Installing Zivios Server On Debian Etch - Page 2
Configuring the Web Service
Let's first configure the web service and the required virtual host before we kick-start the web based installer.
PHP Configuration
Edit the file: /etc/php5/apache2/php.ini, making the following changes to the variables below:
display_errors = Off
log_errors = On
max_execution_time = 300 # 5 mins
memory_limit = 128M
Save the file and quit the editor.
Apache Configuration
a2enmod rewrite
Edit the file /etc/apache2/ports.conf.
Make the following changes:
Listen 192.168.0.31:80 NameVirtualHost 192.168.0.31:80 <IfModule mod_ssl.c> Listen 192.168.0.31:443 NameVirtualHost 192.168.0.31:443 </IfModule>
Save the file and quit the editor.
We will now configure the default virtual host. Edit the file: /etc/apache2/sites-available/default
Remove all contents of this file and edit and paste the vhost section below. Be sure to edit the marked areas with your IP and HOSTNAME.
# UPDATE IP <VirtualHost 192.168.0.31:80> # UPDATE EMAIL ADDRESS ServerAdmin [email protected] # UPDATE HOSTNAME! ServerName master.zivios.net DocumentRoot /var/www/vhosts/zpanel/web <Directory /> Options FollowSymLinks AllowOverride None </Directory> <Directory /var/www/vhosts/zpanel/web> RewriteEngine on RewriteRule .* index.php php_flag magic_quotes_gpc off php_flag register_globals off Options Indexes FollowSymLinks MultiViews AllowOverride None Order allow,deny allow from all </Directory> <Directory /var/www/vhosts/zpanel/web/public> RewriteEngine off Options Indexes FollowSymLinks MultiViews AllowOverride None Order allow,deny allow from all </Directory> ErrorLog /var/www/vhosts/zpanel/application/log/error.log LogLevel warn CustomLog /var/www/vhosts/zpanel/application/log/access.log combined ServerSignature On </VirtualHost>
Save the file and quit the editor.
Zivios Web Panel Setup
rm -rf /var/www/apache2-default
mkdir /var/www/vhosts/
mkdir /var/www/vhosts/zpanel
cd /usr/local/src/
cp -R zivios-0.5.0/zivios/* /var/www/vhosts/zpanel
chown -R www-data:www-data /var/www/vhosts/zpanel
find /var/www/vhosts/zpanel -type d -exec chmod 750 {} \;
find /var/www/vhosts/zpanel -type f -exec chmod 640 {} \;
Before we restart apache, we add the user to the ssl-cert group and provision for SUDO access.
adduser www-data ssl-cert
www-data Sudo Access for installation
For the web server to be able to install or compile software, access is required via SUDO. For this purpose, we will TEMPORARILY be giving full root access to the web server by adding it to the 'sudo' group and configuring SUDO to allow full access without a password to the www-data user.
Again, this is a temporary step and will be reverted at the end of the installation.
Edit the file: /etc/sudoers
Add the following line:
%sudo ALL=NOPASSWD: ALL
Save the file and quit the editor.
adduser www-data sudo
chmod 700 /root
su www-data
sudo ls -la /root
exit
If the above command does not provide a directory listing for /root(if the folder is empty only a . and .. will be displayed -- anything but "permission denied" is okay), then your sudo configuration did not work. Please retrace your steps and ensure sudo is configured properly and working for the sudo group as required.
Note: When people tell you "it's stupid to run a web server as root", they are absolutely right. You should NEVER be running a web service with root user privileges. We introduced this temporary step only to ease the installation process. You must ensure that SUDO provisioning for the www-data group is removed completely and the sudoers file has no trace of the modifications we made.
You will be reminded of these steps at the end of the installation process.
Restart apache via:
/etc/init.d/apache2 restart
Ensure that the web service is listening to only port 80 of the given IP address:
apache2ctl -t -D DUMP_VHOSTS
Create Temporary Extract Folder
We will only run commands via SUDO where it is unavoidable. For all other purposes, we will extract, compile and configure software as the web user. To do this:
mkdir /usr/local/src/zvcompile
chown www-data:www-data /usr/local/src/zvcompile
Enable logging for OpenLDAP
In case of any errors when populating OpenLDAP, enable logging by editing /etc/syslog.conf and adding:
local4.* -/var/log/slapd.log
Then restart sysklogd:
/etc/init.d/sysklogd restart
You should now see slapd messages in /var/log/slapd.log.
Web Based Installation
At this point we're ready for the web based installer to take over for the most part. The web installer compiles Openldap, a few ldap modules, heimdal and bind automatically. As such it may take it a while to complete. In the future we would have packages for these but currently compilation is the approach we have taken.
if you get stuck at any point, let us know on the mailing list: [email protected]
Point your browser to: http://virtual_host and continue the installation on-line (for this installation example, our virtual host is: http://master.zivios.net).
Post Installation Checklist
After the web based installation, you will want to take care of the following steps:
Remove SUDO access for Web User
To revert changes, simply edit /etc/sudoers again, comment out the line:
#%sudo ALL=NOPASSWD: ALL
Save the file and quit the editor. Then run:
deluser www-data sudo
/etc/init.d/apache2 restart
Enable services to auto-start on boot, with slapd starting first:
update-rc.d zvslapd defaults 16 80
update-rc.d zvbind defaults
update-rc.d zvkerberos defaults
update-rc.d ziviosagent default