用户工具

站点工具


doc:h:hiawatha_7_8_2

安装 hiawatha 於 FreeBSD

作者:zeissoctopus

以下是我安装和配置 Hiawatha 8.3.2 万维网服务器於 FreeBSD 9-STABLE 的笔记。我会启动以下几项功能:

  1. SSL
  2. Virtual Host
  3. FastCGI 支援 PHP

1: 安装软件

从 ports 编译安装 Hiawatha 8.3.2 入 FreeBSD

% cd /usr/ports/www/hiawatha
% su root
# make install
# make clean
# exit

以下是我用 ports 编译 Hiawatha 8.3.2 时所选择的选项

WITH_CACHE true
WITH_CHROOT true
WITH_COMMAND true
WITH_DEBUG false
WITH_IPV6 true
WITH_MONITOR true
WITH_RPROXY true
WITH_SSL true
WITH_TOOLKIT true
WITH_XSLT true

2: 安排网站的文件目录

Hiawatha 8.3.2 执行时,会产生一些文件。Hiawatha 8.3.2 也会找寻网站实际 放置的位置。因此需要事先安排妥当。然而所有文件位置皆可以自由安排。本例子是依从我个人喜好来决定而已。

Hiawatha 执行时产生的文件

目录 文件对应 hiawatha.conf 配置内的变量名称
/var/run/hiawatha.pidPIDFILE =
/var/log/hiawatha一些 log 文件AccessLogfile=
ErrorLogfile=
/var/lib/hiawathaphp-fcgi.sockConnectTo =

PHP FastCGI Daemon 执行时产生的文件

目录 文件对应 php-fcgi.conf 配置内的变量名称
/var/run/php-fcgi.pidPIDFILE =
/var/lib/hiawathaphp-fcgi.sockServer=

Hiawatha 的 namebase virtualhost 目录安排

除了根目录外,其余皆以 virtual host 网站名称来命名目录,本例子为了防避恶意网络机器人入侵,不会把默认网站设为真实用的 domain,引导入侵者传取一个空目录。

目录内容对应 hiawatha.conf 配置内的变量名称
/home/wwwVirtual Host 的总根目录不用设定
/home/www/192.168.5.1默认网站-不带 domain不用设定
/home/www/192.168.5.1/htdocs/默认网站的根目录WebsiteRoot=
/home/www/example.org依你的 domain 名称命名不用设定
/home/www/example.org/htdocs你的 domain 网站的根目录 Virtualhost{ } 里的 WebsiteRoot=
/home/www/wiki.example.org分拆 subdomain 的 virtualhost不用设定
/home/www/wiki.example.org/htdocs你的 subdomain 网站的根目录另一个 Virtualhost{ } 里的 WebsiteRoot=

3: 配置 FreeBSD ports 里的 Hiawatha

在 FreeBSD 里默认配置文件的位置

目录文件内容
/usr/local/etc/hiawatha/hiawatha.confHiawatha 主配置文件
php-fcgi.conf买置 Hiawatha 专属 PHP FastCGI Daemon
cgi-wrapper.conf配置 Hiawatha 专属 CGI 伪装 User 身份及 CGI Chroot 软件

有关本例子载入配置文件的次序

Hiawatha 8.3.2 的 SSL 和 Virutalhost 皆在 hiawatha.conf 里配置。而 Hiawatha 专属的 PHP FastCGI 软件则需要在 php-fcgi.conf 里配置。

  1. /usr/local/etc/hiawatha/hiawatha.conf
  2. /usr/local/etc/hiawatha/php-fcgi.conf

换言之,本例子只需要适当修改以上 2 个配置文件。

hiawatha.conf 内容

hiawatha.conf
#===============================================================================
# Hiawatha main configuration file
#
# The binding, directory, FastCGI, virutal host and URL toolkit configuration
# must be placed inside sections. A section is defined as follows:
#
# Section {
#     ...
# }
#
# where the word "Section" must be replaced with "Binding", "Directory",
# "FastCGIserver", "VirtualHost" or "UrlToolkit".
#===============================================================================
 
#===============================================================================
# Server Configuration
#===============================================================================
#
# global variable
 
# Ban functions
#BanlistMask =
BanOnDeniedBody = 300
BanOnFlooding = 40/1:400
BanOnGarbage = 300
#BanOnMaxPerIP = 400
BanOnMaxReqSize = 300
BanOnSQLi = 300
BanOnTimeout = 300
BanOnWrongPassword = 5:300
KickOnBan = yes
RebanDuringBan = yes
 
# Cache Settings
CacheSize = 20
CacheMaxFilesize = 256
CacheMinFilesize = 1
# CGI Settings
CGIextension = cgi
#NoExtensionAs = cgi
#CGIhandler = /usr/local/bin/php-cgi:php, php5
#CGIwrapper = /usr/local/sbin/cgi-wrapper
KillTimedoutCGI = yes
#WaitforCGI = yes
#WrapUserCGI = yes
 
# Connection Settings
ConnectionsPerIP = 16
ConnectionsTotal = 256
#ReconnectDelay = 2
SocketSendTimeout = 0
 
# Logfile
ExploitLogfile = /var/log/hiawatha/hiawatha_exploit.log
LogFormat = hiawatha
SystemLogfile = /var/log/hiawatha/hiawatha_system.log
GarbageLogfile = /var/log/hiawatha/hiawatha_garbage.log
 
# File Path
MimetypeConfig = /usr/local/etc/hiawatha/mimetype.conf
PIDfile = /var/run/hiawatha.pid
 
# Server
ServerId = www:www
#ServerRoot =
ServerString = Hiawatha Server
#UserDirectory = public_html
WorkDirectory = /var/tmp/hiawatha
WrapUserCGI = no
 
#===============================================================================
# Binding Configuration
#===============================================================================
Binding {
#BindingId = SELF
#EnableAlter = no
#EnableTRACE = no
Interface = 192.168.5.1
MaxKeepAlive = 60
MaxRequestSize = 64
MaxUploadSize = 22
Port = 80
#RequiredCA =
#SSLcertFile =
TimeForRequest = 6, 24
}
 
Binding {
#BindingId = SELF
#EnableAlter = no
#EnableTRACE = no
Interface = 192.168.5.1
MaxKeepAlive = 60
MaxRequestSize = 64
MaxUploadSize = 22
Port = 443
#RequiredCA =
SSLcertFile = /usr/local/etc/yourDomainHost-key-cert.pem
TimeForRequest = 6, 24
}
 
 
#===============================================================================
# Default Website 
#===============================================================================
#AccessList =
AccessLogfile = /var/log/hiawatha/1921680501_access.log
#AlterGroup =
#AlterList =
#AlterMode =
DenyBody = ^.*%3Cscript.*%3C%2Fscript%3E.*$
DenyBody = ^.*%3CsCrIpT.*%3C%2FScRiPt%3E.*$
DenyBody = ^.*%3CScRiPt.*%3C%2FsCrIpT%3E.*$
DenyBody = ^.*%3CSCRIPT.*%3C%2FSCRIPT%3E.*$
DenyBody = ^.*%3CSCRIPT.*%3C%2Fscript%3E.*$
DenyBody = ^.*%3Cscript.*%3C%2FSCRIPT%3E.*$
DenyBody = ^.*%3Cmeta.*%2F%3E.*$
DenyBody = ^.*%3CMETA.*%2F%3E.*$
DenyBody = ^.*%3CMeTa.*%2F%3E.*$
DenyBody = ^.*%3CmEtA.*%2F%3E.*$
DenyBot = Googlebot:/
DenyBot = twiceler:/
DenyBot = MSNBot:/
DenyBot = yahoo:/
DenyBot = BaiDuSpider:/
DenyBot = Ask:/
DenyBot = Yahoo! Slurp:/
DenyBot = Sogou web spider:/
DenyBot = Sogou-Test-Spider:/
DenyBot = Baiduspider+:/
DenyBot = Yandex:/
DenyBot = UniversalFeedParser:/
DenyBot = Mediapartners-Google:/
DenyBot = Sosospider+:/
DenyBot = YoudaoBot:/
DenyBot = ParchBot:/
DenyBot = Curl:/
DenyBot = msnbot:/
DenyBot = NaverBot:/
DenyBot = taptubot:/
EnablePathInfo = no
#ErrorHandler = 404:/error.cgi
ErrorLogfile = /var/log/hiawatha/1921680501_error.log
ExecuteCGI = no 
FollowSymlinks = no
Hostname = 192.168.5.1
#ImageReferer =
LoginMessage = Private page
MonitorRequests = no
#NoExtensionAs =
#PasswordFile =
PreventCSRF = yes
PreventSQLi = yes       
PreventXSS = yes
#RequiredBinding =
#RequiredGroup =
RequireSSL = no
#RunOnAlter =
#Setenv =
ShowIndex = no
StartFile = index.html
TimeForCGI = 70
TriggerOnCGIstatus = no
UserWebsites = no
#UseFastCGI = 
#UseToolkit =
#UseToolkit = 
#UseXSLT = no
#VolatileObject =
WebsiteRoot = /home/www/192.168.5.1/htdocs
#WrapCGI =
 
#===============================================================================
# Virtual Hosts
#===============================================================================
VirtualHost {
#AccessList =
AccessLogfile = /var/log/hiawatha/yourdomain_access.log
#AlterGroup =
#AlterList =
#AlterMode =
DenyBody = ^.*%3Cscript.*%3C%2Fscript%3E.*$
DenyBody = ^.*%3CsCrIpT.*%3C%2FScRiPt%3E.*$
DenyBody = ^.*%3CScRiPt.*%3C%2FsCrIpT%3E.*$
DenyBody = ^.*%3CSCRIPT.*%3C%2FSCRIPT%3E.*$
DenyBody = ^.*%3CSCRIPT.*%3C%2Fscript%3E.*$
DenyBody = ^.*%3Cscript.*%3C%2FSCRIPT%3E.*$
DenyBody = ^.*%3Cmeta.*%2F%3E.*$
DenyBody = ^.*%3CMETA.*%2F%3E.*$
DenyBody = ^.*%3CMeTa.*%2F%3E.*$
DenyBody = ^.*%3CmEtA.*%2F%3E.*$
#DenyBot = Googlebot:/
DenyBot = twiceler:/
DenyBot = MSNBot:/
DenyBot = yahoo:/
DenyBot = BaiDuSpider:/
DenyBot = Ask:/
DenyBot = Yahoo! Slurp:/
DenyBot = Sogou web spider:/
DenyBot = Sogou-Test-Spider:/
DenyBot = Baiduspider+:/
DenyBot = Yandex:/
DenyBot = UniversalFeedParser:/
DenyBot = Mediapartners-Google:/
DenyBot = Sosospider+:/
DenyBot = YoudaoBot:/
DenyBot = ParchBot:/
DenyBot = Curl:/
DenyBot = msnbot:/
DenyBot = NaverBot:/
DenyBot = taptubot:/
EnablePathInfo = no
#ErrorHandler = 404:/error.cgi
ErrorLogfile = /var/log/hiawatha/yourdomain_error.log
#ExecuteCGI = yes
FollowSymlinks = no
Hostname = example.org, www.example.org
#ImageReferer =
#LoginMessage = Private page
MonitorRequests = no
#NoExtensionAs =
#PasswordFile =
PreventCSRF = yes
PreventSQLi = yes
PreventXSS = yes
#RequiredBinding =
#RequiredGroup =
RequireSSL = no
#RunOnAlter =
#Setenv =
ShowIndex = no
StartFile = index.php
TimeForCGI = 70
TriggerOnCGIstatus = no
#UserWebsites = no
UseFastCGI = PHP5
#UseToolkit =
UseXSLT = no
#VolatileObject =
WebsiteRoot = /home/www/www.example.org/htdocs
#WrapCGI = 
}
 
 
VirtualHost {
#AccessList =
AccessLogfile = /var/log/hiawatha/wiki_access.log
#AlterGroup =
#AlterList =
#AlterMode =
DenyBody = ^.*%3Cscript.*%3C%2Fscript%3E.*$
DenyBody = ^.*%3CsCrIpT.*%3C%2FScRiPt%3E.*$
DenyBody = ^.*%3CScRiPt.*%3C%2FsCrIpT%3E.*$
DenyBody = ^.*%3CSCRIPT.*%3C%2FSCRIPT%3E.*$
DenyBody = ^.*%3CSCRIPT.*%3C%2Fscript%3E.*$
DenyBody = ^.*%3Cscript.*%3C%2FSCRIPT%3E.*$
DenyBody = ^.*%3Cmeta.*%2F%3E.*$
DenyBody = ^.*%3CMETA.*%2F%3E.*$
DenyBody = ^.*%3CMeTa.*%2F%3E.*$
DenyBody = ^.*%3CmEtA.*%2F%3E.*$
#DenyBot = Googlebot:/
DenyBot = twiceler:/
DenyBot = MSNBot:/
DenyBot = yahoo:/
DenyBot = BaiDuSpider:/
DenyBot = Ask:/
DenyBot = Yahoo! Slurp:/
DenyBot = Sogou web spider:/
DenyBot = Sogou-Test-Spider:/
DenyBot = Baiduspider+:/
DenyBot = Yandex:/
DenyBot = UniversalFeedParser:/
DenyBot = Mediapartners-Google:/
DenyBot = Sosospider+:/
DenyBot = YoudaoBot:/
DenyBot = ParchBot:/
DenyBot = Curl:/
DenyBot = msnbot:/
DenyBot = NaverBot:/
DenyBot = taptubot:/
EnablePathInfo = no
#ErrorHandler = 404:/error.cgi
ErrorLogfile = /var/log/hiawatha/wiki_error.log
#ExecuteCGI = yes
FollowSymlinks = no
Hostname = wiki.example.org
#ImageReferer =
#LoginMessage = Private page
MonitorRequests = no
#NoExtensionAs =
#PasswordFile =
PreventCSRF = yes
PreventSQLi = yes
PreventXSS = yes
#RequiredBinding =
#RequiredGroup =
RequireSSL = no
#RunOnAlter =
#Setenv =
ShowIndex = no
StartFile = index.php
TimeForCGI = 70
TriggerOnCGIstatus = no
#UserWebsites = no
UseFastCGI = PHP5
#UseToolkit =
UseXSLT = no
#VolatileObject =
WebsiteRoot = /home/www/wiki.example.org/htdocs
#WrapCGI = 
}
 
 
#===============================================================================
# FastCGIserver
#===============================================================================
FastCGIserver {
ConnectTo = /var/lib/hiawatha/php-fcgi.sock
Extension = php, php5
FastCGIid = PHP5
#ServerRoot =
#SessionTimeout = 28
}
 
 
#===============================================================================
# URL toolkit
#===============================================================================

php-fcgi.conf 内容

以下 php-fcgi.conf 仅支援 PHP,并以 socket 方式来连接 Hiawatha 和 FastCGI Daemon,在 FreeBSD 里,php-cgi 是放在 /usr/local/bin 目录。

php-fcgi.conf
# PHP FastCGI configuration
 
# Path to PID-file.
# PidFile = <filename>
#
PidFile = /var/run/php-fcgi.pid
 
# Number of maximum requests per fork before respawning.
# MaxRequests = <number>
#
MaxRequests = 100
 
# Set environment variables for the FastCGI processes.
# Setenv <key> = <value>
#
 
# PHP FastCGI servers to start.
Server = /usr/local/bin/php-cgi ; 4 ; /var/lib/hiawatha/php-fcgi.sock ; www:www ; /usr/local/etc/php.ini

4: 启动 Hiawatha Httpd 服务

请在 /etc/rc.conf 加入以下二行。那么每次重启 FreeBSD 皆会自动启动 Hiawatha 8.3.2 专属 FastCGI Daemon 和 Hiawatha 8.3.2 了。

php_fcgi_enable="YES"
hiawatha_enable="YES"

不想重启 FreeBSB,立即启动 Hiawatha 8.3.2 的话,按上面修改 /etc/rc.conf 后输入以下命令便可。

% su -
# service php-fcgi start
# service hiawatha start
# exit
/data/vhosts/wiki-data/pages/doc/h/hiawatha_7_8_2.txt · 最后更改: 2012/06/02 00:55 由 zeissoctopus