Ready to rock PHP 7.3 Docker LAMP Stack

I have built a full LAMP stack that comes with the following:

  • Apache
  • PHP 7.3.3
  • Mariadb
  • MailHog
  • XDebug
  • HTTPS Virtualhost with holding page

Here’s how you get a full LAMP stack up and running in no time at all, which will be identical on any platform.

Firstly, install Docker and Virtualbox if you don’t have them. Then create a default base VM.

docker-machine create --driver virtualbox default

OK. So, first thing you need to do is start your VM:

docker-machine start
docker-machine env
eval $(docker-machine env)

You should run eval $(docker-machine env) in any other terminal tabs you open too, this sets up environment vars for setting up docker. Take a note of that IP address, and edit your /etc/hosts file

Ok, lets clone the LAMP stack:

git clone
cd lamp

This is another one off, build the image.

docker-compose build

That’s it! Now start your docker image like this

docker-compose up

and you can finally open your browser to

Bypass HSTS on local dev sites

HTTP Strict Transport Security will BLOCK your dev site if it is using a self signed certificate. And once the browser has given you that, it remembers it, so fixing it doesn’t help until you fix Firefox/Chrome.


  • Close any tabs
  • Ctrl + Shift + H (Cmd + Shift + H on Mac)
  • Find the site in question
  • Right click, forget about this site
  • Close and reopen browser
  • Add certificate exception this time 😎


  • chrome://net-internals/#hsts
  • type the hostname into the Query Domain
  • If found, enter the domain in the Delete domain section 😎


Automate everything! – The power of puPHPet

As you readers probably know, I can’t stand XAMPP and MAMP, being two steaming piles of crap, and have long advocated that you set up VirtualBox & Vagrant, then head over to, fill in the forms to configure your VM,  generate the config.yaml, and then unzip it and run ‘vagrant up’ to install it. Brilliant so far.

Yesterday I had a total downer of a day, trying to run an old legacy PHP 5.3 app. PuPHPet doesn’t have the EOL PHP 5.3, so at first I settled as a one off for MAMP, but it was slow and horrible.

Then I thought, wait! If I don’t configure Apache or PHP in puphpet, I could get a box up and install 5.3 myself. That’s when I discovered the awesomeness of the puphpet/files folder.

The only thing I used in there was the ssh keys. But there are empty folders waiting for .sh files (shell scripts) to be dropped in.

So for this box, I created exec-once/ which contained the following:

yum -y install httpd php
yum -y install php-mysql php-devel php-gd php-pecl-memcache php-pspell php-snmp php-xmlrpc php-xml

Then upon running vagrant provision, it not only looked for changes in config.yaml, but it checks for changes in these files too!

I then made, and, which look like these:

echo "
Adding vhosts to /etc/httpd/conf/httpd.conf
echo "
<VirtualHost *:80>

   DocumentRoot /var/www/fife/web
   ServerName fife
   ErrorLog /var/www/fife/log/error.log

   <Directory "/var/www/fife">
      Options -Indexes +FollowSymLinks
      Order allow,deny
      Allow from all
      AllowOverride All

" >> /etc/httpd/conf/httpd.conf

And …

mysql -u root --password=123 --database=fortdev < /var/www/fife/data/sql_scripts/symf_fortdev.sql

I take it by now you get the idea! So now you can totally destroy your VM, and put any customisations in these shell scripts, so your full setup can be back up in 5 minutes flat with a vagrant up and vagrant provision!!!

You can then also start thinking about using puPHPet for deploying your setup to your production server 🙂 There’s a vagrant plugin called Vagrant Managed Servers, which will take care of that for you. . I haven’t looked at it yet, but of course you can expect a blog post on it here when I figure it all out!!

Self Signed SSL certificates that don’t look self signed

If you’ve ever used a self signed SSL certificate, you’ll know that although the connection is secure, you don’t get the full green padlock in the browser. You’re about to fix that, and speed your website up at the same time.

The secret is to pump your DNS through Cloudflare! If you visit there and sign up, you can add your domain names and point them to your server. By setting up Cloudflare, your site will improve in speed due to cacheing, and be more secure from DDOS attacks.

The first step is to create your SSL certificate. Log in to your server, and run the following commands as the root user:

➜ mcleandigital openssl genrsa -out "/home/mcleandigital/ssl.key" 2048 
Generating RSA private key, 2048 bit long modulus
e is 65537 (0x10001)
➜ mcleandigital openssl req -new -key "/home/mcleandigital/ssl.key" -out "/home/mcleandigital/ssl.csr" 
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
Country Name (2 letter code) [AU]:GB
State or Province Name (full name) [Some-State]:Scotland
Locality Name (eg, city) []:Glasgow
Organization Name (eg, company) [Internet Widgits Pty Ltd]:McLean Digital Limited
Organizational Unit Name (eg, section) []:
Common Name (e.g. server FQDN or YOUR name) []:*
Email Address []

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:McLean Digital Limited
➜ mcleandigital openssl x509 -req -days 1095 -in "/home/mcleandigital/ssl.csr" -signkey "/home/mcleandigital/ssl.key" -out "/home/mcleandigital/ssl.crt" 
Signature ok
subject=/C=GB/ST=Scotland/L=Glasgow/O=McLean Digital Limited/CN=*
Getting Private key

The above output has generated the SSL certificate. Next step is to set your virtual hosts:

<VirtualHost *:80>
    RedirectPermanent /

<VirtualHost *:443>

        DocumentRoot /var/www/

        SSLEngine on
        SSLCertificateKeyFile /home/mcleandigital/ssl.key
        SSLCertificateFile /home/mcleandigital/ssl.crt

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

        <Directory "/var/www/">
                Options -Indexes +FollowSymLinks
                Order allow,deny
                Allow from all
                AllowOverride All
                Require all granted

The above configuration redirects all port 80 traffic to port 443. Now if you restart the server, you will be able to access your website securely, however, the green padlock is not showing. This is expected as usually you would pay for a certificate from a certificate authority (CA) .

Now the fun part. Sign in to, and add your website.They give you instructions, and it’s pretty easy to setup.

If your site is hosted on a different server than your hosting company, you need to change the DNS on the domain name hosting provider to point to cloudflare, and not directly to your server. So a request will hit the domain company, which DNS sends to cloudflare, and the DNS on cloudflare points to the IP of your server.

Lastly, in cloudflare, click on the crypto tab, and set SSL to full. The great thing is, you get the cloudflare certificate presented to the end user, and our self signed certificate is hidden away behind cloudflare!

It turns out domain validated SSL’s will be free from December 3rd anyway (checkout, however, this may still be the better option due to all the nice free features cloudflare offers! As always, have fun!

Export WordPress post URLs

I’m making some Apache redirects from an old domain to a new domain. I need the old domains blog posts to redirect to the new domain. So I need the WordPress permalinks.

In MySQL, you can say the following to get your permalinks.

SELECT wpp.post_title, wpp.guid,wpp.post_date,
    wpo.option_value,'%year%', date_format(wpp.post_date,'%Y'))
    ,'%postname%',wpp.post_name )
    ,'%category%',wpc.slug )
) as permalink
FROM wp_posts wpp
INNER JOIN wp_options wpo ON wpo.option_name='permalink_structure'
INNER JOIN wp_options wpo_su ON wpo_su.option_name='siteurl'
    SELECT wtr.object_id ID, max(wpt.slug) slug
    FROM wp_term_relationships wtr
    INNER JOIN wp_term_taxonomy wtt ON wtt.term_taxonomy_id=wtr.term_taxonomy_id AND wtt.taxonomy='category'
    INNER JOIN wp_terms wpt on wpt.term_id=wtt.term_id
    GROUP BY  wtr.object_id
) wpc ON wpc.ID=wpp.ID
WHERE wpp.post_type = 'post'
AND wpp.post_status = 'publish'
ORDER BY wpp.post_date DESC

Http Basic Auth with Apigility on a puPHPet Vagrant box

If you aren’t using the built in php server for development, and like me you are using a vagrant box configured by puPHPet, this will save you a lot of wasted time wondering why you get 401s and 403s when you aren’t expecting them.

In your vhost section , under the setenv option, we add a new setenvif option:

     - 'Authorization "(.*)" HTTP_AUTHORIZATION=$1'

Without this option, the Authorization header is being stripped! Run vagrant provision, and suddenly everything should be working correctly. Now get on with building that API!