By Kenneth Bernholm
This page documents one among many ways of setting up a FreeBSD, Apache, MySQL, and PHP (FAMP) workstation.
WARNING: The following procedures are not sufficient for setting up a secure production FAMP server.
{domain}
and a top level domain {tld}
like example.com
for your website./etc/hosts
:
127.0.0.1 {domain}.{tld}.localhost
pkg install apache24
www
group:
pw groupmod www -M {bsd-user}
/etc/rc.conf
:
apache24_enable="YES"
mkdir /usr/local/www/{domain}.{tld}
{cert-country}
, state {cert-state}
, location {cert-location}
, and organisation {cert-organisation}
. For example, I personally use Denmark
, DK
, Copenhagen
, and Development
.mkcert
script below in your $PATH
:#!/bin/sh openssl genrsa -passout pass:$2 -des3 -out $1.key 2048 openssl req -passin pass:$2 -new -key $1.key -out $1.csr -subj "/C={cert-country}/ST={cert-state}/L={cert-location}/O={cert-organisation}/CN=$1" cp $1.key $1.key.org openssl rsa -passin pass:$2 -in $1.key.org -out $1.key openssl x509 -passin pass:$2 -req -days 365 -in $1.csr -signkey $1.key -out $1.crt chmod 600 $1.*
mkdir /usr/local/etc/apache24/certificates chmod 600 /usr/local/etc/apache24/certificates
{cert-password}
.cd /usr/local/etc/apache24/certificates/ mkcert {domain}.{tld} {cert-password}
/usr/local/etc/apache24/extra/httpd-vhosts.conf
:
<VirtualHost *:443> Servername {domain}.{tld}:443 ServerAdmin root@localhost DocumentRoot /usr/local/www/{domain}.{tld} DirectoryIndex index.php index.html Header set Access-Control-Allow-Methods: POST,PUT,GET,OPTIONS Header set Access-Control-Allow-Credentials: true Header set Access-Control-Allow-Headers: X-Csrf-Token Header append Access-Control-Allow-Headers: X-Requested-With Header append Access-Control-Allow-Headers: X-Socket-Id Header append Access-Control-Allow-Headers: X-Autocomplete-Session SetEnvIf Origin ^(https?://(?:.+\.)?{domain}\.{tld}(?::\d{1,5})?)$ CORS_ALLOW_ORIGIN=$1 Header set Access-Control-Allow-Origin %{CORS_ALLOW_ORIGIN}e env=CORS_ALLOW_ORIGIN Header merge Vary "Origin" <Directory "/usr/local/www/{domain}.{tld}"> Options -Indexes +FollowSymLinks -ExecCGI Require all granted AllowOverride All Order allow,deny Allow from all </Directory> ErrorLog "/var/log/{domain}.{tld}-error_log" CustomLog "/var/log/{domain}.{tld}-access_log" common RewriteEngine on SSLEngine on SSLCertificateFile /usr/local/etc/apache24/certificates/{domain}.{tld}.crt SSLCertificateKeyFile /usr/local/etc/apache24/certificates/{domain}.{tld}.key </VirtualHost>
/usr/local/etc/apache24/httpd.conf
:
ServerName localhost:80 Listen 443 Include etc/apache24/extra/httpd-vhosts.conf LoadModule ssh_module LoadModule rewrite_module <FilesMatch "\.php$"> SetHandler application/x-httpd-php </FilesMatch> <FilesMatch "\.phps$"> SetHandler application/x-httpd-php-source </FilesMatch>
service apache24 start
pkg install mysql80-server
/etc/rc.conf
:
mysql_enable="YES" mysql_args="--bind-address=127.0.0.1"
service mysql-server start mysql_secure_installation
{db-user}
and password {db-password}
.mysql
command) to configure the necessary databases, users, and privileges:
mysql> CREATE DATABASE {domain}_{tld}; mysql> CREATE USER '{db-user}'@'%' IDENTIFIED WITH mysql_native_password BY '{db-password}'; mysql> GRANT ALL PRIVILEGES ON {domain}_{tld}.* TO '{db-user}'@'%'; mysql> FLUSH PRIVILEGES;
pv
command is optional):
cat database-dump.sql | pv | mysql -u {db-user} p{db-password} {domain}_{tld}
pkg install \ mod_php82 \ php82-composer2 \ php82-session \ php82-dom \ php82-tokenizer \ php82-simplexml \ php82-fileinfo \ php82-xml \ php82-xmlwriter \ php82-xmlreader \ php82-zip \ php82-iconv \ php82-pdo \ php82-gd \ php82-zlib \ php82-ftp \ php82-calendar \ php82-pdo_mysql \ phpunit10-php82 \ composer2
Congratulations. You should now be able to access your website at https://{domain}.{tld}.localhost/