Tag Archives: apache

Ubuntu 14.04 apache webserver installation – hosting Typo3, Joomla or WordPress

This article is a guideline on how to install and configure an apache webserver, which is ready to  host content management systems like Typo3, Joomla, WordPress or other PHP applications. It also give hints for the installation on an Amazon EC2 instance. I used these instructions for a setup on Amazon EC2.

Starting from a fresh ubuntu installation, install LAMP (Linux – Apache – MySql – PHP).

tasksel install lamp-server

The dialog for installation will open, enter the required information (MySql root user password).

Open the hostname file with the following command and enter the public hostname of the server. In my case it is the hostname of the Amazon EC2 instance.

vim /etc/hostname

Installing PHP modules for the webserver

I have a list of PHP modules, which I frequently require in order to host certain applications and CMS systems. Install them with the following command:

apt-get install imagemagick curl libcurl3 libcurl3-dev php5-curl php5-mcrypt php5-gd php5-json php5-dev php5-xsl

After the installation of the modules I usually change some settings of the php.ini, the settings I change are the following:

  • upload_max_filesize = 100M
  • post_max_size = 100M
  • memory_limit = 128M

You can change the php.ini file using the following command:

vim /etc/php5/apache2/php.ini

It’s not necessary to change the limits like that – if you have other requirements, they won’t affect the installation in any way. The last step is to reload Apache:

/etc/init.d/apache2 reload

Installing FTP services for the webserver

Usually I use FTP services for upload (and to connect IDEs via FTP for easier deployment), so we also install a FTP server, in this case the service is called vsftpd. I can be installed using the following command:

apt-get install vsftpd

After that we alter the configuration file of vsftpd in order to allow ubuntu systems users to connect via FTP using their passwords and to upload/download files via FTP. Change the configuration file using the following command:

vim /etc/vsftpd.conf

Change the following three values:

  • local_enable=YES
  • write_enable=YES
  • local_umask=022

After changing and saving the file, restart the service using the following command:

service vsftpd restart

In case you are using an Amazon EC2 instance like me, make sure to add the ports 20 and 21 as inbound to the security group of your EC2 instance. Also, you have to set the value in the vsftpd configuration file “pasv_enable=YES” and add the following lines:

pasv_enable=YES
pasv_min_port=64000
pasv_max_port=64321
port_enable=YES
pasv_address=<your-publicly-resolvable-host-name>
pasv_addr_resolve=YES

Reload the service vsftpd again. Add the port range 64000-64321 to the EC2 inbound rules. The workflow is also explained on stackoverflow here.

Installing sendmail for email sending on the webserver

In order to send emails from the server (which is mainly used by the content management systems) install sendmail using the following command:

apt-get install sendmail

In order to conduct a test, to see if the email sending is working, install the following package:

apt-get install bsd-mailx

Now you can try to send an email from command line using the following:

mail -s "example subject" email@address.eu

Replace your own email address with “email@address.eu”. After writing this command, an empty line will show in the command line – here you have to write the content of your test email. After clicking one more type Return, write a single dot (“.”) to mark the end of the email. You have the option to add a CC email address, after that the email should be send.

Installing webmin and virtualmin for managing the webserver

In order to administrate the server and the virtual hosts on the server via graphic interface in the browser, I am using webmin and virtualmin. Before starting to install webmin, install some required packages using this command:

aptitude -y install perl libnet-ssleay-perl openssl libauthen-pam-perl libpam-runtime libio-pty-perl apt-show-versions libapt-pkg-perl

Visit the homepage of webmin here and check for the latest version of webmin, in my case it was the version 1.710. Download and install webmin using the following two commands:

wget http://downloads.sourceforge.net/project/webadmin/webmin/1.710/webmin_1.710_all.deb
dpkg -i webmin_1.710_all.deb

After, visit the homepage of virtualmin to check for the latest version, in my case it’s 4.12. Download and install like this:

wget http://download.webmin.com/download/virtualmin/webmin-virtual-server_4.12.gpl_all.deb
dpkg -i webmin-virtual-server_4.12.gpl_all.deb

After installation, remove the two .deb files remaining, they are not required anymore.

Installing apache2-mpm-itk for webmin and virtualmin

After a basic installation, the document root of the webserver is usually residing in /var/ww. This option has some drawbacks, for example that users should just have access to their /home directory and that files in /var/www should be owned by www-data. Virtualmin stores the website data in the home directory and adds an user for every domain. This is a good solution, futhermore you can use vsftpd to limit every user to just their home directory. apache2-mpm-itk takes care, that the files in the home directory can still be owned by the user and apache won’t have any problems with this. Install the module and reload apache:

apt-get install apache2-mpm-itk
service apache2 restart

After the installation, you can usually access webmin using the following address: https://YOUR-DOMAIN:10000. Since I am using an Amazon EC2 instance, I also had to take care of the following things:

  • You have to add a rule to allow access on port 10000. In order to add it, go to the Amazon AWS management console and open the EC2 instances. Scroll to the right and click on the Security Group of the EC2 instance, you want to grant access on port 10000 on. Click the “inbound rules” tab, hit “Edit” and click on “Add rule”. Choose “Custom TCP rule”, choose “TCP” protocol, enter the port “10000”, select for source “Anywhere” and save. Now it should be possible to open the webmin link at https://YOUR-DOMAIN:10000.
  • Another thing is that webmin requires an user and a password to login. When using Amazon EC2 instances, the root user should have a key, not a pass. This means, that we have to add an user for webmin. Use the following command to add the user:
    adduser USERNAME

    Open the following file

    vim /etc/webmin/miniserv.users

    add the following line

    USERNAME:x:0

    and delete the line for the root user. After, open the following file:

    vim /etc/webmin/webmin.acl

    Replace “root” with the username you just added. Restart the webmin service using the following command:

    service webmin restart

    After refreshing the address https://YOUR-DOMAIN:10000, you should now be able to log in.

Configuration Webmin and Virtualmin

After logging in to webmin, go to Webmin – Webmin Configuration and open “Webmin Themes”. Change the Theme to “Blue Framed Theme”. This is the theme working best for me while using virtualmin. Go to “Servers” and click von “Virtualmin Virtual Servers” and start the Post-Installation Wizard. After you made the choices here, click on “Re-check and refresh configuration”. Some problems, depending on your exact configuration might appear, here are the points which I had to change:

  • Deactivate BIND DNS, because I just use the server for hosting the sites, the domains are managed elsewhere and just point to this server.
  • Add virtuser table to sendmail. Open the sendmail menu, click on “Sendmail M4 Configuration” and click “Edit file manually”. Between the lines
    dnl # Default Mailer setup

    and

    MAILER_DEFINITIONS

    paste the following:

    dnl # Masquerading options
    FEATURE(`always_add_domain')dnl
    MASQUERADE_AS(`dev-carrenoir.eu')dnl
    FEATURE(`allmasquerade')dnl
    FEATURE(`masquerade_envelope')dnl
    FEATURE(`virtusertable',`hash -o /etc/mail/virtusertable')

    Save the file and click the button “Rebuild Sendmail Configuration” and “Yes, replace it now” after.

  • Virtualmin needs to have the modules “mod_suexec” and “mod_actions” enabled. Go to “Servers” -> “Apache Webserver” -> “Global configuration” -> “Configure Apache Modules”. Check “suexec” and “actions” and click “Enable Selected Modules”.
  • Virtualmin wants us to remove “SetHandler” lines from the php5 configuration file in “/etc/apache2/mods-enabled/php5.conf”. I don’t like this option a lot – but it is not a big problem. We can add the SetHandler instructions in the template for every virtual host which is going to be created. Edit the php5 configuration file using the following command:
    vim /etc/apache2/mods-enabled/php5.conf

    and comment the two lines starting with “SetHandler”. Reload the webserver after

    service apache2 reload
  • If the suexec command is not found in the system, install the following additional package
    apt-get install apache2-suexec-custom

    The following file

    vim /etc/apache2/suexec/www-data

    has the first line “/var/www”. Replace this with “/home”, save and close the file. Reload apache

    service apache2 reload
  • If webalizer is not installed yet, install it using the command
    apt-get install webalizer

After all problems are removed, Virtualmin should load. Now we have to add some configurations to the template, which is used to create new virtual hosts. Open “Servers” -> “Virtualmin Virtual Servers (GPL)” and open “Server Templates”, choose “Default Settings”. From the dropdown, select “Administration user”. For the point “Add domain owners to secondary group” choose “Selected group” and pick “www-data”. Pick “Apache website” from the same dropdown and paste the following to the end of “Directives and settings for new websites”:

<IfModule mpm_itk_module>
AssignUserId ${USER} ${USER}
</IfModule>
<FilesMatch ".+\.ph(p[345]?|t|tml)$">
    SetHandler application/x-httpd-php
</FilesMatch>
<FilesMatch ".+\.phps$">
    SetHandler application/x-httpd-php-source
    # Deny access to raw php sources by default
    # To re-enable it's recommended to enable access to the files
    # only in specific virtual host or directory
    Order Deny,Allow
    Deny from all
</FilesMatch>

Now you should be all set to add the first virtual server.

Use htaccess to put a site in maintenance mode

The following article explains, how to use the htaccess file in order to put a site or a part of the site in maintenance mode. I use to find myself in the position, where I need to put a site, or a part of a site, in maintenance mode to do changes on a productive server. This usually requires to block the whole site or certain parts and allow only my IP address, or several IP address of people working on the server to be allowed. On the one hand, this could be achieved via the Apache (v)host configuration. It is also possible to do it via the htaccess file, most of the times access is given. Furthermore, changing the htaccess file doesn’t require a restart of the web server afterwards.

If I want to block access to the whole site, I usually use the following htaccess configuration:

RewriteEngine on
RewriteCond %{REQUEST_URI} !/maintenance.php
RewriteCond %{REMOTE_ADDR} !=111.111.111.111
RewriteRule ^.*$ /maintenance.php [R=302,L]

The rules are rather easy: The first RewriteCond checks, if something else than maintenance.php is requested. The second RewriteCond checks, if the IP address is anything else than 111.111.111.111 (my IP address, but changed).  So: If the user is not me and requested something else than maintenance.php, he will be redirected to maintenance.php. There I usually output a message, that the site is currently under maintenance.

If just a certain part of the site needs to be blocked, for example “/forum”, the first RewriteCond of the htaccess file can be changed accordingly:

Options +FollowSymlinks
RewriteEngine on
RewriteCond %{REQUEST_URI} /forum
RewriteCond %{REMOTE_ADDR} !=111.111.111.111
RewriteRule ^.*$ /maintenance.php [R=302,L]

This will block the /forum and any subfolder for every IP except 111.111.111.111. I recommend using R=302 (temporarily moved) instead of R=301 (permanent) redirect, because browsers tend to cache rewrite rules which are defined as R=301. This may cause persistent redirects to maintenance.php, also if the maintenance work is finished and the rules are removed/commented again.

It is also possible to include several IP addresses:

RewriteEngine on
RewriteCond %{REQUEST_URI} !/maintenance.php
RewriteCond %{REMOTE_ADDR} !=111.111.111.111
RewriteCond %{REMOTE_ADDR} !=222.222.222.222
RewriteCond %{REMOTE_ADDR} !=333.333.333.333
RewriteRule ^.*$ /maintenance.php [R=302,L]

More information about htaccess and mod-rewrite can be found on the Apache homepage.

Installing Adobe Media Server 5.0.3 on Linux with preinstalled Apache Server

I wanted to try the Adobe Media Server for streaming videos. On the development machine, Apache was already preinstalled. Adobe describes on their page, what to regard in order to install AMS (Adobe Media Server), when Apache is already installed (Use an external Apache HTTP Server for HTTP Dynamic Streaming and HTTP Live Streaming). The instructions don’t seem to be complete, here are some things I had to figure out:

The apache modules: On the page they list some windows libraries (dll) and some shared objects (so). Since I am using Ubuntu 12.04, I didn’t have any of the dlls. I ended up copying the three shared objects, in my case to:

/usr/lib/apache2/modules/mod_f4fhttp.so
/usr/lib/apache2/modules/mod_hlshttp.so
/usr/lib/apache2/modules/mod_jithttp.so

The modules are loaded through the httpd.conf file:

# Load required modules for Adobe Media Server
LoadModule f4fhttp_module /usr/lib/apache2/modules/mod_f4fhttp.so
LoadModule hlshttp_module /usr/lib/apache2/modules/mod_hlshttp.so
LoadModule jithttp_module /usr/lib/apache2/modules/mod_jithttp.so

After that, I figured out step by step what other modules I have to add in order to get it running, here’s the list:

unzipped-adobemediaserver-package/Apache2.2/modules/libadbe_dme.so
unzipped-adobemediaserver-package/Apache2.2/modules/libadbe_license.so
unzipped-adobemediaserver-package/Apache2.2/modules/libasneu.so.1
unzipped-adobemediaserver-package/Apache2.2/modules/libcrypto.so.1.0.0
unzipped-adobemediaserver-package/Apache2.2/modules/libexpat.so.1.5.2
unzipped-adobemediaserver-package/Apache2.2/modules/libhds.so

The listed modules need to be copied to the apache modules folder (in my case /usr/lib/apache2/modules). After that, apache configtest was still complaining about two missing libraries: libcares.so.2 and libexpat.so.0.

libcares.so.2 can be easily installed via sudo apt-get install libc-ares2, check pkgs.org for more information. On the fly I didn’t find a way to get libexapt.so.0 for Ubuntu 12.04, so I just copied libexpat.so.1.5.2 to libexpat.so.0 on the development machine (not recommended to do so).

After installing the libraries, I was able to start Apache, so I made the vhost configuration for the host using Adobe Media Server. The configuration can be found also on the adobe homepage. I copied the following:

<IfModule f4fhttp_module>
<Location /hds-live>
 HttpStreamingEnabled true
 HttpStreamingLiveEventPath "../applications"
 HttpStreamingContentPath "../applications"
 HttpStreamingF4MMaxAge 2
 HttpStreamingBootstrapMaxAge 2
 HttpStreamingFragMaxAge -1
 HttpStreamingDrmmetaMaxAge 3600
 Options -Indexes FollowSymLinks
</Location>
</IfModule>
<IfModule hlshttp_module>
<Location /hls-live>
 HLSHttpStreamingEnabled true
 HttpStreamingLiveEventPath "../applications"
 HttpStreamingContentPath "../applications"
 HLSMediaFileDuration 8000
 HLSSlidingWindowLength 6
 HLSAmsDirPath ".."
 HLSM3U8MaxAge 2
 HLSTSSegmentMaxAge -1
 Options -Indexes FollowSymLinks
</Location>
</IfModule>
<IfModule jithttp_module>
<Location /hds-vod>
 HttpStreamingJITPEnabled true
 HttpStreamingContentPath "../webroot/vod"
 JitAmsDirPath ".."
 Options -Indexes FollowSymLinks
</Location>
</IfModule>
<IfModule hlshttp_module>
<Location /hls-vod>
 HLSHttpStreamingEnabled true
 HLSMediaFileDuration 8000
 HttpStreamingContentPath "../webroot/vod"
 HLSAmsDirPath ".."
 Options -Indexes FollowSymLinks
</Location>
</IfModule>

After adding these, restarting Apache was not possible, apache gave me the following message:

Invalid command 'HLSAmsDirPath', perhaps misspelled or defined by a module not includedin the server configuration
Action 'configtest' failed.
The Apache error log may have more information.

I didn’t find any answers on Google, so I started to view the httpd.conf which is shipped with the package:

unzipped-adobemediaserver-package/Apache2.2/conf/httpd.conf

I found out that they use the commands “HLSFmsDirPath” instead of “HLSAmsDirPath” and “JitFmsDirPath” instead of “JitAmsDirPath”. After changing these two values apache successfully started and the video streaming over http is working.

My vhost configuration file looks like this (extracted):

<IfModule f4fhttp_module>
<Location /hds-live>
 HttpStreamingEnabled true
 HttpStreamingLiveEventPath "/opt/adobe/ams/applications"
 HttpStreamingContentPath "/opt/adobe/ams/applications"
 HttpStreamingF4MMaxAge 2
 HttpStreamingBootstrapMaxAge 2
 HttpStreamingFragMaxAge -1
 HttpStreamingDrmmetaMaxAge 3600
 Options -Indexes FollowSymLinks
</Location>
</IfModule>
<IfModule hlshttp_module>
<Location /hls-live>
 HLSHttpStreamingEnabled true
 HttpStreamingLiveEventPath "/opt/adobe/ams/applications"
 HttpStreamingContentPath "/opt/adobe/ams/applications"
 HLSMediaFileDuration 8000
 HLSSlidingWindowLength 6
 HLSFmsDirPath "/opt/adobe/ams"
 HLSM3U8MaxAge 2
 HLSTSSegmentMaxAge -1
 Options -Indexes FollowSymLinks
</Location>
<Location /hls-vod>
 HLSHttpStreamingEnabled true
 HLSMediaFileDuration 8000
 HttpStreamingContentPath "/opt/adobe/ams/webroot/vod"
 HLSFmsDirPath "/opt/adobe/ams"
 Options -Indexes FollowSymLinks
</Location>
</IfModule>
<IfModule jithttp_module>
<Location /hds-vod>
 HttpStreamingJITPEnabled true
 HttpStreamingContentPath "/opt/adobe/ams/webroot/vod"
 JitFmsDirPath "/opt/adobe/ams"
 Options -Indexes FollowSymLinks
</Location>
</IfModule>