Monthly Archives: September 2010

Installing phpMyAdmin in CentOS 5.5 on Rackspace Cloud

PhpMyAdmin is a great tool for being able to manage your MySQL database from a GUI. Here is how to install it onto a fresh CentOS 5.5 Server in Rackspace Cloud. PhpMyAdmin requires Apache, PHP, and MySQL to run. This walkthrough will assume a fresh server that has nothing pre-installed. All commands are performed as root

NOTE: This article has become pretty popular in the search engines. This is still an excellent tutorial on installing phpMyAdmin, but there is a slightly easier way to do it by using the EPEL repository. I cover that method in an article at http://joshprewitt.com/2011/03/08/install-phpmyadmin-on-centos-5-5-using-epel-repo/ If you have a problem, question, or comment with either of these methods, post a comment and I’ll try to help you out!

Install Apache

First, install apache as described at: http://cloudservers.rackspacecloud.com/index.php/CentOS_-_Apache_and_PHP_install but stop before you get to installing PHP.

You will need to modify your /etc/httpd/conf/httpd.conf file beyond that to look for index.php as a Directory Index. Look around line 391 for:

Change this to include index.php like:

Install MySQL

Next up, we need to install MySQL

Now start it up

Now we need to secure it:

It is going to ask you handful of questions:

Current Root Password

You will be asked for your current root password. Because this is a new installation it is set to none. Press enter.

Set Root Password

If the above step worked correctly you should be prompted with a question asking you if you would like to set your root password. Please press Y and press Enter.

You will be asked for your root password twice. If it works you will see Success!

Removing Anonymous Users

You will be prompted to remove the MySQL anonymous users. For security reasons we want to do this. The text above the question explains this topic in more detail. Press Y and then Enter.

Disallow Root Login

You will be asked if you would like to disallow remote login for the root user and only allow connections from the server itself. To keep our server secure you want to say Y and press Enter.

Delete test Database

MySQL ships with a default database called test. This is not needed and can be deleted. Press Y and then Enter to delete the test database and it’s associated users.

Reload Privilege Tables

This step will reload the user settings (called privilege tables) so all user changes will take effect. Press Y and then Enter to continue.

This post won’t go into setting up additional users besides root and assigning them privileges. For information on that, check out the Cloud Servers Knowledge Base: http://cloudservers.rackspacecloud.com/index.php/CentOS_5.4#MySQL

Install PHP

Now, we need to install php. The problem is that the default yum repos have php 5.1, and the current version of PhpMyAdmin requires 5.2 or higher. To install that version of php, we will need to enable the “testing” repo.

To do that, edit the file /etc/yum.repos.d/CentOS-Base.repo to include this at the bottom:

Great – now we can actually install php

Install PhpMyAdmin

Now finally, we are ready to install PhpMyAdmin! The easiest way to do this is to drop into a new directory called phpmyadmin in the web root of the server. Change directory to the web root:

Now perform a wget to download the latest version. Head over to http://www.phpmyadmin.net/home_page/downloads.php to see what the latest version is. At the time of this writing, the latest version is 3.3.6. Personally I will download the english tar file with gzip compression. Click the link, cancel the download, and then copy the “Direct link” location that is at the top of the screen. In this case: http://downloads.sourceforge.net/project/phpmyadmin/phpMyAdmin/3.3.6/phpMyAdmin-3.3.6-english.tar.gz?r=http%3A%2F%2Fwww.phpmyadmin.net%2Fhome_page%2Fdownloads.php&ts=1283745912&use_mirror=voxel

So the command is:

Next, we need to untar/unzip it.

Let’s rename the directory to make it easier to remember:

Now, we need to setup the blowfish secret phrase. This is just a random phrase that will be used to encrypt/decrypt data. Let’s make a copy of config.sample.inc.php over to config.inc.php.

Now, edit this file at line 18 where it says:

Make it read:

Ok, last but not least, let’s give apache one final restart:

You can now access it by going to either yourdomain.com/phpmyadmin or yourip.com/phpmyadmin

Cleanup

The login will be root and whatever you set the root password to be. Now to cleanup, let’s disable the testing repo, just edit the /etc/yum.repos.d/CentOS-Base.repo file to be enabled=0 instead of enabled=1.

Troubleshooting iptables on Rackspace Cloud Servers

A common issue when setting up iptables on a new cloud server is that users may append the record to the existing chain, without looking at the ruleset first.

Iptables is read top to bottom, with a default installation of CentOS 5.5, the command iptables-L –line-number yields the following:

Looking at this, you can see that the INPUT chain has a single rule: to go read the  RH-Firewall-1-INPUT chain. That chain then has 10 rules, with the last one being to reject all traffic. This means that if it isn’t explicitly allowed in rules 1-9, it ain’t gonna happen.

The problem comes in when you try to add a new rule using the -A flag which appends the rule, meaning that the new rule goes to the bottom. Here is an example of that, and is what you do NOT want to do:

Let’s assume that we did run this command. The new output of iptables -L –line-number would be:

See anything wrong here? Let’s look at the INPUT chain. The first rule is to read the RH-Firewall-1-INPUT chain, which has 10 rules. After it reads through that chain, the next rule from the INPUT chain would be read, the rule that we just added for opening port 80.

Problem is, RH-Firewall-1-INPUT said in line 10 to reject anything that didn’t match. That means that your rule for opening port 80 will never even be looked at, requests will just be rejected.

Ok, so we need to remove the bad rule and do it right. First, let’s get rid of the bad rule by removing it based off of the line number

To break this command down for you:
iptables: should be pretty obvious…
-D: This option is for DELETE
INPUT: Specify the chain we want to delete from
2: Specify the line number of the rule to remove.

After running that, my bad rule from above will be gone. Now I need to do it the RIGHT way:

This rule looks an awful lot like the one above that I told you not to use, but look closely and you will see that instead of -A for append, this rule uses -I for insert, which will put the rule at the TOP of the list. Running iptables -L –line-number now yields the following:

Nice – Now the rule about allowing port 80 will be read FIRST, and then it will read the RH-Firewall-1-INPUT chain.

Always remember to save! If you do not save your ruleset, when the box reboots all of your rules will be lost!

For Redhat, CentOS, and Fedora:

For Ubuntu:

For all other distros: