Installing Mercurial on Debian 7.5

Mercurial is a software versioning and revision control system to maintain current and historical versions of files such as source code, web pages, and documentation. The development server caters for the hosting of the version control system and also allows for access to it over the HTTPS protocol.

Installing Mercurial

To install Mercurial, we execute the following command in a “root” shell.

apt-get install mercurial mercurial-common

Creating the Mercurial repository

To create the container and set the appropriate ownership and permissions for our Mercurial repositories, we execute the following commands in a “root” shell.

mkdir -p /home/hg
chown www-data:www-data /home/hg
chmod 700 /home/hg

Installing the Apache Module

To enable the submission of files to Mercurial over WebDAV, we install the necessary module by executing the following in a “root” shell.

apt-get install libapache2-mod-wsgi

Configuring Apache

To configure Mercurial, we will host it on a secure virtual host on Apache.

Configuring Apache Module

To configure the module, we will be hosting the files hgweb.config and hgweb.cgi in a directory cgi-bin, which is created by executing the following commands in a “root” shell.

mkdir /home/www-data/sitename
mkdir /home/www-data/sitename/cgi-bin
chown -R www-data:www-data /home/www-data/sitename
chmod -R 770 /home/www-data/sitename

Next, we will create the hgweb.config file, which will contain the following.

[web]
style = monoblue
allow_push = *
push_ssl = true
[paths]
/ = /home/hg/*

Next, we will edit the hgweb.cgi file to contain the following, after copying the example file by executing the following command in a “root” shell.

cp /usr/share/doc/mercurial/examples/hgweb.cgi /home/www-data/sitename/cgi-bin/
#!/usr/bin/env python
#
# An example hgweb CGI script, edit as necessary
# See also http://mercurial.selenic.com/wiki/PublishingRepositories

# Path to repo or hgweb config to serve (see 'hg help hgweb')
config = "/home/www-data/sitename/cgi-bin/hgweb.config"

# Uncomment and adjust if Mercurial is not installed system-wide
# (consult "installed modules" path from 'hg debuginstall'):
#import sys; sys.path.insert(0, "/path/to/python/lib")

# Uncomment to send python tracebacks to the browser if an error occurs:
import cgitb; cgitb.enable()

from mercurial import demandimport; demandimport.enable()
from mercurial.hgweb import hgweb, wsgicgi
application = hgweb(config)
wsgicgi.launch(application)

Finally, we will set the necessary ownership and permissions on the hgweb.config and hgweb.cgi by executing the following commands in a “root” shell.

chown -R www-data:www-data /home/www-data/sitename/cgi-bin
chmod 760 hgweb.cgi
chmod 660 hgweb.config

Virtual Host settings

The virtual host will use the IP address 192.168.100.15, using the certificate in /etc/ssl/CA/certs/sitename.cert and the private key in /etc/ssl/CA/private/sitename.key.nopass. Authentication will also be required using a htpasswd file in /etc/apache2/security/htpasswd.sitename.

To create this htpasswd file, we execute the following command in a “root” shell.

htpasswd -c /etc/apache2/security/htpasswd.sitename admin

We will then be prompted to enter a password for the user admin, and using these credentials we will be able to access the Mercurial web interface.

Virtual Host Configuration

<VirtualHost 192.168.100.15:80>
    RewriteEngine on
    ReWriteCond %{SERVER_PORT} !^443$
    RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [NC,R,L]
</VirtualHost>

<VirtualHost 192.168.100.15:443>
    ServerName sitename
    ServerAdmin webmaster@domain

    SSLEngine On
    SSLCertificateFile /etc/ssl/CA/certs/sitename.cert
    SSLCertificateKeyFile /etc/ssl/CA/private/sitename.key.nopass

    BrowserMatch "MSIE [2-6]" \
        nokeepalive ssl-unclean-shutdown \
        downgrade-1.0 force-response-1.0
    BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown

    DocumentRoot /home/www-data/sitename
    <Directory /home/www-data/sitename>
        Options SymLinksIfOwnerMatch
        AllowOverride None
        Order allow,deny
        Allow from all
    </Directory>

    Alias /static /usr/share/mercurial/templates/static
    <Directory /usr/share/mercurial/templates/static>
        Options SymLinksIfOwnerMatch
        AllowOverride None
        Order allow,deny
        Allow from all
    </Directory>


    ScriptAlias / /home/www-data/sitename/cgi-bin/hgweb.cgi
    <Location />
        AuthType Basic
        AuthName "Mercurial Repository"
        AuthUserFile /etc/apache2/security/htpasswd.sitename
        Require valid-user
    </Location>

    ErrorLog ${APACHE_LOG_DIR}/sitename/error.log
    CustomLog ${APACHE_LOG_DIR}/sitename/access.log combined
</VirtualHost>

Enabling the Virtual Host

To enable the virtual host, we execute the following command in a “root” shell.

a2ensite sitename

To reload the configuration, we execute the following command in a “root” shell.

service apache2 reload
Advertisements

Installing Subversion on Debian 7.5

Apache Subversion is a software versioning and revision control system to maintain current and historical versions of files such as source code, web pages, and documentation. The development server caters for the hosting of the version control system and also allows for access to it over the HTTPS protocol.

Installing Subversion

To install Subversion, we execute the following command in a “root” shell.

apt-get install subversion subversion-tools

Creating the Subversion repository

To create the container and set the appropriate ownership and permissions for our Subversion repositories, we execute the following commands in a “root” shell.

mkdir -p /home/svn
chown www-data:www-data /home/svn
chmod 700 /home/svn

Installing the Apache Module

To enable the submission of files to Subversion over WebDAV, we install the necessary module by executing the following in a “root” shell.

apt-get install libapache2-svn

Configuring Apache

To configure Subversion, we will host it on a secure virtual host on Apache.

Virtual Host settings

The virtual host will use the IP address 192.168.100.15, using the certificate in /etc/ssl/CA/certs/sitename.cert and the private key in /etc/ssl/CA/private/sitename.key.nopass. Authentication will also be required using a htpasswd file in /etc/apache2/security/htpasswd.sitename.

To create this htpasswd file, we execute the following command in a “root” shell.

htpasswd -c /etc/apache2/security/htpasswd.sitename admin

We will then be prompted to enter a password for the user admin, and using these credentials we will be able to access the Subversion web interface.

Virtual Host Configuration

<VirtualHost 192.168.100.15:80>
    RewriteEngine on
    ReWriteCond %{SERVER_PORT} !^443$
    RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [NC,R,L]
</VirtualHost>

<VirtualHost 192.168.100.15:443>
    ServerName sitename
    ServerAdmin webmaster@domain

    SSLEngine On
    SSLCertificateFile /etc/ssl/CA/certs/sitename.cert
    SSLCertificateKeyFile /etc/ssl/CA/private/sitename.key.nopass

    <Location />
        DAV svn
        SVNParentPath /home/svn

        AuthType Basic
        AuthName "Subversion Repository"
        AuthUserFile /etc/apache2/security/htpasswd.sitename
        Require valid-user
    </Location>

    ErrorLog ${APACHE_LOG_DIR}/sitename/error.log
    CustomLog ${APACHE_LOG_DIR}/sitename/access.log combined
</VirtualHost>

Enabling the Virtual Host

To enable the virtual host, we execute the following command in a “root” shell.

a2ensite sitename

To reload the configuration, we execute the following command in a “root” shell.

service apache2 reload

Installing RockMongo on Debian 7.5

To be able to administer a MongoDB Server, a connection needs to be established to it. Several options are available, with the most frequently used being the command-line utilities in a shell. We can also make use of RockMongo, allowing us access to the database server through a web interface.

Downloading RockMongo

To download the latest release of RockMongo, we access it at http://rockmongo.com/downloads.

Installing RockMongo

Once downloaded, we can extract the archive and setup the virtual host to publish the extracted directory.

Configuring RockMongo

To configure RockMongo, we will host it on a secure virtual host on Apache.

Virtual Host settings

The virtual host will use the IP address 192.168.100.14, using the certificate in /etc/ssl/CA/certs/sitename.cert and the private key in /etc/ssl/CA/private/sitename.key.nopass. Authentication will also be required using a htpasswd file in /etc/apache2/security/htpasswd.sitename.

To create this htpasswd file, we execute the following command in a “root” shell.

htpasswd -c /etc/apache2/security/htpasswd.sitename admin

We will then be prompted to enter a password for the user admin, and using these credentials we will be able to access the RockMongo web interface.

Virtual Host Configuration

<VirtualHost 192.168.100.14:80>
    RewriteEngine on
    ReWriteCond %{SERVER_PORT} !^443$
    RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [NC,R,L]
</VirtualHost>

<VirtualHost 192.168.100.14:443>
    ServerName sitename
    ServerAdmin webmaster@domain

    SSLEngine On
    SSLCertificateFile /etc/ssl/CA/certs/sitename.cert
    SSLCertificateKeyFile /etc/ssl/CA/private/sitename.key.nopass

    DocumentRoot /var/www/rockmongo
    <Directory /var/www/rockmongo>
        Options FollowSymLinks
        DirectoryIndex index.php
        <IfModule mod_php5.c>
            AddType application/x-httpd-php .php
            php_flag magic_quotes_gpc Off
            php_flag track_vars On
            php_flag register_globals Off
            php_admin_flag allow_url_fopen Off
            php_value include_path .
        </IfModule>
        <IfModule mod_authn_file.c>
            AuthType Basic
            AuthName "MongoDB Administration"
            AuthUserFile /etc/apache2/security/htpasswd.sitename
        </IfModule>
        Require valid-user
    </Directory>

    ErrorLog ${APACHE_LOG_DIR}/sitename/error.log
    CustomLog ${APACHE_LOG_DIR}/sitename/access.log combined
</VirtualHost>

Enabling the Virtual Host

To enable the virtual host, we execute the following command in a “root” shell.

a2ensite sitename

To reload the configuration, we execute the following command in a “root” shell.

service apache2 reload

Installing phpMemcachedAdmin on Debian 7.5

To be able to monitor and manage a Memcached server, a connection needs to be established to it. Several options are available, with the most basic being making use of telnet. We can also make use of phpMemcachedAdmin, allowing us to monitor and manage our Memcached server through a web interface.

It provides us with real-time stats for get, set, delete, increment, decrement, evictions, reclaimed and cas commands, as well as server stats (network, items, server version) with googlecharts and server internal configuration.

Downloading phpMemcachedAdmin

To download the latest release of phpMemcachedAdmin, we access it at http://blog.elijaa.org/index.php?pages/phpMemcachedAdmin-Download.

Installing phpMemcachedAdmin

Once downloaded, we can extract the archive and setup the virtual host to publish the extracted directory.

Configuring phpMemcachedAdmin

To configure phpMemcachedAdmin, we will host it on a secure virtual host on Apache.

Virtual Host settings

The virtual host will use the IP address 192.168.100.14, using the certificate in /etc/ssl/CA/certs/sitename.cert and the private key in /etc/ssl/CA/private/sitename.key.nopass. Authentication will also be required using a htpasswd file in /etc/apache2/security/htpasswd.sitename.

To create this htpasswd file, we execute the following command in a “root” shell.

htpasswd -c /etc/apache2/security/htpasswd.sitename admin

We will then be prompted to enter a password for the user admin, and using these credentials we will be able to access the phpMemcachedAdmin web interface.

Virtual Host Configuration

<VirtualHost 192.168.100.14:80>
    RewriteEngine on
    ReWriteCond %{SERVER_PORT} !^443$
    RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [NC,R,L]
</VirtualHost>

<VirtualHost 192.168.100.14:443>
    ServerName sitename
    ServerAdmin webmaster@domain

    SSLEngine On
    SSLCertificateFile /etc/ssl/CA/certs/sitename.cert
    SSLCertificateKeyFile /etc/ssl/CA/private/sitename.key.nopass

    DocumentRoot /var/www/phpmemcachedadmin
    <Directory /var/www/phpmemcachedadmin>
        Options FollowSymLinks
        DirectoryIndex index.php
        <IfModule mod_php5.c>
            AddType application/x-httpd-php .php
            php_flag magic_quotes_gpc Off
            php_flag track_vars On
            php_flag register_globals Off
            php_admin_flag allow_url_fopen Off
            php_value include_path .
        </IfModule>
        <IfModule mod_authn_file.c>
            AuthType Basic
            AuthName "Memcached Administration"
            AuthUserFile /etc/apache2/security/htpasswd.sitename
        </IfModule>
        Require valid-user
    </Directory>

    ErrorLog ${APACHE_LOG_DIR}/sitename/error.log
    CustomLog ${APACHE_LOG_DIR}/sitename/access.log combined
</VirtualHost>

Enabling the Virtual Host

To enable the virtual host, we execute the following command in a “root” shell.

a2ensite sitename

To reload the configuration, we execute the following command in a “root” shell.

service apache2 reload

Installing phpMyAdmin on Debian 7.5

To be able to administer a MySQL Server, a connection needs to be established to it. Several options are available, with the most frequently used being the command-line utilities in a shell. Another option is to make use of MySQL Workbench. However, this isn’t the preferred solution, since this would require firewall rules to be defined to allow only certain remote connections to our database server. We can also make use of phpMyAdmin, allowing us access to the database server through a web interface.

Installing phpMyAdmin

To install phpMyAdmin, we execute the following command in a “root” shell.

apt-get install phpmyadmin

During the installation, we are prompted whether a web server should be configured and if the database should be configured making use of dbconfig-common.

If we selected to configure apache2, a virtual path /phpmyadmin will be added to the primary web site.

Configuring phpMyAdmin

To configure phpMyAdmin, we will host it on a secure virtual host on Apache.

Virtual Host settings

The virtual host will use the IP address 192.168.100.14, using the certificate in /etc/ssl/CA/certs/sitename.cert and the private key in /etc/ssl/CA/private/sitename.key.nopass. Authentication will also be required using a htpasswd file in /etc/apache2/security/htpasswd.sitename.

To create this htpasswd file, we execute the following command in a “root” shell.

htpasswd -c /etc/apache2/security/htpasswd.sitename admin

We will then be prompted to enter a password for the user admin, and using these credentials we will be able to access the phpMyAdmin web interface.

Virtual Host Configuration

<VirtualHost 192.168.100.14:80>
    RewriteEngine on
    ReWriteCond %{SERVER_PORT} !^443$
    RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [NC,R,L]
</VirtualHost>

<VirtualHost 192.168.100.14:443>
    ServerName sitename
    ServerAdmin webmaster@domain

    SSLEngine On
    SSLCertificateFile /etc/ssl/CA/certs/sitename.cert
    SSLCertificateKeyFile /etc/ssl/CA/private/sitename.key.nopass

    DocumentRoot /usr/share/phpmyadmin
    <Directory /usr/share/phpmyadmin>
        Options FollowSymLinks
        DirectoryIndex index.php
        <IfModule mod_php5.c>
            AddType application/x-httpd-php .php
            php_flag magic_quotes_gpc Off
            php_flag track_vars On
            php_flag register_globals Off
            php_admin_flag allow_url_fopen Off
            php_value include_path .
            php_admin_value upload_tmp_dir /var/lib/phpmyadmin/tmp
            php_admin_value open_basedir /usr/share/phpmyadmin/:/etc/phpmyadmin/:/var/lib/phpmyadmin/
        </IfModule>
        <IfModule mod_authn_file.c>
            AuthType Basic
            AuthName "MySQL Administration"
            AuthUserFile /etc/apache2/security/htpasswd.sitename
        </IfModule>
        Require valid-user
    </Directory>
    <Directory /usr/share/phpmyadmin/setup>
        Order Deny,Allow
        Deny from All
    </Directory>
    <Directory /usr/share/phpmyadmin/libraries>
        Order Deny,Allow
        Deny from All
    </Directory>

    ErrorLog ${APACHE_LOG_DIR}/sitename/error.log
    CustomLog ${APACHE_LOG_DIR}/sitename/access.log combined
</VirtualHost>

Enabling the Virtual Host

To enable the virtual host, we execute the following command in a “root” shell.

a2ensite sitename

To reload the configuration, we execute the following command in a “root” shell.

service apache2 reload

Installing a Certificate on a Virtual Host

To enable the use of multiple secure virtual hosts, we use name-based as well as ip-based virtual hosts. To setup the secure virtual host, we use the following template.

NameVirtualHost 192.168.100.xxx
<VirtualHost 192.168.100.xxx:443>
    ServerName sitename
    ServerAdmin webmaster@sitename

    SSLEngine On
    SSLCertificateFile /etc/ssl/CA/certs/sitename.cert
    SSLCertificateKeyFile /etc/ssl/CA/private/sitename.key.nopass

    BrowserMatch "MSIE [2-6]" \
        nokeepalive ssl-unclean-shutdown \
        downgrade-1.0 force-response-1.0
    BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown

    DocumentRoot /home/www-data/sitename
    <Directory /home/www-data/sitename>
        Options SymLinksIfOwnerMatch
        AllowOverride AuthConfig
        Order allow,deny
        Allow from all
    </Directory>

    DirectoryIndex index.html
    ErrorDocument 404 /404.html

    ErrorLog ${APACHE_LOG_DIR}/sitename/error.log
    CustomLog ${APACHE_LOG_DIR}/sitename/access.log combined
</VirtualHost>

From the above, it is clear that we can setup a secure as well as a non-secure virtual host, whereby the non-secure virtual host would host general information and the secure virtual host the information exchange that requires encryption, e.g. the non-secure hosting a product catalogue and the secure hosting the payment component.

To ensure that the user always access the secure virtual host, we use the following template.

NameVirtualHost 192.168.100.xxx
<VirtualHost 192.168.100.xxx:80>
    RewriteEngine on
    ReWriteCond %{SERVER_PORT} !^443$
    RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [NC,R,L]
</VirtualHost>

<VirtualHost 192.168.100.xxx:443>
    ServerName sitename
    ServerAdmin webmaster@sitename

    SSLEngine On
    SSLCertificateFile /etc/ssl/CA/certs/sitename.cert
    SSLCertificateKeyFile /etc/ssl/CA/private/sitename.key.nopass

    BrowserMatch "MSIE [2-6]" \
        nokeepalive ssl-unclean-shutdown \
        downgrade-1.0 force-response-1.0
    BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown

    DocumentRoot /home/www-data/sitename
    <Directory /home/www-data/sitename>
        Options SymLinksIfOwnerMatch
        AllowOverride AuthConfig
        Order allow,deny
        Allow from all
    </Directory>

    DirectoryIndex index.html
    ErrorDocument 404 /404.html

    ErrorLog ${APACHE_LOG_DIR}/sitename/error.log
    CustomLog ${APACHE_LOG_DIR}/sitename/access.log combined
</VirtualHost>

Setting up Apache Virtual Hosts

To enable the use of multiple virtual hosts, we use name-based as well as ip-based virtual hosts. To setup the virtual host, we use the following template.

NameVirtualHost 192.168.100.xxx
<VirtualHost 192.168.100.xxx>
    ServerName sitename
    ServerAdmin webmaster@sitename

    AccessFileName .htaccess
    DocumentRoot /home/www-data/sitename
    <Directory /home/www-data/sitename>
        Options SymLinksIfOwnerMatch
        AllowOverride AuthConfig
        Order allow,deny
        Allow from all
    </Directory>

    DirectoryIndex index.html
    ErrorDocument 404 /404.html

    ErrorLog ${APACHE_LOG_DIR}/sitename/error.log
    CustomLog ${APACHE_LOG_DIR}/sitename/access.log combined
</VirtualHost>

From the above template, we set sitename to the URL of the virtual host and create a directory for it, setting the ownership of it to www-data:www-data as well as granting the owner and group full access to it. We also create a directory under the main apache log files for the virtual host’s log files.

We create a phpinfo.php file in the root directory of the virtual host to ensure the availability and configuration of PHP on it. The content of the phpinfo.php file is the following.

<?php
phpinfo();
?>

To enable the virtual host, we execute the following command in a “root” shell.

a2ensite sitename

To reload the configuration, we reload the apache2 service by executing the following command in a “root” shell.

service apache2 reload