CentOS, Drupal, MySQL, and PhpMyAdmin from tgz.

Posted on 2011.08.19 by fwfr

Setting up drupal inside an institution with firewalls, proxy, and security is oh-so much fun. A challenge really. So I’ve decided to post my recipes for those seeking a bit of info.

This is version 0.1.  A new improved version will come out in a week.  The environment is CentOS, Apache 2x, MySQL 5.1, PHP 5.3 and Drupal 7.7.  Given a bit of knowledge this would work for Slackware, RedHat, Ubuntu, and almost any other Linux distribution.

Seriously, I’d rather be playing with the setup of something a wee bit more involved. Like Koha, Zoph, Invenio, or Fedora.  DSpace is easy too.

# make all directories needed, ignore if already present.

mkdir /data1/drupal
mkdir /data1/phpmyadmin
mkdir /data1/securefiles
mkdir /data1/mysql_datafiles
mkdir /var/lib/php/session

# setting permissions for files and directories

chown apache:apache /data1/securefiles /data1/phpmyadmin
chown mysql:mysql /data1/mysql_datafiles
chown apache:www-data /data1/drupal

MYSQL

Modifications to MYSQL

MySQL data files are installed on the /data1 partition in a directory ./mysql_datafiles

STOP mysqld if running 

# /sbin/service mysqld stop

# mkdir /data1/mysql_datafiles
# chown mysql:mysql /data/mysql_datafiles
# chcon -h system_u:object_r:mysqld_db_t:s0 /data1/mysql_datafiles/
# cp -a /var/lib/mysql/* /data1/mysql_datafiles/
# cd /var/lib/mysql/
# tar cpPifz ~/20110811_var_lib_mysql.tgz ./*
# pwd

# rm ./* -Rf  

> show tables;

> select * from users;

APACHE

Server test.site.com

Make some directories for use later:

# mkdir /data1/drupal
# mkdir /data1/phpmyadmin
# mkdir /data1/securefiles
# mkdir /data1/mysql_datafiles
# chown apache:apache /data1/securefiles /data1/phpmyadmin
# chown mysql:mysql /data1/mysql_datafiles
# chown apache:www-data /data1/drupal

======================================================================================

Discover IP for ETH to be used as the virtual IP for HTTPD

# /sbin/ifconfig

====================================================================================

File [/etc/ssh/sshd_config]

Comment out and add at the end of the file.
This will allow dreamweaver to upload files with 0664 options to files and 775 to directories.

# override default of no subsystems
#Subsystem      sftp    /usr/libexec/openssh/sftp-server -u 0002
Subsystem sftp /bin/sh -c 'umask 0002; /usr/libexec/openssh/sftp-server'

===================================================================================

File [/etc/httpd/conf/httpd.conf]

comment out, double check:
	.......................................................
	# LoadModule userdir_module modules/mod_userdir.so
	.......................................................
	# LoadModule proxy_module modules/mod_proxy.so
	# LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
	# LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
	# LoadModule proxy_http_module modules/mod_proxy_http.so
	# LoadModule proxy_connect_module modules/mod_proxy_connect.so

	.......................................................
	#
		#
		# UserDir is disabled by default since it can confirm the presence
		# of a username on the system (depending on home directory
		# permissions).
		#
	#    UserDir disable

		#
		# To enable requests to /~user/ to serve the user's public_html
		# directory, remove the "UserDir disable" line above, and uncomment
		# the following line instead:
		#
		#UserDir public_html

	#
	.......................................................
	#
	# Control access to UserDir directories.  The following is an example
	# for a site where these directories are restricted to read-only.
	#
	#
	#    AllowOverride FileInfo AuthConfig Limit
	#    Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
	#
	#        Order allow,deny
	#        Allow from all
	#
	#
	#        Order deny,allow
	#        Deny from all
	#
	#
	.......................................................
	#
	#    # Location of the WebDAV lock database.
	#    DAVLockDB /var/lib/dav/lockdb
	#
	.......................................................
	# LoadModule dav_module modules/mod_dav.so
	.......................................................
	# LoadModule dav_fs_module modules/mod_dav_fs.so
	.......................................................
	# ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"
	.......................................................
	#
	# "/var/www/cgi-bin" should be changed to whatever your ScriptAliased
	# CGI directory exists, if you have that configured.
	#
	#
	#    AllowOverride None
	#    Options None
	#    Order allow,deny
	#    Allow from all
	#

Change / check the following settings in /etc/httpd/conf/httpd.conf
	.......................................................
	User apache
	Group www-data
	.......................................................
	ServerSignature Off
	.......................................................

Append at bottom of file:

        ServerAdmin webadmin@site.com
        DocumentRoot /data1/drupal
        ServerName test.site.com

                Options All
                AllowOverride All
                Order allow,deny
                Allow from all
                # DRUPAL 7 for "clean urls"
                RewriteEngine on
                RewriteCond %{REQUEST_FILENAME} !-f
                RewriteCond %{REQUEST_FILENAME} !-d
                RewriteRule ^ index.php [L]

        ErrorLog /var/log/httpd/localhost_error.log
        CustomLog /var/log/httpd/localhost_access.log combined

Save and close file.

==================================================================
Rename the following files in the /etc/httpd/conf.d/ directory.

mv perl.conf perl.conf.notloaded
mv proxy_ajp.conf proxy_ajp.conf.notloaded
mv python.conf python.conf.notloaded

Create a file /etc/httpd/conf.d/ proxy.conf containing.

	# proxy test
	# SetEnv http_proxy http://proxy.site.com:8080
	SetEnv HTTP_PROXY http://proxy.site.com:8080
	# PassEnv HTTP_PROXY
	# PassEnv NO_PROXY
	SetEnv NO_PROXY "127.0.0.1,localhost"

Save and close.

# cd /etc/httpd/conf.d/
# chmod 0644 *.conf
# chown root:root ./*

==================================================================

Append or create the file /etc/environment

	# -- proxy environment settings -- start
	export http_proxy="http://proxy.site.com:8080"
	export no_proxy="127.0.0.1,localhost"
	export HTTP_PROXY="http://proxy.site.com:8080"
	export NO_PROXY="127.0.0.1,localhost"
	export PROXY="http://proxy.site.com:8080"
	# -- proxy environment settings -- end

==================================================================
Set and check the following parameters in /etc/php.ini
They will exist in the file, may be commented out.

	memory_limit = 256M
	...
	log_errors = On
	...
	error_log = /var/log/php/php.log
	...
	session.save_path = "/var/lib/php/session"

Save and close
==================================================================
Double check the /etc/my.cnf file for the MySQL server

	[mysqld]
	#datadir=/var/lib/mysql
	datadir=/data1/mysql_datafiles
	socket=/var/lib/mysql/mysql.sock
	#socket=/data1/mysql_datafiles/mysql.sock
	user=mysql
	# Default to using old password format for compatibility with mysql 3.x
	# clients (those using the mysqlclient10 compatibility package).
	old_passwords=1

	# Disabling symbolic-links is recommended to prevent assorted security risks;
	# to do so, uncomment this line:
	# symbolic-links=0

	[mysqld_safe]
	log-error=/var/log/mysqld.log
	pid-file=/var/run/mysqld/mysqld.pid

	# Buffer InnoDB buffer pool reads (~50-80% of RAM you.d like MySQL to use)
	innodb_buffer_pool_size = 128M
	# Larger query buffers and caching
	query_cache_size = 32M
	join_buffer_size = 4M
	tmp_table_size = 16M
	max_heap_table_size = 16M
	sort_buffer_size = 4M
	read_rnd_buffer_size = 4M

	# Important if using InnoDB on Windows:
	#innodb_flush_log_at_trx_commit = 2
	Max_allowed_packet = 16M

This is the full contents of that file.  Save and close.

============================================================================

/sbin/services/mysqld restart
/sbin/services/httpd restart

PHPMYADMIN

title:	PHPMYADMIN [installation]
date:	20110810

get the latest phpmyadmin.tar.gz file

http://downloads.sourceforge.net/project/phpmyadmin/phpMyAdmin/3.4.3.2/phpMyAdmin-3.4.3.2-all-languages.tar.gz?r=http%3A%2F%2Fwww.phpmyadmin.net%2Fhome_page%2Findex.php&ts=1312985327&use_mirror=superb-sea2

Install to:	/data1/phpmyadmin/

Modify /etc/httpd/conf.d/phpmyadmin.conf 

# ==== START OF phpmyadmin.conf =========
# phpMyAdmin default Apache configuration

Alias /phpmyadmin /data1/phpmyadmin

        Options FollowSymLinks
        DirectoryIndex index.php

                AddType application/x-httpd-php .php
                php_flag magic_quotes_gpc Off
                php_flag track_vars On
                php_flag register_globals Off
                php_value include_path .

# Authorize for setup

    AuthType Basic
    AuthName "phpMyAdmin Setup"
    AuthUserFile /etc/phpmyadmin/htpasswd.setup

    Require valid-user

# Disallow web access to directories that don't need it

    Order Deny,Allow
    Deny from All

    Order Deny,Allow
    Deny from All

# ==== END OF phpmyadmin.conf =========

chmod 0400 /etc/httpd/conf.d/*

chown apache:apache /data1/phpmyadmin
chown apache:apache /data1/phpmyadmin/* -Rf

chown apache:apache /var/lib/php/session
chown apache:apache /var/lib/php/session/* -Rf
chmod 0700 /var/lib/php/session
cd /var/lib/php/session/
find . -type f -exec chmod 0600 {} \;
find . -type d -exec chmod 0700 {} \;

Follow instructions from PHPMyAdmin website for installation and configuration needs.
This may be via CLI or website install script.  When finished; continue.

cd /data1/phpmyadmin/
find . -type f -exec chmod 0400 {} \;
find . -type d -exec chmod 0700 {} \;
find . -exec chown apache:apache {} \;

DRUPAL
Installing Drupal

Create a blank MySQL database: Drupal-{servercode}  i.e. Drupal-test, Drupal-development, Drupal-qualitycontrol, etc.
Create a Drupal master user in MySQL with permissions to only access the drupal database.

Get the latest drupal from the drupal.org site.

	As sudo or root in a project directory.

	# mkdir ~/project-drupal
	# cd ~/project-drupal

	# wget http://ftp.drupal.org/files/projects/drupal-7.7.tar.gz
	# tar xzf drupal-7.7.tar.gz
	# mv drupal-7.7 drupal
	# cd drupal
	# wget http://drupal.org/files/issues/7881-proxy-please-341.patch
	# patch -b --verbose -p1

	    - question and answer.
            - backup files will be made
            - it will want to know the real files, IF it can not find them.
                # includes/common.inc
                # sites/default/default.settings.php

	# mv drupal /data1/

	# cd /data1/

NOTE - the next 11 lines are good to make a single bash script.  Useful for all updates and module loads.
	# chown apache:www-data ./drupal
	# cd /data1/drupal/
	# chown apache:www-data ./* -Rf
	# find . -type f -exec chmod 0644 {} \;
	# find . -type d -exec chmod 0755 {} \;
	# cd /data1/drupal/sites/all/
	# find . -type f -exec chmod 0664 {} \;
	# find . -type d -exec chmod 0775 {} \;
	# cd /data1/drupal/sites/default/
	# find . -type f -exec chmod 0444 {} \;
	# chmod 0755 /data1/drupal/sites/default

	As a precaution

	# /sbin/services httpd restart

Open a browser window and enter the url http:/{server}/install.php
This entry was posted in Drudgery, OSS, Projects. Bookmark the permalink.

Comments are closed.