Borrowed from Echo & Co.'s excellent tutorial with alterations to support Apache 2.4.
Install MySQL with Homebrew:
brew install -v mysql
Copy the default my-default.cnf file to the MySQL Homebrew Cellar directory where it will be loaded on application start:
cp -v $(brew --prefix mysql)/support-files/my-default.cnf $(brew --prefix)/etc/my.cnf
This will configure MySQL to allow for the maximum packet size, only appropriate for a local or development server. Also, we'll keep each InnoDB table in separate files to keep ibdataN-type file sizes low and make file-based backups, like Time Machine, easier to manage multiple small files instead of a few large InnoDB data files. This is the first of many multi-line single commands. The following is a single, multi-line command; copy and paste the entire block at once:
cat >> $(brew --prefix)/etc/my.cnf <<'EOF'
max_allowed_packet = 1073741824
innodb_file_per_table = 1
EOF
Uncomment the sample option for innodb_buffer_pool_size to improve performance:
sed -i '' 's/^#[[:space:]]*\(innodb_buffer_pool_size\)/\1/' $(brew --prefix)/etc/my.cnf
Now we need to start MySQL using OS X's launchd. This used to be an involved process with launchctl commands, but now we can leverage the excellent brew services command:
brew tap homebrew/services
brew services start mysql
By default, MySQL's root user has an empty password from any connection. You are advised to run mysql_secure_installation and at least set a password for the root user:
$(brew --prefix mysql)/bin/mysql_secure_installation
Start by stopping the built-in Apache, if it's running, and prevent it from starting on boot. This is one of very few times you'll need to use sudo:
sudo launchctl unload /System/Library/LaunchDaemons/org.apache.httpd.plist 2>/dev/null
The formula for building Apache is not in the default Homebrew repository that you get by installing Homebrew. While we can use the format of brew install external-repo/formula, if an external formula relies on another external formula, you have to use the brew tap command first. I know, it's weird. So, we need to tap homebrew-dupes because "homebrew-apache/httpd24" relies on "homebrew-dupes/zlib". Whew:
brew tap homebrew/dupes
Onward! Let's install Apache 2.4 with the event MPM, and we'll use Homebrew's OpenSSL library since it's more up-to-date than OS X's:
brew install -v homebrew/apache/httpd24 --with-brewed-openssl --with-mpm-event
In order to get Apache and PHP to communicate via PHP-FPM, we'll install the mod_fastcgi module:
brew install -v homebrew/apache/mod_fastcgi --with-brewed-httpd24
To prevent any potential problems with previous mod_fastcgi setups, let's remove all references to the mod_fastcgi module (we'll re-add the new version later):
sed -i '' '/fastcgi_module/d' $(brew --prefix)/etc/apache2/2.4/httpd.conf
Add the logic for Apache to send PHP to PHP-FPM with mod_fastcgi, and reference that we'll want to use the file /Sites/apache/httpd-vhosts.conf to configure our VirtualHosts. The parenthesis are used to run the command in a subprocess, so that the exported variables don't persist in your terminal session afterwards. Also, you'll see " or a literal export USERHOME a few times in this guide; I look up the full path for your user home directory from the operating system wherever a full path is needed in a configuration file and "$HOME would not work.
This is all one command, so copy and paste the entire code block at once:
(export USERHOME=$(dscl . -read /Users/`whoami` NFSHomeDirectory | awk -F"\: " '{print $2}') ; export MODFASTCGIPREFIX=$(brew --prefix mod_fastcgi) ; cat >> $(brew --prefix)/etc/apache2/2.4/httpd.conf <<EOF
# Load PHP-FPM via mod_fastcgi
LoadModule fastcgi_module ${MODFASTCGIPREFIX}/libexec/mod_fastcgi.so
<IfModule fastcgi_module>
FastCgiConfig -maxClassProcesses 1 -idle-timeout 1500
# Prevent accessing FastCGI alias paths directly
<LocationMatch "^/fastcgi">
<IfModule mod_authz_core.c>
Require env REDIRECT_STATUS
</IfModule>
</LocationMatch>
FastCgiExternalServer /php-fpm -host 127.0.0.1:9000 -pass-header Authorization -idle-timeout 1500
ScriptAlias /fastcgiphp /php-fpm
Action php-fastcgi /fastcgiphp
# Send PHP extensions to PHP-FPM
AddHandler php-fastcgi .php
# PHP options
AddType text/html .php
AddType application/x-httpd-php .php
DirectoryIndex index.php index.html
</IfModule>
# Include our VirtualHosts
Include ${USERHOME}/Sites/apache/httpd-vhosts.conf
EOF
)
Apache 2.4 also disables needed modules by default, so we need to enable them:
sed -i '' 's/^#\(LoadModule ssl_module libexec/mod_ssl.so\)/\1/' $(brew --prefix)/etc/apache2/2.4/httpd.conf
sed -i '' 's/^#\(LoadModule vhost_alias_module libexec/mod_vhost_alias.so\)/\1/' $(brew --prefix)/etc/apache2/2.4/httpd.conf
We'll be using the file ~/Sites/apache/httpd-vhosts.conf to configure our VirtualHosts, but the ~/Sites folder doesn't exist by default in newer versions of OS X. We'll also create folders for logs and SSL files:
mkdir -pv ~/Sites/apache/{logs,ssl}
Let's populate the ~/Sites/apache/httpd-vhosts.conf file. The biggest difference from my previous guides are that you'll see the port numbers are 8080/8443 instead of 80/443. OS X 10.9 and earlier had the ipfw firewall which allowed for port redirecting, so we would send port 80 traffic "directly" to our Apache. But ipfw is now removed and replaced by pf which "forwards" traffic to another port. We'll get to that later, but know that "8080" and "8443" are not typos but are acceptable because of later port forwarding. Also, I've now added a basic SSL configuration (though you'll need to acknowledge warnings in your browser about self-signed certificates):
touch ~/Sites/apache/httpd-vhosts.conf
(export USERHOME=$(dscl . -read /Users/`whoami` NFSHomeDirectory | awk -F"\: " '{print $2}') ; cat > ~/Sites/apache/httpd-vhosts.conf <<EOF
#
# Listening ports.
#
#Listen 8080 # defined in main httpd.conf
Listen 8443
#
# Use name-based virtual hosting.
#
NameVirtualHost *:8080
NameVirtualHost *:8443
#
# Set up permissions for VirtualHosts in ~/Sites
#
<Directory "${USERHOME}/Sites">
Options Indexes FollowSymLinks MultiViews
AllowOverride All
<IfModule mod_authz_core.c>
Require all granted
</IfModule>
</Directory>
# For http://localhost in the users' Sites folder
<VirtualHost _default_:8080>
ServerName localhost
DocumentRoot "${USERHOME}/Sites"
</VirtualHost>
<VirtualHost _default_:8443>
ServerName localhost
Include "${USERHOME}/Sites/apache/ssl/ssl-shared-cert.inc"
DocumentRoot "${USERHOME}/Sites"
</VirtualHost>
#
# VirtualHosts
#
## Manual VirtualHost template for HTTP and HTTPS
#<VirtualHost *:8080>
# ServerName project.dev
# CustomLog "${USERHOME}/Sites/apache/logs/project.dev-access_log" combined
# ErrorLog "${USERHOME}/Sites/apache/logs/project.dev-error_log"
# DocumentRoot "${USERHOME}/Sites/project.dev"
#</VirtualHost>
#<VirtualHost *:8443>
# ServerName project.dev
# Include "${USERHOME}/Sites/apache/ssl/ssl-shared-cert.inc"
# CustomLog "${USERHOME}/Sites/apache/logs/project.dev-access_log" combined
# ErrorLog "${USERHOME}/Sites/apache/logs/project.dev-error_log"
# DocumentRoot "${USERHOME}/Sites/project.dev"
#</VirtualHost>
#
# Automatic VirtualHosts
#
# A directory at ${USERHOME}/Sites/webroot can be accessed at http://webroot.dev
# In Drupal, uncomment the line with: RewriteBase /
#
# This log format will display the per-virtual-host as the first field followed by a typical log line
LogFormat "%V %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combinedmassvhost
# Auto-VirtualHosts with .dev
<VirtualHost *:8080>
ServerName dev
ServerAlias *.dev
CustomLog "${USERHOME}/Sites/apache/logs/dev-access_log" combinedmassvhost
ErrorLog "${USERHOME}/Sites/apache/logs/dev-error_log"
VirtualDocumentRoot ${USERHOME}/Sites/%-2+
</VirtualHost>
<VirtualHost *:8443>
ServerName dev
ServerAlias *.dev
Include "${USERHOME}/Sites/apache/ssl/ssl-shared-cert.inc"
CustomLog "${USERHOME}/Sites/apache/logs/dev-access_log" combinedmassvhost
ErrorLog "${USERHOME}/Sites/apache/logs/dev-error_log"
VirtualDocumentRoot ${USERHOME}/Sites/%-2+
</VirtualHost>
EOF
)
You may have noticed that ~/Sites/apache/ssl/ssl-shared-cert.inc is included multiple times; create that file and the SSL files it needs:
(export USERHOME=$(dscl . -read /Users/`whoami` NFSHomeDirectory | awk -F"\: " '{print $2}') ; cat > ~/Sites/apache/ssl/ssl-shared-cert.inc <<EOF
SSLEngine On
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
SSLCertificateFile "${USERHOME}/Sites/apache/ssl/selfsigned.crt"
SSLCertificateKeyFile "${USERHOME}/Sites/apache/ssl/private.key"
EOF
)
openssl req \
-new \
-newkey rsa:2048 \
-days 3650 \
-nodes \
-x509 \
-subj "/C=US/ST=State/L=City/O=Organization/OU=$(whoami)/CN=*.dev" \
-keyout ~/Sites/apache/ssl/private.key \
-out ~/Sites/apache/ssl/selfsigned.crt
Start Homebrew's Apache and set to start on login:
brew services start httpd24
You may notice that httpd.conf is running Apache on ports 8080 and 8443. Manually adding ":8080" each time you're referencing your dev sites is no fun, but running Apache on port 80 requires root. The next two commands will create and load a firewall rule to forward port 80 requests to 8080, and port 443 requests to 8443. The end result is that we don't need to add the port number when visiting a project dev site, like "http://projectname.dev/" instead of "http://projectname.dev:8080/".
The following command will create the file /Library/LaunchDaemons/co.echo.httpdfwd.plist as root, and owned by root, since it needs elevated privileges:
sudo bash -c 'export TAB=$'"'"'\t'"'"'
cat > /Library/LaunchDaemons/co.echo.httpdfwd.plist <<EOF
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
${TAB}<key>Label</key>
${TAB}<string>co.echo.httpdfwd</string>
${TAB}<key>ProgramArguments</key>
${TAB}<array>
${TAB}${TAB}<string>sh</string>
${TAB}${TAB}<string>-c</string>
${TAB}${TAB}<string>echo "rdr pass proto tcp from any to any port {80,8080} -> 127.0.0.1 port 8080" | pfctl -a "com.apple/260.HttpFwdFirewall" -Ef - && echo "rdr pass proto tcp from any to any port {443,8443} -> 127.0.0.1 port 8443" | pfctl -a "com.apple/261.HttpFwdFirewall" -Ef - && sysctl -w net.inet.ip.forwarding=1</string>
${TAB}</array>
${TAB}<key>RunAtLoad</key>
${TAB}<true/>
${TAB}<key>UserName</key>
${TAB}<string>root</string>
</dict>
</plist>
EOF'
This file will be loaded on login and set up the 80->8080 and 443->8443 port forwards, but we can load it manually now so we don't need to log out and back in:
sudo launchctl load -Fw /Library/LaunchDaemons/co.echo.httpdfwd.plist
The following is for the latest release of PHP, version 5.5. If you'd like to use 5.3, 5.4 or 5.6, simply change the "5.6" and "php56" values below appropriately.
brew install -v homebrew/php/php56
Set timezone and change other PHP settings (sudo is needed here to get the current timezone on OS X) to be more developer-friendly, and add a PHP error log (without this, you may get Internal Server Errors if PHP has errors to write and no logs to write to):
(export USERHOME=$(dscl . -read /Users/`whoami` NFSHomeDirectory | awk -F"\: " '{print $2}') ; sed -i '-default' -e 's|^;\(date\.timezone[[:space:]]*=\).*|\1 \"'$(sudo systemsetup -gettimezone|awk -F"\: " '{print $2}')'\"|; s|^\(memory_limit[[:space:]]*=\).*|\1 512M|; s|^\(post_max_size[[:space:]]*=\).*|\1 200M|; s|^\(upload_max_filesize[[:space:]]*=\).*|\1 100M|; s|^\(default_socket_timeout[[:space:]]*=\).*|\1 600|; s|^\(max_execution_time[[:space:]]*=\).*|\1 300|; s|^\(max_input_time[[:space:]]*=\).*|\1 600|; $a\'$'\n''\'$'\n''; PHP Error log\'$'\n''error_log = '$USERHOME'/Sites/logs/php-error_log'$'\n' $(brew --prefix)/etc/php/5.6/php.ini)
Fix a pear and pecl permissions problem:
chmod -R ug+w $(brew --prefix php55)/lib/php
The optional Opcache extension will speed up your PHP environment dramatically, so let's install it. Then, we'll bump up the opcache memory limit:
brew install -v php56-opcache
/usr/bin/sed -i '' "s|^\(\;\)\{0,1\}[[:space:]]*\(opcache\.enable[[:space:]]*=[[:space:]]*\)0|\21|; s|^;\(opcache\.memory_consumption[[:space:]]*=[[:space:]]*\)[0-9]*|\1256|;" $(brew --prefix)/etc/php/5.5/php.ini
Finally, let's start PHP-FPM:
brew services start php56
Optional: At this point, if you want to switch between PHP versions, you'd want to: brew services stop php55 && brew unlink php55 && brew link php54 && brew services start php54. No need to touch the Apache configuration at all!
A difference now between what I've shown before, is that we don't have to run on port 53 or run dnsmasq as root. The end result here is that any DNS request ending in .dev reply with the IP address 127.0.0.1:
brew install -v dnsmasq
echo 'address=/.dev/127.0.0.1' > $(brew --prefix)/etc/dnsmasq.conf
echo 'listen-address=127.0.0.1' >> $(brew --prefix)/etc/dnsmasq.conf
echo 'port=35353' >> $(brew --prefix)/etc/dnsmasq.conf
Similar to how we run Apache and PHP-FPM, we'll start DNSMasq:
brew services start dnsmasq
With DNSMasq running, configure OS X to use your local host for DNS queries ending in .dev:
sudo mkdir -v /etc/resolver
sudo bash -c 'echo "nameserver 127.0.0.1" > /etc/resolver/dev'
sudo bash -c 'echo "port 35353" >> /etc/resolver/dev'
To test, the command ping -c 3 fakedomainthatisntreal.dev should return results from 127.0.0.1. If it doesn't work right away, try turning WiFi off and on (or unplug/plug your ethernet cable), or reboot your system.