Setting Up a FAMP Workstation

By Kenneth Bernholm

This page documents one among many ways of setting up a FreeBSD, Apache, MySQL, and PHP (FAMP) workstation.

WARNING: The following procedures are not sufficient for setting up a secure production FAMP server.

FreeBSD

  1. Decide on a domain name {domain} and a top level domain {tld} like example.com for your website.
  2. To make HTTP requests reach your local Apache webserver, add these lines to /etc/hosts:
    127.0.0.1 {domain}.{tld}.localhost

Apache

  1. Install Apache httpd:
    pkg install apache24
  2. Add your FreeBSD user account to the Apache www group:
    pw groupmod www -M {bsd-user}
  3. Make FreeBSD start Apache at boot time by adding these lines to /etc/rc.conf:
    apache24_enable="YES"
  4. Create a folder for your website:
    mkdir /usr/local/www/{domain}.{tld}
  5. Create a self-signed Transport Layer Security (TLS) certificate for Apache httpd:
    1. Decide on a certificate country {cert-country}, state {cert-state}, location {cert-location}, and organisation {cert-organisation}. For example, I personally use Denmark, DK, Copenhagen, and Development.
    2. Store the mkcert script below in your $PATH:
    3. #!/bin/sh
      openssl genrsa -passout pass:$2 -des3 -out $1.key 2048
      openssl req -passin pass:$2 -new -key $1.key -out $1.csr -subj "/C={cert-country}/ST={cert-state}/L={cert-location}/O={cert-organisation}/CN=$1" 
      cp $1.key $1.key.org
      openssl rsa -passin pass:$2 -in $1.key.org -out $1.key
      openssl x509 -passin pass:$2 -req -days 365 -in $1.csr -signkey $1.key -out $1.crt
      chmod 600 $1.*
    4. Create a certificate folder:
      mkdir /usr/local/etc/apache24/certificates
      chmod 600 /usr/local/etc/apache24/certificates
    5. Decide on a certificate password {cert-password}.
    6. In the certificate folder, generate the certificates files:
      cd /usr/local/etc/apache24/certificates/
      mkcert {domain}.{tld} {cert-password}
  6. Create a virtual host for your website in/usr/local/etc/apache24/extra/httpd-vhosts.conf:
    <VirtualHost *:443>
            Servername {domain}.{tld}:443
            ServerAdmin root@localhost
            DocumentRoot /usr/local/www/{domain}.{tld}
            DirectoryIndex index.php index.html
    
            Header set Access-Control-Allow-Methods: POST,PUT,GET,OPTIONS
            Header set Access-Control-Allow-Credentials: true
            Header set Access-Control-Allow-Headers: X-Csrf-Token
            Header append Access-Control-Allow-Headers: X-Requested-With
            Header append Access-Control-Allow-Headers: X-Socket-Id
            Header append Access-Control-Allow-Headers: X-Autocomplete-Session
    
            SetEnvIf Origin ^(https?://(?:.+\.)?{domain}\.{tld}(?::\d{1,5})?)$ CORS_ALLOW_ORIGIN=$1
            Header set Access-Control-Allow-Origin %{CORS_ALLOW_ORIGIN}e env=CORS_ALLOW_ORIGIN
            Header merge Vary "Origin"
    
            <Directory "/usr/local/www/{domain}.{tld}">
                    Options -Indexes +FollowSymLinks -ExecCGI
                    Require all granted
                    AllowOverride All
                    Order allow,deny
                    Allow from all
            </Directory>
    
            ErrorLog "/var/log/{domain}.{tld}-error_log"
            CustomLog "/var/log/{domain}.{tld}-access_log" common
    
            RewriteEngine on
            SSLEngine on
            SSLCertificateFile /usr/local/etc/apache24/certificates/{domain}.{tld}.crt
            SSLCertificateKeyFile /usr/local/etc/apache24/certificates/{domain}.{tld}.key
    </VirtualHost>
  7. Configure Apache to listen for HTTPS traffic on port 443, rewrite requests if necessary, and parse PHP scripts by uncommenting or adding these lines in /usr/local/etc/apache24/httpd.conf:
    ServerName localhost:80
    
    Listen 443
    
    Include etc/apache24/extra/httpd-vhosts.conf	
    
    LoadModule ssh_module
    LoadModule rewrite_module
    
    <FilesMatch "\.php$">
        SetHandler application/x-httpd-php
    </FilesMatch>
    
    <FilesMatch "\.phps$">
        SetHandler application/x-httpd-php-source
    </FilesMatch>
  8. Manually start Apache for the first time:
    service apache24 start

MySQL

  1. Install MySQL:
    pkg install mysql80-server
  2. Make FreeBSD start MySQL at boot time by adding these lines to /etc/rc.conf:
    mysql_enable="YES"
    mysql_args="--bind-address=127.0.0.1"
  3. Manually start MySQL for the first time and optionally secure the installation:
    service mysql-server start
    mysql_secure_installation
  4. Decide on a database username {db-user} and password {db-password}.
  5. Use the MySQL client (the mysql command) to configure the necessary databases, users, and privileges:
    mysql> CREATE DATABASE {domain}_{tld};
    mysql> CREATE USER '{db-user}'@'%' IDENTIFIED WITH mysql_native_password BY '{db-password}';
    mysql> GRANT ALL PRIVILEGES ON {domain}_{tld}.* TO '{db-user}'@'%';
    mysql> FLUSH PRIVILEGES;
  6. If you have an existing database dump available, source it into MySQL (the pv command is optional):
    cat database-dump.sql | pv | mysql -u {db-user} p{db-password} {domain}_{tld}

PHP

  1. Install PHP and the necessary modules (your requirements may vary):
    pkg install \
    mod_php82 \
    php82-composer2 \
    php82-session \
    php82-dom \
    php82-tokenizer \
    php82-simplexml \
    php82-fileinfo \
    php82-xml \
    php82-xmlwriter \
    php82-xmlreader \
    php82-zip \
    php82-iconv \
    php82-pdo \
    php82-gd \
    php82-zlib \
    php82-ftp \
    php82-calendar \
    php82-pdo_mysql \
    phpunit10-php82 \
    composer2

Congratulations. You should now be able to access your website at https://{domain}.{tld}.localhost/