Tag: ssl

Recompile PHP, IMAP-SSL, and Apache for MAMP 1.9

Finally figured how to compile things on my Mac to support IMAP-SSL.  MAMP does not have this compiled in by default.  Since I want to do local development without having to upload to a Linux server to test every single time, getting MAMP to support IMAP-SSL was critical.
IMAP-SSL is used for things like Gmail access.

It was not easy to compile PHP5.3.2 on MAMP. First of all, you need to download httpd2.0.63 and PHP5.3.2. (I’m using MAMP 1.9 and Mac OSX 10.6.2)

STEP 1: Backup original MAMP

Backup your MAMP Applicaiton first in case things go wrong.
It is in /Application/MAMP

STEP 2: Download source files

Download software packages and save in a “source download” folder somewhere (I used ~/src/)

  • HTTPD-2.0.63
  • PHP-5.3.2  (http://php.net/downloads.php)

STEP 3: Build apache httpd

This step is needed to provide MAMP some build & include files from Apache httpd.
(http://zuzara.com/blog/2010/04/08/compiling-php5-3-2-on-mamp/)

% tar jxvf httpd-2.0.63.tar.bz2
% cd httpd-2.0.63

Now you need to edit srclib/apr/include/apr.h like “#define APR_HAS_SENDFILE 0″ after run configure because get an error.

./configure \
--prefix=/tmp/httpd-2.0.63 \
--with-php \
--with-mysql \
--enable-rewrite \
--enable-speling \
--enable-ssl \
--enable-deflate \
--enable-mods-shared=all \
--with-included-apr \
--enable-so \
--enable-proxy \
--enable-proxy_connect \
--enable-proxy_ftp \
--enable-echo \
--enable-file_cache \
--enable-mem_cache \
--enable-bucketeer \
--enable-cache \
--enable-case_filter \
--enable-case_filter_in \
--enable-cgid \
--enable-charset_lite \
--enable-disk_cache \
--enable-example

The configuration settings enable the default modules that MAMP builds into their application. This will let you use the MAMP interface to turn on/off the various modules as needed (because MAMP UI controls HTTPD.CONF file).

% make
% make install
% cd /tmp/httpd-2.0.63
% cp -r build /Application/MAMP/Library/
% cp -r include /Application/MAMP/Library/
% cp -r modules/mod_* /Applications/MAMP/Library/modules/

STEP 4: Build PHP-5.3.2

Step 4a

% tar jxvf php-5.3.2
% cd php-5.3.2

The below configuration file uses a combination of MAMP-specific folders (/Applications/MAMP/) and Apple-provided files (/usr/).
For those that decide to use DarwinPorts to get some components, these will be located in (/opt/local/).  This is a way to avoid having to go to different websites to download specific modules.

My previous MAMP version was 1.8.? and had a PHP configuration for T1LIB (–with-t1lib=/Applications/MAMP/Library).  I removed T1LIB b/c not installed on MACOSX.

./configure \
--prefix=/Applications/MAMP/bin/php5.3 \
--exec-prefix=/Applications/MAMP/bin/php5.3 \
--sysconfdir=/Applications/MAMP/conf/php5.3 \
--with-config-file-path=/Applications/MAMP/conf/php5.3 \
--mandir=/usr/share/man \
--infodir=/usr/share/info \
--with-apxs2=/Applications/MAMP/Library/bin/apxs \
--enable-cli \
--with-libxml-dir=/Applications/MAMP/Library \
--with-openssl=/usr \
--with-kerberos=/usr \
--with-zlib=/usr \
--enable-bcmath \
--with-bz2=/usr \
--enable-calendar \
--with-curl=/Applications/MAMP/Library \
--enable-exif \
--enable-ftp \
--with-gd \
--with-jpeg-dir=/usr/local/libjpeg \
--with-png-dir=/usr/local/libpng \
--enable-gd-native-ttf \
--with-ldap=/usr \
--with-ldap-sasl=/usr \
--enable-mbstring=all \
--enable-mbregex \
--with-mysql=mysqlnd \
--with-mysqli=mysqlnd \
--with-pdo-mysql=mysqlnd \
--with-mysql-sock=/tmp/mysql.sock \
--with-iodbc=/usr \
--enable-shmop \
--with-snmp=/usr \
--enable-soap \
--enable-sockets \
--enable-sysvmsg \
--enable-sysvsem \
--enable-sysvshm \
--with-xmlrpc \
--with-iconv-dir=/usr \
--with-xsl=/usr \
--with-pcre-regex \
--with-imap \
--with-imap-ssl \
--with-mcrypt \
--with-mhash \
--with-freetype-dir=/usr/X11 \
--enable-zend-multibyte \
--with-gettext \
--disable-debug

Step 4b

NOTE: You may need to install some packages before compile PHP for some components that are not included.
You can use DarwinPorts, or download individually.

Manual method ==> http://www.teamonetickets.com/software/howto-setup-php-apache-mysql-dev-environment-on-snow-leopard.html
MacPorts method ==> http://zuzara.com/blog/2010/04/08/compiling-php5-3-2-on-mamp/

Instructions for JPEG & PNG missing files (http://www.bill.eccles.net/bills_words/2010/01/building-a-mac-os-x-server-106.html)

libjpeg, libpng, libmcrypt, IMAP c-client, libintl, gettext, libxml

Step 4c

Now, we need to work around a bug with inconv linking. Luckily, Apple provides a patch. Either copy the text of that patch and save it as a file or download it here.

curl -O http://www.teamonetickets.com/software/iconv.patch
patch -p1 < iconv.patch

Step 4d

Now that iconv will link properly, continue with our make.

% make -j3
% make install

Step 4e

After you have finished making PHP, it should have copied LIBPHP5.SO to your “apache” location.
libphp5.so is located where you set –prefix for apache.
It’s needed to copy to /Applications/MAMP/Library/modules.

SIDE NOTE: May need to build IMAP-SSL individually.

I am not sure if this step was needed, but I also compiled a separate IMAP.SO module (which may already be build during the PHP build).
Compile IMAP first    (http://www.activecollab.com/forums/topic/5844/)

cd imap-2007e/
make osx EXTRACFLAGS="-arch i386 -arch x86_64 -g -Os -pipe -no-cpp-precomp"
sudo cp c-client/*.h /opt/local/include/
sudo cp c-client/*.c /opt/local/lib/
sudo cp c-client/c-client.a /opt/local/lib/libc-client.a

Reroute to MAMP directory

sudo cp c-client/*.h /opt/local/include/
sudo cp c-client/*.c /opt/local/lib/
sudo cp c-client/c-client.a /opt/local/lib/libc-client.a

An alternate method is to go into PHP source file into ext/imap/ and then you can compile just the module.
Use below to CONFIGURE custom IMAP.SO compile

./configure --with-php-config=/Applications/MAMP/bin/php5.3/bin/php-config --with-imap=/usr/local --with-kerberos --with-imap-ssl=/usr

Reference Links

Original IMAP-SSL problem on MAMP
http://www.vargatron.com/2009/03/imap-ssl-with-mamp/

http://www.activecollab.com/forums/topic/5844/
http://www.teamonetickets.com/software/howto-setup-php-apache-mysql-dev-environment-on-snow-leopard.html
http://adylitica.com/2009/11/24/installing-amp-apache-mysql-php-on-mac-os-x-10-6-snow-leopard/
http://php5-imap.darwinports.com/
http://joshhuckabee.com/compiling-php5-imap-support-os-x-leopard
http://www.davidgolding.net/cakephp/upgrading-php-in-mamp.html
http://zuzara.com/blog/2010/04/08/compiling-php5-3-2-on-mamp/
http://diymacserver.com/installing-php/compiling-php-in-64-bits-mode-on-leopard/


Getting SSL to work with MAMP Pro

This is a re-post of a blog entry from Rocketwerx

You would think this would be really easy, but it turns out that there’s no clear documentation on how to get MAMP Pro to work with SSL. Here’s the steps I went through that allowed me to get this working and even automatically enabled via the MAMP Pro GUI.

Setting it all up

First things first, you have to tell the MAMP Pro that you want the SSL configuration to start up when you start the servers. For this you have to use a little trick my buddy David Lewis told me about. In the GUI, under the Servers tab, hold down Option when you click the Apache tab. This will display a new hidden checkbox called SSL, now you can just enable this checkbox and it will trigger the SSL “If” blocks in the apache config.

Enable SSL in MAMP Pro GUI

Next, you need to switch your MAMP to use the regular HTTP port. By default the port under Server / General is configured with the default port of 8888. This needs to be a port under 1024, eg 80, for MAMP to run under a privileged account so the default SSL port of 443 can properly bind. Once you have these GUI changes made, it’s time to get down and dirty in the terminal.

Fire up your terminal of choice, mine is still iTerm even though the Terminal in leopard is much improved. Now you will need to navigate to MAMP’s apache configuration directory and make a couple of directories for your SSL certificate and key:

1.$ cd /Applications/MAMP/conf/apache
2.$ mkdir ssl_crt
3.$ mkdir ssl_key

Now your going to have to create a temporary testing SSL certificate:

1.$ openssl req -new -x509 -keyout /Applications/MAMP/conf/apache/ssl_key/server.key -out /Applications/MAMP/conf/apache/ssl_crt/server.crt -subj '/CN=Test-Only Certificate'

My openssl configuration required me to put in a passphrase during this process, but I didn’t want to have to enter that manually from the terminal everytime, so I removed the passphrase with this command:

1.$ cd /Applications/MAMP/conf/apache/ssl_key
2.$ openssl rsa -in server.key -out server.key

The existing MAMP ssl.conf file already points to these files so we are all good there, the last step I had to do was to update my SSL Document Root to point to the site I was testing with SSL. To do that just open up the ssl.conf file:

1.$ vi /Applications/MAMP/conf/apache/ssl.conf

And then you Edit the DocumentRoot path to point to the location of your site.

That should be it! Just stop and start your servers in the MAMP Pro GUI, and you should be prompted for a username/password. Just enter the data for a priveledged account and your server should start up with both HTTP and HTTPS enabled. Just point your browser to your local mamp install: https://localhost and you should see the default page from your SSL document Root

Possible Issues

The most common problem you are going to have with this procedure is the apache server not starting when you click the start button in the MAMP Pro GUI. There are several reasons this could happen, but the most likely is that you already have something else running that is listening on either port 80 or port 443. If you open up the Console from your Applications / Utilities folder, and look in the Console Messages window you should get a summary of what happened when MAMP tried to start up. An existing application already using a port typically shows up with something along the lines of:

1.8/11/08 11:18:12 AM [0x0-0x23023].de.living-e.mamppro[177] (48)Address already in use: make_sock: could not bind to address  [::]:80

First you should make sure you don’t have Web Sharing enabled in your System Preferences. This enables Leopard’s built in apache which runs on port 80 by default. If you already have that disabled you can track down the application using this port by typing the following command in the terminal:

1.$ sudo lsof -i :80

The port usages will be displayed, and you want to look for the COMMAND that is set to LISTEN on port 80:

01.COMMAND    PID USER   FD   TYPE     DEVICE SIZE/OFF NODE NAME
02.FileSyncA  569 rhuk   10u  IPv4 0x1a711270      0t0  TCP 10.0.1.199:50076->idisk.mac.com:http (CLOSED)
03.Safari     710 rhuk    6u  IPv4 0x18a6066c      0t0  TCP 10.0.1.199:50239->myskitch.com:http (CLOSE_WAIT)
04.httpd     1223 rhuk    3u  IPv6 0x1622fd90      0t0  TCP *:http (LISTEN)
05.httpd     1225 rhuk    3u  IPv6 0x1622fd90      0t0  TCP *:http (LISTEN)
06.httpd     1226 rhuk    3u  IPv6 0x1622fd90      0t0  TCP *:http (LISTEN)
07.httpd     1227 rhuk    3u  IPv6 0x1622fd90      0t0  TCP *:http (LISTEN)
08.httpd     1228 rhuk    3u  IPv6 0x1622fd90      0t0  TCP *:http (LISTEN)
09.httpd     1271 rhuk    3u  IPv6 0x1622fd90      0t0  TCP *:http (LISTEN)
10.httpd     1272 rhuk    3u  IPv6 0x1622fd90      0t0  TCP *:http (LISTEN)
11.httpd     1274 rhuk    3u  IPv6 0x1622fd90      0t0  TCP *:http (LISTEN)
12.httpd     1275 rhuk    3u  IPv6 0x1622fd90      0t0  TCP *:http (LISTEN)
13.httpd     1276 rhuk    3u  IPv6 0x1622fd90      0t0  TCP *:http (LISTEN)
14.httpd     1277 rhuk    3u  IPv6 0x1622fd90      0t0  TCP *:http (LISTEN)
15.PubSubAge 1350 rhuk    8u  IPv4 0x18a61e64      0t0  TCP 10.0.1.199:50171->idisk.mac.com:http (CLOSE_WAIT)

In this example the process called httpd is listening on this port already.


UPDATE:

Also, if you are using MAMP, it appears some ROOT CERTIFICATES are not available, causing CURL+PHP+SSL to not work.

Generate your own crt:

  1. ) Download: http://www.gknw.net/php/phpscripts/mk-ca-bundle.phps to c:\
  2. ) Open cmd and run: c:>php mk-ca-bundle.php
  3. ) Output should read: Downloading ‘certdata.txt’ …Done (140 CA certs processed).
  4. ) This file should be created: c:\ca-bundle.crt
  5. ) Move c:\ca-bundle.crt to php-sdk\src
  6. ) In example.php after instantiating the Facebook object,
    add Facebook::$CURL_OPTS[CURLOPT_CAINFO] = ‘path\to\php-sdk\src\ca-bundle.crt’;

Copyright 2009-2010 ZeroInverse.com