Install Apache, MySQL, and PHP On Fedora

Jun 4th, 09 / 0 Comments /

I recently decided to try something new and perform a custom install of an AMP stack on my Fedora 10 box. I configure, build, and install everything by hand. It was an extremely rewarding experience (because it works and you learn a ton about your Linux box), but it took a while.

I kept track of each step along the way with the hopes it might help others at some point. The reason for the exercise was to give the newly released PHP 5.3 RC 2 a run through with FormBoss. I’m happy to report FormBoss runs without issue, so let’s hit the road and see if we can get you up and running too.

6/11/10 Update – Turns out this exercise has had other benefits as well. GoDaddy servers have a rather ancient build of Fedora 7 (oldy, but goodie), which in turns means the MySQL you get is a memory-leak happy 5.0.45. Unfortunately Fedora 7 has long been abandoned for updates, which means you simply cannot update past 5.0.90, and even then, though some rather risky third part channels.

For me then the solution was to roll my own custom build of MySQL to the server and deploy it in a hot-swap- manner. One hint I can give on doing this is to make sure you build a virtual machine test box and test before you try it live. So for example, you can still download Fedora 7, so I did and created a very close copy of my existing server on a virtual box. With the base system set up I took a virtual machine ‘snapshot’ for easy rollbacks if I borked something up.

Important notes:

  • I start in my ~/home directory. You’ll notice a few lines down I create a directory called source–this is where I download all files to, and you will see me dive in and back out of this directory repeatedly
  • Speaking of which, you’ll also notice I tried to include all shell code, and I mean all. Where I change directories, you’ll see cd /* and cd ../ The idea is one could literally follow along step-by-step.
  • See that [#YOUR_USER_NAME] below in the code? Because I want to issue sudo instead of using root the whole time, I need to be on the ‘list’ of sudoers, which by default on a Fedora install you won’t be. Thus, we need to use the visudo utility to update our /etc/sudoers file with your user name and give it all privileges. However, you could always skip this and simply su – to root, but apparently nerds frown upon that.
  • Any instructions in parenthesis () are not shell commands but a keystroke or an action you need to perform in the Desktop environment. For example, the (INSTALL ‘Development file for the Ncurses Library’) line means we need to use the excellent System > Add/Remove Software tool to find and install that package.
  • We use /opt/ to install everything into as opposed to /usr/local/. Apparently this is a good thing, as it helps us keep /usr/local/ cleaner.
  • However, that also means we need to add the /opt directory to our shell, which is outlined below.
  • Lines with a double dash – + – are comments, aimed at breaking each section into smaller parts.
  • I’m using Fedora 64 bit, though x32 should be the same process mostly
  • I was not able to get several PHP extensions installed, notably SSL, XML, and GD. SSL and XML was mainly due to external libraries not being found, and could have been fixed if I had more time. GD was because their is a known error with Athlon 64 Processors and some library named libtool — this compatibility problem causes a build error which prevents a shared version of the JPEG library from being installed, which blah blah, problem problem. I was too tired by that point to care. You can always ./configure and make PHP again, that’s the beauty of the ‘self roll’ process. In short, I’ll get it fixed soon, but for now, the important point is that the instructions below allow you to use FormBoss or any number of modern apps just fine. That said, because I’m not using GD, you can skip the Freetype and JPEG steps.
  • I should give a small disclaimer–these instructions should work, but just to be safe, build yourself a virtual test box (or boot drive) that you don’t care about for play times like this.

On to the code:

– Tested On Fedora 10 – x86_64, but works on basically any Fedora release from 7 on up–

–PREP

We need to be root to perform almost every step here, and we can become root by using:

su – [then typing password in Fedroa ]
sudo + the command we want [ Ubuntu ]

The su – method (Substitute User) may be easiest, as it allows us to skip the next step and is probably safer.

This is because in Fedroa like distros in order to use sudo we need to be a sudoer,
which the next step will allow us to become.

However, using su – gives us the same root access without needing to edit the sudoers file.
It should be noted that in Debian distros (Ubuntu), we can use sudo right out of the gate.

Which one you’ll want to use is up to you, though I suggest the su – method for Fedora. If you decide to use that, simply remove any reference to sudo in the code below, as you will already be impersonating the super (root) user, and the command is therefor redundant.

If you want to add your self to the sudores list:

  1. visudo
  2. i
  3.  
  4. –add the next line towards the bottom near a similar entry for ROOT
  5. [#YOUR_USER_NAME] ALL=(ALL) ALL
  6. (ESCAPE)
  7. :x

With that done, lets create some directories.

  1. sudo mkdir /opt/man
  2. sudo mkdir /opt/man/man1
  3. sudo mkdir /opt/bin
  4. sudo mkdir /opt/sbin
  5. sudo mkdir /opt/lib
  6. sudo mkdir /opt/share

Now let’s install some software using yum or apt-get. Yum for Fedora, apt-get for Ubuntu as in:

yum install libxml

apt-get install libxml

(INSTALL ‘Development file for the Ncurses Library’)
(INSTALL ‘Libxml development tools’)
(INSTALL ‘Files for development of applications which will use OpenSSL’)
(INSTALL ‘OpenSSL crypto plug-in for XML Security Files’)
(INSTALL ‘Files needed for building applications with libcurl’)

(Create the user and group ‘apache’, if you haven’t already)
(Create the user and group ‘mysql’, if you haven’t already)

–Do in the GUI if possible as: System > Administration > Users and Groups)
Important note: We want to set the home directory of the MySQL user to be where the
database table data is stored–in most environments this will be /var/lib/mysql/

  1. cd ~/

–SET SHELL PATH FOR BUILDING TO /opt

  1. vi .bashrc
  2. i
  3. export PATH="/opt/bin:/opt/sbin:/opt/mysql/bin:/opt/apache2/bin:/opt/php5/bin:$PATH"
  4. (ESCAPE)
  5. :x
  6. . ~/.bashrc
  7. $PATH
  1. mkdir source
  2.  
  3. cd source

–APACHE

  1. curl -O http://www.alliedquotes.com/mirrors/apache/httpd/httpd-2.2.11.tar.gz
  2. tar xzvf httpd-2.2.11.tar.gz
  3. cd httpd-2.2.11
  4. ./configure –prefix=/opt/apache2 –enable_rewrite=shared –enable-mods-shared=all
  5. make
  6. sudo make install
  7.  
  8. cd ../

** Please see Auto Start and troubleshooting below for more hints and tricks.

–MYSQL

  1. curl -O http://mirror.services.wisc.edu/mysql/Downloads/MySQL-5.1/mysql-5.1.34.tar.gz
  2. tar xzvf mysql-5.1.34.tar.gz
  3. cd mysql-5.1.34
  4. ./configure –prefix=/opt/mysql –with-charset=utf8 –with-plugins=myisam,innobase
  5. make
  6. sudo make install
  7. cd /opt/mysql
  8.  
  9. sudo bin/mysql_install_db –user=mysql

** Please be sure to checkout the Auto Start section below for hints on auto loading MySQL.

–Quick note:
This chown and chgrp step is also done to the directory where the MySQL table data resides, which for most servers will be at [ /var/lib/mysql ]. It is important to note that this directory will only exist in new installs after the mysql_install_db step, but of course in existing setups, may already exist.

  1. chown -R mysql .
  2. chgrp -R mysql .

–Start MySQL

  1. sudo bin/mysqld_safe –user=mysql &
  2. or…
  3. service mysqld start

–Set the root passwords and allow localhost access.

  1. sudo bin/mysqladmin -u root password new-password
  2. sudo bin/mysqladmin -u root -p -h localhost.localdomain password new-password

–helpful paths

  1. /etc/my.cnf — config file
  2. /var/lib/mysql — data directory

–PHP AND RELATED FILES

–get back to ~/home/source if not already

  1. cd ~/home/source

–FREETYPE (OPTIONAL)

http://freetype.sourceforge.net/download.html#stable

  1. cd ~/home/source
  2. curl -O http://mirrors.zerg.biz/nongnu/freetype/freetype-2.3.9.tar.bz2
  3. tar xjf freetype-2.3.9.tar.bz2
  4. cd freetype-2.3.9
  5. ./configure –enable-shared –enable-static –prefix=/opt
  6. ./configure –prefix=/opt
  7. make
  8. make install

–JPEG (OPTIONAL)

  1. cd ~/home/source
  2. curl -O http://www.ijg.org/files/jpegsrc.v6b.tar.gz
  3. tar xzvf jpegsrc.v6b.tar.gz
  4. ./configure –prefix=/opt
  5. make
  6. make test
  7. sudo make install

–PHP CORE

  1. cd ~/home/source
  2. curl -O http://downloads.php.net/johannes/php-5.3.0RC2.tar.bz2
  3. tar xjf php-5.3.0RC2.tar.bz2
  4. cd php-5.3.0RC2

The following configure command assumes a 64-bit OS! If you have a 32-bit OS, you should be able to remove any reference to the ’64-bit’ options, or replace or remove any instance of ’64′.

  1. ./configure '–prefix=/opt/php5' '–with-apxs2=/opt/apache2/bin/apxs' '–with-config-file-scan-dir=/opt/php5/php.d' '–with-iconv' '–with-zlib=/usr' '–with-zlib-dir=/usr' '–with-xmlrpc' '–with-iconv-dir=/usr' '–enable-soap' '–enable-sockets' '–enable-mbstring' '–enable-calendar' '–enable-bcmath' '–enable-cgi' '–enable-zip' '–enable-sysvsem' '–enable-sysvshm' '–enable-sysvmsg' '–with-curl' '–with-mysql=/opt/mysql' '–with-mysqli=/opt/mysql/bin/mysql_config' '–with-pdo-mysql=/opt/mysql' '–with-libxml-dir=/usr/lib64,/opt/php5' '–with-kerberos=/usr' '–with-pdo-mysql=/opt/mysql' '–with-mysql-sock=/var/lib/mysql/mysql.sock'
  1. make
  2. make test
  3. sudo make install

–END OF INSTALL PROCESS. NOW TIME TO CONFIGURE.

–configure Apache config to work with PHP

  1. sudo gedit /opt/apache2/conf/httpd.conf

First we comment out this next line as we are going to use a different config style in the Debian tradition of having conf.d/ directories for better separation of settings. It should be said though that if we had installed Apache and PHP using Fedora’s built-in package manager it would use this same style we are about to set up:

  1. #LoadModule php5_module modules/libphp5.so

–add towards the bottom near the other includes (this is the include dir we’ll use):

  1. # Various default settings
  2. Include conf.d/*.conf

–search for:
User [some user, possibly daemon or your user name]
Group [some group, possibly daemon or your user name]

–and change user and group to: apache

  1. User = apache
  2. Group = apache
  1. cd /opt/apache2/conf/
  2. mkdir /conf.d
  3.  
  4. cd conf.d

–add two files (vi alias.conf and vi php.conf or however you create text files):

  1. vi alias.conf
  2. vi php.conf

–the above step should be able to be done with your still open gedit,
as you sudo (gksudo if on Ubuntu) launched it

–open (again vi or gedit) php.conf and add:

  1. #
  2. # PHP is an HTML-embedded scripting language which attempts to make it
  3. # easy for developers to write dynamically generated webpages.
  4. #
  5.  
  6. LoadModule php5_module modules/libphp5.so
  7.  
  8. #
  9. # Cause the PHP interpreter to handle files with a .php extension.
  10. #
  11. AddHandler php5-script .php
  12. AddType text/html .php
  13.  
  14. #
  15. # Add index.php to the list of files that will be served as directory
  16. # indexes.
  17. #
  18. DirectoryIndex index.php
  19.  
  20. #
  21. # Uncomment the following line to allow PHP to pretty-print .phps
  22. # files as PHP source code:
  23. #
  24. #AddType application/x-httpd-php-source .phps

–save and close

–open alias.conf and add (mind the last line about changing the ‘name’ setting!)

  1. #
  2. # Aliases: Add here as many aliases as you need (with no limit). The format is
  3. # Alias fakename realname
  4. #
  5. # Note that if you include a trailing / on fakename then the server will
  6. # require it to be present in the URL. So "/icons" isn't aliased in this
  7. # example, only "/icons/". If the fakename is slash-terminated, then the
  8. # realname must also be slash terminated, and if the fakename omits the
  9. # trailing slash, the realname must also omit it.
  10. #
  11. # We include the /icons/ alias for FancyIndexed directory listings. If you
  12. # do not use FancyIndexing, you may comment this out.
  13. #
  14. # **Change all instances of matt to be your user name**
  15.  
  16. Alias /home "/home/matt/public_html/"
  17. Options Indexes FollowSymLinks
  18. AllowOverride All
  19. Order allow,deny
  20. Allow from all

–save and close

This next step creates a public_html directory for our current user.
You can make this whatever you want, but be mindful that it must match the
Alias /home “/home/matt/public_html/” setting from the previous step.

  1. mkdir ~/public_html

–USER AND GROUP FOR WEB INFO

– I like to create a user and group called www that both my user (matt)
– and apache belong too, then then set the [user] and [group] of my web folder
– (public_html), to www. So long as apache, matt, and www are members of the
– www group, I can write files, apache can serve them, and everyones happy.
– Even better, I can chmod -R 770 on the public_html folder, which means we
– have no world anything on that folder.
– At any rate, our apache config expects a public_html folder, so eiether create
– one or change the config to something else.

A Note on Security:

In some cases you may have a problem getting Apache to read from your web directories. If this happens, a common result will be a web page error like:

You don’t have permission to access / on this server.

To fix something like this the first step is to check our error logs…only problem is, the error log will say the same thing as the web page, that the page could not be accessed.

However, we may get lucky and see a more specific error like:
(13)Permission Denied

If so, this is good because it tells us that we have an operating system error, not an Apache configuration file one.

To help solve this issue, as an interesting exercise we can use the su command to see exactly what the server does when a file access operation happens.

To do so, we enter this command:
su – apache -s /bin/bash

We are now impersonating the Apache user, complete with access privileges.

We can then issue a cat command, for example:

cat /home/matt/public_html/formboss/index.php

…which will give us the Permission Denied error if we had the (13)Permission Denied message.

If this is the case, then it means that at some point in our file path to the web folder we have a set of permissions that prevent Apache from accessing files. The italic part is key — We can set say, 755 on the:

/home/matt/public_html

folder, but if the:

/home/matt

directory has 700, then that setting will prevent the downstream folder from granting Apache access, even when the specific folder Apache wants has the correct permissions!

To fix this then we simply set 755 on the entire path all the way to root.

-Auto Start Apache and MySQL

It would be quite undesirable for us to have to restart each service after a reboot. The good news is the chkconfig program makes this really easy to set our services to autoload.

When we install MySQL or Apache using the package manager we will get a startup scripts installed to:
/etc/init.d/

Though in a custom build like ours, we have to move these files manually. I know this is a bit of a cheat, but please check Apache and MySQL documentation for the directions on what files we need to move. It should be a simple one-file move though.

We can then issue a chkconfig command that refers to that script such that at the next bootup, the service starts automatically.

in our case we will issue:
(please note those are double dashes below – -)

  1. chkconfig –add mysqld
  2. chkconfig –level 345 mysqld on
  3. chkconfig –add httpd 345
  4. chkconfig –level 345 httpd on

Please note that on Ubuntu we can install chkconfig, but most scripts do not support this tool, but rather upstart or BUM (Boot Up Manager).

All Done?

A ask that as a question as much can go wrong. However, if we did everything right we can find our  home page (public_html) by typing this into a browser:

http://localhost/home

SELinux to the Rescue?

With this done we still have to deal with the important SELinux system.

I’ll have to recheck this at some point, but for now I’ll just paste in what I wrote at the time I was setting up my initial server:

6. SELinux creates some issues for us when trying to use home directories:

http://beginlinux.com/server_training/web-server/976-apache-and-selinux

Issue: getsebool -a | grep httpd

To see that the home directory serving is off.

Navigate to the public_html directory as root and issue:
restorecon -R -v ‘.’.

This should allow for proper access.

In order to allow HTTP to write files, we need:
httpd_TYPE_script_rw_t

via: chcon -R -t httpd_sys_script_rw_t *

in our web directory or possibly:

chcon -R -t httpd_user_script_rw_t *

In a nutshell, you will get errors when trying to serve web pages without doing these and possibly other tasks. Doubly so with PHP, and even more so with PHP trying to write files to the file system.

Apparently many users get fed up with SELinux and end up turning it off–I’m not adverse to that. I realize it’s a great system, but honestly, I routinely hear of even seasoned veterans getting fed up in the same manner.

If you want to disable SELinux you can do so by editing your /etc/selinux/config file by changing :

SELINUX=Enforcing

to

SELINUX=disabled

You will then need to retag your file system, which will take a reboot.

In Closing

I consider this R1, and hope to improve upon this post in the coming weeks. Any thoughts, let ‘em be heard!

UPDATE LOG

6/8/09 – Fedora 11 is being released in a few days, will be updating this code on a new build.
6/11/10 – Updated with more detailed steps for command line MySQL setup.

Linux/Web Servers, PHP
>>

Leave a Comment

* are Required fields