Thursday, March 24, 2011

Run your own unix webserver part2

Earlier this week we installed FreeBSD. Now we'll install some software to host your own website(s).

This document assumes:
  • FreeBSD is already installed
  • you have SSH access to the server
  • you've create a system user named, 'web', running the csh shell
  • your home directory is /home/web
  • you have root access; root also runs csh
  • your comfortable with commandline text edits using VI or VIM
All the above are covered in Part 1 of this series

Formatting Coventions & Notes

# Lines starting with '#' are comments. # Just read them; Don't type them This is a command that should be typed into the terminal
I recommend leaving FTP disabled (FreeBSD's default). FTP is not nearly secure as SFTP or SCP. Almost any modern FTP client is capable of SFTP and the SFTP daemon runs by default on FreeBSD.

You'll also notice that we're compiling all the software from source files, either by downloading the source (PHP, Apache, MySQL) or getting it via FreeBSD's ports system.

I prefer to compile my software on the server, as opposed to downloading a pre-compiled binary because:
  • performance is optimized to your hardware
  • you know exactly what options are turned on or off
  • if something breaks, it's a learning experience
The user web will own PHP's config file (php.ini) and Apache's config file (httpd.conf). This is the primary user that you'll use as the webmaster of this server.

Let's go...

User Account Setup

Account Paths
Since we're compiling Apache and MySQL, we'll tell the shell where to look for those binaries. This allows you to execute short commands like 'apachectl', instead of '/usr/local/apache/bin/apachectl'.
# do the following as web AND as root vi ~/.cshrc # add the following after 'set path = (' /usr/local/apache/bin /usr/local/mysql/bin # As web, open ~/.cshrc and add the following: set prompt="% "

Install A Web Browser And Python

# as root: cd /usr/ports/ftp/wget make install cd /usr/ports/lang/python make install
Now you can download source files like this: "wget http://server/path/file.tar.gz";

Download Source

Get the latest source for:
  1. Mysql
  2. Apache
  3. PHP
For each application, download the *.tar.gz source file.

First, I'll make a /src directory in my home. Then I'll use the websites above to find the URL for the latest source file and download the tar.gz directly on the web server with wget:
wget http://us2.php.net/get/php-5.1.2.tar.gz/from/this/mirror
# as web: mkdir ~/src ~/src/tars cd ~/src # download source wget [mysql source] wget [php source] wget [apache source] # uncompress source tar xvfz mysql* tar xvfz php* tar xvfz httpd* # move compressed source to ~/src/tars # in case we need them later mv *.gz tars
Now you're home directory should look like this:
/home/web /src/ /httpd.../ /mysql.../ /php.../ /tars/ /httpd...tar.gz /mysql...tar.gz /php...tar.gz

MySQL

# as web: cd ~/src/mysql* ./configure --prefix=/usr/local/mysql \ --without-debug \ --with-extra-charsets=none \ --enable-local-infile \ --enable-assembler make # become root su make install ./scripts/mysql_install_db /usr/local/mysql/bin/mysqld_safe --user=root & # Create the MySQL start up script vi /usr/local/etc/rc.d/mysql.sh # add the following to your new, blank file echo -n "Starting MySQL Server"; /usr/local/mysql/bin/mysqld_safe --user=root & # write/quit vi chmod 700 /usr/local/etc/rc.d/mysql.sh # exit out of root
Now load MySQL and setup the root password and the mysql account. You will still have to set up entries into the db table at a later time to allow access to databases for the mysql user.

Replace ROOT-PWD with a password that you want to use for MySQL's root user.
/usr/local/mysql/bin/mysql -u root mysql> UPDATE mysql.user SET password = PASSWORD('ROOT-PWD') WHERE User='root'; mysql> UPDATE mysql.user SET user = 'mysql' WHERE User=''; mysql> FLUSH PRIVILEGES; mysql> exit
Create a user options file for root. This file will contain root's mysql password so he can auto log in.
su vi ~/.my.cnf
Enter the following text into the .my.cnf file.
Change "ROOT-PWD" to the password you used for MySQL's root user.
# Add the following # Example mysql config file. # You can copy this to one of: # /usr/local/mysql/etc/my.cnf to set global options, # mysql-data-dir/my.cnf to set server-specific options (in this # installation this directory is /usr/local/mysql/var) or # ~/.my.cnf to set user-specific options. # # One can use all long options that the program supports. # Run the program with --help to get a list of available options # This will be passed to all mysql clients [client] password = "ROOT-PWD" #port = 3306 #socket = /tmp/mysql.sock # # Here is entries for some specific programs # The following values assume you have at least 32M ram # # The MySQL server [mysqld] #port = 3306 #socket = /tmp/mysql.sock #skip-locking #set-variable = key_buffer=16M #set-variable = max_allowed_packet=1M #set-variable = thread_stack=128K set-variable = max_connections=200 set-variable = ft_min_word_len=3 # Start logging #log # #[mysqldump] #quick #set-variable = max_allowed_packet=16M # #[mysql] #no-auto-rehash # [isamchk] #set-variable = key_buffer=16M set-variable = ft_min_word_len=3 [myisamchk] set-variable = ft_min_word_len=3 [mysqld_safe] time_zone = EDT
Chmod the file
chmod 700 /root/.my.cnf

PHP DEPENDENCIES

# as root, run 'make install' in the following directories cd /usr/ports/security/libmcrypt make install cd /usr/ports/security/mcrypt make install # make install in all the following: cd /usr/ports/ftp/curl cd /usr/ports/databases/freetds cd /usr/ports/textproc/libxml2 cd /usr/ports/textproc/aspell cd /usr/ports/textproc/libxdiff

APACHE 2.X / PHP 5.X

More PHP/Apache2 install info

Apache 2.x
Download apache - http://httpd.apache.org - and install with 'shared-object' (so) support
# as web: cd ~/src/httpd-2* ./configure --prefix=/usr/local/apache \ --with-mpm=worker \ --enable-so \ --enable-cgi \ --enable-info \ --enable-rewrite \ --enable-speling \ --enable-usertrack \ --enable-deflate \ --enable-ssl \ --enable-mime-magic \ --enable-module=expires \ --enable-module=proxy make # as root: make install
PHP 5.x
# as web: cd ~/src/php* ./configure --with-apxs2=/usr/local/apache/bin/apxs \ --with-mysql=/usr/local/mysql \ --enable-calendar \ --enable-trans-sid \ --with-curl=/usr/local \ --with-sybase=/usr/local/freetds \ --enable-ftp \ --with-mcrypt \ --with-pspell \ --with-xdiff make # For new installs, create blank references for the config owned by 'web' # Become root touch /usr/local/lib/php.ini touch /usr/local/lib/php.ini.bak chown web /usr/local/lib/php.ini* # as root: make install # copy the config file cp php.ini-dist /usr/local/lib/php.ini chown web /usr/local/lib/php.ini*
Now PHP and Apache are installed. We still need to edit apache's config file to parse PHP.

Edit httpd.conf
vi /usr/local/apache/conf/httpd.conf # look for "AddType"; add the following three lines # PHP AddType application/x-httpd-php .php AddType application/x-httpd-php-source .phps # Remove the default deny access configuration by # searching for and # commenting out "Deny from all"
Start Apache
apachectl start # Create the Apache start up script vi /usr/local/etc/rc.d/apache.sh # add the following lines to your new, blank file echo -n "Starting Apache Web Server"; /usr/local/apache/bin/apachectl start & # write/quit vi chmod 700 /usr/local/etc/rc.d/apache.sh

PEAR / PHP Modules

PEAR is a repository of helpful PHP classes. They can be installed with the command line tool, pear
# install stable classes # by deault, pear installer deals with stable classes # become root su pear install Mail_Mime pear install PhpDocumentor # install the BETA Excel Writer because it rocks. pear remote-list # if you don't see 'Spreadsheet_Excel_Writer', it's still beta # set pear to beta mode pear config-set preferred_state beta pear remote-list # now you should see Spreadsheet... pear install OLE pear install Spreadsheet_Excel_Writer # change back to stable state pear config-set preferred_state stable # exit from root exit

Ports

You'll need to be root to install these helpful system maintenance applications
# 'make install' for the following cd /usr/ports/graphics/ImageMagick cd /usr/ports/net/cvsup cd /usr/ports/net/cvsup-without-gui cd /usr/ports/sysutils/portupgrade cd /usr/ports/net/rsync

Post Installation

Make directories, links, set permissions
# www directory mkdir /home/www ln -s /home/www /usr/local/ # make 'web' own some apache files chown -R web /home/www /usr/local/apache/cgi-bin /usr/local/apache/conf/httpd.conf # links for web's home dir ln -s /usr/local/apache /home/web/apache ln -s /home/www /home/web/www

Mail

Set up web and root's accounts to forward to you. Mail to the web server (nobody) should be deleted
# as root vi /etc/mail/aliases
add the following lines:
root: user@example.com web: user@example.com
As root, rebuild your mail aliases by typing
newaliases

What's Next

That'll do it for now. Go get some coffee. Open a window and breath some fresh air.

In part 3, we'll configure everything and get a website up and running.

ENJOY!
Posted by Abdulrahman . at 7:43 AM
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)