Windows: Creating your first webserver

[kchoman]

Preface:
Here's what we're going to accomplish with this tutorial:

• Learning where to pick up the necessary programs to build a webserver on Windows.
• Learning how to configure our web server to meet our needs.
• Learning where to pick up the necessary IDEs for programming our webserver on Windows.
• Learning how to make our web server accessible from a public network (and the dangers of this).

The Software:
We can break this down to 3 necessary categories:

• The web server
• The database
• The back-end

Now the importance of the back-end category is the fact that we'll be wanting to communicate with the database without giving visitors the ability to see the username and password to access our database. Plus we'll likely be installing applications that will rely on a back-end web language such as PHP or HHVM and so we'll need that category.

So in this tutorial we'll be looking into the benefits, disadvantages, configurating, and updating of the following programs:

Web server	Database	Back-end
Apache	MySQL	PHP
Nginx	SQLite	Hacklang

Apache:
We have many choices for this category but this tutorial will focus on Apache and Nginx.

We'll start off by grabbing the newest stable release of Apache for Windows: Apache 2.4 from ApacheHaus

Since I'm running with a 64-bit version of Windows, I'll choose to download the 64-bit (x64) version of Apache 2.4.

Once I have the download complete, I'll extract the contents of the Apache 2.4 server into a new folder named httpd.

This is how it should appear:

Code:

Server => httpd => INSTALL.txt

Now it's time to create the folder that will store our website files, so move outside the httpd folder and create a new folder named htdocs.

This is how it should appear:

Code:

Server => htdocs

We will now go out of the htdocs folder and go back into the httpd folder and then into the conf folder to begin configuring our web server to recognize files from the htdocs folder and to get things prepared for heavy traffic.

So let's open the httpd.conf file using our text editor of choice; you can use notepad for this but it would be easier to pick up a copy of Notepad++ and edit the conf file using Notepad++.

Delete everything and put this into the httpd.conf file:

Code:

#
# What is the folder that stores the web server files
#
Define SRVROOT "../"
ServerRoot "${SRVROOT}"

#
# Where are the web server files
#
Define WEBROOT "../htdocs"
DocumentRoot "${WEBROOT}"
Listen 80

#
# What modules are enabled
#
LoadModule actions_module 			${SRVROOT}httpd/modules/mod_actions.so
LoadModule alias_module 			${SRVROOT}httpd/modules/mod_alias.so
LoadModule allowmethods_module 			${SRVROOT}httpd/modules/mod_allowmethods.so
LoadModule asis_module 				${SRVROOT}httpd/modules/mod_asis.so
LoadModule auth_basic_module 			${SRVROOT}httpd/modules/mod_auth_basic.so
LoadModule authn_core_module 			${SRVROOT}httpd/modules/mod_authn_core.so
LoadModule authn_file_module 			${SRVROOT}httpd/modules/mod_authn_file.so
LoadModule authz_core_module 			${SRVROOT}httpd/modules/mod_authz_core.so
LoadModule authz_groupfile_module 		${SRVROOT}httpd/modules/mod_authz_groupfile.so
LoadModule authz_host_module 			${SRVROOT}httpd/modules/mod_authz_host.so
LoadModule authz_user_module 			${SRVROOT}httpd/modules/mod_authz_user.so
LoadModule autoindex_module 			${SRVROOT}httpd/modules/mod_autoindex.so
LoadModule cgi_module 				${SRVROOT}httpd/modules/mod_cgi.so
LoadModule dir_module 				${SRVROOT}httpd/modules/mod_dir.so
LoadModule env_module 				${SRVROOT}httpd/modules/mod_env.so
LoadModule include_module			${SRVROOT}httpd/modules/mod_include.so
LoadModule info_module 				${SRVROOT}httpd/modules/mod_info.so
LoadModule isapi_module 			${SRVROOT}httpd/modules/mod_isapi.so
LoadModule log_config_module 			${SRVROOT}httpd/modules/mod_log_config.so
LoadModule lua_module 				${SRVROOT}httpd/modules/mod_lua.so
LoadModule mime_module 				${SRVROOT}httpd/modules/mod_mime.so
LoadModule negotiation_module 			${SRVROOT}httpd/modules/mod_negotiation.so
LoadModule ratelimit_module 			${SRVROOT}httpd/modules/mod_ratelimit.so
LoadModule reflector_module 			${SRVROOT}httpd/modules/mod_reflector.so
LoadModule remoteip_module 			${SRVROOT}httpd/modules/mod_remoteip.so
LoadModule request_module 			${SRVROOT}httpd/modules/mod_request.so
LoadModule rewrite_module 			${SRVROOT}httpd/modules/mod_rewrite.so
LoadModule session_module 			${SRVROOT}httpd/modules/mod_session.so
LoadModule session_cookie_module 		${SRVROOT}httpd/modules/mod_session_cookie.so
LoadModule session_crypto_module 		${SRVROOT}httpd/modules/mod_session_crypto.so
LoadModule setenvif_module 			${SRVROOT}httpd/modules/mod_setenvif.so
LoadModule socache_memcache_module 		${SRVROOT}httpd/modules/mod_socache_memcache.so
LoadModule socache_shmcb_module 		${SRVROOT}httpd/modules/mod_socache_shmcb.so
LoadModule ssl_module 				${SRVROOT}httpd/modules/mod_ssl.so
LoadModule status_module 			${SRVROOT}httpd/modules/mod_status.so
LoadModule watchdog_module 			${SRVROOT}httpd/modules/mod_watchdog.so

#
# Who owns this web server
#
ServerAdmin admin@blank.com
ServerName localhost:80

#
# Prevent users from roaming the filesystem
#
<Directory "${SRVROOT}">
	AllowOverride none
	Require all denied
</Directory>

#
# Allow access to the web server files
#
<Directory "${WEBROOT}">
	Options -Indexes
	AllowOverride none
	Require all granted
</Directory>

#
# Set our index file types
#
<IfModule dir_module>
	DirectoryIndex index.php home.php index.html home.html index.htm home.htm
</IfModule>

#
# Prevent direct access to .htaccess and .htpasswd files
#
<Files ".ht*">
	Require all denied
</Files>

#
# Prevent direct access to sqlite database files
#
<Files "*.db">
	Require all denied
</Files>

#
# Create our error log
#
ErrorLog "logs/error.log"
LogLevel crit

#
# Create our access log
#
<IfModule log_config_module>
	LogFormat "%h %l %u %t \"%r\" %>s %b" common
	CustomLog "logs/access.log" common
</IfModule>

#
# Handle file mimetypes
#
<IfModule mime_module>
	TypesConfig conf/mime.types
</IfModule>

#
# Set custom error pages
#
ErrorDocument 500 "Server-side error."
ErrorDocument 404 "File not found."
ErrorDocument 403 "Access denied."

#
# Import extra configs
#
Include ${SRVROOT}httpd/conf/extra/httpd-autoinde*****nf
Include ${SRVROOT}httpd/conf/extra/httpd-info.conf

Now that we've got our configuration set up, it's time to go out of the conf folder and out of the httpd folder.
To run our apache server we will start by creating a new file named server.bat and insert the following contents:

Code:

start /d "%~dp0httpd\bin" httpd.exe

Double-click on the server.bat file and it should leave a blank command prompt open with the Apache icon to the far-left corner of the title bar.

Now to access your website you can open a new tab in your web browser and set the url to "localhost" or "127.0.0.1" and it should show a page with the text "Access denied." which should go away as soon as you add an index.html or home.html file to the htdocs folder.

MySQL:
We'll start off by grabbing the latest stable release of MySQL: MySQL 5.7.20

Because I have a 64-bit version of Apache running on my computer, I'll grab the 64-bit version of MySQL from the website.

Create a new folder named mysql and extract the contents of the downloaded archive into that folder.

It should look like this:

Code:

Server => mysql => README

Now it's time to create a new folder and name it data, it should look like this:

Code:

Server => mysql => data

Now we will enter the bin folder and open a powershell window there by holding shift and right-clicking on an empty spot (without highlighting any items in the folder) and then select "Open PowerShell window here" (Windows XP/Vista/7/8/8.1 users will have an option to open command prompt instead, so go with that and use the command for CMD):

Code:

PowerShell: ./mysqld.exe --initialize-insecure --datadir=../data
CMD: mysqld.exe --initialize-insecure --datadir=../data

Now you can close out of your PowerShell/Command Prompt window and go out of the bin folder and go out of the mysql folder to modify the server.bat file and add the following to a new line:

Code:

start /d "%~dp0mysql\bin" mysqld.exe

Time to test our database by going back into the mysql folder and then going back into the bin folder and opening a new powershell/command prompt window at that location (like we did earlier) and type the following:

Code:

PowerShell: ./mysql.exe -u root
CMD: mysql.exe -u root

From here we'll be creating two accounts:

• root account with full permissions
• site account with read/write permissions

The concept behind this is to limit the range of commands that an intruder can use if you happen to have an SQL injection on your website. The site account will have no ability to create or modify existing accounts and will not be able to escape the database we create for it (meaning that there's no chance of an intruder using information_schema to gather table and column names).

Let's start by adding a password for the root account:

Code:

alter user 'root'@'localhost' identified by 'MyNewPassword';

Make sure to use your own custom password for this, nobody should be able to access the root account from the website so there's no risk of someone gaining access to the root account by an SQL injection. You will use the root account to create and delete tables and change the password for the site account so you shouldn't lose track of the root password.

Now let's create our site account:

Code:

create database `site`;
create user 'site'@'localhost' identified by 'MySecurePassword';
grant select,insert,update,delete on site.* to 'site'@'localhost';
flush privileges;
exit

Now we can test our permissions by logging into the site account:

Code:

PowerShell: ./mysql.exe -u site -p
CMD: mysql.exe -u site -p

And then entering our secure password and then type in the following to show permissions:

Code:

show grants;

This should pop up:

Code:

+------------------------------------------------------------------------+
| Grants for site@localhost                                              |
+------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'site'@'localhost'                               |
| GRANT SELECT, INSERT, UPDATE, DELETE ON `site`.* TO 'site'@'localhost' |
+------------------------------------------------------------------------+
2 rows in set (0.00 sec)

Then type exit to quit out of the mysql connection and then you can close out of PowerShell/Command prompt.

PHP:
Now we want to go and grab a copy of PHP: PHP on Windows

Since I am using a 64-bit version of Apache, I'll be wanting to grab the latest thread-safe 64-bit version of PHP which is 7.2 in this case. You may need to install Visual C++ 2015 in order to run PHP 7.2 otherwise you may encounter an error when running PHP.

Now we need to create a new folder in the server named apps and then create a new folder named php within the apps folder. It should look like this:

Code:

Server => apps => php

Now we will extract the contents of our PHP zip file into the apps/php folder.

This apps folder will also contain any other web apps that we install to the server such as phpMyAdmin or any of our private server binaries.

Now we're going to copy the php.ini-production file and paste it into the same folder and rename it to php.ini.
We will now go out of the php folder and out of the apps folder and back into the httpd/conf folder to create a new file name php.conf and add the following:

Code:

Define PHPROOT "./apps/php"
LoadModule php7_module ${SRVROOT}apps/php/php7apache2_4.dll
AddType application/x-httpd-php .php
PHPIniDir ${PHPROOT}

Now we will reopen httpd.conf and add the following line at the very bottom of the file:

Code:

Include ${SRVROOT}httpd/conf/php.conf

Now we should be able to run the server and we should be able to run PHP code on our web server.
So from here we will need to enable the following extensions in php.ini to allow access to our database, so go to line 892 in php.ini and begin removing the semicolons from the following extensions:

• mysqli
• pdo_mysql

So this should give us the ability to connect to our database using MySQLi and PDO, but I'd recommend opting out for PDO over MySQLi if you can.

Web Server IDEs:
A web server IDE (Integrated Development Environment) will be able to cover almost all bases from HTML, SQL, XML, JSON, Javascript, PHP, and other languages associated with websites (too many for me to recall at the moment).

As far as we're concerned we have a free choice and a premium choice:

• Free - Netbeans PHP IDE
• Premium - PhpStorm PHP IDE

I've used both IDEs and I know that both of them are available on Windows, Mac OS X, and Linux. I can't recommend one over the other but I'd recommend starting with Netbeans because you don't have to worry about paying for a license in case you find another PHP IDE that you feel more comfortable with (I recommend experimenting with as many IDEs as you can until you find one that you feel most comfortable with, there's no right or wrong choice of IDEs).

What happened to the part about Nginx, SQLite, and Hacklang?
They're on their way but I'm going to take a quick break from this thread so that I can make a spiritual successor teaching others how to protect from multiple types of website vulnerabilities with their webpages.

[Zaczero]

Alternatively you can use xampp and setup everything with just one exe

[CreatePrivateServer]

As Zaczero says, you can use Xampp.

But if you like NGINX, you can go with WTServer.

[NucleaR]

Yea your site wont stay open 24/7 obviously

[jawo60]

SAlamat nanag marami

[gasparzinhod]

Gold stuff bro

[Drag0nis]

looks very good!

[jack9090]

Thank you mate

Preface:
Here's what we're going to accomplish with this tutorial:

• Learning where to pick up the necessary programs to build a webserver on Windows.
• Learning how to configure our web server to meet our needs.
• Learning where to pick up the necessary IDEs for programming our webserver on Windows.
• Learning how to make our web server accessible from a public network (and the dangers of this).

The Software:
We can break this down to 3 necessary categories:

• The web server
• The database
• The back-end

Now the importance of the back-end category is the fact that we'll be wanting to communicate with the database without giving visitors the ability to see the username and password to access our database. Plus we'll likely be installing applications that will rely on a back-end web language such as PHP or HHVM and so we'll need that category.

So in this tutorial we'll be looking into the benefits, disadvantages, configurating, and updating of the following programs:

Web server	Database	Back-end
Apache	MySQL	PHP
Nginx	SQLite	Hacklang

Apache:
We have many choices for this category but this tutorial will focus on Apache and Nginx.

We'll start off by grabbing the newest stable release of Apache for Windows: Apache 2.4 from ApacheHaus

Since I'm running with a 64-bit version of Windows, I'll choose to download the 64-bit (x64) version of Apache 2.4.

Once I have the download complete, I'll extract the contents of the Apache 2.4 server into a new folder named httpd.

This is how it should appear:

Code:

Server => httpd => INSTALL.txt

Now it's time to create the folder that will store our website files, so move outside the httpd folder and create a new folder named htdocs.

This is how it should appear:

Code:

Server => htdocs

We will now go out of the htdocs folder and go back into the httpd folder and then into the conf folder to begin configuring our web server to recognize files from the htdocs folder and to get things prepared for heavy traffic.

So let's open the httpd.conf file using our text editor of choice; you can use notepad for this but it would be easier to pick up a copy of Notepad++ and edit the conf file using Notepad++.

Delete everything and put this into the httpd.conf file:

Code:

#
# What is the folder that stores the web server files
#
Define SRVROOT "../"
ServerRoot "${SRVROOT}"

#
# Where are the web server files
#
Define WEBROOT "../htdocs"
DocumentRoot "${WEBROOT}"
Listen 80

#
# What modules are enabled
#
LoadModule actions_module 			${SRVROOT}httpd/modules/mod_actions.so
LoadModule alias_module 			${SRVROOT}httpd/modules/mod_alias.so
LoadModule allowmethods_module 			${SRVROOT}httpd/modules/mod_allowmethods.so
LoadModule asis_module 				${SRVROOT}httpd/modules/mod_asis.so
LoadModule auth_basic_module 			${SRVROOT}httpd/modules/mod_auth_basic.so
LoadModule authn_core_module 			${SRVROOT}httpd/modules/mod_authn_core.so
LoadModule authn_file_module 			${SRVROOT}httpd/modules/mod_authn_file.so
LoadModule authz_core_module 			${SRVROOT}httpd/modules/mod_authz_core.so
LoadModule authz_groupfile_module 		${SRVROOT}httpd/modules/mod_authz_groupfile.so
LoadModule authz_host_module 			${SRVROOT}httpd/modules/mod_authz_host.so
LoadModule authz_user_module 			${SRVROOT}httpd/modules/mod_authz_user.so
LoadModule autoindex_module 			${SRVROOT}httpd/modules/mod_autoindex.so
LoadModule cgi_module 				${SRVROOT}httpd/modules/mod_cgi.so
LoadModule dir_module 				${SRVROOT}httpd/modules/mod_dir.so
LoadModule env_module 				${SRVROOT}httpd/modules/mod_env.so
LoadModule include_module			${SRVROOT}httpd/modules/mod_include.so
LoadModule info_module 				${SRVROOT}httpd/modules/mod_info.so
LoadModule isapi_module 			${SRVROOT}httpd/modules/mod_isapi.so
LoadModule log_config_module 			${SRVROOT}httpd/modules/mod_log_config.so
LoadModule lua_module 				${SRVROOT}httpd/modules/mod_lua.so
LoadModule mime_module 				${SRVROOT}httpd/modules/mod_mime.so
LoadModule negotiation_module 			${SRVROOT}httpd/modules/mod_negotiation.so
LoadModule ratelimit_module 			${SRVROOT}httpd/modules/mod_ratelimit.so
LoadModule reflector_module 			${SRVROOT}httpd/modules/mod_reflector.so
LoadModule remoteip_module 			${SRVROOT}httpd/modules/mod_remoteip.so
LoadModule request_module 			${SRVROOT}httpd/modules/mod_request.so
LoadModule rewrite_module 			${SRVROOT}httpd/modules/mod_rewrite.so
LoadModule session_module 			${SRVROOT}httpd/modules/mod_session.so
LoadModule session_cookie_module 		${SRVROOT}httpd/modules/mod_session_cookie.so
LoadModule session_crypto_module 		${SRVROOT}httpd/modules/mod_session_crypto.so
LoadModule setenvif_module 			${SRVROOT}httpd/modules/mod_setenvif.so
LoadModule socache_memcache_module 		${SRVROOT}httpd/modules/mod_socache_memcache.so
LoadModule socache_shmcb_module 		${SRVROOT}httpd/modules/mod_socache_shmcb.so
LoadModule ssl_module 				${SRVROOT}httpd/modules/mod_ssl.so
LoadModule status_module 			${SRVROOT}httpd/modules/mod_status.so
LoadModule watchdog_module 			${SRVROOT}httpd/modules/mod_watchdog.so

#
# Who owns this web server
#
ServerAdmin admin@blank.com
ServerName localhost:80

#
# Prevent users from roaming the filesystem
#
<Directory "${SRVROOT}">
	AllowOverride none
	Require all denied
</Directory>

#
# Allow access to the web server files
#
<Directory "${WEBROOT}">
	Options -Indexes
	AllowOverride none
	Require all granted
</Directory>

#
# Set our index file types
#
<IfModule dir_module>
	DirectoryIndex index.php home.php index.html home.html index.htm home.htm
</IfModule>

#
# Prevent direct access to .htaccess and .htpasswd files
#
<Files ".ht*">
	Require all denied
</Files>

#
# Prevent direct access to sqlite database files
#
<Files "*.db">
	Require all denied
</Files>

#
# Create our error log
#
ErrorLog "logs/error.log"
LogLevel crit

#
# Create our access log
#
<IfModule log_config_module>
	LogFormat "%h %l %u %t \"%r\" %>s %b" common
	CustomLog "logs/access.log" common
</IfModule>

#
# Handle file mimetypes
#
<IfModule mime_module>
	TypesConfig conf/mime.types
</IfModule>

#
# Set custom error pages
#
ErrorDocument 500 "Server-side error."
ErrorDocument 404 "File not found."
ErrorDocument 403 "Access denied."

#
# Import extra configs
#
Include ${SRVROOT}httpd/conf/extra/httpd-autoinde*****nf
Include ${SRVROOT}httpd/conf/extra/httpd-info.conf

Now that we've got our configuration set up, it's time to go out of the conf folder and out of the httpd folder.
To run our apache server we will start by creating a new file named server.bat and insert the following contents:

Code:

start /d "%~dp0httpd\bin" httpd.exe

Double-click on the server.bat file and it should leave a blank command prompt open with the Apache icon to the far-left corner of the title bar.

Now to access your website you can open a new tab in your web browser and set the url to "localhost" or "127.0.0.1" and it should show a page with the text "Access denied." which should go away as soon as you add an index.html or home.html file to the htdocs folder.

MySQL:
We'll start off by grabbing the latest stable release of MySQL: MySQL 5.7.20

Because I have a 64-bit version of Apache running on my computer, I'll grab the 64-bit version of MySQL from the website.

Create a new folder named mysql and extract the contents of the downloaded archive into that folder.

It should look like this:

Code:

Server => mysql => README

Now it's time to create a new folder and name it data, it should look like this:

Code:

Server => mysql => data

Now we will enter the bin folder and open a powershell window there by holding shift and right-clicking on an empty spot (without highlighting any items in the folder) and then select "Open PowerShell window here" (Windows XP/Vista/7/8/8.1 users will have an option to open command prompt instead, so go with that and use the command for CMD):

Code:

PowerShell: ./mysqld.exe --initialize-insecure --datadir=../data
CMD: mysqld.exe --initialize-insecure --datadir=../data

Now you can close out of your PowerShell/Command Prompt window and go out of the bin folder and go out of the mysql folder to modify the server.bat file and add the following to a new line:

Code:

start /d "%~dp0mysql\bin" mysqld.exe

Time to test our database by going back into the mysql folder and then going back into the bin folder and opening a new powershell/command prompt window at that location (like we did earlier) and type the following:

Code:

PowerShell: ./mysql.exe -u root
CMD: mysql.exe -u root

From here we'll be creating two accounts:

• root account with full permissions
• site account with read/write permissions

The concept behind this is to limit the range of commands that an intruder can use if you happen to have an SQL injection on your website. The site account will have no ability to create or modify existing accounts and will not be able to escape the database we create for it (meaning that there's no chance of an intruder using information_schema to gather table and column names).

Let's start by adding a password for the root account:

Code:

alter user 'root'@'localhost' identified by 'MyNewPassword';

Make sure to use your own custom password for this, nobody should be able to access the root account from the website so there's no risk of someone gaining access to the root account by an SQL injection. You will use the root account to create and delete tables and change the password for the site account so you shouldn't lose track of the root password.

Now let's create our site account:

Code:

create database `site`;
create user 'site'@'localhost' identified by 'MySecurePassword';
grant select,insert,update,delete on site.* to 'site'@'localhost';
flush privileges;
exit

Now we can test our permissions by logging into the site account:

Code:

PowerShell: ./mysql.exe -u site -p
CMD: mysql.exe -u site -p

And then entering our secure password and then type in the following to show permissions:

Code:

show grants;

This should pop up:

Code:

+------------------------------------------------------------------------+
| Grants for site@localhost                                              |
+------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'site'@'localhost'                               |
| GRANT SELECT, INSERT, UPDATE, DELETE ON `site`.* TO 'site'@'localhost' |
+------------------------------------------------------------------------+
2 rows in set (0.00 sec)

Then type exit to quit out of the mysql connection and then you can close out of PowerShell/Command prompt.

PHP:
Now we want to go and grab a copy of PHP: PHP on Windows

Since I am using a 64-bit version of Apache, I'll be wanting to grab the latest thread-safe 64-bit version of PHP which is 7.2 in this case. You may need to install Visual C++ 2015 in order to run PHP 7.2 otherwise you may encounter an error when running PHP.

Now we need to create a new folder in the server named apps and then create a new folder named php within the apps folder. It should look like this:

Code:

Server => apps => php

Now we will extract the contents of our PHP zip file into the apps/php folder.

This apps folder will also contain any other web apps that we install to the server such as phpMyAdmin or any of our private server binaries.

Now we're going to copy the php.ini-production file and paste it into the same folder and rename it to php.ini.
We will now go out of the php folder and out of the apps folder and back into the httpd/conf folder to create a new file name php.conf and add the following:

Code:

Define PHPROOT "./apps/php"
LoadModule php7_module ${SRVROOT}apps/php/php7apache2_4.dll
AddType application/x-httpd-php .php
PHPIniDir ${PHPROOT}

Now we will reopen httpd.conf and add the following line at the very bottom of the file:

Code:

Include ${SRVROOT}httpd/conf/php.conf

Now we should be able to run the server and we should be able to run PHP code on our web server.
So from here we will need to enable the following extensions in php.ini to allow access to our database, so go to line 892 in php.ini and begin removing the semicolons from the following extensions:

• mysqli
• pdo_mysql

So this should give us the ability to connect to our database using MySQLi and PDO, but I'd recommend opting out for PDO over MySQLi if you can.

Web Server IDEs:
A web server IDE (Integrated Development Environment) will be able to cover almost all bases from HTML, SQL, XML, JSON, Javascript, PHP, and other languages associated with websites (too many for me to recall at the moment).

As far as we're concerned we have a free choice and a premium choice:

• Free - Netbeans PHP IDE
• Premium - PhpStorm PHP IDE

I've used both IDEs and I know that both of them are available on Windows, Mac OS X, and Linux. I can't recommend one over the other but I'd recommend starting with Netbeans because you don't have to worry about paying for a license in case you find another PHP IDE that you feel more comfortable with (I recommend experimenting with as many IDEs as you can until you find one that you feel most comfortable with, there's no right or wrong choice of IDEs).

What happened to the part about Nginx, SQLite, and Hacklang?
They're on their way but I'm going to take a quick break from this thread so that I can make a spiritual successor teaching others how to protect from multiple types of website vulnerabilities with their webpages.

[|Cayn|]

Very informative, though there are always alternatives like xampp, but have seen others preferring this way, is well explained so... nice.

[orangekushqc]

thanks man appreciate

[egycnq]

good info helps alot