Guide to running Concrete5 on the Hiawatha Webserver.
Permalink 1 user found helpful
UPDATED FEBRUARY 1, 2014
This is a guide to running Concrete5 on the Hiawatha Webserver.
http://www.hiawatha-webserver.org...
According to it's developer, Hugo Leisink, “Hiawatha is an open source webserver with a focus on security.” Hugo self proclaims the server as, “The world's most secure and advanced webserver.” Hiawatha has been independently audited for security. What I like about Hiawatha, in addition to it's security focus, is that it is lightweight and easy to setup. I am the package maintainer for Hiawatha in the Arch Linux AUR. A nice feature summary may be found at
http://www.hiawatha-webserver.org/features...
Here's how I setup Concrete5 using Hiawatha. It was very easy, but requires some specific settings changes. I address the Hiawatha specific parts of the installation. I do not address database setup or other Concrete5 issues whose answers may be found in the installation materials.
First, you need to make some changes to your php.ini as follows:
Required
Hiawatha is compliant with the standard when when sending HTTP response codes. However, your php.ini is probably set to “cgi.rfc2616_headers = 0” because the default defers to Apache's non standard approach.
Recommended
Assuming that you enabled the other PHP settings required by Concrete5, you can move to the Hiawatha Webserver configuration.
Configuration is very easy. Previously Hiawatha had its own fast cgi daemon called php-fcgi. This has been deprecated in favor of the php-fpm (http://php-fpm.org/ ). you will need to install php-fpm separately. We'll start by configuring Hiawatha's fast cgi capabilities. You will need to edit two files, php-fpm.conf and hiawatha.conf. You must set the TCP or unix socket in your php-fpm.conf file and then refer to that socket in your hiawatha.conf file.
Please refer to the php-fpm documentation for its configuration details.
Now let's edit hiawatha.conf. First, we'll create a reference to our fast cgi server, php-fpm within the configuration. In the following example, we use a unix socket. If it does not already exist, create a section in hiawatha.conf as follows:
The “FastCGIid” is just a name that will be later used to access the php-fgci server. Make sure that the “ConnectTo” references the server that you identified in php-fcgi.conf. We have now completed all of the setup to allow our website to utilize php-fpm.
Let's configure the web site. You can use the default website or a virtual host. In Hiawatha the settings for the default website are in the root of the config file, while virtual servers are set up in braces like the above block for the “FastCGIserver”. For example, setting the “WebsiteRoot” for the default server uses the syntax:
While a virtual server uses:
I'll use the virtual server syntax, but the parameters are the same. Let's set up our virtual host for Concrete5. The parameters are mostly self explanatory. I'll review the exceptions.
Make sure that your log file paths exist and that all directory permissions are correct for the hiawatha user in the “ServerId” parameter in hiawatha.conf.
Note the parameter “UseFastCGI = PHP5” This tells the host to use the php-fcgi server that we configured with the name PHP5 in this same file, hiawatha.conf.
“TimeForCGI = 30
” sets the timeout for waiting for php-fcgi scripts to complete. Set this to whatever suits the needs of your site.
“TriggerOnCGIstatus = false
” was, if I correctly recall, required to prevent errors during the Concrete5 install; I have not found it necessary once the site was up and running.
“UseToolkit = concrete5” is related to URL rewriting. You will need this if you choose to use pretty urls in Concrete5. Concrete5's admin panel contains a setting for activating pretty urls, and, when selected, it provides code to add to Apache's .htaccess file. However, Hiawatha does not use .htaccess to rewrite urls. Instead it uses it's own “URL Toolkit”. So, to use pretty urls in hiawatha you need to create a url toolkit entry in hiawatha.conf. In the above example, the url toolkit must be named “concrete5”. Let's build it:
That's not too different from the .htaccess directives, but it is part of the server configuration.
We're almost there, but there are some global server configuration parameters that you need to address. First is the parameter, “MaxRequestSize”, which is part of the binding section in hiawatha.conf. When you upload images through the admin panel in Concrete5, “HTTP GET” is used. “MaxRequestSize” identifies The maximum size of a request in kilobytes that the webserver is allowed to receive, not including PUT requests. So the “MaxRequestSize” parameter must be as big as the largest file that you allow to be imported; Concrete will go out to lunch if you try to import something that exceeds the size of this parameter, so be aware! Hiawatha has another parameter, “MaxUploadSize”, that sets the maximum size of a PUT request.
Note that your “MaxUploadSize” setting in Hiawatha must be consistent with PHP's upload_max_filesize, memory_limit and post_max_size parameters.
Hiawatha has many security features not typically found in other servers. One such feature is banning. Be sure to disable any banning features in hiawatha.conf until your system is working and you understand their impact. You could easily think that Concrete was not working when, in reality, the server has banned you for one reason or another. It's not uncommon to find yourself banned during installation and testing, when you tend to be doing things out of the ordinary.
Concrete5 should be up and running on Hiawatha Webserver. Following is a typical complete hiawatha.conf.
This is a guide to running Concrete5 on the Hiawatha Webserver.
http://www.hiawatha-webserver.org...
According to it's developer, Hugo Leisink, “Hiawatha is an open source webserver with a focus on security.” Hugo self proclaims the server as, “The world's most secure and advanced webserver.” Hiawatha has been independently audited for security. What I like about Hiawatha, in addition to it's security focus, is that it is lightweight and easy to setup. I am the package maintainer for Hiawatha in the Arch Linux AUR. A nice feature summary may be found at
http://www.hiawatha-webserver.org/features...
Here's how I setup Concrete5 using Hiawatha. It was very easy, but requires some specific settings changes. I address the Hiawatha specific parts of the installation. I do not address database setup or other Concrete5 issues whose answers may be found in the installation materials.
First, you need to make some changes to your php.ini as follows:
Required
cgi.rfc2616_headers = 1
Hiawatha is compliant with the standard when when sending HTTP response codes. However, your php.ini is probably set to “cgi.rfc2616_headers = 0” because the default defers to Apache's non standard approach.
Recommended
# Enable GZip content encoding zlib.output_compression = On zlib.output_compression_level = 6 # Security settings expose_php = Off display_errors = Off register_globals = Off magic_quotes_gpc = Off allow_url_include = Off
Assuming that you enabled the other PHP settings required by Concrete5, you can move to the Hiawatha Webserver configuration.
Configuration is very easy. Previously Hiawatha had its own fast cgi daemon called php-fcgi. This has been deprecated in favor of the php-fpm (http://php-fpm.org/ ). you will need to install php-fpm separately. We'll start by configuring Hiawatha's fast cgi capabilities. You will need to edit two files, php-fpm.conf and hiawatha.conf. You must set the TCP or unix socket in your php-fpm.conf file and then refer to that socket in your hiawatha.conf file.
Please refer to the php-fpm documentation for its configuration details.
Now let's edit hiawatha.conf. First, we'll create a reference to our fast cgi server, php-fpm within the configuration. In the following example, we use a unix socket. If it does not already exist, create a section in hiawatha.conf as follows:
# ACTIVATE a FastCGI server for php FastCGIserver { FastCGIid = PHP5 # ConnectTo = 127.0.0.1:9000 ConnectTo = /run/php-fpm/php-fpm.sock Extension = php SessionTimeout = 30 }
The “FastCGIid” is just a name that will be later used to access the php-fgci server. Make sure that the “ConnectTo” references the server that you identified in php-fcgi.conf. We have now completed all of the setup to allow our website to utilize php-fpm.
Let's configure the web site. You can use the default website or a virtual host. In Hiawatha the settings for the default website are in the root of the config file, while virtual servers are set up in braces like the above block for the “FastCGIserver”. For example, setting the “WebsiteRoot” for the default server uses the syntax:
WebsiteRoot = /srv/http/concrete5
While a virtual server uses:
VirtualHost { WebsiteRoot = /srv/http/concrete5 }
I'll use the virtual server syntax, but the parameters are the same. Let's set up our virtual host for Concrete5. The parameters are mostly self explanatory. I'll review the exceptions.
# Concrete Admin Site VirtualHost { WebsiteRoot = /srv/http/concrete5 Hostname = mydomain.com AccessLogfile = /var/log/hiawatha/concrete5/access.log ErrorLogfile = /var/log/hiawatha/concrete5/error.log StartFile = index.php UseFastCGI = PHP5 EnablePathInfo = yes TriggerOnCGIstatus = false TimeForCGI = 30 UseToolkit = concrete5 }
Make sure that your log file paths exist and that all directory permissions are correct for the hiawatha user in the “ServerId” parameter in hiawatha.conf.
Note the parameter “UseFastCGI = PHP5” This tells the host to use the php-fcgi server that we configured with the name PHP5 in this same file, hiawatha.conf.
“TimeForCGI = 30
” sets the timeout for waiting for php-fcgi scripts to complete. Set this to whatever suits the needs of your site.
“TriggerOnCGIstatus = false
” was, if I correctly recall, required to prevent errors during the Concrete5 install; I have not found it necessary once the site was up and running.
“UseToolkit = concrete5” is related to URL rewriting. You will need this if you choose to use pretty urls in Concrete5. Concrete5's admin panel contains a setting for activating pretty urls, and, when selected, it provides code to add to Apache's .htaccess file. However, Hiawatha does not use .htaccess to rewrite urls. Instead it uses it's own “URL Toolkit”. So, to use pretty urls in hiawatha you need to create a url toolkit entry in hiawatha.conf. In the above example, the url toolkit must be named “concrete5”. Let's build it:
UrlToolkit { ToolkitID = concrete5 RequestURI exists Exit # The above directive is equivalent to the two following directives #RequestURI isfile Exit #RequestURI isdir Exit Match ^(.*)$ Rewrite /index.php$1 }
That's not too different from the .htaccess directives, but it is part of the server configuration.
We're almost there, but there are some global server configuration parameters that you need to address. First is the parameter, “MaxRequestSize”, which is part of the binding section in hiawatha.conf. When you upload images through the admin panel in Concrete5, “HTTP GET” is used. “MaxRequestSize” identifies The maximum size of a request in kilobytes that the webserver is allowed to receive, not including PUT requests. So the “MaxRequestSize” parameter must be as big as the largest file that you allow to be imported; Concrete will go out to lunch if you try to import something that exceeds the size of this parameter, so be aware! Hiawatha has another parameter, “MaxUploadSize”, that sets the maximum size of a PUT request.
Binding { Port = 80 #MaxKeepAlive = 30 # TimeForRequest = 3,20 # The Following added to import graphics into concrete MaxRequestSize = 1024 }
Note that your “MaxUploadSize” setting in Hiawatha must be consistent with PHP's upload_max_filesize, memory_limit and post_max_size parameters.
Hiawatha has many security features not typically found in other servers. One such feature is banning. Be sure to disable any banning features in hiawatha.conf until your system is working and you understand their impact. You could easily think that Concrete was not working when, in reality, the server has banned you for one reason or another. It's not uncommon to find yourself banned during installation and testing, when you tend to be doing things out of the ordinary.
Concrete5 should be up and running on Hiawatha Webserver. Following is a typical complete hiawatha.conf.
# Hiawatha main configuration file # GENERAL SETTINGS ServerId = http ConnectionsTotal = 150 ConnectionsPerIP = 10 SystemLogfile = /var/log/hiawatha/system.log GarbageLogfile = /var/log/hiawatha/garbage.log ExploitLogfile = /var/log/hiawatha/exploit.log # BINDING SETTINGS # A binding is where a client can connect to. # Binding { Port = 80 # MaxKeepAlive = 30 # TimeForRequest = 3,20
Viewing 15 lines of 103 lines. View entire code block.
