GLAMP refers to a common combination of software used in many web servers: GNU, Linux, Apache, MySQL, and PHP. This article describes how to set up the Apache HTTP Server on a Parabola GNU/Linux-libre system. It also tells how to optionally install PHP and MySQL and integrate these in the Apache server.

If you only need a web server for development and testing, Xampp might be a better and easier option.

1 Installation

# pacman -S apache php php-apache mysql

This document assumes you will install Apache, PHP and MySQL together. If desired however, you may install Apache, PHP, and MySQL separately and simply refer to the relevant sections below.

2 Configuration

2.1 Apache

For security reasons, as soon as Apache is started by the root user (directly or via startup scripts) it switches to the UID/GID specified in /etc/httpd/conf/httpd.conf

• Check for the existence of the http user by looking for http in the output of the following command:

 # grep http /etc/passwd

• Create the system user http if it does not exist already:

 # useradd -d /srv/http -r -s /bin/false -U http

This creates the http user with home directory /srv/http/, as a system account (-r), with a bogus shell (-s /bin/false) and creates a group with the same name (-U).

• Add this line to /etc/hosts (If the file does not exist, create it.):

 127.0.0.1 localhost.localdomain localhost

If you want a different hostname, append it to the end:

 127.0.0.1 localhost.localdomain localhost myhostname

• Edit /etc/rc.conf: If you set a hostname, the HOSTNAME variable should be the same; otherwise, use "localhost":

 #
 # Networking
 #
 HOSTNAME="localhost"

• Make sure the hostname appears in /etc/hosts or apache will fail to start. Alternatively, you can

edit /etc/httpd/conf/httpd.conf and comment the following module:

 LoadModule unique_id_module        modules/mod_unique_id.so

• Customize your config. At least change httpd.conf and extra/httpd-default.conf to your liking. For security reasons, you might want to change ServerTokens Full to ServerTokens Prod and ServerSignature On to ServerSignature Off in extra/httpd-default.conf.

• Run the following in a terminal to start the HTTP server:

 # systemctl start httpd

Apache should now be running. Test by visiting http://localhost/ in a web browser. It should display a simple Apache test page. If you receive a 403 Error, comment out the following line in /etc/httpd/conf/httpd.conf:

Include conf/extra/httpd-userdir.conf

• To start Apache automatically at boot, run:

 # systemctl enable httpd 

2.1.1 User dirs

• If you do not want user directories to be available on the web (e.g., ~/public_html on the machine is accessed as http://localhost/~user/ -Note that you can change what this points to in /etc/httpd/conf/extra/httpd-userdir.conf), comment the following line in /etc/httpd/conf/httpd.conf since they are activated by default:

 Include conf/extra/httpd-userdir.conf

• You must make sure that your home directory permissions are set properly so that Apache can get there. Your home directory and ~/public_html/ must be executable for others ("rest of the world"). This seems to be enough:

 $ chmod o+x ~
 $ chmod o+x ~/public_html

• More secure way to share your home folder with apache is to add http user in group that your home folder belongs. For example, if your home folder and other sub-folders in your home folder belong to group piter, all you have to do is following:

 $ usermod -aG piter http

• Of course, you have to give read and execute permissions on ~/, ~/public_html, and all other sub-folders in ~/public_html to the group members (group piter in our case). Do something like following (modify commands for your specific case):

 $ chmod g+xr-w /home/yourusername
 $ chmod -R g+xr-w /home/yourusername/public_html

And then

 # systemctl restart httpd

to restart apache.

2.1.2 SSL

Create self-signed certificate (you can change key size and days of validity)

 # cd /etc/httpd/conf
 # openssl genrsa -des3 -out server.key 1024
 # openssl req -new -key server.key -out server.csr
 # cp server.key server.key.org
 # openssl rsa -in server.key.org -out server.key
 # openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

In /etc/httpd/conf/httpd.conf uncomment line

 Include conf/extra/httpd-ssl.conf

Restart apache

 # rc.d restart httpd

2.1.3 Virtual Hosts

If you want to have more than one host, make sure you have

# Virtual hosts
Include conf/extra/httpd-vhosts.conf

in /etc/httpd/conf/httpd.conf.

In /etc/httpd/conf/extra/httpd-vhosts.conf set your virtual hosts according the example, e.g.:

NameVirtualHost *:80

#this first virtualhost enables: http://127.0.0.1, or: http://localhost, 
#to still go to /srv/http/*index.html(otherwise it will 404_error).
#the reason for this: once you tell httpd.conf to include extra/httpd-vhosts.conf, 
#ALL vhosts are handled in httpd-vhosts.conf(including the default one),
# E.G. the default virtualhost in httpd.conf is not used and must be included here, 
#otherwise, only domainname1.dom & domainname2.dom will be accessible
#from your web browser and NOT http://127.0.0.1, or: http://localhost, etc.
#

<VirtualHost *:80>
    DocumentRoot "/srv/http"
    ServerAdmin root@localhost
    ErrorLog "/var/log/httpd/127.0.0.1-error_log"
    CustomLog "/var/log/httpd/127.0.0.1-access_log" common
    <Directory /srv/http/>
		    DirectoryIndex index.htm index.html
		    AddHandler cgi-script .cgi .pl
		    Options ExecCGI Indexes FollowSymLinks MultiViews +Includes
		    AllowOverride None
		    Order allow,deny
		    allow from all
	</Directory>
</VirtualHost>


<VirtualHost *:80>
    ServerAdmin your@domainname1.dom
    DocumentRoot "/home/username/yoursites/domainname1.dom/www"
    ServerName domainname1.dom
    ServerAlias domainname1.dom
    <Directory /home/username/yoursites/domainname1.dom/www/>
		    DirectoryIndex index.htm index.html
		    AddHandler cgi-script .cgi .pl
		    Options ExecCGI Indexes FollowSymLinks MultiViews +Includes
		    AllowOverride None
		    Order allow,deny
		    allow from all
	</Directory>
</VirtualHost>

<VirtualHost *:80>
    ServerAdmin your@domainname2.dom
    DocumentRoot "/home/username/yoursites/domainname2.dom/www"
    ServerName domainname2.dom
    ServerAlias domainname2.dom
    <Directory /home/username/yoursites/domainname2.dom/www/>
		    DirectoryIndex index.htm index.html
		    AddHandler cgi-script .cgi .pl
		    Options ExecCGI Indexes FollowSymLinks MultiViews +Includes
		    AllowOverride None
		    Order allow,deny
		    allow from all
	</Directory>
</VirtualHost>

Add your virtual host names to your /etc/hosts file(NOT neccesary if bind is serving these domains already, but will not hurt):

127.0.0.1	domainname1.dom
127.0.0.1	domainname2.dom

Restart Apache:

# systemctl restart httpd

If you setup your virtual hosts to be in your user directory, sometimes it interferes with Apaches 'Userdir' settings. To avoid problems disable 'Userdir' by commenting it out:

# User home directories
#Include conf/extra/httpd-userdir.conf

As said above, take care, you have the proper permissions:

# chmod 0775 /home/yourusername/

If you have a huge amount of virtual hosts you easily want to dis- and enable, its recommended to create one config file per virtualhost and store them all in one folder, eg: /etc/httpd/conf/vhosts.

First create the folder:

# mkdir /etc/httpd/conf/vhosts

Then place the single config files in them:

# nano /etc/httpd/conf/vhosts/domainname1.dom
# nano /etc/httpd/conf/vhosts/domainname2.dom
...

In the last step, "Include" the single configs in your /etc/httpd/conf/httpd.conf:

#Enabled Vhosts:
Include conf/vhosts/domainname1.dom
#Include conf/vhosts/domainname1.dom

You can enable and disable single virtual hosts by commenting them out or uncommenting them.

2.1.4 Advanced Options

These options in /etc/httpd/conf/httpd.conf might be interesting for you:

# Listen 80

This is the port Apache will listen to. For Internet-access with router, you have to forward the port.

If you setup Apache for local development you may want it to be only accessible from your computer. Then change this line to:

# Listen 127.0.0.1:80

This is the admin's email-address which can be found on e.g. error-pages:

# ServerAdmin sample@sample.com

This is the directory where you should put your web pages:

# DocumentRoot "/srv/http"

Change it, if you want to, but do not forget to also change the

<Directory "/srv/http">

to whatever you changed your DocumentRoot to, or you will likely get a 403 error (lack of privileges) when you try to access the new document root. Do not forget to change the Deny from all line, otherwise you will get 403 error too.

# AllowOverride None

This directive in <Directory> sections causes apache to completely ignore .htaccess files. If you intend to use rewrite mod or other settings in .htaccess files, you can allow which directives declared in that file can override server configuration. For more info refer to http://httpd.apache.org/docs/current/mod/core.html#allowoverride

2.2 PHP

• Install the "php-apache" package from extra using pacman.

• In the file /etc/httpd/conf/httpd.conf:

Comment out the line

 LoadModule mpm_event_module modules/mod_mpm_event.so

then un-comment the line:

 LoadModule mpm_prefork_module modules/mod_mpm_prefork.so

Add these lines to the "LoadModule" list anywhere after LoadModule dir_module modules/mod_dir.so:

 LoadModule php7_module modules/libphp7.so
 AddHandler php7-script php

Place this at the end of the "Include" list:

 Include conf/extra/php7_module.conf

Make sure that the following line is uncommented in httpd.conf in the section/(after the line)<IfModule mime_module>:

 TypesConfig conf/mime.types

(Optional) Uncomment the following lines:

 LoadModule mime_magic_module modules/mod_mime_magic.so
 MIMEMagicFile conf/magic

• Add this line in /etc/httpd/conf/mime.types:

 application/x-httpd-php		php php7

• (Optional) If your DocumentRoot is not /srv/http and if the 'open_basedir=' entry is already un-commented in /etc/php/php.ini, add it to open_basedir as such:

 open_basedir=/srv/http/:/home/:/tmp/:/usr/share/pear/:/path/to/documentroot

• Restart the Apache service to make changes take effect:

 # systemctl restart httpd

• Create the file test.php in your Apache DocumentRoot Directory (e.g. /srv/http/ or ~/public_html if you permitted such a configuration) like:

 sudo echo "<?php phpinfo(); ?>" >> /srv/http/test.php

or:

 echo "<?php phpinfo(); ?>" >> ~/public_html/test.php

• Test PHP:

 curl http://localhost/test.php

or:

 curl http://localhost/~myname/test.php

If the PHP instruction is not executed (you see : <html>...</html>), check that you have added "Includes" to the "Options" line for your root directory in /etc/httpd/conf/httpd.conf. Moreover, check that TypesConfig conf/mime.types is uncommented in the <IfModule mime_module> section, you may also try adding the following to the <IfModule mime_module> in httpd.conf:

 AddHandler application/x-httpd-php .php

2.2.1 Advanced options

• Remember to add a file handler for .phtml if you need it in /etc/httpd/conf/extra/php5_module.conf:

 DirectoryIndex index.php index.phtml index.html

• If you want the libGD module, install php-gd package and uncomment in /etc/php/php.ini:

 ;extension=gd.so

to

 extension=gd.so

Pay attention to which extension you uncomment, as this extension is sometimes mentioned in an explanatory comment before the actual line you want to uncomment.

• If you want to display errors to debug your php code, change this line of /etc/php/php.ini:

 display_errors=Off

to

 display_errors=On

• If you want the mcrypt module, install php-mcrypt package and uncomment in /etc/php/php.ini:

 ;extension=mcrypt.so

to

 extension=mcrypt.so

[XXX Debug] PHP Notice: in file /index.php on line 86: date(): It is not safe to rely on the system'XXXX
[XXX Debug] PHP Notice: in file /index.php on line 86: getdate(): It is not safe to rely on the system's timezone settings.XXXX

;date.timezone = 

date.timezone = Europe/Berlin

restart httpd with

# systemctl restart httpd

2.2.2 Using php with apache2-mpm-worker and mod_fcgid

Uncomment following in /etc/conf.d/apache:

HTTPD=/usr/sbin/httpd.worker

Uncomment following in /etc/httpd/conf/httpd.conf:

Include conf/extra/httpd-mpm.conf

Install mod_fcgid and php-cgi packages:

# pacman -S mod_fcgid php-cgi

Create /etc/httpd/conf/extra/php5_fcgid.conf with following content:

# Required modules: fcgid_module

<IfModule fcgid_module>
	AddHandler php-fcgid .php
	AddType application/x-httpd-php .php
	Action php-fcgid /fcgid-bin/php-fcgid-wrapper
	ScriptAlias /fcgid-bin/ /srv/http/fcgid-bin/
	SocketPath /var/run/httpd/fcgidsock
	SharememPath /var/run/httpd/fcgid_shm
        PHP_Fix_Pathinfo_Enable 1
        # Path to php.ini – defaults to /etc/phpX/cgi
        DefaultInitEnv PHPRC=/etc/php/
        # Number of PHP childs that will be launched. Leave undefined to let PHP decide.
        #DefaultInitEnv PHP_FCGI_CHILDREN 3
        # Maximum requests before a process is stopped and a new one is launched
        #DefaultInitEnv PHP_FCGI_MAX_REQUESTS 5000
        <Location /fcgid-bin/>
		SetHandler fcgid-script
		Options +ExecCGI
	</Location>
</IfModule>

Create needed directory and symlink for php wrapper:

# mkdir /srv/http/fcgid-bin
# ln -s /usr/bin/php-cgi /srv/http/fcgid-bin/php-fcgid-wrapper

Edit /etc/httpd/conf/httpd.conf:

#LoadModule php5_module modules/libphp5.so
LoadModule fcgid_module modules/mod_fcgid.so
Include conf/extra/php5_fcgid.conf

Make sure /etc/php/php.ini has the directive enabled:

cgi.fix_pathinfo=1

Now you need restart apache:

# rc.d restart httpd

2.3 MySQL

• Configure MySQL as described in MySQL.

• Edit /etc/php/php.ini (this is in /usr/etc on older systems) to uncomment the following lines (By removing ;):

 ;extension=mysqli.so
 ;extension=mysql.so
 

Caution:Some users have reported typos on this line. Please make sure that it reads ;extension=mysql.so and not ;extension=msql.so.

• You can add minor privileged users for your web scripts by editing the tables found in the mysql database. You have to restart MySQL for changes to take effect. Do not forget to check the mysql/users table. If there is a second entry for root and your hostname is left with no password set, everybody from your host probably could gain full access. Perhaps see next section for these jobs.

• Run in terminal:

 # systemctl start mysqld

• You may also need to restart Apache. Run in terminal:

 # systemctl restart httpd

• MySQL should now be running. Set the root password and test it by running:

 # mysqladmin -u root password password
 # mysql -u root -p

Type exit to exit from the CLI MySQL client

• To start MySQL at boot:

 # systemctl enable mysqld

• You might also need to edit /etc/mysql/my.cnf and comment out the skip-networking line as such:

 skip-networking

to

 #skip-networking

3 See also

• MySQL - Article for MySQL
• PhpMyAdmin - Web frontend for MySQL typically found in GLAMP environments
• Adminer - A full-featured database management tool which is available for MySQL, PostgreSQL, SQLite, MS SQL and Oracle
• Xampp - Self contained web-server that supports PHP, Perl, and MySQL
• mod_perl - Apache + Perl

4 External links

• http://www.apache.org/
• http://www.php.net/
• http://www.mysql.com/
• http://www.akadia.com/services/ssh_test_certificate.html
• http://wiki.apache.org/httpd/CommonMisconfigurations

5 Acknowledgement