[HOWTO] Install mysql,php,apache,proftpd, etc LATEST versions via Yum for CentOS

Discussion in 'General Linux HOWTOs' started by class101, Nov 22, 2007.

  1. class101

    class101 New Member

    I have found these informations on the web and this may interest you if you would like to have this last version packages wich are the most important for a website (of course I have tested and using this and all products are working perfectly):

    CentOS does not provide proftpd in its reprository, you have to manually install it or an easier way is to add the repo location where proftpd is updated, follow my instructions:

    go in /etc/yum.repos.d and open the file CentOS-Base.repo and add this to the bottom of the file:

    Code:
    [utterramblings]
    name=Jason's Utter Ramblings Repo
    baseurl=http://www.jasonlitka.com/media/EL$releasever/$basearch/
    enabled=1
    gpgcheck=1
    gpgkey=http://www.jasonlitka.com/media/RPM-GPG-KEY-jlitka
    
    [dag]
    name=Dag RPM Repository for Red Hat Enterprise Linux
    baseurl=http://apt.sw.be/redhat/el$releasever/en/$basearch/dag
    gpgcheck=1
    enabled=1
    
    The first repo utterrambling is from jasonlitka.com/yum-repository, the guy maintaining this is cool to setup this and provide us with last apache 2.2.6 php 5.2.5 for example :)

    The second one is a redhat one compatible with CentOS wich as much more updated stuffs. (this one has proftpd 1.3.1)

    Import GPG keys to check packages validity

    Code:
    [B]rpm --import http://dag.wieers.com/packages/RPM-GPG-KEY.dag.txt[/B]  
    [B]rpm --import [/B][B]http://www.jasonlitka.com/media/RPM-GPG-KEY-jlitka[/B]
    
    Then simply type yum install proftpd and it will automatically install the last version, I'd recommand you to yum update, this will update automaticaly mysql apache php to your latest version, make sure theses packages are not in the exclusion list of your yum.conf so.

    Hope it helps.
     
  2. ppc

    ppc Moderator

    Thanks for sharing the Great tutorial class101!

    Moved to tutorials.

    Regards,
     
  3. class101

    class101 New Member

    ha yes sorry for not enough looking into all available sections before posting :)
     
  4. bigu_c

    bigu_c New Member

    Thanks class101, but i have a (stupid) question:

    how to create a user (or using root) to access via FTP?

    I'm using FlashFXP, but when connect with:

    Server: My IP VPS
    Username: root
    Password: my VPS password

    In Authentication options, i set Allow login by root to YES

    But i cannot connect to FPT.

    Second: How to create a user to connect via FPT?

    Thank you for your reading!

    Bigu,
     
  5. class101

    class101 New Member

    Me I have made this with webmin, here is what my configuration looks like:

    Code:
    # This is the ProFTPD configuration file
    # $Id: proftpd.conf,v 1.1 2004/02/26 17:54:30 thias Exp $
    
    ServerName "Restricted Area"
    ServerIdent off
    ServerAdmin [B]email[/B]
    ServerType standalone
    DefaultServer on
    AccessGrantMsg            "User %u logged in."
    #DisplayConnect            /etc/ftpissue
    #DisplayLogin            /etc/ftpmotd
    #DisplayGoAway            /etc/ftpgoaway
    DeferWelcome off
    
    # Use this to excude users from the chroot
    
    # Use pam to authenticate (default) and be authoritative
    AuthPAMConfig            proftpd
    AuthOrder            mod_auth_pam.c* mod_auth_unix.c
    
    # Do not perform ident nor DNS lookups (hangs when the port is filtered)
    IdentLookups off
    UseReverseDNS off
    
    # Port 21 is the standard FTP port.
    Port [B]21[/B]
    
    # Umask 022 is a good standard umask to prevent new dirs and files
    # from being group and world writable.
    Umask                022
    
    # Default to show dot files in directory listings
    ListOptions            "-a"
    
    # See Configuration.html for these (here are the default values)
    #MultilineRFC2228        off
    #RootLogin            off
    #LoginPasswordPrompt        on
    MaxLoginAttempts        5
    #MaxClientsPerHost        none
    #AllowForeignAddress        off    # For FXP
    
    # Allow to resume not only the downloads but the uploads too
    AllowRetrieveRestart on
    AllowStoreRestart on
    
    # To prevent DoS attacks, set the maximum number of child processes
    # to 30.  If you need to allow more than 30 concurrent connections
    # at once, simply increase this value.  Note that this ONLY works
    # in standalone mode, in inetd mode you should use an inetd server
    # that allows you to limit maximum number of processes per service
    # (such as xinetd)
    MaxInstances 10
    
    # Set the user and group that the server normally runs at.
    User                nobody
    Group                nobody
    
    # Disable sendfile by default since it breaks displaying the download speeds in
    # ftptop and ftpwho
    UseSendfile            no
    
    # This is where we want to put the pid file
    ScoreboardFile            /var/run/proftpd.score
    
    # Normally, we want users to do a few things.
    <Global>
      AllowOverwrite        yes
    <Limit CWD MKD RNFR DELE RMD RETR STOR SITE_CHMOD ALL>
    AllowAll 
    </Limit>
    DefaultRoot /home/<yourpath>
    DefaultChdir /home/<yourpath>
    RootLogin off
    RequireValidShell off
    AllowForeignAddress on
    AllowRetrieveRestart on
    AllowStoreRestart on
    IdentLookups off
    MaxClients 2
    MaxClientsPerHost 2
    DeleteAbortedStores off
    WtmpLog off
    UserPassword <your user created on VPS> <new pasword setup & encrypted with webmin that override the VPS password>
    MaxLoginAttempts 3
    TransferLog NONE
    ServerIdent off
    </Global>
    
    # Define the log formats
    LogFormat default "%h %l %u %t \"%r\" %s %b"
    LogFormat auth "%v [%P] %h %t \"%r\" %s"
    SocketBindTight on
    TimesGMT on
    SystemLog /home/<yourpath>/logs/proftpd_log
    
    # TLS
    # Explained at http://www.castaglia.org/proftpd/modules/mod_tls.html
    #TLSEngine            on
    #TLSRequired            on
    #TLSRSACertificateFile        /etc/pki/tls/certs/proftpd.pem
    #TLSRSACertificateKeyFile    /etc/pki/tls/certs/proftpd.pem
    #TLSCipherSuite            ALL:!ADH:!DES
    #TLSOptions            NoCertRequest
    #TLSVerifyClient        off
    ##TLSRenegotiate        ctrl 3600 data 512000 required off timeout 300
    #TLSLog                /var/log/proftpd/tls.log
    
    # SQL authentication Dynamic Shared Object (DSO) loading
    # See README.DSO and howto/DSO.html for more details.
    #<IfModule mod_dso.c>
    #   LoadModule mod_sql.c
    #   LoadModule mod_sql_mysql.c
    #   LoadModule mod_sql_postgres.c
    #</IfModule>
    
    # A basic anonymous configuration, with an upload directory.
    #<Anonymous ~ftp>
    #  User                ftp
    #  Group                ftp
    #  AccessGrantMsg        "Anonymous login ok, restrictions apply."
    #
    #  # We want clients to be able to login with "anonymous" as well as "ftp"
    #  UserAlias            anonymous ftp
    #
    #  # Limit the maximum number of anonymous logins
    #  MaxClients            10 "Sorry, max %m users -- try again later"
    #
    #  # Put the user into /pub right after login
    #  #DefaultChdir            /pub
    #
    #  # We want 'welcome.msg' displayed at login, '.message' displayed in
    #  # each newly chdired directory and tell users to read README* files. 
    #  DisplayLogin            /welcome.msg
    #  DisplayFirstChdir        .message
    #  DisplayReadme            README*
    #
    #  # Some more cosmetic and not vital stuff
    #  DirFakeUser            on ftp
    #  DirFakeGroup            on ftp
    #
    #  # Limit WRITE everywhere in the anonymous chroot
    #  <Limit WRITE SITE_CHMOD>
    #    DenyAll
    #  </Limit>
    #
    #  # An upload directory that allows storing files but not retrieving
    #  # or creating directories.
    #  <Directory uploads/*>
    #    AllowOverwrite        no
    #    <Limit READ>
    #      DenyAll
    #    </Limit>
    #
    #    <Limit STOR>
    #      AllowAll
    #    </Limit>
    #  </Directory>
    #
    #  # Don't write anonymous accesses to the system wtmp file (good idea!)
    #  WtmpLog            off
    #
    #  # Logging for the anonymous transfers
    #  ExtendedLog        /var/log/proftpd/access.log WRITE,READ default
    #  ExtendedLog        /var/log/proftpd/auth.log AUTH auth
    #
    #</Anonymous>
    
    Never use your root to login, always enclose each application with a specific user to lower the hacking risks.

    For example me I have made the user <your user created on VPS> on the VPS, he has not access on console etc, and via webmin I have overwritten the VPS passwd with a proftpd encrypted passwd <new pasword setup & encrypted with webmin that override the VPS password> to make it unique. Changing the default port and adding iptables rules to that port is a good idea so to firewall all unwanted possible bruteforcing tool that may try to break passwordS.

    Ha so in webmin I think you'll have to setup the Pid file manually in the module config page, define the default pid path to (/var/run/proftpd.pid) and you should be able then to start/stop the server via webmin, else if I remember without you can see the stop server button but never the start one.

    For several users I dunno yet because haven't planned to make it public but it shouldn't be so hard to find in proftpd online documentations.

    And so if you are running the ftp server as user nobody group nobody, type in the shell:

    chown -R nobody:nobody /home/<yourhomeftppath>

    Where the home path is the one setup in proftpd, else your ftp wont be the file owner and you wont be able to change your files
     
  6. Xeriar

    Xeriar New Member

  7. Linuxuser

    Linuxuser New Member

    Thanks good tutorial.
     

Share This Page