11/22/13

Linux - LAMP

LAMP
last modified: Jun 29, 2013

The packages necessary for a LAMP (Linux/Apache/MySQL/Php) installation are described fully in the Installation) document. Please make sure you have done these installations before proceeding.

Apache
After Apache installation, the service should already have been started. Test it by activating this URL: http://localhost Sometimes it is useful to have a command-line http client, say for testing HTTP access remotely from a shell. The preferred choice is l i n k s , which you can install by doing: $s u d oa p t g e ti n s t a l ll i n k s Then try out the client with this (type "q, ENTER" to leave): $l i n k sh t t p : / / l o c a l h o s t Apache files The key files and directories in an Ubuntu Apache installation are: / e t c / a p a c h e 2 / / e t c / a p a c h e 2 / a p a c h e 2 . c o n f / e t c / a p a c h e 2 / h t t p d . c o n f / e t c / h t t p d / c o n f . d / * . c o n f / e t c / a p a c h e 2 / m o d s a v a l i a b l e / / e t c / a p a c h e 2 / m o d s e n a b l e d / / e t c / a p a c h e 2 / s i t e s a v a l i a b l e / / e t c / a p a c h e 2 / s i t e s e n a b l e d / / e t c / i n i t . d / a p a c h e 2 / u s r / l i b / a p a c h e 2 / / v a r / w w w / / v a r / l o g / a p a c h e 2 / config files, modules, etc. main config file other (empty) config file additional statup scripts available config files for modules enabled config files for modules available site definitions enabled site definitions control script Apache modules Apache root Apache Log files

The Apache Web services starts automatically. Control the Apache server as a SysV service: $s u d os e r v i c ea p a c h e 2 [s t a t u s|s t a r t|s t o p|r e s t a r t|r e l o a d | etc. ] You can get full usage information by doing "$ s e r v i c ea p a c h e 2 ". The r e l o a dfeature is generally preferred to r e s t a r tbecause it does not actually stop the server and therefore can be done without affecting web users. On a local system, Apache may complain about lack of a host name. If so, edit / e t c / a p a c h e 2 / h t t p d . c o n f and add this line and try again: S e r v e r N a m el o c a l h o s t If something goes wrong, the first place to look is usually this log file: / v a r / l o g / a p a c h e 2 / e r r o r _ l o g This file is readable by you, a system admin, without invoking s u d o . Often a very useful thing to do is to "follow the tail" of this file as messages are generated as follows: $t a i lf/ v a r / l o g / a p a c h e 2 / e r r o r _ l o g Apache user sites
www.cs.wcupa.edu/~rkline/linux/lamp.html 1/12

11/22/13

Linux - LAMP

Apache understands user sites as the automatic association of a special directory in the user's home (by default, ~ / p u b l i c _ h t m l ) with the URL h t t p : / / l o c a l h o s t / ~ l o g i n ? > . Enable the Apache u s e r d i rmodule by: $s u d oa 2 e n m o du s e r d i r $s u d os e r v i c ea p a c h e 2r e l o a d Then create the web directory and add a test file to it: $c d $m k d i rpp u b l i c _ h t m l $e c h o" H E L L OW O R L D ">p u b l i c _ h t m l / h e l l o . h t m l Test the effectiveness by activating this URL: http://localhost/~ login?> You should get a directory listing with the "h e l l o . h t m l " file within. Ubuntu Apache Module Control Ubuntu provides special commands to control the enabling/disabling of standard Apache modules. These are the commands: a 2 e n m o d a 2 d i s m o d a 2 e n s i t e a 2 d i s s i t e a pache2 enable a module a pache2 disable a module a pache2 enable a site a pache2 disable a site

The enablers simply link from the m o d s a v a i l a b l eor s i t e s a v a i l a b l edirectories to the m o d s e n a b l e d or s i t e s e n a b l e ddirectories, respectively. The disablers remove these links. It is good to know something about what is happening by using these operations because they are not necessarily found in other Linux distributions. Enabling a module means to symbolically link actual files in / e t c / a p a c h e 2 / m o d s a v a i l a b l e /into the directory / e t c / a p a c h e 2 / m o d s e n a b l e d / . Verify by: $l sl/ e t c / a p a c h e 2 / m o d s a v a i l a b l e / u s e r d i r . * $l sl/ e t c / a p a c h e 2 / m o d s e n a b l e d / u s e r d i r . * The files u s e r d i r . c o n fand u s e r d i r . l o a din m o d s e n a b l e dare simply symbolic links to the actual files in the m o d s a v a i l a b l e . This linking was effected by: $s u d oa 2 e n m o du s e r d i r Here is the content of the files: userdir.conf < I f M o d u l em o d _ u s e r d i r . c > U s e r D i rp u b l i c _ h t m l U s e r D i rd i s a b l e dr o o t < D i r e c t o r y/ h o m e / * / p u b l i c _ h t m l > A l l o w O v e r r i d eF i l e I n f oA u t h C o n f i gL i m i tI n d e x e s O p t i o n sM u l t i V i e w sI n d e x e sS y m L i n k s I f O w n e r M a t c hI n c l u d e s N o E x e c < L i m i tG E TP O S TO P T I O N S > O r d e ra l l o w , d e n y A l l o wf r o ma l l < / L i m i t > < L i m i t E x c e p tG E TP O S TO P T I O N S > O r d e rd e n y , a l l o w D e n yf r o ma l l
www.cs.wcupa.edu/~rkline/linux/lamp.html 2/12

11/22/13

Linux - LAMP

< / L i m i t E x c e p t > < / D i r e c t o r y > < / I f M o d u l e > userdir.load L o a d M o d u l eu s e r d i r _ m o d u l e/ u s r / l i b / a p a c h e 2 / m o d u l e s / m o d _ u s e r d i r . s o The loadable module makes available further Apache control commands which are then configured in the ".conf" file. The I f M o d u l eusage in: < I f M o d u l em o d _ u s e r d i r . c > . . . < / I f M o d u l e > is the standard way to protect Apache from trying to use commands only available in the module. As you can see these commands establis p u b l i c _ h t m las the "home" directory (except for root) and configure what user home directories can and cannot do. file permissions The only requirement for invoking an HTML file in ~ / p u b l i c _ h t m lis that it be readable ("r " permission) by the Apache web server which runs as the user (and group) of name "w w w d a t a ". In order to read a file, the Apache web server must also be able to pass through ("x " permission) all directories in the path to this file. Check the permissions on the path components by doing: $l sl d / / h o m e ~ ~ / p u b l i c _ h t m l d r w x r x r x. .r o o t r o o t . . ./ d r w x r x r x. .r o o t r o o t . . ./ h o m e d r w x r x r x. .l o g i n ? > l o g i n ? > . . ./ h o m e / l o g i n ? > d r w x r x r x. .l o g i n ? > l o g i n ? > . . ./ h o m e / l o g i n ? > / p u b l i c _ h t m l In fact, we might say these permissions are too permissive for a multiuser system where users have shell access in that it allows any other user to read the files within your home directory. What you really want is this: d r w x x -. .l o g i n ? > w w w d a t a . . ./ h o m e / l o g i n ? > However, the change of group can only be done as root. An alternative is to use the little-know access control permissions built into modern UNIX-like file systems. Mac OSX systems make big usage of these access control permissions. Here is an experiment: $c d $l i n k sd u m ph t t p : / / l o c a l h o s t / ~ l o g i n ? > (display user web home) $g e t f a c l. (default access controls of your home) #f i l e :. #o w n e r :l o g i n ? > #g r o u p :l o g i n ? > u s e r : : r w x g r o u p : : r x o t h e r : : r x $c h m o d7 0 0. (close off to other users) $l i n k sd u m ph t t p : / / l o c a l h o s t / ~ l o g i n ? > (now permission denied)

$s e t f a c lmu : w w w d a t a : x. $g e t f a c l. #f i l e :.
www.cs.wcupa.edu/~rkline/linux/lamp.html

(allow "x " access to apache user) (default access controls of your home)
3/12

11/22/13

Linux - LAMP

#o w n e r :l o g i n ? > #g r o u p :l o g i n ? > u s e r : : r w x u s e r : w w w d a t a : x (observer added line) g r o u p : : r x o t h e r : : r x $l i n k sd u m ph t t p : / / l o c a l h o s t / ~ l o g i n ? > (works again) $l sl d. d r w x x +2 9l o g i n ? >l o g i n ? > (note the "+ " in permissions)

Php
Key files and directories for Php are these: / e t c / p h p 5 / / e t c / p h p 5 / a p a c h e 2 / p h p . i n i / e t c / p h p 5 / c g i / p h p . i n i / e t c / p h p 5 / c l i / p h p . i n i / e t c / p h p 5 / c o n f . d / / u s r / b i n / p h p / u s r / b i n / p h p c g i / u s r / l i b / a p a c h e 2 / l i b p h p 5 . s o / u s r / l i b / p h p 5 / 2 0 _ _ _ _ _ _ + l f s / all config files config file for Apache module config file for CGI Php config file for command-line Php added config files (for both) the command-line interpreter the CGI executable the Apache Php module the Php plugin modules

Php, like Bash, is a script language, but it is a more complete programming language in itself which is intended to be executed on different platforms. It was written for, and is primarily dedicated to being a server-side scripting language for web programming. The subdirectories a p a c h e 2 ,c g i ,c l iof / e t c / p h p 5 , each with its own config file, p h p . i n i , indicate the three different ways in which Php can be used: 1. as an Apache module: this is primarily what you're interested in 2. as an executable for a CGI web program (used in non-Apache web servers like IIS, Lighttpd, Nginx) 3. as a command-line program: the executable, / u s r / b i n / p h p , can be used for scripting. The Apache module execution (1) is quite different from (2) and (3) which rely on a system Php executable. The CGI programming method creates a separate Php process running for every server-side invocation. In contrast, the Apache module maintains one or more "live" Php processes, thereby avoiding the startup latency. Nevertheless, the CGI system can have very good performance if enhanced by using FastCGI to cache the executable code created from Php invocations. Permitting Php execution in user directories Recent Ubuntu distributions have made it so that an extra step must be taken to enable Php for user directories. You have to edit the file / e t c / a p a c h e 2 / m o d s e n a b l e d / p h p 5 . c o n f . The installation file looks like this: php5.conf < I f M o d u l em o d _ p h p 5 . c > < F i l e s M a t c h" \ . p h ( p 3 ? | t m l ) $ " > S e t H a n d l e ra p p l i c a t i o n / x h t t p d p h p < / F i l e s M a t c h > < F i l e s M a t c h" \ . p h p s $ " > S e t H a n d l e ra p p l i c a t i o n / x h t t p d p h p s o u r c e < / F i l e s M a t c h > #T or e e n a b l ep h pi nu s e rd i r e c t o r i e sc o m m e n tt h ef o l l o w i n gl i n e s #( f r o m< I f M o d u l e. . . >t o< / I f M o d u l e > . )D oN O Ts e ti tt oO na si t #p r e v e n t s. h t a c c e s sf i l e sf r o md i s a b l i n gi t . < I f M o d u l em o d _ u s e r d i r . c > < D i r e c t o r y/ h o m e / * / p u b l i c _ h t m l >
www.cs.wcupa.edu/~rkline/linux/lamp.html 4/12

11/22/13

Linux - LAMP

p h p _ a d m i n _ v a l u ee n g i n eO f f < / D i r e c t o r y > < / I f M o d u l e > < / I f M o d u l e > As indicated in the comments, comment out these lines: # < I f M o d u l em o d _ u s e r d i r . c > # < D i r e c t o r y/ h o m e / * / p u b l i c _ h t m l > # p h p _ a d m i n _ v a l u ee n g i n eO f f # < / D i r e c t o r y > # < / I f M o d u l e > and then restart Apache: $s u d os e r v i c ea p a c h e 2r e l o a d Test the effectiveness by creating a simple Php file in your home site as follows: $c a t>~ / p u b l i c _ h t m l / h e l l o . p h p< < E N D >< ? p h p >e c h o" H e l l of r o mP h p " ; >E N D Then go back to your home page with a browser, refresh, locate the new file and activate it.

MySQL
As with other service installations, the installation process starts the MySQL service automatically. This service, unlike Apache, is an Upstart service, meaning that the service control file is / e t c / i n i t / m y s q l . c o n fand that we can restart and/or reload it by doing this (the s e r v i c eoperation works, but it defers to i n i t c t loperation which is implicit): $s u d or e s t a r tm y s q l $s u d or e l o a dm y s q l The MySQL databases are held in the directory / v a r / l i b / m y s q l . For security, this directory permits no nonadministrative access, e.g.: $s u d ol sF/ v a r / l i b / m y s q l You'll see two subdirectories: m y s q land t e s trepresenting the initial databases created by the installation. The m y s q ldatabase is the administrative database which holds all information about all the databases. Access to this administrative database is via the r o o tuser. For now we will assume that it has an empty password. MySQL installation provides a number of useful shell commands to manipulate its databases, including: m y s q l : m y s q l a d m i n : m y s q l d u m p : m y s q l s h o w : command line interpreter for entering SQL commands basic administration commands dump the contents of table(s) in a database show table/fields in a database

You can see the entire set of choices from the shell using tab completion by doing: $m y s q l [ T A B ] [ T A B ] For example, try these commands: $m y s q lur o o tm y s q l $m y s q l s h o wur o o t $m y s q l s h o wur o o tm y s q l
www.cs.wcupa.edu/~rkline/linux/lamp.html

(or "m y r o o tm y s q l ", use "quit" to exit)

5/12

11/22/13

Linux - LAMP

$m y s q l s h o wur o o tm y s q lu s e r $m y s q l d u m pur o o tm y s q lu s e r Backup and reload The mysql commands provide an excellent scheme by which a database can be "backed up" and then "reloaded". Do the backup like this: $m y s q l d u m pur o o ts o m e d b>s o m e d b . s q l The s o m e d b . s q lfile contains the data in all the tables plus the commands needed to recreate these tables. A restoration from an non-existent database would be done like this: $m y s q lur o o t m y s q l >c r e a t ed a t a b a s es o m e d b ; m y s q l >u s es o m e d b ; m y s q l >s o u r c es o m e d b . s q l ; MySQL access principles MySQL is a network-oriented DBMS. Client programs may reside on different hosts than the server. The access rights of MySQL client has to a MySQL DBMS database is determined by three factors: the user specified by the client the host on which the client operates the database that the client is trying to access When a client connects to the MySQL DBMS, it attempts to gain access priviledges by consulting these three tables. 1. u s e rtable: The pair ( h o s t , u s e r ) is matched against the values in the rows of the u s e rtable. If the password field is non-empty the client must provide a matching password. The remaining fields represent boolean "priviledges" which are given to the client. At this point, these are global priviledges in that they can be used to access any database. For the most part, non-root uses gain no priviledges in these fields and root gains all priviledges. 2. h o s ttable: The pair: ( h o s t , d a t a b a s e ) is matched against the entries in the h o s ttable, and thereby augment the priviledges available to the client when accessing from this host. 3. d btable: The triple ( h o s t , d a t a b a s e , u s e r ) is used to match against the entries in the d btable, and therefore further augment the priviledges available to the client as this particular user. The d btable is the most common place where priviledges are assigned for non-root users since it is the most specific to the database. MySQL employs a "wild-card" value %to populate a field which is allowed to match any value. For example, suppose you are on t a zand wanted to access the t e s tdatabase on your machine the g u e s t user with password f o o b a r , using the m y s q lcommand-line client, you would do: [ t a z ] $m y s q lug u e s tp f o o b a rhM A C H I N Et e s t The MySQL DBMS would then attempt to gain access priviledges as follows:
www.cs.wcupa.edu/~rkline/linux/lamp.html 6/12

11/22/13

Linux - LAMP

match ( t a z , g u e s t )agains the ( h o s t , u s e r )values in the u s e rtable, encrypt f o o b a rand match it against the password field match ( t a z , t e s t )against the ( h o s t , d b )entries in the h o s ttable match ( t a z , t e s t , g u e s t )agains the ( h o s t , d b , u s e r )entries in the d btable

MySQL root password

Choose a simple password, definitely NOT your login password. This is what you would enter: $m y s q l a d m i nur o o tp a s s w o r dM Y S Q L _ P W D From this point on, you will need to use the "-p" opation for all subsequent MySQL root accesses, e.g.: $m y s q lp M Y S Q L _ P W Dur o o t or, perhaps more securely, type the password without it being revealed: $m y s q lpur o o t A VERY WISE thing to do at this point, in order to avoid forgetting this low security password, is to edit the ~ / b i n / m y r o o tscript and put in the new password: ~/bin/myroot # ! / b i n / b a s h d e c l a r erP A S S = " M Y S Q L _ P W D " i f[z" $ P A S S "] ;t h e n m y s q lur o o t" $ @ " e l s e m y s q lp " $ P A S S "ur o o t" $ @ " f i

Phpmyadmin
The phpmyadmin tool is a web-based package for administering a MySQL DBMS. As the name suggests, it requires a Php installation. Because it gives web access to any database, we need the MySQL root password set up to offer some basic protection accessing MySQL. Install phpmysqladmin Start the installation: $s u d oa p t g e ti n s t a l lp h p m y a d m i n This installation is the most involved one so far, because it requires creation of databases. The d b c o n f i g c o m m o npackage is responsible for the configuration and it stores the configuration information in the root-only readble file: / e t c / d b c o n f i g c o m m o n / p h p m y a d m i n . c o n f Here are the configuration steps: a. You are presented with the "Configuring phpmyadmin" screen with Yes preselected. Hit ENTER. This tool needs its own dedicated MySQL database to work. b. Next, the installer needs the MySQL root password (remember to use yours!) Password of the database's administrative user:
www.cs.wcupa.edu/~rkline/linux/lamp.html 7/12

11/22/13

Linux - LAMP

MYSQL_PWD Tab to OK and ENTER. c. You need a password for a newly created MySQL p h p m y a d m i nuser. Make this the same as your MySQL root password. MySQL application password for phpmyadmin: MYSQL_PWD Tab to OK and ENTER. d. Next, the p h p m y a d m i nuser password confirmation. Password confirmation: MYSQL_PWD Tab to OK and ENTER. e. Finally, the installation wants to create a configuration for you web server(s). If necessary tab to apache, then press the SPACE BAR to check it. Tab to OK and ENTER. The p h p m y a d m i ninstallation files reside in two places: / u s r / s h a r e / p h p m y a d m i n / e t c / p h p m y a d m i n ( t h ew e b s i t e ) ( c o n f i g u r a t i o nf i l e s )

For this website to kick in, we must have a link in the Apache directory. $c d/ e t c / a p a c h e 2 / c o n f . d / $l sl If you do not see the following symbolic link: / e t c / a p a c h e 2 / c o n f . d / p h p m y a d m i n . c o n f/ e t c / p h p m y a d m i n / a p a c h e . c o n f then create it and reload Apache: $s u d ol ns/ e t c / d r u p a l / 7 / a p a c h e 2 . c o n fd r u p a l . c o n f $s u d os e r v i c ea p a c h e 2r e l o a d Take a quick look at this file: $m o r e/ e t c / p h p m y a d m i n / a p a c h e . c o n f The first statement gives indication of how to access the website: A l i a s/ p h p m y a d m i n/ u s r / s h a r e / p h p m y a d m i n Log in as root and clean up the mysql user table Use this link in a browser: http://localhost/phpmyadmin In the Log in section, log in (remember, your password!): U s e r n a m e : r o o t P a s s w o r d : M Y S Q L _ P W D
www.cs.wcupa.edu/~rkline/linux/lamp.html 8/12

11/22/13

Linux - LAMP

When you're in, choose the mysql database on the left. Locate the u s e rtable at the bottom and select that. Try to understand the table content. These are the key access fields: entry # 1. 2. 3. 4. 5. 6. 7. 8. localhost 127.0.0.1 ::1 localhost MACHINE.cs.wcupa.edu localhost localhost debian-sys-maint --encrypted password-phpmyadmin --encrypted password-Host root root root MACHINE.cs.wcupa.edu root User Password --encrypted password--

Entries 2-4 are redundant, and worse, they provide a password-less way to get in as root. Entries 5,6 provide "anonymous" access. This is usually a way in to the t e s tdatabase provided as a "jump-start" to using MySQL. To clean up, delete all entries 2-6, leaving 3 entries in the table. entry # 1. 2. 3. Host localhost root localhost phpmyadmin User Password --encrypted password---encrypted password--

localhost debian-sys-maint --encrypted password--

Drupal
Drupal is a popular Php-based Content Management System (CMS) which allows users to create websites with minimal knowledge of HTML and Php per se. The content is "managed" by maintaining it within a database and presented by means of an extensive library of templates. We can use this for our system notes which we want to publish. To install the Drupal basis use this: $s u d oa p t g e ti n s t a l ld r u p a l 7 The installation steps are: a. Postfix Configuration. This explains about the mail configuration. It is not going to be an issue for us. Tab to OK and ENTER. b. Select No Configuration using the arrow keys. Tab to OK and ENTER. c. Configuring drupal7. Tab to Yes and ENTER. d. Database type to be used by drupal7: Select mysql. Tab to OK and ENTER. e. Password of the database's administrative user. This is your mysql root password. MYSQL_PWD f. MySQL application password for drupal7. You should not need to use this, but give it the same: MYSQL_PWD
www.cs.wcupa.edu/~rkline/linux/lamp.html 9/12

11/22/13

Linux - LAMP

g. Password confirmation: MYSQL_PWD The Apache configuration file is not automatically set up. It is simple enough to do it by hand: $c d/ e t c / a p a c h e 2 / c o n f . d / $s u d ol ns/ e t c / d r u p a l / 7 / a p a c h e 2 . c o n fd r u p a l . c o n f $s u d os e r v i c ea p a c h e 2r e l o a d The package installation creates the database, but does not set it up. We have to do so using the drupal installer, so activate this URL: http://localhost/drupal7/install.php and proceed through these configuration steps: Select an installation profile: Standard (default). Click Save and Continue . Choose Language. Click Save and Continue . Configure Site. We need an administrative login/password. I've chosen the login r o o tand password the same as the MySQL root password. You have to feed it realistic email addresses. S i t eI n f o r m a t i o n : S i t eN a m e :M A C H I N E S i t ee m a i la d d r e s s :r o o t @ M A C H I N E . c s . w c u p a . e d u S i t eM a i n t e n a n c eA c c o u n t : U s e r n a m e :r o o t E m a i la d d r e s s :r o o t @ M A C H I N E . c s . w c u p a . e d u P a s s w o r d :M Y S Q L _ P W D C o n f i r mP a s s w o r d :M Y S Q L _ P W D S e r v e rS e t t i n g s : D e f a u l tC o u n t r y :U n i t e dS t a t e s D e f a u l tt i m ez o n e :A m e r i c a / N e wY o r k U P D A T EN O T I F I C A T I O N S : u n c h e c k :C h e c kf o ru p d a t e sa u t o m a t i c a l l y Click Save and Continue . Drupal installation complete. You must see this page to ensure that the installation worked. Click the Visit your new site link. Click the Log out link. Log in and create "hello world" content a. Give the username/password from the installation: root/MYSQL_PWD b. Click Add New Content. c. Select Basic Page . d. Create Basic Page: Title: This is a test Body: Hello World.
www.cs.wcupa.edu/~rkline/linux/lamp.html 10/12

11/22/13

Linux - LAMP

I'm creating my first page. Click Save and view content created. Observe the "paragraphing" of the two lines. e. Click Content link at top. f. Check the newly created page. g. Select: Promote Selecte Content to Front Page . Click Update . h. Click Home to view. Further visual configurations a. Move user login into header. Choose Structure Blocks. Locate User Login in the Content section. From the selection list, choose Header (it is moved instantly). Click Save Blocks at the bottom. b. Remove the Create New Account link which appears with user login. Go to Configuration Account Settings. In the Registration and cancellation section, following "Who can register accounts?", choose: Administrators Only. Click Save Configuration at the bottom. c. Remove Request New Password link. This is a real hack, but I can't seem to find a better way. Edit the file: / u s r / s h a r e / d r u p a l 7 / m o d u l e s / u s e r / u s e r . m o d u l e Look for the line of Php code (line #1309 in my file): $ i t e m s [ ]=l ( t ( ' R e q u e s tn e wp a s s w o r d ' ) ,' u s e r / p a s s w o r d ' ,. . . and comment it out by putting "/ / " at the beginning of the line. Add a phpmyadmin menu item Choose Structure Menus. In the Main Menu section, choose add link. Set these values: M e n ul i n kt i t l e : p h p m y a d m i n P a t h : h t t p : / / M A C H I N E / p h p m y a d m i n Click Save at the bottom. Finally, click Log Out Make root page redirect to Drupal Create a new Php root page in the Apache root directory: $c d/ v a r / w w w $r mi n d e x . h t m l $b e s u #c a t>i n d e x . p h p< < E N D < ? p h p h e a d e r ( " l o c a t i o n : / d r u p a l 7 " ) ; E N D

Tunnel access to Apache

www.cs.wcupa.edu/~rkline/linux/lamp.html 11/12

11/22/13

Linux - LAMP

We want to allow a web browser, running on a computer outside the CSC firewall have web access to machine?> . The procedure is the same as in the NX and Tunneling document. document, only the ports are changed. Choose a dedicated local port, say h t t p _ t h r u p o r t ? > . We want to tunnel through this port on our local machine to port 8 0on machine?> . On a Linux/UNIX system, start the tunnel from a shell: s s hLh t t p _ t h r u p o r t ? > : m a c h i n e ? > : 8 0t a z _ l o g i n ? > @ t a z . c s . w c u p a . e d u Again, a wise thing to do is to make an a l i a slike: a l i a sm a k e t u n n e l h t t p = ' s s hL7 0 8 0 : M A C H I N E : 8 0T A Z _ L O G I N @ t a z . c s . w c u p a . e d u ' http tunnel through PuTTy On a Windows system, the the tunnel can again be set up through PuTTy. The PuTTy connection to taz supports multiple tunnels. For simplicity, we'll assume you've created the PuTTy t a zsession as was described in Remote Windows NX Client secion of the NX and Tunneling document. document. In PuTTy, a. Select the "t a z " from the Saved sessions (don't run it yet). Click the Load button. b. Go to Connection SSH Tunnels c. Enter h t t p _ t h r u p o r t ? >in the Source port field d. Enter m a c h i n e ? > : 8 0in the Destination field e. Click the Add button. It should create a line: L h t t p _ t h r u p o r t ? > m a c h i n e ? > : 8 0

f. Go back to the Session and click Save . The tunnel is set up. g. Click Open and log in to t a z . To start the tunnel from PuTTy, simply open the t a zconnection. Tunnel tests Test the tunnel's effectiveness by activating these URLs: http://localhost:http_thruport?>/phpmyadmin http://localhost:http_thruport?>/drupal7 Unfortunately, the phpmyadmin menu link in Drupal will not work. In Drupal the link URLs must be complete, but our machine name, useful only within the CSC firewall, cannot possibly work in this situation.
Robert M. Kline

www.cs.wcupa.edu/~rkline/linux/lamp.html

12/12