Apache

Item	OpenIndiana	Solaris 10	OpenSolaris 2008.11	Debian
Name	Apache 2.2	Apache2	Apache 2.2	Apache2.2
Installation	pfexec pkg install pkg:/web/server/apache-22
Start Apache	svcadm enable svc:/network/http:apache22	svcadm enable apache2	svcadm enable apache22	service apache2 start
Restart Apache	svcadm restart apache22 (or /etc/init.d/cswapache restart)	svcadm restart apache2	svcadm restart apache22	service apache2 restart
Reload configuration				service apache2 reload
Default location for web pages	/var/apache2/2.2/htdocs	/var/apache2/htdocs	/var/apache2/2.2/htdocs	/var/www
Default configuration file	/etc/apache2/2.2/httpd.conf also see subdirectories in conf.d	/etc/apache2/httpd.conf (copied from /etc/apache2/httpd.conf-example)	/etc/apache2/2.2/httpd.conf	/etc/apache2/

edit /etc/apache2/httpd.conf (in particular ServerName). Set if necessary the right Unix username and group:
```
User webservd
Group webservd
```
to have the web server automatically load / understand index.php files, add index.php to DirectoryIndex option.
tune the number of servers and clients. On OpenIndiana, do this in /etc/papache2/2.2/conf.d/modules-64.load
```
<IfModule prefork.c>
    ServerLimit 3
    MaxClients 5
</IfModule>
```
To disable directory browsing, on Free, put this in .htaccess:
```
php 1
Options -Indexes
```

On Gnu+Linux Mint, make sure that files in /var/www belong to www-user.www-user

Virtual Hosts

To set up multiple web servers on a same host, listening on different ports, set the Apache configuration as follows:

Listen <IP address>:<port> # put as many lines as necessary, one for each port
Port 80                    # the default port to listen to
DocumentRoot /foo/bar      # the path of files for the default port
<Directory /foo/bar>
# describe options for the default document root path
</Directory>
NameVirtualHost <IP address>:<port> # defines another web, on another port
<VirtualHost IP address:8000>
Port 8000
</VirtualHost>

User directories

To enable Apache user directories, see this thread: in file /opt/lampp/etc/httpd.config

If you're using LAMPP, uncomment this line which begins with Include like so:

# User home directories
Include <InstallDir>/etc/extra/httpd-userdir.conf

After the </Directory> for the box that begins with <Directory /opt/lampp/xamppfiles/htdocs> add these lines:

#
# UserDir: The name of the directory which is appended onto a user's home
# directory if a ~user request is received.
#
<IfModule mod_userdir.so>
UserDir Sites
</IfModule>

To authorize web pages for users, use mod_userdir.

Password protect files

There are numerous web pages explaining how to use .htaccess to password protect directories of a web server, but it's more difficult to find explanations regarding protection of individual files: this occurs when you want to password protect some files in a given directory, but not all (or not in the same realm).
It's very simple, add a <Files> directive to your .htaccess:

<Files ~ "^(IMG|DSC)">
PerlSetVar AuthFile private/passlist.txt
AuthName "Private access"
AuthType Basic  
require valid-user
</Files>

This piece of code requires a valid login to access all files beginning with IMG or DSC.

Adding support for a new MIME type

Let's say you want to add support for .gpg or .asc files which are GPG encrypted files. Then, in /etc/apache2/mods-enabled/mime, add:

AddType application/pgp-encrypted .gpg .asc

HTTPS / SSL

Web server	Location
Apache	/etc/apache2/ssl.conf Raspbian: /etc/apache2/sites-enabled/000-default-ssl

To enable SSL:

a2enmod ssl
a2ensite default-ssl

and in the configuration file (/etc/apache2/sites-enabled/000-default-ssl):

SSLEngine on
SSLCertificateFile    /etc/ssl/private/multiIp.pem
SSLCertificateKeyFile     /etc/ssl/private/multiIp.key

You can use a different certificate per virtual host Make sure to listen on 443 port. To disable HTTP (only HTTPs):

a2dissite 000-default

Configuring the cipher suite:

SSLCipherSuite SSLv3:TLSv1:-AES256-SHA

To check a given cipher suite, see command below. This command lists all available cipher suites with RSA, TLSv& and not MD5, RC4 and DES.

openssl ciphers -v 'RSA:+TLSv1:!MD5:!RC4:!DES'
AES256-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(256)  Mac=SHA1
AES128-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(128)  Mac=SHA1
DES-CBC3-SHA            SSLv3 Kx=RSA      Au=RSA  Enc=3DES(168) Mac=SHA1
IDEA-CBC-SHA            SSLv3 Kx=RSA      Au=RSA  Enc=IDEA(128) Mac=SHA1
NULL-SHA                SSLv3 Kx=RSA      Au=RSA  Enc=None      Mac=SHA1

Tomcat

Solaris 10	OpenSolaris	Debian	Ubuntu
Not tried	Not tried	Not tried	Please follow those instructions.

In case the page is not available, basically, this is how to do it:

Install a Java virtual machine:

$ sudo apt-get install sun-java6-jdk
$ sudo update-alternatives --config java

Install Tomcat:

$ wget http://mirror.mkhelif.fr/apache/tomcat/tomcat-6/v6.0.18/bin/apache-tomcat-6.0.18.tar.gz
$ tar xvzf apache-tomcat-6.0.18.tar.gz
$ sudo mv apache-tomcat-6.0.18 /usr/local/tomcat

Set JAVA_HOME

Add an admin user in /usr/local/tomcat/conf/tomcat-users.xml

<tomcat-users>
    <role rolename="manager"/>
    <role rolename="admin"/>
    <user username="admin" password="mon mdp" roles="manager,admin"/>
</tomcat-users>

Configure Tomcat: see usr/local/tomcat/conf/server.xml

Add memory in /usr/local/tomcat/catalina.sh:

JAVA_OPTS="$JAVA_OPTS "-Xmx1024m" "-Xms512m

Try Tomcat:
```
/usr/local/tomcat/bin$ ./startup.sh 
```
Stop Tomcat:
```
/usr/local/tomcat/bin$ ./shutdown.sh
```

PHP

OpenIndiana	Solaris 10	OpenSolaris 2008.11	Debian	Ubuntu
pkg install pkg:/web/php-52 pkg install pkg:/web/server/apache-22/module/apache-php5 pkg install pkg:/web/php-52/extension/php-mysql	Get Not tried	Yes. Configuration file is located in /etc/php/5.2/php.ini

PHP: Debian Installation Tips

To support PHP5 on Apache, do the following on Linux (Debian)

# aptitude install apache php5 libapache-mod-php5
# dpkg-reconfigure apache
# aptitude install php5-sqlite

PHP: Solaris Installation Tips

Sunfreeware's package installs in /usr/local/php.

Link /usr/apache2/libexec/libphp5.so to /usr/local/apache2/modules/libphp5.so
Edit /etc/apache2/httpd.conf. Add the following:

LoadModule php5_module libexec/libphp5.so
<IfModule mod_php5.c>
  php_value include_path ".:/usr/local/php/lib"
  php_admin_flag safe_mode on ===> or off for some wikis
</IfModule>

Later in that file, add:

# Tell Apache to parse certain extensions as PHP
AddType application/x-httpd-php .php .phtml
AddType application/x-httpd-php-source .phps

To test a simple PHP page:

<?php
phpinfo();
?>

MySQL

Solaris	OpenSolaris 2009.06	OpenIndiana	Debian	Ubuntu
Get it from Yes	Yes. Packages such as SUNWmysql5r, SUNWmysql5u... Also, be sure to start the mysql service: svc:/application/database/mysql:version_51 Have a look at MySQL documentation		Yes.	Yes. There's a package
		Database is located in /var/mysql/5.1/data	Database is located in /var/lib/mysql
			chown -R mysql.root dir

On OpenIndiana, to set 64 bit support:

$ pfexec svccfg
svc:> select mysql:version_51
svc:/application/database/mysql:version_51> setprop mysql/enable_64bit=1

To refresh mysql: svcadm refresh mysql

Create a mysql user and group:

groupadd mysql && useradd -g mysql mysql

Run the install database script:

bin/mysql_install_db -user=mysql

Copy configuration file from share/mysql/my_medium.cnf to /etc/my.cnf
Launch MySQL with

bin/mysqld_safe &

Automatic launching:

copy share/mysql/mysql.server to /etc/init.d
then link /etc/rc3.d/S99mysql and /etc/rc0.d/K01mysql
In that script, set the basedir to /usr/local/mysql and the datadir to /usr/local/mysql/var

By default, MySQL installs with no password.

# mysql -u root -p
Enter password: 
Welcome to the MySQL monitor.  Commands end with ; or \g.
...

If you have lost the password, one option is to re-configure the MySQL server.

dpkg-reconfigure mysql-server-5.5

To change the password of a user:

$ mysql -u root -p
mysql> use mysql;
mysql> update user set password=PASSWORD("dsdsds") where User='annuaire';
mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)

mysql> quit;
Bye

To show the databases,

mysql> show databases;

To connect to a database:

mysql -u mobile -p
connect mobile

To show tables:

show tables;

To do a backup:

mysqldump -u user -p'passw' --all-databases > blah.sql

Restoring a database dumped with mysqldump:

create database db;
create user foo identified by 'password';
grant all privileges on db.* to foo;
mysql -u foo -p'password' db < db.dump

A database may be created by reading SQL commands

sqlite3 database < script.sqlite

Postgres

sudo su postgres -c /usr/share/davical/dba/create-database.sh

To dump the database:

pg_dump -h localhost -U postgres -Fc davical > davical.pgdump

If you don't want the command to ask for a password all the time, create in ~user a .pgpass file:

hostname:port:database:username:password

The default port is 5432. and do:

chmod 600 .pgpass

PhpMyAdmin

Solaris installation tips

Unzip PhpMyAdmin in the web server's root (for example, on Solaris: /var/apache2/htdocs)

cd phpMyAdmin
mkdir config
chmod o+rw config
cp config.inc.php config
chmod o+w config/config.inc.php

Open scripts/setup.php in the browser. User & password must match something MySQL knows. Update a few other fields such as:

$cfg['Servers'][$i]['AllowNoPassword'] = false;
$cfg['blowfish_secret'] = 'tototata';

mv config/config.inc.php .
chmod o-w config.inc.php

Try in your browser: .../phpMyAdmin/index.php : you should be able to log into the database.

Debian installation tips

The configuration file of phpmyadmin is often located in its own directory: /etc/phpmyadmin/apache.conf To disable root remote login,

$cfg['Servers'][$i]['auth_type'] = 'cookie';
$cfg['Servers'][$i]['AllowRoot'] = FALSE;
..
if (!empty($dbname)) {

$cfg['Servers'][$i]['AllowRoot'] = FALSE;

ProFTPD

If you're using LAMPP, the root directory has been modified to /opt/lampp/ftproot.

In /etc/ftpusers, enter users NOT allowed to do ftp. Typically system accounts. To have ProFTPD use this file, make sure the option is enabled in proftpd.conf:

UseFtpUsers on

If FTP is slow, check ReverseDNS is disabled. You should have this in proftpd.conf:

IdentLookups off
UseReverseDNS off

Radicale

See this link.

apt-get install [--reinstall] radicale

Manually add /etc/init.d/radicale to make it a service (service radicale start). Then, launch it by default on host startup:

sudo update-rc.d radicale defaults

Configuration of radicale : /etc/radicale/config: Those are the main options:

[server]
hosts = MyIPAddress:5232
daemon = True
ssl = True
certificate = /etc/radicale/server.crt
key = /etc/radicale/private/server.key
realm = Password for Radicale please

[auth]
type = htpasswd
htpasswd_encryption = sha1

[storage]
type = filesystem
filesystem_folder = /var/lib/radicale/collections

[logging]
config = /etc/radicale/logging
debug = True # to debug

[rights]
type = from_file
file = /etc/radicale/rights

In /etc/radicale/rights, set access to calendars:

[user/calendar.ics]
user: rw
user2: r

SSH server

To enable authentication by keys:

in /etc/ssh/sshd_config, make sure you have those:

RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile   %h/.ssh/authorized_keys

on the remote host you want to log from, generate a public key with:
```
ssh-keygen -t rsa -b 4096
```

copy the public key to the SSH server:

ssh-copy-id -i id_rsa.pub user@sshserver

check on the SSH server that ~/.ssh/authorized_keys is correct

If you want to allow only some users to use SSH, on the sshd_config do:

AllowUsers username username2

You can even allow a user from a given host only:

AllowUser user@host

To disable password authentication for some users:

Match User blah
PasswordAuthentication no

TinyCA

TinyCA is ... a tiny Certificate Authority tool. It helps you generate and manage certificates. On Ubuntu, install with:

sudo apt-get install tinyca

Launch the GUI with

/usr/bin/tinyca2

XAMPP

OpenSolaris 2009.06	Ubuntu	Debian
It does not compile. However, you may be interested by this website	Get it here. By default, it installs in /opt/lampp

An alternative to installing Apache, PHP, MySQL (etc) consists in using XAMPP, an all-in-one preconfigured package. XAMPP is available for Windows and for Linux where it is called LAMPP.

It is typically installed in /opt/lampp and the daemon can be controlled using the command <installdir>./lampp start or stop, restart...
On Ubuntus where MySQL is often installed by default, a common problem relies on the fact one mixes up the system's MySQL with LAMPP's MySQL. LAMPP's MySQL is in /opt/lampp subdirectories (configuration, binaries and tables), whereas the system's MySQL is in /usr/bin, /etc etc. A problem with locks may happen. If LAMPP's MySQL refuses to start, try :

sudo ln -s /opt/lampp/var/mysql/mysql.sock /var/run/mysqld/mysqld.sock
root@caiman:/var/run/mysqld# ls -al
total 8
drwxrwxrwx  2 root root 4096 Sep 27 13:11 .
drwxr-xr-x 19 root root 4096 Sep 22 16:11 ..
lrwxrwxrwx  1 root root   31 Sep 27 13:11 mysqld.sock -> /opt/lampp/var/mysql/mysql.sock

To harden LAMPP's security, run : <installdir>/lampp security

LAMPP's MySQL databases are located in /opt/lampp/var/mysql. They may be backuped using the command ./lampp backup, if the backup script has been fixed and, in /opt/lampp/share/lampp/backup, the MySQL command contains a --single-transaction option.
To add users to LAMPP's MySQL database, the easiest way to do it is via PhpMyAdmin's interface.

Configuration of the Apache, ProFTPD (etc) servers are in /opt/lampp/etc.