The Perfect Server - Fedora 13 x86_64 [ISPConfig 3] - Page 5

15 Installing mod_php, mod_fcgi/PHP5, And suPHP

ISPConfig 3 allows you to use mod_php, mod_fcgi/PHP5, cgi/PHP5, and suPHP on a per website basis.

We can install Apache2 with mod_php5, mod_fcgid, and PHP5 as follows:

yum install php php-devel php-gd php-imap php-ldap php-mysql php-odbc php-pear php-xml php-xmlrpc php-mbstring php-mcrypt php-mhash php-mssql php-snmp php-soap php-tidy curl curl-devel perl-libwww-perl ImageMagick libxml2 libxml2-devel mod_fcgid php-cli httpd-devel

Next we open /etc/php.ini...

vi /etc/php.ini

... and change the error reporting (so that notices aren't shown any longer) and add cgi.fix_pathinfo = 1 at the end of the file:

[...]
;error_reporting = E_ALL & ~E_DEPRECATED
error_reporting = E_ALL & ~E_NOTICE
[...]
cgi.fix_pathinfo = 1

Next we install suPHP:

cd /tmp
wget http://www.suphp.org/download/suphp-0.7.1.tar.gz
tar xvfz suphp-0.7.1.tar.gz
cd suphp-0.7.1/
./configure --prefix=/usr --sysconfdir=/etc --with-apr=/usr/bin/apr-1-config --with-apxs=/usr/sbin/apxs --with-apache-user=apache --with-setid-mode=owner --with-php=/usr/bin/php-cgi --with-logfile=/var/log/httpd/suphp_log --enable-SUPHP_USE_USERGROUP=yes
make
make install

Then we add the suPHP module to our Apache configuration...

vi /etc/httpd/conf.d/suphp.conf

LoadModule suphp_module modules/mod_suphp.so

... and create the file /etc/suphp.conf as follows:

vi /etc/suphp.conf

[global]
;Path to logfile
logfile=/var/log/httpd/suphp.log

;Loglevel
loglevel=info

;User Apache is running as
webserver_user=apache

;Path all scripts have to be in
docroot=/

;Path to chroot() to before executing script
;chroot=/mychroot

; Security options
allow_file_group_writeable=true
allow_file_others_writeable=false
allow_directory_group_writeable=true
allow_directory_others_writeable=false

;Check wheter script is within DOCUMENT_ROOT
check_vhost_docroot=true

;Send minor error messages to browser
errors_to_browser=false

;PATH environment variable
env_path=/bin:/usr/bin

;Umask to set, specify in octal notation
umask=0077

; Minimum UID
min_uid=100

; Minimum GID
min_gid=100

[handlers]
;Handler for php-scripts
x-httpd-suphp="php:/usr/bin/php-cgi"

;Handler for CGI-scripts
x-suphp-cgi="execute:!self"

Finally we restart Apache:

/etc/init.d/httpd restart

 

16 Install PureFTPd

PureFTPd can be installed with the following command:

yum install pure-ftpd

Then create the system startup links and start PureFTPd:

chkconfig --levels 235 pure-ftpd on
/etc/init.d/pure-ftpd start

 

17 Install BIND

We can install BIND as follows:

yum install bind bind-utils

Then we create the startup links:

chkconfig --levels 235 named on

We don't start BIND now because it must be configured first - this will be done automatically by the ISPConfig 3 installer later on.

 

18 Install Vlogger And Webalizer

Vlogger and webalizer can be installed as follows:

yum install webalizer perl-DateTime-Format-HTTP perl-DateTime-Format-Builder

cd /tmp
wget http://n0rp.chemlab.org/vlogger/vlogger-1.3.tar.gz
tar xvfz vlogger-1.3.tar.gz
mv vlogger-1.3/vlogger /usr/sbin/
rm -rf vlogger*

 

19 Install Jailkit

Jailkit is needed only if you want to chroot SSH users. It can be installed as follows (important: Jailkit must be installed before ISPConfig - it cannot be installed afterwards!):

cd /tmp
wget http://olivier.sessink.nl/jailkit/jailkit-2.11.tar.gz
tar xvfz jailkit-2.11.tar.gz
cd jailkit-2.11
./configure
make
make install
cd ..
rm -rf jailkit-2.11*

 

20 Install fail2ban

This is optional but recommended, because the ISPConfig monitor tries to show the log:

yum install fail2ban

chkconfig --levels 235 fail2ban on
/etc/init.d/fail2ban start

 

21 Install rkhunter

rkhunter can be installed as follows:

yum install rkhunter

Share this page:

12 Comment(s)

Add comment

Comments

From: at: 2010-06-19 14:41:47

Has anyone actually managed to get a Squirrelmail login page for Fedora 13?

I've tried the Fedora 13/ISPConfig3 howto once as written, for an x86-64 PC, and twice using i686 architecture (not replacing lib with lib64).

 All three attempts had as a show-stopper, the non-appearance of Squirrelmail at <http://server1.example.com/webmail>, or at the equivalent address.

Fortunately the CentOS x86-64 equivalent eventually worked, so I'm not under pressure, but it still seems extremely curious that the same issue - lack of any kind of Squirrelmail login interface - hit three different machines running the Fedora 13 - ISPConfig howto.
Neither the configuration test nor the Squirrelmail login work. The config test at <http://server1.example.com/src/configtest.php> fails saying:

"Not Found

The requested URL /src/configtest.php was not found on this server."

- and the login page doesn't appear either. Instead,  at <http://server1.example.com/webmail> we find:

"Unable to connect

 Firefox can't establish a connection to the server at server1.example.com." [or the IP address, or localhost].


It is almost as though the aliases (like webmail for /usr/share/squirrelmail) aren't being established. But the files in /etc/httpd/conf.d are certainly being read, because if I enable server-info, it tells me so.

Besides the Squirrelmail issue, webalyzer doesn't run. Firefox tells me I'm forbidden to access http://server1.example.com/usage.

But, both the phpMyAdmin and the ISPConfig pages do appear. It's not ISPConfig which is causing the Squirrelmail problem because it's installed and tested before ISPConfig is even downloaded.

One other peculiarity: some system users (vmail, getmail, ispapps, and ispconfig)  appear in the Fedora login screen now. I think that's because they have user ID numbers greater than the limit in Fedora for system users (499).

User 500 is always present (it's the one you set during install). vmail has user ID 5000. The others seem to take the user ID from the last ID you created (typically then, 501, 502, and 503).

Can anyone duplicate this? Any ideas?

From: Nick at: 2010-07-08 12:48:17

Try to install mod_ssl!

From: Anonymous at: 2011-10-07 12:26:42

thx. installing mod_ssl helped me with fedora 15 + ispcfg 3 as well

From: at: 2010-07-14 15:51:58

If you select the DNS Name Server category of software to install then "bind-chroot" will be installed. In step 17 there are instructions to install "bind". If both are installed then BIND (named) will not start because named will not be able to find the file named.conf.locate. Even if you create a blank "named.conf.local" in /etc or use ISPConfig web admin to create the file named still will not start. See also, related comments on PG5.

From: Pierre at: 2010-07-19 16:42:10

I don't get the option where I get to choose what to install or not install. I saw on another page where a person was complaining about the fact that the live CD doesn't allow older machines to configure setup as one would want. Sort of idiotic if you think about it! After all Linux is the ideal web server and if you have an older machine laying around you want to setup to tinker on, you won't want any type of GUI. So my question is HOW DO I GET AROUND THIS?

 I have an old Pentium 4 (1.4 GHz) I don't want Gnome or any interface, just the good old command prompt. Unfortunately, I'm a novice and I can't figure out how to get around this.

 Thanks for your help.

From: at: 2010-07-07 00:40:21

After completing all steps in this series and logging in to ISPConfig3 as admin I found that in the 'Monitor' section there was 1 error marked in red.  Clicking on 'more' information revealed that 'MyDNS' was not running. Although MyDNS is not installed as part of this procedure. I assumed that was mis-labeled and that BIND was not starting.

I tried to start BIND (named) manually but it gave an error, stated that the file /etc/named.conf.local was missing which it was missing. But I used the ISPConfig3 to add a client then logged in as that client and created a DNS zone and the named.conf.local file was created.

But when trying to start 'named' I still get the error that /etc/named.conf.local is missing even though it is there. It had the group as 'root' instead of named like the other named.* files had so I chgrp on named.conf.local to named but BIND still won't start and gives the same error that /etc/named.conf.local is missing even though it is present.

If I comment out the include in named.conf for named.conf.local named starts without error even though in the ISPConfig MyDNS still shows 'offline'.

Another file included by named.conf is named.rfc1912.zones it is present and is not mentioned in the error message.

The only difference that I can see is that the permissions on named.rfc1912.zones is "-rw-r-----." were on named.conf.local the perms are "-rw-r--r--" NOTE the period is missing. I have no idea what the period in the permissions list is for but that is the only difference I can see between the two files.

So, how can I fix this and what is the period in the permissions list for?

From: at: 2010-07-19 06:25:27

BIND runs in a chroot environment at /var/named

So the path you are looking for is /var/named/etc/named.conf.local

From: at: 2010-07-14 17:39:43

To get suphp to work I had to add quotes:

x-httpd-suphp=php:/usr/bin/php-cgi
to:
x-httpd-suphp="php:/usr/bin/php-cgi"

refer to

http://www.howtoforge.com/forums/showthread.php?t=47203

From: Serge at: 2010-09-13 20:39:43

Hello,

I was wondering php-mhash is no longer in fedora 13 in fact its stopped since late fc11.

in your install notes you refer to yum php-mhash.... do you have an alternative or this can be skipped?

From: Serge at: 2010-09-12 18:38:13

Hello,

I was wondering php-mhash is no longer in fedora 13 in fact its stopped since late fc11.

in your install notes you refer to yum php-mhash.... do you have an alternative or this can be skipped?

From: Anonymous at: 2010-10-11 14:52:00

Why do you people keep using the comments forms when it specifically says not to? You are not going to get your questions answered here.

From: moodz at: 2010-09-17 08:09:17

If you really want it to work properly look in /tmp/ispconfig3_install/install/dist/conf ... you will see a number of conf files ... I copied the fedora9.conf to fedora13.conf and voila ! the DNS bit starts working !!

Oh and mydns will install OK from yum ....

# yum install mydns

 Otherwise it all works OK.