Mageia 2 LAMP server


Mageia can also be used to setup fast, clean and easy to use server systems.

Installation from the Wired Network-based install CD

Minimal installation

Boot from the iso.
Just follow the installation procedure :
Installation method : FTP or HTTP server
Medium : Mageia 2
Select your preferred mirror carefully.

Partitioning

Since this is a web server, I personally like to create a separate /var partition.

Select packages

We are doing a minimal install, so deselect everything!
(we could directly choose web/ftp/database/etc servers but I like to do it by hand)
When everything is deselected, a following screen will offer you some more choices. Just accept the defaults.

Users

Set a root password, and create a regular user.
Installation terminated, reboot.

Configuration

Login as root
# df -h
Shows that a minimal install takes less than 600M of disk space, that’s nice!
Update packages database
# urpmi.update -a
Install server-flavored kernel and some useful programs while we are at it
# urpmi kernel-server-latest nano mlocate htop
Set the hostname
# echo >/etc/hostname mageiabox.example.com
# nano /etc/hosts
(edit accordingly)
Then reboot!

IMPORTANT!

By default, the firewall (shorewall) is enabled (unless you disabled it at installation time), and does not allow incoming connections.
Install some useful servers : ntpd, sshd
# urpmi ntpd sshd
Note : by default, ssh root login is not permitted.
Install and configure Postfix mail server (here just to be able to send mails
# urpmi postfix nail
(the nail package contains the regular mail/mailx command line program)
Edit postfix’s main configuration
# nano /etc/postfix/main.cf
(I personally add my ISP’s relayhost)
relayhost = smtp.myisp.com
Edit aliases if needed
# nano /etc/postfix/aliases
I personally set a root: alias with another email address.
root: me@myaddress.com
Don’t forget
# newaliases
Then start postfix
# service postfix start
Send a test mail
# echo “From my Mageia server!” | mail -s “Hello” me@myaddress.com
In case of problems, check the logs
# tail /var/log/mail/info.log
Now install the LAMP (Apache-Mysql-Php) stack
There are several variants, check with
# urpmq -S -a lamp
And install
# urpmi task-lamp
Note: this task will also install proftpd FTP server.
To disable proftpd :
# chkconfig proftpd off && service proftpd stop
Next, we must start and set a root password to MariaDB (mysql drop-in replacement in Mageia)
# service mysqld start
# mysqladmin password
(set new root password)
If you need to review the specific instructions for this MariaDB package
# more /usr/share/doc/mariadb/README.urpmi
Note : this LAMP stack also comes with phpmyadmin and php-eaccelerator.

Apache

Under Mageia, Apache’s process is httpd, process user and group are both “apache”. Configuration files are located in /etc/httpd/
Start Apache
# service httpd start
We need to configure the firewall to allow access to our web server from the outside.
Very simple with
# drakfirewall
(we could also edit manually the /etc/shorewall/rules file, and restart shorewall)
Your web server is now accessible from the other hosts.
Web statistics with Awstats
# urpmi awstats
There is a daily cron job, but it is possible to generate stats asap
# /usr/share/awstats/www/awstats.pl -config=awstats.conf -update
Can be consulted at http://<yourserver>/awstats

Need a blog? Easy installation of WordPress

# urpmi wordpress
Create a database
# mysql -uroot -p <<EOF
CREATE DATABASE mywpdatabase;
GRANT ALL PRIVILEGES ON mywpdatabase.* TO "mywpuser"@"localhost" IDENTIFIED BY "mywppassword";
FLUSH PRIVILEGES;
EXIT
EOF
Point your browser to http:<yourserver>/wordpress to finish installation.

Need a CMS?

Drupal is available in the repository.
# urpmi drupal

Need a wiki?

# urpmq -a -S wiki
There’s Dokuwiki (lightweight), Mediawiki (heavyweight).
Example for Mediawiki, without suggested packages
# urpmi –no-suggests mediawiki
or the much lighter version
# urpmi –no-suggests mediawiki-minimal
Now initialize your new wiki “mywiki”
# mediawiki-create /var/www/mediawiki/mywiki
And enable it within Apache
# nano /etc/httpd/conf/webapps.d/mediawiki.conf
Alias /skins /usr/share/mediawiki/skins
Alias /wiki /var/www/mediawiki/mywiki
<Directory "/var/www/mediawiki/mywiki">
   Order allow,deny
   Allow from All
   Options +FollowSymLinks
</Directory>
# apachectl restart
Create missing “skins” symlink
# ln -s /usr/share/mediawiki/skins /var/www/mediawiki/mywiki/skins
Point your browser to http://<yourserver>/wiki and follow the install process.
 
Need OwnCloud?
# urpmi owncloud
Then point your browser to http://<yourserver>/owncloud/
Note : this may not be the latest version.

Need a web-based project management system?

Chiliproject, Redmine are packaged.

Need a bug-tracking web-based system?

Bugzilla is in the repository.
# urpmi –no-suggests bugzilla

Need a Pastebin?

Stikked is here.
# urpmi stikked
Read the install docs
# more /usr/share/stikked/INSTALL
At the time of writing this, there are only few webapps in the repositories (and versions maybe slightly lagging behind). But nothing prevents you from installing your favorite webapp from the project’ source.

Basic server supervision

smartmontools and hddtemp for hard disk health monitoring

# urpmi smartmontools hddtemp
eventually review smartd daemon configuration
# nano /etc/smartd.conf
start daemon
# chkconfig smartd on; service smartd start
Display status for /dev/sda
# smartctl -H /dev/sda

Sensors (can be used with Munin for monitoring temperatures, fan speeds, etc)

# urpmi lm_sensors
Then run
# sensors-detect

Logwatch (daily cron job)

# urpmi logwatch
Review config file
# nano /etc/log.d/logwatch.conf

Graphical supervision with munin 2.0

# urpmi munin-master munin-node
You may receive email warnings about missing munin-conf.d directory, so we create it:
# mkdir -p /etc/munin/munin-conf.d
Add some more plugins (sensors…)
# ln -s /usr/share/munin/plugins/sensors_ /etc/munin/plugins/
Don’t forget to restart node
# service munin-node restart
Please allow several minutes for Munin to generate his first html data (in case you’re encountering an “access denied” error when accessing the URL), then access your Munin dashboard by pointing your browser to http://<yourserver>/munin

Basic server security

(Please note, web server hardening is not the goal of this howto!)

Install Mageia-specific security tools, such as msec

# urpmi –no-suggests msec
Show current msec policy
# msec
Your system will be checked periodically via cron jobs (in /etc/cron.*/msec)
Check the logs
# less /var/log/msec.log

rkhunter (rootkit detection)

# urpmi rkhunter
# rkhunter –propupd
# rkhunter –check
(you may encounter some false positives)
A daily cron job is created.

Fail2ban (anti brute-force)

# urpmi fail2ban
Edit configuration (you should enable at least the ssh-iptables jail, and correct the email addresses in sendmail-whois)
# nano /etc/fail2ban/jail.conf
And start daemon
# service fail2ban start
Test brute force ssh with this command from another machine :
$ ssh invaliduser@<yourserver>
(try any password many times)
Now you can see the result on the server with the command
# fail2ban-client status ssh-iptables
And you’ll see the banned IP from the “attacking” machine🙂

TIPS

Always read the man pages and the docs!
# ls -al /usr/share/doc/
Show all available packages
# urpmq –list -f |less
(or better, use the AppDb website, link below)
Show info for a package
# urpmq -Si <package>
Update system
# urpmi –auto-update
Show currently active repositories
# urpmq –list-media active

Useful links

Official documentation
Mageia AppDb

3 thoughts on “Mageia 2 LAMP server

  1. Great stuff. How do you do something equivalent to a2enmod on Mageia 2? I am trying to install Drupal and it seems as though it works but then I get an error as soon as I log in to my Drupal site. Something like localhost/drupal/<echo ! … is the address in the URL bar at that point.

  2. That’s a good question actually! You could always add a "LoadModule " statement in your httpd.conf.
    Maybe there’s a more Mageia-specific way to do it but I don’t even know yet🙂
    A good place to ask would be the official forums!

    • As it turns out, setting up Drupal (and WordPress) in Mageia is really easy via the repos. Everything’s nicely integrated too and has the correct permissions. Currently WordPress is the latest i.e. 3.4.2. and Drupal is 7.16 i.e. one behind the version you can download directly from the site.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s