The Doctor's to-do list: Difference between revisions
From HacDC Wiki
No edit summary |
No edit summary |
||
| Line 17: | Line 17: | ||
* Figure out a good PHP build configuration that | * Figure out a good PHP build configuration that | ||
** for optimal FastCGI compatibility, needs to be >= v5.3.3. We've got this covered with the .Slackbuild for Slackware v13.37. | ** for optimal FastCGI compatibility, needs to be >= v5.3.3. We've got this covered with the .Slackbuild for Slackware v13.37. | ||
** [http://interfacelab.com/nginx-php-fpm-apc-awesome/ runs under FastCGI] | ** <strike>[http://interfacelab.com/nginx-php-fpm-apc-awesome/ runs under FastCGI]</strike> | ||
** [http://renebakx.nl/22/compiling-php-5-3-3-with-nginx-on-ubuntu-10-4-for-drupal-7/ more FastCGI] | ** <strike>[http://renebakx.nl/22/compiling-php-5-3-3-with-nginx-on-ubuntu-10-4-for-drupal-7/ more FastCGI]</strike> | ||
** <strike>includes SQLite</strike> | ** <strike>includes SQLite</strike> | ||
** <strike>includes MySQL</strike> | ** <strike>includes MySQL</strike> | ||
| Line 25: | Line 25: | ||
* Build PHP packages and check them into SVN. | * Build PHP packages and check them into SVN. | ||
** <strike>Use the Slackware v.13.37 .Slackbuild script as a base</strike> | ** <strike>Use the Slackware v.13.37 .Slackbuild script as a base</strike> | ||
** ./configure options I'm using for testing before packaging: | ** <strike>./configure options I'm using for testing before packaging:</strike> | ||
*** --enable-fpm --enable-mbstring --disable-pdo --with-curl --disable-debug --disable-rpath --enable-inline-optimization --with-bz2 --with-zlib --enable-sockets --enable-sysvsem --enable-sysvshm --enable-pcntl --enable-mbregex --enable-zip --with-pcre-regex --with-openssl --with-mysql --with-mysql-sock=/var/run/mysql/mysql.sock --with-mysqli --enable-sqlite-utf8 --prefix=/usr --with-gmp --enable-intl --with-xsl --enable-zip --without-ldap --with-mcrypt | *** <strike>--enable-fpm --enable-mbstring --disable-pdo --with-curl --disable-debug --disable-rpath --enable-inline-optimization --with-bz2 --with-zlib --enable-sockets --enable-sysvsem --enable-sysvshm --enable-pcntl --enable-mbregex --enable-zip --with-pcre-regex --with-openssl --with-mysql --with-mysql-sock=/var/run/mysql/mysql.sock --with-mysqli --enable-sqlite-utf8 --prefix=/usr --with-gmp --enable-intl --with-xsl --enable-zip --without-ldap --with-mcrypt</strike> | ||
** <strike>Need to rewrite the destination for the module in the .Slackbuild because we're building against nginx and not Apache. The .Slackbuild is going to require serious modifications.</strike> | ** <strike>Need to rewrite the destination for the module in the .Slackbuild because we're building against nginx and not Apache. The .Slackbuild is going to require serious modifications.</strike> | ||
** Need to configure so that it's | ** Need to configure so that it's | ||
| Line 50: | Line 50: | ||
** <strike>checks for the presence of a node's SSL cert in /etc/nginx (the default)</strike> | ** <strike>checks for the presence of a node's SSL cert in /etc/nginx (the default)</strike> | ||
** <strike>terminates if one is found</strike> | ** <strike>terminates if one is found</strike> | ||
* Set Porteus up to set its hostname to the IPv6 address of the node. | * Set Porteus up to set its hostname to the IPv6 address of the primary wireless interface of the node. | ||
* Write a PHP app that | * Write a PHP app that | ||
** displays a "Hello, User!" message | ** displays a "Hello, User!" message | ||
| Line 59: | Line 59: | ||
** has to be mobile-friendly | ** has to be mobile-friendly | ||
* Install crypto.cat on my development instance | * Install crypto.cat on my development instance | ||
** requires PHP | ** <strike>requires PHP</strike> | ||
** will need its UI tweaked to be more mobile-friendly | ** will need its UI tweaked to be more mobile-friendly | ||
** Create a crypto.cat Porteus package and check it into SVN | ** Create a crypto.cat Porteus package and check it into SVN | ||
| Line 77: | Line 77: | ||
** have to start it by hand a few times to figure out how to automate and package it | ** have to start it by hand a few times to figure out how to automate and package it | ||
* install status.net on my development instance | * install status.net on my development instance | ||
** requires PHP, MySQL | ** <strike>requires PHP, MySQL</strike> | ||
** nginx must have URL rewriting available | ** nginx must have URL rewriting available | ||
** PHP must have support for Curl, XMLwriter, MySQL, GD, mbstring, gettext (all required for status.net), SQLite (to read configuration databases) | ** PHP must have support for Curl, XMLwriter, MySQL, GD, mbstring, gettext (all required for status.net), SQLite (to read configuration databases) | ||
| Line 84: | Line 84: | ||
** need to make the mobile skin the default and erase the others to free up disk space | ** need to make the mobile skin the default and erase the others to free up disk space | ||
** will need to write a sub-config file for nginx | ** will need to write a sub-config file for nginx | ||
** configure for longer messages - 560 characters? 700 characters | ** configure for longer messages - 560 characters? 700 characters? | ||
** configure to make it easy to set up accounts on a node - no e-mail verification | ** configure to make it easy to set up accounts on a node - no e-mail verification | ||
** enable image upload and display | ** enable image upload and display | ||
Revision as of 05:29, 5 September 2011
Stuff will be stricken out as I finish it. If anyone wants to jump in and help me with this, by all means do so, just put your initials at the end so I know who did what.
In no particular order, this is the stuff I want to accomplish over Labor Day weekend:
The build configuration in the .Slackbuild for nginx is already pretty much what we need.I used the following command line to force nginx to use a custom pseudouser and pseudogroup rather than nobody and nobody (respectively): NGINXUSER=nginx NGINXGROUP=nginx ./nginx.SlackBuildA user and group called 'nginx' will have to be created in the OS before this will work. This is to sandbox the daemon more effectively.The /etc/nginx/nginx.conf file will have to be modified. I'll check that into Git as well.Need to create two directories, /etc/nginx/apps (for active web apps) and /etc/nginx/offline_apps (self explanatory) in the .Slackbuild.Need to create /srv/nginx in the .Slackbuild for the web apps to go into./srv/nginx/root is for the /index.php script- /srv/nginx/<app> is for web apps
Owned by nginx.nginx, mod 0755.
Due to how the tgz-to-xzm conversion process works, doinst.sh is not called, so there are some steps that we have to be done by the .Slackbuild script.
- Test that particular build of nginx against a couple of PHP apps.
Build nginx packages and check them into SVN.- Figure out a good PHP build configuration that
- for optimal FastCGI compatibility, needs to be >= v5.3.3. We've got this covered with the .Slackbuild for Slackware v13.37.
runs under FastCGImore FastCGIincludes SQLiteincludes MySQL
- Test that particular build of PHP against a couple of apps.
Write a .Slackbuild script for new version of PHP with the configuration I work out. There's a bug in v5.3.6 in that it won't build without LDAP support.- Build PHP packages and check them into SVN.
Use the Slackware v.13.37 .Slackbuild script as a base./configure options I'm using for testing before packaging:--enable-fpm --enable-mbstring --disable-pdo --with-curl --disable-debug --disable-rpath --enable-inline-optimization --with-bz2 --with-zlib --enable-sockets --enable-sysvsem --enable-sysvshm --enable-pcntl --enable-mbregex --enable-zip --with-pcre-regex --with-openssl --with-mysql --with-mysql-sock=/var/run/mysql/mysql.sock --with-mysqli --enable-sqlite-utf8 --prefix=/usr --with-gmp --enable-intl --with-xsl --enable-zip --without-ldap --with-mcrypt
Need to rewrite the destination for the module in the .Slackbuild because we're building against nginx and not Apache. The .Slackbuild is going to require serious modifications.- Need to configure so that it's
Set up an account on the Porteus forums and post the link to our SVN repo.- Develop a configuration for nginx that
is lightweightsomewhat optimized- modular, so that each app has its own included config file
- hardened
- Write a web app for the control panel that
- Can start and stop nginx on demand
- store its configuration in a database
- move sub-config files for nginx that represent PHP apps into and out of the /etc/nginx/conf.d directory
- force nginx to reload its config files every time an app is (de-)configured
/usr/sbin/nginx -s reload
Get OpenSSL working in nginxWrite an initscript thatchecks for the presence of a node's SSL cert in /etc/nginx (the default)terminates if one is found
- Set Porteus up to set its hostname to the IPv6 address of the primary wireless interface of the node.
- Write a PHP app that
- displays a "Hello, User!" message
- displays links to apps hosted on the node which happen to be active
- removes links to apps hosted on the node that are deactivated
- I don't know PHP... can we find someone who does?
- Would have to reference the SQLite database which keeps track of the active and inactive web apps and modifies the output accordingly
- has to be mobile-friendly
- Install crypto.cat on my development instance
requires PHP- will need its UI tweaked to be more mobile-friendly
- Create a crypto.cat Porteus package and check it into SVN
- Install etherpad-lite on my development instance
- requires node.js, for which there exists a Slackpack
- build a Slackpack of node.js, convert into Porteus package, check everything into SVN
- write an initscript that can start up crypto.cat when called but not at boot
- will have to be controlled by the control panel, store its configuration in a database
- write a sub-config file for nginx that passes through the /pad URL to localhost:9001
- requires NPM
- that will need to be packaged and checked in separately, I think.
- run it in verbose mode to keep an eye on it
- if it installs more stuff, we should bundle the whole mess into the NPM Porteus package
- really should run as an unprivileged user
- really should listen on the loopback interface only
- pay attention to the reverse-proxy howto for nginx!
- have to start it by hand a few times to figure out how to automate and package it
- requires node.js, for which there exists a Slackpack
- install status.net on my development instance
requires PHP, MySQL- nginx must have URL rewriting available
- PHP must have support for Curl, XMLwriter, MySQL, GD, mbstring, gettext (all required for status.net), SQLite (to read configuration databases)
- nginx installation instructions!
- will need to pre-configure it for security and usability
- need to make the mobile skin the default and erase the others to free up disk space
- will need to write a sub-config file for nginx
- configure for longer messages - 560 characters? 700 characters?
- configure to make it easy to set up accounts on a node - no e-mail verification
- enable image upload and display
- Write a dependency manager for apps
- some web apps require MySQL, some don't
- only start MySQL if it's not running already for the ones that don't
- Write a web app that (de-)configures gateway mode for babeld. I think it's a matter of pushing a route to 0.0.0.0 or not, have to read up on it.
Installed the pre-converted MySQL Porteus package from the distro-download archive.- Need to pre-configure MySQL for small-ish systems
- Need to pre-harden MySQL
- Change the default password to something else.
- Need to pre-create accounts, databases for all web apps and give them strong passwords. They need to be ready to go when they're started up.
- Harden /etc/sysctl.conf!