LXC: une virtualisation de type isolateur.

Temps de lecture approximatif : 4 minutes

 

+++++++++++++++++++++++++++++++++++++++++++++++++++++++
Installation d’un serveur LEMP (Linux Nginx MySQL PHP) dans le container
+++++++++++++++++++++++++++++++++++++++++++++++++++++++

Installation des pré-requis

apt-get install inetutils-ping htop less vim aptitude ssh screen wget sudo links2 unzip

Installation de PHP et FastCGI

apt-get install nginx php5-cli php5-cgi spawn-fcgi php-pear

Issue the following sequence of commands to download a small wrapper script for PHP-FastCGI, configure an init script to control the process, start the process
for the first time, and ensure that the process will start following a reboot cycle:

cd /opt/
wget -O php-fastcgi-deb.sh http://library.linode.com/assets/1548-php-fastcgi-deb.sh
mv /opt/php-fastcgi-deb.sh /usr/bin/php-fastcgi
chmod +x /usr/bin/php-fastcgi
wget -O init-php-fastcgi-deb.sh http://library.linode.com/assets/1549-init-php-fastcgi-deb.sh
mv /opt/init-php-fastcgi-deb.sh /etc/init.d/php-fastcgi
chmod +x /etc/init.d/php-fastcgi
/etc/init.d/php-fastcgi start
update-rc.d php-fastcgi defaults

 

Config de l’acces au site « monsite » dans Nginx: /etc/nginx/sites-available/monsite

server {
        listen 80;
        server_name 192.168.22.11 monsite;
        access_log /var/log/nginx/monsite_access.log;
        error_log /var/log/nginx/monsite_error.log;

        root   /var/www/monsite;
        index  index.php index.html index.htm;

        location / {
                try_files $uri $uri/ /index.php?$args;
        }

        # Important security note: If you are planning to run applications that support file uploads (images, for example),
        # the above configuration may expose you to a security risk by allowing arbitrary code execution. The short explanation for this behavior is that
        # a properly crafted URI which ends in ".php", in combination with a malicious image file that actually contains valid PHP, can result in the image being processed as PHP.

        location ~ \.php$ {
                try_files $uri =404;
                include /etc/nginx/fastcgi_params;
                fastcgi_pass 127.0.0.1:9000;
                fastcgi_index index.php;
                fastcgi_param SCRIPT_FILENAME /var/www/monsite$fastcgi_script_name;
        }


        # It is a good idea to secure any upload directories your applications may use.
        # The following configuration except demonstrates securing an "/images" directory.

        location ~ \.php$ {
                include /etc/nginx/fastcgi_params;
                if ($uri !~ "^/images/") {
                        fastcgi_pass 127.0.0.1:9000;
                }
                fastcgi_index index.php;
                fastcgi_param SCRIPT_FILENAME /var/www/monsite$fastcgi_script_name;
        }
}
ln -s /etc/nginx/sites-available/monsite /etc/nginx/sites-enabled
/etc/init.d/nginx restart

 

 Installation de MySQL

apt-get install mysql-server php5-mysql

 

root@serveur1:/etc/nginx/sites-enabled# mysql -p
Enter password: 
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 43
Server version: 5.5.35-0+wheezy1 (Debian)

Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql>

    Execute mysql_secure_installation to secure MySQL instance
   

root@serveur1:/etc/nginx/sites-enabled# mysql_secure_installation




NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MySQL
      SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!


In order to log into MySQL to secure it, we'll need the current
password for the root user.  If you've just installed MySQL, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.

Enter current password for root (enter for none): 
OK, successfully used password, moving on...

Setting the root password ensures that nobody can log into the MySQL
root user without the proper authorisation.

You already have a root password set, so you can safely answer 'n'.

Change the root password? [Y/n] n
 ... skipping.

By default, a MySQL installation has an anonymous user, allowing anyone
to log into MySQL without having to have a user account created for
them.  This is intended only for testing, and to make the installation
go a bit smoother.  You should remove them before moving into a
production environment.

Remove anonymous users? [Y/n] 
 ... Success!

Normally, root should only be allowed to connect from 'localhost'.  This
ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n] 
 ... Success!

By default, MySQL comes with a database named 'test' that anyone can
access.  This is also intended only for testing, and should be removed
before moving into a production environment.

Remove test database and access to it? [Y/n] 
 - Dropping test database...
ERROR 1008 (HY000) at line 1: Can't drop database 'test'; database doesn't exist
 ... Failed!  Not critical, keep moving...
 - Removing privileges on test database...
 ... Success!

Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.

Reload privilege tables now? [Y/n] 
 ... Success!

Cleaning up...



All done!  If you've completed all of the above steps, your MySQL
installation should now be secure.

Thanks for using MySQL!

Création d’une base

root@serveur1:/var/www/monsite# mysql -p
Enter password: 
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 37
Server version: 5.5.35-0+wheezy1 (Debian)

Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> create database monsite;
Query OK, 1 row affected (0.00 sec)

mysql> show databases 
    -> ;
+--------------------+
| Database           |
+--------------------+
| information_schema |
| monsite            |
| mysql              |
| performance_schema |
+--------------------+
4 rows in set (0.00 sec)

mysql> grant all on monsite.* to monsite_admin@localhost identified by 'mypassword';
Query OK, 0 rows affected (0.00 sec)

mysql>
root@serveur1:/etc/nginx/sites-enabled#


“La connaissance a plus de valeur et s’accroît rapidement lorsqu’elle est partagée et accessible librement…”

Ce document est publié sous licence Creative Commons
Attribution, Partage à l’identique, Contexte non commercial 3.0 : http://creativecommons.org/licenses/by-nc/3.0/

Laisser un commentaire

Votre adresse e-mail ne sera pas publiée. Les champs obligatoires sont indiqués avec *

Le temps imparti est dépassé. Merci de saisir de nouveau le CAPTCHA.

Ce site utilise Akismet pour réduire les indésirables. En savoir plus sur comment les données de vos commentaires sont utilisées.