The Perfect Server - Fedora 10 [ISPConfig 3] - Page 5
14 Set MySQL Passwords And Configure phpMyAdmin
Start MySQL:
chkconfig --levels 235 mysqld on
/etc/init.d/mysqld start
Then set passwords for the MySQL root account:
mysqladmin -u root password yourrootsqlpassword
mysqladmin -h server1.example.com -u root password yourrootsqlpassword
If the last command throws an error at you...
[root@server1 i386]# mysqladmin -h server1.example.com -u root password howtoforge
mysqladmin: connect to server at 'server1.example.com' failed
error: 'Access denied for user 'root'@'localhost' (using password: NO)'
[root@server1 i386]#
... we can set the password as follows: connect to MySQL:
mysql -u root -p
Type in the password for the MySQL root user. Then, on the MySQL shell, do this:
mysql> USE mysql;
mysql> UPDATE user SET Password = password('yourrootsqlpassword') WHERE Host = 'server1.example.com' AND User = 'root';
mysql> UPDATE user SET Password = password('yourrootsqlpassword') WHERE Host = '127.0.0.1' AND User = 'root';
Run
mysql> SELECT * FROM user;
to make sure that all rows where the user is root have a password.
If everything is looking ok, run
mysql> FLUSH PRIVILEGES;
... and leave the MySQL shell:
mysql> quit;
Now we configure phpMyAdmin. We change the Apache configuration so that phpMyAdmin allows connections not just from localhost (by commenting out the <Directory /usr/share/phpmyadmin> stanza):
vi /etc/httpd/conf.d/phpMyAdmin.conf
# phpMyAdmin - Web based MySQL browser written in php # # Allows only localhost by default # # But allowing phpMyAdmin to anyone other than localhost should be considered # dangerous unless properly secured by SSL Alias /phpMyAdmin /usr/share/phpMyAdmin Alias /phpmyadmin /usr/share/phpMyAdmin #<Directory /usr/share/phpMyAdmin/> # order deny,allow # deny from all # allow from 127.0.0.1 #</Directory> # This directory does not require access over HTTP - taken from the original # phpMyAdmin upstream tarball # <Directory /usr/share/phpMyAdmin/libraries> Order Deny,Allow Deny from All Allow from None </Directory> # This configuration prevents mod_security at phpMyAdmin directories from # filtering SQL etc. This may break your mod_security implementation. # #<IfModule mod_security.c> # <Directory /usr/share/phpMyAdmin> # SecRuleInheritance Off # </Directory> #</IfModule> |
Then we create the system startup links for Apache and start it:
chkconfig --levels 235 httpd on
/etc/init.d/httpd start
Now you can direct your browser to http://server1.example.com/phpmyadmin/ or http://192.168.0.100/phpmyadmin/ and log in with the user name root and your new root MySQL password.
15 Install Amavisd-new, SpamAssassin And ClamAV
To install amavisd-new, spamassassin and clamav, run the following command:
yum install amavisd-new spamassassin clamav clamav-data clamav-server clamav-update unzip bzip2 perl-DBD-mysql
When we installed ClamAV, a cron job got installed that tries to update the ClamAV virus database every three hours. But this works only if we enable it in /etc/sysconfig/freshclam and /etc/freshclam.conf:
vi /etc/sysconfig/freshclam
Comment out the FRESHCLAM_DELAY line at the end:
## When changing the periodicity of freshclam runs in the crontab, ## this value must be adjusted also. Its value is the timespan between ## two subsequent freshclam runs in minutes. E.g. for the default ## ## | 0 */3 * * * ... ## ## crontab line, the value is 180 (minutes). # FRESHCLAM_MOD= ## A predefined value for the delay in seconds. By default, the value is ## calculated by the 'hostid' program. This predefined value guarantees ## constant timespans of 3 hours between two subsequent freshclam runs. ## ## This option accepts two special values: ## 'disabled-warn' ... disables the automatic freshclam update and ## gives out a warning ## 'disabled' ... disables the automatic freshclam silently # FRESHCLAM_DELAY= ### !!!!! REMOVE ME !!!!!! ### REMOVE ME: By default, the freshclam update is disabled to avoid ### REMOVE ME: network access without prior activation #FRESHCLAM_DELAY=disabled-warn # REMOVE ME |
vi /etc/freshclam.conf
Comment out the Example line:
[...] # Comment or remove the line below. #Example [...] |
Then we start freshclam, amavisd, and clamd...
chkconfig --levels 235 amavisd on
chkconfig --levels 235 clamd.amavisd on
/usr/bin/freshclam
/etc/init.d/amavisd start
/etc/init.d/clamd.amavisd start
... and change the ownership of some directories:
chown amavis /var/run/amavisd /var/spool/amavisd /var/spool/amavisd/tmp /var/spool/amavisd/db
16 Installing Apache2 With mod_php, mod_fcgi/PHP5, And suPHP
ISPConfig 3 allows you to use mod_php, mod_fcgi/PHP5, cgi/PHP5, and suPHP on a per website basis.
We can install Apache2with mod_php5, mod_fcgid, and PHP5 as follows:
yum install php php-devel php-gd php-imap php-ldap php-mysql php-odbc php-pear php-xml php-xmlrpc php-eaccelerator php-mbstring php-mcrypt php-mhash php-mssql php-snmp php-soap php-tidy curl curl-devel perl-libwww-perl ImageMagick libxml2 libxml2-devel mod_fcgid php-cli httpd-devel
Next we open /etc/php.ini...
vi /etc/php.ini
... and change the error reporting (so that notices aren't shown any longer) and add cgi.fix_pathinfo = 1 at the end of the file:
[...] ;error_reporting = E_ALL error_reporting = E_ALL & ~E_NOTICE [...] cgi.fix_pathinfo = 1 |
Next we install suPHP:
cd /tmp
wget http://www.suphp.org/download/suphp-0.7.0.tar.gz
tar xvfz suphp-0.7.0.tar.gz
cd suphp-0.7.0/
./configure --prefix=/usr --sysconfdir=/etc --with-apr=/usr/bin/apr-1-config --with-apxs=/usr/sbin/apxs --with-apache-user=apache --with-setid-mode=owner --with-php=/usr/bin/php-cgi --with-logfile=/var/log/httpd/suphp_log --enable-SUPHP_USE_USERGROUP=yes
make
make install
Then we add the suPHP module to our Apache configuration...
vi /etc/httpd/conf.d/suphp.conf
LoadModule suphp_module modules/mod_suphp.so |
... and create the file /etc/suphp.conf as follows:
vi /etc/suphp.conf
[global] ;Path to logfile logfile=/var/log/httpd/suphp.log ;Loglevel loglevel=info ;User Apache is running as webserver_user=apache ;Path all scripts have to be in docroot=/ ;Path to chroot() to before executing script ;chroot=/mychroot ; Security options allow_file_group_writeable=true allow_file_others_writeable=false allow_directory_group_writeable=true allow_directory_others_writeable=false ;Check wheter script is within DOCUMENT_ROOT check_vhost_docroot=true ;Send minor error messages to browser errors_to_browser=false ;PATH environment variable env_path=/bin:/usr/bin ;Umask to set, specify in octal notation umask=0077 ; Minimum UID min_uid=100 ; Minimum GID min_gid=100 [handlers] ;Handler for php-scripts x-httpd-suphp="php:/usr/bin/php-cgi" ;Handler for CGI-scripts x-suphp-cgi="execute:!self" |
Finally we restart Apache:
/etc/init.d/httpd restart
17 Install PureFTPd
PureFTPd can be installed with the following command:
yum install pure-ftpd
Then create the system startup links and start PureFTPd:
chkconfig --levels 235 pure-ftpd on
/etc/init.d/pure-ftpd start
18 Install MyDNS
We can install MyDNS as follows:
wget http://mydns.bboy.net/download/mydns-mysql-1.1.0-1.i386.rpm
rpm -ivh mydns-mysql-1.1.0-1.i386.rpm
When the system boots, MyDNS must be started after MySQL. The MySQL startup link has the priority 64 on Fedora 10, so the MyDNS startup link must have a priority between 65 and 99. Therefore we open the MyDNS init script...
vi /etc/init.d/mydns
... and change
[...] # chkconfig: 345 52 50 [...] |
to
[...] # chkconfig: 345 65 50 [...] |
Then we create the startup links:
chkconfig --levels 235 mydns on
We don't start MyDNS now because it must be configured first - this will be done automatically by the ISPConfig 3 installer later on.
19 Install Vlogger And Webalizer
Vlogger and webalizer can be installed as follows:
yum install webalizer perl-DateTime-Format-HTTP perl-DateTime-Format-Builder
cd /tmp
wget http://n0rp.chemlab.org/vlogger/vlogger-1.3.tar.gz
tar xvfz vlogger-1.3.tar.gz
mv vlogger-1.3/vlogger /usr/sbin/
rm -rf vlogger*