System Preferences from Applications System Preferences. Then, select Sharing from beneath the Internet & Network heading. At the left of the window, select Personal Web Sharing by ticking the box. Quit System Preferences. Apache will now start and will also start each time you start up your computer.
Start by opening Terminal, which is located in Applications Utilities. In the Terminal window, log in as the root user and start Apache using:
% su % apachectl start
You should see a message such as:
/usr/sbin/apachectl start: httpd started
Quit the Terminal program. When you restart your machine, you need to repeat this process to restart Apache.
To test that your Apache is running, use a web browser to retrieve the URL http://127.0.0.1/. You should see an Apache test page.
Your Apache is installed differently from most other Unix variants:
You'll find the Document Root (where the documents are stored that are retrieved when you request http://127.0.0.1/) in the directory /Library/WebServer/Documents. (On other Unix variants, the directory is /usr/local/apache2/htdocs/.)
You'll find the Apache configuration file httpd.conf in the directory /etc/httpd. (On other Unix variants, it's usually in /usr/local/apache2/conf.)
The script used to start and stop Apache, apachectl, is located in /usr/sbin. (On other Unix variants, it's usually in /usr/local/apache2/bin/.)
You'll find the PHP php.ini configuration file in the directory /usr/local/php/lib.
In addition, while your Apache does have the PHP module available to it, it isn't configured to serve PHP requests. To set it up so that it will serve PHP requests you can do one of two things:
By using Marc Liyanage's upgrade package to get the latest release of PHP, your Apache will be automatically configured to serve PHP requests. If you plan to do this, then follow the instructions in the next section now and, when you've done that, return to Step 9 in this section to test that everything is working correctly.
If you don't want to upgrade your PHP module, you can manually modify the configuration of your Apache so that it serves PHP requests. This is outlined in the steps described next.
We recommend upgrading your PHP module to the latest release.
To manually set up your Apache to serve PHP requests, do the following:
Start by opening Terminal, which is located in Applications Utilities. Maximize the Terminal window. In the Terminal window, log in as the root user by typing:
Supply the password you set when unlocking the root user.
In the Terminal window, type:
% pico /etc/httpd/httpd.conf
This launches the pico editor and opens the httpd.conf file.
Search in the file for the string php. You can do this by holding the ctrl (Control) key and pressing the w key (ctrl-w), typing php, and pressing Enter. You should see the following line:
#LoadModule php4_module libexec/httpd/libphp4.so
From the line in Step 3, remove the # so that it reads:
LoadModule php4_module libexec/httpd/libphp4.so
Search again for the string php by pressing ctrl-w and then Enter. You should see the following line:
From the line in Step 5, remove the # so that it reads:
Save the file by ctrl-o and Enter. Quit pico by typing ctrl-x.
Restart your Apache so that it rereads its configuration by typing into your Terminal window:
% /usr/sbin/apachectl stop % /usr/sbin/apachectl start
(For some reason, /usr/sbin/apachectl restart doesn't work.)
To test the PHP module, change the directory to the Apache document root using your Terminal window:
% cd /Library/WebServer/Documents
Create a file with the name phpinfo.php using pico. Type the following into your Terminal window:
% pico phpinfo.php
The pico editor runs and an empty window appears. Into the window, type:
<?php phpinfo( ); ?>
Save the file using ctrl-o and pressing Enter. Then quit pico using ctrl-x.
Test the newly created PHP script by retrieving with a browser the following URL http://127.0.0.1/phpinfo.php. You should see a page of information about Apache and PHP.
PHP 4.3.2 is installed with Panther. To upgrade your PHP to the latest stable release, do the following:
Using a web browser, visit Marc Liyanage's web site, http://www.entropy.ch/software/macosx/php/.
Scroll down to the Installation Instructions heading. Next to item 1 in the list, click on the link to the installation package. This is labelled, for example, PHP 4.3.4 (entropy.ch Release 1). Save the downloaded file.
After the download is complete, double-click on the disk image file that's been downloaded. It has a file name such as Entropy-PHP-4.3.4-1.dmg. This mounts the disk image file and the Finder appears.
In the Finder, double-click on the package and the Installer runs; the package has a name such as php-4.3.4.pkg. On the Installer welcome screen, click Continue. On the Destination screen, click on the destination volume that is home to your Apache server and click Continue. On the Easy Install screen, click Upgrade; you may need to then provide your root user password. The package will install. On the Finish Up screen, click Close.
The PHP upgrade is complete?you don't even need to restart your Apache!
This section describes how to configure a secure version of the Apache web server so that you can support https:// requests. If you don't need a secure server, skip this section. You can find out more about secure web servers in Chapter 11.
There are two major differences encountered when configuring Apache to use SSL versus using Apache normally:
There are several sources of Secure Sockets Layer software. The OpenSSL is probably the most-commonly used with Apache, and it's already installed with Panther. We use it in this section.
A free, self-signed certificate can be created (and that's what we do in this section). You need to replace it with a purchased certificate from a Certification Authority when an application goes live.
For Apache to use SSL, it needs a private key and a certificate. Once the key and certificate have been created, they need to be configured into Apache. These steps show you how to do this:
Start by opening Terminal, which is located in Applications Utilities. Maximize the Terminal window. In the Terminal window, login as the root user by typing:
Supply the password you set when unlocking the root user.
Create the key. Into the Terminal window, type:
% openssl genrsa -des3 1024 > /etc/httpd/ localhost .key
If you have an actual domain for your server, replace localhost with the full domain name. Decide on a password and enter it twice; record it for future use. You've now created the private key.
Create the certificate request by typing:
% openssl req -new -key /etc/httpd/ localhost .key > \ /etc/httpd/ localhost .csr
If you have an actual domain for your server, replace localhost with the full domain name. The process asks for several fields including country, state, organization name, and email address; answer these as best you can, but it doesn't matter if you omit some answers by pressing Enter. The script produces a file that contains the certificate signing request.
Now, create the self-signed certificate by typing:
% openssl req -x509 -days 90 -key \ /etc/httpd/localhost.key \ -in /etc/httpd/localhost.csr > \ /etc/httpd/localhost.crt
You need to provide the password you used to create your private key.
Activate your SSL module in your Apache installation. To do this, type:
% apxs -e -a -n ssl /usr/libexec/httpd/libssl.so
You need to instruct Apache how to process secure requests. In the Terminal window, type:
% pico /etc/httpd/httpd.conf
This launches the pico editor and opens a window containing the httpd.conf file.
Scroll to the end of the file using the down arrow key. At the end of the httpd.conf file, add the following lines:
<IfModule mod_ssl.c> Listen 80 Listen 443 SSLRandomSeed startup builtin SSLRandomSeed connect builtin <VirtualHost _default_:443> SSLEngine on DocumentRoot "/Library/WebServer/SecureDocuments" SSLCertificateFile /etc/httpd/localhost.crt SSLCertificateKeyFile /etc/httpd/localhost.key </VirtualHost> </IfModule>
These instructions configure Apache to serve secure documents from the directory /Library/WebServer/SecureDocuments. If you don't want to use that directory, you can replace it with your choice; we assume our choice in the next few steps. If you have an actual domain for your server, also replace localhost with the full domain name.
Save the file using ctrl-o and pressing Enter, and quit using ctrl-x.
Create the directory from which you want to serve secure files. Type:
% mkdir /Library/WebServer/SecureDocuments
For testing, create a simple index.html file in the new directory. Type:
% pico /Library/WebServer/SecureDocuments/index.html
Into the file, type:
Save the file using ctrl-o and pressing Enter. Quit pico using ctrl-x. Ensure the file can be accessed by typing:
% chmod a+rx /Library/WebServer/SecureDocuments/ % chmod a+r /Library/WebServer/SecureDocuments/index.html
Stop and start Apache so it rereads its configuration. Use the following commands:
% apachectl stop % apachectl start
You need to provide the password you used in creating your key. A secure Apache is now running and serving requests on port 443 (the default HTTPS port) via SSL and also serving regular HTTP requests on post 80. You can test it by requesting the resources https://127.0.0.1/ and http://127.0.0.1/ with a web browser running on the same machine as the web server. You should see the sample page you created in Step 7, and your regular pages respectively.
When a resource such as https://127.0.0.1/ is requested with a browser, the browser alerts the user to an unknown certificate. To obtain a certificate that will be trusted by users, you need to send your certificate request to a Certification Authority to be signed using their authoritative certificates. There is a fee for this service. While the Apache configuration allows both the key and the certificate to be placed in a single file, the private key should not be sent to anyone, not even the Certification Authority. More documentation can be found at http://www.openssl.org/docs/apps/openssl.html.