LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Server (https://www.linuxquestions.org/questions/linux-server-73/)
-   -   Installing and configuring LAMP using yum (https://www.linuxquestions.org/questions/linux-server-73/installing-and-configuring-lamp-using-yum-803197/)

tklMe 04-24-2010 02:54 AM

OMG!!! I tried the localhost and root and it worked this time...I am certain I tried it as localhost and root and I swear it didn't work then! Now why the heck doesn't it work for server2.lambott.local or with my tklamb user name? Blue Ice mentioned something regarding remote login and servers. Perhaps he/she could elaborate?

Blue_Ice 04-24-2010 09:00 AM

server2.lambott.local is a computername which should be registered at your dns server or should be added to the hosts file of the computer you are trying to access the server with. This is needed to resolve the ipaddress. Computers don't connect with the computername. A computername is translated to an ipaddress which is used to contact the computer with that specific ipaddress.

In MySQL you need to specify from which clients you allow a user to access the server. The wildcard used in MySQL is %, so don't confuse it with *. The root user by default can only access a from the localhost. Using the computername of the localhost is not considered to be the localhost. Again this has to do with resolving computernames to ipaddresses. If you create a user that should be able to log in remotely, then you need to specify from which clients (ipaddresses) the user is allowed to access the server.

For example:
Code:

GRANT ALL ON db.* TO 'tklamb'@'192.168.1.%';
This code will tell MySQL that user tklamb is allowed access to all objects in database db from clients whose ipaddress is in the format of 192.168.1.xxx (for other netmasks you should use something like 10.% or 172.138.%). If a user should only be allowed to connect from localhost, you should use something like:
Code:

GRANT ALL ON db.* TO 'tklamb'@'localhost';
When you need your client to be able to connect from everywhere, the query should look something like:
Code:

GRANT ALL ON db.* TO 'tklamb'@'%';
Be aware that I didn't set a password for this user. After you have executed the GRANT query you need flush the privileges with the command: FLUSH PRIVILEGES;. After this you should be able to use this user account. On the site of MySQL you can find a lot of interesting information regarding creating users.

Edit: If you have a problem with the current users then please run the query: SELECT Host, User FROM mysql.user WHERE User='tklamb'; and post the results here. No password information will be published here.
With this information we can tell what your problem might be with setting up the user accounts.

paulsm4 04-24-2010 12:43 PM

Hi -

1. I'm super-glad you didn't follow through on the source rebuild: as you well know, that wasn't the problem. MySQL was OK: the problem was permissions.

2. Don't worry about the "name resolution" problem, either. Since your Apache server is on the same host as your mySQL database, all you need is "localhost".

And from a "security" standpoint: every time you allow any external host you allow to use any service, you've introduced a new attack point that some "bad guy" can use to compromise your system. The fewer hosts you allow access, the fewer vulnerabilities to your system.

Restricting *any* access to *only* localhost is in fact the *safest* approach.

Sooooo ....

3. Here's your hosts list:
Code:

+-----------------------+---------+
| Host                  | User    |
+-----------------------+---------+
| %                    | lambott |
| %                    | tklamb  |
| 127.0.0.1            | root    |
| localhost            |        |
| localhost            | root    |
| server2.lambott.local |        |
| server2.lambott.local | root    |
+-----------------------+---------+
7 rows in set (0.00 sec)

4. According to this list, it *should* work as either tklamb or lambott.

Provided:
a) you're using the correct username, password, and "localhost" in your mysql_connect()

b) you've also granted access privileges on the mySQL table to tklamb and/or lambott

c) the Linux user ("root", "nobody" - whoever) has OS-level privileges to use MySQL.

5. I would strongly suggest these commands:
Quote:

* mysql -utklamb -pTKLAMBS_MYSQL_PASSWD mysql

delete from user where Host='server2.lambott.local';
<= this should delete two rows

delete from user where User='';
<= this should delete one row

flush privileges;

exit;
6. Then I'd focus on getting "tklamb" working - locally - both from mysql, and from PHP.

Good luck - and please keep us posted!

tklMe 04-24-2010 01:57 PM

I've tried multiple variations and nothing worked. I then granted tklamb@localhost privileges and flushed them of course and made the appropriate changes in the php file and now I can go to my client and see the table with tklamb as the user. I still cannot get any of them to work with anything other than localhost. Why is that? Could it have something to do with the hosts file Blue mentioned? My client does have both server1 and 2 listed, server1 has server2 listed but server2 has nothing listed. Could that be the problem/reason?

PaulSM4: I did make certain to make the appropriate changes in the php code as suggested by your step 4. As for step 5, I'm not certain what that is suppose to do.I haven't tried it yet. Please explain it. Thanks.

Here is my user listing and as I mentioned only localhost works in the php coding none of the other hosts work:

mysql> select host, user from user;
+-----------------------+---------+
| host | user |
+-----------------------+---------+
| % | lambott |
| % | tklamb |
| 127.0.0.1 | root |
| 192.168.139.% | tklamb |
| localhost | |
| localhost | root |
| localhost | tklamb |
| server2.lambott.local | |
| server2.lambott.local | root |
+-----------------------+---------+

paulsm4 04-24-2010 03:51 PM

Hi again, tklMe -

1. Cool - glad you've got things working.

2. I'm not sure how high your tolerance is for "theory", or to what extent you just want simple, clear-cut instructions to "make it work". Sorry if I'm heavy on the "theory", and sorry if stuff like "fred" and "barney" (meant in the same spirit as "X" and "Y" in algebra) confuses things.
... but ...
3. Your question about "why doesn't it work" hearkens back to "theory":

a) at the TCP/IP level, "localhost" and "127.0.0.1" and "loopback" are usually all equivalent - they all refer to the "same thing". PROVIDED the names are defined in your network stack's resolver: be it /etc/hosts, DNS or something else altogether.

b) Similarly, "server2" and "192.168.139.129" are equivalent. Provided "server2" is defined as "192.168.139.129" in /etc/hosts and/or DNS.

c) "server2.lambott.local" may or may not be equivalent to "server2" - that's a configuration issue on your part.

Try it! Try "ping server2" and see what you get (presumably"192.168.139.129"). Now try "ping server2.lambott.local" and see what you get (I'm guessing probably "host not found").

4. I don't want us to hijack this thread by turning it into a "DNS howto". Our goal is to get MySql working - I think you've achieved that goal.

5. If the only client for mySQL is PHP/Apache ... then the SIMPLEST and the MOST SECURE solution is to use localhost.

So in the name of BOTH "security" AND "expediency", I'm asking you to use "localhost".

I'm ALSO asking you to DELETE any mysql principals you DON'T need.

Yes, that level of paranoia is "overkill" for a simple VM.

But it's an EXCELLENT habit to get into now, before you start deploying stuff in the "real world".

And, as an added benefit, it'll make troubleshooting, configuration ... and make learning MySQL and PHP ... soooooooo much easier for you!

IMHO .. PSM

PS:
Please feel free to click "thanks" for Ice_cube and me if you think we helped.

PPS:
Please do feel free to keep asking questions, in this thread, or in new threads.

PPS:
Please be sure to delete the row with "192.168.139.%", too.

tklMe 04-24-2010 04:24 PM

I actually was going to thank you both when I was done, but I went ahead and thanked you guys ahead of time.
Server2 actually has an IP of 192.168.139.133; client system has an IP of 192.168.139.129; Server1 (the DNS server) has an IP of 192.168.139.130. Did I mention I have Bind installed on Server1 where I have set up who the web server is (server2) and who the dns server is (server1). I am able to ping from all systems to the other systems (even same system to same system)using IP and name and finds and transmits the packets just fine with no packet loss. I am able to do an nslookup on the other systems with the names and it comes back with the IPs and vice versa. It still doesn't make sense why server2.lambott.local doesn't work. That is where the mysql is installed, along with apache and php. I put 192.168.139.133 server2.lambott.local the hosts file on server2 but that didn't do anything. I suppose since localhost works I shouldn't worry about server2.lambott.local not working but darn I really would like that one to work...unless in reality it isn't suppose to work.

Blue_Ice 04-24-2010 04:55 PM

Well, there might be one other issue that you haven't addressed yet and that is the firewall. Have you opened port 3306 (default port MySQL runs on) on server2? If not, that could generate the same error.

tklMe 04-24-2010 05:19 PM

Blue Ice: Well, no, I didn't realize I needed that port open. So if you mean I need to open that port and then server2.lambott.local will work for the mysql connect statement (server2.lambott.local, root, rootspassword), well, it didn't--I just tried it. Perhaps it isn't suppose to work that way? I do have http and https ports open. Maybe it is something in selinux...naw, I just set it to allow users and that didn't do anything. Again, maybe server2.lambott.local isn't suppose to be listed and it is just suppose to be localhost. I'm tired of messing with it. I got the tklamb to work using localhost and I really appreciate all of your help. Thank you very much! Now I have to figure out how to adjust my httpd.conf file or whatever file it is to point https to another directory or index file (just not the same site as the http is-->/var/www/html. Don't tell me tho...unless I ask for assistance later this evening. I want to be able to figure it out on my own and I don't think it will be hard to do! (I hope)

paulsm4 04-24-2010 05:53 PM

Hi -

Blue_Ice is absolutely correct about the firewall.

Quote:

GENERAL TROUBLESHOOTING SUGGESTION:
1. Make sure you can "ping" a host (name resolution)
... then ...
2. "telnet HOST PORT#"
Quote:

EXAMPLE:
ping localhost
<= should respond "127.0.0.1"

ping server2
<= should respond "192.168.139.129"

ping server2.lambott.local
<= Don't know
I think you're saying you tried this, and it DID respond: 192.168.139.129

telnet server2 3306
<= This is one quick/easy way to see if port 3306 is open on interface 192.168.139.129 or not
It's entirely possible it IS open on 127.0.0.1, but not 192.168.139.129 (because of the firewall)
Make sense?

Again - congratuations on getting things working thus far. Good job :)!

PS:
Hint: Apache "virtual hosts" are your friend (in the context of serving multiple web sites from the same host)

tklMe 04-24-2010 06:34 PM

PaulSM: The IP of server2 is 192.168.139.133 so if I were to "ping server2" then it would come back with "from server2.lambott.local (192.168.139.133)" on the same system or on server1, or on the client system. Thanks for the hint!

I tried the telnet and it said connected to server2.lambott.local (192.168.139.133) escape character is.....then some weird mumbo-jumbo and connection closed by foreign host.

I tried adding the <VirtualHost 192.168.139.133:443>
DocumentRoot /var/www/html2
ServerName server2.lambott.local:443
</VirtualHost>

But obviously I've done something wrong cuz it doesn't do anything. When I go to https://server2.lambott.local:443 it still brings up my original web page in my /var/www/html folder.

Okay I have discovered the ssl.conf file and made the adjustments in there....but that isn't working either. I was only able to get to the alternate website if I adjusted the httpd.conf file and used port 8080 instead of the 443 (listed above). Well, that isn't a secure site and I need to make an alternate web site that is just for secure entry. I'm getting tired of this. This whole LAMP installation has been a pain. Any hints might be nice...

Blue_Ice 04-25-2010 04:21 AM

Before you start to configure Apache, you need to install mod_ssl and openssl on the webserver. After that adjust the configuration:
Code:

Listen 80 #this should already exist
# the following line might not be needed as it could be included in the mod_ssl config
Listen 443

NameVirtualHost server2.lambott.local:443
<VirtualHost server2.lambott.local:443>
        ServerAdmin x@y.com
        DocumentRoot /var/www/html2
        ServerName server2.lambott.local
        SSLEngine on
        SSLCertificateFile /etc/httpd/cert/httpd.crt
        SSLCertificateKeyFile /etc/httpd/cert/httpd.key
</VirtualHost>

Edit: If I remember correctly, configuring apache like this allows you to have only one VirtualHost using ssl. In case you need more, you will have to setup another apache process with its own configuration specifically for port 443.

tklMe 04-25-2010 02:40 PM

Blue_Ice: are you setting that up in ssl.conf or in httpd.conf?
I do have the mod_ssl and openssl installed and I have set up the keys/certs.
The ssl.conf has the sslengine and sslcertifcatefile locations (etc/pki/tls/certs and etc/pki/tls/private) and they are ca.crt and ca.key.
I don't know what the SSLCertificateKeyFile is in your example.
I read that you need to put the virtualhost info in the ssl file...so again, is your example in the ssl.conf or the httpd.conf file? Also, 443 is listed in the ssl.conf.
(I did try to put most of your example into my httpd.conf file but that did not work...again the issue is with the engine and keys. Wouldn't it be redundant to put them in the httpd.conf when they are already in the ssl.conf file?)

tklMe 04-25-2010 02:57 PM

Blue Ice..thank you...I got it to work...I understand the whole engine and key thing now. I guess you really do have to put them in the httpd.conf file even tho their locations and the "sslengine on" is in the ssl.conf file. Anyhow, thanks again you have really been very helpful..as has PaulSM!

Blue_Ice 04-25-2010 03:05 PM

You're welcome. Glad we were able to help you out!

A little bit about the certificates... Depending on your intentions with the server you should get certificates from organizations like Verisign. You can also create your own.

In my example I created new certificates for testing purposes. I wanted them to be specific for that VirtualHost. Where you put VirtualHost doesn't really matter. In httpd.conf there is a directive that points to ssl.conf. So ssl.conf will be loaded when httpd.conf is loaded. I prefer to put my VirtualHost definitions all at the same place, so I can see them all at once and don't need to look through tons of files to find the right definition.

Anyway, happy developing and don't hesitate to post your questions when in need for help.


All times are GMT -5. The time now is 02:31 AM.