[Tips] Web site hosting

Dedicated for Linux & related opensource software

[Tips] Web site hosting

文章 #1  未閱讀文章PoP » 2007-04-12 18:13

This is the notes after testing with the settings, as the reminders for myself.

Filesystem structure

Base hosting directory: /path-to-hosting
Hosting admin directory: /path-to-hosting/admin

FTP root for site owners: /path-to-hosting/domain.tld
Web root for main site: /path-to-hosting/domain.tld/www
Web root for subdomains: /path-to-hosting/domain.tld/sub
Site related logs: /path-to-hosting/domain.tld/logs
MySQL data directory: /path-to-hhosting/domain.tld/data/db
Data directory outside webroot: /path-to-hoting/domain.tld/data/dir

Installation
  1. Install packages:

        net-www/apache
        dev-db/mysql
        dev-lang/php
        net-ftp/vsftpd
        sys-auth/pam_pwdfile
  2. Create base directory for hostings:

        mkdir /srv/hostings
  3. Create admin directory for varies hosting config files:

        mkdir /srv/hosting/admin
FTP related config files(vsftpd)

/etc/pam.d/vsftpd:
    auth required pam_pwdfile.so pwdfile /path-to-admin/passwd_file
/etc/vsftpd/vsftpd.conf:
    userlist_file=/path-to-admin/ftp.users (This is the allowed users list)
    user_config_dir=/path-to-admin/user_chroot (With user login name as filename, with line contains local_root=/path-to-hosting/${VHOST}, this is the chroot path)
/path-to-admin/ClearTextPassword:
    Defined in the password convert script


Apache related files

/etc/apache2/httpd.conf
    Listen *:80 (You may specify the interface IP)
    LogFormat .......
    CustomLog ......

/etc/apache2/vhosts.d/nn_domain.tld.conf (nn: numeric value, to specified the read order of sites)
    <Directory "/path-to-hosting/domain.tld/www">
        php_value mysql.default_port 33nn (This value should match "nn" of config file name)
        php_value mysql.default_socket "/var/run/mysqld/mysqld_nn.sock" (This value should match "nn" of /etc/mysql/my.cnf, instance socket setting)

*If not using VirtualHost, set the php_value in webroot's .htaccess file instead
    </Directory>

MySQL related files

/etc/mysql/my.cnf:
    [mysqldn]
    server-id = n
    port = ${mysqlmanager_port} + n
    socket = /var/run/mysqld/mysqld_nn.sock
    pid-file = /var/run/mysqld/mysqld_nn.pid
    datadir = /path-to-hosting/domain.tld/db
    log-error = /path-to-hosting/domain.tld/logs/mysqld.err


DNS zone file
  1. The forward zone file should have:

        domain.tld    A    ipv4 addr
        and/or
        domain.tld    AAAA    ipv6 addr

  2. This entry is common setup:

        www.domain.tld    CNAME    domain.tld
  3. If you like to have other sub-domain pointed to the web server, you may add this after above line:

        *.domain.tld    CNAME    domain.tld
WIP, to be finished later    
最後由 PoP 於 2007-05-03 04:08 編輯,總共編輯了 11 次。
頭像
PoP
 
文章: 13617
註冊時間: 2006-12-06 03:42

Different ways to configure Apache vhost

文章 #2  未閱讀文章PoP » 2007-04-20 18:42

  1. Simple setup - use <VituralHost>

    In httpd.conf:

    NameVirtualHost *:80

    <VirtualHost *:80> (The first one will be the default vhost, or you can use <virtualHost _default_:80> to specify the dafault)
        # per vhost settings here
        DocumentRoot "/base-vhost-path/${VHOST}/webroot"
        <Directory "/base-vhost-path/${VHOST}/webroot">
            # Directory settings here
        </Directory>
    </VirtualHost >

  2. Simple mass setup - vhost_alias

    In httpd.conf:

    NameVirtualHost *:80

    <IfModule !mod_vhost_alias.c>
        LoadModule vhost_alias_module    modules/mod_vhost_alias.so
    </IfModule>

    VirtualDocumentRoot
    (vhost_alias use %{SERVER_NAME}} variable to identified hosting site:
    %0 is %{SERVER_NAME}}, %1 is the first part of %{SERVER_NAME}}, delimited with the "."s, %-1 is the last part of %{SERVER_NAME}}, that is the top-level domain)
        /base-vhost-path/%-2_%-1/webroot
    (assume the filesystem structure for vhost is /path/to/domain.tld/webroot)

  3. Simple mass setup - use mod_rewrite

    <IfModule !mod_rewrite.c>
        LoadModule rewrite_module    modules/mod_rewrite.so
    </IfModule>

    RewriteEngine On
    RewriteLogLevel 9 (Value greater than 2 is for debug, default is 0 (no logging))
    RewriteLog logs/rewrite_log (Comment this out if you don't need rewrite log)

    LogFormat "%v %h %l %u %t \"%r\" %>s %b \"%{Referer}i -> %U\" \"%{User-Agent}i\" VLOG=%{VLOG}e" vhost
    CustomLog logs/access_log vhost

    RewriteMap lowercase int:tolower
    RewriteCond %{REQUEST_URI} ^/icons/    <--- this fix the Alias settings
    RewriteRule ^/(.*)$ - [PT]

    RewriteCond /base-vhost-path/${lowercase:%{SERVER_NAME}}/webroot -d    <--- this match existing site
    RewriteRule ^/(.*)$ /base-vhost-path/${lowercase:%{SERVER_NAME}}/webroot/$1 [E=VLOG:${lowercase:%{SERVER_NAME}},L]
    (the E= code setup variable VLOG, to log file with format string " VLOG=%{VLOG}e" included)

    RewriteRule ^/(.*)$ /base-vhost-path/default/webroot/$1 [E=VLOG:${lowercase:%{SERVER_NAME}}]    <--- if %{SERVER_NAME}} directory not exist(not hosting this), goes to the default vhost

  4. Complex mass setup - use mod_rewrite with map file

    <IfModule !mod_rewrite.c>
        LoadModule rewrite_module    modules/mod_rewrite.so
    </IfModule>

    RewriteEngine On

    RewriteMap lowercase int:tolower
    RewriteMap vhost txt:/path/to/site.map (The map file looks like this: host.domain.tld    /base-vhost-path/domain.tld/host)
    RewriteCond %{REQUEST_URI} ^/icons/    <--- this fix the Alias settings
    RewriteRule ^/(.*)$ - [PT]

    RewriteCond ${lowercase:%{SERVER_NAME}} ^(.+)$
    RewriteCond ${vhost:%1} ^(/.*)$    <--- lookup from map file

    RewriteRule ^/(.*)$ %1/$1 [L]    <--- match, DocumentRoot rewrite done here

    RewriteRule ^/(.*)$ /base-vhost-path/default/webroot/$1    <--- no match, goes to default vhost
最後由 PoP 於 2007-05-03 02:30 編輯,總共編輯了 3 次。
頭像
PoP
 
文章: 13617
註冊時間: 2006-12-06 03:42

FTP server for hosting with vsftpd

文章 #3  未閱讀文章PoP » 2007-04-25 02:52

  1. Create the virtual user

    Command:
    root@server ~$ useradd --home-dir /path/to-hosting \
    (This is the base directory for the hostings)
    --gid apache \
    [If you like to have dedicated group for the virtual user, you have to create the group (It depends on your distro's defaults). Anyway, assign virtual user to apache group recommended.]
    --shell /bin/nologin \
    (Deny login for the virtual user, improve security.)
    virtual (This is the virtual user name)

  2. Install package sys-auth/pam_pwdfile

    Use PAM for Virtual users' ftp login requests, with user:passwd lookup style similar with htpasswd

  3. Configure PAM

    Create/edit file /etc/pam.d/vsftpd, it should look like:

    auth required pam_pwdfile.so pwdfile /etc/vsftpd/passwd_file
    account required pam_permit.so

  4. Create script /etc/vsftpd/filter.pl (You may needed to change path for your distro, or put this somewhere else.) to manage password encryptions.

    Scripts from http://gentoo-wiki.com/HOWTO_vsftpd#Virtual_Users:


    use strict;

    # filter "user:cleartext" lines into "user:md5_crypted"
    # probably requires glibc

    while (<>) {
    chomp;
    (my $user, my $pass) = split /:/, $_, 2;
    my $crypt = crypt $pass, '$1$' . gensalt(8);
    print "$user:$crypt\n";
    }

    sub gensalt {
    my $count = shift;
    my @salt = ('.', '/', 0 .. 9, 'A' .. 'Z', 'a' .. 'z');
    my $s;
    $s .= $salt[rand @salt] for (1 .. $count);
    return $s;
    }


    Command:
    root@server ~$ chmod +x /etc/vsftpd/filter.pl

  5. Create a Makefile (You should modify the commands to automates user directory creation, handle the apache hosting map file, etc) for virtual user management

    # /etc/vsftpd/Makefile
    (Remember that the indented lines in a Makefile must be tab characters, not eight spaces!)

    passwd_file: cleartext (This file contains the user:password entries of virtual users. You may like to change the filename)
        touch $@
        chmod 600 $@
        ./filter.pl $< >$@

  6. Basic vsftpd configuration

    Edit /etc/vsftpd/vsftpd.conf:

    pam_service_name=vsftpd
    listen=YES
    max_per_ip=4
    listen_port=21
    pasv_min_port=30000
    pasv_max_port=30999
    xferlog_enable=YES
    anonymous_enable=NO
    anon_upload_enable=NO
    anon_mkdir_write_enable=NO
    anon_other_write_enable=NO
    chroot_local_user=YES
    hide_ids=YES (Enable to improve security, for users only get uid/gid of the ftp user)
    write_enable=YES
    local_umask=022
    file_open_mode=0666
    chown_uploads=YES
    chown_username=apache (Recommended to set this to the apache user)
    local_enable=YES
    virtual_use_local_privs=YES
    guest_enable=YES

  7. Simple Virtual user configuration (Use this if only ONE ftp account for site owners)

    user_sub_token=$USER
    guest_username=virtual
    local_root=/base-vhost-path/$USER (Login virtual user chroot to /base-vhost-path/$USER)

  8. Flexible Virtual user configuration (This allows more than ONE ftp account for site owners. Maybe ftp service for site data uploads)

    chroot_local_user=YES
    userlist_enable=YES
    userlist_deny=NO
    userlist_file=/etc/vsftpd/ftpusers

    user_config_dir=/etc/vsftpd/users (This is the directory with filename as the virtual user login name)

    The $USER file may contains entries under Filesystem access control section, with the most important entry: local_root=/base-vhost-path/user_chroot_path, assigned to the user.
最後由 PoP 於 2007-04-30 14:46 編輯,總共編輯了 3 次。
頭像
PoP
 
文章: 13617
註冊時間: 2006-12-06 03:42

MySQL Instance manager

文章 #4  未閱讀文章PoP » 2007-04-26 14:26

Concepts from Gentoo Wiki

  1. Create my.cnf

    Edit /etc/mysql/my.cnf:

    • Instance Manager Section

      [mysql.server]
      user-manager (Enable instance manager)

      [manager]
      default-mysqld-path = /usr/sbin/mysqld
      socket = /var/run/mysqld/manager.sock
      pid-file = /var/run/mysqld/manager.pid
      password-file = /etc/mysql/mysqlmanager.passwd (Recommends to place the password file under /etc/mysql )
      monitoring-interval = 2
      port = 3300 (Don't use MySQL default port 3306)
      bind-address = 127.0.0.1

    • Define Instance for every vhost


      [mysqld] (This is the instance name shown in Instance Manager, numeric part better match server-id and port to make life easier)
      mysqld-path = /usr/sbin/mysqld
      character-set-server = utf8
      default-character-set = utf8
      user = mysql
      server-id = (Let's start from 1)
      port = 330 (Preferred to assign port number of instance manager + instance number. use port 3301 for the first instance)
      socket = /var/run/mysqld/mysql_${VHOST}.sock
      pid-file = /var/run/mysqld/mysql_${VHOST}.pid
      log-error = /base-vhost-path/${VHOST}/logs/mysqld.err
      datadir = /base-vhost-path/${VHOST}/db
      bind-address = 127.0.0.1
  2. Create the password-file




  3. Create the databases

    • database install script for vhosts

      Edit /etc/mysql/vhost_db_install





      VHOST="$1"
      DATADIR="/base-vhost-path/${VHOST}/db" (Modify this to suit your directory structure)

      echo "Setting up default databases for virtual host '${VHOST}'"


      if [[ ! -d "${DATADIR}" ]]; then
      echo -n "Data directory does not exist, would you like to create it?"
      read -p " [y/n] " create_response

      if [[ ${create_response} == "y" ]]; then
      mkdir -p ${DATADIR}
      echo "Data directory created successfully"
      else
      exit
      fi
      fi


      if [[ -d "${DATADIR}/mysql" ]]; then
      echo "MySQL databases appear to already exist, if not please remove all files from '${DATADIR}'"
      exit
      fi


      echo -n "Please enter a password for the mysql 'root' user"
      read -rsp ": " pwd1
      echo -en "\nRe-enter password for confirmation"
      read -rsp ": " pwd2
      echo -en "\n"

      if [[ "x$pwd1" != "x$pwd2" ]]; then
      echo "The passwords you endered were not the same"
      exit
      fi

      echo "Creating the default mysql databases and setting permissions"

      mysql_install_db --datadir=${DATADIR} | grep -B5 -A999 -i "ERROR"
      chown -R mysql:mysql ${DATADIR} 2>/dev/null
      chmod 0750 ${DATADIR} 2>/dev/null

      echo "Retrieving timezone data for entry into the database"
      TZ_FILE="/tmp/zone_data_${RANDOM}"

      mysql_tzinfo_to_sql /usr/share/zoneinfo > ${TZ_FILE} 2>/dev/null

      echo -n "Starting mysql daemon..."
      sockfile="/var/run/mysqld/mysqld${RANDOM}.sock"
      pidfile="/var/run/mysqld/mysqld${RANDOM}.pid"


      mysqld --skip-ndbcluster --user=mysql --skip-grant-tables --basedir=/usr --datadir=${DATADIR} --skip-innodb --skip-bdb --skip-networking --max_allowed_packet=8M --net_buffer_length=16K --socket=${sockfile} --pid-file=${pidfile} &>/dev/null &


      maxtry=5
      while ! [[ -S "${sockfile}" || ${maxtry} -lt 1 ]]; do
      maxtry=$((${maxtry}-1))
      echo -n "."
      sleep 1
      done

      echo "Updating databases"
      mysql --socket=${sockfile} -h localhost -e "UPDATE mysql.user SET Password = PASSWORD('${pwd1}') where USER='root'"
      mysql --socket=${sockfile} -h localhost -u root -p"${pwd1}" mysql < ${TZ_FILE}

      echo "Shutting down mysql daemon"
      kill $(< "${pidfile}")
      rm -f "${TZ_FILE}"

      echo -e "\nAll done"

    • chmod +x /etc/mysql/vhost_db_install
    • Create db for vhost

  4. Configure PHP Flags with Apache

    These goes to the main config:

    <Directory "/base-vhost-path/${VHOST}/webroot">
            :
        php_value mysql.default_port 330#
        php_value mysql.default_socket "/var/run/mysqld/${VHOST}.sock"
            :
    </Directory>
頭像
PoP
 
文章: 13617
註冊時間: 2006-12-06 03:42

Postfix virtual mail domain

文章 #5  未閱讀文章PoP » 2007-04-27 00:42

Install PostfixAdmin package.

This package use Mysql server to manage virtual domain and mail address.
頭像
PoP
 
文章: 13617
註冊時間: 2006-12-06 03:42

vsftpd with mysql user management

文章 #6  未閱讀文章PoP » 2009-11-02 10:57

Install package pam_mysql

Create database for vstpd login

代碼: 選擇全部
create database vsftpdvu;
use vsftpdvu; 

create table users (name char (16) binary, passwd char (16) binary); 
 insert into users (name, passwd) values ( 'xiaotong', password ( 'qqmywife')); 
 insert into users (name, passwd) values ( 'xiaowang', password ( 'ttmywife')); 


Grant vsftpd rights to read login data

代碼: 選擇全部
grant select on vsftpdvu.users to vsftpdguest @ localhost identified by 'i52serial0'; 


PAM authentication with MySQL

代碼: 選擇全部
Open /etc/pam.d/vsftpd files, by adding the following elements:

auth required pam_mysql.o user = vsftpdguest passwd = i52serial0 host = localhost db = vsftpdvu table = users usercolumn = name passwdcolumn = passwd crypt = 2

account required pam_mysql.o user = vsftpdguest passwd = i52serial0 host = localhost db = vsftpdvu table = users usercolumn = name passwdcolumn = passwd crypt = 2

Related to the above parameters, as long as the corresponding set up in front of the database can understand their meaning. It should be noted that crypt parameters. crypt that password in the Password field of encryption method: crypt = 0, passwords to express way (not encrypted) stored in the database; crypt = 1, the use of passwords UNIX system DES encryption encrypted stored in the database; crypt = 2 , Passwords after the pas MySQL


vsftpd.conf

代碼: 選擇全部
user_sub_token=$USER
guest_username=/path-to/hosting/$USER
local_root=/path-to/hosting/$USER


Reference: http://www.digitalnerds.net/featured/vsftpd-with-mysql-backend/
當流赤足蹋澗石,水聲激激風吹衣。
人生如此自可樂,豈必局束為人鞿?
頭像
PoP
 
文章: 13617
註冊時間: 2006-12-06 03:42


回到 Linux

誰在線上

正在瀏覽這個版面的使用者:沒有註冊會員 和 2 位訪客

cron