Browsing articles tagged with Scripts

Install Apache on CentOS v5 x86/64-bit

May 23, 2011   //   by demon   //   Tech  //  0 Comments
I have built a few Linux web servers, running on CentOS with the LAMP design – the A being Apache, and the P for PHP. Any server running web server software and web frameworks needs to have security in mind, right from the install, configuration and use.
Here is my breakdown of the install, configuration and hardening that might be of use to others. See the following posts on how to install CentOS on Hyper-V to get a secure O/S environment setup. You can also catch my previous posts regarding installing, backing up and optimising MySQL on CentOS.
Step one is to obviously get Apache installed and started up:
  • yum install -y httpd
  • chkconfig –level 2345 httpd on
  • service httpd start
Step two is to get PHP and the necessary modules installed:
  • yum install php php-mysql php-common php-gd php-mbstring php-mcrypt
    php-devel php-xml
Now restart the Apache service to put the new changes in to effect:
  • service httpd restart
Apache and PHP are now installed, and the service is started. Now we need to create our web server folder structure for own one/multiple websites. Assume our first website is for a domain called mydomain.com:
  • mkdir /var/www/vhosts
  • mkdir /var/www/ vhosts/mydomain.com
  • mkdir /var/www/ vhosts/mydomain.com/httpdocs
  • mkdir /var/www/ vhosts/mydomain.com/logs
Next step, is for a little bit of security. When you visit the base public IP address of the server, you will see a default Apache welcome page. I prefer to turn this off by commenting out the configuration file for this:
  • vi /etc/httpd/conf.d/welcome.conf
  • <Comment out all the lines with a #>
Now we need to configure the Apache httpd.conf configuration file. The configuration file is quite long, so I have only added the lines that I edit (you will need to search!):
  • vi /etc/httpd/conf/httpd.conf
  • AddType application/x-httpd-php .php
  • AddType application/x-httpd-php-source .phps
  • NameVirtualHost <PublicIPAddress>
  • <VirtualHost PublicIPAddress>
  • ServerAdmin email@domain.com
  • ServerAlias www.mydomain.com
  • ServerName mydomain.com:80
  • UseCanonicalName Off
  • DocumentRoot /var/www/vhosts/mydomain.com/httpdocs
  • CustomLog /var/www/vhosts/mydomain.com/logs/access_log common
  • ErrorLog /var/www/vhosts/mydomain.com/logs/error_log
  • DirectoryIndex index.php
  • </VirtualHost>
Now restart the Apache service to put the new changes in to effect:
  • service httpd restart
If the service fails to restart then you probably have a spelling mistake in your configuration. Use the following command to check there are no errors with your new configuration:
  • /usr/sbin/apachectl configtest

Log management is the next step, as unmaintained log files can grow and grow and if your website becomes exceptionally busy then these can eat up in to the server’s disk space:

  • vi /etc/logrotate.d/httpd/vhosts
  • /var/www/vhosts/somethingisaw.co.za/logs/*log {
  • monthly
  • rotate 12
  • compress
  • missingok
  • notifempty
  • sharedscripts
  • postrotate
  • /sbin/service httpd reload > /dev/null 2>/dev/null || true
  • endscript
  • }

And that is that. You will need to open TCP port 80 in your firewall for incoming traffic. Apache should take care of the permissions, inheriting them from the /var/www/ folder when Apache was installed. There is a lot more reading online on how to further secure this.

The following scripts below, are simple backup scripts to backup local copies of the website content on a regular basis:

  • mkdir /home/backups/vhosts/
  • cd /home/scripts
  • vi vhosts_backup_all.sh
  • #!/bin/sh
  • tar -cvzpf /home/backups/vhosts/vhosts_backup_all.tgz /var/www/vhosts/

We must set the permissions on the script so that it can be executed:

  • chmod u+x vhosts_backup_all.sh

I create a backup each day of the week (I haven’t written a script to rotate the backups yet), and then edit crontab to run them on a daily basis:

  • vi /etc/crontab
  • 0 6 * * * root /home/scripts/vhosts_backup_all.sh
Tags: , , ,

Optimise MySQL on CentOS v5 x86/64-bit

May 19, 2011   //   by demon   //   Tech  //  0 Comments

The final step in this MySQL series of posts (read the Install and Backup posts), is the regular optimisation of MySQL.

The my.cnf file has a lot of options that will enable you to customise your MySQL environment to the hardware available and the demand it receives. There are some very good performance monitoring scripts available that will run diagnostics against the MySQL server and offer advice on how to enhance your MySQL configuration.

I had MySQL databases running in one database environments and others in Shared Hosting with multiple environments, so I would set these scripts to run weekly and provide me with the necessary advice to continually optimise the performance.

First step, is to download the performance script and set the execute permissions:

  • cd /home/scripts
  • wget mysqltuner.pl
  • chmod u+x mysqltuner.pl.pl

We can run the above script, and it will provide the necessary diagnostics. However, that is a manual task and we want to automate the script to run weekly and send us an email with the results:

  • vi mysql_tuner_weekly.sh
  • #!/bin/sh
  • /home/scripts/mysqltuner.pl –user mysql-local –pass <Password> > /home/scripts/mysqltuner.log
  • cat /home/scripts/mysqltuner.log | mail -s “MySQL Tuner Log” email@domain.com
  • rm -rf /home/scripts/mysqltuner.log

The above script calls the mysqltuner.pl Perl script, providing the authentication to connect to the local MySQL instance. It will run the diagnostics, outputting the results to the mysqltuner.log file. This file is then emailed off to email@domain.com and the script then does housekeeping by remove the log file.

This script will not run on Windows, so if you want to optimise a Windows instance of MySQL, you need to use the following script:

  • #!/bin/sh
  • /home/scripts/mysqltuner.pl –host <RemoteServerFQDN> –port <RemoteMySQLPort> –forcemem <RemoteServerRAM> –user mysql-public –pass <Password> > /home/scripts/mysqltuner.log
  • cat /home/scripts/mysqltuner.log | mail -s “<RemoteServerFQDN> MySQL Tuner Log” email@domain.com
  • rm -rf /home/scripts/mysqltuner.log

I actually had a management server that had one script, connecting to all the Windows instances of MySQL and a script running locally on all the Linux instances.

Final step is to now schedule the script to run daily at 21:30:

  • vi /etc/crontab
  • 0 6 * * 0 root /home/scripts/mysql_tuner_weekly.sh

I would allow your MySQL server to run for a few days before you first run the script, so that MySQL can generate some stats for the scripts to analye. You will find that the first time it runs, you will get a lot of options to update in my.cnf, but after that, it die down.

Another performance script is available:

  • wget http://www.day32.com/MySQL/tuning-primer.sh

However, it only ever ran it locally because the output to email was too messy and I couldn’t get clean results. However, it is very useful to keep and run when running heavy performance diagnostics on the local MySQL server.

Tags: , , ,

Backup MySQL on CentOS v5 x86/64-bit

May 19, 2011   //   by demon   //   Tech  //  2 Comments

My previous post ran through the steps to install, configure and secure MySQL on CentOS. This post will run through some steps to keep your MySQL installation backed up.

First up, login as root and create a location to store local backups as well as a location to store our backup scripts:

  • mkdir /home/backups
  • mkdir /home/backups/mysql
  • mkdir /home/scripts

We don’t need to reinvent the wheel and there are excellent backup scripts available with regular backup rotation features built in, freely available on the Internet:

  • cd /home/scripts
  • wget “http://sourceforge.net/projects/automysqlbackup/files/AutoMySQLBackup/AutoMySQLBackup
    VER 2.5/automysqlbackup-2.5.1-01.sh”
  • mv automysqlbackup-2.5.1-01.sh mysql_backup_all_daily.sh
  • chmod u+x *.sh

The last two commands above rename the backup script to something a little more friendly, and then set the required permissions for the script to be executed.

We can now customise the script to connect to our MySQL instance and back up the databases:

  • vi mysql_backup_all_daily.sh
  • USERNAME=mysql-local
  • PASSWORD=<Password>
  • BACKUPDIR=”/home/backups/mysql”
  • MAILADDR=”email@domain.com

The above configurations will essentially back up the local MySQL instance to /home/backups/mysql and then send an email to you, informing you of the completion success/failure of the backup. The script has notes inside that will allow you to customise more features such as emailing you the backups, selecting databases to backup, etc.

Final step is to now schedule the script to run daily at 21:30:

  • vi /etc/crontab
  • 30 21 * * * root /home/scripts/mysql_backup_all_daily.sh

The script will retain a backup for every day, a week and a month, and will rotate these backups for you. Nice!

You can run this script from a remote backup server, but you will need to ensure you open the necessary firewall ports and use the mysql-public account for remote access.

Tags: , , , ,