FreeBSD: Apache, MySQL, PHP
I’m sure most of you have heard of a LAMP server. Why not take it one step further and drop the “L” word (Linux)? Migrating from Linux to FreeBSD might seem like trying to learn a foreign language. I can assure you that you already know most of the required vocabulary. Let’s get down to business.
As I write this, FreeBSD 8.0 has just been released. My tutorial involves 7.2-RELEASE. As I have not tested the new version, some of my techniques might be slightly deprecated. Begin by installing a vanilla copy of FreeBSD. Take advantage of the excellent documentation here.
I won’t be going into too much detail during this tutorial. One nice thing about FreeBSD is its abundance of documentation for everything. Hey, you might even learn a thing or two!
After the install, we will update our ports.
# portsnap fetch extract
Then, we install Apache, MySQL, PHP, and a few PHP extensions.
# cd /usr/ports/www/apache22
# make install clean
# cd /usr/ports/databases/mysql51-server
# make install clean
# cd /usr/ports/lang/php5
# make install clean Make sure you add the apache module!
# cd /usr/ports/lang/php5-extensions
# make install clean Add gd, mysql, and zlib.
Configure /usr/local/etc/apache22/httpd.conf
DirectoryIndex index.php index.html
AddType application/x-httpd-php .php
AddType application/x-httpd-php-source .phps
Miscellaneous:
# cp /usr/local/etc/php-ini-recommended /usr/local/etc/php.ini
(Make sure you disable allow_url_fopen and chmod 444)
# cp /usr/local/share/mysql/my-large.cnf /usr/local/etc/my.cnf
(chmod 444 my.cnf)
Add daemons to /etc/rc.conf
apache22_enable=”YES”
mysql_enable=”YES”
To make Apache not throw an error, add this to /boot/loader.conf
accf_http_load=”YES”
This tutorial was supposed to go into depth about securing the installation… maybe at a later date.
References:
http://www.linux.com/archive/feature/142718
http://www.freebsdmadeeasy.com/
Backup Server
The most important machine in my arsenal is my dedicated backup server. I keep mine physically unplugged when not in use to avoid any chance of a catastrophic power surge or break-in. I use simple rsync scripts to automate all of my backups. The operating system I use on the server is CentOS 5 (sound familiar?). CentOS is rock-solid and essentially an exact copy of Red Hat Enterprise Linux.
A default install of CentOS should have all of the necessary applications needed. If not, install the following:
# yum install rsync openssh-server
On a Linux client, create a file named something like rsync.sh and make it executable (chmod 755). Here is an example of mine:
#!/bin/sh
rsync -avz –delete –progress /home/user1/ root@10.1.1.12:/root/backup/computer1/home/user1/
/home/user1 is the directory I’m backing up to the server. root@10.1.1.12 is the username and ip address of the backup server. /root/backup/computer1/home/user1 is the directory I have created on the backup server to store my files. Make sure you create this directory on the server before attempting a backup. The “delete” switch just tells the server to delete any files previously backed up files and folers that you have removed from the directory you are backing up.
Upon executing the script, you will be prompted for the password for your login on the backup server (in our case, the user is root). Enter the password to begin the backup process.
If you’re trying to back up a Windows machine (gasp!), grab yourself a copy of cwRsync (just the client).
I will not be going into detail about backing up a Windows client (maybe at a later date), so here is a quick example of my Windows backup script:
rsync -avz –delete –progress /cygdrive/C/ root@10.1.1.12:/root/backup/computer2/C/
This will effectively back up the entire contents of your C drive.
Upside-Down-Ternet
Don’t you hate it when people steal your wireless internet? You could simply secure the access point or you could have some fun. In this tutorial, I will demonstrate how to set up a transparent Squid proxy which will flip images upside-down in the web browser. I used CentOS 5 and my network range was 10.0.0.0/8. If you’re using a different Linux distro, YMMV.
Install the necessary software:
# yum install httpd squid ImageMagick dhcp
Modify /etc/squid/squid.conf using your favorite editor and add or edit the following:
visible_hostname your_hostname_here
acl localnet src 10.0.0.0/8 set this to your network range
http_access allow localnet
http_port 3128 transparent
url_rewrite_program /usr/local/bin/flip.pl
Create a script called flip.pl with the following code and place it in /usr/local/bin
#!/usr/bin/perl
$|=1;
$count = 0;
$pid = $$;
while (<>) {
chomp $_;
if ($_ =~ /(.*\.jpg)/i) {
$url = $1;
system(”/usr/bin/wget”, “-q”, “-O”,”/var/www/html/images/$pid-$count.jpg”, “$url”);
system(”/usr/bin/mogrify”, “-flip”,”/var/www/html/images/$pid-$count.jpg”);
print “http://127.0.0.1/images/$pid-$count.jpg\n”;
}
elsif ($_ =~ /(.*\.gif)/i) {
$url = $1;
system(”/usr/bin/wget”, “-q”, “-O”,”/var/www/html/images/$pid-$count.gif”, “$url”);
system(”/usr/bin/mogrify”, “-flip”,”/var/www/html/images/$pid-$count.gif”);
print “http://127.0.0.1/images/$pid-$count.gif\n”;}
elsif ($_ =~ /(.*\.png)/i) {
$url = $1;
system(”/usr/bin/wget”, “-q”, “-O”,”/var/www/html/images/$pid-$count.png”, “$url”);
system(”/usr/bin/mogrify”, “-flip”,”/var/www/html/images/$pid-$count.png”);
print “http://127.0.0.1/images/$pid-$count.png\n”;}
else {
print “$_\n”;;
}
$count++;
}
Make the script executable:
# chmod 755 /usr/local/bin/flip.pl
Add apache to the squid group:
# usermod -aG squid apache
Create a directory for the stored images and set the correct permissions.
# mkdir /var/www/html/images
# chown squid:squid /var/www/html/images
Modify /etc/dhcpd.conf to look something like this:
ddns-update-style none;
authoritative;
default-lease-time 600;
max-lease-time 7200;subnet 10.0.0.0 netmask 255.0.0.0 {
range 10.1.1.50 10.1.1.59;
option subnet-mask 255.0.0.0;
option broadcast-address 10.255.255.255;
option domain-name-servers 10.1.1.1;
option routers 10.1.1.15; ip address of squid proxy
}host trusted1 {
hardware ethernet 00:11:22:33:44:55; mac address of trusted machine
fixed-address 10.1.1.100; ip of trusted machine
option routers 10.1.1.1; ip address of router and not squid proxy
}
Now it’s time to set up iptables. We will flush any current rules, add a redirector, and save the config.
# iptables -F
# iptables -t nat -F
# iptables -t nat -A POSTROUTING -j MASQUERADE
# iptables -t nat -A PREROUTING -p tcp –dport 80 -j REDIRECT –to-port 3128
# service iptables save
Enable routing (this line can also be added to /etc/rc.local so it will be executed when the system boots):
# echo 1 > /proc/sys/net/ipv4/ip_forward
Set your services to run at startup:
# chkconfig httpd on
# chkconfig squid on
# chkconfig dhcpd on
Start your services:
# service httpd start
# service squid start
# service dhcpd start
Have fun!
References:
http://www.ex-parrot.com/pete/upside-down-ternet.html
https://help.ubuntu.com/community/Upside-Down-TernetHowTo
Welcome!
Welcome to my new blog. I will be slowly but surely adding stuff to this thing.
