I’m blogging this mostly for my reference as I occasionally reinstall my laptop and always forget the steps to get back to a good state.
- Ubuntu Linux 10.10 desktop
- Apache 2.2
- MySQL 5.1
- PHP 5.2
Firstly, install Ubuntu 10.10. Make sure you opt to encrypt your home directory. While this means it’s difficult to recover contents of your home directory in the event of an OS crash, it’s also means you can sleep at night knowing that if you lose your laptop you haven’t lost your intellectual property. The system overhead for doing this is not really noticable. The down side of this is that you cannot access the files unless you’re logged on (see the bit later about the projects directory and Apache).
Now, let’s install Apache, MySQL and PHP. Note that I’m installing some extra packages that I need for my development purposes.
bob@bob-laptop:~$ sudo apt-get install libapache2-mod-php5 mysql-server php5-mysql bob@bob-laptop:~$ sudo apt-get install php5-curl php-pear # some extras I use bob@bob-laptop:~$ sudo apt-get install openssh-server subversion bzr # some extras I use
During the installation of those packages you’ll be asked for a password for the MySQL root user. I always use “root” for my convenience. You can use whatever you like. This user does not have root access to the system, but will have full access to the MySQL databases. By default MySQL only listens on the localhost interface so an insecure password like “root” is acceptable for my purposes. You’ll see later that we can shift certain databases to reside on the encrypted home directory if that’s important to you.
Set up the projects directory
I like to keep all my web stuff in a subdirectory of my home directory called projects. The full path to that will be /home/bob/projects. In order to be able to browse these projects with Apache I’ll put a symlink in /var/www (Apache’s default web root directory) to it.
Here’s a terminal session where I create the projects directory.
bob@bob-laptop:~$ mkdir ~/projects bob@bob-laptop:~$ sudo ln -s ~/projects /var/www/projects bob@bob-laptop:~$ ls -l /var/www total 4 -rw-r--r-- 1 root root 177 2011-12-11 15:30 index.html lrwxrwxrwx 1 root root 18 2011-12-12 21:25 projects -> /home/bob/projects
Great. But now if you try to access http://localhost/projects you’ll get a 403 Forbidden page. This is because Apache isn’t able to see your home directory. A small tweak will fix that.
bob@bob-laptop:~$ chmod o+x ~
Note that this command will allow any other user (of which Apache’s www-data is one) on your system to see the files in your home directory. For me this isn’t an issue as I’m the only user on my system.
Now if you revisit http://localhost/projects you’ll get a directory index instead of a 403 Forbidden page. You can now create files in /home/bob/projects (or whatever your user name is) and Apache will be able to serve them up to your web browser.
Note that because we opted to encrypt the home directory, the /home/bob directory is only mounted when bob logs in. This means that if you boot your system and try to access it over the network without being logged in, you’ll likely get a 403 Forbidden or 404 Page Not Found error for any URL in /projects. Other files can be placed in /var/www/whateveryoulike and will be accessible regardless.
bob@bob-laptop:~/projects$ cat > phpinfo.php <?php phpinfo(); ?>
(press Ctrl-D after typing the phpinfo() line to save the file)
Now if you browse to http://localhost/projects/phpinfo.php you will get the standard PHP Information page.
Using an encrypted database
We’re not so much using an encrypted database as we are moving it onto an encrypted file system. We use the same trick that we used for Apache but we’re doing this for MySQL. Note that while it is possible to have all databases encrypted, you will need to make sure you log on first before you start MySQL. Here I will just encrypt one database:
-- Create a mysql directory in my home dir. bob@bob-laptop:~$ mkdir ~/mysql -- Create a sample mysql database called 'secure' bob@bob-laptop:~$ mysqladmin -uroot -proot create secure -- Stop the mysql service bob@bob-laptop:~$ sudo stop mysql mysql stop/waiting -- Move the newly created 'secure' database to my home dir bob@bob-laptop:~$ sudo mv /var/lib/mysql/secure ~/mysql -- Create a symbolic link for mysql to use bob@bob-laptop:~$ sudo ln -s ~/mysql/secure /var/lib/mysql/secure -- Start mysql again bob@bob-laptop:~$ sudo start mysql mysql start/running, process 2778 -- Now access the database in the new place bob@bob-laptop:~$ mysql -uroot -proot Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 34 Server version: 5.1.49-1ubuntu8.1 (Ubuntu) Copyright (c) 2000, 2010, Oracle and/or its affiliates. All rights reserved. This software comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to modify and redistribute it under the GPL v2 license Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. mysql> use secure; Database changed
No errors – the connection was successful. Again the same thing applies in that you can only access this database while you are logged on.
.htaccess files (optional, but recommended)
Out of the box, Apache won’t read .htaccess files. To enable these permanently for all directories under your /var/www directory (including the project directory), edit the /etc/apache2/sites-enabled/000-default file (as root) and change line 11 to say “AllowOverride All” (instead of None).
mod_rewrite (optional, but recommended)
Also, you may want to enable mod_rewrite as many web applications use this to generate nice looking URL’s.
bob@bob-laptop:~$ sudo a2enmod rewrite bob@bob-laptop:~$ sudo apache2ctl restart
xdebug plugin for PHP
The xdebug plugin gives you nice stack traces and formatted var_dump()s which makes it easier to develop. It also comes with breakpoints, remote debugging and a range of other things. Check out the whole shebang at http://xdebug.org/.
Installation is simple:
bob@bob-laptop:~$ sudo apt-get install php5-xdebug
Restart Apache for the change to take effect (sudo apache2ctl restart).
Enabling display of errors in your browser
By default PHP ships with display_errors = Off. This is a requirement for a production system but it will drive you nuts on a development box. When off, any errors are logged to Apache’s error_log file in /var/log/apache.
To turn it on, edit the file /etc/php5/apache2/php.ini and look for the lines like this:
display_errors = Off display_startup_errors = Off html_errors = Off
And change them all to “On”. Again, restart Apache for the change to take effect (sudo apache2ctl restart).