Building a LAMP Server
This document will walk you through the installation of what is known as a "LAMP" system:Linux, Apache, MySQL and PHP.Depending on who you talk to, the P also stands for Perl orPython, but in general, it is assumed to be PHP. I run CentOSon my servers; these directions were written for CentOS/Red Hat/Fedora. I have had requestsfor SuSE (another RPM-based distribution) as well as Debian-based systems, so I will work onvariants of these directions for those distributions in the future (donations might help speedthat process up!). The main difference between the distributions is in the paths to the startup scripts. Red Hatsystems used /etc/rc.d/init.d and SuSE uses /etc/init.d.
If you are not comfortable with trying this procedure yourself, I amavailable for hire to install LAMP systems, or assist you with any other Linux-based projects.
You can check my resume for background and contactinformation, or email brucetimberlake at gmail.com with your project details!
If you need an SSL-enabled server, I have a LAMP with SSL howto as well.
I designed this document so you can just copy/paste each line or block of commandsinto your shell session and it will "just work" for you. This avoids tedious typing, andthe inevitable typos or missed steps that result. These commands work properlyvia copy/paste. If you are having problems and you are not using copy/paste, pleasere-check your typing before sending me an email saying "It doesn't work."
Text in a "command" box like this one is a literal Linux commandline,and should be typed or pasted exactly as written.
One note: many many people have followed these directions as written,and have not had any problems.
If you are having a problem, chances are it's something you are doing (or not doing), something different
about your computer, etc.
It is probably NOT this procedure. :)
Initial Steps
PLEASE BE AWARE THAT A SOURCE-BASED INSTALLATION LIKE THISONE IS NOT NEEDED FOR A BASIC LAMP SERVER! You should only be doing a source-basedinstallation if you need to alter settings in one or more components of theLAMP stack (e.g., you need a feature in PHP that isn't in the default RPM).If you are just getting started with LAMP, use the binaries provided by yourdistribution - it is much simpler, and a lot easier to upgrade later.
Most out-of-the-box Red Hat Linux installations will have one or more of the LAMPcomponents installed via RPM files. I personally believe in installing things like this fromsource, so I get the most control over what's compiled in, what's left out, etc. Butsource code installs can wreak havoc if overlaid on top of RPM installs, as the two mostlikely won't share the same directories, etc.
If you have not yet installed your Linux OS, or just for future reference, do not chooseto install Apache, PHP, or MySQL during the system installation. Then you can immediatelyproceed with the source-based install listed here.
Note: to install applications from source code, you will need a C++ compiler (gcc++) installed.This is generally taken care of, but I've had enough queries about it that I've added thisnote to avoid getting more! You can use your distribution's install CDs to get the properversion of the compiler. Or, if you are using an RPM based distro, you can use a site likehttp://www.rpmfind.net/ to locate the correct RPMversion for your system. (You will obviously not be able to use/rebuild a source RPM to getthe compiler installed, as you need the compiler to build the final binary RPM!) On a Fedorasystem, you can do this command:
su - root
yum install gcc gcc-c++
Log in as root
Because we will be installing software to directories that "regular" users don't havewrite access to, and also possibly uninstalling RPM versions of some applications, we'lllog in as root. The only steps that need root access are the actualinstallation steps, but by doing the configure and make steps as root,the source code will also be inaccessible to "regular" users.
If you do not have direct access (via keyboard) to the server, PLEASE useSecure Shell (SSH) to access the server and not telnet!!Whenever you use telnet (or plain FTP for that matter), you are transmitting your username,password, and all session information in "plain text". This means that anyone who can accessa machine someplace between your PC and your server can snoop your session and get your info.Use encryption wherever possible!
su - root
Remove RPM Versions of the Applications
Before we start with our source code install, we need to remove all the existing RPM filesfor these products. To find out what RPMs are already installed, use the RPM query command:
rpm -qa
in conjunction with grep to filter your results:
rpm -qa | grep -i apache
rpm -qa | grep -i httpd
rpm -qa | grep -i php
rpm -qa | grep -i mysql
The 'httpd' search is in case you have Apache2 installed via RPM.
To remove the RPMs generated by these commands, do
rpm -e filename
for each RPM you found in the query. If you have any content in your MySQL databasealready, the RPM removal step should not delete the database files. When you reinstallMySQL, you should be able to move all those files to your new MySQL data directory andhave access to them all again.
Get the Source Code for all Applications
We want to put all our source code someplace central, so it's not getting mixed up in someone'shome directory, etc.
cd /usr/local/src
One way application source code is distributed is in what are known as "tarballs." The tar commandis usually associated with making tape backups - tar stands for Tape ARchive.It's also a handy way to pack up multiple files for easy distribution. Use the man tar command tolearn more about how to use this very flexible tool.
At the time of updating this, the current versions of all the components we'll use are:
MySQL - 4.1.22
Apache - 1.3.37
PHP - 4.4.6
Please note: these are the only versions of these that I haveset up myself, and verified these steps against. If you use another version ofany component, especially a newer version, this HOWTO may not be accurate, and Iwon't be able to provide free support under those circumstances. Paid support andassistance is always available however.
wget http://www.php.net/distributions/php-4.4.6.tar.gz
wget http://apache.oregonstate.edu/httpd/apache_1.3.37.tar.gz
There may be an Apache mirror closer to you - check their mirrorpage for other sources. Then insert the URL you get in place of the above for the wgetcommand.
For MySQL, go to http://www.mysql.com/ andchoose an appropriate mirror to get the newest MySQL version (v4.1.22).
Unpack the Source Code
tar zxf php-4.4.6.tar.gz
tar zxf apache_1.3.37.tar.gz
tar zxf mysql-4.1.22.tar.gz
This should leave you with the following directories:
/usr/local/src/php-4.4.6
/usr/local/src/apache_1.3.37
/usr/local/src/mysql-4.1.22
Build and Install MySQL
First, we create the group and user that "owns" MySQL. For security purposes,we don't want MySQL running as root on the system. To be able to easilyidentify MySQL processes in top or a ps list, we'll make a userand group named mysql:
groupadd mysql
useradd -g mysql -c "MySQL Server" mysql
If you get any messages about the group or user already existing, that's fine.The goal is just to make sure we have them on the system.
What the useradd command is doing is creating a user mysqlin the group mysql with the "name" of MySQL Server. This way when it'sshowed in various user and process watching apps, you'll be able to tell what it is rightaway.
Now we'll change to the "working" directory where the source code is,change the file 'ownership' for the source tree (this prevents build issues inreported in some cases where the packager's username was included on the sourceand you aren't using the exact same name to compile with!) and start building.
The configure command has many options you can specify.I have listed some fairly common ones; if you'd like to see others, do:
./configure --help | less
to see them all. Read the documentationon the MySQL website for a more detailed explanation of each option.
cd /usr/local/src/mysql-4.1.22
chown -R root.root *
make clean
./configure \
--prefix=/usr/local/mysql \
--localstatedir=/usr/local/mysql/data \
--disable-maintainer-mode \
--with-mysqld-user=mysql \
--with-unix-socket-path=/tmp/mysql.sock \
--without-comment \
--without-debug \
--without-bench
18-Jul-2005: If you are installing MySQL 4.0.x on Fedora Core 4, there is aproblem with LinuxThreads that prevents MySQL from compiling properly.Installing on Fedora Core 3 works fine though. Thanks to Kevin Spencer for bringingthis to my attention. There is a workaround listed athttp://bugs.mysql.com/bug.php?id=9497.Thanks to Collin Campbell for that link. Another solution can befound at http://bugs.mysql.com/bug.php?id=2173.Thanks to Kaloyan Raev for that one.
Now comes the long part, where the source code is actually compiled and then installed.Plan to get some coffee or take a break while this step runs. It could be 10-15 minutes ormore, depending on your system's free memory, load average, etc.
make && make install
Configure MySQL
MySQL is "installed" but we have a few more steps until it's actually "done"and ready to start. First run the script which actually sets up MySQL'sinternal database (named, oddly enough, mysql).
./scripts/mysql_install_db
Then we want to set the proper ownership for the MySQL directories and data files, so thatonly MySQL (and root) can do anything with them.
chown -R root:mysql /usr/local/mysql
chown -R mysql:mysql /usr/local/mysql/data
Copy the default configuration file for the expected size of the database (small, medium, large, huge)
cp support-files/my-medium.cnf /etc/my.cnf
chown root:sys /etc/my.cnf
chmod 644 /etc/my.cnf
If you get an error message about the data directory not existing, etc., something wentwrong in the mysql_install_db step above. Go back and review that; make sure you didn'tget some sort of error message when you ran it, etc.
Now we have to tell the system where to find some of the dynamic libraries thatMySQL will need to run. We use dynamic libraries instead of static to keep the memoryusage of the MySQL program itself to a minimum.
echo "/usr/local/mysql/lib/mysql" >> /etc/ld.so.conf
ldconfig
Now create a startup script, which enables MySQL auto-start eachtime your server is restarted.
cp ./support-files/mysql.server /etc/rc.d/init.d/mysql
chmod +x /etc/rc.d/init.d/mysql
/sbin/chkconfig --level 3 mysql on
Then set up symlinks for all the MySQL binaries, so they can be runfrom anyplace without having to include/specify long paths, etc.
cd /usr/local/mysql/bin
for file in *; do ln -s /usr/local/mysql/bin/$file /usr/bin/$file; done
MySQL Security Issues
First, we will assume that only applications on the same serverwill be allowed to access the database (i.e., not a program runningon a physically separate server). So we'll tell MySQL not to evenlisten on port 3306 for TCP connections like it does by default.
Edit /etc/my.cnf and uncomment the
skip-networking
line (delete the leading #).
For more security info, check this great tutorialover at SecurityFocus.
Start MySQL
First, test the linked copy of the startup script in the normal server runlevelstart directory, to make sure the symlink was properly set up:
cd ~
/etc/rc.d/rc3.d/S90mysql start
If you ever want to manually start or stop the MySQL server, use these commands:
/etc/rc.d/init.d/mysql start
/etc/rc.d/init.d/mysql stop
Let's "test" the install to see what version of MySQL we're running now:
mysqladmin version
It should answer back with the version we've just installed...
Now we'll set a password for the MySQL root user (note that theMySQL root user is not the same as the systemroot user, and definitely should not have the samepassword as the system root user!).
mysqladmin -u root password new-password
(obviously, insert your own password in the above command instead of the "new-password" string!)
You're done! MySQL is now installed and running on your server. It is highly recommendedthat you read about MySQL security and lock down your server as much as possible. The MySQLsite has info at http://www.mysql.com/doc/en/Privilege_system.html.
Test MySQL
To run a quick test, use the command line program mysql:
mysql -u root -p
and enter your new root user password when prompted. You will thensee the MySQL prompt:
mysql>
First, while we're in here, we'll take care of another securityissue and delete the sample database test and all defaultaccounts except for the MySQL root user. Enter each of these linesat the mysql> prompt:
drop database test;
use mysql;
delete from db;
delete from user where not (host="localhost" and user="root");
flush privileges;
As another security measure, I like to change the MySQL administrator accountname from root to something harder to guess. This will make it thatmuch harder for someone who gains shell access to your server to take control ofMySQL.
MAKE SURE YOU REMEMBER THIS NEW NAME, AND USE IT WHEREVER
YOU SEE "root" IN OTHER DIRECTIONS, WEBSITES, ETC.
ONCE YOU DO THIS STEP, THE USERNAME "root" WILL CEASE TO
EXIST IN YOUR MYSQL CONFIGURATION!
update user set user="sqladmin" where user="root";
flush privileges;
Now, on with the "standard" testing... First, create a new database:
create database foo;
You should see the result:
Query OK, 1 row affected (0.04 sec)
mysql>
Delete the database:
drop database foo;
You should see the result:
Query OK, 0 rows affected (0.06 sec)
mysql>
To exit from mysql enter \q:
\q
Build and Install Apache (with DSO support)
The advantage to building Apache with support for dynamically loaded modules isthat in the future, you can add functionality to your webserver by just compilingand installing modules, and restarting the webserver. If the features were compiledinto Apache, you would need to rebuild Apache from scratch every time you wantedto add or update a module (like PHP). Your Apache binary is also smaller, whichmeans more efficient memory usage.
The downside to dynamic modules is a slight performance hit compared to havingthe modules compiled in.
cd /usr/local/src/apache_1.3.37
make clean
./configure \
--prefix=/usr/local/apache \
--enable-shared=max \
--enable-module=rewrite \
--enable-module=so
make && make install
Build and Install PHP
This section has only been tested with PHP v4.x. If you are trying to buildPHP 5.x, I do not have experience with this yet, and do not provide free supportfor you to get it working. Please note that there are many options whichcan be selected when compiling PHP. Some will have library dependencies, meaningcertain software may need to be already installed on your server before you startbuilding PHP. You can use the command
./configure --help | less
once you change into the PHP source directory. This will show you a list of all possibleconfiguration switches. For more information on what these switches are, pleasecheck the PHP website documentation.
cd /usr/local/src/php-4.4.6
./configure \
--with-apxs=/usr/local/apache/bin/apxs \
--disable-debug \
--enable-ftp \
--enable-inline-optimization \
--enable-magic-quotes \
--enable-mbstring \
--enable-mm=shared \
--enable-safe-mode \
--enable-track-vars \
--enable-trans-sid \
--enable-wddx=shared \
--enable-xml \
--with-dom \
--with-gd \
--with-gettext \
--with-mysql=/usr/local/mysql \
--with-regex=system \
--with-xml \
--with-zlib-dir=/usr/lib
make && make install
cp php.ini-dist /usr/local/lib/php.ini
I like to keep my config files all together in /etc. I set upa symbolic link like this:
ln -s /usr/local/lib/php.ini /etc/php.ini
Then I can just open /etc/php.ini in my editor to make changes.
Recommended reading on securing your PHP installation is thisarticle at SecurityFocus.com.
Edit the Apache Configuration File (httpd.conf)
I like to keep all my configuration files together in /etc, so Iset up a symbolic link from the actual location to /etc:
ln -s /usr/local/apache/conf/httpd.conf /etc/httpd.conf
Now open /etc/httpd.conf in your favorite text editor, and set allthe basic Apache options in accordance withthe official Apache instructions(beyond the scope of this HOWTO).
Also recommended is the article on securing Apache.
To ensure your PHP files are properly interpreted, and not just downloaded as text files, remove the# at the beginning of the lines which read:
If the AddType lines above don't exist, manually enter them (without the leading # of course) after the line
AddType application/x-tar .tgz
or anyplace within the <IfModule mod_mime.c> section of httpd.conf.
If you wish to use other/additional extensions/filetypes for your PHP scriptsinstead of just .php, add them to the AddType directive:
AddType application/x-httpd-php .php .foo
AddType application/x-httpd-php-source .phps .phtmls
An example: if you wanted every single HTML page to be parsed and processed like a PHPscript, just add .htm and .html:
AddType application/x-httpd-php .php .htm .html
There will be a bit of a performance loss if every single HTML page is being checked for PHP codeeven if it doesn't contain any. But if you want to use PHP but be "stealthy" about it, you canuse this trick.
Add index.php to the list of valid Directory Index files so that your "default page"in a directory can be named index.php.
<IfModule mod_dir.c>
DirectoryIndex index.php index.htm index.html
</IfModule>
You can add anything else you want here too. If you want foobar.baz to bea valid directory index page, just add the .baz filetype to the AddTypeline, and add foobar.baz to the DirectoryIndex line.
Start Apache
We want to set Apache up with a normal start/stop script in /etc/rc.d/init.d so itcan be auto-started and controlled like other system daemons. Set up a symbolic link for theapachectl utility (installed automatically as part of Apache):
ln -s /usr/local/apache/bin/apachectl /etc/rc.d/init.d/apache
Then set up auto-start for runlevel 3 (where the server will go by default):
ln -s /etc/rc.d/init.d/apache /etc/rc.d/rc3.d/S90apache
Then start the daemon:
/etc/rc.d/init.d/apache start
You can check that it's running properly by doing:
ps -ef
and look for the httpd processes.
A note from the author
I hope you find this guide, HOWTO, tutorial -- call it what you will -- useful. I also hope it savesyou some time. If you do find it useful, I would be grateful if you could make a donation using thebutton below (and if it wasn't useful, mail me andtell me why not).
I receive a great deal of mail as a result of this HOWTO, much of it asking me to solve variousLAMP-related problems. Please bear in mind that the money that puts food on my family's table comesfrom the consultancy work that I do. If you would like help with any ofthe points discussed in this article, mail me andtell me what that help is worth to you. Quote any amount you like, and if I'm able to help you out,you can make a PayPal donation by way of thanks. Fair enough?
聯(lián)系客服
