setting up a web 2.0 stack on rhel5.3 (may 2009)public.dhe.ibm.com › software › dw › linux390...

Linux on IBM System z Web 2.0

Setting up a Web 2.0 stack onRed Hat Enterprise Linux 5.3May 2009

��

NoteBefore using this document, be sure to read the information in “Notices” on page 73.

Third Edition – May 2009

This edition applies to Red Hat Enterprise Linux 5.3 only.

© Copyright International Business Machines Corporation 2009.US Government Users Restricted Rights – Use, duplication or disclosure restricted by GSA ADP Schedule Contractwith IBM Corp.

Contents

Summary of changes . . . . . . . . . . . . . . . . . . . . . . viiDecember 2008, Second Edition . . . . . . . . . . . . . . . . . . viiMay 2009, Third Edition . . . . . . . . . . . . . . . . . . . . . . vii

Chapter 1. Introduction . . . . . . . . . . . . . . . . . . . . . . 1What is Web 2.0? . . . . . . . . . . . . . . . . . . . . . . . . 1The Web 2.0 stack components . . . . . . . . . . . . . . . . . . . 1Applications exploiting the Web 2.0 stack . . . . . . . . . . . . . . . 2Web 2.0 on Linux on IBM System z. . . . . . . . . . . . . . . . . . 3System requirements for the Web 2.0 stack . . . . . . . . . . . . . . . 4Assumptions for this white paper . . . . . . . . . . . . . . . . . . . 4Where to find this document . . . . . . . . . . . . . . . . . . . . 4

Chapter 2. Setup of Programming Languages . . . . . . . . . . . . . 5Installation of PHP . . . . . . . . . . . . . . . . . . . . . . . . 5

Installing additional PHP modules using PEAR and PECL . . . . . . . . 5Installing memcache client API for PHP . . . . . . . . . . . . . . . 5Installing database connectors . . . . . . . . . . . . . . . . . . 6References. . . . . . . . . . . . . . . . . . . . . . . . . . 6

Installation of Perl . . . . . . . . . . . . . . . . . . . . . . . . 6Installing additional Perl libraries using CPAN . . . . . . . . . . . . . 7Installing memcache client API for Perl . . . . . . . . . . . . . . . 7Installing database connectors . . . . . . . . . . . . . . . . . . 7References. . . . . . . . . . . . . . . . . . . . . . . . . . 8

Installation of Python . . . . . . . . . . . . . . . . . . . . . . . 8Installing additional Python packages using easy_install . . . . . . . . . 8Installing memcache client API for Python . . . . . . . . . . . . . . 9Installing database connectors . . . . . . . . . . . . . . . . . . 9References. . . . . . . . . . . . . . . . . . . . . . . . . . 9

Installation of Ruby . . . . . . . . . . . . . . . . . . . . . . . 10Installing additional Ruby modules using RubyGems . . . . . . . . . . 11Installing memcache client API for Ruby. . . . . . . . . . . . . . . 11Installing database connectors . . . . . . . . . . . . . . . . . . 11References . . . . . . . . . . . . . . . . . . . . . . . . . 12

Installation of Java . . . . . . . . . . . . . . . . . . . . . . . 12Installing memcache client API for Java . . . . . . . . . . . . . . . 13Installing database connectors . . . . . . . . . . . . . . . . . . 13

Installation of JRuby . . . . . . . . . . . . . . . . . . . . . . . 15Installing memcache client for JRuby . . . . . . . . . . . . . . . . 15Installing database connectors . . . . . . . . . . . . . . . . . . 15References . . . . . . . . . . . . . . . . . . . . . . . . . 16

Installation of Groovy . . . . . . . . . . . . . . . . . . . . . . 16Installing memcache client for Groovy . . . . . . . . . . . . . . . 17Installing database connectors . . . . . . . . . . . . . . . . . . 17References . . . . . . . . . . . . . . . . . . . . . . . . . 18

Installation of Jython . . . . . . . . . . . . . . . . . . . . . . . 18Installing memcache client for Jython. . . . . . . . . . . . . . . . 19Installing database connectors . . . . . . . . . . . . . . . . . . 19References . . . . . . . . . . . . . . . . . . . . . . . . . 19

Chapter 3. Setup of a Database server . . . . . . . . . . . . . . . 21Setup of MySQL . . . . . . . . . . . . . . . . . . . . . . . . 21

Installation of MySQL . . . . . . . . . . . . . . . . . . . . . 21

© Copyright IBM Corp. 2009 iii

Lifecycle of MySQL . . . . . . . . . . . . . . . . . . . . . . 21Basic configuration of MySQL . . . . . . . . . . . . . . . . . . 23

Setup of PostgreSQL . . . . . . . . . . . . . . . . . . . . . . 25Installation of PostgreSQL. . . . . . . . . . . . . . . . . . . . 25Lifecycle of PostgreSQL . . . . . . . . . . . . . . . . . . . . 25Basic configuration of PostgreSQL. . . . . . . . . . . . . . . . . 27

Chapter 4. Setup of Apache HTTP Server . . . . . . . . . . . . . . 29Installation of Apache HTTP Server . . . . . . . . . . . . . . . . . 29

Verification of the Apache HTTP Server installation . . . . . . . . . . 29Lifecycle of Apache HTTP Server . . . . . . . . . . . . . . . . . . 29Overview of Apache HTTP server modules . . . . . . . . . . . . . . 31Adding support for PHP . . . . . . . . . . . . . . . . . . . . . 31

'Hello World!' example using mod_php . . . . . . . . . . . . . . . 32Adding support for Perl . . . . . . . . . . . . . . . . . . . . . . 32

'Hello World!' example using mod_perl . . . . . . . . . . . . . . . 33Adding support for Python . . . . . . . . . . . . . . . . . . . . . 33

'Hello World!' example using mod_python Publisher handler . . . . . . . 34'Hello World!' example using mod_python PSP handler . . . . . . . . . 34

Adding support for Ruby . . . . . . . . . . . . . . . . . . . . . 35'Hello World!' example using mod_ruby . . . . . . . . . . . . . . . 37'Hello World!' example using eRuby . . . . . . . . . . . . . . . . 37

Adding the Web Application Firewall ModSecurity . . . . . . . . . . . . 38Requirements . . . . . . . . . . . . . . . . . . . . . . . . 38Installation . . . . . . . . . . . . . . . . . . . . . . . . . 38Configuration . . . . . . . . . . . . . . . . . . . . . . . . 39References . . . . . . . . . . . . . . . . . . . . . . . . . 39

Using SSL in Apache HTTP server . . . . . . . . . . . . . . . . . 40

Chapter 5. Setup of Apache Tomcat . . . . . . . . . . . . . . . . 41Installation of Apache Tomcat . . . . . . . . . . . . . . . . . . . 41

Verifying the Apache Tomcat installation. . . . . . . . . . . . . . . 41Important folders in Apache Tomcat . . . . . . . . . . . . . . . . 41

Lifecycle of Apache Tomcat . . . . . . . . . . . . . . . . . . . . 42The Apache Tomcat administration tools . . . . . . . . . . . . . . . 43Adding support for JSP and Servlet API. . . . . . . . . . . . . . . . 44

Installation of JSP and Servlet API libraries . . . . . . . . . . . . . 44'Hello World!' example as JSP . . . . . . . . . . . . . . . . . . 44'Hello World!' example as Servlet . . . . . . . . . . . . . . . . . 45

Using SSL in Apache Tomcat . . . . . . . . . . . . . . . . . . . 47

Chapter 6. Setup of Ruby on Rails . . . . . . . . . . . . . . . . . 49Installation of Ruby on Rails . . . . . . . . . . . . . . . . . . . . 49Creation of a Ruby on Rails example. . . . . . . . . . . . . . . . . 49Deployment of Ruby on Rails applications . . . . . . . . . . . . . . . 50Setup Ruby on Rails for database connection . . . . . . . . . . . . . 51

Connecting to MySQL using Ruby on Rails . . . . . . . . . . . . . 51Connecting to PostgreSQL using Ruby on Rails . . . . . . . . . . . . 51

Chapter 7. Setup of Grails . . . . . . . . . . . . . . . . . . . . 53Installation of Grails . . . . . . . . . . . . . . . . . . . . . . . 53Creation of a Grails example . . . . . . . . . . . . . . . . . . . . 54Setup Grails for database connection . . . . . . . . . . . . . . . . 54

Connecting to MySQL using Grails . . . . . . . . . . . . . . . . 54Connecting to PostgreSQL using Grails . . . . . . . . . . . . . . . 55

iv Setting up a Web 2.0 stack on RHEL5.3 (May 2009)

Chapter 8. Setup of Caches . . . . . . . . . . . . . . . . . . . 57Setup of Squid . . . . . . . . . . . . . . . . . . . . . . . . . 57

Installation of Squid . . . . . . . . . . . . . . . . . . . . . . 57Lifecycle of Squid . . . . . . . . . . . . . . . . . . . . . . . 57Basic configuration of Squid . . . . . . . . . . . . . . . . . . . 59

Setup of memcached . . . . . . . . . . . . . . . . . . . . . . 60Installation of memcached . . . . . . . . . . . . . . . . . . . . 60Lifecycle of memcached . . . . . . . . . . . . . . . . . . . . 61Exploiting memcached using PHP . . . . . . . . . . . . . . . . . 61Exploiting memcached using Perl . . . . . . . . . . . . . . . . . 61Exploiting memcached using Python . . . . . . . . . . . . . . . . 62Exploiting memcached using Ruby . . . . . . . . . . . . . . . . 62Exploiting memcached using Java . . . . . . . . . . . . . . . . . 62

References . . . . . . . . . . . . . . . . . . . . . . . . . . 63

Chapter 9. Setup of AJAX support using Dojo . . . . . . . . . . . . 65Installation of the Dojo Toolkit . . . . . . . . . . . . . . . . . . . 65Example for using Dojo . . . . . . . . . . . . . . . . . . . . . . 65References . . . . . . . . . . . . . . . . . . . . . . . . . . 67

Appendix. Packages for the Web 2.0 stack . . . . . . . . . . . . . 69

Notices . . . . . . . . . . . . . . . . . . . . . . . . . . . 73Trademarks . . . . . . . . . . . . . . . . . . . . . . . . . . 74

Contents v

vi Setting up a Web 2.0 stack on RHEL5.3 (May 2009)

Summary of changes

This section describes the changes made in this document compared to previouseditions. This edition may also include minor corrections and editorial changes thatare not identified.

December 2008, Second Editionv The Chapter 2, “Setup of Programming Languages,” on page 5 has been added

to separate the installation of programming languages from the usage in ApacheHTTP server and Apache Tomcat server.

v The sections “Installation of JRuby” on page 15, “Installation of Groovy” on page16 and “Installation of Jython” on page 18 have been added.

v The sections “Using SSL in Apache HTTP server” on page 40, “Using SSL inApache Tomcat” on page 47 and “Adding the Web Application FirewallModSecurity” on page 38 have been added.

v The Chapter 7, “Setup of Grails,” on page 53 has been added.v The instructions in section “Installation of Ruby” on page 10 to install Ruby and

related components have significantly changed. These changes were related to adependency for the Ruby connector for DB2®.

v Cleanups in chapter and section titles have been made to produce a betterdocument structure.

v Several changes to the version numbers of packages have been incorporated.

May 2009, Third Editionv Upgrade to Red Hat Enterprise Linux® 5.3v Correction of minor issuesv Several changes to the version numbers of packages have been incorporated.v Update to Chapter 2, “Setup of Programming Languages,” on page 5 to include

more information on setting up database connectors and memcached clients.

v The section “Setup of memcached” on page 60 has been updated to includedexamples for accessing memcached using various programming languages.

© Copyright IBM Corp. 2009 vii

viii Setting up a Web 2.0 stack on RHEL5.3 (May 2009)

Chapter 1. Introduction

In recent years, the traditional way to use the Internet has changed significantly.Web administrators who publish information about the Internet invite theircommunity to contribute to the company's Web pages. Applications such as Wikis,Blogs, Content Management Systems and a couple of others provide this newfunctionality to the Web administrators.

The variety of available open source Web 2.0 applications requires that servercomponents are set up correctly. These server components and their setup for RedHat Enterprise Linux 5.3 on Linux on IBM® System z® are described in this whitepaper.

What is Web 2.0?The key question which must be addressed is: What is Web 2.0?

Tim O’Reilly defines the Web 2.0 as 1

Web 2.0 is the business revolution in the computer industry caused by themove to the Internet as platform, and an attempt to understand the rules forsuccess on that new platform.

This new perspective changed the use of the Internet significantly. In the past,system administrators were required to prevent users to access their privateapplication interfaces from Web applications because of security issues. Of course,security issues are still a big concern, but APIs have been defined to allow reuse bythird party Web applications.

Data that was earlier only available for customers who paid for it is now availablefor public use. Who imagined ten years ago that satellite images of the whole worldwould be freely available and accessible by a well defined, public API?

Also, Web applications are becoming more dynamic and more flexible due to newtechnologies. AJAX is one example of increasing the performance of a Web 2.0application by receiving data asynchronously from different services. Functions ofdesktop applications such as drag and drop are available through JavaScript™

libraries.

All of this created a new spirit around the Internet, and this is called Web 2.0.

The Web 2.0 stack componentsIn general, the Web 2.0 stack is based on the software solution stack named LAMP(acronym for ″Linux, Apache, MySQL, PHP (Perl or Python)″). Some enhancementsto the LAMP stack come into the spotlight when the discussion moves to Web 2.0.

The following figure gives an overview about the Web 2.0 stack components.

1. see http://radar.oreilly.com/archives/2006/12/web-20-compact-definition-tryi.html

© Copyright IBM Corp. 2009 1

DatabaseMySQL, PostgreSQL

Web serverApache HTTP server, Apache Tomcat

Programming LanguagesPHP, Perl, Python, Ruby, Java™, JRuby, Groovy, Jython

FrameworksDojo (AJAX support), Ruby on Rails, Grails

Cachesmemcached, Squid

A system administrator does not have to install all Web 2.0 stack components atonce. The selection is dependent on the Web 2.0 application and its functions. Forexample, if the Web 2.0 application offers information that is very static, it wouldmake sense to establish a cache. However if the information is updated frequently,a cache is not the best choice.

The appendix gives an overview on all packages that are used in this document.

Applications exploiting the Web 2.0 stackOn the Internet, various open source Web 2.0 applications are available. In afollow-up white paper, the setup of some popular Web 2.0 applications running onLinux on IBM System z will be described in detail.

The Web 2.0 stack described in this document enables a system administrator tochoose the Web 2.0 application that best fits the requirements. A list of very popularWeb 2.0 applications is shown in the table below.

Figure 1. Web 2.0 stack components

2 Setting up a Web 2.0 stack on RHEL5.3 (May 2009)

Table 1. Open Source Web 2.0 applications

Application Type Application name

Wiki MediaWiki

MoinMoin

XWiki

Blogs WordPress

Mephisto

Movable Type

Content Management Systems (CMS) Typo3

Drupal

OpenCMS

Joomla

e-Commerce osCommerce

Web 2.0 on Linux on IBM System zWhy run the Web 2.0 stack on Linux on IBM System z?

High availabilityAn IBM System z enterprise mainframe offers a high available environmentby default. This reduces system outages that are caused by hardwareproblems.

Resource utilizationRarely used Linux on IBM System z virtual server machines running onz/VM® are swapped out, and the resources are made available for othervirtual machines. The swap in of a Linux on IBM System z virtual server ishardly noticed by the user.

Vertical ScalabilityBy default, Linux on IBM System z virtual servers running on z/VM areenabled for vertical scalability. This means that a Linux on IBM System zvirtual server can be enhanced with additional memory or processorsdynamically.

Rapid deploymentIf the vertical scalability is not sufficient, a new Linux on IBM System zvirtual server can be deployed within a couple of minutes.

PerformanceConnections between virtual servers on IBM System z can make use of theHiperSockets™ technology to speed up communication.

Consolidation/TCOThe different Web 2.0 stack components might be running on dedicatedserver machines. Linux servers can be consolidated to run on one physicalIBM System z machine. This saves power and space in the computercenter, and reduces the administration effort.

Chapter 1. Introduction 3

System requirements for the Web 2.0 stackThe system requirements for a Web 2.0 stack setup are closely related to therequirements of the Web 2.0 application. An application based on a large databaserequires more system resources, such as CPU and memory, than an applicationthat is running the application logic as client-side JavaScript.

The system requirements are investigated in more detail in a follow-up white paperthat explains the Web 2.0 applications in more detail.

Assumptions for this white paperSystem administrators who read this document should be familiar with how to setup YUM to include the Red Hat Enterprise Linux 5.3 DVD image and the relatedsupplementary ISO image as repositories. Also, the latest available security updatesare applied to the system.

The commands that are used in this document require specific user rights.Therefore, different command prompts are used:

root@host#This is the account of the system administrator named root.

user@host$This is an account of a system user. The user root can also be used toperform these commands.

Where to find this documentThe latest version of this document and other Web 2.0 related documentation areavailable on the developerWorks® Web site ’Web 2.0 with RHEL5’.


http://www.ibm.com/developerworks/linux/linux390/web20_rh5.html

Chapter 2. Setup of Programming Languages

Web 2.0 applications make use of different programming languages. Beside of thecore programming language, additional packages such as database connectors, arerequired to properly run Web 2.0 applications. This chapter explains the installationof programming languages and the setup of additional packages either included inRed Hat Enterprise Linux 5.3 or taken from the Internet.

Installation of PHPOne of the general purposes for the development of PHP was to create a scriptinglanguage that suites Web development requirements perfectly. For this reason, PHPis supported in most Web server environments running on various operatingsystems.

To install PHP on Red Hat Enterprise Linux 5.3, if this is not installed on the systemalready, issue the following command:

root@host# yum install php-cli

Installing additional PHP modules using PEAR and PECLWeb 2.0 applications might require additional PHP modules to be installed, whichare not part of Red Hat Enterprise Linux 5.3. For this scenario, the PEAR andPECL package managers can be used to add missing modules to the system in aneasy way.

To install PECL and PEAR on Red Hat Enterprise Linux 5.3, issue the followingcommand:

root@host# yum install php-devel php-pear

To use pecl for the installation of additional packages use the following command,where stands for the package to install:

root@host# pecl install

Note: On Red Hat Enterprise Linux 5.3, PECL might not be able to allocate enoughmemory to run properly. Open the file /usr/share/pear/pearcmd.php and addthe following line at the top of the file, right after the initial comment:

ini_set('memory_limit', '32M');

Note: To run PEAR or PECL, access to the Internet is required.

Installing memcache client API for PHPThe PHP memcache client is provided as a pecl package. To install the memcacheclient issue the following command:

root@host# pecl install memcache


To enable the memcache module in PHP create a new configuration file“/etc/php.d/memcache.ini ” with the following content:

; Enable memcache extension moduleextension=memcache.so

Note: For an example how to use memcache with PHP, see “Exploitingmemcached using PHP” on page 61.

Installing database connectorsTo access a database with PHP, install the specific database connector asdescribed below for MySQL and PostgreSQL.

Setup of MySQL database connectorTo install the MySQL connector for PHP on Red Hat Enterprise Linux 5.3, issue thiscommand:

root@host# yum install php-mysql

Establish a connection to MySQL: The following code segment establishes aTCP/IP connection to the host “mysql.example.com” using “user” as username, and“pass” as password, then selects the database “sample”:

$conn = mysql_connect('mysql.example.com', 'user', 'pass')$db_selected = mysql_select_db('sample', $conn)

Setup of PostgreSQL database connectorTo install the PostgreSQL connector for PHP on Red Hat Enterprise Linux 5.3, issuethis command:

root@host# yum install php-pgsql

Establish a connection to PostgreSQL: The following code segment establishesa TCP/IP connection to the “sample” database on host “postgresql.example.com”using “user” as username and “pass” as password:

$conn = pg_connect("host=postgresql.example.com dbname=sample user=user password=pass ")

ReferencesThe following URLs provide more information about PHP:

v PHP project Web page, see http://www.php.net/v PHP documentation, see http://www.php.net/manual/en/v PEAR project Web page, see http://pear.php.net/

Installation of PerlOne of the most popular scripting languages is Perl. In general, Perl is based onother programming languages such as C, shell scripting, AWK and Lisp. Thisenables users to make use of a very powerful text manipulation engine.

To install Perl on Red Hat Enterprise Linux 5.3, if this is not installed on the systemalready, issue the following command:


root@host# yum install perl

Installing additional Perl libraries using CPANWeb 2.0 applications might require additional Perl libraries to be installed, which arenot part of Red Hat Enterprise Linux 5.3. For this scenario the CPAN packagemanager can be used to add missing modules to the system in an easy way.

To use CPAN for the installation of additional packages use the following command,where stands for the package to install:

root@host# cpan

Note: When CPAN is started for the first time, an initialization and configurationprocess is performed.

Note: To run CPAN, access to the Internet is required.

Installing memcache client API for PerlThe Perl memcache client is provided as a CPAN package. To install thememcache client issue the following command:

root@host# cpan Cache::Memcached

Note: For an example how to use memcache with Perl, see “Exploitingmemcached using Perl” on page 61.

Installing database connectorsPerl provides database access based on a common module named DBI (DatabaseInterface). To install this module on Red Hat Enterprise Linux 5.3, issue thefollowing command:

root@host# yum install perl-DBI

Setup of MySQL database connectorTo install the MySQL connector for Perl on Red Hat Enterprise Linux 5.3, issue thefollowing command:

root@host# yum install perl-DBD-MySQL

Establish a connection to MySQL: The following code segment establishes aTCP/IP connection to the “sample” database on host “mysql.example.com” using“user” as username and “pass” as password:

use DBI;my $dbh = DBI->connect("dbi:mysql:sample:mysql.example.com","user","pass");

Setup of PostgreSQL database connectorTo install the PostgreSQL connector for Perl on Red Hat Enterprise Linux 5.3, issuethe following command:

Chapter 2. Setup of Programming Languages 7

root@host# yum install perl-DBD-Pg


use DBI;my $dbh = DBI->connect("dbi:Pg:sample:postgresql.example.com","user","pass");

ReferencesThe following URLs provide more information about Perl:

v Perl project Web page, see http://www.perl.orgv Perl documentation, see http://perldoc.perl.org/perl.html

Installation of PythonPython is another popular scripting language. Some key characteristics are that thelanguage is very easy to learn and the code is required to be well structured, whichsimplifies the maintenance.

To install Python on Red Hat Enterprise Linux 5.3, if this is not installed on thesystem already, issue the following command:

root@host# yum install python

Installing additional Python packages using easy_installWeb 2.0 applications might require additional Python packages to be installed,which are not part of Red Hat Enterprise Linux 5.3. For this scenario, theeasy_install package manager can be used to add missing modules to the systemin an easy way.

To compile the setuptools, the package python-devel must be available on thesystem. Use the following command to install this dependency:

root@host# yum install python-devel

To install the setuptools on Red Hat Enterprise Linux 5.3, issue the followingcommand:

root@host# yum install python-setuptools

To use CPAN for the installation of additional packages use the following command,where stands for the package to install:

root@host# easy_install

Note: To run easy_install, access to the Internet is required.


Installing memcache client API for PythonThe Perl memcache client is provided as an easy_install package. To install thememcache client issue the following command:

root@host# easy_install python-memcached

Note: For an example how to use memcache with Python, see “Exploitingmemcached using Python” on page 62.

Installing database connectorsTo access a database with Python, install the specific database connector asdescribed below for MySQL and PostgreSQL.

Setup of MySQL database connectorTo install the MySQL connector for Python on Red Hat Enterprise Linux 5.3, issuethe following command:

root@host# yum install MySQL-python


import MySQLdbconn = MySQLdb.connect (host = "mysql.example.com",

user = "user",passwd = "pass",db = "sample")

curs = conn.cursor()

Setup of PostgreSQL database connectorTo install the PostgreSQL connector for Python on Red Hat Enterprise Linux 5.3,issue the following command:

root@host# yum install postgresql-python


import pgdbconn = pgdb.connect (host = "postgresql.example.com",

user = "user",passwd = "pass",db = "sample")

curs = conn.cursor()

ReferencesThe following URLs provide more information about Python:

v Python project Web page, see http://www.python.orgv Python documentation, see http://www.python.org/doc/v Python setuptools, see http://pypi.python.org/pypi/setuptools/


Installation of RubyRuby is a object-oriented programming language. The language gained a largepopularity boost in 2004 when the Web application framework “Ruby on Rails” wasreleased. Also, implementations for virtual machines became very popular. Suchimplementations are, for example, JRuby for the Java virtual machine or IronRubyfor the .NET framework.

The number of third party libraries for Ruby is increasing day by day. Theselibraries, such as the IBM DB2 driver, have special requirements to the Rubyprogramming language and therefore an upgrade of the Ruby installation might berequired. During the writing of this document, the current version of Ruby is1.8.7-p72.

To compile Ruby properly, the package openssl and openssl-devel must beavailable on the system. Issue the following command to install thesedependencies:

root@host# yum install openssl openssl-devel

To install Ruby on Red Hat Enterprise Linux 5.3, complete the following steps:

1. Verify if there is already a Ruby installation available:

user@host$ rpm -qa|grep -i ruby

and

user@host$ ruby -v

Attention: Make sure to remove all Ruby related packages accordingly totheir setup process before continuing with step 2.

2. Download the Ruby TAR file:

user@host$ wget -c ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.7-p72.tar.gz

3. Extract the TAR file and change into the newly created folder:

user@host$ tar xzf ruby-1.8.7-p72.tar.gzuser@host$ cd ruby-1.8.7-p72

4. Set up the build environment and compile the Ruby sources:

user@host$ ./configure --enable-shared --enable-staticuser@host$ make

5. Install Ruby.

root@host# make install

6. Verify the installation of Ruby:

user@host$ ruby -vruby 1.8.7 (2008-08-11 patchlevel 72) [s390x-linux]


Installing additional Ruby modules using RubyGemsRubyGems is used to manage libraries that extend the functionality of Ruby. Whilewriting this document, the current version is 1.3.1.

To install RubyGems on Red Hat Enterprise Linux 5.3, complete the following steps:

1. Install Ruby as described in “Installation of Ruby” on page 10.

2. Download the RubyGems TAR file:

user@host$ wget -c http://rubyforge.org/frs/download.php/45905/rubygems-1.3.1.tgz

3. Extract the TAR file and change into the newly created folder:

user@host$ tar xzf rubygems-1.3.1.tgzuser@host$ cd rubygems-1.3.1

4. Run the ’setup.rb’ script to install RubyGems.

root@host# ruby setup.rb

5. Verify the installation of RubyGems:

user@host$ gem -v1.3.1

To use RubyGems for the installation of additional packages use the followingcommand, where stands for the package to install:

root@host# gem install

Note: To run RubyGems, access to the Internet is required.

Installing memcache client API for RubyThe Ruby memcache client is provided as an RubyGems package. To install thememcache client issue the following command:

root@host# gem install --remote RubyInline memcache-client

Note: For an example how to use memcache with Ruby, see “Exploitingmemcached using Ruby” on page 62.

Installing database connectorsTo access a database with Ruby, install the specific database connector asdescribed below for MySQL and PostgreSQL.

Setup of MySQL database connectorTo install the MySQL connector for Ruby on Red Hat Enterprise Linux 5.3, completethe following steps

1. Install the MySQL development package:

root@host# yum install mysql-devel

2. Install the MySQL connector:


root@host# gem install --remote mysql -- --with-mysql-config


require 'rubygems'require 'mysql'conn = Mysql.connect("localhost", "user", "pass4root", "sample")

Setup of PostgreSQL database connectorTo install the PostgreSQL connector for Ruby on Red Hat Enterprise Linux 5.3,complete the following steps:

1. Install the PostgreSQL development package:

root@host# yum install postgresql-devel

2. Install the PostgreSQL connector:

root@host# gem install --remote pg

Establish a connection to PostgreSQL: The following code segment establishesa TCP/IP connection to the “sample” database on host “postgres.example.com”using “user” as username and “pass” as password:

require 'rubygems'require 'pg'conn = PGconn.connect("postgres.example.com",'','','',"sample","user","pass")

ReferencesThe following URLs provide more information about Ruby and RubyGems:

v Ruby project Web page, see http://www.ruby-lang.org/v RubyGems project Web page, see http://www.rubygems.org/

Installation of JavaAnother popular programming language is Java. In this document, Java 1.5.0 fromIBM is used. The JRE and JDK are included on the supplementary image of RedHat Enterprise Linux 5.3.

To install Java on Red Hat Enterprise Linux 5.3, complete the following steps:

1. Install Java:

root@host# yum install java-1.5.0-ibm java-1.5.0-ibm-devel jpackage-utils

2. Verify the installation of Java:


user@host$ java -versionjava version "1.5.0"Java(TM) 2 Runtime Environment, Standard Edition (build pxz64dev-20081129 (SR9-0 ))IBM J9 VM (build 2.3, J2RE 1.5.0 IBM J9 2.3 Linux s390x-64 j9vmxz6423-20081129 (JIT enabled)J9VM - 20081126_26240_BHdSMrJIT - 20081112_1511ifx1_r8GC - 200811_07)JCL - 20081129

The output should look similar to what is displayed above.

Note: If the output reports a different version of Java, but the 1.5.0 version hasbeen installed, it might be the case that version 1.5.0 is not set to be theone used by the system. The tool alternatives is used to switch the Javaversion used by the system. Issue the command 'alternatives --configjava' to select the right Java version.

3. Set up the JAVA_HOME environment variable. This environment variable isdefined in the file /etc/java/java.conf. By default, the JAVA_HOME is commentedout. To enable it, simply remove the ’#’ character at the beginning of the lineand verify that the JAVA_HOME variable is set to the following value:

JAVA_HOME=/usr/lib/jvm/java/

Installing memcache client API for JavaTo install memcache client for Java on Red Hat Enterprise Linux 5.3 complete thefollowing steps:

1. Download the JAR file from http://www.whalin.com/memcached/#download.While writing this document, the current version is 2.0.1:

user@host$ wget http://img.whalin.com/memcached/jdk5/standard/java_memcached-release_2.0.1.jar

2. Move the JAR file into the folder /usr/share/java/ :

root@host# mv java_memcached-release_2.0.1.jar /usr/share/java/

3. Change file permissions of the moved JAR file:

root@host# chmod 644 /usr/share/java/java_memcached-release_2.0.1.jar

4. Create a link between the JAR file including the version number to a JAR filewithout the using a version number:

root@host# ln -s /usr/share/java/java_memcached-release_2.0.1.jar /usr/share/java/java_memcached.jar

Note: For an example how to use memcache with Java, see “Exploitingmemcached using Java” on page 62.

Note: To use the Java memcache client it is required to include the Javamemcache client in the Java classpath.

Installing database connectorsTo access a database with Java, install the specific database connector asdescribed below for MySQL and PostgreSQL.


Setup of MySQL database connectorTo install the MySQL connector for Java, which is named ’MySQL Connector/J’, onRed Hat Enterprise Linux 5.3, complete the following steps:

1. Download the TAR file from http://dev.mysql.com/downloads/connector/j/5.1.html.While writing this document, the current version is 5.1.7.

2. Extract the TAR file and change into the extracted folder:

user@host$ tar zxf mysql-connector-java-5.1.7.tar.gzuser@host$ cd mysql-connector-java-5.1.7

3. Copy the JAR file into the folder /usr/share/java:

root@host# cp mysql-connector-java-5.1.7-bin.jar /usr/share/java/

4. Change the file permissions of the copied JAR file:

root@host# chmod 644 /usr/share/java/mysql-connector-java-5.1.7-bin.jar

5. Create a link between the JAR file including the version number to a JAR filewithout the using a version number:

root@host# ln -s /usr/share/java/mysql-connector-java-5.1.7-bin.jar /usr/share/java/mysql-connector-java.jar


String url = "jdbc:mysql://mysql.example.com/sample";String user = "user";String pass = "pass";Class.forName("org.gjit.mm.mysql.Driver").newInstance();Connection conn = DriverManager.getConnection(url, user, pass);

Note: This code segment requires that the ’MySQL Connector/J’ is included in theJava classpath.

Setup of PostgreSQL database connectorTo install the PostgreSQL connector for Java on Red Hat Enterprise Linux 5.3,issue this command:

root@host# yum install postgresql-jdbc


String url = "jdbc:postgresql://postgresql.example.com/sample";String user = "user";String pass = "pass";Class.forName("org.postgresql.Driver").newInstance();Connection conn = DriverManager.getConnection(url, user, pass);

Note: This code segment requires that the Postgres JDBC connector is included inthe Java classpath.


Installation of JRubyJRuby is an implementation of the Ruby interpreter written in Java. During thewriting of this document, the current version of JRuby is 1.2.0.

To install JRuby on Red Hat Enterprise Linux 5.3, complete the following steps:

1. Install Java as described in “Installation of Java” on page 12.

2. Download the JRuby TAR file:

user@host$ wget -c http://dist.codehaus.org/jruby/1.2.0/jruby-bin-1.2.0.tar.gz

3. Extract the TAR file:

user@host$ tar xzf jruby-bin-1.2.0.tar.gz

4. Move the extracted folder to a proper place in the file system:

root@host# mv jruby-1.2.0 /opt/jruby-1.2.0

5. Set up the PATH environment variable to include the folder /opt/jruby-1.2.0/bin.

As user root, create the new file /etc/profile.d/jruby.sh with the followingcontents:

if ! echo ${PATH} | /bin/grep -q /opt/jruby-1.2.0/bin ; thenPATH=${PATH}:/opt/jruby-1.2.0/bin

fi

As user root, create the new file /etc/profile.d/jruby.csh with the followingcontents:

if ( "${path}" !~ */opt/jruby-1.2.0/bin* ) thenset path = ( /opt/jruby-1.2.0/bin $path )

endif

6. Load the environment variables:

user@host$ . /etc/profile.d/jruby.sh

7. Verify the installation of JRuby:

user@host$ jruby -vjruby 1.2.0 (ruby 1.8.6 patchlevel 287) (2009-03-16 rev 9419) [s390x-java]

Installing memcache client for JRubyTo use the memcache client in JRuby follow the instructions in “Installingmemcache client API for Java” on page 13.

Installing database connectorsTo access a database with JRuby, install the specific database connector asdescribed below for MySQL and PostgreSQL.

Setup of MySQLTo install the database connector for MySQL follow the instructions in the Javasection “Installing database connectors” on page 13.



include Javaurl = 'jdbc:mysql://mysql.example.com/sample'props = java.util.Properties.newprops.set_property 'user', 'user'props.set_property 'password', 'pass'driver = org.gjt.mm.mysql.Driverconn = driver.new.connect(url,props)


Setup of PostgreSQLTo install the database connector for PostgreSQL follow the instructions in the Javasection “Installing database connectors” on page 13.

Establish a connection to MySQL: The following code segment establishes aTCP/IP connection to the “sample” database on host “postgresql.example.com”using “user” as username and “pass” as password:

include Javaurl = 'jdbc:postgresql://postgresql.example.com/sample'props = java.util.Properties.newprops.set_property 'user', 'user'props.set_property 'password', 'pass'driver = org.postgresql.Driverconn = driver.new.connect(url,props)


ReferencesThe following URLs provide more information about JRuby:

v JRuby project Web page, see http://jruby.codehaus.org/v Getting started guide, see http://wiki.jruby.org/wiki/Getting_Started

Installation of GroovyGroovy is a scripting language that provides seamless integration with Java. Duringthe writing of this document, the current version of Groovy is 1.6.0.

To install Groovy on Red Hat Enterprise Linux 5.3, complete the following steps:


2. Download the Groovy archive:

user@host$ wget -c http://dist.groovy.codehaus.org/distributions/groovy-binary-1.6.0.zip

3. Extract the archive:

user@host$ unzip -qq groovy-binary-1.6.0.zip

4. Move the extracted folder to a proper place in the file system:


root@host# mv groovy-1.6.0 /opt/groovy-1.6.0

5. Set up the GROOVY_HOME environment variable to point to the folder/opt/groovy-1.6.0 and the PATH environment variable to include the folder/opt/groovy-1.6.0/bin.

As user root, create the new file /etc/profile.d/groovy.sh with the followingcontents:

if ! echo ${PATH} | /bin/grep -q /opt/groovy-1.6.0/bin ; thenPATH=${PATH}:/opt/groovy-1.6.0/bin

fiexport GROOVY_HOME=/opt/groovy-1.6.0

As user root, create the new file /etc/profile.d/groovy.csh with the followingcontents:

if ( "${path}" !~ */opt/groovy-1.6.0/bin* ) thenset path = ( /opt/groovy-1.6.0/bin $path )

endifsetenv GROOVY_HOME "/opt/groovy-1.6.0"

6. Reload the environment variables:

user@host$ . /etc/profile.d/groovy.sh

7. Verify the installation of Groovy:

user@host$ groovy -vGroovy Version: 1.6.0 JVM: 1.5.0

Installing memcache client for GroovyTo use the memcache client in Groovy follow the instructions in “Installingmemcache client API for Java” on page 13.

Installing database connectorsTo access a database with Groovy, install the specific database connector asdescribed below for MySQL and PostgreSQL.



import groovy.sql.Sqldef conn = Sql.newInstance(

"jdbc:mysql://mysql.example.com/sample","user","pass","org.gjt.mm.mysql.Driver")





import groovy.sql.Sqldef conn = Sql.newInstance(

"jdbc:postgresql://postgresql.example.com/sample","user","pass","org.postgres.Driver")


ReferencesThe following URLs provide more information about Groovy:

v Groovy project Web page, see http://groovy.codehaus.org/v Getting started guide, see http://groovy.codehaus.org/Getting+Started+Guide

Installation of JythonJython is an implementation of the Python interpreter written in Java. During thewriting of this document, the current version of Jython is 2.2.1.

To install Jython on Red Hat Enterprise Linux 5.3, complete the following steps:


2. Download the Jython JAR file:

user@host$ wget -c http://downloads.sourceforge.net/jython/jython_installer-2.2.1.jar

3. Run the Jython installer by issuing the following command:

root@host# java -jar jython_installer-2.2.1.jar -c

The installer requests some information about the environment. For theinstallation target folder, use /opt/jython-2.2.1.

4. Set up the PATH environment variable to include the folder /opt/jython-2.2.1.

As user root, create the new file /etc/profile.d/jython.sh with the followingcontents:

if ! echo ${PATH} | /bin/grep -q /opt/jython-2.2.1 ; thenPATH=${PATH}:/opt/jython-2.2.1

fi

As user root, create the new file /etc/profile.d/jython.csh with the followingcontents:

if ( "${path}" !~ */opt/jython-2.2.1* ) thenset path = ( /opt/jython-2.2.1 $path )

endif


5. Reload the environment variables:

user@host$ . /etc/profile.d/jython.sh

6. Verify the installation of Jython:

user@host$ jython --versionJython 2.2.1 on java1.5.0

Installing memcache client for JythonTo use the memcache client in Jython follow the instructions in “Installingmemcache client API for Java” on page 13.

Installing database connectorsTo access a database with Jython, install the specific database connector asdescribed below for MySQL and PostgreSQL.



from com.ziclix.python.sql import zxJDBCurl = "jdbc:mysql://mysql.example.com/sample"user = "user"password = "pass"conn = zxJDBC.connect(url,user,password,"org.gjt.mm.mysql.Driver")curs = conn.cursor()




from com.ziclix.python.sql import zxJDBCurl = "jdbc:postgresql://postgresql.example.com/sample"user = "user"password = "pass"conn = zxJDBC.connect(url,user,password,"org.postgresql.Driver")curs = conn.cursor()


ReferencesThe following URLs provide more information about Jython:

v Jython project Web page, see http://www.jython.org/


Chapter 3. Setup of a Database server

In general, Web applications deal with a lot of information that is displayed to theuser. To get a structured and stable environment in place that ensures consistencyand persistency, databases are used. By default, Red Hat Enterprise Linux 5.3includes two popular databases: MySQL and PostgreSQL.

MySQL is one of the key components of the software solution stack named LAMP.Many Web 2.0 applications support both databases, so it is up to the systemadministrator to choose, which one to use.

Setup of MySQLMySQL is a SQL database management system (DBMS), which has become one ofthe most popular open source database systems.

Some key characteristics, such as ease of use, reliability, security and performanceat close to zero cost, increased the usage of MySQL, especially in Webapplications.

Detailed information about MySQL is available at http://www.mysql.org

Installation of MySQLThe installation of MySQL is straightforward, because the packages are included inRed Hat Enterprise Linux 5.3. Install the MySQL server and the MySQL clientpackages by issuing the following command:

root@host# yum install mysql mysql-server

The mysql package includes a command line client for MySQL. This client isrequired for administration purposes of the database server.

To access the MySQL database from a Web application, a client for the relatedprogramming language is required. For the programming languages covered in thisdocument, different client implementations are available. The setup of these clientsis described in the related sections where the setup of the programming languagesis described.

Verifying the MySQL installationTo verify MySQL has been installed correctly, issue the following command:

user@host$ mysql -Vmysql Ver 14.12 Distrib 5.0.45, for redhat-linux-gnu (s390x) using readline 5.0

The output should look similar to the above.

Lifecycle of MySQLLifecycle operations of Linux services such as starting and stopping are basicfunctions. In general, the lifecycle functions are supported by a command line toolnamed service. The tool provides, depending on the supported functions of theservice specific script, to start, stop and restart a server. Apart from that, the current


status of a server can be displayed. In the following steps, a walkthrough is shownfor the MySQL server. This walkthrough assumes that this is the initial startup rightafter the packages have been installed.

1. Verifying the current status of the server

To display the current status of the MySQL server, issue the following command:

root@host# service mysqld statusmysqld is stopped

This indicates that the MySQL server is not started.

2. Starting the server for the first time

To start the MySQL server, issue the following command:

root@host# service mysqld startInitializing MySQL database: Installing MySQL system tables...OKFilling help tables...OK

To start mysqld at boot time you have to copysupport-files/mysql.server to the right place for your system

PLEASE REMEMBER TO SET A PASSWORD FOR THE MySQL root USER !To do so, start the server, then issue the following commands:/usr/bin/mysqladmin -u root password 'new-password'/usr/bin/mysqladmin -u root -h localhost.localdomain password 'new-password'See the manual for more instructions.You can start the MySQL daemon with:cd /usr ; /usr/bin/mysqld_safe &

You can test the MySQL daemon with mysql-test-run.plcd mysql-test ; perl mysql-test-run.pl

Please report any problems with the /usr/bin/mysqlbug script!

The latest information about MySQL is available on the web athttp://www.mysql.comSupport MySQL by buying support/licenses at http://shop.mysql.com[ OK ]Starting MySQL: [ OK ]

The output displays some initialization steps that indicate that the MySQL serverhas been started for the first time. After the startup is completed, verify thestatus of the MySQL server by issuing this command:

root@host# service mysqld statusmysqld (pid 10040) is running...

As shown, the MySQL server is running as expected. Note that the PID variesafter each startup

3. Restarting the server

Another useful function is the restart, where it is possible to stop and start theserver with one single command. To restart the MySQL server, issue thefollowing command:

root@host# service mysqld restartStopping MySQL: [ OK ]Starting MySQL: [ OK ]


When the restart completes, verify the status of the MySQL server by issuingthis command:

root@host# service mysqld statusmysqld (pid 14585) is running...

As expected, the MySQL server is running again. Note that the PID varies aftereach restart

4. Stopping the server

To stop the MySQL server, issue the following command:

root@host# service mysqld stopStopping MySQL: [ OK ]

Again, the status can be verified by issuing this command:

root@host# service mysqld statusmysqld is stopped

As expected, the MySQL server is not running any more.

To start the MySQL server at system restart time, the command chkconfig is used.Decide first in which runlevel the MySQL server should start. Runlevels are used tocoordinate the startup of services during restart time. In the following example, therunlevels 3 and 5 are used as both support networking:

root@host# chkconfig --level 35 mysqld on

To verify the setup, issue this command:

root@host# chkconfig --list mysqldmysqld 0:off 1:off 2:off 3:on 4:off 5:on 6:off

Now, the MySQL server starts during restart time of runlevels 3 and 5. To deactivatethis behavior again, issue this command:

root@host# chkconfig mysqld off

Again, to verify the setup, issue this command:

root@host# chkconfig --list mysqldmysqld 0:off 1:off 2:off 3:off 4:off 5:off 6:off

Basic configuration of MySQLMySQL delivers several example configuration files in its packages. At least fourdifferent variations of the server configuration are available. These additionalconfiguration files are located in the folder /usr/share/mysql and are named:

v my-small.cnfv my-medium.cnfv my-large.cnfv my-huge.cnf

Chapter 3. Setup of a Database server 23

The MySQL documentation offers additional information about which configurationfile to choose for a given scenario. For example, the my-small.cnf file can be usedas the configuration for the MySQL server. The following commands must becompleted to activate the predefined configuration:

root@host# cp /usr/share/mysql/my-small.cnf /etc/my.cnfroot@host# chown root:root /etc/my.cnfroot@host# chmod 644 /etc/my.cnf

One of the first issues when dealing with any common resource is to ensure itssecurity. At the beginning, the password for the database superuser is set byissuing the following commands:

user@host$ mysqladmin -u root password # mysqladmin -u root -p -h 127.0.0.1 password # mysqladmin -u root -p -h password

or by using the MySQL console:

user@host$ mysql -u rootmysql> SET PASSWORD FOR 'root'@'localhost' = PASSWORD('');mysql> SET PASSWORD FOR 'root'@'127.0.0.1' = PASSWORD('');mysql> SET PASSWORD FOR 'root'@'' = PASSWORD('');mysql> quit

Note: As this is the superuser for all databases, use a very secure and non-trivialpassword.

The second recommended security measure is to remove anonymous accountsfrom the server. Access is granted only to those users specifically enabled:

user@host$ mysql -u root -pmysql> DELETE FROM mysql.user WHERE User = '';mysql> FLUSH PRIVILEGES;mysql> SELECT Host, User FROM mysql.user;mysql> quit

To display a list of users that have database access privileges, issue the followingcommand:

user@host$ mysql -u root -pmysql> select user,host from mysql.user;

+------+----------------------------------+| user | host |+------+----------------------------------+| root | 127.0.0.1 || root | localhost || root | machine.example.com |+------+----------------------------------+

mysql> quit

Note: Applications connecting to the MySQL server’s databases should use anaccount with minimum privileges required for its actions. This helps toprevent potentially malicious programs from accessing other databases anddata.

The configuration shown in this chapter does not cover all security aspects ofMySQL. For more detailed information, refer to the MySQL documentation.


Setup of PostgreSQLPostgreSQL is an advanced object-relational database management system.

Numerous features such as stored procedures, functions and triggers are included.All of these are blocks of code to be run by the server, and can be written in SQL orcompatible languages such as C, C++, Java, PHP, Perl, Python, Ruby, and so on.PostgreSQL provides features such as MVCC (Multi-Version Concurrency Control),rules, triggers, indexes and so on.

Detailed information about PostgreSQL and the supported functions are available athttp://www.postgres.org

Installation of PostgreSQLPostgreSQL has been included in various Linux distributions for some time. Theinstallation process is straight forward. The database server can be installed byissuing the following command:

root@host# yum install postgresql postgresql-server

Next to the PostgreSQL server, the client that is required to maintain the databasesis installed also.

To access the PostgreSQL database from a Web application, a client for the relatedprogramming language is required. For the programming languages mentioned inthis document, different client implementations are available. The setup of theseclients are described in the section where the setup of the programming languagesis described.

Verifying the PostgreSQL installationChecking whether the PostgreSQL package has been installed is done in the sameway as with other servers. To retrieve the version of PostgreSQL, issue thefollowing command:

user@host$ postgres -Vpostgres (PostgreSQL) 8.1.11


Lifecycle of PostgreSQLWhen these basic PostgreSQL packages are installed, lifecycle operations can beperformed such as starting and stopping the server. In the following steps, awalkthrough is shown for the PostgreSQL server. This walkthrough assumes thatthis is the initial startup right after the packages have been installed.


To display the current status of the PostgreSQL server, issue the followingcommand:

root@host# service postgresql statuspostmaster is stopped

This indicates that the PostgreSQL server is not started.



To start the PostgreSQL server, issue the following command:

root@host# service postgresql startInitializing database: [ OK ]Starting postgresql service: [ OK ]

The output displays an initialization step, which indicates that the PostgreSQLserver has been started for the first time. After the startup is completed, verifythe status of the PostgreSQL server by issuing this command:

root@host# service postgresql statuspostmaster (pid 18586 18585 18584 18582 18577) is running...

As shown, the PostgreSQL server is running as expected. Note that the PIDsvary after each startup.


Another useful function is the restart, where it is possible to stop and start theserver with one single command. To restart the PostgreSQL server, issue thefollowing command:

root@host# service postgresql restartStopping postgresql service: [ OK ]Starting postgresql service: [ OK ]

When the restart completes, verify the status of the PostgreSQL server byissuing this command:

root@host# service postgresql statuspostmaster (pid 18792 18791 18790 18788 18786) is running...

As expected, the PostgreSQL server is running again. Note that the PIDs varyafter each restart.


To stop the PostgreSQL server, issue the following command:

root@host# service postgresql stopStopping postgresql service: [ OK ]


root@host# service postgresql statuspostmaster is stopped

As expected, the PostgreSQL server is not running any more.

To start the PostgreSQL server at system restart time, the command chkconfig isused. Decide first in which runlevel the PostgreSQL server should start. Runlevelsare used to coordinate the startup of services during restart time. In the followingexample, the runlevels 3 and 5 are used as both support networking:

root@host# chkconfig --level 35 postgresql on



root@host# chkconfig --list postgresqlpostgresql 0:off 1:off 2:off 3:on 4:off 5:on 6:off

Now, the PostgreSQL server starts during restart time of runlevels 3 and 5. Todeactivate this behavior again, issue this command:

root@host# chkconfig postgresql off


root@host# chkconfig --list postgresqlpostgresql 0:off 1:off 2:off 3:off 4:off 5:off 6:off

Basic configuration of PostgreSQLPostgreSQL does not allow remote connections by default. To enable this function,the parameter PGOPTS must be set in the file /etc/sysconfig/pgsql/postgresql. Thisfile controls optional startup parameters for PostgreSQL, and must be created if itdoes not already exist on the system.

The example below shows an extract of the file /etc/sysconfig/pgsql/postgresql withPGOPTS set to -i:

# Enabled remote access for PostgreSQLPGOPTS="-i"

To activate the changes, issue the following command to restart the PostgreSQLserver:

root@host# service postgresql restart

The client authentication is controlled by a configuration file, which traditionally isnamed pg_hba.conf. This file is stored in the database folder /var/lib/pgsql/data.

One possible scenario is to allow connections from local and from a specific subnet.The following example shows how this works for the subnet 192.168.12.0/24.

v Local users can connect only to their own databases (databases with the samename as their database user name)

v Administrators can connect to all databasesv Client connections from a subnet of 192.168.12.x can connect to the databases

db1 and db2

v For all users, authentication is required# TYPE DATABASE USER CIDR-ADDRESS METHODlocal sameuser all md5local all @admins md5host db1,db2 all 192.168.12.0/24 md5

The configuration shown in this chapter does not cover all security aspects ofPostgreSQL. For more detailed information, refer to the PostgreSQL documentation.


Chapter 4. Setup of Apache HTTP Server

The Apache HTTP Server, also known as Apache, is a secure, reliable and efficientWeb server. It is highly configurable and extensible with many third party modules,and Apache is available for a wide variety of operating systems including Linux,UNIX®, Mac OS X, Microsoft® Windows® and several others.

Apache became the Web server component of the popular software solution stacknamed LAMP. Extending this concept, the Apache HTTP Server is a key componentof the defined Web 2.0 stack also.

The Apache HTTP server is well documented. A good reference is the Apache Webpage at http://httpd.apache.org

Installation of Apache HTTP ServerApache is one of the key components of the WorldWideWeb, and is included in RedHat Enterprise Linux 5.3. The installation is performed by issuing the followingcommand:

root@host# yum install httpd httpd-manual

This installs the Apache HTTP server with some documentation and an exampleWeb page.

Verification of the Apache HTTP Server installationTo verify the installation of Apache, issue the following command:

root@host# apachectl -vServer version: Apache/2.2.3Server built: Nov 12 2008 07:11:44


To connect with a Web browser to the Apache HTTP server, the server has to bestarted. Issue the following command to start the server:

root@host# service httpd start

Open a Web browser and navigate to the URL http://. A Web page isdisplayed indicating that the Apache HTTP server is running properly.

Note: If the system is protected by a firewall, additional configuration might benecessary to allow client access to the Apache HTTP server.

Lifecycle of Apache HTTP ServerWhen these basic Apache HTTP server packages are installed, lifecycle actions canbe performed such as starting and stopping the server. In the following steps, awalkthrough is shown for the Apache HTTP server. This walkthrough assumes thatthis is the initial startup right after the packages have been installed and that theserver is not running.



To display the current status of the Apache HTTP server, issue the followingcommand:

root@host# service httpd statushttpd is stopped

This indicates that the Apache HTTP server is not started.


To start the Apache HTTP server, issue the following command:

root@host# service httpd startStarting httpd: [ OK ]

After the startup is completed, verify the status of the Apache HTTP server byissuing this command:

root@host# service httpd statushttpd (pid 8608 8607 8606 8605 8604 8602 8601 8600 8599) is running...

As shown, the Apache HTTP server is running as expected. Note that the PIDsvary after each startup.


Another useful function is the restart, where it is possible to stop and start theserver with one single command. To restart the Apache HTTP server, issue thefollowing command:

root@host# service httpd restartStopping httpd: [ OK ]Starting httpd: [ OK ]

When the restart completes, verify the status of the Apache HTTP server byissuing this command:

root@host# service httpd statushttpd (pid 8666 8665 8664 8663 8662 8661 8660 8659 8657) is running...

As expected, the Apache HTTP server is running again. Note that the PIDs varyafter each startup.


To stop the Apache HTTP server, issue the following command:

root@host# service httpd stopStopping httpd: [ OK ]


root@host# service httpd statushttpd is stopped

As expected, the Apache HTTP server is not running any more.


To start the Apache HTTP server at system restart time, the command chkconfig isused. Decide first in which runlevel the Apache HTTP server should start. Runlevelsare used to coordinate the startup of services during restart time. In the followingexample, the runlevels 3 and 5 are used as both support networking:

root@host# chkconfig --level 35 httpd on


root@host# chkconfig --list httpdhttpd 0:off 1:off 2:off 3:on 4:off 5:on 6:off

Now, the Apache HTTP server starts during restart time of runlevels 3 and 5. Todeactivate this behavior again, issue this command:

root@host# chkconfig httpd off


root@host# chkconfig --list httpdhttpd 0:off 1:off 2:off 3:off 4:off 5:off 6:off

Overview of Apache HTTP server modulesThe Apache server modules are software elements that extend Apache’sfunctionality. There are modules available to add server-side programming languagesupport, authentication schemes, and many additional functions.

By default, the Apache HTTP server has already some modules loaded, staticallyand dynamically. To display the list of configured modules, issue the followingcommand:

root@host# apachectl -t -D DUMP_MODULES

During the installation of Apache HTTP server extensions additional modules areinstalled, but those might not be enabled. To enable or disable a module,configuration files have to be modified. In general those configuration files are the/etc/httpd/conf/httpd.conf and files located in the folder /etc/httpd/conf.d/.

Adding support for PHPTo add the PHP support for Apache HTTP on Red Hat Enterprise Linux 5.3,complete the following steps:

1. Install PHP as described in “Installation of PHP” on page 5.

2. Install the Apache HTTP module for PHP support:

root@host# yum install php

3. Finally, restart the Apache HTTP server:

root@host# service httpd restart

Chapter 4. Setup of Apache HTTP Server 31

During the installation process for PHP, one additional configuration file is added tothe Apache server configuration. This file is located at /etc/httpd/conf.d/php.conf andincludes a definition for the module to configure the interpreter to do its work whena PHP Web page is requested.

'Hello World!' example using mod_phpTo verify whether PHP is working correctly within Apache, create the new file/var/www/html/hello-world.php as user root with the following contents:

Hello, World! (PHP)

This newly created PHP script can be accessed by opening up a Web browser atthe following URL:

v http:///hello-world.phpA Web page is shown that displays 'Hello World!' along with the current time.

Adding support for PerlTo add the Perl support for Apache HTTP on Red Hat Enterprise Linux 5.3,complete the following steps:

1. Install Perl as described in “Installation of Perl” on page 6.

2. Install the Apache HTTP module for Perl support:

root@host# yum install mod_perl



The installation of mod_perl integrates the configuration file /etc/httpd/conf.d/perl.conf into the Apache HTTP setup. This file includes the setup for the Perlinterpreter which is not enabled by default. Remove the leading '#' characters forthe following configuration entries:

Alias /perl /var/www/perl

SetHandler perl-scriptPerlResponseHandler ModPerl::RegistryPerlOptions +ParseHeadersOptions +ExecCGI

The folder /var/www/perl does not exist by default. Create the folder by issuing thefollowing command:


root@host# mkdir -p /var/www/perl

To activate the changes of the configuration files, restart the Apache HTTP server:


'Hello World!' example using mod_perlBased on the previously explained configuration, set up a 'Hello World!' example.As user root, create the new file /var/www/perl/hello-world.pl with the followingcontents:

use CGI qw(:standard);use CGI::Carp qw(fatalsToBrowser);

use strict;use warnings;

my ($sec,$min,$hr) = localtime();

my $cgi = new CGI;

print $cgi->header(),$cgi->start_html({title=>"Hello World! - Perl"}),$cgi->p("Hello World! - Perl

The time on the server is $hr:$min:$sec"),$cgi->end_html();

This newly created Perl script can be accessed by opening up a Web browser atthe following URL:

v http:///perl/hello-world.plA Web page is shown that displays 'Hello World!' along with the current time.

Adding support for PythonTo add the Python support for Apache HTTP on Red Hat Enterprise Linux 5.3,complete the following steps:

1. Install Python as described in “Installation of Python” on page 8.

2. Install the Apache HTTP module for Python support:

root@host# yum install mod_python



The installation of mod_python integrates the configuration file/etc/httpd/conf.d/python.conf into the Apache HTTP setup. This file includes thesetup for the interpreter to run Python scripts in specific folders. By default, theconfiguration for Python scripts is not enabled and must be activated manually

Python Publisher handlerTo enable the Python Publisher handler, open the file /etc/httpd/conf.d/python.conf and remove the leading '#' characters for the following lines:


SetHandler python-programPythonHandler mod_python.publisher

Python PSP handlerTo enable the Python PSP handler, open the file /etc/httpd/conf.d/python.conf and remove the leading '#' characters for the following lines:

AddHandler mod_python .pspPythonHandler mod_python.psp

The folder /var/www/html/python does not exist by default, therefore create thefolder by issuing the following command:

root@host# mkdir -p /var/www/html/python



'Hello World!' example using mod_python Publisher handlerBased on the previously explained configuration for the Publisher handler, set up a’Hello World’ example. As user root, create the new file /var/www/html/python/hello-world.py with the following contents:

from mod_python import apacheimport time

def index(req):req.content_type = 'text/html'req.write('')req.write('Hello, World! (Python Publisher handler)')req.write('Hello, World! (Python Pulisher handler)
')req.write('The time on the server is ')req.write(time.strftime("%H:%M:%S"))req.write('')

This newly created Python script can be accessed by opening a Web browser atthe following URLs:

v http:///python/hello-worldv http:///python/hello-world/indexA Web page is shown that displays 'Hello World!' along with the current time.

'Hello World!' example using mod_python PSP handlerBased on the previously explained configuration for the Python PSP handler, set upa ’Hello World’ example. As user root, create the new file /var/www/html/hello-world.psp with the following contents:


Hello, World! (Python PSP)

Hello, World! (Python PSP)
The time on the server is

This newly created Python Server Page can be accessed by opening a Webbrowser at the following URL:

v http:///hello-world.pspA Web page is shown that displays 'Hello World!' along with the current time.

Adding support for RubyThe Apache module mod_ruby together with eruby, enables the invocation of Rubyscripts by the Apache HTTP server. It embeds the Ruby interpreter to run scriptsnatively in the Apache HTTP server. The mod_ruby package is not part of Red HatEnterprise Linux 5.3 and must be installed manually. During the writing of thisdocument, the current version of mod_ruby is 1.3.0.

To add the Ruby support for Apache HTTP on Red Hat Enterprise Linux 5.3,complete the following steps:

1. Install Ruby as described in “Installation of Ruby” on page 10.

2. Install development packages which are required to compile mod_ruby anderuby:

root@host# yum install apr-devel apr apr-util-devel apr-util httpd-devel

3. Download the mod_ruby TAR file:

user@host$ wget -c http://www.modruby.net/archive/mod_ruby-1.3.0.tar.gz


user@host$ tar xzf mod_ruby-1.3.0.tar.gzuser@host$ cd mod_ruby-1.3.0

5. Set up the build environment:

user@host$ ./configure.rb --with-apr-includes=/usr/include/apr-1

6. Build the mod_ruby source files:

user@host$ make

7. Run the installation:


8. Download the eRuby TAR:

user@host$ wget -c http://www.modruby.net/archive/eruby-1.0.5.tar.gz



user@host$ tar xzf eruby-1.0.5.tar.gzuser@host$ cd eruby-1.0.5

10. Set up the build environment:

user@host$ ./configure.rb --with-apr-includes=/usr/include/apr-1

Note: If the configure command fails with an error of the metho ’gsub’, edit thefile configure.rb at line 309 to include the following contents:

$XLDFLAGS = CONFIG["XLDFLAGS"] || ""

11. Build the eRuby source files:

user@host$ make

12. Run the installation:




The Ruby handlers must be set up manually. Create a new file/etc/httpd/conf.d/modruby.conf with the following contents:

LoadModule ruby_module modules/mod_ruby.so

RubyRequire apache/ruby-runRubyRequire apache/eruby-run

SetHandler ruby-objectRubyHandler Apache::RubyRun.instanceOptions +ExecCGI

SetHandler ruby-objectRubyHandler Apache::RubyRun.instance

SetHandler ruby-objectRubyHandler Apache::ERubyRun.instance

SetHandler ruby-objectRubyHandler Apache::eRubyRun.instance

Options ExecCGI

Options ExecCGI




'Hello World!' example using mod_rubyBased on the previously explained environment, set up a 'Hello World!' example forCGI Ruby.

Create the new folder /var/www/html/ruby:

root@host# mkdir -p /var/www/html/ruby

In this folder, create the new file /var/www/html/ruby/hello-world.rbx as user rootwith the following contents:

require "cgi"cgi = CGI.new("html4")cgi.out {

cgi.html {cgi.head { cgi.title {"Hello, World! (Ruby)"} } +cgi.body {

"Hello, World! (Ruby)
" +Time.now.strftime("The time on the server is %H:%M:%S")

}}

}

This file requires the executable flag to be set:

root@host# chmod +x /var/www/html/ruby/hello-world.rbx

The newly created Ruby CGI script can be accessed by opening a Web browser atthe following URL:

v http:///ruby/hello-world.rbxA Web page is shown that displays 'Hello World!' along with the current time.

'Hello World!' example using eRubyBased on the previously explained environment, set up a 'Hello World!' example foreRuby. Create the new folder /var/www/html/eruby:

root@host# mkdir -p /var/www/html/eruby

In this folder, create the new file /var/www/html/eruby/hello-world.rhtml as user rootwith the following contents:

Hello, World! (eRuby)


This newly created eRuby Web page can be accessed by opening a Web browserat the following URL:

v http:///hello-world.rhtmlA Web page is shown that displays 'Hello World!' along with the current time.

Adding the Web Application Firewall ModSecurityModSecurity, http://www.modsecurity.org, is a Web Application Firewall (WAF) thatenables a System administrator to implement an additional security layer withoutmodifying the Web application itself. While writing this document, the currentversion is 2.5.9.

RequirementsTo compile and run ModSecurity properly, several dependent packages must beinstalled. These packages are:

v curl-develv pcre-develv apr-develv apr-util-develv httpd-develv libxml2-develv gcc-c++All of these dependent packages are available in the Red Hat Enterprise Linux 5.3distribution and are installed by issuing the following commands:

root@host# yum install curl-devel pcre-devel apr-devel apr-util-devel httpd-devel libxml2-devel gcc-c++

InstallationTo install ModSecurity on Red Hat Enterprise Linux 5.3, complete the followingsteps:

1. Download the ModSecurity TAR file:

user@host$ wget -c http://www.modsecurity.org/download/modsecurity-apache_2.5.9.tar.gz

2. Extract the TAR file and change into the apache2 folder of the newly createdfolder:

user@host$ tar xzf modsecurity-apache_2.5.9.tar.gzuser@host$ cd modsecurity-apache_2.5.9/apache2

3. Set up the build process and compile the sources:

user@host$ ./configureuser@host$ make

4. Install ModSecurity:


5. Copy the configuration for the Apache HTTP server into the folder/etc/httpd/conf.d:


root@host# cd ..root@host# cp modsecurity.conf-minimal /etc/httpd/conf.d/modsecurity.conf

ConfigurationThe configuration of ModSecurity includes the adjustment of configuration files forthe Apache HTTP server and the integration of rules. Both are described in thefollowing steps:

1. Add the LoadModule statement for the ModSecurity module configuration file.Add the following line to the /etc/httpd/conf.d/modsecurity.conf file:

LoadModule security2_module /usr/lib64/httpd/modules/mod_security2.so

2. Enable the module mod_unique_id, if this is not the case. First, verify if themodule is already loaded by issuing the following command:

root@host# apachectl -t -D DUMP_MODULES

If this the module is not loaded, add the following line to the file/etc/httpd/conf/httpd.conf:

LoadModule unique_id_module modules/mod_unique_id.so

3. Enable the Core rule set to be processes by ModSecurity. The ’Core rule set’ isused to protect the Web 2.0 applications from several known vulnerabilities.First, create the new folder where the rules are stored:

root@host# mkdir -p /etc/httpd/conf/modsecurity

Copy the Core rules set from the extracted TAR file to the folder/etc/httpd/conf/modsecurity:

root@host# cp rules/*.conf /etc/httpd/conf/modsecurity

Add the following line to the file /etc/httpd/conf/httpd.conf:

Include conf/modsecurity/*.conf

Finally, restart the Apache HTTP server to enable the ModSecurity Web ApplicationFirewall:


ReferencesThe following URLs provide more information about ModSecurity:

v ModSecurity project Web page, see http://www.modsecurity.orgv Additional documentation, see http://www.modsecurity.org/documentation/


Using SSL in Apache HTTP serverThe Secure Sockets Layer protocol (SSL) is used to encrypt the communicationover TCP/IP. By default, the Apache HTTP server is not configured to support SSL.This section explains how to create a server certificate and configure the ApacheHTTP server to support SSL.

To enable the SSL support for the Apache HTTP server, complete the followingsteps:

1. Install the mod_ssl and dependent packages:

root@host# yum install mod_ssl

2. Generate a certificate signing request file:

root@host# openssl req -new -out /etc/pki/tls/misc/server.csr

Follow the instructions on the command line to enter proper information togenerate the csr file. When completed, move the privkey.pem file to the folder/etc/pki/tls/ and rename it to server.pem:

root@host# mv privkey.pem /etc/pki/tls/server.pem

3. Generate a password less key file:

root@host# openssl rsa -in /etc/pki/tls/server.pem -out /etc/pki/tls/private/server.key

4. Convert the csr file into a signed certificate:

root@host# openssl x509 -req -days 365 -in /etc/pki/tls/misc/server.csr \-signkey /etc/pki/tls/private/server.key -out /etc/pki/tls/certs/server.crt

5. Open the file /etc/httpd/conf.d/ssl.conf and adjust the following two lines to adaptthe server key and certificate files:

SSLCertificateFile /etc/pki/tls/certs/server.crtSSLCertificateKeyFile /etc/pki/tls/private/server.key

6. Enable hardware support for encryption. Open the file /etc/httpd/conf.d/ssl.confand set the SSLCryptoDevice directive to ibmca:

SSLCryptoDevice ibmca

7. Activate the changes by restarting the Apache HTTP server:


8. To verify the SSL support, open a Web browser and navigate to the URLhttps://.

Note: To enable the support for using the cryptographic adapter, make sure thatthe Linux on IBM System z guest is set up to access the required adapter.

At IBM Redbooks®, a document is available that includes more detailed informationabout SSL support for Apache HTTP server - Using Cryptographic Adapters forWeb Servers with Linux on IBM system z9® and zSeries®, seehttp://www.redbooks.ibm.com/abstracts/redp4131.html.


Chapter 5. Setup of Apache Tomcat

Apache Tomcat is a Servlet container that is compliant with the official specificationsfor the Java Servlet and JavaServer Pages technologies, providing an environmentfor Java code to run in cooperation with a Web server. The Java Servlet andJavaServer Pages specifications are developed by Sun under the Java CommunityProcess. The two Java Specification Requests, JSR53 and JSR154 specify theServlet API and the Java ServerPages API.

Additional information about Apache Tomcat is available at the project Web pagehttp://tomcat.apache.org.

Installation of Apache TomcatJava is a requirement to run the Apache Tomcat server. Install Java as described in“Installation of Java” on page 12.

When the correct Java version is available, install Apache Tomcat by issuing thiscommand:

root@host# yum install tomcat5 tomcat5-admin-webapps tomcat5-webapps

This installs the Apache Tomcat server and some administrative Web applicationsthat provide some basic configuration of the Apache Tomcat server. Also, severalexample Web applications for Apache Tomcat are installed.

Verifying the Apache Tomcat installationTo verify if the Apache Tomcat server is working properly, the server itself has to bestarted. Therefore, issue the following command:

root@host# service tomcat5 start

Open a Web browser on the server where the Apache Tomcat server is running andopen the URL http://:8080. The default Apache Tomcat Web page isshown, which offers some examples, documentation and administration pages.

Note: If the system is protected by a firewall, additional configuration might benecessary to allow client access to the Apache Tomcat server

Important folders in Apache TomcatThere is an environment variable with special importance, $CATALINA_HOME. Thisenvironment variable is defined in /etc/tomcat5/tomcat5.conf and points to the rootof the Apache Tomcat server installation – the default is /usr/share/tomcat5. Theseare some of the key Apache Tomcat folders, all relative to $CATALINA_HOME:

v $CATALINA_HOME/bin - Startup, shutdown, and other scripts.v $CATALINA_HOME/conf - Configuration files and related DTDs. The most

important file is server.xm, which is the main configuration file for Apache Tomcat.

v $CATALINA_HOME/logs - Default location of log files.v $CATALINA_HOME/webapps - This is where additional Web applications are

installed.


Important folders for storing library files are:

v $CATALINA_HOME/common/lib - Library files used by Apache Tomcat and Webapplications.

v $CATALINA_HOME/shared/lib - Library files used across Web applications only.

Lifecycle of Apache TomcatWhen these basic Apache Tomcat server packages are installed, lifecycle actionscan be performed such as starting and stopping the server. In the following steps, awalkthrough is shown for the Apache Tomcat server. This walkthrough assumes thatthis is the initial startup right after the packages have been installed and the serveris not running.


To display the current status of the Apache Tomcat server, issue the followingcommand:

root@host# service tomcat5 status/etc/init.d/tomcat5 is stopped

This indicates that the Apache Tomcat server is not started.

2. Starting the server

To start the Apache Tomcat server, issue the following command:

root@host# service tomcat5 startStarting tomcat5: [ OK ]

After the startup is completed, verify the status of the Apache Tomcat server byissuing this command:

root@host# service tomcat5 status/etc/init.d/tomcat5 is already running (13847)

As shown, the Apache Tomcat server is running as expected. Note that the PIDvaries after each startup.

3. Restarting the s

setting up a web 2.0 stack on rhel5.3 (may 2009)public.dhe.ibm.com › software › dw › linux390...

Documents