A client of mine just purchased hosting services from 1and1.com and wants me to do web development for him. Initially he signed up for the MS package, but I requested that he change to Linux. The MS package was nice, it came with .NET and all that good stuff, but I am on the go most of the time and every machine I sit at will not have VS.NET waiting for me. The ability to SSH is avaliable on most computers I do work on. This for me will be the best option for now as I can just ssh from where I am and do updating.
Manually I had to transfer all the files from the MS host (the initial service) to my machine which will be transerfed to the Linux host (the new service) once I have my ssh account customized the way I need it.
I need the following files:
- .cshrc
- .vimrc
- .screenrc
I need the following directories:
- phpMyAdmin/
- Backups/
- home/
Just realized this is going to be annoying!!! I HATE how this HOST does not allow you to change their cryptic usernames! I have to use usernames like 34asfa243asf! And their passwords look just the same!
Created one out of three databases to make sure database creation works like I expect. The same problem here even the names of the database created look like password and cannot be changed. The best thing for me to do is just create a log file on the server and document which database I am using and for what reason/application.
-Downloaded phpMyAdmin to work with the one out of three databases only.
-created an .htaccess to protect the database
Thursday, August 12, 2004
Wednesday, August 11, 2004
Setting up Apache2/mod_php/mod_ssl ....
Excellent Guide: http://www.bsdguides.org/guides/freebsd/webserver/apache_ssl_php_mysql.php
Post Notes on Apache (2.0.50):
Since 2.0.49_2, to run apache www server from startup, add apache2_enable="YES"
in your /etc/rc.conf.
Available variables you add/set to /etc/rc.conf.
- apache2_enable (bool): Set to "NO" by default.
Set it to "YES" to enable apache2.
- apache2ssl_enable (bool): Set to "NO" by default.
Set it to "YES" to start apache with SSL
(if exists in httpd.conf).
- apache2limits_enable (bool):Set to "NO" by default.
Set it to yes to run `limits $limits_args`
just before apache starts.
- apache2_flags (str): Set to "" by default.
Extra flags passed to start command.
- apache2limits_args (str): Default to "-e -C daemon"
Arguments of pre-start limits run.
Apache2 Installed OK and I added the following to /etc/rc.conf
### Start-up Options for Apache2 ############
apache2_enable="YES"
apache2ssl_enable="YES"
Manually creating the directories for SSL if they do not already exists:
$> mkdir /usr/local/etc/apache2/ssl.key
$> mkdir /usr/local/etc/apache2/ssl.crt
$> chmod 0700 /usr/local/etc/apache2/ssl.key
$> chmod 0700 /usr/local/etc/apache2/ssl.crt
Installing MySQL (mysql-server-4.0.20)
$> cd /usr/ports/databases/mysql40-server
$> make install WITH_OPENSSL=yes distclean
Added group "mysql".
Added user "mysql".
# Personal Note: Remember to change the password for mysql user root.
Next I will install mod_php4 and mod_php5
Note: Make sure to check the OpenSSL box and leave the rest of the
default values alone.
$> cd /usr/ports/www/mod_php4
$> make install distclean
$> cd /usr/ports/lang/php4-extensions
$> make install distclean
I just realized that I can not install both mod_php4 and mod_php5 because of the following error:
===> mod_php5-5.0.0_2,1 conflicts with installed package(s):
mod_php4-4.3.8_2,1
They install files into the same place.
Please remove them first with pkg_delete(1).
*** Error code 1
Stop in /usr/ports/www/mod_php5.
*** Error code 1
Stop in /usr/ports/www/mod_php5.
So, for now I'll just stick with mod_php4 and its extensions
$> cd /usr/ports/www/mod_php5
$> make install distclean
$> cd /usr/ports/lang/php5-extensions
$> make install distclean
Edit Apache's configuration file after all the "LoadModule" lines:
AddType application/x-httpd-php .php
AddType application/x-httpd-php-source .phps
Certificate Creation:
----------------------
Change to root's dir and issue the following:
$> mkdir SSLCertificates
$> cd SSLCertificates
$> opensll genrsa -des3 -out server.key 1024
From the above key we created we then need to make a certificate signing Request (CSR)
from the keys we just created.
$> openssl req -new -key server.key -out server.csr
After the above command use the same password used during CSR
Fill out all neccessary information required.
Now we need to sign our certificate
$> openssl x509 -req -days 365 -in server.csr signkey server.key -out server.crt
The above signs and makes our certificate valid for 365 days. Now the files need to be
copied to the appropiate directories.
$> cp server.key /usr/local/etc/apache2/ssl.key/
$> cp server.crt /usr/local/etc/apache2/ssl.crt/
$> chmod 0400 /usr/local/etc/apache2/ssl.key/server.key
$> chmod 0400 /usr/local/etc/apache2/ssl.key/server.crt
The following windows were open with these links before I rebooted!
http://bsdvault.net/sections.php?op=viewarticle&artid=78
http://bsdvault.net/sections.php?op=viewarticle&artid=82
http://bsdvault.net/sections.php?op=viewarticle&artid=105
http://www.tao.ca/
Post Notes on Apache (2.0.50):
Since 2.0.49_2, to run apache www server from startup, add apache2_enable="YES"
in your /etc/rc.conf.
Available variables you add/set to /etc/rc.conf.
- apache2_enable (bool): Set to "NO" by default.
Set it to "YES" to enable apache2.
- apache2ssl_enable (bool): Set to "NO" by default.
Set it to "YES" to start apache with SSL
(if
- apache2limits_enable (bool):Set to "NO" by default.
Set it to yes to run `limits $limits_args`
just before apache starts.
- apache2_flags (str): Set to "" by default.
Extra flags passed to start command.
- apache2limits_args (str): Default to "-e -C daemon"
Arguments of pre-start limits run.
Apache2 Installed OK and I added the following to /etc/rc.conf
### Start-up Options for Apache2 ############
apache2_enable="YES"
apache2ssl_enable="YES"
Manually creating the directories for SSL if they do not already exists:
$> mkdir /usr/local/etc/apache2/ssl.key
$> mkdir /usr/local/etc/apache2/ssl.crt
$> chmod 0700 /usr/local/etc/apache2/ssl.key
$> chmod 0700 /usr/local/etc/apache2/ssl.crt
Installing MySQL (mysql-server-4.0.20)
$> cd /usr/ports/databases/mysql40-server
$> make install WITH_OPENSSL=yes distclean
Added group "mysql".
Added user "mysql".
# Personal Note: Remember to change the password for mysql user root.
Next I will install mod_php4 and mod_php5
Note: Make sure to check the OpenSSL box and leave the rest of the
default values alone.
$> cd /usr/ports/www/mod_php4
$> make install distclean
$> cd /usr/ports/lang/php4-extensions
$> make install distclean
I just realized that I can not install both mod_php4 and mod_php5 because of the following error:
===> mod_php5-5.0.0_2,1 conflicts with installed package(s):
mod_php4-4.3.8_2,1
They install files into the same place.
Please remove them first with pkg_delete(1).
*** Error code 1
Stop in /usr/ports/www/mod_php5.
*** Error code 1
Stop in /usr/ports/www/mod_php5.
So, for now I'll just stick with mod_php4 and its extensions
$> cd /usr/ports/www/mod_php5
$> make install distclean
$> cd /usr/ports/lang/php5-extensions
$> make install distclean
Edit Apache's configuration file after all the "LoadModule" lines:
AddType application/x-httpd-php .php
AddType application/x-httpd-php-source .phps
Certificate Creation:
----------------------
Change to root's dir and issue the following:
$> mkdir SSLCertificates
$> cd SSLCertificates
$> opensll genrsa -des3 -out server.key 1024
From the above key we created we then need to make a certificate signing Request (CSR)
from the keys we just created.
$> openssl req -new -key server.key -out server.csr
After the above command use the same password used during CSR
Fill out all neccessary information required.
Now we need to sign our certificate
$> openssl x509 -req -days 365 -in server.csr signkey server.key -out server.crt
The above signs and makes our certificate valid for 365 days. Now the files need to be
copied to the appropiate directories.
$> cp server.key /usr/local/etc/apache2/ssl.key/
$> cp server.crt /usr/local/etc/apache2/ssl.crt/
$> chmod 0400 /usr/local/etc/apache2/ssl.key/server.key
$> chmod 0400 /usr/local/etc/apache2/ssl.key/server.crt
The following windows were open with these links before I rebooted!
http://bsdvault.net/sections.php?op=viewarticle&artid=78
http://bsdvault.net/sections.php?op=viewarticle&artid=82
http://bsdvault.net/sections.php?op=viewarticle&artid=105
http://www.tao.ca/
Tuesday, August 10, 2004
Use Blowfish for user password not MD5!
It just came to me understanding and attention that I was not using the strongest encryption scheme to encrypt my user passwords. This article from "BSDVault explains how to change the default DES encryption on FreeBSD to Blowfish. By default DES is used when users are added with "adduser" to produce a cipher, which in turn goes through the MD5 function to produce a hash.
Blowfish is said to be extermely strong and that it has yet to be cracked! Here are the procedures I used as I was following the article on BSDValut.net:
$> vim /etc/login.conf
Changed: password_format=md5
To: :passwd_format=blf:$> cap_mkdb /etc/login.conf
$> vim /etc/auth.conf
Added: crypt_default = blf
$> Checking /etc/master.passwd I see:
blowfishuser:$2a$04$tZ8kRFQJ4YU50c9cEYccIu7Z6BtmwB5fpwsE.kl7ogbEwNyQCgG16:
Nice!
Note the "$2a$", which denotes blowfish encryption is being used. This time around the hash in much longer than MD5. So, now when password is use the password will be encrypted with blowfish.
Subscribe to:
Posts (Atom)