Building and installing VHCS on Centos 4.x
Before You Begin
Setting up CentOS 4.x to run VHCS is possible but it is not a "turn the crank" operation. You need to be able to make certain decisions regarding your system, edit system configuration files, compile modules from source, etc.
If this sounds daunting to you, you probably should use Debian instead.
The best approach is to have a build host that you use to build and test your setup. Then once everything is working, copy the binary RPMs you build to the new machine and install them.
Many of the RPMs mentioned below (esp. those named "-devel") are only required when the modules are built. Any given SRPM can create multiple binary RPMs and in general you will need all the dependency modules at build time but only the ones which are actually used when they are installed. (For example you need postgresql-devel to build the Courier RPMs but you don't need it on the install host because VHCS doesn't use Postgres for storing data).
For this reason, you'll end up with a cleaner install if you use a separate build host, although this shouldn't affect performance if you do everything on one host.
Installing on x86_64 Architecture
The steps for installing VHCS on a 64-bit architecture such as x86_64 is basically the same as installing for i386. Installing binary RPMs via yum should simply pick the correct arch (you may notice that both x86_64 and i386 libraries are installed in some cases; this is by design). And of course compiling from SRPMs will give you 64-bit binary RPMs.
CentOS 4 Install
- choose "server" option during install, or just grab the "CentOS-Server" CD.
- firewall: open ssh/http/https/ftp/smtp ports
- selinux: disable (warn still generates errors in VHCS)
- select minimum install
To disable selinux, edit /etc/selinux/config and change SELINUX to disabled.
Partitioning Scheme (80Gb Drives)
JackRabbit was suggesting a couple of different partitioning schemes.
http://vhcs.net/new/modules/newbb/viewtopic.php?topic_id=3125&forum=2
/dev/md0 / 3g /usr - OS + Programs
/dev/md1 /tmp 1g noexec for /tmp
/dev/md2 /var 71g /var/www will contain all virtual sites/var/lib/pgsql and /var/lib/mysql for databases
/dev/md2 /var/log 4g to keep system logs separate from the rest of the system
/dev/hda6 swap 500Mb (1/2 memory size)
/dev/hdc6 swap 500Mb (1/2 memory size)
Quotas
# vi /etc/fstab
add ",usrquota" after the line for "/var" volume
# touch /var/aquota.user # chmod 600 /var/aquota.user # mount -o remount,usrquota /var # quotacheck -avugm
(DaZjorz) This also works if your var directory is in your root partition, in that case, read / instead of /var.
Remove useless packages
# yum remove apmd autofs bluez-utils cups irda-utils \ iiimf-server iiimf-libs iiimf-csconv iiimf-docs \ isdn4k-utils pcmcia-cs sendmail \ xorg-x11-xfs ypbind xinetd
Install the Dag repository
# rpm --import http://dag.wieers.com/packages/RPM-GPG-KEY.dag.txt # cat <<EOF > /etc/yum.repos.d/dag.repo [dag] name=Dag RPM Repository for Red Hat Enterprise Linux baseurl=http://apt.sw.be/redhat/el\$releasever/en/\$basearch/dag gpgcheck=1 enabled=1 exclude=proftpd* EOF
Install perl modules
# yum install perl-libwww-perl perl-HTML-Parser perl-HTML-Tagset perl-URI \
perl-Crypt-Blowfish perl-Crypt-CBC perl-Date-Calc perl-MIME-tools \
perl-Convert-BinHex perl-IO-stringy perl-MailTools perl-TimeDate rpm-build
Build and Install Term::ReadPassword, Crypt::PasswdMD5 with cpan2rpm
http://perl.arix.com/cpan2rpm/
CPAN (Comprehensive Perl Archive Network) is a global network of mirrored servers where contributed Perl modules are stored. There is a command line utility "cpan" used to install these modules, but it's handier if they're packaged as RPMs.
# wget http://easynews.dl.sourceforge.net/sourceforge/cpan2rpm/cpan2rpm-2.027-1.noarch.rpm # rpm -Uvh cpan2rpm-2.028-1.noarch.rpm # cpan
If you get a question about manual configuration, then thisi s the first time you've used cpan. Say you want to do manual configuration and just choose defaults for everything. If a couple of the helper programs aren't found that's OK; many are redundant (e.g. there are multiple programs to download files via FTP/HTTP).
When asked for mirrors, choose a few that are close to you.
cpan> reload index
# cpan2rpm -i Term::ReadPassword # cpan2rpm -i Crypt::PasswdMD5
(The RPMs will be copied to /usr/src/redhat/RPMS/noarch if you're looking for them later to install on another host).
Install and Update Packages
For CentOS 4.x
# rpm --import http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-4 # yum install \ bison bzip2-devel cyrus-sasl cyrus-sasl-plain \ expect fam-devel flex freetype-devel \ gcc gcc-c++ gdbm-devel httpd httpd-devel \ iptables libc-client-devel libjpeg-devel \ libmcrypt libmcrypt-devel libpng-devel libtool \ libxslt-devel make mod_ssl \ mysql mysql-admin mysql-devel mysql-server \ ncurses-devel net-snmp-devel \ openssl openssl-devel openssl-perl \ pam-devel php php-imap \ php-mysql php-pgsql php-snmp \ pkgconfig postgresql-devel zlib-devel # yum update
Proftpd
# wget http://dag.wieers.com/packages/proftpd/proftpd-1.2.10-8.dag.src.rpm # rpm -ivh proftpd-1.2.10-8.dag.src.rpm # cd /usr/src/redhat/SPECS/ # perl -pi -e "s#_with_mysql::mod_sql:mod_sql_mysql#_with_mysql::mod_sql:mod_sql_mysql:mod_quotatab:mod_quotatab_sql#" proftpd-1.2.10-dag.spec # rpmbuild -bb --with mysql proftpd-1.2.10-dag.spec # rpm -ivh proftpd-1.2.10-8_mysql.dag.i386.rpm.gz
If this doesn't seem to work, then you can use this way:
Download the latest stable source from proftpd.org (http://www.proftpd.org) and extract. Then run:
# ./configure --with-modules=mod_sql:mod_sql_mysql:mod_quotatab:mod_quotatab_sql \ --with-includes=/usr/include/mysql --with-libraries=/usr/lib/mysql \ --sysconfdir=/etc --localstatedir=/var # make # make install
Iptables
One guide suggests stopping IPtables at this point, I think that because this will simply restart at server reboot, that reconfiguring IPTables to allow things like DNS queries is probably required at this point. You may also want to install the popular APF firewall from: http://www.rfxnetworks.com/apf.php
# service iptables stop
PostFix
http://postfix.wl0.org/ftp/official/2.2/SRPMS/postfix-2.2.5-1.src.rpm
# wget http://ftp.wl0.org/official/2.2/SRPMS/postfix-2.2.5-1.src.rpm # rpm -ivh postfix-2.1.6-1.src.rpm # cd /usr/src/redhat/SOURCES # chmod +x make-postfix.spec # POSTFIX_TLS=1 POSTFIX_VDA=1 POSTFIX_SASL=2 ./make-postfix.spec # cd ../SPECS/
Both Postfix and Courier are classified as "MTA" (mail transfer agent), but we need to make sure Postfix is the one used (Courier will provide IMAP and POP3 services only). When more than one package provides the same features, CentOS uses the "alternatives" system; we need to make sure Postfix has a higher priority than Courier:
# perl -pi -e "s#%define with_alt_prio 30#%define with_alt_prio 100#" postfix.spec # rpmbuild -bb postfix.spec # rpm -Uvh /usr/src/redhat/RPMS/i386/postfix-2.2.5-1.sasl2.vda.rhel4.i386.rpm
Courier
Courier RPMs have to be built as a regular user.
# wget http://unc.dl.sourceforge.net/courier/courier-0.51.0.tar.bz2 # wget http://unc.dl.sourceforge.net/courier/courier-authlib-0.57.tar.bz2 # mkdir $HOME/rpm $HOME/rpm/SOURCES $HOME/rpm/SPECS $HOME/rpm/BUILD \ $HOME/rpm/SRPMS $HOME/rpm/RPMS $HOME/rpm/RPMS/i386 # echo "%_topdir $HOME/rpm" >> $HOME/.rpmmacros # rpmbuild -ta courier-authlib-0.57.tar.bz2 # su # rpm -Uvh rpm/RPMS/i386/courier-authlib-0.57-1.i386.rpm # rpm -Uvh rpm/RPMS/i386/courier-authlib-userdb-0.57-1.i386.rpm # rpm -Uvh rpm/RPMS/i386/courier-authlib-devel-0.57-1.i386.rpm # exit # mv courier-0.51.0.tar.bz2 rpm/SOURCES/ # tar -xvjf rpm/SOURCES/courier-0.51.0.tar.bz2 *courier.spec # perl -pi -e "s#_unpackaged_files_terminate_build 1#_unpackaged_files_terminate_build 0#" courier-0.51.0/courier.spec # mv courier-0.51.0/courier.spec rpm/SPECS # rmdir courier-0.51.0 # rpmbuild -bb --without fax --without ldap rpm/SPECS/courier.spec # cd $HOME/rpm/RPMS/i386 # su # rpm -Uvh courier-0*.rpm courier-imapd-0*.rpm courier-pop3d-0*.rpm # exit
After installing Courier RPMs, make sure Postfix is still considered the "active" MTA:
# /usr/sbin/alternatives --config mta
Configure & Start Services
# chkconfig --add courier # service courier start # chkconfig --add courier-authlib # service courier-authlib start # chkconfig postfix on # service postfix start # chkconfig proftpd on # service proftpd start # service mysqld start # service httpd start # service named start
Postfix smtpd runs in a chroot environment, so after you start Postfix for the first time you must setup the proper system files under /var/spool/postfix to support this:
# /bin/sh /usr/share/doc/postfix-2.2.5-documentation/examples/chroot-setup/LINUX2
(You should get a message that Postfix was reloaded)
PHP mcrypt
http://phprpms.sourceforge.net/mcrypt
# wget http://umn.dl.sourceforge.net/sourceforge/phprpms/php-mcrypt-4.3.9-3.1.1.i386.rpm # rpm -Uvh php-mcrypt-4.3.9-3.1.1.i386.rpm
If the rpm command gives an error about libmcrypt that's needed, execute:
# yum install libmcrypt.i386 libmcrypt-devel.i386
Then retry the command.
Create vhcs2 database
HISTFILE= keeps the mysqladmin password out of your bash history
# HISTFILE= # mysqladmin password ****** # mysql -u root -p ****** mysql> create database vhcs2; mysql> exit;
VHCS2
Download from http://www.vhcs.net
Extract the installation files to a secure directory.
# cd /root # tar -xjpvf vhcs-x.x.x.tar.bz2
Change to the newly created directory.
# cd vhcs-x.x.x/configs/
Edit vhcs2.conf before install (only differences are shown)
SERVER_HOSTNAME = **** BASE_SERVER_IP = X.X.X.X MR_LOCK_FILE = /var/run/vhcs2.lock DATABASE_NAME = vhcs2 DATABASE_PASSWORD = **** BIND_CONF_FILE = /etc/named.conf BIND_DB_DIR = /var/named/chroot/var/named APACHE_CMD = /etc/init.d/httpd APACHE_NAME = httpd APACHE_LOG_DIR = /var/log/httpd APACHE_USERS_LOG_DIR = /var/log/httpd/users APACHE_BACKUP_LOG_DIR = /var/log/httpd/backup APACHE_CONF_FILE = /etc/httpd/conf.d/vhcs2.conf APACHE_USER = apache APACHE_GROUP = apache AUTHLIB_CONF_DIR = /etc/courier CMD_NAMED = /etc/init.d/named CMD_HTTPD = /usr/sbin/apachectl CMD_AUTHD = /etc/init.d/courier-authlib CMD_IMAP = /etc/init.d/courier CMD_POP = /etc/init.d/courier CMD_VHCS2D = /etc/init.d/vhcs2 MAIL_TRAFF_LOG = maillog
Fix some of the other config files for CentOS-specific settings
# sed -i "s#/usr/lib/postfix#/usr/libexec/postfix#g" configs/postfix/main.cf # sed -i "s#nogroup#nobody#g" configs/proftpd/proftpd.conf
Change to the newly created directory.
# cd ../vhcsx.x.x
Now You have to make build for your system
# make install
Your build is now stored in /tmp/vhcs2
Copy all directory from the build into your system (do not forget to make backups)
# cp -R /tmp/vhcs2/* / # cp -a /etc/courier/userdb /etc/authlib/userdb # makeuserdb
setup:
# cd /var/www/vhcs2/engine/setup/ # ./vhcs2-setup > hostname: **** > system network address: *.*.*.* > SQL server host: localhost > SQL user: root > SQL password: ******* > admin name: admin > admin password: ******* > admin e-mail: X@X.X
Patches
Since BIND will run chroot'ed on CentOS, you must modify the DNS file creation template to only specify the filename and not the full path:
# cd /etc/vhcs2/bind/parts/ # cp -p cfg_entry.tpl cfg_entry.tpl.bak # vi cfg_entry.tpl
Original line:
file "{DB_DIR}/{DMN_NAME}.db";
Replacement line:
file "{DMN_NAME}.db";
There is a setting you must change in /etc/vhcs2.conf to get Courier working properly. If you're wondering why we didn't just set it right in the first place, that's because the vhcs2 install script expects the full courier config files to be here. Just take my word for it; you have to fix this after vhcs2 is installed:
AUTHLIB_CONF_DIR = /etc/authlib
# touch /etc/sasldb2
(test with /usr/sbin/sasldblistusers2)
Startup Script
The vhcs2_daemon startup script doesn't work on CentOS; use this one instead and save it as "/etc/init.d/vhcs2":
#!/bin/sh
#
# vhcs2 Start or stop the vhcs2 daemon
#
# chkconfig: - 95 5
# processname: vhcs2
# description: Start or stop the vhcs2 daemon
#
name=vhcs2
lockfile=/var/lock/subsys/vhcs2
pidfile=/var/run/vhcs2.pid
progname=/var/www/vhcs2/daemon/vhcs2_daemon
. /etc/rc.d/init.d/functions
start() {
echo -n Starting $name:
daemon $progname -p $pidfile
RETVAL=$?
if [ "$RETVAL" = "0" ]; then
touch $lockfile >/dev/null 2>&1
fi
echo
}
stop() {
echo -n Stopping $name:
killproc $progname
RETVAL=$?
if [ "$RETVAL" = "0" ]; then
rm -f $lockfile
fi
echo
}
status() {
if [ -s $pidfile ]; then
pid=`cat $pidfile`
kill -0 $pid >/dev/null 2>&1
if [ "$?" = "0" ]; then
echo "$name (pid $pid) is running"
RETVAL=0
else
echo "$name is stopped"
RETVAL=1
fi
else
echo "$name is stopped"
RETVAL=1
fi
}
case "$1" in
start)
start
;;
stop)
stop
;;
status)
status rhnsd
RETVAL=$?
;;
restart)
stop
start
;;
*)
echo $"Usage: $0 {start|stop|status|restart}"
;;
esac
exit $RETVAL
Then set the script to startup as a service and start the daemon:
# chmod +x /etc/init.d/vhcs2 # chkconfig --add vhcs2 # service vhcs2 start
Access to VHCS2
Your control panel is now ready!
http://your_server_ip/vhcs2/
References
Old Centos Wiki
http://wiki.vhcs.net/en/index.php/Installation_CentOS_4.x
Longer instructions in post #5 (taken from the Fedora Install notes)
http://vhcs.net/new/modules/newbb/viewtopic.php?topic_id=2854&forum=2&post_id=14289
Partitioning schemes
http://vhcs.net/new/modules/newbb/viewtopic.php?topic_id=3125&forum=2
http://www.owlriver.com/tips/partitioning-strategy/
Securing PHP
http://vhcs.net/new/modules/newbb/viewtopic.php?topic_id=2714&forum=2
Revision History
Revision 1 - [mbest@pendragon.org|Michael Best]
Few revisions - [sjorsgielen@gmail.com|Sjors "?DaZjorz" Gielen]
(Added block-quoted at code or commands, Changed BUILD TERM a bit. Added a section for ProFTPD installation. And some other small things.)
Revision for webmail - [abueno@cherro.net|Angel Bueno]
