Wednesday, September 16, 2009

NGINX, PHP-CGI, SPAWN-FCI, FTP, VHOSTS, MYSQL | centos-fedora-redhat

Setup is done under a clean Centos 5.2 32bit server

yum -y update
yum -y upgrade

PART 0
#####################################################
# start with php-5 setup and mysql setup #
#####################################################

yum -y install mysql-server mysql-client
yum -y install php-cgi php-mysql php-curl php-gd php-idn php-pear php-imagick php-imap php-mcrypt php-memcache php-mhash php-ming php-pspell php-recode php-snmp php-sqlite php-tidy php-xmlrpc php-xsl

Note: add following line to end of php ini file
cgi.fix_pathinfo = 1

PART 1
#####################################################
# NGINX SETUP START #
#####################################################

# first creating users for nginx
adduser www-data --home-dir /home/www-data
passwd www-data
--------------->enter a password

# Creating a client user for some virtual hosting
adduser mustafat --home-dir /home/www-data/mustafat -G www-data
passwd mustafat
--------------->enter a password
chown mustafat:www-data /home/www-data/mustafat
#after adding users run chmod command
chmod 0755 /home/www-data/ -R
# adding some directories for user www-data actually for nginx setup :)
mkdir /var/lib/nginx/
mkdir /var/lib/nginx/body
mkdir /var/lib/nginx/proxy
mkdir /var/lib/nginx/fastcgi
chown www-data:root /var/lib/nginx/ -R
chmod 0700 /var/lib/nginx -R


yum -y install wget which
wget http://sysoev.ru/nginx/nginx-0.8.15.tar.gz
tar zxvf nginx-0.8.15.tar.gz
cd nginx-0.8.15

yum -y install gcc make
yum -y install pcre pcre-devel
yum -y install openssl openssl-devel

./configure --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --pid-path=/var/run/nginx.pid --lock-

path=/var/lock/nginx.lock --http-log-path=/var/log/nginx/access.log --http-client-body-temp-path=/var/lib/nginx/body --http-proxy-temp-

path=/var/lib/nginx/proxy --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --with-debug --with-http_stub_status_module --with-http_flv_module --with-

http_ssl_module --with-http_dav_module

make
make install


#nginx setup finished
#####################################################
#####################################################

PART 2
#####################################################
# start spawn-fcgi setup #
#####################################################
wget http://www.lighttpd.net/download/spawn-fcgi-1.6.2.tar.gz
tar zxvf spawn-fcgi-1.6.2.tar.gz
cd spawn-fcgi-1.6.2
./configure
make
make install

which spawn-fcgi
#returned: /usr/local/bin/spawn-fcgi
which php-cgi
#returned: /usr/bin/php-cgi

#for help run for spawning
/usr/local/bin/spawn-fcgi --help

#so lets SPAWN it:
/usr/local/bin/spawn-fcgi -a 127.0.0.1 -p 9000 -u www-data -g www-data -f /usr/bin/php-cgi -P /var/run/fastcgi-php.pid -C 10

#add it to the start up
vi /etc/rc.local
#add the following line to the end of file
/usr/local/bin/spawn-fcgi -a 127.0.0.1 -p 9000 -u www-data -g www-data -f /usr/bin/php-cgi -P /var/run/fastcgi-php.pid -C 10


# end spawn-fcgi setup
#####################################################
#####################################################

PART 3
#####################################################
#editing default nginx conf
vi /etc/nginx/nginx.conf
#change file content with following one
user www-data;
worker_processes 5;

error_log /var/log/nginx/error.log;
pid /var/run/nginx.pid;

events {
worker_connections 1024;
}

http {
include /etc/nginx/mime.types;
default_type application/octet-stream;

access_log /var/log/nginx/access.log;
server_names_hash_bucket_size 128;
sendfile on;
#tcp_nopush on;

#keepalive_timeout 0;
keepalive_timeout 2;
tcp_nodelay on;

gzip on;
gzip_min_length 1000;
gzip_proxied expired no-cache no-store private auth;
gzip_types text/plain application/xml;
gzip_disable "MSIE [1-6]\.";


limit_req_zone $binary_remote_addr zone=antiddos:20m rate=3r/s;

include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}


#####################################################
mkdir /etc/nginx/conf.d/
mkdir /etc/nginx/sites-enabled
#add following lines for default config you may change it whatever you like
vi /etc/nginx/sites-enabled/default
# sample config file
server {
listen 80;
server_name _; # underdash means for all hosts

access_log off;

location / {
root /home/www-data;
index index.html index.htm;
}
location /nginx_status {
stub_status on;
access_log off;
}

}
#some test
vi /home/www-data/index.html
hello world from vpslife.blogspot.com and vpswatch.com



#adding a virtual host
vi /etc/nginx/sites-enabled/vpswatch.com.conf
#sample config for vpswatch.com (virtual host) which is running now
server {
listen 80;
server_name vpswatch.com www.vpswatch.com;

access_log off;

location / {
root /home/www-data/mustafat/vpswatch.com;
index index.php index.html index.htm;

# to forward www to non-www address
if ($host ~* www\.(.*)) {
set $host_without_www $1;
rewrite ^(.*)$ http://$host_without_www$1 permanent;
}
# I added a some write for the testing purpose
rewrite ^/vps-provider/([^/]*)/$ /myserviceproviders.php?vps_provider=$1 last;

}
location ~ \.php$ {
limit_req zone=antiddos burst=5 nodelay;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /home/www-data/mustafat/vpswatch.com$fastcgi_script_name;
fastcgi_read_timeout 180;
include fastcgi_params;
}

}

PART 4
#####################################################
# NGINX STARTUP SCRIPT FOR CENTOS/FEDORA/REDHAT #
#####################################################
vi /etc/init.d/nginx
# copy paste following script for redhat/centos/fedora


#!/bin/sh
#
# nginx - this script starts and stops the nginx daemin
#
# chkconfig: - 85 15
# description: Nginx is an HTTP(S) server, HTTP(S) reverse \
# proxy and IMAP/POP3 proxy server
# processname: nginx
# config: /etc/nginx/nginx.conf
# config: /etc/sysconfig/nginx
# pidfile: /var/run/nginx.pid

# Source function library.
. /etc/rc.d/init.d/functions

# Source networking configuration.
. /etc/sysconfig/network

# Check that networking is up.
[ "$NETWORKING" = "no" ] && exit 0

nginx="/usr/sbin/nginx"
prog=$(basename $nginx)

NGINX_CONF_FILE="/etc/nginx/nginx.conf"

[ -f /etc/sysconfig/nginx ] && . /etc/sysconfig/nginx

lockfile=/var/lock/subsys/nginx

start() {
[ -x $nginx ] || exit 5
[ -f $NGINX_CONF_FILE ] || exit 6
echo -n $"Starting $prog: "
daemon $nginx -c $NGINX_CONF_FILE
retval=$?
echo
[ $retval -eq 0 ] && touch $lockfile
return $retval
}

stop() {
echo -n $"Stopping $prog: "
killproc $prog -QUIT
retval=$?
echo
[ $retval -eq 0 ] && rm -f $lockfile
return $retval
}

restart() {
configtest || return $?
stop
start
}

reload() {
configtest || return $?
echo -n $"Reloading $prog: "
killproc $nginx -HUP
RETVAL=$?
echo
}

force_reload() {
restart
}

configtest() {
$nginx -t -c $NGINX_CONF_FILE
}

rh_status() {
status $prog
}

rh_status_q() {
rh_status >/dev/null 2>&1
}

case "$1" in
start)
rh_status_q && exit 0
$1
;;
stop)
rh_status_q || exit 0
$1
;;
restart|configtest)
$1
;;
reload)
rh_status_q || exit 7
$1
;;
force-reload)
force_reload
;;
status)
rh_status
;;
condrestart|try-restart)
rh_status_q || exit 0
;;
*)
echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload|configtest}"
exit 2
esac


#####################################################

#make it executable
chmod +x /etc/init.d/nginx
# lets start nginx
/etc/init.d/nginx start
# now try at is it working with a standard browser
# like firefox, ie, safari, opera...
# open http://yourserveripaddress/
# or try your virtual hosting in example : http://vpswatch.com/


# add it to the start up
vi /etc/rc.local
# add following line
/etc/init.d/nginx start
PART 5
#####################################################
# FTP Server with same users #
#####################################################
http://vpslife.blogspot.com/2009/09/setting-up-secure-fast-ftp-server-for.html

Reference : http://wiki.nginx.org/NginxInstall

Setting Up a secure fast ftp server for linux | VSFTP

#################################################
# setting up a ftp server #
# http://vpslife.blogspot.com/ & http://vpswatch.com/
#################################################

wget ftp://vsftpd.beasts.org/users/cevans/vsftpd-2.2.0.tar.gz
tar zxvf vsftpd-2.2.0.tar.gz
cd vsftpd-2.2.0
make
adduser nobody
adduser: user nobody exists
mkdir /var/ftp/
useradd -d /var/ftp ftp
(the next two are useful to run even if the user "ftp" already exists).
chown root.root /var/ftp
chmod og-w /var/ftp
Install vsftpd config file, executable, man page, etc.
make install
cp vsftpd.conf /etc
# open conf file and edit
vi /etc/vsftpd.conf
# set anonym ftp to no!
anonymous_enable=NO
# set local users can login and uncomment
local_enable=YES
# set write enable to yes and uncomment
write_enable=YES
#other settings
local_umask=022
connect_from_port_20=NO

chroot_list_enable=YES
chroot_list_file=/etc/vsftpd.chroot_list

##save file

#add users that you want enable ftp
vi /etc/vsftpd.chroot_list
#I added two user
www-data
mustafat
#add following lines to pam file
vi /etc/pam.d/vsftpd

# Standard behaviour for ftpd(8).

auth required pam_listfile.so item=user sense=allow file=/etc/vsftpd.chroot_list onerr=fail


# Note: vsftpd handles anonymous logins on its own. Do not enable
# pam_ftp.so.

# Standard blurb.
@include common-account
@include common-session

@include common-auth
auth required pam_shells.so
account required pam_unix.so
session required pam_unix.so
# to add to start up
vi /etc/rc.local
# add following line
/usr/local/sbin/vsftpd &

Reference : ftp://vsftpd.beasts.org/users/cevans/untar/vsftpd-2.2.0/INSTALL
Why Vsftp: Its fast and secure!