Difference between revisions of "Install a new server (CentOS)"

From Organic Design wiki
(adjusted from WL install)
Line 1: Line 1:
{{legacy}}
+
{{procedure}}
<bash>
 
#!/bin/bash
 
# ---------------------- Installation on wikiexpert.com -------------------------- #
 
  
# DATA & TIMEZONE
+
Generally it's best to add specific users and disable the root login, then use key-based login rather than passwords so that a potential hacker requires a private key to be able to login. And even then is only in an unprivileged account and requires the root password to gain root access.
# Make sure time is set correctly before wiki install
 
# On Redhat, PERL could not do locale properly and I had to hard-wire Linux zone with
 
cp /etc/localtime /etc/localtime.bak
 
cp /usr/share/zoneinfo/NZ /etc/localtime
 
  
# Original rpm apache installation in /var/www controlled with /usr/sbin/apachectl
+
If you don't already have an RSA key-pair, then first generate them on your local Linux host with the following command:
# /var/www/html/index.shtml is the index file
+
ssh-keygen -t rsa
# Source install at /usr/local/apache2
 
# Apache now controlled with /usr/local/apache2/bin/apachectl
 
cd /tmp
 
wget http://apache.mirror99.com/httpd/httpd-2.2.0.tar.gz
 
tar -zxvf httpd-2.2.0.tar.gz
 
cd httpd-2.2.0
 
./configure --enable-rewrite --enable-ssl
 
make
 
make install ###### NOTE Apche was not installed into init.d #####
 
  
 +
Then send me the public key which will be called '''id_rsa.pub''' in a hidden directory called '''.ssh''' in your home directory. I will then create a user for you and add the key to your '''.ssh/authorized_keys''' file (it will need to be created initially for the first key to be added). The following settings were then adjusted in the '''/etc/ssh/sshd_config''' to prevent root or password-based logins.
  
# ------------------------- Zlib and BZip ------------------------------ #
+
PermitRootLogin no
cd /tmp
+
PasswordAuthentication no
wget http://www.zlib.net/zlib-1.2.3.tar.gz
 
tar -zxvf zlib-1.2.3.tar.gz
 
cd zlib-1.2.3
 
./configure
 
make
 
make install
 
wget http://www.bzip.org/1.0.3/bzip2-1.0.3.tar.gz
 
tar -zxvf bzip2-1.0.3.tar.gz
 
cd bzip2-1.0.3.tar.gz
 
make
 
make install
 
  
 +
The SSH server was then restarted for the changes to take effect:
 +
/etc/init.d/sshd restart
  
# ---------------------  Installing mysql 5.0.19 from source --------------------- #
+
Login for known users with RSA certicate on the server now goes like this:
#  see INSTALL-BINARY
+
  ssh [username]@109.75.175.229
wget ftp://mirror.services.wisc.edu/mirrors/mysql/Downloads/MySQL-5.0/mysql-standard-5.0.19-linux-i686.tar.gz
 
/usr/sbin/groupadd mysql
 
/usr/sbin/useradd -g mysql mysql
 
cd /usr/local
 
gunzip < /tmp/mysql-standard-5.0.19-linux-i686.tar.gz | tar xvf -
 
ln -s /usr/local/mysql-standard-5.0.19-linux-i686 mysql
 
cd mysql
 
./scripts/mysql_install_db --user=mysql
 
chown -R root .
 
chown -R mysql data
 
chgrp -R mysql .
 
./bin/mysqld_safe --user=mysql & ##### NOTE - MySQL was not installed into init.d #####
 
  
 +
== LAMP installation ==
 +
By default the server came with only the bare minimum installed (the best way to do it - no desktop, web or database servers, no cpanel). So first install Apache, PHP and MySQL using the [[Wikipedia:Yellowdog Updater, Modified|YUM]] package manager:
 +
yum install subversion mysql-server mysql httpd php php-mysql php-soap ImageMagick
 +
 +
/etc/init.d/httpd start
 +
/etc/init.d/mysqld start
  
# ---------------------------  ming in /usr/local/lib/ --------------------------- #
+
Note that the '''7za''' executable needs to be manually put into '''/bin'''. The ''7zip'' compression utility is far more effective that ''gzip'' for compression wiki databases.
# See http://www.opaque.net/wiki/index.php?MingInstall,
 
# http://www.opaque.net/wiki/index.php?PlatformIssues
 
cd /tmp
 
wget http://superb-west.dl.sourceforge.net/sourceforge/ming/ming-php-0.3.0.tar.gz
 
tar -zxvf ming-php-0.3.0.tar.gz
 
cd ming-0.3.0/php_ext
 
cp -rf * ../../php-4.4.2/ext/ming/
 
  
# copy png2dbl into /usr/local/apache2/htdocs/wiki/png2dbl
+
Next modify the Apache configuration in '''/etc/httpd/conf/httpd.conf'''. Change the document root from '''/var/www/html''' to '''/var/www''' and then add the following virtual host container to the bottom which allows the wiki to use "friendly URLs":
chown daemon /usr/local/apache2/htdocs/wiki/png2dbl
+
<pre>
chmod 755 /usr/local/apache2/htdocs/wiki/png2dbl
 
mkdir /usr/local/apache2/htdocs/www
 
chown daemon /usr/local/apache2/htdocs/www
 
chmod 777 /usr/local/apache2/htdocs/www
 
 
 
 
 
# ---------------------------------- PHP-4.4.2 ----------------------------------- #
 
cd /tmp
 
wget http://us2.php.net/distributions/php-4.4.2.tar.gz
 
tar -zxvf php-4.4.2.tar.gz
 
cd php-4.4.2
 
./configure --with-apxs2=/usr/local/apache2/bin/apxs --with-mysql=/usr/local/mysql --with-ming
 
      --with-xml --with-domxml --with-zlib-dir=/usr/local/lib
 
make
 
make install
 
cp php.ini-dist /usr/local/lib/php.ini
 
nano /usr/local/lib/php.ini
 
#    memory_limit = 64M
 
#    extension_dir = "/usr/lib/php4/"
 
#    extension=domxml.so
 
#    extension=mbstring.so
 
vi /usr/local/apache2/conf/httpd.conf
 
 
 
# HTTPD.CONF
 
# Add: LoadModule php4_module module/libphp4.so
 
# Add: AddType application/x-httpd-php .php .phtml
 
# Add: index.php to DirectoryIndex directive
 
# Uncomment include of extra/httpd-vhosts
 
# Change document root to /var/www
 
# IMPORTANT: Uncomment the line which says <tt>EnableSendFile off</tt>
 
 
 
# CURRENT VIRTUAL HOSTS FILE
 
NameVirtualHost *:80
 
<VirtualHost *:80>
 
    DocumentRoot /var/www/organicdesign
 
    ServerName organicdesign.co.nz
 
    ServerAlias www.organicdesign.co.nz
 
    RewriteEngine On
 
    RewriteCond %{REQUEST_URI} !^/w.*/
 
    RewriteRule ^/(.*) /wiki/index.php?title=$1 [L]
 
</VirtualHost>
 
 
<VirtualHost *:80>
 
<VirtualHost *:80>
    DocumentRoot /var/www/kaizen
 
    ServerName kaizenexpert.com
 
    ServerAlias www.kaizenexpert.com
 
    RewriteEngine On
 
    RewriteCond %{REQUEST_URI} !^/w.*/
 
    RewriteRule ^/(.*) /wiki/index.php?title=$1 [L]
 
</VirtualHost>
 
  
 +
        RewriteEngine On
  
# ---------------------------------- SCP ----------------------------------- #
+
        RewriteCond %{REQUEST_URI} ^/$
# - you need all this to do SCP from Perl without requiring an linux account with no passwd
+
        RewriteRule .* /wiki/index.php?title=Main_Page [L]
wget http://search.cpan.org/CPAN/authors/id/R/RG/RGIERSIG/IO-Tty-1.02.tar.gz
 
gzip -dc IO-Tty-1.02.tar.gz | tar -xof -
 
cd IO-Tty-1.02
 
perl Makefile.PL
 
make install
 
  
wget http://search.cpan.org/CPAN/authors/id/R/RG/RGIERSIG/Expect-1.15.tar.gz
+
      RewriteCond %{REQUEST_URI} ^/wiki/images/thumb/./../.*\&
gzip -dc Expect-1.15.tar.gz | tar -xof -
+
        RewriteRule ^(.*?)\&(.*)$ $1\%26$2
cd Expect-1.15
 
perl Makefile.PL
 
make install
 
  
wget http://search.cpan.org/CPAN/authors/id/P/PH/PHOENIX/Term-ReadPassword-0.07.tar.gz
+
        RewriteCond %{REQUEST_URI} ^/wiki/images/thumb/./../.+?/[0-9]+px-
gzip -dc Term-ReadPassword-0.07.tar.gz | tar -xof -
+
        RewriteRule ^.+/(.+?)/([0-9]+)px- /wiki/thumb.php?w=$2&f=$1 [L]
cd Term-ReadPassword-0.07
 
perl Makefile.PL
 
make install
 
  
wget http://search.cpan.org/CPAN/authors/id/D/DJ/DJBERG/Net-SCP-Expect-0.12.tar.gz
+
        RewriteCond %{REQUEST_URI} ^/(wiki/|files/|[fF]avicon.ico|[rR]obots.txt)
gzip -dc Net-SCP-Expect-0.12.tar.gz | tar -xof -
+
      RewriteRule (.*) $1 [L]
cd Net-SCP-Expect-0.12
 
perl Makefile.PL
 
make install
 
  
# Setup CPAN
+
        RewriteCond %{REQUEST_URI} ^/
perl -MCPAN -e shell
+
        RewriteRule (.*) /wiki/index.php$1 [L]
# cpan> install Bundle::CPAN
 
# cpan> reload cpan
 
# cpan> install IO::Socket::SSL
 
# cpan> exit
 
  
 +
</VirtualHost>
 +
</pre>
  
# ----------------------- Upgrading gcc to gcc-4.1.1 for R --------------------------- #
+
Test that Apache and PHP are running correctly by going to the IP in the browser and seeing the Apache test page, and then creating a file called '''/var/www/wiki/info.php''' containing '''<?php phpinfo(); ?>''' and then view that file in the browser and seeing the PHP configuration summary.
# Check off list http://gcc.gnu.org/install/prerequisites.html
 
cd /tmp
 
wget ftp://ftp.gwdg.de/pub/misc/gcc/releases/gcc-4.1.1/gcc-4.1.1.tar.bz2
 
bunzip2 gcc-4.1.1.tar.bz2
 
tar -xvf gcc-4.1.1.tar
 
cd gcc-4.1.1
 
./configure --prefix=/usr/local --mandir=/usr/share/man --infodir=/usr/share/info --enable-shared --enable-threads=posix
 
            --disable-checking --disable-libunwind-exceptions --with-system-zlib --enable-__cxa_atexit
 
            --host=i386-redhat-linux --enable-languages=c,c++,fortran
 
make
 
make install
 
  
 +
Retrieve the various extensions required, for example:
 +
<pre>
 +
svn co svn+ssh://nad@organicdesign.co.nz/svn/work/WhatLeadership
  
# -------------------------- Installing R from source -------------------------------- #
+
svn co http://svn.wikimedia.org/svnroot/mediawiki/branches/REL1_16/extensions/Variables
# Two major releases of R each year, currently R-2.3.1
+
</pre>
 +
Doing it this way allows us to keep the extensions up to date using '''svn update'''.
  
cd /tmp
+
== See also ==
wget http://cran.cnr.berkeley.edu/src/base/R-2/R-2.3.1.tar.gz
+
*[[Install a new server]]
tar -zxvf R-2.3.1.tar.gz
 
cd R-2.3.1
 
./configure --with-x=no  # Using fortran compiler in gcc
 
make
 
make install
 
</bash>
 
[[Category:Installation]]
 

Revision as of 12:47, 28 February 2012

Procedure.svg Install a new server (CentOS)
Organic Design procedure

Generally it's best to add specific users and disable the root login, then use key-based login rather than passwords so that a potential hacker requires a private key to be able to login. And even then is only in an unprivileged account and requires the root password to gain root access.

If you don't already have an RSA key-pair, then first generate them on your local Linux host with the following command:

ssh-keygen -t rsa

Then send me the public key which will be called id_rsa.pub in a hidden directory called .ssh in your home directory. I will then create a user for you and add the key to your .ssh/authorized_keys file (it will need to be created initially for the first key to be added). The following settings were then adjusted in the /etc/ssh/sshd_config to prevent root or password-based logins.

PermitRootLogin no
PasswordAuthentication no

The SSH server was then restarted for the changes to take effect:

/etc/init.d/sshd restart

Login for known users with RSA certicate on the server now goes like this:

ssh [username]@109.75.175.229

LAMP installation

By default the server came with only the bare minimum installed (the best way to do it - no desktop, web or database servers, no cpanel). So first install Apache, PHP and MySQL using the YUM package manager:

yum install subversion mysql-server mysql httpd php php-mysql php-soap ImageMagick

/etc/init.d/httpd start
/etc/init.d/mysqld start

Note that the 7za executable needs to be manually put into /bin. The 7zip compression utility is far more effective that gzip for compression wiki databases.

Next modify the Apache configuration in /etc/httpd/conf/httpd.conf. Change the document root from /var/www/html to /var/www and then add the following virtual host container to the bottom which allows the wiki to use "friendly URLs":

<VirtualHost *:80>

        RewriteEngine On

        RewriteCond %{REQUEST_URI} ^/$
        RewriteRule .* /wiki/index.php?title=Main_Page [L]

       	RewriteCond %{REQUEST_URI} ^/wiki/images/thumb/./../.*\&
        RewriteRule ^(.*?)\&(.*)$ $1\%26$2

        RewriteCond %{REQUEST_URI} ^/wiki/images/thumb/./../.+?/[0-9]+px-
        RewriteRule ^.+/(.+?)/([0-9]+)px- /wiki/thumb.php?w=$2&f=$1 [L]

        RewriteCond %{REQUEST_URI} ^/(wiki/|files/|[fF]avicon.ico|[rR]obots.txt)
       	RewriteRule (.*) $1 [L]

        RewriteCond %{REQUEST_URI} ^/
        RewriteRule (.*) /wiki/index.php$1 [L]

</VirtualHost>

Test that Apache and PHP are running correctly by going to the IP in the browser and seeing the Apache test page, and then creating a file called /var/www/wiki/info.php containing <?php phpinfo(); ?> and then view that file in the browser and seeing the PHP configuration summary.

Retrieve the various extensions required, for example:

svn co svn+ssh://nad@organicdesign.co.nz/svn/work/WhatLeadership

svn co http://svn.wikimedia.org/svnroot/mediawiki/branches/REL1_16/extensions/Variables

Doing it this way allows us to keep the extensions up to date using svn update.

See also