Jan 21
“T’es mignon iMil avec tes machins développés à 3 grammes, mais en vrai, c’est utilisable ?”
Mais si, je vous ai entendu penser ça tout fort.
Et en réponse à cet affront manifeste, voici une mise en place d’apache chrooté prêt à recevoir un Wordpress utilisant la machinerie présentée dans le post précédent :
[~/services] pwd
/home/imil/services
(root@korriban)
[~/services] cat etc/apache-chroot.conf
SETSDIR=/home/imil/binary/sets
SVCDIR=/home/imil/services/apache
CHROOTDIR=${SVCDIR}/chroot
# do not add a trailing slash in the following variable
SETSURL=ftp://ftp.fr.netbsd.org/pub/NetBSD/NetBSD-5.0.1/amd64/binary/sets
SETS="base xbase etc" # xbase required for apache (expat)
PREFIX="/usr/pkg"
PACKAGES="/home/imil/packages"
PKGLIST="sqlite3 pkgin perl apr apr-util apache xmlcatmgr libxml2 php php5-mysql libmm libmcrypt php5-mcrypt ap22-php5 ap22-rpaf php5-mbstring php5-zlib"
MOUNTS="/dev ${PACKAGES} /home/imilnet"
CPFILES="${SVCDIR}/root"
SERVICES="apache postfix"
PREFIX="/usr/pkg"
J’ai préparé les fichiers suivants, prêts à être copiés dans le chroot :
(root@korriban) [~/services] find apache/root apache/root apache/root/etc apache/root/etc/hosts apache/root/etc/rc.conf apache/root/etc/resolv.conf apache/root/etc/postfix apache/root/etc/postfix/main.cf apache/root/usr apache/root/usr/pkg apache/root/usr/pkg/etc apache/root/usr/pkg/etc/php.ini apache/root/usr/pkg/etc/pkgin apache/root/usr/pkg/etc/pkgin/repositories.conf apache/root/usr/pkg/etc/httpd apache/root/usr/pkg/etc/httpd/httpd.conf apache/root/usr/pkg/etc/httpd/httpd-vhosts.conf
On n’oubliera evidemment pas de placer dans etc/rc.conf les valeurs suivantes :
(root@korriban)
[~/services] cat apache/root/etc/rc.conf
if [ -r /etc/defaults/rc.conf ]; then
. /etc/defaults/rc.conf
fi
rc_configured=YES
apache=YES
postfix=YES
À noter que Wordpress considère qu’un MTA local est disponible, d’où la nénessité de démarrer postfix. La configuration de ce dernier est tout à fait basique: myhostname, mydomain, inet_interfaces (localhost) et surtout relayhost.
Le fichier php.ini est affublé des extensions nécessaires :
extension=mysql.so extension=mcrypt.so extension=mbstring.so extension=zlib.so
Les fichiers httpd.conf et httpd-vhosts.conf sont à configurer selon vos besoins.
Dès lors :
(root@korriban)
[~/services] bin/mksvcchroot.sh create etc/apache-chroot.conf
/home/imil/services/apache/chroot-NetBSD-5.0.1
fetching binary sets... done
creating chroot... extracting: base xbase etc done
preparing packages...sqlite3 Creating binary package: sqlite3-3.6.17
Creating package /home/imil/packages/sqlite3-3.6.17
Using SrcDir value of /usr/pkg
pkgin Creating binary package: pkgin-0.2.5
Creating package /home/imil/packages/pkgin-0.2.5
Using SrcDir value of /usr/pkg
perl Creating binary package: perl-5.10.0nb6
Creating package /home/imil/packages/perl-5.10.0nb6
Using SrcDir value of /usr/pkg
apr Creating binary package: apr-1.3.9
Creating package /home/imil/packages/apr-1.3.9
Using SrcDir value of /usr/pkg
apr-util Creating binary package: apr-util-1.3.9
Creating package /home/imil/packages/apr-util-1.3.9
Using SrcDir value of /usr/pkg
apache Creating binary package: apache-2.2.13nb3
Creating package /home/imil/packages/apache-2.2.13nb3
Using SrcDir value of /usr/pkg
xmlcatmgr Creating binary package: xmlcatmgr-2.2nb1
Creating package /home/imil/packages/xmlcatmgr-2.2nb1
Using SrcDir value of /usr/pkg
libxml2 Creating binary package: libxml2-2.7.3nb1
Creating package /home/imil/packages/libxml2-2.7.3nb1
Using SrcDir value of /usr/pkg
php Creating binary package: php-5.2.12
Creating package /home/imil/packages/php-5.2.12
Using SrcDir value of /usr/pkg
php5-mysql Creating binary package: php5-mysql-5.2.12
Creating package /home/imil/packages/php5-mysql-5.2.12
Using SrcDir value of /usr/pkg
libmm Creating binary package: libmm-1.4.2nb1
Creating package /home/imil/packages/libmm-1.4.2nb1
Using SrcDir value of /usr/pkg
libmcrypt Creating binary package: libmcrypt-2.5.8
Creating package /home/imil/packages/libmcrypt-2.5.8
Using SrcDir value of /usr/pkg
php5-mcrypt Creating binary package: php5-mcrypt-5.2.12
Creating package /home/imil/packages/php5-mcrypt-5.2.12
Using SrcDir value of /usr/pkg
ap22-php5 Creating binary package: ap22-php5-5.2.12nb1
Creating package /home/imil/packages/ap22-php5-5.2.12nb1
Using SrcDir value of /usr/pkg
ap22-rpaf Creating binary package: ap22-rpaf-0.5
Creating package /home/imil/packages/ap22-rpaf-0.5
Using SrcDir value of /usr/pkg
php5-mbstring Creating binary package: php5-mbstring-5.2.12
Creating package /home/imil/packages/php5-mbstring-5.2.12
Using SrcDir value of /usr/pkg
php5-zlib Creating binary package: php5-zlib-5.2.12nb1
Creating package /home/imil/packages/php5-zlib-5.2.12nb1
Using SrcDir value of /usr/pkg
done
null-mounting... /dev /home/imil/packages /home/imilnet done
installing packages... sqlite3 pkgin Executing '/bin/mkdir -p '/usr/pkg'/etc/pkgin'
pkgin-0.2.5: copying /usr/pkg/share/examples/pkgin/repositories.conf.example to /usr/pkg/etc/pkgin/repositories.conf
===========================================================================
$NetBSD: MESSAGE,v 1.1.1.1 2009/06/08 13:58:26 imil Exp $
First steps before using pkgin.
. Modify /usr/pkg/etc/pkgin/repositories.conf to suit your platform
. Initialize the database :
# pkgin update
===========================================================================
perl apr apr-util apache apache-2.2.13nb3: Creating group ``www''
apache-2.2.13nb3: Creating user ``www''
useradd: Warning: home directory `/nonexistent' doesn't exist, and -m was not specified
apache-2.2.13nb3: copying /usr/pkg/share/examples/httpd/extra/httpd-autoindex.conf to /usr/pkg/etc/httpd/httpd-autoindex.conf
apache-2.2.13nb3: copying /usr/pkg/share/examples/httpd/extra/httpd-dav.conf to /usr/pkg/etc/httpd/httpd-dav.conf
apache-2.2.13nb3: copying /usr/pkg/share/examples/httpd/extra/httpd-default.conf to /usr/pkg/etc/httpd/httpd-default.conf
apache-2.2.13nb3: copying /usr/pkg/share/examples/httpd/extra/httpd-info.conf to /usr/pkg/etc/httpd/httpd-info.conf
apache-2.2.13nb3: copying /usr/pkg/share/examples/httpd/extra/httpd-languages.conf to /usr/pkg/etc/httpd/httpd-languages.conf
apache-2.2.13nb3: copying /usr/pkg/share/examples/httpd/extra/httpd-manual.conf to /usr/pkg/etc/httpd/httpd-manual.conf
apache-2.2.13nb3: copying /usr/pkg/share/examples/httpd/extra/httpd-mpm.conf to /usr/pkg/etc/httpd/httpd-mpm.conf
apache-2.2.13nb3: copying /usr/pkg/share/examples/httpd/extra/httpd-multilang-errordoc.conf to /usr/pkg/etc/httpd/httpd-multilang-errordoc.conf
apache-2.2.13nb3: copying /usr/pkg/share/examples/httpd/extra/httpd-ssl.conf to /usr/pkg/etc/httpd/httpd-ssl.conf
apache-2.2.13nb3: copying /usr/pkg/share/examples/httpd/extra/httpd-userdir.conf to /usr/pkg/etc/httpd/httpd-userdir.conf
apache-2.2.13nb3: copying /usr/pkg/share/examples/httpd/extra/httpd-vhosts.conf to /usr/pkg/etc/httpd/httpd-vhosts.conf
apache-2.2.13nb3: copying /usr/pkg/share/examples/httpd/httpd.conf to /usr/pkg/etc/httpd/httpd.conf
apache-2.2.13nb3: copying /usr/pkg/share/examples/httpd/magic to /usr/pkg/etc/httpd/magic
apache-2.2.13nb3: copying /usr/pkg/share/examples/httpd/mime.types to /usr/pkg/etc/httpd/mime.types
===========================================================================
The following files should be created for apache-2.2.13nb3:
/etc/rc.d/apache (m=0755)
[/usr/pkg/share/examples/rc.d/apache]
===========================================================================
xmlcatmgr xmlcatmgr-2.2nb1: copying /usr/pkg/share/examples/xmlcatmgr/catalog.etc.sgml to /usr/pkg/etc/sgml/catalog
xmlcatmgr-2.2nb1: copying /usr/pkg/share/examples/xmlcatmgr/catalog.etc.xml to /usr/pkg/etc/xml/catalog
xmlcatmgr-2.2nb1: copying /usr/pkg/share/examples/xmlcatmgr/catalog.share.sgml to /usr/pkg/share/sgml/catalog
xmlcatmgr-2.2nb1: copying /usr/pkg/share/examples/xmlcatmgr/catalog.share.xml to /usr/pkg/share/xml/catalog
===========================================================================
$NetBSD: MESSAGE,v 1.5 2004/01/23 17:12:16 jmmv Exp $
The following catalogs have been installed:
* /usr/pkg/etc/sgml/catalog
System wide SGML catalog. Can be edited by the administrator and
is not changed by packages. This is the *default* catalog when
working in SGML mode.
* /usr/pkg/etc/xml/catalog
System wide XML catalog. Can be edited by the administrator and
is not changed by packages. This is the *default* catalog when
working in XML mode.
* /usr/pkg/share/sgml/catalog
Handles SGML stuff installed under /usr/pkg/share/sgml.
Automatically handled by packages.
* /usr/pkg/share/xml/catalog
Handles XML stuff installed under /usr/pkg/share/xml.
Automatically handled by packages.
===========================================================================
libxml2 php php-5.2.11: copying /usr/pkg/share/examples/php/php.ini-recommended to /usr/pkg/etc/php.ini
===========================================================================
$NetBSD: MESSAGE,v 1.9 2007/10/09 19:19:10 martti Exp $
To process PHP scripts, you will need a PHP-enabled HTTP server. You may
either configure the HTTP server to use the PHP CGI binary located in
/usr/pkg/libexec/cgi-bin/php
or you may install a PHP module for your HTTP server, e.g. www/ap-php.
Note that php-openssl is no longer a separate package as of version
5.0.5nb1 because the main PHP5 package has it built-in now.
As of version 5.2.1nb3 PEAR is no longer installed by default with the
php package. In order to use PEAR packages with PHP you will need to
install the lang/pear package.
===========================================================================
pkg_add: A different version of php-5.2.12 is already installed: php-5.2.11
pkg_add: 1 package addition failed
php5-mysql ===========================================================================
$NetBSD: MESSAGE,v 1.1.1.1 2005/10/31 09:21:40 xtraeme Exp $
To use the ``mysqlhotcopy'' script, you'll have to install the following
packages:
databases/p5-DBD-mysql
devel/p5-File-Temp
===========================================================================
===========================================================================
$NetBSD: MESSAGE.module,v 1.2 2004/11/05 21:50:11 jdolecek Exp $
To enable this module, add the following to /usr/pkg/etc/php.ini:
extension=mysql.so
and make sure extension_dir points to the dir where mysql.so is.
Then restart your PHP5-enabled HTTP server to load this module.
===========================================================================
libmm libmcrypt php5-mcrypt ===========================================================================
$NetBSD: MESSAGE.module,v 1.2 2004/11/05 21:50:11 jdolecek Exp $
To enable this module, add the following to /usr/pkg/etc/php.ini:
extension=mcrypt.so
and make sure extension_dir points to the dir where mcrypt.so is.
Then restart your PHP5-enabled HTTP server to load this module.
===========================================================================
ap22-php5 ===========================================================================
$NetBSD: MESSAGE,v 1.2 2005/03/30 03:25:00 darcy Exp $
In order to use this module in your Apache 1.x installation, you need to
add the following to your httpd.conf file:
LoadModule php5_module lib/httpd/mod_php5.so
AddType application/x-httpd-php .php
You may also add following if you still use .php3 files:
AddType application/x-httpd-php .php3
For Apache 2.x installation, you need following:
LoadModule php5_module lib/httpd/mod_php5.so
AddHandler application/x-httpd-php .php
You may also add following if you still use .php3 files:
AddHandler application/x-httpd-php .php3
===========================================================================
ap22-rpaf php5-mbstring ===========================================================================
$NetBSD: MESSAGE.module,v 1.2 2004/11/05 21:50:11 jdolecek Exp $
To enable this module, add the following to /usr/pkg/etc/php.ini:
extension=mbstring.so
and make sure extension_dir points to the dir where mbstring.so is.
Then restart your PHP5-enabled HTTP server to load this module.
===========================================================================
php5-zlib ===========================================================================
$NetBSD: MESSAGE.module,v 1.2 2004/11/05 21:50:11 jdolecek Exp $
To enable this module, add the following to /usr/pkg/etc/php.ini:
extension=zlib.so
and make sure extension_dir points to the dir where zlib.so is.
Then restart your PHP5-enabled HTTP server to load this module.
===========================================================================
done
copying files... done
copying services scripts...cp: /usr/pkg/share/examples/rc.d/postfix: No such file or directory
done
starting services...Starting apache.
postfix: rebuilding /etc/mail/aliases (missing /etc/mail/aliases.db)
postfix/postfix-script: starting the Postfix mail system
done
Notre apache est prêt à répondre aux requetes.
Vous n’aurez pas manqué de remarquer que j’ai ajouté pkgin aux packages à installer dans le chroot, ce qui nous permettra de maintenir ce dernier de cette façon :
(imil@korriban)
[~] sudo chroot services/apache/chroot-NetBSD-5.0.1 /bin/ksh
# pkgin up
processing local summary...
updating database: 100%
downloading pkg_summary.bz2: 100%
processing remote summary (ftp://ftp.fr.netbsd.org/pub/pkgsrc/packages/NetBSD/amd64/5.0/All)...
updating database: 100%
# pkgin fug
calculating dependencies for ap22-php5-5.2.12nb1...
calculating dependencies for ap22-rpaf-0.5...
calculating dependencies for apache-2.2.14...
calculating dependencies for apr-1.3.9...
calculating dependencies for apr-util-1.3.9...
calculating dependencies for libmcrypt-2.5.8...
calculating dependencies for libmm-1.4.2nb1...
calculating dependencies for libxml2-2.7.6...
calculating dependencies for mysql-client-5.0.88...
calculating dependencies for perl-5.10.1...
calculating dependencies for php-5.2.12...
calculating dependencies for php5-mbstring-5.2.12...
calculating dependencies for php5-mcrypt-5.2.12...
calculating dependencies for php5-mysql-5.2.12...
calculating dependencies for php5-zlib-5.2.12nb1...
calculating dependencies for pkgin-0.2.5...
calculating dependencies for sqlite3-3.6.21nb1...
calculating dependencies for xmlcatmgr-2.2nb1...
5 packages to be upgraded: sqlite3-3.6.17 apache-2.2.13nb3 perl-5.10.0nb6 php-5.2.11 libxml2-2.7.3nb1
5 packages to be installed: libxml2-2.7.6 perl-5.10.1 php-5.2.12 apache-2.2.14 sqlite3-3.6.21nb1 (23M to download, 86M to install)
proceed ? [y/N] y
downloading packages...
downloading libxml2-2.7.6.tgz: 100%
downloading perl-5.10.1.tgz: 100%
downloading php-5.2.12.tgz: 100%
downloading apache-2.2.14.tgz: 100%
downloading sqlite3-3.6.21nb1.tgz: 100%
removing packages to be upgraded...
removing sqlite3-3.6.17...
Package `sqlite3-3.6.17' is still required by other packages:
pkgin-0.2.5
removing apache-2.2.13nb3...
Package `apache-2.2.13nb3' is still required by other packages:
ap22-php5-5.2.12nb1
ap22-rpaf-0.5
pkg_delete: Directory `/usr/pkg/share/httpd/manual/style/xsl' disappeared, skipping
===========================================================================
The following users are no longer being used by apache-2.2.13nb3,
and they can be removed if no other software is using them:
www
===========================================================================
===========================================================================
The following groups are no longer being used by apache-2.2.13nb3,
and they can be removed if no other software is using them:
www
===========================================================================
===========================================================================
The following files are no longer being used by apache-2.2.13nb3,
and they can be removed if no other packages are using them:
/usr/pkg/etc/httpd/httpd.conf
/usr/pkg/etc/httpd/httpd-vhosts.conf
/etc/rc.d/apache
===========================================================================
===========================================================================
The following directories are no longer being used by apache-2.2.13nb3,
and they can be removed if no other packages are using them:
/var/log/httpd
===========================================================================
removing perl-5.10.0nb6...
Package `perl-5.10.0nb6' is still required by other packages:
mysql-client-5.0.88
removing php-5.2.11...
Package `php-5.2.11' is still required by other packages:
php5-mysql-5.2.12
php5-mcrypt-5.2.12
ap22-php5-5.2.12nb1
php5-mbstring-5.2.12
php5-zlib-5.2.12nb1
===========================================================================
The following files are no longer being used by php-5.2.11,
and they can be removed if no other packages are using them:
/usr/pkg/etc/php.ini
===========================================================================
===========================================================================
The following directories are no longer being used by php-5.2.11,
and they can be removed if no other packages are using them:
/usr/pkg/lib/php/20040412
===========================================================================
removing libxml2-2.7.3nb1...
Package `libxml2-2.7.3nb1' is still required by other packages:
ap22-php5-5.2.12nb1
installing packages...
installing libxml2-2.7.6...
installing perl-5.10.1...
installing php-5.2.12...
php-5.2.12: /usr/pkg/etc/php.ini already exists
===========================================================================
$NetBSD: MESSAGE,v 1.9 2007/10/09 19:19:10 martti Exp $
To process PHP scripts, you will need a PHP-enabled HTTP server. You may
either configure the HTTP server to use the PHP CGI binary located in
/usr/pkg/libexec/cgi-bin/php
or you may install a PHP module for your HTTP server, e.g. www/ap-php.
Note that php-openssl is no longer a separate package as of version
5.0.5nb1 because the main PHP5 package has it built-in now.
As of version 5.2.1nb3 PEAR is no longer installed by default with the
php package. In order to use PEAR packages with PHP you will need to
install the lang/pear package.
===========================================================================
installing apache-2.2.14...
apache-2.2.14: copying /usr/pkg/share/examples/httpd/extra/httpd-autoindex.conf to /usr/pkg/etc/httpd/httpd-autoindex.conf
apache-2.2.14: copying /usr/pkg/share/examples/httpd/extra/httpd-dav.conf to /usr/pkg/etc/httpd/httpd-dav.conf
apache-2.2.14: copying /usr/pkg/share/examples/httpd/extra/httpd-default.conf to /usr/pkg/etc/httpd/httpd-default.conf
apache-2.2.14: copying /usr/pkg/share/examples/httpd/extra/httpd-info.conf to /usr/pkg/etc/httpd/httpd-info.conf
apache-2.2.14: copying /usr/pkg/share/examples/httpd/extra/httpd-languages.conf to /usr/pkg/etc/httpd/httpd-languages.conf
apache-2.2.14: copying /usr/pkg/share/examples/httpd/extra/httpd-manual.conf to /usr/pkg/etc/httpd/httpd-manual.conf
apache-2.2.14: copying /usr/pkg/share/examples/httpd/extra/httpd-mpm.conf to /usr/pkg/etc/httpd/httpd-mpm.conf
apache-2.2.14: copying /usr/pkg/share/examples/httpd/extra/httpd-multilang-errordoc.conf to /usr/pkg/etc/httpd/httpd-multilang-errordoc.conf
apache-2.2.14: copying /usr/pkg/share/examples/httpd/extra/httpd-ssl.conf to /usr/pkg/etc/httpd/httpd-ssl.conf
apache-2.2.14: copying /usr/pkg/share/examples/httpd/extra/httpd-userdir.conf to /usr/pkg/etc/httpd/httpd-userdir.conf
apache-2.2.14: /usr/pkg/etc/httpd/httpd-vhosts.conf already exists
apache-2.2.14: /usr/pkg/etc/httpd/httpd.conf already exists
apache-2.2.14: copying /usr/pkg/share/examples/httpd/magic to /usr/pkg/etc/httpd/magic
apache-2.2.14: copying /usr/pkg/share/examples/httpd/mime.types to /usr/pkg/etc/httpd/mime.types
===========================================================================
The following files are used by apache-2.2.14 and have
the wrong ownership and/or permissions:
/etc/rc.d/apache (m=0755)
===========================================================================
installing sqlite3-3.6.21nb1...
processing local summary...
updating database: 100%
marking php5-zlib-5.2.12nb1 as non auto-removeable
marking php5-mbstring-5.2.12 as non auto-removeable
marking ap22-rpaf-0.5 as non auto-removeable
marking ap22-php5-5.2.12nb1 as non auto-removeable
marking php5-mcrypt-5.2.12 as non auto-removeable
marking libmcrypt-2.5.8 as non auto-removeable
marking libmm-1.4.2nb1 as non auto-removeable
marking php5-mysql-5.2.12 as non auto-removeable
marking php-5.2.12 as non auto-removeable
marking libxml2-2.7.6 as non auto-removeable
marking xmlcatmgr-2.2nb1 as non auto-removeable
marking apache-2.2.14 as non auto-removeable
marking apr-util-1.3.9 as non auto-removeable
marking apr-1.3.9 as non auto-removeable
marking perl-5.10.1 as non auto-removeable
marking pkgin-0.2.5 as non auto-removeable
marking sqlite3-3.6.21nb1 as non auto-removeable
Et là j’ai envie de dire: “ça claque ou bien ?”
January 22nd, 2010 at 9:29 am
de la balle, ils ont eu raison de t’introniser au niveau de la secte du drapeau orange :)
Merci en tout cas ca donne envie de tester !
January 22nd, 2010 at 9:00 pm
Putain mais quand ! pkgin sur freeBSD, quand ! Moi aussi j’en veux pour les scripts tout nifty
January 22nd, 2010 at 11:16 pm
@enriz ça arrive, ça arrive :)
February 27th, 2010 at 2:36 pm
[...] probablement pas remarqué, mais le site que vous avez sous les yeux est désormais servi par un apache chrooté, reverse-proxyisé par l’incroyable nginx. Je reviendrai probablement sur cette configuration [...]