installer svr gandi pour web

article en cours.

• truc de base

apt-get update
apt-get upgrade
apt-get build-essential nano lynx re2c

apt-get jail2ban

• ajout du dépot Dotdeb

The repository for Debian-based LAMP servers

sudo echo “deb http://php53.dotdeb.org stable all” >> /etc/apt/sources.list
wget http://www.dotdeb.org/dotdeb.gpg
cat dotdeb.gpg | sudo apt-key add -

Run apt-get update

• Apache :

apt-get install apache2 apache2-mpm-worker

a2enmode rewrite ==> module réécriture d url ca peut servir

• FastCGI

Installez le module,

1	aptitude install libapache2-mod-fastcgi

Modifions le fichier de configuration du module « fastgci » d’Apache

1	nano /etc/apache2/mods-available/fastcgi.conf

1	<IfModule mod_fastcgi.c>

2	AddHandler php5-fcgi .php

3	Action php5-fcgi /cgi-bin/php5.external

4	<Location "/cgi-bin/php5.external">

5	Order Deny,Allow

6	Deny from All

7	Allow from env=REDIRECT_STATUS

8	</Location>

9	</IfModule>

creer le rep /srv/data/www/cgi-bin/

ajouter module actions et fastcgi

a2enmode actions fastcgi

a2enmode rewrite ==> module réécriture d url ca peut servir

• PHP :

sudo apt-get install php5-cli php5-common php5-suhosin php5-dev

suhosin : mod php pour sécurité

• PHP5-FPM

sudo apt-get install php5-fpm

librairies :

php5-mysql php5-mcrypt php5-curl php5-gd php5-xsl php5-xmlrpc

config php-fpm

1	nano /etc/php5/fpm/pool.d/www.conf

01	; Nom du pool

02	[tramriders]

03	; On utilisera une socket

04	listen = /srv/data/www/.socks/tramriders.sock

creer /srv/data/www/.socks/  et /srv/data/www.socks

nano /etc/php5/fpm/php.ini :
rajouter open_basedir = "/srv/data/www/tramriders:/srv/data/www/tmp:/srv/data/www/cgi-bin/php5.external"

CREATION DU VHOST apache2

<VirtualHost *:80>
ServerName tramriders.example.com
ServerAdmin     tramriders@example.com
DocumentRoot /srv/data/www/tramriders
Options None

# Fast CGI + FPM
FastCgiExternalServer /srv/data/www/cgi-bin/php5.external -socket /srv/data/www/.socks/tramriders.sock
Alias /cgi-bin/ /srv/data/www/cgi-bin/

<Directory /srv/data/www/tramriders>
Options SymLinksIfOwnerMatch
AllowOverride All
Order allow,deny
Allow from all
</Directory>

# Log
ErrorLog /var/log/apache2/error-tramriders.log
LogLevel warn
CustomLog /var/log/apache2/access-tramriders.log combined
</VirtualHost>

activer le vhost : a2ensite “nomvhost”

• MYSQL

apt-get install mysql-server mysql-client

deplacer les bases vers disque data :

1	sudo /etc/init.d/mysql stop

2	sudo mv /var/lib/mysql /srv/nomdurepertoiregandi/mysql

3	sudo ln -s /srv/nomdurepertoiregandi/mysql /var/lib/mysqlchown mysql:mysql /var/lib/mysql

4	sudo /etc/init.d/mysql start

• MEMCACHE

apt-get install memcached php5-memcache

config de memcache : nano /etc/memcached.conf

/etc/init.d/php5-fpm restart

==> memcache : localhost part 11211

• Eaccelerator pour php-fpm

wget http://bart.eaccelerator.net/source/0.9.6.1/eaccelerator-0.9.6.1.tar.bz2 tar -jxvf eaccelerator-0.9.6.1.tar.bz2
cd eaccelerator-0.9.6.1
phpize
./configure -enable-eaccelerator=shared
make
make test
make install

 Editer la conf pour FPM : nano /etc/php5/fpm/conf.d/eaccelerator.ini
extension=”eaccelerator.so”
eaccelerator.shm_size=”16″
eaccelerator.cache_dir=”/var/cache/eaccelerator”
eaccelerator.enable=”1″
eaccelerator.optimizer=”1″
eaccelerator.check_mtime=”1″
eaccelerator.debug=”0″
eaccelerator.filter=”"
eaccelerator.shm_max=”0″
eaccelerator.shm_ttl=”0″
eaccelerator.shm_prune_period=”0″
eaccelerator.shm_only=”0″
eaccelerator.compress=”1″
eaccelerator.compress_level=”9″

Créer les répertoire de travail
mkdir /var/cache/eaccelerator
chmod 0777 /var/cache/eaccelerator

/etc/init.d/php5-fpm reload

vérifier phpinfo()

/!\ Désactiver eaccelerator si probleme de PHP Warning: require(): File() is not within the allowed path(s)  bien que open_basedir soit correcte dans le php.ini !! Probleme avec Joomla par exemple pour uploader images. ==> A ce stade le serveur est installé avec apache2 Mysql php-fpm memcache et eaccelerator

• NGINX :

nginx configuré pour contenu fixe et apache sert le contenu dynamique

installer pcre  :
apt-get install libpcre3-dev libpcre3 libssl-dev

recup derniere archive pour compiler ou inclus dans dodeb

nginx.conf :  nginx sert les images et apache sert le contenu dynamique

user www-data;
worker_processes 1;
pid /var/run/nginx.pid;

events {
worker_connections 1024;
# multi_accept on;
}

http {

##
# Basic Settings
##

sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
# server_tokens off;

# server_names_hash_bucket_size 64;
# server_name_in_redirect off;

include /etc/nginx/mime.types;
default_type application/octet-stream;

##
# Logging Settings
##

access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;

##
# Gzip Settings
##

gzip on;
gzip_disable “msie6″;

# gzip_vary on;
# gzip_proxied any;
# gzip_comp_level 6;
# gzip_buffers 16 8k;
# gzip_http_version 1.1;
# gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;

##
# Virtual Host Configs
##

include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}

• Modifier le /etc/nginx/site-enabled/default pour insérer au début :

server {

listen   80;

root /usr/share/nginx/www;
index index.html index.php;

# Make site accessible from http://localhost/
server_name localhost;

location ~* \.(jpg|jpeg|gif|css|png|js|ico|swf|mp3)$ {
root   /srv/data/www/tramriders;
expires        365d;
access_log     off;
}

location / {
#root   /var/www;
#index  index.html index.htm;
proxy_pass http://127.0.0.1:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
access_log off;
}

• modification apache2 :

sudo nano /etc/apache2/ports.conf

NameVirtualHost *:8080
Listen 8080

sudo nano /etc/apache2/sites-enabled/”monsite”

<VirtualHost *:8080>

redémarrer apache2 et nginx.

~ par _david le 28 juin 2011.