Apache
Item | OpenIndiana | Solaris 10 | OpenSolaris 2008.11 | Debian |
---|---|---|---|---|
Name | Apache 2.2 | Apache2 | Apache 2.2 | Apache2.2 |
Installation | pfexec pkg install pkg:/web/server/apache-22 | |||
Start Apache | svcadm enable svc:/network/http:apache22 | svcadm enable apache2 | svcadm enable apache22 | service apache2 start |
Restart Apache | svcadm restart apache22 (or /etc/init.d/cswapache restart) | svcadm restart apache2 | svcadm restart apache22 | service apache2 restart |
Reload configuration | service apache2 reload | |||
Default location for web pages | /var/apache2/2.2/htdocs | /var/apache2/htdocs | /var/apache2/2.2/htdocs | /var/www |
Default configuration file | /etc/apache2/2.2/httpd.conf also see subdirectories in conf.d | /etc/apache2/httpd.conf (copied from /etc/apache2/httpd.conf-example) | /etc/apache2/2.2/httpd.conf | /etc/apache2/ |
- edit /etc/apache2/httpd.conf (in particular ServerName). Set if necessary the right Unix username and group:
User webservd Group webservd
- to have the web server automatically load / understand index.php files, add index.php to DirectoryIndex option.
- tune the number of servers and clients. On OpenIndiana, do this in /etc/papache2/2.2/conf.d/modules-64.load
<IfModule prefork.c> ServerLimit 3 MaxClients 5 </IfModule>
-
To disable directory browsing, on Free, put this in .htaccess:
php 1 Options -Indexes
Virtual Hosts
To set up multiple web servers on a same host, listening on different ports, set the Apache configuration as follows:
Listen <IP address>:<port> # put as many lines as necessary, one for each port Port 80 # the default port to listen to DocumentRoot /foo/bar # the path of files for the default port <Directory /foo/bar> # describe options for the default document root path </Directory> NameVirtualHost <IP address>:<port> # defines another web, on another port <VirtualHost IP address:8000> Port 8000 </VirtualHost>
User directories
To enable Apache user directories, see this thread: in file /opt/lampp/etc/httpd.config
If you're using LAMPP, uncomment this line which begins with Include like so:
# User home directories Include <InstallDir>/etc/extra/httpd-userdir.conf
After the </Directory> for the box that begins with <Directory /opt/lampp/xamppfiles/htdocs> add these lines:
# # UserDir: The name of the directory which is appended onto a user's home # directory if a ~user request is received. # <IfModule mod_userdir.so> UserDir Sites </IfModule>
To authorize web pages for users, use mod_userdir.
Password protect files
There are numerous web pages explaining how to use .htaccess to password protect directories of a web server, but it's more difficult to find explanations regarding protection of individual files: this occurs when you want to password protect some files in a given directory, but not all (or not in the same realm).It's very simple, add a <Files> directive to your .htaccess:
<Files ~ "^(IMG|DSC)"> PerlSetVar AuthFile private/passlist.txt AuthName "Private access" AuthType Basic require valid-user </Files>This piece of code requires a valid login to access all files beginning with IMG or DSC.
Adding support for a new MIME type
Let's say you want to add support for .gpg or .asc files which are GPG encrypted files. Then, in /etc/apache2/mods-enabled/mime, add:AddType application/pgp-encrypted .gpg .asc
HTTPS / SSL
Web server | Location |
---|---|
Apache |
|
a2enmod ssl a2ensite default-ssland in the configuration file (/etc/apache2/sites-enabled/000-default-ssl):
SSLEngine on SSLCertificateFile /etc/ssl/private/multiIp.pem SSLCertificateKeyFile /etc/ssl/private/multiIp.keyYou can use a different certificate per virtual host Make sure to listen on 443 port. To disable HTTP (only HTTPs):
a2dissite 000-defaultConfiguring the cipher suite:
SSLCipherSuite SSLv3:TLSv1:-AES256-SHATo check a given cipher suite, see command below. This command lists all available cipher suites with RSA, TLSv& and not MD5, RC4 and DES.
openssl ciphers -v 'RSA:+TLSv1:!MD5:!RC4:!DES' AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1 AES128-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA1 DES-CBC3-SHA SSLv3 Kx=RSA Au=RSA Enc=3DES(168) Mac=SHA1 IDEA-CBC-SHA SSLv3 Kx=RSA Au=RSA Enc=IDEA(128) Mac=SHA1 NULL-SHA SSLv3 Kx=RSA Au=RSA Enc=None Mac=SHA1
Tomcat
Solaris 10 | OpenSolaris | Debian | Ubuntu |
---|---|---|---|
Not tried | Not tried | Not tried | Please follow those instructions. |
- Install a Java virtual machine:
$ sudo apt-get install sun-java6-jdk $ sudo update-alternatives --config java
- Install Tomcat:
$ wget http://mirror.mkhelif.fr/apache/tomcat/tomcat-6/v6.0.18/bin/apache-tomcat-6.0.18.tar.gz $ tar xvzf apache-tomcat-6.0.18.tar.gz $ sudo mv apache-tomcat-6.0.18 /usr/local/tomcat
- Set JAVA_HOME
- Add an admin user in /usr/local/tomcat/conf/tomcat-users.xml
<tomcat-users> <role rolename="manager"/> <role rolename="admin"/> <user username="admin" password="mon mdp" roles="manager,admin"/> </tomcat-users>
- Configure Tomcat: see usr/local/tomcat/conf/server.xml
- Add memory in /usr/local/tomcat/catalina.sh:
JAVA_OPTS="$JAVA_OPTS "-Xmx1024m" "-Xms512m
- Try Tomcat:
/usr/local/tomcat/bin$ ./startup.sh
- Stop Tomcat:
/usr/local/tomcat/bin$ ./shutdown.sh
PHP
OpenIndiana | Solaris 10 | OpenSolaris 2008.11 | Debian | Ubuntu |
---|---|---|---|---|
pkg install pkg:/web/php-52 pkg install pkg:/web/server/apache-22/module/apache-php5 pkg install pkg:/web/php-52/extension/php-mysql |
Get Not tried | Yes. Configuration file is located in /etc/php/5.2/php.ini |
PHP: Debian Installation Tips
# aptitude install apache php5 libapache-mod-php5 # dpkg-reconfigure apache # aptitude install php5-sqlite
PHP: Solaris Installation Tips
- Link /usr/apache2/libexec/libphp5.so to /usr/local/apache2/modules/libphp5.so
- Edit /etc/apache2/httpd.conf. Add the following:
LoadModule php5_module libexec/libphp5.so <IfModule mod_php5.c> php_value include_path ".:/usr/local/php/lib" php_admin_flag safe_mode on ===> or off for some wikis </IfModule>
- Later in that file, add:
# Tell Apache to parse certain extensions as PHP AddType application/x-httpd-php .php .phtml AddType application/x-httpd-php-source .phps
<?php phpinfo(); ?>
MySQL
Solaris | OpenSolaris 2009.06 | OpenIndiana | Debian | Ubuntu |
---|---|---|---|---|
Get it from Yes | Yes. Packages such as SUNWmysql5r, SUNWmysql5u... Also, be sure to start the mysql service: svc:/application/database/mysql:version_51 Have a look at MySQL documentation | Yes. | Yes. There's a package | |
Database is located in /var/mysql/5.1/data | Database is located in /var/lib/mysql | |||
chown -R mysql.root dir |
$ pfexec svccfg svc:> select mysql:version_51 svc:/application/database/mysql:version_51> setprop mysql/enable_64bit=1To refresh mysql: svcadm refresh mysql
Create a mysql user and group:
groupadd mysql && useradd -g mysql mysqlRun the install database script:
bin/mysql_install_db -user=mysqlCopy configuration file from share/mysql/my_medium.cnf to /etc/my.cnf
Launch MySQL with
bin/mysqld_safe &Automatic launching:
- copy share/mysql/mysql.server to /etc/init.d
- then link /etc/rc3.d/S99mysql and /etc/rc0.d/K01mysql
- In that script, set the basedir to /usr/local/mysql and the datadir to /usr/local/mysql/var
# mysql -u root -p Enter password: Welcome to the MySQL monitor. Commands end with ; or \g. ...If you have lost the password, one option is to re-configure the MySQL server.
dpkg-reconfigure mysql-server-5.5To change the password of a user:
$ mysql -u root -p mysql> use mysql; mysql> update user set password=PASSWORD("dsdsds") where User='annuaire'; mysql> flush privileges; Query OK, 0 rows affected (0.00 sec) mysql> quit; ByeTo show the databases,
mysql> show databases;To connect to a database:
mysql -u mobile -p connect mobileTo show tables:
show tables;To do a backup:
mysqldump -u user -p'passw' --all-databases > blah.sqlRestoring a database dumped with mysqldump:
create database db; create user foo identified by 'password'; grant all privileges on db.* to foo; mysql -u foo -p'password' db < db.dumpA database may be created by reading SQL commands
sqlite3 database < script.sqlite
Postgres
sudo su postgres -c /usr/share/davical/dba/create-database.shTo dump the database:
pg_dump -h localhost -U postgres -Fc davical > davical.pgdumpIf you don't want the command to ask for a password all the time, create in ~user a .pgpass file:
hostname:port:database:username:passwordThe default port is 5432. and do:
chmod 600 .pgpass
PhpMyAdmin
Solaris installation tips
Unzip PhpMyAdmin in the web server's root (for example, on Solaris: /var/apache2/htdocs)
cd phpMyAdmin mkdir config chmod o+rw config cp config.inc.php config chmod o+w config/config.inc.php
Open scripts/setup.php in the browser. User & password must match something MySQL knows. Update a few other fields such as:
$cfg['Servers'][$i]['AllowNoPassword'] = false; $cfg['blowfish_secret'] = 'tototata';
mv config/config.inc.php . chmod o-w config.inc.php
Try in your browser: .../phpMyAdmin/index.php : you should be able to log into the database.
Debian installation tips
The configuration file of phpmyadmin is often located in its own directory: /etc/phpmyadmin/apache.conf To disable root remote login,$cfg['Servers'][$i]['auth_type'] = 'cookie'; $cfg['Servers'][$i]['AllowRoot'] = FALSE; .. if (!empty($dbname)) { $cfg['Servers'][$i]['AllowRoot'] = FALSE;
ProFTPD
If you're using LAMPP, the root directory has been modified to /opt/lampp/ftproot.
In /etc/ftpusers, enter users NOT allowed to do ftp. Typically system accounts. To have ProFTPD use this file, make sure the option is enabled in proftpd.conf:
UseFtpUsers on
If FTP is slow, check ReverseDNS is disabled. You should have this in proftpd.conf:
IdentLookups off UseReverseDNS off
Radicale
See this link.apt-get install [--reinstall] radicaleManually add /etc/init.d/radicale to make it a service (service radicale start). Then, launch it by default on host startup:
sudo update-rc.d radicale defaultsConfiguration of radicale : /etc/radicale/config: Those are the main options:
[server] hosts = MyIPAddress:5232 daemon = True ssl = True certificate = /etc/radicale/server.crt key = /etc/radicale/private/server.key realm = Password for Radicale please [auth] type = htpasswd htpasswd_encryption = sha1 [storage] type = filesystem filesystem_folder = /var/lib/radicale/collections [logging] config = /etc/radicale/logging debug = True # to debug [rights] type = from_file file = /etc/radicale/rightsIn /etc/radicale/rights, set access to calendars:
[user/calendar.ics] user: rw user2: r
SSH server
To enable authentication by keys:- in /etc/ssh/sshd_config, make sure you have those:
RSAAuthentication yes PubkeyAuthentication yes AuthorizedKeysFile %h/.ssh/authorized_keys
- on the remote host you want to log from, generate a public key with:
ssh-keygen -t rsa -b 4096
- copy the public key to the SSH server:
ssh-copy-id -i id_rsa.pub user@sshserver
- check on the SSH server that ~/.ssh/authorized_keys is correct
AllowUsers username username2You can even allow a user from a given host only:
AllowUser user@hostTo disable password authentication for some users:
Match User blah PasswordAuthentication no
TinyCA
TinyCA is ... a tiny Certificate Authority tool. It helps you generate and manage certificates. On Ubuntu, install with:sudo apt-get install tinycaLaunch the GUI with
/usr/bin/tinyca2
XAMPP
OpenSolaris 2009.06 | Ubuntu | Debian |
---|---|---|
It does not compile. However, you may be interested by this website | Get it here. By default, it installs in /opt/lampp |
An alternative to installing Apache, PHP, MySQL (etc) consists in using XAMPP, an all-in-one preconfigured package. XAMPP is available for Windows and for Linux where it is called LAMPP.
It is typically installed in /opt/lampp and the daemon can be controlled using the command <installdir>./lampp start
or stop, restart...
On Ubuntus where MySQL is often installed by default, a common problem relies on the fact one mixes up the system's MySQL with LAMPP's MySQL. LAMPP's MySQL is in /opt/lampp subdirectories (configuration, binaries and tables), whereas the system's MySQL is in /usr/bin, /etc etc. A problem with locks may happen. If LAMPP's MySQL refuses to start, try :
sudo ln -s /opt/lampp/var/mysql/mysql.sock /var/run/mysqld/mysqld.sock root@caiman:/var/run/mysqld# ls -al total 8 drwxrwxrwx 2 root root 4096 Sep 27 13:11 . drwxr-xr-x 19 root root 4096 Sep 22 16:11 .. lrwxrwxrwx 1 root root 31 Sep 27 13:11 mysqld.sock -> /opt/lampp/var/mysql/mysql.sock
To harden LAMPP's security, run : <installdir>/lampp security
LAMPP's MySQL databases are located in /opt/lampp/var/mysql.
They may be backuped using the command ./lampp backup, if the backup script has been fixed and, in /opt/lampp/share/lampp/backup, the MySQL command contains a --single-transaction option.
To add users to LAMPP's MySQL database, the easiest way to do it is via PhpMyAdmin's interface.
Configuration of the Apache, ProFTPD (etc) servers are in /opt/lampp/etc.