StuRa:Server/SRS20/2016: Unterschied zwischen den Versionen

Aus Wiki StuRa HTW Dresden
Zur Navigation springen Zur Suche springen
K (Matthias Jakobi verschob Seite Jail/SRS20 nach Server/Jails/SRS20: mal korregiert)
K (ArturasMiller verschob die Seite Server/SRS20/2016 nach StuRa:Server/SRS20/2016)
 
(7 dazwischenliegende Versionen von 4 Benutzern werden nicht angezeigt)
Zeile 1: Zeile 1:
* für limesurvey (aka [[Umfragen]]-Server)
* für limesurvey (aka [[Umfragen]]-Server)


== Ports ==
== [[Server/Jails/SRS20/Ports |Ports]] ==


=== installierte Ports ===
{{:Server/Jails/SRS20/Ports}}


=== konfigurierte Ports ===
== zusätzliche Konfigurationsdateien ==


==== Apache22 ====
=== Jail ===


<code>
==== /etc/rc.conf ====
[X] THREADS              Enable threads support in APR
[X] MYSQL                Enable MySQL support for apr-dbd
[ ] PGSQL                Enable PostgreSQL support for apr-dbd
[ ] SQLITE                Enable SQLite support for apr-dbd
[X] IPV6                  Enable IPv6 support
[ ] BDB                  Enable BerkeleyDB dbm
[X] AUTH_BASIC            Enable mod_auth_basic
[X] AUTH_DIGEST          Enable mod_auth_digest
[X] AUTHN_FILE            Enable mod_authn_file
[ ] AUTHN_DBD            Enable mod_authn_dbd
[X] AUTHN_DBM            Enable mod_authn_dbm
[X] AUTHN_ANON            Enable mod_authn_anon
[X] AUTHN_DEFAULT        Enable mod_authn_default
[X] AUTHN_ALIAS          Enable mod_authn_alias
[X] AUTHZ_HOST            Enable mod_authz_host
[X] AUTHZ_GROUPFILE      Enable mod_authz_groupfile
[X] AUTHZ_USER            Enable mod_authz_user
[X] AUTHZ_DBM            Enable mod_authz_dbm
[X] AUTHZ_OWNER          Enable mod_authz_owner
[X] AUTHZ_DEFAULT        Enable mod_authz_default
[X] CACHE                Enable mod_cache
[X] DISK_CACHE            Enable mod_disk_cache
[X] FILE_CACHE            Enable mod_file_cache
[ ] MEM_CACHE            Enable mod_mem_cache
[X] DAV                  Enable mod_dav
[X] DAV_FS                Enable mod_dav_fs
[ ] BUCKETEER            Enable mod_bucketeer
[ ] CASE_FILTER          Enable mod_case_filter
[ ] CASE_FILTER_IN        Enable mod_case_filter_in
[ ] EXT_FILTER            Enable mod_ext_filter
[ ] LOG_FORENSIC          Enable mod_log_forensic
[ ] OPTIONAL_HOOK_EXPORT  Enable mod_optional_hook_export
[ ] OPTIONAL_HOOK_IMPORT  Enable mod_optional_hook_import
[ ] OPTIONAL_FN_IMPORT    Enable mod_optional_fn_import
[ ] OPTIONAL_FN_EXPORT    Enable mod_optional_fn_export
[ ] LDAP                  Enable mod_ldap
[ ] AUTHNZ_LDAP          Enable mod_authnz_ldap
[X] ACTIONS              Enable mod_actions
[X] ALIAS                Enable mod_alias
[X] ASIS                  Enable mod_asis
[X] AUTOINDEX            Enable mod_autoindex
[X] CERN_META            Enable mod_cern_meta
[X] CGI                  Enable mod_cgi
[X] CHARSET_LITE          Enable mod_charset_lite
[ ] DBD                  Enable mod_dbd
[X] DEFLATE              Enable mod_deflate
[X] DIR                  Enable mod_dir
[X] DUMPIO                Enable mod_dumpio
[X] ENV                  Enable mod_env
[X] EXPIRES              Enable mod_expires
[X] HEADERS              Enable mod_headers
[X] IMAGEMAP              Enable mod_imagemap
[X] INCLUDE              Enable mod_include
[X] INFO                  Enable mod_info
[X] LOG_CONFIG            Enable mod_log_config
[X] LOGIO                Enable mod_logio
[X] MIME                  Enable mod_mime
[X] MIME_MAGIC            Enable mod_mime_magic
[X] NEGOTIATION          Enable mod_negotiation
[X] REWRITE              Enable mod_rewrite
[X] SETENVIF              Enable mod_setenvif
[X] SPELING              Enable mod_speling
[X] STATUS                Enable mod_status
[X] UNIQUE_ID            Enable mod_unique_id
[X] USERDIR              Enable mod_userdir
[X] USERTRACK            Enable mod_usertrack
[X] VHOST_ALIAS          Enable mod_vhost_alias
[X] FILTER                Enable mod_filte
[ ] SUBSTITUTE            Enable mod_substitute
[X] VERSION              Enable mod_version
[ ] PROXY                Enable mod_proxy
[ ] PROXY_CONNECT        Enable mod_proxy_connect
[X] PATCH_PROXY_CONNECT  Patch proxy_connect SSL support
[ ] PROXY_FTP            Enable mod_proxy_ftp
[ ] PROXY_HTTP            Enable mod_proxy_http
[ ] PROXY_AJP            Enable mod_proxy_ajp
[ ] PROXY_BALANCER        Enable mod_proxy_balancer
[ ] PROXY_SCGI            Enable mod_proxy_scgi
[X] SSL                  Enable mod_ssl
[ ] SUEXEC                Enable mod_suexec
[ ] SUEXEC_RSRCLIMIT      SuEXEC rlimits based on login class
[X] REQTIMEOUT            Enable mod_reqtimeout
[ ] CGID                  Enable mod_cgid
 
==== apr-ipv6-devrandom-gdbm-db42 ====


  <code>
  <code>
  [X] THREADS    Enable Threads in apr
  apache22_enable="YES"
[X] IPV6      Enable IPV6 Support in apr
  mysql_enable="YES"
[X] BDB        Enable Berkley BDB support in apr-util
[X] GDBM      Enable GNU dbm support in apr-util
[ ] LDAP      Enable LDAP support in apr-util
[X] MYSQL      Enable MySQL suport in apr-util
[ ] NDBM      Enable NDBM support in apr-util
[ ] PGSQL      Enable Postgresql suport in apr-util
[ ] SQLITE    Enable SQLite3 support in apr-util
[X] DEVRANDOM  Use /dev/random or compatible in apr
</code>
 
==== gdbm ====
 
<code>
[ ] COMPAT  dbm/ndbm compatibility
  </code>
 
==== libxslt ====
 
<code>
[ ] MEM_DEBUG  Enable memory debugging
[X] CRYPTO    Enable crypto support for exslt
</code>
 
==== mysql55-client ====
 
<code>
[X] OPENSSL  Enable SSL support
[ ] FASTMTX  Replace mutexes with spinlocks
</code>
 
==== mysql55-server ====
 
<code>
[X] OPENSSL  Enable SSL support
[ ] FASTMTX  Replace mutexes with spinlocks
</code>
 
==== openldap24-client ====
 
<code>
[ ] SASL  With (Cyrus) SASL2 support
[ ] FETCH  Enable fetch(3) support
</code>
 
==== php5 ====
 
<code>
[X] CLI        Build CLI version
[X] CGI        Build CGI version
[ ] FPM        Build FPM version (experimental)
[X] APACHE    Build Apache module
[ ] AP2FILTER  Use Apache 2.x filter interface (experimental)
[ ] DEBUG      Enable debug
[X] SUHOSIN    Enable Suhosin protection system
[ ] MULTIBYTE  Enable zend multibyte support
[X] IPV6      Enable ipv6 support
[ ] MAILHEAD  Enable mail header patch
[ ] LINKTHR    Link thread lib (for threaded extensions)
</code>
 
==== php5-gd ====
 
<code>
[X] T1LIB    Include T1lib support
[X] TRUETYPE  Enable TrueType string function
[ ] JIS      Enable JIS-mapped Japanese font support
</code>
 
==== php5-mbstring ====
 
<code>
[X] REGEX  Enable multibyte regex support
  </code>
  </code>
==== php5-mysql ====
<code>
[ ] MYSQLND  Use MySQL Native Driver
</code>
==== png ====
<code>
[ ] APNG  Animated PNG support
</code>
==== python27 ====
<code>
[X] THREADS          Enable thread support
[ ] HUGE_STACK_SIZE  Use a larger thread stack
[ ] SEM              Use POSIX semaphores (experimental)
[ ] PTH              Use GNU Pth for threading/multiprocessing
[X] UCS4            Use UCS4 for unicode support
[X] PYMALLOC        Use python's internal malloc
[X] IPV6            Enable IPv6 support
[ ] FPECTL          Enable floating point exception handling
</code>
== ohne config ==
* www/limesurvey


== Konfiguration der Programme ==
== Konfiguration der Programme ==
Zeile 206: Zeile 20:
=== Apache22 ===
=== Apache22 ===


*httpd.conf
==== httpd.conf ====


<code>
LoadModule php5_module        libexec/apache22/libphp5.so
  <IfModule php5_module>
  <IfModule php5_module>
   DirectoryIndex index.php index.html
   DirectoryIndex index.php index.html
Zeile 220: Zeile 38:
  ServerTokens ProductOnly
  ServerTokens ProductOnly
  ServerSignature Off
  ServerSignature Off
</code>


*/extra/httpd-ssl.conf
==== /extra/httpd-ssl.conf ====


<code>
  Listen <IP>:443
  Listen <IP>:443
  ...
  ...
Zeile 244: Zeile 64:
  nokeepalive ssl-unclean-shutdown \
  nokeepalive ssl-unclean-shutdown \
  downgrade-1.0 force-response-1.0
  downgrade-1.0 force-response-1.0
</code>


*/extra/httpd-vhost.conf
==== /extra/httpd-vhost.conf ====


  <code>
  <code>
Zeile 262: Zeile 83:
  </code>
  </code>


*data/
* data/
**impressum.html erstellt
** impressum.html erstellt
**images/
** images/
***image00.jpg
*** image00.jpg
***image01.png
*** image01.png
 
==== manuelles Starten vom Apache22 ist nötig ====
 
Während des Startens von Apache wird das Passwort für das Zertifikat (SSL) angefragt. Es ist manuell einzugeben. Daher kann Apache nie von allein (trotz Eintrag für das Starten von Diensten) ordentlich starten.
 
: <code>service apache22 onestart</code>
<pre>
Performing sanity check on apache22 configuration:
</pre>
<pre>
Syntax OK
Starting apache22.
</pre>
<pre>
Apache/2.2.26 mod_ssl/2.2.26 (Pass Phrase Dialog)
Some of your private key files are encrypted for security reasons.
In order to read them you have to provide the pass phrases.
 
Server umfragen.stura.htw-dresden.de:443 (RSA)
</pre>
<pre>
Enter pass phrase:
</pre>
<pre>
OK: Pass Phrase Dialog successful.
</pre>
 
'''Änderung ab 10.07.2015''' - Der Passphrasenzwang wurde aus dem Zertifikateskey entfernt!


=== Limesurvey ===
=== Limesurvey ===


*config.php
==== config.php ====


<code>
  $databasepass      =  '<mysqlpassword>';
  $databasepass      =  '<mysqlpassword>';
  ...
  ...
Zeile 280: Zeile 130:
  $siteadminbounce = 'umfragen@stura.htw-dresden.de';
  $siteadminbounce = 'umfragen@stura.htw-dresden.de';
  $siteadminname = 'StuRa HTW Dresden';
  $siteadminname = 'StuRa HTW Dresden';
</code>


==== SQL Import ====
==== SQL Import ====


*limesurvey/admin/cmdline_importsurvey.php
; limesurvey/admin/cmdline_importsurvey.php


  <code>
  <code>
Zeile 291: Zeile 142:
=== Mysql-server ===
=== Mysql-server ===


starten
; starten


  <code>
  <code>
Zeile 297: Zeile 148:
  </code>
  </code>


Password setzen
; Password setzen


  <code>
  <code>
  mysqladmin -u <benutzer> password <password>
  mysqladmin -u <benutzer> password <password>
  </code>
  </code>
== Konfiguration des System ==
=== rc.conf ===
apache22_enable="YES"
mysql_enable="YES"


== Siehe auch ==
== Siehe auch ==

Aktuelle Version vom 23. Februar 2020, 18:18 Uhr

Ports[Bearbeiten]

installierte Ports[Bearbeiten]

  • atk
  • autoconf
  • autoconf-wrapper
  • automake
  • automake-wrapper
  • bdftopcf
  • bigreqsproto
  • bison
  • bitstream-vera
  • ca_root_nss
  • cairo
  • cmake
  • cmake-modules
  • compositeproto
  • curl
  • cvsps
  • damageproto
  • db41
  • dejavu
  • dialog4ports
  • emacs-nox11
  • encodings
  • expat
  • fixesproto
  • font-bh-ttf
  • font-misc-ethiopic
  • font-misc-meltho
  • font-util
  • fontconfig
  • fontsproto
  • freetype2
  • gamin
  • gdbm
  • gdk-pixbuf2
  • gettext
  • gio-fam-backend
  • git
  • glib
  • gmake
  • gnomehier
  • gobject-introspection
  • help2man
  • inputproto
  • jasper
  • jbigkit
  • jpeg
  • kbproto
  • libICE
  • libSM
  • libX11
  • libXau
  • libXcomposite
  • libXcursor
  • libXdamage
  • libXdmcp
  • libXext
  • libXfixes
  • libXfont
  • libXi
  • libXinerama
  • libXrandr
  • libXrender
  • libXt
  • libcheck
  • libevent
  • libevent2
  • libexecinfo
  • libffi
  • libfontenc
  • libgcrypt
  • libgpg-error
  • libiconv
  • libidn
  • libpthread-stubs
  • libsigsegv
  • libtool
  • libxcb
  • libxml2
  • libxslt
  • libyaml
  • lynx
  • m4
  • mkfontdir
  • mkfontscale
  • nano
  • p5-Error
  • p5-ExtUtils-Constant
  • p5-IO-Socket-IP
  • p5-IO-Socket-SSL
  • p5-Locale-gettext
  • p5-Net-SMTP-SSL
  • p5-Net-SSLeay
  • p5-Socket
  • pango
  • pcre
  • perl-threaded
  • pixman
  • pkgconf
  • png
  • portaudit
  • portupgrade
  • py27-wikitools
  • python27
  • python33
  • randrproto
  • renderproto
  • ruby
  • ruby18-bdb
  • ruby19-bdb
  • ruby19-date2
  • tiff
  • tmux
  • unzip
  • vim-lite
  • wget
  • xcb-proto
  • xcb-util
  • xcb-util-renderutil
  • xcmiscproto
  • xextproto
  • xf86bigfontproto
  • xineramaproto
  • xorg-fonts-truetype
  • xorg-macros
  • xproto
  • xtrans
  • zsh

konfigurierte Ports[Bearbeiten]

freetype2[Bearbeiten]

OPTIONS_FILE_UNSET+=CFF_HINTING_ADOBE
OPTIONS_FILE_UNSET+=LCD_FILTERING

jasper[Bearbeiten]

OPTIONS_FILE_UNSET+=OPENGL
OPTIONS_FILE_UNSET+=UUID

libcheck[Bearbeiten]

OPTIONS_FILE_SET+=DOCS
OPTIONS_FILE_SET+=EXAMPLES

libffi[Bearbeiten]

OPTIONS_FILE_UNSET+=TESTS

libxml2[Bearbeiten]

OPTIONS_FILE_UNSET+=MEM_DEBUG
OPTIONS_FILE_SET+=SCHEMA
OPTIONS_FILE_SET+=THREADS
OPTIONS_FILE_UNSET+=THREAD_ALLOC
OPTIONS_FILE_UNSET+=XMLLINT_HIST

libxslt[Bearbeiten]

OPTIONS_FILE_SET+=CRYPTO
OPTIONS_FILE_UNSET+=MEM_DEBUG

png[Bearbeiten]

OPTIONS_FILE_UNSET+=APNG

python27[Bearbeiten]

OPTIONS_FILE_SET+=EXAMPLES
OPTIONS_FILE_UNSET+=FPECTL
OPTIONS_FILE_SET+=IPV6
OPTIONS_FILE_SET+=NLS
OPTIONS_FILE_UNSET+=PTH
OPTIONS_FILE_SET+=PYMALLOC
OPTIONS_FILE_UNSET+=SEM
OPTIONS_FILE_SET+=THREADS
OPTIONS_FILE_UNSET+=UCS2
OPTIONS_FILE_SET+=UCS4

ruby18-bdb[Bearbeiten]

OPTIONS_FILE_SET+=DOCS
OPTIONS_FILE_UNSET+=EXAMPLES

zusätzliche Konfigurationsdateien[Bearbeiten]

Jail[Bearbeiten]

/etc/rc.conf[Bearbeiten]


apache22_enable="YES"
mysql_enable="YES"

Konfiguration der Programme[Bearbeiten]

Apache22[Bearbeiten]

httpd.conf[Bearbeiten]


…
LoadModule php5_module        libexec/apache22/libphp5.so

<IfModule php5_module>
 DirectoryIndex index.php index.html
 AddType application/x-httpd-php .php
 AddType application/x-httpd-php-source .phps
</IfModule>
...
ServerName <domain>:80
...
Include etc/apache22/extra/httpd-ssl.conf
...
ServerTokens ProductOnly
ServerSignature Off

/extra/httpd-ssl.conf[Bearbeiten]


Listen <IP>:443
...
<VirtualHost <IP>:443>
...
Serveradmin <mailadresse>
...
Servername <domain>
...
SSLEngine on
...
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
...
SSLCertificateFile  "/usr/local/www/apache22/data/ssl/certs/cert.pem"
...
SSLCertificateKeyFile "/usr/local/www/apache22/data/ssl/key/key.pem"
...
SSLCACertificateFile  "/usr/local/www/apache22/data/ssl/certs/cazertifikate.pem"
...
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0

/extra/httpd-vhost.conf[Bearbeiten]


NameVirtualHost <IP>:80
...
<VirtualHost 1<IP>:80>
   ServerAdmin webmaster@<domain>
   DocumentRoot "/usr/local/www/limesurvey/"
   ServerName <domain>
   RewriteEngine On
   RewriteCond %{REQUEST_METHOD} ^TRACE
    RewriteRule .* - [F]
   RewriteCond %{SERVER_PORT} !443
    RewriteRule (.*) https://<domain> [R]
</VirtualHost>

  • data/
    • impressum.html erstellt
    • images/
      • image00.jpg
      • image01.png

manuelles Starten vom Apache22 ist nötig[Bearbeiten]

Während des Startens von Apache wird das Passwort für das Zertifikat (SSL) angefragt. Es ist manuell einzugeben. Daher kann Apache nie von allein (trotz Eintrag für das Starten von Diensten) ordentlich starten.

service apache22 onestart
Performing sanity check on apache22 configuration:
Syntax OK
Starting apache22.
Apache/2.2.26 mod_ssl/2.2.26 (Pass Phrase Dialog)
Some of your private key files are encrypted for security reasons.
In order to read them you have to provide the pass phrases.

Server umfragen.stura.htw-dresden.de:443 (RSA)
Enter pass phrase:
OK: Pass Phrase Dialog successful.

Änderung ab 10.07.2015 - Der Passphrasenzwang wurde aus dem Zertifikateskey entfernt!

Limesurvey[Bearbeiten]

config.php[Bearbeiten]


$databasepass       =   '<mysqlpassword>';
...
$defaultuser        =   '<adminusername>';
$defaultpass        =   '<password>'; 
... 
$siteadminemail = 'umfragen@stura.htw-dresden.de';
$siteadminbounce = 'umfragen@stura.htw-dresden.de';
$siteadminname = 'StuRa HTW Dresden';

SQL Import[Bearbeiten]

limesurvey/admin/cmdline_importsurvey.php

php cmdline_importsurvey <File to import> [<user> <password>]

Mysql-server[Bearbeiten]

starten

/usr/local/etc/rc.d/mysql-server onestart

Password setzen

mysqladmin -u <benutzer> password <password>

Siehe auch[Bearbeiten]

Media:Beispiel.mp3