Installing Lamp In Fedora

What is LAMP (software bundle)

The acronym LAMP (or L.A.M.P.) refers to a set of free software programs commonly used together to run dynamic Websites or Servers.

  • Linux, the operating system
  • Apache, The web server.
  • MySQL, the database management system.
  • PHP (Sometimes Perl or Python), the programming language.

The combination of these technologies is used primarily to define a web server infrastructure, define a programming paradigm of developing software, and establish a software distribution package. The scripting component of the LAMP stack has its origins in the CGI web interfaces that became popular in the early 1990s. This technology allows the user of a web browser to execute a program on the web server, and to thereby receive dynamic as well as static content. Programmers used scripting languages with these programs because of their ability to manipulate text streams easily and efficiently, even when they originate from disparate sources. For this reason system designers often referred to such scripting systems as glue languages.

Michael Kunze coined the acronym LAMP in an article for the German computing. The article aimed to show that a bundle of free software could provide a viable alternative to commercial packages. Knowing about the IT-world's love of acronyms, Kunze came up with LAMP as a marketing-like term to popularize the use of free software. O'Reilly and MySQL AB have popularized the term among English-speakers. Indeed, MySQL AB has since based some of its marketing efforts on the popularity of the LAMP stack.

Apache HTTP Server:

Apache HTTP Server is a FLOSS web server, the most popular in use, serving as the reference platform against which other web servers are designed and judged.

MySQL:

MySQL is a multithreaded multiuser SQL Database Management System (DBMS) with more than six million installations.

PHP:

PHP (PHP: Hypertext Preprocessor) is a is a reflective programming languare originally designed for producing dynamic web pages. PHP is used mainly in server side application software but can be used from a Command Line Interface or in standalone graphical applications.

Softwares recommended:

  1. Web Server: Apache 2.2.3
  2. Database Server: MySQL 5.0.22
  3. Mail Server: Postfix
  4. DNS Server: BIND9 (chrooted)
  5. FTP Server: proftpd
  6. POP3/IMAP server: dovecot
  7. Webalizer for web site statistics

In this documentation, I use the hostname server1.example.com with the IP address 192.168.0.100 and the gateway 192.168.0.1. These settings might differ for you, so you have to replace them where appropriate.

Step 1 is to install the Fedora Core 6 with the proper packages selected.

Step 2: Editing the /etc/hosts file:

Type this command:

  1. vi /etc/hosts
: 127.0.0.1         localhost.localdomain localhost
192.168.0.100    server1.example.com server1
::1                     server1.example.com server1     localhost.localdomain localhost

(It is important that you add a line for server1.example.com and remove server1.example.com and server1 from the 127.0.0.1 line.)

Step 3: Now if you have 2 NIC cards, then you need to configure your second NIC card with the following details:

  1. Advanced Micro Devices [AMD] 79c970 [PCnet32 LANCE]
DEVICE=eth0
BOOTPROTO=static
BROADCAST=192.168.0.255
HWADDR=(as you have)
IPADDR=192.168.0.100
IPV6ADDR=
IPV6PREFIX=
NETMASK=255.255.255.0
NETWORK=192.168.0.0
ONBOOT=yes

If you dont have an additional card, just make a virtual ethernet card by creating another file in your Network Scripts folder.

  1. vi /etc/sysconfig/network-scripts/ifcfg-eth0:0

Then enter the details shown above. Then restart the Network service.

  1. /etc/init.d/network restart

Step 4 : Disabling the Security Firewall:

Disable the card by using the follwing command to get the Toggle Option:

  1. system-config-securitylevel

Step 5: Disabling SELinux:

  1. vi /etc/selinux/config

There set SELINUX=disabled

Then you need to restart the machine to make effects of the Changes.

  1. shutdown -r now

Step 6: Install the following applications using YUM.

  1. yum install fetchmail wget bzip2 unzip zip nmap openssl lynx fileutils ncftp

Step 7: Install Quota:

  1. yum install quota

Edit /etc/fstab and add ,usrquota,grpquota to the / partition and run the follwing commands to enable quota.

  1. touch /aquota.user /aquota.group
  2. chmod 600 /aquota.*
  3. mount -o remount /
  4. quotacheck -avugm
  5. quotaon -avug

Step 8: Installing DNS (BIND)

As its more secure to use Chrooted Bind, I install that. I am configuing the zones using the ISPCongig interface. So first install BIND.

  1. yum install bind-chroot

Then a few permissions are to be set and BIND service has to be started.

  1. chmod 755 /var/named/
  2. chmod 775 /var/named/chroot/
  3. chmod 775 /var/named/chroot/var/
  4. chmod 775 /var/named/chroot/var/named/
  5. chmod 775 /var/named/chroot/var/run/
  6. chmod 777 /var/named/chroot/var/run/named/
  7. cd /var/named/chroot/var/named/
  8. ln -s ../../ chroot
  9. chkconfig —levels 235 named on
  10. /etc/init.d/named start

Here BIND will run in a chroot jail under /var/named/chroot/var/named/.

Step 9: Installing MySQL (Ver 5.0)

  1. yum install mysql mysql-devel mysql-server

Then MySQL daemon mysqld has to be started on startup itself. So run the following commands.

  1. chkconfig —levels 235 mysqld on
  2. /etc/init.d/mysqld start

Now check that networking is enabled. Run

  1. netstat -tap

This should show the line below:

tcp   0   0 *:mysql    *:*  LISTEN  2008/mysqld

If it does not, edit /etc/my.cnf and comment out the option skip-networking and restart your MySQL server.

Configuring MySQL:

Set up a root password for your MySQL database using the commands below otherwise anybody can access your MySQL database!).

  1. mysqladmin -u root password yourrootsqlpassword
  2. mysqladmin -h server1.example.com -u root password yourrootsqlpassword

Step 10: Postfix With SMTP-AUTH And TLS

Now we install Postfix and dovecot (dovecot will be our POP3/IMAP server):

  1. yum install cyrus-sasl cyrus-sasl-devel cyrus-sasl-gssapi cyrus-sasl-md5 cyrus-sasl-plain postfix dovecot

Now to configure SMTP-AUTH and TLS:

  1. postconf -e 'smtpd_sasl_local_domain ='
  2. postconf -e 'smtpd_sasl_auth_enable = yes'
  3. postconf -e 'smtpd_sasl_security_options = noanonymous'
  4. postconf -e 'broken_sasl_auth_clients = yes'

#postconf -e 'smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination'
#postconf -e 'inet_interfaces = all'
#postconf -e 'mynetworks = 127.0.0.0/8'

Now edit /usr/lib/sasl2/smtpd.conf so that Postfix allows PLAIN and LOGIN logins.

  1. vi /usr/lib/sasl2/smtpd.conf

It should look like this.

pwcheck_method: saslauthd
mech_list: plain login
  1. mkdir /etc/postfix/ssl
  2. cd /etc/postfix/ssl/
  3. openssl genrsa -des3 -rand /etc/hosts -out smtpd.key 1024
  4. chmod 600 smtpd.key
  5. openssl req -new -key smtpd.key -out smtpd.csr
  6. openssl x509 -req -days 3650 -in smtpd.csr -signkey smtpd.key -out smtpd.crt
  7. openssl rsa -in smtpd.key -out smtpd.key.unencrypted
  8. mv -f smtpd.key.unencrypted smtpd.key
  9. openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 3650
  1. postconf -e 'smtpd_tls_auth_only = no'
  2. postconf -e 'smtp_use_tls = yes'
  3. postconf -e 'smtpd_use_tls = yes'
  4. postconf -e 'smtp_tls_note_starttls_offer = yes'
  5. postconf -e 'smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key'
  6. postconf -e 'smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt'
  7. postconf -e 'smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem'
  8. postconf -e 'smtpd_tls_loglevel = 1'
  9. postconf -e 'smtpd_tls_received_header = yes'
  10. postconf -e 'smtpd_tls_session_cache_timeout = 3600s'
  11. postconf -e 'tls_random_source = dev:/dev/urandom'

After these configuration steps you should now have a /etc/postfix/main.cf that looks like this (I have removed all comments from it):

  1. vi /etc/postfix/main.cf
queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
mail_owner = postfix
inet_interfaces = all
mydestination = $myhostname, localhost.$mydomain, localhost
unknown_local_recipient_reject_code = 550
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
debug_peer_level = 2
debugger_command =
         PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
         xxgdb $daemon_directory/$process_name $process_id & sleep 5

sendmail_path = /usr/sbin/sendmail.postfix
newaliases_path = /usr/bin/newaliases.postfix
mailq_path = /usr/bin/mailq.postfix
setgid_group = postdrop
html_directory = no
manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/postfix-2.3.3/samples
readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES
smtpd_sasl_local_domain =
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
mynetworks = 127.0.0.0/8
smtpd_tls_auth_only = no
smtp_use_tls = yes
smtpd_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom

Now start Postfix, saslauthd, and dovecot:

  1. chkconfig —levels 235 sendmail off
  2. chkconfig —levels 235 postfix on
  3. chkconfig —levels 235 saslauthd on
  4. chkconfig —levels 235 dovecot on
  5. /etc/init.d/sendmail stop
  6. /etc/init.d/postfix start
  7. /etc/init.d/saslauthd start
  8. /etc/init.d/dovecot start

To see if SMTP-AUTH and TLS work properly now run the following command:

  1. telnet localhost 25

If you see the lines everything is fine.

250-STARTTLS 
250-AUTH

Setting up Maildir

Dovecot uses Maildir format (not mbox), so if you install ISPConfig on the server, please make sure you enable Maildir under Management -> Server -> Settings -> Email. ISPConfig will then do the necessary configuration.

If you do not want to install ISPConfig, then you must configure Postfix to deliver emails to a user's Maildir:

  1. postconf -e 'home_mailbox = Maildir/'
  2. postconf -e 'mailbox_command ='
  3. /etc/init.d/postfix restart

Step 11: Apache2 With PHP5

Install the packages first

  1. yum install php php-devel php-gd php-imap php-ldap php-mysql php-odbc php-pear php-xml php-xmlrpc curl curl-devel perl-libwww-perl ImageMagick libxml2 libxml2-devel

Then edit /etc/httpd/conf/httpd.conf

  1. vi /etc/httpd/conf/httpd.conf

There change Directory Index to:

DirectoryIndex index.html index.htm index.shtml index.cgi index.php index.php3 index.pl

Now configure your system to start Apache at boot time and start Apache.

  1. chkconfig —levels 235 httpd on
  2. /etc/init.d/httpd start

Disable PHP Globally

(If you do not plan to install ISPConfig on this server, please skip this section!)

In ISPConfig you will configure PHP on a per-website basis, i.e, you can specify which website can run PHP scripts and which one cannot. This can only work if PHP is disabled globally because otherwise all websites would be able to run PHP scripts, no matter what you specify in ISPConfig.

To disable PHP globally, we edit /etc/httpd/conf.d/php.conf and comment out the AddHandler and AddType lines:

  1. vi /etc/httpd/conf.d/php.conf
#
# PHP is an HTML-embedded scripting language which attempts to make it
# easy for developers to write dynamically generated webpages.
#

LoadModule php5_module modules/libphp5.so

#
# Cause the PHP interpreter to handle files with a .php extension.
#
#AddHandler php5-script .php
#AddType text/html .php

#
# Add index.php to the list of files that will be served as directory
# indexes.
#
DirectoryIndex index.php

#
# Uncomment the following line to allow PHP to pretty-print .phps
# files as PHP source code:
#
#AddType application/x-httpd-php-source .phps

Now restart Apache:

  1. /etc/init.d/httpd restart

Installing ProFTPd

ISPConfig has better support for proftpd than vsftpd, so let's remove vsftpd and install proftpd:

  1. yum remove vsftpd
  2. yum install proftpd
  3. chkconfig —levels 235 proftpd on
  4. /etc/init.d/proftpd start

Installing Webalizer

To install webalizer, just run

  1. yum install webalizer

Install Some Perl Modules

ISPConfig comes with SpamAssassin which needs a few Perl modules to work. We install the required Perl modules with a single command:

  1. yum install perl-HTML-Parser perl-DBI perl-Net-DNS perl-Digest-SHA1

Install ISPConfig to manage the LAMP server

Hint: With the system installation, some system files are replaced where adjustments were made.
This can lead to loss of entries in named.conf as well as in the Sendmail/Postfix configuration.
Important: ISPConfig is meant to be installed on new Linux installations with no web sites, so if you run a server with hundreds of web sites and need a control panel that can take care of those existing web sites, then ISPConfig is not for you!

You can download the package from the link below. Just enter the command in your command line.

  1. wget -c http://puzzle.dl.sourceforge.net/sourceforge/ispconfig/ISPConfig-2.2.8.tar.gz

File Size: 29.6 MB

Then extract the Package:

  1. tar xvfz ISPConfig*.tar.gz
  2. cd install_ispconfig

In this directory please check the file dist.txt and see if the values given there suit to your Linux installation (they should be suitable for standard installations). If you change any values please be sure not to change the format of the file.

Then start the setup-script from there:

  1. ./setup

The installer will now compile an Apache with PHP5 that will run on port 81 and is needed by the ISPConfig system itself. It will not interfere with your existing Apache installation so you can go on unworried.

Important: Be sure to have installed gcc, flex and all the other tools neded for compiling sources before you run ./setup! You also need to install the MySQL header files which normally come in a package called mysql-devel, mysql-dev, libmysql-devel or something similar. Otherwise PHP5 will not compile, and the installation of ISPConfig stops!

When the ISPConfig Apache is built, a custom SSL certificate is built. Therefore you are asked a few questions. You can accept the default values, or you can enter new values there, this does not matter:

During compilation, in step 7 ("Encrypting RSA private key of CA with a pass phrase for security [ca.key]")and step 8 ("Encrypting RSA private key of SERVER with a pass phrase for security [server.key]") of the certificate creation process you are asked if you want to encrypt the respective key now. Choose n there because otherwise you will always be asked for a password whenever you want to restart the ISPConfig system which means it cannot be restarted without human interaction!

If the compilation fails, the setup is stopped and all compiled files are removed. From the error message you get you should be able to see the reason for the failure (in most cases a package (like the MySQL header files) is missing). Try to solve the problem and the re-run ./setup.

In case of success the setup goes on:

Please choose your language. This is the language of the ISPConfig interface.

Afterwards you are shown the ISPConfig licence (BSD licence). Please read it carefully! You accept it by typing "y”. If you do not want to accept the ISPConfig licence, type “n”, and the installation routine stops.

Installation Mode.

Please select the installation mode afterwards. You can choose between the standard and the expert mode.

In standard mode the installation routine takes standard settings for your Linux distribution and writes them to the ISPConfig system. In expert mode the installation routine proposes standard settings to you (e.g. location of the config file of your FTP server or log file of your mail server) which you can confirm or edit.

In normal circumstances the standard mode should meet your requirements. Select the expert mode if you are familiar with your system.

The installation sript checks if the following software is installed:

  • Apache webserver,
  • Mail Transport Agent (MTA): Sendmail or Postfix,
  • Procmail,
  • Quota,
  • MySQL,
  • ProFTP or vsftpd,
  • OpenSSL,
  • Bind8 / Bind9,
  • iptables or ipchains.

If any of the packages is not present, the installation routine stops. Install the missing package, delete the directoy install_ispconfig, unpack ISPConfig again and start from the beginning. In addition to that the syntax of your existing Apache configuration files is checked. If any error is found the installation routine stops. If all conditions are fulfilled, you are asked a few questions, whose answers are necessary for the installation of ISPConfig. In case not all conditions are fulfilled the setup script stops. Install the missing software, delete the directoy install_ispconfig, unpack ISPConfig again and start from the beginning.

Afterwards the following information has to be provided:

Please enter your MySQL server: E.G. localhost
Please enter your MySQL user: E.G. root
Please enter your MySQL password: Your MySQL password
Please enter a name for the ISPConfig database: E.g. ispconfigdb
Please enter the IP address of the ISPConfig web: E.g. 192.168.0.1
Please enter the host name: E.g. www
Please enter the domain: E.g. xyz.de

Please select the protocol (http or https (SSL encryption)) to use to access the ISPConfig system: If you want to use your control panel with SSL, select 1. You can then access it under https://www.xyz.de:81. If you want to access it under http://www.xyz.de:81, choose 2.

After you have answered the questions ISPConfig should be duly installed. If you indicated www as host and xyz.com as the domain during the installation, you will find the ISPConfig interface under https://www.xyz.de:81 or http://www.xyz.de:81. Here you can login first with the user name admin and password admin. It is recommended to change the password immediately! This can be done under Tools -> Change password

If your server has more than one IP address, please check if your additional IP addresses have been correctly detected by the installation routine under Management - > Server - >
Properties in the register Server -> IP list.

SpamAssassin

The ISPConfig comes with SpamAssassin, but without the Perl modules needed by
SpamAssassin. Run the following command after the installation of the ISPConfig:

  1. /home/admispconfig/ispconfig/tools/spamassassin/usr/bin/spamassassin

If errors appear you have to install some Perl modules.

perl -MCPAN -e shell
install HTML::Parser
install DB_File
install Net::DNS (when prompted to enable tests, choose "no")
install Digest::SHA1

To leave the Perl shell type 'q'. If /home/admispconfig/ispconfig/tools/spamassassin/usr/bin/spamassassin does not return any error everything is fine. You can then leave SpamAssassin by typing

" CTRL + c".

Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-Share Alike 2.5 License.