The Perfect Server - OpenSUSE 11 - Page 5
11 Apache/PHP5
Now we install Apache with PHP5:
yast2 -i apache2 apache2-devel apache2-mod_perl apache2-mod_php5 apache2-prefork perl-HTML-Parser perl-HTML-Tagset perl-Tie-IxHash perl-URI perl-libwww-perl php5 php5-devel zlib zlib-devel
Then we install some PHP5 modules:
yast2 -i php5-bcmath php5-bz2 php5-calendar php5-ctype php5-curl php5-dbase php5-dom php5-ftp php5-gd php5-gettext php5-gmp php5-iconv php5-imap php5-ldap php5-mbstring php5-mcrypt php5-mysql php5-ncurses php5-odbc php5-openssl php5-pcntl php5-pgsql php5-posix php5-shmop php5-snmp php5-soap php5-sockets php5-sqlite php5-sysvsem php5-tokenizer php5-wddx php5-xmlrpc php5-xsl php5-zlib php5-exif php5-fastcgi php5-pear php5-sysvmsg php5-sysvshm ImageMagick curl
Next we edit /etc/apache2/httpd.conf:
vi /etc/apache2/httpd.conf
and change DirectoryIndex to
[...] DirectoryIndex index.html index.htm index.shtml index.cgi index.php index.php5 index.php4 index.php3 index.pl index.html.var index.aspx default.aspx [...] |
Edit /etc/sysconfig/apache2 and add rewrite to the APACHE_MODULES line:
vi /etc/sysconfig/apache2
[...] APACHE_MODULES="actions alias auth_basic authn_file authz_host authz_groupfile authz_default authz_user authn_dbm autoindex cgi dir env expires include log_config mime negotiation setenvif ssl suexec userdir php5 rewrite" [...] |
Also add SSL to the APACHE_SERVER_FLAGS line:
[...] APACHE_SERVER_FLAGS="SSL" [...] |
Now configure your system to start Apache at boot time:
chkconfig --add apache2
Then run
SuSEconfig
/etc/init.d/apache2 start
11.1 Disable PHP And Perl Globally
(If you do not plan to install ISPConfig on this server, please skip this section!)
In ISPConfig you will configure PHP and Perl on a per-website basis, i.e. you can specify which website can run PHP and Perl scripts and which one cannot. This can only work if PHP and Perl are disabled globally because otherwise all websites would be able to run PHP/Perl scripts, no matter what you specify in ISPConfig.
To disable PHP and Perl globally, we edit /etc/mime.types and comment out the application/x-perl and application/x-php lines:
vi /etc/mime.types
[...] #application/x-perl pl pm al perl #application/x-php php php3 php4 [...] |
Then edit /etc/apache2/conf.d/php5.conf and comment out all AddHandler lines:
vi /etc/apache2/conf.d/php5.conf
<IfModule mod_php5.c> #AddHandler application/x-httpd-php .php4 #AddHandler application/x-httpd-php .php5 #AddHandler application/x-httpd-php .php #AddHandler application/x-httpd-php-source .php4s #AddHandler application/x-httpd-php-source .php5s #AddHandler application/x-httpd-php-source .phps DirectoryIndex index.php4 DirectoryIndex index.php5 DirectoryIndex index.php </IfModule> |
Afterwards we restart Apache:
/etc/init.d/apache2 restart
11.2 mod_ruby
OpenSUSE 11 doesn't have a mod_ruby package, therefore we must compile it manually. First we install the prerequisites:
yast -i apache2-devel ruby ruby-devel
Afterwards we build mod_ruby as follows:
cd /tmp
wget http://www.modruby.net/archive/mod_ruby-1.2.6.tar.gz
tar zxvf mod_ruby-1.2.6.tar.gz
cd mod_ruby-1.2.6/
./configure.rb --with-apr-includes=/usr/include/apr-1
make
make install
To enable mod_ruby, we open /etc/sysconfig/apache2 and add ruby to the APACHE_MODULES line, e.g. like this:
vi /etc/sysconfig/apache2
[...] APACHE_MODULES="actions alias auth_basic authn_file authz_host authz_groupfile authz_default authz_user authn_dbm autoindex cgi dir env expires include log_config mime negotiation setenvif ssl suexec userdir php5 rewrite ruby" [...] |
Afterwards we run
SuSEconfig
and restart Apache:
/etc/init.d/apache2 restart
12 Proftpd
I want to use Proftpd instead of vsftpd which is SUSE's default FTP server because the control panel software I am going to install on this server (ISPConfig) requires Proftpd on OpenSUSE 11 (on other distributions this is different). Since there are no OpenSUSE packages for Proftpd I have to compile it manually:
yast2 -i libcap libcap-devel
cd /tmp/
wget --passive-ftp ftp://ftp.proftpd.org/distrib/source/proftpd-1.3.2rc1.tar.gz
tar xvfz proftpd-1.3.2rc1.tar.gz
cd proftpd-1.3.2rc1/
./configure --sysconfdir=/etc
make
make install
cd ..
rm -fr proftpd-1.3.2rc1*
Now create the file /etc/init.d/proftpd:
vi /etc/init.d/proftpd
#! /bin/sh # Copyright (c) 2000-2001 SuSE GmbH Nuernberg, Germany. # All rights reserved. # # Original author: Marius Tomaschewski <[email protected]> # # Slightly modified in 2003 for use with SuSE Linux 8.1, # by http://www.learnlinux.co.uk/ # # Slightly modified in 2005 for use with SuSE Linux 9.2, # by Falko Timme # # /etc/init.d/proftpd # ### BEGIN INIT INFO # Provides: proftpd # Required-Start: $network $remote_fs $syslog $named # Required-Stop: # Default-Start: 3 5 # Default-Stop: 0 1 2 6 # Description: Starts ProFTPD server ### END INIT INFO # Determine the base and follow a runlevel link name. base=${0##*/} link=${base#*[SK][0-9][0-9]} # Force execution if not called by a runlevel directory. test $link = $base && START_PROFTPD=yes # Modified by learnlinux.co.uk test "$START_PROFTPD" = yes || exit 0 # Modified by learnlinux.co.uk # Return values acc. to LSB for all commands but # status (see below): # # 0 - success # 1 - generic or unspecified error # 2 - invalid or excess argument(s) # 3 - unimplemented feature (e.g. "reload") # 4 - insufficient privilege # 5 - program is not installed # 6 - program is not configured # 7 - program is not running proftpd_cfg="/etc/proftpd.conf" proftpd_bin="/usr/local/sbin/proftpd" proftpd_pid="/usr/local/var/proftpd.pid" [ -r $proftpd_cfg ] || exit 6 [ -x $proftpd_bin ] || exit 5 # Source status functions . /etc/rc.status # First reset status of this service rc_reset case "$1" in start) echo -n "Starting ProFTPD Server: " test -f /etc/shutmsg && rm -f /etc/shutmsg /sbin/startproc $proftpd_bin rc_status -v ;; stop) echo -n "Shutting down ProFTPD Server: " test -x /usr/local/sbin/ftpshut && /usr/local/sbin/ftpshut now && sleep 1 /sbin/killproc -TERM $proftpd_bin test -f /etc/shutmsg && rm -f /etc/shutmsg rc_status -v ;; restart) ## If first returns OK call the second, if first or ## second command fails, set echo return value. $0 stop $0 start rc_status ;; try-restart) ## Stop the service and if this succeeds (i.e. the ## service was running before), start it again. ## Note: not (yet) part of LSB (as of 0.7.5) $0 status >/dev/null && $0 restart rc_status ;; reload|force-reload) ## Exclusive possibility: Some services must be stopped ## and started to force a new load of the configuration. echo -n "Reload ProFTPD Server: " /sbin/killproc -HUP $proftpd_bin rc_status -v ;; status) # Status has a slightly different for the status command: # 0 - service running # 1 - service dead, but /var/run/ pid file exists # 2 - service dead, but /var/lock/ lock file exists # 3 - service not running echo -n "Checking for ProFTPD Server: " checkproc $proftpd_bin rc_status -v ;; probe) ## Optional: Probe for the necessity of a reload, ## give out the argument which is required for a reload. [ $proftpd_cfg -nt $proftpd_pid ] && echo reload ;; *) echo "Usage: $0 {start|stop|status|restart|reload|try-restart|probe}" exit 1 ;; esac # Set an exit status. rc_exit |
Then run
chmod 755 /etc/init.d/proftpd
chkconfig --add proftpd
Start Proftpd:
/etc/init.d/proftpd start
If you get the following error...
Starting ProFTPD Server: - Fatal: UseIPv6: Use of the UseIPv6 directive requires IPv6 support (--enable-ipv6) on line 14 of '/etc/proftpd.conf'
startproc: exit status of parent of /usr/local/sbin/proftpd: 1
... open /etc/proftpd.conf and comment out or remove the UseIPv6 line:
vi /etc/proftpd.conf
[...] # Don't use IPv6 support by default. #UseIPv6 off [...] |
For security reasons you can add the following lines to /etc/proftpd.conf:
vi /etc/proftpd.conf
[...] DefaultRoot ~ IdentLookups off ServerIdent on "FTP Server ready." [...] |
Be sure to comment out the following lines in order to allow ftp users to CHMOD:
[...] # Bar use of SITE CHMOD by default #<Limit SITE_CHMOD> # DenyAll #</Limit> [...] |
and restart Proftpd:
/etc/init.d/proftpd restart