Continued from previous blog entry. We will next edit configuration files and test the entire stack;
H. Edit the configuration files.
* Edit the /etc/apache2/php.ini file to set PHP options.
With PHP5, there is no longer any automatic loading of the mysql interface module.
You need to explicitly cause it, and any other extention modules needed, to be
loaded. To do this, edit the php.ini file and add two lines;
1. Verify that your build of php5 did create the module you need;
# ls -l /usr/local/lib/php/extensions/no-debug-non-zts-20050922/
total 1088
-rwxr-xr-x 1 root root 103144 Aug 29 21:48 mysql.so
-rwxr-xr-x 1 root root 429948 Aug 29 21:48 mysqli.so
Find the line(s) in php.ini that starts with;
; Directory in which the loadable extensions (modules) reside.
extension_dir =
and edit the line to become;
extension_dir = "/usr/local/lib/php/extensions/no-debug-non-zts-20050922/"
If you had installed PHP5 to another location, adjust the above line
accordingly.
2. Next, find this block of the php.ini file;
;;;;;;;;;;;;;;;;;;;;;;
; Dynamic Extensions ;
;;;;;;;;;;;;;;;;;;;;;;
and ADD the following line;
extension=mysql.so
Now, you will not go nuts trying to understand why your apache2/PHP5 can not
connect to MySQL.
3. Next, Edit the /etc/apache2/httpd.conf file to load the PHP module.
Find the line that contains "php5_module".
The path on the right hand side of the LoadModule statement must point to the path of
the PHP module on your system. This path will be RELATIVE to /usr/apache2 on your system.
(So it is really /usr/apache2/libexec/libphp5.so)
The gmake install of PHP5 from above should have already added this for you,
but be sure to check.
LoadModule php5_module libexec/libphp5.so
We want to have Apache2 parse the .php extension for web page file names as PHP.
Find the "AddType" section of your /etc/apache2/httpd.conf file, and add this line;
AddType application/x-httpd-php .php
Some users prefer to omit the above line from httpd.conf, and instead add
'application/x-httpd-php php phtml'
to the /etc/apache2/mime.types file. Either way is fine.
I. Start Apache2 and Test.
WARNING: If you have activated apache 1.3 previously, either via other SAMP articles, the
Companion CD scripts, or manually, a collision will result when you try to proceed below.
* It is important to disable apache 1.3 before proceeding.
Ensure that Apache 1.3 is disabled:
#svcs -a | grep apache
legacy_run Sep_11 lrc:/etc/rc3_d/S50apache
shows that a legacy rc startup script for apache 1.3 is /etc/rc3_d/S50apache.
The script looks for the existance of a configuration file for apache at
/etc/apache/httpd.conf
and will not start apache 1.3 if the file is missing. To disable apache 1.3, either ensure
that there is no file at the above path, or (maybe a little extreme) rename the startup script from;
/etc/rc3_d/S50apache
to
/etc/rc3.d/OFF-S50apache
Only scripts that start with the letter "S" will actually be executed at startup time.
START APACHE 2:
# svcadm enable apache2
# svcs | grep -i apache2
online 18:07:10 svc:/network/http:apache2
If Apache2 started successfully, you can use the "ps" command, and should see several
processes similar to below;
# ps -ef | grep http
webservd 18592 3802 0 Sep 11 ? 0:03 /usr/apache2/bin/httpd -k start
webservd 13093 3802 0 Sep 08 ? 0:07 /usr/apache2/bin/httpd -k start
Don't be alarmed to find approximately 10 of the above processes.
Also, do not be alarmed by this process;
root 498 1 0 Jul 17 ? 1:28 /usr/apache/bin/httpd -f /etc/apache/httpd-standalone-ipp.conf
It is simply the older apache 1.3 being used by the Internet Print Protocol (IPP) listener
on network port 631. Since it is not running on port 80, it will not conflict with your
web server configuration here.
7. Next, let's put something useful for testing in the apache2 web server's
"DocumentRoot" directory. Using your choice of text editor, create the
following file (web page) and call it phpinfo.php
<html>
<body>
<p>Hello World</p>
<?php phpinfo(); ?>
</body>
</html>
Place that in your DocumentRoot directory as defined by the Apache httpd.conf file.
If you aim your web browser at http://your-host-name/phpinfo.php
and all is working, then you should get detailed information about the
configuration of PHP, Apahce, and MySQL. Note that after testing, it is
advised to either remove the above web page, or protect it with http authentication,
as it reveals a large amount of information about your site that would be useful
to an attacker.
By now, you have noticed that the above phpinfo web page basically only really tests apache and PHP
working together. While the output will show you information about the MySQL client being enabled,
it does not actually test connections to the MySQL server. Almost 99% of the time, if you made it this
far, you can simply install a PHP/MySQL application and expect things to work. However, if you are
one of those frustratingly hyper-analytical personality types that likes to dwell on completeness, accuracy,
and testing almost everything, below is a simple PHP web page that will do the following;
a. Attempt to open a connection to MySQL from a php page.
b. Select the "mysql" database name, which is a db that exists after all MySQL installations.
c. Show the list of table names that exist inside the mysql database.
Most of the code is taken from examples of function usage in the PHP manual.
Copy the PHP code below into a file (web page) and name it something like simple-test.php.
Edit the file and insert the password for connecting to your mysql server.
Place the file in your web server DocumentRoot (same place you put phpinfo.php earlier).
Here is the php code;
<?php
$db_username = "root"; // EDIT if needed: The username for mysql.
$db_password = "insert-yours-here"; // EDIT ME: this is YOUR password used for mysql.
$db_hostname = "localhost";
$db_name = "mysql"; // name of a database that always exists after install of MySQL
if (!mysql_connect($db_hostname, $db_username, $db_password)) {
echo "Can't connect to MySQL Server";
exit;
}else{
echo "Connection to Mysql server succeeded.";
echo "<br>";
}
// Now query the db and get the list of tables.
$result = mysql_db_query($db_name, "SHOW TABLES");
if (!$result) {
echo "DB Error, could not list tables\n";
echo 'MySQL Error: ' . mysql_error();
exit;
}
echo "<p>The selected database is name is mysql.</p>";
echo "<p>Here is the list of tables</p>";
while ($row = mysql_fetch_row($result)) {
echo "Table: {$row[0]} <br>";
}
mysql_free_result($result);
?>
If you have copied the above correctly, and your software is configured properly, you can point a web
browser at http://yourserver.com/simple-test.php and you should see something like this;
Connection to Mysql server succeeded.
The selected database is name is mysql.
Table: db
Table: func
Table: help_category
Table: help_keyword
Table: help_relation
Table: help_topic
Table: host
Table: proc
Table: procs_priv
Table: tables_priv
Table: time_zone
Table: time_zone_leap_second
Table: time_zone_name
Table: time_zone_transition
Table: time_zone_transition_type
Table: user
8. PHP Security.
Now that you have things working, be warned that the default install
of PHP, and the default options in config file php.ini, are only safe for development
work, but not for a production server that is exposed on a network.
Here is a strongly worded caution:
A. Delete the phpinfo and simpletest php webpages created in step 7 above.
(Or immediately lock them down by protecting the directory they are in with http authentication
of some type.)
B. It is strongly advised that you review a tutorial on securing PHP, such as;
http://www.php.net/manual/en/security.php
http://phpsec.org/projects/guide/
http://www.sitepoint.com/article/php-security-blunders
If you do not have time for that, at least take a look in your php source code directory
at the suggested (more safe) configuration file php.ini-recommended. You may wish to compare
this with the basic starting config file php.ini-dist to see what changes are made for
security and performance of a production site. ( # diff php.ini-dist php.ini-recommended | less )
I hope this has answered a few questions and provided useful hints.
Enjoy your Solaris SAMP server. Our next article will explore building this same set of
packages in 64-bit mode, using the Sun Studio 11 Compilers.
H. Edit the configuration files.
* Edit the /etc/apache2/php.ini file to set PHP options.
With PHP5, there is no longer any automatic loading of the mysql interface module.
You need to explicitly cause it, and any other extention modules needed, to be
loaded. To do this, edit the php.ini file and add two lines;
1. Verify that your build of php5 did create the module you need;
# ls -l /usr/local/lib/php/extensions/no-debug-non-zts-20050922/
total 1088
-rwxr-xr-x 1 root root 103144 Aug 29 21:48 mysql.so
-rwxr-xr-x 1 root root 429948 Aug 29 21:48 mysqli.so
Find the line(s) in php.ini that starts with;
; Directory in which the loadable extensions (modules) reside.
extension_dir =
and edit the line to become;
extension_dir = "/usr/local/lib/php/extensions/no-debug-non-zts-20050922/"
If you had installed PHP5 to another location, adjust the above line
accordingly.
2. Next, find this block of the php.ini file;
;;;;;;;;;;;;;;;;;;;;;;
; Dynamic Extensions ;
;;;;;;;;;;;;;;;;;;;;;;
and ADD the following line;
extension=mysql.so
Now, you will not go nuts trying to understand why your apache2/PHP5 can not
connect to MySQL.
3. Next, Edit the /etc/apache2/httpd.conf file to load the PHP module.
Find the line that contains "php5_module".
The path on the right hand side of the LoadModule statement must point to the path of
the PHP module on your system. This path will be RELATIVE to /usr/apache2 on your system.
(So it is really /usr/apache2/libexec/libphp5.so)
The gmake install of PHP5 from above should have already added this for you,
but be sure to check.
LoadModule php5_module libexec/libphp5.so
We want to have Apache2 parse the .php extension for web page file names as PHP.
Find the "AddType" section of your /etc/apache2/httpd.conf file, and add this line;
AddType application/x-httpd-php .php
Some users prefer to omit the above line from httpd.conf, and instead add
'application/x-httpd-php php phtml'
to the /etc/apache2/mime.types file. Either way is fine.
I. Start Apache2 and Test.
WARNING: If you have activated apache 1.3 previously, either via other SAMP articles, the
Companion CD scripts, or manually, a collision will result when you try to proceed below.
* It is important to disable apache 1.3 before proceeding.
Ensure that Apache 1.3 is disabled:
#svcs -a | grep apache
legacy_run Sep_11 lrc:/etc/rc3_d/S50apache
shows that a legacy rc startup script for apache 1.3 is /etc/rc3_d/S50apache.
The script looks for the existance of a configuration file for apache at
/etc/apache/httpd.conf
and will not start apache 1.3 if the file is missing. To disable apache 1.3, either ensure
that there is no file at the above path, or (maybe a little extreme) rename the startup script from;
/etc/rc3_d/S50apache
to
/etc/rc3.d/OFF-S50apache
Only scripts that start with the letter "S" will actually be executed at startup time.
START APACHE 2:
# svcadm enable apache2
# svcs | grep -i apache2
online 18:07:10 svc:/network/http:apache2
If Apache2 started successfully, you can use the "ps" command, and should see several
processes similar to below;
# ps -ef | grep http
webservd 18592 3802 0 Sep 11 ? 0:03 /usr/apache2/bin/httpd -k start
webservd 13093 3802 0 Sep 08 ? 0:07 /usr/apache2/bin/httpd -k start
Don't be alarmed to find approximately 10 of the above processes.
Also, do not be alarmed by this process;
root 498 1 0 Jul 17 ? 1:28 /usr/apache/bin/httpd -f /etc/apache/httpd-standalone-ipp.conf
It is simply the older apache 1.3 being used by the Internet Print Protocol (IPP) listener
on network port 631. Since it is not running on port 80, it will not conflict with your
web server configuration here.
7. Next, let's put something useful for testing in the apache2 web server's
"DocumentRoot" directory. Using your choice of text editor, create the
following file (web page) and call it phpinfo.php
<html>
<body>
<p>Hello World</p>
<?php phpinfo(); ?>
</body>
</html>
Place that in your DocumentRoot directory as defined by the Apache httpd.conf file.
If you aim your web browser at http://your-host-name/phpinfo.php
and all is working, then you should get detailed information about the
configuration of PHP, Apahce, and MySQL. Note that after testing, it is
advised to either remove the above web page, or protect it with http authentication,
as it reveals a large amount of information about your site that would be useful
to an attacker.
By now, you have noticed that the above phpinfo web page basically only really tests apache and PHP
working together. While the output will show you information about the MySQL client being enabled,
it does not actually test connections to the MySQL server. Almost 99% of the time, if you made it this
far, you can simply install a PHP/MySQL application and expect things to work. However, if you are
one of those frustratingly hyper-analytical personality types that likes to dwell on completeness, accuracy,
and testing almost everything, below is a simple PHP web page that will do the following;
a. Attempt to open a connection to MySQL from a php page.
b. Select the "mysql" database name, which is a db that exists after all MySQL installations.
c. Show the list of table names that exist inside the mysql database.
Most of the code is taken from examples of function usage in the PHP manual.
Copy the PHP code below into a file (web page) and name it something like simple-test.php.
Edit the file and insert the password for connecting to your mysql server.
Place the file in your web server DocumentRoot (same place you put phpinfo.php earlier).
Here is the php code;
<?php
$db_username = "root"; // EDIT if needed: The username for mysql.
$db_password = "insert-yours-here"; // EDIT ME: this is YOUR password used for mysql.
$db_hostname = "localhost";
$db_name = "mysql"; // name of a database that always exists after install of MySQL
if (!mysql_connect($db_hostname, $db_username, $db_password)) {
echo "Can't connect to MySQL Server";
exit;
}else{
echo "Connection to Mysql server succeeded.";
echo "<br>";
}
// Now query the db and get the list of tables.
$result = mysql_db_query($db_name, "SHOW TABLES");
if (!$result) {
echo "DB Error, could not list tables\n";
echo 'MySQL Error: ' . mysql_error();
exit;
}
echo "<p>The selected database is name is mysql.</p>";
echo "<p>Here is the list of tables</p>";
while ($row = mysql_fetch_row($result)) {
echo "Table: {$row[0]} <br>";
}
mysql_free_result($result);
?>
If you have copied the above correctly, and your software is configured properly, you can point a web
browser at http://yourserver.com/simple-test.php and you should see something like this;
Connection to Mysql server succeeded.
The selected database is name is mysql.
Here is the list of tables
Table: columns_privTable: db
Table: func
Table: help_category
Table: help_keyword
Table: help_relation
Table: help_topic
Table: host
Table: proc
Table: procs_priv
Table: tables_priv
Table: time_zone
Table: time_zone_leap_second
Table: time_zone_name
Table: time_zone_transition
Table: time_zone_transition_type
Table: user
8. PHP Security.
Now that you have things working, be warned that the default install
of PHP, and the default options in config file php.ini, are only safe for development
work, but not for a production server that is exposed on a network.
Here is a strongly worded caution:
A. Delete the phpinfo and simpletest php webpages created in step 7 above.
(Or immediately lock them down by protecting the directory they are in with http authentication
of some type.)
B. It is strongly advised that you review a tutorial on securing PHP, such as;
http://www.php.net/manual/en/security.php
http://phpsec.org/projects/guide/
http://www.sitepoint.com/article/php-security-blunders
If you do not have time for that, at least take a look in your php source code directory
at the suggested (more safe) configuration file php.ini-recommended. You may wish to compare
this with the basic starting config file php.ini-dist to see what changes are made for
security and performance of a production site. ( # diff php.ini-dist php.ini-recommended | less )
I hope this has answered a few questions and provided useful hints.
Enjoy your Solaris SAMP server. Our next article will explore building this same set of
packages in 64-bit mode, using the Sun Studio 11 Compilers.
Posted by mokhtari on December 02, 2006 at 08:32 AM PST #