-->

whaust

2017年6月20日 星期二

How to install Apache2 + PHP-FPM on Raspberry Pi

We have prepared a simple tutorial on how to install the Apache web server with PHP-FPM in Raspbian. It takes a few minutes to prepare Raspberry Pi to launch your website.

1. Add a "non-free" component to /etc/apt/sources.list, if not already there and add deb-src source

root@raspberrypi:~# cat /etc/apt/sources.list
deb http://mirrordirector.raspbian.org/raspbian/ wheezy main contrib non-free rpi
 
root@raspberrypi:~# cat >> /etc/apt.sources.list
deb-src http://mirrordirector.raspbian.org/raspbian/ wheezy main contrib non-free rpi
^C
 
root@raspberrypi:~# cat /etc/apt/sources.list
deb http://mirrordirector.raspbian.org/raspbian/ wheezy main contrib non-free rpi
deb-src http://mirrordirector.raspbian.org/raspbian/ wheezy main contrib non-free rpi

2. Update/upgrade and a good habit is to install the time synchronization and postfix

root@raspberrypi:~# apt-get update && apt-get -y upgrade
root@raspberrypi:~# apt-get install postfix ntp ntpdate

3. Install Apache, php-fpm and other packages according to your needs

root@raspberrypi:~# apt-get install apache2-mpm-worker php5-fpm php-apc

4. Install all dependencies for libapache-mod-fastcgi

root@raspberrypi:~# apt-get install debhelper dpatch libtool cdbs libapr1-dev apache2-threaded-dev

5. Install libapache-mod-fastcgi from source

root@raspberrypi:~# apt-get -b source libapache-mod-fastcgi
root@raspberrypi:~# dpkg -i libapache2-mod-fastcgi*.deb

6. Enable mods rewrite, actions etc. and restart apache

root@raspberrypi:~# a2enmod rewrite ssl actions include
root@raspberrypi:~# service apache2 restart

7. Install MySQL server and PHPMyAdmin if needed

root@raspberrypi:~# apt-get install mysql-client mysql-server php5-mysql phpmyadmin

8. Add group and user for your domain. First uid and gid is 10000 and home user (domain) directory is in /home/

root@raspberrypi:~# addgroup --gid 10000 group001
root@raspberrypi:~# adduser --home /home/mydomain.com --shell /dev/null --uid 10000 --gid 10000 --disabled-password --disabled-login --gecos '' user001

9. Create structure logs and web directory

root@raspberrypi:~# mkdir /home/mydomain.com/logs       # for Apache logs
root@raspberrypi:~# mkdir /home/mydomain.com/logs/php/  # for PHP logs
root@raspberrypi:~# mkdir /home/mydomain.com/www        # for your web page
root@raspberrypi:~# mkdir /home/mydomain.com/tmp        # for temp
root@raspberrypi:~# mkdir /home/mydomain.com/sessions   # for sessions
root@raspberrypi:~# chown -R user001:group001 /home/mydomain.com/

10. Add php-fpm.conf for your mydomain.com and edit mydomain.com.conf

root@raspberrypi:~# cp /etc/php5/fpm/pool.d/www.conf /etc/php5/fpm/pool.d/mydomain.com.conf
root@raspberrypi:~# nano /etc/php5/fpm/pool.d/mydomain.com.conf

11. Modify /etc/php5/fpm/pool.d/mydomain.com.conf

; pool name ('www' here)
[mydomain.com]
...
; Unix user/group of processes
user = user001
group = group001
...
; The address on which to accept FastCGI requests.
listen = /var/run/php5-fpm-mydomain.com.sock
...
; Set permissions for unix socket, if one is used. In Linux, read/write
listen.owner = user001
listen.group = group001
listen.mode = 0666
...
; Default Value: nothing is defined by default except the values in php.ini ...
; add php.ini admin values
php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f noreply@mydomain.com
php_flag[display_errors] = off
php_admin_value[error_log] = /home/mydomain.com/logs/php/fpm-php.www.log
php_admin_flag[log_errors] = on
php_admin_value[upload_tmp_dir] = /home/mydomain.com/tmp
php_admin_value[session.save_path] = /home/mydomain.com/sessions
php_admin_value[open_basedir] = /home/mydomain.com/www:/home/mydomain.com/tmp:/home/mydomain.com/sessions
php_admin_value[mail.log] = /home/mydomain.com/logs/mail.log
php_admin_value[memory_limit] = 64M
php_admin_value[post_max_size] = 18M
php_admin_value[max_execution_time] = 60
php_admin_value[allow_url_fopen] = Off
php_admin_value[upload_max_filesize] = 18M
php_admin_value[date.timezone] = Europe/Prague

12. Create Apache virtual host

root@raspberrypi:~# nano /etc/apache2/sites-available/mydomain.com.conf
# eliminate www
<VirtualHost *:80>
    ServerName www.mydomain.com
    Redirect 301 / http://mydomain.com/
</VirtualHost>
 
<VirtualHost *:80>
        ServerAdmin iam@mydomain.com
 
        ServerName mydomain.com
 
        DocumentRoot /home/mydomain.com/www
 
        <Directory /home/mydomain.com/www>
                Options -Indexes -FollowSymLinks -MultiViews
                AllowOverride All
 
                Order allow,deny
                allow from all
        </Directory>
 
        # eliminate log warning about ico
        Redirect 404 /favicon.ico
        <Location /favicon.ico>
                ErrorDocument 404 "No favicon"
        </Location>
 
        # *.php3-5 file extension (enable different extensions in /etc/php5/fpm/pool.d/mydomain.com.conf first)
        <FilesMatch ".+\.ph(p[345]?|t|tml)$">
                SetHandler application/x-httpd-php
        </FilesMatch>
 
        # FastCGI
        Action application/x-httpd-php /php5-fcgi
        Alias /php5-fcgi /usr/lib/cgi-bin/mydomain.com
        FastCgiExternalServer /usr/lib/cgi-bin/mydomain.com -socket /var/run/php5-fpm-mydomain.com.sock -pass-header Authorization
 
        # apache logs
        ErrorLog /home/mydomain.com/logs/error.log
        LogLevel warn
        CustomLog /home/mydomain.com/logs/access.log combined
 
</VirtualHost>

13. Create index.php file in your web home directory and insert phpinfo function into this file

root@raspberrypi:~# nano /home/mydomain.com/www/index.php
<?php phpinfo();?>

14. Create vhost symlink from sites-available to sites-enabled directory and restart apache and php5-fpm

root@raspberrypi:~# ln -s /etc/apache2/sites-available/mydomain.com.conf /etc/apache2/sites-enabled/
root@raspberrypi:~# service apache2 restart && service php5-fpm restart
[ ok ] Restarting web server: apache2 ... waiting .
[ ok ] Restarting PHP5 FastCGI Process Manager: php5-fpm.

15. Enjoy!

Raspberry Pi Raspbian Apache2 PHP5-FPM
沒有留言:

2017年6月19日 星期一

Install an Identity Certificate for ASDM

http://www.cisco.com/c/en/us/td/docs/security/asdm/identity-cert/cert-install.html

Updated:July 24, 2014

Table of Contents

Install an Identity Certificate for ASDM
Run the ASDM Identity Certificate Wizard (ASDM 7.3 and Later)
Register the New Identity Certificate(s) with Java

Install an Identity Certificate for ASDM

Last Updated: May 8, 2015
When using some versions of Java, such as Version 7 update 51, the ASDM Launcher requires a trusted certificate. An easy approach to fulfill the certificate requirements is to generate a self-signed identity certificate and to configure the ASA to use it when establishing an SSL connection. After you generate the identity certificate and configure the ASA, you need to register it with the Java Control Panel on your computer.
For the ASA 5506-X, 5508-X, or 5516-X with an ASA FirePOWER module, you can use ASDM for module management. In this case, you must create two identity certificates: one for the ASA and one for the module.

Run the ASDM Identity Certificate Wizard (ASDM 7.3 and Later)

ASDM 7.3 and later provides the ASDM Identity Certificate Wizard. The wizard makes configuring self-signed identity certificates easy.
  • When you first launch ASDM and do not have a trusted certificate, you are prompted to launch ASDM with Java Web Start; the certificate wizard then starts automatically.
  • If you start ASDM yourself using Java Web Start, then you can launch the wizard from the Wizards menu.
  • To generate the separate ASA FirePOWER module certificate, you must re-run the wizard to generate the additional certificate.
Procedure
1. Launch ASDM. Use an already installed ASDM Launcher, or connect to the ASA IP address with a browser (https:// asa_ip_address /admin) to install a new Launcher. The Launcher prompts you to automatically start ASDM with Java Web Start for the purpose of running the certificate wizard.
2. (If the wizard did not launch automatically) Choose Wizards > ASDM Identity Certificate Wizard.
3. Complete the wizard. We recommend choosing the Simple Mode option.
4. (ASA FirePOWER module) Re-run the wizard, and choose the SFR Module option.
5. Quit ASDM.
6. See Register the New Identity Certificate(s) with Java to register both certificates.

Register the New Identity Certificate(s) with Java

This procedure shows Java in Windows 7; your operating system may differ.
Procedure
1. On your computer, launch the Java Control Panel. On the Security tab, click Manage Certificates.
2. From the Certificate type drop-down list, choose Secure Site, and click Import.
NoteYou must choose the Secure Site option; other categories do not work.
3. Choose the ASA certificate you earlier exported from ASDM.
4. (ASA FirePOWER module) Click Import again, and choose the module certificate that you earlier exported from ASDM.
5. Click Close.
6. You can now use the ASDM Launcher.

(ASDM 7.2 and Earlier) Manually Configure the ASA for an Identity Certificate

Complete all of the following procedures.
Create the Identity Certificate
Procedure
1. In a browser, connect to the ASA (https:// asa_ip_address /admin) and launch ASDM by clicking Run ASDM.
2. Choose Configuration > Device Management > Certificate Management > Identity Certificates, and click Add.
3. Click the Add a new identity certificate radio button, and click Select for the Certificate Subject DN.
4. From the Attribute drop-down list, choose Common Name (CN), enter the ASA IP address for the Value, click Add, and then click OK.
5. Check the Generate self-signed certificate check box and click Add Certificate.
6. Click Apply.
Export the New Certificate
Procedure
1. Select the certificate, and click Export.
2. Click Browse to choose a save location and name the certificate with the.csr extension (the Java Control Panel expects a.csr extension, so you can save yourself a step by using.csr even though this certificate is a CER file).
3. Click the PEM Format (Certificate Only) radio button, and then click Export Certificate.
Set the Certificate to Be Used with SSL
Procedure
1. Choose Device Management > Advanced > SSL Settings. In the Certificates area, select the management interface entry, and click Edit.
2. From the Primary Enrolled Certificate drop-down list, choose the newly-created certificate with the CN value of the ASA IP address, and click OK.
3. Click Apply.
4. See Register the New Identity Certificate(s) with Java.
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)
沒有留言:
訂閱: 文章 (Atom)

Popular

  • PaloAlto Strata Little Quiz
     Question 1 of 10 Which type of cyberattack sends extremely high volumes of network traffic such as packets, data, or transactions that rend...
  • SA, SD и SE
    При планировании проекта разработки программного обеспечения я часто сталкиваюсь с помощником, который задает мне вопрос: в чем разница межд...
  • Threat List from 2020/03/28 - 2020/03/30
    Top 20 Threats Top 100 Threats --------------------------- NTP Amplification REQ_MON_GETLIST Request Found NTP Amplification Denia...