WampServer
Apache, PHP, MySQL
on Windows
Re: php.exe loading
Posted by:
Otomatic
(Moderator)
Date: March 30, 2020 04:16PM
Hi,
> 3.2.1 will come - this will be about some user friendly update
Yes. What it is said about wampserver 3.2.0 update :
> apache ssl:
It's not too much my field and my skills are quite limited in this area. Nevertheless, I can answer a few questions:
> 1, Apache listen port only 80 as I am not sure if 2 values (80+443) are ok.
The Apache documentation on this subject specifies that you need both VirtualHost, one on port 80 and the other on port 443.
We can read in the file wamp64/bin/apache/apache2.4.41/conf/extra/httpd-ssl.conf
> 2, vhost for web.site:80 with permanent redirect to https:// web.site
It's not mandatory.
> 3, vhost for web.site:443 where among others paths to certificates are set
To avoid, as they say in my house, mixing wipes and towels, the VirtualHost port 80 are defined in the httpd-vhosts.conf file and the VirtualHost https port 443 are defined in the httpd-ssl.conf file.
For all intents and purposes, here's my own procedure for using https ssl locally; it's probably not the best way to do it, but it works. This is an English translation from my French procedure, and there might be some misunderstandings.
---------------------
-- Explained procedure for wampserver installed in e:\wamp and for apache 2.4.41
Modify the paths and version according to your installation
Note: This procedure works from Apache 2.4.27 to Apache 2.4.41 in 32 and 64 bit
-- Wampserver must be stopped, so services must be stopped.
-- Modification of file e:\wamp\bin\apache\apache2.4.41\conf\httpd.conf
Replace
To activate https SSL, you must load both modules in httpd.conf:
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
LoadModule ssl_module modules/mod_ssl.so
The loading of these modules will only be activated after completing the entire key creation procedure and ensuring that the VirtualHost works correctly in httpd port 80.
-- Replacement of the e:\wamp\bin\apache\apache2.4.41\conf\extra\httpd-ssl.conf file
To obtain information, read the comments in the original file.
Afterwards, you can review the information that will still be in the original file:
e:\wamp\bin\apache\apache2.4.41\conf\original\extra\httpd-ssl.conf
which has not been modified.
Replace the contents of the e:\wamp\bin\apache\apache2.4.41\conf\extra\httpd-ssl.conf file with :
The VirtualHost must already exist and be valid in http port 80, so exist in the file :
e:\wamp\bin\apache\apache2.4.41\conf\extra\httpd-vhosts.conf
-- Replace all the contents of the file e:\wamp\bin\apache\apache2.4.41\conf\openssl.cnf
by
Open a "as administrator" command window
And in this window type the following lines.
You can copy/paste in blocks of several lines.
Never close the command window before the procedure is completed, otherwise the environment variables previously declared by set would be lost.
- For another local site, only repeat from 6 to 12 by changing the ServerName SERVLOCAL
The command window must be positioned on the wamp/bin/apache/apache/apache2.4.41/bin/ folder and it is imperative to create the environment variables (Change path and version if necessary) before running commands 6 to 12
That's where my skills end.
---------------------------------------------------------------
Documentation Apache - Documentation PHP - Documentation MySQL - Wampserver install files & addons
Edited 1 time(s). Last edit at 03/30/2020 04:18PM by Otomatic.
> 3.2.1 will come - this will be about some user friendly update
Yes. What it is said about wampserver 3.2.0 update :
It will be the same for Wampserver 3.2.1 update.Quote
Updates only "Wampmanager", does not add any Apache PHP, MySQL or MariaDB versions. It is a cumulative update. It is not necessary to apply the old updates 3.0.1 to 3.1.9 before applying 3.2.0. There will be no changes to your Apache, PHP, MySQL, MariaDB settings and versions used; your local sites and databases will not be affected. This update is necessary to install the latest Apache, PHP, MySQL or MariaDB addons.
> apache ssl:
It's not too much my field and my skills are quite limited in this area. Nevertheless, I can answer a few questions:
> 1, Apache listen port only 80 as I am not sure if 2 values (80+443) are ok.
The Apache documentation on this subject specifies that you need both VirtualHost, one on port 80 and the other on port 443.
We can read in the file wamp64/bin/apache/apache2.4.41/conf/extra/httpd-ssl.conf
# This is the Apache server configuration file providing SSL support. # When we also provide SSL we have to listen to the # standard HTTP port and to the HTTPS port
> 2, vhost for web.site:80 with permanent redirect to https:// web.site
It's not mandatory.
> 3, vhost for web.site:443 where among others paths to certificates are set
To avoid, as they say in my house, mixing wipes and towels, the VirtualHost port 80 are defined in the httpd-vhosts.conf file and the VirtualHost https port 443 are defined in the httpd-ssl.conf file.
For all intents and purposes, here's my own procedure for using https ssl locally; it's probably not the best way to do it, but it works. This is an English translation from my French procedure, and there might be some misunderstandings.
---------------------
-- Explained procedure for wampserver installed in e:\wamp and for apache 2.4.41
Modify the paths and version according to your installation
Note: This procedure works from Apache 2.4.27 to Apache 2.4.41 in 32 and 64 bit
-- Wampserver must be stopped, so services must be stopped.
-- Modification of file e:\wamp\bin\apache\apache2.4.41\conf\httpd.conf
Replace
# Secure (SSL/TLS) connections #Include conf/extra/httpd-ssl.conf # # Note: The following must must be present to support # starting without SSL on platforms with no /dev/random equivalent # but a statically compiled-in mod_ssl. # <IfModule ssl_module> SSLRandomSeed startup builtin SSLRandomSeed connect builtin </IfModule>by
# Secure (SSL/TLS) connections # Note: The following must must be present to support # starting without SSL on platforms with no /dev/random equivalent # but a statically compiled-in mod_ssl. # <IfModule ssl_module> SSLRandomSeed startup builtin SSLRandomSeed connect builtin Include conf/extra/httpd-ssl.conf </IfModule>In this way, the conf/extra/httpd-ssl.conf file will only be loaded if the module ssl_module is enabled.
To activate https SSL, you must load both modules in httpd.conf:
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
LoadModule ssl_module modules/mod_ssl.so
The loading of these modules will only be activated after completing the entire key creation procedure and ensuring that the VirtualHost works correctly in httpd port 80.
-- Replacement of the e:\wamp\bin\apache\apache2.4.41\conf\extra\httpd-ssl.conf file
To obtain information, read the comments in the original file.
Afterwards, you can review the information that will still be in the original file:
e:\wamp\bin\apache\apache2.4.41\conf\original\extra\httpd-ssl.conf
which has not been modified.
Replace the contents of the e:\wamp\bin\apache\apache2.4.41\conf\extra\httpd-ssl.conf file with :
#
# This is the Apache server configuration file providing SSL support.
# When we also provide SSL we have to listen to the
# standard HTTP port and to the HTTPS port
#
Listen 0.0.0.0:443 https
Listen [::0]:443 https
# SSL Cipher Suite:
SSLCipherSuite HIGH:!RSA:!RC4:!3DES:!DES:!IDEA:!MD5:!aNULL:!eNULL:!EXP
SSLHonorCipherOrder on
SSLCompression off
SSLSessionTickets on
# SSL Protocol support:
SSLProtocol all -SSLv2 -TLSv1 -TLSv1.1 -SSLv3
# Pass Phrase Dialog:
SSLPassPhraseDialog builtin
# Inter-Process Session Cache:
SSLSessionCache "shmcb:${INSTALL_DIR}/logs/ssl_scache(512000)"
SSLSessionCacheTimeout 300
##
## SSL Virtual Host Context
##
Define SERVERNAMEVHOSTSSL MYSITEname
Define DOCUMENTROOTVHOSTSSL MYSITEdocumentRoot
Define ADMINVHOSTSSL MYSITEemail
<VirtualHost *:443>
ServerName ${SERVERNAMEVHOSTSSL}
DocumentRoot "${DOCUMENTROOTVHOSTSSL}"
ServerAdmin ${ADMINVHOSTSSL}
ErrorLog "${INSTALL_DIR}/logs/error.log"
TransferLog "${INSTALL_DIR}/logs/access.log"
SSLEngine on
SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
SSLCertificateFile "${SRVROOT}/conf/Certs/Site/${SERVERNAMEVHOSTSSL}.crt"
SSLCertificateKeyFile "${SRVROOT}/conf/Certs/Site/${SERVERNAMEVHOSTSSL}.key"
SSLCACertificateFile "${SRVROOT}/conf/Certs/Cacerts/Certificat.crt"
#
SSLVerifyClient none
SSLVerifyDepth 10
<Directory "${DOCUMENTROOTVHOSTSSL}/">
Options +Indexes +Includes +FollowSymLinks +MultiViews
AllowOverride all
Require local
</Directory>
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
BrowserMatch "MSIE [2-5]" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
CustomLog "${INSTALL_DIR}/logs/custom.log" "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
# End of SSL Virtual Host Context - To be repeated for another SSL VirtualHost
# Do not remove these lines UnDefine
UnDefine SERVERNAMEVHOSTSSL
UnDefine DOCUMENTROOTVHOSTSSL
UnDefine ADMINVHOSTSSL
You must modify all the lines where there is MYSITE to put your own data and parameters.The VirtualHost must already exist and be valid in http port 80, so exist in the file :
e:\wamp\bin\apache\apache2.4.41\conf\extra\httpd-vhosts.conf
-- Replace all the contents of the file e:\wamp\bin\apache\apache2.4.41\conf\openssl.cnf
by
#============ openssl.cnf =============# [ ca ] default_ca = CA_default [ CA_default ] dir = ./Certs certs = $dir/Cacerts new_certs_dir = $dir/NewCerts private_dir = $dir/Private database = $dir/Other/index.txt serial = $dir/Other/serial.txt certificate = $certs/Certificat.crt private_key = $private_dir/Certificat.key RANDFILE = $private_dir/Certificat.rnd default_days = 1830 default_crl_days = 30 default_md = md5 preserve = no policy = policy_anything [ policy_match ] countryName = match stateOrProvinceName = match localityName = match organizationName = optional organizationalUnitName = optional commonName = supplied emailAddress = optional [ policy_anything ] countryName = optional stateOrProvinceName = optional localityName = optional organizationName = optional organizationalUnitName = optional commonName = supplied emailAddress = optional [ req ] default_bits = 4096 default_keyfile = privkey.pem distinguished_name = req_distinguished_name attributes = req_attributes #===========================# [ req_distinguished_name ] countryName = Country Name (2 letter code) countryName_default = FR countryName_min = 2 countryName_max = 2 stateOrProvinceName = State or Province Name (full name) stateOrProvinceName_default = Ile de France localityName = Locality Name (eg, city) localityName_default = Paris 0.organizationName = Organization Name (eg, company) 0.organizationName_default = Otomatic & Cie organizationalUnitName = Organizational Unit Name (eg, section) organizationalUnitName_default = commonName = Common Name (eg, your website’s domain name) commonName_max = 64 emailAddress = Email Address emailAddress_default = webmaster@aviatechno.net emailAddress_max = 40 [ req_attributes ] challengePassword = A challenge password challengePassword_min = 4 challengePassword_max = 20 #===========================# [ x509v3_extensions ] basicConstraints=CA:TRUE nsComment = "OpenSSL Generated Certificate" # PKIX recommendations harmless if included in all certificates. subjectKeyIdentifier=hash authorityKeyIdentifier=keyid,issuer #===========================# [ v3_req ] basicConstraints = CA:FALSE keyUsage = nonRepudiation, digitalSignature, keyEncipherment #===========================# [ v3_ca ] subjectKeyIdentifier=hash authorityKeyIdentifier=keyid:always,issuer basicConstraints = CA:true
Open a "as administrator" command window
And in this window type the following lines.
You can copy/paste in blocks of several lines.
Never close the command window before the procedure is completed, otherwise the environment variables previously declared by set would be lost.
Rem Wampserver installation variables Rem To be modified according to your installation set installdir=e:\wamp set apachever=2.4.41 Rem Rem Vérification et création éventuelle des dossiers cd /D %installdir%\bin\apache\apache%apachever%\conf if not exist Certs md Certs cd Certs if not exist Private md Private if not exist Cacerts md Cacerts if not exist Server md Server if not exist Site md Site cd.. cd.. cd bin
Rem We are in the folder %installdir%\bin\apache\apache%apachever%\bin Rem Declaration of variables - Imperative set openssl_conf=%installdir%\bin\apache\apache%apachever%\conf\openssl.cnf set DIRCERTS=%installdir%\bin\apache\apache%apachever%\conf\Certs Rem +-+-+-+-+-+-+-+ Creation of the self-signed certificate +-+-+-+-+-+ Rem 1- Generation of a random number. (Seed 1351 can be replaced) openssl rand -out %DIRCERTS%/Private/Certificat.rnd -base64 1351 Rem 2- RSA private key. openssl genrsa -out %DIRCERTS%/Private/Certificat.key -rand %DIRCERTS%/Private/Certificat.rnd 4096 Rem 3- Request for signature. Rem /C=FR : Country -- /ST=Ile de France : State or region -- /L=Paris : Town Rem /O=Otomatic & Cie : Organisation -- /CN=Otomatic & Cie : Division openssl req -new -sha256 -key %DIRCERTS%/Private/Certificat.key -out %DIRCERTS%/Cacerts/Certificat.csr -subj "/C=FR/ST=Ile de France/L=Paris/O=Otomatic & Cie/CN=Otomatic & Cie" Rem 4- Self-signed certificate. openssl x509 -req -days 1830 -sha256 -in %DIRCERTS%/Cacerts/Certificat.csr -signkey %DIRCERTS%/Private/Certificat.key -out %DIRCERTS%/Cacerts/Certificat.crt Rem 5- Public key extraction. openssl rsa -in %DIRCERTS%/Private/Certificat.key -pubout -out %DIRCERTS%/Private/Certificat.pbc Rem +-+-+-+-+ End of the creation of the self-signed certificate +-+-+-+-+
Rem +-+-+-+-+-+-++ Certificates and server keys for a local site +-+-+-+-+-+ Rem 6- ServerName of the local site for which you want the keys set SERVLOCAL=aviatechno Rem 7- Random number (Different seed - 1677 may be changed) openssl rand -out %DIRCERTS%/Server/Server.rnd -base64 1677 Rem 8- Private RSA key. openssl genrsa -out %DIRCERTS%/Server/Server.key -rand %DIRCERTS%/Server/Server.rnd 4096 Rem 9- Signing request for ServerName certificate Rem /C=FR : Country -- /ST=Ile de France : State or region -- /L=Paris : Town Rem /O=Otomatic & Cie : Organisation -- /CN=name of the local site openssl req -new -sha256 -key %DIRCERTS%/Server/Server.key -out %DIRCERTS%/Server/Server.csr -subj "/C=FR/ST=Ile de France/L=Paris/O=Otomatic & Cie/CN=%SERVLOCAL%" Rem 10- Signature request for server certificate. openssl x509 -req -days 4383 -sha256 -in %DIRCERTS%/Server/Server.csr -CA %DIRCERTS%/Cacerts/Certificat.crt -CAkey %DIRCERTS%/Private/Certificat.key -CAcreateserial -out %DIRCERTS%/Server/Server.crt Rem 11- Client certificate. Rem Nota : A password will be requested unless final option is -password pass:MyPass openssl pkcs12 -nodes -export -in %DIRCERTS%/Server/Server.crt -inkey %DIRCERTS%/Server/Server.key -out %DIRCERTS%/Server/Server.pfx -clcerts -descert -name "Client %SERVLOCAL% Certificate" -password pass:MyPass Rem 12- Copy of keys copy %DIRCERTS%\Server\Server.crt %DIRCERTS%\Site\%SERVLOCAL%.crt del %DIRCERTS%\Server\Server.crt copy %DIRCERTS%\Server\Server.key %DIRCERTS%\Site\%SERVLOCAL%.key del %DIRCERTS%\Server\Server.key
- For another local site, only repeat from 6 to 12 by changing the ServerName SERVLOCAL
The command window must be positioned on the wamp/bin/apache/apache/apache2.4.41/bin/ folder and it is imperative to create the environment variables (Change path and version if necessary) before running commands 6 to 12
set installdir=e:\wamp set apachever=2.4.41 set openssl_conf=%installdir%\bin\apache\apache%apachever%\conf\openssl.cnf set DIRCERTS=%installdir%\bin\apache\apache%apachever%\conf\Certs
That's where my skills end.
---------------------------------------------------------------
Documentation Apache - Documentation PHP - Documentation MySQL - Wampserver install files & addons
Edited 1 time(s). Last edit at 03/30/2020 04:18PM by Otomatic.
Re: php.exe loading
Posted by:
meror
(---.client.rionet.cz)
Date: March 30, 2020 05:45PM
Thank you very much for all the examples and comments.
I went through it carefully and I have to say I did almost the same in my case. You define port 443 in httpd-ssl same way as I do. Still it looks like Wamp tray doenst reflect this.
I want to keep port 80 in httpd as I am still having some basic pages running in http mode.
On the other hand, it would be nice to specify 443 as listen port for Apache as well, because if I understand correctly the users accessing my web running on SSL still must first contact my Apache on port 80 and Apache redirect them to 443 vhost. It would be nice if users contact server directly on 443 if possible, but I am not sure if this is how the browser process users requests because when you navigate to any website you dont specify https:// at the beginning - you only write the address like google dot com and your browser automatically loads secure webpage - and here your browser doesnt know if the requested destination runs http on 80 or https on 443 or both or if there are redirects...
I am talking about this as my another thinking was about once I move all vhosts to "secure version only" under ssl + 443 port, I will then close port 80 on router/server and only a way to reach server will be through port 443.
Still I dont know if this is good idea in case port 80 will not listen on that server - if users will then not get Not Found etc although there will be valid webpage running but only on 443 port.
I will have to try all scenarios for this case.
However, back to Apache a bit - Apache listen port set to 80 in httpd.
Also httpd-ssl not commented in httpd file.
Httpd-ssl loaded properly (verified while input nonsense string into httpd-ssl and Apache wont start).
Inside httpd-ssl Listen 443 not commented.
Still Wamp Tray showing warning under Virtualhost list for 443 vhost saying Apache listen port is not 443.
Looks like GUI not taking 443 port into consideration as not part of httpd config and only present in httpd-ssl file.
I dont care much - as long as ssl web works this is only cosmetic, but maybe you consider some change somewhere and GUI will reflect also port settings elsewhere than only in httpd if my idea is correct.
I found out I can also change Apache listen port from 80 to different using Tray icon and Tools Menu - but I believe the popup expect only one number so I didnt hassle with this field the way like trying to input e.g.
"80,443"
and also I expect the value input here is then written into httpd and not into httpd-ssl as correct location for ssl settings incl. port number for ssl.
Am I correct?
I went through it carefully and I have to say I did almost the same in my case. You define port 443 in httpd-ssl same way as I do. Still it looks like Wamp tray doenst reflect this.
I want to keep port 80 in httpd as I am still having some basic pages running in http mode.
On the other hand, it would be nice to specify 443 as listen port for Apache as well, because if I understand correctly the users accessing my web running on SSL still must first contact my Apache on port 80 and Apache redirect them to 443 vhost. It would be nice if users contact server directly on 443 if possible, but I am not sure if this is how the browser process users requests because when you navigate to any website you dont specify https:// at the beginning - you only write the address like google dot com and your browser automatically loads secure webpage - and here your browser doesnt know if the requested destination runs http on 80 or https on 443 or both or if there are redirects...
I am talking about this as my another thinking was about once I move all vhosts to "secure version only" under ssl + 443 port, I will then close port 80 on router/server and only a way to reach server will be through port 443.
Still I dont know if this is good idea in case port 80 will not listen on that server - if users will then not get Not Found etc although there will be valid webpage running but only on 443 port.
I will have to try all scenarios for this case.
However, back to Apache a bit - Apache listen port set to 80 in httpd.
Also httpd-ssl not commented in httpd file.
Httpd-ssl loaded properly (verified while input nonsense string into httpd-ssl and Apache wont start).
Inside httpd-ssl Listen 443 not commented.
Still Wamp Tray showing warning under Virtualhost list for 443 vhost saying Apache listen port is not 443.
Looks like GUI not taking 443 port into consideration as not part of httpd config and only present in httpd-ssl file.
I dont care much - as long as ssl web works this is only cosmetic, but maybe you consider some change somewhere and GUI will reflect also port settings elsewhere than only in httpd if my idea is correct.
I found out I can also change Apache listen port from 80 to different using Tray icon and Tools Menu - but I believe the popup expect only one number so I didnt hassle with this field the way like trying to input e.g.
"80,443"
and also I expect the value input here is then written into httpd and not into httpd-ssl as correct location for ssl settings incl. port number for ssl.
Am I correct?
Re: php.exe loading
Posted by:
Otomatic
(Moderator)
Date: March 30, 2020 07:00PM
Hi,
What you would like in Wampmanager (GUI) is far too complicated to integrate in the near future. This is due to the original design of Wampserver which I have already redesigned a lot and spent a lot of time removing multiple warts.
For the moment:
- the Listen for all ports, except port 443, are in httpd.conf and, for ports other than 80, must only be added by the built-in tool "Add a Listen port for Apache" otherwise Wampmanager will not recognize them as Listen ports.
- Listen port 443 must not be in httpd.conf
- VirtualHost port 443 must not be in httpd.conf
But nothing prevents to put them in a xxxx.conf file called by an include in httpd.conf.
Moreover, by using independent include files for your own Listen, VirtualHost, ssl or other, you separate the original part from the personal part which makes it much easier to change Apache versions.
---------------------------------------------------------------
Documentation Apache - Documentation PHP - Documentation MySQL - Wampserver install files & addons
What you would like in Wampmanager (GUI) is far too complicated to integrate in the near future. This is due to the original design of Wampserver which I have already redesigned a lot and spent a lot of time removing multiple warts.
For the moment:
- the Listen for all ports, except port 443, are in httpd.conf and, for ports other than 80, must only be added by the built-in tool "Add a Listen port for Apache" otherwise Wampmanager will not recognize them as Listen ports.
- Listen port 443 must not be in httpd.conf
- VirtualHost port 443 must not be in httpd.conf
But nothing prevents to put them in a xxxx.conf file called by an include in httpd.conf.
Moreover, by using independent include files for your own Listen, VirtualHost, ssl or other, you separate the original part from the personal part which makes it much easier to change Apache versions.
---------------------------------------------------------------
Documentation Apache - Documentation PHP - Documentation MySQL - Wampserver install files & addons
Sorry, only registered users may post in this forum.
