Super Server Apache + MySQL + PHP + SSL full installation Raiders

The purpose of our goal is to install a web server that allows us to host multiple websites, some of which are security solutions for e-commerce, and most websites are driven by connecting a database server and extracting the script of their data.

The tools required for this task are:

Apache-a website server

MOD_SSL-a module of a secure socket layer (SSL)

OpenSSL-Open Source Code Toolbox (MOD_SSL required)

RSAREF - only for US users

MySQL-a database server

PHP-a scripting language

"There are only one of the configurations that can achieve our requirements. I chose such a configuration because it is the simplest and fastest. The reason for choosing mod_ssl / openssl is because I have its previous experience and is the fastest configuration and the easiest installation. In order to integrate with Apache, I chose PHP and MySQL. Remember, Perl can do anything you want to do, however, PHP is simple and easy to make a programmer who wants to learn it.

I hope that you will successfully complete the following goals after ending this simple guide.

Install and set the mysql database server

o Know how to check the status of the mysql server

o Know how to use the command line customer program to access the MySQL server

o Know how to access your DB server from the web

Install and set an Apache website server with SSL

o Configuring a simple virtual website

o Know how to stop and start the server

o Know how to do some basic host hosted configuration

PHP 4.0 hypertext pre-text pre-text pre-text pre-text pre-text pre-text pre-text prereated server installation and configuring server-side scripts

o Know how to write simple PHP code

o Know how to connect to a DB using PHP

o Create a simple website to enable PHP and communication with a database

Create some sample certificates for Apache SSL

o Know how to generate a CSR file

o Know how to encrypt a key code

o Know how to sign your own certificate

This article will cover a lot of information. This guide is an entry-based guide that allows you to enter the world of e-commerce, website scripts, and security socket layers (SSL), with the aim of helping you build a security site that is driven by dynamic information stored in the database.

This article is not a detailed and comprehensive document, which will of course have some errors (desirable minimum), please remember this when you read it. However, it will arouse your enthusiasm and run the product mentioned earlier, I hope you better understand how these things work. No previous programming knowledge, but assume you a bit computer knowledge background. My goal is to write this document so that any novice can understand what I am talking about. If I reach, then I have a good thing. If you easily establish an e-commerce site, better than I do :-) give me some explanation.

Assume

This article assumes that you have installed the following software on your system.

Perl (preferably VER 5 )

Gzip or Gunzip

GCC and GNU Make

If you are not installed, you will need to take the necessary steps to install them before explaining any process of this article.

You also need a basic understanding of UNIX commands, HTML, and SQL. How do you manage a basic understanding of your Linux machine. You also need a completely normal Linux machine, you will install software on it. Of course, you will need the necessary packages listed above to compile the source code, and finally, you have not yet installed Mysql, Apache, or PHP in the Linux machine.

working principle

understanding of what happened behind the scenes is helpful. Here is an over-simplified working principle, the following figure and the subsequent explanation are currently not completely correct, just a key point outline:

The situation is: We have a web page that takes out some data from a database. John Doe requests this page from his browser, requesting to the web server, then call a PHP script. The PHP script is interpreted by the PHP preprocessor and removes data from the database, and then the result is processed by the remaining PHP scripts and transformed into HTML, and the HTML is sent back to the user's browser. Let's see step by step:

John Doe Click a link from his browser; his browser sends a request to http://www.yourserver.com/test.php.

Apache gets requests for Test.php, it knows .php files should be processed by the PHP Preprocessor (MOD_PHP), so it informs PHP processing it. It knows this because we specify it in the Apache configuration.

Test.php is a PHP script containing the command. One of these commands is to open a connection to a database and capture data. PHP processes the connection of the database and explains the SQL call to extract data from DB.

The server server gets a connection request from the PHP interpreter and processes this request. The request may be similar to a simple selection statement, or the database table creation, etc.

The database then returns the response and results to the PHP interpreter.

Apache returns the result to John Doe's browser as a response to him. John Doe now sees a web page that contains some information from a database.

If this is a request to https://www.yoursecureserver.com/test.php, the entire process is similar to the above, in addition to each request and response is encrypted and decrypted at both ends, that is, the browser connects Apache, get it Encryption key code, encryption request and send it.

The server sees request, decrypt and authenticates it. It handles files, encrypts and send it. The browser is then decrypted with the button of the server. Remember that since the connection is encrypted, it is used in different ports. Port 80 is used in a non-secure connection while port 443 is used in a secure connection.

Again again, it is not 100% correct, but it makes you realize that you know the very simple outline of things happening behind the scenes.

Since we have a very basic understanding of the goal we are trying to reach, let us continue to install the software.

Preparation

Apache (web server) - http://www.apache.org

MOD_SSL (Secure Server Layer) -http://www.modssl.org

OpenSSL (SSL Toolbox) - http://www.openssl.org

PHP (scripting language) - http://www.php.net

MySQL (SQL Database Server) - http://www.mysql.com

Download all (TAR files) source code to a temporary directory. Guaranteed that you put them in a lot of space ... you should download them as root to avoid permission issues.

Our Plan

Our plan is to first install the MySQL server and ensure it work, and then we will install PHP and MOD_SSL, and finally we will install the Apache website server. After we installed apache, we can test whether PHP and Mod_ssl support work.

Mysql Source Machine (UNIX)

The basic command you must be used to perform the mysql source code distribution is (from one "TAR" file):

By using SU to become a root user.

$ su

Go directly to your directory with TAR files. (Using a temporary directory. Use / tmp / download /)

#CD / TMP / DOWNLOAD /

Use the following command to extract files.

# gunzip -d -c mysql-3.22.xx.tar.gz | TAR XVF -
Change to a new directory, which is created during the extraction.

# cd mysql-3.22.xx

Now you can start "configuring" MySQL servers. You can specify a lot of options with configure - Help to view all options. I have already selected - PREFIX specifies the direct path to the installation location. Configure will check your compiler and something else. If you have any errors, you can check the config.cache file to view an error.

# configure --prefix = / usr / local / mysq

After you have finished configured, you can perform the true binary code of the following command make.

# Make

Now you are ready to install all binary code. Run the following command to install binary code in the directory you specified with the configure -prefix option.

# Make Install

After you install the binary code, it is time to create a MySQL table used to define the permissions.

# scripts / mysql_install_db

# cd / usr / local / mysql / bin

# ./safe_mysqld &

# ./mysqladmin -u root password "new-password"

Note: / usr / local / mysql is the directory I choose to install the MySQL server. You can choose another place by changing the directory.

You can verify that the server is working by running some simple testing to ensure that mysql is running. The output should be similar to the following: bindir = / usr / local / mysql / bin. Bindir depends on your directory you have in the above prefix.

# Bindir / MySQLSHOW -P

-------------

| Databases |

-------------

| mysql |

-------------

Once you install MySQL, it will automatically create 2 databases. A mysql table that controls the user, host, and database permissions in the actual server; the other is a Test database, we can use the TEST database. However, we want to give you an overview of some of the command line options available for a fast and simple MySQL. This will also ensure that all access rights to the DB server, namely: root has licenses for creating a database, database table, etc., so we will create a Test2 database, after we use it for our test. Before you enter MySQL by the command line, you will be prompted by the new password for the root user. Remember that you have changed it before.

# mysql -u root -p

mysql> show data;

--------------

| Database |

--------------

| mysql |

| Test |

--------------

mysql> Create Database Test2;

Query Ok, 1 Row Affected (0.00 sec)

Now selecting a new database and create a new table named TST_TBL, there are 2 fields below. Field 1 is a ID field that allows you to know the ID of the record. In essence, in order to simplify this just a line number. The second field is a Name field, store the book name information. The format of these fields is: Field 1 (ID) is an integer (int) having a length of 3, and field 2 (Name) is a character (CHAR) field having a length of 50. For search and index data, we specify the ID as a key code.
MySQL> USE TEST2;

Database change

MySQL> Create Table Books (ID INT (3) Not Null

-> Auto_Increment, Name Char (50) Not null,

-> Unique (ID), Primary Key (ID));

Query OK, 0 ROWS Affected (0.00 SEC)

Now we use the following command to verify that everything is correct.

MySQL> show Tables

---------------------

| TABLES in Test2 |

---------------------

| Books |

---------------------

1 row in set (0.00 sec)

MySQL> Describe Books;

------- ------------- ---- ------ ---------- - ----------------------

| Field | TYPE | NULL | Key | Default | EXTRA |

------- ------------- ---- ------ ---------- - ----------------------

| ID | INT (3) | | Pri | 0 | Auto_INCREMENT |

| Name | Char (50) | | | | | |

------- ------------- ---- ------ ---------- - ----------------------

2 rows in set (0.00 sec)

Note that the describe command basically "describes" the layout of the table. Quite good!

good, try some of the really useful SQL commands, insert and select data from the database, and now several new record to the table. Remember these is a simple book name record, but once you get SQL enough experience, you can create a real complex database for some large e-commerce sites. Let's create 2 records of 2 books. The first record is the name of a book I wrote in the future - "PHP 4 Newbies", another is a very useful Linux book, "Red Hat Linux 6 Server", by Mohammed J. Kabir .

MySQL> Insert Into Books (Name) Values ​​("PHP 4 Newbies");

Query Ok, 1 Row Affected (0.00 sec)

Mysql> Insert Into Books (Name) Values ​​("Red Hat Linux 6 Server);

Query OK, 1 ROW Affected (0.00 sec)
Now we can check new records, issue a "Select All" commands

MySQL> SELECT * from BOOKS;

-- ----------------------------------

| ID | NAME |

-- ----------------------------------

| 1 | PHP for newbies |

| 2 | Red Hat Linux 6 Server |

-- ----------------------------------

2 rows in set (0.00 sec)

good, MySQL server fully working. We can continue to join, but there is no significance at this time. Note how you don't have to specify the ID number when you add a record to your database, because you created an ID field that enables the Auto_Increment option.

Let me demonstrate how to make a quick delete. This is just letting you know, remember, you can find all the information about mysql commands and servers on MySQL website http://www.mysql.com.

MySQL> Delete from books where id = 1;

Query Ok, 1 Row Affected (0.00 sec)

mysql> Select * from books;

-- -----------------------------------

| ID | NAME |

-- -----------------------------------

| 2 | Red Hat Linux 6 Server |

-- -----------------------------------

1 row in set (0.00 sec)

Good, exit MySQL and continue to install. You can do all the installation and everything is working properly after playing MySQL.

PHP Installation (UNIX)

Install PHP language now. You have downloaded the latest Beta, but you might have to download non-beta versions. Remember that the beta version requires GNU Make.

You still assume that it is root, if not, SU returns to root.

PHP requires you to configure Apache in advance so that it knows where the thing you need. When you install the Apache server, you will return here. Change to your directory with source code.

# CD / TMP / DOWNLOAD

# Gunzip -c apache_1.3.x.tar.gz | TAR XF -

# cd apache_1.3.x

# ./configure

# cd..

, now you can start the installation of PHP. Extract the source code file and enter its directory. If you download version 3, there is a change in numbers and commands, there is no change.

# Gunzip -c PHP-4.0.x.tar.gz | TAR XF -

# CD PHP-4.0.x

If you are compiling code, Configure will always be your friend. :-) Therefore, configure has a lot of options. Use configure --help to determine which you want to add. I just need mysql and ldap, and of course Apache.

# ./configure --with-mysql = / usr / local / mysql - with-xml

--with-apache = .. / apache_1.3.x

--enable-track-vars

--with-LDAP

Make and install binary code.

# Make

# make install

Copy the INI file to the lib directory.

# cp php.ini-dist /usr/local/lib/php.ini

You can edit the PHP file to set the PHP option, if you can insert the following row in your php.ini file, add the PHP's max_execution_time.

MAX_EXECUTION_TIME = 60;

Note: PHP3 users will use php3.ini, and PHP4 users will use the php.ini file.

Apache and Mod_ssl

This configuration is installed and MOD_SSL and APACHE. In this regard, you will need RSAREF-2.0 files. Search "Rsaref20.tar.z" on http://ftpsearch.lycos.com/. If you don't like Lycos, you can choose other search engines to search for files. Of course, this file is only needed in the United States. (Take it, you can also download it from elsewhere, first in http://ftpsearch.ntnu.no/ "Rsaref20.tar.z", a lot!.)

Create a RASREF directory, you will extract files in this directory. note. This assumes that you have downloaded a temporary directory, and you are in this directory.

# mkdir rsaref-2.0

# cd rsaref-2.0

# gzip -d -c ../rsaref20.tar.z | TAR XVF -

now configure and construct OpenSSL library.

# CD Rsaref-2.0

# CP -RP Install / Unix Local

# cd local

# Make

# mv rsaref.a librsaref.a

# cd ../ ..

Install OpenSSL. Remember that you will use it to create a temporary certificate and a CSR file. --prefix option Specifies the main installation directory.

# cd openssl-0.9.x

# ./config -prefix = / usr / local / ssl

-L`pwd` /../ rsaref-2.0 / local / rsaref -fpic

Now Make, test and install it.

# Make

# Make Test

# make install

# cd..

We will configure the mod_ssl module, and then specify it as a loaded module with the APACHE configuration.

# CD MOD_SSL-2.5.x-1.3.x

# ./configure

--with-apache = .. / apache_1.3.x

# cd..

Now we can add more Apache modules to the Apache source tree. Optional --enable-shared = SSL option makes the mod_ssl configuration becomes a DSO "libssl.so". About more information on Apache supports DSO, read the install and htdocs / manual / dso.html documents in the Apache source tree. I strongly recommend that ISP and software packaging maintaines use DSO tools most flexibly, but note that DSO is not supported on all platforms.
# CD Apache_1.3.x

# SSL_BASE = .. / OpenSSL-0.9.x

RSA_BASE = .. / RSAREF-2.0 / Local

./configure --enable-module = SSL

--activate-module = src / modules / php4 / libphp4.a

--enable-module = php4 --prefix = / usr / local / apache

--enable-shared = SSL

[... you can join more options ...]

Generate Apache, then generate a certificate, and install ...

# Make

If you have finished correctly, you will get the following information:

--------------------------------------------------------------------------------------------------------------------------------------------------- -------------------------

| Before you install the package you now shouth prepare the ssl |

Certificate system by running the "make certificate" Command. |

| For Different Situations The Following Variants Are Provided: |

| | |

|% make certificate type = dummy (Dummy Self-Signed Snake Oil Cert) |

|% make certificate type = test (TEST CERT SIGNED BY SNAKE OIL CA) |

|% make certificate type = Custom (Custom CERT SIGNED BY OWN CA) |

|% make certificate type = existing (exiSTING CERT) |

| CRT = / path / to / your.crt [key = / path / to / you.key] |

| | |

Use type = Dummy When You're a vendor package maintainer, |

| The type = Test when're An admin button @ tr 中Ly, |

| THEPE = Custom When You're An Admin Willing to Run A Real Server |

And Type = existinghen you're an admin who Upgradees a server. |

| (The default is type = TEST) |

| | |

Additionally Add Algo = RSA (Default) OR Algo = DSA TO SELECT |

| The signature algorithm buy for the generated certificate. || |

Use "make certificate view = 1" to display the generated data. |

| | |

THANKS for Using Apache & Mod_ssl. Ralf S. Engelschall |

| rsE@engelschall.com |

| www.engelschall.com |

----------------------------------- ----------------------

Now you can create a custom certificate. This option will prompt your address, company, and others. For a certificate, see the end of this article.

# Make Certificate Type = Custom

Install Apache ...

# Make Install

If everything is normal, you should see the following information:

----------------------------------- ---------------------------------

| You now Have SuccessFully Built and Installed The |

| Apache 1.3 http server. To verify what apache actually |

| Works Correctly You Now SHOULD First Check The |

| (Initially Created or Preserved) Configuration Files |

| | |

| /usr/local/apache/conf/httpd.conf |

| And the you shop be able to immediately fire up |

| Apache the first time by running: |

| | |

| / usr / local / apache / bin / apachectl start |

| Or when you want to run it it with ssl enabled us: |

| | |

| / usr / local / apache / bin / apachectl startssl |

THANKS for Using Apache. The Apache Group |

| http://www.apache.org / |

----------------------------------- ---------------------------------

Now verify that Apache and PHP are working. However, we need to edit srm.conf and httpd.conf to ensure that we add PHP types to the configuration. View httpd.conf and remove the comments below. If you accurately follow the instructions of this article, your httpd.conf file will be in the / usr / local / apache / conf directory. The file has a row for PHP4's AddType, and now removes the comment. httpd.conf file - piece

> # And for php 4.x, use:

> #

---> AddType Application / X-httpd-php .php

---> AddType Application / X-httpd-php-source .phps

>

>

Now we are ready to launch the Apache server to see if it is working. First we will start the server that does not support SSL see if it is started. We will check the support for PHP, then we will stop the server and launch the server that enables SSL support and checks if we are all normal. Configtest will check if all configurations are set correctly.
# cd / usr / local / apache / bin

# ./apachectl configtest

Syntax OK

# ./apachectl start

./apachectl start: httpd start

Test our work

Is Apache work?

If it works fine, when you use the Netscape to connect to the server, you will see a screen similar to this screen capture. This is basically the page of Apache's default installation.

Note: You can connect with the server with the server with the domain name or machine. Check these two situations to ensure that everything is working properly.

PHP support is working? ?

Now Test PHP Support ... Create a file (name: Test.php), which has the following information. The file needs to be located under the document root path, which should be default to / usr / local / apache / htdocs. Note This relies on our previously selected prefix, however, this can be changed in httpd.conf. Setting multiple virtual hosts will be added in another article, please pay attention, because it will involve some very basic options for installing Apache and its instructions.

Test.php file

PHPINFO ();

?>

It will display information about servers, PHP, and environments. Here is the screen capture of the top of the output page.

It's cool, PHP works.

SSL selection is working? ?

Ok, now we are ready to test SSL. Stop the server first, and restart it in an option to enable SSL.

# / usr / local / apache / bin / apachectl stop

# / usr / local / apache / bin / apachectl startssl

Test whether it works: By connecting with a Netscape with the server and selecting the HTTPS protocol, ie: https: //youserver.yourdomain.com or http://yoursery.yourdomain.com:443, you can also try again. The IP address of the server, namely: https: //xxx.xxx.xxx.xxx and http://xxx.xxx.xxx.xxx:443.

If it works, the server will send the certificate to the browser to create a secure connection. This will let the browser prompt you to accept the certificate you sign. If it is a certificate from VeriSign or Thawte, the browser will not prompt you because the certificate comes from a trusted certificate authority (CA). In our case, we created and signed our own certificate ... we don't want to buy one right away. First, we want to ensure that we can make everything.

You will see the following options in Netscape. This tells you a safe connection has been established.

Can PHP and MySQL work together? ?

Now we can determine that PHP can work with MySQL and do some inserts and data deletions for the Test2 database by creating a simple script. Just a simple script to test if it works. In another article we will discuss the PHP script to connect a MySQL database. I still remember that we have created a database and a table. We can complete it now, but I have to choose not. I want to check ROOT has permission to create a database and table, however, PHP provides the supply of MySQL, so I can easily write code to create a test database and several records.
I remember that we have created a book database. If you skip your previous content, this part will not work. We created a TEST2 database with a "books" table and inserted a record into a book.

This script basically browsing the table and lists all field names, it is really simple.

$ dbuser = "root";

$ dbhost = "localhost";

$ dbpass = "password";

$ dbname = "test2";

$ dbtble = "books";

$ mysql_link = mysql_connect ($ DBHOST, $ DBUSER, $ dbpass);

$ column = mysql_list_fields ($ DBNAME, $ dbtble, $ mysql_link);

For ($ I = 0; $ i

{

Print MySQL_Field_name ($ Column, $ I). "
";

}

?>

A more complex example will give you some wonderful features of PHP.