OpenBSD 4.9当前版的OAMP设置(chrooted)
发表于 : 2011-05-27 10:57
变化:
1. 程序自启动方式
2. /etc/my.cnf设置
OpenBSD 当前版搭建apache+mysql+php环境(对应4.9发行版的当前版)安装默认数据库
运行Mysql
设定本地mysql的root密码
这里还需要大致地说一下,在/usr/local/share/mysql/目录里包含了一系列MySQL的简单的配置文件:
my-small.cnf 内存小于64M仅运行MySQL服务器的主机使用这个配置文件。
my-medium.cnf 内存在32-64M之间,主要运行MySQL服务,或128M以上,MySQL和web服务器一起运行时使用这个配置文件。
my-large.cnf 内存是512M的重要运行MySQL使用这个配置文件。
my-innodb-heavy-4G.cnf 内存是1-2G,主要运行MySQL使用这个配置文件。
my-huge.cnf 内存4G以上,主要运行MySQL的主机使用这个配置文件。
读者请根据自己的情况用上述文件中的一个替换 /etc/my.cnf文件,如果你有特殊的需要,例如要修改socket或端口请自行调整。
我的主机是是512M,用my-media.cnf,所以使用下面的命令替换原来的My.cnf文件:要让数据库的字符集编码默认是UTF-8,还要修改一下/etc/my.cnf文件,必须包含如下的内容:
在基本设置里
的这个选项是用来调整每个帖子的容量,请自行修改。
有一点需要提醒读者的是,如果你的MySQL仅用于基于PHP的web服务器,或者说你的MYSQL数据库和WEB服务器在一台主机上,那么禁用TCP连接对安装MySQL来说是比较安全的。
具体做法是编辑 /etc/my.cnf 文件,将里面的内容的注释符去掉
然后保存退出。
设置mysql的登录级别
将下列内容添加到 /etc/login.conf然后重建login.conf.db文件
设置MySQL开机自动启动,OpenBSD的开启启动方式更简洁了,你只需在/etc/rc.conf.local里加上这句:
还可以在适当的时候运行mysql安全脚本:重新启动系统后可看见如下信息:
你可以看见PID 1821 系统以_msqyl的身份运行msyqld
测试Mysql服务器:
(题外话:原来OpenBSD4.8下搭建oamp的帖子里对/etc/my.cnf文件的这段:会引起mysql无法,运行,直接将这句去掉就可以了。
然后重新启动mysql:就可以了。)
我们创建一个UTF-8编码的数据库,并授权用户:
安装php5-mysql解除php限制,编辑 /var/www/conf/php.ini
这个限制上传文件的大小,放大一些,我是50M
这个参数限制一次上传的文件数量,自行修改
打开php短标签支持安装其它php5模块
安装phpMyAdmin
这里还是大致解释一下,如果你已经禁用了root远程登录,phpMyAdmin的目录按照上面的定义设置为 http://你的服务器/phpMyAdmin 也没有什么不妥,因为数据库的用户名和密码别人并不知道,但是如果你需要root远程登录,这里还是谨慎一些为好,例如将链接设置成类似下面这样,或者随你自己发挥了,呵呵,不行加点汉语拼音,反正无论是ssh或者是phpMyAdmin, 我是一直允许root远程登录的,而且一般使用的就是默认目录,当然还要一些其它的安全措施,谁能猜出我的密码那肯定不是暴力破解的结果。:p
让apache随系统启动:
使用用rc_scripts语句启动httpd服务,也就是这样
但是,你需要先将apachectl 拷贝到/etc/rc.d目录下
让apache解析php首页
修改 /var/www/conf/httpd.conf 文件中的下列内容:修改为:
并删除或改名index.html文件;
如果两个文件全需要,则修改为:要开启rewrite功能,去掉下行的注释符
并将下面的None替换为All
让mysql运行在chroot环境里因为运行环境变化了,还需要修改一下默认的mysql配置文件 /etc/my.cnf,把下面socket的地址更换为:/var/www/var/run/mysql/
1. 程序自启动方式
2. /etc/my.cnf设置
OpenBSD 当前版搭建apache+mysql+php环境(对应4.9发行版的当前版)
代码: 全选
# export PKG_PATH=ftp://ftp.openbsd.org/pub/OpenBSD/snapshots/packages/i386/
# pkg_add mysql-server
mysql-server-5.1.54p6:mysql-client-5.1.54p0: ok
mysql-server-5.1.54p6:p5-Net-Daemon-0.43p0: ok
mysql-server-5.1.54p6:p5-PlRPC-0.2018p1: ok
mysql-server-5.1.54p6:p5-DBI-1.609p1: ok
mysql-server-5.1.54p6:p5-DBD-mysql-4.014p1: ok
mysql-server-5.1.54p6: ok
The following new rcscripts were installed: /etc/rc.d/mysqld
See rc.d(8) for details.
Look in /usr/local/share/doc/pkg-readmes for extra documentation.
#
代码: 全选
# /usr/local/bin/mysql_install_db
Installing MySQL system tables...
110526 16:15:42 [Warning] '--skip-locking' is deprecated and will be removed in a future release. Please use '--skip-external-locking' instead.
OK
Filling help tables...
110526 16:15:42 [Warning] '--skip-locking' is deprecated and will be removed in a future release. Please use '--skip-external-locking' instead.
OK
PLEASE REMEMBER TO SET A PASSWORD FOR THE MySQL root USER !
To do so, start the server, then issue the following commands:
/usr/local/bin/mysqladmin -u root password 'new-password'
/usr/local/bin/mysqladmin -u root -h test.gobsd.org password 'new-password'
Alternatively you can run:
/usr/local/bin/mysql_secure_installation
which will also give you the option of removing the test
databases and anonymous user created by default. This is
strongly recommended for production servers.
See the manual for more instructions.
Please report any problems with the /usr/local/bin/mysqlbug script!
#
代码: 全选
# mysqld_safe &
[1] 27990
# 110526 16:16:46 mysqld_safe Logging to '/var/mysql/test.gobsd.org.err'.
110526 16:16:47 mysqld_safe Starting mysqld daemon with databases from /var/mysql
#
代码: 全选
# mysqladmin -u root password 'gobsd.org'
my-small.cnf 内存小于64M仅运行MySQL服务器的主机使用这个配置文件。
my-medium.cnf 内存在32-64M之间,主要运行MySQL服务,或128M以上,MySQL和web服务器一起运行时使用这个配置文件。
my-large.cnf 内存是512M的重要运行MySQL使用这个配置文件。
my-innodb-heavy-4G.cnf 内存是1-2G,主要运行MySQL使用这个配置文件。
my-huge.cnf 内存4G以上,主要运行MySQL的主机使用这个配置文件。
读者请根据自己的情况用上述文件中的一个替换 /etc/my.cnf文件,如果你有特殊的需要,例如要修改socket或端口请自行调整。
我的主机是是512M,用my-media.cnf,所以使用下面的命令替换原来的My.cnf文件:
代码: 全选
cp /usr/local/share/mysql/my-medium.cnf /etc/my.cnf
代码: 全选
[client]
default-character-set=utf8
[mysqld]
default-character-set=utf8
代码: 全选
max_allowed_packet = 1M
有一点需要提醒读者的是,如果你的MySQL仅用于基于PHP的web服务器,或者说你的MYSQL数据库和WEB服务器在一台主机上,那么禁用TCP连接对安装MySQL来说是比较安全的。
具体做法是编辑 /etc/my.cnf 文件,将里面的内容
代码: 全选
# skip-networking
然后保存退出。
设置mysql的登录级别
将下列内容添加到 /etc/login.conf
代码: 全选
mysql:\
:openfiles-cur=1024:\
:openfiles-max=2048:\
:tc=daemon:
代码: 全选
# cap_mkdb /etc/login.conf
代码: 全选
rc_scripts="mysqld"
还可以在适当的时候运行mysql安全脚本:
代码: 全选
# /usr/local/bin/mysql_secure_installation
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MySQL
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!
In order to log into MySQL to secure it, we'll need the current
password for the root user. If you've just installed MySQL, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.
Enter current password for root (enter for none):
OK, successfully used password, moving on...
Setting the root password ensures that nobody can log into the MySQL
root user without the proper authorisation.
You already have a root password set, so you can safely answer 'n'.
Change the root password? [Y/n] n
... skipping.
By default, a MySQL installation has an anonymous user, allowing anyone
to log into MySQL without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.
Remove anonymous users? [Y/n] y
... Success!
Normally, root should only be allowed to connect from 'localhost'. This
ensures that someone cannot guess at the root password from the network.
Disallow root login remotely? [Y/n] y
... Success!
By default, MySQL comes with a database named 'test' that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.
Remove test database and access to it? [Y/n] y
- Dropping test database...
... Success!
- Removing privileges on test database...
... Success!
Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.
Reload privilege tables now? [Y/n] y
... Success!
Cleaning up...
All done! If you've completed all of the above steps, your MySQL
installation should now be secure.
Thanks for using MySQL!
#
代码: 全选
load averages: 0.13, 0.11, 0.04 test.gobsd.org 16:48:30
21 processes: 20 idle, 1 on processor
CPU0 states: 0.0% user, 0.0% nice, 0.0% system, 0.0% interrupt, 100% idle
CPU1 states: 0.0% user, 0.0% nice, 0.0% system, 0.0% interrupt, 100% idle
Memory: Real: 24M/59M act/tot Free: 785M Swap: 0K/1020M used/tot
PID USERNAME PRI NICE SIZE RES STATE WAIT TIME CPU COMMAND
1821 _mysql 2 0 42M 17M sleep/0 poll 0:01 0.00% mysqld
15454 root 18 0 564K 380K idle pause 0:00 0.00% sh
15522 root 2 0 3572K 2444K sleep/1 select 0:00 0.00% sshd
25259 _syslogd 2 0 584K 656K idle poll 0:00 0.00% syslogd
19837 root 28 0 1268K 2040K onproc/1 - 0:00 0.00% top
19976 root 2 0 1460K 1468K sleep/1 select 0:00 0.00% sendmail
19474 _pflogd 4 0 788K 316K sleep/1 bpf 0:00 0.00% pflogd
9292 root 2 0 340K 696K idle select 0:00 0.00% inetd
31341 root 18 0 636K 392K idle pause 0:00 0.00% ksh
25661 root 2 0 492K 800K idle select 0:00 0.00% cron
3701 root 2 0 724K 376K idle netio 0:00 0.00% pflogd
22686 root 2 0 848K 1160K idle select 0:00 0.00% sshd
1 root 10 0 580K 284K idle wait 0:00 0.00% init
22558 root 2 0 564K 640K idle netio 0:00 0.00% syslogd
9124 root 3 0 364K 760K idle ttyin 0:00 0.00% getty
6677 root 3 0 380K 756K idle ttyin 0:00 0.00% getty
29044 _dhcp 2 0 644K 228K idle poll 0:00 0.00% dhclient
13345 root 3 0 456K 756K idle ttyin 0:00 0.00% getty
21824 root 3 0 328K 756K idle ttyin 0:00 0.00% getty
14608 root 3 0 436K 760K idle ttyin 0:00 0.00% getty
31791 root 2 0 596K 320K idle poll 0:00 0.00% dhclient
测试Mysql服务器:
(题外话:原来OpenBSD4.8下搭建oamp的帖子里对/etc/my.cnf文件的这段:
代码: 全选
init_connect='SET NAMES utf8'
然后重新启动mysql:
代码: 全选
# pkill -HUP mysqld
我们创建一个UTF-8编码的数据库,并授权用户:
代码: 全选
# mysql -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 1
Server version: 5.1.54-log OpenBSD port: mysql-server-5.1.54p6
Copyright (c) 2000, 2010, Oracle and/or its affiliates. All rights reserved.
This software comes with ABSOLUTELY NO WARRANTY. This is free software,
and you are welcome to modify and redistribute it under the GPL v2 license
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> CREATE DATABASE `gobsd` DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci;
Query OK, 1 row affected (0.00 sec)
mysql> grant all on gobsd.* to leo@localhost identified by 'gobsd.org';
Query OK, 0 rows affected (0.01 sec)
mysql>quit
安装php5-mysql
代码: 全选
# export PKG_PATH=ftp://ftp.openbsd.org/pub/OpenBSD/snapshots/packages/i386/
# pkg_add php5-mysql
# ln -s /var/www/conf/modules.sample/php5.conf \
> /var/www/conf/modules
# ln -fs /var/www/conf/php5.sample/mysql.ini \
> /var/www/conf/php5/mysql.ini
#
代码: 全选
; Maximum size of POST data that PHP will accept.
post_max_size = 8M
代码: 全选
; Maximum number of files that can be uploaded via a single request
max_file_uploads = 20
打开php短标签支持
代码: 全选
short_open_tag = On
代码: 全选
# pkg_add php5-core php5-mysql php5-mysqli php5-mbstring php5-soap php5-curl php5-bz2 php5-mcrypt php5-mhash php5-xsl
#ln -fs /var/www/conf/php5.sample/xsl.ini \
/var/www/conf/php5/xsl.ini
# ln -fs /var/www/conf/php5.sample/bz2.ini \
> /var/www/conf/php5/bz2.ini
# ln -fs /var/www/conf/php5.sample/curl.ini \
> /var/www/conf/php5/curl.ini
# ln -fs /var/www/conf/php5.sample/mbstring.ini \
> /var/www/conf/php5/mbstring.ini
# ln -fs /var/www/conf/php5.sample/mcrypt.ini \
> /var/www/conf/php5/mcrypt.ini
# ln -fs /var/www/conf/php5.sample/mhash.ini \
> /var/www/conf/php5/mhash.ini
# ln -fs /var/www/conf/php5.sample/mysqli.ini \
> /var/www/conf/php5/mysqli.ini
# ln -fs /var/www/conf/php5.sample/soap.ini \
> /var/www/conf/php5/soap.ini
#
代码: 全选
# pkg_add phpMyAdmin
phpMyAdmin-3.4.0:t1lib-5.1.0p2: ok
phpMyAdmin-3.4.0:png-1.2.44: ok
phpMyAdmin-3.4.0:jpeg-8b: ok
phpMyAdmin-3.4.0:php5-gd-5.2.17: ok
phpMyAdmin-3.4.0: ok
--- +php5-gd-5.2.17 -------------------
You can enable this module by creating a symbolic
link from /var/www/conf/php5.sample/gd.ini to
/var/www/conf/php5/gd.ini.
ln -fs /var/www/conf/php5.sample/gd.ini \
/var/www/conf/php5/gd.ini
--- +phpMyAdmin-3.4.0 -------------------
The phpMyAdmin has been installed into /var/www/phpMyAdmin
You should point this to the DocumentRoot of your web-server:
# ln -s ../phpMyAdmin /var/www/htdocs/phpMyAdmin
(make sure you use a relative symlink since Apache is chrooted)
You can ensure you have a working install by accessing:
http://<localhost>/phpMyAdmin/index.php
# ln -fs /var/www/conf/php5.sample/gd.ini \
> /var/www/conf/php5/gd.ini
# cd /var/www/htdocs
# ln -s ../phpMyAdmin /var/www/htdocs/phpMyAdmin
#
代码: 全选
# ln -s ../phpMyAdmin /var/www/htdocs/phpMyAdmin.you-can-try-any-times.
让apache随系统启动:
使用用rc_scripts语句启动httpd服务,也就是这样
代码: 全选
rc_scripts="mysqld apachectl"
代码: 全选
# cp /usr/sbin/apachectl /etc/rc.d/apachectl
修改 /var/www/conf/httpd.conf 文件中的下列内容:
代码: 全选
DirectoryIndex index.html
代码: 全选
DirectoryIndex index.php
如果两个文件全需要,则修改为:
代码: 全选
DirectoryIndex index.php index.html
代码: 全选
LoadModule rewrite_module /usr/lib/apache/modules/mod_rewrite.so
代码: 全选
#
# This controls which options the .htaccess files in directories can
# override. Can also be "All", or any combination of "Options", "FileInfo",
# "AuthConfig", and "Limit"
#
AllowOverride None
让mysql运行在chroot环境里
代码: 全选
# mkdir -p /var/www/var/run/mysql
# chown -R _mysql:_mysql /var/www/var/run/mysql/
代码: 全选
# The following options will be passed to all MySQL clients
[client]
#password = your_password
port = 3306
socket = /var/www/var/run/mysql/mysql.sock
# Here follows entries for some specific programs
# The MySQL server
[mysqld]
port = 3306
socket = /var/www/var/run/mysql/mysql.sock