Apache WampServer - Getting "It works!" only with https [duplicate]
This is a canonical question about the use of a *AMPP's stack.
I recently had a talk with some experienced people and they suggested to me not to use a WAMP stack, and instead install apache, mysql and php separately.
I don't understand why they have suggested this, though, so can anyone tell me?
Is there a particular disadvantage of WAMP, or a particular advantage to installing all of them separately?
Since a WAMP stack itself is composed of apache, mysql and php, then what's the difference between using the WAMP stack and installing them all separately?
Since a WAMP stack itself is composed of apache, mysql and php, then what's the difference between using the WAMP stack and installing them all separately?
There are many differences, though the three most troubling ones are:
- insecure configuration
- difficulty and lag in upgrades
- non-standard configs/binary locations
To expand on #1: WAMP, MAMP, LAMPP, XAMPP, etc. are designed to be one-click stack installers that make it easy for developers to get to work quickly and with the least resistance possible. As such, many of the configuration values are intentionally left in a very insecure state. This is OK for development work, but incredibly stupid to do in production.
Then, for #2, OS vendors make it very easy to keep your LAMP stack upgraded with the most recent feature updates and security patches. When their packages get released to their official repos, they've been through much testing and the chances of them breaking anything on your system are fairly low. In the vast majority of the time, you're able to upgrade everything with a single command.
Finally, #3: one-click installers place their files in very non-standard locations. As such, when you (or anyone else) go to troubleshoot things, you're left searching all over your filesystem for, say, your php.ini file. When you install a LAMP stack from your distribution's package repo, everything will be in an expected, well-known location.
First of all, apache, php, and MySQL are all *nix applications ported to Windows. It's usually preferred to run tools on their native platforms in production environments.
Secondly, pre-configured *AMP packages generally have extremely vulnerable configurations out of the box. Most packages ship with a readme stating that they're only for dev use and not for production because of this.
If you really want to develop in an environment that mimics production, you'll use a configuration similar to your production environment and you don't get that with WAMP or LAMP packages.
If the question is - using Windows as my platform, why would some people tell me to install Apache, PHP, and MySQL separately rather than as part of a WAMP distribution...
The main reason is that some people have had a negative experience using a "everything including the kitchen-sink" type WAMP distributions that comes with a FTP Server, Mail Server, JSP Server, DNS Server, have issues with upgradability, security ... and that generally make a mess of things.
And at the end of the day, those people would rather install and configure Apache, PHP, and MySQL their own way. And others probably think you'll gain more experience doing it all yourself.
But not all WAMPs are like this, and some are highly though-out frameworks that deal with security, upgradability, and configurations in a proper manner.
There are about a dozen or so WAMPs that you can test, to see how they stack against each other. I always recommend to try out - WampServer, UniformServer, Wamp-Developer Pro, and Xampp to see if one of them fits your needs, and if not, to either set up your own custom WAMP installation/framework, or go with a LAMP environment.