Install and configure APACHE + MYSQL + PHP + mod_limitipco on Openbsd 3.8

Time:2019-8-12

This article aims to build the server environment with the software installation package provided by OPENBSD itself. Of course, you can download the original code package to compile and install, but this is time-consuming and laborious. In fact, OPENBSD provides us with a large number of compiled binary installation packages. With these binary installation packages, we can quickly deploy the server environment we need. It not only saves time, but also guarantees the security of OPENBSD. It can also automatically solve the problem of package dependence among different installation packages (install far with pkg_add). Package dependency on the process server automatically handles packages that do not require intervention, which is a bit like installing through PORT. The following document is formed on the basis of an E document, which can not be found.

Address for setting up network installation server:

# export PKG_PATH=ftp://ftp.openbsd.org/pub/OpenBSD/3.8/packages/i386/

1. Configure APACHE server:

Because APACHE is the default installation of the system, the installation process is omitted. The following configuration of APACHE allows you to boot and run HTTP because the HTTPD service startup settings are already available in the / ETC / RC script.

# vi /etc/rc.conf
Change:
httpd_flags=NO
For:
httpd_flags=””

Make a preliminary setup for Apache
# vi /var/www/conf/httpd.conf

ExtendedStatus On
ServerAdmin [email protected]
ServerName llzqq.3322.org
ServerTokens Prod
ServerSignature Off
Change Options Indexes FollowSymLinks to Options FollowSymLinks

2. Install mysql-server-4.0.24p1:

# pkg_add -v mysql-server-4.0.24p1.tgz
# cp /usr/local/share/mysql/my-medium.cnf /etc/my.cnf

If you don’t want other machines to connect to MYSQL, you can do the following:

# vi /etc/my.cnf

bind-address = 127.0.0.1

Start the MYSQL-SERVER server:

# /usr/local/bin/mysqld_safe &

Set the MYSQL password for ROOT:

# /usr/local/bin/mysqladmin -u root password mypass
For MySQL under chroot:
  #mkdir /var/www/var
# chmod-R 1777 (or 777)/var/www/var
  #vi /etc/my.conf
The / var / www / var / run directory will be generated after MySQL starts, and Chmod – R 777 / var / www / var / run is also required.
Self-Establishment/var/www/var/run
[client]
socket = /var/www/var/run/mysql/mysql.sock

[mysqld]
socket = /var/www/var/run/mysql/mysql.sock
open-files-limit = 8192
open-files = 1000
 
The following scripts are created to facilitate starting and closing MYSQL services:

# vi /etc/rc.d/mysqld.sh
========================================================
#!/bin/sh
# made by llzqq
# mail:[email protected]
# mysql startup scripts
case “$1” in
start)
if [ -x /usr/local/bin/mysqld_safe ]; then
/usr/local/bin/mysqld_safe &
fi
;;
stop)
pkill mysqld &
rm -f /var/run/mysql/mysql.sock &

;;
*)
echo “$0 start | stop”
;;
esac
exit 0
========================================================

# chmod 555 /etc/rc.d/mysqld.sh

Set up boot start MYSQL

# vi /etc/rc.local

if [ -f /etc/my.cnf ]; then
       /etc/rc.d/mysqld.sh start
fi

3. Install and configure PHP-4.4.1

# pkg_add -v php4-core-4.4.1p0.tgz

Run the following command to take effect
# cp /usr/local/share/examples/php4/php.ini-recommended /var/www/conf/php.ini
# /usr/local/sbin/phpxs -s

Because APACHE on OPENBSD adopts CHROOT mechanism, the following directory PHP working directory should be built to ensure the normal operation of PHP:

# mkdir /var/www/tmp
# chmod 1777 /var/www/tmp

Next, choose to install several PHP components:

# pkg_add -v php4-gd-4.4.1p0-no_x11.tgz
# /usr/local/sbin/phpxs -a gd

# pkg_add -v php4-mysql-4.4.1p0.tgz
# /usr/local/sbin/phpxs -a mysql

# pkg_add -v php4-ncurses-4.4.1p0.tgz
# /usr/local/sbin/phpxs -a ncurses

# pkg_add -v php4-imap-4.4.1p0.tgz
# /usr/local/sbin/phpxs -a imap

# pkg_add -v php4-curl-4.4.1p0.tgz
# /usr/local/sbin/phpxs -a curl

# pkg_add -v php4-dbx-4.4.1p0.tgz
# /usr/local/sbin/phpxs -a dbx

# pkg_add -v php4-ldap-4.4.1p0.tgz
# /usr/local/sbin/phpxs -a ldap

# pkg_add -v php4-pdf-4.4.1p0.tgz
# /usr/local/sbin/phpxs -a pdf

# pkg_add -v php4-snmp-4.4.1p0.tgz
# /usr/local/sbin/phpxs -a snmp

Set Apache to support PHP:

# vi /var/www/conf/httpd.conf

DirectoryIndex index.html index.php
AddType application/x-httpd-php .php
AddType application/x-httpd-php-source .phps

# vi /var/www/conf/php.ini

doc_root= “/htdocs”
register_globals = On

Establishing a test PHP page

# vi /var/www/htdocs/test.php

<?php phpinfo(); ?>

Test it:

# pkill httpd
# /usr/sbin/httpd

Enter http://IP/test.php into the browser to experiment.

4. Install mod_limitipconn module to limit the number of concurrent connections for single IP

# wget http://dominia.org/djao/limit/mod_limitipconn-0.04.tar.gz
# tar xzf mod_limitipconn-0.04.tar.gz
# cd mod_limitipconn-0.04
# vi Makefile

APXS = /usr/sbin/apxs

# make
# make install

Let APACHE support this module:
# vi /var/www/conf/httpd.conf

<IfModule mod_limitipconn.c>
<Location />
MaxConnPerIP 5
</Location>
</IfModule>

At the end of the whole installation process.

Annex:

We configure APACHE for APACHE to support SSL transport:

# vi /var/www/conf/httpd.conf
Add the following two lines:
SSLCertificateFile    /etc/ssl/server.crt
SSLCertificateKeyFile /etc/ssl/private/server.key

To enable SSL at APACHE startup, set APACHE startup options:

# vi /etc/rc.conf.local
Change:
httpd_flags=””                  # or it could have httpd_flags=NO
For:
httpd_flags=”-DSSL                 # or it could have httpd_flags=NO

Manually start and close APACHE to do so:

# apachectl startssl
# apachectl stop

The following is the process of setting up APACHE + SSL:

1. Create server KEY file (1024 bit):

# /usr/sbin/openssl genrsa -out /etc/ssl/private/server.key 1024 

2. Create server CSR file (certificate signing request)

# /usr/sbin/openssl req -new -key /etc/ssl/private/server.key -out /etc/ssl/private/server.csr 

Fill in some registration information here.

3. Generate signature certificate (365 days valid certificate):

# /usr/sbin/openssl x509 -req -days 365 -in /etc/ssl/private/server.csr -signkey /etc/ssl/private/server.key -out     /etc/ssl/server.crt

4. Virtual host part:

NameVirtualHost 192.168.10.1:*

<VirtualHost 192.168.10.1:443>
    ServerAdmin [email protected]
    DocumentRoot /var/www/llzqq
    ServerName llzqq.home.com
    ErrorLog logs/llzqq.home.com-error_log
    CustomLog logs/llzqq.home.com-access_log common
    SSLEngine on
    SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
    SSLCertificateFile /etc/ssl/virtualsite.com.crt
    SSLCertificateKeyFile /etc/ssl/private/server.key

</VirtualHost>

<VirtualHost 192.168.10.1:80>
    ServerAdmin [email protected]
    DocumentRoot /var/www/llzgg
    ServerName llzgg.home.com
    ErrorLog logs/llzgg.home.com-error_log
    CustomLog logs/llzgg.home.com-access_log common

</VirtualHost>

Other parts to be continued (now no PC installed OPENBSD, some information is not easy to collate)
 

Recommended Today

Write the correct posture of chameleon cross-end components (Part I)

In the chameleon project, there are two ways to implement a cross-end component: using third-party component encapsulation and unified implementation based on chameleon grammar. This article is the first in a series of articles on the correct posture of chameleon cross-end components. Taking encapsulating a cross-end indexList component as an example, it first introduces how […]