Configuring the Web Service

Let's first configure the web service and the required virtual host before we kick-start the web based installer.

PHP Configuration

Edit the file: /etc/php5/apache2/php.ini, making the following changes to the variables below:

   display_errors              = Off
   log_errors                  = On
   max_execution_time          = 300  # 5 mins
   memory_limit                = 128M

Save the file and quit the editor.

Apache Configuration

a2enmod rewrite

Edit the file /etc/apache2/ports.conf.

Make the following changes:

   Listen 192.168.0.31:80
   NameVirtualHost 192.168.0.31:80

   <IfModule mod_ssl.c>
       Listen 192.168.0.31:443
       NameVirtualHost 192.168.0.31:443
   </IfModule>

Save the file and quit the editor.

We will now configure the default virtual host. Edit the file: /etc/apache2/sites-available/default

Remove all contents of this file and edit and paste the vhost section below. Be sure to edit the marked areas with your IP and HOSTNAME.

       # UPDATE IP
   <VirtualHost 192.168.0.31:80>
       # UPDATE EMAIL ADDRESS
       ServerAdmin zadmin@zivios.net
       # UPDATE HOSTNAME!
       ServerName  master.zivios.net

       DocumentRoot /var/www/vhosts/zpanel/web

       <Directory />
               Options FollowSymLinks
               AllowOverride None
       </Directory>

       <Directory /var/www/vhosts/zpanel/web>
               RewriteEngine on
               RewriteRule .* index.php
               php_flag magic_quotes_gpc off
               php_flag register_globals off
               Options Indexes FollowSymLinks MultiViews
               AllowOverride None
               Order allow,deny
               allow from all
       </Directory>

       <Directory /var/www/vhosts/zpanel/web/public>
               RewriteEngine off
               Options Indexes FollowSymLinks MultiViews
               AllowOverride None
               Order allow,deny
               allow from all
       </Directory>

       ErrorLog /var/www/vhosts/zpanel/application/log/error.log
       LogLevel warn

       CustomLog /var/www/vhosts/zpanel/application/log/access.log combined
       ServerSignature On
   </VirtualHost>

Save the file and quit the editor.

Zivios Web Panel Setup

rm -rf /var/www/apache2-default
mkdir /var/www/vhosts/
mkdir /var/www/vhosts/zpanel
cd /usr/local/src/
cp -R zivios-0.5.0/zivios/* /var/www/vhosts/zpanel
chown -R www-data:www-data /var/www/vhosts/zpanel
find /var/www/vhosts/zpanel -type d -exec chmod 750 {} \;
find /var/www/vhosts/zpanel -type f -exec chmod 640 {} \;

Before we restart apache, we add the user to the ssl-cert group and provision for SUDO access.

adduser www-data ssl-cert

www-data Sudo Access for installation

For the web server to be able to install or compile software, access is required via SUDO. For this purpose, we will TEMPORARILY be giving full root access to the web server by adding it to the 'sudo' group and configuring SUDO to allow full access without a password to the www-data user.

Again, this is a temporary step and will be reverted at the end of the installation.

Edit the file: /etc/sudoers

Add the following line:

   %sudo ALL=NOPASSWD: ALL

Save the file and quit the editor.

adduser www-data sudo
chmod 700 /root
su www-data
sudo ls -la /root
exit

If the above command does not provide a directory listing for /root(if the folder is empty only a . and .. will be displayed -- anything but "permission denied" is okay), then your sudo configuration did not work. Please retrace your steps and ensure sudo is configured properly and working for the sudo group as required.

Note: When people tell you "it's stupid to run a web server as root", they are absolutely right. You should NEVER be running a web service with root user privileges. We introduced this temporary step only to ease the installation process. You must ensure that SUDO provisioning for the www-data group is removed completely and the sudoers file has no trace of the modifications we made.

You will be reminded of these steps at the end of the installation process.

Restart apache via:

/etc/init.d/apache2 restart

Ensure that the web service is listening to only port 80 of the given IP address:

apache2ctl -t -D DUMP_VHOSTS

Create Temporary Extract Folder

We will only run commands via SUDO where it is unavoidable. For all other purposes, we will extract, compile and configure software as the web user. To do this:

mkdir /usr/local/src/zvcompile
chown www-data:www-data /usr/local/src/zvcompile

Enable logging for OpenLDAP

In case of any errors when populating OpenLDAP, enable logging by editing /etc/syslog.conf and adding:

  local4.*                -/var/log/slapd.log

Then restart sysklogd:

/etc/init.d/sysklogd restart

You should now see slapd messages in /var/log/slapd.log.

Web Based Installation

At this point we're ready for the web based installer to take over for the most part. The web installer compiles Openldap, a few ldap modules, heimdal and bind automatically. As such it may take it a while to complete. In the future we would have packages for these but currently compilation is the approach we have taken.

if you get stuck at any point, let us know on the mailing list: zivios-discuss@lists.zivios.org

Point your browser to: http://virtual_host and continue the installation on-line (for this installation example, our virtual host is: http://master.zivios.net).

Post Installation Checklist

After the web based installation, you will want to take care of the following steps:

Remove SUDO access for Web User

To revert changes, simply edit /etc/sudoers again, comment out the line:

   #%sudo ALL=NOPASSWD: ALL

Save the file and quit the editor. Then run:

deluser www-data sudo
/etc/init.d/apache2 restart

Enable services to auto-start on boot, with slapd starting first:

update-rc.d zvslapd defaults 16 80
update-rc.d zvbind defaults
update-rc.d zvkerberos defaults
update-rc.d ziviosagent default