1 |
cvsjoko |
1.2 |
$Id: howto-freevsd-prepare-vhost.txt,v 1.1.1.1 2002/02/11 01:22:17 cvsjoko Exp $ |
2 |
|
|
|
3 |
|
|
$Log: howto-freevsd-prepare-vhost.txt,v $ |
4 |
|
|
Revision 1.1.1.1 2002/02/11 01:22:17 cvsjoko |
5 |
|
|
first checkin' |
6 |
cvsjoko |
1.1 |
|
7 |
|
|
|
8 |
|
|
|
9 |
|
|
============================================================ |
10 |
|
|
part 1 - minimum config |
11 |
|
|
============================================================ |
12 |
|
|
|
13 |
|
|
- create vhost with "vsdtool-config.pl" |
14 |
|
|
|
15 |
|
|
- start vhost with "vsboot --start <vhost>" |
16 |
|
|
|
17 |
|
|
- modify accounts |
18 |
|
|
- bevs -r <vhost> |
19 |
|
|
- passwd admin |
20 |
|
|
- enter <admin_passwd> |
21 |
|
|
- useradd service |
22 |
|
|
- passwd service |
23 |
|
|
- enter <service_passwd> |
24 |
|
|
- create /home/service/.ssh as user "service" |
25 |
|
|
- useradd <user> |
26 |
|
|
- passwd <user> |
27 |
|
|
- enter <user_passwd> |
28 |
|
|
|
29 |
|
|
- modify authorization |
30 |
|
|
- cd /etc/pam.d/ |
31 |
|
|
- edit "sshd", comment out "auth required /lib/security/pam_vsd.so priv=login" |
32 |
|
|
- edit "ftp", comment out "auth required /lib/security/pam_vsd.so priv=ftp" |
33 |
|
|
- logout (CTRL + D) |
34 |
|
|
--> skel-patch-status: done!!! |
35 |
|
|
|
36 |
|
|
- test access to server |
37 |
|
|
- login as "admin" and "user" via ssh |
38 |
|
|
- login as "user" via ftp |
39 |
|
|
- point your browser to http://<vhost_ip> |
40 |
|
|
|
41 |
|
|
- restrict anonymous ftp-access |
42 |
|
|
- in "/etc/proftpd.conf" |
43 |
|
|
- comment out "UserAlias anonymous ftp" |
44 |
|
|
--> skel-patch-status: already in skel? |
45 |
|
|
|
46 |
|
|
- ready!? |
47 |
|
|
|
48 |
|
|
|
49 |
|
|
|
50 |
|
|
============================================================ |
51 |
|
|
part 2 - extended config / tuning / troubleshooting |
52 |
|
|
============================================================ |
53 |
|
|
|
54 |
|
|
- login to vhost |
55 |
|
|
- bevs -r <vhost> |
56 |
|
|
- watch running processes (ps -ax) |
57 |
|
|
- is all right? (apache, mysql, sshd) |
58 |
|
|
|
59 |
|
|
- make apache listen on port "80" and disable "vsdredirect"s |
60 |
|
|
- see http://www.fubra.com/vsdfaq/index.html#apache ;) |
61 |
|
|
- edit "/etc/rc" and comment out calls to "vsdredirect" |
62 |
|
|
- see http://www.fubra.com/vsdfaq/index.html#apache and do steps described there: |
63 |
|
|
--- snip --- |
64 |
|
|
(Q) Apache listens on port 8080. How can I get it to listen on port 80? |
65 |
|
|
(A) It is set to listen on 8080 because of the issue described in security.txt. Unless you really need it to listen on port 80, don't worry (vsdredirect should redirect all requests to 80 to 8080.) To get it to start on port 80, you need to modify `rc' and `rc.vsd', located in /usr/share/freevsd/skel-repo/etc. |
66 |
|
|
Add the following lines to rc, just before the `exit 0'. |
67 |
|
|
|
68 |
|
|
# Start Apache web server (as root) |
69 |
|
|
httpd_enable="YES" |
70 |
|
|
if [ "${httpd_enable}" = "YES" ]; then |
71 |
|
|
echo -n 'starting web server: ' |
72 |
|
|
if [ -x "/bin/httpd" ]; then httpd_path="/bin/httpd"; fi |
73 |
|
|
if [ -x "/usr/sbin/httpd" ]; then httpd_path="/usr/sbin/httpd"; fi |
74 |
|
|
if [ -x "/usr/libexec/httpd" ]; then httpd_path="/usr/libexec/httpd"; fi |
75 |
|
|
${httpd_path} -D SSL & |
76 |
|
|
echo 'httpd' |
77 |
|
|
fi |
78 |
|
|
|
79 |
|
|
Then comment out the following lines in rc.vsd: |
80 |
|
|
|
81 |
|
|
# Start Apache web server |
82 |
|
|
if [ "${httpd_enable}" = "YES" ]; then |
83 |
|
|
echo -n 'starting web server: ' |
84 |
|
|
if [ -x "/bin/httpd" ]; then httpd_path="/bin/httpd"; fi |
85 |
|
|
if [ -x "/usr/sbin/httpd" ]; then httpd_path="/usr/sbin/httpd"; fi |
86 |
|
|
if [ -x "/usr/libexec/httpd" ]; then httpd_path="/usr/libexec/httpd"; fi |
87 |
|
|
su - web -c "${httpd_path} -D SSL" & |
88 |
|
|
echo 'httpd' |
89 |
|
|
fi |
90 |
|
|
|
91 |
|
|
Once you have done that, delete your virtual servers, re-create the skel (using vsd-genskel.pl) and re-create your virtual servers |
92 |
|
|
NB: Please read the next question for more info on port 80 and 8080... |
93 |
|
|
|
94 |
|
|
- change /etc/httpd/conf/httpd.conf |
95 |
|
|
|
96 |
|
|
--- snip --- |
97 |
|
|
|
98 |
|
|
- apache/suexec |
99 |
|
|
- see http://www.fubra.com/vsdfaq/index.html#apache and do steps described there: |
100 |
|
|
--- snip --- |
101 |
|
|
(Q) How do I enable Apache's suexec wrapper? |
102 |
|
|
|
103 |
|
|
(A) By default Apache is installed with the suexec wrapper disabled. It is left as an exercise for the administrator to enable it by setting the appropriate permissions. |
104 |
|
|
|
105 |
|
|
Prior to creating the skel, fix the permissions with: |
106 |
|
|
chmod 4711 /usr/sbin/suexec |
107 |
|
|
|
108 |
|
|
If you have already created the skel, use: |
109 |
|
|
chmod 4711 /path/to/skel/usr/sbin/suexec |
110 |
|
|
--- snip --- |
111 |
|
|
|
112 |
|
|
|
113 |
|
|
- enable apache serving /home/*/public_html |
114 |
|
|
- in /etc/httpd/conf/httpd.conf |
115 |
|
|
|
116 |
|
|
- activate phpMyAdmin at http://<domainname>/~service/phpMyAdmin/ |
117 |
|
|
- useradd service |
118 |
|
|
- mkdir /home/service/public_html |
119 |
|
|
- cd /home/service/public_html |
120 |
|
|
- ln -s /home/httpd/docs/phpMyAdmin . |
121 |
|
|
- configure at least hostname in /home/httpd/docs/phpMyAdmin/config.inc.php3 |
122 |
|
|
|
123 |
|
|
- activate webalizer-stats at http://<domainname>/~service/webalizer/ |
124 |
|
|
- cd /home/service/public_html |
125 |
|
|
- ln -s /home/httpd/docs/webalizer . |
126 |
|
|
|
127 |
|
|
- install kerberos-libraries |
128 |
|
|
- A. setup rpm |
129 |
|
|
- download rpm 3.0 - no problems ;) - from ftp://ftp.rpm.org/pub/rpm/dist/rpm-3.0.x/rpm-3.0.6.tar.gz |
130 |
|
|
- issue a "./configure && make && make install" |
131 |
|
|
- B. setup kerberos-libraries |
132 |
|
|
- download krb-libs from ftp://rpmfind.net/linux/redhat/updates/6.2/en/os/i386/krb5-libs-1.1.1-28.i386.rpm |
133 |
|
|
- become root!!! (e.g. via "bevs -r <vhost>" from main-host) |
134 |
|
|
- mkdir -p /var/local/lib/rpm |
135 |
|
|
- rpm -i --nodeps krb5-libs-1.1.1-28.i386.rpm |
136 |
|
|
- cd /usr/lib |
137 |
|
|
- ln -s /usr/kerberos/lib/* . |
138 |
|
|
- C. todo: |
139 |
|
|
16:08 <[joko]> 16:06 <[joko]> 1. setup "rpm": works as "admin" |
140 |
|
|
16:08 <[joko]> 16:06 <[joko]> 2. setup "kerberos": to be done as "root" via "bevs -r <vhost>" |
141 |
|
|
16:08 <[joko]> 3. checkout how kerberos-libs can be set up as "admin" (e.g. modify installation-path to /usr/local) |
142 |
|
|
|
143 |
|
|
- enable "lastlogging" |
144 |
|
|
- create /var/log/lastlog and give owner to "admin.admin" |
145 |
|
|
|
146 |
|
|
- disable ssh-errors in /var/log/messages |
147 |
|
|
- create /etc/security/limits.conf by issuing a echo "" > /etc/security/limits.conf |
148 |
|
|
|
149 |
cvsjoko |
1.2 |
- replace old perl version through new one (if available) |
150 |
|
|
[root@martha1 bin]# cd / |
151 |
|
|
[root@martha1 /]# cd /usr/bin/ |
152 |
|
|
[root@martha1 bin]# mv perl |
153 |
|
|
perl perl5.00503 perlbug perlcc perldoc |
154 |
|
|
[root@martha1 bin]# mv perl perl.old |
155 |
|
|
[root@martha1 bin]# ln -s /usr/local/bin/perl . |
156 |
|
|
[root@martha1 bin]# cd /home/service/bin/ftpweblog/ |
157 |
|
|
[root@martha1 ftpweblog]# ./graphftpweblog |
158 |
|
|
Error opening file for inclusion: /home/service/ftpweblog/testlog.html |
159 |
|
|
[root@martha1 ftpweblog]# |
160 |
cvsjoko |
1.1 |
|