Difference between revisions of "Install a new server (CentOS)"

From Organic Design wiki
(Configuring php.ini)
m
 
(61 intermediate revisions by 4 users not shown)
Line 1: Line 1:
# ---------------------- Installation on wikiexpert.com -------------------------- #
+
{{legacy}}
# Original apache installation in /var/www
+
{{procedure}}
# controlled with /usr/sbin/apachectl
 
# index.shtml is the index file
 
  
# Source install at /usr/local/apache2
+
Generally it's best to add specific users and disable the root login, then use key-based login rather than passwords so that a potential hacker requires a private key to be able to login. And even then is only in an unprivileged account and requires the root password to gain root access.
# Apache now controlled with /usr/local/apache2/bin/apachectl
 
tar -zxvf httpd-2.2.0.tar.gz
 
cd httpd-2.2.0
 
./configure
 
make
 
make install
 
  
# Install zlib for domxml
+
If you don't already have an RSA key-pair, then first generate them on your local Linux host with the following command:
cd /tmp
+
<source lang="bash">
wget http://www.zlib.net/zlib-1.2.3.tar.gz
+
ssh-keygen -t rsa
tar -zxvf zlib-1.2.3.tar.gz
+
</source>
cd zlib-1.2.3
 
./configure
 
make
 
make install
 
  
# Installing mysql 5.0.19 from source
 
wget ftp://mirror.services.wisc.edu/mirrors/mysql/Downloads/MySQL-5.0/mysql-standard-5.0.19-linux-i686.tar.gz
 
tar -zxvf mysql-standard-5.0.19-linux-i686.tar.gz
 
cd mysql-standard-5.0.19-linux-i686
 
#  see INSTALL-BINARY
 
  
/usr/sbin/groupadd mysql
+
Then send me the public key which will be called '''id_rsa.pub''' in a hidden directory called '''.ssh''' in your home directory. I will then create a user for you and add the key to your '''.ssh/authorized_keys''' file (it will need to be created initially for the first key to be added). The following settings were then adjusted in the '''/etc/ssh/sshd_config''' to prevent root or password-based logins.
/usr/sbin/useradd -g mysql mysql
+
<source>
cd /usr/local
+
PermitRootLogin no
gunzip < /tmp/mysql-standard-5.0.19-linux-i686.tar.gz | tar xvf -
+
PasswordAuthentication no
ln -s /usr/local/mysql-standard-5.0.19-linux-i686 mysql
+
</source>
cd mysql
 
./scripts/mysql_install_db --user=mysql
 
chown -R root  .
 
chown -R mysql data
 
chgrp -R mysql .
 
./bin/mysqld_safe --user=mysql &
 
  
  
# Reinstalling ming (php compilation failed) /usr/local/lib/
+
The SSH server was then restarted for the changes to take effect:
# See http://www.opaque.net/wiki/index.php?MingInstall,
+
<source lang="bash">
# http://www.opaque.net/wiki/index.php?PlatformIssues
+
/etc/init.d/sshd restart
cd /tmp
+
</source>
wget http://superb.dl.sourceforge.net/sourceforge/ming/ming-php-0.3.0.tar.gz
 
cd ming-0.3.0
 
cp -rf * ../../php-4.4.2/ext/ming/
 
  
# PHP-4.4.2 (php also having problems - with mysql) e.g.
 
# gcc: ext/pcre/pcrelib/pcre_chartables.o: No such file or directory
 
# pcre is perl compatible regular expressions
 
#  v5.8.3 built for i386-linux-thread-multi (not 5.8.6)
 
# Looks like pcre needs to be installed again :(
 
# http://www.pcre.org/
 
  
# Stupid header file appears to be in the wrong place
+
Login for known users with RSA certicate on the server now goes like this:
# cp /usr/include/pcre/pcre.h /usr/lib
+
<source>
# ./configure --with-mysql --with-pcre-regex=/usr/lib
+
ssh [username]@109.75.175.229
 +
</source>
  
cd /tmp
 
tar -zxvf php-4.4.2.tar.gz
 
cd php-4.4.2
 
./configure --with-apxs2=/usr/local/apache2/bin/apxs --with-mysql=/usr/local/mysql --with-ming --with-xml --with-domxml --with-zlib-dir=/usr/local/lib
 
make
 
make install
 
cp php.ini-dist /usr/local/lib/php.ini
 
vi /usr/local/lib/php.ini
 
# Add to php.ini: LoadModule php4_module libexec/libphp4.so
 
#  Add to php.ini: AddType application/x-httpd-php .php .phtml
 
  
+--------------------------------------------------------------------+
+
== LAMP installation ==
|                        *** WARNING ***                            |
+
By default the server came with only the bare minimum installed (the best way to do it - no desktop, web or database servers, no cpanel). So first install Apache, PHP and MySQL using the [[Wikipedia:Yellowdog Updater, Modified|YUM]] package manager:
|                                                                    |
+
<source lang="bash">
| You chose to compile PHP with the built-in MySQL support. If you  |
+
yum install subversion mysql-server mysql httpd php php-mysql php-soap ImageMagick
| are compiling a server module, and intend to use other server      |
+
 
| modules that also use MySQL (e.g, mod_auth_mysql, PHP 3.0,        |
+
/etc/init.d/httpd start
| mod_perl) you must NOT rely on PHP's built-in MySQL support, and  |
+
/etc/init.d/mysqld start
| instead build it with your local MySQL support files, by adding    |
+
</source>
| --with-mysql=/path/to/mysql to your configure line.               |
+
 
+--------------------------------------------------------------------+
+
 
| License:                                                          |
+
Note that the '''7za''' executable needs to be manually put into '''/bin'''. The ''7zip'' compression utility is far more effective that ''gzip'' for compression wiki databases.
| This software is subject to the PHP License, available in this    |
+
 
| distribution in the file LICENSE. By continuing this installation |
+
Next modify the Apache configuration in '''/etc/httpd/conf/httpd.conf'''. Change the document root from '''/var/www/html''' to '''/var/www''' and then add the following virtual host container to the bottom which allows the wiki to use "friendly URLs":
| process, you are bound by the terms of this license agreement.     |
+
<source lang="apache">
| If you do not agree with the terms of this license, you must abort |
+
<VirtualHost *:80>
| the installation process at this point.                           |
+
 
+--------------------------------------------------------------------+
+
        RewriteEngine On
|                          *** NOTE ***                              |
+
 
|            The default for register_globals is now OFF!            |
+
        RewriteCond %{REQUEST_URI} ^/$
|                                                                    |
+
        RewriteRule .* /wiki/index.php?title=Main_Page [L]
| If your application relies on register_globals being ON, you      |
+
 
| should explicitly set it to on in your php.ini file.               |
+
      RewriteCond %{REQUEST_URI} ^/wiki/images/thumb/./../.*\&
| Note that you are strongly encouraged to read                      |
+
        RewriteRule ^(.*?)\&(.*)$ $1\%26$2
| http://www.php.net/manual/en/security.globals.php                  |
+
 
| about the implications of having register_globals set to on, and  |
+
        RewriteCond %{REQUEST_URI} ^/wiki/images/thumb/./../.+?/[0-9]+px-
| avoid using it if possible.                                       |
+
        RewriteRule ^.+/(.+?)/([0-9]+)px- /wiki/thumb.php?w=$2&f=$1 [L]
+--------------------------------------------------------------------+
+
 
 +
        RewriteCond %{REQUEST_URI} ^/(wiki/|files/|[fF]avicon.ico|[rR]obots.txt)
 +
      RewriteRule (.*) $1 [L]
 +
 
 +
        RewriteCond %{REQUEST_URI} ^/
 +
        RewriteRule (.*) /wiki/index.php$1 [L]
 +
 
 +
</VirtualHost>
 +
</source>
 +
 
 +
 
 +
Test that Apache and PHP are running correctly by going to the IP in the browser and seeing the Apache test page, and then creating a file called '''/var/www/wiki/info.php''' containing '''<?php phpinfo(); ?>''' and then view that file in the browser and seeing the PHP configuration summary.
 +
 
 +
Retrieve the various extensions required, for example:
 +
<source lang="bash">
 +
svn co svn+ssh://nad@organicdesign.co.nz/svn/work/WhatLeadership
 +
 
 +
svn co http://svn.wikimedia.org/svnroot/mediawiki/branches/REL1_16/extensions/Variables
 +
</source>
 +
 
 +
 
 +
Doing it this way allows us to keep the extensions up to date using '''svn update'''.
 +
 
 +
== See also ==
 +
*[[Install a new server]]
 +
[[Category:Installation]]

Latest revision as of 21:30, 3 June 2018

Legacy.svg Legacy: This article describes a concept that has been superseded in the course of ongoing development on the Organic Design wiki. Please do not develop this any further or base work on this concept, this is only useful for a historic record of work done. You may find a link to the currently used concept or function in this article, if not you can contact the author to find out what has taken the place of this legacy item.
Procedure.svg Install a new server (CentOS)
Organic Design procedure

Generally it's best to add specific users and disable the root login, then use key-based login rather than passwords so that a potential hacker requires a private key to be able to login. And even then is only in an unprivileged account and requires the root password to gain root access.

If you don't already have an RSA key-pair, then first generate them on your local Linux host with the following command: 

ssh-keygen -t rsa


Then send me the public key which will be called id_rsa.pub in a hidden directory called .ssh in your home directory. I will then create a user for you and add the key to your .ssh/authorized_keys file (it will need to be created initially for the first key to be added). The following settings were then adjusted in the /etc/ssh/sshd_config to prevent root or password-based logins. 

PermitRootLogin no
PasswordAuthentication no


The SSH server was then restarted for the changes to take effect: 

/etc/init.d/sshd restart


Login for known users with RSA certicate on the server now goes like this: 

ssh [username]@109.75.175.229


LAMP installation

By default the server came with only the bare minimum installed (the best way to do it - no desktop, web or database servers, no cpanel). So first install Apache, PHP and MySQL using the YUM package manager: 

yum install subversion mysql-server mysql httpd php php-mysql php-soap ImageMagick

/etc/init.d/httpd start
/etc/init.d/mysqld start


Note that the 7za executable needs to be manually put into /bin. The 7zip compression utility is far more effective that gzip for compression wiki databases.

Next modify the Apache configuration in /etc/httpd/conf/httpd.conf. Change the document root from /var/www/html to /var/www and then add the following virtual host container to the bottom which allows the wiki to use "friendly URLs": 

<VirtualHost *:80>

        RewriteEngine On

        RewriteCond %{REQUEST_URI} ^/$
        RewriteRule .* /wiki/index.php?title=Main_Page [L]

       	RewriteCond %{REQUEST_URI} ^/wiki/images/thumb/./../.*\&
        RewriteRule ^(.*?)\&(.*)$ $1\%26$2

        RewriteCond %{REQUEST_URI} ^/wiki/images/thumb/./../.+?/[0-9]+px-
        RewriteRule ^.+/(.+?)/([0-9]+)px- /wiki/thumb.php?w=$2&f=$1 [L]

        RewriteCond %{REQUEST_URI} ^/(wiki/|files/|[fF]avicon.ico|[rR]obots.txt)
       	RewriteRule (.*) $1 [L]

        RewriteCond %{REQUEST_URI} ^/
        RewriteRule (.*) /wiki/index.php$1 [L]

</VirtualHost>


Test that Apache and PHP are running correctly by going to the IP in the browser and seeing the Apache test page, and then creating a file called /var/www/wiki/info.php containing <?php phpinfo(); ?> and then view that file in the browser and seeing the PHP configuration summary.

Retrieve the various extensions required, for example: 

svn co svn+ssh://nad@organicdesign.co.nz/svn/work/WhatLeadership

svn co http://svn.wikimedia.org/svnroot/mediawiki/branches/REL1_16/extensions/Variables


Doing it this way allows us to keep the extensions up to date using svn update.

See also

Retrieved from "https://organicdesign.nz/wiki/index.php?title=Install_a_new_server_(CentOS)&oldid=124107"