Install Zend Server and MySQL

Firstly, you need to create a new Cloud Server instance in the Rackspace control panel. For this tutorial, I'm using a 1024MB server with CentOS 5.6 as the operating system. This is a 64bit install.
Any lines in this tutorial starting with # should be typed at the command prompt.
Once your server is active, log on via SSH as root.
Firstly, we need to create a directory to store our downloaded files in:
  1. mkdir Downloads
  2. cd Downloads
Next, we need to go and get a few things. Zend Server will need to be downloaded from Zend. http://www.zend.com/en/products/server-ce/downloads/ Click on the 'Linux' tab and download Zend Server (DEB/RPM Installer Script). You will then need to transfer this file onto your server, into the Downloads directory. Please note, you will need to create a free account with Zend to download the package.
Once you have uploaded the package, we can grab a couple of repositories. We can use wget for these which makes our lives much easier.
  1. wget http://rpms.famillecollet.com/enterprise/remi-release-5.rpm
  2. wget http://download.fedora.redhat.com/pub/epel/5/x86_64/epel-release-5-4.noarch.rpm or wget ftp://ftp.univie.ac.at/systems/linux/fedora/epel/5/i386/epel-release-5-4.noarch.rpm
We'll come back to these in a bit. Next, let's install Zend Server CE:
  1. tar -xzf ZendServer-5.1.0-RepositoryInstaller-linux.tar.gz
  2. cd ZendServer-RepositoryInstaller-linux/
  3. ./install_zs.sh 5.3 ce
  4. yum install -y php-5.3-extra-extensions-zend-server zend-server-framework-extras
And then MySQL:
  1. yum install mysql-server
  2. service mysqld start
  3. mysql_install_db
  4. /usr/bin/mysql_secure_installation
  5. chkconfig --levels 235 mysqld on
That last command will ensure that MySQL starts on boot. Next, we go back to the RPM's we downloaded earlier:
  1. cd ~/Downloads
  2. rpm -Uh remi-release-5.rpm epel-release-5-4.noarch.rpm
Now that we have installed the new repositories, we need to enable remi.repo. epel.repo is already enabled
  1. vi /etc/yum.repos.d/remi.repo
Change the line 'enabled=0' to 'enabled=1'. Just the first instance - we don't want to enable the testing repositories. Now we can install the Zend Server phpMyAdmin extension
  1. yum install phpmyadmin-zend-server-php-5.3
And configure it, by copying the sample config to a live one and setting the passphrase:
  1. cp /usr/local/zend/gui/lighttpd/htdocs/phpmyadmin/config.sample.inc.php /usr/local/zend/gui/lighttpd/htdocs/phpmyadmin/config.inc.php
  2. vi /usr/local/zend/gui/lighttpd/htdocs/phpmyadmin/config.inc.php
Find the line near the top that reads "$cfg['blowfish_secret'] = " and add a passphrase. Something random and complicated. Save and exit. As this is a remote server, we also need to reconfigure a default security setting that will only allow us access from the localhost.
  1. vi /usr/local/zend/gui/lighttpd/etc/lighttpd.conf
Search for 'phpmyadmin' and you should find the following code block:
$HTTP["remoteip"] !~ "127.0.0.1" {
  $HTTP["url"] =~ "^/phpmyadmin/" {
    url.access-deny = ( "" )
    server.errorfile-prefix = "//usr/local/zend/gui/lighttpd/share/lighttpd-custom-errors/errorcode-"
  }
}
To disable the security completely, you can simply comment out this block. Alternatively, just replace the IP Address with your own. Finally, we need to add Zend's bin and lib directories to the system path and restart Zend.
  1. vi /etc/profile
Add the following lines to the very end of this file:
PATH=$PATH:/usr/local/zend/bin
LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/usr/local/zend/lib
Save and exit - then read the new profile in to memory and restart Zend:
  1. source /etc/profile
  2. zendctl.sh restart

Configure the firewall using IPTables

To explain how IPTables works with all the possible options is beyond the scope of this document. However, there is an excellent introduction to the topic here: http://wiki.centos.org/HowTos/Network/IPTables.
I have attached a shell script called iptables.sh that can be used to configure a simple but secure setup that will allow access to only SSH, Apache and Zend. The script is based on the documentation in the Centos Wiki I linked to above, so it should be easy to understand.
Create the script by pasting the code below to /usr/sbin using vi. vi /usr/sbin/iptables.sh
#!/bin/bash
#
# iptables example configuration script
#
# Flush all current rules from iptables
#
 iptables -F
#
# Allow SSH connections on tcp port 22
# This is essential when working on remote servers via SSH to prevent locking yourself out of the system
#
 iptables -A INPUT -p tcp --dport 22 -j ACCEPT
#
# Allow access to Zend Server default ports (http and https)
#
 iptables -A INPUT -p tcp --dport 10081:10082 -j ACCEPT
#
# Allow access to apache (http and https)
#
 iptables -A INPUT -p tcp --dport 80 -j ACCEPT
 iptables -A INPUT -p tcp --dport 443 -j ACCEPT
#
# Set default policies for INPUT, FORWARD and OUTPUT chains
#
 iptables -P INPUT DROP
 iptables -P FORWARD DROP
 iptables -P OUTPUT ACCEPT
#
# Set access for localhost
#
 iptables -A INPUT -i lo -j ACCEPT
#
# Accept packets belonging to established and related connections
#
 iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
#
# Save settings
#
 /sbin/service iptables save
#
# List rules
#
 iptables -L -v
Give the root user execute permissions on the file:
  1. chown root iptables.sh
  2. chmod u+x iptables.sh
And run the script:
  1. ./iptables.sh
The script should load the new configuration and then print out the new ruleset. To test that it has worked, simply try and access the Zend control panel, which is blocked by default.
http://yourip:10081
You should see the Zend control panel here and be able to proceed to configuring your Zend installation.

Configure localtime and ntpd

  1. yum install -y ntp
  2. cd /etc
  3. ln -sf /usr/share/zoneinfo/GB localtime
  4. chkconfig ntpd on
  5. ntpdate pool.ntp.org
  6. service ntpd start

Configure your hostname

Rather than just running your server under an IP address, you should also configure a hostname. For this example, we will assume that your server IP address is 46.10.11.12 and you have pointed host.my-server.net at that IP address.
  1. vi /etc/hosts
Add your hostname into this file, along with the localhost directive as follows: 127.0.0.1 localhost.localdomain localhost 46.10.11.12 host.mydomain.net host
The order of the names is actually really important here if you want to install sendmail later. Sendmail wants to see the fully qualified names first, otherwise you will experience massive latency every time you restart the server or need to send emails.
Next, set the hostname:
  1. vi /etc/sysconfig/network
Enter your fqdn on the second line: HOSTNAME=host.my-server.net
Save and exit. Then restart the network service.
  1. service network restart
at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Start and Stop ssh-agent

Below is the bash script used to start and stop ss-agent #!/bin/bash ## in .bash_profile SSHAGENT=`which ssh-agent` SSHAGENTARGS="...