System administration and programming
         | | | | | |      


Note: This page is no more maintained as of 2003-01-01.

MySQL + Apache + PHP + (PHPLIB) + OpenSSL/mod_ssl installation and configuration

Jun Da (

URL: http://
Version 2.2.
Page last updated: 2020-05-19.

Table of contents

  1. Before you begin
  2. Operating systems
  3. Software to download
  4. Installation
    1. OpenSSL
    3. Webmin
    4. MySQL
    5. Apache (with optional mod_ssl)
    6. PHP
    7. phpMyAdmin
    8. PHPLIB
    9. DBI and Msql-Mysql
  5. After installation
    1. Simple sample code
  6. Previous versions
  7. Disclaimer

This is my quick cookbook of a web server (with database backend) running on a Unix box. Most instructions found in this tutorial are either available online or included in those INSTALL/README docs that come with the source packages. It took me quite a while to put all the pieces of the puzzle together. Hence here is this document to save you some time. Please note that this tutorial is by no means a substitution of the original documentation from those packages. It is suggested that you consult them whenever necessary.

Please read the Disclaimer before you proceed!

1. Before you begin

1.1 Tips for using this document

It is recommended that you read, or at least skim through this document before attempting to build and install the software packages.

To print this document, it is suggest that you use Netscape Version 4 (for better printout layout).

1.2 Objectives

There are two objectives we want to achieve:

  1. A web server with database support on a UNIX system. Specifically, we are talking about running the Apache web server with MySQL as the database backend, PHP as the server-side scripting language (loaded as a dynamically linked module), and OpenSSL/mod_ssl for secure data transmission.
  2. Web-based interfaces for performing most system administration tasks including Apache and MySQL configuration/administration.

1.3 Hardware requirement

In order to compile MySQL successfully with reasonable speed, it is suggested that your machine has a 200MHz (or better) CPU with 64M+ RAM.

1.4 Conventions used in this tutorial

Following the unix convention, I will use the # sign to indicate that the shell command is to be executed by the superuser (root) and the % sign by ordinary shell user in the rest of this tutorial.

2. Operating system(s)

Instructions provided in this tutorial are based on FreeBSD 4.9   (Previous versions were tested on FreeBSD 4.1, 4.3, 4.6, 4.6.2, 4.7 and 4.8, respectively). They have also been tested on RedHat Linux 8. With minor modifications such as folder paths or location of system init files, the instructions provided here should be applicable to other UNIX systems as well.

My FreeBSD box is a 'minimal installation', i.e., bare-bone OS that contains the necessary compilers, etc.. When you have a fresh FreeBSD installation, choose the 'minimal installation' option if you are going to use your UNIX box as a server (e.g., for web and email services) only (i.e., without using the X-window system). My Linux box is also a barebone installation, i.e., only the operating system and development tools (cc compilers, etc.) are installed.

With a few modifications such as system init scripts, the installation instructions provided here should be applicable to other UNIX flavors. Notes about Linux will be provided where appropriate.

3. Software to download

We will use /usr/src/local as the folder to store all the downloaded packages. Before downloading, you need to become the superuser and create the /usr/src/local folder.

% su root 
# mkdir /usr/src/local
# cd /usr/src/local

Now grab all the source packages listed below. Remember to download the source code only (but not pre-compiled binary packages). Note also that by the time you read this tutorial, version numbers may be different.

Suppose we save all the downloaded software packages in the /usr/src/local folder, we now unpack all the gzipped and tarred files. For example, to unpack the apache package, we issue the following commands:

# gunzip apache_1.3.29.tar.gz 
# tar xvf apache_1.3.29.tar

(Or alternatively, you can use

# tar zxvf apache_1.3.29.tar.gz

to unpack the gzipped tarball all at once if the tar on your system supports the z option.)

Repeat the above procedure for every gzipped tarball you have downloaded.

4. Installation

We are going to install the different packages in the order given below:

  1. OpenSSL (Optional)
  2. Net_SSLeay (Optional, Perl module. Requires Perl5.005 or better)
  3. Webmin (Optional but strongly recommended)
  4. MySQL
  5. Apache (with MM, mod_ssl, etc.)
  6. PHP
  7. phpMyAdmin (Optional but strongly recommended)
  8. PHPLIB (Optional)
  9. mod_gzip (Optional)
  10. DBI and Msql-Mysql (Optional)

It is suggested that you follow the order of installation as given above, since some packages (e.g., mod_ssl) will depend on other packages (being installed properly).

Further, PHP Version 4 will be installed as dynamically linked modules within the Apache web server. Note that PHP can also be used from the command line. For more information, check out the webpage at

4.1 Install OpenSSL (Optional)

Please read the LEGAL NOTICE at concerning the use of strong cryptography software in your country or location.

If you are not interested in running Apache for secure transactions (that requires mod_ssl), you can skip this section.

Though FreeBSD (Version 4.3 or later) comes with OpenSSL preinstalled as part of the base OS, we still want to want to use the latest version.

# cd openssl-0.9.7d/
# ./config
# make
# make test
# make install

# cd ..

4.2 Install (Optional) is a Perl module that is optionally required by the Webmin package for secure data transmission between your browser and Webmin. It is strongly recommended that you install this module.

Install the Perl module as follows:

# cd
# perl Makefile.PL
# make test
# make install


  1. During make test, you may get error messages saying that the test has failed. This happens when testing against external sites. You can ignore the message and continue with make install.
  2. Other Perl modules may be required before you will be able to install Net_SSLeay, depending on the version of Perl available on your system.

4.3 Install Webmin

Webmin is an excellent web-based administration tools package for various Unix systems. With the package installed, you can perform many system tasks such as user management, Samba and Apache configuration, etc. through a web browser.

Suppose that you have already unpacked the Webmin tarball, you can install the package using the following command:

# cd webmin-1.140
# ./

During installation, just accept all the defaults when prompted (except, of course, the administrator's username and password). Note that the installation script will automatically test to see if you have NET_SSLeay installed. If it finds it, it will install webmin with secure transaction.

If you use the default port number for Webmin installation with secure connection support, you can access your Webmin installation using:


Without encryption, you will use http:// instead.

Don't forget to restrict access privileges to the IPs that you use. To do this, use the Webmin Configuration module and set up restricted IP address(es) (Webmin configuration -> IP access control). You can do this after everything is installed.

(To uninstall Webmin, find the script and run it. If you accept the default settings during installation, the script is located in the /etc/webmin/ folder.)

4.4 Install MySQL

Installing MySQL involves four steps:

  1. Create both a user and group account (for running MySQL in a sandbox);
  2. Configure, compile and install MySQL;
  3. Run a few post-installation routines; and
  4. Set up relevant system init scripts so that MySQL will be automatically started or shutdown during system reboot.

4.4.1 Create a user and group account

We will create a user account called mysql and a group account mysql. Again, the account is to be used for running MySQL in a sandbox. The following applies to FreeBSD:

# pw groupadd mysql
# pw useradd mysql -g mysql -d /usr/local/mysql -s /nonexistent

The pw command is for FreeBSD system only. If you are using other Unix systems, please use the corresponding commands on your system. Alternatively, you can use Webmin to add the mysql group and username.

Remember to disable the shell login for the mysql user! (FYI, in our case, the -s /nonexistent option does the trick.)

4.4.2 Compile and install the software

We will install everything under the /usr/local/mysql folder

# cd mysql-4.0.18
# ./configure --prefix=/usr/local/mysql
# make
# make install


  1. the option --prefix=/usr/local/mysql will get all MySQL files installed under that particular folder. Another common option is to use --prefix=/usr/local. Either option will work but the former is my personal preference. As far as I can see, the advantage of using the former is that when you want to uninstall the package, you just trash the entire /usr/local/mysql folder without worrying about accidentally deleting other system files.

4.4.3 Run MySQL for the first time

After MySQL is installed, run the following commands only ONCE:

# /usr/local/mysql/bin/mysql_install_db
# chown -R mysql:mysql /usr/local/mysql/var 
# /usr/local/mysql/bin/mysqld_safe --user=mysql &
# /usr/local/mysql/bin/mysqladmin -u root password newpassword

where newpassword is the password you choose for the root user (of the database but NOT the system superuser).

4.4.4 Start MySQL after system reboot

This step is to automatically start or stop mysql when system reboots.

There is a file called mysql.server within your unpacked mysql-4.0.18/support-files folder.

On FreeBSD

Copy the same mysql-4.0.18/support-files/mysql.server file into the /usr/local/etc/rc.d folder, rename it as and make it executable.

# cp mysql.server /usr/local/etc/rc.d/
# chmod 755 /usr/local/etc/rc.d/

Modify one line in the script to let mysql server run as the user mysql. Locate the following line (Line 134 or nearby)

$bindir/safe_mysqld --datadir=$datadir --pid-file=$pid_file &

and add the --user=mysql option. After modification, the line should look like the following:

$bindir/safe_mysqld --user=mysql --datadir=$datadir --pid-file=$pid_file &


  1. Please read Chapter 6 Section 6.5 of FreeBSD Handbook ( for information about the /usr/local/etc/rc.d folder. In very simple terms, any scripts (with the .sh extension) placed inside the folder will be executed when the system boots up or is shutdown.
  2. An alternative is to use the /etc/rc.local to automatically start or stop mysql server. To do this, add the following line into the /etc/rc.local file. If there is no rc.local file, create one yourself (and make it executable).
/etc/ start

Add the following line into the /etc/rc.shutdown file:

/etc/rc.d/mysql.server stop

On a Linux box

Copy the mysql-4.0.18/support-files/mysql.server file into the /etc/rc.d/init.d/ folder and create a softlink in the /etc/rc.d/rc3.d folder. e.g.

# ln -s /etc/rc.d/init.d/ /etc/rc.d/rc3.d/S91mysql

We need to make mysql.server excutable so that it will be fired up when the system reboots:

# chmod 755 /etc/rc.d/init.d/

Again, you need to modify the mysql.server script to include the --user=mysql option as per instruction in the FreeBSD subsection above.

4.4.5 Secure MySQL

It is strongly suggested that you read the following document about securing your MySQL server after you install everything covered in this tutorial:

In particular, read this page to find out how MySQL privilege system works.

If you are impatient :-), here is a minimal configuration to get things started (All the operations are done to the mysql database (which is automatically set up when you run the install_db command mentioned above. You can use the phpMyAdmin tool (to be installed later at this tutorial) for configuration.):

  1. Create a new database (e.g., mydb);
  2. In the user table, add localhost to the host field; add a username (e.g., foo) and password (e.g. mysecret). All the privileges should remain unchanged, i.e., set to 'N'. Note that foo is not a Shell user!
  3. In the db table, add localhost to the host field; add the username (foo) you just created to the user field; add the new database name (e.g., mydb) to the db field; set the permissions for 'select, insert, update and delete' to 'Y'.

This will allow foo to access the database mydb with the select, insert, update and delete privileges from localhost only.

4.4.6 Reconfigue MySQL at runtime

Basic MySQL tuning can be done through the my.cnf configuration file. There are several sample my.cnf located at mysql-4.0.18/support-files folder. Pick up that suits your hardware configuration and copy the file onto either the /etc or (usr/local/)mysql/var/ folder.

4.5 Install Apache (with mod_ssl as an optional module)

PHP can be built into Apache in two modes: 1) Statically linked; 2) Dynamically linked. In this tutorial, we build dynamically linked PHP modules. (As we noted before, PHP can also be used from the command line. For more information, check out the webpage at
Please refer to the older version of this tutorial for building PHP as a static module (Note that the older version is no longer updated).

Installing Apache and PHP involves six steps in the following order:

  1. Install MM (shared memory);
  2. Install Apache;
  3. Install PHP;
  4. Configure Apache for running PHP;
  5. Create and link system init scripts;
  6. Manually fire up Apache;
  7. Test your installation.

4.5.1 Compile the MM Shared Memory Library

Note: Instructions for compiling both MM and mod_ssl come from the INSTALL file from the mod_ssl package.

# cd mm-1.3.0/
# ./configure --disable-shared
# make
# make test
# cd ..

4.5.2 Configure mod_ssl (optional)

We will just run the configure command below (but NOT make). If you do not install this module, delete the lines SSL_BASE=../openssl-0.9.7c \ and --enable-module=ssl \ in the following apache configuration : (Note: Don't forget to untar Apache first!)

# cd mod_ssl-2.8.16-1.3.29
# ./configure --with-apache=../apache_1.3.29
# cd ..

Note: remember to unpack Apache tarball first.

4.5.3 Compile and install Apache

We will install apache under the /usr/local/apache folder. Modify the --prefix= option if you want to install it elsewhere.

Suppose that both Apache and other packages (e.g., mod_ssl, mm, etc.) are untarred under the same parent folder. The installation commands are listed below. Read the notes below for some explanation before running them.

# cd apache_1.3.29
# SSL_BASE=../openssl-0.9.7c \
  EAPI_MM=../mm-1.3.0 \
  ./configure \
  --prefix=/usr/local/apache \
  --enable-module=ssl \
  --enable-module=so \
  --enable-module=log_agent \
  --enable-module=log_referer \
  --enable-module=proxy \
  --enable-module=rewrite \
  --enable-module=speling \
  --enable-module=usertrack \
  --enable-module=vhost_alias \	
  --suexec-uidmin=1000 \
# make
# make certificate TYPE=dummy        (if you choose to install mod_SSL)
# make install


  1. There are many --enable-module= options there. I find them very useful for myself.
  2. If you optionally installed openssl-0.9.7c following the instruction earlier this tutorial, you can specify the location as SSL_BASE=../openssl-0.9.7c \ in the corresponding line above. Otherwise, omit this option.
  3. If you do not want to install mod_ssl, get rid of that option. You can take a look at for all available modules. The command

        ./configure --help

    will give you a list of all the core modules available.
  4. It is more efficient and less prone to typos if you create a text file with all the configure options in it and execute that file. For example, your text file can contain the following content (Modify it to meet your own needs):
SSL_BASE=../openssl-0.9.7c \
EAPI_MM=../mm-1.3.0 \
./configure \
     --prefix=/usr/local/apache \
     --enable-module=ssl \
     --enable-module=so \
     --enable-module=log_agent \
     --enable-module=log_referer \
     --enable-module=proxy \
     --enable-module=rewrite \
     --enable-module=speling \
     --enable-module=usertrack \
     --enable-module=vhost_alias \
	--disable-module=include \
	--suexec-uidmin=1000 \

Suppose you edit the file and save it as You can issue the following command at the shell prompt:

# chmod +x
# ./

4.5.4 Create a login name for basic user authentication

By default, all the files and folder under the web root folder is viewable by everyone. If you need to restrict access to a certain web folder (which is the case for running phpMyAdmin), you need to create a login name for authentication. Note that this login name is different from (Shell) user accounts on your Unix box. You can choose any login name.

The following command will create a login name mynewuser which can be used for authentication to access a protected folder.

# /usr/local/apache/bin/htpasswd -c /home/www/userdb/userfile mynewuser

where /home/www/userdb is the folder which contains the file userfile which in turn contains the username mynewuser. With the option -c, a new userfile will be created. Otherwise the userfile will be updated (when, for example, you want to add a new user to the existing userfile or change the password associated with the username).

4.5.5 Set up a password protected folder

Suppose the folder /home/www/securefoldername needs to be protected. Only an authenticated user (which requires login with both a username and password) from a certain IP address (in our example, the 192.168 subnet or with the domain name can access it. In the /usr/local/apache/conf/httpd.conf file, add the following:

<Directory "/home/www/securefoldername">
AllowOverride AuthConfig
AuthType Basic
AuthUserFile /home/www/userdb/userfile
Order deny,allow Deny from all Allow from 192.168.

Note that MYCOMMUNITY is an arbitrary string I choose. You can use a different string as long as you keep it consistent in the following .htaccess file. If you do not want IP address restriction (so that you can access the folder from anywhere, simply comment out the three lines in bold.

In the /home/www/securefoldername folder, create the .htaccess file (don't forget  about the leading dot (.) in front of htaccess) which contains the following lines:

AuthType Basic
AuthUserFile /home/www/userdb/userfile
AuthGroupFile /dev/null
Require user mynewuser

The /home/www/securefoldername will now be protected with basic authentication (i.e., username/password are passed along in clear text). Only the username mynewuser from a computer whose IP address is in the 192.168 subnet or whose IP address can be mapped onto the domain will be able to view pages hosted within that folder. We will use this folder to install the phpMyAdmin files later.

4.5.6 Modifying system init file

To manually start Apache

# /usr/local/apache/bin/apachectl start

To start apache in secure mode:

# /usr/local/apache/bin/apachectl startssl

To automatically start Apache at system reboot, do the following:


Create a soft link to the apachectl script as follows:

# ln -s /usr/local/apache/bin/apachectl /usr/local/etc/rc.d/

Note that you have to include the .sh extension to the soft link.


The /etc/rc.d/rc.local file can be modified so that Apache will be fired at system reboot. Add the following line at the very end of the file:

/usr/local/apache/bin/apachectl start

4.6 Install PHP (with ZendOptimizer as an option)

We are going to compile PHP4 as a dynamically linked module in Apache.

4.6.1 Compile and install PHP

First, we compile and install PHP4.

# cd ../php-4.3.4
# EAPI_MM=../mm-1.3.0 \
  ./configure --with-apxs=/usr/local/apache/bin/apxs \
   --with-mysql=/usr/local/mysql --enable-track-vars
# make
# make install
# cp php.ini-dist /usr/local/lib/php.ini

Again, if the configure command has too many options, simply create a text file, put everything in it and execute it.

Note that there is an optimized php.ini file called php.ini-optimized. Please read the documentation about the differences between the two php.ini files. If you want to be on the safe side, use the generic php.ini-dist file.

4.6.2 Configure Apache to enable PHP scripting

This is done by modifying the /usr/local/apache/conf/httpd.conf file and make sure the following line is present exactly as below (What you need to do is to uncomment (i.e., delete the # sign at the beginning of) the two lines in the default httpd.conf file):

AddType application/x-httpd-php .php .php3
AddType application/x-httpd-php-source .phps

The .php3 extension is included in the above line for the sake of backward compatibility, i.e., when you need to run, for example, previous written PHP scripts with that particular file extension.

You may also want to enable default index.php execution by adding index.php and/or index.php3 to the following apache directive:

<IfModule mod_dir.c>
     DirectoryIndex index.php index.html index.php3

IMPORTANT: Before you restart Apache, run the following command to test your new configuration:

# /usr/local/apache/bin/apachectl configtest

4.6.3 Optional: Installing Zend Optimizer

Installing Zend Optimizer is optional but recommended since it speeds things up (at least according to the website). To install, run the script after you untar the package. The ZendOptimizer_UserGuide.pdf (under data/doc) provides instructions on how to install the package.

For your information, if the script does not work, you can install Zend Optimizer manually as shown below (copied directly from OLDER version of Zend optimizer package):

Under UNIX:

  1. Compile PHP 4.0 in non-debug mode - or else the Zend Optimizer won't load. As of 4.0.1, this is the default, no special configure option is required.
  2. Copy the file (under data/4_3_x_com) to your system; a good place to put it is in the /usr/local/Zend/lib directory.
  3. Add the following two lines to your php.ini file; do not add any extra spaces or tabs:
  4. Restart your Apache web server
# /usr/local/apache/bin/apachectl restart

4.6.4 Test your new server configuration

You can test all the configurations by creating a file (name it info.php, for example) and place it under the root directory of your web server. (If you haven't modified the DocumentRoot option in the httpd.conf file, the web server root is at /usr/local/apache/htdocs folder.) The file should just contains one line:

<?php phpinfo(); ?>

Run the script through a web browser and you should see a list of web server configuration parameters you have just set up.

Rename the file you just created as info.php. Run it through your web browser. This will display your PHP installation parameters.

At this time, you can optionally reboot your machine to make sure that the two servers (MySQL and Apache) are fired up at system reboot.

4.7 Optional: Install phpMyAdmin for MySQL administration

phpMyAdmin is optional, though I find it quite handy when administering MySQL server.

Untar the phpMyAdmin file in a protected folder such as the one we just created above. It is suggested that you password protect the folder and implement IP access restriction at the same time (See relevant instrutions above).

Modify the file to add the root password of your MySQL server.

Remove the READ ('r') permission bit of this particular folder which contains the phpMyAdmin scripts. To do this, you can simply use the following command:

% cd phpMyAdminfolder
% chmod go-r .

This will prevent those users with shell login privileges to read your MySQL root passport through Shell (e.g., via telnet) access.

Now you can administer your MySQL database from a web browser.

Let us create our first database for use with the following PHPLIB installation.

  1. Create a database. It's easy with phpMyAdmin's web interface.
  2. Create a user in the mysql database by adding a user to the user table.
    E.g., username=mydbuser, password=secret, host=localhost.
    There is no need to change any permissions in that table. That is, leave anything else to N.
  3. Add the user info to the db table of the mysql database and change permissions for select, insert, delete and update to Y. Leave other permissions untouched.

You need to consult the MySQL manual for further information about its privilege systems, etc.. Webmin also has support to MySQL administration. Reload MySQL from the phpMyAdmin top page.

4.8 Optional: Install PHPLIB

Installing PHPLIB is optional but recommended if you are serious about PHP scripting. PHPLIB is an excellent library that will enable you to code in PHP more efficiently and cleanly.

Note that PHPLIB was first developed for PHP3 and there may be some incompatibility issues involved with PHP4.

To install the library, do the following:

4.8.1 Uncompress the source code

Uncompress the downloaded tarball (phplib-7.4.tar.gz) into a folder parallel to your web server's document root. For example, if your web root is at /home/www/docroot, you uncompress the phplib-7.4.tar.gz file in the /home/www folder.

After uncompressing, you will find a new folder named phplib-7.4, which further contains a subfolder called php. This is where the library code is.

4.8.2 Modify the PHP init file

Edit the /usr/local/lib/php.ini file by adding the following two lines:

include = "/path/to/the/php"
auto_prepend_file =  "/path/to/prepend.php3"

4.8.3 Create a container database for PHPLIB to use

Now we need to create a database for PHPLIB to use. Add the appropriate entries in MySQL:

Host: localhost
Database: mydb
Username: mydbuser
Password: secrete

where mydb is the database and mydbuser/secrete the username/password pair to be used by PHPLIB.

4.8.4 Add the database/username/password information to the file

First, modify the DB_Example lines in the file to add the above information.

Then, run the following command:

$ /usr/local/mysql/bin/mysql -h localhost -u root -p mydb < /whateverpath/phplib-7.4/stuff/create_database.mysql

Now you should be able to use the PHPLIB for your coding. Check out this sample code page to see how to connect to a database with or without PHPLIB support.

PHPLIB can be customized for each virtual web server that is running on your unix box via the apache httpd.conf directive. If you need information or help with configuration, please contact me.

4.9 Optional: Install DBI and Msql-Mysql

Sometimes you will find it more convinient to manipulate MySQL databases using Perl. To do that, you need both the DBI and Msql-Mysql modules installed. Those modules can be downloaded from or

Installing Perl mdules uses the following standard procedure:

# cd /path/to/perl-module
# perl Makefile.PL # make # make test # make install

You can ignore the error message about using proxy servers when installing the DBI module. You will unlikely need this feature if you only use Perl script to interface with the MySQL database on a localhost.

Another way of installing Perl modules is like this: Become the superuser first and then:

# perl -MCPAN -e shell

Very often it is more convinient to use this method.

5 After installation

Sit back and take a break! You've done a great job within a very short period of time.

Two pieces of simple SAMPLE CODES can be found here to get started!

If you want to learn SQL in general, read this very informative tutorial. Tutorials on PHP scripting can be found by following links provided on the official PHP website (e.g., and (note: dead link now)). PHPLIB also simplifies quite a few things.

Finally, the two must-haves are:

  1. MySQL Reference Manual;
  2. PHP Manual.

6. Previous versions

Older versions: 1.0, 1.1, 1.2, 2.0, 2.1

7. Disclaimer

The standard disclaimer applies :-)

  1. This tutorial is provided as it is. Use it at your own risk! The author is not responsible for any explicit or implicit damages of whatever kinds. 
  2. Please check your local laws concerning installing security software packages such as OpenSSL/mod_ssl on your system. The author of this tutorial does not assume any responsibility (whether stated or implied) of any kinds concerning the use of those software applications.

If you have any questions concerning this tutorial, feel free to use the online form or email me at