stocksy.co.uk
"the site for those who crave disappointment"

Sponsored Links

Apache 2.2, PHP 5, SSL, etc. on a Leopard Mac

9th Apr 2008, 08:10:23

By James Stocks

Here's how I built Apache with SSL, GD, libjpeg, libpng, FreeType, MySQL and PHP on Mac OS X 10.5.2.

Apache Logo

If you want to do this on 10.4 (Tiger) or 10.3 (Panther), have a look at this older article.

Get the Right Tools

Install the Xcode tools from the Leopard DVD.

Get building

I want to be able to generate and manipulate .jpg and .png images, so I'm going to need libpng and libjpeg. If you don't need these libraries, you can skip this step. If you're not sure, you may as well install them, since you'll have to recompile PHP if you decide you want them later.

Open a terminal from /Applications/Utilities. Type:

	
cd Downloads

Let's grab the libjpeg source:

curl -O http://www.ijg.org/files/jpegsrc.v6b.tar.gz
gnutar -xzf jpegsrc.v6b.tar.gz
sudo mkdir -p /usr/local/include
sudo mkdir -p /usr/local/man/man1
sudo mkdir -p /usr/local/lib
sudo mkdir -p /usr/local/bin

Now, build and install libjpeg:

cd jpeg-6b
./configure
sudo make install
sudo make install-lib
sudo ranlib /usr/local/lib/libjpeg.a

Each of the above commands will produce some output in the terminal indicating the status of the build if you get any error messages, read them carefully and try googling them. Once you've built with no errors, move on to libpng:

cd ~/Downloads
curl -O http://heanet.dl.sourceforge.net/sourceforge/libpng/libpng-1.2.9.tar.gz
gnutar -xzf libpng-1.2.9.tar.gz
cd libpng-1.2.9
./configure
make
sudo make install
sudo ranlib /usr/local/lib/libpng.a

I need FreeType, because I want to superimpose text on images. If you don't want this, don't install it, but remember that you'll have to recompile PHP if you change your mind later.

cd ~/Downloads
curl -O http://heanet.dl.sourceforge.net/sourceforge/freetype/freetype-2.3.5.tar.gz
gnutar -xzf freetype-2.3.5.tar.gz
cd freetype-2.3.5
./configure
make
sudo make install

Apache

Now it's time to build Apache itself.:

cd ~/Downloads
curl -O http://www.mirrorservice.org/sites/ftp.apache.org/httpd/httpd-2.2.8.tar.gz
gnutar -xzf httpd-2.2.8.tar.gz
cd httpd-2.2.8

The ./configure line is where you specify the modules you want. If you don't want SSL, leave out --enable-ssl. I use --enable-deflate and --enable-headers to serve gzipped pages, which affords me some bandwidth savings. If you don't know what I'm babbling on about, just copy the below verbatim! There are lots of options you can use with ./configure

./configure --enable-ssl --enable-deflate --enable-headers --enable-rewrite --prefix=/usr/local/apache2.2
make
sudo make install

MySQL

If you don't have it already, install MySQL

PHP

PHP comes next:

cd ~/Downloads
curl -O http://uk.php.net/distributions/php-5.2.5.tar.gz
gnutar -xzf php-5.2.5.tar.gz
cd php-5.2.5
./configure \
--with-xml \
--with-zlib \
--with-gd \
--with-jpeg-dir=/usr/local \
--with-png-dir=/usr/local \
--with-freetype-dir=/usr/local \
--with-mysql=/usr/local/mysql \
--with-apxs2=/usr/local/apache2.2/bin/apxs
make
sudo make install

Obviously, if you decided not to install gd, libjpeg, libpng or freetype, omit those lines.

The php.ini lets you change some configuration options in PHP, but is not essential:

cp php.ini-dist /usr/local/lib/php.ini

Does it Work?

If you have Apple's Web Sharing service turned on, turn it off in System Preferences -> Sharing.

The moment of truth:

sudo /usr/local/apache2.2/bin/apachectl start

You won't receive any output from the above command unless there is something wrong. Check if Apache really started.

ps ax | grep httpd

It should return:

 6898   ??  Ss     0:00.32 /usr/local/apache2.2/bin/httpd -k start
 6899   ??  S      0:00.00 /usr/local/apache2.2/bin/httpd -k start
 6900   ??  S      0:00.00 /usr/local/apache2.2/bin/httpd -k start
 6901   ??  S      0:00.00 /usr/local/apache2.2/bin/httpd -k start
 6902   ??  S      0:00.00 /usr/local/apache2.2/bin/httpd -k start
 6903   ??  S      0:00.00 /usr/local/apache2.2/bin/httpd -k start
 6906 s000  R+     0:00.00 grep httpd

Browse to http://localhost:

Apache's 'it works!' page

Hooray, it works.

Next, we should replace Apache's default configuration with our own. This should be a sensible starting point:

#User that Apache's child processes run under
User www
Group www

#Modules
LoadModule 	php5_module        	modules/libphp5.so

<IfModule mod_php5.c>
    # If php is turned on, we repsect .php and .phps files.
    AddType application/x-httpd-php .php
    AddType application/x-httpd-php-source .phps
    DirectoryIndex index.html index.php
</IfModule>

#General server details
Listen your-ip-address-here:80
Listen your-ip-address-here:443
HostnameLookups On
ServerSignature On

#Don't look for .htaccess
<Directory "/">
	Options none
	#This means 'do not allow .htaccess to override', the options can still be set per virtual host.
	AllowOverride None
</Directory>
#Don't allow anyone to retreive .htaccess files that might exist anyway
<Files ~ "^\.ht">
    Order allow,deny
    Deny from all
    Satisfy All
</Files>
#Don't allow anyone to retreive .DS_Store files created by OS X's Finder
<FilesMatch '^\.[Dd][Ss]_[Ss]'>
	Order allow,deny
	Deny from all
</FilesMatch>

#whenever Apache needs to construct a self-referencing URL (a URL that 
#refers back to the server the response is coming from) it will use 
#ServerName 
UseCanonicalName On

#Performance
MaxClients 256
MaxRequestsPerChild 100000

#Logging
CustomLog "/private/var/log/apache2/access_log" common
	#Defines 'common' for above:
	LogFormat "%h %l %u %t \"%r\" %>s %b %v" common
ErrorLog "/private/var/log/apache2/error_log"
LogLevel warn
PidFile "/private/var/run/apache2.pid"

#MIME
DefaultType text/plain
AddCharset ISO-8859-1  .iso8859-1  .latin1
AddCharset UTF-8       .utf8

#Virtual hosts
NameVirtualHost your-ip-address-here:80
NameVirtualHost your-ip-address-here:443


#Default virtualhost. This is what people see if they just type in the IP of your server.
<VirtualHost your-ip-address-here:80>
	DocumentRoot /Library/WebServer/
</VirtualHost>

<VirtualHost your-ip-address-here:80>
    ServerName stocksy.co.uk
    DocumentRoot /Library/WebServer/
</VirtualHost>

<VirtualHost your-ip-address-here:80>
    ServerName some.other.vhost.stocksy.co.uk
    DocumentRoot /Library/WebServer/somedir/
</VirtualHost>

Copy the above config to your clipboard, then paste it into /usr/local/apache2.2/conf/httpd.conf:

sudo -s
echo "" > /usr/local/apache2.2/conf/httpd.conf
nano /usr/local/apache2.2/conf/httpd.conf

Type cmd+v to paste, then control+o to write, then control+x to exit.

/usr/local/apache2.2/bin/apachectl restart
exit

See if PHP works:

sudo -s
echo "<? \
phpinfo(); \
?>" > /Library/WebServer/phpinfo.php

Go to http://your-ip-address/phpinfo.php, you should see a page telling you about your newly installed PHP module's capabilities.

SSL

If you want to generate your own self-signed certificates at no cost, read my page telling you exactly how to do so.

If you followed the directions, you'll have a file called something like ssl.toastputer.net-key-cert.pem, which needs to put in the right place:

sudo mkdir /usr/local/apache2.2/ssl
sudo mv ssl.toastputer.net-key-cert.pem /usr/local/apache2.2/ssl/
sudo chown -R root:admin /usr/local/apache2.2/ssl
sudo chmod -R go-rwx /usr/local/apache2.2/ssl

Append the SSL virtual host to httpd.conf

<VirtualHost <your-ip-address-here>:443>
  DocumentRoot /Library/WebServer/SSLDocs
  ServerName ssl.toastputer.net
  SSLEngine on
  SSLCertificateFile /usr/local/apache2.2/ssl/<your cert here>.pem
</VirtualHost>

Copy the above to your clipboard and paste it in using nano:

sudo -s
nano /usr/local/apache2.2/conf/httpd.conf

Navigate to the end of the file, then type cmd+v to paste, then control+o to write, then control+x to exit.

/usr/local/apache2.2/bin/apachectl restart
exit

You will need to import the ca.crt file from the CA you built into the certificate stores of all your client machines if you want to get rid of messages complaining about invalid SSL certificates. This varies from browser to browser, but it is usually as simple as double-clicking the ca.crt file.

Control through System Preferences

Finally, you might like Apache to start on boot, or be able to start it from System Preferences. Remove the existing config from launchd if it is already loaded and stop Apache:

sudo launchctl unload /System/Library/LaunchDaemons/org.apache.httpd.plist
sudo /usr/local/apache2.2/bin/apachectl stop

Edit the configuration file:

sudo nano /System/Library/LaunchDaemons/org.apache.httpd.plist

Change /usr/sbin/httpd to read /usr/local/apache2.2/bin/httpd

control+o to write, control x to exit.

sudo launchctl load /System/Library/LaunchDaemons/org.apache.httpd.plist

Apache will now start through the Web Sharing control in System Preferences.

New Comments

Some Rights Reserved