Apache

Setup Apache in macOS Mojave with PHP, Server Side Includes and name-based virtual hosting

1. Open a terminal and goto your homedirectory.
   
   
2. Install Homebrew (see software prerequisites).
   • Check Homebrew, type: brew doctor
   • If needed, update Homebrew to its latest version, type: brew update
   • Check Homebrew version, type: brew --version
     Homebrew 2.1.3
   • Install required libraries needed by Mojave, type: brew install openldap libiconv
     
     
3. Remove the pre-installed Apache 2.4 which comes with the latest macOS 10.14 Mojave.
   Type: sudo apachectl stop
   Type: sudo launchctl unload -w /System/Library/LaunchDaemons/org.apache.httpd.plist 2>/dev/null
   
   
4. Install Apache.
   Type: brew install httpd
   
   By default:
   • DocumentRoot is /usr/local/var/www
   • The default ports have been set in /usr/local/etc/httpd/httpd.conf to 8080 and in /usr/local/etc/httpd/extra/httpd-ssl.conf to 8443 so that httpd can run without sudo.
   • To have launchd start httpd now and restart at login: brew services start httpd
   • If you don't want/need a background service you can just run: apachectl start
   • Log files can be found at: /usr/local/var/log/httpd
   
   
5. Autostart Apache, type: brew services start httpd
   
   To check if this is working, open a browser and type: http://localhost:8080
   
   You should see, the message: It works!
   
   
6. Type: mkdir Sites
   
   
7. Create two web projects called "mobilefish_web" and "mypark_web".
   
   Type: cd Sites
   Type: mkdir mobilefish_web
   Type: mkdir mypark_web
   
   
8. Create file ~/Sites/mobilefish_web/index.html with the following content:
   
   <html>
   <head><title>mobilefish_web</title></head>
   <body>mobilefish_web</body>
   </html>
   
   
9. Create file ~/Sites/mypark_web/index.html with the following content:
   
   <html>
   <head><title>mypark_web</title></head>
   <body>mypark_web</body>
   </html>
   
   
10. Make the following changes to the /usr/local/etc/httpd/httpd.conf file
    Before you make changes make a backup of this file!
    
    
    • Listen 80
      
      
    • LoadModule include_module lib/httpd/modules/mod_include.so
      LoadModule deflate_module lib/httpd/modules/mod_deflate.so
      LoadModule expires_module lib/httpd/modules/mod_expires.so
      LoadModule vhost_alias_module lib/httpd/modules/mod_vhost_alias.so
      LoadModule userdir_module lib/httpd/modules/mod_userdir.so
      LoadModule rewrite_module lib/httpd/modules/mod_rewrite.so
      # ACTION AFTER PHP X.X IS INSTALLED: uncomment only one line
      LoadModule php5_module
      #/usr/local/opt/[email protected]/lib/httpd/modules/libphp5.so
      # LoadModule php7_module
      # /usr/local/opt/[email protected]/lib/httpd/modules/libphp7.so
      # LoadModule php7_module
      # /usr/local/opt/[email protected]/lib/httpd/modules/libphp7.so
      
      
    • User robertlie
      Group _www
      
      
    • ServerName localhost
      
      
    • DocumentRoot "/Users/robertlie/Sites"
      
      
    • <Directory "/Users/robertlie/Sites/">
         Options Indexes MultiViews FollowSymLinks Includes
         AllowOverride All
         Order allow,deny
         Allow from all
         Require all granted
         AddType text/html .shtml .shtm .html
         AddOutputFilter INCLUDES .shtml .shtm .html
      </Directory>
      
      
    • # ACTION AFTER PHP X.X IS INSTALLED: add index.php
      <IfModule dir_module>
         DirectoryIndex index.html index.html index.php
      </IfModule>
      
      # ACTION AFTER PHP X.X IS INSTALLED: uncomment the lines
      # <FilesMatch \.php$>
      #    SetHandler application/x-httpd-php
      # </FilesMatch>
      
      
    • # Virtual hosts
      Include /usr/local/etc/httpd/extra/httpd-vhosts.conf
    
    
11. Modify the /usr/local/etc/httpd/extra/httpd-vhosts.conf file (Make a backup of this file first!)
    Add the following lines:
    
    <VirtualHost *:80>
       DocumentRoot "/Users/robertlie/Sites/mobilefish_web"
       ServerName sand.mobilefish.com
       ErrorLog "/usr/local/var/log/httpd/sand-mobilefish-error.log"
       CustomLog "/usr/local/var/log/httpd/sand-mobilefish-access.log" common
    </VirtualHost>
    
    <VirtualHost *:80>
       DocumentRoot "/Users/robertlie/Sites/mypark_web"
       ServerName sand.mypark.nl
       ErrorLog "/usr/local/var/log/httpd/mypark-error.log"
       CustomLog "/usr/local/var/log/httpd/mypark-access.log" common
    </VirtualHost>
    
    
12. Check the Apache configuration.
    Type: sudo apachectl configtest
    
    Note:
    sudo apachectl -t does the same.
    
    
13. Edit /etc/hosts file. Add at the bottom of the file the following lines:
    
    #Local sites
    127.0.0.1      sand.mobilefish.com
    127.0.0.1      sand.mypark.nl
    
    
14. Restart apache
    Type: sudo apachectl restart
    
    Note:
    Stop Apache, type: sudo apachectl stop
    Start Apache, type: sudo apachectl start
    Show Apache version, type: httpd -v
    
    You will see, for example:
    Server version: Apache/2.4.39 (Unix)
    Server built: Apr 19 2019 17:53:55
    
    
15. Open a browser.
    Type: http://sand.mobilefish.com
    Type: http://sand.mypark.nl
    
    If you see the websites, continue...
    
    
16. Brew does not support PHP 5.6 and PHP 7.0. To install these deprecated versions, first:
    Type: brew tap exolnet/homebrew-deprecated
    Type: brew tap shivammathur/php
    
    Now you can install multiple PHP versions (even PHP 5.6 and PHP 7.0), for example:
    Type: brew install [email protected]
    Type: brew install [email protected]
    Type: brew install [email protected]
    etc ...
    
    Note:
    Assume PHP 5.6 was installed and was working and for unknown reason it is not working anymore:
    - First check out its log files what causes the problem.
      See: /usr/local/var/log/httpd
    - If the problem has something to do with the PHP installation, reinstall PHP 5.6.
      Type: brew reinstall [email protected]
    
    
17. Homebrew installs the php X.X at:
    /usr/local/Cellar/[email protected]
    
    [email protected] is keg-only, which means it was not symlinked into /usr/local.
    
    A symbolic link is created in /usr/local/opt:
    For example:
    [email protected] -> ../Cellar/[email protected]/5.6.40_4
    
    
18. The PHP configuration files (php.ini and php-fpm.ini) can be found at:
    /usr/local/etc/php/X.X
    
    
19. If you need to have [email protected] first in your PATH.
    Type: echo 'export PATH="/usr/local/opt/[email protected]/bin:$PATH"' >> ~/.bash_profile
    Type: echo 'export PATH="/usr/local/opt/[email protected]/sbin:$PATH"' >> ~/.bash_profile
    
    For compilers to find [email protected] you may need to set.
    Type: export LDFLAGS="-L/usr/local/opt/[email protected]/lib"
    Type: export CPPFLAGS="-I/usr/local/opt/[email protected]/include"
    
    To have launchd start exolnet/deprecated/[email protected] now and restart at login.
    Type: brew services start exolnet/deprecated/[email protected]
    
    To have launchd start shivammathur/php/[email protected] now and restart at login.
    Type: brew services start shivammathur/php/[email protected]
    
    To restart shivammathur/php/[email protected] after an upgrade:
    Type: brew services restart shivammathur/php/[email protected]
    
    Or, if you don't want/need a background service.
    Type: /usr/local/opt/[email protected]/sbin/php-fpm --nodaemonize
    
    
20. Check installed PHP version.
    Type: php -v
    
    PHP 5.6.40 (cli) (built: Jul 14 2021 10:55:28)
    
    
21. Update Apache /usr/local/etc/httpd/httpd.conf and tell it to use PHP.
    See lines: "ACTION AFTER PHP X.X IS INSTALLED:".
    
    
22. Restart apache.
    Type: sudo apachectl restart
    
    
23. Check if PHP is working together with Apache.
    Type: echo "<?php phpinfo(); ?>" > ~/Sites/mobilefish_web/info.php
    
    Check if the info.php displays information.
    
    
24. If your website allows you to upload files, you need to make the following changes:
    • Make sure your /usr/local/etc/php/X.X/php.ini allows you to upload files.
      Checkout the following settings:
      
      • file_uploads = On
        Allow HTTP file uploads.
        
        
      • ;upload_tmp_dir =
        Temporary directory for HTTP uploaded files.
        Will use system default /private/var/tmp/ if not specified.
        
        
      • upload_max_filesize = 2M
        Maximum allowed size for uploaded files.
        
        
      • max_file_uploads = 20
        Maximum number of files that can be uploaded via a single request.
        
        
    • By default the uploaded files are stored in folder /private/var/tmp/
      You need to move these files to another folder (for example docroot/tmp) to access these files from a webpage. Use the php command move_uploaded_file() to move the files from /private/var/tmp/ to docroot/tmp
      
      Note:
      The file is removed immediately from /private/var/tmp/ after the upload is done.
      Which mean you will not see this file in /private/var/tmp/.
      
      
    • Make sure the following groups and permissions are set:
      
      
      • chmod go-rwx docroot (only owner has access to docroot)
      • chmod go+x docroot (groups and others can access the docroot)
      • sudo chgrp -R _www docroot (all content belongs to group _www)
      • chmod -R go-rwx docroot (only owner has access to docroot)
      • chmod -R g+rx docroot (only owner and _www has access to docroot)
      • chmod -R g+rwx docroot/tmp (_www has write access to the tmp)
      
      Note:
      When a file is uploaded to /private/var/tmp/ and moved to docroot/tmp folder, the file is created by user _www (and group _www).
      This user and group is set in the /usr/local/etc/httpd/httpd.conf file.
    
    
25. The following steps are needed if you want to setup SSL.
    
    
26. Stop apache server.
    Type: sudo apachectl stop
    
    
27. Edit the /usr/local/etc/httpd/httpd.conf file:
    • Uncomment line:
      LoadModule socache_shmcb_module lib/httpd/modules/mod_socache_shmcb.so
    • Uncomment line: LoadModule ssl_module lib/httpd/modules/mod_ssl.so
    • Uncomment line: Include /usr/local/etc/httpd/extra/httpd-ssl.conf
    
    
28. Create folder /usr/local/etc/httpd/ssl
    Type: mkdir /usr/local/etc/httpd/ssl
    
    
29. If you ONLY want to support https://www.mobilefish.com than continue otherwise skip this step.
    Modify the /usr/local/etc/httpd/extra/httpd-vhosts.conf file (Make a backup of this file first!)
    In this example the site sand.mobilefish.com will be SSL enabled and it will ONLY support SSL.
    It will not support http://sand.mobilefish.com
    Comment out the following lines:
    
    #<VirtualHost *:80>
    #   DocumentRoot "/Users/robertlie/Sites/mobilefish_web"
    #   ServerName sand.mobilefish.com
    #   ErrorLog "/usr/local/var/log/sand-mobilefish-error.log"
    #   CustomLog "/usr/local/var/log/sand-mobilefish-access.log" common
    #</VirtualHost>
    
    
30. Backup the /usr/local/etc/httpd/extra/httpd-ssl.conf file.
    
    Change the port to: Listen 443
    
    An example VirtualHost is already setup in httpd-ssl.conf.
    Comment is all out!
    
    #<VirtualHost _default_:443>
    
    #DocumentRoot "/usr/local/var/www"
    #ServerName www.example.com:8443
    #ServerAdmin [email protected]
    #ErrorLog "/usr/local/var/log/error_log"
    #TransferLog "/usr/local/var/log/access_log"
    
    #SSLEngine on
    #SSLCertificateFile "/usr/local/etc/httpd/server.crt"
    #SSLCertificateKeyFile "/usr/local/etc/httpd/server.key"
    
    #<FilesMatch "\.(cgi|shtml|phtml|php)$">
    #   SSLOptions +StdEnvVars
    #</FilesMatch>
    
    #<Directory "/usr/local/var/www/cgi-bin">
    #   SSLOptions +StdEnvVars
    #</Directory>
    
    #BrowserMatch "MSIE [2-5]" \
    #   nokeepalive ssl-unclean-shutdown \
    #   downgrade-1.0 force-response-1.0
    
    #CustomLog "/usr/local/var/log/httpd/ssl_request_log" \
    #    "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
    
    #</VirtualHost>
    
    At the end of the httpd-ssl.conf file add the following lines:
    
    <VirtualHost *:443>
       DocumentRoot "/Users/robertlie/Sites/mobilefish_web"
       ServerName sand.mobilefish.com
       ErrorLog "/usr/local/var/log/httpd/sand-mobilefish-error.log"
       CustomLog "/usr/local/var/log/httpd/sand-mobilefish-access.log" common
    
       SSLEngine on
       SSLCertificateFile "/usr/local/etc/httpd/ssl/sand.mobilefish.crt"
       SSLCertificateKeyFile "/usr/local/etc/httpd/ssl/sand.mobilefish.key"
    
       <FilesMatch "\.(cgi|shtml|shtm|phtml|php)$">
          SSLOptions +StdEnvVars
       </FilesMatch>
       <Directory "/usr/local/var/www/cgi-bin">
          SSLOptions +StdEnvVars
       </Directory>
    </VirtualHost>
    
    
31. Create a self signed SSL certificate for domain sand.mobilefish.com.
    There are two ways to do this.
    • Method A: Create a self signed SSL certificate. (Not recommended)
    • Method B: Create a self signed SSL certificate issued by a Certificate Authority (CA).
    
    Choose method B if you want to use the PHP SSL context options
    "verify_peer" and "verify_peer_name". You need the CA certificate.
    
    Method A: Create a self signed SSL certificate
    
    
    • Type: cd /usr/local/etc/httpd/ssl
      
      
    • Create the server private key and server certificate.
      Type: sudo openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout sand.mobilefish.key -out sand.mobilefish.crt
      
      Note: The certificate will be valid for 10 years, this is just for a test environment!
      
      
    • Enter the following information:
      
      Country Name (2 letter code) [AU]:NL
      State or Province Name (full name) [Some-State]:Noord-Holland
      Locality Name (eg, city) []:Zaandam
      Organization Name (eg, company) [Internet Widgits Pty Ltd]:Mobilefish.com
      Organizational Unit Name (eg, section) []:Research and development
      Common Name (e.g. server FQDN or YOUR name) []:sand.mobilefish.com
      Email Address []:[email protected]
      
      
    • The folowing files are created:
      /usr/local/etc/httpd/ssl/sand.mobilefish.key (this is the server private key)
      /usr/local/etc/httpd/ssl/sand.mobilefish.crt (this is the server certificate)
      
      
    Method B: Create a self signed SSL certificate issued by a Certificate Authority (CA)
    
    
    • Type: cd /usr/local/etc/httpd/ssl
      
      
    • First create a 2048 bit CA private key.
      Type: sudo openssl genrsa -out privkey.pem 2048
      
      You will see the following:
      
      Generating RSA private key, 2048 bit long modulus
      ..............................................+++
      ...........+++
      e is 65537 (0x10001)
      
      
    • The following file is created:
      /usr/local/etc/httpd/ssl/privkey.pem (this is the CA private key)
      
      
    • Create a self signed CA certificate.
      Type: sudo openssl req -new -x509 -days 3650 -nodes -key privkey.pem -sha256 -out ca.pem
      
      Enter the following information:
      
      You are about to be asked to enter information that will be incorporated
      into your certificate request.
      What you are about to enter is what is called a Distinguished Name or a DN.
      There are quite a few fields but you can leave some blank
      For some fields there will be a default value,
      If you enter '.', the field will be left blank.
      -----
      Country Name (2 letter code) [AU]:NL
      State or Province Name (full name) [Some-State]:Noord-Holland
      Locality Name (eg, city) []:Zaandam
      Organization Name (eg, company) [Internet Widgits Pty Ltd]:Mobilefish.com CA
      Organizational Unit Name (eg, section) []:
      Common Name (e.g. server FQDN or YOUR name) []:
      Email Address []:
      
      
    • The following file is created:
      /usr/local/etc/httpd/ssl/ca.pem (this is the CA certificate)
      
      
    • Create a server configuration file/usr/local/etc/httpd/ssl/sand.mobilefish.csr.cnf containing the following lines:
      
      [req]
      default_bits = 2048
      prompt = no
      default_md = sha256
      distinguished_name = dn
      
      [dn]
      C=NL
      ST=Noord-Holland
      L=Zaandam
      O=End Point
      OU=Research and development
      [email protected]
      CN = sand.mobilefish.com
      
      
    • Create the server Certificate Signing Request and server private key.
      Type: sudo openssl req -new -nodes -out sand.mobilefish.csr -keyout sand.mobilefish.key -config sand.mobilefish.csr.cnf
      
      You will see the following:
      
      Generating a 2048 bit RSA private key
      .................................................+++
      ....................+++
      writing new private key to 'sand.mobilefish.key'
      -----
      
      
    • The following files are created:
      /usr/local/etc/httpd/ssl/sand.mobilefish.csr (this is the server certificate signing request)
      /usr/local/etc/httpd/ssl/sand.mobilefish.key (this is the server private key)
      
      
    • Create a server extension file /usr/local/etc/httpd/ssl/sand.mobilefish_v3.ext containing the following lines:
      
      authorityKeyIdentifier=keyid,issuer
      basicConstraints=CA:FALSE
      keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
      subjectAltName = @alt_names
      
      [alt_names]
      DNS.1 = sand.mobilefish.com
      
      Note 1:
      This is step is needed if you want to avoid the following error in Chrome browser:
      
      This server could not prove that it is sand.mobilefish.com; its security certificate does not specify Subject Alternative Names. This may be caused by a misconfiguration or an attacker intercepting your connection.
      
      
      
      Note 2:
      Make sure the domain "DNS.1 = sand.mobilefish.com" is the same as "CN = sand.mobilefish.com" in file sand.mobilefish.csr.cnf.
      
      Note 3:
      If you want this certificate to support multiple domains, do the following:
      
      [alt_names]
      DNS.1 = sand.mobilefish.com
      DNS.2 = proxy.mobilefish.com
      DNS.3 = baidu.com
      DNS.4 = china.com
      
      
    • Create the server certificate.
      Type: sudo openssl x509 -req -in sand.mobilefish.csr -CA ca.pem -CAkey privkey.pem -CAcreateserial -out sand.mobilefish.crt -days 3650 -extfile sand.mobilefish_v3.ext
      
      You will see the following:
      
      Signature ok
      subject=/C=NL/ST=Noord-Holland/ L=Zaandam/O=End Point/OU=Research and development/ [email protected]/ CN=sand.mobilefish.com
      Getting CA Private Key
      
      
    • The following file is created:
      /usr/local/etc/httpd/ssl/sand.mobilefish.crt (this is the server certificate)
      
      
32. Check the Apache configuration.
    Type: sudo apachectl configtest
    
    Note:
    sudo apachectl -t does the same.
    
    
33. Start Apache server.
    Type: sudo apachectl start
    
    
34. The following steps applies to Mac users. How it is done on other OS I do not know (sorry..).
    
    The sand.mobilefish.crt certificate is self signed and is not created by an official CA Authority.
    To always trust our own self signed certificate:
    
    
    • Right click file sand.mobilefish.crt and select "Open With" and select "Keychain Access".
      
      
    • Open the "Keychain Access" app if it does not open.
      
      
    • Double click the certificate sand.mobilefish.com.
      
      
    • Expand Trust.
      
      
    • Select "When using this certificate" Always Trust.
      
      
      
      
35. Open Chrome browser.
    Type: https://www.mobilefish.com
    
    
36. Right click the Mobilefish.com homepage, select Inspect and select tab Security.
    The site is secure and the certificate is valid.