Apache

 
 
Apache is a powerful and flexible HTTP/1.1 compliant web server. Originally designed as a replacement for the NCSA HTTP Server, it has grown to be the most popular web server on the Internet. As a project of the Apache Software Foundation, the developers aim to collaboratively develop and maintain a robust, commercial-grade, standards-based server with freely available source code.

The Apache HTTP Server is distributed at no charge for commercial or non-commercial use. For more information read the LICENSE.txt file.

Apache can be used with Microsoft Windows. The Apache HTTP Server Version 2.0 runs under Windows NT, Windows 2000 and Windows XP. You should download the version of Apache for Windows with the .msi extension. This is a single Microsoft Installer file containing Apache, ready to install and run.

The latest Apache HTTP Server version can be downloaded from: http://httpd.apache.org/
The latest Apache 1.3 documentation can be found at: http://httpd.apache.org/docs/1.3/
The latest Apache 2.0 documentation can be found at: http://httpd.apache.org/docs/2.0/
The latest Apache 2.2 documentation can be found at: http://httpd.apache.org/docs/2.2/







Setup Apache in macOS Mojave with PHP, Server Side Includes and name-based virtual hosting



Information
This tutorial setup two apache web projects (mobilefish_web and mypark_web) on a macOS.
It will host two domains (sand.mobilefish.com and sand.mypark.nl) using name-based virtual hosting.
Apache will be configured for PHP and server side includes.

Operating system used
macOS Mojave

Software prerequisites
Homebrew

You may need to install XCode Command Line Tools first:
xcode-select --install


Procedure
  1. Open a terminal and goto your homedirectory.

  2. Install Homebrew (see software prerequisites).
    • Check Homebrew, type: brew doctor
    • If needed, update Homebrew to its latest version, type: brew update
    • Check Homebrew version, type: brew --version
      Homebrew 2.1.3
    • Install required libraries needed by Mojave, type: brew openldap libiconv

  3. Remove the pre-installed Apache 2.4 which comes with the latest macOS 10.14 Mojave.
    Type: sudo apachectl stop
    Type: sudo launchctl unload -w /System/Library/LaunchDaemons/org.apache.httpd.plist 2>/dev/null

  4. Install Apache.
    Type: brew install httpd

    By default:
    • DocumentRoot is /usr/local/var/www
    • The default ports have been set in /usr/local/etc/httpd/httpd.conf to 8080 and in /usr/local/etc/httpd/extra/httpd-ssl.conf to 8443 so that httpd can run without sudo.
    • To have launchd start httpd now and restart at login: brew services start httpd
    • If you don't want/need a background service you can just run: apachectl start
    • Log files can be found at: /usr/local/var/log/httpd

  5. Autostart Apache, type: brew services start httpd

    To check if this is working, open a browser and type: http://localhost:8080

    You should see, the message: It works!

  6. Type: mkdir Sites

  7. Create two web projects called "mobilefish_web" and "mypark_web".

    Type: cd Sites
    Type: mkdir mobilefish_web
    Type: mkdir mypark_web

  8. Create file ~/Sites/mobilefish_web/index.html with the following content:

    <html>
    <head><title>mobilefish_web</title></head>
    <body>mobilefish_web</body>
    </html>


  9. Create file ~/Sites/mypark_web/index.html with the following content:

    <html>
    <head><title>mypark_web</title></head>
    <body>mypark_web</body>
    </html>


  10. Make the following changes to the /usr/local/etc/httpd/httpd.conf file
    Before you make changes make a backup of this file!

    • Listen 80

    • LoadModule include_module lib/httpd/modules/mod_include.so
      LoadModule deflate_module lib/httpd/modules/mod_deflate.so
      LoadModule expires_module lib/httpd/modules/mod_expires.so
      LoadModule vhost_alias_module lib/httpd/modules/mod_vhost_alias.so
      LoadModule userdir_module lib/httpd/modules/mod_userdir.so
      LoadModule rewrite_module lib/httpd/modules/mod_rewrite.so
      # ACTION AFTER PHP X.X IS INSTALLED: uncomment only one line
      # LoadModule php5_module
      #/usr/local/opt/[email protected]/lib/httpd/modules/libphp5.so
      # LoadModule php7_module
      # /usr/local/opt/[email protected]/lib/httpd/modules/libphp7.so
      # LoadModule php7_module
      # /usr/local/opt/[email protected]/lib/httpd/modules/libphp7.so

    • User robertlie
      Group _www


    • ServerName localhost

    • DocumentRoot "/Users/robertlie/Sites"

    • <Directory "/Users/robertlie/Sites/">
         Options Indexes MultiViews FollowSymLinks Includes
         AllowOverride All
         Order allow,deny
         Allow from all
         Require all granted
         AddType text/html .shtml .shtm .html
         AddOutputFilter INCLUDES .shtml .shtm .html
      </Directory>


    • # ACTION AFTER PHP X.X IS INSTALLED: add index.php
      <IfModule dir_module>
         DirectoryIndex index.html index.html index.php
      </IfModule>

      # ACTION AFTER PHP X.X IS INSTALLED: uncomment the lines
      # <FilesMatch \.php$>
      #    SetHandler application/x-httpd-php
      # </FilesMatch>


    • # Virtual hosts
      Include /usr/local/etc/httpd/extra/httpd-vhosts.conf

  11. Modify the /usr/local/etc/httpd/extra/httpd-vhosts.conf file (Make a backup of this file first!)
    Add the following lines:

    <VirtualHost *:80>
       DocumentRoot "/Users/robertlie/Sites/mobilefish_web"
       ServerName sand.mobilefish.com
       ErrorLog "/usr/local/var/log/httpd/sand-mobilefish-error.log"
       CustomLog "/usr/local/var/log/httpd/sand-mobilefish-access.log" common
    </VirtualHost>

    <VirtualHost *:80>
       DocumentRoot "/Users/robertlie/Sites/mypark_web"
       ServerName sand.mypark.nl
       ErrorLog "/usr/local/var/log/httpd/mypark-error.log"
       CustomLog "/usr/local/var/log/httpd/mypark-access.log" common
    </VirtualHost>


  12. Check the Apache configuration.
    Type: sudo apachectl configtest

    Note:
    sudo apachectl -t does the same.

  13. Edit /etc/hosts file. Add at the bottom of the file the following lines:

    #Local sites
    127.0.0.1      sand.mobilefish.com
    127.0.0.1      sand.mypark.nl


  14. Restart apache
    Type: sudo apachectl restart

    Note:
    Stop Apache, type: sudo apachectl stop
    Start Apache, type: sudo apachectl start
    Show Apache version, type: httpd -v

    You will see, for example:
    Server version: Apache/2.4.39 (Unix)
    Server built: Apr 19 2019 17:53:55


  15. Open a browser.
    Type: http://sand.mobilefish.com
    Type: http://sand.mypark.nl

    If you see the websites, continue...

  16. Brew does not support PHP 5.6 and PHP 7.0. To install these deprecated versions, first:
    Type: brew tap exolnet/homebrew-deprecated

    Now you can install multiple PHP versions (even PHP 5.6 and PHP 7.0), for example:
    Type: brew install [email protected]
    Type: brew install [email protected]
    Type: brew install [email protected]
    etc ...

    Each installed version can be found at:
    /usr/local/etc/php/X.X
    The php.ini and php-fpm.ini file can be found in:
    /usr/local/etc/php/X.X

  17. If you need to have [email protected] first in your PATH.
    Type: echo 'export PATH="/usr/local/opt/[email protected]/bin:$PATH"' >> ~/.bash_profile
    Type: echo 'export PATH="/usr/local/opt/[email protected]/sbin:$PATH"' >> ~/.bash_profile

    For compilers to find [email protected] you may need to set.
    Type: export LDFLAGS="-L/usr/local/opt/[email protected]/lib"
    Type: export CPPFLAGS="-I/usr/local/opt/[email protected]/include"

    To have launchd start exolnet/deprecated/[email protected] now and restart at login.
    Type: brew services start exolnet/deprecated/[email protected]

    If you don't want/need a background service.
    Type: php-fpm

  18. Check installed PHP version.
    Type: php -v

    PHP 5.6.40 (cli) (built: Apr 23 2019 11:14:34)

  19. Update Apache /usr/local/etc/httpd/httpd.conf and tell it to use PHP.
    See lines: "ACTION AFTER PHP X.X IS INSTALLED:".

  20. Restart apache.
    Type: sudo apachectl restart

  21. Check if PHP is working together with Apache.
    Type: echo "<?php phpinfo(); ?>" > ~/Sites/mobilefish_web/info.php

    Check if the info.php displays information.

  22. If your website allows you to upload files, you need to make the following changes:
    • Make sure your /usr/local/etc/php/X.X/php.ini allows you to upload files.
      Checkout the following settings:
      • file_uploads = On
        Allow HTTP file uploads.

      • ;upload_tmp_dir =
        Temporary directory for HTTP uploaded files.
        Will use system default /private/var/tmp/ if not specified.

      • upload_max_filesize = 2M
        Maximum allowed size for uploaded files.

      • max_file_uploads = 20
        Maximum number of files that can be uploaded via a single request.

    • By default the uploaded files are stored in folder /private/var/tmp/
      You need to move these files to another folder (for example docroot/tmp) to access these files from a webpage. Use the php command move_uploaded_file() to move the files from /private/var/tmp/ to docroot/tmp

      Note:
      The file is removed immediately from /private/var/tmp/ after the upload is done.
      Which mean you will not see this file in /private/var/tmp/.

    • Make sure the following groups and permissions are set:

      • chmod go-rwx docroot (only owner has access to docroot)
      • chmod go+x docroot (groups and others can access the docroot)
      • sudo chgrp -R _www docroot (all content belongs to group _www)
      • chmod -R go-rwx docroot (only owner has access to docroot)
      • chmod -R g+rx docroot (only owner and _www has access to docroot)
      • chmod -R g+rwx docroot/tmp (_www has write access to the tmp)

      Note:
      When a file is uploaded to /private/var/tmp/ and moved to docroot/tmp folder, the file is created by user _www (and group _www).
      This user and group is set in the /usr/local/etc/httpd/httpd.conf file.

  23. The following steps are needed if you want to setup SSL.

  24. Stop apache server.
    Type: sudo apachectl stop

  25. Edit the /usr/local/etc/httpd/httpd.conf file:
    • Uncomment line:
      LoadModule socache_shmcb_module lib/httpd/modules/mod_socache_shmcb.so
    • Uncomment line: LoadModule ssl_module lib/httpd/modules/mod_ssl.so
    • Uncomment line: Include /usr/local/etc/httpd/extra/httpd-ssl.conf

  26. Create folder /usr/local/etc/httpd/ssl
    Type: mkdir /usr/local/etc/httpd/ssl

  27. If you ONLY want to support https://www.mobilefish.com than continue otherwise skip this step.
    Modify the /usr/local/etc/httpd/extra/httpd-vhosts.conf file (Make a backup of this file first!)
    In this example the site sand.mobilefish.com will be SSL enabled and it will ONLY support SSL.
    It will not support http://sand.mobilefish.com
    Comment out the following lines:

    #<VirtualHost *:80>
    #   DocumentRoot "/Users/robertlie/Sites/mobilefish_web"
    #   ServerName sand.mobilefish.com
    #   ErrorLog "/usr/local/var/log/sand-mobilefish-error.log"
    #   CustomLog "/usr/local/var/log/sand-mobilefish-access.log" common
    #</VirtualHost>


  28. Backup the /usr/local/etc/httpd/extra/httpd-ssl.conf file.

    Change the port to: Listen 443

    An example VirtualHost is already setup in httpd-ssl.conf.
    Comment is all out!

    #<VirtualHost _default_:443>

    #DocumentRoot "/usr/local/var/www"
    #ServerName www.example.com:8443
    #ServerAdmin [email protected]
    #ErrorLog "/usr/local/var/log/error_log"
    #TransferLog "/usr/local/var/log/access_log"

    #SSLEngine on
    #SSLCertificateFile "/usr/local/etc/httpd/server.crt"
    #SSLCertificateKeyFile "/usr/local/etc/httpd/server.key"

    #<FilesMatch "\.(cgi|shtml|phtml|php)$">
    #   SSLOptions +StdEnvVars
    #</FilesMatch>

    #<Directory "/usr/local/var/www/cgi-bin">
    #   SSLOptions +StdEnvVars
    #</Directory>

    #BrowserMatch "MSIE [2-5]" \
    #   nokeepalive ssl-unclean-shutdown \
    #   downgrade-1.0 force-response-1.0

    #CustomLog "/usr/local/var/log/httpd/ssl_request_log" \
    #    "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

    #</VirtualHost>


    At the end of the httpd-ssl.conf file add the following lines:

    <VirtualHost *:443>
       DocumentRoot "/Users/robertlie/Sites/mobilefish_web"
       ServerName sand.mobilefish.com
       ErrorLog "/usr/local/var/log/httpd/sand-mobilefish-error.log"
       CustomLog "/usr/local/var/log/httpd/sand-mobilefish-access.log" common

       SSLEngine on
       SSLCertificateFile "/usr/local/etc/httpd/ssl/ssl/sand.mobilefish.crt"
       SSLCertificateKeyFile "/usr/local/etc/httpd/ssl/ssl/sand.mobilefish.key"

       <FilesMatch "\.(cgi|shtml|shtm|phtml|php)$">
          SSLOptions +StdEnvVars
       </FilesMatch>
       <Directory "/Library/WebServer/CGI-Executables">
          SSLOptions +StdEnvVars
       </Directory>
    </VirtualHost>


  29. Create a self signed SSL certificate for domain sand.mobilefish.com.
    There are two ways to do this.
    • Method A: Create a self signed SSL certificate. (Not recommended)
    • Method B: Create a self signed SSL certificate issued by a Certificate Authority (CA).

    Choose method B if you want to use the PHP SSL context options
    "verify_peer" and "verify_peer_name". You need the CA certificate.

    Method A: Create a self signed SSL certificate

    • Type: cd /usr/local/etc/httpd/ssl

    • Create the server private key and server certificate.
      Type: sudo openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout sand.mobilefish.key -out sand.mobilefish.crt

      Note: The certificate will be valid for 10 years, this is just for a test environment!

    • Enter the following information:

      Country Name (2 letter code) [AU]:NL
      State or Province Name (full name) [Some-State]:Noord-Holland
      Locality Name (eg, city) []:Zaandam
      Organization Name (eg, company) [Internet Widgits Pty Ltd]:Mobilefish.com
      Organizational Unit Name (eg, section) []:Research and development
      Common Name (e.g. server FQDN or YOUR name) []:sand.mobilefish.com
      Email Address []:[email protected]

    • The folowing files are created:
      /usr/local/etc/httpd/ssl/sand.mobilefish.key (this is the server private key)
      /usr/local/etc/httpd/ssl/sand.mobilefish.crt (this is the server certificate)

    Method B: Create a self signed SSL certificate issued by a Certificate Authority (CA)

    • Type: cd /usr/local/etc/httpd/ssl

    • First create a 2048 bit CA private key.
      Type: sudo openssl genrsa -out privkey.pem 2048

      You will see the following:

      Generating RSA private key, 2048 bit long modulus
      ..............................................+++
      ...........+++
      e is 65537 (0x10001)


    • The following file is created:
      /usr/local/etc/httpd/ssl/privkey.pem (this is the CA private key)

    • Create a self signed CA certificate.
      Type: sudo openssl req -new -x509 -days 3650 -nodes -key privkey.pem -sha256 -out ca.pem

      Enter the following information:

      You are about to be asked to enter information that will be incorporated
      into your certificate request.
      What you are about to enter is what is called a Distinguished Name or a DN.
      There are quite a few fields but you can leave some blank
      For some fields there will be a default value,
      If you enter '.', the field will be left blank.
      -----
      Country Name (2 letter code) [AU]:NL
      State or Province Name (full name) [Some-State]:Noord-Holland
      Locality Name (eg, city) []:Zaandam
      Organization Name (eg, company) [Internet Widgits Pty Ltd]:Mobilefish.com CA
      Organizational Unit Name (eg, section) []:
      Common Name (e.g. server FQDN or YOUR name) []:
      Email Address []:


    • The following file is created:
      /usr/local/etc/httpd/ssl/ca.pem (this is the CA certificate)

    • Create a server configuration file/usr/local/etc/httpd/sslsand.mobilefish.csr.cnf containing the following lines:

      [req]
      default_bits = 2048
      prompt = no
      default_md = sha256
      distinguished_name = dn

      [dn]
      C=NL
      ST=Noord-Holland
      L=Zaandam
      O=End Point
      OU=Research and development
      [email protected]
      CN = sand.mobilefish.com


    • Create the server Certificate Signing Request and server private key.
      Type: sudo openssl req -new -nodes -out sand.mobilefish.csr -keyout sand.mobilefish.key -config sand.mobilefish.csr.cnf

      You will see the following:

      Generating a 2048 bit RSA private key
      .................................................+++
      ....................+++
      writing new private key to 'sand.mobilefish.key'
      -----


    • The following files are created:
      /usr/local/etc/httpd/ssl/sand.mobilefish.csr (this is the server certificate signing request)
      /usr/local/etc/httpd/ssl/sand.mobilefish.key (this is the server private key)

    • Create a server extension file /usr/local/etc/httpd/ssl/sand.mobilefish_v3.ext containing the following lines:

      authorityKeyIdentifier=keyid,issuer
      basicConstraints=CA:FALSE
      keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
      subjectAltName = @alt_names

      [alt_names]
      DNS.1 = sand.mobilefish.com


      Note 1:
      This is step is needed if you want to avoid the following error in Chrome browser:

      This server could not prove that it is sand.mobilefish.com; its security certificate does not specify Subject Alternative Names. This may be caused by a misconfiguration or an attacker intercepting your connection.

      Security certificate Subject Alternative Names

      Note 2:
      Make sure the domain "DNS.1 = sand.mobilefish.com" is the same as "CN = sand.mobilefish.com" in file sand.mobilefish.csr.cnf.

      Note 3:
      If you want this certificate to support multiple domains, do the following:

      [alt_names]
      DNS.1 = sand.mobilefish.com
      DNS.2 = proxy.mobilefish.com
      DNS.3 = baidu.com
      DNS.4 = china.com


    • Create the server certificate.
      Type: sudo openssl x509 -req -in sand.mobilefish.csr -CA ca.pem -CAkey privkey.pem -CAcreateserial -out sand.mobilefish.crt -days 3650 -extfile sand.mobilefish_v3.ext

      You will see the following:

      Signature ok
      subject=/C=NL/ST=Noord-Holland/ L=Zaandam/O=End Point/OU=Research and development/ [email protected]/ CN=sand.mobilefish.com
      Getting CA Private Key


    • The following file is created:
      /usr/local/etc/httpd/ssl/sand.mobilefish.crt (this is the server certificate)

  30. Check the Apache configuration.
    Type: sudo apachectl configtest

    Note:
    sudo apachectl -t does the same.

  31. Start Apache server.
    Type: sudo apachectl start

  32. The following steps applies to Mac users. How it is done on other OS I do not know (sorry..).

    The sand.mobilefish.crt certificate is self signed and is not created by an official CA Authority.
    To always trust our own self signed certificate:

    • Right click file sand.mobilefish.crt and select "Open With" and select "Keychain Access".

    • Open the "Keychain Access" app if it does not open.

    • Double click the certificate sand.mobilefish.com.

    • Expand Trust.

    • Select "When using this certificate" Always Trust.

      Always trust the certificate

  33. Open Chrome browser.
    Type: https://www.mobilefish.com

  34. Right click the Mobilefish.com homepage, select Inspect and select tab Security.
    The site is secure and the certificate is valid.

    Chrome browser