====== LAMP ======
LAMP is the acronym for Linux Apache Mysql Php.
For the "Linux" side of Lamp, it all depends on your hosting and your preferences. We advise beginners to take a Debian Stable distribution, which is robust, secure and not too complicated. Experts are also numerous to remain under this distribution for their servers!
A good part of this doc is based on [[http://doc.ubuntu-fr.org/lamp|the Ubuntu documentation concerning LAMP]].
Installing basic packages:
sudo apt-get install apache2 php5 mariadb-server libapache2-mod-php5 php5-mysql apache2-utils php5-gd php5-imagick
The installation of the mysql database will ask you to create a password for "root". Be sure to write it down!
You can ofcourse install Mysql instead of Mariadb, but we don't recommend it here at khagnat...
Go to the address of the server and admire the page: "It works" :) This means installed and running!!
===== Apache =====
Apache is basically functional from scratch, but there are some small useful tricks for a configuration similar to Khaganat.
==== Enable URL rewriting ====
For wiki farm or pastebin(among others), it is necessary to activate the rewriting of the URLs.
Run the command:
Sudo a2enmod rewrite
Then, edit ''/etc/apache2/apache2.conf'' and add at the end(if it is not already there):
RewriteEngine On
IfModule>
Then check that in the "/etc/apache2/sites-available/default" file, the "AllowOverride" option is set to "All" for the parts that are being rewritten by url (all "/var/www" to not complicate the task):
Options Indexes FollowSymLinks MultiViews
AllowOverride all
Order allow, deny
Allow from all
Do not forget to restart the Apache Web service:
/etc/init.d/apache2 restart
==== Editing urls to go to folders (alias) ====
With a basic configuration, Apache indicates that you must read the directory ''/var/www'' as the base directory of the site, each folder being added to the address. For example, if your "www" folder is organized as follows:
* Www
* File1
* Page1.html
To access ''page1'' through the web, it's necessary to put the following in the address bar(of the browser): ''www.mon_site.net/dossier1/page1.html''.
We can change this by making aliases in the file: ''/etc/apache2/sites-enable/000-default.conf'', like this:
Alias /adresse /var/www/dossier1
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
Allow from all
Change ''/address'' to whatever you want; If it's just the bar ''/'', then it will be the root of the site(as will be seen by typing ''www.mon_site.net/''). You can also point to addresses outside of ''/var/www''. For example: pointing to ''home/user/monsite'' allows you to work in a directory with basic user rights.
For a site accessible to all, these kind of alias options suffices.
==== Relaunch Apache ====
To restart the apache server:
Logged in as root
/etc/init.d/apache restart
==== Rights on www ====
There are several possibilities to allow our user "Lambda"((yes, our test user is called "Lambda".)) to modify what's in the folder /var/www.
The easiest and fastest way is to assign the rights of this folder to the www-data group, and then put lambda in that www-data group.
Sudo adduser lambda www-data
Chown -R www-data: www-data /var/www
Alternative method:
To add the lambda user to www-data, there is also the command:
Usermod -a -G www-data lambda
Both commands do the job!
Restart the session so that Apache can take the rights into account for the current user.
It's better to let the www-data group manage the rights, basically because otherwise it's an open bazaar. Adding the user "lambda" in this group makes it possible to modify everything without taking the lead.
From a security perspective, maybe www-data shouldn't have these kind of rights, but(at the same time) it requires it to be able to understand everything, otherwise Apache will just block everything.. so let's keep it simple!
If some cms causes problems, the following command sequence(on the folder in question) can reassign the rights to www-data and allow them to be resolved(Run these as root):
chgrp -R www-data "folder"
chown -R www-data "folder"
chmod -R g+w "folder"
''chgrp'' to reassign the owner group, ''chown'' to change the owner anyway(less important, in theory chgrp should already fix most of the worries), ''chmod'' to give the right permissions //write// on the folder, //add//, ''w'' for //write//, so //write//). The ''-R'' option allows recursion(so the change applies to subfolders).
==== Proxy ====
Some services are accessible via specific ports. This is what [[pad|Etherpad]] does for example: when installed, it is accessible at the address ''http://myserverur.com:9001''.
To be able to access it via the web address ''http://monserverur.com/pad'', you must use the proxy option in Apache.
Begin by activating the proxy modules:
A2enmod proxy proxy_http
Then add this information in ''/etc/apache2/sites-availables/000-default.conf'':
ProxyVia On
ProxyRequests Off
ProxyPass /pad/ http://localhost:9001/
ProxyPassReverse /pad/ http://localhost:9001/
ProxyPreserveHost on
Options FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
Restart the apache service
Service apache2 restart
Your etherpad should now be accessible at the right address!
===== Mysql =====
==== Phpmyadmin ====
=== Installation ===
Phpmyadmin is considered as a program with high potential security breaches.. and you would be better off without it. But at the same time, going without a database would be ideal...
In short, despite these considerations, phpmyadmin is a handy way to manage a database when you have little knowledge, because it helps you do the job well. So... we'll try to install it.
**OBS: MySQL Workbench would be a better solution, "all in all"!!**
Sudo apt-get install phpmyadmin
Select "apache" in the options, then for the database, let the process complete.
Please enter the password for the administrative account that will be used to create the MySQL database as well as the users.
Database administrator password:
This is the root password.
Choose the database password... and do not forget to pass it in a "secure way" to the other admins.
=== Web location ===
By default, phpmyadmin is accessible at ''site.net/phpmyadmin'', which helps a malicious user find the door. It can be modified via the file ''/etc/apache2/conf.d/phpmyadmin.conf'', You can change the default alias like this:
Alias/phpmyadmin/usr/share/phpmyadmin
For example:
Alias/ploufphpmyadmin/usr/share/phpmyadmin
The simple addition of the "plouf" in front should already avoid automatic attacks!
Relaunch Apache for this to take effect.
Having a login other than "root" would be as good. But can it be easily changed?
**OBS: It's pretty bad to use ROOT as the database login. A better way is to make a user and select the rights accordingly!!**
=== Importing a database ===
To import a database via phpmyadmin(for ex: forum backups ), you must create the database, associate it with a user who is the only one having access to the database, then lastly import the saved ".sql".
If the database is too large, there will be errors. One fix is to change /etc/php5/apache2/php.ini to increase the maximum size allowed. The phpmyadmin program makes error linking(so you can see what needs to be changed).
==== Various Mysql commands ====
Creating a user and a mysql database for the different services:
1) launch mysql
$ Mysql -u root -p
The password will be requested.
2) Create the database:
Mysql> create database MyDatabase;
3) Create a user and grant him access rights to the database without a password **but only locally**:
Mysql> GRANT ALL ON MyDatabase. * TO User @ localhost;
3.1) Do the same thing but with a password:
Mysql> GRANT ALL PRIVILEGES ON MyDatabase * TO User @ localhost IDENTIFIED BY 'Password';
4) Do not forget to update the database:
mysql> FLUSH PRIVILEGES;
{{tag>Server Web}}