Pages: Previous12
Current Page: 2 of 2
Re: php.exe loading
Posted by: Otomatic (Moderator)
Date: March 30, 2020 04:16PM

Hi,

> 3.2.1 will come - this will be about some user friendly update
Yes. What it is said about wampserver 3.2.0 update :
Quote

Updates only "Wampmanager", does not add any Apache PHP, MySQL or MariaDB versions. It is a cumulative update. It is not necessary to apply the old updates 3.0.1 to 3.1.9 before applying 3.2.0. There will be no changes to your Apache, PHP, MySQL, MariaDB settings and versions used; your local sites and databases will not be affected. This update is necessary to install the latest Apache, PHP, MySQL or MariaDB addons.
It will be the same for Wampserver 3.2.1 update.

> apache ssl:
It's not too much my field and my skills are quite limited in this area. Nevertheless, I can answer a few questions:

> 1, Apache listen port only 80 as I am not sure if 2 values (80+443) are ok.
The Apache documentation on this subject specifies that you need both VirtualHost, one on port 80 and the other on port 443.
We can read in the file wamp64/bin/apache/apache2.4.41/conf/extra/httpd-ssl.conf
# This is the Apache server configuration file providing SSL support.
# When we also provide SSL we have to listen to the
# standard HTTP port and to the HTTPS port

> 2, vhost for web.site:80 with permanent redirect to https:// web.site
It's not mandatory.

> 3, vhost for web.site:443 where among others paths to certificates are set
To avoid, as they say in my house, mixing wipes and towels, the VirtualHost port 80 are defined in the httpd-vhosts.conf file and the VirtualHost https port 443 are defined in the httpd-ssl.conf file.

For all intents and purposes, here's my own procedure for using https ssl locally; it's probably not the best way to do it, but it works. This is an English translation from my French procedure, and there might be some misunderstandings.
---------------------
-- Explained procedure for wampserver installed in e:\wamp and for apache 2.4.41
Modify the paths and version according to your installation
Note: This procedure works from Apache 2.4.27 to Apache 2.4.41 in 32 and 64 bit

-- Wampserver must be stopped, so services must be stopped.

-- Modification of file e:\wamp\bin\apache\apache2.4.41\conf\httpd.conf
Replace
# Secure (SSL/TLS) connections
#Include conf/extra/httpd-ssl.conf
#
# Note: The following must must be present to support
#       starting without SSL on platforms with no /dev/random equivalent
#       but a statically compiled-in mod_ssl.
#
<IfModule ssl_module>
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
</IfModule>
by
# Secure (SSL/TLS) connections
# Note: The following must must be present to support
#       starting without SSL on platforms with no /dev/random equivalent
#       but a statically compiled-in mod_ssl.
#
<IfModule ssl_module>
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
Include conf/extra/httpd-ssl.conf
</IfModule>
In this way, the conf/extra/httpd-ssl.conf file will only be loaded if the module ssl_module is enabled.

To activate https SSL, you must load both modules in httpd.conf:
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
LoadModule ssl_module modules/mod_ssl.so
The loading of these modules will only be activated after completing the entire key creation procedure and ensuring that the VirtualHost works correctly in httpd port 80.

-- Replacement of the e:\wamp\bin\apache\apache2.4.41\conf\extra\httpd-ssl.conf file
To obtain information, read the comments in the original file.
Afterwards, you can review the information that will still be in the original file:
e:\wamp\bin\apache\apache2.4.41\conf\original\extra\httpd-ssl.conf
which has not been modified.

Replace the contents of the e:\wamp\bin\apache\apache2.4.41\conf\extra\httpd-ssl.conf file with :
#
# This is the Apache server configuration file providing SSL support.
# When we also provide SSL we have to listen to the
# standard HTTP port and to the HTTPS port
#
Listen 0.0.0.0:443 https
Listen [::0]:443 https

#   SSL Cipher Suite:
SSLCipherSuite HIGH:!RSA:!RC4:!3DES:!DES:!IDEA:!MD5:!aNULL:!eNULL:!EXP
SSLHonorCipherOrder on
SSLCompression      off
SSLSessionTickets   on
#   SSL Protocol support:
SSLProtocol all -SSLv2 -TLSv1 -TLSv1.1 -SSLv3
#   Pass Phrase Dialog:
SSLPassPhraseDialog  builtin
#   Inter-Process Session Cache:
SSLSessionCache  "shmcb:${INSTALL_DIR}/logs/ssl_scache(512000)"
SSLSessionCacheTimeout  300

##
## SSL Virtual Host Context
##

Define SERVERNAMEVHOSTSSL MYSITEname
Define DOCUMENTROOTVHOSTSSL MYSITEdocumentRoot
Define ADMINVHOSTSSL MYSITEemail
<VirtualHost *:443>
	ServerName ${SERVERNAMEVHOSTSSL}
  DocumentRoot "${DOCUMENTROOTVHOSTSSL}"
  ServerAdmin ${ADMINVHOSTSSL}
	ErrorLog "${INSTALL_DIR}/logs/error.log"
	TransferLog "${INSTALL_DIR}/logs/access.log"
	SSLEngine on
	SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
	SSLCertificateFile      "${SRVROOT}/conf/Certs/Site/${SERVERNAMEVHOSTSSL}.crt"
	SSLCertificateKeyFile   "${SRVROOT}/conf/Certs/Site/${SERVERNAMEVHOSTSSL}.key"
	SSLCACertificateFile    "${SRVROOT}/conf/Certs/Cacerts/Certificat.crt"
#
	SSLVerifyClient none
	SSLVerifyDepth  10

	<Directory "${DOCUMENTROOTVHOSTSSL}/">
		Options +Indexes +Includes +FollowSymLinks +MultiViews
		AllowOverride all
		Require local
	</Directory>
	<FilesMatch "\.(cgi|shtml|phtml|php)$">
		SSLOptions +StdEnvVars
	</FilesMatch>

	BrowserMatch "MSIE [2-5]" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
	CustomLog "${INSTALL_DIR}/logs/custom.log" "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
# End of SSL Virtual Host Context - To be repeated for another SSL VirtualHost

# Do not remove these lines UnDefine
UnDefine SERVERNAMEVHOSTSSL
UnDefine DOCUMENTROOTVHOSTSSL
UnDefine ADMINVHOSTSSL
You must modify all the lines where there is MYSITE to put your own data and parameters.
The VirtualHost must already exist and be valid in http port 80, so exist in the file :
e:\wamp\bin\apache\apache2.4.41\conf\extra\httpd-vhosts.conf


-- Replace all the contents of the file e:\wamp\bin\apache\apache2.4.41\conf\openssl.cnf
by
#============ openssl.cnf =============#
[ ca ]
default_ca = CA_default

[ CA_default ]
dir              = ./Certs
certs            = $dir/Cacerts
new_certs_dir    = $dir/NewCerts
private_dir      = $dir/Private
database         = $dir/Other/index.txt
serial           = $dir/Other/serial.txt
certificate      = $certs/Certificat.crt
private_key      = $private_dir/Certificat.key
RANDFILE         = $private_dir/Certificat.rnd
default_days     = 1830
default_crl_days = 30
default_md       = md5
preserve         = no
policy           = policy_anything

[ policy_match ]
countryName            = match
stateOrProvinceName    = match
localityName           = match
organizationName       = optional
organizationalUnitName = optional
commonName             = supplied
emailAddress           = optional

[ policy_anything ]
countryName             = optional
stateOrProvinceName     = optional
localityName            = optional
organizationName        = optional
organizationalUnitName  = optional
commonName              = supplied
emailAddress            = optional

[ req ]
default_bits       = 4096
default_keyfile    = privkey.pem
distinguished_name = req_distinguished_name
attributes         = req_attributes

#===========================#
[ req_distinguished_name ]
countryName                    = Country Name (2 letter code)
countryName_default            = FR
countryName_min                = 2
countryName_max                = 2
stateOrProvinceName            = State or Province Name (full name)
stateOrProvinceName_default    = Ile de France
localityName                   = Locality Name (eg, city)
localityName_default           = Paris
0.organizationName             = Organization Name (eg, company)
0.organizationName_default     = Otomatic & Cie
organizationalUnitName         = Organizational Unit Name (eg, section)
organizationalUnitName_default =
commonName                     = Common Name (eg, your website’s domain name)
commonName_max                 = 64
emailAddress                   = Email Address
emailAddress_default           = webmaster@aviatechno.net
emailAddress_max               = 40

[ req_attributes ]
challengePassword     = A challenge password
challengePassword_min = 4
challengePassword_max = 20

#===========================#
[ x509v3_extensions ]
basicConstraints=CA:TRUE
nsComment			= "OpenSSL Generated Certificate"
# PKIX recommendations harmless if included in all certificates.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer
#===========================#
[ v3_req ]
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
#===========================#
[ v3_ca ]
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer
basicConstraints = CA:true

Open a "as administrator" command window
And in this window type the following lines.
You can copy/paste in blocks of several lines.
Never close the command window before the procedure is completed, otherwise the environment variables previously declared by set would be lost.
Rem Wampserver installation variables
Rem To be modified according to your installation
set installdir=e:\wamp
set apachever=2.4.41
Rem
Rem Vérification et création éventuelle des dossiers
cd /D %installdir%\bin\apache\apache%apachever%\conf
if not exist Certs md Certs
cd Certs
if not exist Private md Private
if not exist Cacerts md Cacerts
if not exist Server md Server
if not exist Site md Site
cd..
cd..
cd bin

Rem We are in the folder %installdir%\bin\apache\apache%apachever%\bin
Rem Declaration of variables - Imperative
set openssl_conf=%installdir%\bin\apache\apache%apachever%\conf\openssl.cnf
set DIRCERTS=%installdir%\bin\apache\apache%apachever%\conf\Certs
Rem +-+-+-+-+-+-+-+ Creation of the self-signed certificate +-+-+-+-+-+
Rem 1- Generation of a random number. (Seed 1351 can be replaced)
openssl rand -out %DIRCERTS%/Private/Certificat.rnd -base64 1351
Rem 2- RSA private key.
openssl genrsa -out %DIRCERTS%/Private/Certificat.key -rand %DIRCERTS%/Private/Certificat.rnd 4096
Rem 3- Request for signature.
Rem /C=FR : Country -- /ST=Ile de France : State or region -- /L=Paris : Town
Rem /O=Otomatic & Cie : Organisation -- /CN=Otomatic & Cie : Division
openssl req -new -sha256 -key %DIRCERTS%/Private/Certificat.key -out %DIRCERTS%/Cacerts/Certificat.csr -subj "/C=FR/ST=Ile de France/L=Paris/O=Otomatic & Cie/CN=Otomatic & Cie"
Rem 4- Self-signed certificate.
openssl x509 -req -days 1830 -sha256 -in %DIRCERTS%/Cacerts/Certificat.csr -signkey %DIRCERTS%/Private/Certificat.key -out %DIRCERTS%/Cacerts/Certificat.crt
Rem 5- Public key extraction.
openssl rsa -in %DIRCERTS%/Private/Certificat.key -pubout -out %DIRCERTS%/Private/Certificat.pbc
Rem +-+-+-+-+ End of the creation of the self-signed certificate +-+-+-+-+

Rem +-+-+-+-+-+-++ Certificates and server keys for a local site +-+-+-+-+-+
Rem 6- ServerName of the local site for which you want the keys
set SERVLOCAL=aviatechno
Rem 7- Random number (Different seed - 1677 may be changed)
openssl rand -out %DIRCERTS%/Server/Server.rnd -base64 1677
Rem 8- Private RSA key.
openssl genrsa -out %DIRCERTS%/Server/Server.key -rand %DIRCERTS%/Server/Server.rnd 4096
Rem 9- Signing request for ServerName certificate
Rem /C=FR : Country -- /ST=Ile de France : State or region -- /L=Paris : Town
Rem /O=Otomatic & Cie : Organisation -- /CN=name of the local site
openssl req -new -sha256 -key %DIRCERTS%/Server/Server.key -out %DIRCERTS%/Server/Server.csr -subj "/C=FR/ST=Ile de France/L=Paris/O=Otomatic & Cie/CN=%SERVLOCAL%"
Rem 10- Signature request for server certificate.
openssl x509 -req -days 4383 -sha256 -in %DIRCERTS%/Server/Server.csr -CA %DIRCERTS%/Cacerts/Certificat.crt -CAkey %DIRCERTS%/Private/Certificat.key -CAcreateserial -out %DIRCERTS%/Server/Server.crt
Rem 11- Client certificate.
Rem Nota : A password will be requested unless final option is -password pass:MyPass
openssl pkcs12 -nodes -export -in %DIRCERTS%/Server/Server.crt -inkey %DIRCERTS%/Server/Server.key -out %DIRCERTS%/Server/Server.pfx -clcerts -descert -name "Client %SERVLOCAL% Certificate" -password pass:MyPass
Rem 12- Copy of keys
copy %DIRCERTS%\Server\Server.crt %DIRCERTS%\Site\%SERVLOCAL%.crt
del %DIRCERTS%\Server\Server.crt
copy %DIRCERTS%\Server\Server.key %DIRCERTS%\Site\%SERVLOCAL%.key
del %DIRCERTS%\Server\Server.key

- For another local site, only repeat from 6 to 12 by changing the ServerName SERVLOCAL
The command window must be positioned on the wamp/bin/apache/apache/apache2.4.41/bin/ folder and it is imperative to create the environment variables (Change path and version if necessary) before running commands 6 to 12
set installdir=e:\wamp
set apachever=2.4.41
set openssl_conf=%installdir%\bin\apache\apache%apachever%\conf\openssl.cnf
set DIRCERTS=%installdir%\bin\apache\apache%apachever%\conf\Certs

That's where my skills end.

------------------------------------------------------------------------------------------------------------
Wampserver 3.2.10 32 bit - Apache 2.4.54 - PHP 8.2.0…5.6.40 - MySQL 5.7.39 - MariaDB 10.5.13/10.6.5
Wampserver 3.2.10 64 bit - Apache 2.4.54 - PHP 8.2.0…5.6.40 - MySQL 5.7.39/8.0.30 - MariaDB 10.5.17/10.9.2
PhPMyadmin 5.2.0 - MysqlDumper 1.24.5
on W10 and W7 Pro 64 bit
Documentation Apache - Documentation PHP - Documentation MySQL - Wampserver install files & addons
« Ce n'est pas parce qu'ils sont nombreux à avoir tort, qu'ils ont forcément raison. Coluche »
« It's not because they are many to be wrong, they are necessarily right. Coluche »



Edited 1 time(s). Last edit at 03/30/2020 04:18PM by Otomatic.

Options: ReplyQuote
Re: php.exe loading
Posted by: meror (---.client.rionet.cz)
Date: March 30, 2020 05:45PM

Thank you very much for all the examples and comments.

I went through it carefully and I have to say I did almost the same in my case. You define port 443 in httpd-ssl same way as I do. Still it looks like Wamp tray doenst reflect this.

I want to keep port 80 in httpd as I am still having some basic pages running in http mode.
On the other hand, it would be nice to specify 443 as listen port for Apache as well, because if I understand correctly the users accessing my web running on SSL still must first contact my Apache on port 80 and Apache redirect them to 443 vhost. It would be nice if users contact server directly on 443 if possible, but I am not sure if this is how the browser process users requests because when you navigate to any website you dont specify https:// at the beginning - you only write the address like google dot com and your browser automatically loads secure webpage - and here your browser doesnt know if the requested destination runs http on 80 or https on 443 or both or if there are redirects...

I am talking about this as my another thinking was about once I move all vhosts to "secure version only" under ssl + 443 port, I will then close port 80 on router/server and only a way to reach server will be through port 443.
Still I dont know if this is good idea in case port 80 will not listen on that server - if users will then not get Not Found etc although there will be valid webpage running but only on 443 port.
I will have to try all scenarios for this case.

However, back to Apache a bit - Apache listen port set to 80 in httpd.
Also httpd-ssl not commented in httpd file.

Httpd-ssl loaded properly (verified while input nonsense string into httpd-ssl and Apache wont start).
Inside httpd-ssl Listen 443 not commented.

Still Wamp Tray showing warning under Virtualhost list for 443 vhost saying Apache listen port is not 443.

Looks like GUI not taking 443 port into consideration as not part of httpd config and only present in httpd-ssl file.

I dont care much - as long as ssl web works this is only cosmetic, but maybe you consider some change somewhere and GUI will reflect also port settings elsewhere than only in httpd if my idea is correct.

I found out I can also change Apache listen port from 80 to different using Tray icon and Tools Menu - but I believe the popup expect only one number so I didnt hassle with this field the way like trying to input e.g.
"80,443"
and also I expect the value input here is then written into httpd and not into httpd-ssl as correct location for ssl settings incl. port number for ssl.

Am I correct?

Options: ReplyQuote
Re: php.exe loading
Posted by: Otomatic (Moderator)
Date: March 30, 2020 07:00PM

Hi,

What you would like in Wampmanager (GUI) is far too complicated to integrate in the near future. This is due to the original design of Wampserver which I have already redesigned a lot and spent a lot of time removing multiple warts.

For the moment:
- the Listen for all ports, except port 443, are in httpd.conf and, for ports other than 80, must only be added by the built-in tool "Add a Listen port for Apache" otherwise Wampmanager will not recognize them as Listen ports.

- Listen port 443 must not be in httpd.conf

- VirtualHost port 443 must not be in httpd.conf

But nothing prevents to put them in a xxxx.conf file called by an include in httpd.conf.
Moreover, by using independent include files for your own Listen, VirtualHost, ssl or other, you separate the original part from the personal part which makes it much easier to change Apache versions.

------------------------------------------------------------------------------------------------------------
Wampserver 3.2.10 32 bit - Apache 2.4.54 - PHP 8.2.0…5.6.40 - MySQL 5.7.39 - MariaDB 10.5.13/10.6.5
Wampserver 3.2.10 64 bit - Apache 2.4.54 - PHP 8.2.0…5.6.40 - MySQL 5.7.39/8.0.30 - MariaDB 10.5.17/10.9.2
PhPMyadmin 5.2.0 - MysqlDumper 1.24.5
on W10 and W7 Pro 64 bit
Documentation Apache - Documentation PHP - Documentation MySQL - Wampserver install files & addons
« Ce n'est pas parce qu'ils sont nombreux à avoir tort, qu'ils ont forcément raison. Coluche »
« It's not because they are many to be wrong, they are necessarily right. Coluche »

Options: ReplyQuote
Pages: Previous12
Current Page: 2 of 2


Sorry, only registered users may post in this forum.