Apache 2, PHP, SSL, etc. on a Mac
2nd May 2005, 20:43:04
Here's how I built Apache with SSL, GD, libjpeg, libpng, FreeType, MySQL and PHP on Mac OS X 10.4 and 10.3
| 25th April 2008: Updated article to reflect more recent versions. | ||
If you are using OS X 10.5 (Leopard), don't use these instructions, have a look at this newer article.
Get the Right Tools
If you are Using Tiger, just install the Xcode tools from the Tiger DVD.
If you are still using Panther, You must have Xcode 1.5 from Apple's developer site, the build will not succeed without them. You need a (free) log in to download Xcode 1.5, and it's a 374 MB download. The Xcode tools supplied with Panther are not sufficient.
Get building
I want to be able to generate and manipulate .jpg and .png images, so I'm going to need libpng and libjpeg. If you don't need these libraries, you can skip this step. If you're not sure, you may as well install them, since you'll have to recompile PHP if you decide you want them later.
Open a terminal from /Applications/Utilities. I like to keep my source code in a folder in my home directory, if you wan't to do the same, type:
mkdir ~/source cd ~/source
Let's grab the libjpeg source:
curl -O http://www.ijg.org/files/jpegsrc.v6b.tar.gz gnutar -xzf jpegsrc.v6b.tar.gz sudo mkdir -p /usr/local/include sudo mkdir -p /usr/local/man/man1 sudo mkdir -p /usr/local/lib sudo mkdir -p /usr/local/bin
Now, build and install libjpeg:
cd jpeg-6b ./configure sudo make install sudo make install-lib sudo ranlib /usr/local/lib/libjpeg.a
Each of the above commands will produce some output in the terminal indicating the status of the build if you get any error messages, read them carefully and try googling them. Once you've built with no errors, move on to libpng:
cd ~/source curl -O http://heanet.dl.sourceforge.net/sourceforge/libpng/libpng-1.2.9.tar.gz gnutar -xzf libpng-1.2.9.tar.gz cd libpng-1.2.9 ./configure make sudo make install sudo ranlib /usr/local/lib/libpng.a
I need FreeType, because I want to superimpose text on images. If you don't want this, don't install it, but remember that you'll have to recompile PHP if you change your mind later.
cd ~/source curl -O http://heanet.dl.sourceforge.net/sourceforge/freetype/freetype-2.3.5.tar.gz gnutar -xzf freetype-2.3.5.tar.gz cd freetype-2.3.5 ./configure make sudo make install
Apache
Now it's time to build Apache itself.:
cd ~/source curl -O http://www.mirrorservice.org/sites/ftp.apache.org/httpd/httpd-2.2.8.tar.gz gnutar -xzf httpd-2.2.8.tar.gz cd httpd-2.2.8
The ./configure line is where you specify the modules you want. If you don't want SSL, leave out
--enable-ssl. I use --enable-deflate and --enable-headers to serve gzipped pages,
which affords me some bandwidth savings. If you don't know what I'm babbling on about, just copy the below verbatim!
There are lots of options you can use with ./configure
./configure --enable-ssl --enable-deflate --enable-headers --enable-rewrite --prefix=/usr/local/apache2.2 make sudo make install
Apache took quite a while to compile on my Blue and White Power Mac, but if your Mac was made in the 21st century, it might be a bit faster :-)
MySQL
If you don't have MySQL installed, now is the time to do so. Head over to the MySQL Web site and download the OS X installer. MySQL is unbelieveably easy to set up on OS X, but it might still help to have a look at this.
PHP
PHP comes next:
cd ~/Downloads curl -O http://uk.php.net/distributions/php-5.2.5.tar.gz gnutar -xzf php-5.2.5.tar.gz cd php-5.2.5 ./configure \ --with-xml \ --with-zlib \ --with-gd \ --with-jpeg-dir=/usr/local \ --with-png-dir=/usr/local \ --with-freetype-dir=/usr/local \ --with-mysql=/usr/local/mysql \ --with-apxs2=/usr/local/apache2.2/bin/apxs make sudo make install
Obviously, if you decided not to install gd, libjpeg, libpng or freetype, omit those lines.
The php.ini lets you change some configuration options in PHP, but is not essential:
cp php.ini-dist /usr/local/lib/php.ini
It's a good idea to change the locations of Apache's .pid file and log files so that you can still use System Preferences to stop and start Apache. Do this by putting the following in /usr/local/apache2/conf/httpd.conf:
CustomLog "/private/var/log/httpd/access_log" common LogFormat "%h %l %u %t \"%r\" %>s %b" common ErrorLog "/private/var/log/httpd/error_log" LogLevel warn PidFile "/private/var/run/httpd.pid"
Also, we need to move the old apache executables out of the way and symlink in the new ones:
cd /usr/sbin mv httpd httpd-1.3 mv apachectl apachectl-1.3 ln -s /usr/local/apache2.2/bin/apachectl apachectl ln -s /usr/local/apache2.2/bin/httpd httpd
Does it Work?
If you have Apple's Web Sharing service turned on, turn it off in System Preferences -> Sharing.
The moment of truth:
sudo /usr/local/apache2.2/bin/apachectl start
You won't receive any output from the above command unless there is something wrong. Check if Apache really started.
ps ax | grep httpd
It should return:
6898 ?? Ss 0:00.32 /usr/local/apache2.2/bin/httpd -k start 6899 ?? S 0:00.00 /usr/local/apache2.2/bin/httpd -k start 6900 ?? S 0:00.00 /usr/local/apache2.2/bin/httpd -k start 6901 ?? S 0:00.00 /usr/local/apache2.2/bin/httpd -k start 6902 ?? S 0:00.00 /usr/local/apache2.2/bin/httpd -k start 6903 ?? S 0:00.00 /usr/local/apache2.2/bin/httpd -k start 6906 s000 R+ 0:00.00 grep httpd
Browse to http://localhost:
Hooray, it works.
Next, we should replace Apache's default configuration with our own. This should be a sensible starting point:
#User that Apache's child processes run under User www Group www #Modules LoadModule php5_module modules/libphp5.so <IfModule mod_php5.c> # If php is turned on, we repsect .php and .phps files. AddType application/x-httpd-php .php AddType application/x-httpd-php-source .phps DirectoryIndex index.html index.php </IfModule> #General server details Listen your-ip-address-here:80 Listen your-ip-address-here:443 HostnameLookups On ServerSignature On #Don't look for .htaccess <Directory "/"> Options none #This means 'do not allow .htaccess to override', the options can still be set per virtual host. AllowOverride None </Directory> #Don't allow anyone to retreive .htaccess files that might exist anyway <Files ~ "^\.ht"> Order allow,deny Deny from all Satisfy All </Files> #Don't allow anyone to retreive .DS_Store files created by OS X's Finder <FilesMatch '^\.[Dd][Ss]_[Ss]'> Order allow,deny Deny from all </FilesMatch> #whenever Apache needs to construct a self-referencing URL (a URL that #refers back to the server the response is coming from) it will use #ServerName UseCanonicalName On #Performance MaxClients 256 MaxRequestsPerChild 100000 #Logging CustomLog "/private/var/log/httpd/access_log" common #Defines 'common' for above: LogFormat "%h %l %u %t \"%r\" %>s %b %v" common ErrorLog "/private/var/log/httpd/error_log" LogLevel warn PidFile "/private/var/run/httpd.pid" #MIME DefaultType text/plain AddCharset ISO-8859-1 .iso8859-1 .latin1 AddCharset UTF-8 .utf8 #Virtual hosts NameVirtualHost your-ip-address-here:80 NameVirtualHost your-ip-address-here:443 #Default virtualhost. This is what people see if they just type in the IP of your server. <VirtualHost your-ip-address-here:80> DocumentRoot /Library/WebServer/ </VirtualHost> <VirtualHost your-ip-address-here:80> ServerName stocksy.co.uk DocumentRoot /Library/WebServer/ </VirtualHost> <VirtualHost your-ip-address-here:80> ServerName some.other.vhost.stocksy.co.uk DocumentRoot /Library/WebServer/somedir/ </VirtualHost>
Copy the above config to your clipboard, then paste it into /usr/local/apache2.2/conf/httpd.conf:
sudo -s echo "" > /usr/local/apache2.2/conf/httpd.conf nano /usr/local/apache2.2/conf/httpd.conf
Type cmd+v to paste, then control+o to write, then control+x to exit.
/usr/local/apache2.2/bin/apachectl restart exit
See if PHP works:
sudo -s echo "<? \ phpinfo(); \ ?>" > /Library/WebServer/phpinfo.php
Go to http://your-ip-address/phpinfo.php, you should see a page telling you about your newly installed PHP module's capabilities.
SSL
If you want to generate your own self-signed certificates at no cost, read my page telling you exactly how to do so.
If you followed the directions, you'll have a file called something like ssl.toastputer.net-key-cert.pem, which needs to put in the right place:
sudo mkdir /usr/local/apache2.2/ssl sudo mv ssl.toastputer.net-key-cert.pem /usr/local/apache2.2/ssl/ sudo chown -R root:admin /usr/local/apache2.2/ssl sudo chmod -R go-rwx /usr/local/apache2.2/ssl
Append the SSL virtual host to httpd.conf
<VirtualHost <your-ip-address-here>:443> DocumentRoot /Library/WebServer/SSLDocs ServerName ssl.toastputer.net SSLEngine on SSLCertificateFile /usr/local/apache2.2/ssl/<your cert here>.pem </VirtualHost>
Copy the above to your clipboard and paste it in using nano:
sudo -s nano /usr/local/apache2.2/conf/httpd.conf
Navigate to the end of the file, then type cmd+v to paste, then control+o to write, then control+x to exit.
/usr/local/apache2.2/bin/apachectl restart exit
You will need to import the ca.crt file from the CA you built into the certificate stores of all your client machines if you want to get rid of messages complaining about invalid SSL certificates. This varies from browser to browser, but it is usually as simple as double-clicking the ca.crt file.