Posts tagged apache

Installing Apache and Its Ecosystem: Part 2

Jul13th
2012

Written by Rob

Back here in Apache Land it is time to continue with the install. In this post I’ll be installing PHP. Part 3 will cover Subversion, and Part 4 I’ll be running through my standard configuration and website setup.

Installing PHP 5.4.4

At the time of writing PHP 5.4.4 is the current stable release of PHP, so we’ll be installing that and a dozen or so modules. I used to be a PHP developer in a past life (or so it feels, sometimes) so there are a lot of modules I used to make regular use of.

Additionally, I run a lot of the usual software like WordPress, Roundcube, Gallery2, WebSVN, etc.

A quick look at the modules installed on Tyrande (the existing server):

[root@tyrande /]$ php -m
# [PHP Modules]
# bz2
# Core
# ctype
# curl
# date
# dom
# ereg
# fileinfo
# filter
# gd
# gettext
# hash
# iconv
# imap
# json
# ldap
# libxml
# mbstring
# mcrypt
# mhash
# mysql
# mysqli
# openssl
# pcre
# PDO
# pdo_mysql
# pdo_pgsql
# pdo_sqlite
# pgsql
# posix
# Reflection
# session
# SimpleXML
# snmp
# soap
# sockets
# SPL
# SQLite
# ssh2
# standard
# tidy
# tokenizer
# xml
# xmlreader
# xmlwriter
# zip
# zlib
# 
# [Zend Modules]

[root@tyrande /]$

[root@tyrande /]$ php -m

# [PHP Modules]

# bz2

# Core

# ctype

# curl

# date

# dom

# ereg

# fileinfo

# filter

# gd

# gettext

# hash

# iconv

# imap

# json

# ldap

# libxml

# mbstring

# mcrypt

# mhash

# mysql

# mysqli

# openssl

# pcre

# PDO

# pdo_mysql

# pdo_pgsql

# pdo_sqlite

# pgsql

# posix

# Reflection

# session

# SimpleXML

# snmp

# soap

# sockets

# SPL

# SQLite

# ssh2

# standard

# tidy

# tokenizer

# xml

# xmlreader

# xmlwriter

# zip

# zlib

# [Zend Modules]

[root@tyrande /]$

Read on for full installation instructions..
READ MORE »

Server Build freebsd, php, ports, server build, shana

Installing Apache and its Ecosystem: Part 1

Jul10th
2012

Written by Rob

I guess it is time for the big boy. Apache can be one of the most complicated things you install, mostly for the additional languages and modules. Like many, I have my own way of configuring it.

I’ll lay this out up front: I don’t like the FreeBSD layout for Apache. Everything is scattered throughout /usr/local and buried deep in the system. I got used to using the OpenBSD layout during my stint with that OS, and so I continue to use that on FreeBSD. It puts everything in /var/www/ and keeps it nice and clean together.

That said, the binaries and other bits and pieces should remain in /usr/local/.

Building from Scratch

For once we’re not going to install Apache from ports. Why? Because it’s too damn hard to adjust the layout without building a completely custom port. What we can do though is use the ports tree to do a big chunk of the work for us.

Configure your options

Run make config in the port and select the options you want installed. I go with the defaults here usually.

[root@shana /]$ cd /usr/ports/www/apache22
[root@shana /usr/ports/www/apache22]$ make config

1 2	[root@shana /]$ cd /usr/ports/www/apache22 [root@shana /usr/ports/www/apache22]$ make config

Install the dependencies

Now that we’ve selected our options, we can also use it to build and install the dependencies, much the same as we would do if we were installing Apache through ports.

[root@shana /usr/ports/www/apache22]$ make depends
# ===>   apache-2.2.22_5 depends on file: /usr/local/bin/perl5.12.4 - found
# ===>   apache-2.2.22_5 depends on file: /usr/local/bin/perl5.12.4 - found
# ===>   apache-2.2.22_5 depends on shared library: expat - found
# ===>   apache-2.2.22_5 depends on shared library: apr-1 - found
# ===>   apache-2.2.22_5 depends on shared library: pcre - found
# ===>   apache-2.2.22_5 depends on shared library: iconv.3 - found
# ===>   apache-2.2.22_5 depends on file: /usr/local/bin/perl5.12.4 - found
# ===>   apache-2.2.22_5 depends on file: /usr/local/bin/autoconf-2.69 - found
# ===>   apache-2.2.22_5 depends on package: libtool>=2.4 - found
# ===>   apache-2.2.22_5 depends on file: /usr/local/bin/perl5.12.4 - found

[root@shana /usr/ports/www/apache22]$ make depends

# ===> apache-2.2.22_5 depends on file: /usr/local/bin/perl5.12.4 - found

# ===> apache-2.2.22_5 depends on shared library: expat - found

# ===> apache-2.2.22_5 depends on shared library: apr-1 - found

# ===> apache-2.2.22_5 depends on shared library: pcre - found

# ===> apache-2.2.22_5 depends on shared library: iconv.3 - found

# ===> apache-2.2.22_5 depends on file: /usr/local/bin/perl5.12.4 - found

# ===> apache-2.2.22_5 depends on file: /usr/local/bin/autoconf-2.69 - found

# ===> apache-2.2.22_5 depends on package: libtool>=2.4 - found

# ===> apache-2.2.22_5 depends on file: /usr/local/bin/perl5.12.4 - found

So that is everything we should need.

Generating the configure command

Now we let the port install get as far as configuring the build, that will generate the configure command that was used, and we can copy that command and use it to build our own setup.

[root@shana /usr/ports/www/apache22]$ make configure
#
#  To enable a module category: WITH_<CATEGORY>_MODULES
#  To disable a module category: WITHOUT_<CATEGORY>_MODULES
#
#  Per default categories are:
#   AUTH AUTHN AUTHZ DAV CACHE MISC
#  Categories available:
#   AUTH AUTHN AUTHZ CACHE DAV EXPERIMENTAL LDAP  MISC PROXY SSL SUEXEC THREADS
#
#   To see all available knobs, type make show-options
#   To see all modules in different categories, type make show-categories
#   You can check your modules configuration by using make show-modules
#
# ===>  Found saved configuration for apache-2.2.22_5
# ===>  Extracting for apache-2.2.22_5
# <snip>
# config.status: creating include/ap_config_auto.h
# config.status: executing default commands

[root@shana /usr/ports/www/apache22]$ make configure

# To enable a module category: WITH_<CATEGORY>_MODULES

# To disable a module category: WITHOUT_<CATEGORY>_MODULES

# Per default categories are:

# AUTH AUTHN AUTHZ DAV CACHE MISC

# Categories available:

# AUTH AUTHN AUTHZ CACHE DAV EXPERIMENTAL LDAP MISC PROXY SSL SUEXEC THREADS

# To see all available knobs, type make show-options

# To see all modules in different categories, type make show-categories

# You can check your modules configuration by using make show-modules

# ===> Found saved configuration for apache-2.2.22_5

# ===> Extracting for apache-2.2.22_5

# <snip>

# config.status: creating include/ap_config_auto.h

# config.status: executing default commands

Setting up our own build environment

Now we’ve had our fun with ports it is time to build our own copy of Apache. I do my compilation in a directory called /archive/compile, but you can do it anywhere you like.
READ MORE »

Server Build freebsd, http, ports, server build, shana

Server Build: Shana’s Role

Nov2nd
2011

Written by Rob

Typically when you’re building a new server, you need to know what you’re going to use it for. As mentioned in a previous post, Shana will be replacing the existing Tyrande server. So she will need to take on all the roles that Tyrande already fulfils. After that Tyrande will be rebuilt as Taiga, then the two will share the roles, with a bias towards Shana as the more powerful server.

The current roles running on Tyrande:

Web Server (Apache)
Database Server (PostgreSQL)
Database Server (MySQL)
SMTP Mail Server (Postfix)
POP/IMAP Mail Server (Dovecot)
Domain Name Server (DNS – Bind)

In addition to typical services that I run on all my servers:

Time Server (NTPD)
Firewall (pf)
Secure Remote Shell (OpenSSH)
Custom Server Monitoring (Meidon)
Nightly backups using zfs snapshots and rsync
Nightly security updates and vulnerability checks

And the synchronisation, load balancing and failover between Shana and Taiga.

These are the things I’ll be dedicating the following blog posts to. Some are obviously going to take multiple posts. Lets give a bit of an overview here though:

Web Server

I use Apache as my web server. I always have. It hosts blogs and custom projects, and everything in between. Typically I have a preference for PHP over perl, python or ruby. Again as with my other posts, these blogs aren’t to debate my software preferences. You can fight that elsewhere

I prefer the OpenBSD Apache layout too, hence the /var/www/ filesystems in the ZFS setup post. I’ll go into detail on installing Apache, PHP, Subversion and its dependencies. We’ll be running the web root of Apache mainly on the SSD, so we’ll need to look at keeping a copy on the normal disk too.

Database Server (PostgreSQL)

PostgreSQL is my SQL database of choice. All of my projects use it for the SQL data storage. I wouldn’t touch MySQL with a 50 foot poll. I’ll go into detail installing it too, and putting its data in /var/pgsql. As a bonus we’ll be running PostgreSQL mainly on the SSD and configuring asynchronous replication to a second instance of PostgreSQL running on Shana that writes to the HDD. This way we can keep a constant backup on less volatile disk that we can manually failover to in an instant.

Database Server (MySQL)

I run MySQL only because of WordPress. That is all.

SMTP Mail Server / POP3/IMAP Mail Server

I use Postfix as my SMTP server of choice and Dovecot for POP3/IMAP. Its fairly lightly utilised but I prefer the flexibility of running my own mail server. Note: I always use my ISPs server for outgoing SMTP, so I don’t have to deal with the difficulties of running my own server – namely blacklists. I’ll detail installing and configuring them to use a SQL database (PostgreSQL) as its list of valid user accounts with aliasing that works at the account level (so an alias can login, even), catch-alls and a bunch of fun stuff.

Domain Name Server

I host my own DNS too using BIND. I have accounts over at easyDNS to have global redundant DNS servers, but they all slave off my primary server. Then I can use normal zone files to manage my domains instead of a web interface (I like the flexibility). I’ll cover setting all that up too.

Time Server

I configure the built in ntpdate and ntpd to keep my local machine time synchronised with an appropriate time server.

Firewall

I use OpenBSD’s Packet Filter (pf) for my firewalling. It is above and beyond the best open source firewall package I’ve found. I think even OS X Lion incorporates pf now. I don’t do too much fancy stuff in pf, just some normalisation, default block, country-based blacklists and bruteforce blacklisting on SSH. (You try to connect to port 22 on my server more than 5 times in 60 seconds and you’re blacklisted).

Secure Remote Shell

Standard config of the built in OpenSSH sshd.

Custom Server Monitoring

I wrote a small PHP-based package a few years ago that runs some commands every minute and saves the output to a PostgreSQL database. It can alert via push notification if something goes wrong, and display a little dashboard thing:

Meidon Dashboard

Nightly Backups using ZFS and Rsync

I set this up a while ago. Its an awesome set of scripts called rsbackup that basically take a list of servers with individual configurations, connects to them, runs any pre-backup commands (like taking ZFS snapshots), then rsyncs any changes down and runs some post-backup commands.

So nightly, my media centre Mac Mini calls out to Tyrande (just as it will do for Shana and Taiga just by adding a configuration file), asks her to take snapshots of the MySQL database, run a pg_dump of the PostgreSQL database and then copies it all back to my Drobo. Neat eh?

I initially did ZFS snapshots for PostgreSQL too but stopped for reasons that I can’t remember. I’ll investigate whether PostgreSQL 9.1 plays more friendly with snapshots and re-evaluate the best way forward for Shana.

Nightly security updates and vulnerability checks

How to configure the FreeBSD to check for security/operating system updates nightly, and ensure that the built in nightly security checks are emailed to you! Can’t stress how important this is.

Sychronisation, Load Balancing and Failover

As mentioned in the original server overview post, I’ll be using CARP for failover and load balancing between Shana and Taiga. So I’ll cover off how to configure all of that too.

So that’s all of the stuff that I’ll be setting up for Shana, and then for Taiga. Should be fun!

Server Build carp, dovecot, freebsd, meidon, mysql, named, ntpd, opensshd, pf, postfix, postgresql, rsbackup, security