Hosting

Information on Web Hosting...

services that are not necessary on a web server

These are some services I would normally turn off on web servers.
NOTE: usage may vary.

  1. gpm -- mouse
  2. mdmonitor -- monitor raid devices
  3. netfs -- nfs, samba etc...
  4. autofs -- automount, nfs, cd etc...
  5. kudzu -- detect new hardware
  6. restorecond -- monitor selinux file context
  7. mcstrans -- mandatory access control selinux translation
  8. messagebus -- routes messages between applications
  9. haldaemon -- maintains database of devices connected

There may be more, but if you've cleaned up your rpm packages, it would probably not exist.

rpm packages not necessary for a web server

Below is a list of rpm packages that are not necessary on a web server. Use it as a reference starting point for cleaning up servers. You may also want to make sure not to run services not required by the server.
NOTE: usage may vary and removal should be in the order listed:

  1. redhat-lsb cups system-config-printer-libs system-config-printer paps -- printer support

  2. system-config-soundcard  -- gui for sound setup

  3. system-config-securitylevel-tui -- gui for setting up security

  4. nfs-utils system-config-nfs nfs-utils-lib -- nfs server

  5. portmap -- manage RPC connections
  6. ypbind yp-tools -- NIS client binding
  7. htmlview  -- view webpages via gui

  8. system-config-services system-config-samba pinfo system-config-users system-config-date -- gui configs

  9. samba samba-client samba-common -- samba support

  10. oprofile oprofile-devel oprofile-gui qt
  11. vnc
  12. libglade2 libgnomecanvas usermode-gtk libbonoboui libgnomeui libglade-java pygtk2-libglade system-config-httpd system-config-network gnome-mount libgnome-java gnome-python2-bonobo gnome-python2-canvas gnome-python2 authconfig-gtk system-config-lvm authconfig-gtk pirut gnome-vfs2 gnome-python2-gnomevfs gnome-python2-gconf libgnome libgsf librsvg2 librsvg2
    ImageMagick
  13. gnome-mime-data gnome-keyring  notify-python

  14. GConf2 notification-daemon bluez-gnome libgconf-java libnotify bluez-utils
  15. libgtk-java libvte-java
  16. pygtk2 system-config-language system-config-rootpassword
  17. vte
  18. libwnck
  19. glib-java cairo-java frysk
  20. libwmf
  21. gtk2
  22. cups-libs

  23. ghostscript ghostscript-fonts

  24. avahi avahi-glib
  25. wpa_supplicant NetworkManager
  26. system-config-rootpassword
  27. system-config-language

  28. system-config-keyboard
  29. system-config-network-tui firstboot-tui
  30. system-config-securitylevel-tui
  31. dhcpv6_client dhcdbd dhclient -- dhcp support

  32. irda-utils -- Infra Red communications
  33. isdn4k-utils -- ISDN
  34. apmd -- laptop power management
  35. cpuspeed -- dynamically changing cpu speed
  36. bluez-libs -- bluetooth
  37. irqbalance -- irq load balancing on multi-cpus (remove only in single cpu situation)
  38. rsh -- unsecure remote access
  39. talk -- internet talk protocol
  40. foomatic -- printer driver database
  41. finger -- finger client
  42. eject -- eject removable media
  43. cvs -- concurrent version control

  44. rcs -- revision control system
  45. dosfstools mkbootdisk -- bootdisk
  46. redhat-menus desktop-file-utils startup-notification -- desktop
  47. ppp rp-pppoe wvdial -- dialup
  48. esound -- sound daemon
  49. pcmciautils -- PCMCIA Cardbus
  50. pcsc-lite coolkey ifd-egate ccid
  51. OpenIPMI net-snmp-libs
  52. ImageMagick-devel -- ImageMagick development package
  53. xorg-x11-devel -- X server development package
  54. acpid -- power management (remove if you don't shutdown using power button)

logging php errors on godaddy hosting

Godaddys' linux hosting allows for editing your own "php.ini" file and enables support for logging errors, good for debugging purposes when developing with php.

Add the below lines to php.ini in the document root, to log all errors:

error_reporting  =  E_ALL
log_errors = on
error_log = /home/content/p/a/t/pathto/html/error_log

You should also protect the php.ini and error_log file via .htaccess:

<FilesMatch "(error_log|php\.ini)$&quot;>
  Order deny,allow
  Deny from all
</FilesMatch>

Build PHP with Freetype on DirectAdmin

Easy way to add freetype support on PHP, on a DirectAdmin hosting environment with Fedora as the OS, is to use the rpm versions of freetype and freetype-devel.

  1. If not installed already:
    # yum install freetype freetype-devel

  2. Edit "/usr/local/directadmin/customapache/configure.php" to include the below lines.
            --with-freetype \
        &nbsp;   --with-freetype-dir=/usr/lib \
        &nbsp;   --enable-gd-native-ttf \

    Note: /usr/lib is the path to the libttf.so .
    # rpm -ql freetype-devel | grep libttf.so

  3. Then run the build:
    # ./build clean
    # ./build php n

  4. If you need to build and update existing packages:
    # ./build clean
    # ./build update
    # ./build all

  5. Check with phpinfo to confirm.

Installing Bugzilla on an ISPConfig site

These are some notes I had taken down during the installation of Bugzilla on a server with ISPConfig hosting control panel:

Requirements:

# yum install mysql-devel gd-devel libpng-devel libjpeg-devel freetype-devel libdbm-devel
# rpm -e mod_perl #else mod_perl2 does not install.

Create Site:

Site was created via the ISPConfig control panel with "web6_bugs" as the admin user and "web6" as the group.

Install:

$ cd /var/www/web6
$ wget http://ftp.mozilla.org/pub/mozilla.org/webtools/bugzilla-3.0.tar.gz
$ tar -xvzf buzilla-3.0.tar.gz
$ mv buzilla-3.0/* web
$ ./checksetup.pl --check-modules
# perl -MCPAN -e 'install AppConfig' #had to force install.
# perl -MCPAN -e 'install Bundle::Bugzilla'
# perl -MCPAN -e 'install GD'  #requires libpng-devel, libjpeg-devel, freetype-devel
$ ./checksetup.pl #Edit the localcofig with the correct database settings.
$ ./checksetup.pl #Re-run anytime if needed, specifically if the file permissions are not correct.
$ chgrp -R apache . #Had to make all files belong to the apache group after re-running checksetup.pl .

Apache with mod_perl need the below directives in httpd.conf:

    PerlSwitches -I/var/www/web6/web -w -T
    PerlConfigRequire /var/www/web6/web/mod_perl.pl

Runs a lot faster, but is a memory hog. Suggested to turn off KeepAlive in apache when running mod_perl.

Crontab Entry:

# Bugzilla
5 0 * * * web6_bugs cd /var/www/web6/web; ./collectstats.pl
55 0 * * * web6_bugs cd /var/www/web6/web; ./whineatnews.pl
*/45 * * * * web6_bugs cd /var/www/web6/web; ./whine.pl

Hosting multiple domains pointed to the same web-space

Place the snippet of code in an index.php file to pull up a different web page for each domain pointed to the same web-space.

<?
$serverName = $HTTP_HOST;
$serverName = str_replace("www.",&quot;",$serverName);
$serverName = str_replace(".com",&quot;",$serverName);
$serverName = str_replace(".net",&quot;",$serverName);
$serverName = str_replace(".org",&quot;",$serverName);
if (!(empty($serverName))) {
   include("./".$serverName.".html");
}
?>

Enabling quotas for users

Check to make sure the quota package is installed, else run:

# yum install quota


Edit "/etc/fstab" and add "usrquota,grpquota" to the / partition:

LABEL=/    /    ext3    defaults,usrquota,grpquota&nbsp;   1 1


Then run:

# mount -o remount /
# quotacheck -avugm
# quotaon -avugm


To check quotas for all users:
# repquota -a


To edit quota for a particular user:
# edquota -u <user>


Alternately use setquota:
# setquota <softlimit> <hardlimit> 0 0 <user>

New Hosting Server Checklist

Below are some basic guidelines on setting up new hosting servers. This is only a point of reference to begin with and you should know what you are doing, else it is highly advisable to get an expert to work on setting up and securing the server:

Synopsis:

  • Scan server with tools such as netstat, nmap, nessus etc...
  • Disable services not required.
  • Remove packages not required.
  • Update all other packages.
  • Secure Incoming and Outgoing ports.
  • Move SSH to a different port and disable direct root login.
  • Enable Antidos and BruteForce Detection.
  • Scan for rootkits and setup daily reporting.
  • Secure tmp and tmpfs.
  • Secure binaries, paths and profiles.
  • Secure Apache and PHP, and cofigure to expose minimum info about the applications used.
  • Secure Ftp via TLS/SSL connection.
  • ...

Migrating sites between DirectAdmin servers

These are some basic notes for reference just in case I need to do the migration thing again!!!

Steps taken on the old server

  1. Created a new reseller account.

  2. Created sites in the new reseller account as domain.com2 for the domains that needed to be migrated. DA won't let you add the same name twice, which is why I used a different one for the time being. Doing this will setup all the required files/paths needed to use the website.

  3. Copied the files to the new domain.
    # cp -pR /home/olduser/domains/domain.com/* /home/newuser/domains/domain.com2/
    # chown -R newuser:newuser /home/newuser/domains/domain.com2
  4. Did a search for the old file path and updated it to the new file path.
    # for x in `find /home/newuser/domains/*/public_html -type f -print0 | xargs --null grep -l /home/olduser`; do perl -pi.bak -e 's/\/home\/olduser/\/home\/newuser/g' $x ; done
  5. Swapped around the the email folders.
    # cd /etc/virtual
    # mv domain.com domain.com.tmp
    # mv domain.com2 domain.com
    # mv domain.com.tmp domain.com2
  6. Copied over the imap files. Any data in /home/olduser/imap needed to be copied over. There will also be permission issues as well, but can be fixed afterwards with the set_permissions.sh script.

  7. Changed user for the imap files.
    # find /home/newuser/imap -user olduser | xargs chown newuser:newuser
  8. Renamed the existing domains with a suffix of ".old".

  9. Renamed the new domains to domain.com from domain.com2.

  10. Logged in as reseller and created a backup.

  11. Created a script and dumped out single databases.
    #!/bin/bash
    # dbExport.sh

    OLD_DB=(
    db1
    db2
    db3
    ...
    )

    for ((i=0; i<${#OLD_DB[@]}; i++))
    do
      mysqldump --opt -u root --password={psswd} ${OLD_DB[$i]} > ./db/${OLD_DB[$i]}.db
    done
  12. Did a search and created a list of folders with 777 permission set.
    # find /home/newuser/domains -perm 0777 -type d > 777.txt
  13. Setup dns for each domain with a www1 A record to point to the new server IP. Better solution, would be to edit the local hosts file for testing purpose.

Types of Web Hosting Service

  1. Free web hosting service: is free, (sometimes) advertisement-supported web hosting, and is extremely limited when compared to paid hosting.
  2. Shared web hosting service: one's Web site is placed on the same server as many other sites, ranging from a few to hundreds or thousands. Typically, all domains may share a common pool of server resources, such as RAM and the CPU.
  3. Reseller web hosting: allows clients to become web hosts themselves. Resellers could function, for individual domains, under any combination of these listed types of hosting, depending on who they are affiliated with as a provider.
  4. Virtual Dedicated Server: slicing up a server into virtual servers. each user feels like they're on their own dedicated server, but they're actually sharing a server with many other users.
  5. Dedicated hosting service: the user gets his or her own Web server and gains full control over it (root access for Linux/administrator access for Windows); however, the user typically does not own the server.
  6. Colocation web hosting service: similar to the dedicated web hosting service, but the user owns the server; the hosting company provides physical space that the server takes up and takes care of the server. This is the most powerful and expensive type of the web hosting service. In most cases, the colocation provider may provide little to no support directly for their client's machine, providing only the electrical, Internet access, and storage facilities for the server.
  7. Clustered hosting: having multiple servers hosting the same content for better resource utilization.
Comment