Laman

Selasa, 10 Mei 2011

[HOWTO] Kloxo 6.1.3 Install - WAS: Lighttpd switch and upgrades(help a noob who spent 5 days trying himself)

OK, so for those who may come over this and wonder how to resolve this issue. Here is the "how to do it"

IMPORTANT: This must be done "IN ORDER". Do not skip around. Also, this works for me and that does not mean that it will work for you... Only that it can work for you.

Install fresh copy of CentOS (either VPS or Dedicated Server) and then...


STEP 1


Code: [Select all] [Show/ hide]
yum clean all
yum update glibc\*
yum update yum\* rpm\* python\*
yum clean all
yum update *
yum upgrade *
yum update *
reboot


STEP 2

You have to disable SELinux by editing /etc/sysconfig/selinux and changing the line to selinux=disabled. This will keep SELinux from being enabled on your server next boot.


Code: [Select all] [Show/ hide]
su - root
 setenforce 0



If you are unsure this procedure worked, you can run /usr/sbin/sestatus to check its status. Failure to correctly disable SELinux will render your Kloxo install useless and an OS reload may be required to properly reinstall it.
Also, make sure the ports 7778/tcp and 7777/tcp are open in your server firewall or you won't be able to connect to Kloxo web panel when the install completes.


Code: [Select all] [Show/ hide]
su - root
# wget http://download.lxcenter.org/download/kloxo/production/kloxo-install-master.sh
# sh ./kloxo-install-master.sh




*Fix before Kloxo 6.1.4 version release:


Code: [Select all] [Show/ hide]
cd /
sed -i 's/^;zend_/zend_/' /usr/local/lxlabs/kloxo/httpdocs/htmllib/filecore/php.ini
sh /script/upcp
sh /script/fixmail
sh /script/fixwebmail
service courier-imap stop
service qmail stop
service courier-imap start
service qmail start


Edit: /home/kloxo/httpd/webmail/horde/lib/Horde.php


Code: [Select all] [Show/ hide]
if (($_SESSION['horde_form_secrets'][$token] + $GLOBALS['conf']['urls']['token_lifetime'] * 60) < time()) {


TO:

Code: [Select all] [Show/ hide]
if ((($_SESSION['horde_form_secrets'][$token] + $GLOBALS['conf']['urls']['token_lifetime']) * 60) < time()) {



Log-in change default password & user name ASAP
Change SSH Port ASAP
Change httpd to lighttpd
Change bind to djbdns (tiny dns)

DO NOT YET SETUP DNS
DO NOT YET SETUP Domains
Do not yet setup accounts
Change no other setting except for above.

STEP 3



Code: [Select all] [Show/ hide]
wget http://download.fedora.redhat.com/pub/epel/5/i386/epel-release-5-4.noarch.rpm
wget http://rpms.famillecollet.com/enterprise/remi-release-5.rpm
rpm -Uvh remi-release-5*.rpm epel-release-5*.rpm
/bin/rm epel-release-5-4.noarch.rpm remi-release-5.rpm
 
perl -pi -e 's/enabled=0/enabled=1/g' /etc/yum.repos.d/remi.repo
 
yum update *


Step 4



Code: [Select all] [Show/ hide]
rpm -Uvh http://repo.webtatic.com/yum/centos/5/latest.rpm



Code: [Select all] [Show/ hide]
yum --enablerepo=webtatic update *



Code: [Select all] [Show/ hide]
yum --enablerepo=webtatic upgrade *



STEP 5

Log into Kloxo
Apply changes as needed & make domains as needed.

STEP 6 -Help prevent SYN flooding DOS attack


Edit /etc/sysctl.conf and add:


Code: [Select all] [Show/ hide]
#securing tcp connections
net.ipv4.tcp_syncookies=1
#reducing timed out to 30
net.netfilter.nf_conntrack_tcp_timeout_syn_recv=30


Run the following commands in SSH:
This wil create new chains

Code: [Select all] [Show/ hide]
iptables -N syn-flood


this will limits incoming packets

Code: [Select all] [Show/ hide]
iptables -A syn-flood -m limit --limit 10/second --limit-burst 50 -j RETURN


this will log attacks

Code: [Select all] [Show/ hide]
iptables -A syn-flood -j LOG --log-prefix "SYN flood: "


this will silently drop the rest

Code: [Select all] [Show/ hide]
iptables -A syn-flood -j DROP



Code: [Select all] [Show/ hide]
service iptables restart




STEP 7


Install memcached


Code: [Select all] [Show/ hide]
yum install php-pecl-memcache memcached


Then, configure the memcached by editing the file /etc/sysconfig/memcached


Code: [Select all] [Show/ hide]
PORT="11211"
USER="memcached"
MAXCONN="1024"
CACHESIZE="512"        <- Amount of memory to use (in MB)
OPTIONS="


Run the following:


Code: [Select all] [Show/ hide]
chkconfig memcached on
service memcached start



You could try to increase mysql performance by enabling query cache feature.

Edit your /etc/my.cnf and add the following under [mysqld]



Code: [Select all] [Show/ hide]
query-cache-size=50M  (or whatever you think is enough)


Run the exact same queries and then, on mysql console, check on query cache status:


Code: [Select all] [Show/ hide]
mysql> show status like '%qcache%';



Finally, you need to remove Qmail and IMAP. They seem not to work so well with this setup. You can use a few alternatives.


Code: [Select all] [Show/ hide]
yum remove qmail courier-imap


Code: [Select all] [Show/ hide]
chkconfig courier-imap --level 0123456 off
chkconfig courier-imap --level 0123456 --del


Now lets do some house cleaning. Run these commands 1 by 1 in SSH


Code: [Select all] [Show/ hide]
yum clean all
su -c 'yum clean headers'
su -c 'yum clean packages'
su -c 'yum clean metadata'


DONE. You should now have the latest versions and all working under Kloxo.



Are you tired of feeling censored? SociallyUncensored.com
Selengkapnya
Diposting oleh di
Label:

1 komentar:

  1. Anonim4 Maret 2012 pukul 22.04

    it'd have been Complete and nice if you added the commands to install the Alternatives of Qmail and IMAP. or atleast pointed the right direction.
    thanks

    BalasHapus

Langganan: Posting Komentar (Atom)