Alpine newbie developer: full stack web

From Alpine Linux
Jump to: navigation, search

WIP:

Documents series

Note: take in consideration first read the documents here, before next in the series
Previous required What's next to read
Alpine newbie developer, Alpine newbie desktops must be completed! Alpine newbie developer: work from desktop on remote servers, Alpine_production_deploy, Alpine newbie developer: full stack backend

GIT

IDE

Geany IDE

Sublime text

Documents series

Previous required What's next to read
Alpine newbie developer, Alpine newbie desktops must be completed! Alpine newbie developer: work from desktop on remote servers, Alpine_production_deploy, Alpine newbie developer: full stack backend

PHP

Alpine are minimalist so not all PHP packages are need in most cases, in development environment we used most, but, for PHP at prouction LAMP please watch the Production LAMP system: Lighttpd + PHP + MySQL wiki page.

PHP Installation

Since version v3.5, PHP 7 is available along with PHP 5.6 coexisting together, until version v3.9 where the latter was removed. So for Alpine 3.5+m we will assume PHP7, if you need PHP5.6 still could use it, that wil be cover in the special Production LAMP system: Lighttpd + PHP5 + MySQL wiki page for older Alpine systems and some specific php softwares.

  1. Install core packages of php
  2. Install databases access packages of php, take in consideration the prevously ODBC configurations
  3. Install extra packages of php
apk add php7 php7-bcmath php7-bz2 php7-ctype php7-curl php7-dom php7-enchant php7-exif php7-fpm php7-gd php7-gettext php7-gmp php7-iconv php7-imap php7-intl php7-json php7-mbstring php7-opcache php7-openssl php7-phar php7-posix php7-pspell php7-recode php7-session php7-simplexml php7-sockets php7-sysvmsg php7-sysvsem php7-sysvshm php7-tidy php7-xml php7-xmlreader php7-xmlrpc php7-xmlwriter php7-xsl php7-zip php7-sqlite3

apk add php7-dba php7-sqlite3 php7-mysqli php7-mysqlnd php7-pgsql php7-pdo_dblib php7-pdo_odbc php7-pdo_pgsql php7-pdo_sqlite 

apk add php7-snmp php7-soap php7-ldap php7-pcntl php7-pear php7-shmop php7-wddx php7-cgi php7-pdo php7-snmp php7-tokenizer 
Note: A special case it's the php7-odbc, unless the others, that are able php to connect to only specific database, unixodbc are a universal way to do so. Please take a shot are the section ODBC in this page,the most important difference are that by example, php7-mysqli package has better functions to manage data into the php software usage.

PHP Global Configuration

  1. Use fix.pathinfo
  2. Set safe mode off
  3. Dont expose php code if something fails
  4. Set amount of memory limit for execution to 256Mb (most servers are minimal of 1Gb of RAM)
  5. So then set upload size to 56Mb as maximun.
  6. Set then POST max size to 128Mb based on the upload max size limit.
  7. Turn on the url open method
  8. Set default charset to UTF-8 more compatible
  9. Increase the execution time and the input time for.
sed -i -r 's|.*cgi.fix_pathinfo=.*|cgi.fix_pathinfo=1|g' /etc/php*/php.ini
sed -i -r 's#.*safe_mode =.*#safe_mode = Off#g' /etc/php*/php.ini
sed -i -r 's#.*expose_php =.*#expose_php = Off#g' /etc/php*/php.ini
sed -i -r 's#memory_limit =.*#memory_limit = 256M#g' /etc/php*/php.ini
sed -i -r 's#upload_max_filesize =.*#upload_max_filesize = 56M#g' /etc/php*/php.ini
sed -i -r 's#post_max_size =.*#post_max_size = 128M#g' /etc/php*/php.ini
sed -i -r 's#^file_uploads =.*#file_uploads = On#g' /etc/php*/php.ini
sed -i -r 's#^max_file_uploads =.*#max_file_uploads = 12#g' /etc/php*/php.ini
sed -i -r 's#^allow_url_fopen = .*#allow_url_fopen = On#g' /etc/php*/php.ini
sed -i -r 's#^.default_charset =.*#default_charset = "UTF-8"#g' /etc/php*/php.ini
sed -i -r 's#^.max_execution_time =.*#max_execution_time = 150#g' /etc/php*/php.ini
sed -i -r 's#^max_input_time =.*#max_input_time = 90#g' /etc/php*/php.ini

PHP-FPM Configuration

The PHP-FPM defined a master process with some pool of process for each service resuests, by default there's only one pool of processes, the www pool process.

Tango-dialog-warning.png
Warning: Both configurations are defined for Apache2 and/or Lighttpd, if there's one missing will be ignored! The problem with Lighttpd are that most web deployed software only works with Apache2's rewrite rules, so professional sites always configured reverse proxy ones with lighty or nginx at the front of Apache2.


  1. Create directory for php socket and pid files, MUST BE EQUAL to openrc init script defined!
  2. Set into configuration file the socket path, MUST BE EQUAL to openrc init script defined!
  3. Set into configuration file the pid file path, MUST BE EQUAL to openrc nit script defined!
  4. enable the mod_alias at the config file, due need of a specific path for cgi files into security
  5. be sure and disable the fastcgi-php module by cgi only
  6. and then enable the fastcgi-php-fpm specific module then
  7. write a much much better approach of the php handler in the local server using the socket
  8. configure the php to use also the socket too for direct connection locally
  9. restart the service to see changes at the browser

mkdir -p /var/run/php-fpm7/

chown lighttpd:root /var/run/php-fpm7

sed -i -r 's|^.*listen =.*|listen = /run/php-fpm7/php7-fpm.sock|g' /etc/php*/php-fpm.d/www.conf

sed -i -r 's|^pid =.*|pid = /run/php-fpm7/php7-fpm.pid|g' /etc/php*/php-fpm.conf

sed -i -r 's|^.*listen.mode =.*|listen.mode = 0640|g' /etc/php*/php-fpm.d/www.conf

rc-update add php-fpm7 default

service php-fpm7 restart

mkdir -p /var/www/localhost/cgi-bin

sed -i -r 's#\#.*mod_alias.*,.*#    "mod_alias",#g' /etc/lighttpd/lighttpd.conf

sed -i -r 's#.*include "mod_cgi.conf".*#   include "mod_cgi.conf"#g' /etc/lighttpd/lighttpd.conf

sed -i -r 's#.*include "mod_fastcgi.conf".*#\#   include "mod_fastcgi.conf"#g' /etc/lighttpd/lighttpd.conf

sed -i -r 's#.*include "mod_fastcgi_fpm.conf".*#   include "mod_fastcgi_fpm.conf"#g' /etc/lighttpd/lighttpd.conf

cat > /etc/lighttpd/mod_fastcgi_fpm.conf << EOF
server.modules += ( "mod_fastcgi" )
index-file.names += ( "index.php" )
fastcgi.server = (
    ".php" => (
      "localhost" => (
        "socket"                => "/var/run/php-fpm7/php7-fpm.sock",
        "broken-scriptfilename" => "enable"
      ))
)
EOF

sed -i -r 's|^.*listen =.*|listen = /var/run/php-fpm7/php7-fpm.sock|g' /etc/php*/php-fpm.d/www.conf

sed -i -r 'php-fpm7 restart

rc-service lighttpd restart

echo "<?php echo phpinfo(); ?>" > /var/www/localhost/htdocs/info.php

For testing open a browser and go to http://<webserveripaddres>/info.php and you will see only the minimal info due in production there's no need for too much information to crackers. The "webserveripaddres" are the ip address of your setup/server machine.

After that, all the files with php will be proceses faster than used a host based, also under the /var/www/localhost/cgi-bin directory will be showed as http://localhost/cgi-bin/ path.

Documents series

Previous required What's next to read
Alpine newbie developer, Alpine newbie desktops must be completed! Alpine newbie developer: work from desktop on remote servers, Alpine_production_deploy, Alpine newbie developer: full stack backend

NodeJS and NPM

Installation

apk add nodejs

Documents series

Previous required What's next to read
Alpine newbie developer, Alpine newbie desktops must be completed! Alpine newbie developer: work from desktop on remote servers, Alpine_production_deploy, Alpine newbie developer: full stack backend

Databases

Due web developer always uses Mysql, here only will cover Mysql/MariaDB and ODBC, for PostgreSQL please take a look to the Alpine newbie developer: full stack backend wiki page.

MySQL

Alpine Linux has dummy counterparts packages for those that are not close to that change from mysql to mariadb naming packages.

Installation

Take in consideration that the user mysql was created during instalation of packages, in the initialization section two users will be created in database init: root and mysql, and in that point only if are in their respective system accounts, will be able to connect to the database service.

apk add mysql mysql-client mariadb-doc mariadb-connector-c-dev 

That will install the most used ones.. mariadb-cient and mariadb-server with respective documents and manpages for developing, rest of packages are brief described in the MariaDB Alpine wiki page.

Note: Please take a look to the ODBC section of this document for Mariadb ODBC connections.

Initialization

The datadir are located to /var/lib/mysql must be owned by the mysql user and group. You can modify this behavior but must edit the service file at /etc/init.d directory. Also, you need to set datadir=<YOUR_DATADIR> under section [mysqld] at the config file.

  1. Initialize the main mysql database, and the data dir as standardized to /var/lib/mysql by the rc script
  2. Then initialize the service, root account and socket connection are enabled without password at this point
  3. Setup the root account by asignes a proper password, this are purely paranoid. due next step already do that!
  4. Setup and init the installation by running the mysql_secure_installation
  5. Setup permissions for manage others users and databases
  6. Run the mysql_secure_installation script and answer the questions (see section below)

mysql_install_db --user=mysql --datadir=/var/lib/mysql

rc-service mariadb start

mysqladmin -u root password toor

mysql_secure_installation

  1. Enter current password for root (enter for none): must be provided due we already set previously. correct respond are OK, successfully used password, moving on...
  2. Switch to unix_socket authentication [Y/n] this are not the case and must be disabled, so answer NO, and response will be ... skipping.
  3. Change the root password? [Y/n] Just press "n" only if you provided a good password, otherwise just change it!
  4. Remove anonymous users? [Y/n] In any case, production system must remove it, so answer Y and proper respond mus be ... Success!.
  5. Disallow root login remotely? [Y/n] For sure answer Y and proper respond mus be ... Success!.
  6. Remove test database and access to it? [Y/n] Should be removed, so answer Y and proper respond mus be ... Success!.
  7. Reload privilege tables now? [Y/n] Answer Y and proper respond mus be ... Success!.

After aswered all the questions.. restart the service with rs-service mariadb restart

Configuration

Newer system Alpine packages can set in independent files in any case those commands always works and where are not apply just will ignore the output, for more info about that watch the MariaDB Configuration files section of the MariaDB wiki page.

  • On older Alpine system must set config files for MAX ALLOWED PACKETS to minimun proper amount
  • Set default charset to UTF8MB4
  • Added the service to start process but not at boot process due needs networking started.
  • Restart the service to apply changes.

sed -i "s|.*max_allowed_packet\s*=.*|max_allowed_packet = 100M|g" /etc/mysql/my.cnf
sed -i "s|.*max_allowed_packet\s*=.*|max_allowed_packet = 100M|g" /etc/my.cnf.d/mariadb-server.cnf

cat > /etc/my.cnf.d/mariadb-server-default-charset.cnf << EOF
[client]
default-character-set = utf8mb4

[mysqld]
collation_server = utf8mb4_unicode_ci
character_set_server = utf8mb4

[mysql]
default-character-set = utf8mb4
EOF

rc-service mariadb restart

rc-update add mariadb default

Upgrading

On upgrade cases: If are unable to run any mysql command after an upgrade, it's because MySQL cannot start try run MySQL in safemode with mysqld_safe --datadir=/var/lib/mysql/ command and then run the mysql_upgrade -u root -p script. For more information watch the MariaDB upgrading section of the MariaDB wiki page.

  1. keep the old database (mysql sheme) structure of the engine daemon, currently this are not more the case, today this not make sense anymore
  2. upgrade the MariaDB/MySQL packages, of course with must be done if the upgrade process to mayor alpine version does not!
  3. run the mysql_upgrade -u root -p script, providing the password or root, (from the new package version) against the old still-running database (mysql sheme). This will produce some error messages; however, the upgrade will succeed.
  4. Restart the service

If are unable to run mysql_upgrade because MySQL cannot start try run MySQL in safemode with mysqld_safe --datadir=/var/lib/mysql/ command and then run the mysql_upgrade -u root -p script.

Next to Read

Note: take in consideration first read the documents here, before next in the series
Previous required What's next to read
Alpine newbie developer, Alpine newbie desktops must be completed! Alpine newbie developer: work from desktop on remote servers, Alpine_production_deploy, Alpine newbie developer: full stack backend

See Also