Professional Documents
Culture Documents
Virtualmin Tips & Hacks - Practical Guide Series Book 2
Virtualmin Tips & Hacks - Practical Guide Series Book 2
No part of this work may be reproduced or transmitted in any form or by any means, electronic or
mechanical, including photocopying, recording or by any information storage or retrieval system
without prior written permission from the copyright owner and the publisher.
Acknowledgements
I am grateful to God who enabled me to write this book, and to whom I owe
my very existence.
And of course, this book would not have been possible without these two
great men who created it - Jamie Cameron & Joe Cooper in the late 2005 –
and who are still actively involved in maintaining and enhancing it.
You will find these 2 scripts really useful if you have many existing websites
(virtual servers) in your current Virtualmin setup and you want to migrate
them to PHP-FPM and/or Nginx Reverse Proxy.
My goal with this book (as with all my other books in the “Practial Guide
Series”) is to empower you to be productive as quickly as possible!
Ok, one last note before we begin – my lawyer said it should be “framed
correctly” in the format below (“Disclaimer and Terms of Use Agreement”) -
but if I have my way, the “short and sweet version” version of the TOS is this
- “If you mess up your server, it's your own fault, so proceed with caution and
always test on a development server/VPS first”. Cool? Let's proceed!
Disclaimer and Terms of Use Agreement
The author and publisher of this eBook and the accompanying materials have
used their best efforts in preparing this eBook. The author and publisher
makes no representation or warranties with respect to the accuracy,
applicability, fitness, or completeness of the contents of this eBook. The
information provided in this book is provided on an “As Is” basis, without
warranty and is strictly for educational purposes. Therefore, if you wish to
apply the ideas contained in this EBook, you take full responsibility for your
actions.
The author and publisher disclaim any warranties (expressed or implied),
merchantability, or fitness for any particular purpose. The author and
publisher shall in no event be held liable to any party for any direct, indirect,
punitive, special, incidental or other consequential damages arising direclty
or indirectly from any use of this material, which is provided “as is”, and
without warranties.
The author and publisher do not warrant the performance, effectiveness or
applicability of any sites listed or linked to in this eBook. All links are for
information purposes only and are not warranted for content, accuracy or any
other implied or explicit purpose.
Introduction
This is a practical, hands-on guide to help you setup, configure, integrate and
automate both PHP-FPM and Nginx reverse-proxy into the Virtualmin web-
panel. There are many tutorials online that shows you how you can do this,
but the process is manual and very tedious (you're required to edit multiple
configuration files each time).
The method I'm about to show you is fully automated. Once you have set it
up, you can use the familiar Virtualmin interface to create your Virtual
Servers (websites) with PHP-FPM running under its own Virtual-Server ID.
No more messing with multiple configuration files!
Please note that familiarity with Virtualmin is required because this book
does not cover the various settings and menus in Virtualmin. For example, if
the instruction says, go to: “Virtualmin > System Settings > Server
Template” - the reader is assumed to know what that means and knows how
to navigate to the appropriate page in Virtualmin.
If you've no idea what that means, but you want work with Virtualmin, then
you may want to check out my other book – “Webmin & Virtualmin – the
Open Source Alternative to Cpanel” - a newbie friendly book with multiple
screenshots to help you get up to speed quickly with Virtualmin.
Why PHP-FPM?
I won't into the details of what is PHP-FPM or what are its pros and cons –
but in a nutshell, PHP-FPM offers greater stability and better performance for
busy, high-traffic websites while utilizing lower resources.
Because of these benefits, many webmasters are turning to PHP-FPM
implementation instead of the typical “mod_php” or “FastCGI”
implementation in stock Apache setup. In Virtualmin, the default setup is to
run PHP under the “fcgid” mode – which is great for providing the necessary
security and account isolation.
However, the main issue with this setup is that fcgid is not as efficient as
PHP-FPM. On a server with limited RAM/memory, a sustained burst of
heavy traffic can quickly eat up all the available memory and cause instability
to the server.
Note: If you want to know more about how PHP-FPM stack up against the
other PHP SAPIs, please visit: http://php-fpm.org/about/ You will find a
comparison chart between vanilla PHP (php out of the box), PHP-FastCGI
and PHP-FPM.
Why Nginx?
Nginx is a rising star where web-servers are concerned. Nearly 40% of the
world's busiest website runs a highly tuned Nginx to serve thousands of
visitors daily. It is fast, stable and it does not use as much resources as the
Apache server. Virtualmin has built-in support to run the Nginx webserver
insteadl of Apache – but the support and functionality for Nginx is rather
limited compared to Apache. Furthermore, if you want to run the Nginx
webserver, you have to disable Apache.
We want to run both – Apache as the main webserver, and Nginx as the
“reverse-proxy” to handle all the static pages and files. This is not supported
inVirtualmin. The information in this book will enable you to have the best of
both worlds – the power and flexiblity of the Apache webserver, and the
speed and agility of Nginx server as the “reverse proxy” running on the same
Virtualmin powered server.
Why this book?
There are many tutorials on the internet that shows one how to do this, but
unfortunately, many of them are outdated and contains errors. Furthermore,
the process is “Manual” - i.e. each time the webmaster create a new virtual
server (hosting account), the webmaster has to manually edit multiple
configuration files – the php-fpm pools, the Apache /etc/httpd/conf/httpd.conf
file, etc.
I wrote this book because I'm a great fan of automation. I want Virtualmin to
automate the entire process – i.e. when I create a new virtual server (hosting
account), I want everything to be automatically setup – the php-fpm pools
running under its own UserID (virtual server ID) and the appropriate Apache
directives automatically appended to the /etc/httpd/conf/httpd.conf file.
This book is birthed after many days of searching the Internet for relevant
information – from various developer forums, tech blogs and the official
Virtualmin documentation, and putting all these bits and pieces together in
this cohesive book. The custom config files provided and custom shell scripts
are the results of many man-hours.
Overview
Before we start, please take note that steps outlined in Chapter 1 – 5 are
meant for a brand new server or VPS. In other words, there are no existing
websites or Virtual Servers configured in Virtualmin. This is important
because we need to do some preparatory work to configure Virtualmin before
creating our first Virtual Server (website).
NOTE: If you have existing websites (virtual servers), you can still follow
along but do NOT create any new virtual server until you've read Chapter 5.
Otherwise, your existing sites will 'stop working' because it could not find the
correct Apache handler to process the php files.
Murphy's Law tends to strike when one least expect it. Because of this, I
would strongly recommend that you try this on a development server (you
can easily get cheap VPS for $5 - $10/mth to test).
Once you're confident that it will work in your environment, then you can
apply it to your production server. Let's dive in!
Chapter 1: Installing the Software
If you have just installed Virtualmin on a stock server or VPS, you're
probably running CentOS 6 at the time of this writing (October 2014).
CentOS 7 has just been released recently, and Virtualmin support for it is not
as matured or stable compared to CentOS 6
CentOS 6.5 (and 6.6) ships with the following default software:
PHP 5.3.3 (this version of PHP has reached its end of life and is no
longer supported by the PHP team)
MySQL 5.1.73 (a very old version of MySQL server. Current
stable version is MySQL 5.5)
Apache 2.2.15 (although aged, it is considered one of the most
stable version of Apache ever released. The RedHat/CentOS team
is still actively maintaining it)
For the purpose of this book, we will be updating PHP to the latest stable 5.4
and upgrading the aged MySQL server to the current 5.5 from the “EPEL”
and “REMI” repositories. We will also install “mod_fastcgi” which is
required for Apache to “communicate” with PHP-FPM from the
“RepoForge” repository.
TIP: When you run the “yum install ...” command (without the '-y' flag), it
will display the package name PLUS the name of the repository it is located.
You need to manually enter “y” to confirm the install if want to go ahead and
install the software.
EPEL (Extra Packages for Enterprise Linux)
Ref: https://fedoraproject.org/wiki/EPEL
EPEL is a Fedora Special Interest Group that creates, maintains, and manages
a high quality set of additional packages for Enterprise Linux such as RHEL
(RedHat's commercial OS), CentOS (Same as RHEL, but community
supported), Scientific Linux (SL) and Oracle Enterprise Linux (OEL).
EPEL packages are usually based on their Fedora counterparts and does not
conflict with or replace packages in the base Enterprise Linux distributions.
EPEL uses much of the same infrastructure as Fedora, including buildsystem,
bugzilla instance, updates manager, mirror manager, etc.
REMI:
Ref: http://blog.famillecollet.com/pages/Config-en
The REMI software repository a yum repo maintained by a French
programmer - Remi Collet. It usually has the latest version of the software in
found in the core CentOS and Red Hat repositories, and it uses the same
package names as in the official repositories.
For example, the official CentOS repository uses the name “php-cli” (the
command line version of PHP and is based on PHP 5.3.3). IF you install
“php-cli” from the REMI repository, it will automatically upgrade the “php-
cli” to the latest PHP 5.4.34
Because of this (packages using the same naming convention as the official
repos), the REMI repository is “disabled” by default so that you don't
accidently “upgrade” a system software without realizing it.
You'll have to explicity 'enable' this repo if you want to install a particular
software from this repo. The Remi repository also depends on the EPEL
repository which is why we have to install the EPEL repo first.
RPMFORGE: http://repoforge.org/use/
RPMFORGE is another popular softwaare repository trusted by many open-
source enthusiast. It is now known as “RepoForge”, a project that maintains
various RPM packages for Red Hat Enterprise Linux (RHEL), CentOS and
Scientific Linux. It provides a set of repositories compatible with various
RHEL-derived distributions.
NOTE: Do not install it YET – because later, when we run the 'yum update'
command to update the installed repositories, the default “AWStats” package
will be replaced by the package in RepoForge repository which will cause the
AWStats reporting to break. We'll address this issue later.
Now it's time to update the software repositories (EPEL & REMI)
Update the EPEL repository.
The command below will update the latest packages from the EPEL
repository
# yum update
*Note: the command above will also upgrade PHP 5.3 to PHP 5.4 because
the yum utility will ensure all the interlinked software dependencies are met
(e.g. one of which was the php-mysql which was linked to MySQL 5.1 – so
when we upgrade MySQL to 5.5, the yum utility will also upgrade the
corresponding “php-mysql” packages to PHP 5.40).
When prompted, type 'y' and press the enter key.
Note: The 4th column tells you which software repository the software
package is being installed from. Once the software upgrade has been
completed, run this command to update some of the essential tables in
MySQL:
# mysql_upgrade
Install PHP-FPM
Now that all the system software is up to date, let's install PHP-FPM from the
REMI repo
# yum --enablerepo=remi install php-fpm
This will create the directory: /etc/php-fpm.d/ with the default “www.conf”
pool file. We will need to create a new 'pool template' called “www.bare” in
this directory later.
Install 'mod_fastcgi' from RepoForge
Ok, now we will install the “RepoForge” repository so that we can install the
“mod_fastcgi” package. This “mod_fastcgi” required for Apache to
communicate with the PHP-FPM server.
# rpm -ivh rpmforge-release-0.5.3-1.el6.rf.i686.rpm
# yum install mod_fastcgi
The the command above will install a file called “fastcgi.conf” in the
/etc/httpd/conf.d/ directory. Edit that file with your favorite editor and
replace ALL the content in that file with just these 3 lines of code:
(note: the source code for the 3 lines above is found in the “fastcgi.conf” file)
Chapter 2: Virtualmin Configuration
Ok, now that all the necessary software has been updated and installed, let's
login to Virtualmin now.
Note: if this is the first time you are logging into Virtualmin, it will prompt
you to go through series of “Post Installation Steps” where it will fine-tune
some of the server settings (e.g. optimizing the MySQL /etc/my.cnf for you
based on the memory setting you choose and assigning a root password for
MySQL).
This is the “key” to making all the PHP-FPM automation work. Basically,
this feature allows you to run custom scripts prior to making changes to a
server (e.g. before a Virtual Server is created), as well as run another custom
script AFTER making changes to a server (after Virtualmin has completed
setting up a new virtual server).
Give it a name, e.g. “Server-X1” or “PHP-FPM” and click the “Create and
Next” button
If you already have an existing custom Server Template, you can click on
that template and then click on the “Clone it” button.
Give it the
cloned template a new name, say “PHP-FPM”.
There are many options and settings that you can set in the Server Template,
in our case, we are only interested in the “Apache Website” section.
Click the drop-down list (at the “Edit template section”) and select “Apache
Website”
You will then see a page with a box with the description: “Directives and
settings for new websites”. Select the “Apache Directives Below” from the
radio-button
Then, paste the following code at the very bottom, after the existing codes in
the box.
NOTE: The “FastCgiExternalServer ...” line should be just one long line,
there is NO carriage return or the script will fail. You can download the
custom script package that is provided with this book - The download link is
at Chapter 10.
Further down on this same page, you will see this section:
The default setting in Virtualmin is to execute PHP as 'FCGId'.
This option does not add any additional FCGID directives to the “httpd.conf”
file which may cause problem.
updatehandler.sh
phpfpm.sh
createpool.sh
www.bare
fastcgi.conf
nginx/ ← this is a folder.
nginx.conf
proxy.inc
microcache.inc
virtualserver.com
nginx-proxy
createvhost.sh
1. “updatehandler.sh”
Basically, this script checks if the /etc/httpd/conf.d/php.conf exist. If it does,
then will rename it to “php.conf.orig” to prevent Apache from loading this
module and running the PHP interpreter as 'mod_php'. This will enable
'mod_fastcgi' module to run and communicate with the PHP-FPM server.
It will also make a backup copy of all the files in the /etc/httpd/conf/ and
/etc/httpd/conf.d/ to the “/root/config-bak/” for safe-keeping.
2. “phpfpm.sh”
This script makes use of the conditional statement “If the
$VIRTUALSERVER_ACTION“ provided by Virtualmin. This is a cool
feature in Virtualmin that allows one to create some really funky scripts by
using the various conditional statements provided by Virtualmin. Here's the
code listing:
This script (phpfpm.sh) uses the 'sed' command to create a new PHP-FPM
pool under the Virtual Server's userID (account owner) in the /etc/php-fpm.d/
directory.
It uses the base pool template file (“www.bare”) and replaces ALL
occurences of “www” with the “userID”.
You can also tweak the settings in the “www.bare” file to suit your server
environment.
3. “www.bare”
This is the php-fpm pool template file that will be used by the
'/root/phpfpm.sh' script. All occurences of 'www' will be replaced with the
Virtual-server's userID.
You can tweak
the variables, e.g. the “pm._*” to suit your server environment/resources.
4. “fastcgi.conf”
This is the custom (and much simpler) 3 liner which tells Apache to load the
'mod_fastcgi' module and create a new PHP handler (called “php-fpm”) to
process all .php files. We wil use this file to replace the default
“fastcgi.conf” that came with the 'mod_fastcgi' module.
Once all these custom scripts are in place, you're good to go. Create your
Virtual Servers as you normally would, and Virtualmin will automatically
setup the new virtual-server to run PHP-FPM under its own userID.
If you want to do more fancy stuff with automating the Virtual Server
creattion, refer to this documentation:
http://www.virtualmin.com/documentation/developer/prepost
It has a few sample scripts to get you started, and below are the list of
variables which are useful:
This chapter will guide you through the necessary steps to achieve this. I do
strongly recommend that you do NOT do this on a Production server because
the chances of breaking something is quite high, e.g. a small typo error can
cause havoc. Test it out on a development server (VPS) first, and once
you've the steps down pat, only then you can implement it on your live
server.
Backup!
Needless to say, the first step is to backup ALL the existing Apache's
configuration so that in case anything goes awry, you can restore them.
# cd /etc/httpd/
# mkdir -p /root/apache-config/
# cp -R conf/ conf.d/ /root/apache-config
The 3 commands above will copy all the existing configuration to the /root/
directory.
Once you've backed-up the configuration files, you can follow the steps
outlined from Chapter 1 – 4 to setup PHP-FPM to work with Virtualmin.
Open the file with your favorite editor – find and delete ALL the following
lines of code that beings with:
AddHandler fcgid-script .php
AddType application/x-httpd-php .php
AddHandler fcgid-script .php
AddHandler fcgid-script .php5
FCGIWrapper /home/pixms/fcgi-bin/php5.fcgi .php
FCGIWrapper /home/pixms/fcgi-bin/php5.fcgi .php5
RemoveHandler .php
RemoveHandler .php5
IPCCommTimeout
FcgidMaxRequestLen
After that, you need to append the following lines of code for EACH virtual
host, e.g.
<IfModule mod_fastcgi.c>
Alias /php-fpm /home/USER/cgi-bin/php-fpm
FastCgiExternalServer /home/USER/cgi-bin/php-fpm -socket
/home/USER/cgi-bin/USER.sock -pass-header Authorization -idle-
timeout 100
</IfModule>
Replace “USER” with the actual UserID of that Virtual Server. You can
find the 'USER' for each virtualhost by looking for the “DocumentRoot” line.
For example:
DocumentRoot /home/pixms/public_html
This tells you that the 'USER' in this case is 'pixms'
# cd /etc/php-fpm.d/
We are going to use the powerful 'sed' utility to do the heavy lifting for us.
The syntax is:
sed 's/www/USER/g' www.bare > USER.conf
In the early (or was it late) 90s, a web-server can only process and display
HTML and images. It cannot access databases, and it can do any of those
fancy 'dynamic' stuff that we see today.
The developers of the Apache webserver then came up with the concept of
“Handlers” - basically a module/method that tells Apache how to
communicate with external programs (e.g. Perl script, PHP scripts, etc) when
it encounters a specific file type.
Load and run the entire PHP engine (interpreter) within Apache
itself. This is known as “mod_php” or “Apache 2.0 Handler”. This
is the default method.
In the first case, i.e. “mod_php” - each instance of the child apache process
has the entire PHP stack/engine within itself. This cause un-necessary bloat
to the Apache processes because not every web requests are going to PHP
scripts, some web requests are just requesting for images, css, javascripts.
Hence, running “mod_php” causes in-efficient memory usage – and can be
an issue if a heavy traffic website has lots of graphics.
The CGI handler is no longer used in modern applications because the action
of spawning/killing CGI processes is very CPU intensive and inefficient.
So, where does PHP-FPM comes into the picture? PHP-FPM is actually
“FastCGI” with its own built-in “Process Manager” (PM).
But when we use the 'mod_fastcgi' module (installed from the RepoForge
repository), Apache hands over the control of the “Process Manager” to the
PHP-FPM engine which has its own “PM” - which is far more efficient.
By the way, the “FPM” stands for “FastCGI (F) Process (P) Manager(M)”
For more information about PHP-FPM, visit: http://php-fpm.org/about/
It has been noted that PHP-FPM can serve up millions of PHP requests
without any issues. Of course, this would also depend on the hardware
specifications.
Chapter 7: Setting up Nginx Reverse-Proxy
Virtualmin has built-in support for running “Nginx” as the primary Web-
server instead of Apache. If you opt to run Nginx, then you will need to
disable the Apache webserver in Virtualmin, as well as a number of other
packages such as the Awstats package. At the time of this writing (Nov
2014), the Nginx support (as the primary web-server) in Virtualmin is not as
robust or full-featured compared to the Apache web-server
The goal of this chapter is to run Nginx as the “reverse-proxy” to our Apache
web-server, i.e. Nginx will serve all the static files & pages (all the image,
css, and html files), while the PHP files will be served by Apache+PHP-FPM.
Running Apache with PHP-FPM is sufficient for most people, but anyway, it
is always good to be prepared … who knows, perhaps one day your website
will be 'slashdotted' and you'll be glad that you have Nginx on your side.
# wget http://nginx.org/packages/centos/6/noarch/RPMS/nginx-
release-centos-6-0.el6.ngx.noarch.rpm
# rpm -ivh nginx-release*
# yum install nginx
Type “y” and press the 'enter' key.
This will install the latest Stable version of Nginx on your server. But take
note that the default Nginx install above assumes that it will act as the “main
webserver” and not as a “Reverse Proxy”.
nginx.conf
proxy.inc
microcache.inc
virtualserver.com
createvhost.sh
nginx-proxy ← this is a blank/empty file
# cp nginx-proxy /root/
Now let's login to Virtualmin and make some adjustment the following
settings:
Webmin > Servers > Apache Webserver
and click on the “Global Configuration” tab:
As before, select the “Apache Website” section from the drop-down list.
Scroll down the page to the Port section and change the default port 80 to
“8080”
Even though we won't be using this “Default Template” when creating our
Nginx-reverse-Proxy powered site, we still have to do this, otherwise, the
default port 80 will be enforced in the “httpd.conf” file and Nginx will fail to
start.
Once you've done this, we're ready to create our first Nginx-Reverse-Proxy
powered site.
Then, you need to create EACH of the nginx vhosts files for every existing
website you have. In the /root/nginx/ directory, there is standard template
vhost file - “virtualserver.com” which you can use a reference for the syntax.
The script takes the default vhost template ('virtualserver.com') and replace
the appropriate tokens with the input that you provide for the new Nginx
vhosts.
Run only the services required, stop all the other services
Secure /tmp
Install a Firewall
Install LMD (Linux Malware Detect)
Think of these 'ports' as “doors” on a fortress wall – the more doors you have
on the fortress wall, the more targets the 'hackers' would have to practise on.
To minimize this, we should shut down any services that we intend to use on
our server. For example, if we don't intend to provide the mailing list service
or the DAV login service to our users, then we should turn them off.
We can do this from the command line by using the 'chkconfig' command or
from the Webmin's Bootup and Shutdown interface, i.e.
xinetd
splash-manager
mailman (if you don't intend to provide mailing list service)
Securing /tmp
In most cases, the /tmp directory in a freshly installed/commissioned Linux
server is NOT secured, i.e. it allows anyone (or script) to upload files to the
/tmp directory and execute them.
Run this simple test to find out whether your /tmp/ directory has the
executable bit set:
Create a simple 'hello world' Shell script in the /tmp directory:
#!/bin/bash
echo “hello world”
To do this, we just need to edit the /etc/fstab file and add these 2 lines:
Once you've done with editing the /etc/fstab, you can either reboot your
server or issue this command to remount all your partitions for this to take
effect.
# mount -a
Installing Firewall
Although Virtualmin comes with its own interface to help you manage the
“iptables” rules and chains, it can be quite cryptic and daunting, especially if
you are new to it.
(The Virtualmin Firewall Interface can be found at: Webmin > Networking >
Firewall)
TESTING = "0" ← the default is “1”. Change it to “0” to enable CSF firewall.
Then, look for this section: “IPv4 Port Settings” and add port “10000” and
“20000” to the “TCP_IN” and “TCP_OUT” line. See the underlined (in red)
below.
Click on the
link provided and you will then see the CSF web-interface.
The first thing you should do is click on the “Check Server Security” button.
This will cause the CSF firewalll tu run a scan/security audit on your server
setup. It will give you a summary of what needs to be “fixed” or changed to
beef up the security of your VPS/server.
And the Webmin > Bootup & Shutdown menu showed that they are not
running either. The reason why CSF showed them as 'enabled' is because
they are still enabled on run levels 2, 4, 5. To completely turn them off at
ALL runlevels, run this command:
It uses threat data from network edge intrusion detection systems to extract
malware that is actively being used in attacks and generates signatures for
detection. In addition, threat data is also derived from user submissions with
the LMD checkout feature and from malware community resources.
The signatures that LMD uses are MD5 file hashes and HEX pattern matches,
they are also easily exported to any number of detection tools such as
ClamAV.
To download and install the latest version of LMD:
You can leave the rest of the configuration at its default values. Sample
Usage :
To scan a directory: the syntax is: maldet -a <path_to_directory>
For example:
# maldet -a /home/USERID/public_html
It will report the number of files it had scanned, as well as the number of 'hits'
(if malware is found) and the number of malware cleaned (if any)
Cpanel
Plesk (PSA)
Ensim
DirectAdmin
Default Apache DocRoot (/var/www/html)
The file paths setup in Virtualmin is similar to Cpanel – so you don't have to
make any changes to the script.
NOTE: You may have noticed that maldet uses the question mark (?) instead
of the usual asterix (*) to denote wildcard. For example, if you want to scan
all the user-accounts under the /home/ directory, you would use:
# maldet -a /home/?/public_html
note: The “?” denotes the wildcard characteristics instead of the typical *
Chapter 9: Where to go from here?
We have covered a lot of ground in this short book. The various code
snippets that you see here are the results of many man-hours of research,
testing and debugging.
While there are many ways to achieve a certain goal, I've done my best
follow the age-old UNIX principle of “K.I.S.S” (Keep It Super Simple) and
give you the simplest and easiest way to achieve the goal of setting up an
automated PHP-FPM server in Virtualmin.
But having said that, remember that technology is always changing, and by
the time you're reading this, some things may have already changed.
To keep abreast with the latest changes and updates in Virtualmin – check out
the official website from time to time – http://virtualmin.com.
Script/Software Download.
This page will also contain all the relevant updates and book errata found.
Did you benefit from this book?
If you have benefited from this book, please consider leaving a review at
Amazon so that it will help others who are looking for a similar PHP-FPM
solution in Virtualmin. You can click on the link below to go directly to the
book:
http://ilovevirtualmin.com/book-comments/book2.php
If there is anything lacking in this book, or if you think I should cover more
grounds, do let me know as it will help me improve this book in the next
edition.
This is the book that I wished I had when I moved from Cpanel/WHM to
Virtualmin. If you're wondering why I decided to move away from Cpanel,
well, the main reason is that Webmin/Virtualmin is a lot more powerful and
flexible compared to Cpanel/WHM.
You've seen this for yourself in this book – where we can easily add
automated PHP-FPM support into Virtualmin even though it's not officially
supported.
We can also create “extra admins” - for certain roles – for example, if we
need to hire a DBA to tweak our MySQL server, we can create an “Extra
Admin” with access to the MySQL server only and nothing else. We cannot
do this in Cpanel/WHM.
And of course, not having to pay a monthly license fee to use Virtualmin is a
big added bonus :-)
If you want to know more about this powerful Control Panel, check it out
here: http://ilovevirtualmin.com/go/book1.php
2. “Apache, PHP-FPM & Nginx: How to Build A Secure, Fast and Powerful
Web-Server”
This is my 3rd book in the “Practical Guide” series – which is scheduled to
be published on 30th November 2014. This book will guide you through the
setting up of PHP-FPM on a stock CentOS server – how to upgrade from the
default PHP 5.3.3 to the current stable PHP 5.4.x, how to setup automated
PHP-FPM pools for each individual virtual-servers and more importantly,
how to secure PHP-FPM on your server so that your users cannot use it to
“snoop” and view sensitive system files such as the /etc/passwd!
Not many people know this, but nearly all web-hosting servers come with the
default PHP settings which is NOT secure!
Anyone with a little php coding skills can quickly cobble a script to view
sensitive system files – such as the /etc/passwd file.
Let me show you the screenshot of the content of the /etc/passwd file:
The PHP code to do this is only 3 lines!
If I'm a malicious hacker, I will target the user 'pony' because he has 'shell'
access whereas the user 'donkey' does not.
This book will show you the above was done, and how you as the system
administrator can prevent it from happening to your own server.
There will be a chapter on performance turning with 2 mini-case studies on
the “ideal” settings in the PHP-FPM pool file.