Posted (Updated ) in Database, Linux, PHP

After suffering some pretty bad issues with MAMP, I decided to set everything up with homebrew instead. The result was surprisingly a much faster and (in my opinion) easier to configure setup.

As a tl;dr, we’ll be setting up Homebrew MySQL and PHP and using OSX’s built in Apache.

In this tutorial I’m using the subl command which will open a file for editing in Sublime Text. If you don’t use Sublime Text, replace subl with nano or vi or any other app you use to edit text/config files.

 

Homebrew Setup

Homebrew is a package manager for OSX. It makes installation of a wide variety of useful apps super easy.

Installation instructions are on the homebrew homepage but you can also just run the following:

1
/usr/bin/ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"

 

MySQL

I lied! We’re installing MariaDB instead! At the time of writing MySQL version 8.0.11 has just changed its default authentication method to caching_sha2_password which isn’t supported in PHP. It’s a huge hassle so we’ll just use the drop-in replacement MariaDB instead.

Install and configure MariaDB.

1
2
3
4
# Install MariaDB
brew install mariadb
# Open my.cnf config file for editing
subl /usr/local/etc/my.cnf

Add the following to the end of the file to add support for large imports:

1
2
max_allowed_packet = 2G
innodb_file_per_table = 1

Make MySQL start when you log in:

1
brew services start mariadb

The default installation comes with a passwordless root user. So secure it with:

1
mysql_secure_installation

 

SSL

Like all developers I like working on a custom subdomain – in this case localhost.com. We need to create a self-signed wildcard SSL certificate and get Chrome accepting it.

Create a folder /Users/your_username/Sites/certs and inside it run the following:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
# Generate a temporary OpenSSL config file
cat > openssl.cnf <<-EOF
  [req]
  distinguished_name = req_distinguished_name
  x509_extensions = v3_req
  prompt = no
  [req_distinguished_name]
  CN = *.localhost.com
  [v3_req]
  keyUsage = nonRepudiation, digitalSignature, keyEncipherment
  extendedKeyUsage = serverAuth
  subjectAltName = @alt_names
  [alt_names]
  DNS.1 = *.localhost.com
  DNS.2 = localhost.com
EOF
 
# Generate the certificates
openssl req \
  -new \
  -newkey rsa:2048 \
  -sha1 \
  -days 3650 \
  -nodes \
  -x509 \
  -keyout server.key \
  -out server.crt \
  -config openssl.cnf
 
# Delete the temporary config file
rm openssl.cnf

This should have created two files – server.crt and server.key which will be used in the apache config below to get HTTPS up and running.

But first, because this certificate is self-signed, it’ll result in a This site’s security certificate is not trusted! error in Chrome. That can be fixed through adding the cert to OSX’s keychain app.

  • 1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    25
    26
    27
    28
    29
    30
    31
    32
    33
    34
    35
    
    # Install PHP 7.3
    brew install php@7.3
    brew link --overwrite --force php@7.3
    # Open httpd.conf for editing
    subl /etc/apache2/httpd.conf
     
    # Enable the PHP and SSL modules by removing the # at the start of the line
    LoadModule socache_shmcb_module libexec/apache2/mod_socache_shmcb.so
    LoadModule ssl_module libexec/apache2/mod_ssl.so
    LoadModule php7_module /usr/local/opt/php@7.1/lib/httpd/modules/libphp7.so
    # A few extras I like to have enabled
    LoadModule deflate_module libexec/apache2/mod_deflate.so
    LoadModule expires_module libexec/apache2/mod_expires.so
    LoadModule headers_module libexec/apache2/mod_headers.so
    LoadModule rewrite_module libexec/apache2/mod_rewrite.so
     
    # Point the document root to a htdocs folder in your home directory and enable .htaccess
    # I've removed all the comments for succinctness but feel free to leave them in
    DocumentRoot "/Users/your_username/htdocs"
    <Directory "/Users/your_username/htdocs">
        Options FollowSymLinks Multiviews
        MultiviewsMatch Any
     
        AllowOverride All
     
        Require all granted
    </Directory>
     
    # Add PHP to your default file list
    <IfModule dir_module>
        DirectoryIndex index.html index.php
    </IfModule>
     
    # And make it work
    <FilesMatch \.php
  • Set the Keychain dropdown to System and click Add
  • Now in the Certificates section of Keychain find your newly added cert, double click it, expand the Trust section and set everything to Always Trust
  • These changes will only take effect after a browser restart.

 

Apache and PHP

OSX 10.13 High Sierra comes (at the time of writing) with Apache 2.4.33.

To configure apache (with SSL):

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
# Open httpd.conf for editing
subl /etc/apache2/extra/httpd-ssl.conf
 
# Point to our same document root as before
DocumentRoot "/Users/your_username/htdocs"
 
# Update log file locations
ErrorLog "/Users/your_username/Sites/logs/apache2/error_log"
TransferLog "/Users/your_username/Sites/logs/apache2/access_log"
CustomLog "/Users/your_username/Sites/logs/apache2/ssl_request_log" \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
 
# Point to the certs we created
SSLCertificateFile "/Users/your_username/Sites/certs/server.crt"
SSLCertificateKeyFile "/Users/your_username/Sites/certs/server.key"

Now configure the default SSL options:

1
sudo cp /etc/php.ini.default /etc/php.ini

Since this is a development machine, you’ll probably also want to enable the ever popular xdebug which luckily for us comes pre-compiled with OSX. What OSX doesn’t come with, however, is a default php.ini though it does have a sample file. We can use that:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
<VirtualHost *:80>
  ServerAdmin webmaster@localhost
  ServerName mysite.localhost.com
  ServerAlias mysite.localhost.com
  DocumentRoot /Users/your_username/htdocs/mysite.com
 
  ErrorLog /Users/your_username/Sites/logs/mysite.com.error.log
  LogLevel warn
  CustomLog /Users/your_username/Sites/logs/mysite.com.access.log varnishcombined
 
  <Directory /Users/your_username/htdocs/mysite.com/>
    Options Indexes FollowSymLinks
    AllowOverride All
    Require all granted
  </Directory>
</VirtualHost>
 
<IfModule ssl_module>
  <VirtualHost *:443>
    ServerAdmin webmaster@localhost
    ServerName mysite.localhost.com
    ServerAlias mysite.localhost.com
    DocumentRoot /Users/your_username/htdocs/mysite.com
 
    ErrorLog /Users/your_username/Sites/logs/mysite.com.error.log
    LogLevel warn
    CustomLog /Users/your_username/Sites/logs/mysite.com.access.log varnishcombined
 
    <Directory /Users/flynsarmy/htdocs/work/qpsmedia/qpsstats/>
      Options Indexes FollowSymLinks
      AllowOverride All
      Require all granted
    </Directory>
 
    SSLEngine on
    SSLCertificateFile    /Users/your_username/Sites/certs/server.crt
    SSLCertificateKeyFile /Users/your_username/Sites/certs/server.key
 
    <FilesMatch "\.(cgi|shtml|phtml|php)$">
      SSLOptions +StdEnvVars
    </FilesMatch>
  </VirtualHost>
</IfModule>

Then simply add extension=xdebug.so below all the extension= lines in your new /etc/php.ini file.

VirtualHosts

I like to split virtualhosts up into one for each site and store them all in /Users/your_username/Sites/ folder.

Create a file /Users/your_username/Sites/mysite.localhost.com.conf and add the following:

1
sudo apachectl restart

 

Finally, restart apache and you should be good to go!

1
sudo apachectl restart

 

Resources

Read More »

Posted (Updated ) in Linux, PHP

I’ve been seeing up an Amazon EC-2 server with Debian Squeeze and used tasksel to install Web Server and Mail Server. Like all things debian, this worked pretty well after the installation completed and everything ‘just worked’ however I wasn’t happy with the default from name and email address assigned to emails sent by PHP – www-data <www-data@my.domain.com>.

I discovered a quick and simple fix to change these defaults for all mail sent with PHP:

Open /etc/php5/apache2/php.ini and set

sendmail_path = '/usr/sbin/sendmail -t -i -fno-reply@my.domain.com -Fno-reply'

You can see a list of sendmail arguments and what they do here.

Restart apache and you’re good to go:

sudo service apache2 restart

Read More »

Posted in Linux, PHP

I’ve been looking for ways to speed up my site recently and came across this interesting article on seamlessly integrating nginx with Apache to handle asset files without requiring a CDN subdomain. This works by checking the requests file extension for .js, .jpg, .pdf etc and if not found, proxies the request to Apache and serves the results.

Benefits

You won’t need to modify all your pages/posts updating asset locations to point to a subdomain! Everything will ‘just work’.

Issues/Drawbacks

There are 2 issues I’ve found with this setup:

  • Because Apache is now running on port 8080, your mod_rewrite redirects will now redirect to that port. You won’t be able to use RedirectMatch anymore, however below is the solution I came up with:
    sudo apt-get install nginx
    sudo nano/etc/nginx/sites-available/default
  • You can no longer use .htaccess redirects for any asset files nginx is serving. Instead, use nginx redirects. Below is an example:
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    25
    26
    27
    28
    29
    30
    31
    32
    33
    34
    35
    36
    37
    38
    39
    40
    41
    42
    43
    44
    45
    46
    47
    48
    49
    50
    51
    52
    53
    
    # You may add here your
    # server {
    #	...
    # }
    # statements for each of your virtual hosts
     
    server {
     
    	listen   80; ## listen for ipv4
    	listen   [::]:80 default ipv6only=on; ## listen for ipv6
     
    	server_name  localhost;
    	root /var/www/; 
    	access_log  /var/log/nginx/localhost.access.log;
     
    	# Static Contents
    	location ~* ^.+.(jpg|jpeg|gif|png|ico|css|zip|tgz|gz|rar|bz2|doc|xls|exe|pdf|ppt|txt|tar|mid|midi|wav|bmp|rtf|js)$ {		access_log off;
    		expires 30d;
    	}
     
    	# Dydamic Content forward to Apache
    	location / {
            	proxy_set_header X-Real-IP  $remote_addr;
    	        proxy_set_header Host $host;
            	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    	        proxy_pass http://127.0.0.1:8080;	}
    }
     
    ###############################################################################
    # virtualhost
    ###############################################################################
     
    #server {
    #    server_name www.example.com example.com;
    #    root /var/www/example.com/html/;
    #
    #    # Static Contents
    #    location ~* ^.+.(jpg|jpeg|gif|png|ico|css|zip|tgz|gz|rar|bz2|doc|xls|exe|pdf|ppt|txt|tar|mid|midi|wav|bmp|rtf|js)$ {
    #        access_log off;
    #        expires 30d;
    #    }
    #
    #    # Dydamic Content forward to Apache
    #    location / {
    #        proxy_set_header X-Real-IP  $remote_addr;
    #        proxy_set_header Host $host;
    #        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    #        proxy_pass http://127.0.0.1:8080;
    #    }
    #}

    For more information on nginx redirects, see the official documentation.

Read More »

Posted in Linux

I was receiving a 500 internal server error on one of my CPanel sites earlier tonight but the apache error logs in CPanel admin for that user showed nothing. Instead, I had to locate the global apache error logs. This information may help others so I’ve listed some of the most useful CPanel/WHM log file locations below:

Apache Logs

General Error and Auditing Logs:
Location : /usr/local/apache/logs/error_log
Description : All exceptions caught by httpd along with standard error output from CGI applications are logged here..
The first place you should look when httpd crashes or you incur errors when accessing website.

Domain Access Logs:
Location : /usr/local/apache/domlogs/domain.com
Description : General access log file for each domain configured with cPanel.

Apache Access Logs:
Location : /usr/local/apache/logs/access_log
Description : Complete web server access log records all requests processed by the server.

MySQL Logs

MySQL General Information and Errors:
Location : /var/lib/mysql/$(hostname).err
Description : This path could vary, but is generally located in /var/lib/mysql. Could also be located at /var/log/mysqld.log

 

For more log file locations, there are some great forum posts here and here.

Read More »

Posted (Updated ) in Linux, PHP

I’ve was playing with EasyApache in a WHM install recently and after the upgrade I came across a strange error:

SoftException in Application.cpp:357: UID of script "/home/mysite/public_html/index.php" is smaller than min_uid
Premature end of script headers: index.php

Turns out this error is caused by apache being unable to read files added by root to a users public_html folder. A simple fix for this problem is to

chown -R mysite:mysite /home/mysite/public_html

Thanks to user ronniev of eukhost forums for his solution here.

Read More »

Posted (Updated ) in Uncategorized

Due to the antics of some douchebag (IP address 109.120.34.16) I’ve had to look into blocking pages based on IP address with .htaccess files. This may come in handy to others out there so I figured I’d write up my findings.

To block everyone except specific IPs here’s what you’ll need (more info):

order deny,allow
deny from all
allow from <ip address>

To apply this restriction only to specific files, wrap the above code in the <File> tag:

<Files wp-login.php>
	order deny,allow
	deny from all
	allow from <ip address>
</Files>

Thanks to user NuclearMeltdown on the #httpd channel on Freenode for his assistance.

Read More »

Posted (Updated ) in Linux

Ubuntu 10.10 was the first release of Ubuntu not to have ‘Mark Packages by Task’ working in the Synaptic Package Manager. For those who don’t know, ‘Mark Packages by Task’ is a handy little menu option that allows you to install pre-configured groups of applications very quickly – such as the Samba file server, video and audio creation suites but more importantly to us: a LAMP stack.

To get this nifty tool back where it belongs, just install the tasksel package:

sudo apt-get install tasksel

It should now be where it belongs.

Happy installations.

Read More »

Posted (Updated ) in Linux, PHP

This tutorial will show *nix users how to get a nice notification displaying on their screen when people visit their site using a PHP and a Python script. This isn’t practical for sites with large numbers of visitors but it’s great for people running small sites on their local machines.

Read More »