Index.
19-Aug-2011: initial release.
Introduction.
This article describes how to install virtual web servers using Apache, PHP and MySQL. Some would call this a LAMP server. PHP and Apache will be installed on this DMZ server, but MySQL should already be running on the Home Server host. When MySQL runs on the host, you can safely use phpmyadmin on the host because it won’t be available from the Internet, only from within your network. Using only one MySQL installation saves system resources. With a firewall rule we only allow MySQL from this DMZ host, and in MySQL itself only databases that are needed by the DMZ machine will be allowed to do so.
Virtual web hosting for IPv4 is name based only, in general you will have to share just one public IPv4 address. For IPv6 we have so many available IPv6 addresses that we will give each virtual server it’s own IPv6 address. Virtual web hosting with just one IPv4 address doesn’t work for https (SSL). If you want a https server you can only have one server or make your setup so that the default (first) server is the only one that can have https. We can’t do anything about this, it is a protocol restriction.
Add a hard disk.
The standard virtual server setup puts the /srv directory on the root disk and this disk is standard about 7 Gb. With the virtualbox gui create a new attached hard disk to our virtual server and make it as big as you think you need. After you start the virtual machine, setup a partition with cfdisk or fdisk, create a filesystem on the new partition and mount it on /srv. Make sure you create the /srv/ftp and /srv/http directories as the were before the mount. Add this new disk to /etc/fstab. The /etc/fstab should now look like:
# # /etc/fstab: static file system information # # <file system> <dir> <type> <options> <dump> <pass> tmpfs /tmp tmpfs nodev,nosuid 0 0 devpts /dev/pts devpts defaults 0 0 shm /dev/shm tmpfs nodev,nosuid 0 0 # /dev/sda1 /boot ext2 defaults 0 2 /dev/sda2 swap swap defaults 0 0 /dev/sda3 / ext4 defaults 0 1 /dev/sdb1 /srv ext4 defaults 0 2
Installation.
Install the Apache webserver with PHP and some basic extensions:
[root@websrv ~]# pacman -S --needed apache php-apache php-gd php-mcrypt resolving dependencies... looking for inter-conflicts... Targets (20): apr-1.4.5-1 mpfr-3.0.1.p4-2 libmpc-0.9-2 isl-0.07-1 cloog-0.16.3-1 ppl-0.11.2-2 gcc-4.6.1-4 libtool-2.4-4 unixodbc-2.3.0-1 apr-util-1.3.12-2 apache-2.2.19-1 libxml2-2.7.8-1 php-5.3.8-2 php-apache-5.3.8-2 libpng-1.4.8-1 libjpeg-turbo-1.1.1-3 freetype2-2.4.6-1 php-gd-5.3.8-2 libmcrypt-2.5.8-2 php-mcrypt-5.3.8-2 Total Download Size: 28.70 MB Total Installed Size: 130.09 MB Proceed with installation? [Y/n] Y Proceed with installation? [Y/n] Y :: Retrieving packages from core... mpfr-3.0.1.p4-2-i686 350.3K 701.0K/s 00:00:00 [######################] 100% libmpc-0.9-2-i686 73.5K 311.0K/s 00:00:00 [######################] 100% isl-0.07-1-i686 568.1K 793.5K/s 00:00:01 [######################] 100% cloog-0.16.3-1-i686 102.3K 355.6K/s 00:00:00 [######################] 100% ppl-0.11.2-2-i686 2.8M 997.1K/s 00:00:03 [######################] 100% gcc-4.6.1-4-i686 16.1M 1027.9K/s 00:00:16 [######################] 100% libtool-2.4-4-i686 380.7K 719.1K/s 00:00:01 [######################] 100% :: Retrieving packages from extra... apr-1.4.5-1-i686 253.6K 605.5K/s 00:00:00 [######################] 100% unixodbc-2.3.0-1-i686 190.6K 539.1K/s 00:00:00 [######################] 100% apr-util-1.3.12-2-i686 164.1K 520.7K/s 00:00:00 [######################] 100% apache-2.2.19-1-i686 880.0K 909.7K/s 00:00:01 [######################] 100% libxml2-2.7.8-1-i686 1495.8K 935.0K/s 00:00:02 [######################] 100% php-5.3.8-2-i686 2.8M 1014.1K/s 00:00:03 [######################] 100% php-apache-5.3.8-2... 1577.5K 966.1K/s 00:00:02 [######################] 100% libpng-1.4.8-1-i686 213.8K 580.4K/s 00:00:00 [######################] 100% libjpeg-turbo-1.1.... 221.5K 599.5K/s 00:00:00 [######################] 100% freetype2-2.4.6-1-i686 564.1K 809.0K/s 00:00:01 [######################] 100% php-gd-5.3.8-2-i686 71.1K 300.2K/s 00:00:00 [######################] 100% libmcrypt-2.5.8-2-i686 81.0K 332.8K/s 00:00:00 [######################] 100% php-mcrypt-5.3.8-2... 10.2K 174.3K/s 00:00:00 [######################] 100% (20/20) checking for file conflicts [######################] 100% ( 1/20) installing apr [######################] 100% ( 2/20) installing mpfr [######################] 100% ( 3/20) installing libmpc [######################] 100% ( 4/20) installing isl [######################] 100% ( 5/20) installing cloog [######################] 100% ( 6/20) installing ppl [######################] 100% ( 7/20) installing gcc [######################] 100% ( 8/20) installing libtool [######################] 100% ( 9/20) installing unixodbc [######################] 100% (10/20) installing apr-util [######################] 100% (11/20) installing apache [######################] 100% Optional dependencies for apache lynx: apachectl status (12/20) installing libxml2 [######################] 100% (13/20) installing php [######################] 100% (14/20) installing php-apache [######################] 100% (15/20) installing libpng [######################] 100% (16/20) installing libjpeg-turbo [######################] 100% (17/20) installing freetype2 [######################] 100% (18/20) installing php-gd [######################] 100% (19/20) installing libmcrypt [######################] 100% (20/20) installing php-mcrypt [######################] 100% [root@websrv ~]#
Configuration.
The examples show two virtual servers, the first default server is www.wpl.uk and that server is also reachable using SSL. The second server is called server2.wpl.uk shows some connection info. To use it install the ipv6calc package from this site. In the apache main configuration, modules that are not needed are disabled. You might need to enable some of them, that depends on your website. All the following configuration files are diff files against the originals. The complete files are in the examples tarball.
First, /etc/httpd/conf/httpd.conf:
--- httpd.conf.orig 2011-08-29 17:18:20.283047626 +0200 +++ httpd.conf 2011-08-29 17:32:33.279733650 +0200 @@ -52,72 +52,73 @@ # LoadModule foo_module modules/mod_foo.so # LoadModule authn_file_module modules/mod_authn_file.so -LoadModule authn_dbm_module modules/mod_authn_dbm.so -LoadModule authn_anon_module modules/mod_authn_anon.so -LoadModule authn_dbd_module modules/mod_authn_dbd.so -LoadModule authn_default_module modules/mod_authn_default.so +#LoadModule authn_dbm_module modules/mod_authn_dbm.so +#LoadModule authn_anon_module modules/mod_authn_anon.so +#LoadModule authn_dbd_module modules/mod_authn_dbd.so +#LoadModule authn_default_module modules/mod_authn_default.so LoadModule authz_host_module modules/mod_authz_host.so -LoadModule authz_groupfile_module modules/mod_authz_groupfile.so +#LoadModule authz_groupfile_module modules/mod_authz_groupfile.so LoadModule authz_user_module modules/mod_authz_user.so -LoadModule authz_dbm_module modules/mod_authz_dbm.so -LoadModule authz_owner_module modules/mod_authz_owner.so -LoadModule authnz_ldap_module modules/mod_authnz_ldap.so -LoadModule authz_default_module modules/mod_authz_default.so +#LoadModule authz_dbm_module modules/mod_authz_dbm.so +#LoadModule authz_owner_module modules/mod_authz_owner.so +#LoadModule authnz_ldap_module modules/mod_authnz_ldap.so +#LoadModule authz_default_module modules/mod_authz_default.so LoadModule auth_basic_module modules/mod_auth_basic.so -LoadModule auth_digest_module modules/mod_auth_digest.so -LoadModule file_cache_module modules/mod_file_cache.so -LoadModule cache_module modules/mod_cache.so -LoadModule disk_cache_module modules/mod_disk_cache.so -LoadModule mem_cache_module modules/mod_mem_cache.so -LoadModule dbd_module modules/mod_dbd.so -LoadModule dumpio_module modules/mod_dumpio.so -LoadModule reqtimeout_module modules/mod_reqtimeout.so -LoadModule ext_filter_module modules/mod_ext_filter.so +#LoadModule auth_digest_module modules/mod_auth_digest.so +#LoadModule file_cache_module modules/mod_file_cache.so +#LoadModule cache_module modules/mod_cache.so +#LoadModule disk_cache_module modules/mod_disk_cache.so +#LoadModule mem_cache_module modules/mod_mem_cache.so +#LoadModule dbd_module modules/mod_dbd.so +#LoadModule dumpio_module modules/mod_dumpio.so +#LoadModule reqtimeout_module modules/mod_reqtimeout.so +#LoadModule ext_filter_module modules/mod_ext_filter.so LoadModule include_module modules/mod_include.so -LoadModule filter_module modules/mod_filter.so -LoadModule substitute_module modules/mod_substitute.so -LoadModule deflate_module modules/mod_deflate.so -LoadModule ldap_module modules/mod_ldap.so +#LoadModule filter_module modules/mod_filter.so +#LoadModule substitute_module modules/mod_substitute.so +#LoadModule deflate_module modules/mod_deflate.so +#LoadModule ldap_module modules/mod_ldap.so LoadModule log_config_module modules/mod_log_config.so -LoadModule log_forensic_module modules/mod_log_forensic.so -LoadModule logio_module modules/mod_logio.so -LoadModule env_module modules/mod_env.so -LoadModule mime_magic_module modules/mod_mime_magic.so -LoadModule cern_meta_module modules/mod_cern_meta.so -LoadModule expires_module modules/mod_expires.so -LoadModule headers_module modules/mod_headers.so -LoadModule ident_module modules/mod_ident.so -LoadModule usertrack_module modules/mod_usertrack.so -LoadModule unique_id_module modules/mod_unique_id.so +#LoadModule log_forensic_module modules/mod_log_forensic.so +#LoadModule logio_module modules/mod_logio.so +#LoadModule env_module modules/mod_env.so +#LoadModule mime_magic_module modules/mod_mime_magic.so +#LoadModule cern_meta_module modules/mod_cern_meta.so +#LoadModule expires_module modules/mod_expires.so +#LoadModule headers_module modules/mod_headers.so +#LoadModule ident_module modules/mod_ident.so +#LoadModule usertrack_module modules/mod_usertrack.so +#LoadModule unique_id_module modules/mod_unique_id.so LoadModule setenvif_module modules/mod_setenvif.so -LoadModule version_module modules/mod_version.so -LoadModule proxy_module modules/mod_proxy.so -LoadModule proxy_connect_module modules/mod_proxy_connect.so -LoadModule proxy_ftp_module modules/mod_proxy_ftp.so -LoadModule proxy_http_module modules/mod_proxy_http.so -LoadModule proxy_scgi_module modules/mod_proxy_scgi.so -LoadModule proxy_ajp_module modules/mod_proxy_ajp.so -LoadModule proxy_balancer_module modules/mod_proxy_balancer.so +#LoadModule version_module modules/mod_version.so +#LoadModule proxy_module modules/mod_proxy.so +#LoadModule proxy_connect_module modules/mod_proxy_connect.so +#LoadModule proxy_ftp_module modules/mod_proxy_ftp.so +#LoadModule proxy_http_module modules/mod_proxy_http.so +#LoadModule proxy_scgi_module modules/mod_proxy_scgi.so +#LoadModule proxy_ajp_module modules/mod_proxy_ajp.so +#LoadModule proxy_balancer_module modules/mod_proxy_balancer.so LoadModule ssl_module modules/mod_ssl.so LoadModule mime_module modules/mod_mime.so -LoadModule dav_module modules/mod_dav.so -LoadModule status_module modules/mod_status.so -LoadModule autoindex_module modules/mod_autoindex.so -LoadModule asis_module modules/mod_asis.so -LoadModule info_module modules/mod_info.so -LoadModule suexec_module modules/mod_suexec.so +#LoadModule dav_module modules/mod_dav.so +#LoadModule status_module modules/mod_status.so +#LoadModule autoindex_module modules/mod_autoindex.so +#LoadModule asis_module modules/mod_asis.so +#LoadModule info_module modules/mod_info.so +#LoadModule suexec_module modules/mod_suexec.so LoadModule cgi_module modules/mod_cgi.so -LoadModule cgid_module modules/mod_cgid.so -LoadModule dav_fs_module modules/mod_dav_fs.so -LoadModule vhost_alias_module modules/mod_vhost_alias.so -LoadModule negotiation_module modules/mod_negotiation.so +#LoadModule cgid_module modules/mod_cgid.so +#LoadModule dav_fs_module modules/mod_dav_fs.so +#LoadModule vhost_alias_module modules/mod_vhost_alias.so +#LoadModule negotiation_module modules/mod_negotiation.so LoadModule dir_module modules/mod_dir.so -LoadModule imagemap_module modules/mod_imagemap.so -LoadModule actions_module modules/mod_actions.so -LoadModule speling_module modules/mod_speling.so -LoadModule userdir_module modules/mod_userdir.so +#LoadModule imagemap_module modules/mod_imagemap.so +#LoadModule actions_module modules/mod_actions.so +#LoadModule speling_module modules/mod_speling.so +#LoadModule userdir_module modules/mod_userdir.so LoadModule alias_module modules/mod_alias.so LoadModule rewrite_module modules/mod_rewrite.so +LoadModule php5_module modules/libphp5.so <IfModule !mpm_netware_module> <IfModule !mpm_winnt_module> @@ -152,7 +153,7 @@ # e-mailed. This address appears on some server-generated pages, such # as error documents. e.g. admin@your-domain.com # -ServerAdmin you@example.com +ServerAdmin webmaster@wpl.uk # # ServerName gives the name and port that the server uses to identify itself. @@ -425,6 +426,8 @@ # #EnableMMAP off #EnableSendfile off +EnableMMAP on +EnableSendfile on # Supplemental configuration # @@ -434,25 +437,25 @@ # necessary. # Server-pool management (MPM specific) -#Include conf/extra/httpd-mpm.conf +Include conf/extra/httpd-mpm.conf # Multi-language error messages -Include conf/extra/httpd-multilang-errordoc.conf +#Include conf/extra/httpd-multilang-errordoc.conf # Fancy directory listings -Include conf/extra/httpd-autoindex.conf +#Include conf/extra/httpd-autoindex.conf # Language settings -Include conf/extra/httpd-languages.conf +#Include conf/extra/httpd-languages.conf # User home directories -Include conf/extra/httpd-userdir.conf +#Include conf/extra/httpd-userdir.conf # Real-time info on requests and configuration #Include conf/extra/httpd-info.conf # Virtual hosts -#Include conf/extra/httpd-vhosts.conf +Include conf/extra/httpd-vhosts.conf # Local access to the Apache HTTP Server Manual #Include conf/extra/httpd-manual.conf @@ -463,8 +466,11 @@ # Various default settings Include conf/extra/httpd-default.conf +# php5 +Include conf/extra/php5_module.conf + # Secure (SSL/TLS) connections -#Include conf/extra/httpd-ssl.conf +Include conf/extra/httpd-ssl.conf # # Note: The following must must be present to support # starting without SSL on platforms with no /dev/random equivalent
To use SSL you must generate a server crt and key file for the host www.wpl.uk and sore these in /etc/certs. You must also store the root CA file there. See the article about certificates for details. Here is /etc/httpd/conf/extra/httpd-ssl.conf:
--- httpd-ssl.conf.orig 2011-08-29 20:27:14.496126000 +0200 +++ httpd-ssl.conf 2011-08-29 20:41:25.702789278 +0200 @@ -46,7 +46,7 @@ # # Some MIME-types for downloading Certificates and CRLs # -AddType application/x-x509-ca-cert .crt +AddType application/x-x509-ca-cert .crt .cert .pem AddType application/x-pkcs7-crl .crl # Pass Phrase Dialog: @@ -74,9 +74,9 @@ <VirtualHost _default_:443> # General setup for the virtual host -DocumentRoot "/srv/http" -ServerName www.example.com:443 -ServerAdmin you@example.com +DocumentRoot "/srv/http/www" +ServerName www.wpl.uk:443 +ServerAdmin webmaster@wpl.uk ErrorLog "/var/log/httpd/error_log" TransferLog "/var/log/httpd/access_log" @@ -96,16 +96,18 @@ # in mind that if you have both an RSA and a DSA certificate you # can configure both in parallel (to also allow the use of DSA # ciphers, etc.) -SSLCertificateFile "/etc/httpd/conf/server.crt" +#SSLCertificateFile "/etc/httpd/conf/server.crt" #SSLCertificateFile "/etc/httpd/conf/server-dsa.crt" +SSLCertificateFile "/etc/certs/www.crt" # Server Private Key: # If the key is not combined with the certificate, use this # directive to point at the key file. Keep in mind that if # you've both a RSA and a DSA private key you can configure # both in parallel (to also allow the use of DSA ciphers, etc.) -SSLCertificateKeyFile "/etc/httpd/conf/server.key" +#SSLCertificateKeyFile "/etc/httpd/conf/server.key" #SSLCertificateKeyFile "/etc/httpd/conf/server-dsa.key" +SSLCertificateKeyFile "/etc/certs/www.key" # Server Certificate Chain: # Point SSLCertificateChainFile at a file containing the @@ -125,6 +127,7 @@ # Makefile to update the hash symlinks after changes. #SSLCACertificatePath "/etc/httpd/conf/ssl.crt" #SSLCACertificateFile "/etc/httpd/conf/ssl.crt/ca-bundle.crt" +SSLCACertificateFile "/etc/certs/wpl-ca.pem" # Certificate Revocation Lists (CRL): # Set the CA revocation path where to find CA CRLs for client
Then /etc/httpd/conf/extra/httpd-vhosts.conf:
--- httpd-vhosts.conf.orig 2011-08-29 20:27:26.179505818 +0200 +++ httpd-vhosts.conf 2011-08-29 20:52:26.646105793 +0200 @@ -19,27 +19,28 @@ NameVirtualHost *:80 # -# VirtualHost example: -# Almost any Apache directive may go into a VirtualHost container. -# The first VirtualHost section is used for all requests that do not -# match a ServerName or ServerAlias in any <VirtualHost> block. +# default server www.wpl.uk # -<VirtualHost *:80> - ServerAdmin webmaster@dummy-host.example.com - DocumentRoot "/etc/httpd/docs/dummy-host.example.com" - ServerName dummy-host.example.com - ServerAlias www.dummy-host.example.com - ErrorLog "/var/log/httpd/dummy-host.example.com-error_log" - CustomLog "/var/log/httpd/dummy-host.example.com-access_log" common +<VirtualHost [2001:1af8:fecf:7ea2::200]:80 0.0.0.0:80> + ServerAdmin webmaster@wpl.uk + DocumentRoot /srv/http/www + ServerName www.wpl.uk + CustomLog /var/log/httpd/access_log combined </VirtualHost> -<VirtualHost *:80> - ServerAdmin webmaster@dummy-host2.example.com - DocumentRoot "/etc/httpd/docs/dummy-host2.example.com" - ServerName dummy-host2.example.com - ErrorLog "/var/log/httpd/dummy-host2.example.com-error_log" - CustomLog "/var/log/httpd/dummy-host2.example.com-access_log" common +# server2.wpl.uk +# +<VirtualHost [2001:1af8:fecf:7ea2::201]:80 0.0.0.0:80> + ServerAdmin webmaster@wpl.uk + DocumentRoot /srv/http/server2 + ServerName server2.wpl.uk + ErrorLog /var/log/httpd/server2_error_log + CustomLog /var/log/httpd/server2_access_log combined + <Directory /srv/http/server2> + DirectoryIndex index.html index.shtml index.php + Options +Includes + AddType text/html shtml + AddHandler server-parsed shtml + </Directory> </VirtualHost>
Each virtual server listens on IPv4 on the wildcard address, but on IPv6 it has it’s own address. You need to add these addresses to /etc/rc.conf and to the name server on the Home Server.
Now make some changes to /etc/php.ini if you need it:
--- php.ini.orig 2011-08-29 20:52:58.209431143 +0200 +++ php.ini 2011-08-29 21:00:29.806109532 +0200 @@ -635,7 +635,7 @@ ; Example: ;error_log = php_errors.log ; Log errors to syslog (Event Log on NT, not valid in Windows 95). -;error_log = syslog +error_log = syslog ;;;;;;;;;;;;;;;;; ; Data Handling ; @@ -725,7 +725,7 @@ ; Maximum size of POST data that PHP will accept. ; http://php.net/post-max-size -post_max_size = 8M +post_max_size = 32M ; Magic quotes are a preprocessing feature of PHP where PHP will attempt to ; escape any character sequences in GET, POST, COOKIE and ENV data which might @@ -876,7 +876,7 @@ ; Maximum allowed size for uploaded files. ; http://php.net/upload-max-filesize -upload_max_filesize = 2M +upload_max_filesize = 32M ; Maximum number of files that can be uploaded via a single request max_file_uploads = 20 @@ -938,49 +938,49 @@ ; If you only provide the name of the extension, PHP will look for it in its ; default extension directory. ; -;extension=bcmath.so -;extension=bz2.so -;extension=calendar.so +extension=bcmath.so +extension=bz2.so +extension=calendar.so ;extension=curl.so -;extension=dba.so +extension=dba.so ;extension=enchant.so -;extension=exif.so -;extension=ftp.so -;extension=gd.so +extension=exif.so +extension=ftp.so +extension=gd.so extension=gettext.so ;extension=gmp.so -;extension=iconv.so -;extension=imap.so +extension=iconv.so +extension=imap.so ;extension=intl.so -;extension=json.so +extension=json.so ;extension=ldap.so -;extension=mcrypt.so +extension=mcrypt.so ;extension=mssql.so -;extension=mysqli.so -;extension=mysql.so +extension=mysqli.so +extension=mysql.so ;extension=odbc.so ;extension=openssl.so -;extension=pdo_mysql.so +extension=pdo_mysql.so ;extension=pdo_odbc.so ;extension=pdo_pgsql.so ;extension=pdo_sqlite.so ;extension=pgsql.so -;extension=phar.so -;extension=posix.so +extension=phar.so +extension=posix.so ;extension=pspell.so ;extension=shmop.so ;extension=snmp.so -;extension=soap.so -;extension=sockets.so +extension=soap.so +extension=sockets.so ;extension=sqlite3.so -;extension=sqlite.so -;extension=sysvmsg.so -;extension=sysvsem.so -;extension=sysvshm.so +extension=sqlite.so +extension=sysvmsg.so +extension=sysvsem.so +extension=sysvshm.so ;extension=tidy.so -;extension=xmlrpc.so +extension=xmlrpc.so ;extension=xsl.so -;extension=zip.so +extension=zip.so ;;;;;;;;;;;;;;;;;;; ; Module Settings ; @@ -989,7 +989,7 @@ [Date] ; Defines the default timezone used by the date functions ; http://php.net/date.timezone -;date.timezone = +date.timezone = Europe/Amsterdam ; http://php.net/date.default-latitude ;date.default_latitude = 31.7667 @@ -1077,9 +1077,9 @@ [mail function] ; For Win32 only. ; http://php.net/smtp -SMTP = localhost +;SMTP = localhost ; http://php.net/smtp-port -smtp_port = 25 +;smtp_port = 25 ; For Win32 only. ; http://php.net/sendmail-from @@ -1087,7 +1087,7 @@ ; For Unix only. You may supply arguments as well (default: "sendmail -t -i"). ; http://php.net/sendmail-path -;sendmail_path = +sendmail_path = /usr/sbin/sendmail ; Force the addition of the specified parameters to be passed as extra parameters ; to the sendmail binary. These parameters will always replace the value of
Install some web content and start the server with /etc/rc.d/httpd start. Add httpd to /etc/rc.conf.
Download.
All configuration files are available in the following download:
