Apache

 
 
Apache is a powerful and flexible HTTP/1.1 compliant web server. Originally designed as a replacement for the NCSA HTTP Server, it has grown to be the most popular web server on the Internet. As a project of the Apache Software Foundation, the developers aim to collaboratively develop and maintain a robust, commercial-grade, standards-based server with freely available source code.

The Apache HTTP Server is distributed at no charge for commercial or non-commercial use. For more information read the LICENSE.txt file.

Apache can be used with Microsoft Windows. The Apache HTTP Server Version 2.0 runs under Windows NT, Windows 2000 and Windows XP. You should download the version of Apache for Windows with the .msi extension. This is a single Microsoft Installer file containing Apache, ready to install and run.

The latest Apache HTTP Server version can be downloaded from: http://httpd.apache.org/
The latest Apache 1.3 documentation can be found at: http://httpd.apache.org/docs/1.3/
The latest Apache 2.0 documentation can be found at: http://httpd.apache.org/docs/2.0/
The latest Apache 2.2 documentation can be found at: http://httpd.apache.org/docs/2.2/







Setup Apache in macOS Sierra with PHP, Server Side Includes and name-based virtual hosting



Information
This tutorial setup two apache web projects (mobilefish_web and mypark_web) on a macOS.
It will host two domains (sand.mobilefish.com and sand.mypark.nl) using name-based virtual hosting.
Apache will be configured for PHP and server side includes.

Operating system used
macOS Sierra

Software prerequisites
none


Procedure
  1. Open a terminal and goto your homedirectory.

  2. Type: mkdir Sites

  3. Create two web projects called "mobilefish_web" and "mypark_web".

    Type: cd Sites
    Type: mkdir mobilefish_web
    Type: mkdir mypark_web

  4. Create file ~/Sites/mobilefish_web/index.html with the following content:

    <html>
    <head><title>mobilefish_web</title></head>
    <body>mobilefish_web</body>
    </html>


  5. Create file ~/Sites/mypark_web/index.html with the following content:

    <html>
    <head><title>mypark_web</title></head>
    <body>mypark_web</body>
    </html>


  6. Verify your username.
    Type: whoami

    You should see for example:
    robertlie

  7. Create an username.conf file, for example: robertlie.conf
    Type: cd /etc/apache2/users
    Type: sudo nano robertlie.conf

    This file has the following content:

    <Directory "/Users/robertlie/Sites/">
       Options Indexes MultiViews FollowSymLinks Includes
       AllowOverride All
       Order allow,deny
       Allow from all
       Require all granted
       AddType text/html .shtml .shtm .html
       AddOutputFilter INCLUDES .shtml .shtm .html
       AddType application/x-httpd-php .html
    </Directory>


  8. Set the file permission.
    Type: sudo chmod 644 robertlie.conf

  9. Modify the /etc/apache2/httpd.conf file (Make a backup of this file first!)
    Make the following changes, uncomment the following lines:

    LoadModule include_module libexec/apache2/mod_include.so
    LoadModule deflate_module libexec/apache2/mod_deflate.so
    LoadModule expires_module libexec/apache2/mod_expires.so
    LoadModule vhost_alias_module libexec/apache2/mod_vhost_alias.so
    LoadModule userdir_module libexec/apache2/mod_userdir.so
    LoadModule rewrite_module libexec/apache2/mod_rewrite.so
    LoadModule php5_module libexec/apache2/libphp5.so

    # User home directories
    Include /private/etc/apache2/extra/httpd-userdir.conf

    # Virtual hosts
    Include /private/etc/apache2/extra/httpd-vhosts.conf


  10. When you enter sand.mobilefish.com it should automatically load page index.shtm or index.html.
    Modify the following:

    <IfModule dir_module>
       DirectoryIndex index.shtm index.html
    </IfModule>


    Note:
    Check if the httpd.conf does not contain errors, type: apachectl configtest

  11. In the httpd.conf file the user/group is set.
    User _www
    Group _www


    If you have setup a local Apache environment for development purpose, it is best to set User to your accountname, for example:
    User robertlie
    Group _www


    Why you want to do this:
    If you let users to upload a file to your webserver and you want to modify this file using a PHP script than setting the User to your accountname will solve many problems. Do not do this for production environment!

  12. Modify the /etc/apache2/extra/httpd-userdir.conf file (Make a backup of this file first!)
    Make the following changes, uncomment the following line:

    Include /private/etc/apache2/users/*.conf

  13. Modify the /etc/apache2/extra/httpd-vhosts.conf file (Make a backup of this file first!)
    Add the following lines:

    <VirtualHost *:80>
       DocumentRoot "/Users/robertlie/Sites/mobilefish_web"
       ServerName sand.mobilefish.com
       ErrorLog "/private/var/log/apache2/sand-mobilefish-error.log"
       CustomLog "/private/var/log/apache2/sand-mobilefish-access.log" common
    </VirtualHost>

    <VirtualHost *:80>
       DocumentRoot "/Users/robertlie/Sites/mypark_web"
       ServerName sand.mypark.nl
       ErrorLog "/private/var/log/apache2/mypark-error.log"
       CustomLog "/private/var/log/apache2/mypark-access.log" common
    </VirtualHost>


  14. Check the Apache configuration.
    Type: sudo apachectl configtest

    Note:
    sudo apachectl -t does the same.

  15. Edit /etc/hosts file. Add at the bottom of the file the following lines:

    #Local sites
    127.0.0.1      sand.mobilefish.com
    127.0.0.1      sand.mypark.nl


  16. Restart apache
    Type: sudo apachectl restart

    Note:
    Stop Apache, type: sudo apachectl stop
    Start Apache, type: sudo apachectl start
    Show Apache version, type: httpd -v

    You will see, for example:
    Server version: Apache/2.4.23 (Unix)
    Server built: Aug 8 2016 18:10:45


  17. Open a browser.
    Type: http://sand.mobilefish.com
    Type: http://sand.mypark.nl

  18. If your website allows you to upload files, you need to make the follwing changes:
    • Make sure your /etc/php.ini allows you to upload files.
      Checkout the following settings:
      • file_uploads = On
        Allow HTTP file uploads.
      • ;upload_tmp_dir =
        Temporary directory for HTTP uploaded files.
        Will use system default /private/var/tmp/ if not specified.
      • upload_max_filesize = 2M
        Maximum allowed size for uploaded files.
      • max_file_uploads = 20
        Maximum number of files that can be uploaded via a single request.
    • By default the uploaded files are stored in folder /private/var/tmp/
      You need to move these files to another folder (for example docroot/tmp) to access these files from a webpage. Use the php command move_uploaded_file() to move the files from /private/var/tmp/ to docroot/tmp

      Note:
      The file is removed immediately from /private/var/tmp/ after the upload is done.
      Which mean you will not see this file in /private/var/tmp/.
    • Make sure the following groups and permissions are set:

      • chmod go-rwx docroot (only owner has access to docroot)
      • chmod go+x docroot (groups and others can access the docroot)
      • sudo chgrp -R _www docroot (all content belongs to group _www)
      • chmod -R go-rwx docroot (only owner has access to docroot)
      • chmod -R g+rx docroot (only owner and _www has access to docroot)
      • chmod -R g+rwx docroot/tmp (_www has write access to the tmp)

      Note:
      When a file is uploaded to /private/var/tmp/ and moved to docroot/tmp folder, the file is created by user _www (and group _www).
      This user and group is set in the /etc/apache2/httpd.conf file.

  19. The following steps are needed if you want to setup SSL.

  20. Stop apache server.
    Type: sudo apachectl stop

  21. Edit the httpd.conf file:
    • Uncomment line:
      LoadModule socache_shmcb_module libexec/apache2/mod_socache_shmcb.so
    • Uncomment line: LoadModule ssl_module libexec/apache2/mod_ssl.so
    • Uncomment line: Include /private/etc/apache2/extra/httpd-ssl.conf

  22. Create folder /etc/apache2/ssl
    Type: sudo mkdir /private/etc/apache2/ssl

  23. If you ONLY want to support https://www.mobilefish.com than continue otherwise skip this step.
    Modify the /etc/apache2/extra/httpd-vhosts.conf file (Make a backup of this file first!)
    In this example the site sand.mobilefish.com will be SSL enabled and it will ONLY support SSL.
    It will not support http://sand.mobilefish.com
    Comment out the following lines:

    #<VirtualHost *:80>
    #   DocumentRoot "/Users/robertlie/Sites/mobilefish_web"
    #   ServerName sand.mobilefish.com
    #   ErrorLog "/private/var/log/apache2/sand-mobilefish-error.log"
    #   CustomLog "/private/var/log/apache2/sand-mobilefish-access.log" common
    #</VirtualHost>


  24. Backup the /etc/apache2/extra/httpd-ssl.conf file.
    An example VirtualHost is already setup in httpd-ssl.conf. Comment is all out!

    #<VirtualHost _default_:443>

    #SSLEngine on
    #SSLCertificateFile "/private/etc/apache2/server.crt"
    #SSLCertificateKeyFile "/private/etc/apache2/server.key"

    #DocumentRoot "/Library/WebServer/Documents"
    #ServerName www.example.com:443
    #ServerAdmin [email protected]
    #ErrorLog "/private/var/log/apache2/error_log"
    #TransferLog "/private/var/log/apache2/access_log"

    #<FilesMatch "\.(cgi|shtml|phtml|php)$">
    #   SSLOptions +StdEnvVars
    #</FilesMatch>

    #<Directory "/Library/WebServer/CGI-Executables">
    #   SSLOptions +StdEnvVars
    #</Directory>

    #BrowserMatch "MSIE [2-5]" \
    #   nokeepalive ssl-unclean-shutdown \
    #   downgrade-1.0 force-response-1.0

    #CustomLog "/private/var/log/apache2/ssl_request_log" \
    #    "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

    #</VirtualHost>

  25. At the end of the httpd-ssl.conf file add the following lines:

    <VirtualHost *:443>
       DocumentRoot "/Users/robertlie/Sites/mobilefish_web"
       ServerName sand.mobilefish.com
       ErrorLog "/private/var/log/apache2/sand-mobilefish-error.log"
       CustomLog "/private/var/log/apache2/sand-mobilefish-access.log" common

       SSLEngine on
       SSLCertificateFile "/private/etc/apache2/ssl/sand.mobilefish.crt"
       SSLCertificateKeyFile "/private/etc/apache2/ssl/sand.mobilefish.key"

       <FilesMatch "\.(cgi|shtml|shtm|phtml|php)$">
          SSLOptions +StdEnvVars
       </FilesMatch>
       <Directory "/Library/WebServer/CGI-Executables">
          SSLOptions +StdEnvVars
       </Directory>
    </VirtualHost>


  26. Create a self signed SSL certificate for domain sand.mobilefish.com.
    There are two ways to do this.
    • Method A: Create a self signed SSL certificate. (Not recommended)
    • Method B: Create a self signed SSL certificate issued by a Certificate Authority (CA).

    Choose method B if you want to use the PHP SSL context options
    "verify_peer" and "verify_peer_name". You need the CA certificate.
    See: Installing PHP5.6.30 on macOS Sierra

    Method A: Create a self signed SSL certificate

    • Type: cd /private/etc/apache2/ssl

    • Create the server private key and server certificate.
      Type: sudo openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout sand.mobilefish.key -out sand.mobilefish.crt

      Note: The certificate will be valid for 10 years, this is just for a test environment!

    • Enter the following information:

      Country Name (2 letter code) [AU]:NL
      State or Province Name (full name) [Some-State]:Noord-Holland
      Locality Name (eg, city) []:Zaandam
      Organization Name (eg, company) [Internet Widgits Pty Ltd]:Mobilefish.com
      Organizational Unit Name (eg, section) []:Research and development
      Common Name (e.g. server FQDN or YOUR name) []:sand.mobilefish.com
      Email Address []:[email protected]

    • The folowing files are created:
      /private/etc/apache2/ssl/sand.mobilefish.key (this is the server private key)
      /private/etc/apache2/ssl/sand.mobilefish.crt (this is the server certificate)

    Method B: Create a self signed SSL certificate issued by a Certificate Authority (CA)

    • Type: cd /private/etc/apache2/ssl

    • First create a 2048 bit CA private key.
      Type: sudo openssl genrsa -out privkey.pem 2048

      You will see the following:

      Generating RSA private key, 2048 bit long modulus
      ..............................................+++
      ...........+++
      e is 65537 (0x10001)


    • The following file is created:
      /private/etc/apache2/ssl/privkey.pem (this is the CA private key)

    • Create a self signed CA certificate.
      Type: sudo openssl req -new -x509 -days 3650 -nodes -key privkey.pem -sha256 -out ca.pem

      Enter the following information:

      You are about to be asked to enter information that will be incorporated
      into your certificate request.
      What you are about to enter is what is called a Distinguished Name or a DN.
      There are quite a few fields but you can leave some blank
      For some fields there will be a default value,
      If you enter '.', the field will be left blank.
      -----
      Country Name (2 letter code) [AU]:NL
      State or Province Name (full name) [Some-State]:Noord-Holland
      Locality Name (eg, city) []:Zaandam
      Organization Name (eg, company) [Internet Widgits Pty Ltd]:Mobilefish.com CA
      Organizational Unit Name (eg, section) []:
      Common Name (e.g. server FQDN or YOUR name) []:
      Email Address []:


    • The following file is created:
      /private/etc/apache2/ssl/ca.pem (this is the CA certificate)

    • Create a server configuration file /private/etc/apache2/ssl/sand.mobilefish.csr.cnf containing the following lines:

      [req]
      default_bits = 2048
      prompt = no
      default_md = sha256
      distinguished_name = dn

      [dn]
      C=NL
      ST=Noord-Holland
      L=Zaandam
      O=End Point
      OU=Research and development
      [email protected]
      CN = sand.mobilefish.com


    • Create the server Certificate Signing Request and server private key.
      Type: sudo openssl req -new -nodes -out sand.mobilefish.csr -keyout sand.mobilefish.key -config sand.mobilefish.csr.cnf

      You will see the following:

      Generating a 2048 bit RSA private key
      .................................................+++
      ....................+++
      writing new private key to 'sand.mobilefish.key'
      -----


    • The following files are created:
      /private/etc/apache2/ssl/sand.mobilefish.csr (this is the server certificate signing request)
      /private/etc/apache2/ssl/sand.mobilefish.key (this is the server private key)

    • Create a server extension file /private/etc/apache2/ssl/sand.mobilefish_v3.ext containing the following lines:

      authorityKeyIdentifier=keyid,issuer
      basicConstraints=CA:FALSE
      keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
      subjectAltName = @alt_names

      [alt_names]
      DNS.1 = sand.mobilefish.com


      Note 1:
      This is step is needed if you want to avoid the following error in Chrome browser:

      This server could not prove that it is sand.mobilefish.com; its security certificate does not specify Subject Alternative Names. This may be caused by a misconfiguration or an attacker intercepting your connection.

      Security certificate Subject Alternative Names

      Note 2:
      Make sure the domain "DNS.1 = sand.mobilefish.com" is the same as "CN = sand.mobilefish.com" in file sand.mobilefish.csr.cnf.

      Note 3:
      If you want this certificate to support multiple domains, do the following:

      [alt_names]
      DNS.1 = sand.mobilefish.com
      DNS.2 = proxy.mobilefish.com
      DNS.3 = baidu.com
      DNS.4 = china.com


    • Create the server certificate.
      Type: sudo openssl x509 -req -in sand.mobilefish.csr -CA ca.pem -CAkey privkey.pem -CAcreateserial -out sand.mobilefish.crt -days 3650 -extfile sand.mobilefish_v3.ext

      You will see the following:

      Signature ok
      subject=/C=NL/ST=Noord-Holland/ L=Zaandam/O=End Point/OU=Research and development/ [email protected]/ CN=sand.mobilefish.com
      Getting CA Private Key


    • The following file is created:
      /private/etc/apache2/ssl/sand.mobilefish.crt (this is the server certificate)

  27. Check the Apache configuration.
    Type: sudo apachectl configtest

    Note:
    sudo apachectl -t does the same.

  28. Start Apache server.
    Type: sudo apachectl start

  29. The following steps applies to Mac users. How it is done on other OS I do not know (sorry..).

    The sand.mobilefish.crt certificate is self signed and is not created by an official CA Authority.
    To always trust our own self signed certificate:

    • Right click file sand.mobilefish.crt and select "Open With" and select "Keychain Access".

    • Open the "Keychain Access" app if it does not open.

    • Double click the certificate sand.mobilefish.com.

    • Expand Trust.

    • Select "When using this certificate" Always Trust.

      Always trust the certificate

  30. Open Chrome browser.
    Type: https://www.mobilefish.com

  31. Right click the Mobilefish.com homepage, select Inspect and select tab Security.
    The site is secure and the certificate is valid.

    Chrome browser