Skip to content
jack edited this page Jun 10, 2017 · 6 revisions

Some cloud service ISP demand a record of the website, which makes me not happy. So we decide to move to other paradise.

Unfortunately dozens of bugs make me screwed.

IMPORTANT: these configurations works well on Ubuntu Xenial; other distributions may differ.

Downgrade PHP

As Hu noticed, mysql_connect has been removed so downgrade of PHP is required.

sudo apt install mysql-server apache2 apache2-utils phpmyadmin
sudo add-apt-repository ppa:ondrej/php
sudo apt update
sudo apt install php5.6 php-gettext php-xdebug libapache2-mod-php5.6
sudo apt install php5.6-curl php5.6-zip php5.6-xml php5.6-gd php5.6-mbstring php5.6-mysql php5.6-fpm
sudo a2dismod php7.0
sudo a2enmod php5.6
sudo a2enmod sudo a2enmod proxy_fcgi setenvif
sudo a2enconf php5.6-fpm
sudo service apache2 restart
sudo update-alternatives --set php /usr/bin/php5.6
sudo service php5.6-fpm restart

curl, xml, gd, mbstring and mysql are all modules needed.

Anyway, since PHP7.0 and PHP5.6 have no conflicts, I prefer having all of them installed.

Config database

The only thing we do for MySql is to sync data.

mysql -uroot -p < foo.sql

Maybe we need to add some users and permission as well.

MySql in Xenial use strict SQL mode as default. Thanks to QwertyJack, such restrictions can not limit us (see also #153 and #154. However, strict SQL is highly recommended for further coding.

Virtual host minimal conf

An experienced SRE would prefer to put source code of the website in some place and make a symbol link to /var/www/, as Apache grants full access to /var/www by default. Also make sure Apache has x permission to all directories along the path to the source code.

As for out website, it recommended to download the code to $HOME/<some-path>/CAPUBBS and make the symbol link by

sudo ln -s $HOME/<some-path/CAPUBBS> /var/www/

Test the permission by

sudo -u <Apache-user> ls -al /var/www/CAPUBBS

Usually Apache-user is www-data for Debian and apache for RHEL.

Once doing so, no extra config for access control is required.

<VirtualHost *:80>
  DocumentRoot /var/www/CAPUBBS
  ServerName <FQDN>
  ServerAlias <foo> <bar>
</VirtualHost>

Our server seems currently like

...
  ServerName cyp.chexie.net
  ServerAlias chexie.net www.chexie.net
...

The reason we use FQDN is for convenience consideration. Meanwhile, chexie.net is the canonical name(or CNMAE) of cyp.chexie.net and the same with www.chexie.net. Next time when migration we only need to update the CNAME record instead of update all relevant records.

We can also customize where to store logs.

...  
  ErrorLog logs/chexie.net-error_log
  CustomLog logs/chexie.net-access_log common
...

For better performance, limiting download speed is an good idea.

See also the example.

Enable Perl cgi

Make sure add this line in the vhost conf file:

  ScriptAlias /cgi-bin/ /var/www/CAPUBBS/cgi-bin/

See also "Config-cgi-bin".

HTTPS

Since HTTPS becomes more popular, we try letsencrypt. We need to install it first.

sudo apt install letsencrypt python-letsencrypt-apache

It has a TUI when executing

sudo letsencypt --apache

It will config itself automatically. Redirecting all traffic to https is highly recommended.

IMPORTANT: the certificate varies when IP changes.

Change the ownership to upload

Apache is run as www-data:www-data as default. It may fail to upload files (including images) if Apache does not have write access to some directories. Those are:

.
./bbsimg/upload
./bbsimg/icons/user_upload
./bbs/images
./bbs/attachment

If you want Apache to create some dirs under $myDir and upload files to those dirs, you also need SGID on $myDir.

# chmod u+s $myDir
Clone this wiki locally