Friday, September 17, 2010

Installing NGINX, PHP and MYSQL on Linux Mint 9

For Development purposes, I try to install NGINX, PHP and MYSQL on My Linux Mint 9.

Following instruction on HowToForge Site, bellow are all steps I made to install NGINX, PHP and MYSQL: (All commands, need root privilege, and run from terminal)
1.  run "apt-get install mysql-server mysql-client" to install MySql server and client. And you will be asked to provide root password, at the end of this process.
2. run "apt-get install nginx" to install Nginx
3. run "/etc/init.d/nginx start" to start Nginx
4. go to your browser and open http://localhost, then you will see "Welcome to nginx!" page. It means that nginx is running successfully.
5. run "update-rc.d nginx defaults" to make nginx start at boot time.
6. run "apt-get install php5-cgi php5-mysql php5-curl php5-gd php5-idn php-pear php5-imagick php5-imap php5-mcrypt php5-memcache php5-mhash php5-ming php5-pspell php5-recode php5-snmp php5-sqlite php5-tidy php5-xmlrpc php5-xsl" to install PHP. This command is an one line command.
7. run "vi /etc/php5/cgi/php.ini" to edit php.ini file, then add the line "cgi.fix_pathinfo = 1", right at the end of the file.
8. Since there is no standalone FastCGI daemon package for Linux Mint, therefore we can use the spawn-fcgi program from lighttpd. Then run "apt-get install lighttpd" to install lighttpd. And spawn-fcgi would be installed on "/usr/bin/spawn-fcgi"
9. At the end of step 8, you will see an error message saying that lighttpd couldn't start because port 80 is already in use. That's how it's supposed to be because nginx is already listening on port 80. Then run "update-rc.d -f lighttpd remove" to remove lighttpd from startup script.
10. run "/usr/bin/spawn-fcgi -a 127.0.0.1 -p 9000 -u www-data -g www-data -f /usr/bin/php5-cgi -P /var/run/fastcgi-php.pid" or place this command at the end of "/etc/rc.local" file to make the system execute the command automatically at boot time. Please note, this command is an one line command.
11. run "vi /etc/nginx/nginx.conf" to configure nginx. You can learn more about it here at http://wiki.codemongers.com/NginxFullExample.
Below is my configuration:
=================
# You may add here your
# server {
#    ...
# }
# statements for each of your virtual hosts
server {
        listen   80;
        server_name  _;

        access_log  /var/log/nginx/localhost.access.log;

        location / {
                root   /var/www/nginx-default;
                index  index.php index.html index.htm;
        }

        location /doc {
                root   /usr/share;
                autoindex on;
                allow 127.0.0.1;
                deny all;
        }

        location /images {
                root   /usr/share;
                autoindex on;
        }

        #error_page  404  /404.html;

        # redirect server error pages to the static page /50x.html
        #
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
                root   /var/www/nginx-default;
        }

        # proxy the PHP scripts to Apache listening on 127.0.0.1:80
        #
        #location ~ \.php$ {
                #proxy_pass   http://127.0.0.1;
        #}

        # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
        #
        location ~ \.php$ {
                fastcgi_pass   127.0.0.1:9000;
                fastcgi_index  index.php;
                fastcgi_param  SCRIPT_FILENAME  /var/www/nginx-default$fastcgi_script_name;
                include        fastcgi_params;
        }

        # deny access to .htaccess files, if Apache's document root
        # concurs with nginx's one
        #
        location ~ /\.ht {
                deny  all;
        }
}


# another virtual host using mix of IP-, name-, and port-based configuration
#
#server {
#listen   8000;
#listen   somename:8080;
#server_name  somename  alias  another.alias;

#location / {
#root   html;
#index  index.html index.htm;
#}
#}


# HTTPS server
#
#server {
#listen   443;
#server_name  localhost;

#ssl  on;
#ssl_certificate  cert.pem;
#ssl_certificate_key  cert.key;

#ssl_session_timeout  5m;

#ssl_protocols  SSLv2 SSLv3 TLSv1;
#ssl_ciphers  ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
#ssl_prefer_server_ciphers   on;

#location / {
#root   html;
#index  index.html index.htm;
#}
#}
====================
12. run "/etc/init.d/nginx restart" to restart Nginx
13. Then, create a PHP file in the document root /var/www/nginx-default, name info.php and put below code into it:
===============

phpinfo();
?>
===============
14. Go to your browser and invoke http://localhost/info.php, then you will see the PHP information that installed on your machine. You will see on row Server API, that CGI/FastCGI is active.
15. If you want to move your web root directory out of " /var/www/nginx-default", you have to make some change on "/etc/nginx/nginx.conf". The changes are:
============================
        location / {
                root   /var/www/nginx-default;  >>>> change this to new directory
                index  index.php index.html index.htm;
        }
============================
and
============================
location ~ \.php$ {
                fastcgi_pass   127.0.0.1:9000;
                fastcgi_index  index.php;
                fastcgi_param  SCRIPT_FILENAME  /var/www/nginx-default$fastcgi_script_name; >>>>> change this too
                include        fastcgi_params; 
==============================

That's All

Friday, September 3, 2010

Installing IPFire Firewall to Protecting Your Business

IPFire is one of Linux Distro that specialized to be a router/firewall.

Installing IPFire is very easy, just follow the instruction at wiki.ipfire.org/en/installation/start.

The very simple type of installation is Green - Red type. Green means your internal network and Red means your external network. You have to use private IP for Green, such as 192.168.0.x and you can assign the Green network Card as 192.168.0.1 and use DHCP server enable for Green network.

For the IP Address of Red Network Card, you have to ask your Internet Service Provider. And the informations you must know are  Default Gateway, DNS server if your internet connection use static IP Address.

After successful installation, you can connect to IPFire router machine through other computer that connected to Green network card. Then launch internet browser and go to https://192.168.0.1:444/cgi-bin/proxy.cgi.

After successful login to web-based administration panel of your IPFire router, you will see many feature that you can apply for your new router/firewall.

For example, I figure out some features that applied in my IPFire router/firewall.

To boost internet connection, I enable Web Proxy, with transparent on Green.  Go to Network menu then choose webproxy. So many options you can enable here. I enable URL Filter to block porn sites and facebook during office hours. To see the complete list of site categories for URL Filter go to Network >> Content Filter. I also enable download throttling to limit download speed for each computer on Green Network.