Thursday, August 19, 2010

Catching up with the configuration curve

Okay, so, I discovered some new stuff.

First: nginx can be convinced to do close-to-automatic deployments.

sudo tee /etc/nginx/conf.d/autoconfig.conf <<-\EOA
    client_max_body_size 5M;
    client_body_buffer_size 128k;
    proxy_connect_timeout 90;
    proxy_send_timeout 180;
    proxy_read_timeout 180;
    proxy_buffer_size 16k;
    proxy_buffers 8 16k;
    proxy_busy_buffers_size 32k;
    proxy_intercept_errors on;
    fastcgi_connect_timeout 60;
    fastcgi_send_timeout 180;
    fastcgi_read_timeout 180;
    fastcgi_buffer_size 128k;
    fastcgi_buffers 4 256k;
    fastcgi_busy_buffers_size 256k;
    fastcgi_temp_file_write_size 256k;
    fastcgi_intercept_errors on;
    include /var/www/sites/*/config/*;
EOA

Now when you drop a new site into /var/www/sites your configuration will be picked up after an 'reload nginx'! Just rename the config folder to config-disabled and reload 'nginx' to disable a site.

Second: PostgreSQL!

I'm sick of mySQL, Sun, and Oracle. Screw 'em all, time to jump ship to Postgres.
Yay for Drizzle and MariaDB; keep up the good work and don't let The Man (Oracle) keep you down. Maybe I'll come back from the pg-side, maybe not.

apt-get install postgresql php5-pgsql phppgadmin


This is a little more involved to setup than mysql, due to the lack of dbconfig-common support requiring manual setup.

nano /usr/share/phppgadmin/conf/config.inc.php


Now find and change the following line
$conf['extra_login_security'] = true;
to
$conf['extra_login_security'] = false;

and now all userids can login.

Now, postgresql itself comes in a locked down config out of the box.

sudo su postgres -c psql template1

ALTER USER postgres WITH PASSWORD 'securePassword!';
\q

sudo passwd -d postgres
sudo su postgres -c passwd

nano /etc/postgresql/8.4/main/postgresql.conf

Change the line:
#listen_addresses = 'localhost'
to
listen_addresses = '*'
and also change the line:
#password_encryption = on
to
password_encryption = on


nano /etc/postgresql/8.4/main/pg_hba.conf

Set up something like this: (IPv6 is used by default for some reason.)

# IPv6 local connections:
host    all         redmine_user         ::1/128               trust
host    all         all         ::1/128               md5

Easy way to do this is to highlight the ipv6 line, hit Ctrl-K, the up arrow, Ctrl-U, then change the 'all' username to 'redmine_user'.

service postgresql-8.4 restart

And you should be set.

mkdir -p /var/www/sites/phppgadmin/config

sudo tee /var/www/sites/phppgadmin/config/phppgadmin.conf <<-\EOA
server {
        listen 80 default;
        server_name localhost;
        access_log /var/www/sites/phppgadmin/logs/phppgadmin.access.log;
        error_log /var/www/sites/phppgadmin/logs/phppgadmin.error.log;

        location / {
            root /usr/share/phppgadmin;
            index index.php;
            }

        location ~ \.php$ {
            include /etc/nginx/fastcgi_params;
            fastcgi_pass unix:/tmp/php-fastcgi.socket;
            fastcgi_index index.php;
            fastcgi_param SCRIPT_FILENAME /usr/share/phppgadmin$fastcgi_script_name;
            }
        }
EOA

rm /etc/nginx/sites-enabled/default
reload nginx

And viola, postgresql!

No comments: