Web server installation guide on Windows: Apache, PHP, MariaDB and phpMyAdmin. How to provide local web server security

Table of contents

1. Web server on a computer

2. What does a web server consist of

3. Download a web server for Windows

4. Installing a web server in Windows

5. Installing Apache 2.4 in Windows

6. Installing MariaDB on Windows

7. Installing PHP on Windows

8. Installing phpMyAdmin on Windows

9. How to secure a web server on Windows

10. Conclusion


If you are interested in installing Apache, PHP, MySQL and phpMyAdmin on Windows, then see this manual.

Web server on a computer

A web server on your computer is a very convenient way to work with web applications for any purpose:

  • testing new CMS and other programs
  • writing and debugging PHP scripts
  • organization of your own working environment (various useful programs running on a web server – organizers, aggregators)
  • organization of local network resources (file sharers, chat rooms, streaming video and other services for all devices in an apartment)
  • creation of a laboratory (training in penetration testing with special vulnerable web applications)

What does a web server consist of

In most cases, the server includes four main components:

  • Apache is the web server itself, which processes incoming requests from users and send them back pages of a web sites. Without additional modules, Apache is mainly intended for displaying static pages in which there are no changes on the server side.
  • PHP is an environment for running PHP scripts. PHP scripts allow you to create highly functional websites, dynamic web applications, save data to a database and request data from there.
  • MariaDB is a database management system. To make it easier to understand – this is the database in which all the information is stored. Until recently, MySQL was probably the most popular DBMS. As for MariaDB, it is based on MySQL, but with some modifications. If you are wondering what the difference is, then see the details here. If MySQL is the requirement for an application, then MariaDB is also suitable, as they are compatible with each other.
  • phpMyAdmin is an example web application that runs on PHP. With phpMyAdmin, you can view databases, create new databases and tables, populate and delete them, make backup copies of databases and restore from backups. phpMyAdmin is very popular, so many consider it part of the web server

I will show installation of the server on the example of Windows 10.

Download a web server for Windows

Download Apache

To download Apache for Windows, go to: apachelounge.com/download/. Choose Win64 or Win32 version (the first for 64-bit systems, and the second for 32-bit). On the same page, download C++ Redistributable Visual Studio 2017: vc_redist_x64 or vc_redist_x86. It contains the necessary libraries for the web server, since Apache for Windows was compiled in Visual Studio 2017. By the way, C++ Redistributable Visual Studio 2017 is also needed for the PHP interpreter and MariaDB.

Install the downloaded vc_redist – we will not return to it.

Download PHP

To download PHP for Windows, go to windows.php.net/download/. There select the file VC15 x64 Thread Safe or VC15 x86 Thread Safe. Note: you need to download the Zip file (and not the Debug Pack).

Download MariaDB

To download MariaDB for Windows, go to downloads.mariadb.org. There, click on the green button of the latest release. On the page that opens, find a file that looks like mariadb-xx.x.xx-winx64.zip or mariadb-xx.x.xx-win32.zip. When you click on the file, another page will open, there simply find and click the button that says ‘No thanks, just take me to the download’.

Download phpMyAdmin

Download phpMyAdmin from phpmyadmin.net. There, find the button with the word Download.

Installing a web server in Windows

Create a directory structure of our server. The main idea is to separate executable files from data files. This is convenient for server maintenance, including backup.

In the root of the C:\ drive, create the Server directory. In this directory, create two subdirectories: bin (for executable files) and data.

Go to the data directory and there create subfolders DB (for databases) and htdocs (for sites).

Installing Apache 2.4 in Windows

From the httpd-x.x.xx-win64-VC15.zip archive with the downloaded web server, unpack the Apache24 folder to the C:\Server\bin\ directory.

In the C:\Server\bin\Apache24\conf\ folder, open the httpd.conf file with a text editor. This is the main Apache configuration file – all the settings we will do in it. Lines that begin with # are comments and the server does not pay attention to them.

To install the correct server root folder, find the string

Define SRVROOT "c:/Apache24"

and replace it with

Define SRVROOT "c:/Server/bin/Apache24"

Scrolling through the list of modules. It is a list of all available extensions (plug-ins) of the server. Those that are commented out are disabled. To enable them, remove the # sign at the beginning of the line.

To begin with, I recommend to include only mod_rewrite. For this line

#LoadModule rewrite_module modules/mod_rewrite.so

change to

LoadModule rewrite_module modules/mod_rewrite.so

Find the line

#ServerName www.example.com:80

and change to

ServerName localhost

This directive sets the server name, which does not affect anything. But if you do not register this name, then a warning will be displayed (that there is no name) – this confuses some users, as they take this message as an error.

Find the following rows

DocumentRoot "${SRVROOT}/htdocs"
<Directory "${SRVROOT}/htdocs">

and replace them with

DocumentRoot "c:/Server/data/htdocs/"
<Directory "c:/Server/data/htdocs/">

In short, DocumentRoot is the main directory where all the virtual hosts and site files will be placed. And Directory in this case sets the settings of the primary host (if necessary, you can create several virtual hosts with different settings).

Just below find the lines (comments are provided for orientation):

# AllowOverride controls what directives may be placed in .htaccess files.
# It can be "All", "None", or any combination of the keywords:
#   AllowOverride FileInfo AuthConfig Limit
#
AllowOverride None

And replace with (only the last line changes):

# AllowOverride controls what directives may be placed in .htaccess files.
# It can be "All", "None", or any combination of the keywords:
#   AllowOverride FileInfo AuthConfig Limit
#
AllowOverride All

With this setting we have enabled support for the .htaccess file. It is needed for mod_rewrite and other features. Using the .htaccess file, you can deny access to a specific folder and change some server settings at the folder level.

Find the line

DirectoryIndex index.html

and change to

DirectoryIndex index.php index.html index.htm

Save the configuration file.

Now open the Windows command line, to do this, press the Win+x keys and select Windows PowerShell (Admin) there:

In the opened window, copy the commands to install and start Apache (after entering each command, press ENTER):

c:\Server\bin\Apache24\bin\httpd.exe -k install
c:\Server\bin\Apache24\bin\httpd.exe -k start

Open http://localhost/ in your web browser.

The web server is working, but there is not a single file in the document folder.

Add to the C:\Server\data\htdocs\ folder HTML files, for example the file hello.htm with the following contents:

<!DOCTYPE HTML>
<html>
<head>
<meta charset="utf-8">
<title>My first file on my web server</title>
</head>
<body>
<p>Hurray, the web server is working! It's time to learn HTML!</p>
</body>
</html>

Open http://localhost/ again and you will see your file:

I think you got the point – in the C:\Server\data\htdocs\ folder place your HTML files and sites. In C:\Server\data\htdocs\ you can make subfolders of any nesting level, they will be available at addresses like http://localhost/subfolder.

Installing MariaDB on Windows

Next we configure and launch MariaDB. Begin by unpacking the contents of the mariadb-xx.x.x-winx64.zip archive into the C:\Server\bin\ folder. Rename new folder to mariadb. It turns out that MariaDB is located on the disk in the C:\Server\bin\mariadb\ folder.

Move the C:\Server\bin\mariadb\data\ folder to the C:\Server\data\DB\ folder.

In the C:\Server\bin\mariadb\ folder create the my.cnf file and copy into it:

[mysqld]
 
datadir="c:/Server/data/DB/data/"
bind-address = 127.0.0.1

Save and close this file.

To install and start the service run the commands:

C:\Server\bin\mariadb\bin\mysqld --install
net start mysql

Installing PHP on Windows

To install and connect PHP to Apache on Windows, in the c:\Server\bin\ folder, create a PHP subfolder and copy the contents of the php-x.x.xx-Win32-VC15-x64.zip archive into it.

In the C:\Server\bin\PHP\ directory find the php.ini-development file and rename it to php.ini, then open it with a text editor.

In this file, find the line

;extension_dir = "ext"

and replace it with:

extension_dir = "C:\Server\bin\PHP\ext\"

Now find the lines that begin with ;extension=:

;extension=bz2
;extension=curl
;extension=fileinfo
;extension=gd2
;extension=gettext
;extension=gmp
;extension=intl
;extension=imap
;extension=interbase
;extension=ldap
;extension=mbstring
;extension=exif ; Must be after mbstring as it depends on it
;extension=mysqli
;extension=oci8_12c ; Use with Oracle Database 12c Instant Client
;extension=odbc
;extension=openssl
;extension=pdo_firebird
;extension=pdo_mysql
;extension=pdo_oci
;extension=pdo_odbc
;extension=pdo_pgsql
;extension=pdo_sqlite
;extension=pgsql
;extension=shmop

Uncomment the extensions you need. I recommend activating extensions that are almost certainly needed (just replace the previous lines in the configuration file with the following):

extension=bz2
;extension=curl
extension=fileinfo
extension=gd2
extension=gettext
extension=gmp
;extension=intl
;extension=imap
;extension=interbase
;extension=ldap
extension=mbstring
extension=exif ; Must be after mbstring as it depends on it
extension=mysqli
;extension=oci8_12c ; Use with Oracle Database 12c Instant Client
extension=odbc
extension=openssl
;extension=pdo_firebird
extension=pdo_mysql
;extension=pdo_oci
;extension=pdo_odbc
;extension=pdo_pgsql
extension=pdo_sqlite
;extension=pgsql
;extension=shmop

Also uncomment the lines (except one):

;extension=soap
;extension=sockets
;extension=sodium
;extension=sqlite3
;extension=tidy
;extension=xmlrpc
;extension=xsl

It turns out:

extension=soap
extension=sockets
;extension=sodium
extension=sqlite3
extension=tidy
extension=xmlrpc
extension=xsl

Save and close this file.

Now we need to enable PHP in Apache. To do this, in the file c:\Server\bin\Apache24\conf\httpd.conf, add the lines to the very end:

PHPIniDir "C:/Server/bin/PHP"
AddHandler application/x-httpd-php .php
LoadModule php7_module "C:/Server/bin/PHP/php7apache2_4.dll"

Save and close the file.

After that, restart Apache on the command line:

c:\Server\bin\Apache24\bin\httpd.exe -k restart

To verify that PHP works in Windows, in the directory c:\Server\data\htdocs\ create a file called i.php

Copy to this file:

<?php
phpinfo ();

In your browser, open the http://localhost/i.php link. If you see a similar page, it means that PHP is properly configured and successfully works with Apache on Windows:

Installing phpMyAdmin on Windows

In the directory c:\Server\data\htdocs\ copy the contents of the archive phpMyAdmin-x.x.x-all-languages.zip. Rename the resulting folder to phpMyAdmin, it turns out that phpMyAdmin is located in the C:\Server\data\htdocs\phpMyAdmin\ directory.

In this folder, create a config.inc.php file with a text editor and copy to this file:

<?php
 
/* Servers configuration */
$i = 0;
 
/* Server: localhost [1] */
$i++;
$cfg['Servers'][$i]['verbose'] = '';
$cfg['Servers'][$i]['host'] = 'localhost';
$cfg['Servers'][$i]['port'] = '';
$cfg['Servers'][$i]['socket'] = '';
$cfg['Servers'][$i]['connect_type'] = 'tcp';
$cfg['Servers'][$i]['extension'] = 'mysqli';
$cfg['Servers'][$i]['auth_type'] = 'cookie';
$cfg['Servers'][$i]['user'] = 'root';
$cfg['Servers'][$i]['password'] = '';
$cfg['Servers'][$i]['nopassword'] = true;
$cfg['Servers'][$i]['AllowNoPassword'] = true;
 
/* End of servers configuration */ 
$cfg['blowfish_secret'] = 'kjLGJ8g;Hj3mlHy+Gd~FE3mN{gIATs^1lX+T=KVYv{ubK*U0V';
$cfg['DefaultLang'] = 'ru';
$cfg['ServerDefault'] = 1;
$cfg['UploadDir'] = '';
$cfg['SaveDir'] = '';

Save and close this file.

To access phpMyAdmin, go to http://localhost/phpMyAdmin/, enter root as the user name, leave the password field empty:

The message below is shown:

The phpMyAdmin configuration storage is not completely configured, some extended features have been deactivated. Find out why.
Or alternately go to 'Operations' tab of any database to set it up there.

To learn more, go to http://localhost/phpMyAdmin/chk_rel.php:

It will be written there:

Configuration of pmadb… not OK
General relation features Disabled
Create a database named 'phpmyadmin' and setup the phpMyAdmin configuration storage there.

To fix the problem, it is enough to create the required database, to do this, just go to http://localhost/phpMyAdmin/chk_rel.php?db=&goto=db_operations.php&create_pmadb=1

How to secure a web server on Windows

After starting the server it will not be superfluous to take care of its security. Network service carries an increased risk because other devices and people can connect to it, including attackers. Under certain conditions, not only the web server can be compromised, but the entire computer on which this server is running and even other devices on the local network can be compromised. Since Apache works with elevated privileges in Windows and file permissions are not properly configured, a web server with a vulnerable script could allow an attacker to access any file on the computer.

Denying access from outside to MariaDB/MySQL

A standard web server, including the one we just installed, has two network services:

  • the web server itself, which listens on port 80 (when HTTPS is enabled, port 443 is also listened)
  • network service of database management system, that is, MariaDB or MySQL, which listens on port 3306

The DBMS is a network service, it is convenient because you can connect to MariaDB/MySQL from another computer and perform various actions on the databases. For local processes, this is also normal – they connect to the network service using the virtual network interface Loopback. To say short, this is the way to connect to a network service that runs on the same computer. That is, we seem to make a request to the network, and the network service sees these packets as if they came from the network. That is, the network service client and the network service itself work as they should, but the traffic actually does not go anywhere from the computer.

So, for MariaDB we wrote in the configuration file:

bind-address = 127.0.0.1

This means that it only listens on the network interface with IP address 127.0.0.1, which is related to Loopback. This, in turn, means that no one from outside (outside the computer that the web server is running on) will be able to connect to MariaDB/MySQL. At the same time, sites and other applications will work with databases as if nothing had happened – they just use such connections to the address 127.0.0.1.

That is, MariaDB is already protected.

Denying access from outside to Apache

As for the web server, the setting here depends on your needs – what exactly is the server for?

If you use the server only for writing scripts, testing sites and you do not need to be able to connect to it from outside, then in the file C:\Server\bin\Apache24\conf\httpd.conf, find the Listen directive, its default value is:

Listen 80

And replace it with

Listen 127.0.0.1:80

Restart the server for the changes to take effect:

c:\Server\bin\Apache24\bin\httpd.exe -k restart

After that, no device in the global or local network will be able to connect to your web server. But as before, you can easily open its contents in a web browser using the address http://localhost/

If you want to make the Apache server available to everyone on the local network, but not available on the global network, then there are two options.

  • The first:

Assign a static address to the computer with the server, and then set it with the Listen local_IP:80 directive. It turns out exactly the effect that is needed: the web server will respond to requests from the local network and will ignore requests from the Internet. For details on setting up static IP, see the article “How to make a web-server on Windows accessible to others.

  • Also, the second way is simpler than the first:

In the C:\Server\data\htdocs\ folder (this is our root folder for web documents), create a .htaccess file and type in:

Require ip 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 127.0.0.0/8 ::1/128

This line allowed access to the server for devices with IP from all local ranges, as well as loopback addresses, for all others, when you try to connect to the server, the following message will be displayed:

Forbidden
You don't have permission to access / on this server.

You can edit the above line for your needs, for example, you can remove the ranges 10.0.0.0/8 and 172.16.0.0/12 if they are not used on your local network. The IP addresses from 10.0.0.0/8 can be used by the Internet provider for NAT, and 172.16.0.0/12 can be used for local area networks at the city level (some providers have them). Therefore, if you leave the ranges 10.0.0.0/8 and 172.16.0.0/12, then under certain circumstances (the cable of the Internet provider is directly connected to the computer without a router, and the Internet provider uses the ranges 10.0.0.0/8 and 172.16.0.0/12) users of these local networks will be able to connect to your server with these settings.

So also try

Require ip 192.168.0.0/16 127.0.0.0/8 ::1/128

If everything works and there are no problems, then stop at the second version.

Setting a password on MariaDB / MySQL

By default, the root user has an empty password. Since we have disabled access to the MariaDB/MySQL server from outside, this is not so dangerous. However, the threat remains that the attacker will find a vulnerability in the web application and be able to connect through it. Therefore, if you wish to harden your web server, you can set a password for the root user in MariaDB/MySQL.

To do this, open the command line, enter:

cd C:\Server\bin\mariadb\bin\
.\mysql -u root

Inside MySQL:

FLUSH PRIVILEGES;
ALTER USER 'root'@'localhost' IDENTIFIED BY 'new_password';
exit;

Replace new_password with your actual password.

Conclusion

In this manual, we learned how to install and configure a web server on Windows, got acquainted with the basic principles of its work. We also learned what needs to be done to make the web server more secure for the main system.

Recommended for you:

Leave a Reply

Your email address will not be published.

Please consider supporting this blog

Love the stuff I create? Please consider donating to help things rolling faster! miloserdov.org/?p=1460