lighttpd is an open-source web server more optimized for speed-critical environments than common products while remaining standards-compliant, secure and flexible. This tutorial shows how you can install Lighttpd on a CentOS 6 server with PHP (PHP-FPM).

First, update CentOS to latest version, login root and type the following command

# yum update -y

Install some packages need for the following steps

# yum install wget make cpp gcc gcc-c++ -y

Make a folder where you will store lighttpd and php sources

# mkdir -p /opt/source

Installing Lighttpd

You need to download the latest lighttpd source from http://www.lighttpd.net/download into the /opt/source. Type the following command

# cd /opt/source
# wget http://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-1.4.30.tar.gz

Extract lighttpd-1.4.30.tar.gz package

# tar zxvf lighttpd-1.4.30.tar.gz
# cd lighttpd-1.4.30

To build lighttpd, type the following command

# ./configure --prefix=/webserver/lighttpd --disable-ipv6
# make
# make install

During ./configure, you might get some errors like the following

...
configure: error: pcre-config not found, install the pcre-devel package or build with --without-pcre
...

To solve the problem, type the following command

# yum install pcre pcre-devel

...
configure: error: zlib-headers and/or libs where not found, install them or build with --without-zlib
...

To solve the problem, type the following command

# yum install zlib zlib-devel

...
configure: error: bzip2-headers and/or libs where not found, install them or build with --without-bzip2
...

To solve the problem, type the following command

# yum install bzip2 bzip2-devel

Configuring Lighttpd

Access to folder of lighttpd, where lighttpd installed [/webserver/lighttpd] and make dirs

# cd /webserver/lighttpd
# mkdir -p etc/init.d
# mkdir -p etc/sysconfig
# mkdir -p www/htdocs
# mkdir -p var/run
# mkdir -p var/log
# mkdir -p var/lock/subsys
# mkdir -p var/cache

Add a user called “lighttpd” and chown all dir made for lighttpd user

# useradd -s /sbin/nologin -d /webserver/lighttpd/www/ lighttpd
# chown lighttpd -R etc
# chown lighttpd -R var
# chown lighttpd -R www

Return back forder /opt/source/lighttpd-1.4.30 to copy configuration files

# cd /opt/source/lighttpd-1.4.30
# cp doc/config/modules.conf /webserver/lighttpd/etc/
# cp -r doc/config/conf.d /webserver/lighttpd/etc/
# cp -r doc/config/vhosts.d/ /webserver/lighttpd/etc/

Create default lighttpd configuration file: /webserver/lighttpd/etc/lighttpd.conf (download sample lighttpd.conf file). Type the following command

# wget http://www.lifelinux.com/wp-content/uploads/2012/04/lighttpd.conf_.txt -O /webserver/lighttpd/etc/lighttpd.conf

If you want to run lighttpd by default when the system boots, create file called lighttpd in /webserver/lighttpd/etc/init.d/

# vi /webserver/lighttpd/etc/init.d/lighttpd

Append following line

#!/bin/sh
#
# lighttpd     Startup script for the lighttpd server
#
# chkconfig: - 85 15
# description: Lightning fast webserver with light system requirements
#
# processname: lighttpd
# config: /webserver/lighttpd/etc/lighttpd.conf
# config: /webserver/lighttpd/etc/sysconfig/lighttpd
# pidfile: /webserver/lighttpd/var/run/lighttpd.pid
#
# Note: pidfile is assumed to be created
# by lighttpd (config: server.pid-file).
# If not, uncomment 'pidof' line.

# Source function library
. /etc/rc.d/init.d/functions

if [ -f /webserver/lighttpd/etc/sysconfig/lighttpd ]; then
	. /webserver/lighttpd/etc/sysconfig/lighttpd
fi

if [ -z "$LIGHTTPD_CONF_PATH" ]; then
	LIGHTTPD_CONF_PATH="/webserver/lighttpd/etc/lighttpd.conf"
fi

prog="lighttpd"
lighttpd="/webserver/lighttpd/sbin/lighttpd"
RETVAL=0

start() {
	echo -n $"Starting $prog: "
	daemon $lighttpd -f $LIGHTTPD_CONF_PATH
	RETVAL=$?
	echo
	[ $RETVAL -eq 0 ] && touch /webserver/lighttpd/var/lock/subsys/$prog
	return $RETVAL
}

stop() {
	echo -n $"Stopping $prog: "
	killproc $lighttpd
	RETVAL=$?
	echo
	[ $RETVAL -eq 0 ] && rm -f /webserver/lighttpd/var/lock/subsys/$prog
	return $RETVAL
}

reload() {
	echo -n $"Reloading $prog: "
	killproc $lighttpd -HUP
	RETVAL=$?
	echo
	return $RETVAL
}

case "$1" in
	start)
		start
		;;
	stop)
		stop
		;;
	restart)
		stop
		start
		;;
	condrestart)
		if [ -f /webserver/lighttpd/var/lock/subsys/$prog ]; then
			stop
			start
		fi
		;;
	reload)
		reload
		;;
	status)
		status $lighttpd
		RETVAL=$?
		;;
	*)
		echo $"Usage: $0 {start|stop|restart|condrestart|reload|status}"
		RETVAL=1
esac

exit $RETVAL

Chmod lighttpd with executed permission and create symbolic link in “/etc/init.d”. Type the following command

# chmod +x /webserver/lighttpd/etc/init.d/lighttpd
# ln -s /webserver/lighttpd/etc/init.d/lighttpd /etc/init.d/lighttpd

Create file called “lighttpd” in /webserver/lighttpd/etc/sysconfig

# vi /webserver/lighttpd/etc/sysconfig/lighttpd

Append following line

LIGHTTPD_CONF_PATH=/webserver/lighttpd/etc/lighttpd.conf

To start lighttpd for the first time, type the following command

# /etc/init.d/lighttpd start

Install PHP (PHP-FPM)

Download latest version of PHP at http://download.php.net

# cd /opt/source
# wget http://www.php.net/get/php-5.3.10.tar.gz/from/ca.php.net/mirror

To Extract its, enter

# tar zxvf php-5.3.10.tar.gz
# cd php-5.3.10

To build PHP, I’ll create bash file called build.sh

# vi build.sh

Append following line

#!/bin/sh
"./configure" \
"--prefix=/webserver/php" \
"--enable-fpm" \
"--with-libdir=lib64" \
"--with-bz2" \
"--with-config-file-path=/webserver/php/etc" \
"--with-config-file-scan-dir=/webserver/php/etc/php.d" \
"--with-curl=/usr/local/lib" \
"--with-gd" \
"--with-gettext" \
"--with-jpeg-dir=/usr/local/lib" \
"--with-freetype-dir=/usr/local/lib" \
"--with-kerberos" \
"--with-mcrypt" \
"--with-mhash" \
"--with-mysql" \
"--with-mysqli" \
"--with-pcre-regex=/usr" \
"--with-pdo-mysql=shared" \
"--with-pdo-sqlite=shared" \
"--with-pear=/usr/local/lib/php" \
"--with-png-dir=/usr/local/lib" \
"--with-pspell" \
"--with-sqlite=shared" \
"--with-tidy" \
"--with-xmlrpc" \
"--with-xsl" \
"--with-zlib" \
"--with-zlib-dir=/usr/local/lib" \
"--with-openssl" \
"--with-iconv" \
"--enable-bcmath" \
"--enable-calendar" \
"--enable-exif" \
"--enable-ftp" \
"--enable-gd-native-ttf" \
"--enable-libxml" \
"--enable-magic-quotes" \
"--enable-soap" \
"--enable-sockets" \
"--enable-mbstring" \
"--enable-zip" \
"--enable-wddx"

Type the following command to install PHP

# sh build.sh
# make
# make install

If you have problems building PHP then read the article. Next step, copy php.ini to /webserver/php/etc/, enter

# cp php.ini-production /webserver/php/etc/php.ini

Rename php-fpm.conf, enter

# cd /webserver/php/etc
# cp php-fpm.conf.default php-fpm.conf

Open php-fpm.conf, type

# vi php-fpm.conf

Append following line

[global]
pid = run/php-fpm.pid
error_log = log/php-fpm.log
[www]
listen = 127.0.0.1:9000
listen.allowed_clients = 127.0.0.1
user = nobody
group = nobody
pm = dynamic
pm.max_children = 5
pm.start_servers = 2
pm.min_spare_servers = 1
pm.max_spare_servers = 3
pm.max_requests = 500

If you want to run PHP-FPM by default when the system boots, create file called php-fpm in /etc/init.d/

# vi /etc/init.d/php-fpm

Append following line

#! /bin/sh

### BEGIN INIT INFO
# Provides:          php-fpm
# Required-Start:    $all
# Required-Stop:     $all
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
# Short-Description: starts php-fpm
# Description:       starts the PHP FastCGI Process Manager daemon
### END INIT INFO

php_fpm_BIN=/webserver/php/sbin/php-fpm
php_fpm_CONF=/webserver/php/etc/php-fpm.conf
php_fpm_PID=/webserver/php/var/run/php-fpm.pid

php_opts="--fpm-config $php_fpm_CONF"

wait_for_pid () {
	try=0

	while test $try -lt 35 ; do

		case "$1" in
			'created')
			if [ -f "$2" ] ; then
				try=''
				break
			fi
			;;

			'removed')
			if [ ! -f "$2" ] ; then
				try=''
				break
			fi
			;;
		esac

		echo -n .
		try=`expr $try + 1`
		sleep 1

	done

}

case "$1" in
	start)
		echo -n "Starting php-fpm "

		$php_fpm_BIN $php_opts

		if [ "$?" != 0 ] ; then
			echo " failed"
			exit 1
		fi

		wait_for_pid created $php_fpm_PID

		if [ -n "$try" ] ; then
			echo " failed"
			exit 1
		else
			echo " done"
		fi
	;;

	stop)
		echo -n "Gracefully shutting down php-fpm "

		if [ ! -r $php_fpm_PID ] ; then
			echo "warning, no pid file found - php-fpm is not running ?"
			exit 1
		fi

		kill -QUIT `cat $php_fpm_PID`

		wait_for_pid removed $php_fpm_PID

		if [ -n "$try" ] ; then
			echo " failed. Use force-exit"
			exit 1
		else
			echo " done"
		fi
	;;

	force-quit)
		echo -n "Terminating php-fpm "

		if [ ! -r $php_fpm_PID ] ; then
			echo "warning, no pid file found - php-fpm is not running ?"
			exit 1
		fi

		kill -TERM `cat $php_fpm_PID`

		wait_for_pid removed $php_fpm_PID

		if [ -n "$try" ] ; then
			echo " failed"
			exit 1
		else
			echo " done"
		fi
	;;

	restart)
		$0 stop
		$0 start
	;;

	reload)

		echo -n "Reload service php-fpm "

		if [ ! -r $php_fpm_PID ] ; then
			echo "warning, no pid file found - php-fpm is not running ?"
			exit 1
		fi

		kill -USR2 `cat $php_fpm_PID`

		echo " done"
	;;

	*)
		echo "Usage: $0 {start|stop|force-quit|restart|reload}"
		exit 1
	;;

esac

Chmod php-fpm with executed permission, enter

# chmod +x /etc/init.d/php-fpm

To start PHP-FPM for the first time, type the following command

# /etc/init.d/php-fpm start

Configure PHP-FPM and Lighttpd working together

Uncomment the following line in /webserver/lighttpd/etc/modules.conf

##
## FastCGI (mod_fastcgi)
##
include "conf.d/fastcgi.conf"

Open /webserver/lighttpd/etc/conf.d/fastcgi.conf, and append following line

server.modules += ( "mod_fastcgi" )
fastcgi.server = ( ".php" =>
  ( "php-tcp" =>
    (
      "host" => "127.0.0.1",
      "port" => "9000"
    )
  )
)

Save and close the file. Type the following command to restart Lighttpd

# /etc/init.d/lighttpd restart

This completes the installation steps. To test php you can create a info.php file in the document root folder

# vi /webserver/lighttpd/www/htdocs/info.php

Append following line

<?php
phpinfo();
?>

If you see the above, you have completed a successful installation of lighttpd and php.

The post How To Install Lighttpd And PHP (PHP-FPM) On CentOS 6 appeared first on lifeLinux: Linux Tips, Hacks, Tutorials, Ebooks.

How to start/stop/restart networking service under Linux operating systems after making changes to IP configuration from a shell prompt ?

Use the following commands as per your Linux distribution to start/stop/restart the networking service.

RedHat / CentOS / Fedora

To start networking service, enter

# /etc/init.d/network start

Or,

# service network start

To stop networking service, enter

# /etc/init.d/network stop

Or,

# service network stop

To restart networking service, enter

# /etc/init.d/network restart

Or,

# service network restart

Ubuntu / Debian

To start networking service, enter

# sudo /etc/init.d/networking start

Or,

# sudo service networking start

To stop networking service, enter

# sudo /etc/init.d/networking stop

Or,

# sudo service networking stop

To restart networking service, enter

# sudo /etc/init.d/networking restart

Or,

# service networking restart

The post How To Restart Networking Service In Linux appeared first on lifeLinux: Linux Tips, Hacks, Tutorials, Ebooks.

By default iptables firewall stores its configuration at /etc/sysconfig/iptables file. Type the following command to see its

# cat /etc/sysconfig/iptables

Or

# iptables -L

Temporarily delete all the firewall rules

At first, create flush.iptables script with following command

# vi flush.iptables

Add the following content

#!/bin/sh
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT

Finally, run flush.iptables script with the following command

# sh flush.iptables

After running flush.iptables script, if you restart the iptables, you’ll see all the default rules again. So, flush is only temporary.

Permanently remove all the default firewall rules

Step 1. Flush all these rules temporarily, as we discussed above.
Step 2. Saving firewall rules to /etc/sysconfig/iptables. Type the following command

# /etc/init.d/iptables save

Or

# iptables-save > /etc/sysconfig/iptables

The post How To Flush/Remove All Iptables Rules In Linux appeared first on lifeLinux: Linux Tips, Hacks, Tutorials, Ebooks.

By default, all the account password expiration in Linux are disabled. There have two method to enable and disable password expiration, one of method by editing /etc/shadow file. Another method is using chage command.

1. Edit /etc/shadow

Login as root and type the following command

# vi /etc/shadow

Sample outputs

...
lifelinux:$1$UgE5i8uC$mtNxSoPOCl5G5.9mQOQLy.:15092:0:99999:7:::
...

As with the passwd file, each field in the shadow file is also separated with “:” colon characters, and are as follows:
1. Username, up to 8 characters. Case-sensitive, usually all lowercase. A direct match to the username in the /etc/passwd file.
2. Password, 13 character encrypted. A blank entry (eg. ::) indicates a password is not required to log in (usually a bad idea), and a “*” entry (eg. :*:) indicates the account has been disabled.
3. The number of days (since January 1, 1970) since the password was last changed.
4. The number of days before password may be changed (0 indicates it may be changed at any time)
5. The number of days after which password must be changed (99999 indicates user can keep his or her password unchanged for many, many years)
6. The number of days to warn user of an expiring password (7 for a full week)
7. The number of days after password expires that account is disabled
8. The number of days since January 1, 1970 that an account has been disabled
9. A reserved field for possible future use
Syntax:

{userName}:{password}:{lastpasswdchanged}:{Minimum_days}:{Maximum_days}:{Warn}:{Inactive}:{Expire}:

2. Using chage command

Usage: chage [options] user

Options:
  -d, --lastday LAST_DAY        set last password change to LAST_DAY
  -E, --expiredate EXPIRE_DATE  set account expiration date to EXPIRE_DATE
  -h, --help                    display this help message and exit
  -I, --inactive INACTIVE       set password inactive after expiration
                                to INACTIVE
  -l, --list                    show account aging information
  -m, --mindays MIN_DAYS        set minimum number of days before password
                                change to MIN_DAYS
  -M, --maxdays MAX_DAYS        set maximim number of days before password
                                change to MAX_DAYS
  -W, --warndays WARN_DAYS      set expiration warning days to WARN_DAYS

To list current aging type chage command for particular user account, example lifelinux, enter

# chage -l lifelinux

Sample outputs

Last password change                                    : Apr 28, 2011
Password expires                                        : never
Password inactive                                       : never
Account expires                                         : never
Minimum number of days between password change          : 0
Maximum number of days between password change          : 99999
Number of days of warning before password expires       : 7

Example: Set password aging for lifelinux, force password change every 60 days (-M 60), and prevent password changes for seven days (-m 7). Login users will receiving warnings 7 days (-W 7) and account will be locked after 7 days (-I 7).

# chage -m 7 -M 60 -W 7 -I 7 lifelinux

To Disable password aging, enter

# chage -m 0 -M 99999 -I -1 lifelinux

Force user to change password at first login, enter

# chage -d 0 lifelinux

The post Setting Up Password Aging In Linux appeared first on lifeLinux: Linux Tips, Hacks, Tutorials, Ebooks.

Iptables should be installed by default on all CentOS 3.x, 4.x and 5.x installations. You can check to see if iptables is installed on your system by:

# rpm -q iptables

Sample output

iptables-1.3.5-5.3.el5_4.1

How to enable firewall

Login as root and type the following command

# /etc/init.d/iptables start
# chkconfig iptables on

If you are using IPv6, enter:

# /etc/init.d/ip6tables start
# chkconfig ip6tables on

And to see if iptables is actually running, we can check that the iptables modules are loaded, type the following command

# lsmod | grep ip_tables

Something look like:

ip_tables              29288  1 iptable_filter
x_tables               29192  6 ip6t_REJECT,ip6_tables,ipt_REJECT,xt_state,xt_tcpudp,ip_tables

How to disable firewall

Login as root and type the following command

# /etc/init.d/iptables stop
# chkconfig iptables off

If you are using IPv6, enter:

# /etc/init.d/ip6tables stop
# chkconfig ip6tables off

The post How To Enable/Disable Firewall On Centos / RedHat / Fedora appeared first on lifeLinux: Linux Tips, Hacks, Tutorials, Ebooks.

iptables is a user space application program that allows a system administrator to configure the tables provided by the Linux kernel firewall (implemented as different Netfilter modules) and the chains and rules it stores. Different kernel modules and programs are currently used for different protocols; iptables applies to IPv4, ip6tables to IPv6, arptables to ARP, and ebtables for Ethernet frames.
Iptables requires elevated privileges to operate and must be executed by user root, otherwise it fails to function. On most Linux systems, iptables is installed as /usr/sbin/iptables and documented in its man page,[2] which can be opened using man iptables when installed. It may also be found in /sbin/iptables, but since iptables is not an “essential binary”, but more like a service, the preferred location remains /usr/sbin.
iptables is also commonly used to inclusively refer to the kernel-level components. x_tables is the name of the kernel module carrying the shared code portion used by all four modules that also provides the API used for extensions; subsequently, Xtables is more or less used to refer to the entire firewall (v4,v6,arp,eb) architecture.
Source: http://en.wikipedia.org/wiki/Iptables

In most Linux distros including Redhat / CentOS Linux installs iptables by default. You can use the following procedure to verify that iptables has been installed. Open terminal and type the following command:

root@longvnit:~# iptables -V

Sample outputs:

iptables v1.3.5

You can use the following command to view the status of iptables command, enter:

root@longvnit:~#yum info iptables

Sample outputs:

Installed Packages
Name       : iptables
Arch       : i386
Version    : 1.3.5
Release    : 5.3.el5_4.1
Size       : 552 k
Repo       : installed
Summary    : Tools for managing Linux kernel packet filtering capabilities.
URL        : http://www.netfilter.org/
License    : GPL
Description: The iptables utility controls the network packet filtering code in
           : the Linux kernel. If you need to set up firewalls and/or IP
           : masquerading, you should install this package.

If the above message does not appear, then type the following command to install iptables

root@longvnit:~#yum install iptables

You can use the following command to view rules in all chains:

root@longvnit:~#iptables -L -n

Sample outputs:

Chain INPUT (policy DROP)
target     prot opt source               destination         
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

The post How to install IPTables on RedHat / Centos Linux appeared first on lifeLinux: Linux Tips, Hacks, Tutorials, Ebooks.