Gentoo - Apache, PHP, Mysql

By: John McFarlane <john.mcfarlane@rockfloat.com>
Abstract:
This document outlines the installation of a web server running Apache, PHP, and Mysql.



top

1. Starting from a fresh Gentoo install

The assumption is that you are starting from a fresh Gentoo install, see here.
I'm finished with this step

top

2. Set the use flags in make.conf

Set the USE flags in /etc/make.conf to look like this: 

USE="-alsa -arts -cups -gnome -gtk -ldap -mpeg -opengl -qt -X -xv \
    apache2 curl dba exif expat gd imagemagick jpeg mysql pcre vhosts xml"
I'm finished with this step

top

3. Update package.keywords (temporary)

As of 11/18/2005 in order to get eaccelerator to work with php-4-4 some things need to be masked. Because of this, these keywords can be safely removed in time. Create the file /etc/portage/package.keywords with the following: 

dev-php5/eaccelerator ~x86
media-libs/ming ~x86
I'm finished with this step

top

4. Update package.use (temporarily)

Create the file /etc/portage/package.use with the following: 

dev-lang/php cli pear ming cgi simplexml
I'm finished with this step

top

5. Update package.unmask (temporary)

As of 09/14/2006 in order to get ming 0.3 things need to be masked. Because of this, these keywords can be safely removed in time. Create the file /etc/portage/package.unmask with the following: 

media-libs/ming
I'm finished with this step

top

6. Install the base packages

root# emerge -a dev-php5/eaccelerator PEAR-PEAR lighttpd imagemagick ffmpeg libwww-perl ruby
Then update your config files: 

root# etc-update

#Install the php-json module
root# pecl install JSON

#Download latest version of flvtool2 (http://rubyforge.org/projects/flvtool2/)
root# tar -xvf flvtool2_xxx.tgz
root# cd flvtool2_xxx
root# ruby setup.rb config
root# ruby setup.rb setup
root# ruby setup.rb install
I'm finished with this step

top

7. Now that everything is installed backup configs

Not mandatory, but recommended step 
root# cp -R /etc /.etc.stable.abc
I'm finished with this step

top

8. Set the services that need to start upon bootup

In Gentoo the bootup services are controlled by the contents of /etc/runlevels/default. Go ahead and populate them (some might already be there): 

root# rc-update add apache2 default
root# rc-update add mysql default
I'm finished with this step

top

9. Configure Mysql

Update my.cnf 

root# nano -w /etc/mysql/my.cnf

#Change the following
[mysqld]
max_connections     = 250
ft_min_word_len     = 2
Create a default database: 
root# /usr/bin/mysql_install_db
Get a copy of production: 
root# scp -r user@hostname.com:/path/to/backup /home/foobar/db
Extract the tarball files from /home/foobar/db into /home/foobar/mysql

Update the permissions of the files: 

root# cd /home/foobar/mysql
root# chown -R mysql:mysql *
root# chmod -R 660 *
root# chmod 700 *
Change directories and move the files to /var/lib/mysql: 

root# cd /var/lib/mysql
root# mv mysql mysql.original
root# cp -rp /home/foobar/mysql/* /var/lib/mysql
Start Mysql: 
root# /etc/init.d/mysql start     #Login and verify stuff
I'm finished with this step

top

10. Configure PHP

Edit php.ini 

root# nano -w /etc/php/apache2-php5/php.ini

#Change the following to:
short_open_tag = Off
expose_php = Off
post_max_size = 200M
magic_quotes_gpc = Off
include_path = "."
allow_url_fopen = On
session.save_path = /tmp
upload_max_filesize = 200M
register_long_arrays = Off
register_argc_argv = Off
date.timezone = US/Eastern

root# nano -w /etc/php/cli-php5/php.ini
#Same as above except:
post_max_size = 8M
file_uploads = Off
upload_max_filesize = 2M

root# nano -w /etc/php/cli-php5/php.ini

#Add support for php-json
extension=json.so
Copy to /etc/php/cgi-php5/php.ini 

root# cp /etc/php/apache2-php5/php.ini /etc/php/cgi-php5/php.ini
Edit cli-php.ini 

root# nano -w /etc/php/cli-php5/php.ini

#Change the following to:
short_open_tag = Off
magic_quotes_gpc = Off
include_path = "."
file_uploads = Off
allow_url_fopen = On

#Add support for php-json
extension=json.so
I'm finished with this step

top

11. Configure Apache

Create the vhost from prod's httpd.conf 

root# nano -w /etc/apache2/vhosts.d/ff.conf

#Paste in the relevent stuff
Update the actual Apache server settings to handle more load: 

root# nano -w /etc/apache2/httpd.conf

#Specify IP Addresses to listen on (differentiate from lighty which also listens on 80)
123.123.123.123:80
124.124.124.124:80

<IfModule prefork.c> 
    StartServers        30 
    MinSpareServers     10 
    MaxSpareServers     20 
    MaxClients          255 
    MaxRequestsPerChild 10000 
</IfModule>
Tell apache to use PHP upon startup 

root# nano -w /etc/conf.d/apache2

#Make the following change

APACHE2_OPTS="-D DEFAULT_VHOST -D SSL -D PHP5"
Let'er rip 
root# /etc/init.d/apache2 start
I'm finished with this step

top

12. Drop in php files

Create htdocs and related directories, place the files. Specifically the files in cgi-bin need to be executable: 

user# cd /path/to/cgi-bin
user# chmod 755 *
I'm finished with this step

top

13. Setup the mailhub so PHP can send mail


root# nano -w /etc/ssmtp/ssmtp.conf

#Set the following

root=foo@bar.com
mailhub=mail.smtp-provider.com
rewriteDomain=hostname.com
FromLineOverride=YES
I'm finished with this step

top

14. Restrict ssh access to only one user, and change the default port

Add list of stuff to lock down here.
I'm finished with this step


This document was originally created on 12/10/2006


Disclaimer:
This page is not endorsed by gentoo.org or any other cool cats. Any information provided in this document is to be used at your own risk.