≡ Menu

OpenBSD 5.2 Web Server: Apache + MySql + PHP

OpenBSD is a great OS for hosting Apache/MySQL/PHP web apps. Because OpenBSD locks down Apache by default, and the version of PHP supplied by the OpenBSD team already has several security-enhancing patches in place.

Step 1: Set up the package manager

I’m using OpenBSD mirror at kartolo.sby.datautama.net.id for best speed in Indonesia.

echo installpath=http://kartolo.sby.datautama.net.id/OpenBSD/$(uname -r)/packages/$(uname -m) | sudo tee /etc/pkg.conf

Step 2: Installing Packages

1. Apache 2.2

# pkg_add apache-httpd
apache-httpd-2.2.22:apr-1.4.6p0: ok
apache-httpd-2.2.22:db-4.6.21v0: ok
apache-httpd-2.2.22:apr-util-1.4.1: ok
apache-httpd-2.2.22:pcre-8.30: ok
apache-httpd-2.2.22: ok
The following new rcscripts were installed: /etc/rc.d/httpd2
See rc.d(8) for details.
--- +apache-httpd-2.2.22 -------------------
This is the official httpd distributed by the Apache Server Project,
provided as a port for those who, for various reasons, need to run
version 2.

OpenBSD provides a custom Apache server, httpd(8), in the base system
which has been audited for security and may run in a chroot(2)
environment.  Users are STRONGLY encouraged to use the system httpd
rather than this port.

2. PHP-MySql

# pkg_add php-mysql
Ambiguous: choose package for php-mysql
 a       0: 
         1: php-mysql-5.2.17p6
         2: php-mysql-5.3.14p0
Your choice: 2
php-mysql-5.3.14p0:libiconv-1.14: ok
php-mysql-5.3.14p0:gettext-0.18.1p3: ok
php-mysql-5.3.14p0:libxml-2.7.8p6: ok
php-mysql-5.3.14p0:femail-0.98: ok
php-mysql-5.3.14p0:femail-chroot-0.98p1: ok
php-mysql-5.3.14p0:php-5.3.14p1: ok
php-mysql-5.3.14p0:mysql-client-5.1.63: ok
php-mysql-5.3.14p0: ok
Look in /usr/local/share/doc/pkg-readmes for extra documentation.
--- +php-5.3.14p1 -------------------
To enable the php-5.3 module please create a symbolic link from
/var/www/conf/modules.sample/php-5.3.conf to
/var/www/conf/modules/php.conf. As root:

    ln -sf /var/www/conf/modules.sample/php-5.3.conf /var/www/conf/modules/php.conf

The recommended php configuration has been installed to:
    /etc/php-5.3.ini.
--- +php-mysql-5.3.14p0 -------------------
You can enable this module by creating a symbolic link from
/etc/php-5.3.sample/mysql.ini to
/etc/php-5.3/mysql.ini. As root:

    ln -sf /etc/php-5.3.sample/mysql.ini /etc/php-5.3/mysql.ini

Running the following command:

# cp /var/www/conf/modules.sample/php-5.3.conf /var/www/conf/modules/php.conf
# cp /etc/php-5.3.sample/mysql.ini /etc/php-5.3/mysql.ini

3. MySql Server

# pkg_add mysql-server
mysql-server-5.1.63p0:p5-Net-Daemon-0.43p0: ok
mysql-server-5.1.63p0:p5-PlRPC-0.2018p1: ok
mysql-server-5.1.63p0:p5-Params-Util-1.00p2: ok
mysql-server-5.1.63p0:p5-Clone-0.31p1: ok
mysql-server-5.1.63p0:p5-SQL-Statement-1.33: ok
mysql-server-5.1.63p0:p5-FreezeThaw-0.43p2: ok
mysql-server-5.1.63p0:p5-MLDBM-2.04: ok
mysql-server-5.1.63p0:p5-DBI-1.616: ok
mysql-server-5.1.63p0:p5-DBD-mysql-4.021: ok
mysql-server-5.1.63p0: ok
The following new rcscripts were installed: /etc/rc.d/mysqld
See rc.d(8) for details.
Look in /usr/local/share/doc/pkg-readmes for extra documentation.

Then, run a few commands to initialize MySQL and set a strong password for the MySQL root user. Be sure you can remember it, though. You'll need it later.

3. Setting MySql Instalation

# /usr/local/bin/mysql_install_db
# /usr/local/share/mysql/mysql.server start
# /usr/local/bin/mysqladmin -u root password 'your-password'

4. Secure MySql Instalation

# /usr/local/bin/mysql_secure_installation

5. Installing phpMyAdmin

# pkg_add phpMyAdmin
phpMyAdmin-3.4.10.2:jpeg-8c: ok
phpMyAdmin-3.4.10.2:png-1.5.10: ok
phpMyAdmin-3.4.10.2:t1lib-5.1.2: ok
phpMyAdmin-3.4.10.2:php-gd-5.3.14p0: ok
phpMyAdmin-3.4.10.2:libmcrypt-2.5.8p1: ok
phpMyAdmin-3.4.10.2:libltdl-2.4.2: ok
phpMyAdmin-3.4.10.2:php-mcrypt-5.3.14p0: ok
phpMyAdmin-3.4.10.2: ok
--- +php-gd-5.3.14p0 -------------------
You can enable this module by creating a symbolic link from
/etc/php-5.3.sample/gd.ini to
/etc/php-5.3/gd.ini. As root:

    ln -sf /etc/php-5.3.sample/gd.ini /etc/php-5.3/gd.ini
--- +php-mcrypt-5.3.14p0 -------------------
You can enable this module by creating a symbolic link from
/etc/php-5.3.sample/mcrypt.ini to
/etc/php-5.3/mcrypt.ini. As root:

    ln -sf /etc/php-5.3.sample/mcrypt.ini /etc/php-5.3/mcrypt.ini
--- +phpMyAdmin-3.4.10.2 -------------------
The phpMyAdmin has been installed into /var/www/phpMyAdmin

You should point this to the DocumentRoot of your web-server:
   # ln -s ../phpMyAdmin /var/www/htdocs/phpMyAdmin
(make sure you use a relative symlink since Apache is chrooted)

You can ensure you have a working install by accessing:
http:///phpMyAdmin/index.php

Running the following command:

# cp /etc/php-5.3.sample/gd.ini /etc/php-5.3/gd.ini
# cp /etc/php-5.3.sample/mcrypt.ini /etc/php-5.3/mcrypt.ini

Since Apache is locked away, it can’t talk to the database software, MySQL. The default install doesn’t automatically place MySQL inside Apache’s jail. Currently is impossible for the two to even communicate. You need to move the communication file: /var/run/mysql/mysql.sock

# mkdir /var/www/var/
# mkdir /var/www/var/run/
# mkdir /var/www/var/run/mysql/

To make Apache happy we have to place this special file inside the jail. This can be done on startup using your handy rc.local file.

# nano /etc/rc.local

Put the following lines:

if [ -x /usr/local/bin/mysqld_safe ]; then
    echo -n " mysqld"
    /usr/local/bin/mysqld_safe --user=_mysql --log=/var/log/mysqld
    sleep 4
    rm -f /var/www/var/run/mysql/mysql.sock
    ln /var/run/mysql/mysql.sock /var/www/var/run/mysql/mysql.sock
fi

Step 3: Start OAMP services automatically

# nano /etc/rc.conf.local

put the following lines:

mysqld_flags=""
httpd_flags=""
pkg_scripts="mysqld"

Step 4: Reboot

Once everything is installed and configured to start automatically, reboot to make sure everything starts up as expected.

reboot

Step 5: Testing

Create phpinfo file:

echo "" | sudo tee /var/www/htdocs/phpinfo.php

Open phpinfo script:

http://your-OpenBSD-ip-address/phpinfo.php

phpInfo OpenBSD

Open phpMyadmin:

http://your-OpenBSD-ip-address/phpMyAdmin

phpmyadmin openbsd

Ref:
– http://www.h-i-r.net/p/hirs-secure-openbsd-apache-mysql-and.html
– http://www.openbsdsupport.org/e107_CMS.html

{ 7 comments… add one }
  • giyang April 5, 2013, 8:36 pm

    Hi!

    Thanks for your directions. I can running Webserver now.

    How ever I can’t running phpmyadmin.  I did follow install but I can only see like


    Not Found
    The requested URL /phpMyAdmin/index.php was not found on this server.

    Do you have any thought and help can get that one?

    Giyang

  • Kang Asep April 6, 2013, 1:49 am

    @giyang have you run this command : ln -s ../phpMyAdmin /var/www/htdocs/phpMyAdmin ?

  • jose cely April 19, 2013, 10:27 am

    Thanks a lot!
    I wrote and spanish article based on yours work:

    http://josecely.tecsua.com/?p=158

  • tom June 15, 2013, 4:12 pm

    hi,its    echo -n ” mysqld” or    echo -n “mysqld” ?

     

    Your tut maybe working but not for me… im using apache that comes by default.

    can it be the reason?

    i followed the OAMP tutorial from hir. the same you followed and its working.

    when i try to install your phpmyadmin way, i cant see any phpmyadmin and it gives an error at boot:

    mysqld130615 – mysqld_safe Logging to ‘/var/mysql/mymachine.localdomain.error

    and also this:

    ln: /var/run/mysql/mysql.sock: No such file or directory

     

  • Kang Asep June 28, 2013, 1:29 pm

    i use echo -n ” mysqld”

    are you sure that you’re installing mysql correctly ?

  • Daniel August 29, 2013, 1:22 pm

    Just for info, since this is first result of google query “apache mysql php openbsd” on google, there are no reasons for add apache-httpd packet since openbsd have native apache demon httpd. If you are going to install it you need to include

    pkg_scripts="httpd2"

    into your /etc/rc.conf.local instead of “mysqld_flags=”.

    If you need to run apache2 into your obsd it’s ok, but with this tutorial your going to install apache2 package but going to configure your server as apache 1 (httpd_flags=””) since you need to install ap2 package (for php, mysql etc) and take your configuration directory as /var/apache2 .

    As of mysql rc.local script, that’s cool tip but you can however force mysql to use tcp connection and avoid socket script specifying 127.0.0.1 instead localhost into your php connection scripts.

     

    Anyway your tutorial is cool but “# pkg_add apache-httpd” is useless passage.

  • Daniel August 29, 2013, 1:24 pm

    errata correge:

    into your /etc/rc.conf.local instead of “mysqld_flags=”.

    became

    into your /etc/rc.conf.local instead of “httpd_flags=”.

Leave a Comment

CAPTCHA
*