July 30th, 2010 by jde

Basic configuration

In the early days there was only one configuration file for Apache (httpd.conf). Over time it has been split into several files, each containing a specific category of directives (httpd-vhosts.conf, httpd-ssl.conf etc, etc). The original httpd.conf is still available at the root of the Apache configuration directory /usr/local/etc/apache22. The others are located in the /extra folder.

Open /usr/local/etc/apache22/httpd.conf and change the following values:

ServerAdmin your_email@address.tld
ServerName www.address.tld:80
ServerRoot "/usr/local"
DocumentRoot "/usr/local/www"
Directory "/usr/local/www"
  AllowOverride None
DirectoryIndex index.php index.html

ServerAdmin: Apache will display this address in the browser if something goes wrong.
ServerName: This is the site that will be displayed if none of the virtual hosts matches the request.
AllowOverride: If set to “None” any .htaccess files will be ignored. If you want maximum performance, you should avoid htaccess files and use the *.conf files instead.
DirectoryIndex: Add filenames which must be recognized as site index files. This is the file Apache will display if the request does not contain a specific page.

Virtual host configuration

The place to add virtual hosts is /usr/local/etc/apache22/extra/httpd-vhosts.conf:

The directives in httpd.conf are global… That is, they are implied for virtual hosts unless another value is specified.
Directives inside a virtual host overwrites any global directive and applies only to the virtual host where it is specified.

The following example is a namebased virtual host. Note the * in the first line. This is where you would put an IP address if you wanted to create an IP-based virtual host.
The former is most widely used since most people only have one IP address for the server.

<VirtualHost *:80>
ServerAdmin webmaster@domain.tld
DocumentRoot /usr/local/www/domain.tld
ServerName www.domain.tld
ErrorLog /usr/local/www/logs/www.domain.tld-error_log
CustomLog /usr/local/www/logs/www.domain.tld-access_log common
</VirtualHost>

This will tell Apache to look in /usr/local/www/domain.tld/ if a request is made for www.domain.tld. Also note ErrorLog and CustomLog – this is where error and access logs are written.

You can add as many virtual hosts as you like. Just enclose each host between a <VirtualHost *:80> and </VirtualHost>

It’s just as easy to create subdomains:

<VirtualHost *:80>
ServerAdmin webmaster@example.tld
DocumentRoot /usr/local/www/mysub.example.tld
ServerName mysub.example.tld
ErrorLog /usr/local/www/logs/mysub.example.tld-error_log
CustomLog /usr/local/www/logs/mysub.example.tld-access_log common
</VirtualHost>

Note: If you plan to use a subdomain for mail accounts, you must create an A record in DNS, unless the main domain is specified in DNS with a wildcard. You must also create an MX record pointing to the subdomain.

Don’t forget to create all the directories referenced in the virtual host (just the directories – you don’t need to create the log files in advance, Apache will create them the first time they are needed).

If you want to prevent directory listings in folders not containing an index file, add this to the virtual host:

<Directory /usr/local/www/domain.tld>
Options -Indexes
</Directory>

You must restart Apache to make any changes take effect.

# apachectl stop
# apachectl start

… or

# apachectl restart

July 29th, 2010 by jde

FreeBSD 8.1
Apache 2.2

Installation

# cd /usr/ports/www/apache22
# make install clean

You are presented with a lot of options. If you are new to Apache you probably don’t know half of them. But it is safe to just install it with the default selection. You can always reinstall Apache if you missed something.

See if it starts without any complaints:

# rehash
# apachectl start

Start your browser at go to http://your.ip.address.here (e.g http://12.3.4.56). If you see the words “It works!”, you’re good to go

Common startup errors

Error:

apr_sockaddr_info_get() failed for server.example.com
Could not reliably determine the servers fully qualified domain name using 127.0.0.1 for ServerName

Solution:

Configure /etc/hosts by replacing my.domain with your hostname. If you are not sure about your hostname, run the `hostname` command.
So if your hostname is penguin.myservers.com, this is what your hosts file should look like (replace the 12.3.4.56 IP with your public IP address).

::1               localhost localhost.penguin.myservers.com
127.0.0.1         localhost localhost.penguin.myservers.com
12.3.4.56         penguin.myservers.com penguin

Error:

[warn] (2)No such file or directory:Failed to enable the ‘httpready’ Accept Filter 

Solution:

# kldload accf_http

In /boot/loader.conf add this line:

accf_http_load="YES"

July 29th, 2010 by jde

FreeBSD 8.1
MySQL 5.1
phpMyAdmin 3.3

phpMyAdmin is a nice webbased gui to administer MySQL databases. It is for developers and system adminstrators who has in-depth knowledge of database systems – it is NOT for ordinary users.

Installation:

# cd /usr/ports/databases/phpmyadmin
# make install clean
Options for phpMyAdmin 3.3.4
[ ] SUPHP    suPHP support
[X] BZ2      bzip2 library support
[X] GD       GD library support
[X] MYSQLI   Improved MySQL support
[X] OPENSSL  OpenSSL support
[X] PDF      PDFlib support (implies GD)
[X] ZLIB     ZLIB support
[X] MCRYPT   MCrypt library support
[X] ZIP      Zip compression support

Configuration

After installation you need to configure Apache. First you must decide how you want to access phpMyAdmin:

1. http://www.existing-site.com/pma
2. http://pma.existing-site.com

If #1 is your choice, the only thing you need to do is adding an alias within the VirtualHost of existing-site.com

<VirtualHost *:80>
  DocumentRoot /usr/local/www/existing-site.com
  ServerName www.existing-site.com
  ServerAlias existing-site.com
  Alias /pma/ "/usr/local/www/phpMyAdmin/"
  Alias /pma "/usr/local/www/phpMyAdmin"
  (etc, etc...)
</VirtualHost>

If #2 is your choice, you’ll need to add  a new VirtualHost:

<VirtualHost *:80>
  DocumentRoot /usr/local/www/phpMyAdmin
  ServerName pma.existing-site.com
  (etc, etc...)
</VirtualHost>
 

After that, restart Apache and you’re basically done…

Every user in the mysql database now has access through phpMyAdmin. Therefore it is a good idea to tell phpMyAdmin who isn’t allowed.
Also phpMyAdmin will complain, if ‘blowfish_secret’ is not set. So this is my configuration:

$cfg['blowfish_secret'] = 'ollah';

$i = 0;

$i++;
$cfg['Servers'][$i]['AllowDeny']['order'] = 'deny,allow';
$cfg['Servers'][$i]['AllowDeny']['rules'] = array(
'deny postfix from all',
'deny squirrelmail from all',
'deny spamassassin from all'
);

Every configuration option available is documented at the PmaWiki

July 29th, 2010 by jde

FreeBSD 8.1
MySQL 5.1.48

MySQL is a very fast, reliable and light-weight database server – with MySQL you can go a long way with a single-server setup. The thing I really like about it, is that it is a transparent easy-to-use system – you don’t need a master degree to run it… and by the way, it’s free.

• Installing MySQL
• Setting the root password
• How to start and stop the MySQL server
• Security
• Admin interface for MySQL
• MySQL configuration file

Installing MySQL

Install MySQL prior to any other software which depend on it. This ensures that you get your preferred version.

You need two applications … the MySQL server and the MySQL client. Both are found in /usr/ports/databases/. If you install the server first the client will also be installed automatically.

# cd /usr/ports/databases/mysql51-server/
# make install clean

After installation you must enable mysql in /etc/rc.conf to make it start up automatically after a reboot. Add this line:

mysql_enable="YES"

Setting the root password

When MySQL is installed and enabled, you can start it and choose a password for root…

# rehash
# cd /usr/local/etc/rc.d/mysql-server start
# mysqladmin -u root password my_secret_password

Change “my_secret_password” to a password of your own choice. If you use copy/paste and accidently set the password to “my_secret_password” (as I did – doh!), you can change it again like this:

# mysqladmin -u root -p password new_secret_password
Enter password: my_secret_password

How to start and stop the MySQL server

This is how to start and stop the server

cd /usr/local/etc/rc.d/
./mysql-server stop
./mysql-server start

You can check the processlist to see if it’s actually running:

ps -ax | grep mysql
65368 p0 S 0:00.3-8 [mysqld]

Unless you’ve started mysql with the skip-networking option, you should also see it listening on port 3306:

Use [CTRL]+[C] to quit the connection after line 6:

telnet 127.0.0.1 3306
Trying 127.0.0.1...
Connected to localhost.example.tld.
Escape character is '^]'.
8
5.0.18-logR'i\qEDc,H|X#Dmw2/3T0
Connection closed by foreign host.

If you are having trouble stopping mysql, use mysqladmin to shut it down:

# mysqladmin -u root -p shutdown
Password:

After this, you can start it again with ./mysql-server start as shown earlier.

When you want to login and do stuff with MySQL, this is how to do it

mysql -u root -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 2 to server version: 5.1.48

Copyright (c) 2000, 2010, Oracle and/or its affiliates. All rights reserved.
This software comes with ABSOLUTELY NO WARRANTY. This is free software,
and you are welcome to modify and redistribute it under the GPL v2 license

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> show databases;
+--------------------+
| Database           |
+--------------------+
| information_schema |
| mysql              |
| test               |
+--------------------+
3 rows in set (0.08 sec)

Type 'help;' or '\h' for help. Type '\c' to clear the buffer.

mysql> exit
Bye

If you want to type characters with umlauts, accents or special characters like æ, ø and å, you have to enable your shell / console for 8 Bit encoding.. click here to see how.

Security

Quote from freebsd diary

I only connect to my database server from localhost. So there is no need for network connections. Therefore, I add this flag to mysql-server: –skip-networking. This also eliminates the possibility that someone will connect to your database server over the network/Internet.

That sounds reasonable, so let’s open up /etc/rc.conf and insert this line:

mysql_args=" --skip-networking"

Then stop and start the MySQL server again.

Also:
Only give users access to do exactly what they need… no less, and especially no more.
Do not allow access via phpMyAdmin to users who do not need it (like system users).

Admin interface for MySQL

There is a nice and user friendly webbased gui for MySQL called phpMyAdmin which is described here.

MySQL configuration file

The configuration file for MySQL is the place for fine-tuning the database server. MySQL comes with 4 different examples for small, medium, large and huge systems. These files are located in /usr/local/share/mysql. In each of these example configurations (my-small.cnf, my-medium.cnf and so on…) you’ll find information on when you should use each of them based on available memory. To use one of them, just overwrite the current configuration, by copying it to /usr/local/etc/my.cnf.

Most of the variables in the configuration file, can also be set at runtime. phpMyAdmin is very helpful when you need an overview of the configuration, and hints on tuning.

When running a busy site, it is of cause important to use the correct type of configuration. But the real memory consumer is badly created indexes on tables. One faulty index on a frequently used table can completely take the breath away from any system… so the very first thing to do on a server with very high load, is to look at the slow-queries log. Your load averages can go from 30 to 0 in a minute, when a bad index is fixed.

You can log all queries, errors and/or slow queries.. the decision is yours. Add these entries in my.cnf to use one or more of these log options:

log=/var/log/mysql/mysql.log
log-error=/var/log/mysql/mysql-err.log
log-slow-queries=/var/log/mysql/mysql-slow-queries.log
log-queries-not-using-indexes

.. and set the correct permissions on the log files.:

# cd /var/log/
# mkdir mysql
# cd mysql
# touch mysql-err.log
# touch mysql.log
# touch mysql-slow-queries.log
# chmod 660 *
# chown mysql:mysql *

The ‘log’ entry causes each and every query to be logged. Use this only if you are debugging and application, since it is a performance killer.

‘log-error’ will log anything that goes wrong. ‘log-slow-queries’ will, as the name says, log any query that didn’t finish within n seconds (n is determined by the long_query_time configuration value). The presence of ‘log-queries-not-using-indexes’ ensures that the slow-queries log also contains any queries which does not use indexes.

Be aware that the log-* entries in the config file cannot be set at runtime. You must restart MySQL whenever you make changes.

As usual, make sure that you rotate the logfiles with newsyslog.

July 28th, 2010 by jde

PHP 5.3
Apache 2.2
MySQL 5.1

Make sure you include your desired Apache version, e.g. WITH_APACHE22=YES or else you’ll end up with Apache 1.3. Apparently there is no intentions of changing that behavior.

# cd /usr/ports/lang/php5
# make WITH_APACHE22=YES install clean
Options for php5 5.3.2_1

[X] CLI        Build CLI version
[X] CGI        Build CGI version
[X] APACHE     Build Apache module
[ ] DEBUG      Enable debug
[X] SUHOSIN    Enable Suhosin protection system
[ ] MULTIBYTE  Enable zend multibyte support
[ ] IPV6       Enable ipv6 support
[X] MAILHEAD   Enable mail header patch
[ ] LINKTHR    Link thread lib (for threaded extensions)

You now have the basics … If you need to communicate with a database or manipulate PDF files you’ll need some of the extensions. Select only what you currently need. You can always come back another time and repeat this procedure. If the MySQL extension is installed, and you don’t select it next time, it will not be removed. But you have to check extensions.ini after each installation, since some of the extensions may have been listed twice.

# cd /usr/ports/lang/php5-extensions
# make config
Options for php5-extensions 1.4

[X] CTYPE       ctype functions
[X] DOM         DOM support
[X] FILEINFO    fileinfo support
[X] FILTER      input filter support
[X] GD          GD library support
[X] GETTEXT     gettext library support
[X] CTYPE       ctype functions
[X] DOM         DOM support
[X] FILEINFO    fileinfo support
[X] FILTER      input filter support
[X] GD          GD library support
[X] GETTEXT     gettext library support
[X] PDO         PHP Data Objects Interface (PDO)
[X] PDO_SQLITE  PDO sqlite driver
[X] POSIX       POSIX-like functions
[X] SESSION     session support
[X] SIMPLEXML   simplexml support
[X] SQLITE      sqlite support
[X] TOKENIZER   tokenizer support
[X] XML         XML support
[X] XMLREADER   XMLReader support
[X] XMLWRITER   XMLWriter support  

# make install clean

In /usr/local/etc/apache22/httpd.conf locate the “LoadModule” and “AddType” sections and add:

LoadModule php5_module libexec/apache22/libphp5.so
AddType application/x-httpd-php .php

Then restart apache to make the changes take effect:

# apachectl restart

PHP has a lot of configuration options to tweak if desired. Have a look in one of the example files:

/usr/local/etc/php.ini-development
/usr/local/etc/php.ini-production

You can copy one of these sample configuration files, or just create an empty file and add values that differ from the default settings.

# touch /usr/local/etc/php.ini

Remember that you have to restart Apache every time to change the configuration.

Open the newly created php.ini file and set the timezone:

date.timezone = "Europe/Copenhagen"

Restart apache:

# apachectl restart

Now have a look at your phpinfo.php page. Go to the “Date” section and look for “Default timezone”. It should say “Europe/Copenhagen” or whatever value you added.

If you ever need to verify a setting you changed, create a php file and call the phpinfo() function which will generate an information page.

# echo "<?php phpinfo();?>" >> /usr/local/www/some-website/phpinfo.php

Load phpinfo.php in your browser.

January 1st, 2010 by jde

If you press CTRL+Z when leaving a running job, you’ll get the ‘There are suspended jobs’ -message when you logout. Here is an example:

Let’s run a tail on a few files and then suspend the jobs with CTRL+Z

$ tail -f www.example.tld-error_log
^Z
Suspended

$ tail -f www.example.tld-access_log
^Z
Suspended

List all suspended jobs

$ jobs
[1]  - Suspended  tail -f www.example.tld-error_log
[2]  + Suspended  tail -f www.example.tld-access_log

Un-suspend and stop the jobs with CTRL+C

$ fg %1
tail -f www.example.tld-error_log
^C
$ fg %2
tail -f www.example.tld-access_log
^C