Tim,
Here are my notes as to how to set up Apache+PHP+MySQL+OpenSSL on a linux
server using RedHat. There must be a simpler way, but this works for me.
Please note that there are various serious security issues that are
ignored in these notes... You're behind a firewall, aren't you? ;)
Ralph
-----
Setup Apache+MySQL+php+OpenSSL+phpMyAdmin
-----------------------------------------
1. start with a basic RedHat 6.0 installation. This basically works
unmodified as I recall for a RedHat 6.1 system.
2. remove apache if installed. Be careful, because this may
delete anything in your /home/httpd/html directory!!
rpm -e apache
3. Install MySQL main program _and_ client.
You have to have the client to set up the server grant tables!!
The basic binary rpm's will work.
I got mine from ftp.tcx.se/pub/mysql/Downloads/
rpm -Uvh MySQL-xxxx
rpm -Uvh MySQL-client-xxx
set password for root access to tables:
mysqladmin -u root password yourpassword
This is NOT your system password, it's just for the mysql grant tables.
You should also setup a password for the httpd processes, see the mysql docs.
You should really understand what access priveledges you are granting, but
anyway, here's a clue from the MySQL docs:
shell> mysql --user=root mysql
mysql> INSERT INTO user VALUES('localhost','monty',PASSWORD('something'),
'Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y')
mysql> INSERT INTO user VALUES('%','monty',PASSWORD('something'),
'Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y')
mysql> INSERT INTO user SET Host='localhost',User='admin',
Reload_priv='Y', Process_priv='Y';
mysql> INSERT INTO user (Host,User,Password)
VALUES('localhost','dummy',");
mysql> FLUSH PRIVILEGES;
4. Install openssl
get these from http://www.modssl.org/contrib/
rpm -Uvh openssl
5. Install apache-mod_ssl from http://www.modssl.org/contrib/
rpm -Uvh apache-mod-ssl-xxx
follow instructions in rpm:
as supplied HTTPD -DSSL will run with a dummy certificate!
You need a server.key file in /etc/httpd/conf/ssl.key/
and you need a server.crt file in /etc/httpd/conf/ssl.crt/
After that you have to run make in that directory.
You better edit (and understand) /etc/httpd/conf/*.conf
to suit your needs!!!
See doc in /usr/doc/apache_mod_ssl
6. install mod_php3
I got binaries,
from http://www.mdb.ku.dk/tarvin/rpms/redhat6/php-mysql/
rpm -Uvh mod_php3
7. Install mysql component
rpm -Uvh mod_php3_mysql
8. Install PhpMyAdmin in a secure directory for SQL table
administration, table browsing and to test SQL. It's also a
good example of php3 code. You can get PhpMyAdmin at:
http://phpwizard.net/phpMyAdmin/
cd /home/httpd/html
gzip -dc phpmyadmin-xxx | tar -xvf -
9. Configure phpMyAdmin (needs to know mysql root password
and (optionally) documentation directories)
cd /home/httpd/html/phpMyAdmin
pico config.inc.php3
10. If anything goes wrong, or to test and diagnose,
create an html file to produce phpinfo. The output from apache
should include an indication of what modules loaded, including
whether mysql extensions loaded.
filename: phptest.php3
contents:
<html>
<body>
<?php
phpinfo();
?>
</body>
</html>
11. Setup backup routine for securing mysql tables
Put something like this in a cron-job:
mysqldump mydb >/home/safeplace/backup.sql
Also, setup the mysql server to enable transaction logging. Restart the
transaction logging after dumping the tables. That way, you can
(hopefully) recover with a backup, saving every transactions that got
posted to the log.
12. To enable php parsing on all .html documents add an appropriate line
to your /etc/httpd/conf/httpd.conf file, something like:
( notice the ".html" )
# PHP3 support
<IfModule mod_php3.c>
AddIcon /icons/php3.gif .php3
AddIcon /icons/phps.gif .php3s .phps
AddType application/x-httpd-php3-source .php3s .phps
AddType application/x-httpd-php3 .php3 .phtml .php .inc .html
</IfModule>
# End of PHP3 support
14. If you made it this far, you now have a super-fast sql->web interface,
and the next thing to do is tighten up the security to your liking.
