The Perfect Setup - SuSE 10.1 (32-bit) - Page 6

9 Apache/PHP5

Now we install Apache with PHP5:

yast2 -i apache2 apache2-devel apache2-mod_perl apache2-mod_php5 apache2-prefork perl-HTML-Parser perl-HTML-Tagset perl-Tie-IxHash perl-URI perl-libwww-perl php5 php5-devel zlib zlib-devel

Then we install some PHP5 modules:

yast2 -i php5-bcmath php5-bz2 php5-calendar php5-ctype php5-curl php5-dbase php5-debuginfo php5-dom php5-filepro php5-ftp php5-gd php5-gettext php5-gmp php5-iconv php5-imap php5-ldap php5-mbstring php5-mcrypt php5-mhash php5-mysql php5-mysqli php5-ncurses php5-odbc php5-openssl php5-pcntl php5-pgsql php5-posix php5-shmop php5-snmp php5-soap php5-sockets php5-sqlite php5-sysvsem php5-tokenizer php5-wddx php5-xmlrpc php5-xsl php5-zlib php5-exif php5-fastcgi php5-pear php5-sysvmsg php5-sysvshm ImageMagick curl

Next we edit /etc/apache2/httpd.conf:

vi /etc/apache2/httpd.conf

and change DirectoryIndex to

DirectoryIndex index.html index.htm index.shtml index.cgi index.php index.php5 index.php4 index.php3 index.pl index.html.var index.aspx default.aspx 

Edit /etc/sysconfig/apache2 and add rewrite to the APACHE_MODULES line:

vi /etc/sysconfig/apache2

APACHE_MODULES="actions alias auth_basic [...] negotiation setenvif ssl suexec userdir php5 rewrite"

Also add SSL to the APACHE_SERVER_FLAGS line:

APACHE_SERVER_FLAGS="SSL"

Now configure your system to start Apache at boot time:

chkconfig --add apache2

Then run

SuSEconfig
/etc/init.d/apache2 start


9.1 Disable PHP And Perl Globally

(If you do not plan to install ISPConfig on this server, please skip this section!)

In ISPConfig you will configure PHP and Perl on a per-website basis, i.e. you can specify which website can run PHP and Perl scripts and which one cannot. This can only work if PHP and Perl are disabled globally because otherwise all websites would be able to run PHP/Perl scripts, no matter what you specify in ISPConfig.

To disable PHP and Perl globally, we edit /etc/mime.types and comment out the application/x-perl and application/x-php lines:

vi /etc/mime.types

#application/x-perl pl pm al perl
#application/x-php php php3 php4

Afterwards we restart Apache:

/etc/init.d/apache2 restart


10 Proftpd

I want to use Proftpd instead of vsftpd which is SuSE's default FTP server because the control panel software I am going to install on this server (ISPConfig) requires Proftpd on SUSE 10.1 (on other distributions this is different). Since there are no SUSE packages for Proftpd I have to compile it manually:

cd /tmp/
wget --passive-ftp ftp://ftp.proftpd.org/distrib/source/proftpd-1.3.0.tar.gz
tar xvfz proftpd-1.3.0.tar.gz
cd proftpd-1.3.0/
./configure --sysconfdir=/etc
make
make install
cd ..
rm -fr proftpd-1.3.0*

Now create the file /etc/init.d/proftpd:

vi /etc/init.d/proftpd

#! /bin/sh
# Copyright (c) 2000-2001 SuSE GmbH Nuernberg, Germany.
# All rights reserved.
#
# Original author: Marius Tomaschewski <mt@suse.de>
#
# Slightly modified in 2003 for use with SuSE Linux 8.1,
# by http://www.learnlinux.co.uk/
#
# Slightly modified in 2005 for use with SuSE Linux 9.2,
# by Falko Timme
#
# /etc/init.d/proftpd
#
### BEGIN INIT INFO
# Provides: proftpd
# Required-Start: $network $remote_fs $syslog $named
# Required-Stop:
# Default-Start: 3 5
# Default-Stop: 0 1 2 6
# Description: Starts ProFTPD server
### END INIT INFO

# Determine the base and follow a runlevel link name.
base=${0##*/}
link=${base#*[SK][0-9][0-9]}

# Force execution if not called by a runlevel directory.
test $link = $base && START_PROFTPD=yes # Modified by learnlinux.co.uk
test "$START_PROFTPD" = yes || exit 0 # Modified by learnlinux.co.uk

# Return values acc. to LSB for all commands but
# status (see below):
#
# 0 - success
# 1 - generic or unspecified error
# 2 - invalid or excess argument(s)
# 3 - unimplemented feature (e.g. "reload")
# 4 - insufficient privilege
# 5 - program is not installed
# 6 - program is not configured
# 7 - program is not running

proftpd_cfg="/etc/proftpd.conf"
proftpd_bin="/usr/local/sbin/proftpd"
proftpd_pid="/usr/local/var/proftpd.pid"

[ -r $proftpd_cfg ] || exit 6
[ -x $proftpd_bin ] || exit 5

# Source status functions
. /etc/rc.status

# First reset status of this service
rc_reset

case "$1" in
start)
echo -n "Starting ProFTPD Server: "
test -f /etc/shutmsg && rm -f /etc/shutmsg
/sbin/startproc $proftpd_bin
rc_status -v
;;

stop)
echo -n "Shutting down ProFTPD Server: "
test -x /usr/local/sbin/ftpshut && /usr/local/sbin/ftpshut now && sleep 1
/sbin/killproc -TERM $proftpd_bin
test -f /etc/shutmsg && rm -f /etc/shutmsg
rc_status -v
;;

restart)
## If first returns OK call the second, if first or
## second command fails, set echo return value.
$0 stop
$0 start
rc_status
;;

try-restart)
## Stop the service and if this succeeds (i.e. the
## service was running before), start it again.
## Note: not (yet) part of LSB (as of 0.7.5)
$0 status >/dev/null && $0 restart
rc_status
;;

reload|force-reload)
## Exclusive possibility: Some services must be stopped
## and started to force a new load of the configuration.
echo -n "Reload ProFTPD Server: "
/sbin/killproc -HUP $proftpd_bin
rc_status -v
;;

status)
# Status has a slightly different for the status command:
# 0 - service running
# 1 - service dead, but /var/run/ pid file exists
# 2 - service dead, but /var/lock/ lock file exists
# 3 - service not running
echo -n "Checking for ProFTPD Server: "
checkproc $proftpd_bin
rc_status -v
;;

probe)
## Optional: Probe for the necessity of a reload,
## give out the argument which is required for a reload.
[ $proftpd_cfg -nt $proftpd_pid ] && echo reload
;;

*)
echo "Usage: $0 {start|stop|status|restart|reload|try-restart|probe}"
exit 1
;;
esac

# Set an exit status.
rc_exit

Then run

chmod 755 /etc/init.d/proftpd
chkconfig --add proftpd

Start Proftpd:

/etc/init.d/proftpd start

For security reasons you can add the following lines to /etc/proftpd.conf:

vi /etc/proftpd.conf

DefaultRoot ~
IdentLookups off
ServerIdent on "FTP Server ready."

Be sure to comment out the following lines in order to allow ftp users to CHMOD:

# Bar use of SITE CHMOD by default
#<Limit SITE_CHMOD>
# DenyAll
#</Limit>

and restart Proftpd:

/etc/init.d/proftpd restart

Share this page:

12 Comment(s)

Add comment

Comments

From: Anonymous at: 2006-05-24 17:53:41

is the same installation for the version ppc??

From: grommley at: 2006-10-18 23:58:34

This step by step instruction is so easy that even I could make it work.  I have tried other how-tos in the past relating to Linux and have found that many of them assume that I know what I am doing at a command line interface.  While I have a lot of computer background, all of my experience is with Microsoft software.  This How-to is very well written, and I was able to set up and even use my server with no problems at all.  This is the first time I have ever had that happen in Linux. Once again, thank you for these well written instructions.

From: powderskier at: 2006-10-20 02:33:51

Hi Falko,

 First off, you done an awesome job on the tutorial. You should really consider doing this professionally for Novell/Red Hat since their documentation is fairly atrocious when it comes to missing steps.

 
I want to ask how secure this setup is? Are people using this exact setup for production web servers? Is this meant only for testing environments? Could this be used for a company as an internal corporate web/intranet server provided its secure?

 
What else would you consider to be necessary for this server?

Thanks for your time in helping others,

powderskier
     

From: at: 2007-02-07 01:37:54

A tip: the compile of the embedded PHP fails because it doesn't find the openssl libraries. In Opensuse x86_64, they reside in /usr/lib64, so the easy way to solve the problem is to create symlinks for the openssl libraries in /usr/lib. For example: ln -s /usr/lib64/libssl.so /usr/lib ln -s /usr/lib64/libssl.a /usr/lib ln -s /usr/lib64/libcrypto.so /usr/lib

From: Anonymous at: 2006-06-28 16:16:37

SuSE has provided a update to solve all the problems with the slow and buggy updater. When you go updating, update ONLY the libzypp package FIRST. After that you can do a regular update without problems.

From: Anonymous at: 2006-06-13 21:30:50

Hi Falko,

Great howto once again.

But it seems that Yast on SuSE 10.1 version does indeed check every package before installation and therefore it takes longer (MD5 SUMS and all).

It is something good for Yast installations. (I have seen this in the opensuse pages ... somewhere ... )

About the partition, why don't you propose some other type of partition of the disk. Like a separate /var (for database and the like.)

Regards,

Pedro

From: Anonymous at: 2006-07-03 14:31:12

Hi...im a slack user...and a slack fan...i've been testinga a few distributions...and i did not like anyone...except Suse...and i think that u made a really great job here!!!! I'll try today!

Congratulations!!!! 

From: Anonymous at: 2006-06-25 23:56:57

I was very excited to try out Suse.  The live CD I played around with detected more hardware and was a joy to work with.  I've tried installing suse twice now, once by just installing everything and once with this howto.  Both times Yast died when trying to add mirrors.  The first time I just thought yast was locking up.  On top of that, adding a mirror is unintuitive to someone who isn't familiar with the system.  This time, I read the author's comments on the 10 minute wait.  Okay, I said, I'll wait this time.  I waited for 8 hours.  I left the setup running in the morning and when I came home from work it was still at the same screen.  So that's it, no three strikes and you are out.  I'm done after two attempts.  I'm going back to Redhat and yum.  Thanks to the author for this howto.

From: Anonymous at: 2006-05-31 13:36:16

proftpd_cfg="/usr/local/etc/proftpd.conf"

not like this:

proftpd_cfg="/etc/proftpd.conf"

Thanks

From: Anonymous at: 2006-06-15 16:38:07

On the 64-Bit System, the wrong version of the glibc-devel is installed. (i686 instead of x86_64)

Correct this in yast2 and it will work.

From: Anonymous at: 2006-06-11 20:03:18

BTW: you don't need to run `yast2 -i xntp` because yast2-ntp-client always checks whether the needed package xntp is installed and offers to install it when it is not.

You can also run the YaST ntp-client directly by entering `yast2 ntp-client` command.

From: Anonymous at: 2006-06-09 18:44:54

In your howto, you recommend to disable AppArmor because it has caused more harm than good to you. I can't agree with that - AppArmor is the main reason why I consider SUSE 10.1 the best Linux for servers!

Maybe you should simply read the AppArmor manual (comes as PDF, about 100 pages) and update the profiles as needed. You can also do this using YaST.

Checking /var/log/audit/audit.log is also a good idea if something failes with "permission denied" ;-)

Yes, AppArmor configuration can cause some work - as always: security has its price!