The Doctor's to-do list
From HacDC Wiki
Stuff will be stricken out as I finish it. If anyone wants to jump in and help me with this, by all means do so, just put your initials at the end so I know who did what.
In no particular order, this is the stuff I want to accomplish over Labor Day weekend:
The build configuration in the .Slackbuild for nginx is already pretty much what we need.I used the following command line to force nginx to use a custom pseudouser and pseudogroup rather than nobody and nobody (respectively): NGINXUSER=nginx NGINXGROUP=nginx ./nginx.SlackBuildA user and group called 'nginx' will have to be created in the OS before this will work. This is to sandbox the daemon more effectively.The /etc/nginx/nginx.conf file will have to be modified. I'll check that into Git as well.Need to create two directories, /etc/nginx/apps (for active web apps) and /etc/nginx/offline_apps (self explanatory) in the .Slackbuild.Need to create /srv/nginx in the .Slackbuild for the web apps to go into./srv/nginx/root is for the /index.php script- /srv/nginx/<app> is for web apps
Owned by nginx.nginx, mod 0755.
Due to how the tgz-to-xzm conversion process works, doinst.sh is not called, so there are some steps that we have to be done by the .Slackbuild script.
- Test that particular build of nginx against a couple of PHP apps.
- Build nginx packages and check them into SVN.
- Figure out a good PHP build configuration that
- for optimal FastCGI compatibility, needs to be >= v5.3.3. We've got this covered with the .Slackbuild for Slackware v13.37.
- runs under FastCGI
- includes SQLite
- includes MySQL
- Test that particular build of PHP against a couple of apps.
- Write a .Slackbuild script for PHP with the configuration I work out.
- Build PHP packages and check them into SVN.
- Use the Slackware v.13.37 .Slackbuild script as a base
- ./configure options:
- EXTENSION_DIR=/usr/lib${LIBDIRSUFFIX}/php/extensions
- CFLAGS="$SLKCFLAGS"
- --prefix=/usr --libdir=/usr/lib${LIBDIRSUFFIX} --with-libdir=lib${LIBDIRSUFFIX} --sysconfdir=/etc --disable-safe-mode --disable-magic-quotes --enable-zend-multibyte --enable-mbregex --enable-tokenizer=shared --with-config-file-scan-dir=/etc/php --with-config-file-path=/etc/httpd --enable-mod_charset --with-layout=PHP --enable-sigchild --enable-xml --with-libxml-dir=/usr --enable-simplexml --enable-filter --disable-debug --with-openssl=shared --with-pcre-regex=/usr --with-zlib=shared,/usr --enable-bcmath=shared --with-bz2=shared,/usr --enable-calendar=shared --enable-ctype=shared --with-curl=shared --with-curlwrappers --with-mcrypt=/usr --enable-dba=shared --with-gdbm=/usr --with-db4=/usr --enable-exif=shared --enable-ftp=shared --with-gd=shared --with-jpeg-dir=/usr --with-png-dir=/usr --with-zlib-dir=/usr --with-xpm-dir=/usr --with-freetype-dir=/usr --with-t1lib=/usr --enable-gd-native-ttf --enable-gd-jis-conv --with-gettext=shared,/usr --with-gmp=shared,/usr --with-iconv=shared --with-imap-ssl=/usr --with-imap=$IMAPLIBDIR --with-ldap=shared --enable-mbstring=shared --enable-hash --with-mysql=shared,mysqlnd --with-mysqli=shared,mysqlnd --with-mysql-sock=/var/run/mysql/mysql.sock --enable-pdo=shared --with-pdo-mysql=shared,mysqlnd --with-pdo-sqlite=shared,/usr --with-pspell=shared,/usr --with-enchant=shared,/usr --with-mm=/usr --enable-shmop=shared --with-snmp=shared,/usr --enable-soap=shared --enable-sockets --with-sqlite=shared --with-sqlite3=shared --enable-sqlite-utf8 --with-regex=php --enable-sysvmsg --enable-sysvsem --enable-sysvshm --enable-wddx=shared --with-xsl=shared,/usr --enable-zip=shared --with-tsrm-pthreads --enable-shared=yes --enable-static=no --with-gnu-ld --with-pic --build=$ARCH-slackware-linux
- replace the "Make the Apache2 module version of PHP" code with "make the nginx module version of PHP" code
- Suggested ./configure options:
- --enable-fastcgi --enable-fpm --with-mcrypt=/usr --with-zlib=shared,/usr --enable-mbstring=shared --enable-pdo=shared --with-pdo-mysql=shared,mysqlnd --with-pdo-sqlite=shared,/usr --prefix=/usr --libdir=/usr/lib${LIBDIRSUFFIX} --with-libdir=lib${LIBDIRSUFFIX} --sysconfdir=/etc --with-curl=shared --with-curlwrappers --disable-debug --enable-pic --enable-inline-optimization --with-bz2=shared,/usr --with-zlib-dir=/usr --enable-sockets --enable-sysvshm --enable-sysvsem --enable-pcntl --enable-mbregex --with-mhash --enable-xslt --enable-memcache --enable-zip=shared --with-pcre-regex=/usr --disable-safe-mode --disable-magic-quotes --enable-zend-multibyte --with-config-file-scan-dir=/etc/php --enable-mod_charset --with-layout=PHP --enable-xml --with-libxml-dir=/usr --enable-simplexml --enable-filter --with-openssl=shared --enable-bcmath=shared --with-gd=shared --with-jpeg-dir=/usr --with-png-dir=/usr --with-xpm-dir=/usr --with-freetype-dir=/usr --with-t1lib=/usr --enable-gd-native-ttf --enable-gd-jis-conv --with-gettext=shared,/usr --with-gmp=shared,/usr --with-iconv=shared --enable-hash --with-mysql=shared,mysqlnd --with-mysqli=shared,mysqlnd --with-mysql-sock=/var/run/mysql/mysql.sock --with-pspell=shared,/usr --with-enchant=shared,/usr --with-mm=/usr --enable-shmop=shared --enable-soap=shared --with-sqlite=shared --with-sqlite3=shared --enable-sqlite-utf8 --with-regex=php --enable-sysvmsg --enable-wddx=shared --with-xsl=shared,/usr --with-tsrm-pthreads --enable-shared=yes --enable-static=no --with-gnu-ld --with-pic --build=$ARCH-slackware-linux
- Need to rewrite the destination for the module in the .Slackbuild because we're building against nginx and not Apache. The .Slackbuild is going to require serious modifications.
- Need to configure so that it's
- Set up an account on the Porteus forums and post the link to our SVN repo.
- Develop a configuration for nginx that
- is lightweight
- somewhat optimized
- modular, so that each app has its own included config file
- hardened
- Write a web app for the control panel that
- Can start and stop nginx on demand
- store its configuration in a database
- move sub-config files for nginx that represent PHP apps into and out of the /etc/nginx/conf.d directory
- force nginx to reload its config files every time an app is (de-)configured
- /usr/sbin/nginx -s reload
- Get OpenSSL working in nginx
Write an initscript thatchecks for the presence of a node's SSL cert in /etc/nginx (the default)terminates if one is found
- Set Porteus up to set its hostname to the IPv6 address of the node.
- Write a PHP app that
- displays a "Hello, User!" message
- displays links to apps hosted on the node which happen to be active
- removes links to apps hosted on the node that are deactivated
- I don't know PHP... can we find someone who does?
- Would have to reference the SQLite database which keeps track of the active and inactive web apps and modifies the output accordingly
- has to be mobile-friendly
- Install crypto.cat on my development instance
- requires PHP
- will need its UI tweaked to be more mobile-friendly
- Create a crypto.cat Porteus package and check it into SVN
- Install etherpad-lite on my development instance
- requires node.js, for which there exists a Slackpack
- build a Slackpack of node.js, convert into Porteus package, check everything into SVN
- write an initscript that can start up crypto.cat when called but not at boot
- will have to be controlled by the control panel, store its configuration in a database
- write a sub-config file for nginx that passes through the /pad URL to localhost:9001
- requires NPM
- that will need to be packaged and checked in separately, I think.
- run it in verbose mode to keep an eye on it
- if it installs more stuff, we should bundle the whole mess into the NPM Porteus package
- really should run as an unprivileged user
- really should listen on the loopback interface only
- pay attention to the reverse-proxy howto for nginx!
- have to start it by hand a few times to figure out how to automate and package it
- requires node.js, for which there exists a Slackpack
- install status.neet on my development instance
- requires PHP, MySQL
- nginx must have URL rewriting available
- PHP must have support for Curl, XMLwriter, MySQL, GD, mbstring, gettext (all required for status.net), SQLite (to read configuration databases)
- nginx installation instructions!
- will need to pre-configure it for security and usability
- need to make the mobile skin the default and erase the others to free up disk space
- will need to write a sub-config file for nginx
- configure for longer messages - 560 characters? 700 characters
- configure to make it easy to set up accounts on a node - no e-mail verification
- enable image upload and display
- Write a dependency manager for apps
- some web apps require MySQL, some don't
- only start MySQL if it's not running already for the ones that don't
- Write a web app that (de-)configures gateway mode for babeld. I think it's a matter of pushing a route to 0.0.0.0 or not, have to read up on it.
Installed the pre-converted MySQL Porteus package from the distro-download archive.- Need to pre-configure MySQL for small-ish systems
- Need to pre-harden MySQL
- Change the default password to something else.
- Need to pre-create accounts, databases for all web apps and give them strong passwords. They need to be ready to go when they're started up.
- Harden /etc/sysctl.conf!