Some man for build web-server, please?

Lobster

Lobster

Can somone give advice haw to bulid with FreeBSD 7,1 - web server for 2 web seits with DNS, Apache, Nginx, Mysql, Php, CGI, FTP (and maybe Webmin if it make it easy)?

Is where any man ore instruction for this server o for services, un russin, spanis or inglish?

I want to move from VPS to Colacation...

________________

Sabe alguien algun manual de como construir con FreeBSD 7.1 un web-servedor para dos o mas sitios web, con DNS, Apache, Nginx, Mysql, Php, CGI, FTP (o tal vez Webmin si eso afloja la cosita)?

Existe alguna instruccion de como se hace todo eso o tal vez en partes, y que sea en ruso, espanol o ingles?

Quiero mudarme de VPS a Colocation... Ellos siempre me dicen que como tengo acceso root por ssh yo puedo hacerlo todo solo. Pero constantemente VPS muere y sin que yo haga algo, creo que lo estan sobrecargando otros webs en el mismo servedor...
 
SirDice said:
DNS (bind) is in the base OS, apache, php and mysql are easily installed using ports or packages. It isn't rocket science..

You might want to have a look at the handbook (it's also available in other languages):
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/network-servers.html
Click to expand...

No, this server is not for rocket research :e:e:e


I just cant find one manual with all this discribed, with some pracrtik and security isueses describd for collacation!
 
Lobster said:
I just cant find one manual with all this discribed, with some pracrtik and security isueses describd for collacation!
Click to expand...

you probably won't find a complete manual for this as you spanning a vast area of software. Most of these softwares aren't interconnected and I would suggest finding separate manuals/tutorials for them. One for DNS, one for Mysql, one for webserver(apache, php, cgi), one for ftp and one for keeping the OS secure.

For MySQL I strongly recommend the manual by MySQL, apache et. al. both the manual at PHP.net and apache.org cover quite some well documented material and of course the FreeBSD handbook for the OS.

But the most important thing I think if you are going to move to a co-location service that you maintain yourself, is the knowledge of all these softwares by them self and not rely on any tutorial. So my main recommendation is to hunker down an just start with one service, read the manuals and when finished take on the next one.
 
Here You Go... this is most of it

This fast and dirty setup:

this is the server build-->>

Installation...

Select United States
Select Standard
A message about fdisk partitioning
Use arrow keys to delete all current partitions:
D deletes current partition
A uses entire partition
Q when you're done
Boot Manager Select Boot Mgr
A message about fdisk partitioning
Create disk partitions:
Type C to create a new partition. Create custom partitions, create the partitions in this order:
Part Mount Size Newfs Part
ad0s1a swap 32GB SWAP Y
ad0s1b / (Rest Of Disk) UFS2 Y

Type Q to finish


Select Distribution Choose All
Ports Collection, Yes
Scroll up, select Exit
Installer Source Select CD/DVD
Last Chance
Congratulations
OK

Configuration......

Configure any ethernet, Yes
Select Your Network Card
Try IPV6? No
Try DHCP? No
Network Info:
Host: [servername] If you want your server to be "foo.example.com", enter "foo" here
Domain: example.com
IPv4 Gateway: Your Router IP Address
Name Server: Your ISP DNS
IPv4 Address: IP Address for the server
Netmask: Your ISP Subnet Mask
Extra: Leave Blank
Bring Up Interface, Yes
Function as a network gateway? No
Inetd and network services that it provides? No
Enable SSH? Yes
Anonymous FTP? No
NFS server? No
NFS client? No
Customize system console settings? Yes
I just select SAVER and select a really retro screen saver...like snake...
Set this machine's timezones now? Yes
Linux binary compatibility? Yes
Does this system have a PS/2, serial, or bus mouse? No
FreeBSD Package Collection - Browse the collection now? No
Add any initial user accounts? No
Set Root's Password
general configuration menu, No
Use the right arrow to select [Exit Install]
Are you sure you want to exit? yes
Remove the CD before system reboots all the way up


Installation Note:
For Servers with more than 2TB Drives and RAID
Create RAID Virtual Disk to no more than 2TB (2000GB) disk for all drives.
Once you have all VD created, install FreeBSD as normal with the following exception:
For samba servers:
16GB swap file
16GB /
Remainder of first VD should be /home
When the system comes back up
df -h
You should see the partitions you created during installation
Now install Midnight Commander
After the system comes back up do the following

sysinstall
Select Configure
Select fdisk
Choose another Virtual 2TB Disk
Use the entire VD
Quit
Scroll up in the configure menu and select Label
The VD you just used should be ready to partion
Create you partions i.e. /files
Now hit the W key so it can create the partition(s)
Write down the name of each partions and the mount pount
Once you have all the Disks and partions you want exit sysinstall
Now launch MC and edit /etc/fstab
Add all the partitions in this file and save it
shutdown -r now
When the system comes back up
df -h
All your partions should now be active and useable.


Now the following need to installed.

From the console:


Midnight Commandar...
cd /usr/ports/misc/mc/
make install clean
Options window opens, accept defaults
shutdown -r now
# at the prompts
mc
exit


Portsnap...
Update the ports
portsnap fetch extract
portsnap fetch update


Unzip...
cd /usr/ports/archivers/unzip
make install clean


Securing SSH Daemond...
cd /etc/ssh/sshd_config
Modify:
Port 63 (Change from default port 22 to protect from attacks)
Protocol 2
PermitRootLogin no
PermitEmptyPasswords no
MaxAuthTries 3
AllowUsers webmaster (user you decide to ssh in)

restart ssh
/etc/rc.d/sshd restart
or
/etc/rc.d/sshd stop
/etc/rc.d/sshd start

to connect now
ssh -p (port#) webmaster@xx.xx.xx.xx
or
ssh -l -p (port#) webmaster xx.xx.xx.xx

rsync...
_________________________________
Terminal Access
ssh -l -p (port#) (user) (IP Address)
(user Password)
su
(Root Password)
_________________________________
cd /usr/ports/net/rsync
make install clean

shutdown -r now

Example Connection and Copy:
rsync -avz -e ssh remoteuser@remotehost:/remote/dir /this/dir/

Commands are:
--delete delete files that don't exist on sender (system)
-v Verbose (try -vv for more detailed information)
-e specify the ssh as remote shell
-a archive mode
-r recurse into directories
-z compress file data
 
Web Server part of the build -->>

Mysql 5.0...
_________________________________
Terminal Access
ssh -l -p 63 (user) (IP Address)
(user Password)
su
(Root Password)
_________________________________
cd /usr/ports/databases/mysql51-server/
make install clean
/usr/local/bin/mysql_install_db
chown -R mysql /var/db/mysql/
chgrp -R mysql /var/db/mysql/
/usr/local/bin/mysqld_safe &
/usr/local/bin/mysqladmin -u root password (Your New Password Here) /usr/local/bin/mysqladmin -u root -h (Server Name i.e. webserver.domain.com) password (Your New Password Here)
echo 'mysql_enable="YES"' >> /etc/rc.conf
echo '[mysqld]' >> /etc/my.cnf

Now go to /etc/my.cnf in MC
add the following line:
max_connections = 250
table_cache=750
query_cache_size=16M
thread_cache_size=180
query_cache_limit=1M
query_cache_size=48M
query_cache_type=1
tmp_table_size=128M
max_user_connections=15
net_retry_count=10
open_files_limit=10000

shutdown -r now
# at the prompt
mysql -u root -p
enter password
GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' IDENTIFIED BY 'password' WITH GRANT OPTION;
GRANT ALL PRIVILEGES ON *.* TO 'webmaster'@'%' IDENTIFIED BY 'password' WITH GRANT OPTION;
exit;

MySQL Installed!


Apache 2.0...
_________________________________
Terminal Access
ssh -l -p (port#) (user) (IP Address)
(user Password)
su
(Root Password)
_________________________________
cd /usr/ports/www/apache22
make install clean
echo 'apache22_enable="YES"' >> /etc/rc.conf
mkdir /usr/local/www/apache22/sites
mkdir /usr/local/www/apache22/sites/(Servers main dir i.e. /"domain")
mkdir /usr/local/www/apache22/logs
cp /usr/local/www/apache22/data/index.html /usr/local/www/apache22/sites/(Servers main dir i.e. /"domain")
Edit in MC /usr/local/etc/apache22/httpd.conf
DocumentRoot "/usr/local/www/apache22/sites"

AllowOverride AuthConfig

Next do a search for "DirectoryIndex"
Insert before index.php as the first option.

AddType application/x-httpd-php .php
AddType application/x-httpd-php-source .phps

Change ErrorLog /var/log/httpd-error.log >> ErrorLog
/usr/local/www/apache22/logs/httpd-error.log
Change CustomLog /var/log/httpd-access.log combined >> CustomLog
/usr/local/www/apache22/logs/httpd-access.log combined

now configure http-default.conf

Timeout 30
MaxKeepAliveRequest 500
KeepAliveTimaeout 30
ServerTokens Prod
ServerSignature Off


if you are going to handle virtual hosting uncomment the next line to look just like this:

#Virtual host
For the virtual host you need to create a directory for them
In MC create 2 directories:
mkdir /usr/local/www/apache22/sites/(Servers main dir i.e. /"domain")/sitename/
mkdir /usr/local/www/apache22/sites/(Servers main dir i.e. /"domain")/sitename/logs

Include etc/apache22/extra/httpd-vhosts.conf
There other options you may want to configure at a later date but this will get it up and running.
Remove the second VirtualHost entry
Modify the first entry as follows (this is just an example):
< VirtualHost *:80 >
ServerAdmin webmaster@domain.com
DocumentRoot /usr/local/www/apache22/sites/"domain"
ServerName domain.com
ServerAlias domain.com http://www.domain.com
ErrorLog "| /usr/local/www/apache22/sites/rotatelogs /usr/local/www/apache22/sites/(Servers main dir i.e. /"domain")/sitename/logs/error_log 86400"
CustomLog "| /usr/local/www/apache22/sites/rotatelogs /usr/local/www/apache22/sites/(Servers main dir i.e. /"domain")/sitename/logs/logs/access_log 86400"
#ErrorLog /var/log/dummy-host.example.com-error_log
#CustomLog /var/log/dummy-host.example.com-access_log common
< /VirtualHost >
Now save the file and MC into /usr/local/etc/apache22/extra/httpd-vhost.conf
at the prompt type
apachectl stop
apachectl start
Apache Installed!


PHP5...
_________________________________
Terminal Access
ssh -l -p (port#) (user) (IP Address)
(user Password)
su
(Root Password)
_________________________________
cd /usr/ports/lang/php5/
make install clean
Options, select all the defaults except make sure Apache is selected,
cd /usr/ports/lang/php5-extensions
make config
make sure that MySQL , SOAP, OpenSSL and GD Library are checked
make install clean

Configure Apache to run PHP5
Edit in MC /usr/local/etc/apache22/httpd.conf

If it is not already there add the following at the end of the "LoadModule" section
LoadModule php5_module libexec/apache22/libphp5.so

cp /usr/local/etc/php.ini-dist /usr/local/etc/php.ini
Edit in MC /usr/local/etc/php.ini
In Resource Limits
memory_limit = 8M
change to
memory_limit = 48M
************************************************************
Do not use this if you can help it.
It is better to build you PHP web apps with registered_globals = Off
************************************************************
Turn on Registered Globals so as to pass variables
Edit in MC /usr/local/etc/php.ini
register_globals = On
save the file
************************************************************

echo "< ? phpinfo(); ? >" >> /usr/local/www/apache22/sites/(Servers main dir i.e. /"domain")/phpinfo.php

shutdown -r now

when the server comes back up http://www.(IP Address or example.com)/phpinfo.php if you see several pages of PHP information PHP is correctly installed.
PHP5 Installed!
 
Continued -->>
OpenSSL...
_________________________________
Terminal Access
ssh -l -p (port#) (user) (IP Address)
(user Password)
su
(Root Password)
_________________________________
cd /usr/ports/security/openssl
make install clean
shutdown -r now
For All Customers

mkdir /usr/local/etc/ssl.crt
cd /usr/local/etc/ssl.crt
openssl genrsa -out servername.domain.com.key 1024
openssl req -new -key servername.domain.com.key -out customerdomain.csr
Country Name: US
State: State (No Abreviations)
Locality: City
Organization Name: Company Name
Organization Unit: i.e. > Hosting
Common Name: shop.domain.com
Email Address: webmaster@domain.com
No Challenge Password and No Optional Company Name
openssl req -noout -text -in customerdomain.csr

Now go to DirectNic or whom ever and order the SSL Certificate.
Choose Apache + OpenSSL
Open up your /usr/local/etc/ssl.crt/customerdomain.csr in MC
Copy the cert info out of it and paste it into the SSL application

When you receive the email:
cd /usr/local/etc/ssl.crt
echo '' >> customerdomain.crt
echo '' >> ca-bundle.crt
In MC open customerdomain.crt and copy you ssl cert that was email to you and save Open ca-bundle.crt and copy the ca-bundle.crt information sent to you.

Edit in MC /usr/local/etc/apache22/httpd.conf
Uncomment the following line:
Include etc/apache22/extra/httpd-ssl.conf

Edit in MC /usr/local/etc/apache22/extra/httpd-ssl.conf
under < VirtualHost _default_:443 >
Enter the correct information about Document root and ServerAlias like you did in httpd-vhost.conf file
Modify:
SSLCertificateFile /usr/local/etc/ssl.crt/customerdomain.crt
SSLCertificateKeyFile /usr/local/etc/ssl.crt/customerdomain.key
SSLCACertificateFile /usr/local/etc/ssl.crt/ca-bundle.crt

at the prompt type
apachectl stop
apachectl start
OpenSSL Installed



phpMyAdmin...
_________________________________
Terminal Access
ssh -l -p (port#) (user) (IP Address)
(user Password)
su
(Root Password)
_________________________________
mkdir /usr/local/etc/htpswd/
cd /usr/local/etc/htpswd
htpasswd -c phpMyAdmin (Type User Name Here)
New password: ******
Re-Type new password: ******
Adding password for user (User Name Here)
chmod 644 phpMyAdmin
*** To Add an Additional User ***
htpasswd -b phpMyAdmin (Type User Name Here) (Type Password Here)

Check to see if the file is there in /usr/local/etc/htpswd/
Now check to see if the user is in the file example:
root:KKfc9jFRgTP9I (this being an example password)

cd /usr/local/www/apache22/sites/(Servers main dir i.e. /"domain")/
fetch a copy of phpMyAdmin from http://www.phpmyadmin.net/home_page/downloads.php
tar zxvf phpMyAdmin.tar.gz
ls
rm phpMyAdmin.tar.gz
cd phpMyAdmin
edit in MC config.inc.php
$cfg['PmaAbsoluteUri'] = 'http://www.yourDomain.com/phpMyAdmin/';
$cfg['Servers'][$i]['user'] = 'root'; // MySql user
$cfg['Servers'][$i]['password'] = 'rootpasswd'; // MySql password
save the file.

edit in MC .htaccess
AuthType Basic
AuthName "MySql Server Restricted Access"
AuthUserFile /usr/local/etc/htpswd/phpMyAdmin
Require valid-user
satisfy any
Save this file
shutdown -r now

phpMyAdmin is running!
when the server comes back up http://www.(IP Address or example.com)/phpMyAdmin/



Telnet (ONLY IF ABSOLUTLY HAVE TO HAVE IT!!!!!!!!!!)
_________________________________
Terminal Access
ssh -l -p (port#) (user) (IP Address)
(user Password)
su
(Root Password)
_________________________________
echo 'inetd_enable="YES"' >> /etc/rc.conf
edit in MC /etc/inetd.conf
un-comment the following lines
telnet stream tcp nowait root /usr/libexec/telnetd telnetd
save the file

shutdown -r now
Telnet Server is running!



Pure-FTPD Server...
_________________________________
Terminal Access
ssh -l -p (port#) (user) (IP Address)
(user Password)
su
(Root Password)
_________________________________
cd /usr/ports/ftp/pure-ftpd
make config
select mysql, privsep, peruser limits, throttling, banner, sendfile
make install clean
echo 'pureftpd_enable="YES"' >> /etc/rc.conf
cd /usr/local/www/apache22/sites/(Servers main dir i.e. /"domain")/
fetch PureFTP from http://www.pureftpd.org/project/pure-ftpd/download
tar zxvf ftp.tar.gz
rm ftp.tar.gz
cd ftp
chown www config.php
shutdown -r now

Now go to http://www.yourdomain.com/ftp/install.php
Follow the procedures in the install script:
you want New Installation, Create new Database.
Next it needs to be localhost | root | mysql root user password
Then Connect to the database.
Next just accept the defaults.
On the configuration page only change FTP Adress with your domain ie http://www.yourdomain.com, no http://
Next Change the Administrators password and then add Admin users if you would like.

No go back to terminal
cd /usr/local/etc
cp pure-ftpd.conf.sample pure-ftpd.conf
cp pureftpd-mysql.conf.sample pureftpd-mysql.conf
Edit in MC /usr/local/etc/pure-ftpd.conf
Uncomment and Change the following lines:
MySQLConfigFile /etc/pureftpd-mysql.conf to /usr/local/etc/pureftpd-mysql.conf
Save File and exit

edit in MC /usr/local/etc/pureftpd-mysql.conf
Uncomment and Change the following lines:
MYSQLServer 127.0.0.1
MYSQLUser ftp
MYSQLPassword tmppasswd
MYSQLDatabase ftpusers
MYSQLCrypt md5
MYSQLGetPW SELECT Password FROM users WHERE User="\L" AND Status="1" AND (Ipaddress = "*" OR Ipaddress LIKE "\R")
MYSQLGetUID SELECT Uid FROM users WHERE User="\L" AND Status="1" AND (Ipaddress = "*" OR Ipaddress LIKE "\R")
MYSQLGetGID SELECT Gid FROM users WHERE User="\L" AND Status="1" AND (Ipaddress = "*" OR Ipaddress LIKE "\R")
MYSQLGetDir SELECT Dir FROM users WHERE User="\L" AND Status="1" AND (Ipaddress = "*" OR Ipaddress LIKE "\R")
MySQLGetBandwidthUL SELECT ULBandwidth FROM users WHERE User="\L" AND Status="1" AND (Ipaddress = "*" OR Ipaddress LIKE "\R")
MySQLGetBandwidthDL SELECT DLBandwidth FROM users WHERE User="\L" AND Status="1" AND (Ipaddress = "*" OR Ipaddress LIKE "\R")
Save File and exit
shutdown -r now
FTP Server is running!
http://yourdomain/ftp/
Login


Webmaster User...
_________________________________
Terminal Access
ssh -l -p (port#) (user) (IP Address)
(user Password)
su
(Root Password)
_________________________________

adduser
Username: webmaster
Full name: Webmaster
Uid (leave empty for default):
Login group [webmaster]:
Login group is webmaster. Invite webmaster into other groups? []: wheel
Login class [default]:
Shell (sh csh tcsh zsh nologin) [sh]: zsh
Home directory [/home/webmaster]:
Use password-based authentication? [yes]:
Use an empty password? (yes/no) [no]:
Use an random password? (yes/no) [no]:
Enter password:
Enter password again:
Lock out the account after creation? [no]:

Username : webmaster
Password : *****
Full Name : Webmaster
Uid : 1002
Class :
Groups : webmaster wheel
Home : /usr/local/www/apache22/sites
Shell : /usr/local/bin/zsh
Locked : no
OK? (yes/no): yes
adduser: INFO: Successfully added (webmaster) to the user database.
Add another user? (yes/no): no
Goodbye!
cd /usr/local/www/apache22/
chown -R webmaster:webmaster sites
 
I think that is pretty accurate it is at least 95% there.

It took me a nit to dig it up off our samba server.

I hope that helps, I did this when I was learning and there was no one document I could find to set up a web server.

I have changed and added to it over the years so there may be a few discrepancies in it and for that I am sorry.

Good Luck
 
Just found this also

For your DNS Server this will get you very close to what you need:

BIND 9...
_________________________________
Terminal Access
ssh -l -p 63 (port#) (IP Address)
(user Password)
su
(Root Password)
_________________________________
Check your version:
cat /usr/ports/dns/bind94/Makefile | grep PORTVERSION

If you have 9 or better skip the next 2 lines for installation

cd /usr/ports/dns/bind94
make configure ; make clean

cp /etc/make.conf /etc/make.conf.old
echo "NO_BIND = YES" >> /etc/make.conf
rndc-confgen -a
cd /var/named/etc/namedb
cp named.conf named.conf.old
cat rndc.key >> named.conf

Edit in MC /var/named/etc/namedb/named.conf

Comment out with // at the begining of the line:
// listen-on { 127,0,0,1 };

Now remove /* at the beginning and */ at the end of the following:
forwarders { 192.168.0.2;192.168.0.3; };
These are what ever your ISP DNS IP
i.e. AT&T in Texas is 68.94.156.1 and 68.94.157.1

Now add you Zones:

zone "domain.com" {
type master;
file "master/domain.com";
allow-transfer { localhost; };
allow-update { key rndc-key };
};

if you ip range is 12.34.56.XX then
zone "56.34.12.in-addr.arpa" {
type master;
file "master/domain.com.rev";
allow-transfer { localhost; };
allow-update { key rndc-key };
};

hit F2 to save and F10 to exit and F10 again for command prompt

echo '' >> /var/named/etc/namedb/master/domain.com
echo '' >> /var/named/etc/namedb/master/domain.com.rev
cd /var/named/etc/namedb/master

Edit in MC domain.com

$TTL 3600
@ IN SOA dns1.domain.com. root.domain.com. (
1 10800 3600 604800 86400 )
@ IN NS dns1.domain.com.
IN MX 10 MAIL
IN A 12.34.56.XX ;IP address web server
www IN A 12.34.56.XX ;IP address web server
mail IN A 12.34.56.XX ;IP address MAIL server

hit F2 to save and F10 to exit

Edit in MC domain.com.rev

$TTL 3600
56.34.12.in-addr.arpa. IN SOA dns1.domain.com. root.domain.com. (
1 10800 3600 604800 86400 )
56.34.12.in-addr.arpa. IN NS dns1.domain.com.
78 IN PTR domain.com ;Last IP numbers web server
78 IN PTR http://www.domain.com ;Last IP numbers web server
79 IN PTR mail.domain.com ;Last IP numbers mail server

echo 'named_enable="YES"' >> /etc/rc.conf

hit F2 to save and F10 to exit and F10 again for command prompt

Now start the service

/etc/rc.d/named start
 
Wow, holy documentation dgnr8! Great stuff!

Also, I don't necessarily believe that FreeBSD should provide a manual page on how to set up a FAMP (FreeBSD, Apache, MySQL, PHP/Perl) stack. FreeBSD is an operating system. The devs and documenters work hard on the operating system. Installing Apache, et all is outside the scope of what they do.

Just be thankful there's a tidbit in the well put together handbook talking about it.

Now, since FreeBSD is an open system, you're more than welcome to contribute a man page that explains the process (I'm invisioning like a famp(8)). Though I suspect said man page could quickly get outdated as 3rd party software evolves.
 
Hmmmmm i fink section "Webmaster User..." must go befor "Securing SSH Daemond..."? No system user webmaster to login...
 
dgnr8, and are missing some settings to apache and the rest of programs
if i do 'make config' i must mark some settings no?...
 
You must log in or register to reply here.
Back
Top