WAMP likes
XAMPP, they are free tools packaged Apache, MySQL / Maria DB & PHP together. XAMP also has other services / applications such as FileZilla, Mercury & Tomcat and it also can run on Linux & OS-X. While WAMP just runs on Windows. However for Windows' users, I recommend WAMP because it is designed for Windows only, so it has some advanced features for Windows but XAMPP doesn't have, especially it has Windows 64 bits version while XAMPP has only 32 bits version for Windows.
1. Install
To install Wamp 64 bits, you can download it from
wampserver.aviatechno.net. You should install it as
Administrator. You also must install
all Visual C++ redistributable packages (x86 + x64) (32bits + 64bits) for running Wamp 64.
After installing & running, if its system tray icon is green, it's ok. Let choose versions for Apache, PHP & MySQL which you want for your websites.
2. Configure auto start up
For live server, you need to configure Apache & MySQL auto start up when the server restarts.
Go to Windows Services, find wampapache64 & wampmysqld64 services then set them Automatic startup.
Next, right click on Wamp tray icon, select Wamp Settings menu >> select Wampserver Homepage at startup.
3. Enable SSL (HTTPS)
The latest Wamp 64 has already included Open SSL built-in, so you don't need to install Open SSL. Below are steps to enable it for Apache:
- Open httpd.conf file, uncomment the following lines:
LoadModule ssl_module modules/mod_ssl.so
Include conf/extra/httpd-ssl.conf
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
- Open php.ini file, uncomment the following line:
extension=php_openssl.dll
4. Add virtual host for your website
Open httpd-vhosts.conf file and add a virtual host running on HTTP (port 80) for your website, below is an example:
<VirtualHost *:80>
ServerName mydomain.com
ServerAlias www.mydomain.com
DocumentRoot "c:/mywebsites/www.mydomain.com"
<Directory "c:/mywebsites/www.mydomain.com/">
Options Indexes FollowSymLinks
AllowOverride all
Order Deny,Allow
Allow from all
Require all granted
</Directory>
ErrorLog "logs/mydomain.com-error.log"
CustomLog "logs/mydomain.com-access.log" common
Alias /.well-known c:/mywebsites/www.mydomain.com/.well-known
</VirtualHost>
In which, .wellknow folder will be used to store a key to challenge with Let's Encrypt server for creating your free SSL certificate in next step.
To check if you made right syntax, open cmd tool, go to Apache bin folder and run:
5. Create free SSL certificate with Let's Encrypt
Download latest
letsencrypt-win-simple tool from
its release page. Unpack it into a folder, for example:
C:\letsencrypt-win-simple. Open
cmd tool as
Administrator, cd to this folder and run
letsencrypt.exe, its interface will show as below:
Key N then key 4, it will ask you enter host names (domain names) as the following screen:
Let key your domain name, for example: www.mydomain.com, then it will require you enter the root folder containing your website, for example: c:\mywebsites\www.mydomain.com. After that, the tool will do a process to create a key in the folder c:\mywebsites\www.mydomain.com\.well-known\acme-challenge, then challenge with letsencrypt.org to authorize and create certificates. These certificates are in the folder: C:\ProgramData\letsencrypt-win-simple\httpsacme-v01.api.letsencrypt.org. We will use them to create virtual host running on port 443 (HTTPS).
On finishing, the tool will ask you to create a scheduled task running on 9 am every day to renew your certificate automatically when it is used 60 days (30 days before expiry), see the following picture. With this scheduled task, you can sleep well :)
6. Add virtual host HTTPS for your website
Now you are ready to up & run your HTTPS website, let create a virtual host running on port 443 with SSL certificates for it, see the following example:
<VirtualHost *:443>
ServerName mydomain.com
ServerAlias www.mydomain.com
DocumentRoot "c:/mywebsites/www.mydomain.com"
<Directory "c:/mywebsites/www.mydomain.com/">
Options Indexes FollowSymLinks
AllowOverride all
Order Deny,Allow
Allow from all
Require all granted
</Directory>
ErrorLog "logs/mydomain.com-error.log"
CustomLog "logs/mydomain.com-access.log" common
SSLEngine on
SSLCertificateFile "C:/ProgramData/letsencrypt-win-simple/httpsacme-v01.api.letsencrypt.org/www.mydomain.com-crt.pem"
SSLCertificateKeyFile "C:/ProgramData/letsencrypt-win-simple/httpsacme-v01.api.letsencrypt.org/www.mydomain.com-key.pem"
SSLCertificateChainFile "C:/ProgramData/letsencrypt-win-simple/httpsacme-v01.api.letsencrypt.org/ca-<hex code>-crt.pem"
</VirtualHost>
Restart Apache service then check https://www.mydomain.com on a browser (for example Chrome). If it has the symbol https with green, it's ok. Congratulation!
7. Make some securities for Wamp
Remember to restart Wamp's services after configuration 😃
7.1 Hide server info to prevent bad guys mining it
Open httpd-default.conf file, find & change parameters the following:
ServerSignature Off
ServerTokens Prod
7.2 Make sure directories / files outside of the document root (website) are not allowed to access
Open httpd.conf file, check if the content of directory tag is like the following:
<Directory />
Order Deny,Allow
Deny from all
Options None
AllowOverride None
</Directory>
or
<Directory />
AllowOverride none
Require all denied
</Directory>
7.3 Reduce time out to prevent DoS attacks
Open
httpd-default.conf file, find & set the following parameter:
TimeOut 60
You can set it less than, for example 30.
7.4 Set password for MySQL
- Left click Wamp's system tray icon.
- Select MySQL > MySQL console menu.
- Press Enter on the console opened.
- Key SET PASSWORD FOR root@localhost=PASSWORD('your_password'); (change your_password to your private password). They press Enter.
7.5 Change permissions for folders in your website
Normally, I prefer to set all folders in my website to allow Read & Execute permission only except some folders having Write permission. To check what user runs Apache, let open Windows Task Manager and click Details tab, and see in User name column:
It often is SYSTEM user. To remove Write permission, right click on your web root folder >> select Properties menu >> click Security tab >> click Edit button >> select SYSTEM user >> on Write permission row, untick on Allow column, tick Deny column:
If you cannot edit on Allow column, back to your web root folder >> select Properties menu >> click Security tab >> click Advanced button >> click Disable inheritance button on SYSTEM user having Full control access inheriting from parent folder. Then you can edit in above step.
For folders which you need to write (upload), just enable Write permission for SYSTEM user on those folders.
That's all for tonight. Bye and see you next post. Any comment is welcome!
Good night!
on debug player. Stopping the debugger doesn't stop the app, it is still running until you press Ctrl+C in terminal.
