I think that it's been more than 12 hours. More like 14... it's all a blur really.
I started today with a lofty goal: do a complete system wipe of Moulinrouge, my file/web/mail server that hosts pretty much all of my life... including this site. I decided to take the last step in my abandonment of Gentoo Linux in favour of my new love, Arch Linux, the process of which only added to the difficulty. I also moved my DNS and DHCP servers to Serenity my firewall machine as I'd gotten tired of the various exceptions I had to make to host those services with Moulinrouge.
Strictly speaking though, the whole thing went rather well. I had rsync'd my entire filesystem over to the 1TB USB2 drive, and the Arch install ran with no problems at all. The biggest hiccup came when I realised that Exim isn't packaged with MySQL support in Arch, so I had to do a manual compile for that one using ABS. A pretty cool experience I might add, though frustrating when you condiser how common such a setup may be. For those interested, I followed a helpful forum post on what needed to be changed and created a simple patch file for PKGBUILD so I can use it again later:
# pacman -S abs # abs $ mkdir -p $HOME/abs $ cp -r /var/abs/extra/exim $HOME/abs/ $ patch $HOME/abs/exim/PKGBUILD PKGBUILD.patch $ cd $HOME/abs/exim $ makepkg $ pacman -S exim-4.68-5-i686.pkg.tar.gz
The other fun bit I discovered was SSH's ability to not only run its own version of secure-ftp (sftp), but also run it in a chroot environment with ChrootDirectory. This required a lot of experimentation so I thought that I'd post a few notes here:
- In a chroot environment, logging is not possible until OpenSSH 5.2. Don't try, it'll only cause you pain.
- You cannot chroot a user into her or his home directory as the "new root" must be owned by the root user. Instead, what i found worked well was setting up a series of user directories owned by root under /srv/http/untrusted/username which then had the user's websites inside.
Here's my sshd_config snippet:
Subsystem sftp internal-sftp Match Group untrusted X11Forwarding no AllowTcpForwarding no # Won't work 'till 5.2 #ForceCommand internal-sftp -l VERBOSE ForceCommand internal-sftp ChrootDirectory /srv/http/untrusted/%u
Lastly, PHP in Arch is very different from my experiences in Gentoo, Unbuntu, Debian, Suse and Redhat. Even FreeBSD was more intuitive. For starters, Arch uses some less-than-common defaults in php.ini:
- error_reporting = E_ALL
- magic_quotes_gpc = Off
- short_open_tag = Off
Then, when you try to start up Apache, you find that it's not loading PHP. To make that happen, you have to add the following to httpd.conf and reload your webserver:
LoadModule php5_module modules/libphp5.so Include conf/extra/php5_module.conf
After all that though, you'll notice that MySQL and a suite of other extensions you're used to seeing as part of PHP aren't there. If you stopped by this site earlier for example, you would have seen the glaring errors complaining that mysql_connect() didn't exist. To make all of that work, you have to go back into php.ini, scroll down to the bottom and un-comment the various extension lines... among them:
There were other fun problems, but this post is already quite long and it's almost 5am now. Must get some sleep so I can finish it all up tomorrow!