FAMP
FreeBSD/Apache/MySQL/PHP weicc , PHP Node.js MariaDB SQL, DB, Oracle PostgreSQL MongoDB Go, Python, Apache GWS, Nginx, IIS MySQL, MS • • • • • • Web backend language backend Web NoSQL service SQL service Web service Web q q q q Introduction
Computer Center, CS, NCTU 2 Apache PHP phpMyAdmin lighttpd FastCGI Apache MySQL PHP MySQL • • • • • • • • • Appendix Installation and Administration and Installation Introduction q q q Outline
Computer Center, CS, NCTU 3 =28224098 index.php?curid / w / commons.wikimedia.org :// https 3.0, 享 分 式 方 同 相 - 示 標 名 姓 CC 用 創 , Traian Otto Otto Csaba Shmuel 由 Overview
Computer Center, CS, NCTU 4 http://httpd.apache.org/ http://www.apache.org/ server that server Example: Access CGI, control, proxy, logging, cache control, PHP… httpd Ø Freely available cross many platforms many cross available Freely for interface the provide and functions basic implement Core: Apache modules Core of function the override or extend Modules: HTTP/2 design Modular API Apache module using modules by writing Can customized be • • • • • • Two main parts Two main Web Web Apache Software Foundation: Foundation: Software Apache Project: HTTP Server Apache q q q q Apache
Computer Center, CS, NCTU 5 – request and response How ApacheHow Works
Computer Center, CS, NCTU 6 response - – Each request Apache breaks client request into several steps which are are which steps several into request client breaks Apache as modules implemented q How ApacheHow Works
Computer Center, CS, NCTU 7 Computer Center, CS, NCTU 8 Apache with mod_ssl
Computer Center, CS, NCTU 9 management systems. management Database Management Management Database SQL , www.1keydata.com/tw/sql/sql.html relational database relational user - http:// multi http://dev.mysql.com/doc , http://www.mysql.com The most popular computer language used to create, modify, retrieve retrieve modify, create, to used language computer popular The most from data manipulate and SQL: to Introduction multithreaded • • acquired by Sun Microsystems 2008. by Sun Microsystems acquired Site: Official Documentation: System. MySQLOwned sponsored Swedish AB, and by a company A SQL (Structured Query Language) SQL (Structured q q q q q MySQL (1) MySQL
Computer Center, CS, NCTU 10 portable to many many to portable Query. SQL UX, Mac Linux, Windows, Solaris, …etc. OS, - kernel, supporting systems with multiple CPUs. multiple with systems supporting kernel, (GNU General Public License version 2) version License (GNU Public General . Language (coding) Supports. Language (coding) threaded - - AIX, FreeBSD, HP , …etc. Ø Optimized algorithm for for algorithm Optimized Multi ODBC, TCP/IP, JDBC, method: Unix domain connecting of Lots socket. Software Free web applications for Popular Writing in C/C++, tested by many compilers, compilers, by many tested C/C++, in Writing platforms PHP, Ruby, Python, Perl, Java, C/C++, APIs for Providing Tcl Multi • • • • • • • • Features: q MySQL (2) MySQL
Computer Center, CS, NCTU 11 purpose scripting language. scripting purpose - side scripting. side - http://php.net/ used Open general used Source - applications. A widely web PHP's pages, principal dynamic create to designed Originally server is focus HTML. into embedded be can PHP scripts as industry Web the in popular become has The LAMP architecture web secure scalable, reliable, inexpensive, waya deploying of • • • • Official Site: Site: Official PHP: Hypertext Preprocessor PHP: Hypertext q q PHP
Computer Center, CS, NCTU 12 Installation and Administration
MySQL Apache PHP phpMyAdmin . library. ). mysqld in charset (latin1). - / pthread in charsets (may be 'all'). in charsets (may be libpthread - server - with spinlocks. mutexes linuxthreads (1) install clean install define WITHOUT_YASSL for backward compatibility). define WITHOUT_YASSL (use it if you need speed). (use it if you need even more speed). (use it if you need Define the primary built Define the primary Define other built (latin1_swedish_ci). Define default collation Enable secure connections ( (try it if you use /ports/databases/mysql57 OPTIONS MySQL =collate usr =list / =charset cd make # # • • Steps q Installing BUILD_STATIC=yes Build a static version of BUILD_STATIC=yes Enable support for NDB Cluster. WITH_NDB=yes WITH_LINUXTHREADS=yes Use the WITH_LINUXTHREADS=yes Use process scope threads WITH_PROC_SCOPE_PTH=yes Replace WITH_FAST_MUTEXES=yes Enable compiler optimizations BUILD_OPTIMIZED=yes WITH_XCHARSET WITH_COLLATION WITH_OPENSSL=yes WITH_CHARSET You may use the following build options: the following build You may use
Computer Center, CS, NCTU 14 network to the system. the to which may cause may which ) startup scripts remote security risk security remote server - (2) mysql mysqld / / rc.d / and may therefore pose a pose therefore may and libexec etc MySQL servers This port has installed the following time. at boot started be to services network these This port has installed the following files which may act as /local/ /local/ usr usr / / ===> SECURITY REPORT: SECURITY ===> WITH_CHARSET=utf8 WITH_XCHARSET=ascii,big5,… (all • • Installed… OPTIONS: q q Installing
Computer Center, CS, NCTU 15 ` mysql U - : e - mysql " mysql / starts. to enable db / (default empty). var mysql rc.conf / etc before database directory. / to enable MySQL. it to "YES" it to yes to run `limits mysqld_safe (3) Set Set just Base to ): Default to "/ ): Custom additional arguments to be passed ): Custom additional str (bool): Set to "NO" by default. (bool): Set default. (bool): Set to "NO" by ( str ( MySQL mysql_limits mysql_dbdir mysql_args mysql_enable # # # # # # # # # # line to # Add the following # # Startup script… Startup q Installing
Computer Center, CS, NCTU 16 server start - /local/etc/my.cnf mysql mysql / usr rc.d file huge.cnf / /local/share/ - daemon /local/etc/ usr /local/etc/my.cnf / usr config cd usr # / # # cp my mysql Ø Ø Using startup script startup Using Copy / Edit Ø Start Start • Configuration file Configuration • • q q Administrating (1) MySQL
Computer Center, CS, NCTU 17 g. \ 5.1.41 - server - p - c' to clear the current input statement. c' to clear the current u root \ - mysql - p – + | | | + + | randy log FreeBSD port: mysql - - ] u root u root h' for help. Type ' – \ etc The initial passwordThe initial for empty root is /local/ mysql Ø show databases; usr % > [/ • Test mysql information_schema ------| | test + 3 rows in set (0.06 sec) mysql + | Database + | Your MySQL connection id is 1 Your MySQL connection Server version: 5.1.41 Type 'help;' or ' nasa Enter password: Commands end with ; or Welcome to the MySQL monitor. q Administrating (2) MySQL
Computer Center, CS, NCTU 18 ; + + + ------| root | + mysql.user + + | | SELECT Host, User From SELECT Host, > nasa.cs.nctu.edu.tw nasa.cs.nctu.edu.tw ' = PASSWORD('ttt123'); ------mysql + | | User | Host + | | root | 127.0.0.1 | | | | | localhost | root | | localhost + root'@'localhost SET Password = PASSWORD('test123') WHERE User = 'root'; SET Password = PASSWORD('test123') mysql.user root anonymous Ø Ø Two initial accounts Two initial UPDATE # Reload the grant tables FLUSH PRIVILEGES; SET PASSWORD FOR ' > > > • Securing initial accounts initial Securing mysql (0.02 sec) Query OK, 0 rows affected Rows matched: 3 Changed: 3 Warnings: 0 Rows matched: 3 Changed: mysql (0.00 sec) Query OK, 0 rows affected mysql (0.08 sec) Query OK, 3 rows affected q Administrating (3) MySQL
Computer Center, CS, NCTU 19 /ports/www/apache24/ usr WITH_MPM=worker WITH_THREADS=yes WITH_SUEXEC=yes # cd / # cd clean install # make modules for options of A lot WITH_SSL (default) • • • • • • • Options Steps q q Installing Apache (1)
Computer Center, CS, NCTU 20 ="YES" apache22_enable /hosts or apache might /hosts or etc /apache24 . Extra options can be found in startup script. can be found . Extra options rc.d / suexec etc / must be resolvable using at least 1 mechanism in using at must be resolvable DNS or / typically rc.conf / sbin /local/ etc usr / apache24_http_accept_enable This port has installed the following binaries which execute the following binaries which execute This port has installed increased privileges. hostname nsswitch /local/ / • • Startup script Startup Installed… usr etc / ===> SECURITY REPORT: with Your / are using. on the modules you starting depending have issues To run apache www server from startup, add www server from To run apache in your / q q Installing Apache (2)
Computer Center, CS, NCTU 21 ) /apache24 httpd.conf etc /local/ usr conf – httpd.conf , Includes/*. conf *. - httpd Server configurations ofOptions modules Local for setting certain directory Other configuration files could be included. (setting in extra/ Ø Ø Ø Ø Ø Configuration files Global settings Global Configuration Directory The default location of apache (in ports) is / is ports) (in apache of location The default file: configuration Major • • • • Two types Location q q Apacheconfiguration
Computer Center, CS, NCTU 22 ) *.conf - httpd.conf – Remember create DocumentRoot directory it if you modify Ø Global Settings ( Include etc/apache22/extra/httpd Include etc/apache22/Includes/*.conf Include Listen 80 Listen [email protected] ServerAdmin nasa.cs.nctu.edu.tw ServerName "/home/wwwadm/data“ DocumentRoot • • • • • • Include supplemental configuration files configuration supplemental Include Options of modules Options Server configuration Server q q q Apacheconfiguration
Computer Center, CS, NCTU 23 MultiViews – /data"> FollowSymLinks None wwwadm Indexes allow,deny from all httpd.apache.org/docs/2.4/mod/core.html#options SymLinksIfOwnerMatch All ExecCGI FollowSymLinks Indexs MultiViews Options AllowOverride Order Allow Ø Ø Ø Ø Ø Ø Directory Configuration (1) http:// Options Computer Center, CS, NCTU 24 ) ) htaccess htaccess MultiViews (Read . (ignoring . (control access directory) this to – /data"> FollowSymLinks None wwwadm Indexes allow,deny from all IP/DN All None of deny collision andSolve allow rules Options AllowOverride Order Allow Ø Ø Ø Ø Directory Configuration (2) AllowOverride Order Deny/Allow Computer Center, CS, NCTU 25 bin/" - – compress .Z compress - bin/ "/usr/local/www/apache22/cgi - script .cgi index.html - (http://httpd.apache.org/docs/2.2/mod/mod_alias.html) etc/apache22/mime.types /cgi cgi text/plain /foohttp://www.example.com/bar application/x /webpath/full/filesystem/path Options of ModulesOptions Alias ScriptAlias Redirect AddType AddHandler TypesConfig DirectoryIndex Computer Center, CS, NCTU 26 Processing Module) – - threaded - mpm.conf - forking forking (Multi - process multi process - 25 0 2 150 25 75 configuration threaded, pre threaded, - mpm.conf - pool management (MPM specific) management pool - httpd Include etc/apache22/extra/httpd Include non prefork: multi hybrid worker: • • • WITH_MPM Server MinSpareThreads MaxSpareThreads ThreadsPerChild MaxRequestsPerChild StartServers MaxClients Computer Center, CS, NCTU 27 sec9.html - – userdir.conf - configuration root toor daemon operator bin tty kmem games news man news games kmem tty bin operator daemon toor root userdir.conf http://www.w3.org/Protocols/rfc2616/rfc2616 - "/home/*/public_html"> GET POST OPTIONS> POST GET public_html disabled httpd Methods: Methods: Include etc/apache22/extra/httpd Include Orderallow,deny all from Allow Orderdeny,allow fromall Deny Limit
Computer Center, CS, NCTU 28 80 8080 - - 8080 80 - - /www/domain /www/otherdomain /www/otherdomain /www/domain 172.20.30.40:80 www.example.com www.example.org www.example.org www.example.com 172.20.30.40:80> 80 ServerName ServerName DocumentRoot ServerName DocumentRoot ServerName DocumentRoot ServerName DocumentRoot – VirtualHost Listen 8080 Listen NameVirtualHost 172.20.30.40:8080 NameVirtualHost < 172.20.30.40:8080>
Computer Center, CS, NCTU 29 – errordoc.conf configuration - default.conf info.conf manual.conf multilang autoindex.conf languages.conf ------language error messages error language - time info on requests and configuration and on requests info time More… - httpd httpd httpd httpd httpd httpd • • • • • • Various default settings Various default Local access to the Apache HTTP Server Manual HTTP Server Apache the to access Local Language settings Language Real Fancy directory listings directory Fancy Multi q q q q q q Supplemental
Computer Center, CS, NCTU 30 var/run/httpd.pid var/run/httpd.pid / / – “ Z z @T00 @T00 * * access.log - " " 5 5 error.log“ - pid newsyslog }. httpd 640 640 g /log/httpd /run/ /log/httpd var var "/ pidprefix var ="/ "/ access.lo error.log - - ="${_ config log pidprefix _ pidfile ErrorLog TransferLog httpd • • • • In startup script In startup Rotate your log using using your log Rotate In /var/log/httpd /var/log/httpd q q q Other configuration for Apache
Computer Center, CS, NCTU 31 file httpd.conf htaccess (1) Test Allow admin or users to control access to certain directory certain to access control to users or Allow admin Modify . Create database password Generate • • • • • htaccess Usage . htaccess q q .
Computer Center, CS, NCTU 32 /data/test1"> wwwadm All " allow,deny htpasswd Options None AllowOverride Order all Allow from user1 -
Computer Center, CS, NCTU 33 (3) http://www.linuxkungfu.org/tools/htaccesser/index.php http://www.htaccesseditor.com/ • • You can use these tools to generate .htaccess generate to tools use these You can htaccess q .
Computer Center, CS, NCTU 34 - b650 - 11de - eb5c - /php5 /php5. /php5. lang to chooseto Apache module lang lang /ports/ config usr /ports/ /ports/ 5.2.11_1 has known vulnerabilities: 5.2.11_1 has known multiple vulnerabilities. - Remenber usr usr cd / cd make Ø -- http://www.freshports.org/lang/php5 # # SA 2009 course) (in clean install # make • • • • php Reference:
Computer Center, CS, NCTU 35 . phps DirectoryIndex php . source . - php php - - * - httpd httpd - - is part of your is part of module extensions - mysql /ports/*/php5 index.php application/x application/x /php5 usr mysql - (2) lang You should add the following to your Apache add the following You should file: configuration AddType AddType Make sure extensions - /ports/ … usr databases/php5 Choose what you need Remember choose to cd / cd clean install make Ø Ø Ø # # / from Or installing For use of Apache, you should restart apache to load php5_module load to apache restart Apache, of you should use For • • • • Install php5 Install Installed q q Installing PHP
Computer Center, CS, NCTU 36 \ \ mcrypt mcrypt - php.conf source - php php json php71 json - - - httpd httpd - - mysqli mod_php71 mod_php71 mysqli - index.html gd php71 - /apache24/Includes/ curl - $"> $"> etc > index.php php application/x phps application/x . . \ \ " > " > /local/ PHP7 (1) PHP7 mbstring php71 mbstring php71 zlib usr install php71 php71 php71 install - - > dir_module SetHandler SetHandler pkg # php71 php71 / # vim FilesMatch FilesMatch FilesMatch FilesMatch
Computer Center, CS, NCTU 37 .php5 phps phtml . php . source . - index.html php php - - /data httpd httpd > - - > index.php wwwadm /apache24/ etc apache > dir_module > mime_module p /home/ in application/x application/x /local/ – usr DirectoryIndex httpd.conf IfModule IfModule mkdir IfModule IfModule httpd.conf AddType …
Computer Center, CS, NCTU 38 index.php (); phpinfo /apache24 start /apache24 rc.d / /local/www/apache24/data/ etc in apache (2) usr /local/ vim / vim usr PHP7 PHP7 / restart apache24 service # • • • Test PHP Test Start apache Start q q Test Test
Computer Center, CS, NCTU 39 () phpinfo
Computer Center, CS, NCTU 40 Architecture
cluster ; ; http://backend www.example.com; / { 172.16.1.1:3000 172.16.1.2:3000; proxy_pass location } server listen 80; server_name server } } server { upstream backend { upstream backend Nginx proxy q Load balance
Computer Center, CS, NCTU 42 MySQL cluster MySQL
Computer Center, CS, NCTU 43 server. users via an existing LDAP or Active Directory server. Directory Active or LDAP existing an via database server database storage local Web server Web • • Authentication One machine running the application application the running machine One • Up to 150 Up
Computer Center, CS, NCTU 44 service service interruption. level without service interruption without component is fully redundant and can fail without without component can redundant and fail is fully availability availability Backups Backups High High Every 150 to 150 users 1,000
Computer Center, CS, NCTU 45 slaves. . servers a load balancer towrites to balancer all send a theload master reads and to the behind behind A cluster of two or more database database more or two of cluster A • compatible isS3 that store object an or server, NFS isan Storage 4 to 20 application/Web servers. application/Web 20 to 4 5,000 to >100,000 users to5,000 >100,000
Computer Center, CS, NCTU 46 Appendix
phpMyAdmin lighttpd FastCGI . 5.0+, Open5.0+, Source Web ). / MySQL recommanded not not over the World Wide Wide World the over www.phpmyadmin.net http://www.phpmyadmin.net/documentation/ can manage a whole MySQL server as well MySQL whole a as well server manage can http:// based, Supporting PHP5.3+, Supporting based, - the less secure one, one, secure less the ( http cookie signon config Browser a single database database single a • • • • Features • Official Site: Site: Official Documentation: phpMyAdmin as There are four authentication modes offered: offered: modes four authentication are There q q q q q phpMyAdmin
Computer Center, CS, NCTU 48 : /" httpd.conf /"> phpMyAdmin (1) phpMyAdmin /local/www/ to suit your needs. usr Limit / "/ /local/www/ phpMyAdmin web site, I suggest available through your usr has been installed into: has been installed "/ Deny,Allow config.inc.php phpmyadmin 4.7.4 phpmyadmin phpMyAdmin / - Deny from all .example.com Allow from 127.0.0.1 phpMyAdmin Options none AllowOverride Order /local/www/ Directory usr Alias < / # make install clean install # make Please edit To make like the following to that you add something phpMyAdmin • Installed… databases/ q q Installing
Computer Center, CS, NCTU 49 (2) '] config.default.php phpMyAdmin blowfish_secret [' cfg Override libraries/ Override $ • • config.sample.inc.php config.inc.php q q Installing
Computer Center, CS, NCTU 50 (2) – MySQL phpMyAdmin Using Using Administrating
Computer Center, CS, NCTU 51 (3) – MySQL phpMyAdmin Using Using Administrating
Computer Center, CS, NCTU 52 (4) – MySQL phpMyAdmin Using Using Create another user with limited privilege privilege limited user with another Create q Administrating
Computer Center, CS, NCTU 53 (1) SQLpro & & https://popsql.io/ PopSQL
Computer Center, CS, NCTU 54 redis/ - for - keylord - and - postgres - for - (2) sqlpro - SQLpro & & https://www.compose.com/articles/tooltime PopSQL
Computer Center, CS, NCTU 55 vhost conf - }. 1.4.28/doc/*.txt - }.d/ , simple userdir , ssl , /work/lighttpd lighttpd,modules vhosts,conf mysqlvhost /{ /{ , fastcgi , lighttpd / lighttpd evhost rc.d lighttpd lighttpd / / / dirlisting etc etc etc lighttpd http://www.lighttpd.net/ , cgi /local/ /ports/www/ /local/ /local/ lighttpd usr usr usr usr / / alias, hosts: Virtual Official: Official: / / • • • • • • • Documentation: Startup script Startup Configuration files Configuration www/ q q q q Installing
Computer Center, CS, NCTU 56 as an an as FastCGI ) Tcl independent. - http://www.fastcgi.com/drupal/ is language is Web core the from isolated processes in applications run propagating to committed are developers and server Web any of architecture internal the to tied not is is actually CGI with only a few extensions. a only CGI with actually is is therefore stable even when server technology changes. technology when even server stable therefore is computing Distributed roles extensible and Multiple FastCGI FastCGI APIs. than security greater provides which server, FastCGI Perl, Java, (C/C++, standard. open FastCGI • • • • • • Official site: site: Official Benefits: FastCGI q q q FastCGI
Computer Center, CS, NCTU 57