1. BUNDLE INSTALLATION

System Service Install & Start


Note = 

yum install httpd php php-mysql php-mbstring php-gd mysql mysql-server php-pear-MDB2.noarch
*: for 64bit use as following
yum install httpd.x86_64 php.x86_64 php-mysql.x86_64 php-mbstring.x86_64 php-gd.x86_64 \
# > mysql-server.x86_64 php-pear-MDB2.noarch
/sbin/service httpd start ; /sbin/services mysqld start

 Apache Configuration Setup- 

1

HTTPD Virtual.conf keep default ; and with www

  • ServerSignature Off
    ServerTokens Prod
    TraceEnable Off
    NameVirtualHost    *:80

    <VirtualHost *:80>
        ServerName node.ajvm.net
        ServerAlias www.node.ajvm.net
        DocumentRoot /var/www/html
    </VirtualHost>
  • Reserved

2

  Apache Rewrite CODE: ( On The Server localhost and lan 192.168.1.200

  • <VirtualHost *:80>
        ServerName helpdesk.noc.net.my
        RewriteEngine      On
        RewriteRule      ^(.*)$    http://localhost:8081/$1    [P]
        UseCanonicalName On
        RewriteRule    ^(.*)$ [L]
    </VirtualHost>
  • <VirtualHost *:80>
        ServerName hrms.ajv.com.my
        RewriteEngine      On
        RewriteRule      ^(.*)$    http://hrms.ajv.com.my/$1 [P]
        UseCanonicalName On
        RewriteRule ^(.*)$ [L]
    </VirtualHost>
  • # note:-
    # /etc/hosts must have this line "192.168.1.200 hrms.ajv.com.my" LAN Server
    # which is http://hrms.ajv.com.my is located on the server 192.168.1.200

3   

  VirtualHost

  • <VirtualHost *:80>
           ServerName unixman.noc.net.my
           ServerAdmin  noc@unixman.pluto.com
           DocumentRoot /home/unixman/www
           TransferLog /home/unixman/logs/access-log
    </VirtualHost>

4

  Browsing Enable

  • <Directory /home/mirrornoc/www/pub>
           Options FollowSymLinks Indexes
    </Directory>
    <VirtualHost  *:80>
           ServerName mirror.noc.net.my
           ServerAdmin  noc@mirror.pluto.com
           DocumentRoot /home/mirrornoc/www
           TransferLog /home/mirrornoc/logs/access-log
           ScriptAlias /cgi-bin/ /home/mirrornoc/www/cgi-bin/
    </VirtualHost>
  • Reserved

5

  SSI Enable > httpd.conf ( Warning! Dont Use If NOT SURE What Is This For. "Security Issue" )

  • Options    Indexes    FollowSymLinks +Includes
    AddType    text/html .shtml
    AddOutputFilter    INCLUDES .shtml
  • Reserved

6

  SKEL-AUTO = /etc/skel

  • [root@server ~]# cd /etc/skel/
    [root@server skel]# mkdir logs
    [root@server skel]# mkdir public_html
    [root@server skel]# mkdir public_html/cgi-bin
    [root@server skel]# ln -s public_html/ www
  • Reserved

7

   HTTPS SSL - Key  Create New SSL Key - install mod_ssl.x86_64

  • openssl    req -new -x509 -nodes -out server.crt -keyout server.key
    mkdir -p /etc/httpd/conf/ssl.crt
    mkdir -p /etc/httpd/conf/ssl.key
    cp server.crt /etc/httpd/conf/ssl.crt
    cp server.key /etc/httpd/conf/ssl.key
  • Listen 443
    NameVirtualHost *:443
    <VirtualHost *:443>
            <Directory /var/www/html/oc>
            AllowOverride All
            </Directory>
          ServerName 192.168.100.200
          SSLEngine on
          SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt
          SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key
          DocumentRoot /var/www/html/oc
    </VirtualHost>
    LoadModule ssl_module  /usr/lib64/httpd/modules/mod_ssl.so

8

   Apache Mod Gzip Enable . TEST HERE

  • normaly on by default but check
    grep 'mod_deflate' /etc/httpd/conf/httpd.conf
    and add    the following to httpd.conf
  • # Deflate output configuration
    #
    AddOutputFilterByType DEFLATE text/html    text/plain text/xml text/css
    BrowserMatch ^Mozilla/4    gzip-only-text/html
    BrowserMatch ^Mozilla/4\.0[678] no-gzip
    BrowserMatch \bMSIE !no-gzip !gzip-only-text/htm

9

   WEB User Directory Chmod - as user via konsole

  • chmod 711 $HOME   
    chmod 755 public_html
    chmod a+r public_html/*

10

   Res

  • Reserved

11

    Res

  • Reserved

 PHP Configuration Setup-

12

    INSTALL PhpMyAdmin + Usage

  • install repoforge repository
  • yum install phpmyadmin php-mcrypt
  • edit phpmyadmin.conf in    /etc/httpd/conf.d
    <Directory "/usr/share/phpmyadmin">
      Order    Deny,Allow
      Allow    from all
    </Directory>
  • [root@rdesk conf.d]# nano -w /usr/share/phpmyadmin/config.inc.php
    $cfg['blowfish_secret']    = 'your_own_secret';
    $cfg['Servers'][$i]['auth_type'] = 'http';    <<< from cookie change to http if necessary
  • usage as following:

    MySQL >    db > Browse > Insert
    host = localhost
    db   = name_db
    user = shell user for that db

    click YES for the top six option .. from select_priv until drop_priv
    and another one.. the bottom one .. alter_priv
    save

    MySQL >    user > Browse >    Insert
    host = localhost
    user = shell user
    password = password_for_the_user <select password field>
    save

    Home > "create the db ( name_db ) or for the particular user u just create"

           Reload MySQL
  • Reserved

13

    Redirect Script    - save as index.php

  • <?php
      header ('Location:http://unixman.noc.net.my/src/manual_contents.html');
     ?>

15

    PHP - INFO

  • In the shell DocumentRoot $ echo '<?php phpinfo (); ?>' > info.php

16

    CHMOD CHILDREN FOLLOW PARENT ( Use With    Care )

  • chmod -R 777 ./folder

17

    CHMOD file with    chmod.php

  • <?php
    chmod ("configure.php",    644);
    ?>

18

    CHMOD WRITEABLE

  • chmod 0666 file.php

19

    PHP Security

  • edit php.ini to    make off "expose_php = Off"

20

    PHP Security Audit

  • http://phpsec.org/projects/phpsecinfo/

 MySQL Configuration Setup-

21

    Security - NO.1     /etc/my.cnf

  •   [mysqld]
        bind-address=127.0.0.1

22

    Security - NO.2    : Change MySQL root User

  • Please follow this LINK

23

    MySQL Create User / db / tables

  •  mysql>    GRANT ALL PRIVILEGES ON    noc_db.*
        -> TO 'noc'@'localhost'
        -> IDENTIFIED BY 'nocpass'    WITH GRANT OPTION;
     mysql>    create database    noc_db;
     mysql>    FLUSH PRIVILEGES;

mysql> use mysql;
mysql> select User from mysql.user;
+------+
| User |
+------+
| root |
---------------------

root@sol-11dev:/home/noc/www/phpmyadmin/examples# mysql < create_tables.sql

24

    GRANT ALL TO ROOT #Security ISSUE!!

  • GRANT ALL PRIVILEGES ON    *.* TO 'root'@'%'IDENTIFIED BY '' WITH GRANT OPTION;

25

    MySQL Change root Password

  • mysql> use mysql;
    mysql> update user set password=PASSWORD("new-root-pass") where User='root';
    mysql> flush privileges;
    mysql> quit

26

    MySQL Reset Password

  • # mysqld_safe --skip-grant-tables &
  • # mysql    -u root

27

    Proven Scaling MySQL Enterprise

12

    MySQL Proxy From Laptop . see more at SECURE TUNNEL

  • ssh -f -L 3001:localhost:3306 root@nocnet -p 8022 sleep 2d
  • run mysqladministrator port 3001

28

    MySQL Clean Up ( WARNING=BEFORE MYSQL IS USED )

  • Please Clean Up    MySQL default installation

    [root@sme ~]# mysql -u root -p
    Enter password:
    Welcome to the MySQL monitor.  Commands    end with ; or \g.
    Your MySQL connection id is 2 to server version: 5.0.22

    Type 'help;' or    '\h' for help. Type '\c' to clear the buffer.

    mysql> drop database test;
    Query OK, 0 rows affected (0.02    sec)

    mysql> use mysql;
    Reading table information for completion of table and column names
    You can turn off this feature to get a quicker startup with -A

    Database changed
    mysql> delete from db;
    Query OK, 2 rows affected (0.00    sec)

    mysql> delete from user where not (host="localhost" and user="root");
    Query OK, 3 rows affected (0.02    sec)

    mysql> flush privileges;
    Query OK, 0 rows affected (0.00    sec)

    mysql> \q
    Bye

29

    MY-Backup Database

  • [root@invt-svr smf]# mysqldump --all-databases --lock-tables=0 -uroot -B | bzip2 > /home/rou/all-database-invt-svr-20140612.bz2

30

    MY-NOC




Previous Section    APACHE / PHP / MYSQL Next Section