OpenBSD is a great OS for hosting Apache/MySQL/PHP web apps. Because OpenBSD locks down Apache by default, and the version of PHP supplied by the OpenBSD team already has several security-enhancing patches in place.
Step 1: Set up the package manager
I’m using OpenBSD mirror at kartolo.sby.datautama.net.id for best speed in Indonesia.
|
1 |
echo installpath=http://kartolo.sby.datautama.net.id/OpenBSD/$(uname -r)/packages/$(uname -m) | sudo tee /etc/pkg.conf |
Step 2: Installing Packages
1. Apache 2.2
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 |
# pkg_add apache-httpd apache-httpd-2.2.22:apr-1.4.6p0: ok apache-httpd-2.2.22:db-4.6.21v0: ok apache-httpd-2.2.22:apr-util-1.4.1: ok apache-httpd-2.2.22:pcre-8.30: ok apache-httpd-2.2.22: ok The following new rcscripts were installed: /etc/rc.d/httpd2 See rc.d(8) for details. --- +apache-httpd-2.2.22 ------------------- This is the official httpd distributed by the Apache Server Project, provided as a port for those who, for various reasons, need to run version 2. OpenBSD provides a custom Apache server, httpd(8), in the base system which has been audited for security and may run in a chroot(2) environment. Users are STRONGLY encouraged to use the system httpd rather than this port. |
2. PHP-MySql
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 |
# pkg_add php-mysql Ambiguous: choose package for php-mysql a 0: <none> 1: php-mysql-5.2.17p6 2: php-mysql-5.3.14p0 Your choice: 2 php-mysql-5.3.14p0:libiconv-1.14: ok php-mysql-5.3.14p0:gettext-0.18.1p3: ok php-mysql-5.3.14p0:libxml-2.7.8p6: ok php-mysql-5.3.14p0:femail-0.98: ok php-mysql-5.3.14p0:femail-chroot-0.98p1: ok php-mysql-5.3.14p0:php-5.3.14p1: ok php-mysql-5.3.14p0:mysql-client-5.1.63: ok php-mysql-5.3.14p0: ok Look in /usr/local/share/doc/pkg-readmes for extra documentation. --- +php-5.3.14p1 ------------------- To enable the php-5.3 module please create a symbolic link from /var/www/conf/modules.sample/php-5.3.conf to /var/www/conf/modules/php.conf. As root: ln -sf /var/www/conf/modules.sample/php-5.3.conf /var/www/conf/modules/php.conf The recommended php configuration has been installed to: /etc/php-5.3.ini. --- +php-mysql-5.3.14p0 ------------------- You can enable this module by creating a symbolic link from /etc/php-5.3.sample/mysql.ini to /etc/php-5.3/mysql.ini. As root: ln -sf /etc/php-5.3.sample/mysql.ini /etc/php-5.3/mysql.ini |
Running the following command:
|
1 2 |
# cp /var/www/conf/modules.sample/php-5.3.conf /var/www/conf/modules/php.conf # cp /etc/php-5.3.sample/mysql.ini /etc/php-5.3/mysql.ini |
3. MySql Server
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 |
# pkg_add mysql-server mysql-server-5.1.63p0:p5-Net-Daemon-0.43p0: ok mysql-server-5.1.63p0:p5-PlRPC-0.2018p1: ok mysql-server-5.1.63p0:p5-Params-Util-1.00p2: ok mysql-server-5.1.63p0:p5-Clone-0.31p1: ok mysql-server-5.1.63p0:p5-SQL-Statement-1.33: ok mysql-server-5.1.63p0:p5-FreezeThaw-0.43p2: ok mysql-server-5.1.63p0:p5-MLDBM-2.04: ok mysql-server-5.1.63p0:p5-DBI-1.616: ok mysql-server-5.1.63p0:p5-DBD-mysql-4.021: ok mysql-server-5.1.63p0: ok The following new rcscripts were installed: /etc/rc.d/mysqld See rc.d(8) for details. Look in /usr/local/share/doc/pkg-readmes for extra documentation. Then, run a few commands to initialize MySQL and set a strong password for the MySQL root user. Be sure you can remember it, though. You'll need it later. |
3. Setting MySql Instalation
|
1 2 3 |
# /usr/local/bin/mysql_install_db # /usr/local/share/mysql/mysql.server start # /usr/local/bin/mysqladmin -u root password 'your-password' |
4. Secure MySql Instalation
|
1 |
# /usr/local/bin/mysql_secure_installation |
5. Installing phpMyAdmin
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 |
# pkg_add phpMyAdmin phpMyAdmin-3.4.10.2:jpeg-8c: ok phpMyAdmin-3.4.10.2:png-1.5.10: ok phpMyAdmin-3.4.10.2:t1lib-5.1.2: ok phpMyAdmin-3.4.10.2:php-gd-5.3.14p0: ok phpMyAdmin-3.4.10.2:libmcrypt-2.5.8p1: ok phpMyAdmin-3.4.10.2:libltdl-2.4.2: ok phpMyAdmin-3.4.10.2:php-mcrypt-5.3.14p0: ok phpMyAdmin-3.4.10.2: ok --- +php-gd-5.3.14p0 ------------------- You can enable this module by creating a symbolic link from /etc/php-5.3.sample/gd.ini to /etc/php-5.3/gd.ini. As root: ln -sf /etc/php-5.3.sample/gd.ini /etc/php-5.3/gd.ini --- +php-mcrypt-5.3.14p0 ------------------- You can enable this module by creating a symbolic link from /etc/php-5.3.sample/mcrypt.ini to /etc/php-5.3/mcrypt.ini. As root: ln -sf /etc/php-5.3.sample/mcrypt.ini /etc/php-5.3/mcrypt.ini --- +phpMyAdmin-3.4.10.2 ------------------- The phpMyAdmin has been installed into /var/www/phpMyAdmin You should point this to the DocumentRoot of your web-server: # ln -s ../phpMyAdmin /var/www/htdocs/phpMyAdmin (make sure you use a relative symlink since Apache is chrooted) You can ensure you have a working install by accessing: http://<localhost>/phpMyAdmin/index.php |
Running the following command:
|
1 2 |
# cp /etc/php-5.3.sample/gd.ini /etc/php-5.3/gd.ini # cp /etc/php-5.3.sample/mcrypt.ini /etc/php-5.3/mcrypt.ini |
Since Apache is locked away, it can’t talk to the database software, MySQL. The default install doesn’t automatically place MySQL inside Apache’s jail. Currently is impossible for the two to even communicate. You need to move the communication file: /var/run/mysql/mysql.sock
|
1 2 3 |
# mkdir /var/www/var/ # mkdir /var/www/var/run/ # mkdir /var/www/var/run/mysql/ |
To make Apache happy we have to place this special file inside the jail. This can be done on startup using your handy rc.local file.
|
1 |
# nano /etc/rc.local |
Put the following lines:
|
1 2 3 4 5 6 7 |
if [ -x /usr/local/bin/mysqld_safe ]; then echo -n " mysqld" /usr/local/bin/mysqld_safe --user=_mysql --log=/var/log/mysqld sleep 4 rm -f /var/www/var/run/mysql/mysql.sock ln /var/run/mysql/mysql.sock /var/www/var/run/mysql/mysql.sock fi |
Step 3: Start OAMP services automatically
|
1 |
# nano /etc/rc.conf.local |
put the following lines:
|
1 2 3 |
mysqld_flags="" httpd_flags="" pkg_scripts="mysqld" |
Step 4: Reboot
Once everything is installed and configured to start automatically, reboot to make sure everything starts up as expected.
|
1 |
reboot |
Step 5: Testing
Create phpinfo file:
|
1 |
echo "<?php phpinfo(); ?>" | sudo tee /var/www/htdocs/phpinfo.php |
Open phpinfo script:
|
1 |
http://your-OpenBSD-ip-address/phpinfo.php |
Open phpMyadmin:
http://your-OpenBSD-ip-address/phpMyAdmin
Ref:
– http://www.h-i-r.net/p/hirs-secure-openbsd-apache-mysql-and.html
– http://www.openbsdsupport.org/e107_CMS.html
Hi!
Thanks for your directions. I can running Webserver now.
How ever I can’t running phpmyadmin. I did follow install but I can only see like
”
Not Found
The requested URL /phpMyAdmin/index.php was not found on this server.
”
Do you have any thought and help can get that one?
Giyang
@giyang have you run this command : ln -s ../phpMyAdmin /var/www/htdocs/phpMyAdmin ?
Thanks a lot!
I wrote and spanish article based on yours work:
http://josecely.tecsua.com/?p=158
hi,its echo -n ” mysqld” or echo -n “mysqld” ?
Your tut maybe working but not for me… im using apache that comes by default.
can it be the reason?
i followed the OAMP tutorial from hir. the same you followed and its working.
when i try to install your phpmyadmin way, i cant see any phpmyadmin and it gives an error at boot:
mysqld130615 – mysqld_safe Logging to ‘/var/mysql/mymachine.localdomain.error
and also this:
ln: /var/run/mysql/mysql.sock: No such file or directory
i use echo -n ” mysqld”
are you sure that you’re installing mysql correctly ?
Just for info, since this is first result of google query “apache mysql php openbsd” on google, there are no reasons for add apache-httpd packet since openbsd have native apache demon httpd. If you are going to install it you need to include
into your /etc/rc.conf.local instead of “mysqld_flags=”.
If you need to run apache2 into your obsd it’s ok, but with this tutorial your going to install apache2 package but going to configure your server as apache 1 (httpd_flags=””) since you need to install ap2 package (for php, mysql etc) and take your configuration directory as /var/apache2 .
As of mysql rc.local script, that’s cool tip but you can however force mysql to use tcp connection and avoid socket script specifying 127.0.0.1 instead localhost into your php connection scripts.
Anyway your tutorial is cool but “# pkg_add apache-httpd” is useless passage.
errata correge:
into your /etc/rc.conf.local instead of “mysqld_flags=”.
became
into your /etc/rc.conf.local instead of “httpd_flags=”.