The Perfect Server - CentOS 5.5 x86_64 [ISPConfig 3] - Page 5

Want to support HowtoForge? Become a subscriber!
 
Submitted by falko (Contact Author) (Forums) on Thu, 2010-05-27 15:57. ::

15 Installing Apache2 With mod_php, mod_fcgi/PHP5, And suPHP

ISPConfig 3 allows you to use mod_php, mod_fcgi/PHP5, cgi/PHP5, and suPHP on a per website basis.

mod_fcgid is not available in the official CentOS repositories, but there's a package for CentOS 5.x in the centos.karan.org testing repository. We enable the repository as follows:

cd /etc/yum.repos.d/
wget http://centos.karan.org/kbsingh-CentOS-Extras.repo

Next we open /etc/yum.repos.d/kbsingh-CentOS-Extras.repo...

vi /etc/yum.repos.d/kbsingh-CentOS-Extras.repo

... and set gpgcheck to 0 and enabled to 1 in the [kbs-CentOS-Testing] section:

[...]
[kbs-CentOS-Testing]
name=CentOS.Karan.Org-EL$releasever - Testing
gpgcheck=0
gpgkey=http://centos.karan.org/RPM-GPG-KEY-karan.org.txt
enabled=1
baseurl=http://centos.karan.org/el$releasever/extras/testing/$basearch/RPMS/

Afterwards we can install Apache2with mod_php5, mod_fcgid, and PHP5:

yum install php php-devel php-gd php-imap php-ldap php-mysql php-odbc php-pear php-xml php-xmlrpc php-eaccelerator php-mbstring php-mcrypt php-mhash php-mssql php-snmp php-soap php-tidy curl curl-devel perl-libwww-perl ImageMagick libxml2 libxml2-devel mod_fcgid php-cli httpd-devel

Next we open /etc/php.ini...

vi /etc/php.ini

... and change the error reporting (so that notices aren't shown any longer) and add cgi.fix_pathinfo = 1 at the end of the file:

[...]
;error_reporting  =  E_ALL
error_reporting = E_ALL & ~E_NOTICE
[...]
cgi.fix_pathinfo = 1

Next we install suPHP:

cd /tmp
wget http://suphp.org/download/suphp-0.7.1.tar.gz
tar xvfz suphp-0.7.1.tar.gz
cd suphp-0.7.1/
./configure --prefix=/usr --sysconfdir=/etc --with-apr=/usr/bin/apr-1-config --with-apxs=/usr/sbin/apxs --with-apache-user=apache --with-setid-mode=owner --with-php=/usr/bin/php-cgi --with-logfile=/var/log/httpd/suphp_log --enable-SUPHP_USE_USERGROUP=yes
make
make install

Then we add the suPHP module to our Apache configuration...

vi /etc/httpd/conf.d/suphp.conf

LoadModule suphp_module modules/mod_suphp.so

... and create the file /etc/suphp.conf as follows:

vi /etc/suphp.conf

[global]
;Path to logfile
logfile=/var/log/httpd/suphp.log
;Loglevel
loglevel=info
;User Apache is running as
webserver_user=apache
;Path all scripts have to be in
docroot=/
;Path to chroot() to before executing script
;chroot=/mychroot
; Security options
allow_file_group_writeable=true
allow_file_others_writeable=false
allow_directory_group_writeable=true
allow_directory_others_writeable=false
;Check wheter script is within DOCUMENT_ROOT
check_vhost_docroot=true
;Send minor error messages to browser
errors_to_browser=false
;PATH environment variable
env_path=/bin:/usr/bin
;Umask to set, specify in octal notation
umask=0077
; Minimum UID
min_uid=100
; Minimum GID
min_gid=100
[handlers]
;Handler for php-scripts
x-httpd-suphp="php:/usr/bin/php-cgi"
;Handler for CGI-scripts
x-suphp-cgi="execute:!self"

Finally we restart Apache:

/etc/init.d/httpd restart

 

16 Install PureFTPd

PureFTPd can be installed with the following command:

yum install pure-ftpd

Then create the system startup links and start PureFTPd:

chkconfig --levels 235 pure-ftpd on
/etc/init.d/pure-ftpd start

 

17 Install A Chrooted DNS Server (BIND9)

To install a chrooted BIND9, we do this:

yum install bind-chroot

Then do this:

chmod 755 /var/named/
chmod 775 /var/named/chroot/
chmod 775 /var/named/chroot/var/
chmod 775 /var/named/chroot/var/named/
chmod 775 /var/named/chroot/var/run/
chmod 777 /var/named/chroot/var/run/named/
cd /var/named/chroot/var/named/
ln -s ../../ chroot
touch /var/named/chroot/var/named/named.local
cp /usr/share/doc/bind-9.3.6/sample/var/named/named.root /var/named/chroot/var/named/named.root
touch /var/named/chroot/etc/named.conf.local
vi /var/named/chroot/etc/named.conf

//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
        listen-on port 53 { any; };
        listen-on-v6 port 53 { any; };
        directory       "/var/named/chroot/var/named";
        dump-file       "/var/named/chroot/var/named/data/cache_dump.db";
        statistics-file "/var/named/chroot/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/chroot/var/named/data/named_mem_stats.txt";
        allow-query     { any; };
        recursion yes;
};
logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};
zone "." IN {
        type hint;
        file "named.root";
};
include "/var/named/chroot/var/named/named.local";

chkconfig --levels 235 named on
/etc/init.d/named start

BIND will run in a chroot jail under /var/named/chroot/var/named/. I will use ISPConfig to configure BIND (zones, etc.).

 

18 Install Vlogger And Webalizer

Vlogger and webalizer can be installed as follows:

yum install webalizer perl-DateTime-Format-HTTP perl-DateTime-Format-Builder

cd /tmp
wget http://n0rp.chemlab.org/vlogger/vlogger-1.3.tar.gz
tar xvfz vlogger-1.3.tar.gz
mv vlogger-1.3/vlogger /usr/sbin/
rm -rf vlogger*

 

19 Install Jailkit

Jailkit is needed only if you want to chroot SSH users. It can be installed as follows (important: Jailkit must be installed before ISPConfig - it cannot be installed afterwards!):

cd /tmp
wget http://olivier.sessink.nl/jailkit/jailkit-2.11.tar.gz
tar xvfz jailkit-2.11.tar.gz
cd jailkit-2.11
./configure
make
make install
cd ..
rm -rf jailkit-2.11*

 

20 Install fail2ban

This is optional but recommended, because the ISPConfig monitor tries to show the log:

yum install fail2ban

chkconfig --levels 235 fail2ban on
/etc/init.d/fail2ban start

 

21 Install rkhunter

rkhunter can be installed as follows:

yum install rkhunter

up

Copyright © 2010 Falko Timme
All Rights Reserved.
add comment | view as pdf view as pdf | print: this | all page(s)
Please do not use the comment function to ask for help! If you need help, please use our forum.
Comments will be published after administrator approval.
Next we install suPHP
Submitted by Vladimir (not registered) on Sat, 2011-04-02 08:27.

Next we install suPHP:cd /tmpwget http://suphp.org/download/suphp-0.7.1.tar.gzcan't download suPHP, saying conecting to suphp.org:78.46.242.34:80... connectedHTTP request sent, awaithing for response. and here hangs... After 3-5 min i get:Read error (Connection reset by peer) in headers.Retrying.

reply | view as pdf view as pdf
Fails to Start BIND
Submitted by Anonymous (not registered) on Fri, 2011-03-18 12:45.

I have followed all the tutorial successfully but I have following error, please advice me to resolve following error[root@rizserver ~]# /etc/init.d/named restartStopping named:                                                                                             [ OK ]Starting named:Error in named configuration:/etc/named.conf:5: unknown option 'DNS'                                                                                                                     [FAILED]ISPconfig showing DNS service Offline

reply | view as pdf view as pdf
Re: Fails to Start BIND
Submitted by jimmy (not registered) on Tue, 2012-05-22 07:56.

don't just copy and paste those informations, take a look on this when you copy and paste 

//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8)
 DNS -->> this will be the error
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
        listen-on port 53 { any; };
        listen-on-v6 port 53 { any; };
        directory       "/var/named/chroot/var/named";
        dump-file       "/var/named/chroot/var/named/data/cache_dump.db";
        statistics-file "/var/named/chroot/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/chroot/var/named/data/named_mem_stats.txt";
        allow-query     { any; };
        recursion yes;
};
logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};
zone "." IN {
        type hint;
        file "named.root";
};
include "/var/named/chroot/var/named/named.local";
reply | view as pdf view as pdf
dependency problems with php-mhash
Submitted by stikk (not registered) on Fri, 2011-02-11 14:41.

Since PHP 5.3.0 php-mhash was removed

 so if you are using remi-repo or eq.  remove the php-mhash from the yum install line

reply | view as pdf view as pdf
vps users having problems
Submitted by akamarinos (registered user) on Tue, 2011-01-25 20:52.

vps users having problems with pure-ftpd

could also try:

 

i386

wget http://download.fedora.redhat.com/pub/epel/5/i386/pure-ftpd-1.0.29-1.el5.1.i386.rpm

rpm -ivh  pure-ftpd-1.0.29-1.el5.1.i386.rpm

 

x86_64

wget http://download.fedora.redhat.com/pub/epel/5/x86_64/pure-ftpd-1.0.29-1.el5.1.x86_64.rpm

rpm -ivh  pure-ftpd-1.0.29-1.el5.1.x86_64.rpm

reply | view as pdf view as pdf
Re: vps users having problems
Submitted by Anonymous (not registered) on Sun, 2011-05-22 20:42.
Thank you! I was following "The Perfect Server - CentOS 5.6 x86_64 [ISPConfig 3]" guide and ran into problems in the pure-ftpd section. This fixed my issue. I have VPS hosting from VolumeDrive.
reply | view as pdf view as pdf
If you install pure-ftpd in
Submitted by Uncher (not registered) on Fri, 2010-12-10 09:15.

If you install pure-ftpd in VPS server (OpenVZ or Virtuozzo based): chkconfig --levels 235 pure-ftpd on yum -y install mysql-devel.x86_64 pam-devel.x86_64 wget http://download.pureftpd.org/pub/pure-ftpd/releases/pure-ftpd-1.0.29.tar.gz tar xzfv pure-ftpd-1.0.29.tar.gzcd pure-ftpd-1.0.29./configure --without-capabilities --with-virtualchroot --with-mysql --with-pam --with-altlog --with-wrapper --with-mysql --with-cookie --with-throttling --with-ratios --with-paranoidmsg --with-quotasmake && make install /etc/init.d/pure-ftpd start

reply | view as pdf view as pdf
fail2ban (not installed in the GUI)
Submitted by steve (not registered) on Wed, 2010-12-08 14:22.

after the successfull installation of ISPConfig 3 the monitoring interface told me that fail2ban is not installed. After checking I found that it is installed and running. Finally i added a symink for fail2ban. This worked fine.

So if anyone has issues showing fail2ban in the monitoring gui just add a symlink like this:

ln -s /usr/share/fail2ban/ /usr/bin/fail2ban

Thanks to the ISPConfig Team your software really ROCK!!!!!!

reply | view as pdf view as pdf
BIND DNS would not resolve, but I fixed it...
Submitted by rwheindl (not registered) on Tue, 2010-11-23 00:36.

I spent a few days trying to get DNS to resolve using "dig @localhost mydomain.com" and found an error in the last line of /var/named/chroot/etc/named.conf.

ISPConfig 3 defaults to: /var/named/chroot/var/named/named.local
This setting is found under: SYSTEM -> Server Config -> DNS

However, the instructions for named.conf file sets it to:
include "/var/named/chroot/etc/named.conf.local";

Had to change it to reflect the setting in ISPConfig to get bind to resolve names properly:
include "/var/named/chroot/var/named/named.local";

 Then run "/etc/init.d/named restart" with the corrected setting.

reply | view as pdf view as pdf
Pure-FTPd failed
Submitted by rohitbanerjee (registered user) on Tue, 2010-11-16 15:43.

I tried installing Pure-FTPd, followed the 3-line instructions but got this instead ...

yum install pure-ftpd
chkconfig --levels 235 pure-ftpd on
/etc/init.d/pure-ftpd start

Starting pure-ftpd:                                        [FAILED]

reply | view as pdf view as pdf
Re: Pure-FTPd failed
Submitted by rohitbanerjee (registered user) on Wed, 2010-11-17 14:52.

For all those who had the this issue, I googled and found this solutions to be very helpful. Perhaps it only affects those who are using VPS, particularly a Virtuozzo Parallel Power Panel setup.

http://blog.newart-design.net/tag/centos-pure-ftpd-install/

reply | view as pdf view as pdf
Re: Re: Pure-FTPd failed
Submitted by Anonymous (not registered) on Sun, 2010-12-05 15:30.

Worked for me... Need to lookup the current version of pureftpd at ftp://ftp.pureftpd.org/pub/pure-ftpd/releases/

 Also, need to make sure you have mysql-devel package installed.

reply | view as pdf view as pdf
Re: Re: Re: Pure-FTPd failed
Submitted by Anonymous (not registered) on Wed, 2011-03-02 14:09.

On my centos 64 yum was trying to install both 32 and 64 versions of mysql-devel. This helped:

 yum install mysql-devel.x86_64

reply | view as pdf view as pdf
Instructions for step 19 do not work
Submitted by Joseph Mouhanna (not registered) on Tue, 2010-11-09 13:39.

The proper version to use is 2.13, not 2.11 (tar does not work on 2.11) You should use the following instead:

 

cd /tmp
wget http://olivier.sessink.nl/jailkit/jailkit-2.13.tar.gz
tar xvfz jailkit-2.13.tar.gz
cd jailkit-2.13
./configure
make
make install
cd ..
rm -rf jailkit-2.13*

reply | view as pdf view as pdf
Squirrelmail - Cannot login
Submitted by Anonymous (not registered) on Sun, 2010-10-24 22:18.

Hi there.

I followed this tutorial all the way through however even after setting up a client, site, email domain and mailbox in ISPconfig - I cannot login to Squirrelmail - Just keeps on saying:

Unknown user or password incorrect.

Very frustrating!

reply | view as pdf view as pdf
bind failed to start
Submitted by Anonymous (not registered) on Mon, 2010-08-09 21:02.

hi, nice tutorial...but one problem

i cannot make bind9 to start

  /etc/init.d/named start
Starting named:                                            [FAILED]

do you know what problem can be?

 

thanks in advance

reply | view as pdf view as pdf
Re: bind failed to start
Submitted by Anonymous (not registered) on Thu, 2011-03-17 12:11.
After i type this command
/etc/init.d/named start
 
i got this error
 
Starting named:
Error in named configuration:
/etc/named.conf:2: unknown option 'ptions'
                                                           [FAILED]
 
 Can somebody help me?

reply | view as pdf view as pdf
Re: bind failed to start
Submitted by Anonymous (not registered) on Mon, 2010-08-16 18:12.

Once the linked file is created:  /etc/named.conf  (has a green link arrow on it)  adjust the permissions for the group "named" to read & write then restart the named service.

I ran this below in addition to the step 17 commands and finally saw the named.conf link file... Once the permissions were adjusted the service starts fine.

ln -s /chroot/named/etc/named.conf /etc/named.conf

hope that helps

reply | view as pdf view as pdf
Re: bind failed to start
Submitted by Anonymous (not registered) on Mon, 2010-08-16 17:49.

named failed to start for me too...

Aug 16 17:40:27 host named[5745]: starting BIND 9.3.6-P1-RedHat-9.3.6-4.P1.el5_4.2 -u named -t /var/named/chroot
Aug 16 17:40:27 host named[5745]: adjusted limit on open files from 1024 to 1048576
Aug 16 17:40:27 host named[5745]: found 2 CPUs, using 2 worker threads
Aug 16 17:40:27 host named[5745]: using up to 4096 sockets
Aug 16 17:40:27 host named[5745]: loading configuration from '/etc/named.conf'
Aug 16 17:40:27 host named[5745]: none:0: open: /etc/named.conf: permission denied
Aug 16 17:40:27 host named[5745]: loading configuration: permission denied
Aug 16 17:40:27 host named[5745]: exiting (due to fatal error)

 

looks like permissions.., not sure what to change though with the chrooted link  (STEP 17:   ln -s ../../ chroot).

Obviously named.conf does not exist at /etc/named.conf because its actually in /var/named/chroot/etc/ .  What/who needs permission on what folder(s)/file(s)?

PS - I followed the tutorial exactly BUT I am using the gnome destop as well.

reply | view as pdf view as pdf
Is this right?
Submitted by newbie (not registered) on Mon, 2010-06-28 06:46.

in line :

Then we add the suPHP module to our Apache configuration...

vi /etc/httpd/conf.d/suphp.conf

Is this right? I think maybe it should be:

vi /etc/httpd/conf/httpd.conf

Sorry if I'm mistaken

reply | view as pdf view as pdf
Re: Is this right?
Submitted by Aradan (registered user) on Wed, 2010-07-07 00:02.

The Apache config file ('/etc/httpd/conf/httpd.conf') file actually loads any '.conf' file found in '/etc/httpd/conf.d/' so, though the HOWTO is actually correct, it may have been better worded to;

Then we add the suPHP module to our Apache configuration by creating a new file 'suphp.conf' in '/etc/https/conf.d/'...

vi /etc/httpd/conf.d/suphp.conf

reply | view as pdf view as pdf
Error on suPHP:
Submitted by rem1010 (registered user) on Thu, 2010-06-03 00:49.

The error I encountered was due to the directory tmp.

I am on a remote hosted server and the tmp directory is mounted with noexec

So, I changed to /usr/local/src and all is well.

reply | view as pdf view as pdf
suPHP a broken script
Submitted by rem1010 (registered user) on Thu, 2010-06-03 00:40.

./configure --prefix=/usr --sysconfdir=/etc --with-apr=/usr/bin/apr-1-config --with-apxs=/usr/sbin/apxs --with-apache-user=apache --with-setid-mode=owner --with-php=/usr/bin/php-cgi --with-logfile=/var/log/httpd/suphp_log --enable-SUPHP_USE_USERGROUP=yes

 produces this error:

bash: ./configure: /bin/sh: bad interpreter: Permission denied

 
reply | view as pdf view as pdf
Re: suPHP a broken script
Submitted by Mark Pugh (not registered) on Fri, 2010-09-17 16:54.

I had this problem. It's actually because on my RHEL base install the /tmp mount has noexec as an option in /etc/fstab:

 LABEL=/tmp              /tmp                    ext3    defaults,nosuid,nodev,noexec        1 2

If you copy your suphp dir to your home directory and then try it, it's fine:

 mv suphp-0.7.1 ~
cd ~/suphp-0.7.1
./configure..etc

 

reply | view as pdf view as pdf
Re: suPHP a broken script
Submitted by Anonymous (not registered) on Tue, 2010-08-03 15:23.

you need apr-devel for the script to work (not mentioned here)

yum install apr-devel

then install suphp as above

 

reply | view as pdf view as pdf
Re: Re: suPHP a broken script
Submitted by Ligi (not registered) on Mon, 2011-09-05 13:59.
you probably also need to "yum -y install gcc-c++".Had to install this on my centos 5 server to be able to get around this.
reply | view as pdf view as pdf
Re: Re: suPHP a broken script
Submitted by riverman (registered user) on Tue, 2010-09-21 02:20.

I also needed httpd-devel to compile suphp.

Before compiling suphp just run:

yum install apr-devel httpd-devel

reply | view as pdf view as pdf
Re: Re: Re: suPHP a broken script
Submitted by Xenocide (registered user) on Tue, 2011-01-11 12:22.

Thankyou for this. I missed this one and got a bit stumped.

reply | view as pdf view as pdf