Difference between revisions of "Hudsonvalley"

From Wiki2
 
(74 intermediate revisions by the same user not shown)
Line 1: Line 1:
installed lamp stack using https://help.ubuntu.com/community/ApacheMySQLPHP
{{:subdomain}}


Hint: Server Guide
{{:useradd add user}}


To find the Ubuntu Server Guide related to your specific version, please go to: https://help.ubuntu.com/, select your Ubuntu version and then click on Ubuntu Server Guide. For the latest LTS version (12.04 LTS) of Ubuntu Server, please go to https://help.ubuntu.com/12.04/serverguide/index.html
{{:R}}


Parent page: Programming Applications
===doku===
to delete junk archive files
# find /home/sitebuil/public_html/doku/data/attic/ -type f -print0 | xargs -0r rm -f


Contents
{{:ubuntu 10.04 java}}


Hint: Server Guide
===[http://stackoverflow.com/questions/8532304/execute-root-commands-via-php execute-root-commands-via-php]===
To install the default LAMP stack in Ubuntu 10.04 and above
http://stackoverflow.com/questions/8532304/execute-root-commands-via-php
Starting over: How to remove the LAMP stack
Installing Apache 2
Checking Apache 2 installation
Troubleshooting Apache
Virtual Hosts
Installing PHP 5
Checking PHP 5 installation
Troubleshooting PHP 5
PHP in user directories
Installing MYSQL with PHP 5
After installing PHP
After installing MySQL
Set mysql bind address
Set mysql root password
Create a mysql database
Create a mysql user
Backup-Settings
Alternatively
Phpmyadmin and mysql-admin
Troubleshooting Phpmyadmin & mysql-admin
Alternative: install phpMyAdmin from source
Mysql-admin
For more information
Edit Apache Configuration
Installing suPHP
Run, Stop, Test, And Restart Apache
Using Apache
Status
Securing Apache
Password-Protect a Directory
Password-Protect a Directory With .htaccess
thumbnails
Known problems
Skype incompatibility
Other Apache Options
Further Information
This is to help people setup and install a LAMP (Linux-Apache-MySQL-PHP) server in Ubuntu, including Apache 2, PHP 5 and MySQL 4.1 or 5.0.


To install the default LAMP stack in Ubuntu 10.04 and above
===php include directory===
First install tasksel...
is where to put code that you want to run from multiple different directories. However it can't seem to be set in php.ini. The default is usr/share/php. In order to include files from /usr/local/share/php5/ I put a link in /usr/share/php/ to /usr/local/share/php5/chromephp/ChromePhp.php


===console log with ChromePhp.php ===
now included in /usr/share/php files to see in console whatever you put in ChromePhp::log('hello world'); BTW tutn php consol logging on in top right of browser (blue is on)
<syntaxhighlight lang="php">
<?php
include 'ChromePhp.php';
ChromePhp::log('hello world');
</syntaxhighlight>


$ sudo apt-get install tasksel
===php error reporting to browser===
... and then the LAMP stack:
/etc/php5/apache2/php.ini links to development version that logs errors to browser.  




$ sudo tasksel install lamp-server
===allowing www-data user to write to directory===
See Tasksel - be warned, only use tasksel to install tasks, not to remove them - see https://launchpad.net/bugs/574287
usermod -a -G group1,group2 username
DO NOT UNCHECK ANY PACKAGES IN THE MENU WHICH APPEARS
Where username is the user you want to modify and group1 and group2 are the new groups you want that user to join. Running the command without the -a argument will remove that user from all groups except group1 and group2.
You can leave your system in an unusable state.
groups sitebuil
members cando
chgrp -Rv cando /home/pathbost/public_html/ystill


Starting over: How to remove the LAMP stack
===locate===
To remove the LAMP stack remove the following packages:
but first updatedb


Note: This assumes you have no other programs that require any of these packages. You might wish to simulate this removal first, and only remove the packages that don't cause removal of something desired.
{{:backups}}
{{:cron}}


apache2 apache2-mpm-prefork apache2-utils apache2.2-common libapache2-mod-php5 libapr1 libaprutil1 libdbd-mysql-perl libdbi-perl libnet-daemon-perl libplrpc-perl libpq5 mysql-client-5.5 mysql-common mysql-server mysql-server-5.5 php5-common php5-mysql
===password protecting directories===
To also remove the debconf data, use the purge option when removing. To get rid of any configurations you may have made to apache, manually remove the /etc/apache2 directory once the packages have been removed.
Directories that are password protected are in /etc/apache2/sites-avalable pathbost and sitebuil


You may also want to purge these packages:
===visitor statistics===
http://www.hping.org/visitors/doc.html
visitors --output text -A -m 30 /var/log/apache2/access.log -o html >home/sitebuil/public_html/files/webstats.html
visitors --output text -A -m 30 /var/log/apache2/other_vhosts_access.log --trails --prefix http://sitebuilt.net -o html > /home/sitebuil/public_html/files/webstatsSBS.html
visitors --output text -A -m 30 /var/log/apache2/other_vhosts_access.log --trails --prefix http://pathbost.com -o html > /home/sitebuil/public_html/files/webstatsPATH.html
visitors --output text -A -m 30 /var/log/apache2/other_vhosts_access.log --trails --prefix http://levelthefield.us -o html > /home/sitebuil/public_html/files/webstatsLTF.html


mysql-client-core-5.5 mysql-server-core-5.5
===other software===
Installing Apache 2
that doesn't get put somewhere automatically
To only install the apache2 webserver, use any method to install:
:Put source.taz.gz under /usr/local/src
:From /usr/local/bin creagte a link
ln -s ../src/srcdir/compiledbin


===securing phpmyadmin===
https://nearwater (works only from tims laptop)
http://paynedigital.com/2011/09/setting-up-and-securing-a-phpmyadmin-install-on-ubuntu-10-04
:1. setting up ssl certificate
mkdir /etc/apache2/ssl
openssl req -new -x509 -days 365 -nodes -out /etc/apache2/ssl/apache.pem -keyout /etc/apache2/ssl/apache.key
:2. mv phpmyadmin.conf inside a virtual host and put it in sites-available
mv /etc/apache2/conf.d/phpmyadmin.conf /etc/apache2/sites-available/
:3. edit take out Alias, add virtual host and put in new credentials (pem and key)
:4. got /etc/apache2/sites-enables and enable it
ln -s ../sites-available/phpmyadmin.conf
:5. goto /etc/apache2/ports.conf and add
NameVirtualHost 198.23.156.78:443
:6. restart apache
/usr/sbin/apache2ctl restart
:put a host file entry in windows or from wherever you wan to get to this host
/windows/system32/drivers/etc/hosts  198.23.156.78 nearwater


apache2
===moving databases===
It requires a restart for it to work:
copies as of 12/2012 of databases are on windows  machine /documents/sites/mysqldumps


In phpmyadmin of the target mnachine create a user with same nae as source user and put the source ip as host. Create the (empty)databases on the target
root@server1 /var/backups# mysql -u root -p  -h localhost pathbost_assess < pathbost_assess.sql
root@10.194.101.169: home$  mysqldump -utim -pnji9ol pathbost_h409 | mysql -h198.23.156.78 -utim -pnji9ol pathbost_h409
mysqldump -utim -pnji9ol pathbost_poets | mysql -h198.23.156.78 -utim -pnji9ol pathbost_poets
To copy directories from old vps to new
root@10.194.101.169: home$  rsync -aHvz /home/pathbost/public_html root@198.23.156.78:/home/pathbost


$ sudo /etc/init.d/apache2 restart
installed lamp stack using https://help.ubuntu.com/community/ApacheMySQLPHP
or
 
 
$ sudo service apache2 restart
Checking Apache 2 installation
 
With your web browser, go to the URI http://localhost : if you read "It works!", which is the content of the file /var/www/index.html , this proves Apache works.
 
Troubleshooting Apache
 
If you get this error:
 
apache2: Could not determine the server's fully qualified domain name, using 127.0.0.1 for ServerName
 
then use a text editor such as "sudo nano" at the command line or "gksudo gedit" on the desktop to create a new file,
 
$ sudo nano /etc/apache2/conf.d/fqdn
or
 
$ gksu "gedit /etc/apache2/conf.d/fqdn"
then add
 
ServerName localhost
to the file and save. This can all be done in a single command with the following:
 
$ echo "ServerName localhost" | sudo tee /etc/apache2/conf.d/fqdn
Virtual Hosts
 
Apache2 has the concept of sites, which are separate configuration files that Apache2 will read. These are available in /etc/apache2/sites-available. By default, there is one site available called default this is what you will see when you browse to http://localhost or http://127.0.0.1. You can have many different site configurations available, and activate only those that you need.
 
As an example, we want the default site to be /home/user/public_html/. To do this, we must create a new site and then enable it in Apache2.
 
To create a new site:
 
Copy the default website as a starting point. sudo cp /etc/apache2/sites-available/default /etc/apache2/sites-available/mysite
 
Edit the new configuration file in a text editor "sudo nano" on the command line or "gksudo gedit", for example: gksudo gedit /etc/apache2/sites-available/mysite
 
Change the DocumentRoot to point to the new location. For example, /home/user/public_html/
 
Change the Directory directive, replace <Directory /var/www/> to <Directory /home/user/public_html/>
 
You can also set separate logs for each site. To do this, change the ErrorLog and CustomLog directives. This is optional, but handy if you have many sites
 
Save the file
Now, we must deactivate the old site, and activate our new one. Ubuntu provides two small utilities that take care of this: a2ensite (apache2enable site) and a2dissite (apache2disable site).
 
 
$ sudo a2dissite default && sudo a2ensite mysite
Finally, we restart Apache2:
 
 
$ sudo /etc/init.d/apache2 restart
If you have not created /home/user/public_html/, you will receive an warning message
 
To test the new site, create a file in /home/user/public_html/:


$ echo '<b>Hello! It is working!</b>' > /home/user/public_html/index.html
Finally, browse to http://localhost/
Installing PHP 5
To only install PHP5. use any method to install the package
libapache2-mod-php5
Enable this module by doing
$ sudo a2enmod php5
which creates a symbolic link /etc/apache2/mods-enabled/php5 pointing to /etc/apache2/mods-availble/php5 .
Except if you use deprecated PHP code beginning only by "<?" instead of "<?php" (which is highly inadvisable), open, as root, the file /etc/php5/apache2/php.ini , look for the line "short_open_tag = On", change it to "short_open_tag = Off" (not including the quotation marks) and add a line of comment (beginning by a semi-colon) giving the reason, the author and the date of this change. This way, if you later want some XML or XHTML file to be served as PHP, the "<?xml" tag will be ignored by PHP instead of being seen as a PHP code mistake.
Relaunch Apache 2 again:
$ sudo service apache2 restart
Checking PHP 5 installation
In /var/www , create a text file called "test.php", grant the world (or, at least, Ubuntu user "apache") permission to read it, write in it the only line: "<?php phpinfo(); ?>" (without the quotation marks) then, with your web browser, go to the URI "http://localhost/test.php": if you can see a description of PHP5 configuration, it proves PHP 5 works with Apache.
Troubleshooting PHP 5
Does your browser ask if you want to download the php file instead of displaying it? If Apache is not actually parsing the php after you restarted it, install libapache2-mod-php5. It is installed when you install the php5 package, but may have been removed inadvertently by packages which need to run a different version of php.
If sudo a2enmod php5 returns "$ This module does not exist!", you should purge (not just remove) the libapache2-mod-php5 package and reinstall it.
Be sure to clear your browser's cache before testing your site again. To do this in Firefox 4: Edit → Preferences … Privacy → History: clear your recent history → Details : choose "Everything" in "Time range to clean" and check only "cache", then click on "Clear now".
Remember that, for Apache to be called, the URI in your web browser must begin with "http://". If it begins with "file://", then the file is read directly by the browser, without Apache, so you get (X)HTML and CSS, but no PHP. If you didn't configure any host alias or virtual host, then a local URI begins with "http://localhost", "http://127.0.0.1" or http://" followed by your IP number.
If the problem persists, check your PHP file authorisations (it should be readable at least by Ubuntu user "apache"), and check if the PHP code is correct. For instance, copy your PHP file, replace your whole PHP file content by "<?php phpinfo(); ?>" (without the quotation marks): if you get the PHP test page in your web browser, then the problem is in your PHP code, not in Apache or PHP configuration nor in file permissions. If this doesn't work, then it is a problem of file authorisation, Apache or PHP configuration, cache not emptied, or Apache not running or not restarted. Use the display of that test file in your web browser to see the list of files influencing PHP behaviour.
PHP in user directories
According to this blog, newer versions of Ubuntu do not have PHP enabled by default for user directories (your public_html folder). See the blog for instructions on how to change this back.
Installing MYSQL with PHP 5
Use any method to install
mysql-server libapache2-mod-auth-mysql php5-mysql
After installing PHP
You may need to increase the memory limit that PHP imposes on a script. Edit the /etc/php5/apache2/php.ini file and increase the memory_limit value.
After installing MySQL
Set mysql bind address
Before you can access the database from other computers in your network, you have to change its bind address. Note that this can be a security problem, because your database can be accessed by other computers than your own. Skip this step if the applications which require mysql are running on the same machine.
type:
$ sudo nano /etc/mysql/my.cnf
and change the line:
bind-address          = localhost
to your own internal ip address e.g. 192.168.1.20
bind-address          = 192.168.1.20
If your ip address is dynamic you can also comment out the bind-address line and it will default to your current ip.
If you try to connect without changing the bind-address you will recieve a "Can not connect to mysql error 10061".
Set mysql root password
Before accessing the database by console you need to type:
$ mysql -u root
At the mysql console type:
$ mysql> SET PASSWORD FOR 'root'@'localhost' = PASSWORD('yourpassword');
A successful mysql command will show:
Query OK, 0 rows affected (0.00 sec)
Mysql commands can span several lines. Do not forget to end your mysql command with a semicolon.
Note: If you have already set a password for the mysql root, you will need to use:
$ mysql -u root -p
(Did you forget the mysql-root password? See MysqlPasswordReset.)
Create a mysql database
$ mysql> CREATE DATABASE database1;
Create a mysql user
For creating a new user with all privileges (use only for troubleshooting), at mysql prompt type:
$ mysql> GRANT ALL PRIVILEGES ON *.* TO 'yourusername'@'localhost' IDENTIFIED BY 'yourpassword' WITH GRANT OPTION;
For creating a new user with fewer privileges (should work for most web applications) which can only use the database named "database1", at mysql prompt type:
$ mysql> GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, INDEX, ALTER, CREATE TEMPORARY TABLES, LOCK TABLES ON database1.* TO 'yourusername'@'localhost' IDENTIFIED BY 'yourpassword';
yourusername and yourpassword can be anything you like. database1 is the name of the database the user gets access to. localhost is the location which gets access to your database. You can change it to '%' (or to hostnames or ip addresses) to allow connections from every location (or only from specific locations) to the database. Note, that this can be a security problem and should only be used for testing purposes!
To exit the mysql prompt type:
$ mysql> \q
Since the mysql root password is now set, if you need to use mysql again (as the mysql root), you will need to use:
$ mysql -u root -p
and then enter the password at the prompt.
Backup-Settings
Please, let's say something in which directories mysql stores the database information and how to configure a backup
Alternatively
There is more than just one way to set the mysql root password and create a database. For example mysqladmin can be used:
$ mysqladmin -u root -p password yourpassword
and
$ mysqladmin -u root -p create database1
mysqladmin is a command-line tool provided by the default LAMP install.
Phpmyadmin and mysql-admin
All mysql tasks including setting the root password and creating databases can be done via a graphical interface using phpmyadmin or mysql-admin.
To install one or both of them, first enable the universe repository
I am using Ubuntu server (command line)
I am using a desktop
Use any method to install
phpmyadmin
Troubleshooting Phpmyadmin & mysql-admin
If you get blowfish_secret error: Choose and set a phrase for cryptography in the file /etc/phpmyadmin/blowfish_secret.inc.php and copy the line (not the php tags) into the file /etc/phpmyadmin/config.inc.php or you will receive an error.
If you get a 404 error upon visiting http://localhost/phpmyadmin: You will need to configure apache2.conf to work with Phpmyadmin.
$ sudo gedit /etc/apache2/apache2.conf
Include the following line at the bottom of the file, save and quit.
$ Include /etc/phpmyadmin/apache.conf
Alternative: install phpMyAdmin from source
See the phpMyAdmin page for instructions on how to install phpmyadmin from source:
Mysql-admin
Mysql-admin runs locally, on the desktop. Use any method to install
mysql-admin
For more information
2.9.3. Securing the Initial MySQL Accounts from the MySQL Reference Manual is worth reading.
Edit Apache Configuration
You may want your current user to be the PHP pages administrator. To do so, edit the Apache configuration file :
$ gksudo "gedit /etc/apache2/apache2.conf"
Search both the strings starting by "User" and "Group", and change the names by the current username and groupname you are using. Then you'll need to restart Apache. (look at the next chapter concerning apache commands)
Configuration options relating specifically to user websites (accessed through localhost/~username) are in /etc/apache2/mods-enabled/userdir.conf.
Installing suPHP
suPHP is a tool for executing PHP scripts with the permissions of their owners. It consists of an Apache module (mod_suphp) and a setuid root binary (suphp) that is called by the Apache module to change the uid of the process executing the PHP interpreter.
Note: suPHP enforces, security and helps avoid file permission problems under development environments with several users editing the site files, but it also demands more memory and CPU usage, which can degrade your server performance under certain circumstances.
To only install suPHP. use any method to install the package
libapache2-mod-suphp
Enable this module by doing
sudo a2enmod suphp
then use a text editor such as "sudo nano" at the command line or "gksudo gedit" on the desktop to edit this file
sudo nano /etc/apache2/mods-available/php5.conf
or
gksu "gedit /etc/apache2/mods-available/php5.conf"
make a new empty line at the top of the content, then add
<Directory /usr/share>
make a new empty line at the bottom of the content, then add
</Directory>
save changes
For security reasons we need to specify to suPHP what are the document paths allowed to execute scripts, use a text editor such as "sudo nano" at the command line or "gksudo gedit" on the desktop to edit this file
sudo nano /etc/suphp/suphp.conf
or
gksu "gedit /etc/suphp/suphp.conf
find the value "docroot" and specify the document path of your site files, for example:
docroot=/var/www/
that value restrict script execution only to files inside "/var/www/"
docroot=/var/www/:${HOME}/public_html
that value restrict script execution only to files inside a custom home folder for each configured user inside "/var/www/:${HOME}/public_html"
for this tutorial we are going to use this value
docroot=/home/user/public_html/
which is the same Apache directory directive set before in this document
save changes
to restart Apache, type in your terminal
sudo /etc/init.d/apache2 restart
Now lets create a test script to see if suPHP is working correctly, in your terminal type
echo "<?php echo 'whoim = '.exec('/usr/bin/whoami');?>" | tee /home/user/public_html/whomi.php
that command creates a quick php test file to display the current user executing the script
open your browser and navigate to "localhost/whomi.php", most likely the browser will show you a "500" server error, this is because suPHP does not allow too permissive file and folder permissions and also does not allow mixed file and folder ownership, to correct this type in your terminal


Run, Stop, Test, And Restart Apache
Run, Stop, Test, And Restart Apache
Use the following command to run Apache :
Use the following command to run Apache :
  $ sudo /usr/sbin/apache2ctl start
  $ sudo /usr/sbin/apache2ctl start
To stop it, use :
  $ sudo /usr/sbin/apache2ctl stop
  $ sudo /usr/sbin/apache2ctl stop
To test configuration changes, use :
  $ sudo /usr/sbin/apache2ctl configtest
  $ sudo /usr/sbin/apache2ctl configtest
Finally, to restart it, run :
  $ sudo /usr/sbin/apache2ctl restart
  $ sudo /usr/sbin/apache2ctl restart
Mysql
:Commented out # bind-address = 127.0.0.1 in /etc/mysql/my.cnf so as to access db from any server
$ restart mysql

Latest revision as of 14:39, 10 January 2014

Subdomain

useradd - setting up accounts

lastlog (lists all the users)
useradd -d/home/newdir newdir (makeit <=8 char)
passwd newdir

create a publichtml and set permissions

cd /home
mkdir /newdir 
chmod 711 /home/newdir
cd /home/newdir
mkdir public_html
chmod ugo+rx -R public_html
apache etc/httpd.conf setup

This is probably already done. Do this maybe if new install of server

<IfModule mod_userdir.c>
	#
	# UserDir is disabled by default since it can confirm the presence
	# of a username on the system (depending on home directory
	# permissions).
	#
	#UserDir disable

	#
	# To enable requests to /~user/ to serve the user's public_html
	# directory, remove the "UserDir disable" line above, and uncomment
	# the following line instead:
	#
	UserDir public_html

</IfModule>

#
# Control access to UserDir directories.  The following is an example
# for a site where these directories are restricted to read-only.
#
<Directory /home/*/public_html>
	AllowOverride FileInfo AuthConfig Limit
	Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
	<Limit GET POST OPTIONS>
		Order allow,deny
		Allow from all
	</Limit>
	<LimitExcept GET POST OPTIONS>
		Order deny,allow
		Deny from all
	</LimitExcept>
</Directory>

in /etc/apache2/sites-available create a file with the username

<VirtualHost *:80>
 DocumentRoot /home/abvbread/public_html
 ServerName www.abvbreadandroses.info
 # Other directives here
</VirtualHost>
cd /etc/apache2/sites-enabled
a2ensite webeshop (puts a link in sites-enabled)
or do it manually - ln -s ../sites-available/webeshop webeshop
/etc/init.d/apache2 reload
sudo /etc/init.d/apache2 restart OR apache2ctl restart

R http://198.23.156.78:8787/

added cspan archive to /etc/apt/sources.list <syntaxhighlight> deb http://archive.ubuntu.com/ubuntu lucid main restricted universe deb http://archive.ubuntu.com/ubuntu lucid-updates main restricted universe deb http://archive.ubuntu.com/ubuntu lucid-security main restricted universe deb http://archive.canonical.com/ lucid partner deb http://archive.canonical.com/ lucid partner deb http://watson.nci.nih.gov/cran_mirror/bin/linux/ubuntu lucid/ </syntaxhighlight> installed R <syntaxhighlight>

  sudo apt-get update
  sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys E084DAB9
  sudo apt-get install r-base
  sudo apt-get install r-base-dev

</syntaxhighlight> installed rstudio http://198.23.156.78:8787/ <syntaxhighlight> $ sudo apt-get install gdebi-core $ sudo apt-get install libapparmor1 # Required only for Ubuntu, not Debian $ wget http://download2.rstudio.org/rstudio-server-0.97.312-i386.deb $ sudo gdebi rstudio-server-0.97.312-i386.deb </syntaxhighlight> you can add packages from the web rstudio <syntaxhighlight> </syntaxhighlight>

doku

to delete junk archive files

# find /home/sitebuil/public_html/doku/data/attic/ -type f -print0 | xargs -0r rm -f

Ubuntu 10.04 java

Since $ sudo add-apt-repository "deb http://archive.canonical.com/ lucid partner" DOESN'T WORK

If you need the real Sun JRE you can:

  1. goto dir like /usr/local/src or wherever you put stuff you install that's not apt-get
  2. download java-jre with duinsoft's install script:
  3. gunzip it
  4. run the install script
  5. find out whereis (I found it got installed to /opt/java/32/jre1.7.0_09/bin/java)
  6. link to it from /usr/local/bin
  7. restart the shell so your computer can find it
# cd usr/local/src
# lynx http://www.duinsoft.nl/pkg/pool/all/update-sun-jre.bin
# gunzip update-sun-jre.bin.gz
# sh update-sun-jre.bin
# cd /usr/local/bin
# ln -s /opt/java/32/jre1.7.0_09/bin/java

execute-root-commands-via-php

http://stackoverflow.com/questions/8532304/execute-root-commands-via-php

php include directory

is where to put code that you want to run from multiple different directories. However it can't seem to be set in php.ini. The default is usr/share/php. In order to include files from /usr/local/share/php5/ I put a link in /usr/share/php/ to /usr/local/share/php5/chromephp/ChromePhp.php

console log with ChromePhp.php

now included in /usr/share/php files to see in console whatever you put in ChromePhp::log('hello world'); BTW tutn php consol logging on in top right of browser (blue is on) <syntaxhighlight lang="php"> <?php include 'ChromePhp.php'; ChromePhp::log('hello world'); </syntaxhighlight>

php error reporting to browser

/etc/php5/apache2/php.ini links to development version that logs errors to browser.


allowing www-data user to write to directory

usermod -a -G group1,group2 username

Where username is the user you want to modify and group1 and group2 are the new groups you want that user to join. Running the command without the -a argument will remove that user from all groups except group1 and group2.

groups sitebuil
members cando
chgrp -Rv cando /home/pathbost/public_html/ystill

locate

but first updatedb

backups

Scripts are in /usr/local/lib/tm/scripts

<syntaxhighlight lang = "php">

  1. !/bin/bash

_now=$(date +"%m_%d_%Y") _file="/var/backups/misc/bkp-rand_$_now.tar.gz" echo "Starting backup to $_file..." tar czvf $_file $(<file-dir-list.txt) php s3_db.php sitebuil_wuffdb php s3_db.php sitebuil_wikidb php s3_db.php sitebuil_wrdp1 php s3_db.php hsc php s3_db.php webeshoppin php s3_dir.php /var/backups/misc/ </syntaxhighlight>

http://olivier.sessink.nl/publications/hotcloning/ https://my.hostus.us/cart.php?a=confproduct&i=0

cron and backups

https://help.ubuntu.com/community/CronHowto

php www-data program that creates a crontab and calls a C program that executes root commands to copy it into crontabs and install it

sitebuilt current backup setup

scripts are in

/usr/local/lib/tim/scripts


you need composer

 apt-get update
 apt-get install curl
 apt-get install php5 git php5-curl php5-cli
 curl -sS https://getcomposer.org/installer | php

composer.json lists the aws php dependencies

composer install
composer update

aws credentails are in /root/.aws/credentials

<syntaxhighlight lang="bash">

  1. !/bin/bash

_now=$(date +"%m_%d_%Y") _dir="/var/backups/s3/" _file="files_$_now.tar.gz" _bth=$_dir$_file echo "Starting backup to $_bth..." tar czf $_bth $(<file-dir-list.txt) php s3_dir.php $_file

php s3_db.php sitebuil_wuffdb php s3_db.php sitebuil_wikidb php s3_db.php sitebuil_wrdp1 php s3_db.php hsc php s3_db.php restoring </syntaxhighlight>

The tar command takes a file list, it has to be correct


# m h  dom mon dow   command
0 3 * * * cd /usr/local/lib/tm/scripts; ./backup.sh
0 2 * * * find /var/backups/s3/*.gz -ctime +21 -type f -print | xargs rm -f
cron tutorial another
Re: Where is crontab stored?
Root-level crontab should be in /etc/crontab.
Root-level anacron and periodics should be in /etc/cron*
User-level crontabs should be in /var/spool/cron/crontabs - they are listed by user, pathbost isactually a chrontab
select-editor

installing and testing a crontab

installing
even after you change it by yourself you can install it by running as root
sudo crontab -u pathbost /var/spool/cron/crontabs/pathbost
testing
* * * * * /bin/echo " pathGZoobar $(date) " >> /usr/local/docs/testcron.txt

will append this every minute to testcron.txt

 pathGZoobar Thu Jan  3 14:15:01 EST 2013

You can check the logs to see if the crontab got installed/executed by running as root

sudo tail /var/log/syslog

vi with crontab 101

  • su to user then 'crontab -e'
  • 'i' to insert text
  • 'esc :wq to save change, and quit
    • then crontab is installed
  • 'esc :q!' exits without saving (or installing)
  • you can kill your crontab with crontab -r
  • you can list the installed crontab with crontab -l

backup to s3

Backups have a 30 day life on s3 and a 21 day life in /var/backups/backup backup_to_S3 code

directory backup

To backup a directory run this from the terminal:

sudo php /home/sitebuil/scripts/S3-Site-Backups/s3cli_backupDir.php /home/sitebuil/public_html/doku doku
database backup
sudo php php /home/sitebuil/scripts/S3-Site-Backups/s3cli_backupDb.php sitebuil_wiki

or goto http://pathboston.com/zstill/stillwater.html

refs

s3 backup with s3napback

string meaning

   ------ -------
   @reboot Run once, at startup
   @yearly Run once a year, "0 0 1 1 *"
   @annually (same as @yearly)
   @monthly Run once a month, "0 0 1 * *"
   @weekly Run once a week, "0 0 * * 0"
   @daily Run once a day, "0 0 * * *"
   @midnight (same as @daily)
   @hourly Run once an hour, "0 * * * *"

password protecting directories

Directories that are password protected are in /etc/apache2/sites-avalable pathbost and sitebuil

visitor statistics

http://www.hping.org/visitors/doc.html

visitors --output text -A -m 30 /var/log/apache2/access.log -o html >home/sitebuil/public_html/files/webstats.html
visitors --output text -A -m 30 /var/log/apache2/other_vhosts_access.log --trails --prefix http://sitebuilt.net -o html > /home/sitebuil/public_html/files/webstatsSBS.html
visitors --output text -A -m 30 /var/log/apache2/other_vhosts_access.log --trails --prefix http://pathbost.com -o html > /home/sitebuil/public_html/files/webstatsPATH.html
visitors --output text -A -m 30 /var/log/apache2/other_vhosts_access.log --trails --prefix http://levelthefield.us -o html > /home/sitebuil/public_html/files/webstatsLTF.html

other software

that doesn't get put somewhere automatically

Put source.taz.gz under /usr/local/src
From /usr/local/bin creagte a link
ln -s ../src/srcdir/compiledbin

securing phpmyadmin

https://nearwater (works only from tims laptop) http://paynedigital.com/2011/09/setting-up-and-securing-a-phpmyadmin-install-on-ubuntu-10-04

1. setting up ssl certificate
mkdir /etc/apache2/ssl
openssl req -new -x509 -days 365 -nodes -out /etc/apache2/ssl/apache.pem -keyout /etc/apache2/ssl/apache.key
2. mv phpmyadmin.conf inside a virtual host and put it in sites-available
mv /etc/apache2/conf.d/phpmyadmin.conf /etc/apache2/sites-available/
3. edit take out Alias, add virtual host and put in new credentials (pem and key)
4. got /etc/apache2/sites-enables and enable it
ln -s ../sites-available/phpmyadmin.conf
5. goto /etc/apache2/ports.conf and add
NameVirtualHost 198.23.156.78:443
6. restart apache
/usr/sbin/apache2ctl restart
put a host file entry in windows or from wherever you wan to get to this host
/windows/system32/drivers/etc/hosts  198.23.156.78 nearwater

moving databases

copies as of 12/2012 of databases are on windows machine /documents/sites/mysqldumps

In phpmyadmin of the target mnachine create a user with same nae as source user and put the source ip as host. Create the (empty)databases on the target

root@server1 /var/backups# mysql -u root -p  -h localhost pathbost_assess < pathbost_assess.sql
root@10.194.101.169: home$  mysqldump -utim -pnji9ol pathbost_h409 | mysql -h198.23.156.78 -utim -pnji9ol pathbost_h409
mysqldump -utim -pnji9ol pathbost_poets | mysql -h198.23.156.78 -utim -pnji9ol pathbost_poets

To copy directories from old vps to new

root@10.194.101.169: home$  rsync -aHvz /home/pathbost/public_html root@198.23.156.78:/home/pathbost

installed lamp stack using https://help.ubuntu.com/community/ApacheMySQLPHP


Run, Stop, Test, And Restart Apache Use the following command to run Apache :

$ sudo /usr/sbin/apache2ctl start
$ sudo /usr/sbin/apache2ctl stop
$ sudo /usr/sbin/apache2ctl configtest
$ sudo /usr/sbin/apache2ctl restart

Mysql

Commented out # bind-address = 127.0.0.1 in /etc/mysql/my.cnf so as to access db from any server
$ restart mysql