Word Up

by James Classen

Passwords. Use them wisely. For instance, when you change a password, do try to remember it. What I do know about my KeePass password is that it started with “pyrotechnical lagoon”, contained a total of 45 characters (two additional words), and I even know what dictionary file they came from. However, as best I can work out, brute-forcing the password, even with the dictionary, even if I had a library that worked with the version of KeePass I’m using, would take ages. So I “get” to reset all the passwords I forget.

So! A guide for installing and configuring a web server with a Debian-based Linux installation. Note: it’s definitely a work-in-progress, and honestly may not work. Check for updates if you’re truly interested.

Step 1: Installation
sudo apt-key adv --recv-keys --keyserver keyserver.ubuntu.com 0xcbcb082a1bb943db
sudo add-apt-repository ppa:nginx/development
sudo apt-get update
sudo apt-get install python-software-properties add-apt-repository nginx php5-fpm php5-suhosin php5-gd php-apc php5-mcrypt php5-cli php5-curl memcached php5-memcache mariadb-server php5-mysql unzip git imagemagick python-pip
git clone git://github.com/django/django.git django-trunk
sudo pip install -e django-trunk/

Step 2: Test 1
In your browser, check the view at that IP address, and you should see a “Welcome to nginx” page.

Step 3: Configuration for PHP
Edit /etc/php5/fpm/php.ini. Find the lines that deal with session.save_handler and session.save_path and set them to the following:
session.save_handler = memcache
session.save_path = unix:/tmp/memcached.sock

Edit /etc/php5/fpm/pool.d/www.conf and set some more lines:
listen = /var/run/php5-fpm.sock
listen.owner = www-data
listen.group = www-data

(those last two you’ll probably just be able to uncomment)

Edit /etc/memcached.conf and:
comment out -p 11211
comment out -l 127.0.0.1
add the following lines at the end:
# Listen on a Unix socket
-s /tmp/memcached.sock
-a 666

Create /etc/nginx/conf.d/php-sock.conf with the following code:
upstream php5-fpm-sock {
    server unix:/var/run/php5-fpm.sock;
}

Add to your virtual server file in /etc/nginx/sites-available/:
location ~ \.php$ {
    try_files $uri =404;
    allow 192.168.1.0/24;
    allow 127.0.0.1;
    deny all;
    include fastcgi_params;
    fastcgi_pass php5-fpm-sock;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    fastcgi_intercept_errors on;
}

Step 5: Test 2
Create a file in your web directory called phpinfo.php that contains the following:
<?php phpinfo() ?>

Step 6: More Configuration
Edit /etc/php5/fpm/php.ini and set the appropriate line:
mysql.default_socket = /var/run/mysqld/mysqld.sock

Step 7: Configuration for Django
Create a file /etc/nginx/django_fcgi_params:
fastcgi_param REQUEST_METHOD $query_string;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param PATH_INFO $fastcgi_script_name;
fastcgi_pass_header Authorization;
fastcgi_intercept_errors off;

Create a file /etc/nginx/conf.d/django-sock.conf:
upstream django-sock {
    server unix:/usr/share/nginx/django/django.sock;
}

Of course, if you can find and set the right permission settings, you can put it in /var/run/.

Add to your virtual server file in /etc/nginx/sites-available/:
include django_fcgi_params;
fastcgi_pass django-sock;

Advertisements