StuRa:Server/SRS20/2016: Unterschied zwischen den Versionen

Aus Wiki StuRa HTW Dresden
Zur Navigation springen Zur Suche springen
Keine Bearbeitungszusammenfassung
 
K (ArturasMiller verschob die Seite Server/SRS20/2016 nach StuRa:Server/SRS20/2016)
 
(36 dazwischenliegende Versionen von 6 Benutzern werden nicht angezeigt)
Zeile 1: Zeile 1:
=== Ports ===
* für limesurvey (aka [[Umfragen]]-Server)


* Apache22
== [[Server/Jails/SRS20/Ports |Ports]] ==


<code>
{{:Server/Jails/SRS20/Ports}}
[X] THREADS              Enable threads support in APR
 
[X] MYSQL                Enable MySQL support for apr-dbd
== zusätzliche Konfigurationsdateien ==
[ ] PGSQL                Enable PostgreSQL support for apr-dbd
 
[ ] SQLITE                Enable SQLite support for apr-dbd
=== Jail ===
[X] IPV6                  Enable IPv6 support
[ ] BDB                  Enable BerkeleyDB dbm
[X] AUTH_BASIC            Enable mod_auth_basic
[X] AUTH_DIGEST          Enable mod_auth_digest
[X] AUTHN_FILE            Enable mod_authn_file
[ ] AUTHN_DBD            Enable mod_authn_dbd
[X] AUTHN_DBM            Enable mod_authn_dbm
[X] AUTHN_ANON            Enable mod_authn_anon
[X] AUTHN_DEFAULT        Enable mod_authn_default
[X] AUTHN_ALIAS          Enable mod_authn_alias
[X] AUTHZ_HOST            Enable mod_authz_host
[X] AUTHZ_GROUPFILE      Enable mod_authz_groupfile
[X] AUTHZ_USER            Enable mod_authz_user
[X] AUTHZ_DBM            Enable mod_authz_dbm
[X] AUTHZ_OWNER          Enable mod_authz_owner
[X] AUTHZ_DEFAULT        Enable mod_authz_default
[X] CACHE                Enable mod_cache
[X] DISK_CACHE            Enable mod_disk_cache
[X] FILE_CACHE            Enable mod_file_cache
[ ] MEM_CACHE            Enable mod_mem_cache
[X] DAV                  Enable mod_dav
[X] DAV_FS                Enable mod_dav_fs
[ ] BUCKETEER            Enable mod_bucketeer
[ ] CASE_FILTER          Enable mod_case_filter
[ ] CASE_FILTER_IN        Enable mod_case_filter_in
[ ] EXT_FILTER            Enable mod_ext_filter
[ ] LOG_FORENSIC          Enable mod_log_forensic
[ ] OPTIONAL_HOOK_EXPORT  Enable mod_optional_hook_export
[ ] OPTIONAL_HOOK_IMPORT  Enable mod_optional_hook_import
[ ] OPTIONAL_FN_IMPORT    Enable mod_optional_fn_import
[ ] OPTIONAL_FN_EXPORT    Enable mod_optional_fn_export
[ ] LDAP                  Enable mod_ldap
[ ] AUTHNZ_LDAP          Enable mod_authnz_ldap
[X] ACTIONS              Enable mod_actions
[X] ALIAS                Enable mod_alias
[X] ASIS                  Enable mod_asis
[X] AUTOINDEX            Enable mod_autoindex
[X] CERN_META            Enable mod_cern_meta
[X] CGI                  Enable mod_cgi
[X] CHARSET_LITE          Enable mod_charset_lite
[ ] DBD                  Enable mod_dbd
[X] DEFLATE              Enable mod_deflate
[X] DIR                  Enable mod_dir
[X] DUMPIO                Enable mod_dumpio
[X] ENV                  Enable mod_env
[X] EXPIRES              Enable mod_expires
[X] HEADERS              Enable mod_headers
[X] IMAGEMAP              Enable mod_imagemap
[X] INCLUDE              Enable mod_include
[X] INFO                  Enable mod_info
[X] LOG_CONFIG            Enable mod_log_config
[X] LOGIO                Enable mod_logio
[X] MIME                  Enable mod_mime
[X] MIME_MAGIC            Enable mod_mime_magic
[X] NEGOTIATION          Enable mod_negotiation
[X] REWRITE              Enable mod_rewrite
[X] SETENVIF              Enable mod_setenvif
[X] SPELING              Enable mod_speling
[X] STATUS                Enable mod_status
[X] UNIQUE_ID            Enable mod_unique_id
[X] USERDIR              Enable mod_userdir
[X] USERTRACK            Enable mod_usertrack
[X] VHOST_ALIAS          Enable mod_vhost_alias
[X] FILTER                Enable mod_filte
[ ] SUBSTITUTE            Enable mod_substitute
[X] VERSION              Enable mod_version
[ ] PROXY                Enable mod_proxy
[ ] PROXY_CONNECT        Enable mod_proxy_connect
[X] PATCH_PROXY_CONNECT  Patch proxy_connect SSL support
[ ] PROXY_FTP            Enable mod_proxy_ftp
[ ] PROXY_HTTP            Enable mod_proxy_http
[ ] PROXY_AJP            Enable mod_proxy_ajp
[ ] PROXY_BALANCER        Enable mod_proxy_balancer
[ ] PROXY_SCGI            Enable mod_proxy_scgi
[X] SSL                  Enable mod_ssl
[ ] SUEXEC                Enable mod_suexec
[ ] SUEXEC_RSRCLIMIT      SuEXEC rlimits based on login class
[X] REQTIMEOUT            Enable mod_reqtimeout
[ ] CGID                  Enable mod_cgid


*apr-ipv6-devrandom-gdbm-db42
==== /etc/rc.conf ====


  <code>
  <code>
  [X] THREADS    Enable Threads in apr
  apache22_enable="YES"
  [X] IPV6      Enable IPV6 Support in apr
  mysql_enable="YES"
[X] BDB        Enable Berkley BDB support in apr-util
[X] GDBM      Enable GNU dbm support in apr-util
[ ] LDAP      Enable LDAP support in apr-util
[X] MYSQL      Enable MySQL suport in apr-util
[ ] NDBM      Enable NDBM support in apr-util
[ ] PGSQL      Enable Postgresql suport in apr-util
[ ] SQLITE    Enable SQLite3 support in apr-util
[X] DEVRANDOM  Use /dev/random or compatible in apr
  </code>
  </code>


*gdbm
== Konfiguration der Programme ==


<code>
=== Apache22 ===
[ ] COMPAT  dbm/ndbm compatibility
</code>


*libxslt
==== httpd.conf ====


  <code>
  <code>
  [ ] MEM_DEBUG Enable memory debugging
 
  [X] CRYPTO    Enable crypto support for exslt
LoadModule php5_module        libexec/apache22/libphp5.so
<IfModule php5_module>
  DirectoryIndex index.php index.html
  AddType application/x-httpd-php .php
  AddType application/x-httpd-php-source .phps
</IfModule>
...
ServerName <domain>:80
...
Include etc/apache22/extra/httpd-ssl.conf
...
  ServerTokens ProductOnly
  ServerSignature Off
  </code>
  </code>


*mysql55-client
==== /extra/httpd-ssl.conf ====


  <code>
  <code>
  [X] OPENSSL Enable SSL support
  Listen <IP>:443
  [ ] FASTMTX Replace mutexes with spinlocks
...
<VirtualHost <IP>:443>
...
Serveradmin <mailadresse>
...
Servername <domain>
...
SSLEngine on
...
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
...
SSLCertificateFile  "/usr/local/www/apache22/data/ssl/certs/cert.pem"
  ...
  SSLCertificateKeyFile "/usr/local/www/apache22/data/ssl/key/key.pem"
...
SSLCACertificateFile  "/usr/local/www/apache22/data/ssl/certs/cazertifikate.pem"
...
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
  downgrade-1.0 force-response-1.0
  </code>
  </code>


*mysql55-server
==== /extra/httpd-vhost.conf ====


  <code>
  <code>
  [X] OPENSSL  Enable SSL support
  NameVirtualHost <IP>:80
[ ] FASTMTX Replace mutexes with spinlocks
...
<VirtualHost 1<IP>:80>
    ServerAdmin webmaster@<domain>
    DocumentRoot "/usr/local/www/limesurvey/"
    ServerName <domain>
    RewriteEngine On
    RewriteCond %{REQUEST_METHOD} ^TRACE
    RewriteRule .* - [F]
    RewriteCond %{SERVER_PORT} !443
    RewriteRule (.*) https://<domain> [R]
  </VirtualHost>
  </code>
  </code>


*openldap24-client
* data/
** impressum.html erstellt
** images/
*** image00.jpg
*** image01.png


<code>
==== manuelles Starten vom Apache22 ist nötig ====
[ ] SASL  With (Cyrus) SASL2 support
 
[ ] FETCH  Enable fetch(3) support
Während des Startens von Apache wird das Passwort für das Zertifikat (SSL) angefragt. Es ist manuell einzugeben. Daher kann Apache nie von allein (trotz Eintrag für das Starten von Diensten) ordentlich starten.
</code>


*php5
: <code>service apache22 onestart</code>
<pre>
Performing sanity check on apache22 configuration:
</pre>
<pre>
Syntax OK
Starting apache22.
</pre>
<pre>
Apache/2.2.26 mod_ssl/2.2.26 (Pass Phrase Dialog)
Some of your private key files are encrypted for security reasons.
In order to read them you have to provide the pass phrases.


<code>
Server umfragen.stura.htw-dresden.de:443 (RSA)
[X] CLI        Build CLI version
</pre>
[X] CGI        Build CGI version
<pre>
[ ] FPM        Build FPM version (experimental)
Enter pass phrase:
[X] APACHE    Build Apache module
</pre>
[ ] AP2FILTER  Use Apache 2.x filter interface (experimental)
<pre>
[ ] DEBUG      Enable debug
OK: Pass Phrase Dialog successful.
[X] SUHOSIN    Enable Suhosin protection system
</pre>
[ ] MULTIBYTE  Enable zend multibyte support
[X] IPV6      Enable ipv6 support
[ ] MAILHEAD  Enable mail header patch
[ ] LINKTHR    Link thread lib (for threaded extensions)
</code>


*php5-gd
'''Änderung ab 10.07.2015''' - Der Passphrasenzwang wurde aus dem Zertifikateskey entfernt!


<code>
=== Limesurvey ===
[X] T1LIB    Include T1lib support
[X] TRUETYPE  Enable TrueType string function
[ ] JIS      Enable JIS-mapped Japanese font support
</code>


*php5-mbstring
==== config.php ====


  <code>
  <code>
  [X] REGEX Enable multibyte regex support
  $databasepass      =  '<mysqlpassword>';
  ...
$defaultuser        =  '<adminusername>';
$defaultpass        =  '<password>';
...
$siteadminemail = 'umfragen@stura.htw-dresden.de';
$siteadminbounce = 'umfragen@stura.htw-dresden.de';
$siteadminname = 'StuRa HTW Dresden';
  </code>
  </code>


*php5-mysql
==== SQL Import ====
 
; limesurvey/admin/cmdline_importsurvey.php


  <code>
  <code>
  [ ] MYSQLND  Use MySQL Native Driver
  php cmdline_importsurvey <File to import> [<user> <password>]
  </code>
  </code>


*png
=== Mysql-server ===
 
; starten


  <code>
  <code>
  [ ] APNG  Animated PNG support
  /usr/local/etc/rc.d/mysql-server onestart
  </code>
  </code>


*python27
; Password setzen


  <code>
  <code>
  [X] THREADS          Enable thread support
  mysqladmin -u <benutzer> password <password>
[ ] HUGE_STACK_SIZE  Use a larger thread stack
[ ] SEM              Use POSIX semaphores (experimental)
[ ] PTH              Use GNU Pth for threading/multiprocessing
[X] UCS4            Use UCS4 for unicode support
[X] PYMALLOC        Use python's internal malloc
[X] IPV6            Enable IPv6 support
[ ] FPECTL          Enable floating point exception handling
  </code>
  </code>


=== ohne config ===
== Siehe auch ==


* www/limesurvey
[[Kategorie:Rechentechnik]]
[[Kategorie:Software]]
[[Kategorie:Jail]]
[[Media:Beispiel.mp3]]

Aktuelle Version vom 23. Februar 2020, 18:18 Uhr

Ports[Bearbeiten]

installierte Ports[Bearbeiten]

  • atk
  • autoconf
  • autoconf-wrapper
  • automake
  • automake-wrapper
  • bdftopcf
  • bigreqsproto
  • bison
  • bitstream-vera
  • ca_root_nss
  • cairo
  • cmake
  • cmake-modules
  • compositeproto
  • curl
  • cvsps
  • damageproto
  • db41
  • dejavu
  • dialog4ports
  • emacs-nox11
  • encodings
  • expat
  • fixesproto
  • font-bh-ttf
  • font-misc-ethiopic
  • font-misc-meltho
  • font-util
  • fontconfig
  • fontsproto
  • freetype2
  • gamin
  • gdbm
  • gdk-pixbuf2
  • gettext
  • gio-fam-backend
  • git
  • glib
  • gmake
  • gnomehier
  • gobject-introspection
  • help2man
  • inputproto
  • jasper
  • jbigkit
  • jpeg
  • kbproto
  • libICE
  • libSM
  • libX11
  • libXau
  • libXcomposite
  • libXcursor
  • libXdamage
  • libXdmcp
  • libXext
  • libXfixes
  • libXfont
  • libXi
  • libXinerama
  • libXrandr
  • libXrender
  • libXt
  • libcheck
  • libevent
  • libevent2
  • libexecinfo
  • libffi
  • libfontenc
  • libgcrypt
  • libgpg-error
  • libiconv
  • libidn
  • libpthread-stubs
  • libsigsegv
  • libtool
  • libxcb
  • libxml2
  • libxslt
  • libyaml
  • lynx
  • m4
  • mkfontdir
  • mkfontscale
  • nano
  • p5-Error
  • p5-ExtUtils-Constant
  • p5-IO-Socket-IP
  • p5-IO-Socket-SSL
  • p5-Locale-gettext
  • p5-Net-SMTP-SSL
  • p5-Net-SSLeay
  • p5-Socket
  • pango
  • pcre
  • perl-threaded
  • pixman
  • pkgconf
  • png
  • portaudit
  • portupgrade
  • py27-wikitools
  • python27
  • python33
  • randrproto
  • renderproto
  • ruby
  • ruby18-bdb
  • ruby19-bdb
  • ruby19-date2
  • tiff
  • tmux
  • unzip
  • vim-lite
  • wget
  • xcb-proto
  • xcb-util
  • xcb-util-renderutil
  • xcmiscproto
  • xextproto
  • xf86bigfontproto
  • xineramaproto
  • xorg-fonts-truetype
  • xorg-macros
  • xproto
  • xtrans
  • zsh

konfigurierte Ports[Bearbeiten]

freetype2[Bearbeiten]

OPTIONS_FILE_UNSET+=CFF_HINTING_ADOBE
OPTIONS_FILE_UNSET+=LCD_FILTERING

jasper[Bearbeiten]

OPTIONS_FILE_UNSET+=OPENGL
OPTIONS_FILE_UNSET+=UUID

libcheck[Bearbeiten]

OPTIONS_FILE_SET+=DOCS
OPTIONS_FILE_SET+=EXAMPLES

libffi[Bearbeiten]

OPTIONS_FILE_UNSET+=TESTS

libxml2[Bearbeiten]

OPTIONS_FILE_UNSET+=MEM_DEBUG
OPTIONS_FILE_SET+=SCHEMA
OPTIONS_FILE_SET+=THREADS
OPTIONS_FILE_UNSET+=THREAD_ALLOC
OPTIONS_FILE_UNSET+=XMLLINT_HIST

libxslt[Bearbeiten]

OPTIONS_FILE_SET+=CRYPTO
OPTIONS_FILE_UNSET+=MEM_DEBUG

png[Bearbeiten]

OPTIONS_FILE_UNSET+=APNG

python27[Bearbeiten]

OPTIONS_FILE_SET+=EXAMPLES
OPTIONS_FILE_UNSET+=FPECTL
OPTIONS_FILE_SET+=IPV6
OPTIONS_FILE_SET+=NLS
OPTIONS_FILE_UNSET+=PTH
OPTIONS_FILE_SET+=PYMALLOC
OPTIONS_FILE_UNSET+=SEM
OPTIONS_FILE_SET+=THREADS
OPTIONS_FILE_UNSET+=UCS2
OPTIONS_FILE_SET+=UCS4

ruby18-bdb[Bearbeiten]

OPTIONS_FILE_SET+=DOCS
OPTIONS_FILE_UNSET+=EXAMPLES

zusätzliche Konfigurationsdateien[Bearbeiten]

Jail[Bearbeiten]

/etc/rc.conf[Bearbeiten]


apache22_enable="YES"
mysql_enable="YES"

Konfiguration der Programme[Bearbeiten]

Apache22[Bearbeiten]

httpd.conf[Bearbeiten]


…
LoadModule php5_module        libexec/apache22/libphp5.so

<IfModule php5_module>
 DirectoryIndex index.php index.html
 AddType application/x-httpd-php .php
 AddType application/x-httpd-php-source .phps
</IfModule>
...
ServerName <domain>:80
...
Include etc/apache22/extra/httpd-ssl.conf
...
ServerTokens ProductOnly
ServerSignature Off

/extra/httpd-ssl.conf[Bearbeiten]


Listen <IP>:443
...
<VirtualHost <IP>:443>
...
Serveradmin <mailadresse>
...
Servername <domain>
...
SSLEngine on
...
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
...
SSLCertificateFile  "/usr/local/www/apache22/data/ssl/certs/cert.pem"
...
SSLCertificateKeyFile "/usr/local/www/apache22/data/ssl/key/key.pem"
...
SSLCACertificateFile  "/usr/local/www/apache22/data/ssl/certs/cazertifikate.pem"
...
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0

/extra/httpd-vhost.conf[Bearbeiten]


NameVirtualHost <IP>:80
...
<VirtualHost 1<IP>:80>
   ServerAdmin webmaster@<domain>
   DocumentRoot "/usr/local/www/limesurvey/"
   ServerName <domain>
   RewriteEngine On
   RewriteCond %{REQUEST_METHOD} ^TRACE
    RewriteRule .* - [F]
   RewriteCond %{SERVER_PORT} !443
    RewriteRule (.*) https://<domain> [R]
</VirtualHost>

  • data/
    • impressum.html erstellt
    • images/
      • image00.jpg
      • image01.png

manuelles Starten vom Apache22 ist nötig[Bearbeiten]

Während des Startens von Apache wird das Passwort für das Zertifikat (SSL) angefragt. Es ist manuell einzugeben. Daher kann Apache nie von allein (trotz Eintrag für das Starten von Diensten) ordentlich starten.

service apache22 onestart
Performing sanity check on apache22 configuration:
Syntax OK
Starting apache22.
Apache/2.2.26 mod_ssl/2.2.26 (Pass Phrase Dialog)
Some of your private key files are encrypted for security reasons.
In order to read them you have to provide the pass phrases.

Server umfragen.stura.htw-dresden.de:443 (RSA)
Enter pass phrase:
OK: Pass Phrase Dialog successful.

Änderung ab 10.07.2015 - Der Passphrasenzwang wurde aus dem Zertifikateskey entfernt!

Limesurvey[Bearbeiten]

config.php[Bearbeiten]


$databasepass       =   '<mysqlpassword>';
...
$defaultuser        =   '<adminusername>';
$defaultpass        =   '<password>'; 
... 
$siteadminemail = 'umfragen@stura.htw-dresden.de';
$siteadminbounce = 'umfragen@stura.htw-dresden.de';
$siteadminname = 'StuRa HTW Dresden';

SQL Import[Bearbeiten]

limesurvey/admin/cmdline_importsurvey.php

php cmdline_importsurvey <File to import> [<user> <password>]

Mysql-server[Bearbeiten]

starten

/usr/local/etc/rc.d/mysql-server onestart

Password setzen

mysqladmin -u <benutzer> password <password>

Siehe auch[Bearbeiten]

Media:Beispiel.mp3