Installing Drupal on Fedora 6
In this post I’m going to walk you through the steps to create a Drupal based web site from the ground up starting with a newly minted Fedora 6 slice from Slicehost.
Secure the Slice
The first steps are exactly the same as my previous post, Securing a new Fedora 6 Slice. If you followed the instructions in that post you have accomplished the following
- changed root’s password
- yum updated the base installation
- yum installed sudo
- created a user with sudo privileges
- created a public key on your local machine and copied it to your slice
- disabled password authentication via ssh
- diabled challenge response authentication via ssh
- changed the ssh port
- disabled root login via ssh
- installed denyhosts (optional)
- installed and configured a firewall using iptables
Install Required Software
Now that the slice is more secure, we can install the software required by Drupal.
- Apache Web Server, httpd
- MySQL Server
- PHP
- GD
- Sendmail
Login into the slice and yum install the following packages
$ /usr/bin/sudo /usr/bin/yum -y install \ > wget \ > tar \ > gzip \ > make \ > gcc \ > openssh-clients \ > mysql \ > mysql-server \ > php \ > php-mysql \ > php-devel \ > php-gd \ > gd \ > gd-devel \ > httpd \ > sendmail \ > sendmail-mc \ > sendmail-cf
Start the mysqld server
$ /usr/bin/sudo /etc/init.d/mysqld restart
Ensure MySQL starts at boot
$ /usr/bin/sudo /sbin/chkconfig --add mysqld $ /usr/bin/sudo /sbin/chkconfig --level 345 mysqld on
Secure Initial MySQL Accounts
see Securing the initial MySQL accounts
$ /bin/su
# /usr/bin/mysql -u root
mysql> SET PASSWORD FOR 'root'@'localhost' = PASSWORD('newpwd');
mysql> exit
# exit
$
Create a Drupal system user
$ /usr/bin/sudo /usr/sbin/useradd -r drupal
Create MySQL user account
$ /bin/su # mysql -p -u root mysql> create user 'drupal'@'localhost';
Create the database for your Drupal site
mysql> create database mysite; mysql> grant all on mysite.* to 'drupal'@'localhost'; mysql> exit; # exit; $
Download the Drupal software
see Download
Change directories to /usr/local/src
$ cd /usr/local/src $ /usr/bin/sudo /usr/bin/wget \ > http://ftp.drupal.org/files/projects/drupal-5.2.tar.gz $ /usr/bin/sudo /bin/tar xvf drupal-5.2.tar.gz $ usr/bin/sudo /bin/cp -r drupal-5.2 /var/www/html/mysite
Make settings.php writeable by the web server user
$ cd /var/www/html/mysite $ /usr/bin/sudo /bin/chown root.apache \ > /var/www/html/mysite/sites/default/settings.php $ /usr/bin/sudo /bin/chmod g+w \ > /var/www/html/mysite/sites/default/settings.php
Make the files/ directory and its subdirectories writable by the web server user
$ /usr/bin/sudo /bin/mkdir files files/color files/css \ > files/images files/images/temp $ /usr/bin/sudo /bin/chown root.apache files files/color files/css \ > files/images files/images/temp $ usr/bin/sudo /bin/chmod g+w files files/color files/css \ > files/images files/images/temp
Set up cron
Add a shell script to /etc/cron.hourly
# !/bin/sh # $Id: cron-curl.sh,v 1.3 2006/08/22 07:38:24 dries Exp $ curl --silent --compressed http://mysite.com/cron.php
Get optional modules and themes
Setup Apache Web Server
edit /etc/httpd/conf/httpd.conf
#ServerName :80 ServerName www.mysite.com:80 #Listen 12.34.56.78:80 Listen your.slice.ip.addr:80
Add
<Files *.inc>
Deny From All
</Files>
<Files *.class>
Deny From All
</Files>
<Files MANIFEST>
Deny From All
</Files>
See this article for tuning Apache for performance
Create a virtual host
Edit /etc/httpd/conf/httpd.conf
<VirtualHost hostname:80> ServerAdmin webmaster@mysite.com DocumentRoot /var/www/html/mysite ServerName www.mysite.com Options -Indexes +FollowSymLinks ErrorLog logs/mysite-error_log CustomLog logs/mysite-access_log combined DirectoryIndex index.html index.html.var index.php <Directory "/var/www/html/mysite"> AllowOverride all </Directory> </VirtualHost>
Start the Web Server
$ /usr/sbin/apachectl configtest $ /sbin/chkconfig --add httpd $ /sbin/chkconfig --level 345 httpd on $ /usr/sbin/apachectl start
Configure PHP
See Description of core php.ini directives
You may need to adjust
uploadmaxfilesize
postmaxsize
There is a good security article on the Gallery2 site that is worth reading.
Install Drupal
Navigate to http://mysite.com/install.php and follow along with the online install. When finished, change permission on /var/www/html/mysite/sites/default/settings.php
$ /usr/bin/sudo /bin/chmod g-w /var/www/html/mysite/sites/default/settings.php
Setup Sendmail
Configure Linux Mail Servers is a comprehensive article, I’ll just hit the highlights.
Configure DNS correctly
Add the following records
- mail pointing to your slice’s IP,
- MX pointing to mail
- TXT pointing to v=spf1 a mx -all
Configure /etc/resolv.conf
Add the following line above the line nameserver
domain mysite.com
Configure /etc/hosts
127.0.0.1 mysite.com localhost.localdomain localhost
Configure /etc/sendmail.mc
Make sure sendmail is listening on all interfaces (0.0.0.0)
$ /bin/netstat -an | grep :25 | grep tcp tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN
Comment out DAEMON_OPTIONS in /etc/mail/sendmail.mc if it is only listening on loopback
dnl DAEMON_OPTIONS(\`Port=smtp,Addr=127.0.0.1, Name=MTA')
Make sure these lines are commented out to avoid having your server used to forward spam
dnl FEATURE(`accept_unresolvable_domains')dnl dnl FEATURE(`relay_based_on_MX')dnl
Configure /etc/mail/access
Add your domain
# by default we allow relaying from localhost... Connect:localhost.localdomain RELAY Connect:localhost RELAY Connect:127.0.0.1 RELAY Connect:mysite.com RELAY
Configure /etc/mail/local-host-names
Add all aliases for your server
mysite.com
Configure /etc/mail/virtusertable
Add email address/user pairs
root@mysite.com myuser
webmaster@mysite.com myuser
postmaster@mysite.com myuser
info@mysite.com myuser
abuse@mysite.com myuser
apache@mysite.com myuser
Configure /etc/aliases
Edit user that receives root’s email
# Person who should get root's mail
#root: marc
root webmaster@mysite.com
Update /etc/sysconfig/iptables by adding
#Allow mail -A INPUT -p tcp --dport 25 -j ACCEPT -A OUTPUT -p tcp --dport 25 -j ACCEPT -A INPUT -p tcp --dport 110 -j ACCEPT -A OUTPUT -p tcp --dport 110 -j ACCEPT
Optionally Configure spam tools
see Configure Linux Mail Servers
Optionally set up POP3
If you want to read your mail using a client on your PC, you need to set up POP3.
$ /usr/bin/sudo /usr/bin/yum -y install dovecot $ /usr/bin/sudo /sbin/chkconfig --add dovecot $ /usr/bin/sudo /sbin/chkconfig --level 345 dovecot on $ /usr/bin/sudo /etc/init.d/dovecot start
Edit /etc/dovecot.conf
#protocols = imap imaps pop3 pop3s
protocols = pop3
Configure your client to receive mail from mail.mysite.com
I don’t recommend that try to configure your slice to relay mail from your PC’s client software. Just use your ISP’s SMTP server to send mail. But if you insist, read this guide first.
Optionally install a mail client
Pine is a simple lightweight mail reader that you can use to read mail from a terminal session when you are logged on to your slice.
$ usr/bin/sudo /bin/rpm -ivh http://rpm.livna.org/livna-release-6.rpm
ensure enable=1 is set to enable=0 in the following files
/etc/yum.repos.d/livna.repo
/etc/yum.repos.d/livna-devel.repo
/etc/yum.repos.d/livna-testing.repo
This will disable the livna repository for regular yum updates
Then, you can install Pine with:
$ /usr/bin/sudo /usr/bin/yum --enablerepo=livna install pine
Wow mate, excellent guide and very easy to follow. Two thumbs way up!
Comment by Frenk — December 20, 2007 @ 9:05 pm
Great Guide, I just got myself a 256 MB Slice and the guide seems to be what I need to run Drupal on it.
Comment by SteveJB — February 12, 2008 @ 1:18 pm
Damn straight. This is exactly what I needed - some expert advise on how to get things running in a secure manner. Big thanks.
Comment by Tom — October 2, 2008 @ 2:38 pm