Environment:

Apache 1.3.29

References:

How to Disable SSL v 2 support in Apache

On Aug 10, 2009, Apache released an upgrade that addresses a DOS vulnerability.

server:

/usr/local/apache2/bin/httpd -v
# Server version: Apache/2.2.11 (Unix)
# Server built:   Jan 15 2009 13:39:20

dev server:

/usr/sbin/apache2 -v

Issues

1. caused 401 error for all http requests (worked correctly for https connections) source
2. Seem to be some issues with mac version – It’s unclear whether this is an issue with a pre-compiled mac version or a generic self-compiled (which should be identical to the linux version) source

Dev Server Tests

Ran apt-get update and apt-get upgrade on dev server

ran apt-get upgrade apache2 and message returned says that 2.2.8 is the current version. Which means my dev and my production servers are out of sync. I was surprised to learn that the last contractor from whom I took over server management had installed from source, removing Apache from package management. Not a big deal really, but it was undocumented.

In any case, there doesn’t appear to be a package release for Apache 2.2.13 yet in Ubuntu. Only one of the 4 bugfixes has a security bulletin attached, so I’ve decided to wait a few weeks to see if anything new transpires in the security bulletins. In general, I prefer to wait on updating production servers until a new release has been out long enough for bugfixes to be released.

Update everything
sudo apt-get update
sudo apt-get upgrade

install vim full so you can edit files
apt-get install vim-full

update the “locate” db
sudo updatedb

Change the root password
sudo passwd

Set up Users
useradd zope (I like useradd because there’s no reason to have a home directory. If you want your user to have a home directory then use adduser or useradd -D zope to create ~/home/zope)
passwd zope
useradd -m -c "real name" -s /bin/bash auserwithsudoers The flags create a home directory with skel profile defaults and this account is linked to the defaults for bash shell, which is important if you like syntax coloring and tab completion.
passwd auserwithsudoers
sudo visudo
Find the line that says #User Privilege specification and add
auserwithsudoers ALL=(ALL) ALL
shift ZZ to save and exit

Now log out as root and login as your new admin user and test sudo
su auserwithsudoers
sudo bash

Disable root login
su root
sudo vim /etc/ssh/sshd_config
Change “PermitRootLogin yes” to “PermitRootLogin no”

Reload the ssh config
sudo /etc/init.d/ssh reload

Ok! Now we’re ready to think about plone

1. Follow the plone install instructions here
2. install some products (see plone documentation on using buildout). Here’s what I did to install a Press Release product
   1. download the product. If there’s a choice of files, choose the one with the naming convention Products.package.tar.gz. This is a python egg.
   2. su zope
vi /usr/local/Plone/zeocluster/buildout.cfg
      add the following:

      [buildout]
      ...
      eggs =
      Products.PressRelease

      and save (ctrl + ZZ)

   3. sudo /usr/local/Plone/zeocluster/bin/buildout
   4. sudo /usr/local/Plone/zeocluster/bin/plonectl restart
   5. In each Plone site where you want to install the Product, go Site Setup>Add/Remove Products and install the Product.

Again, the environment is Ubuntu Gutsy Gibbon

Setting up a new LAMP server

File Permissions

If you’re going to access your web directory from another computer, you’ll need to change the file permissions on the web directory so you can put files. For example, my development server is a Ubuntu virtual machine but I do some development in a Windows vm and some development on my mac. In both cases, I connect with my development server over an sftp client that’s integrated into my editor environment.

sudo chown yourusername /var/www
alternatively, you might create a new user like “web” or “www”. If you’ll occasionally make your server public, you might want to create a user that does not have sudo access for an extra layer of security.¹

install Apache 2

sudo apt-get install apache2
sudo /etc/init.d/apache2 start
test apache by navigating in browser to localhost.
place an index.html page into /var/www to test that’s all set up.

I like to stop apache while installing other things, but you can always restart it so it doesn’t really matter
sudo /etc/init.d/apache2 stop (or restart)

Install php 5

sudo apt-get install php5 libapache2-mod-php5
restart apache so it registers with php
sudo /etc/init.d/apache2 restart
test that it worked by placing a phpinfo file into /var/www
create the file
vi /var/www/phpinfo.php
then type
<?php phpinfo(); >

Navigate in browser to localhost/phpinfo.php to see that it’s working

install mysql server

sudo apt-get install mysql-server
sudo apt-get install libapache2-mod-auth-mysql php5-mysql mysql-client

Before you start configuring files, you need to install the full version of vi. By default, ubuntu only comes with vim-tiny. You’ll know it’s vim-tiny when you try to edit a file with vi and the console reads out characters like ^B. So,
sudo apt-get install vim-full

Now, tell php about mysql
sudo vi /etc/php5/apache2/php.ini

It doesn’t matter where you put it, but I like to put it under the line that says “Directory in which the loadable extensions (modules) reside”.
extension=mysql.so
restart apache again.
sudo /etc/init.d/apache2 restart

Install phpmyadmin

This can be done the Ubuntu way or it can be done manually by installing phpmyadmin to /var/www like any other web application.

The Ubuntu way

the benefit to doing it this way is that phpmyadmin is installed as a managed package which means it will be updated by our lovely package manager, apt-get which saves us a little time. Since I use phpmyadmin on multiple virtual machines, this makes a cumulative difference.

sudo apt-get install phpmyadmin

tell apache where phpmyadmin actually lives (which is in /etc/phpmyadmin)
sudo vi /etc/apache2/apache2.conf
You can place the following directive anywhere, but I prefer to place it under the line:
# Include all the user configurations
add the line
Include /etc/phpmyadmin/apache.conf

If you didn’t want to edit your apache.conf, you could always use a symlink instead.

navigate to localhost/phpmyadmin to check that it’s working

Some cleanup/maintenance/utility stuff

If this is a fresh install, you probably need to run the locate database updater so you can use it.
sudo updatedb

Done with the LAMP setup! Next up … subversion and trac

Footnotes

1. for more on managing user accounts see this O’Reilly article or for an in-depth treatise that addresses best practices – check out my favorite reference book “Essential System Administration”.

Working as a web developer or web designer isn’t much different. Setting up an infrastructure and development environment is not billable time but sometimes it seems I spend an inordinate amount of effort creating an infrastructure that supports getting my work done with less distraction.

The past couple years, infrastructure has gotten easier and more cost effective using virtual machine environments combined with free Linux distributions such as Ubuntu that strive to be more user friendly. So now seemed like a good time re-evaluate how I’m doing things and how I might do things differently to both increase productivity and reduce the environmental impact of my office.

My General Infrastructure Requirements:

1. A Linux development and test server for programming projects.
2. A Windows webserver for .NET development
3. Windows workstations for IE browser testing ¹
4. A design station: Apple computers have superior system-level image rendering and have long been the standard for design stations.
5. A workhorse: this can double as ymy design station. If you need to run the many Windows-only business applications, this might be a Windows PC.
6. A server for internal applications – this should be more stable than the development/test server.
7. A router, preferably that combines wireless and print networking.
8. And last, but certainly not least, I want to become more productive while reducing environmental impact of my office … which is a whole different topic I’ll cover another time.

my starting point was

1. A year ago, my computer was desperately old but I was too busy with work to really think through what my ideal infrastructure should be. So I quickly built 2 computers from scavenged parts with the intent of using them for a year. Now that year is up
2. 1 Ubuntu machine which was my workhorse, running VMware with multiple installs of Windows and Linux for testing. I had built this a year ago reusing a cpu from a Dell
3. 1 Windows server for .NET development. I had built this machine a year ago reusing another old cpu from a Dell.
4. 1 linux server (a 5 year old Dell sc600) chugging noisily away in the closet. This was my development server
5. 1 power pc used as a design station.

Functionally, what I needed was a multi-core computer that would let me run multiple virtual machines simultaneously for testing and development. I’ve subscribed to browsercam for years to test websites which is expensive. I need to be able to test websites on Windows, Mac and Linux and in multiple versions. When Apple switched over to the Intel processor, I decided to get an Intel-based Mac as soon as VMware released a mac version. So, the end result is:

• I kept my PowerPC design station with Adobe Creative Suite, professional fonts and font manager, and various other design and multimedia tools.
• I purchased an Intel Apple and migrated from my Ubuntu workstation to the Apple. This is experimental for me and is what prompted me to write this. I have to admit that I really miss my Ubuntu desktop but I’ll give the mac a fair try. I installed VMware Fusion on my mac, and created a number of VMs:
  • A standard LAMP+RoR+Plone installation (replacing my ancient Dell sc600)
  • A Windows workhorse install for mostly business applications such as QuickBooks, Microsoft Office, etc
  • Multiple installs of Windows for website testing in different versions of Internet Explorer
  • multiple installs of Ubuntu for various client projects that require different versions and packages installed on the server.²
• Most of my internal knowledge management and productivity tools are php, java and ruby on rails web applications. I spent more time than I thought was reasonable setting up hosting on my mac (Leopard), so I ended up creating a separate Ubuntu VM which took about 15 minutes to setup. This is fine since with a quad core, I can comfortably run multiple VMs and all my internal knowledge management is browser based anyway so the vm just has to be on and have an IP address.
• Anyhoo … right before I switched over to the Intel Apple my old Linksys router went belly up. I’ve been pretty loyal to the Cisco-owned Linksys over the years despite the Windows-only admin interface. But I didn’t want to waste money on obsolete technology like G-band so I bought the wireless N Linksys router ….. and promptly returned it.
  I did more research and discovered that with the Apple Airport Extreme, I’d get not only a wireless-N router that I could administrate from my macs, but also a built-in print server which was something else I’d never been satisfied with in my infrastructure (well, dissatisfied isn’t really accurate. I was never able to get my old linksys print server to work nicely with my mac).
  So, the upshot is I got the Apple Airport Extreme and it works great – absolutely no complaints. Both macs can print, I can print from my linux and Windows VMs and, most importantly, I don’t have to think about it.

The end result? pretty good! I replaced 3 older, noisy, energy consuming computers with 1 for a grand total of 2 computers in my office. Which is nice since there are only 2 of us who work in this particular office. This should save me some maintenance time, means I’m consuming less energy and the office is quieter now. I put away my KVM switch and cleared my desk of cables. I put the router and printer in the closet³ and rarely have to power cycle the router.

VMware Fusion isn’t perfect yet – I’ll write about the trade offs in a separate post

Update

The above article was written in 2007. It’s now 2011 and I’ve replaced all computers with a Mac Book Pro and some external harddrives to host VMs. Easy!

1. you can use various hacks for running multiple versions of IE on one machine … but the risks are:
   • they may not behave the same way as an installed version
   • a Microsoft update will break them
   • they don’t work consistently across Windows 2000, XP or Vista
   • when testing javascript behavior, I need to trust any errors are the javascript, not the browser install.

2. Although in most cases multiple versions of software can be run side by side in Linux, I find that it’s less time consuming and less fraught with weird errors that must be resolved to just run a separate VM for those special cases rather than running 4 different versions of Python, for example, on the same machine…
3. laser printers release some nasty particulates when printing largish documents. So it’s a good idea to place them in another room or enclosure. See “SF Gate article” Here’s a link to the Particle Emission Characteristics of Office Printers

1. install g++
   sudo apt-get install linux-headers-`uname -r` build-essential xinetd
2. download plone unified installer or in your terminal type:
   wget https://launchpad.net/plone/3.0/3.0.4/+download/Plone-3.0.4-UnifiedInstaller.tar.gz --no-check-certificate
3. tar -xvzf Plone-3.0.4-Unifiedinstaller-Rev3.tar.gz
cd Plone-3.0.4-Unifiedinstaller
   If you need to change the install path for Plone, edit the PLONE_HOME variable in install.sh. I changed mine to /usr/local/Plone304
4. sudo ./install.sh zeo
5. cd /usr/local/Plone304/zeocluster
   and
   sudo vi adminPassword.txt
   to view admin password
6. start Plone (first time will take a few minutes):
   sudo /usr/local/Plone304/zeocluster/bin/startcluster.sh
7. navigate to localhost:8080 to check that zope is working
8. in localhost:8080/manage go to Root Folder, click on acl_users=>users=>admin and change admin password to something you’ll remember
9. from dropdown menu select Plone Site to create a new site
10. navigate to plone site: localhost:8080/ploneSiteName
11. navigate to zmi by: localhost:8080/ploneSiteName/manage