Search the Community
Showing results for tags 'Apache'.
Found 2 results
I'm working on recreating (and enhancing) my minimal LAMP server configuration on CentOS 6 for my web server. I use Apache and MySQL from the CentOS repos, but prefer to compile my own PHP to stay up-to-date with each new stable release of PHP as soon as it is available. I also like to add support for eAccelerator (a memory cache and bytecode cache for PHP, speeds up execution of PHP scripts considerably) and will add support for the Suhosin security patch and extension for PHP. I'm also moving towards using SELinux in enforcing mode with this new CentOS 6 server for enhanced security. I hope in this post to document my setup for this -- Apache, MySQL and the latest PHP from source, as well as eAcceleration and Suhosin, all SELinux compliant. This setup is not yet finished and this post should not therefore be used 'blindly' as a guide for a production server. I'm still testing this setup in a private, closed environment! I have also not gone through this guide start-to-finish to test that it is complete. Since this is an adaptation of my personal guide, which contains specific details of my setup that aren't relevant to a general audience, I have not verified that this particular write-up actually works. Filenames for download links may change as new versions are released. Check all software versions to make sure outdated versions are not being installed. Bear in mind, therefore, that this guide is a work in progress. Install Pre-requisite Packages Begin by ensuring the Development Tools are installed, to faciliate compiling our own PHP and extensions. # yum groupinstall 'Development Tools' Now install the prerequisites: # yum install httpd mysql-server httpd-devel libxml2-devel libcurl-devel libjpeg-devel ImageMagick-devel libpng-devel gmp-devel mysql-devel libtool-ltdl-devel MCrypt must be installed manually (I don't want to use third-party yum repos). Download latest from http://mcrypt.sourceforge.net/. $ tar xjvf libmcrypt-2.5.8.tar.bz2 $ cd libmcrypt-2.5.8 $ ./configure $ make $ su -c "make install" MySQL desperately needs a root password set. $ mysqladmin -u root password newrootpassword Also configure Apache to your specifications. I will omit that configuration here, as much of it is specific to my setup and not relevant to a general audience. Download Suhosin Patch Assumes the Suhosin GPG key has already been securely imported, for verifying the integrity of the patch and extension. $ wget http://download.suhosin.org/suhosin-patch-5.3.7-0.9.10.patch.gz $ wget http://download.suhosin.org/suhosin-patch-5.3.7-0.9.10.patch.gz.sig $ gpg --verify suhosin-patch-5.3.7-0.9.10.patch.gz.sig $ gunzip suhosin-patch-5.3.7-0.9.10.patch.gz PHP 5.3.7 with Suhosin Patch Download latest PHP from http://www.php.net. $ tar xjvf php-5.3.7.tar.bz2 $ cd php-5.3.7 $ patch -p 1 -i ../suhosin-patch-5.3.7-0.9.10.patch $ './configure' '--with-mysqli' '--with-mysql' '--enable-bcmath' '--enable-mbstring' '--with-gmp' '--with-curl' '--with-gd' '--with-freetype' '--with-apxs2=/usr/sbin/apxs' '--with-zlib' '--with-mcrypt' '--with-jpeg-dir' '--with-png-dir' '--with-gif-dir' $ make $ make test $ su -c "make install" $ su -c "chcon -t textrel_shlib_t '/usr/lib/httpd/modules/libphp5.so'" $ su -c "/sbin/service httpd restart" PHP configuration to /usr/local/lib/php.ini. # /usr/bin/chcon -t etc_t /usr/local/lib/php.ini Suhosin Extension $ wget http://download.suhosin.org/suhosin-0.9.32.1.tar.gz $ wget http://download.suhosin.org/suhosin-0.9.32.1.tar.gz.sig $ gpg --verify suhosin-0.9.32.1.tar.gz.sig $ tar xzvf suhosin-0.9.32.1.tar.gz $ cd suhosin-0.9.32.1 $ phpize $ ./configure $ make $ su -c "make install" $ su -c "cp modules/suhosin.so /usr/local/lib/php/extensions" $ su -c "chcon -t textrel_shlib_t '/usr/local/lib/php/extensions/suhosin.so'" Enable extension in PHP.ini: extension="suhosin.so" Restart Apache: # service httpd restart Use a PHPInfo page to verify Suhosin Patch and Suhosin Extension are working. eAccelerator Download page appears to be down as of 2011-08-21. $ tar xjvf eaccelerator-0.9.6.1.tar.bz2 $ cd eaccelerator-0.9.6.1 $ phpize $ ./configure $ make $ su -c "make install" $ su -c "cp modules/eaccelerator.so /usr/local/lib/php/extensions" $ su -c "mkdir /var/cache/eaccelerator" $ su -c "chown apache /var/cache/eaccelerator" $ su -c "/etc/init.d/httpd restart" $ su -c "chcon -t textrel_shlib_t '/usr/local/lib/php/extensions/eaccelerator.so'" Configure eAccelerator settings in PHP.ini: extension="eaccelerator.so" eaccelerator.shm_size="128" ; 128 MB of memcaching, lower on low-memory machines eaccelerator.cache_dir="/var/cache/eaccelerator" eaccelerator.enable="1" eaccelerator.optimizer="1" eaccelerator.check_mtime="1" eaccelerator.debug="0" eaccelerator.filter="" eaccelerator.shm_max="0" eaccelerator.shm_ttl="0" eaccelerator.shm_prune_period="0" eaccelerator.shm_only="0" eaccelerator.compress="1" eaccelerator.compress_level="9" eaccelerator.log_file="/var/log/eaccelerator.log" Set up dirs: # mkdir /var/cache/eaccelerator # chown apache /var/cache/eaccelerator # touch /var/log/eaccelerator.log # chown apache /var/log/eaccelerator.log TODO: SELinux contexts for /var/cache/eaccelerator and /var/log/eaccelerator.log? Restart Apache: # service httpd restart Verify eAccelerator with a PHPInfo page.
I dug my self into a hole... for the last 3 months I have been running 5 servers without a clue on how to configure them. Now I'm worried that my computer is a zombie. "netstat -ntulp" says they are all running. Is there any way to shut them down without having to get a Ph. D, thanks. I don't want to uninstall them, I just want time to learn how to configure them. When I was in windows I got used to installing anything that didn't look like a virus. If anything went wrong, I disabled it or reconfigured it, but I can't seem to find the "OFF" button for services in linux.