Apache 2.2, PHP 5, SSL, etc. on a Leopard Mac
9th Apr 2008, 08:10:23
Here's how I built Apache with SSL, GD, libjpeg, libpng, FreeType, MySQL and PHP on Mac OS X 10.5.2.
If you want to do this on 10.4 (Tiger) or 10.3 (Panther), have a look at this older article.
Get the Right Tools
Install the Xcode tools from the Leopard DVD.
I want to be able to generate and manipulate .jpg and .png images, so I'm going to need libpng and libjpeg. If you don't need these libraries, you can skip this step. If you're not sure, you may as well install them, since you'll have to recompile PHP if you decide you want them later.
Open a terminal from /Applications/Utilities. Type:
Let's grab the libjpeg source:
curl -O http://www.ijg.org/files/jpegsrc.v6b.tar.gz gnutar -xzf jpegsrc.v6b.tar.gz sudo mkdir -p /usr/local/include sudo mkdir -p /usr/local/man/man1 sudo mkdir -p /usr/local/lib sudo mkdir -p /usr/local/bin
Now, build and install libjpeg:
cd jpeg-6b ./configure sudo make install sudo make install-lib sudo ranlib /usr/local/lib/libjpeg.a
Each of the above commands will produce some output in the terminal indicating the status of the build if you get any error messages, read them carefully and try googling them. Once you've built with no errors, move on to libpng:
cd ~/Downloads curl -O http://heanet.dl.sourceforge.net/sourceforge/libpng/libpng-1.2.9.tar.gz gnutar -xzf libpng-1.2.9.tar.gz cd libpng-1.2.9 ./configure make sudo make install sudo ranlib /usr/local/lib/libpng.a
I need FreeType, because I want to superimpose text on images. If you don't want this, don't install it, but remember that you'll have to recompile PHP if you change your mind later.
cd ~/Downloads curl -O http://heanet.dl.sourceforge.net/sourceforge/freetype/freetype-2.3.5.tar.gz gnutar -xzf freetype-2.3.5.tar.gz cd freetype-2.3.5 ./configure make sudo make install
Now it's time to build Apache itself.:
cd ~/Downloads curl -O http://www.mirrorservice.org/sites/ftp.apache.org/httpd/httpd-2.2.8.tar.gz gnutar -xzf httpd-2.2.8.tar.gz cd httpd-2.2.8
./configure line is where you specify the modules you want. If you don't want SSL, leave out
--enable-ssl. I use
--enable-headers to serve gzipped pages,
which affords me some bandwidth savings. If you don't know what I'm babbling on about, just copy the below verbatim!
There are lots of options you can use with
./configure --enable-ssl --enable-deflate --enable-headers --enable-rewrite --prefix=/usr/local/apache2.2 make sudo make install
If you don't have it already, install MySQL
PHP comes next:
cd ~/Downloads curl -O http://uk.php.net/distributions/php-5.2.5.tar.gz gnutar -xzf php-5.2.5.tar.gz cd php-5.2.5 ./configure \ --with-xml \ --with-zlib \ --with-gd \ --with-jpeg-dir=/usr/local \ --with-png-dir=/usr/local \ --with-freetype-dir=/usr/local \ --with-mysql=/usr/local/mysql \ --with-apxs2=/usr/local/apache2.2/bin/apxs make sudo make install
Obviously, if you decided not to install gd, libjpeg, libpng or freetype, omit those lines.
The php.ini lets you change some configuration options in PHP, but is not essential:
cp php.ini-dist /usr/local/lib/php.ini
Does it Work?
If you have Apple's Web Sharing service turned on, turn it off in System Preferences -> Sharing.
The moment of truth:
sudo /usr/local/apache2.2/bin/apachectl start
You won't receive any output from the above command unless there is something wrong. Check if Apache really started.
ps ax | grep httpd
It should return:
6898 ?? Ss 0:00.32 /usr/local/apache2.2/bin/httpd -k start 6899 ?? S 0:00.00 /usr/local/apache2.2/bin/httpd -k start 6900 ?? S 0:00.00 /usr/local/apache2.2/bin/httpd -k start 6901 ?? S 0:00.00 /usr/local/apache2.2/bin/httpd -k start 6902 ?? S 0:00.00 /usr/local/apache2.2/bin/httpd -k start 6903 ?? S 0:00.00 /usr/local/apache2.2/bin/httpd -k start 6906 s000 R+ 0:00.00 grep httpd
Browse to http://localhost:
Hooray, it works.
Next, we should replace Apache's default configuration with our own. This should be a sensible starting point:
#User that Apache's child processes run under User www Group www #Modules LoadModule php5_module modules/libphp5.so <IfModule mod_php5.c> # If php is turned on, we repsect .php and .phps files. AddType application/x-httpd-php .php AddType application/x-httpd-php-source .phps DirectoryIndex index.html index.php </IfModule> #General server details Listen your-ip-address-here:80 Listen your-ip-address-here:443 HostnameLookups On ServerSignature On #Don't look for .htaccess <Directory "/"> Options none #This means 'do not allow .htaccess to override', the options can still be set per virtual host. AllowOverride None </Directory> #Don't allow anyone to retreive .htaccess files that might exist anyway <Files ~ "^\.ht"> Order allow,deny Deny from all Satisfy All </Files> #Don't allow anyone to retreive .DS_Store files created by OS X's Finder <FilesMatch '^\.[Dd][Ss]_[Ss]'> Order allow,deny Deny from all </FilesMatch> #whenever Apache needs to construct a self-referencing URL (a URL that #refers back to the server the response is coming from) it will use #ServerName UseCanonicalName On #Performance MaxClients 256 MaxRequestsPerChild 100000 #Logging CustomLog "/private/var/log/apache2/access_log" common #Defines 'common' for above: LogFormat "%h %l %u %t \"%r\" %>s %b %v" common ErrorLog "/private/var/log/apache2/error_log" LogLevel warn PidFile "/private/var/run/apache2.pid" #MIME DefaultType text/plain AddCharset ISO-8859-1 .iso8859-1 .latin1 AddCharset UTF-8 .utf8 #Virtual hosts NameVirtualHost your-ip-address-here:80 NameVirtualHost your-ip-address-here:443 #Default virtualhost. This is what people see if they just type in the IP of your server. <VirtualHost your-ip-address-here:80> DocumentRoot /Library/WebServer/ </VirtualHost> <VirtualHost your-ip-address-here:80> ServerName stocksy.co.uk DocumentRoot /Library/WebServer/ </VirtualHost> <VirtualHost your-ip-address-here:80> ServerName some.other.vhost.stocksy.co.uk DocumentRoot /Library/WebServer/somedir/ </VirtualHost>
Copy the above config to your clipboard, then paste it into /usr/local/apache2.2/conf/httpd.conf:
sudo -s echo "" > /usr/local/apache2.2/conf/httpd.conf nano /usr/local/apache2.2/conf/httpd.conf
Type cmd+v to paste, then control+o to write, then control+x to exit.
/usr/local/apache2.2/bin/apachectl restart exit
See if PHP works:
sudo -s echo "<? \ phpinfo(); \ ?>" > /Library/WebServer/phpinfo.php
Go to http://your-ip-address/phpinfo.php, you should see a page telling you about your newly installed PHP module's capabilities.
If you want to generate your own self-signed certificates at no cost, read my page telling you exactly how to do so.
If you followed the directions, you'll have a file called something like ssl.toastputer.net-key-cert.pem, which needs to put in the right place:
sudo mkdir /usr/local/apache2.2/ssl sudo mv ssl.toastputer.net-key-cert.pem /usr/local/apache2.2/ssl/ sudo chown -R root:admin /usr/local/apache2.2/ssl sudo chmod -R go-rwx /usr/local/apache2.2/ssl
Append the SSL virtual host to httpd.conf
<VirtualHost <your-ip-address-here>:443> DocumentRoot /Library/WebServer/SSLDocs ServerName ssl.toastputer.net SSLEngine on SSLCertificateFile /usr/local/apache2.2/ssl/<your cert here>.pem </VirtualHost>
Copy the above to your clipboard and paste it in using nano:
sudo -s nano /usr/local/apache2.2/conf/httpd.conf
Navigate to the end of the file, then type cmd+v to paste, then control+o to write, then control+x to exit.
/usr/local/apache2.2/bin/apachectl restart exit
You will need to import the ca.crt file from the CA you built into the certificate stores of all your client machines if you want to get rid of messages complaining about invalid SSL certificates. This varies from browser to browser, but it is usually as simple as double-clicking the ca.crt file.
Control through System Preferences
Finally, you might like Apache to start on boot, or be able to start it from System Preferences. Remove the existing config from launchd if it is already loaded and stop Apache:
sudo launchctl unload /System/Library/LaunchDaemons/org.apache.httpd.plist sudo /usr/local/apache2.2/bin/apachectl stop
Edit the configuration file:
sudo nano /System/Library/LaunchDaemons/org.apache.httpd.plist
Change /usr/sbin/httpd to read /usr/local/apache2.2/bin/httpd
control+o to write, control x to exit.
sudo launchctl load /System/Library/LaunchDaemons/org.apache.httpd.plist
Apache will now start through the Web Sharing control in System Preferences.