Running Multiple PHP 5 Versions

Cpanel does not support this via direct easy apache.





To my knowledge you either need to do this manually or use CloudLinux, which offers a an addon for this purpose.


For cloud linux please follow the steps below.

http://docs.cloudlinux.com/index.html?installation.html

NB: You must have cagefs & lvemgr for this to work

http://docs.cloudlinux.com/index.html?cagefs.html

Recompile and install the default PHP (Optional)

If the existing installation is fine and has the necessary modules , then you can skip this step. Otherwise you need to recompile it using :D

/scripts/easyapache

Once it is done. You can proceed with the new PHP 5.4.14


Step 1:

Download the source file

mkdir /usr/local/src/php_source

cd /usr/local/src/php_source
wget http://in2.php.net/get/php-5.4.8.tar.gz/from/us1.php.net/mirror

Extract the  cource
tar -xvf php-5.4.14.tar.bz2

You can get the configuration options for the new install from the existing installation using the following command
 php -i |grep configure|sed 's/Configure Command =>  //g'|sed "s/'//g"

Once it is available modify it and make sure the installation path --prefix is specified and is compiled as cgi using the option --enable-cgi. In this case I am using the installation path as --prefix=/usr/local/php54
Make sure to remove the configuration parameter for apxs  ie   --with-apxs2=/usr/local/apache/bin/apxs
The final configuration option for new install will look like the following

 ./configure  --disable-fileinfo --disable-phar --enable-bcmath --enable-calendar --enable-libxml --enable-mbstring --enable-pdo=shared --enable-soap --enable-sockets --enable-wddx --enable-zend-multibyte --enable-zip --prefix=/usr/local/php54 --enable-cgi --with-bz2 --with-curl=/opt/curlssl/ --with-curlwrappers --with-freetype-dir=/usr --with-gd --with-gettext --with-imap=/opt/php_with_imap_client/ --with-imap-ssl=/usr --with-jpeg-dir=/usr --with-kerberos --with-libdir=lib64 --with-libexpat-dir=/usr --with-libxml-dir=/opt/xml2/ --with-mcrypt=/opt/libmcrypt/ --with-mm=/opt/mm/ --with-mysql=/usr --with-mysql-sock=/var/lib/mysql/mysql.sock --with-mysqli=/usr/bin/mysql_config --with-openssl=/usr --with-openssl-dir=/usr --with-pcre-regex=/opt/pcre --with-pdo-mysql=shared --with-pdo-sqlite=shared --with-pic --with-png-dir=/usr --with-pspell --with-tidy=/opt/tidy/ --with-xmlrpc --with-xpm-dir=/usr --with-xsl=/opt/xslt/ --with-zlib --with-zlib-dir=/usr

 Once the configuration is complete. Make the compilation using the following command

 make
Now proceed with the installation

make install

Once the installation is complete you will get an output like the following one

# make install
Installing shared extensions:     /usr/local/php54/lib/php/extensions/no-debug-non-zts-20100525/
Installing PHP CLI binary:        /usr/local/php54/bin/
Installing PHP CLI man page:      /usr/local/php54/php/man/man1/
Installing PHP CGI binary:        /usr/local/php54/bin/

Once the installation is completed, confirm the version by using the command

#  /usr/local/php54/bin/php -v
PHP 5.4.14 (cli) (built: May  3 2013 12:21:56)
Copyright (c) 1997-2013 The PHP Group
Zend Engine v2.4.0, Copyright (c) 1998-2013 Zend Technologies

Now we need to configure it for web server access

It is performed through specifying the new PHP handler for php file

AddHandler specifically is meant to communicate with the server. It assigns or "maps" a handler to the file extension you specify, giving the server instructions on how to deal with it. For example, AddHandler could be used to activate a particular file type, which is why it must communicate with the server.

Eg:

AddHandler application/x-httpd-php54 .php
The AddHandler directive tells Apache that whenever it encounters a file with a .php extension, it should mark it as having a MIME type of application/x-httpd-php54.


Action application/x-httpd-php54 /cgi-sys/php54
The Action directive tells Apache that whenever it encounters a file of type application/x-httpd-php53 it should pass it to the script /cgi-sys/php54 and capture the output.

Assume that you are working on default cPanel server.

Open the file /usr/local/apache/conf/includes/pre_virtualhost_global.conf and add the following entries to enable

Add the following lines to the above file and save

Action application/x-httpd-php54 /cgi-sys/php54
 AddType application/x-httpd-php54 .php54

To make cPanel skip the .htacces scan and remove the mime types, do the  followin

/usr/local/cpanel/bin/apache_conf_distiller --update
touch /var/cpanel/easy_skip_update_php_mime_types

vi /usr/local/cpanel/cgi-sys/php54
Add the following contents to the above file and save
#!/bin/sh
exec /usr/local/php54/bin/php-cgi
Setting Permissions
chown root:wheel /usr/local/cpanel/cgi-sys/php54
chmod +x /usr/local/cpanel/cgi-sys/php54
Soft-linking for command-line executions:
ln -s /usr/local/php54/bin/php-cgi /usr/local/bin/php54

Copying php.ini from build folder
mv /usr/local/php_source/php.ini-production /usr/local/php54/lib/php.ini
You need to restart httpd after the configuration
/etc/init.d/httpd restart
Now everything is set. If you want to enable php5.3 for a particular account, create a .htaccess file as mentioned below.

nano -w /home/$username/public_html/.htaccess
AddHandler application/x-httpd-php54 .php

chown $username:$username /home/$username/public_html/.htaccess
chmod 644 /home/$username/public_html/.htaccess

InnoDB Crash Recovery Guide

STOP : If there are any problems or you are uncomfortable doing this procedure, do not proceed and ASK A COWORKER  :D :D :D 

• Make sure you have free disk space in /home and /var/lib/mysql or where ever your mysql databases are stored. This guide assumes they are in /var/lib/mysql.

FOR CPANEL[edit]

Step 1: Disable tailwatchd (chkservd on 11.23) to prevent mysql from being restarted. Stop any other processes that may access mysql including munin, backups, and the webserver if possible.

 killall -TERM tailwatchd

Step 2: Add

 innodb_force_recovery = 3

to /etc/my.cnf

Step 3: Restart mysql

 /etc/init.d/mysqld restart

Step 4: Verify mysql is up

Step 5: Put this script in ~/recover.pl and run it

#!/usr/bin/perl
 
BEGIN { unshift @INC, '/usr/local/cpanel'; }
 
use Cpanel::MysqlUtils         ();
 
mkdir('/home/innodb_dumps',0700);
 
chdir('/home/innodb_dumps') || die "Could not create /home/innodb_dumps";
 
my $pwd = `pwd`;
chomp($pwd);
my $hasinnodb = 0;
my $dbdir     = Cpanel::MysqlUtils::getmysqldir();
my $dbcheckok = -d $dbdir . '/mysql' ? 1 : 0;
if ($dbcheckok) {
    opendir( my $sql_dh, $dbdir );
    while ( my $db = readdir($sql_dh) ) {
        next if ( $db =~ m/^\.+$/ );
        next if $db eq 'mysql';    # mysql db should never have InnoDB on
        next if $db eq 'horde';    # Horde session table is the only one that uses InnoDB, so this is not a problem
        next if ( !-d $dbdir . '/' . $db );
        my $ms = sqlcmd("show table status from `$db`;");
        if ( !$ms ) {
            $dbcheckok = 0;
            last;
        }
        elsif ( $ms =~ m/\s+InnoDB\s+/m ) {
                print "Saving to $pwd/$db.sql...";
                system "mysqldump -c $db > $db.sql";
                print "Done\n";
        }
    }
    closedir($sql_dh);
}
 
 
 
 
sub sqlcmd {
    my ($cmd) = @_;
    my $result;
 
    my $mysql = Cpanel::MysqlUtils::find_mysql();
    my $pid = IPC::Open3::open3( \*WTRFH, \*RDRFH, ">&STDERR", $mysql, '-N' );
    print WTRFH "show status like 'uptime'; $cmd\n";    #make sure we already get something back so we know mysql is up
    close(WTRFH);
    while (<RDRFH>) {
        $result .= $_;
    }
    close(RDRFH);
    waitpid( $pid, 0 );
    return $result;
}

If the script fails, remove your backup attempt in /home/innodb_dumps, increase the innodb_recovery_level in /etc/my.cnf, restart MySQL, and rerun the script. Repeat until you complete a backup without errors

Step 6: Stop MySQL

Step 7: Do this:

 mkdir /var/lib/mysql/INNODB_BACKUPS
 mv /var/lib/mysql/ib* /var/lib/mysql/INNODB_BACKUPS

cd /home/innodb_dumps
for i in $(ls -1  | cut -d'.' -f1) ; do mv /var/lib/mysql/$i  /var/lib/mysql/INNODB_BACKUPS/ ;  mkdir /var/lib/mysql/$i ; chown mysql. /var/lib/mysql/$i ; done

Step 8: For each database that was dumped to /home/innodb_dumps move (do not copy, completely move, or the database may not be properly recreated from the backups you made) the /var/lib/mysql/DBNAME folder to the /var/lib/mysql/INNODB_BACKUPS directory

Step 9: Create folders for each database that was moved in /var/lib/mysql and chown them to mysql:mysql

Step 10: Remove the following from my.cnf and start mysql:

 innodb_force_recovery = 3

Step 11: Start mysql and restore all databases in /home/innodb_dumps to their respective database

cd /home/innodb_dumps
for i in * ; do x=$(echo $i | cut -d'.' -f1) ;  mysql -o $x < $i ; done

Step 12: Check the mysql server logs to ensure there were no errors

Step 13: Restart mysql and party.

FOR ALL OTHER LINUXES 

Step 1: Add

 innodb_force_recovery = 3

to /etc/my.cnf

Step 2: Restart mysql

 /etc/init.d/mysqld restart

Step 3: Verify mysql is up

Step 4: Dump all innodb databases to a directory i.e /root or /root/recovery

Step 5: Stop MySQL

Step 6: Do this:

 mkdir /var/lib/mysql/INNODB_BACKUPS
 mv /var/lib/mysql/ib* /var/lib/mysql/INNODB_BACKUPS

Step 7: For each database that was dumped move the /var/lib/mysql/DBNAME folder to the /var/lib/mysql/INNODB_BACKUPS directory

Step 8: Create folders for each database that was moved in /var/lib/mysql and chown them to mysql:mysql

Step 9: Remove the following from my.cnf and start mysql:

 innodb_force_recovery = 3

Step 10: Start mysql and restore all databases in /home/innodb_dumps to their respective database

Step 11: Check the mysql server logs to ensure there were no errors

Step 12: Restart mysql and party.

Installing and Configuring LiteSpeed Web Server (LSWS) and The PHP

Installing 

The installation of LSWS is pretty straight forward. You can actually install it anywhere but for the sake of simplicity and standardization, we will always be installing it to /opt on the server. This way, if there is a problem and it needs to be checked on, we will always know where it is. Additionally, as you will see from the setup steps below, these too will be the standard install. Lastly, for standardization, please make sure that during the install LSWS is set to listen on 7080 (admin console) and 8088 (verification page).

The installation 

SSH into the box as root
chmod 0755 /usr/bin/gcc

cd /opt

Download the installation files to /opt and untar them. All available versions of LiteSpeed Web Server can be found at http://www.litespeedtech.com/products/webserver/download/. Please also note that we only provide licensing and support for Enterprise edition and not standard so when installing this for a client, you will need to use have the registration number.

wget http://www.litespeedtech.com/packages/4.0/lsws-4.0-ent-i386-linux.tar.gz

tar -zxvf lsws-4.0-ent-*

cd lsws*

Now, you need to get the serial number for the install. To do this, cd into the installation folder (the same one that contains install.sh) and from the command line, without the quotes, as root, run:

echo "SERIAL NUMBER GOES HERE" > serial.no chmod +x install.sh
./install.sh

The install should now be moving along. For the specifics on the install, please refer to the below prompts:

Installation Prompts 

Prepare PHP 

PHP is somewhat of an inconvenience on LSWS as it uses it's own "special" kind of PHP with certain CFLAGS, the most important of these CFLAGS are --prefix=/lsphp5 and --with-litespeed. If you compile PHP through EasyApache, you will not mess anything up however, you the changes will not be used by LiteSpeed and as such you need to compile PHP through LiteSpeed but thankfully this is pretty straight forward but a little more time consuming. The below addresses recompiling PHP to add something to it.

First, SSH into the box as root. Next, find out what CFLAGS the current PHP version has with php -i | less in the section, Configure Command => you will see all of the flags used to compile it originally. When we do this on a testing box, we see:


'./configure' '--prefix=/lsphp5' '--with-litespeed' '--disable-pdo' '--enable-bcmath' '--enable-calendar' '--enable-ftp' '--enable-gd-native-ttf' '--enable-libxml' '--enable-magic-quotes' '--enable-sockets' '--enable-zip' '--prefix=/usr/local' '--with-apxs2=/usr/local/apache/bin/apxs' '--with-bz2' '--with-curl=/opt/curlssl/' '--with-freetype-dir=/usr' '--with-gd' '--with-imap=/opt/php_with_imap_client/' '--with-imap-ssl=/usr' '--with-jpeg-dir=/usr' '--with-kerberos' '--with-libxml-dir=/opt/xml2/' '--with-mcrypt=/opt/libmcrypt/' '--with-mhash=/opt/mhash/' '--with-mysql=/usr' '--with-mysql-sock=/var/lib/mysql/mysql.sock' '--with-png-dir=/usr' '--with-ttf' '--with-xpm-dir=/usr/X11R6' '--with-zlib' '--with-zlib-dir=/usr'

Now that we know what CFLAGS were given by EasyApache, we need to migrate those to the LSWS PHP installation. This is kind of a crappy way to do it but it's how it will get done. Copy the CFLAGS you get from the above command and put them in notepad. On the server:

mkdir ~/phptest && cd ~/phptest
wget http://us2.php.net/get/php-5.2.9.tar.gz/from/uk.php.net/mirror (or get whatever source version they are getting)
tar -zxvf php-*
cd php-*
./buildconf --force
Now we need to do a dry run of the CFLAGS to make sure that they will be parsed properly when compiling through LSWS's PHP thing. Take the CFLAGS you will need to add, and include them to your ./configure line that you put on notepad. So, if they want to recompile PHP with TTF, you would add:

'./configure' '--prefix=/lsphp5' ... '--with-ttf'

So, from the PHP source directory, run the compile command and make sure that it exists cleanly. You will likely need to yum -y install package and package-devel for it to compile cleanly. You could always specify the EasyApache directory but I haven't tested anything other than default in LSWS's PHP installer/compiler. For example, if you ware trying to compile with the TTF as seen above, and it throws an error about not being able to find the headers, simply yum -y install ttf ttf-devel. Once you have a ./configure like that completes cleanly, you then need to port the CFLAGs to LSWS PHP compiler admin thing.

Config PHP in LSWS 


First, log into the LSWS admin console with the LSWS username and password

Then, navigate to the PHP compilation section which can be found at

We then need to put the CFLAGs into the appropriate window which is pretty easy to spot.

Note that when setting the CFLAGS you do not need to enclose them in ' ' as you do when compiling from the command line.

 ./configure --prefix=/lsphp5 --with-litespeed --disable-pdo --enable-bcmath --enable-calendar --enable-ftp --enable-gd-native-ttf --enable-libxml --enable-magic-quotes --enable-sockets --enable-zip --prefix=/usr/local --with-apxs2=/usr/local/apache/bin/apxs --with-bz2 --with-curl=/opt/curlssl/ --with-freetype-dir=/usr --with-gd --with-imap=/opt/php_with_imap_client/ --with-imap-ssl=/usr --with-jpeg-dir=/usr --with-kerberos --with-libxml-dir=/opt/xml2/ --with-mcrypt=/opt/libmcrypt/ --with-mhash=/opt/mhash/ --with-mysql=/usr --with-mysql-sock=/var/lib/mysql/mysql.sock --with-png-dir=/usr --with-ttf --with-xpm-dir=/usr/X11R6 --with-zlib --with-zlib-dir=/usr

Reset MySQL Password

Of course you can easily reset it through cpanel.

Or on debian you can reset it with

dpkg-reconfigure <mysql package>
You can find the package by typing

dpkg --list | grep mysql
dpkg-reconfigure mysql-server-5.0

But just in case none of those ways are available, you can get mysql to start without asking for a password.

Allowing MySQL to start without asking for a password

First, stop MySQL from running.

Debian/CentOS

/etc/init.d/mysql stop
The start it, but tell it to not look for grant tables

mysqld --user-mysql --skip-grant-tables &

Reset the password 

mysql

UPDATE mysql.user SET Password=PASSWORD('MyNewPass') WHERE User='root';
FLUSH PRIVILEGES;
Then do what you want. If you just need root access to dump a database or something, don't even need to change the password.

Should work for other users if you need that password for whatever reason and can't find it.

Restarting the mysql service 

killall mysqld
/etc/init.d/mysql start
   

DDOS Auto block script CSF

This script can be used with csf to block connections on a server automatically if a client is getting really flooded. To use this you must change /etc/csf/csf.conf's deny limit from 100 to 0 and restart csf and load this script up.

#!/bin/bash

 

netstat -anp |grep ':80' | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n > ~/curr

while read list

do

        conns=`echo $list | awk '{print $1}'`

        ip=`echo $list | awk '{print $2}'`

        if [ "$conns" -ge 20 ]

        then

                exist=`cat /etc/csf/csf.deny | grep $ip`

                if [ "$ip" != "$exist" ]

                then

                        echo blocking $ip with $conns connections

                        iptables -I INPUT -s $ip -j DROP

                        echo $ip >> /etc/csf/csf.deny

                        blocked=`echo yes`

                fi

                blocked=`echo yes`

        fi

done < ~/curr

 

if [ $blocked == "yes" ]

then

        /etc/init.d/httpd stop

        pkill httpd

        /etc/init.d/httpd start

fi

put in ~ on server add to crontab as so:

 */1 * * * * /root/autoblock.sh >> /var/log/autoblock

and change the 20 next to -ge to whatever threshold you would like on port 80