"the site for those who crave disappointment"

Sponsored Links

Apache 2, PHP, SSL, etc. on a Mac

2nd May 2005, 20:43:04

By James Stocks

Here's how I built Apache with SSL, GD, libjpeg, libpng, FreeType, MySQL and PHP on Mac OS X 10.4 and 10.3

25th April 2008: Updated article to reflect more recent versions.

If you are using OS X 10.5 (Leopard), don't use these instructions, have a look at this newer article.

Get the Right Tools

If you are Using Tiger, just install the Xcode tools from the Tiger DVD.

If you are still using Panther, You must have Xcode 1.5 from Apple's developer site, the build will not succeed without them. You need a (free) log in to download Xcode 1.5, and it's a 374 MB download. The Xcode tools supplied with Panther are not sufficient.

Get building

I want to be able to generate and manipulate .jpg and .png images, so I'm going to need libpng and libjpeg. If you don't need these libraries, you can skip this step. If you're not sure, you may as well install them, since you'll have to recompile PHP if you decide you want them later.

Open a terminal from /Applications/Utilities. I like to keep my source code in a folder in my home directory, if you wan't to do the same, type:

mkdir ~/source
cd ~/source

Let's grab the libjpeg source:

curl -O
gnutar -xzf jpegsrc.v6b.tar.gz
sudo mkdir -p /usr/local/include
sudo mkdir -p /usr/local/man/man1
sudo mkdir -p /usr/local/lib
sudo mkdir -p /usr/local/bin

Now, build and install libjpeg:

cd jpeg-6b
sudo make install
sudo make install-lib
sudo ranlib /usr/local/lib/libjpeg.a

Each of the above commands will produce some output in the terminal indicating the status of the build if you get any error messages, read them carefully and try googling them. Once you've built with no errors, move on to libpng:

cd ~/source
curl -O
gnutar -xzf libpng-1.2.9.tar.gz
cd libpng-1.2.9
sudo make install
sudo ranlib /usr/local/lib/libpng.a

I need FreeType, because I want to superimpose text on images. If you don't want this, don't install it, but remember that you'll have to recompile PHP if you change your mind later.

cd ~/source
curl -O
gnutar -xzf freetype-2.3.5.tar.gz
cd freetype-2.3.5
sudo make install


Now it's time to build Apache itself.:

cd ~/source
curl -O
gnutar -xzf httpd-2.2.8.tar.gz
cd httpd-2.2.8

The ./configure line is where you specify the modules you want. If you don't want SSL, leave out --enable-ssl. I use --enable-deflate and --enable-headers to serve gzipped pages, which affords me some bandwidth savings. If you don't know what I'm babbling on about, just copy the below verbatim! There are lots of options you can use with ./configure

./configure --enable-ssl --enable-deflate --enable-headers --enable-rewrite --prefix=/usr/local/apache2.2
sudo make install

Apache took quite a while to compile on my Blue and White Power Mac, but if your Mac was made in the 21st century, it might be a bit faster :-)


If you don't have MySQL installed, now is the time to do so. Head over to the MySQL Web site and download the OS X installer. MySQL is unbelieveably easy to set up on OS X, but it might still help to have a look at this.


PHP comes next:

cd ~/Downloads
curl -O
gnutar -xzf php-5.2.5.tar.gz
cd php-5.2.5
./configure \
--with-xml \
--with-zlib \
--with-gd \
--with-jpeg-dir=/usr/local \
--with-png-dir=/usr/local \
--with-freetype-dir=/usr/local \
--with-mysql=/usr/local/mysql \
sudo make install

Obviously, if you decided not to install gd, libjpeg, libpng or freetype, omit those lines.

The php.ini lets you change some configuration options in PHP, but is not essential:

cp php.ini-dist /usr/local/lib/php.ini

It's a good idea to change the locations of Apache's .pid file and log files so that you can still use System Preferences to stop and start Apache. Do this by putting the following in /usr/local/apache2/conf/httpd.conf:

CustomLog "/private/var/log/httpd/access_log" common
LogFormat "%h %l %u %t \"%r\" %>s %b" common
ErrorLog "/private/var/log/httpd/error_log"
LogLevel warn
PidFile "/private/var/run/"

Also, we need to move the old apache executables out of the way and symlink in the new ones:

cd /usr/sbin
mv httpd httpd-1.3
mv apachectl apachectl-1.3
ln -s /usr/local/apache2.2/bin/apachectl apachectl
ln -s /usr/local/apache2.2/bin/httpd httpd

Does it Work?

If you have Apple's Web Sharing service turned on, turn it off in System Preferences -> Sharing.

The moment of truth:

sudo /usr/local/apache2.2/bin/apachectl start

You won't receive any output from the above command unless there is something wrong. Check if Apache really started.

ps ax | grep httpd

It should return:

 6898   ??  Ss     0:00.32 /usr/local/apache2.2/bin/httpd -k start
 6899   ??  S      0:00.00 /usr/local/apache2.2/bin/httpd -k start
 6900   ??  S      0:00.00 /usr/local/apache2.2/bin/httpd -k start
 6901   ??  S      0:00.00 /usr/local/apache2.2/bin/httpd -k start
 6902   ??  S      0:00.00 /usr/local/apache2.2/bin/httpd -k start
 6903   ??  S      0:00.00 /usr/local/apache2.2/bin/httpd -k start
 6906 s000  R+     0:00.00 grep httpd

Browse to http://localhost:

Apache's 'it works!' page

Hooray, it works.

Next, we should replace Apache's default configuration with our own. This should be a sensible starting point:

#User that Apache's child processes run under
User www
Group www

LoadModule 	php5_module        	modules/

<IfModule mod_php5.c>
    # If php is turned on, we repsect .php and .phps files.
    AddType application/x-httpd-php .php
    AddType application/x-httpd-php-source .phps
    DirectoryIndex index.html index.php

#General server details
Listen your-ip-address-here:80
Listen your-ip-address-here:443
HostnameLookups On
ServerSignature On

#Don't look for .htaccess
<Directory "/">
	Options none
	#This means 'do not allow .htaccess to override', the options can still be set per virtual host.
	AllowOverride None
#Don't allow anyone to retreive .htaccess files that might exist anyway
<Files ~ "^\.ht">
    Order allow,deny
    Deny from all
    Satisfy All
#Don't allow anyone to retreive .DS_Store files created by OS X's Finder
<FilesMatch '^\.[Dd][Ss]_[Ss]'>
	Order allow,deny
	Deny from all

#whenever Apache needs to construct a self-referencing URL (a URL that 
#refers back to the server the response is coming from) it will use 
UseCanonicalName On

MaxClients 256
MaxRequestsPerChild 100000

CustomLog "/private/var/log/httpd/access_log" common
	#Defines 'common' for above:
	LogFormat "%h %l %u %t \"%r\" %>s %b %v" common
ErrorLog "/private/var/log/httpd/error_log"
LogLevel warn
PidFile "/private/var/run/"

DefaultType text/plain
AddCharset ISO-8859-1  .iso8859-1  .latin1
AddCharset UTF-8       .utf8

#Virtual hosts
NameVirtualHost your-ip-address-here:80
NameVirtualHost your-ip-address-here:443

#Default virtualhost. This is what people see if they just type in the IP of your server.
<VirtualHost your-ip-address-here:80>
	DocumentRoot /Library/WebServer/

<VirtualHost your-ip-address-here:80>
    DocumentRoot /Library/WebServer/

<VirtualHost your-ip-address-here:80>
    DocumentRoot /Library/WebServer/somedir/

Copy the above config to your clipboard, then paste it into /usr/local/apache2.2/conf/httpd.conf:

sudo -s
echo "" > /usr/local/apache2.2/conf/httpd.conf
nano /usr/local/apache2.2/conf/httpd.conf

Type cmd+v to paste, then control+o to write, then control+x to exit.

/usr/local/apache2.2/bin/apachectl restart

See if PHP works:

sudo -s
echo "<? \
phpinfo(); \
?>" > /Library/WebServer/phpinfo.php

Go to http://your-ip-address/phpinfo.php, you should see a page telling you about your newly installed PHP module's capabilities.


If you want to generate your own self-signed certificates at no cost, read my page telling you exactly how to do so.

If you followed the directions, you'll have a file called something like, which needs to put in the right place:

sudo mkdir /usr/local/apache2.2/ssl
sudo mv /usr/local/apache2.2/ssl/
sudo chown -R root:admin /usr/local/apache2.2/ssl
sudo chmod -R go-rwx /usr/local/apache2.2/ssl

Append the SSL virtual host to httpd.conf

<VirtualHost <your-ip-address-here>:443>
  DocumentRoot /Library/WebServer/SSLDocs
  SSLEngine on
  SSLCertificateFile /usr/local/apache2.2/ssl/<your cert here>.pem

Copy the above to your clipboard and paste it in using nano:

sudo -s
nano /usr/local/apache2.2/conf/httpd.conf

Navigate to the end of the file, then type cmd+v to paste, then control+o to write, then control+x to exit.

/usr/local/apache2.2/bin/apachectl restart

You will need to import the ca.crt file from the CA you built into the certificate stores of all your client machines if you want to get rid of messages complaining about invalid SSL certificates. This varies from browser to browser, but it is usually as simple as double-clicking the ca.crt file.

New Comments

Some Rights Reserved