OpenBSD 5.0当前版的OAMP设置——apache 1.3 + mysql 5.1.54p9 + php 5.3.6

[leo]

安装mysql

代码: 全选

# export PKG_PATH=ftp://ftp.openbsd.org/pub/OpenBSD/snapshots/packages/i386/
# pkg_add mysql-server
mysql-server-5.1.54p9:mysql-client-5.1.54p0: ok
mysql-server-5.1.54p9:p5-Net-Daemon-0.43p0: ok
mysql-server-5.1.54p9:p5-PlRPC-0.2018p1: ok
mysql-server-5.1.54p9:p5-FreezeThaw-0.43p2: ok
mysql-server-5.1.54p9:p5-MLDBM-2.04: ok
mysql-server-5.1.54p9:p5-Params-Util-1.00p2: ok
mysql-server-5.1.54p9:p5-Clone-0.31p1: ok
mysql-server-5.1.54p9:p5-SQL-Statement-1.33: ok
mysql-server-5.1.54p9:p5-DBI-1.616: ok
mysql-server-5.1.54p9:p5-DBD-mysql-4.019: ok
mysql-server-5.1.54p9: ok
The following new rcscripts were installed: /etc/rc.d/mysqld
See rc.d(8) for details.
Look in /usr/local/share/doc/pkg-readmes for extra documentation.
#

安装默认数据库

代码: 全选

# /usr/local/bin/mysql_install_db
Installing MySQL system tables...
110811 23:24:25 [Warning] '--skip-locking' is deprecated and will be removed in a future release. Please use '--skip-external-locking' instead.
OK
Filling help tables...
110811 23:24:25 [Warning] '--skip-locking' is deprecated and will be removed in a future release. Please use '--skip-external-locking' instead.
OK
 
PLEASE REMEMBER TO SET A PASSWORD FOR THE MySQL root USER !
To do so, start the server, then issue the following commands:
 
/usr/local/bin/mysqladmin -u root password 'new-password'
/usr/local/bin/mysqladmin -u root -h gobsd.org password 'new-password'
 
Alternatively you can run:
/usr/local/bin/mysql_secure_installation
 
which will also give you the option of removing the test
databases and anonymous user created by default.  This is
strongly recommended for production servers.
 
See the manual for more instructions.
 
Please report any problems with the /usr/local/bin/mysqlbug script!
 
#

运行mysql

代码: 全选

# mysqld_safe &
[1] 27946
# 110811 23:25:39 mysqld_safe Logging to '/var/mysql/jr.gateway.2wire.net.err'.
110811 23:25:39 mysqld_safe Starting mysqld daemon with databases from /var/mysql
 
#

设置本地root密码

代码: 全选

# mysqladmin -u root password 'gobsd.org'

这里还需要大致地说一下，在/usr/local/share/mysql/目录里包含了一系列MySQL的简单的配置文件：
my-small.cnf 内存小于64M仅运行MySQL服务器的主机使用这个配置文件。
my-medium.cnf 内存在32-64M之间，主要运行MySQL服务，或128M以上，MySQL和web服务器一起运行时使用这个配置文件。
my-large.cnf 内存是512M的重要运行MySQL使用这个配置文件。
my-innodb-heavy-4G.cnf 内存是1-2G，主要运行MySQL使用这个配置文件。
my-huge.cnf 内存4G以上，主要运行MySQL的主机使用这个配置文件。
读者请根据自己的情况用上述文件中的一个替换 /etc/my.cnf文件，如果你有特殊的需要，例如要修改socket或端口请自行调整。
我的主机是是512M，用my-media.cnf,所以使用下面的命令替换原来的My.cnf文件：

代码: 全选

cp /usr/local/share/mysql/my-medium.cnf /etc/my.cnf

要让数据库的字符集编码默认是UTF-8，还要修改一下/etc/my.cnf文件，必须包含如下的内容：

代码: 全选

[client]
default-character-set=utf8
[mysqld]
default-character-set=utf8

在基本设置里

代码: 全选

max_allowed_packet = 1M

最大上传的数据包尺寸，影响论坛帖子容量，这个请自行设置。

有一点需要提醒读者的是，如果你的MySQL仅用于基于PHP的web服务器，或者说你的MYSQL数据库和WEB服务器在一台主机上，那么禁用TCP连接对安装MySQL来说是比较安全的。
具体做法是编辑 /etc/my.cnf 文件，将里面这条设置前面的注释符"#"去掉。

代码: 全选

#skip-networking

设置mysql的登录级别
将下列内容添加到 /etc/login.conf

代码: 全选

mysql:\
:openfiles-cur=1024:\
:openfiles-max=2048:\
:tc=daemon:

然后重建login.conf.db文件

代码: 全选

# cap_mkdb /etc/login.conf

设置MySQL开机自动启动
OpenBSD的程序开机自启动方式更简洁了，你只需在/etc/rc.conf.local里加上这句：

代码: 全选

pkg_scripts="mysqld"

还可以在适当的时候运行mysql安全脚本：

代码: 全选

# /usr/local/bin/mysql_secure_installation
 
 
 
 
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MySQL
      SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!
 
 
In order to log into MySQL to secure it, we'll need the current
password for the root user.  If you've just installed MySQL, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.
 
Enter current password for root (enter for none):
OK, successfully used password, moving on...
 
Setting the root password ensures that nobody can log into the MySQL
root user without the proper authorisation.
 
You already have a root password set, so you can safely answer 'n'.
 
Change the root password? [Y/n] n
 ... skipping.
 
By default, a MySQL installation has an anonymous user, allowing anyone
to log into MySQL without having to have a user account created for
them.  This is intended only for testing, and to make the installation
go a bit smoother.  You should remove them before moving into a
production environment.
 
Remove anonymous users? [Y/n] y
 ... Success!
 
Normally, root should only be allowed to connect from 'localhost'.  This
ensures that someone cannot guess at the root password from the network.
 
Disallow root login remotely? [Y/n] y
 ... Success!
 
By default, MySQL comes with a database named 'test' that anyone can
access.  This is also intended only for testing, and should be removed
before moving into a production environment.
 
Remove test database and access to it? [Y/n] y
 - Dropping test database...
 ... Success!
 - Removing privileges on test database...
 ... Success!
 
Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.
 
Reload privilege tables now? [Y/n] y
 ... Success!
 
Cleaning up...
 
 
 
All done!  If you've completed all of the above steps, your MySQL
installation should now be secure.
 
Thanks for using MySQL!
 
 
#

重新启动系统后可看见类似如下信息：

代码: 全选

load averages:  0.28,  0.10,  0.04                                                     www.gobsd.org 23:42:36
21 processes:  20 idle, 1 on processor
CPU states:  1.1% user,  0.0% nice,  1.3% system,  0.2% interrupt, 97.5% idle
Memory: Real: 24M/60M act/tot Free: 1189M Cache: 22M Swap: 0K/1020M
 
  PID USERNAME PRI NICE  SIZE   RES STATE     WAIT      TIME    CPU COMMAND
12023 _mysql     2    0   42M   17M sleep     poll      0:00  0.00% [B][color=blue]mysqld[/color][/B]
15206 root       2    0 3632K 2612K sleep     select    0:00  0.00% sshd
19508 root      18    0  444K  468K idle      pause     0:00  0.00% sh
 4879 root      29    0 1144K 2120K onproc    -         0:00  0.00% top
12781 _syslogd   2    0  480K  716K sleep     poll      0:00  0.00% syslogd
29260 root      18    0  464K  460K sleep     pause     0:00  0.00% ksh
17608 root       2    0 1216K 1564K sleep     select    0:00  0.00% sendmail
    1 root      10    0  308K  320K idle      wait      0:00  0.00% init
22444 root       3    0  340K  816K idle      ttyin     0:00  0.00% getty
12016 root       3    0  312K  816K idle      ttyin     0:00  0.00% getty
17858 _pflogd    4    0  604K  304K sleep     bpf       0:00  0.00% pflogd
11307 root       3    0  284K  820K idle      ttyin     0:00  0.00% getty
 6729 root       3    0  428K  820K idle      ttyin     0:00  0.00% getty
23360 root       2    0  548K  864K idle      select    0:00  0.00% cron
31874 root       2    0  344K  776K idle      select    0:00  0.00% inetd
22808 root       3    0  320K  820K idle      ttyin     0:00  0.00% getty
 9081 root       2    0  472K  676K idle      netio     0:00  0.00% syslogd
  109 root       2    0  772K 1212K sleep     select    0:00  0.00% sshd
 7905 root       2    0  540K  404K idle      netio     0:00  0.00% pflogd
13101 _dhcp      2    0  420K  228K idle      poll      0:00  0.00% dhclient
29860 root       2    0  360K  332K idle      poll      0:00  0.00% dhclient

你可以看见PID 12023 系统以_msqyl的身份运行msyqld。

我们创建一个UTF-8编码的数据库，并授权用户：

代码: 全选

# mysql -p
Enter password:
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 1
Server version: 5.1.54-log OpenBSD port: mysql-server-5.1.54p6
 
Copyright (c) 2000, 2010, Oracle and/or its affiliates. All rights reserved.
This software comes with ABSOLUTELY NO WARRANTY. This is free software,
and you are welcome to modify and redistribute it under the GPL v2 license
 
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
 
mysql> CREATE DATABASE `gobsd` DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci;
Query OK, 1 row affected (0.00 sec)
 
mysql> grant all on gobsd.* to leo@localhost identified by 'gobsd.org';
Query OK, 0 rows affected (0.01 sec)
 
mysql>quit

安装php-mysql,（也就是原来OpenBSD4.8和OpenBSD4.9 里面的 php5-mysql）

代码: 全选

# export PKG_PATH=ftp://ftp.openbsd.org/pub/OpenBSD/snapshots/packages/i386/
# pkg_add php-mysql
Ambiguous: php-mysql could be php-mysql-5.2.17p3 php-mysql-5.3.6

这里稍微说明一下，之所以下面选择php-mysql-5.3.6是因为，php5.3以后很多语法发生了变化，影响到了一些论坛软件的中文搜索（例如vbulletin 4.1.5的中文搜索，discuz和phpbb等则不受影响，主要是涉及一些php程序的修改，为了创建测试环境，所以这里安装的是php-mysql-5.3.6, 如果你偏向于使用旧版本，这里完全可以考虑安装php-mysql-5.2.17p3。）

代码: 全选

# pkg_add php-mysql-5.3.6
php-mysql-5.3.6:femail-0.97p1: ok
php-mysql-5.3.6:femail-chroot-0.97p3: ok
php-mysql-5.3.6:libiconv-1.13p2: ok
php-mysql-5.3.6:libxml-2.7.8p2: ok
php-mysql-5.3.6:gettext-0.18.1p0: ok
php-mysql-5.3.6:php-5.3.6p1: ok
php-mysql-5.3.6: ok
--- +femail-chroot-0.97p3 -------------------
By default, femail will use `localhost' for smtphost.  Make sure to
review FAQ Section 10.16 discussing name resolution with httpd(8)'s
default chroot(2).
 
Additionally, one may create a custom femail.conf; see femail(8).
 
If you're using femail with PHP inside a chroot jail, be aware that
PHP's built-in "mail" function uses popen(), which requires /bin/sh.
--- +php-5.3.6p1 -------------------
To enable the php-5.3 module please create a symbolic
link from /var/www/conf/modules.sample/php-5.3.conf
to /var/www/conf/modules/php.conf.
 
ln -s /var/www/conf/modules.sample/php-5.3.conf \
        /var/www/conf/modules/php.conf
 
The recommended php configuration has been installed
to /etc/php-5.3.ini.
--- +php-mysql-5.3.6 -------------------
You can enable this module by creating a symbolic
link from /etc/php-5.3.sample/mysql.ini to
/etc/php-5.3/mysql.ini.
 
ln -fs /etc/php-5.3.sample/mysql.ini \
        /etc/php-5.3/mysql.ini
# ln -s /var/www/conf/modules.sample/php-5.3.conf \
>         /var/www/conf/modules/php.conf
# ln -fs /etc/php-5.3.sample/mysql.ini \
>         /etc/php-5.3/mysql.ini
#

注意，原来 /var/www/conf/php.ini 这个文件，现在已经没有了。

安装其它php 5.3.6的模块：
原来的php5-core也没有了，而且mbstring模块已经内置了，php 5.3.6也没有了mhash 扩展模块,mhash 扩展已经移动至 PECL, 但如果 PHP 使用 --with-mhash 选项参数进行编译, Hash 扩展也将提供 mhash 支持. 注意, 不管是否开启 mhash 算法, Hash 扩展都无需 mhash 库可用. 。

代码: 全选

# pkg_add php-mysqli-5.3.6.tgz php-soap-5.3.6.tgz php-gd-5.3.6.tgz php-curl-5.3.6.tgz php-bz2-5.3.6.tgz php-mcrypt-5.3.6.tgz php-xsl-5.3.6.tgz
php-mysqli-5.3.6: ok
php-soap-5.3.6: ok
php-gd-5.3.6:jpeg-8c: ok
php-gd-5.3.6:t1lib-5.1.0p2: ok
php-gd-5.3.6:png-1.5.4: ok
php-gd-5.3.6: ok
php-curl-5.3.6:libidn-1.22: ok
php-curl-5.3.6:curl-7.21.7: ok
php-curl-5.3.6: ok
php-bz2-5.3.6:bzip2-1.0.6: ok
php-bz2-5.3.6: ok
php-mcrypt-5.3.6:libmcrypt-2.5.8p1: ok
php-mcrypt-5.3.6:libltdl-1.5.26p0: ok
php-mcrypt-5.3.6: ok
php-xsl-5.3.6:libgpg-error-1.10: ok
php-xsl-5.3.6:libgcrypt-1.4.6p1: ok
php-xsl-5.3.6:libxslt-1.1.26p2: ok
php-xsl-5.3.6: ok
--- +php-bz2-5.3.6 -------------------
You can enable this module by creating a symbolic
link from /etc/php-5.3.sample/bz2.ini to
/etc/php-5.3/bz2.ini.
 
ln -fs /etc/php-5.3.sample/bz2.ini \
        /etc/php-5.3/bz2.ini
--- +php-curl-5.3.6 -------------------
You can enable this module by creating a symbolic
link from /etc/php-5.3.sample/curl.ini to
/etc/php-5.3/curl.ini.
 
ln -fs /etc/php-5.3.sample/curl.ini \
        /etc/php-5.3/curl.ini
--- +php-gd-5.3.6 -------------------
You can enable this module by creating a symbolic
link from /etc/php-5.3.sample/gd.ini to
/etc/php-5.3/gd.ini.
 
ln -fs /etc/php-5.3.sample/gd.ini \
        /etc/php-5.3/gd.ini
--- +php-mcrypt-5.3.6 -------------------
You can enable this module by creating a symbolic
link from /etc/php-5.3.sample/mcrypt.ini to
/etc/php-5.3/mcrypt.ini.
 
ln -fs /etc/php-5.3.sample/mcrypt.ini \
        /etc/php-5.3/mcrypt.ini
--- +php-mysqli-5.3.6 -------------------
You can enable this module by creating a symbolic
link from /etc/php-5.3.sample/mysqli.ini to
/etc/php-5.3/mysqli.ini.
 
ln -fs /etc/php-5.3.sample/mysqli.ini \
        /etc/php-5.3/mysqli.ini
--- +php-soap-5.3.6 -------------------
You can enable this module by creating a symbolic
link from /etc/php-5.3.sample/soap.ini to
/etc/php-5.3/soap.ini.
 
ln -fs /etc/php-5.3.sample/soap.ini \
        /etc/php-5.3/soap.ini
--- +php-xsl-5.3.6 -------------------
You can enable this module by creating a symbolic
link from /etc/php-5.3.sample/xsl.ini to
/etc/php-5.3/xsl.ini.
 
ln -fs /etc/php-5.3.sample/xsl.ini \
        /etc/php-5.3/xsl.ini
#
# ln -fs /etc/php-5.3.sample/bz2.ini \
>         /etc/php-5.3/bz2.ini
# ln -fs /etc/php-5.3.sample/curl.ini \
>         /etc/php-5.3/curl.ini
# ln -fs /etc/php-5.3.sample/gd.ini \
>         /etc/php-5.3/gd.ini
# ln -fs /etc/php-5.3.sample/mcrypt.ini \
>         /etc/php-5.3/mcrypt.ini
# ln -fs /etc/php-5.3.sample/mysqli.ini \
>         /etc/php-5.3/mysqli.ini
# ln -fs /etc/php-5.3.sample/soap.ini \
>         /etc/php-5.3/soap.ini
# ln -fs /etc/php-5.3.sample/xsl.ini \
>         /etc/php-5.3/xsl.ini
#

安装phpMyAdmin时发现，如下提示：

代码: 全选

# pkg_add phpMyAdmin
phpMyAdmin-3.4.3.2:php-5.2.17p5: ok
Can't install php-mcrypt-5.2.17p3 because of conflicts (php-mcrypt-5.3.6)
Can't install php-mysql-5.2.17p3 because of conflicts (php-mysql-5.3.6)
Can't install php-gd-5.2.17p4 because of conflicts (php-gd-5.3.6)
Can't install phpMyAdmin-3.4.3.2: can't resolve php-mysql-5.2.17p3,php-mcrypt-5.2.17p3,php-gd-5.2.17p4
--- +php-5.2.17p5 -------------------
To enable the php-5.2 module please create a symbolic
link from /var/www/conf/modules.sample/php-5.2.conf
to /var/www/conf/modules/php.conf.
 
ln -s /var/www/conf/modules.sample/php-5.2.conf \
        /var/www/conf/modules/php.conf
 
The recommended php configuration has been installed
to /etc/php-5.2.ini.
--- php-gd-5.2.17p4 -------------------
Can't install php-gd-5.2.17p4: conflicts
--- php-mcrypt-5.2.17p3 -------------------
Can't install php-mcrypt-5.2.17p3: conflicts
--- php-mysql-5.2.17p3 -------------------
Can't install php-mysql-5.2.17p3: conflicts
#

看来是依赖php-5.2的，可能是不兼容或者是包没有处理好，这里先放放。

设置apache
OpenBSD系统自带了修补过的apache1.3，所以我们只需在/etc/rc.conf.local里加上如下内容，系统每次启动时就可以自动启动apache了：

代码: 全选

httpd_flags=""

如果你需要ssl连接，请自行参照用户手册，这里就不再展开讨论了。
修改 /var/www/conf/httpd.conf 文件中的下列内容：
将原内容：

代码: 全选

DirectoryIndex index.html

修改为：

代码: 全选

DirectoryIndex index.php

并删除或改名index.html文件；
如果两个文件全需要，则修改为：

代码: 全选

DirectoryIndex index.php index.html

让MySQL运行在chroot环境内
因为OpenBSD自带的apcahe是chroot在 /var/www 目录内的，所以我们必须将MySQL运行所需的部件设置在这个目录下。根据FAQ上的说明：

代码: 全选

# mkdir -p /var/www/var/run/mysql

然后授权：

代码: 全选

# chown -R _mysql:_mysql /var/www/var/run/mysql/

因为运行环境变化了，还需要修改一下默认的mysql配置文件 /etc/my.cnf，把下面socket的地址更换为：/var/www/var/run/mysql/
原先的内容：

代码: 全选

# The following options will be passed to all MySQL clients 
[client] 
#password = your_password 
port = 3306 
socket = /var/run/mysql/mysql.sock 
# Here follows entries for some specific programs 
# The MySQL server 
[mysqld]
port = 3306 
socket = /var/run/mysql/mysql.sock

更换后的内容：

代码: 全选

# The following options will be passed to all MySQL clients 
[client] 
#password = your_password 
port = 3306 
socket = [color=red]/var/www[/color]/var/run/mysql/mysql.sock 
# Here follows entries for some specific programs 
# The MySQL server 
[mysqld] 
port = 3306 
socket = [color=red]/var/www[/color]/var/run/mysql/mysql.sock

系统默认的目录是 /var/www/htdocs ,将网站程序上传到此目录即可。

现在重新启动一下mysql:

代码: 全选

# pkill -HUP mysqld

然后启动apache 1.3

代码: 全选

# apachectl start
/usr/sbin/apachectl start: httpd started

好像重新启动Mysql还是不行，系统提示找不到mysql.sock文件,无奈重新启动主机，也许有其他命令可以重新调用mysql.sock文件，但是没有细究，望知道的朋友提示一下：

代码: 全选

# mysql -p
Enter password:
ERROR 2002 (HY000): Can't connect to local MySQL server through socket '/var/www/var/run/mysql/mysql.sock' (2)

最后的注意事项，在vbulletin 3.84中文版里必须禁用GZIP HTML 压缩输出，否则打不开首页。

[leo]

到目前为止ports里面的phpMyAdmin仍然还只有对应php-5.2.x的，无法直接应用在php-5.3.6的环境里，不过因为phpMyAdmin实质上就是php脚本程序，所以，我们还是自己来直接处理一下吧。——注意这里不是做port，只是在OAMP环境里应用。

目前phpMyAdmin的最新正式版本是3.4.3.2，多语言版本的下载地址：http://downloads.sourceforge.net/projec ... rror=voxel

将压缩包释放到 /var/www/ 下，会生成一个目录，目录名为“phpMyAdmin-3.4.3.2-all-languages”，然后直接做链接就可以了。

代码: 全选

# cd /var/www/htdocs
# ln -fs ../phpMyAdmin-3.4.3.2-all-languages /var/www/htdocs/phpMyAdmin

此外由于服务器运行了Suhosin, 这个会和phpMyAdmin有一些冲突。处理方案：
1.38 Can I use phpMyAdmin on a server on which Suhosin is enabled?

Yes but the default configuration values of Suhosin are known to cause problems with some operations, for example editing a table with many columns and no primary key or with textual primary key.
Suhosin configuration might lead to malfunction in some cases and it can not be fully avoided as phpMyAdmin is kind of application which needs to transfer big amounts of columns in single HTTP request, what is something what Suhosin tries to prevent. Generally all suhosin.request.*, suhosin.post.* and suhosin.get.* directives can have negative effect on phpMyAdmin usability. You can always find in your error logs which limit did cause dropping of variable, so you can diagnose the problem and adjust matching configuration variable.
The default values for most Suhosin configuration options will work in most scenarios, however you might want to adjust at least following parameters:

• suhosin.request.max_vars should be increased (eg. 2048)
• suhosin.post.max_vars should be increased (eg. 2048)
• suhosin.request.max_array_index_length should be increased (eg. 256)
• suhosin.post.max_array_index_length should be increased (eg. 256)
• suhosin.request.max_totalname_length should be increased (eg. 8192)
• suhosin.post.max_totalname_length should be increased (eg. 8192)
• suhosin.sql.bailout_on_error needs to be disabled (the default)
• suhosin.log.* should not include SQL, otherwise you get big slowdown

You can also disable the warning using the SuhosinDisableWarning directive.