Difference between revisions of "Apache HTTP Server"

From ArchWiki
Jump to: navigation, search
(Apache: Add systemd stuff.)
m (Advanced options: libjpeg-turbo provides libjpeg)
(40 intermediate revisions by 12 users not shown)
Line 11: Line 11:
 
[[tr:LAMP]]
 
[[tr:LAMP]]
 
[[zh-CN:LAMP]]
 
[[zh-CN:LAMP]]
[http://en.wikipedia.org/wiki/LAMP_%28software_bundle%29 LAMP] refers to a common combination of software used in many web servers: '''L'''inux, '''A'''pache, '''M'''ySQL, and '''P'''HP. This article describes how to set up the [http://httpd.apache.org Apache HTTP Server] on an Arch Linux system. It also tells you how to optionally install [[PHP]] and [[MySQL]] and integrate these in the Apache server.
+
{{Article summary start}}
 +
{{Article summary text|This page explains the installation and configuration of a complete LAMP server.}}
 +
{{Article summary heading|Related}}
 +
{{Article summary wiki|MySQL}}
 +
{{Article summary wiki|PhpMyAdmin}}
 +
{{Article summary wiki|Adminer}}
 +
{{Article summary wiki|Xampp}}
 +
{{Article summary wiki|mod_perl}}
 +
{{Article summary end}}
 +
[[Wikipedia:LAMP (software bundle)|LAMP]] refers to a common combination of software used in many web servers: '''L'''inux, '''A'''pache, '''M'''ySQL, and '''P'''HP. This article describes how to set up the [http://httpd.apache.org Apache HTTP Server] on an Arch Linux system. It also tells you how to optionally install [[PHP]] and [[MySQL]] and integrate these in the Apache server.
  
 
If you only need a web server for development and testing, [[Xampp]] might be a better and easier option.
 
If you only need a web server for development and testing, [[Xampp]] might be a better and easier option.
  
==Installation==
+
== Installation ==
# pacman -S apache php php-apache mysql
+
 
+
 
This document assumes you will install Apache, PHP and MySQL together. If desired however, you may install Apache, PHP, and MySQL separately and simply refer to the relevant sections below.
 
This document assumes you will install Apache, PHP and MySQL together. If desired however, you may install Apache, PHP, and MySQL separately and simply refer to the relevant sections below.
  
{{Note|New default user and group: Instead of group "nobody", apache now runs as user/group "http" by default. You might want to adjust your httpd.conf according to this change, though you may still run httpd as nobody.}}
+
You can [[pacman|install]] {{Pkg|apache}}, {{Pkg|php}}, {{Pkg|php-apache}} and {{Pkg|mysql}} from the [[official repositories]].
  
==Configuration==
+
{{Note|New default user and group: Instead of group '''nobody''', {{ic|apache}} now runs as user/group '''http''' by default. You might want to adjust your {{ic|httpd.conf}} according to this change, although it is still possible to run {{ic|httpd}} as '''nobody'''.}}
  
===Apache===
+
== Configuration ==
For security reasons, as soon as Apache is started by the root user (directly or via startup scripts) it switches to the UID/GID specified in {{ic|/etc/httpd/conf/httpd.conf}}
+
  
* Check for the existence of the http user by looking for ''http'' in the output of the following command:
+
=== Apache ===
  # grep http /etc/passwd
+
For security reasons, as soon as Apache is started by the root user (directly or via startup scripts) it switches to the UID/GID specified in {{ic|/etc/httpd/conf/httpd.conf}}. The default is user '''http''' and it is created automatically during installation.
  
* Create the system user http if it does not exist already:
+
After installation, you can:
  # useradd -d /srv/http -r -s /bin/false -U http
+
* Change {{ic|httpd.conf}} and optionally {{ic|extra/httpd-default.conf}} to your liking and
:This creates the http user with home directory {{ic|/srv/http/}}, as a system account (-r), with a bogus shell (-s {{ic|/bin/false}}) and creates a group with the same name (-U).
+
* [[Daemons|Start]] the '''httpd''' daemon.
  
* Add this line to {{ic|/etc/hosts}} (If the file does not exist, create it.):
+
:Apache should now be running. Test by visiting http://localhost/ in a web browser. It should display a simple Apache test page. If you receive a '''403 Error''', comment out the following line in {{ic|/etc/httpd/conf/httpd.conf}}:
  127.0.0.1 localhost.localdomain localhost
+
:If you want a different hostname, append it to the end:
+
  127.0.0.1 localhost.localdomain localhost myhostname
+
 
+
* Make sure the hostname appears in /etc/hosts or apache will fail to start. Alternatively, you can
+
edit {{ic|/etc/httpd/conf/httpd.conf}} and comment the following module:
+
  LoadModule unique_id_module        modules/mod_unique_id.so
+
 
+
* Customize your config. At least change {{ic|httpd.conf}} and {{ic|extra/httpd-default.conf}} to your liking. For security reasons, you might want to change '''ServerTokens Full''' to '''ServerTokens Prod''' and '''ServerSignature On''' to '''ServerSignature Off''' in {{ic|extra/httpd-default.conf}}.
+
 
+
* Run the following in a terminal to start the HTTP server:
+
  # rc.d start httpd
+
:systemd users should run
+
  # systemctl start httpd
+
 
+
:Apache should now be running. Test by visiting http://localhost/ in a web browser. It should display a simple Apache test page. If you receive a 403 Error, comment out the following line in {{ic|/etc/httpd/conf/httpd.conf}}:
+
 
  Include conf/extra/httpd-userdir.conf
 
  Include conf/extra/httpd-userdir.conf
  
* To start Apache automatically at boot, edit {{ic|/etc/rc.conf}} and add the '''httpd''' daemon:
+
==== User directories ====
  DAEMONS=(... '''httpd''' ...)
+
* User directories are available by default through http://localhost/~user/ and show the contents of {{ic|~/public_html}} (this can be changed in {{ic|/etc/httpd/conf/extra/httpd-userdir.conf}}).
: systemd users should run
+
  # systemctl enable httpd
+
  
====User dirs====
+
* If you do not want user directories to be available on the web, comment the following line in {{ic|/etc/httpd/conf/httpd.conf}}:
* If you do not want user directories to be available on the web (e.g., {{ic|~/public_html}} on the machine is accessed as http://localhost/~user/ -Note that you can change what this points to in {{ic|/etc/httpd/conf/extra/httpd-userdir.conf}}), comment the following line in {{ic|/etc/httpd/conf/httpd.conf}} since they are activated by default:
+
 
   Include conf/extra/httpd-userdir.conf
 
   Include conf/extra/httpd-userdir.conf
  
Line 66: Line 53:
 
   $ chmod o+x ~/public_html
 
   $ chmod o+x ~/public_html
  
* More secure way to share your home folder with apache is to add '''http user''' in group that your home folder belongs. For example, if your home folder and other sub-folders in your home folder belong to group '''piter''', all you have to do is following:
+
* A more secure way to share your home folder with Apache is to add the '''http''' user to the group that owns your home folder. For example, if your home folder and other sub-folders in your home folder belong to group '''piter''', all you have to do is following:
 
+
 
   $ usermod -aG piter http
 
   $ usermod -aG piter http
  
* Of course, you have to give ''read'' and ''execute'' permissions on {{ic|~/}},  {{ic|~/public_html}}, and all other sub-folders in {{ic|~/public_html}} to the group members (group '''piter''' in our case). Do something like following ('''modify commands for your specific case'''):
+
* Of course, you have to give ''read'' and ''execute'' permissions on {{ic|~/}},  {{ic|~/public_html}}, and all other sub-folders in {{ic|~/public_html}} to the group members (group '''piter''' in our case). Do something like the following ('''modify the commands for your specific case'''):
 
+
 
   $ chmod g+xr-w /home/''yourusername''
 
   $ chmod g+xr-w /home/''yourusername''
 
   $ chmod -R g+xr-w /home/''yourusername''/public_html
 
   $ chmod -R g+xr-w /home/''yourusername''/public_html
  
{{Note|This way you do not have to give access to your folder to every single user in order to give access to '''http user'''. Only '''http user''' and other potential users that are in '''piter''' group will have access to your home folder.}}
+
{{Note|This way you do not have to give access to your folder to every single user in order to give access to '''http''' user. Only the '''http''' user and other potential users that are in the '''piter''' group will have access to your home folder.}}
  
And then
+
and [[Daemons|restart]] '''httpd'''.
  
  # rc.d restart httpd
+
==== SSL ====
 
+
* Create a self-signed certificate (you can change the key size and the number of days of validity):
or, for systemd users
+
  # systemctl restart httpd
+
 
+
to restart apache.
+
 
+
====SSL====
+
Create self-signed certificate (you can change key size and days of validity)
+
 
   # cd /etc/httpd/conf
 
   # cd /etc/httpd/conf
 
   # openssl genrsa -des3 -out server.key 1024
 
   # openssl genrsa -des3 -out server.key 1024
Line 94: Line 72:
 
   # openssl rsa -in server.key.org -out server.key
 
   # openssl rsa -in server.key.org -out server.key
 
   # openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
 
   # openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
In {{ic|/etc/httpd/conf/httpd.conf}} uncomment line
+
 
 +
* Then, in {{ic|/etc/httpd/conf/httpd.conf}}, uncomment the line containing:
 
   Include conf/extra/httpd-ssl.conf
 
   Include conf/extra/httpd-ssl.conf
Restart apache
+
and [[Daemons|restart]] '''httpd'''.
  # rc.d restart httpd
+
or, for systemd users
+
  # systemctl restart httpd
+
  
====Virtual Hosts====
+
==== Virtual Hosts ====
If you want to have more than one host, make sure you have
+
* If you want to have more than one host, make sure you have
 
{{bc|
 
{{bc|
 
# Virtual hosts
 
# Virtual hosts
Line 109: Line 85:
 
in {{ic|/etc/httpd/conf/httpd.conf}}.
 
in {{ic|/etc/httpd/conf/httpd.conf}}.
  
In {{ic|/etc/httpd/conf/extra/httpd-vhosts.conf}} set your virtual hosts according the example, e.g.:
+
* In {{ic|/etc/httpd/conf/extra/httpd-vhosts.conf}} set your virtual hosts according the example, e.g.:
{{bc|
+
{{hc|/etc/httpd/conf/extra/httpd-vhosts.conf|
 
NameVirtualHost *:80
 
NameVirtualHost *:80
  
Line 128: Line 104:
 
     CustomLog "/var/log/httpd/127.0.0.1-access_log" common
 
     CustomLog "/var/log/httpd/127.0.0.1-access_log" common
 
     <Directory /srv/http/>
 
     <Directory /srv/http/>
    DirectoryIndex index.htm index.html
+
      DirectoryIndex index.htm index.html
    AddHandler cgi-script .cgi .pl
+
      AddHandler cgi-script .cgi .pl
    Options ExecCGI Indexes FollowSymLinks MultiViews +Includes
+
      Options ExecCGI Indexes FollowSymLinks MultiViews +Includes
    AllowOverride None
+
      AllowOverride None
    Order allow,deny
+
      Order allow,deny
    allow from all
+
      Allow from all
</Directory>
+
    </Directory>
 
</VirtualHost>
 
</VirtualHost>
 
  
 
<VirtualHost *:80>
 
<VirtualHost *:80>
Line 144: Line 119:
 
     ServerAlias domainname1.dom
 
     ServerAlias domainname1.dom
 
     <Directory /home/username/yoursites/domainname1.dom/www/>
 
     <Directory /home/username/yoursites/domainname1.dom/www/>
    DirectoryIndex index.htm index.html
+
      DirectoryIndex index.htm index.html
    AddHandler cgi-script .cgi .pl
+
      AddHandler cgi-script .cgi .pl
    Options ExecCGI Indexes FollowSymLinks MultiViews +Includes
+
      Options ExecCGI Indexes FollowSymLinks MultiViews +Includes
    AllowOverride None
+
      AllowOverride None
    Order allow,deny
+
      Order allow,deny
    allow from all
+
      Allow from all
</Directory>
+
</Directory>
 
</VirtualHost>
 
</VirtualHost>
  
Line 159: Line 134:
 
     ServerAlias domainname2.dom
 
     ServerAlias domainname2.dom
 
     <Directory /home/username/yoursites/domainname2.dom/www/>
 
     <Directory /home/username/yoursites/domainname2.dom/www/>
    DirectoryIndex index.htm index.html
+
      DirectoryIndex index.htm index.html
    AddHandler cgi-script .cgi .pl
+
      AddHandler cgi-script .cgi .pl
    Options ExecCGI Indexes FollowSymLinks MultiViews +Includes
+
      Options ExecCGI Indexes FollowSymLinks MultiViews +Includes
    AllowOverride None
+
      AllowOverride None
    Order allow,deny
+
      Order allow,deny
    allow from all
+
      Allow from all
</Directory>
+
</Directory>
 
</VirtualHost>
 
</VirtualHost>
 
}}
 
}}
  
Add your virtual host names to your {{ic|/etc/hosts}} file (NOT necessary if bind is serving these domains already, but will not hurt):
+
* Add your virtual host names to your {{ic|/etc/hosts}} file (not necessary if [[BIND]] is serving these domains already, but will not hurt to do it anyway):
{{bc|127.0.0.1 domainname1.dom
+
{{bc|127.0.0.1 domainname1.dom  
127.0.0.1 domainname2.dom}}
+
127.0.0.1 domainname2.dom}}
  
Restart Apache:
+
and [[Daemons|restart]] '''httpd'''.
# rc.d restart httpd
+
or, for systemd users
+
  # systemctl restart httpd
+
  
If you setup your virtual hosts to be in your user directory, sometimes it interferes with Apache's 'Userdir' settings. To avoid problems disable 'Userdir' by commenting it out:
+
* If you setup your virtual hosts to be in your user directory, sometimes it interferes with Apache's {{ic|Userdir}} settings. To avoid problems disable {{ic|Userdir}} by commenting it out:
 
{{bc|
 
{{bc|
 
# User home directories
 
# User home directories
 
#Include conf/extra/httpd-userdir.conf}}
 
#Include conf/extra/httpd-userdir.conf}}
  
As said above, ensure that you have the proper permissions:
+
* As said above, ensure that you have the proper permissions:
  # chmod 0775 /home/yourusername/
+
  # chmod 0775 /home/''yourusername''/
  
If you have a huge amount of virtual hosts you easily want to dis- and enable, it's recommended to create one config file per virtualhost and store them all in one folder, eg: {{ic|/etc/httpd/conf/vhosts}}.
+
* If you have a huge amount of virtual hosts, you may want to easily disable and enable them. It is recommended to create one configuration file per virtual host and store them all in one folder, eg: {{ic|/etc/httpd/conf/vhosts}}.
  
First create the folder:
+
* First create the folder:
 
  # mkdir /etc/httpd/conf/vhosts
 
  # mkdir /etc/httpd/conf/vhosts
  
Then place the single config files in them:
+
* Then place the single configuration files in it:
 
  # nano /etc/httpd/conf/vhosts/domainname1.dom
 
  # nano /etc/httpd/conf/vhosts/domainname1.dom
 
  # nano /etc/httpd/conf/vhosts/domainname2.dom
 
  # nano /etc/httpd/conf/vhosts/domainname2.dom
 
  ...
 
  ...
  
In the last step, "Include" the single configs in your {{ic|/etc/httpd/conf/httpd.conf}}:
+
* In the last step, {{ic|Include}} the single configurations in your {{ic|/etc/httpd/conf/httpd.conf}}:
{{bc|#Enabled Vhosts:
+
{{bc|
 +
#Enabled Vhosts:
 
Include conf/vhosts/domainname1.dom
 
Include conf/vhosts/domainname1.dom
#Include conf/vhosts/domainname1.dom}}
+
#Include conf/vhosts/domainname1.dom
 +
}}
  
You can enable and disable single virtual hosts by commenting them out or uncommenting them.
+
* You can enable and disable single virtual hosts by commenting or uncommenting them.
  
====Advanced Options====
+
==== Advanced Options ====
These options in {{ic|/etc/httpd/conf/httpd.conf}} might be interesting for you:
+
These options in {{ic|/etc/httpd/conf/httpd.conf}} might be interesting for you.
  
 
  # Listen 80
 
  # Listen 80
This is the port Apache will listen to. For Internet-access with router, you have to forward the port.
+
* This is the port Apache will listen to. For Internet-access with router, you have to forward the port.
  
 
If you setup Apache for local development you may want it to be only accessible from your computer. Then change this line to:
 
If you setup Apache for local development you may want it to be only accessible from your computer. Then change this line to:
 
  # Listen 127.0.0.1:80
 
  # Listen 127.0.0.1:80
  
This is the admin's email-address which can be found on e.g. error-pages:
+
* This is the admin's email address which can be found on e.g. error pages:
  # ServerAdmin sample@sample.com
+
  # ServerAdmin you@example.com
  
This is the directory where you should put your web pages:
+
* This is the directory where you should put your web pages:
 
  # DocumentRoot "/srv/http"
 
  # DocumentRoot "/srv/http"
  
Change it, if you want to, but do not forget to also change the
+
Change it, if you want to, but do not forget to also change
 
  <Directory "/srv/http">
 
  <Directory "/srv/http">
to whatever you changed your DocumentRoot to, or you will likely get a 403 error (lack of privileges) when you try to access the new document root. Do not forget to change the Deny from all line, otherwise you will get 403 error too.
+
to whatever you changed your {{ic|DocumentRoot}} too, or you will likely get a '''403 Error''' (lack of privileges) when you try to access the new document root. Do not forget to change the {{ic|Deny from all}} line, otherwise you will get a '''403 Error'''.
  
 
  # AllowOverride None
 
  # AllowOverride None
This directive in {{ic|<Directory>}} sections causes apache to completely ignore .htaccess files. If you intend to use rewrite mod or other settings in .htaccess files, you can allow which directives declared in that file can override server configuration. For more info refer to http://httpd.apache.org/docs/current/mod/core.html#allowoverride
+
* This directive in {{ic|<Directory>}} sections causes Apache to completely ignore {{ic|.htaccess}} files. If you intend to use {{ic|mod_rewrite}} or other settings in {{ic|.htaccess}} files, you can allow which directives declared in that file can override server configuration. For more info refer to the [http://httpd.apache.org/docs/current/mod/core.html#allowoverride Apache documentation].
 +
 
 +
{{Note|If you have issues with your configuration you can have Apache check the configuration with: {{ic|apachectl configtest}}}}
  
{{Note|If you have issues with your configuration you can have apache check the configuration with:
+
* More settings in {{ic|/etc/httpd/conf/httpd.conf}}:
{{Ic|apachectl configtest}}}}
+
  
===PHP===
+
* To turn off your server's signature:
* Install the "php-apache" package from extra using pacman.
+
ServerSignature Off
  
* Add these lines in {{ic|/etc/httpd/conf/httpd.conf}}:
+
* To hide server information like Apache and PHP versions:
:Place this in the "LoadModule" list anywhere after {{Ic|LoadModule dir_module modules/mod_dir.so}}:
+
ServerTokens Prod
 +
 
 +
=== PHP ===
 +
* To enable PHP, add these lines to {{ic|/etc/httpd/conf/httpd.conf}}:
 +
:Place this in the {{ic|LoadModule}} list anywhere after {{ic|LoadModule dir_module modules/mod_dir.so}}:
 
   LoadModule php5_module modules/libphp5.so
 
   LoadModule php5_module modules/libphp5.so
  
:Place this at the end of the "Include" list:
+
:Place this at the end of the {{ic|Include}} list:
 
   Include conf/extra/php5_module.conf
 
   Include conf/extra/php5_module.conf
  
:Make sure that the following line is uncommented in httpd.conf in the section/(after the line){{Ic|<IfModule mime_module>}}:
+
:Make sure that the following line is uncommented in the {{ic|<IfModule mime_module>}} section:
 
   TypesConfig conf/mime.types
 
   TypesConfig conf/mime.types
  
:Uncomment the following line in httpd.conf(optional):
+
:Uncomment the following line (optional):
 
   MIMEMagicFile conf/magic
 
   MIMEMagicFile conf/magic
  
 
* Add this line in {{ic|/etc/httpd/conf/mime.types}}:
 
* Add this line in {{ic|/etc/httpd/conf/mime.types}}:
   application/x-httpd-php5 php php5
+
   application/x-httpd-php       php    php5
  
{{Note|If you do not see {{ic|libphp5.so}} in the Apache modules directory ({{Ic|/etc/httpd/modules}}), you may have forgotten to install the ''php-apache'' package.}}
+
{{Note|If you do not see {{ic|libphp5.so}} in the Apache modules directory ({{ic|/etc/httpd/modules}}), you may have forgotten to install {{Pkg|php-apache}}.}}
  
* If your {{Ic|DocumentRoot}} is not {{Ic|/srv/http}}, add it to {{Ic|open_basedir}} in {{ic|/etc/php/php.ini}} as such:
+
* If your {{ic|DocumentRoot}} is not {{ic|/srv/http}}, add it to {{ic|open_basedir}} in {{ic|/etc/php/php.ini}} as such:
 
   open_basedir=/srv/http/:/home/:/tmp/:/usr/share/pear/:/path/to/documentroot
 
   open_basedir=/srv/http/:/home/:/tmp/:/usr/share/pear/:/path/to/documentroot
  
* Restart the Apache service to make changes take effect:
+
* [[Daemons|Restart]] the '''httpd''' daemon.
  # rc.d restart httpd
+
  
* Create the file test.php in your Apache DocumentRoot Directory(E.G. /srv/http/ or ~/public_html) and inside it put:
+
* To test whether PHP was correctly configured: create a file called {{ic|test.php}} in your Apache {{ic|DocumentRoot}} directory (e.g. {{ic|/srv/http/}} or {{ic|~/public_html}}) and inside it put:
  <?php phpinfo(); ?>
+
<?php phpinfo(); ?>
 +
:To see if it works go to: http://localhost/test.php or http://localhost/~myname/test.php
  
* Remember to copy this file to {{Ic|~/public_html}} if you permitted such a configuration.<!-- Also, remember to make it executable ({{Ic|chmod o+x test.php}}).-->
+
:If the PHP code is not executed (you see plain text in {{ic|test.php}}), check that you have added {{ic|Includes}} to the {{ic|Options}} line for your root directory in {{ic|/etc/httpd/conf/httpd.conf}}. Moreover, check that {{ic|TypesConfig conf/mime.types}} is uncommented in the <IfModule mime_module> section, you may also try adding the following to the {{ic|<IfModule mime_module>}} in {{ic|httpd.conf}}:
 +
AddHandler application/x-httpd-php .php
  
* Test PHP: http://localhost/test.php or http://localhost/~myname/test.php
+
==== Advanced options ====
 +
* It is recommended to set your timezone ([http://www.php.net/manual/en/timezones.php list of timezones]) in {{ic|/etc/php/php.ini}} like so:
 +
{{bc|1=date.timezone = Europe/Berlin}}
  
:If the PHP instruction is not executed (you see : <html>...</html>), check that you have added "Includes" to the "Options" line for your root directory in {{ic|/etc/httpd/conf/httpd.conf}}. Moreover, check that TypesConfig conf/mime.types is uncommented in the <IfModule mime_module> section, you may also try adding the following to the <IfModule mime_module> in httpd.conf:
+
* If you want to display errors to debug your PHP code, change {{ic|display_errors}} to {{ic|On}} in {{ic|/etc/php/php.ini}}:
  AddHandler application/x-httpd-php .php
+
display_errors=On
  
====Advanced options====
+
* If you want the {{ic|libGD}} module, install {{Pkg|php-gd}} and uncomment {{ic|1=extension=gd.so}} in {{ic|/etc/php/php.ini}}:
* Remember to add a file handler for .phtml if you need it in {{ic|/etc/httpd/conf/extra/php5_module.conf}}:
+
{{Note|{{Pkg|php-gd}} requires {{Pkg|libpng}}, {{Pkg|libjpeg-turbo}}, and {{Pkg|freetype2}}.}}
  DirectoryIndex index.php index.phtml index.html
+
extension=gd.so
  
* If you want the libGD module, install php-gd package and uncomment in {{ic|/etc/php/php.ini}}:
+
{{Note|Pay attention to which extension you uncomment, as this extension is sometimes mentioned in an explanatory comment before the actual line you want to uncomment.}}
{{Note|php-gd requires libpng, libjpeg, and freetype2}}
+
  ;extension=gd.so
+
to
+
  extension=gd.so
+
  
:Pay attention to which extension you uncomment, as this extension is sometimes mentioned in an explanatory comment before the actual line you want to uncomment.
+
* If you want the {{ic|mcrypt}} module, install {{Pkg|php-mcrypt}} and uncomment {{ic|1=extension=mcrypt.so}} in {{ic|/etc/php/php.ini}}:
 +
extension=mcrypt.so
  
 +
* Remember to add a file handler for {{ic|.phtml}}, if you need it, in {{ic|/etc/httpd/conf/extra/php5_module.conf}}:
 +
DirectoryIndex index.php index.phtml index.html
  
* If you want to display errors to debug your php code, change this line of {{ic|/etc/php/php.ini}}:
+
==== Using php5 with apache2-mpm-worker and mod_fcgid ====
  display_errors=Off
+
* Uncomment following in {{ic|/etc/conf.d/apache}}:
to
+
HTTPD=/usr/sbin/httpd.worker
  display_errors=On
+
  
* If you want the mcrypt module, install php-mcrypt package and uncomment in {{ic|/etc/php/php.ini}}:
+
* Uncomment following in {{ic|/etc/httpd/conf/httpd.conf}}:
  ;extension=mcrypt.so
+
Include conf/extra/httpd-mpm.conf
:to
+
  extension=mcrypt.so
+
{{Warning|1=If you get error like:
+
{{bc|
+
[XXX Debug] PHP Notice: in file /index.php on line 86: date(): It is not safe to rely on the system'XXXX
+
[XXX Debug] PHP Notice: in file /index.php on line 86: getdate(): It is not safe to rely on the system's timezone settings.XXXX}}
+
  
change this line of {{ic|/etc/php/php.ini}}  
+
* [[Pacman|Install]] the {{pkg|mod_fcgid}} and {{Pkg|php-cgi}} packages from the [[official repositories]].
;date.timezone =
+
to
+
{{bc|1=date.timezone = Europe/Berlin}}
+
}}
+
{{note| more infos about  [http://php.net/manual/en/datetime.configuration.php#ini.date.timezone Time Zone in PHP] }}
+
restart httpd with
+
# rc.d restart httpd
+
  
==== Using php5 with apache2-mpm-worker and mod_fcgid ====
+
* Create {{ic|/etc/httpd/conf/extra/php5_fcgid.conf}} with following content:
 
+
{{hc|/etc/httpd/conf/extra/php5_fcgid.conf|<nowiki>
Uncomment following in {{ic|/etc/conf.d/apache}}:
+
HTTPD=/usr/sbin/httpd.worker
+
Uncomment following in {{ic|/etc/httpd/conf/httpd.conf}}:
+
Include conf/extra/httpd-mpm.conf
+
Install mod_fcgid and php-cgi packages:
+
# pacman -S mod_fcgid php-cgi
+
Create {{ic|/etc/httpd/conf/extra/php5_fcgid.conf}} with following content:
+
{{bc|1=
+
 
# Required modules: fcgid_module
 
# Required modules: fcgid_module
  
Line 333: Line 292:
 
Options +ExecCGI
 
Options +ExecCGI
 
</Location>
 
</Location>
</IfModule>
+
</IfModule></nowiki>
 
}}
 
}}
  
Create needed directory and symlink for php wrapper:
+
* Create the needed directory and symlink it for the PHP wrapper:
 
  # mkdir /srv/http/fcgid-bin
 
  # mkdir /srv/http/fcgid-bin
 
  # ln -s /usr/bin/php-cgi /srv/http/fcgid-bin/php-fcgid-wrapper
 
  # ln -s /usr/bin/php-cgi /srv/http/fcgid-bin/php-fcgid-wrapper
  
Edit {{ic|/etc/httpd/conf/httpd.conf:}}
+
* Edit {{ic|/etc/httpd/conf/httpd.conf}}:
 
  #LoadModule php5_module modules/libphp5.so
 
  #LoadModule php5_module modules/libphp5.so
 
  LoadModule fcgid_module modules/mod_fcgid.so
 
  LoadModule fcgid_module modules/mod_fcgid.so
 
  Include conf/extra/php5_fcgid.conf
 
  Include conf/extra/php5_fcgid.conf
Make sure {{ic|/etc/php/php.ini}} has the directive enabled:
+
 
 +
* Make sure {{ic|/etc/php/php.ini}} has the directive enabled:
 
  cgi.fix_pathinfo=1
 
  cgi.fix_pathinfo=1
Now you need restart apache:
+
and [[Daemons|restart]] '''httpd'''.
# rc.d restart httpd
+
  
{{Note|1=As of Apache 2.4 (available as [http://aur.archlinux.org/packages.php?ID=60719 AUR package]) you can now use [http://httpd.apache.org/docs/2.4/mod/mod_proxy_fcgi.html mod_proxy_fcgi] (part of the official distribution) with PHP-FPM (and the new event MPM). See [http://wiki.apache.org/httpd/PHP-FPM configuration example]}}
+
{{Note|1=As of Apache 2.4 (the {{AUR|apache24}} package is available in the [[AUR]]) you can now use [http://httpd.apache.org/docs/2.4/mod/mod_proxy_fcgi.html mod_proxy_fcgi] (part of the official distribution) with PHP-FPM (and the new event MPM). See this [http://wiki.apache.org/httpd/PHP-FPM configuration example].}}
  
===MySQL===
+
=== MySQL ===
 
* Configure MySQL as described in [[MySQL]].
 
* Configure MySQL as described in [[MySQL]].
  
* Edit {{ic|/etc/php/php.ini}} (this is in {{ic|/usr/etc}} on older systems) to uncomment the following lines (''By removing {{Ic|;}}''):
+
* Uncomment at least one of the following lines in {{ic|/etc/php/php.ini}}:
  ;extension=mysqli.so
+
extension=pdo_mysql.so
  ;extension=mysql.so
+
extension=mysqli.so
 
+
extension=mysql.so
* You can add minor privileged users for your web scripts by editing the tables found in the {{Ic|mysql}} database. You have to restart MySQL for changes to take effect. Do not forget to check the {{Ic|mysql.user}} table: {{Ic|select User,Password from mysql.user;}}. If there is a second entry for root and your hostname is left with no password set, everybody from your host probably could gain full access. Perhaps see next section for these jobs.
+
 
+
* Run in terminal:
+
  # rc.d start mysqld
+
 
+
* You may also need to restart Apache. Run in terminal:
+
  # rc.d restart httpd
+
 
+
* MySQL should now be running. Set the root password and test it by running:
+
  # mysqladmin -u root password ''password''
+
  # mysql -u root -p
+
 
+
:Type ''exit'' to exit from the CLI MySQL client
+
 
+
* Edit {{ic|/etc/rc.conf}} (to start MySQL at boot):
+
  DAEMONS=(... '''mysqld''' ...)
+
Or add this line to {{ic|rc.local}}:
+
  rc.d start mysqld
+
  
* You might also need to edit {{ic|/etc/mysql/my.cnf}} and comment out the {{Ic|skip-networking}} line as such:
+
* You can add minor privileged MySQL users for your web scripts. You might also want to edit {{ic|/etc/mysql/my.cnf}} and uncomment the {{ic|skip-networking}} line so the MySQL server is only accessible by the localhost. You have to restart MySQL for changes to take effect.
  skip-networking
+
to
+
  #skip-networking
+
  
{{Tip|You may want to install [[PhpMyAdmin|phpmyadmin]], {{AUR|mysql-workbench}} or [[Adminer|adminer]] to work with your databases.}}
+
* [[Daemons|Restart]] the '''httpd''' daemon.
  
==See also==
+
{{Tip|You may want to install a tool like [[phpMyAdmin]], [[Adminer]] or {{AUR|mysql-workbench}} to work with your databases.}}
* [[MySQL]] - Article for MySQL
+
* [[PhpMyAdmin]] - Web frontend for MySQL typically found in LAMP environments
+
* [[Adminer]] - A full-featured database management tool which is available for MySQL, PostgreSQL, SQLite, MS SQL and Oracle
+
* [[Xampp]] - Self contained web-server that supports PHP, Perl, and MySQL
+
* [[mod_perl]] - Apache + Perl
+
  
==External links==
+
== External links ==
* http://www.apache.org/
+
* [http://www.apache.org/ Apache Official Website]
* http://www.php.net/
+
* [http://www.php.net/ PHP Official Website]
* http://www.mysql.com/
+
* [http://www.mysql.com/ MySQL Official Website]
* http://www.akadia.com/services/ssh_test_certificate.html
+
* [http://www.akadia.com/services/ssh_test_certificate.html Tutorial for creating self-signed certificates]
* http://wiki.apache.org/httpd/CommonMisconfigurations
+
* [http://wiki.apache.org/httpd/CommonMisconfigurations Apache Wiki Troubleshooting]

Revision as of 15:36, 1 February 2013

Template:Article summary start Template:Article summary text Template:Article summary heading Template:Article summary wiki Template:Article summary wiki Template:Article summary wiki Template:Article summary wiki Template:Article summary wiki Template:Article summary end LAMP refers to a common combination of software used in many web servers: Linux, Apache, MySQL, and PHP. This article describes how to set up the Apache HTTP Server on an Arch Linux system. It also tells you how to optionally install PHP and MySQL and integrate these in the Apache server.

If you only need a web server for development and testing, Xampp might be a better and easier option.

Installation

This document assumes you will install Apache, PHP and MySQL together. If desired however, you may install Apache, PHP, and MySQL separately and simply refer to the relevant sections below.

You can install apache, php, php-apache and mysql from the official repositories.

Note: New default user and group: Instead of group nobody, apache now runs as user/group http by default. You might want to adjust your httpd.conf according to this change, although it is still possible to run httpd as nobody.

Configuration

Apache

For security reasons, as soon as Apache is started by the root user (directly or via startup scripts) it switches to the UID/GID specified in /etc/httpd/conf/httpd.conf. The default is user http and it is created automatically during installation.

After installation, you can:

  • Change httpd.conf and optionally extra/httpd-default.conf to your liking and
  • Start the httpd daemon.
Apache should now be running. Test by visiting http://localhost/ in a web browser. It should display a simple Apache test page. If you receive a 403 Error, comment out the following line in /etc/httpd/conf/httpd.conf:
Include conf/extra/httpd-userdir.conf

User directories

  • User directories are available by default through http://localhost/~user/ and show the contents of ~/public_html (this can be changed in /etc/httpd/conf/extra/httpd-userdir.conf).
  • If you do not want user directories to be available on the web, comment the following line in /etc/httpd/conf/httpd.conf:
 Include conf/extra/httpd-userdir.conf
  • You must make sure that your home directory permissions are set properly so that Apache can get there. Your home directory and ~/public_html/ must be executable for others ("rest of the world"). This seems to be enough:
 $ chmod o+x ~
 $ chmod o+x ~/public_html
  • A more secure way to share your home folder with Apache is to add the http user to the group that owns your home folder. For example, if your home folder and other sub-folders in your home folder belong to group piter, all you have to do is following:
 $ usermod -aG piter http
  • Of course, you have to give read and execute permissions on ~/, ~/public_html, and all other sub-folders in ~/public_html to the group members (group piter in our case). Do something like the following (modify the commands for your specific case):
 $ chmod g+xr-w /home/yourusername
 $ chmod -R g+xr-w /home/yourusername/public_html
Note: This way you do not have to give access to your folder to every single user in order to give access to http user. Only the http user and other potential users that are in the piter group will have access to your home folder.

and restart httpd.

SSL

  • Create a self-signed certificate (you can change the key size and the number of days of validity):
 # cd /etc/httpd/conf
 # openssl genrsa -des3 -out server.key 1024
 # openssl req -new -key server.key -out server.csr
 # cp server.key server.key.org
 # openssl rsa -in server.key.org -out server.key
 # openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
  • Then, in /etc/httpd/conf/httpd.conf, uncomment the line containing:
 Include conf/extra/httpd-ssl.conf

and restart httpd.

Virtual Hosts

  • If you want to have more than one host, make sure you have
# Virtual hosts
Include conf/extra/httpd-vhosts.conf

in /etc/httpd/conf/httpd.conf.

  • In /etc/httpd/conf/extra/httpd-vhosts.conf set your virtual hosts according the example, e.g.:
/etc/httpd/conf/extra/httpd-vhosts.conf
NameVirtualHost *:80

#this first virtualhost enables: http://127.0.0.1, or: http://localhost, 
#to still go to /srv/http/*index.html(otherwise it will 404_error).
#the reason for this: once you tell httpd.conf to include extra/httpd-vhosts.conf, 
#ALL vhosts are handled in httpd-vhosts.conf(including the default one),
# E.G. the default virtualhost in httpd.conf is not used and must be included here, 
#otherwise, only domainname1.dom & domainname2.dom will be accessible
#from your web browser and NOT http://127.0.0.1, or: http://localhost, etc.
#

<VirtualHost *:80>
    DocumentRoot "/srv/http"
    ServerAdmin root@localhost
    ErrorLog "/var/log/httpd/127.0.0.1-error_log"
    CustomLog "/var/log/httpd/127.0.0.1-access_log" common
    <Directory /srv/http/>
      DirectoryIndex index.htm index.html
      AddHandler cgi-script .cgi .pl
      Options ExecCGI Indexes FollowSymLinks MultiViews +Includes
      AllowOverride None
      Order allow,deny
      Allow from all
    </Directory>
</VirtualHost>

<VirtualHost *:80>
    ServerAdmin your@domainname1.dom
    DocumentRoot "/home/username/yoursites/domainname1.dom/www"
    ServerName domainname1.dom
    ServerAlias domainname1.dom
    <Directory /home/username/yoursites/domainname1.dom/www/>
      DirectoryIndex index.htm index.html
      AddHandler cgi-script .cgi .pl
      Options ExecCGI Indexes FollowSymLinks MultiViews +Includes
      AllowOverride None
      Order allow,deny
      Allow from all
</Directory>
</VirtualHost>

<VirtualHost *:80>
    ServerAdmin your@domainname2.dom
    DocumentRoot "/home/username/yoursites/domainname2.dom/www"
    ServerName domainname2.dom
    ServerAlias domainname2.dom
    <Directory /home/username/yoursites/domainname2.dom/www/>
      DirectoryIndex index.htm index.html
      AddHandler cgi-script .cgi .pl
      Options ExecCGI Indexes FollowSymLinks MultiViews +Includes
      AllowOverride None
      Order allow,deny
      Allow from all
</Directory>
</VirtualHost>
  • Add your virtual host names to your /etc/hosts file (not necessary if BIND is serving these domains already, but will not hurt to do it anyway):
127.0.0.1 domainname1.dom 
127.0.0.1 domainname2.dom

and restart httpd.

  • If you setup your virtual hosts to be in your user directory, sometimes it interferes with Apache's Userdir settings. To avoid problems disable Userdir by commenting it out:
# User home directories
#Include conf/extra/httpd-userdir.conf
  • As said above, ensure that you have the proper permissions:
# chmod 0775 /home/yourusername/
  • If you have a huge amount of virtual hosts, you may want to easily disable and enable them. It is recommended to create one configuration file per virtual host and store them all in one folder, eg: /etc/httpd/conf/vhosts.
  • First create the folder:
# mkdir /etc/httpd/conf/vhosts
  • Then place the single configuration files in it:
# nano /etc/httpd/conf/vhosts/domainname1.dom
# nano /etc/httpd/conf/vhosts/domainname2.dom
...
  • In the last step, Include the single configurations in your /etc/httpd/conf/httpd.conf:
#Enabled Vhosts:
Include conf/vhosts/domainname1.dom
#Include conf/vhosts/domainname1.dom
  • You can enable and disable single virtual hosts by commenting or uncommenting them.

Advanced Options

These options in /etc/httpd/conf/httpd.conf might be interesting for you.

# Listen 80
  • This is the port Apache will listen to. For Internet-access with router, you have to forward the port.

If you setup Apache for local development you may want it to be only accessible from your computer. Then change this line to:

# Listen 127.0.0.1:80
  • This is the admin's email address which can be found on e.g. error pages:
# ServerAdmin you@example.com
  • This is the directory where you should put your web pages:
# DocumentRoot "/srv/http"

Change it, if you want to, but do not forget to also change

<Directory "/srv/http">

to whatever you changed your DocumentRoot too, or you will likely get a 403 Error (lack of privileges) when you try to access the new document root. Do not forget to change the Deny from all line, otherwise you will get a 403 Error.

# AllowOverride None
  • This directive in <Directory> sections causes Apache to completely ignore .htaccess files. If you intend to use mod_rewrite or other settings in .htaccess files, you can allow which directives declared in that file can override server configuration. For more info refer to the Apache documentation.
Note: If you have issues with your configuration you can have Apache check the configuration with: apachectl configtest
  • More settings in /etc/httpd/conf/httpd.conf:
  • To turn off your server's signature:
ServerSignature Off
  • To hide server information like Apache and PHP versions:
ServerTokens Prod

PHP

  • To enable PHP, add these lines to /etc/httpd/conf/httpd.conf:
Place this in the LoadModule list anywhere after LoadModule dir_module modules/mod_dir.so:
 LoadModule php5_module modules/libphp5.so
Place this at the end of the Include list:
 Include conf/extra/php5_module.conf
Make sure that the following line is uncommented in the <IfModule mime_module> section:
 TypesConfig conf/mime.types
Uncomment the following line (optional):
 MIMEMagicFile conf/magic
  • Add this line in /etc/httpd/conf/mime.types:
 application/x-httpd-php       php    php5
Note: If you do not see libphp5.so in the Apache modules directory (/etc/httpd/modules), you may have forgotten to install php-apache.
  • If your DocumentRoot is not /srv/http, add it to open_basedir in /etc/php/php.ini as such:
 open_basedir=/srv/http/:/home/:/tmp/:/usr/share/pear/:/path/to/documentroot
  • To test whether PHP was correctly configured: create a file called test.php in your Apache DocumentRoot directory (e.g. /srv/http/ or ~/public_html) and inside it put:
<?php phpinfo(); ?>
To see if it works go to: http://localhost/test.php or http://localhost/~myname/test.php
If the PHP code is not executed (you see plain text in test.php), check that you have added Includes to the Options line for your root directory in /etc/httpd/conf/httpd.conf. Moreover, check that TypesConfig conf/mime.types is uncommented in the <IfModule mime_module> section, you may also try adding the following to the <IfModule mime_module> in httpd.conf:
AddHandler application/x-httpd-php .php

Advanced options

  • It is recommended to set your timezone (list of timezones) in /etc/php/php.ini like so:
date.timezone = Europe/Berlin
  • If you want to display errors to debug your PHP code, change display_errors to On in /etc/php/php.ini:
display_errors=On
  • If you want the libGD module, install php-gd and uncomment extension=gd.so in /etc/php/php.ini:
Note: php-gd requires libpng, libjpeg-turbo, and freetype2.
extension=gd.so
Note: Pay attention to which extension you uncomment, as this extension is sometimes mentioned in an explanatory comment before the actual line you want to uncomment.
  • If you want the mcrypt module, install php-mcrypt and uncomment extension=mcrypt.so in /etc/php/php.ini:
extension=mcrypt.so
  • Remember to add a file handler for .phtml, if you need it, in /etc/httpd/conf/extra/php5_module.conf:
DirectoryIndex index.php index.phtml index.html

Using php5 with apache2-mpm-worker and mod_fcgid

  • Uncomment following in /etc/conf.d/apache:
HTTPD=/usr/sbin/httpd.worker
  • Uncomment following in /etc/httpd/conf/httpd.conf:
Include conf/extra/httpd-mpm.conf
  • Create /etc/httpd/conf/extra/php5_fcgid.conf with following content:
/etc/httpd/conf/extra/php5_fcgid.conf
# Required modules: fcgid_module

<IfModule fcgid_module>
	AddHandler php-fcgid .php
	AddType application/x-httpd-php .php
	Action php-fcgid /fcgid-bin/php-fcgid-wrapper
	ScriptAlias /fcgid-bin/ /srv/http/fcgid-bin/
	SocketPath /var/run/httpd/fcgidsock
	SharememPath /var/run/httpd/fcgid_shm
        # If you don't allow bigger requests many applications may fail (such as WordPress login)
        FcgidMaxRequestLen 536870912
        PHP_Fix_Pathinfo_Enable 1
        # Path to php.ini – defaults to /etc/phpX/cgi
        DefaultInitEnv PHPRC=/etc/php/
        # Number of PHP childs that will be launched. Leave undefined to let PHP decide.
        #DefaultInitEnv PHP_FCGI_CHILDREN 3
        # Maximum requests before a process is stopped and a new one is launched
        #DefaultInitEnv PHP_FCGI_MAX_REQUESTS 5000
        <Location /fcgid-bin/>
		SetHandler fcgid-script
		Options +ExecCGI
	</Location>
</IfModule>
  • Create the needed directory and symlink it for the PHP wrapper:
# mkdir /srv/http/fcgid-bin
# ln -s /usr/bin/php-cgi /srv/http/fcgid-bin/php-fcgid-wrapper
  • Edit /etc/httpd/conf/httpd.conf:
#LoadModule php5_module modules/libphp5.so
LoadModule fcgid_module modules/mod_fcgid.so
Include conf/extra/php5_fcgid.conf
  • Make sure /etc/php/php.ini has the directive enabled:
cgi.fix_pathinfo=1

and restart httpd.

Note: As of Apache 2.4 (the apache24AUR package is available in the AUR) you can now use mod_proxy_fcgi (part of the official distribution) with PHP-FPM (and the new event MPM). See this configuration example.

MySQL

  • Configure MySQL as described in MySQL.
  • Uncomment at least one of the following lines in /etc/php/php.ini:
extension=pdo_mysql.so
extension=mysqli.so
extension=mysql.so
  • You can add minor privileged MySQL users for your web scripts. You might also want to edit /etc/mysql/my.cnf and uncomment the skip-networking line so the MySQL server is only accessible by the localhost. You have to restart MySQL for changes to take effect.
Tip: You may want to install a tool like phpMyAdmin, Adminer or mysql-workbenchAUR to work with your databases.

External links