The Perfect Server - OpenSUSE 11 - Page 5

11 Apache/PHP5

Now we install Apache with PHP5:

yast2 -i apache2 apache2-devel apache2-mod_perl apache2-mod_php5 apache2-prefork perl-HTML-Parser perl-HTML-Tagset perl-Tie-IxHash perl-URI perl-libwww-perl php5 php5-devel zlib zlib-devel

Then we install some PHP5 modules:

yast2 -i php5-bcmath php5-bz2 php5-calendar php5-ctype php5-curl php5-dbase php5-dom php5-ftp php5-gd php5-gettext php5-gmp php5-iconv php5-imap php5-ldap php5-mbstring php5-mcrypt php5-mysql php5-ncurses php5-odbc php5-openssl php5-pcntl php5-pgsql php5-posix php5-shmop php5-snmp php5-soap php5-sockets php5-sqlite php5-sysvsem php5-tokenizer php5-wddx php5-xmlrpc php5-xsl php5-zlib php5-exif php5-fastcgi php5-pear php5-sysvmsg php5-sysvshm ImageMagick curl

Next we edit /etc/apache2/httpd.conf:

vi /etc/apache2/httpd.conf

and change DirectoryIndex to

[...]
DirectoryIndex index.html index.htm index.shtml index.cgi index.php index.php5 index.php4 index.php3 index.pl index.html.var index.aspx default.aspx
[...]

Edit /etc/sysconfig/apache2 and add rewrite to the APACHE_MODULES line:

vi /etc/sysconfig/apache2
[...]
APACHE_MODULES="actions alias auth_basic authn_file authz_host authz_groupfile authz_default authz_user authn_dbm autoindex cgi dir env expires include log_config mime negotiation setenvif ssl suexec userdir php5 rewrite"
[...]

Also add SSL to the APACHE_SERVER_FLAGS line:

[...]
APACHE_SERVER_FLAGS="SSL"
[...]

Now configure your system to start Apache at boot time:

chkconfig --add apache2

Then run

SuSEconfig
/etc/init.d/apache2 start

 

11.1 Disable PHP And Perl Globally

(If you do not plan to install ISPConfig on this server, please skip this section!)

In ISPConfig you will configure PHP and Perl on a per-website basis, i.e. you can specify which website can run PHP and Perl scripts and which one cannot. This can only work if PHP and Perl are disabled globally because otherwise all websites would be able to run PHP/Perl scripts, no matter what you specify in ISPConfig.

To disable PHP and Perl globally, we edit /etc/mime.types and comment out the application/x-perl and application/x-php lines:

vi /etc/mime.types
[...]
#application/x-perl pl pm al perl
#application/x-php php php3 php4
[...]

Then edit /etc/apache2/conf.d/php5.conf and comment out all AddHandler lines:

vi /etc/apache2/conf.d/php5.conf
<IfModule mod_php5.c>
        #AddHandler application/x-httpd-php .php4
        #AddHandler application/x-httpd-php .php5
        #AddHandler application/x-httpd-php .php
        #AddHandler application/x-httpd-php-source .php4s
        #AddHandler application/x-httpd-php-source .php5s
        #AddHandler application/x-httpd-php-source .phps
        DirectoryIndex index.php4
        DirectoryIndex index.php5
        DirectoryIndex index.php
</IfModule>

Afterwards we restart Apache:

/etc/init.d/apache2 restart

 

11.2 mod_ruby

OpenSUSE 11 doesn't have a mod_ruby package, therefore we must compile it manually. First we install the prerequisites:

yast -i apache2-devel ruby ruby-devel

Afterwards we build mod_ruby as follows:

cd /tmp
wget http://www.modruby.net/archive/mod_ruby-1.2.6.tar.gz
tar zxvf mod_ruby-1.2.6.tar.gz
cd mod_ruby-1.2.6/
./configure.rb --with-apr-includes=/usr/include/apr-1
make
make install

To enable mod_ruby, we open /etc/sysconfig/apache2 and add ruby to the APACHE_MODULES line, e.g. like this:

vi /etc/sysconfig/apache2
[...]
APACHE_MODULES="actions alias auth_basic authn_file authz_host authz_groupfile authz_default authz_user authn_dbm autoindex cgi dir env expires include log_config mime negotiation setenvif ssl suexec userdir php5 rewrite ruby"
[...]

Afterwards we run

SuSEconfig

and restart Apache:

/etc/init.d/apache2 restart

 

12 Proftpd

I want to use Proftpd instead of vsftpd which is SUSE's default FTP server because the control panel software I am going to install on this server (ISPConfig) requires Proftpd on OpenSUSE 11 (on other distributions this is different). Since there are no OpenSUSE packages for Proftpd I have to compile it manually:

yast2 -i libcap libcap-devel
cd /tmp/
wget --passive-ftp ftp://ftp.proftpd.org/distrib/source/proftpd-1.3.2rc1.tar.gz
tar xvfz proftpd-1.3.2rc1.tar.gz
cd proftpd-1.3.2rc1/
./configure --sysconfdir=/etc
make
make install
cd ..
rm -fr proftpd-1.3.2rc1*

Now create the file /etc/init.d/proftpd:

vi /etc/init.d/proftpd
#! /bin/sh
# Copyright (c) 2000-2001 SuSE GmbH Nuernberg, Germany.
# All rights reserved.
#
# Original author: Marius Tomaschewski <[email protected]>
#
# Slightly modified in 2003 for use with SuSE Linux 8.1,
# by http://www.learnlinux.co.uk/
#
# Slightly modified in 2005 for use with SuSE Linux 9.2,
# by Falko Timme
#
# /etc/init.d/proftpd
#
### BEGIN INIT INFO
# Provides:                proftpd
# Required-Start:        $network $remote_fs $syslog $named
# Required-Stop:
# Default-Start:        3 5
# Default-Stop:        0 1 2 6
# Description:                Starts ProFTPD server
### END INIT INFO
# Determine the base and follow a runlevel link name.
base=${0##*/}
link=${base#*[SK][0-9][0-9]}
# Force execution if not called by a runlevel directory.
test $link = $base && START_PROFTPD=yes  # Modified by learnlinux.co.uk
test "$START_PROFTPD" = yes || exit 0    # Modified by learnlinux.co.uk
# Return values acc. to LSB for all commands but
# status (see below):
#
# 0 - success
# 1 - generic or unspecified error
# 2 - invalid or excess argument(s)
# 3 - unimplemented feature (e.g. "reload")
# 4 - insufficient privilege
# 5 - program is not installed
# 6 - program is not configured
# 7 - program is not running
proftpd_cfg="/etc/proftpd.conf"
proftpd_bin="/usr/local/sbin/proftpd"
proftpd_pid="/usr/local/var/proftpd.pid"
[ -r $proftpd_cfg ] || exit 6
[ -x $proftpd_bin ] || exit 5
# Source status functions
. /etc/rc.status
# First reset status of this service
rc_reset
case "$1" in
    start)
  echo -n "Starting ProFTPD Server: "
  test -f /etc/shutmsg && rm -f /etc/shutmsg
  /sbin/startproc $proftpd_bin
  rc_status -v
  ;;
    stop)
  echo -n "Shutting down ProFTPD Server: "
  test -x /usr/local/sbin/ftpshut && /usr/local/sbin/ftpshut now && sleep 1
  /sbin/killproc -TERM $proftpd_bin
  test -f /etc/shutmsg && rm -f /etc/shutmsg
  rc_status -v
  ;;
    restart)
  ## If first returns OK call the second, if first or
  ## second command fails, set echo return value.
  $0 stop
  $0 start
  rc_status
  ;;
    try-restart)
  ## Stop the service and if this succeeds (i.e. the
  ## service was running before), start it again.
  ## Note: not (yet) part of LSB (as of 0.7.5)
  $0 status >/dev/null &&  $0 restart
  rc_status
  ;;
    reload|force-reload)
  ## Exclusive possibility: Some services must be stopped
  ## and started to force a new load of the configuration.
  echo -n "Reload ProFTPD Server: "
  /sbin/killproc -HUP $proftpd_bin
  rc_status -v
  ;;
    status)
  # Status has a slightly different for the status command:
  # 0 - service running
  # 1 - service dead, but /var/run/  pid  file exists
  # 2 - service dead, but /var/lock/ lock file exists
  # 3 - service not running
  echo -n "Checking for ProFTPD Server: "
  checkproc $proftpd_bin
  rc_status -v
  ;;
    probe)
  ## Optional: Probe for the necessity of a reload,
  ## give out the argument which is required for a reload.
  [ $proftpd_cfg -nt $proftpd_pid ] && echo reload
  ;;
    *)
  echo "Usage: $0 {start|stop|status|restart|reload|try-restart|probe}"
  exit 1
  ;;
esac
# Set an exit status.
rc_exit

Then run

chmod 755 /etc/init.d/proftpd
chkconfig --add proftpd

Start Proftpd:

/etc/init.d/proftpd start

If you get the following error...

Starting ProFTPD Server:  - Fatal: UseIPv6: Use of the UseIPv6 directive requires IPv6 support (--enable-ipv6) on line 14 of '/etc/proftpd.conf'
startproc:  exit status of parent of /usr/local/sbin/proftpd: 1

... open  /etc/proftpd.conf and comment out or remove the UseIPv6 line:

vi /etc/proftpd.conf
[...]
# Don't use IPv6 support by default.
#UseIPv6                                off
[...]

For security reasons you can add the following lines to /etc/proftpd.conf:

vi /etc/proftpd.conf
[...]
DefaultRoot ~
IdentLookups off
ServerIdent on "FTP Server ready."
[...]

Be sure to comment out the following lines in order to allow ftp users to CHMOD:

[...]
# Bar use of SITE CHMOD by default
#<Limit SITE_CHMOD>
#  DenyAll
#</Limit>
[...]

and restart Proftpd:

/etc/init.d/proftpd restart
Share this page:

1 Comment(s)