It works with PHP and MySQL. Therefore, the LAMP (Linux, Apache, MySQL and PHP) should be renamed to LHMP (Linux, Hiawatha, MySQL and PHP).
Step 0 :
Install Ubuntu 9.04 Server and OpenSSH as usual. Make sure to perform the following.
sudo apt-get update
sudo apt-get upgrade
sudo apt-get dist-upgradeStep 1 :
Download Hiawatha, the current version at this writing is 6.16, at
http://www.hiawatha-webserver.org/download.sudo wget http://www.hiawatha-webserver.org/files/hiawatha-6.16.tar.gz
tar -xzvf hiawatha-6.16.tar.gz
cd hiawatha-6.16Configure and compile the Hiawatha.
sudo apt-get install build-essentail libc6-dev libssl-dev dpkg-dev debhelper fakeroot libxml2-dev libxslt1-devsudo ./configure
sudo make debThe deb package will be created at
/home/samiux. You can install it by :sudo dpkg -i hiawatha_6.16_amd64.debor
sudo dpkg -i hiawatha_6.16_i386.debStep 2 :
Install mysql and php5.
sudo apt-get install mysql-server mysql-client php5-cgi php5 php5-cli php5-mysql php5-curl php5-gd php5-idn php-pear php5-imagick php5-imap php5-mcrypt php5-memcache php5-mhash php5-ming php5-ps php5-pspell php5-recode php5-snmp php5-sqlite php5-tidy php5-xmlrpc php5-xslEnter the password for the MySQL and write it down for further usage.
Step 3 :
sudo nano /etc/hiawatha/php-fcgi.confUncomment the following line :
Server = /usr/bin/php5-cgi ; 127.0.0.1:2005 ; www-dataActivate
php-fcgi.sudo php-fcgi -c /etc/hiawatha/php-fcgi.confKill it with -k, such as :
sudo php-fcgi -k -c /etc/hiawatha/php-fcgi.conf*Make sure you have been activated
php-fcgi; otherwise, php5 cannot be run.Step 4 :
sudo nano /etc/hiawatha/hiawatha.confUncomment
ServerId at GENERAL SETTINGS.ServerId = www-dataUncomment the following entries at
BINDING SETTINGS.Binding {
Port = 80
MaxKeepAlive = 30
TimeForRequest = 3,20
}Uncomment all the entries at
BANNING SETTINGS.BanOnGarbage = 300
BanOnMaxPerIP = 60
BanOnMaxReqSize = 300
KickOnBan = yes
RebanDuringBan = yes
BanOnSQLi = 0
BanOnFlooding = 10/1:15
BanlistMask = allow 192.168.0.0/24
Uncomment all the entries at
COMMON GATEWAY INTERFACE (CGI) SETTINGS.CGIhandler = /usr/hin/perl:pl
CGIhandler = /usr/bin/php5-cgi:php,php5
CGIhandler = /usr/bin/python:py
CGIhandler = /usr/bin/ruby:rb
CGIhandler = /usr/bin/ssi-cgi:shtml
GCIextension = cgiUncomment all the entries of
FastCGIserver and rename ConnectTo to 127.0.0.1:2005.FastCGIserver {
FastCGIid = PHP5
ConnectTo = 127.0.0.1:2005
Extension = php, php5
SessionTimeout = 30
}Uncomment all the entries of
URL TOOLKIT.UrlToolkit {
ToolkitID = banshee
RequestURI isfile Return
Match ^/(favicon.ico|robots.txt|sitemap.xml)$ Return
Match .*\?(.*) Rewrite /index.php?$1
Match .* Rewrite /index.php
}Uncomment all the entries of
VIRTUAL HOSTS and alert it when necessary.VirtualHost {
Hostname = www.samiux.com
WebsiteRoot = /var/www/www.samiux.com
StartFile = index.php
AccessLogfile = /var/log/hiawatha/access.log
ErrorLogfile = /var/log/hiawatha/error.log
TimeForGCI = 5
UseFastCGI = PHP5
UseToolkit = banshee
PreventCSRF = yes
PreventSQLi = yes
PreventXSS = yes
}Assumed that your domain name is
samiux.com and the site is at /var/www/www.samiux.com.Step 5 :
sudo nano /etc/php5/cgi/php.iniChange the following line to
Off.allow_url_fopen = OffStep 6 :
Restart the Hiawatha.
sudo /etc/init.d/hiawatha restartStep 7 :
Use AppArmor with Hiawatha.
sudo aa-genprof hiawathasudo nano /etc/apparmor.d/usr.sbin.hiawathaAdd the following lines.
#include
/usr/sbin/hiawatha {
#include
capability chown,
capability dac_override,
capability net_bind_service,
capability setgid,
capability setuid,
capability sys_chroot,
network inet tcp,
/etc/group r,
/etc/hiawatha/** r,
/etc/nsswitch.conf r,
/etc/passwd r,
/usr/bin/php5-cgi rix,
/usr/sbin/cgi-wrapper mr,
/usr/sbin/hiawatha mr,
/usr/share/dbconfig-common/** r,
/usr/share/phpmyadmin/ r,
/usr/share/phpmyadmin/** r,
/var/lib/** r,
/var/lib/hiawatha/* rw,
/var/log/hiawatha/ r,
/var/log/hiawatha/** rw,
/var/run/hiawatha.pid w,
/var/www/ r,
/var/www/** rw,
/home/*/public_html/** r,
}Make it enforce.
sudo aa-enforce hiawathaThat's all. See you!
No comments:
Post a Comment