Posted tagged ‘apache’

Ultimate guide to setting up the LAMP stack on CentOS 6 (Apache, PHP, MySQL)

04/02/2013

Brace for awesome!

This is a tutorial that covers the entire process of setting up CentOS 6 and installing/configuring Apache, PHP, MySQL, SELinux and iptables, as well as securing the server. This tutorial will give you a base setup for running static as well as dynamic web sites using PHP and MySQL. This tutorial suits VPS or other low-memory configuration as well as dedicated servers.

Prequisites

This tutorial assumes basic knowledge of shell/console usage and knowledge of one text editor.

You need a freshly installed CentOS 6 installation to proceed (Minimal installation is recommended) Once you’re in a root shell, start reading below!

Step 1 – Choose a text editor

Nano is very simple to use and has on-screen help at all times.

Vim is a good editor, but has a slightly steeper learning curve. Here is a good tutorial.

If you find it hard to choose, install and try them both by installing thei via Yum, the CentOS package manager!

yum install vim nano

Since this is your first installation using Yum you may be prompted about importing a GPG key. Enter Y followed by the Enter key to accept.

Step 2 – Configure your network

Attempt to ping an external server, such as google:

ping google.com -c 4

If you receive a response, skip the rest of this section as you have connectivity. If it fails, keep reading.

Not having connectivity is most often due to the lack of a DHCP server running on the network to issue an IP to your server. If that is the case, you need to configure the IP manually.

Here is a useful step-by-step tutorial for setting up static IP address on CentOS 6.

Step 3 – Update your system

After a fresh CentOS 6 install, run:

yum update

Select all updates and let it complete, now run:

cat /etc/*release*

You should see your CentOS version, at the time of writing this, that version is:
CentOS release 6.4 (Final)

Step 4 – Configure (or disable) SELinux

I usually disable SELinux as it makes for some cryptic errors when running the LAMP stack. If you would like to have a go at running SELinux enabled with LAMP, here is a good article to get you started.

To disable SELinux:

vim /etc/selinux/config

Change the SELINUX= line to disabled, like so:

SELINUX=disabled

Now reboot your machine

shutdown -r now

Step 5 – Add the EPEL repo

EPEL is an extra software repository with a lot of useful software that is not in the base repo. We will need it later, so let’s add it to our CentOS install! Go to this page to get the most up to date EPEL version. Copy the link from the text epel-release-6-x.noarch and use it in the command below:

rpm -Uvh http://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-X.noarch.rpm

Depending on the version of CentOS installed, you might need to change x86_64 to i386 in the URL to the repo.

Step 6 – Install Apache, MySQL and PHP

Issue the command:

yum install mysql mysql-server mysql-devel httpd php-common php-gd php-mcrypt php-pear php-pecl-memcache php-mysql php-xml php php-mcrypt php-mbstring php-devel gcc pcre-devel

Enable Apache and MySQL on startup

chkconfig httpd on
chkconfig mysqld on

Start Apache and MySQL

service httpd start
service mysqld start

After starting mysqld, you will receive a prompt to change your MySQL root user password. The dialogue will read…

PLEASE REMEMBER TO SET A PASSWORD FOR THE MySQL root USER !
To do so, start the server, then issue the following commands:

Two commands will be presented to you, run them both. You will need to use your server name in the second command, as the help prompt instructs you. The base commands are:

/usr/bin/mysqladmin -u root password 'new-password'
/usr/bin/mysqladmin -u root -h your-hostname password 'new-password'

Your web server should now be reachable via http://<your-server-ip&gt; in a web browser. If you have started Apache but the server is not visible, you probably need to configure iptables.

Step 7 – Configure iptables

Load up the iptables config file

vim /etc/sysconfig/iptables

Below the :OUTPUT ACCEPT [0:0] line, add

-A INPUT -m state --state NEW -p tcp --dport 80 -j ACCEPT

If you are going to be changing your SSH port (see separate section below), now is a suitable step to allow connections to the new SSH port.

If we are changing SSH to port 4711, this line should also be added:

-A INPUT -m state --state NEW -m tcp -p tcp --dport 4711 -j ACCEPT

Step 8 – Change SSH port

Changing your SSH port makes it harder for hackers to find information about your server via port scanning. To change the port (in our case to 4711), open the sshd config file:

vim /etc/ssh/sshd_config

Search for the line “#Port 22”, change it to:

Port 4711

(Note the removal of the hash sign.)

Make sure you have added the iptables rules for your new port! (See section above.)

Restart sshd by issuing:

service sshd restart

If you are currently on a SSH console, log out and log back on to your server using the new port.

Step 9 – Install extra “nice-to-have” packages if desired

This section is optional, go to Step 10 to continue if you don’t want any extra packages.

htop
Good replacement for top.

yum install htop

curl and wget
Simplifies file retrieval from the command line. You should install at least one of these. They are often included in your CentOS installation.

yum install curl wget

unzip
This package allows you to unzip files

yum install unzip

man
Manuals for commands. Sometimes not included in minimal installations.

yum install man

Step 10 – Reboot!

Now is a great time to reboot, issue the command

shutdown -r now

If your server is not accessible with SSH/HTTP after reboot, there might be something amiss with the iptables settings.

Step 11 – Install phpmyadmin

phpMyAdmin is a powerful tool for manipulating MySQL databases, let’s install it!

cd /var/www/html
wget http://downloads.sourceforge.net/project/phpmyadmin/phpMyAdmin/4.0.1/phpMyAdmin-4.0.1-english.zip?r=http%3A%2F%2Fwww.phpmyadmin.net%2Fhome_page%2Fdownloads.php&ts=1369351562&use_mirror=heanet
unzip phpMyAdmin-3.5.6-english.zip
mv phpMyAdmin-3.5.6-english phpmyadmin
rm -f phpMyAdmin-3.5.6-english.zip

Now you can browse to:
http://<your-ip>/phpmyadmin

Add blowfish_secret for security

cd phpmyadmin
cp config.sample.inc.php config.inc.php
vim config.inc.php

Add a secret key to $cfg[‘blowfish_secret’] so it looks like below:

$cfg['blowfish_secret'] = 'your-secret-key';

According to this site, your password may contain up to 46 characters.

It’s also a good idea to protect phpMyAdmin behind another layer, HTTP authentication.

You can find out how to do that in this excellent tutorial.

Step 12 – Add extra users

useradd username
passwd username

Allow your new user to sudo
sudo allows a user to temporarily take on the role as root.

vim /etc/sudoers

Note: If you are getting a blank text file (not found) in this step, install sudo with
yum install sudo

Find the line:

root    ALL=(ALL)       ALL

Under this line, add a new one to allow your newly created user to use sudo:

username ALL=(ALL)       ALL

Save the file (it’s read-only, so you need to force the write using :wq! in Vim)

Step 13 – Configure Apache

Let’s make some sane modifications to the Apache configuration to improve default behaviour and lower the memory consumption. I am configuring this for a 512MB server, if you have more memory you may retain these values at their original settings or adjust them differently.

vim /etc/httpd/conf/httpd.conf

Allow for .htaccess overrides

Search for the AllowOverride directive in the configuration file.

Change the instances of:

AllowOverride None

to

AllowOverride All

You will also need to uncomment the general AllowOverride declaration by removing the hashtag (#) in front of it.

Before (commented out):

# AllowOverride All

After (Correct version):

AllowOverride All

Change the amount of workers spawned

Find the IfModule prefork.c directive and change according to the example below.

<IfModule prefork.c>
 StartServers       8
 MinSpareServers    5
 MaxSpareServers   20
 ServerLimit      256
 MaxClients       256
 MaxRequestsPerChild  4000
</IfModule>

This reduces the memory footprint of Apache, in exchange for slower responses under heavy load.

Enabling KeepAlive

Change the KeepAlive directive from Off to On.

Warning:
Enabling KeepAlive improves the speed at which pages load, but may make your server crash under heavy load. See this blog post for some interesting etails.

Step 14 – Configure PHP

Let’s edit the PHP configuration file:

vim /etc/php.ini

Increase the maximum upload file size

I like to set this pretty high, as you can limit the upload filesize in a PHP script should you need it.

upload_max_filesize = 128M

You will also need to change the post_max_size restriction:

post_max_size = 128M

Increase the memory limit of PHP

This limit controls the maximum amount of memory a single script is allowed to use. The default (128M) is sensible, but you can increase it if you have a good amount of memory.

memory_limit = 256M

Increase the maximum execution and input time

The default maximum script execution time is a measly 30 seconds. You can easily bump this to 300 seconds.

max_execution_time = 300

The default maximum time to wait for POST and GET data is 60 seconds. File uploads are counted into this, so it is desirable to increase this to avoid errors when uploading large files.

max_input_time = 300

Enable the short_open_tag directive, to support shorthand syntax such as <?=$var?>. Here’s how to enable it:

short_open_tag = On

Now we can restart httpd and the changes will be active

service httpd restart

Install opcode cache

Speed up your PHP applications by installing the Alternative PHP Cache (APC).

First we need to install some dependencies, then we will compile APC using PECL.

yum install make
pecl channel-update pecl.php.net
pecl install apc-3.1.13

Press enter multiple times when prompted to select options (this will pick the defaults.).
Add the APC extension to the PHP configuration:

vim /etc/php.ini

Under the line [PHP] add:

extension=apc.so

Adjust size of cache:

vim /etc/php.d/apc.ini

We are setting the cache to use 256MB:

apc.shm_size=256M

(The file apc.ini does not exist at this point, simply write your changes and APC will pick up on it.)

Restart Apache and we’re done!

service httpd restart

Optional: APC comes with a small web-based control panel. It’s included in the installation but you need to copy it to your web root to use it:

cp /usr/share/pear/apc.php /var/www/html

Now you can navigate to /apc.php on your server to see the cache stats.

Step 15 – Configure MySQL

Save your default password for mysqldump

To run mysqldump in a cron job (read more about cron jobs in Step 17), you need to set a username and password to the MySQL configuration file.

Open up the file:

vim /etc/my.cnf

Add the following lines at the bottom of it:

[mysqldump]
 user = mysql-user
 password = your-password

It is not advisable to use the root user here, instead, you may use an account with global read privileges.

(Optional) Disable InnoDB

If you want to use save memory (about 60-100 MB) and don’t need InnoDB tables, you may disable them by editing the MySQL configuration file.

vim /etc/my.cnf

Under the [mysqld] directive, add the following line:

skip-innodb

Step 16 – Add virtual hosts to Apache

Virtual hosts allow multiple web sites to be served from a single Apache installation.

The virtual hosts can be added to the end of the Apache configuration file.

Here is an example configuration with two web hosts:

NameVirtualHost *:80

<VirtualHost *:80>
ServerName your-default-site.com
DocumentRoot "/var/www/html"
</VirtualHost>

<VirtualHost *:80>
Servername your-second-site.com
ServerAlias www.your-second-site.com
DocumentRoot "/var/www/html/your-second-site.com"
</VirtualHost>

Step 17 – Set up cron jobs

Setting up cron jobs is useful for scheduling tasks. For this we’re going to install CRON and Crontab.

yum install crontabs
chkconfig crond on

To see the local user crontab issue:

crontab -e

Here is a great resource for learning how to manipulate the crontab file.

Warning
Remember that the scheduled commands are run as the user whos crontab they are in. For cron jobs that require elevated privileges, using the root crontab or changing file permissions may be necessary.

Setting up a cron job to backup all mysql databases

First start editing the crontab:

crontab -e

Now add a new line, which will run our command:

0 0 * * * mysqldump --all-databases > /root/sqldump.sql

This simple command will back up all databases to the file /root/sqldump.sql at midnight every day.
Note: This requires you to set a [mysqldump] user, as advised in Step 15.

You’re done!

Congratulations on setting up CentOS 6 with LAMP. The section below contains useful commands and other tweaks you can perform.

Test disk speed

Disk speed indicative of performance, different tests test different things, different on virtual environments (such as OpenVZ and KVM) and dedi, some tests might be better for some of them.

dd if=/dev/zero of=test bs=64k count=16k conv=fdatasync

How to judge your result (note that this is only accurate for the exact test above)

  • 0-25 MB/s -> Garbage
  • 25-70 MB/s -> Acceptable
  • 70-120 MB/s -> Good
  • >120 MB/s -> Excellent

Miscellaneous: Quick reference of useful commands

Check disk usage

df -h

Disable or enable iptables

chkconfig iptables on/off

Dump all your MySQL databases to a file (suitable for backup, in crontab or similar)

In Step 15 we saved our MySQL username and password in the MySQL configuration file /etc/my.cnf

Now we can use mysqldump without a password. To dump all databases into a file, issue:

mysqldump --all-databases > /root/sqldump.sql

Listing services that automatically run at startup, and their runlevels

chkconfig --list

Miscellaneous: Setting appropriate file permissions for PHP sites

We’d like for Apache to have as little access to the files it serves as possible. This limits the effects PHP and Apache exploits.

To accomplish this, let’s run an example with a fictional site residing in the folder:

/var/www/html/yoursite

To secure this site we are going to put up the following restrictions:

  • Files can only be read
  • Directories can only be read and executed (this is required for PHP to work)
  • Apache is the owner of all files

To do this, we invoke:

chown -R apache:apache /var/www/html/yoursite
chmod -R 400 /var/www/html/yoursite
chmod -R a+X /var/www/html/yoursite

Feedback

That’s it for this tutorial! I appreciate any feedback you might have, so if something is unclear or can be improved, feel free to leave a comment!

Sources and additional information

http://wiki.centos.org/HowTos/Network/SecuringSSH

http://www.linuxmail.info/add-epel-centos-6/

http://romanrm.ru/en/dd-benchmark

http://www.vectorns.com/blog/19-running-xampp-on-fedora-with-selinux-enabled

http://www.cyberciti.biz/faq/rhel-fedorta-linux-iptables-firewall-configuration-tutorial/

http://www.question-defense.com/tools/phpmyadmin-blowfish-secret-generator

http://www.reallylinux.com/docs/htaccess.shtml

Advertisements

Software Release: Homepage downtime kit for Apache v1

27/08/2009

downtimekitscreenshotThe bad boy in action.

When you’re managing a homepage for a while, there will be the times when you absolutely need to take your site down for maintenance – be it a hardware upgrade, code upgrade (When migrating to a new version of your/someone elses software.) or disk maintenance due to power loss or crash. But what do you show your users while the regular homepage is unavailable? Simply shutting down the server resulting in an error for the end-user is kind of boring, and gives a far less memorable expression than having a proper downtime page, all the big boys are doing it, so why shouldn’t you?

I spent a few minutes and hacked together a minimalistic “downtime kit”.

The easiest way is to temporarily redirect your page somewhere else (where you host the downtime kit) during the downtime, and there’s a multitude of ways to do so, all depending on the architecture of your hosting setup, so you’ll have to think of the best way for you to utilize this kit.

As for how it works, it simply uses the mod_rewrite functionality in Apache to redirect image requests to one central image, so that any hotlinked images you might have show a proper downtime dialogue on their respective pages. It also redirects users who want to download files and visit pages to a proper downtime dialogue.

Setting the kit up to work for your page takes less than a minute, here are what needs to be done (taken from the readme.txt file in the distribution.)

Prequisites:

  • PHP5 (Should work with PHP4)
  • Apache with mod_rewrite (XAMPP Lite distributions work great for this purpose.)

    License:
    This kit is released as beerware, a very permissive license, so do whatever you please with the code.

    Download link:
    zip file – (Mirror 1 / Mirror 2)

    Tutorial:

    1.) Upload all the files into the root of your web directory, if you want to restrict the script to a subfolder, read step 2, otherwise skip to 3.

    2.) If you uploaded the distribution into a subfolder (like http://www.mypage.com/ahomepage) instead of the root (which in this case would be http://www.mypage.com) – open the .htaccess in a text editor and change the second line from:
    ErrorDocument 404 /index.php
    …to:
    ErrorDocument 404 /<your subdirectoryhere>/index.php

    In our previous example, this line would be:
    ErrorDocument 404 /ahomepage/index.php

    If you have vhosts that link a subfolder to a domain name (ie you can visit the page at ahomepage.mypage.com) this step is not necessary.

    3.) Open config.php in a text editor and change the text
    <b>Status:</b><br>This page is down!
    …to whatever you wish for your downtime page to show.

    4.) Optionally change the notfound.jpg image for another one that suits you or your homepage better.

    5.) Enjoy!

    In other news…

    constantsCover art for “The Constants – The Foundation, The Machine, The Ascension”

    In this episode of “In other news…” we’re going to talk about post-rock. It feels like such a huge topic, but I’ll just satisfy myself by saying it’s a fantastic genre of music, especially instrumental post-rock, so without further ado, here is a list of some of my favourite post-rock band, in unspecified order – click on the band names to visit their homepages/profiles.

    Most of these bands are relatively small, and you can find a lot of music on their respective Myspace profiles and homepages.

    3D Realms shuts down – millions of Duke fans weep

    08/05/2009

    Duke – Smug as always,
    unaware of his fate.

    Update 1: There’s great coverage on the history of Duke Nukem: Forever here, a fantastic read.
    Update 2:
    An insider story about the life and death of Duke Nukem: Forever, check it out!

    It felt almost unreal reading this article and realizing that Duke Nukem Forever might actually never be released. This holy grail of vaporware has been in the making for over twelve years, which in perspective is more than half my current life length! The game has gone through a number of 3D-engine changes and a cascade of other issues.

    I was one of the people that always believed. I believed when the game first became notorious for its long release cycle back around the millennium shift. I even discussed DN: Forever with Per just a week ago or so, where he proclaimed that the game would never be released, following Broussard bold claims that DN:Forever would hit the shelves this very year.

    Now it sadly looks like he was right.

    To be perfectly honest I shouldn’t even be sad over this, I rarely play games nowadays, even though I have fond memories of the series, especially DN: Land Of The Babes which kept me company for what probably was an entire summer vacation. But this was one of those games – the ones that you just had to at least try because of the hype. If it was a great game or a disappointment came in second.

    Take-Two still holds the rights to the Duke Nukem franchise, but has declined to make a comment on the situation. Who knows, maybe they’ll continue development and actually release it, although the chances are slim. But I’ll never stop believing… R.I.P for now, Duke.

    The game back in 2001, when it looked almost finished, and still cool by todays standards according to me.

    In other news…
    tomcat

    Rawr!

    I’ve finally started to teach myself Apache Tomcat – a fascinating (albeit sometimes confusing)  implementation of Java for the web. If you’re a Java programmer and wish to develop dynamic applications for the web, this is where to start!

    PHP, MySQL and “Unpredictable behaviour”

    20/04/2009

    mwp8_lineup2This is what you get when you do a
    Google image search for “unpredictable behaviour“.
    Truly.

    I finally decided to take some time to upgrade my Apache/PHP/SQL installation on ye ‘ol file server, and after installing the latest version of XAMPP (which I warmly recommend if you need a full suite for all your web hosting needs) I was greeted with the following message in phpMyAdmin:

    Your PHP MySQL library version 5.0.51a differs from your MySQL server version 5.1.33. This may cause unpredictable behavior.

    I figured something must be wrong, spent some time searching for people with the same error – there were plenty of them, but no answer in sight. Finally I was able to come across a few posts that made things clearer.

    Apparently the MySQL client version that PHP uses today is  an older version –  of the file libmysql.dll to be precise. Some users have reported that they can simply use a newer build of libmysql.dll (Which can be acquired in the current MySQL build) while other people just show you how to remove the alert by editing the phpMyAdmin source code.

    I tried replacing my copy of libmysql.dll with the latest build, but alas –  it just made my php executable lock up, so no luck there for now.

    So… what exactly is the deal?
    As far as I’ve read, people seem to agree that a small version mismatch poses no problems to the stability of your MySQL server. I am currently running the 5.0.51a client version and 5.1.33 MySQL version without any issues. (Knock on wood!) Although don’t risk it if you have a major version mismatch! (i.e. client is 4.0.1 and server is 5.0.0) because that could truly lead to unpredictable behavior. In these cases, make sure you update to the very latest PHP version available here.

    Hope this post saves someone a little time!