Virtual Users And Domains With Postfix, Courier And MySQL (CentOS 5.1)

Version 1.0
Author: Falko Timme <ft [at] falkotimme [dot] com>
Last edited 12/05/2007

This tutorial is Copyright (c) 2007 by Falko Timme. It is derived from a tutorial from Christoph Haas which you can find at http://workaround.org. You are free to use this tutorial under the Creative Commons license 2.5 or any later version.

This document describes how to install a Postfix mail server that is based on virtual users and domains, i.e. users and domains that are in a MySQL database. I’ll also demonstrate the installation and configuration of Courier (Courier-POP3, Courier-IMAP), so that Courier can authenticate against the same MySQL database Postfix uses.

The resulting Postfix server is capable of SMTP-AUTH and TLS and quota (quota is not built into Postfix by default, I’ll show how to patch your Postfix appropriately). Passwords are stored in encrypted form in the database (most documents I found were dealing with plain text passwords which is a security risk). In addition to that, this tutorial covers the installation of Amavisd, SpamAssassin and ClamAV so that emails will be scanned for spam and viruses.

The advantage of such a “virtual” setup (virtual users and domains in a MySQL database) is that it is far more performant than a setup that is based on “real” system users. With this virtual setup your mail server can handle thousands of domains and users. Besides, it is easier to administrate because you only have to deal with the MySQL database when you add new users/domains or edit existing ones. No more postmap commands to create db files, no more reloading of Postfix, etc. For the administration of the MySQL database you can use web based tools like phpMyAdmin which will also be installed in this howto. The third advantage is that users have an email address as user name (instead of a user name + an email address) which is easier to understand and keep in mind.

This tutorial is based on CentOS 5.1 (i386). You should already have set up a basic CentOS system, as described here: http://www.howtoforge.com/centos-5.1-server-lamp-email-dns-ftp-ispconfig and http://www.howtoforge.com/centos-5.1-server-lamp-email-dns-ftp-ispconfig-p2. Plus, you should make sure that the firewall is off (at least for now) and that SELinux is disabled (this is important!), as shown in the chapter six on http://www.howtoforge.com/centos-5.1-server-lamp-email-dns-ftp-ispconfig-p3.

This howto is meant as a practical guide; it does not cover the theoretical backgrounds. They are treated in a lot of other documents in the web.

This document comes without warranty of any kind! I want to say that this is not the only way of setting up such a system. There are many ways of achieving this goal but this is the way I take. I do not issue any guarantee that this will work for you!

1 Edit /etc/hosts

Our hostname in this example is server1.example.com, and it has the IP address 192.168.0.100, so we change /etc/hosts as follows:

vi /etc/hosts

# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1               localhost.localdomain localhost
192.168.0.100           server1.example.com server1
::1             localhost6.localdomain6 localhost6

2 Install Some Software

First we import the GPG keys for software packages:

rpm –import /etc/pki/rpm-gpg/RPM-GPG-KEY*

Then we update our existing packages on the system:

yum update

Now we install some software that we need later on:

yum groupinstall ‘Development Tools’

yum groupinstall ‘Development Libraries’

3 Install Apache, MySQL, phpMyAdmin

First we enable the RPMforge repository on our CentOS system as lots of the packages that we are going to install in the course of this tutorial are not available in the official CentOS 5.1 repositories:

rpm -Uhv http://apt.sw.be/packages/rpmforge-release/rpmforge-release-0.3.6-1.el5.rf.i386.rpm

(If the above link doesn’t work anymore, you can find the current version of rpmforge-release here: http://apt.sw.be/packages/rpmforge-release/)

Afterwards we can install the needed packages with one single command (including the packages we need to build Courier-IMAP):

yum install ntp httpd mysql-server php php-mysql php-mbstring php-mcrypt phpmyadmin rpm-build gcc mysql-devel openssl-devel cyrus-sasl-devel pkgconfig zlib-devel pcre-devel openldap-devel postgresql-devel expect libtool-ltdl-devel openldap-servers libtool gdbm-devel pam-devel gamin-devel

4 Install Courier-IMAP, Courier-Authlib, And Maildrop

Unfortunately there are no rpm packages for Courier-IMAP, Courier-Authlib, and Maildrop, therefore we have to install them as described in this tutorial: How To Install courier-imap, courier-authlib, And maildrop On Fedora, RedHat, CentOS

In case you have problems creating the rpm packages, you can download mine:

• courier-authlib-0.60.2-1.i386.rpm
• courier-authlib-devel-0.60.2-1.i386.rpm
• courier-authlib-mysql-0.60.2-1.i386.rpm
• courier-imap-4.2.1-1.i386.rpm
• maildrop-2.0.4-1.i386.rpm

5 Apply Quota Patch To Postfix

We have to get the Postfix source rpm, patch it with the quota patch, build a new Postfix rpm package and install it.

cd /usr/src
wget http://ftp-stud.fht-esslingen.de/pub/Mirrors/centos/5.1/os/SRPMS/postfix-2.3.3-2.src.rpm
rpm -ivh postfix-2.3.3-2.src.rpm

The last command will show some warnings that you can ignore:

warning: user mockbuild does not exist – using root
warning: group mockbuild does not exist – using root

cd /usr/src/redhat/SOURCES
wget http://vda.sourceforge.net/VDA/postfix-2.3.3-vda.patch.gz
gunzip postfix-2.3.3-vda.patch.gz
cd /usr/src/redhat/SPECS/

Now we must edit the file postfix.spec:

vi postfix.spec

Change %define MYSQL 0 to %define MYSQL 1, add Patch0: postfix-2.3.3-vda.patch to the # Patches stanza, and finally add %patch0 -p1 -b .vda to the %setup -q stanza:

[...]
%define MYSQL 1
[...]
# Patches

Patch0: postfix-2.3.3-vda.patch
Patch1: postfix-2.1.1-config.patch
Patch3: postfix-alternatives.patch
Patch6: postfix-2.1.1-obsolete.patch
Patch7: postfix-2.1.5-aliases.patch
Patch8: postfix-large-fs.patch
Patch9: postfix-2.2.5-cyrus.patch
[...]
%setup -q
# Apply obligatory patches
%patch0 -p1 -b .vda
%patch1 -p1 -b .config
%patch3 -p1 -b .alternatives
%patch6 -p1 -b .obsolete
%patch7 -p1 -b .aliases
%patch8 -p1 -b .large-fs
%patch9 -p1 -b .cyrus
[...]

Then we build our new Postfix rpm package with quota and MySQL support:

rpmbuild -ba postfix.spec

You will see lots of warnings like these that you can ignore:

msg.h:12:1: warning: “/*” within comment
msg.h:14:1: warning: “/*” within comment
msg.h:33:1: warning: “/*” within comment
msg.h:34:1: warning: “/*” within comment
msg.h:35:1: warning: “/*” within comment
msg.h:36:1: warning: “/*” within comment

Our Postfix rpm package is created in /usr/src/redhat/RPMS/i386, so we go there:

cd /usr/src/redhat/RPMS/i386

The command

ls -l

shows you the available packages:

[root@server1 i386]# ls -l
total 11280
-rw-r–r– 1 root root 3819299 Dec  5 15:25 postfix-2.3.3-2.i386.rpm
-rw-r–r– 1 root root 7655069 Dec  5 15:25 postfix-debuginfo-2.3.3-2.i386.rpm
-rw-r–r– 1 root root   50346 Dec  5 15:25 postfix-pflogsumm-2.3.3-2.i386.rpm
[root@server1 i386]#

Pick the Postfix package and install it like this:

rpm -ivh postfix-2.3.3-2.i386.rpm

(In case you have problems creating the Postfix rpm package, you can download mine from here: postfix-2.3.3-2.i386.rpm.)

6 Set MySQL Passwords And Configure phpMyAdmin

Start MySQL:

chkconfig –levels 235 mysqld on
/etc/init.d/mysqld start

Then set passwords for the MySQL root account:

mysqladmin -u root password yourrootsqlpassword
mysqladmin -h server1.example.com -u root password yourrootsqlpassword

Now we configure phpMyAdmin. We change the Apache configuration so that phpMyAdmin allows connections not just from localhost (by commenting out the <Directory “/usr/share/phpmyadmin”> stanza):

vi /etc/httpd/conf.d/phpmyadmin.conf

#
#  Web application to manage MySQL
#

#<Directory "/usr/share/phpmyadmin">
#  Order Deny,Allow
#  Deny from all
#  Allow from 127.0.0.1
#</Directory>

Alias /phpmyadmin /usr/share/phpmyadmin
Alias /phpMyAdmin /usr/share/phpmyadmin
Alias /mysqladmin /usr/share/phpmyadmin

Next we change the authentication in phpMyAdmin from cookie to http:

vi /usr/share/phpmyadmin/config.inc.php

[...]
/* Authentication type */
$cfg['Servers'][$i]['auth_type'] = 'http';
[...]

Then we create the system startup links for Apache and start it:

chkconfig –levels 235 httpd on
/etc/init.d/httpd start

Now you can direct your browser to http://server1.example.com/phpmyadmin/ or http://192.168.0.100/phpmyadmin/ and log in with the user name root and your new root MySQL password.

• Virtual Users And Domains With Postfix, Courier And MySQL (CentOS 5.1) – Page 2
• Virtual Users And Domains With Postfix, Courier And MySQL (CentOS 5.1) – Page 3
• Virtual Users And Domains With Postfix, Courier And MySQL (CentOS 5.1) – Page 4
• Virtual Users And Domains With Postfix, Courier And MySQL (CentOS 5.1) – Page 5

next Virtual Users And Domains With Postfix, Courier And MySQL (CentOS 5.1) – Page 2
This page is licensed under a Creative Commons License.

Related Tutorials

• Virtual Users And Domains With Postfix, Courier And MySQL (Ubuntu 7.10)
• Virtual Users And Domains With Postfix, Courier And MySQL (Fedora
• Virtual Users And Domains With Postfix, Courier And MySQL (Debian Etch)
• DSPAM With Embedded ClamAV Integrated Into Postfix With Virtual Users And Domains

CentOS 5.1 Server Setup: LAMP, Email, DNS, FTP, ISPConfig (a.k.a. The Perfect Server)

Version 1.0
Author: Falko Timme <ft [at] falkotimme [dot] com>
Last edited 12/04/2007

This tutorial shows how to set up a CentOS 5.1 based server that offers all services needed by ISPs and web hosters: Apache web server (SSL-capable), Postfix mail server with SMTP-AUTH and TLS, BIND DNS server, Proftpd FTP server, MySQL server, Dovecot POP3/IMAP, Quota, Firewall, etc. This tutorial is written for the 32-bit version of CentOS 5.1, but should apply to the 64-bit version with very little modifications as well.

I will use the following software:

• Web Server: Apache 2.2 with PHP 5.1.6
• Database Server: MySQL 5.0
• Mail Server: Postfix
• DNS Server: BIND9 (chrooted)
• FTP Server: Proftpd
• POP3/IMAP server: Dovecot
• Webalizer for web site statistics

In the end you should have a system that works reliably, and if you like you can install the free webhosting control panel ISPConfig (i.e., ISPConfig runs on it out of the box).

I want to say first that this is not the only way of setting up such a system. There are many ways of achieving this goal but this is the way I take. I do not issue any guarantee that this will work for you!

1 Requirements

To install such a system you will need the following:

• Download the CentOS 5.1 DVD or the six CentOS 5.1 CDs from a mirror next to you (the list of mirrors can be found here: http://isoredirect.centos.org/centos/5/isos/i386/).
• a fast internet connection.

2 Preliminary Note

In this tutorial I use the hostname server1.example.com with the IP address 192.168.0.100 and the gateway 192.168.0.1. These settings might differ for you, so you have to replace them where appropriate.

3 Install The Base System

Boot from your first CentOS 5.1 CD (CD 1) or the CentOS 5.1 DVD. Press <ENTER> at the boot prompt:

It can take a long time to test the installation media so we skip this test here:

The welcome screen of the CentOS installer appears. Click on Next:

Choose your language next:

Select your keyboard layout:

I’m installing CentOS 5.1 on a fresh system, so I answer Yes to the question Would you like to initialize this drive, erasing ALL DATA?

Now we must select a partitioning scheme for our installation. For simplicity’s sake I select Remove linux partitions on selected drives and create default layout. This will result in a small /boot and a large / partition as well as a swap partition. Of course, you’re free to partition your hard drive however you like it. Then I hit Next:

Answer the following question (Are you sure you want to do this?) with Yes:

On to the network settings. The default setting here is to configure the network interfaces with DHCP, but we are installing a server, so static IP addresses are not a bad idea… Click on the Edit button at the top right.

In the window that pops up uncheck Use dynamic IP configuration (DHCP) and Enable IPv6 support and give your network card a static IP address (in this tutorial I’m using the IP address 192.168.0.100 for demonstration purposes) and a suitable netmask (e.g. 255.255.255.0; if you are not sure about the right values, http://www.subnetmask.info might help you):

Set the hostname manually, e.g. server1.example.com, and enter a gateway (e.g. 192.168.0.1) and up to two DNS servers (e.g. 145.253.2.75 and 193.174.32.18):

Choose your time zone:

Give root a password:

• CentOS 5.1 Server Setup: LAMP, Email, DNS, FTP, ISPConfig (a.k.a. The Perfect Server) – Page 2
• CentOS 5.1 Server Setup: LAMP, Email, DNS, FTP, ISPConfig (a.k.a. The Perfect Server) – Page 3
• CentOS 5.1 Server Setup: LAMP, Email, DNS, FTP, ISPConfig (a.k.a. The Perfect Server) – Page 4
• CentOS 5.1 Server Setup: LAMP, Email, DNS, FTP, ISPConfig (a.k.a. The Perfect Server) – Page 5
• CentOS 5.1 Server Setup: LAMP, Email, DNS, FTP, ISPConfig (a.k.a. The Perfect Server) – Page 6
• CentOS 5.1 Server Setup: LAMP, Email, DNS, FTP, ISPConfig (a.k.a. The Perfect Server) – Page 7

next CentOS 5.1 Server Setup: LAMP, Email, DNS, FTP, ISPConfig (a.k.a. The Perfect Server) – Page 2
Copyright © 2007 Falko Timme
All Rights Reserved.

Related Tutorials

• The Perfect Setup – CentOS 5.0 (32-bit)
• The Perfect Server – CentOS 4.5 (32-bit)
• Fedora 8 Server Setup: LAMP, Email, DNS, FTP, ISPConfig (a.k.a. The Perfect Server)
• The Perfect Server – OpenSUSE 10.3 (32-bit)
• The Perfect Server – Mandriva 2008 Free (Mandriva 2008.0)
• The Perfect Server – Ubuntu Gutsy Gibbon (Ubuntu 7.10)
• The Perfect Setup – Debian Etch (Debian 4.0)

How To Install courier-imap, courier-authlib, And maildrop On Fedora, RedHat, CentOS

Version 1.0
Author: Falko Timme <ft [at] falkotimme [dot] com>
Last edited 11/13/2007

For some reason there are no Courier packages (courier-imap, courier-authlib, maildrop) available on RedHat-based distributions (RedHat, Fedora, CentOS), and the only third-party repository that had such packages seems to have closed (enlartenment.com). Therefore this tutorial explains how you can create and install your own Courier rpm packages from the sources, and I provide download links for my Courier rpm packages that I compiled on Fedora 8 (i386) so that you can save some time.

I do not issue any guarantee that this will work for you!

1 Preliminary Note

I have tried this on a Fedora 8 (i386) system; it should work for RedHat and CentOS as well. If you are on an x86_64 system, replace all references to i386 in this tutorial with x86_64.

2 Installing Prerequisites

Before we can compile the Courier packages, we need some prerequisites such as compilers, development libraries, etc. which we can install like this:

yum groupinstall ‘Development Tools’

yum groupinstall ‘Development Libraries’

yum install rpm-build gcc mysql-devel openssl-devel cyrus-sasl-devel pkgconfig zlib-devel pcre-devel openldap-devel postgresql-devel expect libtool-ltdl-devel openldap-servers libtool gdbm-devel pam-devel gamin-devel

3 Creating A Non-Priviledged User Account

RPM packages should not be built as root; courier-imap will even refuse to compile if it detects that the compilation is run as the root user. Therefore we create a normal user account now (falko in this example) and give him a password:

useradd -m -s /bin/bash falko
passwd falko

We will need the sudo command later on so that the user falko can compile and install the rpm packages. But first, we must allow falko to run all commands using sudo:

Run

visudo

In the file that opens there’s a line root ALL=(ALL) ALL. Add a similar line for falko just below that line:

[...]
## Allow root to run any commands anywhere
root    ALL=(ALL)       ALL
falko   ALL=(ALL)       ALL
[...]

4 Building courier-authlib, courier-imap, And maildrop

Now we are ready to build our rpm package. First become the user falko:

su falko

Next we create our build environment:

mkdir $HOME/rpm
mkdir $HOME/rpm/SOURCES
mkdir $HOME/rpm/SPECS
mkdir $HOME/rpm/BUILD
mkdir $HOME/rpm/SRPMS
mkdir $HOME/rpm/RPMS
mkdir $HOME/rpm/RPMS/i386

echo “%_topdir $HOME/rpm” >> $HOME/.rpmmacros

Now we create a downloads directory and download the source files from http://www.courier-mta.org/download.php:

mkdir $HOME/downloads
cd $HOME/downloads

wget http://prdownloads.sourceforge.net/courier/courier-authlib-0.60.2.tar.bz2
wget http://prdownloads.sourceforge.net/courier/courier-imap-4.2.1.tar.bz2
wget http://prdownloads.sourceforge.net/courier/maildrop-2.0.4.tar.bz2

4.1 courier-authlib

Now (still in $HOME/downloads) we can build courier-authlib:

sudo rpmbuild -ta courier-authlib-0.60.2.tar.bz2

After the build process, the rpm packages can be found in $HOME/rpm/RPMS/i386 ($HOME/rpm/RPMS/x86_64 if you are on an x86_64 system):

cd $HOME/rpm/RPMS/i386

The command

ls -l

shows you the available rpm packages:

[falko@server1 i386]$ ls -l
total 600
-rw-r–r– 1 root root 137335 2007-11-13 18:02 courier-authlib-0.60.2-1.fc8.i386.rpm
-rw-r–r– 1 root root 323827 2007-11-13 18:02 courier-authlib-debuginfo-0.60.2-1.fc8.i386.rpm
-rw-r–r– 1 root root  34201 2007-11-13 18:02 courier-authlib-devel-0.60.2-1.fc8.i386.rpm
-rw-r–r– 1 root root  18039 2007-11-13 18:02 courier-authlib-ldap-0.60.2-1.fc8.i386.rpm
-rw-r–r– 1 root root  14258 2007-11-13 18:02 courier-authlib-mysql-0.60.2-1.fc8.i386.rpm
-rw-r–r– 1 root root  13602 2007-11-13 18:02 courier-authlib-pgsql-0.60.2-1.fc8.i386.rpm
-rw-r–r– 1 root root   8336 2007-11-13 18:02 courier-authlib-pipe-0.60.2-1.fc8.i386.rpm
-rw-r–r– 1 root root  36859 2007-11-13 18:02 courier-authlib-userdb-0.60.2-1.fc8.i386.rpm
[falko@server1 i386]$

Select the ones you want to install, and install them like this:

sudo rpm -ivh courier-authlib-0.60.2-1.fc8.i386.rpm
sudo rpm -ivh courier-authlib-devel-0.60.2-1.fc8.i386.rpm
sudo rpm -ivh courier-authlib-mysql-0.60.2-1.fc8.i386.rpm

4.2 courier-imap

Now we go back to our downloads directory:

cd $HOME/downloads

and run rpmbuild again, this time without sudo, otherwise the compilation will fail because it was run as root:

rpmbuild -ta courier-imap-4.2.1.tar.bz2

After the build process, the rpm packages can be found in $HOME/rpm/RPMS/i386 ($HOME/rpm/RPMS/x86_64 if you are on an x86_64 system):

cd $HOME/rpm/RPMS/i386

The command

ls -l

shows you the available rpm packages:

[falko@server1 i386]$ ls -l
total 1284
-rw-r–r– 1 root root 137335 2007-11-13 18:02 courier-authlib-0.60.2-1.fc8.i386.rpm
-rw-r–r– 1 root root 323827 2007-11-13 18:02 courier-authlib-debuginfo-0.60.2-1.fc8.i386.rpm
-rw-r–r– 1 root root  34201 2007-11-13 18:02 courier-authlib-devel-0.60.2-1.fc8.i386.rpm
-rw-r–r– 1 root root  18039 2007-11-13 18:02 courier-authlib-ldap-0.60.2-1.fc8.i386.rpm
-rw-r–r– 1 root root  14258 2007-11-13 18:02 courier-authlib-mysql-0.60.2-1.fc8.i386.rpm
-rw-r–r– 1 root root  13602 2007-11-13 18:02 courier-authlib-pgsql-0.60.2-1.fc8.i386.rpm
-rw-r–r– 1 root root   8336 2007-11-13 18:02 courier-authlib-pipe-0.60.2-1.fc8.i386.rpm
-rw-r–r– 1 root root  36859 2007-11-13 18:02 courier-authlib-userdb-0.60.2-1.fc8.i386.rpm
-rw-rw-r– 1 falko falko 383455 2007-11-13 18:21 courier-imap-4.2.1-1.8.i386.rpm
-rw-rw-r– 1 falko falko 917771 2007-11-13 18:21 courier-imap-debuginfo-4.2.1-1.8.i386.rpm
[falko@server1 i386]$

You can install courier-imap like this:

sudo rpm -ivh courier-imap-4.2.1-1.8.i386.rpm

4.3 maildrop

Now we go back to our downloads directory:

cd $HOME/downloads

and run rpmbuild again:

sudo rpmbuild -ta maildrop-2.0.4.tar.bz2

After the build process, the rpm packages can be found in $HOME/rpm/RPMS/i386 ($HOME/rpm/RPMS/x86_64 if you are on an x86_64 system):

cd $HOME/rpm/RPMS/i386

The command

ls -l

shows you the available rpm packages:

[falko@server1 i386]$ ls -l
total 3128
-rw-r–r– 1 root  root  137343 2007-11-13 18:02 courier-authlib-0.60.2-1.fc8.i386.rpm
-rw-r–r– 1 root  root  324618 2007-11-13 18:02 courier-authlib-debuginfo-0.60.2-1.fc8.i386.rpm
-rw-r–r– 1 root  root   34208 2007-11-13 18:02 courier-authlib-devel-0.60.2-1.fc8.i386.rpm
-rw-r–r– 1 root  root   18042 2007-11-13 18:02 courier-authlib-ldap-0.60.2-1.fc8.i386.rpm
-rw-r–r– 1 root  root   14254 2007-11-13 18:02 courier-authlib-mysql-0.60.2-1.fc8.i386.rpm
-rw-r–r– 1 root  root   13599 2007-11-13 18:02 courier-authlib-pgsql-0.60.2-1.fc8.i386.rpm
-rw-r–r– 1 root  root    8339 2007-11-13 18:02 courier-authlib-pipe-0.60.2-1.fc8.i386.rpm
-rw-r–r– 1 root  root   36855 2007-11-13 18:02 courier-authlib-userdb-0.60.2-1.fc8.i386.rpm
-rw-rw-r– 1 falko falko 383455 2007-11-13 18:21 courier-imap-4.2.1-1.8.i386.rpm
-rw-rw-r– 1 falko falko 917771 2007-11-13 18:21 courier-imap-debuginfo-4.2.1-1.8.i386.rpm
-rw-r–r– 1 root  root  299030 2007-11-13 18:35 maildrop-2.0.4-1.8.i386.rpm
-rw-r–r– 1 root  root  752872 2007-11-13 18:35 maildrop-debuginfo-2.0.4-1.8.i386.rpm
-rw-r–r– 1 root  root  136235 2007-11-13 18:35 maildrop-devel-2.0.4-1.8.i386.rpm
-rw-r–r– 1 root  root   58439 2007-11-13 18:35 maildrop-man-2.0.4-1.8.i386.rpm
[falko@server1 i386]$

You can now install maildrop like this:

sudo rpm -ivh maildrop-2.0.4-1.8.i386.rpm

After you have compiled and installed all needed packages, you can become root again by typing

exit

5 My Fedora 8 Packages

Here are the links to my Fedora 8 (i386) packages:

• courier-authlib-0.60.2-1.fc8.i386.rpm
• courier-authlib-debuginfo-0.60.2-1.fc8.i386.rpm
• courier-authlib-devel-0.60.2-1.fc8.i386.rpm
• courier-authlib-ldap-0.60.2-1.fc8.i386.rpm
• courier-authlib-mysql-0.60.2-1.fc8.i386.rpm
• courier-authlib-pgsql-0.60.2-1.fc8.i386.rpm
• courier-authlib-pipe-0.60.2-1.fc8.i386.rpm
• courier-authlib-userdb-0.60.2-1.fc8.i386.rpm
• courier-imap-4.2.1-1.8.i386.rpm
• courier-imap-debuginfo-4.2.1-1.8.i386.rpm
• maildrop-2.0.4-1.8.i386.rpm
• maildrop-debuginfo-2.0.4-1.8.i386.rpm
• maildrop-devel-2.0.4-1.8.i386.rpm
• maildrop-man-2.0.4-1.8.i386.rpm

Copyright © 2007 Falko Timme
All Rights Reserved.

Configuring A High Availability Cluster (Heartbeat) On CentOS

This guide shows how you can set up a two node, high-availability HTTP cluster with heartbeat on CentOS. Both nodes use the Apache web server to serve the same content.

Pre-Configuration Requirements

1. Assign hostname node01 to primary node with IP address 172.16.4.80 to eth0.
2. Assign hostname node02 to slave node with IP address 172.16.4.81.

Note: on node01

uname -n

must return node01.

On node02

uname -n

must return node02.

172.16.4.82 is the virtual IP address that will be used for our Apache webserver (i.e., Apache will listen on that address).

Configuration

1. Download and install the heartbeat package. In our case we are using CentOS so we will install heartbeat with yum:

yum install heartbeat

or download these packages:

heartbeat-2.08
heartbeat-pils-2.08
heartbeat-stonith-2.08

2. Now we have to configure heartbeat on our two node cluster. We will deal with three files. These are:

authkeys
ha.cf
haresources

3. Now moving to our configuration. But there is one more thing to do, that is to copy these files to the /etc/ha.d directory. In our case we copy these files as given below:

cp /usr/share/doc/heartbeat-2.1.2/authkeys /etc/ha.d/
cp /usr/share/doc/heartbeat-2.1.2/ha.cf /etc/ha.d/
cp /usr/share/doc/heartbeat-2.1.2/haresources /etc/ha.d/

4. Now let’s start configuring heartbeat. First we will deal with the authkeys file, we will use authentication method 2 (sha1). For this we will make changes in the authkeys file as below.

vi /etc/ha.d/authkeys

Then add the following lines:

auth 2
2 sha1 test-ha

Change the permission of the authkeys file:

chmod 600 /etc/ha.d/authkeys

5. Moving to our second file (ha.cf) which is the most important. So edit the ha.cf file with vi:

vi /etc/ha.d/ha.cf

Add the following lines in the ha.cf file:

logfile /var/log/ha-log
logfacility local0
keepalive 2
deadtime 30
initdead 120
bcast eth0
udpport 694
auto_failback on
node node01
node node02

Note: node01 and node02 is the output generated by

uname -n

6. The final piece of work in our configuration is to edit the haresources file. This file contains the information about resources which we want to highly enable. In our case we want the webserver (httpd) highly available:

vi /etc/ha.d/haresources

Add the following line:

node01 172.16.4.82 httpd

7. Copy the /etc/ha.d/ directory from node01 to node02:

scp -r /etc/ha.d/ root@node02:/etc/

8. As we want httpd highly enabled let’s start configuring httpd:

vi /etc/httpd/conf/httpd.conf

Add this line in httpd.conf:

Listen 172.16.4.82:80

9. Copy the /etc/httpd/conf/httpd.conf file to node02:

scp /etc/httpd/conf/httpd.conf root@node02:/etc/httpd/conf/

10. Create the file index.html on both nodes (node01 & node02):

On node01:

echo “node01 apache test server” > /var/www/html/index.html

On node02:

echo “node02 apache test server” > /var/www/html/index.html

11. Now start heartbeat on the primary node01 and slave node02:

/etc/init.d/heartbeat start

12. Open web-browser and type in the URL:

http://172.16.4.82

It will show node01 apache test server.

13. Now stop the hearbeat daemon on node01:

/etc/init.d/heartbeat stop

In your browser type in the URL http://172.16.4.82 and press enter.

It will show node02 apache test server.

14. We don’t need to create a virtual network interface and assign an IP address (172.16.4.82) to it. Heartbeat will do this for you, and start the service (httpd) itself. So don’t worry about this.

Don’t use the IP addresses 172.16.4.80 and 172.16.4.81 for services. These addresses are used by heartbeat for communication between node01 and node02. When any of them will be used for services/resources, it will disturb hearbeat and will not work. Be carefull!!!

 
This page is licensed under a Creative Commons License.

Installing HP Systems Insight Manager On CentOS 

HP Systems Insight Manager is a free tool from HP that can monitor your network and receive SNMP Traps. It’s an excellent trap manager but also a system resource hog.

Hardware requirements for Linux are:

 - Minimum: 1.5-GHz processor and 768 MB RAM
 - Recommended: 2.4-GHz processor and 1 GB RAM

1. Install CentOS 5.0

2. Download HP SIM:

http://h18004.www1.hp.com/products/servers/management/hpsim/dl_linux.html

3. Installing the software

(The following section can be copied into a shell script):

# First do a upgrade of the system
yum update -y

# reboot if needed

# We need to trick the HP software so it thinks Redhat Enterprise is installed
nano /etc/redhat-release
   # Remove what it says and insert: Red Hat Enterprise Linux ES release 5

# Install dependencies
yum install compat-readline43 openssl097a compat-libstdc++-33 -y

# We need to change the posix default version
export _POSIX2_VERSION=199209

# And now we run the downloaded HP SIM Package
chmod +x HPSIM-Linux-C.05.01.00.00.bin
./HPSIM-Linux-C.05.01.00.00.bin

# Configuring the HP SIM for the system
/opt/mx/bin/mxinitconfig -l
/opt/mx/bin/mxinitconfig -a

# and done

You should now be able to login to the HP SIM via a web browser at http://$IP:280/
Log in with user root and the user’s password.

This HOWTO will not cover HP SIM Setup as it is very well documentet by HP here:

http://docs.hp.com/en/5991-4498/

Copyright © 2007 hore
All Rights Reserved.

Integrating eAccelerator Into PHP5 (CentOS 5.0)

Version 1.0
Author: Falko Timme <ft [at] falkotimme [dot] com>
Last edited 09/14/2007

This guide explains how to integrate eAccelerator into PHP5 on a CentOS 5.0 system. From the eAccelerator project page: “eAccelerator is a free open-source PHP accelerator, optimizer, and dynamic content cache. It increases the performance of PHP scripts by caching them in their compiled state, so that the overhead of compiling is almost completely eliminated. It also optimizes scripts to speed up their execution. eAccelerator typically reduces server load and increases the speed of your PHP code by 1-10 times.”

This document comes without warranty of any kind! I do not issue any guarantee that this will work for you!

1 Preliminary Note

I have tested this on a CentOS 5.0 server with the IP address 192.168.0.100 where Apache2 and PHP5 are already installed and working. I’ll use Apache’s default document root /var/www/html in this tutorial for demonstration purposes. Of course, you can use any other vhost as well, but you might have to adjust the path to the info.php file that I’m using in this tutorial.

2 Checking PHP5′s Current State

First, before we install eAccelerator, let’s find out about our PHP5 installation. To do this, we create the file info.php in our document root /var/www/html:

vi /var/www/html/info.php

<?php
phpinfo();
?>

Afterwards, we call that file in a browser: http://192.168.0.100/info.php

As you see, we have PHP 5.1.6 installed…

… but eAccelerator isn’t mentioned anywhere on the page:

3 Installing eAccelerator

Unfortunately, there’s no eAccelerator package for CentOS 5.0 in the official repositories, therefore we must compile and install it from the sources. Before we can do this, we need to install some prerequisites:

yum install php-devel

yum groupinstall ‘Development Tools’

Now we can download and install eAccelerator like this (make sure that you get the latest version from the eAccelerator web site):

cd /tmp
wget http://bart.eaccelerator.net/source/0.9.5.2/eaccelerator-0.9.5.2.tar.bz2
tar xvfj eaccelerator-0.9.5.2.tar.bz2
cd eaccelerator-0.9.5.2
phpize
./configure
make
make install

eAccelerator is now installed. Now we have to tell our PHP installation that it should make use of eAccelerator. On CentOS 5.0, the configuration files for the various PHP 5 modules are stored in the /etc/php.d directory, and this directory is referenced in the main PHP5 configuration file /etc/php.ini, meaning all files in /etc/php.d are read in whenever Apache is started/restarted. So all we do is create the file /etc/php.d/eaccelerator.ini:

vi /etc/php.d/eaccelerator.ini

extension="eaccelerator.so"
eaccelerator.shm_size="16"
eaccelerator.cache_dir="/var/cache/eaccelerator"
eaccelerator.enable="1"
eaccelerator.optimizer="1"
eaccelerator.check_mtime="1"
eaccelerator.debug="0"
eaccelerator.filter=""
eaccelerator.shm_max="0"
eaccelerator.shm_ttl="0"
eaccelerator.shm_prune_period="0"
eaccelerator.shm_only="0"
eaccelerator.compress="1"
eaccelerator.compress_level="9"

(You can read up on the various configuration settings on this page: http://www.eaccelerator.net/wiki/Settings.)

As you see, we are using the disk cache directory /var/cache/eaccelerator which we must create now and make it world-writable:

mkdir -p /var/cache/eaccelerator
chmod 0777 /var/cache/eaccelerator

Afterwards, we restart Apache so that our new PHP configuration takes effect:

/etc/init.d/httpd restart

Afterwards, open info.php again in a browser: http://192.168.0.100/info.php

You should now see eAccelerator mentioned on the page which means it has successfully been integrated and is working as expected (I’ve marked the eAccelerator line in the below screenshot for better visibility):

4 Links

• eAccelerator: http://www.eaccelerator.net
• PHP: http://www.php.net
• CentOS: http://www.centos.org

Copyright © 2007 Falko Timme
All Rights Reserved.

Related Tutorials

• How To Harden PHP5 With Suhosin On CentOS 5.0
• Apache2-SSL-PHP5-Howto (+ Zend Optimizer And IonCube Loader)

Installing Lighttpd With PHP5 And MySQL Support On CentOS 5.0

Version 1.0
Author: Falko Timme <ft [at] falkotimme [dot] com>
Last edited 10/01/2007

Lighttpd is a secure, fast, standards-compliant web server designed for speed-critical environments. This tutorial shows how you can install Lighttpd on a CentOS 5.0 server with PHP5 support (through FastCGI) and MySQL support.

I do not issue any guarantee that this will work for you!

1 Preliminary Note

In this tutorial I use the hostname server1.example.com with the IP address 192.168.0.100. These settings might differ for you, so you have to replace them where appropriate.

2 Installing MySQL 5.0

First we install MySQL 5.0 like this:

yum install mysql mysql-server

Then we create the system startup links for MySQL (so that MySQL starts automatically whenever the system boots) and start the MySQL server:

chkconfig –levels 235 mysqld on
/etc/init.d/mysqld start

Create a password for the MySQL user root (replace yourrootsqlpassword with the password you want to use):

mysqladmin -u root password yourrootsqlpassword

Then check with

netstat -tap | grep mysql

on which addresses MySQL is listening. If the output looks like this:

tcp        0      0 localhost.localdo:mysql *:*                     LISTEN     2713/mysqld

which means MySQL is listening on localhost.localdomain only, then you’re safe with the password you set before. But if the output looks like this:

tcp        0      0 *:mysql *:*                     LISTEN     2713/mysqld

you should set a MySQL password for your hostname, too, because otherwise anybody can access your database and modify data:

mysqladmin -h server1.example.com -u root password yourrootsqlpassword

3 Installing Lighttpd

Lighttpd is not available from the official CentOS 5.0 repositories, but from the RPMforge repositories (see http://dag.wieers.com/rpm/FAQ.php#B2 for instructions). We install the RPMforge package for RHEL 5 which works for CentOS 5.0 as well:

rpm -Uhv http://apt.sw.be/redhat/el5/en/i386/rpmforge/RPMS/rpmforge-release-0.3.6-1.el5.rf.i386.rpm

Afterwards, we can install Lighttpd like this:

yum install lighttpd

Then we create the system startup links for Lighttpd (so that Lighttpd starts automatically whenever the system boots) and start it:

chkconfig –levels 235 lighttpd on
/etc/init.d/lighttpd start

Now direct your browser to http://192.168.0.100, and you should see the Lighttpd placeholder page:

Lighttpd’s default document root is /srv/www/lighttpd on CentOS 5.0, and the configuration file is /etc/lighttpd/lighttpd.conf.

4 Installing PHP5

We can make PHP5 work in Lighttpd through FastCGI. Therefore we install the packages lighttpd-fastcgi and php-cli:

yum install lighttpd-fastcgi php-cli

5 Configuring Lighttpd And PHP5

To enable PHP5 in Lighttpd, we must modify two files, /etc/php.ini and /etc/lighttpd/lighttpd.conf. First we open /etc/php.ini and add the line cgi.fix_pathinfo = 1 right at the end of the file:

vi /etc/php.ini

[...]
cgi.fix_pathinfo = 1

Then we open /etc/lighttpd/lighttpd.conf and uncomment “mod_fastcgi”, in the server.modules stanza:

vi /etc/lighttpd/lighttpd.conf

[...]
server.modules              = (
#                               "mod_rewrite",
#                               "mod_redirect",
#                               "mod_alias",
                                "mod_access",
#                               "mod_cml",
#                               "mod_trigger_b4_dl",
#                               "mod_auth",
#                               "mod_status",
#                               "mod_setenv",
                                "mod_fastcgi",
#                               "mod_proxy",
#                               "mod_simple_vhost",
#                               "mod_evhost",
#                               "mod_userdir",
#                               "mod_cgi",
#                               "mod_compress",
#                               "mod_ssi",
#                               "mod_usertrack",
#                               "mod_expire",
#                               "mod_secdownload",
#                               "mod_rrdtool",
                                "mod_accesslog" )
[...]

and then , further down the file, there’s a fastcgi.server stanza which we uncomment as well – make sure you use /usr/bin/php-cgi instead of /usr/local/bin/php in the “bin-path” line::

[...]
#### fastcgi module
## read fastcgi.txt for more info
fastcgi.server             = ( ".php" =>
                               ( "localhost" =>
                                 (
                                   "socket" => "/tmp/php-fastcgi.socket",
                                   "bin-path" => "/usr/bin/php-cgi"
                                 )
                               )
                            )
[...]

Then we restart Lighttpd:

/etc/init.d/lighttpd restart

• Installing Lighttpd With PHP5 And MySQL Support On CentOS 5.0 – Page 2

next Installing Lighttpd With PHP5 And MySQL Support On CentOS 5.0 – Page 2
Copyright © 2007 Falko Timme
All Rights Reserved.

Related Tutorials

• Installing Lighttpd With PHP5 And MySQL Support On Fedora 7
• Installing Lighttpd With PHP5 And MySQL Support On Debian Etch