The Perfect Server - CentOS 5.5 x86_64 [ISPConfig 3] - Page 5

15 Installing Apache2 With mod_php, mod_fcgi/PHP5, And suPHP

ISPConfig 3 allows you to use mod_php, mod_fcgi/PHP5, cgi/PHP5, and suPHP on a per website basis.

mod_fcgid is not available in the official CentOS repositories, but there's a package for CentOS 5.x in the centos.karan.org testing repository. We enable the repository as follows:

cd /etc/yum.repos.d/
wget http://centos.karan.org/kbsingh-CentOS-Extras.repo

Next we open /etc/yum.repos.d/kbsingh-CentOS-Extras.repo...

vi /etc/yum.repos.d/kbsingh-CentOS-Extras.repo

... and set gpgcheck to 0 and enabled to 1 in the [kbs-CentOS-Testing] section:

[...]
[kbs-CentOS-Testing]
name=CentOS.Karan.Org-EL$releasever - Testing
gpgcheck=0
gpgkey=http://centos.karan.org/RPM-GPG-KEY-karan.org.txt
enabled=1
baseurl=http://centos.karan.org/el$releasever/extras/testing/$basearch/RPMS/

Afterwards we can install Apache2with mod_php5, mod_fcgid, and PHP5:

yum install php php-devel php-gd php-imap php-ldap php-mysql php-odbc php-pear php-xml php-xmlrpc php-eaccelerator php-mbstring php-mcrypt php-mhash php-mssql php-snmp php-soap php-tidy curl curl-devel perl-libwww-perl ImageMagick libxml2 libxml2-devel mod_fcgid php-cli httpd-devel

Next we open /etc/php.ini...

vi /etc/php.ini

... and change the error reporting (so that notices aren't shown any longer) and add cgi.fix_pathinfo = 1 at the end of the file:

[...]
;error_reporting  =  E_ALL
error_reporting = E_ALL & ~E_NOTICE
[...]
cgi.fix_pathinfo = 1

Next we install suPHP:

cd /tmp
wget http://suphp.org/download/suphp-0.7.1.tar.gz
tar xvfz suphp-0.7.1.tar.gz
cd suphp-0.7.1/
./configure --prefix=/usr --sysconfdir=/etc --with-apr=/usr/bin/apr-1-config --with-apxs=/usr/sbin/apxs --with-apache-user=apache --with-setid-mode=owner --with-php=/usr/bin/php-cgi --with-logfile=/var/log/httpd/suphp_log --enable-SUPHP_USE_USERGROUP=yes
make
make install

Then we add the suPHP module to our Apache configuration...

vi /etc/httpd/conf.d/suphp.conf
LoadModule suphp_module modules/mod_suphp.so

... and create the file /etc/suphp.conf as follows:

vi /etc/suphp.conf
[global]
;Path to logfile
logfile=/var/log/httpd/suphp.log
;Loglevel
loglevel=info
;User Apache is running as
webserver_user=apache
;Path all scripts have to be in
docroot=/
;Path to chroot() to before executing script
;chroot=/mychroot
; Security options
allow_file_group_writeable=true
allow_file_others_writeable=false
allow_directory_group_writeable=true
allow_directory_others_writeable=false
;Check wheter script is within DOCUMENT_ROOT
check_vhost_docroot=true
;Send minor error messages to browser
errors_to_browser=false
;PATH environment variable
env_path=/bin:/usr/bin
;Umask to set, specify in octal notation
umask=0077
; Minimum UID
min_uid=100
; Minimum GID
min_gid=100
[handlers]
;Handler for php-scripts
x-httpd-suphp="php:/usr/bin/php-cgi"
;Handler for CGI-scripts
x-suphp-cgi="execute:!self"

Finally we restart Apache:

/etc/init.d/httpd restart

 

16 Install PureFTPd

PureFTPd can be installed with the following command:

yum install pure-ftpd

Then create the system startup links and start PureFTPd:

chkconfig --levels 235 pure-ftpd on
/etc/init.d/pure-ftpd start

 

17 Install A Chrooted DNS Server (BIND9)

To install a chrooted BIND9, we do this:

yum install bind-chroot

Then do this:

chmod 755 /var/named/
chmod 775 /var/named/chroot/
chmod 775 /var/named/chroot/var/
chmod 775 /var/named/chroot/var/named/
chmod 775 /var/named/chroot/var/run/
chmod 777 /var/named/chroot/var/run/named/
cd /var/named/chroot/var/named/
ln -s ../../ chroot
touch /var/named/chroot/var/named/named.local
cp /usr/share/doc/bind-9.3.6/sample/var/named/named.root /var/named/chroot/var/named/named.root
touch /var/named/chroot/etc/named.conf.local
vi /var/named/chroot/etc/named.conf

//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
        listen-on port 53 { any; };
        listen-on-v6 port 53 { any; };
        directory       "/var/named/chroot/var/named";
        dump-file       "/var/named/chroot/var/named/data/cache_dump.db";
        statistics-file "/var/named/chroot/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/chroot/var/named/data/named_mem_stats.txt";
        allow-query     { any; };
        recursion no;
        allow-recursion { none; };
};
logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};
zone "." IN {
        type hint;
        file "named.root";
};
include "/var/named/chroot/var/named/named.local";

chkconfig --levels 235 named on
/etc/init.d/named start

BIND will run in a chroot jail under /var/named/chroot/var/named/. I will use ISPConfig to configure BIND (zones, etc.).

 

18 Install Vlogger And Webalizer

Vlogger and webalizer can be installed as follows:

yum install webalizer perl-DateTime-Format-HTTP perl-DateTime-Format-Builder

cd /tmp
wget http://n0rp.chemlab.org/vlogger/vlogger-1.3.tar.gz
tar xvfz vlogger-1.3.tar.gz
mv vlogger-1.3/vlogger /usr/sbin/
rm -rf vlogger*

 

19 Install Jailkit

Jailkit is needed only if you want to chroot SSH users. It can be installed as follows (important: Jailkit must be installed before ISPConfig - it cannot be installed afterwards!):

cd /tmp
wget http://olivier.sessink.nl/jailkit/jailkit-2.11.tar.gz
tar xvfz jailkit-2.11.tar.gz
cd jailkit-2.11
./configure
make
make install
cd ..
rm -rf jailkit-2.11*

 

20 Install fail2ban

This is optional but recommended, because the ISPConfig monitor tries to show the log:

yum install fail2ban

chkconfig --levels 235 fail2ban on
/etc/init.d/fail2ban start

 

21 Install rkhunter

rkhunter can be installed as follows:

yum install rkhunter
Share this page:

Suggested articles

28 Comment(s)

Add comment

Comments

By:

./configure --prefix=/usr --sysconfdir=/etc --with-apr=/usr/bin/apr-1-config --with-apxs=/usr/sbin/apxs --with-apache-user=apache --with-setid-mode=owner --with-php=/usr/bin/php-cgi --with-logfile=/var/log/httpd/suphp_log --enable-SUPHP_USE_USERGROUP=yes

 produces this error:

bash: ./configure: /bin/sh: bad interpreter: Permission denied

 

By: Anonymous

you need apr-devel for the script to work (not mentioned here)

yum install apr-devel

then install suphp as above

 

By:

I also needed httpd-devel to compile suphp.

Before compiling suphp just run:

yum install apr-devel httpd-devel

By:

Thankyou for this. I missed this one and got a bit stumped.

By: Ligi

you probably also need to "yum -y install gcc-c++".Had to install this on my centos 5 server to be able to get around this.

By: Mark Pugh

I had this problem. It's actually because on my RHEL base install the /tmp mount has noexec as an option in /etc/fstab:

 LABEL=/tmp              /tmp                    ext3    defaults,nosuid,nodev,noexec        1 2

If you copy your suphp dir to your home directory and then try it, it's fine:

 mv suphp-0.7.1 ~
cd ~/suphp-0.7.1
./configure..etc

 

By:

The error I encountered was due to the directory tmp.

I am on a remote hosted server and the tmp directory is mounted with noexec

So, I changed to /usr/local/src and all is well.

By: newbie

in line :

Then we add the suPHP module to our Apache configuration...

vi /etc/httpd/conf.d/suphp.conf

Is this right? I think maybe it should be:

vi /etc/httpd/conf/httpd.conf

Sorry if I'm mistaken

By:

The Apache config file ('/etc/httpd/conf/httpd.conf') file actually loads any '.conf' file found in '/etc/httpd/conf.d/' so, though the HOWTO is actually correct, it may have been better worded to;

Then we add the suPHP module to our Apache configuration by creating a new file 'suphp.conf' in '/etc/https/conf.d/'...

vi /etc/httpd/conf.d/suphp.conf

By: Anonymous

hi, nice tutorial...but one problem

i cannot make bind9 to start

  /etc/init.d/named start
Starting named:                                            [FAILED]

do you know what problem can be?

 

thanks in advance

By: Anonymous

named failed to start for me too...

Aug 16 17:40:27 host named[5745]: starting BIND 9.3.6-P1-RedHat-9.3.6-4.P1.el5_4.2 -u named -t /var/named/chroot
Aug 16 17:40:27 host named[5745]: adjusted limit on open files from 1024 to 1048576
Aug 16 17:40:27 host named[5745]: found 2 CPUs, using 2 worker threads
Aug 16 17:40:27 host named[5745]: using up to 4096 sockets
Aug 16 17:40:27 host named[5745]: loading configuration from '/etc/named.conf'
Aug 16 17:40:27 host named[5745]: none:0: open: /etc/named.conf: permission denied
Aug 16 17:40:27 host named[5745]: loading configuration: permission denied
Aug 16 17:40:27 host named[5745]: exiting (due to fatal error)

 

looks like permissions.., not sure what to change though with the chrooted link  (STEP 17:   ln -s ../../ chroot).

Obviously named.conf does not exist at /etc/named.conf because its actually in /var/named/chroot/etc/ .  What/who needs permission on what folder(s)/file(s)?

PS - I followed the tutorial exactly BUT I am using the gnome destop as well.

By: Anonymous

Once the linked file is created:  /etc/named.conf  (has a green link arrow on it)  adjust the permissions for the group "named" to read & write then restart the named service.

I ran this below in addition to the step 17 commands and finally saw the named.conf link file... Once the permissions were adjusted the service starts fine.

ln -s /chroot/named/etc/named.conf /etc/named.conf

hope that helps

By: Anonymous

After i type this command
/etc/init.d/named start
 
i got this error
 
Starting named:
Error in named configuration:
/etc/named.conf:2: unknown option 'ptions'
                                                           [FAILED]
 
 Can somebody help me?

By:

For all those who had the this issue, I googled and found this solutions to be very helpful. Perhaps it only affects those who are using VPS, particularly a Virtuozzo Parallel Power Panel setup.

http://blog.newart-design.net/tag/centos-pure-ftpd-install/

By: Anonymous

Worked for me... Need to lookup the current version of pureftpd at ftp://ftp.pureftpd.org/pub/pure-ftpd/releases/

 Also, need to make sure you have mysql-devel package installed.

By: Anonymous

On my centos 64 yum was trying to install both 32 and 64 versions of mysql-devel. This helped:

 yum install mysql-devel.x86_64

By: Joseph Mouhanna

The proper version to use is 2.13, not 2.11 (tar does not work on 2.11) You should use the following instead:

 

cd /tmp
wget http://olivier.sessink.nl/jailkit/jailkit-2.13.tar.gz
tar xvfz jailkit-2.13.tar.gz
cd jailkit-2.13
./configure
make
make install
cd ..
rm -rf jailkit-2.13*

By:

I tried installing Pure-FTPd, followed the 3-line instructions but got this instead ...

yum install pure-ftpd
chkconfig --levels 235 pure-ftpd on
/etc/init.d/pure-ftpd start

Starting pure-ftpd:                                        [FAILED]

By: Anonymous

Hi there.

I followed this tutorial all the way through however even after setting up a client, site, email domain and mailbox in ISPconfig - I cannot login to Squirrelmail - Just keeps on saying:

Unknown user or password incorrect.

Very frustrating!

By: rwheindl

I spent a few days trying to get DNS to resolve using "dig @localhost mydomain.com" and found an error in the last line of /var/named/chroot/etc/named.conf.

ISPConfig 3 defaults to: /var/named/chroot/var/named/named.local
This setting is found under: SYSTEM -> Server Config -> DNS

However, the instructions for named.conf file sets it to:
include "/var/named/chroot/etc/named.conf.local";

Had to change it to reflect the setting in ISPConfig to get bind to resolve names properly:
include "/var/named/chroot/var/named/named.local";

 Then run "/etc/init.d/named restart" with the corrected setting.

By: steve

after the successfull installation of ISPConfig 3 the monitoring interface told me that fail2ban is not installed. After checking I found that it is installed and running. Finally i added a symink for fail2ban. This worked fine.

So if anyone has issues showing fail2ban in the monitoring gui just add a symlink like this:

ln -s /usr/share/fail2ban/ /usr/bin/fail2ban

Thanks to the ISPConfig Team your software really ROCK!!!!!!

By: Uncher

If you install pure-ftpd in VPS server (OpenVZ or Virtuozzo based):
chkconfig --levels 235 pure-ftpd on
yum -y install mysql-devel.x86_64 pam-devel.x86_64
wget http://download.pureftpd.org/pub/pure-ftpd/releases/pure-ftpd-1.0.29.tar.gz
tar xzfv pure-ftpd-1.0.29.tar.gz
cd pure-ftpd-1.0.29
./configure --without-capabilities --with-virtualchroot --with-mysql --with-pam --with-altlog --with-wrapper --with-mysql --with-cookie --with-throttling --with-ratios --with-paranoidmsg --with-quotas
make && make install /etc/init.d/pure-ftpd start

By:

vps users having problems with pure-ftpd

could also try:

 

i386

wget http://download.fedora.redhat.com/pub/epel/5/i386/pure-ftpd-1.0.29-1.el5.1.i386.rpm

rpm -ivh  pure-ftpd-1.0.29-1.el5.1.i386.rpm

 

x86_64

wget http://download.fedora.redhat.com/pub/epel/5/x86_64/pure-ftpd-1.0.29-1.el5.1.x86_64.rpm

rpm -ivh  pure-ftpd-1.0.29-1.el5.1.x86_64.rpm

By: Anonymous

Thank you! I was following "The Perfect Server - CentOS 5.6 x86_64 [ISPConfig 3]" guide and ran into problems in the pure-ftpd section. This fixed my issue. I have VPS hosting from VolumeDrive.

By: stikk

Since PHP 5.3.0 php-mhash was removed

 so if you are using remi-repo or eq.  remove the php-mhash from the yum install line

By: Vladimir

Next we install suPHP:

cd /tmp
wget http://suphp.org/download/suphp-0.7.1.tar.gz


can't download suPHP, saying conecting to suphp.org:78.46.242.34:80... connected

HTTP request sent, awaithing for response. 

and here hangs... After 3-5 min i get:

Read error (Connection reset by peer) in headers.

Retrying.

By: Anonymous

I have followed all the tutorial successfully but 

I have following error, please advice me to resolve following error

[[email protected] ~]# /etc/init.d/named restart

Stopping named:                                                                                             [ OK ]
Starting named:
Error in named configuration:
/etc/named.conf:5: unknown option 'DNS'
                                                                                                                     [FAILED]

ISPconfig showing DNS service Offline


By: jimmy

don't just copy and paste those informations, take a look on this when you copy and paste 

//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8)
 DNS -->> this will be the error
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
        listen-on port 53 { any; };
        listen-on-v6 port 53 { any; };
        directory       "/var/named/chroot/var/named";
        dump-file       "/var/named/chroot/var/named/data/cache_dump.db";
        statistics-file "/var/named/chroot/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/chroot/var/named/data/named_mem_stats.txt";
        allow-query     { any; };
        recursion yes;
};
logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};
zone "." IN {
        type hint;
        file "named.root";
};
include "/var/named/chroot/var/named/named.local";