Run Your Own Unix Web Server (part 2 of 3)
by Dave Tufts - February 17, 2006 / 4:57pm View more articles
Part 2 of 3 / Software
Earlier this week we installed FreeBSD. Now we'll install some software to host your own website(s).This document assumes:
- FreeBSD is already installed
- you have SSH access to the server
- you've create a system user named, 'web', running the csh shell
- your home directory is /home/web
- you have root access; root also runs csh
- your comfortable with commandline text edits using VI or VIM
Formatting Coventions & Notes
# Lines starting with '#' are comments.
# Just read them; Don't type them
This is a command that should be typed into the terminal
I recommend leaving FTP disabled (FreeBSD's default). FTP is not nearly secure as SFTP or SCP. Almost any modern FTP client is capable of SFTP and the SFTP daemon runs by default on FreeBSD.
You'll also notice that we're compiling all the software from source files, either by downloading the source (PHP, Apache, MySQL) or getting it via FreeBSD's ports system.
I prefer to compile my software on the server, as opposed to downloading a pre-compiled binary because:
- performance is optimized to your hardware
- you know exactly what options are turned on or off
- if something breaks, it's a learning experience
Let's go...
User Account Setup
Account Paths
Since we're compiling Apache and MySQL, we'll tell the shell where to look for those binaries. This allows you to execute short commands like 'apachectl', instead of '/usr/local/apache/bin/apachectl'.
# do the following as web AND as root
vi ~/.cshrc
# add the following after 'set path = ('
/usr/local/apache/bin /usr/local/mysql/bin
# As web, open ~/.cshrc and add the following:
set prompt="% "
Install A Web Browser And Python
# as root:
cd /usr/ports/ftp/wget
make install
cd /usr/ports/lang/python
make install
Now you can download source files like this: "wget http://server/path/file.tar.gz"
Download Source
Get the latest source for: For each application, download the *.tar.gz source file.
First, I'll make a /src directory in my home. Then I'll use the websites above to find the URL for the latest source file and download the tar.gz directly on the web server with wget:
wget http://us2.php.net/get/php-5.1.2.tar.gz/from/this/mirror
# as web:
mkdir ~/src ~/src/tars
cd ~/src
# download source
wget [mysql source]
wget [php source]
wget [apache source]
# uncompress source
tar xvfz mysql*
tar xvfz php*
tar xvfz httpd*
# move compressed source to ~/src/tars
# in case we need them later
mv *.gz tars
Now you're home directory should look like this:
/home/web
/src/
/httpd.../
/mysql.../
/php.../
/tars/
/httpd...tar.gz
/mysql...tar.gz
/php...tar.gz
MySQL
# as web:
cd ~/src/mysql*
./configure --prefix=/usr/local/mysql \
--without-debug \
--with-extra-charsets=none \
--enable-local-infile \
--enable-assembler
make
# become root
su
make install
./scripts/mysql_install_db
/usr/local/mysql/bin/mysqld_safe --user=root &
# Create the MySQL start up script
vi /usr/local/etc/rc.d/mysql.sh
# add the following to your new, blank file
echo -n "Starting MySQL Server";
/usr/local/mysql/bin/mysqld_safe --user=root &
# write/quit vi
chmod 700 /usr/local/etc/rc.d/mysql.sh
# exit out of root
Now load MySQL and setup the root password and the mysql account. You will still have to set up entries into the db table at a later time to allow access to databases for the mysql user.
Replace ROOT-PWD with a password that you want to use for MySQL's root user.
/usr/local/mysql/bin/mysql -u root
mysql> UPDATE mysql.user
SET password = PASSWORD('ROOT-PWD')
WHERE User='root';
mysql> UPDATE mysql.user
SET user = 'mysql'
WHERE User='';
mysql> FLUSH PRIVILEGES;
mysql> exit
Create a user options file for root. This file will contain root's mysql password so he can auto log in.su
vi ~/.my.cnf
Enter the following text into the .my.cnf file. Change "ROOT-PWD" to the password you used for MySQL's root user.
# Add the following
# Example mysql config file.
# You can copy this to one of:
# /usr/local/mysql/etc/my.cnf to set global options,
# mysql-data-dir/my.cnf to set server-specific options (in this
# installation this directory is /usr/local/mysql/var) or
# ~/.my.cnf to set user-specific options.
#
# One can use all long options that the program supports.
# Run the program with --help to get a list of available options
# This will be passed to all mysql clients
[client]
password = "ROOT-PWD"
#port = 3306
#socket = /tmp/mysql.sock
#
# Here is entries for some specific programs
# The following values assume you have at least 32M ram
#
# The MySQL server
[mysqld]
#port = 3306
#socket = /tmp/mysql.sock
#skip-locking
#set-variable = key_buffer=16M
#set-variable = max_allowed_packet=1M
#set-variable = thread_stack=128K
set-variable = max_connections=200
set-variable = ft_min_word_len=3
# Start logging
#log
#
#[mysqldump]
#quick
#set-variable = max_allowed_packet=16M
#
#[mysql]
#no-auto-rehash
#
[isamchk]
#set-variable = key_buffer=16M
set-variable = ft_min_word_len=3
[myisamchk]
set-variable = ft_min_word_len=3
[mysqld_safe]
time_zone = EDT
Chmod the filechmod 700 /root/.my.cnf
PHP DEPENDENCIES
# as root, run 'make install' in the following directories
cd /usr/ports/security/libmcrypt
make install
cd /usr/ports/security/mcrypt
make install
# make install in all the following:
cd /usr/ports/ftp/curl
cd /usr/ports/databases/freetds
cd /usr/ports/textproc/libxml2
cd /usr/ports/textproc/aspell
cd /usr/ports/textproc/libxdiff
APACHE 2.X / PHP 5.X
More PHP/Apache2 install info
Apache 2.x
Download apache - http://httpd.apache.org - and install with 'shared-object' (so) support
# as web:
cd ~/src/httpd-2*
./configure --prefix=/usr/local/apache \
--with-mpm=worker \
--enable-so \
--enable-cgi \
--enable-info \
--enable-rewrite \
--enable-speling \
--enable-usertrack \
--enable-deflate \
--enable-ssl \
--enable-mime-magic \
--enable-module=expires \
--enable-module=proxy
make
# as root:
make install
PHP 5.x# as web:
cd ~/src/php*
./configure --with-apxs2=/usr/local/apache/bin/apxs \
--with-mysql=/usr/local/mysql \
--enable-calendar \
--enable-trans-sid \
--with-curl=/usr/local \
--with-sybase=/usr/local/freetds \
--enable-ftp \
--with-mcrypt \
--with-pspell \
--with-xdiff
make
# For new installs, create blank references for the config owned by 'web'
# Become root
touch /usr/local/lib/php.ini
touch /usr/local/lib/php.ini.bak
chown web /usr/local/lib/php.ini*
# as root:
make install
# copy the config file
cp php.ini-dist /usr/local/lib/php.ini
chown web /usr/local/lib/php.ini*
Now PHP and Apache are installed. We still need to edit apache's config file to parse PHP.
Edit httpd.conf
vi /usr/local/apache/conf/httpd.conf
# look for "AddType"; add the following three lines
# PHP
AddType application/x-httpd-php .php
AddType application/x-httpd-php-source .phps
# Remove the default deny access configuration by
# searching for and
# commenting out "Deny from all"
Start Apacheapachectl start
# Create the Apache start up script
vi /usr/local/etc/rc.d/apache.sh
# add the following lines to your new, blank file
echo -n "Starting Apache Web Server";
/usr/local/apache/bin/apachectl start &
# write/quit vi
chmod 700 /usr/local/etc/rc.d/apache.sh
PEAR / PHP Modules
PEAR is a repository of helpful PHP classes. They can be installed with the command line tool, pear
# install stable classes
# by deault, pear installer deals with stable classes
# become root
su
pear install Mail_Mime
pear install PhpDocumentor
# install the BETA Excel Writer because it rocks.
pear remote-list
# if you don't see 'Spreadsheet_Excel_Writer', it's still beta
# set pear to beta mode
pear config-set preferred_state beta
pear remote-list
# now you should see Spreadsheet...
pear install OLE
pear install Spreadsheet_Excel_Writer
# change back to stable state
pear config-set preferred_state stable
# exit from root
exit
Ports
You'll need to be root to install these helpful system maintenance applications
# 'make install' for the following
cd /usr/ports/graphics/ImageMagick
cd /usr/ports/net/cvsup
cd /usr/ports/net/cvsup-without-gui
cd /usr/ports/sysutils/portupgrade
cd /usr/ports/net/rsync
Post Installation
Make directories, links, set permissions
# www directory
mkdir /home/www
ln -s /home/www /usr/local/
# make 'web' own some apache files
chown -R web /home/www
/usr/local/apache/cgi-bin
/usr/local/apache/conf/httpd.conf
# links for web's home dir
ln -s /usr/local/apache /home/web/apache
ln -s /home/www /home/web/www
Set up web and root's accounts to forward to you. Mail to the web server (nobody) should be deleted
# as root
vi /etc/mail/aliases
add the following lines:
root: user@example.com
web: user@example.com
As root, rebuild your mail aliases by typing
newaliases
What's Next
That'll do it for now. Go get some coffee. Open a window and breath some fresh air.
In part 3, we'll configure everything and get a website up and running.
ENJOY!
See Also
Run Your Own Unix Web Server (part 1 of 3) - FreeBSD Installation
Run Your Own Unix Web Server (part 2 of 3) - Software
Run Your Own Unix Web Server (part 3 of 3) - Configuration
Comments have been turned off on this blog.
Read something more recent.
Statements and opinions expressed in this blog and any comments
made are the private opinions of the respective poster, and, as
such, iMarc LLC is neither responsible nor liable for such
content.
Hiring: We’re hiring a
RSS
31 Comments
In the Apache 2.x section,
--enable-speling
Is that supposed to be speling or is it actually spelling?
That's high-brow humor from team Apache!
more time on hardining wouldn't hurt either...
> MySQL, Apache or PHP from ports?
The same reason that my car has an automatic transmission, but automatic climate control, wiper speed, and running headlights.
Tasks that support the system, but are not vital to its main purpose, are handled entirely by the system. On the web server, I use ports to install shells, security features, ftp clients, and languages. On the car, I let it handle how much heat is needed to keep a constant 68* or how fast the wipers should go to maintain visibility.
Tasks that are key to the system's primary purpose are handled by me. On the car, that means a manual transmission. On the server, I install the web apps from source.
It's not that important, though. Any customization that you do via a source install can probably be done via the ports. I just think certain things, like source installs or DJs scratching vinyl instead of CDs, should stay old school.
# as web:
cd ~/src/mysql* ./configure --prefix=/usr/local/mysql --without-debug --with-extra-charsets=none --enable-local-infile --enable-assembler
I am not immediately brought back to the command prompt until I hit ENTER a second time. Is this correct? Then when I enter 'make' I recieve a 'no target' error. Am I missing something? FreeBSD 6.1. Thx.
Those are two commands and should be on multiple lines:
(1)
cd ~/src/mysql*
(2)
./configure --prefix=/usr/local/mysql \
--without-debug \
--with-extra-charsets=none \
--enable-local-infile \
--enable-assembler
The \ character signifies a multi-line command. It would be the same as removing the "\" and putting all 5 lines on a single line.
As of today (16th July 2006) the stable ports are in -
/usr/ports/databases/mysql50-server/
/usr/ports/www/apache22/
/usr/ports/lang/php5/
Ensure your ports are up to date before building using portsnap. This is achieved as follows for freebsd 5.5 6.0 6.1 - ensure you are logged in as root for minimal fuss.
portsnap fetch
portsnap extract
portsnap update
You need build portsnap yourself from /usr/ports/sysutils/portsnap/ if you are using a pre 5.5 build. Just go there and do 'make clean install' - you will get a friendly message if you are running 5.5 6.0 or 6.1 telling you you don't need to build it.
Then for mysql, apache, and php use the following command in the directories given at the beginning of this post.
make clean install
If you get any config dialogs then respond as required - time to 'read the fine manual.'
by Joeindarain
on May 15, 2006 / 9:42am
-and-
by T J
on May 15, 2006 / 11:03pm
I understand the 2 commands and the use of \ for multiple lines...but even when I run these commands correctly, it still get the same error when I run "make".
Interesting (to me) that after running the ./configure command, I get a screen welcoming me to MySQL..."PLEASE REMEMBER TO...You can start the MySQL daemon...%Starting mysqld daemon with databases..."
Why is it starting if I haven't even run make or install yet?
I'm noob (obviously), so these questions may be obvious...so please don't kill me.
Thanks
thanks,
It's /usr/ports (not /etc/ports).
I couldn't find anything in this tutorial that references /etc/ports (which would be incorrect) it you spotted something, let me know.
you said that by this step one should have ssh support.
i can access the server from another computer with puttty using user account 'web' using keyboard-interaction authentication but i can't access the server with ssh secure shell.
i been looking around everywhere but can't find what is wrong.
Do you have any ideas?
here is the sshd_config file....
http://docs.google.com/View?docid=dc9w935b_0gcdg9v
Thanks for your time
What do mean about being able to access with putty but not ssh secure shell?
Do you want to set up a trust relation without login/password authentication?
I mean that I can login to my server from another computer with putty using ssh protocol. So i type in the ip address of my server and then the username and click connect. Putty connects fine. I just can't figure out what I am doing wrong with ssh. I try the same thing, but it never connects. It says 'Authenticaion faile. Most likey the password you supplied was incorrect. THe user name might also be wrong, or hte acoount might be disabled. Please check your password and try again .... '. So i know that my sshd daemons is starting up at boot time. If you have any tutorials on to get this working properly that would be great. I been googling for about 5 hours but can't seem to find my problem.
The username 'web' created in step 1 should be able to login to the server from a remote computer righ on the same lant, without tweaking too many things right?
I hope that clarifies things a bit.
I'm pretty sure that Putty uses SSH by default. So all the following should be possible:
- use putty, log in as web
- on another unix or linux server, you should be able to type: ssh web@[your-ip] - it will ask you the password and you can log in
- on the local server you should be able to type: ssh web@localhost
Do any of these NOT work? If it's a computer outside your network, your router or firewall may be blocking it.
But my problem is that I
I want to use the program SSH Secure Shell to login. And that is where I get the Authentication error mentioned before. I want to use the programs built in File Transfer Client. How can it be possible that I can connect with Putty and not SSH Secure Shell since both program do the same thing?
Anywho, I really appreciate your responses.
Rigo
Is it a Windows app? I'm guessing that it uses SSH1. I believe FreeBSD only uses SSH2 now (though you can change this in the sshd_config).
Why not just use Putty?
Almost there. I have arrived at the same problem that
Joeindarain
on May 15, 2006 / 9:42am
-and-
by T J
on May 15, 2006 / 11:03pm
-and-
by _J
on August 18, 2006 / 5:51pm
It seems that the mysql download for freebsd comes preconfigured so we can't really follow your steps for mysql? _J describes precisely what happens.
How can we resolve this so we can follow your steps?
Thanks
Don't download the pre-compiled MySQL binary. Download the source tar.gz. It's at the very bottom of the MySQL page:
http://dev.mysql.com/downloads/mysql/5.0.html#downloads
Currently, it's labeled "Compressed GNU TAR archive (tar.gz)"
Again, you want the SOURCE files for all these applications NOT FreeBSD-specific binaries.
'configure:error: Cannot find libmysqlclient_r under /usr/local/mysql.
Note that the MySQL client library is not bundled anymore!'
How do I go about fixing this?
Needed to add anothe --enable statement to configuration of mysql.
=>attempting to fetch from ftp://ftp.freebsd.org/pub/freebsd/ports/distfiles/.
fetch: ftp://ftp.freebsd.org/pub/freebsd/ports/distfiles/wget-1.10....
No address record
=>couldn't fetch it - please try to retrieve this
=>port manually into /usr/ports/distfiles/ and try again.
*** Error code 1
anyone got a solution for this problem???
cd ~/src/php*
./configure --with-apxs2=/usr/local/apache/bin/apxs \
--with-mysql=/usr/local/mysql \
--enable-calendar \
--enable-trans-sid \
--with-curl=/usr/local \
--with-sybase=/usr/local/freetds \
--enable-ftp \
--with-mcrypt \
--with-pspell \
--with-xdiff
make
--with-mysql=/usr/local/mysql
What would happen if I leave out this line and make the file?
"Note that the MySQL client library is not bundled anymore!"
What do I need to change when installing MySQL/PHP to avoid this?
Thanks for the exellent tutorial, it helped ginormously.