The Soothingly Seamless Setup of Apache, SSL, MySQL, and PHP - How it Works (
Page 4 of 11 )
It is helpful to
understand what happens behind the scenes. Here is an over-simplification of how
things work. The diagram below and the explanation that follows aren't entirely
accurate but serve as a quick overview for now:
The scenario: We have a
web page that pulls some data out of a DB. John Doe requests this page from his
browser, the request is sent to the web server which in turn calls a PHP script.
The PHP script is interpreted by the PHP preprocessor and pulls data from the
database. The results are then processed by the rest of the PHP script and
turned into HTML. The final HTML then gets sent back to the user's browser.
Let's look at this
step by step:
- John Doe clicks on a link to from his web browser; his web browser sends the
request for http://localhost/test.php.
- Apache gets the request for test.php. It knows that .php files are handled
by the PHP preprocessor (mod_php) because we specified it in the Apache
configuration file, so it tells PHP to deal with it.
- test.php is a PHP script that contains commands. One of these commands is to
open a connection to a database and grab data. PHP handles the connection to the
database, and interprets the SQL calls to extract data from the database.
- The database server gets the connection requests from the PHP interpreter,
and processes the request. The request could be something like a simple select
statement, or a table creation.
- The database then sends the response and results back to PHP interpreter.
- Apache sends the PHP information back to John Doe's browser, as the response
to his request. John Doe now sees a web page containing some information from a
database.
If this had been a request for https://localhost/test.php,
then the process would be a little different.
- Every request and response is encrypted and decrypted at both ends. That is,
the browser connects to Apache, obtains its encryption key, encrypts the request
and sends it over.
- The server sees the request decrypts it and authenticates it. It processes
the file, encrypts it and sends it over. The browser then decrypts it with the
server's key. Keep in mind that since the connections are encrypted, different
ports are used. Port 80 used in the non-secure connection, while port 443 is
used in the secure connection.
Again, that's not 100% correct but it's
a very simplistic overview of what goes on behind the scenes. Now that you have
a basic understanding of what we are trying to accomplish, let's get on to
installing the software.