Tag Archives: Apache

Roll your own MAMP development environment

Pre-packaged MAMP, LAMP, and WAMP stacks have been common on developer’s computers for years. Such packages are convenient because they provide a single-step install process, with all components in the server stack preconfigured to work together, and off you go.

Except when they don’t.

I’ve learned from experience that these packages have ways of making you pay for the convenience you enjoyed up front. If you have ever needed to:

  • Install a PHP extension that wasn’t already provided in your stack
  • Run a specific version of PHP or MySQL
  • Install PEAR packages
  • Install SSL certificates
  • Run command-line PHP scripts

…you may have encountered some ugly, time-wasting surprises along the way.

It pays to know your environment inside and out. Today, it is quite easy to roll your own Apache-MySQL-PHP stack on Windows, Linux, or even Mac OS X. Continue reading

How to install an SSL certificate for Apache, from start to finish

  1. Create an SSL key to use to generate the certificate signing request

    (Save this, you’ll need it to install the certificate). To generate the keys for the Certificate Signing Request (CSR) run the following command from a terminal prompt:

    openssl genrsa -des3 -out server.key 1024
    Generating RSA private key, 1024 bit long modulus
    .....................++++++
    .................++++++
    unable to write 'random state'
    e is 65537 (0x10001)
    Enter pass phrase for server.key:

    Enter a passphrase.

    Now we’ll remove the passphrase from the key, so that you don’t have to enter this passphrase whenever you restart Apache:

    openssl rsa -in server.key -out server.key.insecure
    mv server.key server.key.secure
    mv server.key.insecure server.key
  2. Generate a certificate signing request

    openssl req -new -key server.key -out server.csr

    It will prompt you to enter Company Name, Site Name, Email Id, etc. Once you enter all these details, your CSR will be created and it will be stored in the server.csr file.

    You can now submit this CSR file to a Certificate Authority (CA) for processing. The CA will use this CSR file and issue the certificate.

  3. Purchase an SSL certificate

    You will be asked to supply the CSR that you generated in #2.

  4. Install the SSL key from #1, the SSL certificate from #3, and the SSL issuer root certificates (aka “bundle” or “chain”).

    On an Ubuntu server, I usually upload the files here:

    /etc/apache2/ssl/domain.com.key
    /etc/apache2/ssl/domain.com.crt
    /etc/apache2/ssl/domain.com.bundle
  5. Modify your Apache vhost

    Note: Apache only supports one SSL vhost per IP address.

    Replace {ip_address} with the public IP address of the server:

    <VirtualHost {ip_address}:443>
        DocumentRoot /var/www/vhosts/domain.com
    
        SSLEngine on
        SSLVerifyClient none
        SSLCertificateFile /etc/apache2/ssl/domain.com.crt
        SSLCertificateKeyFile /etc/apache2/ssl/domain.com.key
        SSLCertificateChainFile /etc/apache2/ssl/domain.com.bundle
    
        <Directory /var/www/vhosts/domain.com>
            AllowOverride All
            order allow,deny
            allow from all
            Options -Includes -ExecCGI
            AddOutputFilterByType DEFLATE text/html text/plain text/css text/xml application/x-javascript
        </Directory>
    </VirtualHost>
  6. Restart Apache

    /etc/init.d/apache2 restart

That’s all!

Solved: “Access Denied” errors when calling signtool.exe from PHP

SIGHntool, why must you give me such grief?

I have spent the last 8 hours trying to figure out why Microsoft’s signtool.exe code signing utility refuses to work when called from PHP’s system() or shell_exec() functions on my WAMP server:

C:\build> "C:\Program Files\InstallMate 7\Tools\signtool.exe" sign /v /f codesignedcert.pfx Setup.exe 2>&1

The following certificate was selected:
    Issued to: <redacted>.
    Issued by: UTN-USERFirst-Object
    Expires:   5/12/2012 6:59:59 PM
    SHA1 hash: <redacted>

Done Adding Additional Store

Attempting to sign: C:\build\Setup.exe

Number of files successfully Signed: 0
Number of warnings: 0
Number of errors: 1

SignTool Error: ISignedCode::Sign returned error: 0x80090010

	Access denied.

SignTool Error: An error occurred while attempting to sign: C:\build\Setup.exe

Note: the 2>&1 at the end of the signtool call is essential if you want to capture error messages which are emitted to STDERR instead of STDOUT. Yes, I lost an hour or two just on that.

Dead ends

  • Windows 7 apparently sets the read-only attribute on all files, and it isn’t easy to turn that attribute off. But since other file operations worked from PHP, this wasn’t the issue.
  • Prefacing the signtool call with CMD /C didn’t help.
  • Setting full control file permissions on the C:\build folder for Guest, SYSTEM, and any other user account I could think of didn’t help either.
  • Wrapping signtool in a batch file was an exercise in futility.

The maddeningly frustrating thing was that signtool worked great when called from the command line — just not from PHP!

An aha! moment

The issue turned out to be pretty stupid, as they usually do. I merely had to change the account that Apache was running as to that of a normal user, instead of the default local system account.

services.msc - changing the Apache user

Uploading large files: covering all the bases

When uploading a file to a PHP script on an Apache web server, there are several configuration options that if improperly set can get in the way. I just encountered yet another one of these, and decided to catalog them here.

Size, Time, and Memory

There are three types of limits that affect file uploads, and the weakest link in the chain is your effective limit.

If your size limit is set to 3gb, but your time limit does not allow for the time required to upload that much data, you’ll still be unable to upload those large files. Likewise, the ability to upload does no good if you do not have enough memory to process the file that was uploaded.

Assumptions

This post assumes an 8MB upload limit (8mb x 1024kb x 1024 bytes = 8388608). You will want to adjust this number up or down according to your needs.

Oddly, although 8mb is the default value for PHP’s upload_max_filesize setting, some of the other default settings are much lower (2mb, or in some cases, only 100k).

PHP limits

upload_max_filesize = 8388608
post_max_size = 8388608
max_input_time = 60

Depending on what you’re doing with the uploaded files, you may also need to increase your memory limit:

memory_limit = 64MB

Apache limits

If LimitRequestBody is set to something non-zero, you may need to increase its value in your Apache httpd.conf file or .htaccess file:

LimitRequestBody 8388608

If you are using mod_fcgid (required to run the latest PHP 5.3 VC9 NTS build for Windows), then you need to set the value of FcgidMaxRequestLen, which defaults to 100k if it is not set. (Note that some systems may put mod_fcgid settings in a file separate from the main httpd.conf file).

FcgidMaxRequestLen 8388608
FcgidIOTimeout 60

Happy uploading!

Skype hijacks port 80

Imagine my dismay and perplexity today when Apache suddenly stopped working on my development PC. Checking the Windows event log revealed this error:

The Apache service named  reported the following error:
>>> (OS 10048)Only one usage of each socket address (protocol/network address/port) is normally permitted.  : make_sock: could not bind to address 0.0.0.0:80

Aha! Another service is using port 80, preventing Apache from binding to that port. But what? I wondered if I had caught some terrible malware serving out who-knows-what…

However, a quick Google search revealed Skype as the culprit!

skype