There are plenty of reasons you would need to add secondary IP addresss (and everyone agrees that SEO is not one of them). Getting a secondary IP address is a simple process if it is done for the right reasons and done correctly. You do NOT need additional NIC cards but you will be creating virtual adapters as the secondary IP will be routing through the primary IP.

Also, this is a great thing to do at home as I’ve done it to run multiple internal IP addresses on one server to run multiple applications across the same ports (for KISS** sake). Please note that I am doing this is in a virtual testing environment so your settings will definitely be different.

** KISS = Keep It Stupid Simple **

You will need to be the root user and navigate to your /etc/sysconfig/network-scripts

 # cd /etc/sysconfig/network-scripts

When getting a list of files in the directory you will see “ifcfg-eth0” (or eth1 if you’re doing it for a different adapter)

 # ls -l | grep ifcfg-eth
-rw-r--r-- 1 root root   119 Jan 11 19:16 ifcfg-eth0
-rw-r--r-- 1 root root   119 Jan  3 08:45 ifcfg-eth0.bak
-rw-r--r-- 1 root root   119 Feb 24 04:34 ifcfg-eth1
-rw-r--r-- 1 root root   128 Jan 19 18:20 ifcfg-eth1.bak

Now adding the virtual adapters is easy. Basically if the main adapter is called “eth0” you have to call the next (virtual) adapter in a sequential order like so:

  • ifcfg-eth0 (primary adapter, physical)
  • ifcfg-eth0:1 (first virtual adapter to the physical primary adapter)
  • ifcfg-eth0:2 (second virtual adapter to the physical primary adapter)
  • and so on…

That being said, lets go ahead and copy our primary adapter configuration file and name it to be the first virtual adapter for the physical primary:

 # cp ifcfg-eth0 ifcfg-eth0:1
# ls -l | grep ifcfg-eth
-rw-r--r-- 1 root root   119 Jan 11 19:16 ifcfg-eth0
-rw-r--r-- 1 root root   119 Feb 24 08:53 ifcfg-eth0:1
-rw-r--r-- 1 root root   119 Jan  3 08:45 ifcfg-eth0.bak
-rw-r--r-- 1 root root   119 Feb 24 04:34 ifcfg-eth1
-rw-r--r-- 1 root root   128 Jan 19 18:20 ifcfg-eth1.bak

Now, we have to configure this virtual adapter to be: a static IP (of course), no hardware address (MAC), configure netmask and of course rename the device.

 # vim ifcfg-eth0:1
DEVICE=eth0:1
BOOTPROTO=static
ONBOOT=yes
IPADDR=10.1.1.2
NETMASK=255.255.255.0

There is no need to specify a MAC address as it is a virtual adapter and there is also no need to specify a default gateway as it is already routed through the primary adapter. Basically there are only four things that you will need to change:

  • File name for the adapter itself
  • DEVICE=<device name> (should correspond with the file name)
  • IPADDR=<ip address>
  • NETMASK=<netmask>

Afterwards, just restart the networking service:

 # service network restart

That’s it; lets check ifconfig to make sure the virtual adapter is there and working:

 # ifconfig eth0:1
eth0:1    Link encap:Ethernet  HWaddr 08:00:27:ED:05:B7
inet addr:10.1.1.2  Bcast:10.1.1.255  Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

# ping 10.1.1.2
PING 10.1.1.2 (10.1.1.2) 56(84) bytes of data.
64 bytes from 10.1.1.2: icmp_seq=1 ttl=64 time=0.073 ms
64 bytes from 10.1.1.2: icmp_seq=2 ttl=64 time=0.042 ms
64 bytes from 10.1.1.2: icmp_seq=3 ttl=64 time=0.029 ms
64 bytes from 10.1.1.2: icmp_seq=4 ttl=64 time=0.029 ms
--- 10.1.1.2 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 2999ms
rtt min/avg/max/mdev = 0.029/0.043/0.073/0.018 ms

Per Steven’s comment: a second note. If you’re not sure if you’ve done it right and you do not want to restart the entire network server, you can use the following:

 # ifup eth0:1

The virtual network (virbr0) used for Network address translation (NAT) which allows guests to access to network services. However, NAT slows down things and only recommended for desktop installations. To disable Network address translation (NAT) forwarding type the following commands:

Display Current Setup

Type the following command:
# ifconfig
Sample outputs:

virbr0    Link encap:Ethernet  HWaddr 00:00:00:00:00:00
          inet addr:192.168.122.1  Bcast:192.168.122.255  Mask:255.255.255.0
          inet6 addr: fe80::200:ff:fe00:0/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:39 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 b)  TX bytes:7921 (7.7 KiB)

Or use the following command:
# virsh net-list
Sample outputs:

Name                 State      Autostart
-----------------------------------------
default              active     yes

To disable virbr0, enter:
# virsh net-destroy default
# virsh net-undefine default
# service libvirtd restart
# ifconfig 

Mondo Rescue is an open source, free disaster recovery and backup utility that allows you to easily create complete system (Linux or Windows) Clone/Backup ISO Images to CD, DVD, Tape, USB devices, Hard Disk, and NFS. And can be used to quickly restore or redeploy working image into other systems, in the event of data loss, you will be able to restore as much as entire system data from backup media.

Mondo program is available freely for download and released under GPL (GNU Public License) and has been tested on a large number of Linux distributions.

This article describes Mondo installation and usage of Mondo Tools to backup of your entire systems. The Mondo Rescue is a Disaster Recovery and Backup Solutions for System Administrators to take full backup of their Linux and Windows file system partitions into CD/DVD, Tape, NFS and restore them with the help of Mondo Restore media feature that uses at boot-time.

Installing MondoRescue on RHEL / CentOS / Scientific Linux

The latest Mondo Rescue packages (current version of Mondo is 3.0.3-1) can be obtained from the “MondoRescue Repository“. Use “wget” command to download and add repository under your system. The Mondo repository will install suitable binary software packages such as afio, buffer, mindi, mindi-busybox, mondo and mondo-doc for your distribution, if they are available.

For RHEL/CentOS/SL 6,5,4 – 32-Bit

Download the MondoRescue repository under “/etc/yum.repos.d/” as file name “mondorescue.repo“. Please download correct repository for your Linux OS distribution version.

 # cd /etc/yum.repos.d/

## On RHEL/CentOS/SL 6 - 32-Bit ##
# wget ftp://ftp.mondorescue.org/rhel/6/i386/mondorescue.repo

## On RHEL/CentOS/SL 5 - 32-Bit ##
# wget ftp://ftp.mondorescue.org/rhel/5/i386/mondorescue.repo

## On RHEL/CentOS/SL 4 - 32-Bit ##
# wget ftp://ftp.mondorescue.org/rhel/4/i386/mondorescue.repo

For RHEL/CentOS/SL 6,5,4 – 64-Bit

 # cd /etc/yum.repos.d/

## On RHEL/CentOS/SL 6 - 64-Bit ##
# wget ftp://ftp.mondorescue.org/rhel/6/x86_64/mondorescue.repo

## On RHEL/CentOS/SL 5 - 64-Bit ##
# wget ftp://ftp.mondorescue.org/rhel/5/x86_64/mondorescue.repo

## On RHEL/CentOS/SL 4 - 64-Bit ##
# wget ftp://ftp.mondorescue.org/rhel/4/x86_64/mondorescue.repo

Once you successfully added repository, do “yum” to install latest Mondo tool.

 # yum install mondo

Installing MondoRescue on Debian / Ubuntu / Linux Mint

Debian user’s can do “wget” to grab the MondoRescue repository for Debain 6 and 5 distributions. Run the following command to add “mondorescue.sources.list” to “/etc/apt/sources.list” file to install Mondo packages.

On Debian

 ## On Debian 6 ##
# wget ftp://ftp.mondorescue.org/debian/6/mondorescue.sources.list
# sh -c "cat mondorescue.sources.list >> /etc/apt/sources.list" 
# apt-get update 
# apt-get install mondo
 ## On Debian 5 ##
# wget ftp://ftp.mondorescue.org/debian/5/mondorescue.sources.list
# sh -c "cat mondorescue.sources.list >> /etc/apt/sources.list" 
# apt-get update 
# apt-get install mondo

On Ubuntu/Linux Mint

To install Mondo Rescue in Ubuntu 12.10, 12.04, 11.10, 11.04, 10.10 and 10.04 or Linux Mint 13, open the terminal and add the MondoRescue repository in “/etc/apt/sources.list” file. Run these following commands to install Mondo Resuce packages.

 # wget ftp://ftp.mondorescue.org/ubuntu/`lsb_release -r|awk '{print $2}'`/mondorescue.sources.list
# sh -c "cat mondorescue.sources.list >> /etc/apt/sources.list" 
# apt-get update 
# apt-get install mondo

Creating Cloning or Backup ISO Image of System/Server

After installing Mondo, Run “mondoarchive” command as “root” user. Then follow screenshots that shows how to create an ISO based backup media of your full system.

 # mondoarchive

Welcome to Mondo Rescue

Mondo Rescue Welcome Screen

Mondo Rescue Welcome Screen


Please enter the full path name to the directory for your ISO Images. For example: /mnt/backup/

Mondo Rescue Storage Directory

Mondo Rescue Storage Directory

Select Type of compression. For example: bzip, gzip or lzo.

Select Type of Compression

Select Type of Compression

Select the maximum compression option.

Mondo Rescue Compression Speed

Select Compression Speed

Please enter how large you want each ISO image in MB (Megabytes). This should be less than or equal to the size of the CD-R(W)’s (i.e. 700) and for DVD’s (i.e. 4480).

Mondo Rescue ISO Size

Define Mondo Rescue ISO Size

Please give a name of your ISO image filename. For example: tecmint1 to obtain tecmint-[1-9]*.iso files.

Mondo Rescue Prefix

Enter Name of Mondo Rescue

Please add the filesystems to backup (separated by “|“). The default filesystem is “/” means full backup.

Mondo Rescue Backup Paths

Enter Backup Paths

Please exclude the filesystem that you don’t want to backup (separated by “|“). For example: “/tmp” and “/proc” are always excluded or if you want full backup of your system, just hit enter.

Mondo Rescue Exclude Paths

Enter Exclude File System

Please enter your temporary directory path or select default one.

Mondo Rescue Temporary  Directory

Enter Temporary Directory Name

Please enter your scratch directory path or select default one.

Mondo Rescue Scratch  Directory Name

Enter Scratch Directory Name

If you would like to backup extended attributes. Just hit “enter“.

Mondo Rescue Extended Backup

Enter Extended Backup Attributes

If you want to Verify your backup, after mondo has created them. Click “Yes“.

Mondo Rescue Verify Backups

Verify Backups

If you’re using stable standalone Linux Kernel, click “Yes” or if you using other Kernel say “Gentoo” or “Debain” hit “No“.

Mondo Rescue Kernel

Select Stable Linux Kernel

Click “Yes” to proceed further.

Mondo Rescue Backup Process

Proceed Cloning Process

Creating a catalog of “/” filesystem.

Mondo Rescue Making Catalog

Creating Catalog for File System

Dividing filelist into sets.

Mondo Rescue Dividing File List

Dividing File List

Calling MINDI to create boot+data disk.

Mondo Rescue Boot Data Disk

Creating Boot Data Disk

Backing up filesytem. It may take a couple of hours, please be patient.

Mondo Rescue Backup Filesystem

Backing up File System

Backing up big files.

Mondo Rescue Big Files Backup

Big Files Backup

Running “mkisofs” to make ISO Image.

Mondo Rescue Creating ISO

Making ISO Image

Verifying ISO Image tarballs.

Mondo Rescue Verify ISO

Verify ISO

Verifying ISO Image Big files.

Mondo Rescue Verify Big Files

Verify Big Files

Finally, Mondo Archive has completed. Please hit “Enter” to back to the shell prompt.

Mondo Rescue Backup Completed

Backup Completed

If you’ve selected default backup path, you will see an ISO image under “/var/cache/mondo/“, that you can burnt into a CD/DVD for later restore.

To restore all files automatically, boot the system with Mondo ISO Image and at boot prompt type “nuke” to restore files. Here is the detailed video that demonstrates how to restore files automatically from CD/DVDmedia.

Introduction

In most instances, the Linux servers I setup are used to host the Oracle database software and only require using the Command-Line Interface (CLI) for the OS. This is beneficial because I only need to perform a minimal installation and can add only those required Linux packages (RPMs) needed to support the database. However, there are situations where I need to access a graphical desktop in order to install or run certain Graphical User Interface (GUI) applications.

This guide provides the steps needed to add the GNOME Desktop to a CentOS minimal installation where the OS was installed without the X Window System.

CentOS 6

In this section, the GNOME desktop will be added to a new server running CentOS 6.2 (x86_64) after performing a “Minimal” install.

Install Desktop Packages

# yum -y groupinstall "Desktop" "Desktop Platform" "X Window System" "Fonts"

You can also install the following optional GUI packages.

# yum -y groupinstall "Graphical Administration Tools"

# yum -y groupinstall "Internet Browser"

# yum -y groupinstall "General Purpose Desktop"

# yum -y groupinstall "Office Suite and Productivity"

# yum -y groupinstall "Graphics Creation Tools"

Finally, if you wanted to add the K Desktop Environment (KDE).

# yum -y groupinstall kde-desktop

When using yum groupinstall, the groupinstall option only installs default and mandatory packages from the group. There are times when you also want to include optional packages within a group. I have not figured out (yet) how to control which package types to install (group package “policy”) from the command-line using yum. The only method I know of to also include optional packages is to edit the /etc/yum.conf file and add the following to the [main] section:

group_package_types=default mandatory optional

The reason I mention this is because I wanted to install “Terminal emulator for the X Window System” (xterm) which is under the group “Legacy X Window System compatibility”. xterm happens to be an optional package and did not get installed until I added group_package_types=default mandatory optional to /etc/yum.conf.

# yum -y groupinstall "Legacy X Window System compatibility"

I did find a plug-in for yum that allows users to specify which package types within a package group should be installed when using yum groupinstall.

http://projects.robinbowes.com/yum-grouppackagetypes/trac

Enable GNOME

Since the server was previously running on CLI mode, we need to change the initialization process for the machine to boot up in GUI mode.

Open /etc/inittab using a text editor and change following line:

id:3:initdefault:

To:

id:5:initdefault:

After making the change, reboot the machine.

# init 6

Note that you can switch from GUI to CLI mode manually by using following method:

GUI to CLICtrl + Alt + F6
CLI to GUICtrl + Alt + F1

Installing Additional Applications

After logging in to the GNOME Desktop, you can now go to System > Administration > Add/Remove Software to manage application in CentOS.

By using this wizard, you can install various applications similar to yum but through a GUI. Applications installed using this method will appear in the Application menu list.

Most out-of-the-box Red Hat Linux installations will have one or more of the LAMP components installed via RPM files. I personally believe in installing things like this from source, so I get the most control over what’s compiled in, what’s left out, etc. But source code installs can wreak havoc if overlaid on top of RPM installs, as the two most likely won’t share the same directories, etc.

If you have not yet installed your Linux OS, or just for future reference, do not choose to install Apache, PHP, or MySQL during the system installation. Then you can immediately proceed with the source-based install listed here.

Note: to install applications from source code, you will need a C++ compiler (gcc++) installed. This is generally taken care of, but I’ve had enough queries about it that I’ve added this note to avoid getting more! You can use your distribution’s install CDs to get the proper version of the compiler. Or, if you are using an RPM based distro, you can use a site like http://www.rpmfind.net/ to locate the correct RPM version for your system. (You will obviously not be able to use/rebuild a source RPM to get the compiler installed, as you need the compiler to build the final binary RPM!) On a Fedora system, you can do this command:

su – root
yum install gcc gcc-c++

Log in as root

Because we will be installing software to directories that “regular” users don’t have write access to, and also possibly uninstalling RPM versions of some applications, we’ll log in as root. The only steps that need root access are the actual installation steps, but by doing the configure and make steps as root, the source code will also be inaccessible to “regular” users.

If you do not have direct access (via keyboard) to the server, PLEASE use Secure Shell (SSH) to access the server and not telnet!! Whenever you use telnet (or plain FTP for that matter), you are transmitting your username, password, and all session information in “plain text”. This means that anyone who can access a machine someplace between your PC and your server can snoop your session and get your info. Use encryption wherever possible!

su – root

Remove RPM Versions of the Applications

Before we start with our source code install, we need to remove all the existing RPM files for these products. To find out what RPMs are already installed, use the RPM query command:

rpm -qa

in conjunction with grep to filter your results:

rpm -qa | grep -i apache
rpm -qa | grep -i httpd
rpm -qa | grep -i php
rpm -qa | grep -i mysql

The ‘httpd’ search is in case you have Apache2 installed via RPM.

To remove the RPMs generated by these commands, do

rpm -e filename

for each RPM you found in the query. If you have any content in your MySQL database already, the RPM removal step should not delete the database files. When you reinstall MySQL, you should be able to move all those files to your new MySQL data directory and have access to them all again.

Get the Source Code for all Applications

We want to put all our source code someplace central, so it’s not getting mixed up in someone’s home directory, etc.

cd /usr/local/src

One way application source code is distributed is in what are known as “tarballs.” The tar command is usually associated with making tape backups – tar stands for Tape ARchive. It’s also a handy way to pack up multiple files for easy distribution. Use the man tar command to learn more about how to use this very flexible tool.

At the time of updating this, the current versions of all the components we’ll use are:

MySQL – 4.1.22
Apache – 1.3.37
PHP – 4.4.6

Please note: these are the only versions of these that I have set up myself, and verified these steps against. If you use another version of any component, especially a newer version, this HOWTO may not be accurate, and I won’t be able to provide free support under those circumstances. Paid support and assistance is always available however.

wget http://www.php.net/distributions/php-4.4.6.tar.gz
wget http://apache.oregonstate.edu/httpd/apache_1.3.37.tar.gz

There may be an Apache mirror closer to you – check their mirror page for other sources. Then insert the URL you get in place of the above for the wget command.

For MySQL, go to http://www.mysql.com/ and choose an appropriate mirror to get the newest MySQL version (v4.1.22).

Unpack the Source Code

tar zxf php-4.4.6.tar.gz
tar zxf apache_1.3.37.tar.gz
tar zxf mysql-4.1.22.tar.gz

This should leave you with the following directories:

/usr/local/src/php-4.4.6
/usr/local/src/apache_1.3.37
/usr/local/src/mysql-4.1.22

Build and Install MySQL

First, we create the group and user that “owns” MySQL. For security purposes, we don’t want MySQL running as root on the system. To be able to easily identify MySQL processes in top or a ps list, we’ll make a user and group named mysql:

groupadd mysql
useradd -g mysql -c “MySQL Server” mysql

If you get any messages about the group or user already existing, that’s fine. The goal is just to make sure we have them on the system.

What the useradd command is doing is creating a user mysql in the group mysql with the “name” of MySQL Server. This way when it’s showed in various user and process watching apps, you’ll be able to tell what it is right away.

Now we’ll change to the “working” directory where the source code is, change the file ‘ownership’ for the source tree (this prevents build issues in reported in some cases where the packager’s username was included on the source and you aren’t using the exact same name to compile with!) and start building.

The configure command has many options you can specify. I have listed some fairly common ones; if you’d like to see others, do:

./configure –help | less

to see them all. Read the documentation on the MySQL website for a more detailed explanation of each option.

cd /usr/local/src/mysql-4.1.22

chown -R root.root *

make clean

./configure \
–prefix=/usr/local/mysql \
–localstatedir=/usr/local/mysql/data \
–disable-maintainer-mode \
–with-mysqld-user=mysql \
–with-unix-socket-path=/tmp/mysql.sock \
–without-comment \
–without-debug \
–without-bench

18-Jul-2005: If you are installing MySQL 4.0.x on Fedora Core 4, there is a problem with LinuxThreads that prevents MySQL from compiling properly. Installing on Fedora Core 3 works fine though. Thanks to Kevin Spencer for bringing this to my attention. There is a workaround listed at http://bugs.mysql.com/bug.php?id=9497. Thanks to Collin Campbell for that link. Another solution can be found at http://bugs.mysql.com/bug.php?id=2173. Thanks to Kaloyan Raev for that one.

Now comes the long part, where the source code is actually compiled and then installed. Plan to get some coffee or take a break while this step runs. It could be 10-15 minutes or more, depending on your system’s free memory, load average, etc.

make && make install

Configure MySQL

MySQL is “installed” but we have a few more steps until it’s actually “done” and ready to start. First run the script which actually sets up MySQL’s internal database (named, oddly enough, mysql).

./scripts/mysql_install_db

Then we want to set the proper ownership for the MySQL directories and data files, so that only MySQL (and root) can do anything with them.

chown -R root:mysql /usr/local/mysql
chown -R mysql:mysql /usr/local/mysql/data

Copy the default configuration file for the expected size of the database (small, medium, large, huge)

cp support-files/my-medium.cnf /etc/my.cnf
chown root:sys /etc/my.cnf
chmod 644 /etc/my.cnf

If you get an error message about the data directory not existing, etc., something went wrong in the mysql_install_db step above. Go back and review that; make sure you didn’t get some sort of error message when you ran it, etc.

Now we have to tell the system where to find some of the dynamic libraries that MySQL will need to run. We use dynamic libraries instead of static to keep the memory usage of the MySQL program itself to a minimum.

echo “/usr/local/mysql/lib/mysql” >> /etc/ld.so.conf
ldconfig

Now create a startup script, which enables MySQL auto-start each time your server is restarted.

cp ./support-files/mysql.server /etc/rc.d/init.d/mysql
chmod +x /etc/rc.d/init.d/mysql
/sbin/chkconfig –level 3 mysql on

Then set up symlinks for all the MySQL binaries, so they can be run from anyplace without having to include/specify long paths, etc.

cd /usr/local/mysql/bin
for file in *; do ln -s /usr/local/mysql/bin/$file /usr/bin/$file; done

MySQL Security Issues

First, we will assume that only applications on the same server will be allowed to access the database (i.e., not a program running on a physically separate server). So we’ll tell MySQL not to even listen on port 3306 for TCP connections like it does by default.

Edit /etc/my.cnf and uncomment the

skip-networking

line (delete the leading #).

For more security info, check out this MySQL security tutorial.

Start MySQL

First, test the linked copy of the startup script in the normal server runlevel start directory, to make sure the symlink was properly set up:

cd ~
/etc/rc.d/rc3.d/S90mysql start

If you ever want to manually start or stop the MySQL server, use these commands:

/etc/rc.d/init.d/mysql start
/etc/rc.d/init.d/mysql stop

Let’s “test” the install to see what version of MySQL we’re running now:

mysqladmin version

It should answer back with the version we’ve just installed…

Now we’ll set a password for the MySQL root user (note that the MySQL root user is not the same as the system root user, and definitely should not have the same password as the system root user!).

mysqladmin -u root password new-password

(obviously, insert your own password in the above command instead of the “new-password” string!)

You’re done! MySQL is now installed and running on your server. It is highly recommended that you read about MySQL security and lock down your server as much as possible. The MySQL site has info at http://www.mysql.com/doc/en/Privilege_system.html.

Test MySQL

To run a quick test, use the command line program mysql:

mysql -u root -p

and enter your new root user password when prompted. You will then see the MySQL prompt:

mysql>

First, while we’re in here, we’ll take care of another security issue and delete the sample database test and all default accounts except for the MySQL root user. Enter each of these lines at the mysql> prompt:

drop database test;
use mysql;
delete from db;
delete from user where not (host=”localhost” and user=”root”);
flush privileges;

As another security measure, I like to change the MySQL administrator account name from root to something harder to guess. This will make it that much harder for someone who gains shell access to your server to take control of MySQL.

MAKE SURE YOU REMEMBER THIS NEW NAME, AND USE IT WHEREVER
YOU SEE “root” IN OTHER DIRECTIONS, WEBSITES, ETC.

ONCE YOU DO THIS STEP, THE USERNAME “root” WILL CEASE TO
EXIST IN YOUR MYSQL CONFIGURATION!

update user set user=”sqladmin” where user=”root”;
flush privileges;

Now, on with the “standard” testing… First, create a new database:

create database foo;

You should see the result:

Query OK, 1 row affected (0.04 sec)

mysql>

Delete the database:

drop database foo;

You should see the result:

Query OK, 0 rows affected (0.06 sec)

mysql>

To exit from mysql enter \q:

\q

Build and Install Apache (with DSO support)

The advantage to building Apache with support for dynamically loaded modules is that in the future, you can add functionality to your webserver by just compiling and installing modules, and restarting the webserver. If the features were compiled into Apache, you would need to rebuild Apache from scratch every time you wanted to add or update a module (like PHP). Your Apache binary is also smaller, which means more efficient memory usage.

The downside to dynamic modules is a slight performance hit compared to having the modules compiled in.

cd /usr/local/src/apache_1.3.37

make clean

./configure \
–prefix=/usr/local/apache \
–enable-shared=max \
–enable-module=rewrite \
–enable-module=so

make && make install

Build and Install PHP

This section has only been tested with PHP v4.x. If you are trying to build PHP 5.x, I do not have experience with this yet, and do not provide free support for you to get it working. Please note that there are many options which can be selected when compiling PHP. Some will have library dependencies, meaning certain software may need to be already installed on your server before you start building PHP. You can use the command

./configure –help | less

once you change into the PHP source directory. This will show you a list of all possible configuration switches. For more information on what these switches are, please check the PHP website documentation.

cd /usr/local/src/php-4.4.6

./configure \
–with-apxs=/usr/local/apache/bin/apxs \
–disable-debug \
–enable-ftp \
–enable-inline-optimization \
–enable-magic-quotes \
–enable-mbstring \
–enable-mm=shared \
–enable-safe-mode \
–enable-track-vars \
–enable-trans-sid \
–enable-wddx=shared \
–enable-xml \
–with-dom \
–with-gd \
–with-gettext \
–with-mysql=/usr/local/mysql \
–with-regex=system \
–with-xml \
–with-zlib-dir=/usr/lib

make && make install

cp php.ini-dist /usr/local/lib/php.ini

I like to keep my config files all together in /etc. I set up a symbolic link like this:

ln -s /usr/local/lib/php.ini /etc/php.ini

Then I can just open /etc/php.ini in my editor to make changes.

Recommended reading on securing your PHP installation is this article at SecurityFocus.com.

Edit the Apache Configuration File (httpd.conf)

I like to keep all my configuration files together in /etc, so I set up a symbolic link from the actual location to /etc:

ln -s /usr/local/apache/conf/httpd.conf /etc/httpd.conf

Now open /etc/httpd.conf in your favorite text editor, and set all the basic Apache options in accordance with the official Apache instructions (beyond the scope of this HOWTO).

Also recommended is the article on securing Apache.

To ensure your PHP files are properly interpreted, and not just downloaded as text files, remove the # at the beginning of the lines which read:

#AddType application/x-httpd-php .php
#AddType application/x-httpd-php-source .phps
If the AddType lines above don’t exist, manually enter them (without the leading # of course) after the line

AddType application/x-tar .tgz

or anyplace within the <IfModule mod_mime.c> section of httpd.conf.

If you wish to use other/additional extensions/filetypes for your PHP scripts instead of just .php, add them to the AddType directive:

AddType application/x-httpd-php .php .foo
AddType application/x-httpd-php-source .phps .phtmls

An example: if you wanted every single HTML page to be parsed and processed like a PHP script, just add .htm and .html:

AddType application/x-httpd-php .php .htm .html

There will be a bit of a performance loss if every single HTML page is being checked for PHP code even if it doesn’t contain any. But if you want to use PHP but be “stealthy” about it, you can use this trick.

Add index.php to the list of valid Directory Index files so that your “default page” in a directory can be named index.php.

<IfModule mod_dir.c>
DirectoryIndex index.php index.htm index.html
</IfModule>

You can add anything else you want here too. If you want foobar.baz to be a valid directory index page, just add the .baz filetype to the AddType line, and add foobar.baz to the DirectoryIndex line.

Start Apache

We want to set Apache up with a normal start/stop script in /etc/rc.d/init.d so it can be auto-started and controlled like other system daemons. Set up a symbolic link for the apachectl utility (installed automatically as part of Apache):

ln -s /usr/local/apache/bin/apachectl /etc/rc.d/init.d/apache

Then set up auto-start for runlevel 3 (where the server will go by default):

ln -s /etc/rc.d/init.d/apache /etc/rc.d/rc3.d/S90apache

Then start the daemon:

/etc/rc.d/init.d/apache start

You can check that it’s running properly by doing:

ps -ef

and look for the httpd processes.