Fresh XAMPP installation — a step-by-step guide

This is more like my private memo, to have a clean check-list of steps I usually undertake, when installing fresh XAMPP for Windows installation. Most steps aren’t unique to my environment, so this article can also help others, that are stuck at some point. Note, that this is purely development environment-oriented installation guide, as XAMPP is not meant to be used as production server.

I assume, you have installed XAMPP in c:\XAMPP\ folder, as it is suggested and as I always do. If you have it somewhere else, then adjusts paths accordingly.

Before you continue, let me list changes, that following guide introduces to base installation of XAMPP:

  1. XDebug and other debugging stuff is disabled, since I’m using Sublime Text 3 over full-blown IDE.
  2. phpMyAdmin is removed (not installed), in favor of lighter and faster Adminer.
  3. Apache configured to:
    • serve websites from websites folder, instead of htdocs,
    • use wildcard-based subdomains instead of vhosts (more info: here and here).
  4. Mail program switched from mailtodisk to sendmail (more info: here).
  5. MySQL’s root, pma and other “harmful” users removed.

I also configure sendmail with my private credentials, purge websites folder and populate it with my projects.

Links in above list (that points to docs hosted at http://biplab.unisa.it/) links to an on-line version of XAMPP’s HOW-To guides, that are normally available only on your local installation of XAMPP. Unfortunately, those are for Linux edition of XAMPP, while my article focuses on Windows issues).

Install XAMPP

Grab newest version of XAMPP for Windows available.

I usually pick non-portable installer version (most often chosen by others), because it:

  • is over 30% smaller than .zip version,
  • allows to uncheck and not install not used elements (like Perl or phpMyAdmin),
  • does all the necessary initial configuration (which must be done manually, when using .zip file),
  • XAMPP as my development environment is meant to be used stable, so using portable version is unnecessary.

Run .exe file and follow all steps, closely looking to not install some ad-ware additions and stuff like that.

Clenaup MySQL users

Run console (execute cmd or click Shell button in XAMPP Control Panel) and login to MySQL as root:

mysql --user=root

Add new user:

CREATE USER 'niftyguy'@'localhost' IDENTIFIED BY 'V3RY5trongPA55W0RD#!';
CREATE USER 'niftyguy'@'%' IDENTIFIED BY 'V3RY5trongPA55W0RD#!';
GRANT ALL PRIVILEGES ON *.* TO 'niftyguy'@'localhost' WITH GRANT OPTION;
GRANT ALL PRIVILEGES ON *.* TO 'niftyguy'@'%' WITH GRANT OPTION;

(we’re creating two accounts to have remote access — details: here and here)

Exit daemon and re-login as newly created user:

mysql --user=niftyguy --password=V3RY5trongPA55W0RD#1

Drop all users, that may cause potential harm to your development environment. Verify process (list users):

SELECT user,host,password from mysql.user;

DROP USER 'root'@'127.0.0.1';
DROP USER 'root'@'::1';
DROP USER ''@'localhost';
DROP USER 'pma'@'localhost';

SELECT user,host,password from mysql.user;

(last DROP command should be omitted, if you want to use phpMyAdmin — I don’t; I prefer Adminer over it)

Configure sendmail

For Linux version of this step, take a look here.

Open c:\XAMPP\php\php.ini, find [mail function] section, set following lines (adjust paths, if necessary):

sendmail_from = postmaster@localhost
sendmail_path = "\"C:\XAMPP\sendmail\sendmail.exe\" -t"
;sendmail_path="C:\XAMPP\mailtodisk\mailtodisk.exe"

This is exactly opposite to default XAMPP installation, in which line pointing to mailtodisk.exe is not commented out (enabled) and line, that points to sendmail.exe is commented out (disabled). Make sure, that sendmail_path exactly matches above value, i.e. contains escaped quotation marks.

Edit c:\XAMPP\sendmail\sendmail.ini and set proper values, for example:

smtp_server=yourhost.com
smtp_port=587
smtp_ssl=tls
error_logfile=error.log
auth_username=niftyguy@mydomain.com
auth_password=V3RY5trongPA55W0RD#!

On certain hostings you may be forced to set default_domain and force_sender.

Setting debug_logfile is not required in most situations as information dumped to error_logfile is usually enough to trace, what is going on, if there are any errors.

In addition, you may use force_recipient to force sending all mails to specified address instead of real receiver. This is often useful, when debugging PHP application, when you want to check some mail-related functionality on real user account, but don’t want to bother that user, by actually sending him/her an e-mail.

You can check, if everything works with piece of PHP code like below:

<?php
$to = 'niftyguy@mydomain.com';
$subject = 'Hello from XAMPP!';
$message = 'This is a test';
$headers = "From: service@localhost\r\n";
if (mail($to, $subject, $message, $headers)) {
   echo "MAIL SENT TO: ".$to;
} else {
   echo "ERROR";
}
?>

Of course, remember, that you need to restart Apache, because you have modified php.ini file.

Change Apache configuration

Open c:\XAMPP\apache\conf\httpd.conf and change two lines around DocumentRoot to:

DocumentRoot "C:/XAMPP/websites"
<Directory "C:/XAMPP/websites">

Save changed configuration file and restart Apache. From this moment on your sites will be served from c:\XAMPP\websites folder instead of c:\XAMPP\htdocs. Why bother? Well… I like it that way (cut off all the crap about increased security due to using non-default folder — it’s a non-sense!).

Cleanup XAMPP folder

Things to consider, when purging XAMPP folder out of necessary files and folders:

  1. You can remove following folders: htdocs, img, security, webdav (if you’re not using WebDAV).
  2. You can get rid of mailoutput and mailtodisk folders, if you’re permanently going to use sendmail for sending mails.
  3. XAMPP team suggests to not remove install folder, so keep it. It poses no security harm.
  4. contrib and locale folders also looks like the one, we can live without.
  5. Remove licenses folder, if you’re nasty anty-law freak or going to use XAMPP solely for yourself and you already know your rights.

You can delete .bat files responsible for starting services, that you haven’t installed (like Mercury, Tomcat and FileZilla in my case). I’m surprised, that installer leaves them, since they’re pretty useless without mother services to operate on.

You can also get rid of changes.txt and passwords.txt files. First hasn’t been updated for years and probably XAMPP team has simply forgot about it. Second one is useless, as it talks about passwords that are already changed or to access services, that are not installed.

Install Adminer

Skip this point, if you’re going to use phpMyAdmin.

“Install” is a good word, because Adminer is a one-file database management tool, that is ready out-of-the-box, without any installation or configuration. In its simplest version, you can simply copy adminer[-version][-mysql][-en].php file to your websites folder and start using it from there (login with MySQL user).

If you, however, would like to use alternative designs (I’m using great FLAT UI Flavored Adminer Theme) or plugins then putting it into separate directory may be unavoidable. In this case, since we don’t want to mess with projects kept in websites, we move it to root XAMPP folder (c:\XAMPP\adminer). For this, we need to again tweak Apache a little bit.

Open c:\XAMPP\apache\conf\extra\httpd-xampp.conf, find following block:

Alias /phpmyadmin "C:/XAMPP/phpMyAdmin/"
<Directory "C:/XAMPP/phpMyAdmin">
    AllowOverride AuthConfig
    Require all granted
</Directory>

and change phpMyAdmin to adminer in it. Replace it in LocationMatch string below, if you want to secure Adminer to be accessed from localhost only.

You can remove other aliases blocks here, if you’re not using particular service or if such block points to a non-existing directory (removed in previous step).

Restart Apache for above changes to take effect. Remember, that if you want to use just localhost/adminer URL, then you must rename Adminer’s file to index.php or else the whole things will fail on XAMPP security checking. You don’t have to rename file, if you haven’t touched LocationMatch string in Apache extra configuration (see above) or if you’re going to use Adminer with some plugins (see below).

You can use Adminer to drop some databases (like phpmyadmin and test). Or you can use database-hide.php plugin (see below) to hide them.

Adding plugins to Adminer

There are a lot of plugins for Adminer to consider.

I’m using: database-hide, dump-json, edit-foreign, enum-option, json-column and login-servers.

There’s a special section on Adminer’s Plugins site to show you, how to use plugins with it. In general, this task is reduced to saving provided example PHP code into c:\XAMPP\adminer\index.php and changing $plugins = array() to include class names of plugins, you’re going to use (with optional init parameters, if required).

In my case this file looks like that:

<?php
function adminer_object() {
    include_once "./plugins/plugin.php";
    
    foreach (glob("plugins/*.php") as $filename) {
        include_once "./$filename";
    }
    
    $plugins = array(
        new AdminerDatabaseHide(array
        (
            'cdcol',
            'information_schema',
            'mysql',
            'performance_schema',
            'webauth'
        )),
        new AdminerDumpJson,
        new AdminerEditForeign,
        new AdminerEnumOption,
        new AdminerJsonColumn,
        new AdminerLoginServers(array
        (
            'localhost',
            'remoteserver.noip.me'
        ))
    );
    
    return new AdminerPlugin($plugins);
}

include "./adminer.php";
?>

Current version of Adminer is saved in adminer.php file and I call Adminer with plugins, by running localhost/adminer URL, which executes index.php with above mentioned code.

Configure virtual hosts

For Linux version of this step, take a look here. For more information — here.

Open c:\XAMPP\apache\conf\extra\httpd-vhosts.conf. Remove commented out example block and put this instead:

<VirtualHost *:80>
       DocumentRoot "C:/xampp/websites/"
       ServerName localhost
</VirtualHost>
<VirtualHost *:80>
       DocumentRoot "C:/xampp/websites/project"
       ServerName project.localhost
</VirtualHost>

Repeat this step for every other project. Save file and restart Apache.

Edit C:\windows\system32\drivers\etc\hosts file. It must be opened with Administrator privileges. At the end there are lines:

	127.0.0.1       localhost
#	::1             localhost

(uncomment first, if it is commented out, but leave commented out second one)

Directly below add as many lines as virtual hosts you have created:

	127.0.0.1       project.localhost

Save file and test whole thing, by running http://project.localhost/ URL in your browser.

Since hosts file is part of Windows, not XAMPP, then you must repeat last step on every computer, where you want to use this particular XAMPP installation with virtual hosts.

Leave a Reply