JUST SO IT IS OBVIOUS, I GAVE UP ON THIS FOR THE MOMENT. DON'T HAVE THE TIME TO KEEP WORKING ON USING ARCH. GONE BACK TO MY UBUNTU SETUP WHICH IS DISAPPOINTING BUT NOT UP FOR THE FIDDLING REQUIRED AT THE MOMENT. MAYBE IN A WHILE YES.
Just wanted to try and work out how much effort is required to get Dovecot, Exim, DSPAM, Procmail, Nginx to match Ubuntu's versions in some form.
For instance, stock Exim is missing TLS support (though apparently now in testing version). Is DSPAM compiled for virtual users? So on and so forth.
tarasis ~/: sudo exim -bV Exim version 4.67 #1 built 04-Oct-2007 22:20:19 Copyright (c) University of Cambridge 2006 Berkeley DB: Sleepycat Software: Berkeley DB 4.3.29: (September 6, 2005) Support for: crypteq iconv() IPv6 PAM Perl GnuTLS move_frozen_messages Content_Scanning Old_Demime Lookups: lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmnz dnsdb dsearch ldap ldapdn ldapm mysql nis nis0 passwd pgsql sqlite Authenticators: cram_md5 cyrus_sasl dovecot plaintext spa Routers: accept dnslookup ipliteral iplookup manualroute queryprogram redirect Transports: appendfile/maildir/mailstore/mbx autoreply lmtp pipe smtp Fixed never_users: 0 Size of off_t: 8 Configuration file is /etc/exim4/exim4.conf
tarasis ~/: sudo dovecot --build-options Build options: ioloop=epoll notify=dnotify ipv6 openssl SQL drivers: mysql postgresql sqlite Passdb: checkpassword ldap pam passwd passwd-file shadow sql Userdb: checkpassword ldap passwd prefetch passwd-file sql static
Nothing useful
tarasis ~: procmail -v
procmail v3.22 2001/09/10
Copyright (c) 1990-2001, Stephen R. van den Berg <srb@cuci.nl>
Copyright (c) 1997-2001, Philip A. Guenther <guenther@sendmail.com>
Submit questions/answers to the procmail-related mailinglist by sending to:
<procmail-users@procmail.org>
And of course, subscription and information requests for this list to:
<procmail-users-request@procmail.org>
Locking strategies: dotlocking, fcntl()
Default rcfile: $HOME/.procmailrc
It may be writable by your primary group
Your system mailbox: /var/mail/robertm
Some info on the ubuntu package site about dependencies.
Hmm from the 3.6.8 diff for ubuntu
+The possible values for DEB_BUILD_OPTIONS are listed below. + + [ standard ] + noopt - disable optimizations + nostrip - disable binary stripping + + [ dspam specific ] + disable_virtual_users - disable storing the users in a database + disable_preferences_extension - disable storing the users' preferences in a database + disable_clamav - disable ClamAV antivirus support + verbose_debug - enable extensive debug (EXTREMELY DISCOURAGED for production systems) + debug - enable debug (currently enabled by default)
No idea what compile options used.
tarasis ~: sudo apache2 -V
Server version: Apache/2.2.4 (Ubuntu)
Server built: Feb 4 2008 20:29:58
Server's Module Magic Number: 20051115:5
Server loaded: APR 1.2.7, APR-Util 1.2.7
Compiled using: APR 1.2.7, APR-Util 1.2.7
Architecture: 64-bit
Server MPM: Worker
threaded: yes (fixed thread count)
forked: yes (variable process count)
Server compiled with....
-D APACHE_MPM_DIR="server/mpm/worker"
-D APR_HAS_SENDFILE
-D APR_HAS_MMAP
-D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)
-D APR_USE_SYSVSEM_SERIALIZE
-D APR_USE_PTHREAD_SERIALIZE
-D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
-D APR_HAS_OTHER_CHILD
-D AP_HAVE_RELIABLE_PIPED_LOGS
-D DYNAMIC_MODULE_LIMIT=128
-D HTTPD_ROOT=""
-D SUEXEC_BIN="/usr/lib/apache2/suexec"
-D DEFAULT_PIDLOG="/var/run/apache2.pid"
-D DEFAULT_SCOREBOARD="logs/apache_runtime_status"
-D DEFAULT_ERRORLOG="logs/error_log"
-D AP_TYPES_CONFIG_FILE="/etc/apache2/mime.types"
-D SERVER_CONFIG_FILE="/etc/apache2/apache2.conf"
tarasis ~: sudo nginx -V nginx version: nginx/0.5.35 built by gcc 4.1.3 20070929 (prerelease) (Ubuntu 4.1.2-16ubuntu2) configure arguments: --sbin-path=/usr/local/sbin --with-http_ssl_module
robertm ~/abs/local/exim $ exim -bV Exim version 4.68 #1 built 23-Nov-2007 20:17:06 Copyright (c) University of Cambridge 2006 Berkeley DB: Berkeley DB 4.6.21: (September 27, 2007) Support for: crypteq iconv() PAM TCPwrappers OpenSSL Content_Scanning Old_Demime Lookups: lsearch wildlsearch nwildlsearch iplsearch dbm dbmnz Authenticators: cram_md5 dovecot plaintext spa Routers: accept dnslookup ipliteral manualroute queryprogram redirect Transports: appendfile/maildir autoreply pipe smtp Fixed never_users: 0 Size of off_t: 8 Configuration file is /etc/mail/exim.conf
robertm ~/abs/local/exim/pkg/usr/sbin $ dovecot --build-options Build options: ioloop=poll notify=inotify ipv6 openssl SQL drivers: mysql postgresql Passdb: checkpassword pam passwd passwd-file shadow sql Userdb: checkpassword passwd prefetch passwd-file sql static
Okay so would need to play with yaourt & srcpac.
Tweak PKGBUILD for new options / version if they haven't been updated.
Note that if you want a new version than what the PKGBUILD is for then you have to also change the MD5 checksum for the src package.
Also the depends will need to be amended depending on what compile options are used.
The following steps are taken on my own and partly copied from the Ubuntu Gutsy articles on Slicehost.
First login, change your password
[root@tarasis ~]# passwd Enter new UNIX password: A-NEW-PASSWORD Retype new UNIX password: A-NEW-PASSWORD passwd: password updated successfully
Next add a new user for general usage
[root@tarasis ~]# adduser robertm
Login name for new user: robertm
User ID ('UID') [ defaults to next available ]:
Initial group [ users ]:
Additional groups (comma separated) []:
Home directory [ /home/robertm ]
Shell [ /bin/bash ]
Expiry date (YYYY-MM-DD) []:
New account will be created as follows:
---------------------------------------
Login name.......: robertm
UID..............: [ Next available ]
Initial group....: users
Additional groups: [ None ]
Home directory...: /home/robertm
Shell............: /bin/bash
Expiry date......: [ Never ]
This is it... if you want to bail out, hit Control-C. Otherwise, press
ENTER to go ahead and make the account.
Creating new account...
Changing the user information for robertm
Enter the new value, or press ENTER for the default
Full Name []: Robert McGovern
Room Number []:
Work Phone []:
Home Phone []:
Other []:
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
Account setup complete.
Next add the new user to the sudo users list.
[root@tarasis ~]# visudo
At the end of the file add the following line
USERNAME= ALL=(ALL) ALL
On your local box (if not already done), create a directory for ssh keys
mkdir ~/.ssh
Then generate a key, press return if you don't want to add a passphrase
ssh-keygen -t rsa
Next copy the public key to the slice
scp ~/.ssh/id_rsa.pub USER@SLICE-IP-ADDRESS:/home/USER-HOME-DIRECTORY/
Next put the key in the right location and fix permissions on the file. Note the first gotcha (compared to Ubuntu) is that the default group for a new user is users and not the username.
[root@tarasis ~]# mkdir /home/robertm/.ssh [root@tarasis ~]# mv /home/robertm/id_rsa.pub /home/robertm/.ssh/authorized_keys [root@tarasis ~]# chown -R robertm:users /home/robertm/.ssh [root@tarasis ~]# chmod 700 /home/robertm/.ssh [root@tarasis ~]# chmod 600 /home/robertm/.ssh/authorized_keys [root@tarasis ~]# mkdir /root/.ssh [root@tarasis ~]# mv /root/id_rsa.pub /root/.ssh/authorized_keys [root@tarasis ~]# chown -R root:root /root/.ssh [root@tarasis ~]# chmod 700 /root/.ssh [root@tarasis ~]# chmod 600 /root/.ssh/authorized_keys
Next, make SSH a bit more secure
vim /etc/ssh/sshd_config # Set the follow or check the are set Port 22 <--- change to a port of your choosing Protocol 2 PasswordAuthentication no X11Forwarding no UsePAM no UseDNS no AllowUsers robertm root
Next save the existing iptables rules
[root@tarasis ~]# iptables-save > /etc/iptables.up.rules
See what the current rules are
[root@tarasis ~]# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination
[root@tarasis ~]# vim /etc/iptables/iptables.test.rules #### Set the contents to *filter # Allows all loopback (lo0) traffic and drop all traffic to 127/8 that doesn't use lo0 -A INPUT -i lo -j ACCEPT -A INPUT -i ! lo -d 127.0.0.0/8 -j REJECT # Accepts all established inbound connections -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT # Allows all outbound traffic # You can modify this to only allow certain traffic -A OUTPUT -j ACCEPT # Allows HTTP and HTTPS connections from anywhere (the normal ports for websites) -A INPUT -p tcp --dport 25 -j ACCEPT -A INPUT -p tcp --dport 80 -j ACCEPT -A INPUT -p tcp --dport 110 -j ACCEPT -A INPUT -p tcp --dport 143 -j ACCEPT -A INPUT -p tcp --dport 443 -j ACCEPT -A INPUT -p tcp --dport 993 -j ACCEPT # Allows SSH connections # # THE -dport NUMBER IS THE SAME ONE YOU SET UP IN THE SSHD_CONFIG FILE # -A INPUT -p tcp -m state --state NEW --dport 22 -j ACCEPT # Allow ping -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT # log iptables denied calls -A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7 # Reject all other inbound - default deny unless explicitly allowed policy -A INPUT -j REJECT -A FORWARD -j REJECT COMMIT
Save the new rules and test them
[root@tarasis ~]# iptables-restore < /etc/iptables/iptables.test.rules [root@tarasis ~]# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywhere REJECT all -- anywhere 127.0.0.0/8 reject-with icmp-port-unreachable ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT tcp -- anywhere anywhere tcp dpt:smtp ACCEPT tcp -- anywhere anywhere tcp dpt:http ACCEPT tcp -- anywhere anywhere tcp dpt:pop3 ACCEPT tcp -- anywhere anywhere tcp dpt:imap ACCEPT tcp -- anywhere anywhere tcp dpt:https ACCEPT tcp -- anywhere anywhere tcp dpt:imaps ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh ACCEPT icmp -- anywhere anywhere icmp echo-request LOG all -- anywhere anywhere limit: avg 5/min burst 5 LOG level debug prefix `iptables denied: ' REJECT all -- anywhere anywhere reject-with icmp-port-unreachable Chain FORWARD (policy ACCEPT) target prot opt source destination REJECT all -- anywhere anywhere reject-with icmp-port-unreachable Chain OUTPUT (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywhere
If they look ago then save them.
iptables-save > /etc/iptables/iptables.up.rules
Now we want those rules used next time we startup so edit
vim /etc/conf.d/iptables
Then change the file like so, I commented out the IP6Tables lines because Slicehost at this time does not support IP6.
# Configuration for iptables rules IPTABLES=/usr/sbin/iptables #IP6TABLES=/usr/sbin/ip6tables #IPTABLES_CONF=/etc/iptables/iptables.rules IPTABLES_CONF=/etc/iptables/iptables.up.rules #IP6TABLES_CONF=/etc/iptables/ip6tables.rules IPTABLES_FORWARD=1 # enable IP forwarding?
Now edit the main config file to enable the iptables daemon on boot
[root@tarasis etc]# vim /etc/rc.conf
Search the file (should be at the end) and add iptables to the end of the DAEMONS line like this
DAEMONS=(syslog-ng network netfs crond sshd iptables)
Now reboot your slice and make sure that everything is working correctly
Then check that the kernel modules have been loaded correctly.
[root@tarasis ~]# lsmod Module Size Used by ipt_LOG 10752 1 xt_limit 7040 1 xt_tcpudp 7808 7 xt_state 6912 2 ip_conntrack 58920 1 xt_state nfnetlink 10952 1 ip_conntrack ipt_REJECT 9216 3 iptable_filter 7424 1 ip_tables 23256 1 iptable_filter x_tables 19720 6 ipt_LOG,xt_limit,xt_tcpudp,xt_state,ipt_REJECT,ip_tables usbcore 129724 1
Now lets log in as our user (robertm)
robert-mcgoverns-macbook:~ rob$ ssh robertm@67.207.135.17 Last login: Tue Feb 19 13:55:30 2008 from p5b05ef6a.dip.t-dialin.net
Lets make the terminal prompt a little prettier
[root@tarasis ~]# vim ~/.bashrc
The default contents are
alias ls='ls --color=auto' PS1='[\u@\h \W]\$ '
We want to make the server name and current directory different colours to make things stand out a little better. Comment out the existing PS1 line (add a # symbol before it) and add the following PS1 line. Note for further configuration tips then use this document.
For the user: PS1='\[\e[0;32m\]\u\[\e[m\] \[\e[1;34m\]\w\[\e[m\] \[\e[1;32m\]\$ \[\e[m\]\[\e[0;37m\] ' Foor root: PS1='\[\e[0;31m\]\u\[\e[m\] \[\e[1;34m\]\w\[\e[m\] \[\e[0;31m\]\$ \[\e[m\]\[\e[0;32m\] '
Then set the following command aliases to save some typing for regular commands.
alias update='sudo pacman -Sy' # pacman upgrade alias alias upgrade='sudo pacman -Syu' # Sync & Update alias install='sudo pacman -S' # Install a specific package alias remove='sudo pacman -Rns' # Remove a specific package alias search='pacman -Ss' # Search for a package
Lets run our first upgrade to get the baseline system up to date. First say Y to the replace mktemp question. Next Y to upgrading Pacman first.
robertm ~ $ upgrade Password: :: Synchronizing package databases... core 23.7K 91.8K/s 00:00:00 [##########################################################################################################################] 100% extra 303.3K 392.4K/s 00:00:01 [##########################################################################################################################] 100% :: Starting full system upgrade... :: Replace mktemp with core/coreutils? [Y/n] Y warning: dnsutils: forcing upgrade to version 9.4.2-1 :: pacman has detected a newer version of the "pacman" package. :: It is recommended that you allow pacman to upgrade itself :: first, then you can re-run the operation with the newer version. :: :: Upgrade pacman first? [Y/n] Y resolving dependencies... done. looking for inter-conflicts... done. Targets: libarchive-2.4.11-1 libdownload-1.3-1 pacman-3.1.1-1 Total Package Size: 1.26 MB Proceed with installation? [Y/n] Y :: Retrieving packages from core... libarchive 328.2K 346.8K/s 00:00:01 [##########################################################################################################################] 100% libdownload 55.2K 128.7K/s 00:00:00 [##########################################################################################################################] 100% pacman 903.6K 751.1K/s 00:00:01 [##########################################################################################################################] 100% checking package integrity... done. error: missing package filelist in /var/cache/pacman/pkg/pacman-3.1.1-1-x86_64.pkg.tar.gz, generating one cleaning up... done. (3/3) checking for file conflicts [##########################################################################################################################] 100% (1/3) upgrading libarchive [##########################################################################################################################] 100% (2/3) upgrading libdownload [##########################################################################################################################] 100% (3/3) upgrading pacman [##########################################################################################################################] 100% >>> The makepkg.conf syntax has changed, please note the new format >>> when merging the pacnew file with your old configuration. >>> >>> The pacman.conf default file has changed. Please update your >>> config to use the single mirrorlist, and any additional files >>> in /etc/pacman.d/ (core, extra, etc.) can be deleted. >>> >>> The location of sync DBs has moved from /var/lib/pacman/ to >>> /var/lib/pacman/sync/ for several reasons. To delete older >>> DBs, please run pacman -Sc and follow the instructions. >>> You will also have to run pacman -Sy to refresh the sync DBs. >>> >>> abs is no longer included; please install the 'abs' package >>> to use abs. You may need to edit abs.conf to re-enable repos.
Now carry out the clean printed out at the end of the upgrade process (if you get it)
robertm ~ $ cd /etc/pacman.d/ robertm /etc/pacman.d $ ls community core extra mirrorlist release testing unstable robertm /etc/pacman.d $ sudo rm community core extra release testing unstable
robertm ~ $ sudo pacman -Sc Password: Cache directory: /var/cache/pacman/pkg/ Do you want to remove uninstalled packages from cache? [Y/n] Y removing old packages from cache... done. Database directory: /var/lib/pacman/ Do you want to remove unused repositories? [Y/n] Y Do you want to remove /var/lib/pacman/core? [Y/n] Y Do you want to remove /var/lib/pacman/extra? [Y/n] Y Database directory cleaned up
Move the testing repository to the end of /etc/pacman.conf and enable it.
# Testing is disabled by default. To enable, uncomment the following # two lines. You can add preferred servers immediately after the header, # and they will be used before the default mirrors. [testing] Include = /etc/pacman.d/mirrorlist
Now lets try upgrading the system again. As its been a while there are a number of packages to upgrade. This was the output when I ran it.
robertm /etc/pacman.d $ upgrade
:: Synchronizing package databases...
core 23.8K 271.0K/s 00:00:00 [##########################################################################################################################] 100%
extra 304.4K 1325.5K/s 00:00:00 [##########################################################################################################################] 100%
community 336.1K 1362.5K/s 00:00:00 [##########################################################################################################################] 100%
testing 20.0K 340.3K/s 00:00:00 [##########################################################################################################################] 100%
:: Starting full system upgrade...
:: Replace mktemp with core/coreutils? [Y/n] Y
warning: dnsutils: forcing upgrade to version 9.4.2-1
warning: flex: forcing upgrade to version 2.5.33-4
resolving dependencies...
looking for inter-conflicts...
Remove: mktemp
Total Removed Size: 0.05 MB
Targets: coreutils-6.10-2 readline-5.2-7 bash-3.2.033-2 automake-1.10.1-2 device-mapper-1.02.24-1 dhcpcd-3.2.0-1 dialog-1.1_20071028-1 diffutils-2.8.1-5 dnsutils-9.4.2-1
e2fsprogs-1.40.4-1 file-4.23-1 filesystem-2007.11-6 findutils-4.2.32-1 flex-2.5.33-4 gcc-libs-4.2.3-3 gmp-4.2.2-2 mpfr-2.3.1-1 gcc-4.2.3-1 pcre-7.6-3
grep-2.5.3-3 groff-1.19.2-4 iputils-20070202-4 less-418-1 libgpg-error-1.6-1 libgcrypt-1.4.0-1 libtool-1.5.26-1 licenses-2.3-1 logrotate-3.7.5-1 lvm2-2.02.33-1
man-1.6f-2 man-pages-2.77-1 mkinitcpio-0.5.17-2 nano-2.0.7-1 python-2.5.1-5 sudo-1.6.9p12-1 syslog-ng-2.0.6-1 tzdata-2007k-1 vi-7.1.228-1 vim-7.1.228-1
wget-1.11-1 which-2.19-2
Total Download Size: 63.85 MB
Proceed with installation? [Y/n]
Answer yes to this question, now twiddle your thumbs for a few moments as the packages install. During the install process some warnings might be issued. For instance I got the following. Diff the differences and either put the pacnew version in place or adjust the existing config file if you wish to.
warning: /etc/profile installed as /etc/profile.pacnew warning: /etc/nanorc installed as /etc/nanorc.pacnew warning: /etc/sudoers installed as /etc/sudoers.pacnew
Install bash shell completion
robertm /etc/pacman.d $ sudo vim /etc/profile
ADD The following lines to the bottom of the file
# Enable Bash Completion for all users
if [ -f /etc/bash_completion ]; then
. /etc/bash_completion
fi
Also add the following to the .bashrc to get colourized output when doing a search.
# colorized pacman output with pacs alias:
alias pacs="pacsearch"
pacsearch () {
echo -e "$(pacman -Ss $@ | sed \
-e 's#core/.*#\\033[1;31m&\\033[0;37m#g' \
-e 's#extra/.*#\\033[0;32m&\\033[0;37m#g' \
-e 's#community/.*#\\033[1;35m&\\033[0;37m#g' \
-e 's#^.*/.* [0-9].*#\\033[0;36m&\\033[0;37m#g' )"
Install Yaourt, add the following to the end of /etc/pacman.conf. Update the sync files and install yaourt.
[archlinuxfr] Server = http://repo.archlinux.fr/x86_64
Finally, lets install ABS which is the Arch Build System
robertm ~ $ install abs resolving dependencies... looking for inter-conflicts... Targets: csup-20060318-5 abs-1.0-1 Total Download Size: 0.06 MB Proceed with installation? [Y/n]
Next edit the abs config file to enable the repos you want.
robertm ~ $ vim /etc/abs/abs.conf
Remove the exclamation marks to enable a repo and add an exclamation mark before the repo name to disable it.
SUPFILES=(core extra !unstable community testing)
Some setup the repositories, as root run the following. It will take a few moments as it pulls down relevant diffs and PKGBUILD files.
sudo abs
Edit the build CFLAGS to set theme as you wish (for instance to not delete the docs / info dirs from your builds)
sudo vim /etc/makepkg.conf
Create a build directory in your home directory
robertm ~ $ mkdir -p /home/robertm/abs/local
Then to build the ABS way (following pinched from here http://wiki.archlinux.org/index.php/ABS_-_The_Arch_Build_System#The_build_function.2C_the_ABS_way)
ABS is an elegant tool which allows for powerful assistance and customization for the build process, and creates a package file for installation. The ABS method involves copying an ABS from the Tree to a build directory, and doing makepkg. In our example, we will build the slim display manager package.
1. Copy the slim ABS from the Tree to a build directory.
cp /var/abs/extra/x11/slim/* /home/yourusername/abs/local/slim
2. Navigate to the build directory
cd /home/yourusername/abs/local/slim
3. Do makepkg, which will automatically download the source tarball, unpack, compile, and create foo.pkg.tar.gz The -i option invokes pacman to automatically install the resulting slim.pkg.tar.gz package file
makepkg -i
That's it. You have just built slim from source and cleanly installed it to your system with pacman. Package removal is also handled by pacman- (pacman -R slim)
Alternatively, you may do makepkg without the -i option, and manually install with pacman by doing:
pacman -U slim.pkg.tar.gz
The ABS method adds a level of convenience and automation, while still maintaining complete transparency and control of the build and installation functions by including them in the PKGBUILD.
TIP (from Cactus on the Slicehost forum)
“If you are running an Archlinux slice, you can save some ram.. about 3MB (heh).
open up /etc/inittab, and comment out the c2 through c6 lines. Those ttys are not used, and so that is wasted ram used to spawn those processes. I believe tty1 (c1) is used for the ajax console thing in the management interface.
A reboot later, and those additional agetty instances will now be gone.
Anyway. Random tip.”
Okay first install NGINX
robertm ~ $ install nginx Password: resolving dependencies... looking for inter-conflicts... Targets: nginx-0.5.35-1 Total Download Size: 0.21 MB Total Installed Size: 0.55 MB Proceed with installation? [Y/n] Y
This installs NGINX, creates the user and group nginx, it sets the default html directory and sets where the logs will be stored. The html placement is unusual and will not be used. Sites will instead be stored in /home/sites
robertm /etc/nginx $ ls -la total 12 drwxr-xr-x 3 root root 4096 2008-02-20 09:06 . drwxr-xr-x 30 root root 4096 2008-02-20 09:06 .. drwxr-xr-x 3 root root 4096 2008-02-20 09:24 conf lrwxrwxrwx 1 root root 19 2008-02-20 09:06 html -> /srv/www/nginx/html lrwxrwxrwx 1 root root 14 2008-02-20 09:06 logs -> /var/log/nginx
First lets create a directory for our virtual hosts
robertm /etc/nginx/conf $ cd /etc/nginx robertm /etc/nginx/conf $ sudo mkdir sites
Backup the default nginx config file nginx.conf
robertm /etc/nginx/conf $ sudo cp nginx.conf nginx.conf.org
Edit the config file and set the contents to the following
user nginx nginx;
worker_processes 4;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
include conf/proxy.conf;
include conf/fastcgi.conf;
include conf/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] $request '
'"$status" $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log logs/access.log main;
sendfile on;
#tcp_nopush on;
#tcp_nodelay on;
#keepalive_timeout 0;
keepalive_timeout 3;
gzip on;
gzip_comp_level 2;
gzip_proxied any;
gzip_types text/plain text/html text/css application/x-javascript text/xml application/xml application/xml+rss text/javascript;
include /etc/nginx/conf/sites/*;
}
Lets create a test site and see things are working properly. Edit a file test in the sites directory and copy the following content in
server {
listen 80;
server_name test.tarasis.net;
#access_log logs/host.access.log main;
location / {
root html;
index index.html index.htm;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
Then start NGINX up by hand, if you have a configuration error you will see a fail message.
robertm /srv/www/nginx/html $ sudo /etc/rc.d/nginx start :: Checking configuration [BUSY] 2008/02/20 09:56:52 [info] 9745#0: the configuration file /etc/nginx/conf/nginx.conf syntax is ok 2008/02/20 09:56:52 [info] 9745#0: the configuration file /etc/nginx/conf/nginx.conf was tested successfully [DONE] :: Starting Nginx [DONE]
Good, now point your browser to your slices ip address and checkout the default welcome message. In you see the following then it is working.
Welcome to nginx!
Now stop the server and lets enable it to start on boot
robertm /srv/www/nginx/html $ sudo /etc/rc.d/nginx stop robertm /srv/www/nginx/html $ sudo vim /etc/rc.conf ##Add NGINX to the end of the daemons line DAEMONS=(syslog-ng network netfs crond sshd iptables nginx) #### While you are there, change the timezone to your time zone. Have a look in /usr/share/zoneinfo/ to find the right entry for you TIMEZONE="Europe/Berlin"
Lets reboot and check that it has worked as expected. If you see the right time for you and nginx processes then it has worked.
robertm ~ $ date Wed Feb 20 19:09:51 CET 2008 robertm ~ $ ps -A | grep nginx 1197 ? 00:00:00 nginx 1198 ? 00:00:00 nginx 1199 ? 00:00:00 nginx 1201 ? 00:00:00 nginx 1202 ? 00:00:00 nginx
First lets get the base PHP installed.
robertm /var/log/nginx $ install php
Password:
resolving dependencies...
looking for inter-conflicts...
Targets: libxml2-2.6.31-1 php-5.2.5-5
Total Download Size: 11.31 MB
Proceed with installation? [Y/n] y
:: Retrieving packages from extra...
libxml2-2.6.31-1-x86_64 1687.3K 3.6M/s 00:00:00 [#####################################################################################################################################################] 100%
php-5.2.5-5-x86_64 9.7M 3.0M/s 00:00:03 [#####################################################################################################################################################] 100%
checking package integrity...
(2/2) checking for file conflicts [#####################################################################################################################################################] 100%
(1/2) installing libxml2 [#####################################################################################################################################################] 100%
(2/2) installing php [#####################################################################################################################################################] 100%
==> PHP modules
PHP has been built with optional modules. To enable these modules,
uncomment the modules from php.ini
Some of them require extra packages to be installed:
* bz2 : bzip2
* curl : curl
* dba : gdbm
* gd : libpng, libjpeg, freetype2
* imap : pam
* ldap : libldap
* mcrypt : mcrypt, libtool
* mysql/mysqli : libmysqlclient
* odbc/pdo_odbc : unixodbc
* openssl : openssl
* pgsql/pdo_pgsql : postgresql-libs
* pspell : aspell
* snmp : net-snmp
* sqlite : sqlite3
* tidy : tidyhtml
* xsl : libxslt
==> PHP-CGI and FCGI
There are several cgi relevant settings in your php.ini. Make sure to
adjust them according to your needs. At least you should activate the
cgi.fix_pathinfo directive in php.ini by uncommenting it.
At the moment there are only three modules enabled, the rest are currently disabled.
# from /etc/php/php.ini extension=gettext.so extension=session.so extension=zlib.so
When we installed PHP above we also get the binary php-cgi which is used for cgi calls. Next we need the fastcgi libraries. To install:
robertm /etc/php $ install fcgi Password: resolving dependencies... looking for inter-conflicts... Targets: fcgi-2.4.0-4 Total Download Size: 0.06 MB Proceed with installation? [Y/n] y
Next edit php.ini
–
To get the spawn-fcgi binary
robertm /etc/php $ install lighttpd
resolving dependencies...
looking for inter-conflicts...
Targets: lighttpd-1.4.18-1
Total Download Size: 0.33 MB
Proceed with installation? [Y/n] y
:: Retrieving packages from extra...
lighttpd-1.4.18-1 342.9K 1314.4K/s 00:00:00 [#####################################################################################################################################################] 100%
checking package integrity...
(1/1) checking for file conflicts [#####################################################################################################################################################] 100%
(1/1) installing lighttpd [#####################################################################################################################################################] 100%
--> This release marks a minor (NOT micro!) version change and is not 100%
--> compatible with former versions. Have a look at the new lighttpd.conf,
--> there are some changes in the index files syntax and nested conditions
--> are possible by now. Also please read the documentation in
--> /usr/share/lighttpd or on lighttpds's hompage: http://lighttpd.org
--> for the following OPTIONAL modules (when choosen from lighttpd.conf)
--> you will need the following dependencies:
mod_webdav : libxml2, sqlite3, e2fsprogs
mod_cml: libmemcache, lua
mod_magnet: lua
mod_trigger_b4_dl: libmemcache, gdbm
mod_auth.so: libldap
mod_mysql_vhost: libmysqlclient
Creating file /var/log/lighttpd/error.log
Creating file /var/log/lighttpd/access.log
Creating file /var/log/lighttpd/error-ssl.log
Creating file /var/log/lighttpd/access-ssl.log
Creating directory /home/lighttpd/vhosts/
Creating directory /var/cache/lighttpd/compress/
Creating directory /srv/www/htdocs/
Creating directory /home/lighttpd/html-ssl
Edit /etc/conf.d/spawn-php and change the following lines from 6, 1000 to 4 & 500 to see how they go.
## number of PHP childs to spawn PHP_FCGI_CHILDREN=4 ## number of request server by a single php-process until is will be restarted PHP_FCGI_MAX_REQUESTS=500
Next uncomment the following line in php.ini
cgi.fix_pathinfo=1
Then add the nginx html dir (/src/www/nginx/html/) to open_basedir
open_basedir = /home/:/tmp/:/srv/www/nginx/html/:/usr/share/pear/
Now start the spawn-fcgi process
/etc/rc.d/spawn-php start
Also add spawn-php to the list of daemons to start (/etc/rc.conf)
DAEMONS=(syslog-ng network netfs crond sshd iptables spawn-php nginx)
Okay, lets test that we have php now working in NGINX. Edit our test conf again and add the following lines
location ~ .*.php$ {
include conf/fastcgi_params;
fastcgi_pass 127.0.0.1:1066;
fastcgi_index index.php;
fastcgi_redirect_errors on;
fastcgi_param SCRIPT_FILENAME /srv/www/nginx/html/$fastcgi_script_name;
}
Next create a simple index.php file in the root directory (/srv/www/nginx/html/)
<?php phpinfo(); ?>
And point your brower to http://yoursliceipaddress/index.php and if everything is working you should see a long page of info from PHP.
Link notes
http://blog.codefront.net/2007/06/11/nginx-php-and-a-php-fastcgi-daemon-init-script/ http://bbs.archlinux.org/viewtopic.php?id=33758#p255831 http://trac.lighttpd.net/trac/wiki/FrequentlyAskedQuestions#IgettheerrorNoinputfilespecifiedwhentryingtousePHP http://209.85.129.104/search?q=cache:BDj3BrKu4I0J:www.timschneider.us/blog/%3Fp%3D4+php+nginx+slow&hl=en&ct=clnk&cd=3&client=safari http://forum.slicehost.com/comments.php?DiscussionID=1137 http://zh.stikipad.com/notes/show/nginx
Okay, MySQL is the one I am most used to (not that I know it better than any other really, DB's are not really my thing). As most things use MySQL by default I am going to stick with that for the moment.
First lets get MySQL installed
robertm ~ $ install mysql Password: resolving dependencies... looking for inter-conflicts... Targets: libmysqlclient-5.0.51-2 mysql-clients-5.0.51-3 mysql-5.0.51-3 Total Download Size: 15.15 MB Proceed with installation? [Y/n]
Then lets run it up for the first time and set the root password
robertm ~ $ sudo /etc/rc.d/mysqld start Password: :: Adding mysql group [DONE] :: Adding mysql user [DONE] Installing MySQL system tables... OK Filling help tables... OK To start mysqld at boot time you have to copy support-files/mysql.server to the right place for your system PLEASE REMEMBER TO SET A PASSWORD FOR THE MySQL root USER ! To do so, start the server, then issue the following commands: /usr/bin/mysqladmin -u root password 'new-password' /usr/bin/mysqladmin -u root -h tarasis.net password 'new-password' Alternatively you can run: /usr/bin/mysql_secure_installation which will also give you the option of removing the test databases and anonymous user created by default. This is strongly recommended for production servers. See the manual for more instructions. You can start the MySQL daemon with: cd /usr ; /usr/bin/mysqld_safe & You can test the MySQL daemon with mysql-test-run.pl cd mysql-test ; perl mysql-test-run.pl Please report any problems with the /usr/bin/mysqlbug script! The latest information about MySQL is available on the web at http://www.mysql.com Support MySQL by buying support/licenses at http://shop.mysql.com :: Starting MySQL
Lets secure it be setting the root password, removing the anonymous user and the test database. Note I have enabled root login from remote hosts because I have the intention of using the MySQL client tools from my MacBook to maintain the DB. Or phpMyAdmin :)
robertm ~ $ sudo /usr/bin/mysql_secure_installation
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MySQL
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!
In order to log into MySQL to secure it, we'll need the current
password for the root user. If you've just installed MySQL, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.
Enter current password for root (enter for none):
OK, successfully used password, moving on...
Setting the root password ensures that nobody can log into the MySQL
root user without the proper authorisation.
Set root password? [Y/n] Y
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
... Success!
By default, a MySQL installation has an anonymous user, allowing anyone
to log into MySQL without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.
Remove anonymous users? [Y/n] Y
... Success!
Normally, root should only be allowed to connect from 'localhost'. This
ensures that someone cannot guess at the root password from the network.
Disallow root login remotely? [Y/n] n
... skipping.
By default, MySQL comes with a database named 'test' that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.
Remove test database and access to it? [Y/n] Y
- Dropping test database...
... Success!
- Removing privileges on test database...
... Success!
Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.
Reload privilege tables now? [Y/n] Y
... Success!
Cleaning up...
All done! If you've completed all of the above steps, your MySQL
installation should now be secure.
Thanks for using MySQL!
Finally add mysqld to rc.conf to ensure it starts at boot. NOTE Consider backgrounding some tasks.
DAEMONS=(syslog-ng network netfs crond sshd iptables mysqld spawn-php nginx)
In php.ini remove the ; from the two mysql(i) lines
extension=mysql.so extension=mysqli.so
Restart php so any scripts can access your DB
Lets install PhpMyAdmin and then hook it up to nginx
robertm ~ $ install phpmyadmin resolving dependencies... looking for inter-conflicts... Targets: phpmyadmin-2.11.4-1 Total Download Size: 4.13 MB Total Installed Size: 12.43 MB Proceed with installation? [Y/n] Y
This puts the require files in /srv/www/phpMyAdmin/, but we need to first configure it and then point ngnix at it.
robertm /srv/www/phpMyAdmin $ sudo cp config.sample.inc.php config.inc.php Password: robertm /srv/www/phpMyAdmin $ sudo vim config.inc.php
Then file in the blowfish secret line with a value, which will be used for the cookies.
Documentation.txt recommends installing mcrypt (esp on 64bit machines)
robertm /srv/www/phpMyAdmin $ install mcrypt resolving dependencies... looking for inter-conflicts... Targets: mhash-0.9.9-1 libmcrypt-2.5.8-1 mcrypt-2.6.5-1 Total Download Size: 0.34 MB Proceed with installation? [Y/n] Y
Next edit php.ini and remove the ; from the mcrypt line
robertm /srv/www/phpMyAdmin $ sudo vim /etc/php/php.ini ### like so extension=mcrypt.so
Now restart php so that it picks up mcrypt being enabled
robertm /srv/www/phpMyAdmin $ sudo /etc/rc.d/spawn-php stop :: Stopping spawn-php [DONE] robertm /srv/www/phpMyAdmin $ sudo /etc/rc.d/spawn-php start :: Starting spawn-php [BUSY] spawn-fcgi.c.186: child spawned successfully: PID: 10824 [DONE]
If you are paranoid, look at the test page we created earlier you should fine 5 instances of the word mcrypt
Next setup the NGINX configuration file for this host. Create a new file pma.tarasis.net in /etc/nginx/conf/sites. Remember we want to disable access to the libraries directory as directed in the phpMyAdmin documentation. NOTE The directive to deny folder access must come before the php directive otherwise the php directive will process the file before the deny is seen.
server {
listen 80;
server_name pma.tarasis.net;
#access_log logs/host.access.log main;
# deny remote access to the libraries folder.
location ~ ^/libraries/ {
deny all;
}
# disable remote access to .htaccess files, even if nginx doesn't support them
location ~ /\.ht {
deny all;
}
location ~ .*.php$ {
include conf/fastcgi_params;
fastcgi_pass 127.0.0.1:1066;
fastcgi_index index.php;
fastcgi_intercept_errors on;
fastcgi_param SCRIPT_FILENAME /srv/www/phpMyAdmin/$fastcgi_script_name;
}
location / {
root /srv/www/phpMyAdmin;
index index.html index.htm index.php;
}
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
Now point your browser at your site address and you should be greeted by the login page for phpMyAdmin. If you get the error No input file specified then you need to add the phpMyAdmin dir to the open_basedir variable in php.ini or make the variable contents null.
— CURIOUS WHY DOES THIS INSTALL SHOW THE PHP SESSION INFO ON THE URL …
Remove some of the storage options (skip-bdb for instance)
INSTALL
ENABLE FOR START - EDIT /etc/conf.d/clamav - CHANGE OPTIONS TO YES
REMOVE EXAMPLE LINE FROM BOTH CONFIG FILES -- IMPORTANT OTHERWISE CLAMAV WONT START robertm /etc/clamav $ sudo vim clamd.conf robertm /etc/clamav $ sudo vim freshclam.conf
CARRY OUT ANY TWEAKS TO CONFIG FILES
robertm /etc/clamav $ sudo /etc/rc.d/clamav start HAD TO START TWICE FOR SOME REASON. FRESHCLAM WAS RUNNING AFTER FIRST ATTEMPT BUT CLAMD WASN'T LISTED AS RUNNING. POSSIBLE DB's OUT OF DATE - NOTE FOLLOWING LOG DATA Mon Feb 25 23:40:21 2008 -> +++ Started at Mon Feb 25 23:40:21 2008 Mon Feb 25 23:40:21 2008 -> clamd daemon 0.92 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64) Mon Feb 25 23:40:21 2008 -> Running as user clamav (UID 64, GID 64) Mon Feb 25 23:40:21 2008 -> Log file size limited to 1048576 bytes. Mon Feb 25 23:40:21 2008 -> Reading databases from /var/lib/clamav Mon Feb 25 23:40:21 2008 -> Not loading PUA signatures. Mon Feb 25 23:40:21 2008 -> ERROR: Not supported data format Mon Feb 25 23:43:38 2008 -> +++ Started at Mon Feb 25 23:43:38 2008 Mon Feb 25 23:43:38 2008 -> clamd daemon 0.92 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64) Mon Feb 25 23:43:38 2008 -> Running as user clamav (UID 64, GID 64) Mon Feb 25 23:43:38 2008 -> Log file size limited to 1048576 bytes. Mon Feb 25 23:43:38 2008 -> Reading databases from /var/lib/clamav Mon Feb 25 23:43:38 2008 -> Not loading PUA signatures. Mon Feb 25 23:43:41 2008 -> Loaded 219068 signatures. Mon Feb 25 23:43:41 2008 -> Unix socket file /var/lib/clamav/clamd.sock Mon Feb 25 23:43:41 2008 -> Setting connection queue length to 15 Mon Feb 25 23:43:41 2008 -> Archive: Archived file size limit set to 10485760 bytes. Mon Feb 25 23:43:41 2008 -> Archive: Recursion level limit set to 8. Mon Feb 25 23:43:41 2008 -> Archive: Files limit set to 1000. Mon Feb 25 23:43:41 2008 -> Archive: Compression ratio limit set to 250. Mon Feb 25 23:43:41 2008 -> Archive support enabled. Mon Feb 25 23:43:41 2008 -> Algorithmic detection enabled. Mon Feb 25 23:43:41 2008 -> Portable Executable support enabled. Mon Feb 25 23:43:41 2008 -> ELF support enabled. Mon Feb 25 23:43:41 2008 -> Mail files support enabled. Mon Feb 25 23:43:41 2008 -> Mail: Recursion level limit set to 64. Mon Feb 25 23:43:41 2008 -> OLE2 support enabled. Mon Feb 25 23:43:41 2008 -> PDF support disabled. Mon Feb 25 23:43:41 2008 -> HTML support enabled. Mon Feb 25 23:43:41 2008 -> Self checking every 1800 seconds.
use pkgname=exim-custom provides=('exim') in your PKGBUILD
For the moment, going with the “stock” testing version of exim because it provides TLS which the current extras version doesn't. Note that in future I will likely custom build it to get SPF /SRS & Domainkeys support. This will require custom installs of the SRS libraries & DomainKeys, as only SPF is currently available in AUR. Also to move onto 4.69 over 4.68#1 TODO
robertm ~/abs/local/exim $ yaourt testing -S testing/exim resolving dependencies... looking for inter-conflicts... Targets: exim-4.68-4 Total Download Size: 0.48 MB Proceed with installation? [Y/n] Y
First we need to install Dovecot. Note as we installed MySQL earlier its dependency is already met.
robertm ~/abs/local/exim/pkg/usr/sbin $ sudo pacman -S dovecot Password: resolving dependencies... looking for inter-conflicts... Targets: postgresql-libs-8.2.6-1 dovecot-1.0.10-1 Total Download Size: 2.06 MB Proceed with installation? [Y/n] Y
robertm ~/abs/local/exim $ yaourt -S dspam
resolving dependencies...
looking for inter-conflicts...
Targets: dspam-3.8.0-1
Total Download Size: 0.66 MB
Total Installed Size: 1.63 MB
Proceed with installation? [Y/n] Y
:: Retrieving packages from community...
dspam-3.8.0-1 671.1K 377.2K/s 00:00:02 [#####################################################################################################################################################] 100%
checking package integrity...
(1/1) checking for file conflicts [#####################################################################################################################################################] 100%
(1/1) installing dspam [#####################################################################################################################################################] 100%
adding dspam system group... done.
adding dspam system user... done.
>>> To populate the DSPAM database, you need to follow several steps.
>>> First create a database. Login to the mysql command prompt.
$ mysql -u root -p
mysql> CREATE database dspam;
>>> Next, you need to create a dspam user. At the same MySQL prompt:
mysql> GRANT ALL PRIVILEGES ON dspam.* TO dspam@'localhost' IDENTIFIED BY 'passwd';
>>> Replacing passwd with your chosen password.
>>> If you want a space optimized db do:
$ mysql -u dspam dspam -p < /var/lib/dspam/mysql/mysql_objects-space.sql
>>> If you want a speed optimized db do:
$ mysql -u dspam dspam -p < /var/lib/dspam/mysql/mysql_objects-speed.sql
>>> Enter the password you set in the previous step, and the database should be populated.
>>> Remember to edit /etc/dspam/dspam.conf accordenly
>>> If you want to use the postgresql, sqlite3 or Berekely DB4 backends,
>>> read the documentation
>>>
==> Checking for dspam's vote status
You have to create ~/.aurvote with inside: user=YOUR_AUR_USERNAME pass=YOUR_AUR_PASS To create a new account just go to: http://aur.archlinux.org/account.php
Had to end up buidling this “by hand” as the previous did not include the webui. After asking on the AUR page for DSPAM, its (new I guess) maintainer has updated the PKGBUILD file and the new version is now available for i686 but has yet to appear x86_64. So I have grabed the PKGBUILD and created a folder in my abs build dir and built it there.
robertm ~/abs/local $ cp -a /var/abs/community/network/dspam/ .
robertm ~/abs/local/dspam $ mv PKGBUILD PKGBUILD.old
robertm ~/abs/local/dspam $ vim PKGBUILD
#### PASTED CONTENTS FROM CVS
robertm ~/abs/local/dspam $ makepkg -s
==> Making package: dspam 3.8.0-2 (Sat Mar 1 12:54:40 CET 2008)
==> Checking Runtime Dependencies...
==> Checking Buildtime Dependencies...
==> Installing missing dependencies...
Password:
resolving dependencies...
looking for inter-conflicts...
Targets: postgresql-8.2.6-1 sqlite3-3.5.6-1
Total Download Size: 4.99 MB
Proceed with installation? [Y/n] Y
robertm ~/abs/local/dspam $ sudo pacman -U dspam-3.8.0-2-x86_64.pkg.tar.gz
loading package data... done.
checking dependencies...
(1/1) checking for file conflicts [#####################################################################################################################################################] 100%
(1/1) installing dspam [#####################################################################################################################################################] 100%
adding dspam system group... done.
adding dspam system user... done.
>>> To populate the DSPAM database, you need to follow several steps.
>>> First create a database. Login to the mysql command prompt.
$ mysql -u root -p
mysql> CREATE database dspam;
>>> Next, you need to create a dspam user. At the same MySQL prompt:
mysql> GRANT ALL PRIVILEGES ON dspam.* TO dspam@'localhost' IDENTIFIED BY 'passwd';
>>> Replacing passwd with your chosen password.
>>> If you want a space optimized db do:
$ mysql -u dspam dspam -p < /var/lib/dspam/mysql/mysql_objects-space.sql
>>> If you want a speed optimized db do:
$ mysql -u dspam dspam -p < /var/lib/dspam/mysql/mysql_objects-speed.sql
>>> Enter the password you set in the previous step, and the database should be populated.
>>> Remember to edit /etc/dspam/dspam.conf accordenly
>>> If you want to use the postgresql, sqlite3 or Berekely DB4 backends,
>>> read the documentation
>>>
robertm ~/abs/local/exim/pkg/usr/sbin $ sudo yaourt -S procmail Password: resolving dependencies... looking for inter-conflicts... Targets: procmail-3.22-1 Total Download Size: 0.10 MB Proceed with installation? [Y/n]
Lets first download Vexim, and put it in our web directory
robertm ~/src $ wget http://silverwraith.com/vexim/vexim2.2.1.tar.gz
robertm ~/src $ tar zxf vexim2.2.1.tar.gz
robertm ~/src $ sudo mkdir /home/sites
robertm ~/src $ cd /home/sites/
robertm /home/sites $ sudo mkdir -p vexim.tarasis.net/{public,private,logs,backup}
robertm /home/sites $ cd ~/src/vexim2/vexim
robertm ~/src/vexim2/vexim $ cp -a * /home/sites/vexim.tarasis.net/public/
Create a user for Vexim whose homedir will be used for the virtual mail. NOTE That Vexim docs suggest a UID/GID of 99 but on Archlinux the user nobody & group nobody use 99.
robertm ~/src/vexim2 $ sudo groupadd -g 200 vmail robertm ~/src/vexim2 $ sudo useradd vmail -u 200 -g vmail -d /home/vmail -m
Next we need to create the vexim DB in MySQL
robertm ~/src/vexim2 $ vim setup/mysql.sql
#### Scroll to the lines with CHANGE i.e.
uid smallint(5) unsigned NOT NULL default 'CHANGE',
gid smallint(5) unsigned NOT NULL default 'CHANGE',
# and change them to the uid & gid of the user we will use to deliver mail, in our case the UID / GID we set above
# Now goto the next line with CHANGE, which should be the following
GRANT SELECT,INSERT,DELETE,UPDATE ON `vexim`.* to "vexim"@"localhost"
IDENTIFIED BY 'CHANGE';
# change the CHANGE to the vexim db users password
Now create the DB
robertm ~/src/vexim2 $ mysql -u root -p < setup/mysql.sql
Next edit the variables.php file to have the DB's password
robertm ~/src/vexim2 $ vim /home/sites/vexim.tarasis.net/public/config/variables.php # Change the line marked CHANGE to the DB password $sqlpass = "CHANGE"; # Next scroll to these lines $uid = "99"; $gid = "99"; # Change them to the UID & GID created above
The last thing to do is configure NGNIX to handle the vexim.tarasis.net domain.