https://wiki.archlinux.org/api.php?action=feedcontributions&user=Pimanac&feedformat=atomArchWiki - User contributions [en]2024-03-29T09:24:31ZUser contributionsMediaWiki 1.41.0https://wiki.archlinux.org/index.php?title=Coreclr&diff=411186Coreclr2015-12-07T16:09:24Z<p>Pimanac: Created page with "Install [https://aur.archlinux.org/packages/lttng-ust/ lttng-ust] from the AUR Install [https://aur.archlinux.org/packages/coreclr-git/ dot net runtime] from the AUR"</p>
<hr />
<div>Install [https://aur.archlinux.org/packages/lttng-ust/ lttng-ust] from the AUR<br />
<br />
Install [https://aur.archlinux.org/packages/coreclr-git/ dot net runtime] from the AUR</div>Pimanachttps://wiki.archlinux.org/index.php?title=BIND&diff=343156BIND2014-11-04T03:28:40Z<p>Pimanac: /* A configuration template for running a domain */</p>
<hr />
<div>[[Category:Domain Name System]]<br />
[[de:BIND]]<br />
[[ja:BIND]]<br />
[[zh-CN:BIND]]<br />
Berkeley Internet Name Daemon (BIND) is the reference implementation of the Domain Name System (DNS) protocols.<br />
<br />
== Installation ==<br />
These few steps show you how to install BIND and set it up as a local caching-only server.<br />
<br />
[[pacman|Install]] the {{Pkg|bind}} package which can be found in the [[official repositories]].<br />
<br />
Optionally edit {{ic|/etc/named.conf}} and add this under the options section, to only allow connections from the localhost:<br />
listen-on { 127.0.0.1; };<br />
<br />
Edit {{ic|/etc/resolv.conf}} to use the local DNS server:<br />
nameserver 127.0.0.1<br />
<br />
[[Daemon#Managing daemons|Start]] the '''named''' daemon.<br />
<br />
== A configuration template for running a domain ==<br />
This is a simple tutorial in howto setup a simple home network DNS-server with bind. In our example we use "domain.tld" as our domain.<br />
<br />
For a more elaborate example see [http://www.howtoforge.com/two_in_one_dns_bind9_views Two-in-one DNS server with BIND9].<br />
<br />
=== 1. Creating a zonefile ===<br />
# nano /var/named/domain.tld.zone<br />
<br />
$TTL 7200<br />
; domain.tld<br />
@ IN SOA ns01.domain.tld. postmaster.domain.tld. (<br />
2007011601 ; Serial<br />
28800 ; Refresh<br />
1800 ; Retry<br />
604800 ; Expire - 1 week<br />
86400 ) ; Minimum<br />
IN NS ns01<br />
IN NS ns02<br />
ns01 IN A 0.0.0.0<br />
ns02 IN A 0.0.0.0<br />
localhost IN A 127.0.0.1<br />
@ IN MX 10 mail<br />
imap IN CNAME mail<br />
smtp IN CNAME mail<br />
@ IN A 0.0.0.0<br />
www IN A 0.0.0.0<br />
mail IN A 0.0.0.0<br />
@ IN TXT "v=spf1 mx"<br />
<br />
$TTL defines the default time-to-live in seconds for all record types. In this example it is 2 hours.<br />
<br />
'''Serial must be incremented manually before restarting named every time you change a resource record for the zone.''' If you forget to do it slaves will not re-transfer the zone: they only do it if the serial is greater than that of the last time they transferred the zone.<br />
<br />
=== 2. Configuring master server ===<br />
Add your zone to {{ic|/etc/named.conf}}:<br />
zone "domain.tld" IN {<br />
type master;<br />
file "domain.tld.zone";<br />
allow-update { none; };<br />
notify no;<br />
};<br />
<br />
Restart the daemon and you are done.<br />
<br />
<br />
=== 3. Setting this to be your default DNS server ===<br />
<br />
If you are running your own DNS server, you might as well use it for all DNS lookups. This will require the ability to do ''recursive'' lookups. In order to prevent [https://www.us-cert.gov/ncas/alerts/TA13-088A DNS Amplification Attacks], recursion is turned off by default for most resolvers. The default Arch {{ic|/etc/named.conf}} file allows for recursion only on the loopback interface:<br />
<br />
allow-recursion { 127.0.0.1; };<br />
<br />
So to facilitate general DNS lookups from your host, your {{ic|/etc/resolv.conf}} file must include this line:<br />
<br />
nameserver 127.0.0.1<br />
<br />
Since {{ic|/etc/resolv.conf}} is a generated file, edit {{ic|/etc/resolvconf.conf}} and uncomment the<br />
# name_servers=127.0.0.1<br />
line. {{ic|/etc/resolvconf.conf}} will consequently be set up properly on subsequent reboots.<br />
<br />
If you want to provide name service for your local network; e.g. 192.168.0, you must add the appropriate range of IP addresses to {{ic|/etc/named.conf}}:<br />
<br />
allow-recursion { 192.168.0.0/24; 127.0.0.1; };<br />
<br />
== BIND as simple DNS forwarder ==<br />
If you have problems with, for example, VPN connections, they can sometimes be solved by setting-up a forwarding DNS server. This is very simple with BIND. Add these lines to {{ic|/etc/named.conf}} in either the global options section or in a specific zone, and change IP address according to your setup.<br />
<br />
options {<br />
listen-on { 192.168.66.1; };<br />
forwarders { 8.8.8.8; 8.8.4.4; };<br />
};<br />
<br />
Don't forget to restart the service!<br />
<br />
== Running BIND in a chrooted environment ==<br />
Running in a [[chroot]] environment is not required but improves security. See [[BIND (chroot)]] for how to do this.<br />
<br />
== Configuring BIND to serve DNSSEC signed zones ==<br />
See [[DNSSEC#BIND (serving signed DNS zones)]]<br />
<br />
== Automatically listen on new interfaces ==<br />
<br />
By default bind scan for new interfaces and stop listening on interfaces which no longer exist every hours. You can tune this value by adding :<br />
interface-interval <rescan-timeout-in-minutes>;<br />
parameter into {{ic|named.conf}} options section. Max value is 28 days. (40320 min) <br><br />
You can disable this feature by setting its value to 0.<br />
<br />
Then restart the service.<br />
<br />
==See also==<br />
*[[BIND (chroot)]]<br />
<br />
== BIND Resources ==<br />
* [http://www.reedmedia.net/books/bind-dns/ BIND 9 DNS Administration Reference Book]<br />
* [http://shop.oreilly.com/product/9780596100575.do DNS and BIND by Cricket Liu and Paul Albitz]<br />
* [http://www.netwidget.net/books/apress/dns/intro.html Pro DNS and BIND]<br />
* [http://www.isc.org/ Internet Systems Consortium, Inc. (ISC)]<br />
* [http://www.menandmice.com/knowledgehub/dnsglossary DNS Glossary]</div>Pimanachttps://wiki.archlinux.org/index.php?title=Wordpress&diff=342197Wordpress2014-10-27T20:26:55Z<p>Pimanac: /* Install manually */</p>
<hr />
<div>[[Category:Web Server]]<br />
{{Related articles start}}<br />
{{Related|LAMP}}<br />
{{Related|PHP}}<br />
{{Related|MySQL}}<br />
{{Related|phpMyAdmin}}<br />
{{Related articles end}}<br />
<br />
[http://wordpress.org Wordpress] is a free and open source content management system ([[Wikipedia:Content management system|CMS]]) created by [[Wikipedia:Matt Mullenweg|Matt Mullenweg]] and first released in 2003. Wordpress has a vast and vibrant community that provides tens of thousands of free plugins and themes to allow the user to easily customize the appearance and function of their Wordpress CMS. Wordpress is licensed under the GPLv2.<br />
<br />
The biggest feature of Wordpress is its ease in configuration and administration. [http://codex.wordpress.org/Installing_WordPress Setting up a Wordpress site takes five minutes]. The Wordpress administration panel allows users to easily configure almost every aspect of their website including fetching and installing plugins and themes. Wordpress provides effortless automatic updates.<br />
<br />
== Installation ==<br />
<br />
Wordpress requires [[PHP]] and [[MySQL]] to be installed and configured. See the [[LAMP]] wiki article for more information. During configuration, be aware that some WordPress features require [http://wordpress.stackexchange.com/questions/42098/what-are-php-extensions-and-libraries-wp-needs-and-or-uses PHP extensions] that may not be turned on by default.<br />
<br />
{{note|As of August 2012, this article does not support using Wordpress with PostrgreSQL. Wordpress was designed to be used with mysql only. It is possible to use Wordpress with other databases such as PostgreSQL, through the use of a [http://wordpress.org/extend/plugins/postgresql-for-wordpress/ plugin] and a bit of work.}}<br />
<br />
=== Installation using pacman ===<br />
<br />
[[pacman|Install]] {{pkg|wordpress}} from the [[official repositories]].<br />
<br />
{{warning|While it is easier to let pacman manage updating your Wordpress install, this is not necessary. Wordpress has functionality built-in for managing updates, themes, and plugins. If you decide to install the official community package, you will not be able to install plugins and themes using the Wordpress admin panel without a needlessly complex permissions setup, or logging into FTP as root. pacman does not delete the Wordpress install directory when uninstalling it from your system regardless of whether or not you have added data to the directory manually or otherwise.}}<br />
<br />
=== Manual install ===<br />
<br />
Go to [http://wordpress.org/download/ wordpress.org] and download the latest version of Wordpress and extract it to your webserver directory. Give the directory enough permissions to allow your FTP user to write to the directory (used by Wordpress).<br />
<br />
cd /srv/http/whatever<br />
wget https://wordpress.org/latest.tar.gz<br />
tar xvzf latest.tar.gz<br />
<br />
== Configuration ==<br />
<br />
The configuration method used here assumes you are using Wordpress on a local network.<br />
<br />
=== Host config ===<br />
<br />
Make sure your {{ic|/etc/hosts}} file is setup correctly. This will be important when accessing your Wordpress CMS from a local network. Your {{ic|/etc/hosts}} file should look something like the following,<br />
<br />
{{bc|#<ip-address> <hostname.domain.org> <hostname><br />
127.0.0.1 lithium.kaboodle.net localhost lithium<br />
::1 lithium.kaboodle.net localhost lithium}}<br />
<br />
{{note|You will need to use a proxy server to access your Wordpress installation from mobile devices if you plan on using hostnames to install Wordpress, otherwise your website will appear broken [[#Appearance is broken (no styling)]].}}<br />
<br />
=== Configure apache ===<br />
<br />
{{note|You will need to have [[Apache]] configured to run with [[PHP]]. Check the [[LAMP#PHP]] page for instructions. Make sure to enable the {{ic|mysql.so}} extension.}}<br />
<br />
You will need to create a config file for apache to find your Wordpress install. Create the following file and edit it your favorite text editor:<br />
<br />
{{hc|# /etc/httpd/conf/extra/httpd-wordpress.conf|<br />
Alias /wordpress "/usr/share/webapps/wordpress"<br />
<Directory "/usr/share/webapps/wordpress"><br />
AllowOverride All<br />
Options FollowSymlinks<br />
Require all granted<br />
php_admin_value open_basedir "/srv/:/tmp/:/usr/share/webapps/:/etc/webapps:$"<br />
</Directory>}}<br />
<br />
Change {{ic|/wordpress}} in the first line to whatever you want. For example, {{ic|/myblog}} would require that you navigate to {{ic|http://hostname/myblog}} to see your Wordpress website.<br />
<br />
Also change the paths to your Wordpress install folder in case you did a manual install. Don't forget to append the parent directory to the {{ic|php_admin_value}} variable as well as shown below.<br />
<br />
{{hc|# /etc/httpd/conf/extra/httpd-wordpress.conf|<br />
Alias /myblog "/mnt/data/srv/wordpress"<br />
<Directory "/mnt/data/srv/wordpress"><br />
AllowOverride All<br />
Options FollowSymlinks<br />
Require all granted<br />
php_admin_value open_basedir "/srv/:/tmp/:/usr/share/webapps/:/etc/webapps:/mnt/data/srv:$"<br />
</Directory>}}<br />
<br />
Next edit the apache config file and add the following:<br />
<br />
{{hc|# /etc/httpd/conf/httpd.conf|<br />
...<br />
Include conf/extra/httpd-wordpress.conf<br />
...<br />
}}<br />
<br />
Now [[Daemons#Restarting|restart]] httpd (Apache).<br />
<br />
=== Configure MySQL ===<br />
<br />
MySQL can be configured using a plethora of tools, but the most common are the command line or [http://www.phpmyadmin.net/home_page/index.php phpMyAdmin].<br />
<br />
==== Using phpMyAdmin ====<br />
<br />
See [[phpMyAdmin]] to install and configure phpMyAdmin.<br />
<br />
In your web browser, navigate to your phpMyAdmin host and perform the following<br />
steps:<br />
<br />
# Login to phpMyAdmin.<br />
# Click "user" and then click "Add user".<br />
# Give the pop up window a name and a password.<br />
# Select "Create database with same name and grant all privileges".<br />
# Click the "Add user" button to create the user.<br />
<br />
== Wordpress Installation ==<br />
<br />
Once you have spent a couple of hours setting up your http server, php, and mysql, it is finally time to let Wordpress have its five minutes and install itself. So let us begin.<br />
<br />
{{note|If you have disabled the mysql.so PHP extension as recommended on the [[LAMP]] page and are using mysqli.so or pdo_mysql.so instead, you will most likely need a Wordpress plugin to use those APIs. A plugin for mysqli can be found at https://wordpress.org/plugins/mysqli/.}}<br />
<br />
The Wordpress installation procedure will use the URL in the address field of your web browser as the default website URL. If you have navigated to http://localhost/wordpress, your website will be accessible from your local network, but it will be broken in appearance and function.<br />
<br />
# Navigate to {{ic|http://hostname/wordpress}}.<br />
# Click the "Create a Configuration File" button.<br />
# Click the "Let's go!" button.<br />
# Fill in you database information created in the previous section<br />
# Click "Submit".<br />
<br />
If you installed Wordpress from the Official repository, then this setup procedure will not have the correct permissions to create the wp-config.php file used by Wordpress. You will have to do this step yourself as root using information Wordpress will provide.<br />
<br />
A page will appear saying Wordpress can not write the wp-config.php file. Copy the text in the edit box and open {{ic|/usr/share/webapps/wordpress/wp-config.php}} as root in your text editor. Paste the copied text into the editor and save the file.<br />
<br />
Finally, Click "Run the install" and Wordpress will populate the database with your information. Once complete, you will be shown "Success!" page. Click the login button to finish your installation.<br />
<br />
Now would be a good time to access your website from all your devices to be sure your Wordpress installation is setup correctly.<br />
<br />
== Usage ==<br />
<br />
=== Installing a theme ===<br />
<br />
==== Finding new themes ====<br />
<br />
There are tens of thousands of themes available for Wordpress. Searching on google for a good theme can be like wading through a river filled with trash. Good places for looking for themes include:<br />
<br />
* [https://wordpress.org/themes/ Official Wordpress theme website]<br />
* [http://www.smashingmagazine.com/ Smashing Magazine]<br />
* [http://thethemefoundry.com/ The Theme Factory]<br />
* [http://www.woothemes.com/ Woo Themes]<br />
<br />
==== Install using the admin panel ====<br />
<br />
Before installing a theme using the admin panel, you will need to setup an [https://wiki.archlinux.org/index.php/Very_Secure_FTP_Daemon FTP] server on your Wordpress host.<br />
<br />
Once the FTP server is setup, login to your Wordpress installation and click <nowiki>"Appearance->Install Themes->Upload"</nowiki>. From there select your zip file that contains your theme and click "Install Now". You will be presented with a box asking for FTP information, enter it and click "Proceed". If you have been following along closely, you should now have an installed theme. Activate it if you wish.<br />
<br />
==== Install manually ====<br />
<br />
Download the archive and extract into the '''wp-content/themes''' folder<br />
<br />
# Example for a theme named "MyTheme"<br />
cd /path/to/wordpress/root/directory<br />
cd wp-content/themes<br />
<br />
# get the theme archive and extract<br />
wget <nowiki>http://www.example.com/MyTheme.zip</nowiki><br />
unzip MyTheme.zip<br />
<br />
# remove the archive (optional)<br />
rm MyTheme.zip<br />
<br />
Be sure to follow any additional instructions as provided by the theme author.<br />
<br />
Select your new theme from the theme chooser (<nowiki>"Appearance->Themes"</nowiki>)<br />
<br />
=== Installing a plugin ===<br />
<br />
The steps for installing a plugin are the same as they are for installing a theme. Just click the "Plugins" link in the left navigation bar and follow the steps. Wordpress is very easy to use.<br />
<br />
=== Updating ===<br />
<br />
Every now and then when you log into wordpress there will be a notification informing you of updates. If you have correctly installed and configured an FTP client, and have the correct filesystem permissions to write in the Wordpress install path then you should be able to perform updates at the click of a button. Just follow the steps.<br />
<br />
== Troubleshooting ==<br />
<br />
=== Appearance is broken (no styling) ===<br />
<br />
Your Wordpress website will appear to have no styling to it when viewing it in a web browser (desktop or mobile) that does not have its hostnames mapped to ip addresses correctly.<br />
<br />
This occurs because you used a url with the hostname of your server, instead of an ip address, when doing the initial setup and Wordpress has used this as the default website URL.<br />
<br />
To fix this, you will either need to edit your /etc/hosts file or setup a proxy server. For an easy to setup proxy server, see [[Polipo]], or if you want something with a little more configuration, see [[Squid]].<br />
<br />
Another option is changing a value in the database table of your Wordpress, specifically the wp_options table. The fix is to change the siteurl option to point directly to the domain name and not "localhost".<br />
<br />
== Tips and tricks ==<br />
<br />
== See also ==<br />
* [[Wikipedia:WordPress|Wordpress]]<br />
* [[Wikipedia:Content management system|Content management system]]</div>Pimanachttps://wiki.archlinux.org/index.php?title=Wordpress&diff=342196Wordpress2014-10-27T20:23:44Z<p>Pimanac: /* Installing a theme */ instructions for manual install</p>
<hr />
<div>[[Category:Web Server]]<br />
{{Related articles start}}<br />
{{Related|LAMP}}<br />
{{Related|PHP}}<br />
{{Related|MySQL}}<br />
{{Related|phpMyAdmin}}<br />
{{Related articles end}}<br />
<br />
[http://wordpress.org Wordpress] is a free and open source content management system ([[Wikipedia:Content management system|CMS]]) created by [[Wikipedia:Matt Mullenweg|Matt Mullenweg]] and first released in 2003. Wordpress has a vast and vibrant community that provides tens of thousands of free plugins and themes to allow the user to easily customize the appearance and function of their Wordpress CMS. Wordpress is licensed under the GPLv2.<br />
<br />
The biggest feature of Wordpress is its ease in configuration and administration. [http://codex.wordpress.org/Installing_WordPress Setting up a Wordpress site takes five minutes]. The Wordpress administration panel allows users to easily configure almost every aspect of their website including fetching and installing plugins and themes. Wordpress provides effortless automatic updates.<br />
<br />
== Installation ==<br />
<br />
Wordpress requires [[PHP]] and [[MySQL]] to be installed and configured. See the [[LAMP]] wiki article for more information. During configuration, be aware that some WordPress features require [http://wordpress.stackexchange.com/questions/42098/what-are-php-extensions-and-libraries-wp-needs-and-or-uses PHP extensions] that may not be turned on by default.<br />
<br />
{{note|As of August 2012, this article does not support using Wordpress with PostrgreSQL. Wordpress was designed to be used with mysql only. It is possible to use Wordpress with other databases such as PostgreSQL, through the use of a [http://wordpress.org/extend/plugins/postgresql-for-wordpress/ plugin] and a bit of work.}}<br />
<br />
=== Installation using pacman ===<br />
<br />
[[pacman|Install]] {{pkg|wordpress}} from the [[official repositories]].<br />
<br />
{{warning|While it is easier to let pacman manage updating your Wordpress install, this is not necessary. Wordpress has functionality built-in for managing updates, themes, and plugins. If you decide to install the official community package, you will not be able to install plugins and themes using the Wordpress admin panel without a needlessly complex permissions setup, or logging into FTP as root. pacman does not delete the Wordpress install directory when uninstalling it from your system regardless of whether or not you have added data to the directory manually or otherwise.}}<br />
<br />
=== Manual install ===<br />
<br />
Go to [http://wordpress.org/download/ wordpress.org] and download the latest version of Wordpress and extract it to your webserver directory. Give the directory enough permissions to allow your FTP user to write to the directory (used by Wordpress).<br />
<br />
cd /srv/http/whatever<br />
wget https://wordpress.org/latest.tar.gz<br />
tar xvzf latest.tar.gz<br />
<br />
== Configuration ==<br />
<br />
The configuration method used here assumes you are using Wordpress on a local network.<br />
<br />
=== Host config ===<br />
<br />
Make sure your {{ic|/etc/hosts}} file is setup correctly. This will be important when accessing your Wordpress CMS from a local network. Your {{ic|/etc/hosts}} file should look something like the following,<br />
<br />
{{bc|#<ip-address> <hostname.domain.org> <hostname><br />
127.0.0.1 lithium.kaboodle.net localhost lithium<br />
::1 lithium.kaboodle.net localhost lithium}}<br />
<br />
{{note|You will need to use a proxy server to access your Wordpress installation from mobile devices if you plan on using hostnames to install Wordpress, otherwise your website will appear broken [[#Appearance is broken (no styling)]].}}<br />
<br />
=== Configure apache ===<br />
<br />
{{note|You will need to have [[Apache]] configured to run with [[PHP]]. Check the [[LAMP#PHP]] page for instructions. Make sure to enable the {{ic|mysql.so}} extension.}}<br />
<br />
You will need to create a config file for apache to find your Wordpress install. Create the following file and edit it your favorite text editor:<br />
<br />
{{hc|# /etc/httpd/conf/extra/httpd-wordpress.conf|<br />
Alias /wordpress "/usr/share/webapps/wordpress"<br />
<Directory "/usr/share/webapps/wordpress"><br />
AllowOverride All<br />
Options FollowSymlinks<br />
Require all granted<br />
php_admin_value open_basedir "/srv/:/tmp/:/usr/share/webapps/:/etc/webapps:$"<br />
</Directory>}}<br />
<br />
Change {{ic|/wordpress}} in the first line to whatever you want. For example, {{ic|/myblog}} would require that you navigate to {{ic|http://hostname/myblog}} to see your Wordpress website.<br />
<br />
Also change the paths to your Wordpress install folder in case you did a manual install. Don't forget to append the parent directory to the {{ic|php_admin_value}} variable as well as shown below.<br />
<br />
{{hc|# /etc/httpd/conf/extra/httpd-wordpress.conf|<br />
Alias /myblog "/mnt/data/srv/wordpress"<br />
<Directory "/mnt/data/srv/wordpress"><br />
AllowOverride All<br />
Options FollowSymlinks<br />
Require all granted<br />
php_admin_value open_basedir "/srv/:/tmp/:/usr/share/webapps/:/etc/webapps:/mnt/data/srv:$"<br />
</Directory>}}<br />
<br />
Next edit the apache config file and add the following:<br />
<br />
{{hc|# /etc/httpd/conf/httpd.conf|<br />
...<br />
Include conf/extra/httpd-wordpress.conf<br />
...<br />
}}<br />
<br />
Now [[Daemons#Restarting|restart]] httpd (Apache).<br />
<br />
=== Configure MySQL ===<br />
<br />
MySQL can be configured using a plethora of tools, but the most common are the command line or [http://www.phpmyadmin.net/home_page/index.php phpMyAdmin].<br />
<br />
==== Using phpMyAdmin ====<br />
<br />
See [[phpMyAdmin]] to install and configure phpMyAdmin.<br />
<br />
In your web browser, navigate to your phpMyAdmin host and perform the following<br />
steps:<br />
<br />
# Login to phpMyAdmin.<br />
# Click "user" and then click "Add user".<br />
# Give the pop up window a name and a password.<br />
# Select "Create database with same name and grant all privileges".<br />
# Click the "Add user" button to create the user.<br />
<br />
== Wordpress Installation ==<br />
<br />
Once you have spent a couple of hours setting up your http server, php, and mysql, it is finally time to let Wordpress have its five minutes and install itself. So let us begin.<br />
<br />
{{note|If you have disabled the mysql.so PHP extension as recommended on the [[LAMP]] page and are using mysqli.so or pdo_mysql.so instead, you will most likely need a Wordpress plugin to use those APIs. A plugin for mysqli can be found at https://wordpress.org/plugins/mysqli/.}}<br />
<br />
The Wordpress installation procedure will use the URL in the address field of your web browser as the default website URL. If you have navigated to http://localhost/wordpress, your website will be accessible from your local network, but it will be broken in appearance and function.<br />
<br />
# Navigate to {{ic|http://hostname/wordpress}}.<br />
# Click the "Create a Configuration File" button.<br />
# Click the "Let's go!" button.<br />
# Fill in you database information created in the previous section<br />
# Click "Submit".<br />
<br />
If you installed Wordpress from the Official repository, then this setup procedure will not have the correct permissions to create the wp-config.php file used by Wordpress. You will have to do this step yourself as root using information Wordpress will provide.<br />
<br />
A page will appear saying Wordpress can not write the wp-config.php file. Copy the text in the edit box and open {{ic|/usr/share/webapps/wordpress/wp-config.php}} as root in your text editor. Paste the copied text into the editor and save the file.<br />
<br />
Finally, Click "Run the install" and Wordpress will populate the database with your information. Once complete, you will be shown "Success!" page. Click the login button to finish your installation.<br />
<br />
Now would be a good time to access your website from all your devices to be sure your Wordpress installation is setup correctly.<br />
<br />
== Usage ==<br />
<br />
=== Installing a theme ===<br />
<br />
==== Finding new themes ====<br />
<br />
There are tens of thousands of themes available for Wordpress. Searching on google for a good theme can be like wading through a river filled with trash. Good places for looking for themes include:<br />
<br />
* [https://wordpress.org/themes/ Official Wordpress theme website]<br />
* [http://www.smashingmagazine.com/ Smashing Magazine]<br />
* [http://thethemefoundry.com/ The Theme Factory]<br />
* [http://www.woothemes.com/ Woo Themes]<br />
<br />
==== Install using the admin panel ====<br />
<br />
Before installing a theme using the admin panel, you will need to setup an [https://wiki.archlinux.org/index.php/Very_Secure_FTP_Daemon FTP] server on your Wordpress host.<br />
<br />
Once the FTP server is setup, login to your Wordpress installation and click <nowiki>"Appearance->Install Themes->Upload"</nowiki>. From there select your zip file that contains your theme and click "Install Now". You will be presented with a box asking for FTP information, enter it and click "Proceed". If you have been following along closely, you should now have an installed theme. Activate it if you wish.<br />
<br />
==== Install manually ====<br />
<br />
Create a directory in the '''wp-content/themes''' directory of your wordpress installation named after the theme. Download the archive and extract into the newly created folder.<br />
<br />
# Example for a theme named "MyTheme"<br />
cd /path/to/wordpress/root/directory<br />
mkdir wp-content/themes/MyTheme<br />
cd wp-content/themes/MyTheme<br />
<br />
# get the theme archive and extract<br />
wget <nowiki>http://www.example.com/MyTheme.zip</nowiki><br />
unzip MyTheme.zip<br />
<br />
# remove the archive (optional)<br />
rm MyTheme.zip<br />
<br />
Be sure to follow any additional instructions as provided by the theme author.<br />
<br />
Select your new theme from the theme chooser (<nowiki>"Appearance->Themes"</nowiki>)<br />
<br />
=== Installing a plugin ===<br />
<br />
The steps for installing a plugin are the same as they are for installing a theme. Just click the "Plugins" link in the left navigation bar and follow the steps. Wordpress is very easy to use.<br />
<br />
=== Updating ===<br />
<br />
Every now and then when you log into wordpress there will be a notification informing you of updates. If you have correctly installed and configured an FTP client, and have the correct filesystem permissions to write in the Wordpress install path then you should be able to perform updates at the click of a button. Just follow the steps.<br />
<br />
== Troubleshooting ==<br />
<br />
=== Appearance is broken (no styling) ===<br />
<br />
Your Wordpress website will appear to have no styling to it when viewing it in a web browser (desktop or mobile) that does not have its hostnames mapped to ip addresses correctly.<br />
<br />
This occurs because you used a url with the hostname of your server, instead of an ip address, when doing the initial setup and Wordpress has used this as the default website URL.<br />
<br />
To fix this, you will either need to edit your /etc/hosts file or setup a proxy server. For an easy to setup proxy server, see [[Polipo]], or if you want something with a little more configuration, see [[Squid]].<br />
<br />
Another option is changing a value in the database table of your Wordpress, specifically the wp_options table. The fix is to change the siteurl option to point directly to the domain name and not "localhost".<br />
<br />
== Tips and tricks ==<br />
<br />
== See also ==<br />
* [[Wikipedia:WordPress|Wordpress]]<br />
* [[Wikipedia:Content management system|Content management system]]</div>Pimanachttps://wiki.archlinux.org/index.php?title=Wordpress&diff=342192Wordpress2014-10-27T20:07:57Z<p>Pimanac: /* Installing a theme */</p>
<hr />
<div>[[Category:Web Server]]<br />
{{Related articles start}}<br />
{{Related|LAMP}}<br />
{{Related|PHP}}<br />
{{Related|MySQL}}<br />
{{Related|phpMyAdmin}}<br />
{{Related articles end}}<br />
<br />
[http://wordpress.org Wordpress] is a free and open source content management system ([[Wikipedia:Content management system|CMS]]) created by [[Wikipedia:Matt Mullenweg|Matt Mullenweg]] and first released in 2003. Wordpress has a vast and vibrant community that provides tens of thousands of free plugins and themes to allow the user to easily customize the appearance and function of their Wordpress CMS. Wordpress is licensed under the GPLv2.<br />
<br />
The biggest feature of Wordpress is its ease in configuration and administration. [http://codex.wordpress.org/Installing_WordPress Setting up a Wordpress site takes five minutes]. The Wordpress administration panel allows users to easily configure almost every aspect of their website including fetching and installing plugins and themes. Wordpress provides effortless automatic updates.<br />
<br />
== Installation ==<br />
<br />
Wordpress requires [[PHP]] and [[MySQL]] to be installed and configured. See the [[LAMP]] wiki article for more information. During configuration, be aware that some WordPress features require [http://wordpress.stackexchange.com/questions/42098/what-are-php-extensions-and-libraries-wp-needs-and-or-uses PHP extensions] that may not be turned on by default.<br />
<br />
{{note|As of August 2012, this article does not support using Wordpress with PostrgreSQL. Wordpress was designed to be used with mysql only. It is possible to use Wordpress with other databases such as PostgreSQL, through the use of a [http://wordpress.org/extend/plugins/postgresql-for-wordpress/ plugin] and a bit of work.}}<br />
<br />
=== Installation using pacman ===<br />
<br />
[[pacman|Install]] {{pkg|wordpress}} from the [[official repositories]].<br />
<br />
{{warning|While it is easier to let pacman manage updating your Wordpress install, this is not necessary. Wordpress has functionality built-in for managing updates, themes, and plugins. If you decide to install the official community package, you will not be able to install plugins and themes using the Wordpress admin panel without a needlessly complex permissions setup, or logging into FTP as root. pacman does not delete the Wordpress install directory when uninstalling it from your system regardless of whether or not you have added data to the directory manually or otherwise.}}<br />
<br />
=== Manual install ===<br />
<br />
Go to [http://wordpress.org/download/ wordpress.org] and download the latest version of Wordpress and extract it to your webserver directory. Give the directory enough permissions to allow your FTP user to write to the directory (used by Wordpress).<br />
<br />
cd /srv/http/whatever<br />
wget https://wordpress.org/latest.tar.gz<br />
tar xvzf latest.tar.gz<br />
<br />
== Configuration ==<br />
<br />
The configuration method used here assumes you are using Wordpress on a local network.<br />
<br />
=== Host config ===<br />
<br />
Make sure your {{ic|/etc/hosts}} file is setup correctly. This will be important when accessing your Wordpress CMS from a local network. Your {{ic|/etc/hosts}} file should look something like the following,<br />
<br />
{{bc|#<ip-address> <hostname.domain.org> <hostname><br />
127.0.0.1 lithium.kaboodle.net localhost lithium<br />
::1 lithium.kaboodle.net localhost lithium}}<br />
<br />
{{note|You will need to use a proxy server to access your Wordpress installation from mobile devices if you plan on using hostnames to install Wordpress, otherwise your website will appear broken [[#Appearance is broken (no styling)]].}}<br />
<br />
=== Configure apache ===<br />
<br />
{{note|You will need to have [[Apache]] configured to run with [[PHP]]. Check the [[LAMP#PHP]] page for instructions. Make sure to enable the {{ic|mysql.so}} extension.}}<br />
<br />
You will need to create a config file for apache to find your Wordpress install. Create the following file and edit it your favorite text editor:<br />
<br />
{{hc|# /etc/httpd/conf/extra/httpd-wordpress.conf|<br />
Alias /wordpress "/usr/share/webapps/wordpress"<br />
<Directory "/usr/share/webapps/wordpress"><br />
AllowOverride All<br />
Options FollowSymlinks<br />
Require all granted<br />
php_admin_value open_basedir "/srv/:/tmp/:/usr/share/webapps/:/etc/webapps:$"<br />
</Directory>}}<br />
<br />
Change {{ic|/wordpress}} in the first line to whatever you want. For example, {{ic|/myblog}} would require that you navigate to {{ic|http://hostname/myblog}} to see your Wordpress website.<br />
<br />
Also change the paths to your Wordpress install folder in case you did a manual install. Don't forget to append the parent directory to the {{ic|php_admin_value}} variable as well as shown below.<br />
<br />
{{hc|# /etc/httpd/conf/extra/httpd-wordpress.conf|<br />
Alias /myblog "/mnt/data/srv/wordpress"<br />
<Directory "/mnt/data/srv/wordpress"><br />
AllowOverride All<br />
Options FollowSymlinks<br />
Require all granted<br />
php_admin_value open_basedir "/srv/:/tmp/:/usr/share/webapps/:/etc/webapps:/mnt/data/srv:$"<br />
</Directory>}}<br />
<br />
Next edit the apache config file and add the following:<br />
<br />
{{hc|# /etc/httpd/conf/httpd.conf|<br />
...<br />
Include conf/extra/httpd-wordpress.conf<br />
...<br />
}}<br />
<br />
Now [[Daemons#Restarting|restart]] httpd (Apache).<br />
<br />
=== Configure MySQL ===<br />
<br />
MySQL can be configured using a plethora of tools, but the most common are the command line or [http://www.phpmyadmin.net/home_page/index.php phpMyAdmin].<br />
<br />
==== Using phpMyAdmin ====<br />
<br />
See [[phpMyAdmin]] to install and configure phpMyAdmin.<br />
<br />
In your web browser, navigate to your phpMyAdmin host and perform the following<br />
steps:<br />
<br />
# Login to phpMyAdmin.<br />
# Click "user" and then click "Add user".<br />
# Give the pop up window a name and a password.<br />
# Select "Create database with same name and grant all privileges".<br />
# Click the "Add user" button to create the user.<br />
<br />
== Wordpress Installation ==<br />
<br />
Once you have spent a couple of hours setting up your http server, php, and mysql, it is finally time to let Wordpress have its five minutes and install itself. So let us begin.<br />
<br />
{{note|If you have disabled the mysql.so PHP extension as recommended on the [[LAMP]] page and are using mysqli.so or pdo_mysql.so instead, you will most likely need a Wordpress plugin to use those APIs. A plugin for mysqli can be found at https://wordpress.org/plugins/mysqli/.}}<br />
<br />
The Wordpress installation procedure will use the URL in the address field of your web browser as the default website URL. If you have navigated to http://localhost/wordpress, your website will be accessible from your local network, but it will be broken in appearance and function.<br />
<br />
# Navigate to {{ic|http://hostname/wordpress}}.<br />
# Click the "Create a Configuration File" button.<br />
# Click the "Let's go!" button.<br />
# Fill in you database information created in the previous section<br />
# Click "Submit".<br />
<br />
If you installed Wordpress from the Official repository, then this setup procedure will not have the correct permissions to create the wp-config.php file used by Wordpress. You will have to do this step yourself as root using information Wordpress will provide.<br />
<br />
A page will appear saying Wordpress can not write the wp-config.php file. Copy the text in the edit box and open {{ic|/usr/share/webapps/wordpress/wp-config.php}} as root in your text editor. Paste the copied text into the editor and save the file.<br />
<br />
Finally, Click "Run the install" and Wordpress will populate the database with your information. Once complete, you will be shown "Success!" page. Click the login button to finish your installation.<br />
<br />
Now would be a good time to access your website from all your devices to be sure your Wordpress installation is setup correctly.<br />
<br />
== Usage ==<br />
<br />
=== Installing a theme ===<br />
<br />
There are tens of thousands of themes available for Wordpress. Searching on google for a good theme can be like wading through a river filled with trash. Good places for looking for themes include:<br />
<br />
* [https://wordpress.org/themes/ Official Wordpress theme website]<br />
* [http://www.smashingmagazine.com/ Smashing Magazine]<br />
* [http://thethemefoundry.com/ The Theme Factory]<br />
* [http://www.woothemes.com/ Woo Themes]<br />
<br />
==== Using the admin panel ====<br />
<br />
Before installing a theme using the admin panel, you will need to setup an [https://wiki.archlinux.org/index.php/Very_Secure_FTP_Daemon FTP] server on your Wordpress host.<br />
<br />
Once the FTP server is setup, login to your Wordpress installation and click <nowiki>"Appearance->Install Themes->Upload"</nowiki>. From there select your zip file that contains your theme and click "Install Now". You will be presented with a box asking for FTP information, enter it and click "Proceed". If you have been following along closely, you should now have an installed theme. Activate it if you wish.<br />
<br />
=== Installing a plugin ===<br />
<br />
The steps for installing a plugin are the same as they are for installing a theme. Just click the "Plugins" link in the left navigation bar and follow the steps. Wordpress is very easy to use.<br />
<br />
=== Updating ===<br />
<br />
Every now and then when you log into wordpress there will be a notification informing you of updates. If you have correctly installed and configured an FTP client, and have the correct filesystem permissions to write in the Wordpress install path then you should be able to perform updates at the click of a button. Just follow the steps.<br />
<br />
== Troubleshooting ==<br />
<br />
=== Appearance is broken (no styling) ===<br />
<br />
Your Wordpress website will appear to have no styling to it when viewing it in a web browser (desktop or mobile) that does not have its hostnames mapped to ip addresses correctly.<br />
<br />
This occurs because you used a url with the hostname of your server, instead of an ip address, when doing the initial setup and Wordpress has used this as the default website URL.<br />
<br />
To fix this, you will either need to edit your /etc/hosts file or setup a proxy server. For an easy to setup proxy server, see [[Polipo]], or if you want something with a little more configuration, see [[Squid]].<br />
<br />
Another option is changing a value in the database table of your Wordpress, specifically the wp_options table. The fix is to change the siteurl option to point directly to the domain name and not "localhost".<br />
<br />
== Tips and tricks ==<br />
<br />
== See also ==<br />
* [[Wikipedia:WordPress|Wordpress]]<br />
* [[Wikipedia:Content management system|Content management system]]</div>Pimanachttps://wiki.archlinux.org/index.php?title=Wordpress&diff=342168Wordpress2014-10-27T16:50:55Z<p>Pimanac: /* Installing a theme */</p>
<hr />
<div>[[Category:Web Server]]<br />
{{Related articles start}}<br />
{{Related|LAMP}}<br />
{{Related|PHP}}<br />
{{Related|MySQL}}<br />
{{Related|phpMyAdmin}}<br />
{{Related articles end}}<br />
<br />
[http://wordpress.org Wordpress] is a free and open source content management system ([[Wikipedia:Content management system|CMS]]) created by [[Wikipedia:Matt Mullenweg|Matt Mullenweg]] and first released in 2003. Wordpress has a vast and vibrant community that provides tens of thousands of free plugins and themes to allow the user to easily customize the appearance and function of their Wordpress CMS. Wordpress is licensed under the GPLv2.<br />
<br />
The biggest feature of Wordpress is its ease in configuration and administration. [http://codex.wordpress.org/Installing_WordPress Setting up a Wordpress site takes five minutes]. The Wordpress administration panel allows users to easily configure almost every aspect of their website including fetching and installing plugins and themes. Wordpress provides effortless automatic updates.<br />
<br />
== Installation ==<br />
<br />
Wordpress requires [[PHP]] and [[MySQL]] to be installed and configured. See the [[LAMP]] wiki article for more information. During configuration, be aware that some WordPress features require [http://wordpress.stackexchange.com/questions/42098/what-are-php-extensions-and-libraries-wp-needs-and-or-uses PHP extensions] that may not be turned on by default.<br />
<br />
{{note|As of August 2012, this article does not support using Wordpress with PostrgreSQL. Wordpress was designed to be used with mysql only. It is possible to use Wordpress with other databases such as PostgreSQL, through the use of a [http://wordpress.org/extend/plugins/postgresql-for-wordpress/ plugin] and a bit of work.}}<br />
<br />
=== Installation using pacman ===<br />
<br />
[[pacman|Install]] {{pkg|wordpress}} from the [[official repositories]].<br />
<br />
{{warning|While it is easier to let pacman manage updating your Wordpress install, this is not necessary. Wordpress has functionality built-in for managing updates, themes, and plugins. If you decide to install the official community package, you will not be able to install plugins and themes using the Wordpress admin panel without a needlessly complex permissions setup, or logging into FTP as root. pacman does not delete the Wordpress install directory when uninstalling it from your system regardless of whether or not you have added data to the directory manually or otherwise.}}<br />
<br />
=== Manual install ===<br />
<br />
Go to [http://wordpress.org/download/ wordpress.org] and download the latest version of Wordpress and extract it to your webserver directory. Give the directory enough permissions to allow your FTP user to write to the directory (used by Wordpress).<br />
<br />
cd /srv/http/whatever<br />
wget https://wordpress.org/latest.tar.gz<br />
tar xvzf latest.tar.gz<br />
<br />
== Configuration ==<br />
<br />
The configuration method used here assumes you are using Wordpress on a local network.<br />
<br />
=== Host config ===<br />
<br />
Make sure your {{ic|/etc/hosts}} file is setup correctly. This will be important when accessing your Wordpress CMS from a local network. Your {{ic|/etc/hosts}} file should look something like the following,<br />
<br />
{{bc|#<ip-address> <hostname.domain.org> <hostname><br />
127.0.0.1 lithium.kaboodle.net localhost lithium<br />
::1 lithium.kaboodle.net localhost lithium}}<br />
<br />
{{note|You will need to use a proxy server to access your Wordpress installation from mobile devices if you plan on using hostnames to install Wordpress, otherwise your website will appear broken [[#Appearance is broken (no styling)]].}}<br />
<br />
=== Configure apache ===<br />
<br />
{{note|You will need to have [[Apache]] configured to run with [[PHP]]. Check the [[LAMP#PHP]] page for instructions. Make sure to enable the {{ic|mysql.so}} extension.}}<br />
<br />
You will need to create a config file for apache to find your Wordpress install. Create the following file and edit it your favorite text editor:<br />
<br />
{{hc|# /etc/httpd/conf/extra/httpd-wordpress.conf|<br />
Alias /wordpress "/usr/share/webapps/wordpress"<br />
<Directory "/usr/share/webapps/wordpress"><br />
AllowOverride All<br />
Options FollowSymlinks<br />
Require all granted<br />
php_admin_value open_basedir "/srv/:/tmp/:/usr/share/webapps/:/etc/webapps:$"<br />
</Directory>}}<br />
<br />
Change {{ic|/wordpress}} in the first line to whatever you want. For example, {{ic|/myblog}} would require that you navigate to {{ic|http://hostname/myblog}} to see your Wordpress website.<br />
<br />
Also change the paths to your Wordpress install folder in case you did a manual install. Don't forget to append the parent directory to the {{ic|php_admin_value}} variable as well as shown below.<br />
<br />
{{hc|# /etc/httpd/conf/extra/httpd-wordpress.conf|<br />
Alias /myblog "/mnt/data/srv/wordpress"<br />
<Directory "/mnt/data/srv/wordpress"><br />
AllowOverride All<br />
Options FollowSymlinks<br />
Require all granted<br />
php_admin_value open_basedir "/srv/:/tmp/:/usr/share/webapps/:/etc/webapps:/mnt/data/srv:$"<br />
</Directory>}}<br />
<br />
Next edit the apache config file and add the following:<br />
<br />
{{hc|# /etc/httpd/conf/httpd.conf|<br />
...<br />
Include conf/extra/httpd-wordpress.conf<br />
...<br />
}}<br />
<br />
Now [[Daemons#Restarting|restart]] httpd (Apache).<br />
<br />
=== Configure MySQL ===<br />
<br />
MySQL can be configured using a plethora of tools, but the most common are the command line or [http://www.phpmyadmin.net/home_page/index.php phpMyAdmin].<br />
<br />
==== Using phpMyAdmin ====<br />
<br />
See [[phpMyAdmin]] to install and configure phpMyAdmin.<br />
<br />
In your web browser, navigate to your phpMyAdmin host and perform the following<br />
steps:<br />
<br />
# Login to phpMyAdmin.<br />
# Click "user" and then click "Add user".<br />
# Give the pop up window a name and a password.<br />
# Select "Create database with same name and grant all privileges".<br />
# Click the "Add user" button to create the user.<br />
<br />
== Wordpress Installation ==<br />
<br />
Once you have spent a couple of hours setting up your http server, php, and mysql, it is finally time to let Wordpress have its five minutes and install itself. So let us begin.<br />
<br />
{{note|If you have disabled the mysql.so PHP extension as recommended on the [[LAMP]] page and are using mysqli.so or pdo_mysql.so instead, you will most likely need a Wordpress plugin to use those APIs. A plugin for mysqli can be found at https://wordpress.org/plugins/mysqli/.}}<br />
<br />
The Wordpress installation procedure will use the URL in the address field of your web browser as the default website URL. If you have navigated to http://localhost/wordpress, your website will be accessible from your local network, but it will be broken in appearance and function.<br />
<br />
# Navigate to {{ic|http://hostname/wordpress}}.<br />
# Click the "Create a Configuration File" button.<br />
# Click the "Let's go!" button.<br />
# Fill in you database information created in the previous section<br />
# Click "Submit".<br />
<br />
If you installed Wordpress from the Official repository, then this setup procedure will not have the correct permissions to create the wp-config.php file used by Wordpress. You will have to do this step yourself as root using information Wordpress will provide.<br />
<br />
A page will appear saying Wordpress can not write the wp-config.php file. Copy the text in the edit box and open {{ic|/usr/share/webapps/wordpress/wp-config.php}} as root in your text editor. Paste the copied text into the editor and save the file.<br />
<br />
Finally, Click "Run the install" and Wordpress will populate the database with your information. Once complete, you will be shown "Success!" page. Click the login button to finish your installation.<br />
<br />
Now would be a good time to access your website from all your devices to be sure your Wordpress installation is setup correctly.<br />
<br />
== Usage ==<br />
<br />
=== Installing a theme ===<br />
<br />
There are tens of thousands of themes available for Wordpress. Searching on google for a good theme can be like wading through a river filled with trash. Good places for looking for themes include:<br />
<br />
* [http://wordpress.org/extend/themes/ Official Wordpress theme website]<br />
* [http://www.smashingmagazine.com/ Smashing Magazine]<br />
* [http://thethemefoundry.com/ The Theme Factory]<br />
* [http://www.woothemes.com/ Woo Themes]<br />
<br />
==== Using the admin panel ====<br />
<br />
Before installing a theme using the admin panel, you will need to setup an [https://wiki.archlinux.org/index.php/Very_Secure_FTP_Daemon FTP] server on your Wordpress host.<br />
<br />
Once the FTP server is setup, login to your Wordpress installation and click <nowiki>"Appearance->Install Themes->Upload"</nowiki>. From there select your zip file that contains your theme and click "Install Now". You will be presented with a box asking for FTP information, enter it and click "Proceed". If you have been following along closely, you should now have an installed theme. Activate it if you wish.<br />
<br />
=== Installing a plugin ===<br />
<br />
The steps for installing a plugin are the same as they are for installing a theme. Just click the "Plugins" link in the left navigation bar and follow the steps. Wordpress is very easy to use.<br />
<br />
=== Updating ===<br />
<br />
Every now and then when you log into wordpress there will be a notification informing you of updates. If you have correctly installed and configured an FTP client, and have the correct filesystem permissions to write in the Wordpress install path then you should be able to perform updates at the click of a button. Just follow the steps.<br />
<br />
== Troubleshooting ==<br />
<br />
=== Appearance is broken (no styling) ===<br />
<br />
Your Wordpress website will appear to have no styling to it when viewing it in a web browser (desktop or mobile) that does not have its hostnames mapped to ip addresses correctly.<br />
<br />
This occurs because you used a url with the hostname of your server, instead of an ip address, when doing the initial setup and Wordpress has used this as the default website URL.<br />
<br />
To fix this, you will either need to edit your /etc/hosts file or setup a proxy server. For an easy to setup proxy server, see [[Polipo]], or if you want something with a little more configuration, see [[Squid]].<br />
<br />
Another option is changing a value in the database table of your Wordpress, specifically the wp_options table. The fix is to change the siteurl option to point directly to the domain name and not "localhost".<br />
<br />
== Tips and tricks ==<br />
<br />
== See also ==<br />
* [[Wikipedia:WordPress|Wordpress]]<br />
* [[Wikipedia:Content management system|Content management system]]</div>Pimanachttps://wiki.archlinux.org/index.php?title=Wordpress&diff=342167Wordpress2014-10-27T16:50:40Z<p>Pimanac: /* Installing a theme */ clean up list of sites</p>
<hr />
<div>[[Category:Web Server]]<br />
{{Related articles start}}<br />
{{Related|LAMP}}<br />
{{Related|PHP}}<br />
{{Related|MySQL}}<br />
{{Related|phpMyAdmin}}<br />
{{Related articles end}}<br />
<br />
[http://wordpress.org Wordpress] is a free and open source content management system ([[Wikipedia:Content management system|CMS]]) created by [[Wikipedia:Matt Mullenweg|Matt Mullenweg]] and first released in 2003. Wordpress has a vast and vibrant community that provides tens of thousands of free plugins and themes to allow the user to easily customize the appearance and function of their Wordpress CMS. Wordpress is licensed under the GPLv2.<br />
<br />
The biggest feature of Wordpress is its ease in configuration and administration. [http://codex.wordpress.org/Installing_WordPress Setting up a Wordpress site takes five minutes]. The Wordpress administration panel allows users to easily configure almost every aspect of their website including fetching and installing plugins and themes. Wordpress provides effortless automatic updates.<br />
<br />
== Installation ==<br />
<br />
Wordpress requires [[PHP]] and [[MySQL]] to be installed and configured. See the [[LAMP]] wiki article for more information. During configuration, be aware that some WordPress features require [http://wordpress.stackexchange.com/questions/42098/what-are-php-extensions-and-libraries-wp-needs-and-or-uses PHP extensions] that may not be turned on by default.<br />
<br />
{{note|As of August 2012, this article does not support using Wordpress with PostrgreSQL. Wordpress was designed to be used with mysql only. It is possible to use Wordpress with other databases such as PostgreSQL, through the use of a [http://wordpress.org/extend/plugins/postgresql-for-wordpress/ plugin] and a bit of work.}}<br />
<br />
=== Installation using pacman ===<br />
<br />
[[pacman|Install]] {{pkg|wordpress}} from the [[official repositories]].<br />
<br />
{{warning|While it is easier to let pacman manage updating your Wordpress install, this is not necessary. Wordpress has functionality built-in for managing updates, themes, and plugins. If you decide to install the official community package, you will not be able to install plugins and themes using the Wordpress admin panel without a needlessly complex permissions setup, or logging into FTP as root. pacman does not delete the Wordpress install directory when uninstalling it from your system regardless of whether or not you have added data to the directory manually or otherwise.}}<br />
<br />
=== Manual install ===<br />
<br />
Go to [http://wordpress.org/download/ wordpress.org] and download the latest version of Wordpress and extract it to your webserver directory. Give the directory enough permissions to allow your FTP user to write to the directory (used by Wordpress).<br />
<br />
cd /srv/http/whatever<br />
wget https://wordpress.org/latest.tar.gz<br />
tar xvzf latest.tar.gz<br />
<br />
== Configuration ==<br />
<br />
The configuration method used here assumes you are using Wordpress on a local network.<br />
<br />
=== Host config ===<br />
<br />
Make sure your {{ic|/etc/hosts}} file is setup correctly. This will be important when accessing your Wordpress CMS from a local network. Your {{ic|/etc/hosts}} file should look something like the following,<br />
<br />
{{bc|#<ip-address> <hostname.domain.org> <hostname><br />
127.0.0.1 lithium.kaboodle.net localhost lithium<br />
::1 lithium.kaboodle.net localhost lithium}}<br />
<br />
{{note|You will need to use a proxy server to access your Wordpress installation from mobile devices if you plan on using hostnames to install Wordpress, otherwise your website will appear broken [[#Appearance is broken (no styling)]].}}<br />
<br />
=== Configure apache ===<br />
<br />
{{note|You will need to have [[Apache]] configured to run with [[PHP]]. Check the [[LAMP#PHP]] page for instructions. Make sure to enable the {{ic|mysql.so}} extension.}}<br />
<br />
You will need to create a config file for apache to find your Wordpress install. Create the following file and edit it your favorite text editor:<br />
<br />
{{hc|# /etc/httpd/conf/extra/httpd-wordpress.conf|<br />
Alias /wordpress "/usr/share/webapps/wordpress"<br />
<Directory "/usr/share/webapps/wordpress"><br />
AllowOverride All<br />
Options FollowSymlinks<br />
Require all granted<br />
php_admin_value open_basedir "/srv/:/tmp/:/usr/share/webapps/:/etc/webapps:$"<br />
</Directory>}}<br />
<br />
Change {{ic|/wordpress}} in the first line to whatever you want. For example, {{ic|/myblog}} would require that you navigate to {{ic|http://hostname/myblog}} to see your Wordpress website.<br />
<br />
Also change the paths to your Wordpress install folder in case you did a manual install. Don't forget to append the parent directory to the {{ic|php_admin_value}} variable as well as shown below.<br />
<br />
{{hc|# /etc/httpd/conf/extra/httpd-wordpress.conf|<br />
Alias /myblog "/mnt/data/srv/wordpress"<br />
<Directory "/mnt/data/srv/wordpress"><br />
AllowOverride All<br />
Options FollowSymlinks<br />
Require all granted<br />
php_admin_value open_basedir "/srv/:/tmp/:/usr/share/webapps/:/etc/webapps:/mnt/data/srv:$"<br />
</Directory>}}<br />
<br />
Next edit the apache config file and add the following:<br />
<br />
{{hc|# /etc/httpd/conf/httpd.conf|<br />
...<br />
Include conf/extra/httpd-wordpress.conf<br />
...<br />
}}<br />
<br />
Now [[Daemons#Restarting|restart]] httpd (Apache).<br />
<br />
=== Configure MySQL ===<br />
<br />
MySQL can be configured using a plethora of tools, but the most common are the command line or [http://www.phpmyadmin.net/home_page/index.php phpMyAdmin].<br />
<br />
==== Using phpMyAdmin ====<br />
<br />
See [[phpMyAdmin]] to install and configure phpMyAdmin.<br />
<br />
In your web browser, navigate to your phpMyAdmin host and perform the following<br />
steps:<br />
<br />
# Login to phpMyAdmin.<br />
# Click "user" and then click "Add user".<br />
# Give the pop up window a name and a password.<br />
# Select "Create database with same name and grant all privileges".<br />
# Click the "Add user" button to create the user.<br />
<br />
== Wordpress Installation ==<br />
<br />
Once you have spent a couple of hours setting up your http server, php, and mysql, it is finally time to let Wordpress have its five minutes and install itself. So let us begin.<br />
<br />
{{note|If you have disabled the mysql.so PHP extension as recommended on the [[LAMP]] page and are using mysqli.so or pdo_mysql.so instead, you will most likely need a Wordpress plugin to use those APIs. A plugin for mysqli can be found at https://wordpress.org/plugins/mysqli/.}}<br />
<br />
The Wordpress installation procedure will use the URL in the address field of your web browser as the default website URL. If you have navigated to http://localhost/wordpress, your website will be accessible from your local network, but it will be broken in appearance and function.<br />
<br />
# Navigate to {{ic|http://hostname/wordpress}}.<br />
# Click the "Create a Configuration File" button.<br />
# Click the "Let's go!" button.<br />
# Fill in you database information created in the previous section<br />
# Click "Submit".<br />
<br />
If you installed Wordpress from the Official repository, then this setup procedure will not have the correct permissions to create the wp-config.php file used by Wordpress. You will have to do this step yourself as root using information Wordpress will provide.<br />
<br />
A page will appear saying Wordpress can not write the wp-config.php file. Copy the text in the edit box and open {{ic|/usr/share/webapps/wordpress/wp-config.php}} as root in your text editor. Paste the copied text into the editor and save the file.<br />
<br />
Finally, Click "Run the install" and Wordpress will populate the database with your information. Once complete, you will be shown "Success!" page. Click the login button to finish your installation.<br />
<br />
Now would be a good time to access your website from all your devices to be sure your Wordpress installation is setup correctly.<br />
<br />
== Usage ==<br />
<br />
=== Installing a theme ===<br />
<br />
There are tens of thousands of themes available for Wordpress. Searching on google for a good theme can be like wading through a river filled with trash. Good places for looking for themes include:<br />
<br />
* [http://wordpress.org/extend/themes/ Official Wordpress theme website]<br />
* [http://www.smashingmagazine.com/ Smashing Magazine]<br />
* [http://thethemefoundry.com/ The Theme Factory]<br />
* [http://www.woothemes.com/ Woo Themes]<br />
<br />
<br />
<br />
==== Using the admin panel ====<br />
<br />
Before installing a theme using the admin panel, you will need to setup an [https://wiki.archlinux.org/index.php/Very_Secure_FTP_Daemon FTP] server on your Wordpress host.<br />
<br />
Once the FTP server is setup, login to your Wordpress installation and click <nowiki>"Appearance->Install Themes->Upload"</nowiki>. From there select your zip file that contains your theme and click "Install Now". You will be presented with a box asking for FTP information, enter it and click "Proceed". If you have been following along closely, you should now have an installed theme. Activate it if you wish.<br />
<br />
=== Installing a plugin ===<br />
<br />
The steps for installing a plugin are the same as they are for installing a theme. Just click the "Plugins" link in the left navigation bar and follow the steps. Wordpress is very easy to use.<br />
<br />
=== Updating ===<br />
<br />
Every now and then when you log into wordpress there will be a notification informing you of updates. If you have correctly installed and configured an FTP client, and have the correct filesystem permissions to write in the Wordpress install path then you should be able to perform updates at the click of a button. Just follow the steps.<br />
<br />
== Troubleshooting ==<br />
<br />
=== Appearance is broken (no styling) ===<br />
<br />
Your Wordpress website will appear to have no styling to it when viewing it in a web browser (desktop or mobile) that does not have its hostnames mapped to ip addresses correctly.<br />
<br />
This occurs because you used a url with the hostname of your server, instead of an ip address, when doing the initial setup and Wordpress has used this as the default website URL.<br />
<br />
To fix this, you will either need to edit your /etc/hosts file or setup a proxy server. For an easy to setup proxy server, see [[Polipo]], or if you want something with a little more configuration, see [[Squid]].<br />
<br />
Another option is changing a value in the database table of your Wordpress, specifically the wp_options table. The fix is to change the siteurl option to point directly to the domain name and not "localhost".<br />
<br />
== Tips and tricks ==<br />
<br />
== See also ==<br />
* [[Wikipedia:WordPress|Wordpress]]<br />
* [[Wikipedia:Content management system|Content management system]]</div>Pimanachttps://wiki.archlinux.org/index.php?title=Apache_HTTP_Server&diff=297538Apache HTTP Server2014-02-14T20:26:51Z<p>Pimanac: /* Apache */</p>
<hr />
<div>[[Category:Web Server]]<br />
[[cs:LAMP]]<br />
[[de:LAMP Installation]]<br />
[[el:LAMP]]<br />
[[es:LAMP]]<br />
[[fr:Lamp]]<br />
[[it:LAMP]]<br />
[[pl:LAMP]]<br />
[[ru:LAMP]]<br />
[[sr:LAMP]]<br />
[[tr:LAMP]]<br />
[[zh-CN:LAMP]]<br />
{{Related articles start}}<br />
{{Related|MariaDB}}<br />
{{Related|PhpMyAdmin}}<br />
{{Related|Adminer}}<br />
{{Related|Xampp}}<br />
{{Related|mod_perl}}<br />
{{Related articles end}}<br />
[[Wikipedia:LAMP (software bundle)|LAMP]] refers to a common combination of software used in many web servers: '''L'''inux, '''A'''pache, '''M'''ySQL/'''M'''ariaDB, and '''P'''HP. This article describes how to set up the [http://httpd.apache.org Apache HTTP Server] on an Arch Linux system. It also tells you how to optionally install [[PHP]] and [[MariaDB]] and integrate these in the Apache server.<br />
<br />
If you only need a web server for development and testing, [[Xampp]] might be a better and easier option.<br />
<br />
== Installation ==<br />
This document assumes you will install Apache, PHP and MariaDB together. If desired however, you may install Apache, PHP, and MariaDB separately and simply refer to the relevant sections below.<br />
<br />
You can [[pacman|install]] {{Pkg|apache}}, {{Pkg|php}}, {{Pkg|php-apache}} and {{Pkg|mariadb}} from the [[official repositories]].<br />
<br />
{{Note|Even though Apache 2.4 was released over a year ago (Feb 2012), it still isn't available in the official repositories. You can however get it from the [[AUR]] as {{AUR|apache24}}.}}<br />
<br />
== Configuration ==<br />
<br />
=== Apache ===<br />
For security reasons, as soon as Apache is started by the root user (directly or via startup scripts) it switches to the UID/GID specified in {{ic|/etc/httpd/conf/httpd.conf}}. The default is user '''http''' and it is created automatically during installation.<br />
<br />
Change {{ic|httpd.conf}} and optionally {{ic|extra/httpd-default.conf}} to your liking and start the {{ic|httpd}} daemon using [[systemd]].<br />
# systemctl start httpd.service<br />
<br />
Apache should now be running. Test by visiting http://localhost/ in a web browser. It should display a simple Apache test page.<br />
<br />
==== User directories ====<br />
* User directories are available by default through http://localhost/~yourusername/ and show the contents of {{ic|~/public_html}} (this can be changed in {{ic|/etc/httpd/conf/extra/httpd-userdir.conf}}).<br />
<br />
* If you do not want user directories to be available on the web, comment out the following line in {{ic|/etc/httpd/conf/httpd.conf}}:<br />
Include conf/extra/httpd-userdir.conf<br />
<br />
* You must make sure that your home directory permissions are set properly so that Apache can get there. Your home directory and {{ic|~/public_html/}} must be executable for others ("rest of the world"). This seems to be enough:<br />
$ chmod o+x ~<br />
$ chmod o+x ~/public_html<br />
<br />
* A more secure way to share your home folder with Apache is to add the '''http''' user to the group that owns your home folder. For example, if your home folder and other sub-folders in your home folder belong to group '''piter''', all you have to do is following:<br />
# usermod -aG piter http<br />
or<br />
# gpasswd -a http piter<br />
<br />
* Of course, you have to give ''read'' and ''execute'' permissions on {{ic|~/}}, {{ic|~/public_html}}, and all other sub-folders in {{ic|~/public_html}} to the group members (group '''piter''' in our case). Do something like the following ('''modify the commands for your specific case'''):<br />
$ chmod g+xr-w /home/''yourusername''<br />
$ chmod -R g+xr-w /home/''yourusername''/public_html<br />
<br />
{{Note|This way you do not have to give access to your folder to every single user in order to give access to '''http''' user. Only the '''http''' user and other potential users that are in the '''piter''' group will have access to your home folder.}}<br />
<br />
Restart {{ic|httpd}} to apply any changes.<br />
<br />
==== SSL ====<br />
* Create a self-signed certificate (you can change the key size and the number of days of validity):<br />
# cd /etc/httpd/conf<br />
# openssl genrsa -out server.key 2048<br />
# chmod 600 server.key<br />
# openssl req -new -key server.key -out server.csr<br />
# openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt<br />
<br />
* Then, in {{ic|/etc/httpd/conf/httpd.conf}}, uncomment the line containing:<br />
Include conf/extra/httpd-ssl.conf<br />
<br />
Restart {{ic|httpd}} to apply any changes.<br />
<br />
==== Virtual Hosts ====<br />
* If you want to have more than one host, uncomment the following line in {{ic|/etc/httpd/conf/httpd.conf}}:<br />
Include conf/extra/httpd-vhosts.conf<br />
<br />
* In {{ic|/etc/httpd/conf/extra/httpd-vhosts.conf}} set your virtual hosts according the example, e.g.:<br />
{{hc|/etc/httpd/conf/extra/httpd-vhosts.conf|<br />
'''NameVirtualHost *:80 ''' #this allows name based virtual hosts<br />
<br />
#this first virtualhost enables: http://127.0.0.1, or: http://localhost, <br />
#to still go to /srv/http/*index.html(otherwise it will 404_error).<br />
#the reason for this: once you tell httpd.conf to include extra/httpd-vhosts.conf, <br />
#ALL vhosts are handled in httpd-vhosts.conf(including the default one),<br />
# E.G. the default virtualhost in httpd.conf is not used and must be included here, <br />
#otherwise, only domainname1.dom & domainname2.dom will be accessible<br />
#from your web browser and NOT http://127.0.0.1, or: http://localhost, etc.<br />
#<br />
<br />
<VirtualHost *:80><br />
DocumentRoot "/srv/http"<br />
ServerAdmin root@localhost<br />
ErrorLog "/var/log/httpd/127.0.0.1-error_log"<br />
CustomLog "/var/log/httpd/127.0.0.1-access_log" common<br />
<Directory /srv/http/><br />
DirectoryIndex index.htm index.html<br />
AddHandler cgi-script .cgi .pl<br />
Options ExecCGI Indexes FollowSymLinks MultiViews +Includes<br />
AllowOverride None<br />
Order allow,deny<br />
Allow from all<br />
</Directory><br />
</VirtualHost><br />
<br />
<VirtualHost *:80><br />
ServerAdmin your@domainname1.dom<br />
DocumentRoot "/home/username/yoursites/domainname1.dom/www"<br />
ServerName domainname1.dom<br />
ServerAlias domainname1.dom<br />
<Directory /home/username/yoursites/domainname1.dom/www/><br />
DirectoryIndex index.htm index.html<br />
AddHandler cgi-script .cgi .pl<br />
Options ExecCGI Indexes FollowSymLinks MultiViews +Includes<br />
AllowOverride None<br />
Order allow,deny<br />
Allow from all<br />
</Directory><br />
</VirtualHost><br />
<br />
<VirtualHost *:80><br />
ServerAdmin your@domainname2.dom<br />
DocumentRoot "/home/username/yoursites/domainname2.dom/www"<br />
ServerName domainname2.dom<br />
ServerAlias domainname2.dom<br />
<Directory /home/username/yoursites/domainname2.dom/www/><br />
DirectoryIndex index.htm index.html<br />
AddHandler cgi-script .cgi .pl<br />
Options ExecCGI Indexes FollowSymLinks MultiViews +Includes<br />
AllowOverride None<br />
Order allow,deny<br />
Allow from all<br />
</Directory><br />
</VirtualHost><br />
}}<br />
<br />
* Add your virtual host names to your {{ic|/etc/hosts}} file (not necessary if a DNS server is serving these domains already, but will not hurt to do it anyway):<br />
127.0.0.1 domainname1.dom <br />
127.0.0.1 domainname2.dom<br />
<br />
Restart {{ic|httpd}} to apply any changes.<br />
<br />
* If you setup your virtual hosts to be in your user directory, sometimes it interferes with Apache's {{ic|Userdir}} settings. To avoid problems disable {{ic|Userdir}} by comment the following line in:<br />
#Include conf/extra/httpd-userdir.conf<br />
<br />
* As said above, ensure that you have the proper permissions:<br />
# chmod 0775 /home/''yourusername''/<br />
<br />
* If you have a huge amount of virtual hosts, you may want to easily disable and enable them. It is recommended to create one configuration file per virtual host and store them all in one folder, eg: {{ic|/etc/httpd/conf/vhosts}}.<br />
<br />
* First create the folder:<br />
# mkdir /etc/httpd/conf/vhosts<br />
<br />
* Then place the single configuration files in it:<br />
# nano /etc/httpd/conf/vhosts/domainname1.dom<br />
# nano /etc/httpd/conf/vhosts/domainname2.dom<br />
...<br />
<br />
* In the last step, {{ic|Include}} the single configurations in your {{ic|/etc/httpd/conf/httpd.conf}}:<br />
#Enabled Vhosts:<br />
Include conf/vhosts/domainname1.dom<br />
Include conf/vhosts/domainname2.dom<br />
<br />
* You can enable and disable single virtual hosts by commenting or uncommenting them.<br />
<br />
==== Advanced Options ====<br />
These options in {{ic|/etc/httpd/conf/httpd.conf}} might be interesting for you.<br />
<br />
# Listen 80<br />
* This is the port Apache will listen to. For Internet-access with router, you have to forward the port.<br />
<br />
If you setup Apache for local development you may want it to be only accessible from your computer. Then change this line to:<br />
# Listen 127.0.0.1:80<br />
<br />
* This is the admin's email address which can be found on e.g. error pages:<br />
# ServerAdmin you@example.com<br />
<br />
* This is the directory where you should put your web pages:<br />
# DocumentRoot "/srv/http"<br />
<br />
Change it, if you want to, but do not forget to also change<br />
<Directory "/srv/http"><br />
to whatever you changed your {{ic|DocumentRoot}} too, or you will likely get a '''403 Error''' (lack of privileges) when you try to access the new document root. Do not forget to change the {{ic|Deny from all}} line, otherwise you will get a '''403 Error'''.<br />
<br />
# AllowOverride None<br />
* This directive in {{ic|<Directory>}} sections causes Apache to completely ignore {{ic|.htaccess}} files. If you intend to use {{ic|mod_rewrite}} or other settings in {{ic|.htaccess}} files, you can allow which directives declared in that file can override server configuration. For more info refer to the [http://httpd.apache.org/docs/current/mod/core.html#allowoverride Apache documentation].<br />
<br />
{{Note|If you have issues with your configuration you can have Apache check the configuration with: {{ic|apachectl configtest}}}}<br />
<br />
* More settings in {{ic|/etc/httpd/conf/extra/httpd-default.conf}}:<br />
<br />
* To turn off your server's signature:<br />
ServerSignature Off<br />
<br />
* To hide server information like Apache and PHP versions:<br />
ServerTokens Prod<br />
<br />
==== Troubleshooting ====<br />
* If you encounter '''Error: PID file /run/httpd/httpd.pid not readable (yet?) after start.'''<br />
:Comment out the unique_id_module:<br />
#LoadModule unique_id_module modules/mod_unique_id.so<br />
<br />
=== PHP ===<br />
* To enable PHP, add these lines to {{ic|/etc/httpd/conf/httpd.conf}}:<br />
:Place this in the {{ic|LoadModule}} list anywhere after {{ic|LoadModule dir_module modules/mod_dir.so}}:<br />
LoadModule php5_module modules/libphp5.so<br />
<br />
:Place this at the end of the {{ic|Include}} list:<br />
Include conf/extra/php5_module.conf<br />
<br />
:Make sure that the following line is uncommented in the {{ic|<IfModule mime_module>}} section:<br />
TypesConfig conf/mime.types<br />
<br />
:Uncomment the following line (optional):<br />
MIMEMagicFile conf/magic<br />
<br />
* Add this line in {{ic|/etc/httpd/conf/mime.types}}:<br />
application/x-httpd-php php php5<br />
<br />
{{Note|If you do not see {{ic|libphp5.so}} in the Apache modules directory ({{ic|/etc/httpd/modules}}), you may have forgotten to install {{Pkg|php-apache}}.}}<br />
<br />
* If your {{ic|DocumentRoot}} is not {{ic|/srv/http}}, add it to {{ic|open_basedir}} in {{ic|/etc/php/php.ini}} as such:<br />
open_basedir=/srv/http/:/home/:/tmp/:/usr/share/pear/:/path/to/documentroot<br />
<br />
* [[Daemons|Restart]] the '''httpd''' daemon.<br />
<br />
* To test whether PHP was correctly configured: create a file called {{ic|test.php}} in your Apache {{ic|DocumentRoot}} directory (e.g. {{ic|/srv/http/}} or {{ic|~/public_html}}) and inside it put:<br />
<?php phpinfo(); ?><br />
:To see if it works go to: http://localhost/test.php or http://localhost/~myname/test.php<br />
<br />
:If the PHP code is not executed (you see plain text in {{ic|test.php}}), check that you have added {{ic|Includes}} to the {{ic|Options}} line for your root directory in {{ic|/etc/httpd/conf/httpd.conf}}. Moreover, check that {{ic|TypesConfig conf/mime.types}} is uncommented in the <IfModule mime_module> section, you may also try adding the following to the {{ic|<IfModule mime_module>}} in {{ic|httpd.conf}}:<br />
AddHandler application/x-httpd-php .php<br />
<br />
==== Advanced options ====<br />
* It is recommended to set your timezone ([http://www.php.net/manual/en/timezones.php list of timezones]) in {{ic|/etc/php/php.ini}} like so:<br />
{{bc|1=date.timezone = Europe/Berlin}}<br />
<br />
* If you want to display errors to debug your PHP code, change {{ic|display_errors}} to {{ic|On}} in {{ic|/etc/php/php.ini}}:<br />
display_errors=On<br />
<br />
* If you want the {{ic|libGD}} module, install {{Pkg|php-gd}} and uncomment {{ic|1=extension=gd.so}} in {{ic|/etc/php/php.ini}}:<br />
{{Note|{{Pkg|php-gd}} requires {{Pkg|libpng}}, {{Pkg|libjpeg-turbo}}, and {{Pkg|freetype2}}.}}<br />
extension=gd.so<br />
<br />
{{Note|Pay attention to which extension you uncomment, as this extension is sometimes mentioned in an explanatory comment before the actual line you want to uncomment.}}<br />
<br />
* If you want the {{ic|mcrypt}} module, install {{Pkg|php-mcrypt}} and uncomment {{ic|1=extension=mcrypt.so}} in {{ic|/etc/php/php.ini}}:<br />
extension=mcrypt.so<br />
<br />
* Remember to add a file handler for {{ic|.phtml}}, if you need it, in {{ic|/etc/httpd/conf/extra/php5_module.conf}}:<br />
DirectoryIndex index.php index.phtml index.html<br />
<br />
==== Using php5 with apache2-mpm-worker and mod_fcgid ====<br />
* Uncomment following in {{ic|/etc/conf.d/apache}}:<br />
HTTPD=/usr/bin/httpd.worker<br />
<br />
* Uncomment following in {{ic|/etc/httpd/conf/httpd.conf}}:<br />
Include conf/extra/httpd-mpm.conf<br />
<br />
* [[Pacman|Install]] the {{pkg|mod_fcgid}} and {{Pkg|php-cgi}} packages from the [[official repositories]].<br />
<br />
* Create {{ic|/etc/httpd/conf/extra/php5_fcgid.conf}} with following content:<br />
{{hc|/etc/httpd/conf/extra/php5_fcgid.conf|<nowiki><br />
# Required modules: fcgid_module<br />
<br />
<IfModule fcgid_module><br />
AddHandler php-fcgid .php<br />
AddType application/x-httpd-php .php<br />
Action php-fcgid /fcgid-bin/php-fcgid-wrapper<br />
ScriptAlias /fcgid-bin/ /srv/http/fcgid-bin/<br />
SocketPath /var/run/httpd/fcgidsock<br />
SharememPath /var/run/httpd/fcgid_shm<br />
# If you don't allow bigger requests many applications may fail (such as WordPress login)<br />
FcgidMaxRequestLen 536870912<br />
PHP_Fix_Pathinfo_Enable 1<br />
# Path to php.ini – defaults to /etc/phpX/cgi<br />
DefaultInitEnv PHPRC=/etc/php/<br />
# Number of PHP childs that will be launched. Leave undefined to let PHP decide.<br />
#DefaultInitEnv PHP_FCGI_CHILDREN 3<br />
# Maximum requests before a process is stopped and a new one is launched<br />
#DefaultInitEnv PHP_FCGI_MAX_REQUESTS 5000<br />
<Location /fcgid-bin/><br />
SetHandler fcgid-script<br />
Options +ExecCGI<br />
</Location><br />
</IfModule></nowiki><br />
}}<br />
<br />
* Create the needed directory and symlink it for the PHP wrapper:<br />
# mkdir /srv/http/fcgid-bin<br />
# ln -s /usr/bin/php-cgi /srv/http/fcgid-bin/php-fcgid-wrapper<br />
<br />
* Edit {{ic|/etc/httpd/conf/httpd.conf}}:<br />
#LoadModule php5_module modules/libphp5.so<br />
LoadModule fcgid_module modules/mod_fcgid.so<br />
Include conf/extra/php5_fcgid.conf<br />
<br />
* Make sure {{ic|/etc/php/php.ini}} has the directive enabled:<br />
cgi.fix_pathinfo=1<br />
and [[Daemons|restart]] '''httpd'''.<br />
<br />
{{Note|1=As of Apache 2.4 (the {{AUR|apache24}} package is available in the [[AUR]]) you can now use [http://httpd.apache.org/docs/2.4/mod/mod_proxy_fcgi.html mod_proxy_fcgi] (part of the official distribution) with PHP-FPM (and the new event MPM). See this [http://wiki.apache.org/httpd/PHP-FPM configuration example].}}<br />
<br />
=== MariaDB ===<br />
* Configure MySQL/MariaDB as described in [[MariaDB]].<br />
<br />
* Uncomment [http://www.php.net/manual/en/mysqlinfo.api.choosing.php at least one] of the following lines in {{ic|/etc/php/php.ini}}:<br />
extension=pdo_mysql.so<br />
extension=mysqli.so<br />
extension=mysql.so<br />
{{Tip|If you're using mysqli.so you may need to uncomment 'extension&#61;mysqli.so' and 'extension&#61;mysql.so'.}}<br />
{{Warning|As of PHP 5.5, mysql.so is [http://www.php.net/manual/de/migration55.deprecated.php deprecated] and will fill up your log files.}}<br />
<br />
* You can add minor privileged MySQL users for your web scripts. You might also want to edit {{ic|/etc/mysql/my.cnf}} and uncomment the {{ic|skip-networking}} line so the MySQL server is only accessible by the localhost. You have to restart MySQL for changes to take effect. <br />
<br />
* [[Daemons|Restart]] the '''httpd''' daemon.<br />
<br />
{{Tip|You may want to install a tool like [[phpMyAdmin]], [[Adminer]] or {{AUR|mysql-workbench}} to work with your databases.}}<br />
<br />
== External links ==<br />
* [http://www.apache.org/ Apache Official Website]<br />
* [http://www.php.net/ PHP Official Website]<br />
* [https://mariadb.org/ MariaDB Official Website]<br />
* [http://www.akadia.com/services/ssh_test_certificate.html Tutorial for creating self-signed certificates]<br />
* [http://wiki.apache.org/httpd/CommonMisconfigurations Apache Wiki Troubleshooting]</div>Pimanachttps://wiki.archlinux.org/index.php?title=Apache_HTTP_Server&diff=297537Apache HTTP Server2014-02-14T20:26:16Z<p>Pimanac: /* Apache */</p>
<hr />
<div>[[Category:Web Server]]<br />
[[cs:LAMP]]<br />
[[de:LAMP Installation]]<br />
[[el:LAMP]]<br />
[[es:LAMP]]<br />
[[fr:Lamp]]<br />
[[it:LAMP]]<br />
[[pl:LAMP]]<br />
[[ru:LAMP]]<br />
[[sr:LAMP]]<br />
[[tr:LAMP]]<br />
[[zh-CN:LAMP]]<br />
{{Related articles start}}<br />
{{Related|MariaDB}}<br />
{{Related|PhpMyAdmin}}<br />
{{Related|Adminer}}<br />
{{Related|Xampp}}<br />
{{Related|mod_perl}}<br />
{{Related articles end}}<br />
[[Wikipedia:LAMP (software bundle)|LAMP]] refers to a common combination of software used in many web servers: '''L'''inux, '''A'''pache, '''M'''ySQL/'''M'''ariaDB, and '''P'''HP. This article describes how to set up the [http://httpd.apache.org Apache HTTP Server] on an Arch Linux system. It also tells you how to optionally install [[PHP]] and [[MariaDB]] and integrate these in the Apache server.<br />
<br />
If you only need a web server for development and testing, [[Xampp]] might be a better and easier option.<br />
<br />
== Installation ==<br />
This document assumes you will install Apache, PHP and MariaDB together. If desired however, you may install Apache, PHP, and MariaDB separately and simply refer to the relevant sections below.<br />
<br />
You can [[pacman|install]] {{Pkg|apache}}, {{Pkg|php}}, {{Pkg|php-apache}} and {{Pkg|mariadb}} from the [[official repositories]].<br />
<br />
{{Note|Even though Apache 2.4 was released over a year ago (Feb 2012), it still isn't available in the official repositories. You can however get it from the [[AUR]] as {{AUR|apache24}}.}}<br />
<br />
== Configuration ==<br />
<br />
=== Apache ===<br />
For security reasons, as soon as Apache is started by the root user (directly or via startup scripts) it switches to the UID/GID specified in {{ic|/etc/httpd/conf/httpd.conf}}. The default is user '''http''' and it is created automatically during installation.<br />
<br />
Change {{ic|httpd.conf}} and optionally {{ic|extra/httpd-default.conf}} to your liking and start the {{ic|httpd}} daemon using [[systemd]].<br />
# systemctl start httpd<br />
<br />
Apache should now be running. Test by visiting http://localhost/ in a web browser. It should display a simple Apache test page.<br />
<br />
==== User directories ====<br />
* User directories are available by default through http://localhost/~yourusername/ and show the contents of {{ic|~/public_html}} (this can be changed in {{ic|/etc/httpd/conf/extra/httpd-userdir.conf}}).<br />
<br />
* If you do not want user directories to be available on the web, comment out the following line in {{ic|/etc/httpd/conf/httpd.conf}}:<br />
Include conf/extra/httpd-userdir.conf<br />
<br />
* You must make sure that your home directory permissions are set properly so that Apache can get there. Your home directory and {{ic|~/public_html/}} must be executable for others ("rest of the world"). This seems to be enough:<br />
$ chmod o+x ~<br />
$ chmod o+x ~/public_html<br />
<br />
* A more secure way to share your home folder with Apache is to add the '''http''' user to the group that owns your home folder. For example, if your home folder and other sub-folders in your home folder belong to group '''piter''', all you have to do is following:<br />
# usermod -aG piter http<br />
or<br />
# gpasswd -a http piter<br />
<br />
* Of course, you have to give ''read'' and ''execute'' permissions on {{ic|~/}}, {{ic|~/public_html}}, and all other sub-folders in {{ic|~/public_html}} to the group members (group '''piter''' in our case). Do something like the following ('''modify the commands for your specific case'''):<br />
$ chmod g+xr-w /home/''yourusername''<br />
$ chmod -R g+xr-w /home/''yourusername''/public_html<br />
<br />
{{Note|This way you do not have to give access to your folder to every single user in order to give access to '''http''' user. Only the '''http''' user and other potential users that are in the '''piter''' group will have access to your home folder.}}<br />
<br />
Restart {{ic|httpd}} to apply any changes.<br />
<br />
==== SSL ====<br />
* Create a self-signed certificate (you can change the key size and the number of days of validity):<br />
# cd /etc/httpd/conf<br />
# openssl genrsa -out server.key 2048<br />
# chmod 600 server.key<br />
# openssl req -new -key server.key -out server.csr<br />
# openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt<br />
<br />
* Then, in {{ic|/etc/httpd/conf/httpd.conf}}, uncomment the line containing:<br />
Include conf/extra/httpd-ssl.conf<br />
<br />
Restart {{ic|httpd}} to apply any changes.<br />
<br />
==== Virtual Hosts ====<br />
* If you want to have more than one host, uncomment the following line in {{ic|/etc/httpd/conf/httpd.conf}}:<br />
Include conf/extra/httpd-vhosts.conf<br />
<br />
* In {{ic|/etc/httpd/conf/extra/httpd-vhosts.conf}} set your virtual hosts according the example, e.g.:<br />
{{hc|/etc/httpd/conf/extra/httpd-vhosts.conf|<br />
'''NameVirtualHost *:80 ''' #this allows name based virtual hosts<br />
<br />
#this first virtualhost enables: http://127.0.0.1, or: http://localhost, <br />
#to still go to /srv/http/*index.html(otherwise it will 404_error).<br />
#the reason for this: once you tell httpd.conf to include extra/httpd-vhosts.conf, <br />
#ALL vhosts are handled in httpd-vhosts.conf(including the default one),<br />
# E.G. the default virtualhost in httpd.conf is not used and must be included here, <br />
#otherwise, only domainname1.dom & domainname2.dom will be accessible<br />
#from your web browser and NOT http://127.0.0.1, or: http://localhost, etc.<br />
#<br />
<br />
<VirtualHost *:80><br />
DocumentRoot "/srv/http"<br />
ServerAdmin root@localhost<br />
ErrorLog "/var/log/httpd/127.0.0.1-error_log"<br />
CustomLog "/var/log/httpd/127.0.0.1-access_log" common<br />
<Directory /srv/http/><br />
DirectoryIndex index.htm index.html<br />
AddHandler cgi-script .cgi .pl<br />
Options ExecCGI Indexes FollowSymLinks MultiViews +Includes<br />
AllowOverride None<br />
Order allow,deny<br />
Allow from all<br />
</Directory><br />
</VirtualHost><br />
<br />
<VirtualHost *:80><br />
ServerAdmin your@domainname1.dom<br />
DocumentRoot "/home/username/yoursites/domainname1.dom/www"<br />
ServerName domainname1.dom<br />
ServerAlias domainname1.dom<br />
<Directory /home/username/yoursites/domainname1.dom/www/><br />
DirectoryIndex index.htm index.html<br />
AddHandler cgi-script .cgi .pl<br />
Options ExecCGI Indexes FollowSymLinks MultiViews +Includes<br />
AllowOverride None<br />
Order allow,deny<br />
Allow from all<br />
</Directory><br />
</VirtualHost><br />
<br />
<VirtualHost *:80><br />
ServerAdmin your@domainname2.dom<br />
DocumentRoot "/home/username/yoursites/domainname2.dom/www"<br />
ServerName domainname2.dom<br />
ServerAlias domainname2.dom<br />
<Directory /home/username/yoursites/domainname2.dom/www/><br />
DirectoryIndex index.htm index.html<br />
AddHandler cgi-script .cgi .pl<br />
Options ExecCGI Indexes FollowSymLinks MultiViews +Includes<br />
AllowOverride None<br />
Order allow,deny<br />
Allow from all<br />
</Directory><br />
</VirtualHost><br />
}}<br />
<br />
* Add your virtual host names to your {{ic|/etc/hosts}} file (not necessary if a DNS server is serving these domains already, but will not hurt to do it anyway):<br />
127.0.0.1 domainname1.dom <br />
127.0.0.1 domainname2.dom<br />
<br />
Restart {{ic|httpd}} to apply any changes.<br />
<br />
* If you setup your virtual hosts to be in your user directory, sometimes it interferes with Apache's {{ic|Userdir}} settings. To avoid problems disable {{ic|Userdir}} by comment the following line in:<br />
#Include conf/extra/httpd-userdir.conf<br />
<br />
* As said above, ensure that you have the proper permissions:<br />
# chmod 0775 /home/''yourusername''/<br />
<br />
* If you have a huge amount of virtual hosts, you may want to easily disable and enable them. It is recommended to create one configuration file per virtual host and store them all in one folder, eg: {{ic|/etc/httpd/conf/vhosts}}.<br />
<br />
* First create the folder:<br />
# mkdir /etc/httpd/conf/vhosts<br />
<br />
* Then place the single configuration files in it:<br />
# nano /etc/httpd/conf/vhosts/domainname1.dom<br />
# nano /etc/httpd/conf/vhosts/domainname2.dom<br />
...<br />
<br />
* In the last step, {{ic|Include}} the single configurations in your {{ic|/etc/httpd/conf/httpd.conf}}:<br />
#Enabled Vhosts:<br />
Include conf/vhosts/domainname1.dom<br />
Include conf/vhosts/domainname2.dom<br />
<br />
* You can enable and disable single virtual hosts by commenting or uncommenting them.<br />
<br />
==== Advanced Options ====<br />
These options in {{ic|/etc/httpd/conf/httpd.conf}} might be interesting for you.<br />
<br />
# Listen 80<br />
* This is the port Apache will listen to. For Internet-access with router, you have to forward the port.<br />
<br />
If you setup Apache for local development you may want it to be only accessible from your computer. Then change this line to:<br />
# Listen 127.0.0.1:80<br />
<br />
* This is the admin's email address which can be found on e.g. error pages:<br />
# ServerAdmin you@example.com<br />
<br />
* This is the directory where you should put your web pages:<br />
# DocumentRoot "/srv/http"<br />
<br />
Change it, if you want to, but do not forget to also change<br />
<Directory "/srv/http"><br />
to whatever you changed your {{ic|DocumentRoot}} too, or you will likely get a '''403 Error''' (lack of privileges) when you try to access the new document root. Do not forget to change the {{ic|Deny from all}} line, otherwise you will get a '''403 Error'''.<br />
<br />
# AllowOverride None<br />
* This directive in {{ic|<Directory>}} sections causes Apache to completely ignore {{ic|.htaccess}} files. If you intend to use {{ic|mod_rewrite}} or other settings in {{ic|.htaccess}} files, you can allow which directives declared in that file can override server configuration. For more info refer to the [http://httpd.apache.org/docs/current/mod/core.html#allowoverride Apache documentation].<br />
<br />
{{Note|If you have issues with your configuration you can have Apache check the configuration with: {{ic|apachectl configtest}}}}<br />
<br />
* More settings in {{ic|/etc/httpd/conf/extra/httpd-default.conf}}:<br />
<br />
* To turn off your server's signature:<br />
ServerSignature Off<br />
<br />
* To hide server information like Apache and PHP versions:<br />
ServerTokens Prod<br />
<br />
==== Troubleshooting ====<br />
* If you encounter '''Error: PID file /run/httpd/httpd.pid not readable (yet?) after start.'''<br />
:Comment out the unique_id_module:<br />
#LoadModule unique_id_module modules/mod_unique_id.so<br />
<br />
=== PHP ===<br />
* To enable PHP, add these lines to {{ic|/etc/httpd/conf/httpd.conf}}:<br />
:Place this in the {{ic|LoadModule}} list anywhere after {{ic|LoadModule dir_module modules/mod_dir.so}}:<br />
LoadModule php5_module modules/libphp5.so<br />
<br />
:Place this at the end of the {{ic|Include}} list:<br />
Include conf/extra/php5_module.conf<br />
<br />
:Make sure that the following line is uncommented in the {{ic|<IfModule mime_module>}} section:<br />
TypesConfig conf/mime.types<br />
<br />
:Uncomment the following line (optional):<br />
MIMEMagicFile conf/magic<br />
<br />
* Add this line in {{ic|/etc/httpd/conf/mime.types}}:<br />
application/x-httpd-php php php5<br />
<br />
{{Note|If you do not see {{ic|libphp5.so}} in the Apache modules directory ({{ic|/etc/httpd/modules}}), you may have forgotten to install {{Pkg|php-apache}}.}}<br />
<br />
* If your {{ic|DocumentRoot}} is not {{ic|/srv/http}}, add it to {{ic|open_basedir}} in {{ic|/etc/php/php.ini}} as such:<br />
open_basedir=/srv/http/:/home/:/tmp/:/usr/share/pear/:/path/to/documentroot<br />
<br />
* [[Daemons|Restart]] the '''httpd''' daemon.<br />
<br />
* To test whether PHP was correctly configured: create a file called {{ic|test.php}} in your Apache {{ic|DocumentRoot}} directory (e.g. {{ic|/srv/http/}} or {{ic|~/public_html}}) and inside it put:<br />
<?php phpinfo(); ?><br />
:To see if it works go to: http://localhost/test.php or http://localhost/~myname/test.php<br />
<br />
:If the PHP code is not executed (you see plain text in {{ic|test.php}}), check that you have added {{ic|Includes}} to the {{ic|Options}} line for your root directory in {{ic|/etc/httpd/conf/httpd.conf}}. Moreover, check that {{ic|TypesConfig conf/mime.types}} is uncommented in the <IfModule mime_module> section, you may also try adding the following to the {{ic|<IfModule mime_module>}} in {{ic|httpd.conf}}:<br />
AddHandler application/x-httpd-php .php<br />
<br />
==== Advanced options ====<br />
* It is recommended to set your timezone ([http://www.php.net/manual/en/timezones.php list of timezones]) in {{ic|/etc/php/php.ini}} like so:<br />
{{bc|1=date.timezone = Europe/Berlin}}<br />
<br />
* If you want to display errors to debug your PHP code, change {{ic|display_errors}} to {{ic|On}} in {{ic|/etc/php/php.ini}}:<br />
display_errors=On<br />
<br />
* If you want the {{ic|libGD}} module, install {{Pkg|php-gd}} and uncomment {{ic|1=extension=gd.so}} in {{ic|/etc/php/php.ini}}:<br />
{{Note|{{Pkg|php-gd}} requires {{Pkg|libpng}}, {{Pkg|libjpeg-turbo}}, and {{Pkg|freetype2}}.}}<br />
extension=gd.so<br />
<br />
{{Note|Pay attention to which extension you uncomment, as this extension is sometimes mentioned in an explanatory comment before the actual line you want to uncomment.}}<br />
<br />
* If you want the {{ic|mcrypt}} module, install {{Pkg|php-mcrypt}} and uncomment {{ic|1=extension=mcrypt.so}} in {{ic|/etc/php/php.ini}}:<br />
extension=mcrypt.so<br />
<br />
* Remember to add a file handler for {{ic|.phtml}}, if you need it, in {{ic|/etc/httpd/conf/extra/php5_module.conf}}:<br />
DirectoryIndex index.php index.phtml index.html<br />
<br />
==== Using php5 with apache2-mpm-worker and mod_fcgid ====<br />
* Uncomment following in {{ic|/etc/conf.d/apache}}:<br />
HTTPD=/usr/bin/httpd.worker<br />
<br />
* Uncomment following in {{ic|/etc/httpd/conf/httpd.conf}}:<br />
Include conf/extra/httpd-mpm.conf<br />
<br />
* [[Pacman|Install]] the {{pkg|mod_fcgid}} and {{Pkg|php-cgi}} packages from the [[official repositories]].<br />
<br />
* Create {{ic|/etc/httpd/conf/extra/php5_fcgid.conf}} with following content:<br />
{{hc|/etc/httpd/conf/extra/php5_fcgid.conf|<nowiki><br />
# Required modules: fcgid_module<br />
<br />
<IfModule fcgid_module><br />
AddHandler php-fcgid .php<br />
AddType application/x-httpd-php .php<br />
Action php-fcgid /fcgid-bin/php-fcgid-wrapper<br />
ScriptAlias /fcgid-bin/ /srv/http/fcgid-bin/<br />
SocketPath /var/run/httpd/fcgidsock<br />
SharememPath /var/run/httpd/fcgid_shm<br />
# If you don't allow bigger requests many applications may fail (such as WordPress login)<br />
FcgidMaxRequestLen 536870912<br />
PHP_Fix_Pathinfo_Enable 1<br />
# Path to php.ini – defaults to /etc/phpX/cgi<br />
DefaultInitEnv PHPRC=/etc/php/<br />
# Number of PHP childs that will be launched. Leave undefined to let PHP decide.<br />
#DefaultInitEnv PHP_FCGI_CHILDREN 3<br />
# Maximum requests before a process is stopped and a new one is launched<br />
#DefaultInitEnv PHP_FCGI_MAX_REQUESTS 5000<br />
<Location /fcgid-bin/><br />
SetHandler fcgid-script<br />
Options +ExecCGI<br />
</Location><br />
</IfModule></nowiki><br />
}}<br />
<br />
* Create the needed directory and symlink it for the PHP wrapper:<br />
# mkdir /srv/http/fcgid-bin<br />
# ln -s /usr/bin/php-cgi /srv/http/fcgid-bin/php-fcgid-wrapper<br />
<br />
* Edit {{ic|/etc/httpd/conf/httpd.conf}}:<br />
#LoadModule php5_module modules/libphp5.so<br />
LoadModule fcgid_module modules/mod_fcgid.so<br />
Include conf/extra/php5_fcgid.conf<br />
<br />
* Make sure {{ic|/etc/php/php.ini}} has the directive enabled:<br />
cgi.fix_pathinfo=1<br />
and [[Daemons|restart]] '''httpd'''.<br />
<br />
{{Note|1=As of Apache 2.4 (the {{AUR|apache24}} package is available in the [[AUR]]) you can now use [http://httpd.apache.org/docs/2.4/mod/mod_proxy_fcgi.html mod_proxy_fcgi] (part of the official distribution) with PHP-FPM (and the new event MPM). See this [http://wiki.apache.org/httpd/PHP-FPM configuration example].}}<br />
<br />
=== MariaDB ===<br />
* Configure MySQL/MariaDB as described in [[MariaDB]].<br />
<br />
* Uncomment [http://www.php.net/manual/en/mysqlinfo.api.choosing.php at least one] of the following lines in {{ic|/etc/php/php.ini}}:<br />
extension=pdo_mysql.so<br />
extension=mysqli.so<br />
extension=mysql.so<br />
{{Tip|If you're using mysqli.so you may need to uncomment 'extension&#61;mysqli.so' and 'extension&#61;mysql.so'.}}<br />
{{Warning|As of PHP 5.5, mysql.so is [http://www.php.net/manual/de/migration55.deprecated.php deprecated] and will fill up your log files.}}<br />
<br />
* You can add minor privileged MySQL users for your web scripts. You might also want to edit {{ic|/etc/mysql/my.cnf}} and uncomment the {{ic|skip-networking}} line so the MySQL server is only accessible by the localhost. You have to restart MySQL for changes to take effect. <br />
<br />
* [[Daemons|Restart]] the '''httpd''' daemon.<br />
<br />
{{Tip|You may want to install a tool like [[phpMyAdmin]], [[Adminer]] or {{AUR|mysql-workbench}} to work with your databases.}}<br />
<br />
== External links ==<br />
* [http://www.apache.org/ Apache Official Website]<br />
* [http://www.php.net/ PHP Official Website]<br />
* [https://mariadb.org/ MariaDB Official Website]<br />
* [http://www.akadia.com/services/ssh_test_certificate.html Tutorial for creating self-signed certificates]<br />
* [http://wiki.apache.org/httpd/CommonMisconfigurations Apache Wiki Troubleshooting]</div>Pimanachttps://wiki.archlinux.org/index.php?title=MythTV&diff=263980MythTV2013-06-23T16:52:55Z<p>Pimanac: /* Installing MythTV */</p>
<hr />
<div>[[Category:Audio/Video]]<br />
[[da:MythTV]]<br />
MythTV is an application suite designed to provide an amazing multimedia experience.<br />
It provides PVR functionality to a Linux based computer and also supports other media types. <br />
Combined with a nice, quiet computer and a decent TV, it makes an excellent centerpiece to a home theater system.<br />
<br />
==Structure==<br />
The MythTV system is split into a backend and a frontend. Each component has its own functions:<br />
<br />
===mythbackend===<br />
*Schedule and record television programming<br />
*Stream video data to the frontend<br />
*Flag commercial breaks<br />
*Transcode videos from one format to another<br />
<br />
===mythfrontend===<br />
*Provide a pretty GUI<br />
*Play back recorded content<br />
*Provide an interface to schedule programs<br />
<br />
The frontend and backend may be on separate computers on a network, and there may also be multiple frontends. This architecture allows for a central media distribution system that can reach anywhere a network can. This is a remarkably flexible system, and it even allows very low power machines to act as perfectly usable frontends.<br />
<br />
==Requirements==<br />
MythTV is a very scalable system. With standard definition television and pure MPEG2 encoding and decoding with hardware acceleration, even a very modest system can act as both frontend and backend. How modest? Some people report being able to use fanless Via systems with Hauppauge PVR cards for both backend and frontend simultaneously. While the author does not condone the use of such a lightweight system, it has been done successfully.<br />
<br />
On the other end of the spectrum, high definition TV with MPEG4 transcoding and commercial flagging can require serious horsepower. Most people in the HD realm use high-end Athlon XPs, midrange to high-end Athlon 64s, and high-end Pentium 4s for their backends. The frontend can get away with a somewhat more midrange processor if XvMC playback acceleration is used.<br />
<br />
All systems are going to need a tuner card. The Hauppauge PVR series of cards (150, 250, 350, and 500) are very popular for use with MythTV due to fairly decent Linux support and low CPU usage. Other cards, like those based on the BT878 chipset, are also used. Unlike the PVR series, BT878 based cards require significant amounts of CPU power to save the video, as these cards output raw frames and not compressed streams.<br />
<br />
The only combination of hardware the author can say works is an Athlon XP 1700+ frontend with 512MB of DDR memory, and a Pentium 4 2.8GHz backend with 512MB of DDR2 memory.<br />
<br />
==Getting Started==<br />
In order to install MythTV on your system(s), you must have a working Linux installation. Since this is the Arch Linux website, this article will be geared towards Arch. A simple base system [[Installation Guide|Installation]] with no extras is a suggested starting point.<br />
<br />
For the backend, it is also good to have [[LAMP]] working properly so that anybody can use a web browser to schedule programming through MythWeb. While it is not necessary, it is a very handy feature.<br />
<br />
A working [[Xorg]] (graphical) environment is necessary.<br />
<br />
==Make a "mythtv" User==<br />
<br />
If the purpose of the box is a stand-alone system, consider making a dedicated user for this purpose. For the rest of the guide, this username is "mythtv."<br />
<br />
# useradd -m -g users -G audio,lp,optical,storage,video,games,power -s /bin/bash mythtv<br />
# passwd mythtv <<set the password of your choosing>><br />
<br />
==Installing MythTV==<br />
<br />
Install the MythTV package and any desired plugins:<br />
<br />
# pacman -S mythtv mythplugins-mythweb ...<br />
<br />
*mythplugins-mytharchive - Create DVDs or archive recorded shows in MythTV<br />
*mythplugins-mythbrowser - Mini web browser for MythTV<br />
*mythplugins-mythgallery - Image gallery plugin for MythTV<br />
*mythplugins-mythgame - Game emulator plugin for MythTV<br />
*mythplugins-mythmusic - Music playing plugin for MythTV<br />
*mythplugins-mythnetvision - MythNetvision plugin for MythTV<br />
*mythplugins-mythnews - News checking plugin for MythTV<br />
*mythplugins-mythweather - Weather checking plugin for MythTV<br />
*mythplugins-mythweb - Web interface for the MythTV scheduler<br />
*mythplugins-mythzoneminder - View CCTV footage from zoneminder in MythTV<br />
<br />
At this point a generic MythTV installation is present that must be refined into a backend, a frontend, or both.<br />
<br />
===Backend setup===<br />
Before setting up your backend, make sure you have a functioning ''video capture card'' or a ''firewire input from a STB''. Unfortunately, that part of setup is outside the scope of this article. If you are in the United States, get an account at [http://www.schedulesdirect.org Schedules Direct] (this service provides TV listings at a minimal cost). Users outside the United States will need to use screen scrapers ([http://wiki.xmltv.org/index.php/Main_Page/ xmltv]) to do the same job. <br><br />
<br />
====Setting up the database====<br />
<br />
{{Note|This is a quick and dirty walk through of MySQL. Be sure you read the [[MySQL]] article for more details.}}<br />
Install and run MySQL:<br />
# pacman -S mysql<br />
<br />
If other machines in the LAN are expected to connect to the masterbackend server, comment out the "skip-networking" line in {{ic|/etc/mysql/my.cnf}} at this point.<br />
<br />
Setup mysql with a password:<br />
# mysql_secure_installation<br />
<br />
Create the database structure:<br />
# mysql -u root -p </usr/share/mythtv/mc.sql<br />
<br />
If you have lost or overwritten your mc.sql file, it is always available [https://github.com/MythTV/mythtv/blob/master/mythtv/database/mc.sql here].<br />
<br />
Update your database<br />
$ mysql_upgrade -u root -p<br />
<br />
{{Note|With the 0.26 release of mythtv, time zone tables are required to be in MySQL!}}<br />
To add them, simply execute the following:<br />
mysql_tzinfo_to_sql /usr/share/zoneinfo | mysql -u root -p<yourpassword> mysql<br />
<br />
Some setups refuse frontends from remote machines. To fix this:<br />
# mysql -u root -p<br />
mysql> grant all on *.* to mythtv@'192.168.0.2' identified by 'mythtv';<br />
mysql> FLUSH PRIVILEGES;<br />
<br />
*Replace 'mythtv' in the word '''mythtv@''' with the username running on the fronend<br />
*Replace the IP address with that of the remote box needed access<br />
<br />
====Setting up the master backend====<br />
Load up your WM (lxde is a good choice for light-weight builds, but anything will work.)<br />
<br />
Now run the mythtv-setup program<br />
$ mythtv-setup<br />
<br />
* '''General menu''' <br><br />
If this is your master backend, put its IP address in the first and fourth fields, identifying this computer as your master and giving its network IP address.<br><br />
On the next page, enter the paths where recordings and the live TV buffer will be stored. LVM or RAID solutions provide easily accessible large scale storage. But again, those are outside the scope of this article. Set the live TV buffer to a size you can handle and leave everything else alone.<br><br />
On the next page, set the settings to your locale. NTSC is mostly used in North America, and be sure to set whether using cable or broadcast.<br><br />
On the next two pages, leave everything as is unless you know for sure you want to change it.<br />
On the next page, if you have a fast backend that can handle recordings and flagging jobs simultaneously, it is recommended to set CPU usage to \"High\", maximum simultaneous jobs to 2, and to check the commercial flagging option.<br><br />
On the next page, set these options to taste. Automatic commercial flagging is highly recommended.<br />
Ignore the next page and finish.<br><br />
<br />
* '''Capture card menu''' <br><br />
Select your card type from the drop down list. Hauppauge PVR users will select the MPEG-2 encoder card option.<br><br />
Point mythtv-setup to the proper location, usually /dev/v4l/video0<br><br />
<br />
* '''Video sources menu''' <br><br />
This is where it gets important to have a source for TV listings. Schedules Direct users should create a new video source, name it, select the North America (Schedules Direct) option, and fill in their logon information. In order to verify that it is correct, go ahead and retrieve the listings. <br><br />
<br />
* '''Input connections menu''' <br><br />
This menu is rather self-explanatory. All you need to do is pick an input on the capture card and tell myth which video source it connects to. Most users will select their tuner and leave all the other inputs alone. Satellite users will select a video input, and on the next page provide the command to change channels on their STB using an external channel change program. This is also outside the scope of this article.<br />
<br />
* '''Channel editor menu''' <br><br />
This menu is safe to ignore<br />
<br />
* Exit the program (Esc)<br />
<br />
* Run mythfilldatabase<br />
$ mythfilldatabase<br />
<br />
This should populate your mysql database with TV listings for the next two weeks (or so).<br />
<br />
====Enable the mythbackend daemon====<br />
# systemctl enable mythbackend.service<br />
<br />
=== Security ===<br />
<br />
You may want to have the backend run as the previously-created mythtv user:<br />
<br />
This is a good idea since all user jobs are run as the same user as the user running the backend. If the backend is run as root, all user jobs will be run with root privileges.<br />
<br />
* Edit /etc/conf.d/mythbackend<br />
MBE_USER='mythtv'<br />
<br />
=== Troubleshooting ===<br />
<br />
If you get a libXvMCW.so.1 shared library error, install the following:<br />
{{bc|<br />
# pacman -S libxvmc<br />
}}<br />
<br />
If you cannot open /dev/video0 of your PVR150, install the firmware:<br />
# pacman -S ivtv-utils<br />
<br />
==Frontend setup==<br />
<br />
Compared to the backend, getting a frontend running is trivially simple. Just make sure you are in an X environment as a normal user and run mythfrontend. It will pop up a menu asking about the IP address of the backend and the local computer's name and IP address. Fill in this information and your frontend should be functional. On the other hand, the frontend has more options than a luxury car. All of those are an article on their own. There are a few notable options that should be set to ensure a good working setup. If you do not have an interlaced monitor (and almost nobody does), you will need to deinterlace your television output. Go into the TV playback menu and select kernel deinterlacing or bob2x deinterlacing. Try both and see which you like better. Also, in the general settings page, it is good to set up your [Alsa setup] settings, but those vary so greatly it is not worth suggesting values here.<br />
<br />
One problem I encountered running mythfrontend 0.20.0.2007013 on fglrx was that the colors were mixed up. People were blue-skinned etc. It turns out there is a hack for ATI cards in the source, but it is not enabled. Uncomment #define USE_ATI_PROPRIETARY_DRIVER_XVIDEO_HACK in libs/libmythtv/videoout_xv.cpp and rebuild. (this will change names in svn and so future versions)<br />
<br />
===Nvidia XvMC Setup===<br />
<br />
Assuming you have loaded the proprietary Nvidia drivers from pacman you may need do the following:<br />
{{bc|<br />
echo "libXvMCNVIDIA_dynamic.so.1" > /etc/X11/XvMCConfig }}<br />
<br />
This will allow Mythfrontend to use the XvMC environment for acceleration. Restart Mythfrontend<br />
<br />
==MythTV Plugins==<br />
There are a number of plugins available for MythTV in the AUR. They range from RSS readers to DVD players. Take a look at them. Simply installing the package on the frontend computer should impart the intended functionality. There is rarely any additional setup, and when there is, the install file will mention it.<br />
<br />
===MythWeb===<br />
[[MythWeb]] is a web interface for MythTV. Instructions for configuring MythWeb in Arch Linux can be found on the [[MythWeb]] page.<br />
<br />
=== Mythweather===<br />
<br />
As of 7-10-08 Mythweather is broken in Extra<br />
<p>extra/mythweather 0.21-1 (mythtv-extras)</p><br />
<br />
==Environment Variables==<br />
I found mythbackend would randomly stop running with the following error message:<br />
{{ic|Cannot locate your home directory. Please set the environment variable HOME or MYTHCONFDIR}}<br />
<br />
So I did the following as root:<br />
{{ic|mkdir /home/mythtv ; cp /home/(myusername)/.lircrc /home/mythtv/ ; chown -R (myusername):users /home/mythtv}}<br />
<br />
And then put the following in /etc/rc.conf<br />
{{ic|1=MYTHCONFDIR=/home/mythtv}}<br />
<br />
==Hints to a Happy Myth System==<br />
But not full articles (yet)<br />
*Run ntpd or openntpd on your backend to make sure it always has the right time.<br />
*[[lirc|LIRC]] on your frontend allows you to use a remote control, which is wonderful in a living room.<br />
*Use gdm, kdm, or xdm to automatically log in your frontend, and ~/.xinitrc to load mythfrontend on boot.<br />
*Set the "automatically run mythfilldatabase" option on one of your frontends to make sure you always have listings.<br />
*Do not forget to use the verbosity statements and log file location arguments to mythfrontend so you can see when things break.<br />
*Do not run your frontend as root, create a mythtv user<br />
<br />
===Using GDM to autologin your Mythfrontend===<br />
[[Display Manager]]<br />
<p>In your /etc/gdm/custom.conf add the following statements under the [daemon] heading:</p><br />
{{bc|1=<br />
AutomaticLoginEnable=true<br />
AutomaticLogin=mythtv (assuming your frontend user is mythtv)}}<br />
FYI - GDM will not autologin as root<br />
<br />
===Using XDM to Automically Login to your MythFrontend===<br />
<p>Find in your /etc/inittab file the following line:</p><br />
{{bc|id:3:initdefault:}}<br />
<br />
<p>Change to:</p><br />
{{bc|id:5:initdefault:}}<br />
<br />
<p>Then add the following below it (or anywhere in the file):</p><br />
{{bc|x:5:respawn:su - MYTHUSER -c startx}}<br />
<br />
{{Note| Remember to change "MYTHUSER" to the username that you want to autologin under.}}<br />
<br />
<p>If you'd like to start mythfrontend on booting into Xorg, edit (or create if none exists) your MYTHUSER's .xinitrc file and add the following line:</p><br />
{{bc|mythfrontend}}<br />
<br />
===Optmize your system===<br />
Be sure to have a look at MythTV's extensive wiki documentation on how to keep your data stores happy, as well as optimize your system in various other ways to get the most out of your Myth box.<br />
<br />
[http://www.mythtv.org/wiki/Optimizing_Performance MythTV Wiki: Optimizing Performance]<br />
<br />
==References==<br />
*http://www.mythtv.org<br />
*http://mythtv.info<br />
*http://wilsonet.com/mythtv/fcmyth.php<br />
*http://www.linhes.org [A user friendly MythTV and Linux install that uses Arch Linux]</div>Pimanachttps://wiki.archlinux.org/index.php?title=Firewalls&diff=255759Firewalls2013-04-30T20:08:01Z<p>Pimanac: </p>
<hr />
<div>[[Category:Firewalls]]<br />
[[es:Firewalls]]<br />
[[it:Firewalls]]<br />
[[ja:Firewalls]]<br />
[[sr:Firewalls]]<br />
[[sv:Brandväggar]]<br />
{{Poor writing|convert to [[Template:App]]}}<br />
<br />
A firewall is a system designed to prevent unauthorized access to or from a private network (which could be just one machine). Firewalls can be implemented in only hardware or software, or a combination of both. Firewalls are frequently used to prevent unauthorized Internet users from accessing private networks connected to the Internet, especially intranets. All messages entering or leaving the intranet pass through the firewall, which examines each message and allows, proxys, or denies the traffic based on specified security criteria.<br />
<br />
The firewalls listed in this article are overwhelmingly based on the [[iptables]] program. Consider configuring the iptables process yourself according to its wiki page (listed below) to keep to the [[The Arch Way]].<br />
<br />
There are many posts on the forums about different firewall apps and scripts so here they all are condensed into one page - please add your comments about each firewall, especially ease of use and a security check at [http://www.grc.com/x/ne.dll?bh0bkyd2 Shields Up].<br />
<br />
{{Note|Checks at Shields Up are only a valid measure of your router should you have one in the LAN. To accurately evaluate a software firewall, one needs to directly connect the box to the cable modem.}}<br />
<br />
==Firewall Guides & Tutorials==<br />
:* [[Simple Stateful Firewall]]: Setting up a comprehensive firewall with iptables.<br />
<br />
:* [[Uncomplicated Firewall]], the wiki page for the simple iptables frontend, '''ufw''', provides a nice tutorial for a basic configuration.<br />
<br />
:* [[Router]] Setup Guide. A tutorial for turning a computer into an internet gateway/router. It focuses on security and configuring your gateway to have as few insecure holes to the internet as possible.<br />
<br />
====External Firewall Tutorials====<br />
<br />
:* http://www.frozentux.net/documents/iptables-tutorial/ A complete and simple tutorial to iptables<br />
<br />
:* http://tldp.org/HOWTO/Masquerading-Simple-HOWTO/IP Masq is a form of Network Address Translation or NAT that allows internally networked computers that do not have one or more registered Internet IP addresses to have the ability to communicate to the Internet via your Linux boxes single Internet IP address.<br />
<br />
:* http://tldp.org/HOWTO/Masquerading-Simple-HOWTO/ Masquerading, transparent proxying, port forwarding, and other forms of Network Address Translations with the 2.4 Linux Kernels.<br />
<br />
==iptables front-ends==<br />
===iptables===<br />
* {{App|[[Iptables]]|A powerful firewall built into the Linux kernel that is part of the [[Wikipedia:Netfilter|Netfilter]] project. Most firewalls, as described in this section below, are usually just front-ends.|http://www.netfilter.org/projects/iptables/index.html|{{Pkg|iptables}}}}<br />
<br />
Also see the man pages: ({{Ic|man iptables}}) &ndash; http://unixhelp.ed.ac.uk/CGI/man-cgi?iptables+8<br />
<br />
===Arno's Firewall===<br />
[http://rocky.eld.leidenuniv.nl/ Arno's IPTABLES Firewall Script] is a secure firewall for both single and multi-homed machines.<br />
<br />
The script:<br />
*EASY to configure and highly customizable<br />
*daemon script included<br />
*a filter script that makes your firewall log more readable<br />
<br />
Supports:<br />
*NAT and SNAT<br />
*port forwarding<br />
*ADSL ethernet modems with both static and dynamically assigned IPs<br />
*MAC address filtering<br />
*stealth port scan detection<br />
*DMZ and DMZ-2-LAN forwarding<br />
*protection against SYN/ICMP flooding<br />
*extensive user definable logging with rate limiting to prevent log flooding<br />
*all IP protocols and VPNs such as IPsec<br />
*plugin support to add extra features.<br />
<br />
===ferm===<br />
[http://ferm.foo-projects.org/ ferm] (which stands for "For Easy Rule Making") is a tool to maintain complex firewalls, without having the trouble to rewrite the complex rules over and over again. ferm allows the entire firewall rule set to be stored in a separate file, and to be loaded with one command. The firewall configuration resembles structured programming-like language, which can contain levels and lists.<br />
<br />
===Firehol===<br />
[http://firehol.sourceforge.net/ FireHOL] is a language to express firewalling rules, not just a script that produces some kind of a firewall. It makes building even sophisticated firewalls easy - the way you want it. The result is actually iptables rules.<br />
<br />
{{Pkg|firehol}} is available in the [[Official Repositories|official repositories]].<br />
<br />
===Firetable===<br />
[http://projects.leisink.net/firetable Firetable] is an iptables-based firewall with "human readable" syntax.<br />
<br />
{{AUR|firetable}} is available in the [[Arch User Repository|AUR]].<br />
<br />
===Shorewall===<br />
[http://www.shorewall.net/ The Shoreline Firewall], more commonly known as "Shorewall", is high-level tool for configuring Netfilter. You describe your firewall/gateway requirements using entries in a set of configuration files. See [[Shorewall]] page for how to install and configure it.<br />
<br />
===ufw===<br />
ufw (uncomplicated firewall) is a simple front-end for iptables and is available in the [[Official Repositories|official repositories]].<br />
<br />
See [[Uncomplicated Firewall]] for more information.<br />
<br />
===Vuurmuur===<br />
[http://www.vuurmuur.org/ Vuurmuur] Vuurmuur is a powerful firewall manager built on top of iptables. It has a simple and easy to learn configuration that allows both simple and complex configurations. The configuration can be fully configured through an {{Pkg|ncurses}} GUI, which allows secure remote administration through SSH or on the console. Vuurmuur supports traffic shaping, has powerful monitoring features, which allow the administrator to look at the logs, connections and bandwidth usage in realtime.<br />
<br />
{{AUR|Vuurmuur}} is available in the [[Arch User Repository|AUR]].<br />
<br />
==iptables GUIs==<br />
===Firestarter===<br />
[http://www.fs-security.com/ Firestarter] is a good GUI for iptables writen on GTK2, it has the ability to use both white and black lists for regulating traffic, it is very simple and easy to use, with good documentation available on their website.<br />
<br />
{{AUR|Firestarter}} has [[GNOME]] dependencies and is available in the [[Arch User Repository|AUR]].<br />
<br />
===Guarddog===<br />
[http://www.simonzone.com/software/guarddog/ Guarddog] is a really easy to use GUI for configuring iptables. After setting up a basic desktop configuration it passes all Shields Up tests perfectly.<br />
<br />
{{AUR|Guarddog}} requires {{Pkg|kdelibs3}} and is available in the [[AUR]] repository.<br />
<br />
To have the firewall settings applied at boot-up you must run {{ic|/etc/rc.firewall}} from inside {{ic|/etc/rc.local}} or something similar.<br />
<br />
===Uncomplicated Firewall (ufw) Frontends===<br />
[[Uncomplicated_Firewall#Gufw|Gufw]], a GTK-based front-end to {{Pkg|ufw}} which happens to be a CLI front-end to iptables (gufw->ufw->iptables), is super easy and super simple to use.<br />
{{Note|Gufw is perhaps the simplest replacement for tcp_wrappers, which was [https://www.archlinux.org/news/dropping-tcp_wrappers-support/ discontinued recently]}}<br />
[[Uncomplicated_Firewall#kcm-ufw|kcm-ufw]] is a KDE alternative to Gufw.<br />
<br />
See [[Uncomplicated_Firewall#GUI_frontends|Uncomplicated Firewall]] for more info.<br />
<br />
===KMyFirewall===<br />
[http://kmyfirewall.sourceforge.net/ KMyFirewall] is KDE3 GUI for iptables.<br />
<br />
Firewall editing capabilities are simple enough to use to be suitable for beginners, but also allow for sophisticated tweaking of the firewall settings.<br />
<br />
{{AUR|KMyFirewall}} requires {{Pkg|kdelibs3}} and is available in the [[Arch User Repository|AUR]].<br />
<br />
===firewalld===<br />
[https://fedoraproject.org/wiki/FirewallD firewalld] provides a daemon and graphical interface for configuring network and firewall zones as well as setting up and configuring firewall rules.<br />
<br />
{{Pkg|firewalld}} is available in the [[Official Repositories|official repositories]].<br />
<br />
==Firewall Builder==<br />
[http://www.fwbuilder.org/ Firewall Builder] is "a GUI firewall configuration and management tool that supports iptables (netfilter), ipfilter, pf, ipfw, Cisco PIX (FWSM, ASA) and Cisco routers extended access lists. [...] The program runs on Linux, FreeBSD, OpenBSD, Windows and Mac OS X and can manage both local and remote firewalls." Source: http://www.fwbuilder.org/<br />
<br />
{{Pkg|fwbuilder}} is available in the [[Official Repositories|official repositories]].<br />
<br />
==Other==<br />
* {{App|[[Wikipedia:EtherApe|EtherApe]]|A graphical network monitor for various OSI layers and protocols.|http://etherape.sourceforge.net/|{{Pkg|etherape}}}}<br />
* {{App|[[Fail2ban]]|Bans IPs after too many failed authentification attempts against common daemons.|http://www.fail2ban.org/|{{Pkg|fail2ban}}}}<br />
<br />
==See Also==<br />
Debian Wiki's list of Firewalls:<br />
http://wiki.debian.org/Firewalls</div>Pimanachttps://wiki.archlinux.org/index.php?title=Daemons_list&diff=250290Daemons list2013-03-12T00:38:13Z<p>Pimanac: </p>
<hr />
<div>[[Category:Boot process]]<br />
[[Category:Daemons and system services]]<br />
[[zh-cn:Daemons List]]<br />
Here is a list of daemons. Note that any package can provide a daemon, so this list will never be complete. Please feel free to add any missing daemons here, in alphabetical order. You may have packages that include other daemons from the [[AUR]]. These files will likely be located in {{ic|/usr/lib/systemd/system/}}. <br />
<br />
For each daemon the name of the script (for [[rc.conf|initscripts]]) and of the service (for [[systemd]]) is given.<br />
{| border="1"<br />
!initscripts!!systemd!!Description<br />
|-<br />
|[[acpid]]||acpid.service||A daemon for delivering ACPI power management events with netlink support.<br />
|-<br />
|[[Advanced Linux Sound Architecture|alsa]]||''always on'' – alsa-store.service, alsa-restore.service<br />
||An alternative implementation of Linux sound support.<br />
|-<br />
|atd||atd.service||Run jobs queued for later execution.<br />
|-<br />
|[[Autofs|autofs]]||autofs.service||A package that provides support for automounting removable media or network shares when they are inserted or accessed.<br />
|-<br />
|[[Avahi|avahi-daemon]]||avahi-daemon.service||Allows programs to automatically find local network services.<br />
|-<br />
|[[Avahi|avahi-dnsconfd]]||avahi-dnsconfd.service|| Multicast/unicast DNS-SD framework.<br />
|-<br />
|[[Bitlbee|bitlbee]]||bitlbee.service|| Brings instant messaging (XMPP, MSN, Yahoo!, AIM, ICQ, Twitter) to IRC.<br />
|-<br />
|[[Bluetooth|bluetooth]]||bluetooth.service||Bluetooth protocol stack, framework, subsystem. <br />
|-<br />
|[[CDemu|cdemud]]||cdemu-daemon.service||CD/DVD-ROM device emulator.<br />
|-<br />
|[[Connman|connmand]]||connman.service||Wireless LAN network manager.<br />
|-<br />
|[[Chrony|chrony]]||chrony.service||Lightweight NTP client and server.<br />
|-<br />
|[[ClamAV|clamav]]||clamd.service<br />
freshclamd.service<br />
||Anti-virus toolkit for Unix.<br />
|-<br />
|[[CPU_Frequency_Scaling|cpupower]]||cpupower.service||Linux kernel tool to examine and tune power saving related features of processor.<br />
|-<br />
|craftbukkit||''not yet implemented''||CraftBukkit Minecraft server<br />
|-<br />
|[[Cron|crond]]||cronie.service (if using {{Pkg|cronie}}) or dcron.service (if using {{Pkg|dcron}}) ||Daemon to schedule and time events. The daemon name ''crond'' is used by at least two packages, {{Pkg|cronie}} and {{Pkg|dcron}}.<br />
|-<br />
|[[CUPS|cupsd]]||cups.service ||The CUPS Printing System daemon.<br />
|-<br />
|[[D-Bus|dbus]]||''always on'' – dbus.service||Freedesktop.org message bus system.<br />
|-<br />
|[[Cron|dcron]]||dcron.service||Daemon to schedule and time events. The daemon name ''crond'' is used by at least two packages, {{Pkg|cronie}} and {{Pkg|dcron}}. {{Pkg|cronie}} is the default cron implementation for Arch.<br />
|-<br />
|dante|sockd||sockd.service||A circuit-level SOCKS client/server.<br />
|-<br />
|[[Deluge|deluged]]||deluged.service||Cross-platform and full-featured BitTorrent client.<br />
|-<br />
|[[Deluge|deluge-web]]||deluge-web.service||A BitTorrent client with multiple user interfaces in a client/server model.<br />
|-<br />
|[[Dhcpcd|dhcpcd]]||dhcpcd@.service||DHCP daemon. Insert the network interface after @ ('dhcpcd@eth0.service'). <br />
|-<br />
|[[Dovecot|dovecot]]||dovecot.service||IMAP and POP3 server. <br />
|-<br />
|[[Dropbox|dropboxd]]||''not yet implemented''||Cross-platform file synchronisation with version control.<br />
|-<br />
|[[fail2ban|fail2ban]]||''fail2ban.service''||Fail2ban scans log files and bans IPs that show the malicious signs.<br />
|-<br />
|[[FAM|fam]]||''deprecated''||File Alteration Monitor. (deprecated)<br />
|-<br />
|[[Fan_Speed_Control|fancontrol]]||fancontrol.service||Fan control daemon (part of lm_sensors)<br />
|-<br />
|[[Fbsplash|fbsplash]]||''not yet implemented''||Graphical boot splash screen for the user.<br />
|-<br />
|[[FluidSynth|fluidsynth]]||fluidsynth.service||Software synthesizer<br />
|-<br />
|ftpd||ftpd.service||Inetutils ftp daemon<br />
|-<br />
|[[GDM|gdm]]||gdm.service||Gnome Display Manager (Login Screen)<br />
|-<br />
|[[Git|git-daemon]]||git-daemon.socket||GIT daemon<br />
|-<br />
|[[Console Mouse Support|gpm]]||gpm.service||Console mouse support.<br />
|-<br />
|[[HAL|hal]]||''obsolete''||Hardware Abstraction Layer. (Deprecated)<br />
|-<br />
|[[hddtemp]]||hddtemp.service||Hard drive temperature monitor daemon<br />
|-<br />
|healthd||healthd.service||A daemon which can be used to alert you in the event of a hardware health monitoring alarm (part of lm_sensors).<br />
|-<br />
|-<br />
|[[LAMP|httpd]]||httpd.service||Apache HTTP Server (Web Server)<br />
|-<br />
|[[hwclock]]||||Not a daemon as such, but on shutdown, updates hwclock to compensate for drift. Only run this daemon if ntpd is not running as both daemons adjust the hardware clock.<br />
|-<br />
|i8kmon||i8kmon.service||Monitor the cpu temperature and fan status on Dell Inspiron laptops.<br />
|-<br />
|ifplugd||ifplugd@<interface>.service, ie: ifplugd@eth0.service||Start/stop network on network cable plugged in/out.<br />
|-<br />
|[[iptables]]||iptables.service||Load firewall rules.<br />
|-<br />
|-<br />
|[[iptables|ip6tables]]||ip6tables.service||Load firewall rules for ipv6.<br />
|-<br />
|irqbalance||irqbalance.service||Irqbalance is the Linux utility tasked with making sure that interrupts from your hardware devices are handled in as efficient a manner as possible.<br />
|-<br />
|[[KDE|kdm]]||kdm.service||KDE Display Manager (Graphical Login)<br />
|-<br />
|krb5-kadmind||krb5-kadmind.service||Kerberos 5 administration server<br />
|-<br />
|krb5-kdc||krb5-kdc.service||Kerberos 5 KDC<br />
|-<br />
|krb5-kpropd||krb5-kpropd.service||Kerberos 5 propagation server<br />
|-<br />
|[[Laptop Mode Tools|laptop-mode]]||laptop-mode.service||Laptop Power Saving Tools<br />
|-<br />
|[[lighttpd]]||lighttpd.service||Lighttpd HTTP Server (Web Server).<br />
|-<br />
|[[libvirt]]||libvirtd.service||libvirt is a virtualization API and a daemon for managing virtual machines (VMs).<br />
|-<br />
|[[LXDE|lxdm]]||lxdm.service||LXDE Display Manager (Graphical Login)<br />
|-<br />
|mdadm||mdadm.service||MD Administration (Linux Software RAID).<br />
|-<br />
|[[miniDLNA]]||minidlna.service||simple DLNA/UPnP media server<br />
|-<br />
|[[Music Player Daemon|mpd]]||mpd.service||Music Player Daemon.<br />
|-<br />
|[[MySQL|mysqld]]||mysqld.service||MySQL database server.<br />
|-<br />
|[[MythTV|mythbackend]]||mythbackend.service||Backend for the MythTV digital video recording/home theater software.<br />
|-<br />
|[[BIND|named]]||named.service||The Berkeley Internet Name Daemon (BIND) DNS server.<br />
|-<br />
|netfs||''unused, handled automatically, see''<br />
remote-fs.target<br />
''to manually execute scripts''<br />
||Mounts network file systems.<br />
|-<br />
|[[Netcfg|net-auto-wired]]||net-auto-wired.service||Netcfg replacement for {{ic|network}} - connects to wired network<br />
|-<br />
|[[Netcfg|net-auto-wireless]]||net-auto-wireless.service||Netcfg replacement for {{ic|network}} - connects to wireless network<br />
|-<br />
|[[Netcfg|net-profiles]]||netcfg.service<br />
netcfg@<profile-name>.service<br />
||Netcfg replacement for {{ic|network}} - connects to profiles<br />
|-<br />
|[[Configuring_Network|network]]||''(dynamic Ethernet)'' dhcpcd@<interface>.service||To bring up the network connections.<br />
|-<br />
|[[NetworkManager|networkmanager]]||NetworkManager.service<br />
NetworkManager-wait-online.service<br />
||Replaces {{ic|network}}, and provides configuration and detection for automatic network connections.<br />
|-<br />
|[[Nginx|nginx]]||nginx.service||Nginx HTTP Server and IMAP/POP3 proxy server (Web Server)<br />
|-<br />
|nscd||nscd.service||Name service cache daemon<br />
|-<br />
|[[Network Time Protocol daemon|ntpd]]||ntpd.service||Network Time Protocol daemon (client and server).<br />
|-<br />
|[[Ntop|Ntop]]||ntop.service||Ntop is a network traffic probe based on libcap.<br />
|-<br />
|[[OpenNTPD|openntpd]]||openntpd.service||alternate Network Time Protocol daemon (client and server).<br />
|-<br />
|osspd||osspd.service||OSS Userspace Bridge.<br />
|-<br />
|[[OpenVPN|openvpn]]||openvpn@<profile-name>.service||One for each vpn conf file saved like /etc/openvpn/<profile-name>.conf<br />
|-<br />
|[[Pdnsd|pdnsd]]||pdnsd.service||Proxy DNS server with permanent caching.<br />
|-<br />
|[[Nginx#1st_Method_.22New.22_.28as_of_PHP_5.3.3.29|php-fpm]]||php-fpm.service||FastCGI Process Manager for PHP<br />
|-<br />
|[[OSS|oss]]||oss.service||Open Sound System. Alternative to ALSA.<br />
|-<br />
|[[PostgreSQL|postgresql]]||postgresql.service||PostgreSQL database server.<br />
|-<br />
|[[Postfix|postfix]]||postfix.service||<br />
|-<br />
|[[powernowd]]||''not yet implemented''||To adjust speed of CPU depending on system load. See also [[CPU Frequency Scaling]]<br />
|-<br />
|[[PPTP Server|pptpd]]||pptpd.service||A Virtual Private Network (VPN) server using the Point-to-Point Tunneling Protocol (PPTP).<br />
|-<br />
|[[Prosody|prosody]]||prosody.service||XMPP server.<br />
|-<br />
|[[pppd|Pppd]]||ppp@provider.service||A daemon which implements the Point-to-Point Protocol for dial-up networking.<br />
|-<br />
|[[preload]]||preload.service||Makes applications run faster by prefetching binaries and shared objects.<br />
|-<br />
|[[psd]]||psd.service||Manages your browser's profile in tmpfs and periodically sync it back to your physical disk.<br />
|-<br />
|pure-ftpd||pure-ftpd.service|| A fast, production quality, standards-conformant FTP server.<br />
|-<br />
|[[readahead]]||systemd-readahead-collect.service<br />
<br />
systemd-readahead-done.service<br />
<br />
systemd-readahead-drop.service<br />
<br />
systemd-readahead-replay.service<br />
||Readahead for faster boot<br />
|-<br />
||rfkill||rfkill-block@.service<br />
rfkill-unblock@.service<br />
||(Un)block radio devices. A block@all or unblock@all instance (not to be enabled simultaneously) is started before any unblock@device or block@device, respectively.<br />
|-<br />
|[[Rsync|rsyncd]]||rsyncd.service||Rsync daemon.<br />
|-<br />
|[[Rsyslog|rsyslogd]]||rsyslog.service||The latest version of a system logger.<br />
|-<br />
|[[samba]]||smbd.service<br />
<br />
nmbd.service<br />
<br />
winbindd.service<br />
||File and print services for Microsoft Windows clients.<br />
|-<br />
|[[USB_Scanner_Support|saned]]||saned@.service||To share the scanner system over network.<br />
|-<br />
|saslauthd||saslauthd.service||SASL authentication daemon<br />
|-<br />
|[[Lm_sensors|sensord]]||sensord.service||Sensor information logging daemon (part of lm_sensors)<br />
|-<br />
|[[Lm sensors|sensors]]||lm_sensors.service||Hardware (temperature, fans etc) monitoring.<br />
|-<br />
|[[SLiM|slim]]||slim.service||Simple Login Manager<br />
|-<br />
|[[SMART|smartd]]||smartd.service||Self-Monitoring, Analysis, and Reporting Technology (S.M.A.R.T) Hard Disk Monitoring<br />
|-<br />
|[[Samba#smbnetfs|smbnetfs]]||smbnetfs.service||To automatically mount Samba/Microsoft network shares.<br />
|-<br />
|[[snmpd]]||snmpd.service||A suite of applications used to implement SNMP<br />
|-<br />
|soundmodem||''not yet implemented''||Multiplatform Soundcard Packet Radio Modem<br />
|-<br />
|[[SOHO Postfix|spamd]]||spamassassin.service|| e-mail spam filtering service.<br />
|-<br />
|[[Secure Shell|sshd]]||sshd.service (permanent)<br />
sshd.socket (on-demand)<br />
||OpenSSH (secure shell) daemon.<br />
|-<br />
|stunnel||stunnel.service||Allows encrypting arbitrary TCP connections inside SSL.<br />
|-<br />
|svnserve||svnserve.service||Subversion server<br />
|-<br />
|syslogd||''deprecated''||This was the older and basic system logger.<br />
|-<br />
|[[syslog-ng]]||syslog-ng.service||System logger next generation.<br />
|-<br />
|[[Timidity|timidity++]]||timidity.service||Software synthesizer for MIDI.<br />
|-<br />
|[[Tor|tor]]||tor.service||Onion routing for anonymous communication.<br />
|-<br />
|[[Transmission|transmissiond]]||transmission.service||Bit Torrent Daemon.<br />
|-<br />
|[[Ufw|ufw]]||ufw.service||Uncomplicated FireWall.<br />
|-<br />
|[[VirtualBox|vboxservice]]||vboxservice.service||VirtualBox Guest Service<br />
|-<br />
|[[vnStat|vnStat]]||vnstat.service||Lightweight network traffic monitor<br />
|-<br />
|[[Very Secure FTP Daemon|vsftpd]]||vsftpd.service (permanent)<br />
<br />
vsftpd.socket (on-demand)<br />
<br />
vsftpd-ssl.service (permanent)<br />
<br />
vsftpd-ssl.socket (on-demand)<br />
||FTP server.<br />
|-<br />
|[[wicd]]||wicd.service||Combine with dbus to replace {{ic|network}}, a lightweight alternative to NetworkManager.<br />
|-<br />
|[[x11vnc]]||x11vnc.service||VNC remote desktop daemon <br />
|-<br />
|[[XDM|xdm]]||xdm.service||X display manager<br />
|-<br />
|[[XDM|xdm-archlinux]]||xdm-archlinux.service||X display manager with Arch Linux theme<br />
|-<br />
|}</div>Pimanachttps://wiki.archlinux.org/index.php?title=Beginners%27_guide&diff=249526Beginners' guide2013-03-06T00:38:38Z<p>Pimanac: /* Wireless */</p>
<hr />
<div><noinclude><br />
[[Category:Getting and installing Arch]]<br />
[[Category:About Arch]]<br />
[[da:Beginners' Guide/Installation]]<br />
[[es:Beginners' Guide/Installation]]<br />
[[hr:Beginners' Guide/Installation]]<br />
[[hu:Beginners' Guide/Installation]]<br />
[[it:Beginners' Guide/Installation]]<br />
[[ja:Beginners' Guide/Installation]]<br />
[[ko:Beginners' Guide/Installation]]<br />
[[nl:Beginners' Guide/Installatie]]<br />
[[pl:Beginners' Guide/Installation]]<br />
[[pt:Beginners' Guide/Installation]]<br />
[[ro:Ghidul începătorilor/Instalare]]<br />
[[ru:Beginners' Guide/Installation]]<br />
[[sr:Beginners' Guide/Installation]]<br />
[[zh-CN:Beginners' Guide/Installation]]<br />
[[zh-TW:Beginners' Guide/Installation]]<br />
{{Tip|This is part of a multi-page article for The Beginners' Guide. '''[[Beginners' Guide|Click here]]''' if you would rather read the guide in its entirety.}}<br />
</noinclude><br />
== Installation ==<br />
<br />
You are now presented with a shell prompt, automatically logged in as root.<br />
<br />
=== Change the language ===<br />
<br />
{{Tip|These are optional for the majority of users. Useful only if you plan on writing in your own language in any of the configuration files, if you use diacritical marks in the Wi-Fi password, or if you would like to receive system messages (e.g. possible errors) in your own language.}}<br />
<br />
By default, the keyboard layout is set to {{ic|us}}. If you have a non-[[Wikipedia:File:KB United States-NoAltGr.svg|US]] keyboard layout, run:<br />
<br />
# loadkeys ''layout''<br />
<br />
...where ''layout'' can be {{ic|fr}}, {{ic|uk}}, {{ic|be-latin1}}, etc. See [[KEYMAP#Keyboard layouts|here]] for a comprehensive list.<br />
<br />
The font should also be changed, because most languages use more glyphs than the 26 letter [[Wikipedia:English alphabet|English alphabet]]. Otherwise some foreign characters may show up as white squares or as other symbols. Note that the name is case-sensitive, so please type it ''exactly'' as you see it:<br />
<br />
# setfont Lat2-Terminus16<br />
<br />
By default, the language is set to English (US). If you would like to change the language for the install process ''(German, in this example)'', remove the {{ic|#}} in front of the [http://www.greendesktiny.com/support/knowledgebase_detail.php?ref=EUH-483 locale] you want from {{ic|/etc/locale.gen}}, along with English (US). Please choose the {{ic|UTF-8}} entry.<br />
<br />
Use {{Keypress|Ctrl+X}} to exit, and when prompted to save changes, press {{Keypress|Y}} and {{Keypress|Enter}} to use the same filename.<br />
<br />
{{hc|# nano /etc/locale.gen|<br />
en_US.UTF-8 UTF-8<br />
de_DE.UTF-8 UTF-8}}<br />
<br />
# locale-gen<br />
# export LANG=de_DE.UTF-8<br />
<br />
Remember, {{Keypress|LAlt+LShift}} activates and deactivates the keymap.<br />
<br />
=== Establish an internet connection ===<br />
<br />
{{Warning|udev no longer assigns network interface names according to the wlanX and ethX naming scheme. If you're coming from a different distribution or are reinstalling Arch and not aware of the new interface naming style, please do not assume that your wireless interface is named wlan0, or that your wired interface is named eth0. You can use the "ip" utility to discover the names of your interfaces.}}<br />
<br />
From systemd-197's release and onward, udev now assigns predictable, stable network interface names that deviate from the legacy incremental naming scheme (wlan0, wlan1, etc.). These interface names are guaranteed to be persistent across reboots, which solves the problem of the lack of predictability of network interface name assignment. For more information about why this was necessary, read http://www.freedesktop.org/wiki/Software/systemd/PredictableNetworkInterfaceNames .<br />
<br />
The {{ic|dhcpcd}} network daemon is started automatically at boot and it will attempt to start a wired connection, if available. Try pinging a website to see if it was successful. And since Google is always on...<br />
<br />
{{hc|# ping -c 3 www.google.com|2=<br />
PING www.l.google.com (74.125.132.105) 56(84) bytes of data.<br />
64 bytes from wb-in-f105.1e100.net (74.125.132.105): icmp_req=1 ttl=50 time=17.0 ms<br />
64 bytes from wb-in-f105.1e100.net (74.125.132.105): icmp_req=2 ttl=50 time=18.2 ms<br />
64 bytes from wb-in-f105.1e100.net (74.125.132.105): icmp_req=3 ttl=50 time=16.6 ms<br />
<br />
--- www.l.google.com ping statistics ---<br />
3 packets transmitted, 3 received, 0% packet loss, time 2003ms<br />
rtt min/avg/max/mdev = 16.660/17.320/18.254/0.678 ms}}<br />
<br />
If you get a {{ic|ping: unknown host}} error, first check if there is any problem with your cable (or if you have enough wireless signal), otherwise you will need to set up the network manually, as explained below.<br />
<br />
Otherwise, move on to [[#Prepare the storage drive|Prepare the storage drive]].<br />
<br />
==== Wired ====<br />
<br />
Follow this procedure if you need to set up a wired connection via a static IP address.<br />
<br />
First, identify the name of your ethernet interface. <br />
<br />
{{hc|# ip link|<br />
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT <br />
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00<br />
2: enp2s0f0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT qlen 1000<br />
link/ether 00:11:25:31:69:20 brd ff:ff:ff:ff:ff:ff<br />
3: wlp3s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DORMANT qlen 1000<br />
link/ether 01:02:03:04:05:06 brd ff:ff:ff:ff:ff:ff}}<br />
<br />
In this case, the ethernet interface is enp2s0f0. If you're unsure, your ethernet interface is likely to start with the letter "e", and unlikely to be "lo" or start with the letter "w". You can also use iwconfig and see which interfaces are not wireless:<br />
<br />
{{hc|# iwconfig|2=<br />
enp2s0f0 no wireless extensions.<br />
wlp3s0 IEEE 802.11bgn ESSID:"NETGEAR97" <br />
Mode:Managed Frequency:2.427 GHz Access Point: 2C:B0:5D:9C:72:BF <br />
Bit Rate=65 Mb/s Tx-Power=16 dBm <br />
Retry long limit:7 RTS thr:off Fragment thr:off<br />
Power Management:on<br />
Link Quality=61/70 Signal level=-49 dBm <br />
Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0<br />
Tx excessive retries:0 Invalid misc:430 Missed beacon:0<br />
lo no wireless extensions.}}<br />
<br />
In this example, neither enp2s0f0 nor the loopback device have wireless extensions, meaning enp2s0f0 is our ethernet interface.<br />
<br />
You also need to know these settings:<br />
<br />
* Static IP address.<br />
* Subnet mask.<br />
* Gateway's IP address.<br />
* Name servers' (DNS) IP addresses.<br />
* Domain name (unless you're on a local LAN, in which case you can make it up).<br />
<br />
Activate the connected Ethernet interface (e.g. {{ic|enp2s0f0}}):<br />
<br />
# ip link set enp2s0f0 up<br />
<br />
Add the address:<br />
<br />
# ip addr add <ip address>/<subnetmask> dev <interface><br />
<br />
For example:<br />
<br />
# ip addr add 192.168.1.2/24 dev enp2s0f0<br />
<br />
For more options, run {{ic|man ip}}.<br />
<br />
Add your gateway like this, substituting your own gateway's IP address:<br />
<br />
# ip route add default via <ip address><br />
<br />
For example:<br />
<br />
# ip route add default via 192.168.1.1<br />
<br />
Edit {{ic|resolv.conf}}, substituting your name servers' IP addresses and your local domain name:<br />
<br />
{{hc|# nano /etc/resolv.conf|<br />
nameserver 61.23.173.5<br />
nameserver 61.95.849.8<br />
search example.com}}<br />
<br />
{{Note|Currently, you may include a maximum of 3 {{ic|nameserver}} lines.}}<br />
<br />
You should now have a working network connection. If you do not, check the detailed [[Network Configuration]] page.<br />
<br />
==== Wireless ====<br />
<br />
Follow this procedure if you need wireless connectivity (Wi-Fi) during the installation process.<br />
<br />
If you're coming from another distribution, or if this is your first time installing Arch Linux since the deprecation of the old interface naming scheme, you might be surprised to learn that the first wireless interface is not named "wlan0". In fact, none of the interfaces are automatically prefixed with "wlan" any longer. Don't panic; simply execute {{ic|iwconfig}} to discover the name of your wireless interface.<br />
<br />
The wireless drivers and utilities are now available to you in the live environment of the installation media. A good knowledge of your wireless hardware will be of key importance to successful configuration. Note that the following quick-start procedure ''executed at this point in the installation'' will initialize your wireless hardware for use ''in the live environment of the installation media''. These steps (or some other form of wireless management) '''must be repeated from the actual installed system after booting into it'''.<br />
<br />
Also note that these steps are optional if wireless connectivity is unnecessary at this point in the installation; wireless functionality may always be established later.<br />
<br />
{{Note|The following examples use {{ic|wlp3s0}} for the interface and {{ic|linksys}} for the ESSID. Remember to change these values according to your setup.}}<br />
<br />
The basic procedure will be:<br />
<br />
* Identify the wireless interface:<br />
<br />
# lspci | grep -i net<br />
<br />
Or, if using a USB adapter:<br />
<br />
# lsusb<br />
<br />
* Ensure udev has loaded the driver, and that the driver has created a usable wireless kernel interface with {{ic|iwconfig}}:<br />
<br />
{{Note|If you do not see output similar to this, then your wireless driver has not been loaded. If this is the case, you must load the driver yourself. Please see [[Wireless Setup]] for more detailed information.}}<br />
<br />
{{hc|# iwconfig|2=<br />
enp2s0f0 no wireless extensions.<br />
wlp3s0 IEEE 802.11bgn ESSID:"NETGEAR97" <br />
Mode:Managed Frequency:2.427 GHz Access Point: 2C:B0:5D:9C:72:BF <br />
Bit Rate=65 Mb/s Tx-Power=16 dBm <br />
Retry long limit:7 RTS thr:off Fragment thr:off<br />
Power Management:on<br />
Link Quality=61/70 Signal level=-49 dBm <br />
Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0<br />
Tx excessive retries:0 Invalid misc:430 Missed beacon:0<br />
lo no wireless extensions.}}<br />
<br />
In this example, {{ic|wlp3s0}} is the available wireless interface.<br />
<br />
* Bring the interface up with:<br />
<br />
# ip link set wlp3s0 up<br />
<br />
A small percentage of wireless chipsets also require firmware, in addition to a corresponding driver. If the wireless chipset requires firmware, you are likely to receive this error when bringing the interface up:<br />
<br />
{{hc|# ip link set wlp3s0 up|<br />
SIOCSIFFLAGS: No such file or directory}}<br />
<br />
If unsure, invoke {{ic|dmesg}} to query the kernel log for a firmware request from the wireless chipset.<br />
<br />
Example output from an Intel chipset which requires and has requested firmware from the kernel at boot:<br />
<br />
{{hc|# dmesg <nowiki>|</nowiki> grep firmware|<br />
firmware: requesting iwlwifi-5000-1.ucode}}<br />
<br />
If there is no output, it may be concluded that the system's wireless chipset does not require firmware.<br />
<br />
{{Warning|Wireless chipset firmware packages (for cards which require them) are pre-installed under {{ic|/usr/lib/firmware}} in the live environment (on CD/USB stick) '''but must be explicitly installed to your actual system to provide wireless functionality after you reboot into it!''' Package installation is covered later in this guide. Ensure installation of both your wireless module and firmware before rebooting! See [[Wireless Setup]] if you are unsure about the requirement of corresponding firmware installation for your particular chipset.}}<br />
<br />
Next, use {{Pkg|netcfg}}'s {{ic|wifi-menu}} to connect to a network. Replace ''wlp3s0" with the name of your interface:<br />
<br />
# wifi-menu wlp3s0<br />
<br />
{{Warning|At the moment, netcfg's wifi-menu, when executed without arguments, will look for "wlan0". Execute wifi-menu with your interface as the argument in order to use it. See [[Network Configuration#Get_current_device_names]]<br />
<br />
You should now have a working network connection. If you do not, check the detailed [[Wireless Setup]] page.<br />
<br />
==== xDSL (PPPoE), analog modem or ISDN ====<br />
<br />
If you have a router in bridge mode, run:<br />
<br />
# pppoe-setup<br />
<br />
* Type in the username that the ISP provided you with.<br />
* Press {{Keypress|Enter}} for "eth0".<br />
* Press {{Keypress|Enter}} for "no", so that it stays up continuously.<br />
* Type {{ic|server}} (since this is usually the case).<br />
* Press {{Keypress|1}} for a firewall.<br />
* Type in the password that the ISP provided you with.<br />
* Press {{Keypress|Y}} at the end.<br />
<br />
To use these settings and connect to your ISP, run:<br />
<br />
# pppoe-start<br />
<br />
You may also need to adjust your {{ic|resolv.conf}}:<br />
<br />
# echo nameserver 8.8.8.8 > /etc/resolv.conf<br />
<br />
If you have a dial-up or ISDN connection, see [[Direct Modem Connection]].<br />
<br />
==== Behind a proxy server ====<br />
<br />
If you are behind a proxy server, you will need to export the {{ic|http_proxy}} and {{ic|ftp_proxy}} environment variables. See [[Proxy settings]] for more information.<br />
<br />
=== Prepare the storage drive ===<br />
<br />
{{Warning|Partitioning can destroy data. You are '''strongly''' cautioned and advised to backup any critical data before proceeding.}}<br />
<br />
Absolute beginners are encouraged to use a graphical partitioning tool. [http://gparted.sourceforge.net/download.php GParted] is a good example, and is [http://gparted.sourceforge.net/livecd.php provided as a "live" CD]. It is also included on live CDs of most Linux distributions such as [[Wikipedia:Ubuntu (operating system)|Ubuntu]] and [[Wikipedia:Linux Mint|Linux Mint]]. A drive should first be [[partitioning|partitioned]] and the partitions should be formatted with a [[File Systems|file system]] before rebooting.<br />
<br />
See [[Swap]] for details if you wish to set up a swap partition or file now. A swap file is easier to resize than a partition and can be created at any point after installation, but cannot be used with a BTRFS filesystem.<br />
<br />
If you have already done so, proceed to [[#Mount the partitions|Mount the partitions]].<br />
<br />
Otherwise, see the following example.<br />
<br />
==== Example ====<br />
<br />
The Arch Linux install media includes the following partitioning tools: {{ic|fdisk}}, {{ic|gdisk}}, {{ic|cfdisk}}, {{ic|cgdisk}}, {{ic|parted}}.<br />
<br />
{{Box BLUE|Notes regarding [[UEFI]] boot:|<br />
* If you have a UEFI motherboard, you will need to create an extra [[Unified Extensible Firmware Interface#Create an UEFI System Partition in Linux|UEFI System Partition]].<br />
* It is recommended to always use GPT for UEFI boot, as some UEFI firmwares do not allow UEFI-MBR boot.}}<br />
<br />
{{Box BLUE|Notes regarding [[GPT]] partitioning:|<br />
* If you are not dual booting with Windows, then it is advisable to use GPT instead of MBR. Read [[GPT]] for a list of advantages.<br />
* If you have a BIOS motherboard (or plan on booting in BIOS compatibility mode) and you want to setup GRUB on a GPT-partitioned drive, you will need to create an extra [[GRUB2#GUID Partition Table (GPT) specific instructions|BIOS Boot Partition]]. Syslinux doesn't need one.<br />
* Some BIOS systems may have issues with GPT. See http://mjg59.dreamwidth.org/8035.html and http://rodsbooks.com/gdisk/bios.html for more info and possible workarounds.}}<br />
<br />
{{Note|If you are installing to a USB flash key, see [[Installing Arch Linux on a USB key]].}}<br />
<br />
The example system will contain a 15 GB root partition, and a [[Partitioning#/home|home]] partition for the remaining space. Choose either [[MBR]] or [[GPT]]. Do not choose both!<br />
<br />
It should be emphasized that partitioning is a personal choice and that this example is only for illustrative purposes. See [[Partitioning]].<br />
<br />
{| class="wikitable"<br />
|-<br />
| rowspan="2" | '''MBR'''<br />
| rowspan="2"| {{ic|cfdisk&nbsp;/dev/sda}}<br />
| '''Root:'''<br />
<br />
* Choose New (or press {{Keypress|N}}) – {{Keypress|Enter}} for Primary – type in "15360" – {{Keypress|Enter}} for Beginning – {{Keypress|Enter}} for Bootable.<br />
|-<br />
|<br />
'''Home:'''<br />
<br />
* Press the down arrow to move to the free space area.<br />
* Choose New (or press {{Keypress|N}}) – {{Keypress|Enter}} for Primary – {{Keypress|Enter}} to use the rest of the drive (or you could type in the desired size).<br />
|-<br />
| rowspan="2" | '''GPT'''<br />
| rowspan="2"| {{ic|cgdisk&nbsp;/dev/sda}}<br />
| '''Root:'''<br />
<br />
* Choose New (or press {{Keypress|N}}) – {{Keypress|Enter}} for the first sector (2048) – type in "15G" – {{Keypress|Enter}} for the default hex code (8300) – {{Keypress|Enter}} for a blank partition name.<br />
|-<br />
| '''Home:'''<br />
<br />
* Press the down arrow a couple of times to move to the larger free space area.<br />
* Choose New (or press {{Keypress|N}}) – {{Keypress|Enter}} for the first sector – {{Keypress|Enter}} to use the rest of the drive (or you could type in the desired size; for example "30G") – {{Keypress|Enter}} for the default hex code (8300) – {{Keypress|Enter}} for a blank partition name.<br />
|}<br />
<br />
If you chose MBR, here's how it should look like:<br />
<br />
Name Flags Part Type FS Type [Label] Size (MB)<br />
-----------------------------------------------------------------------<br />
sda1 Boot Primary Linux 15360<br />
sda2 Primary Linux 133000*<br />
<br />
If you chose GPT, here's how it should look like: <br />
<br />
Part. # Size Partition Type Partition Name<br />
----------------------------------------------------------------<br />
1007.0 KiB free space<br />
1 15.0 GiB Linux filesystem<br />
2 123.45 GiB Linux filesystem<br />
<br />
Double check and make sure that you are happy with the partition sizes as well as the partition table layout before continuing.<br />
<br />
If you would like to start over, you can simply select Quit (or press {{Keypress|Q}}) to exit without saving changes and then restart cfdisk (or cgdisk).<br />
<br />
If you are satisfied, choose Write (or press {{Keypress|Shift+W}}) to finalize and to write the partition table to the drive. Type "yes" and choose Quit (or press {{Keypress|Q}}) to exit without making any more changes.<br />
<br />
Simply partitioning is not enough; the partitions also need a [[File Systems|filesystem]]. To format the partitions with an ext4 filesystem:<br />
<br />
{{Warning|Double check and triple check that it's actually {{ic|/dev/sda1}} and {{ic|/dev/sda2}} that you want to format.}}<br />
<br />
# mkfs.ext4 /dev/sda1<br />
# mkfs.ext4 /dev/sda2<br />
<br />
If you have made a partition dedicated to swap (code 82), don't forget to format and activate it with:<br />
<br />
# mkswap /dev/sda''X''<br />
# swapon /dev/sda''X''<br />
<br />
=== Mount the partitions ===<br />
<br />
Each partition is identified with a number suffix. For example, {{ic|sda1}} specifies the first partition of the first drive, while {{ic|sda}} designates the entire drive.<br />
<br />
To display the current partition layout:<br />
<br />
# lsblk /dev/sda<br />
<br />
{{Note|Do not mount more than one partition to the same directory. And pay attention, because the mounting order is important.}}<br />
<br />
First, mount the root partition on {{ic|/mnt}}. Following the example when using {{ic|cfdisk}} above (yours may be different), it would be:<br />
<br />
# mount /dev/sda1 /mnt<br />
<br />
Then mount the home partition and any other separate partition ({{ic|/boot}}, {{ic|/var}}, etc), if you have any:<br />
<br />
# mkdir /mnt/home<br />
# mount /dev/sda2 /mnt/home<br />
<br />
In case you have a UEFI motherboard, mount the UEFI partition:<br />
<br />
# mkdir -p /mnt/boot/efi<br />
# mount /dev/sda''X'' /mnt/boot/efi<br />
<br />
=== Select a mirror ===<br />
<br />
Before installing, you may want to edit the {{ic|mirrorlist}} file and place your preferred mirror first. A copy of this file will be installed on your new system by {{ic|pacstrap}} as well, so it's worth getting it right.<br />
<br />
{{hc|# nano /etc/pacman.d/mirrorlist|<br />
##<br />
## Arch Linux repository mirrorlist<br />
## Sorted by mirror score from mirror status page<br />
## Generated on 2012-MM-DD<br />
##<br />
<br />
<nowiki>Server = http://mirror.example.xyz/archlinux/$repo/os/$arch</nowiki><br />
...}}<br />
<br />
* {{Keypress|Alt+6}} to copy a {{ic|Server}} line.<br />
* {{Keypress|PageUp}} key to scroll up.<br />
* {{Keypress|Ctrl+U}} to paste it at the top of the list.<br />
* {{Keypress|Ctrl+X}} to exit, and when prompted to save changes, press {{Keypress|Y}} and {{Keypress|Enter}} to use the same filename.<br />
<br />
If you want, you can make it the ''only'' mirror available by getting rid of everything else (using {{Keypress|Ctrl+K}}), but it's usually a good idea to have a few more, in case the first one goes offline.<br />
<br />
{{Tip|<br />
* Use the [https://www.archlinux.org/mirrorlist/ Mirrorlist Generator] to get an updated list for your country. HTTP mirrors are faster than FTP, because of something called [[Wikipedia:Keepalive|keepalive]]. With FTP, pacman has to send out a signal each time it downloads a package, resulting in a brief pause. For other ways to generate a mirror list, see [[Mirrors#Sorting mirrors|Sorting mirrors]] and [[Reflector]].<br />
* [https://archlinux.org/mirrors/status/ Arch Linux MirrorStatus] reports various aspects about the mirrors such as network problems with mirrors, data collection problems, the last time mirrors have been synced, etc.}}<br />
<br />
{{Note|<br />
* Whenever in the future you change your list of mirrors, always remember to force pacman to refresh all package lists with {{ic|pacman -Syy}}. This is considered to be good practice and will avoid possible headaches. See [[Mirrors]] for more information.<br />
* If you're using an older installation medium, your mirrorlist might be outdated, which might lead to problems when updating Arch Linux (see {{Bug|22510}}). Therefore it is advised to obtain the latest mirror information as described above.<br />
* Some issues have been reported in the [https://bbs.archlinux.org/ Arch Linux forums] regarding network problems that prevent pacman from updating/synchronizing repositories (see [https://bbs.archlinux.org/viewtopic.php?id&#61;68944] and [https://bbs.archlinux.org/viewtopic.php?id&#61;65728]). When installing Arch Linux natively, these issues have been resolved by replacing the default pacman file downloader with an alternative (see [[Improve Pacman Performance]] for more details). When installing Arch Linux as a guest OS in [[VirtualBox]], this issue has also been addressed by using "Host interface" instead of "NAT" in the machine properties.}}<br />
<br />
=== Install the base system ===<br />
<br />
The base system is installed using the [https://github.com/falconindy/arch-install-scripts/blob/master/pacstrap.in pacstrap] script.<br />
<br />
The {{ic|-i}} switch can be omitted if you wish to install every package from the ''base'' and ''base-devel'' groups without prompting.<br />
<br />
# pacstrap -i /mnt base base-devel<br />
<br />
{{Note|If pacman fails to verify your packages, check the system time with {{ic|cal}}. If the system date is invalid (e.g. it shows year 2010), signing keys will be considered expired (or invalid), signature checks on packages will fail and installation will be interrupted. Make sure to correct the system time, either by doing so manually or with the {{Pkg|ntp}} client, and retry running the pacstrap command. Refer to [[Time]] page for more information on correcting system time.}}<br />
<br />
{{Note| If pacman complains about invalid signatures during the pacstrap phase (''error: failed to commit transaction (invalid or corrupted package)'') run the following command below.}}<br />
# pacman-key --init && pacman-key --populate archlinux <br />
<br />
* {{Grp|base}}: Software packages from the [core] repo to provide the minimal base environment.<br />
<br />
* {{Grp|base-devel}}: Extra tools from [core] such as {{ic|make}}, and {{ic|automake}}. Most beginners should choose to install it, as it will likely be needed to expand the system. The ''base-devel'' group will be required to install software from the [[Arch User Repository]].<br />
<br />
This will give you a basic Arch system. Other packages can be installed later using [[pacman]].<br />
<br />
=== Generate an fstab ===<br />
<br />
Generate an [[fstab]] file with the following command. UUIDs will be used because they have certain advantages (see [[fstab#Identifying filesystems]]). If you would prefer to use labels instead, replace the {{ic|-U}} option with {{ic|-L}}.<br />
<br />
{{Note|If you encounter errors running genfstab or later in the install process, do '''not''' run genfstab again; just edit the fstab file.}}<br />
<br />
# genfstab -U -p /mnt >> /mnt/etc/fstab<br />
# nano /mnt/etc/fstab<br />
<br />
{{Warning|The fstab file should always be checked after generating it. If you made an EFI system partition earlier, then {{ic|genfstab}} has incorrectly added options to your EFI system partition. This will in fact ''prevent'' your computer from booting from that drive, so you need to remove all options for the EFI partition except for {{ic|noatime}}. For the other partitions that use it, be sure to replace {{ic|1="codepage=cp437"}} with {{ic|1="codepage=437"}} or else when you next reboot, any mounts with this option will fail and systemd will halt and drop into recovery mode. This should be fixed by linux 3.8}}<br />
<br />
A few considerations:<br />
<br />
* Only the root ({{ic|/}}) partition needs {{ic|1}} for the last field. Everything else should have either {{ic|2}} or {{ic|0}} (see [[fstab#Field definitions]]).<br />
<br />
=== Chroot and configure the base system ===<br />
<br />
Next, we [[chroot]] into our newly installed system:<br />
<br />
# arch-chroot /mnt<br />
<br />
{{Note|Use {{ic|arch-chroot /mnt /bin/bash}} to chroot into a bash shell.}}<br />
At this stage of the installation, you will configure the primary configuration files of your Arch Linux base system. These can either be created if they do not exist, or edited if you wish to change the defaults.<br />
<br />
Closely following and understanding these steps is of key importance to ensure a properly configured system.<br />
<br />
==== Locale ====<br />
<br />
Locales are used by '''glibc''' and other locale-aware programs or libraries for rendering text, correctly displaying regional monetary values, time and date formats, alphabetic idiosyncrasies, and other locale-specific standards.<br />
<br />
There are two files that need editing: {{ic|locale.gen}} and {{ic|locale.conf}}.<br />
<br />
* The {{ic|locale.gen}} file is empty by default (everything is commented out) and you need to remove the {{ic|#}} in front of the line(s) you want. You may uncomment more lines than just English (US), as long as you choose their {{ic|UTF-8}} encoding:<br />
<br />
{{hc|# nano /etc/locale.gen|<br />
en_US.UTF-8 UTF-8<br />
de_DE.UTF-8 UTF-8}}<br />
<br />
# locale-gen<br />
<br />
This will run on every '''glibc''' upgrade, generating all the locales specified in {{ic|/etc/locale.gen}}.<br />
<br />
* The {{ic|locale.conf}} file doesn't exist by default. Setting only {{ic|LANG}} should be enough. It will act as the default value for all other variables.<br />
<br />
# echo LANG=en_US.UTF-8 > /etc/locale.conf<br />
# export LANG=en_US.UTF-8<br />
<br />
{{Note|If you set some other language than English at the beginning of the install, the above commands would be something like:<br />
# echo LANG<nowiki>=</nowiki>de_DE.UTF-8 > /etc/locale.conf<br />
# export LANG<nowiki>=</nowiki>de_DE.UTF-8<br />
}}<br />
<br />
To use other {{ic|LC_*}} variables, first run {{ic|locale}} to see the available options. An advanced example can be found [[Locale#Setting_system-wide_locale|here]].<br />
<br />
{{Warning|Using the {{ic|LC_ALL}} variable is strongly discouraged because it overrides everything.}}<br />
<br />
==== Console font and keymap ====<br />
<br />
If you set a keymap at [[#Change_the_language|the beginning]] of the install process, load it now, as well, because the environment has changed. For example:<br />
<br />
# loadkeys ''de-latin1''<br />
# setfont Lat2-Terminus16<br />
<br />
To make them available after reboot, edit {{ic|vconsole.conf}}:<br />
<br />
{{hc|# nano /etc/vconsole.conf|2=<br />
KEYMAP=de-latin1<br />
FONT=Lat2-Terminus16<br />
}}<br />
<br />
* {{ic|KEYMAP}} – Please note that this setting is only valid for your TTYs, not any graphical window managers or Xorg.<br />
<br />
* {{ic|FONT}} – Available alternate console fonts reside in {{ic|/usr/share/kbd/consolefonts/}}. The default (blank) is safe, but some foreign characters may show up as white squares or as other symbols. It's recommended that you change it to {{ic|Lat2-Terminus16}}, because according to {{ic|/usr/share/kbd/consolefonts/README.Lat2-Terminus16}}, it claims to support "about 110 language sets".<br />
<br />
* Possible option {{ic|FONT_MAP}} – Defines the console map to load at boot. Read {{ic|man setfont}}. Removing it or leaving it blank is safe.<br />
<br />
See [[Fonts#Console_fonts|Console fonts]] and {{ic|man vconsole.conf}} for more information.<br />
<br />
==== Time zone ====<br />
<br />
Available time zones and subzones can be found in the {{ic|/usr/share/zoneinfo/<Zone>/<SubZone>}} directories.<br />
<br />
To view the available <Zone>, check the directory {{ic|/usr/share/zoneinfo/}}:<br />
<br />
# ls /usr/share/zoneinfo/<br />
<br />
Similarly, you can check the contents of directories belonging to a <SubZone>:<br />
<br />
# ls /usr/share/zoneinfo/Europe<br />
<br />
Create a symbolic link {{ic|/etc/localtime}} to your zone file {{ic|/usr/share/zoneinfo/<Zone>/<SubZone>}} using this command:<br />
<br />
# ln -s /usr/share/zoneinfo/<Zone>/<SubZone> /etc/localtime<br />
<br />
'''Example:'''<br />
<br />
# ln -s /usr/share/zoneinfo/Europe/Minsk /etc/localtime<br />
<br />
==== Hardware clock ====<br />
<br />
Set the hardware clock mode uniformly between your operating systems. Otherwise, they may overwrite the hardware clock and cause time shifts.<br />
<br />
You can generate {{ic|/etc/adjtime}} automatically by using one of the following commands:<br />
<br />
* '''UTC''' (recommended)<br />
<br />
: {{Note|Using [[Wikipedia:Coordinated Universal Time|UTC]] for the hardware clock does not mean that software will display time in UTC.}}<br />
<br />
: {{bc|# hwclock --systohc --utc}}<br />
<br />
To synchronize your "UTC" time over the internet, see [[Network Time Protocol daemon|NTPd]].<br />
<br />
* '''localtime''' (discouraged; used by default in Windows)<br />
<br />
: {{Warning|Using ''localtime'' may lead to several known and unfixable bugs. However, there are no plans to drop support for ''localtime''.}}<br />
<br />
: {{bc|# hwclock --systohc --localtime}}<br />
<br />
If you have (or planning on having) a dual boot setup with Windows:<br />
<br />
* Recommended: Set both Arch Linux and Windows to use UTC. A quick [[Time#UTC in Windows|registry fix]] is needed. Also, be sure to prevent Windows from synchronizing the time on-line, because the hardware clock will default back to ''localtime''. <br />
<br />
* Not recommended: Set Arch Linux to ''localtime'' and disable any time-related services, like [[Network Time Protocol daemon|NTPd]] . This will let Windows take care of hardware clock corrections and you will need to remember to boot into Windows at least two times a year (in Spring and Autumn) when [[Wikipedia:Daylight saving time|DST]] kicks in. So please don't ask on the forums why the clock is one hour behind or ahead if you usually go for days or weeks without booting into Windows.<br />
<br />
==== Kernel modules ====<br />
<br />
{{Tip|This is just an example, you do not need to set it. All needed modules are automatically loaded by udev, so you will rarely need to add something here. Only add modules that you know are missing.}}<br />
<br />
For kernel modules to load during boot, place a {{ic|*.conf}} file in {{ic|/etc/modules-load.d/}}, with a name based on the program that uses them.<br />
<br />
{{hc|# nano /etc/modules-load.d/virtio-net.conf|<br />
# Load 'virtio-net.ko' at boot.<br />
<br />
virtio-net}}<br />
<br />
If there are more modules to load per {{ic|*.conf}}, the module names can be separated by newlines. A good example are the [[VirtualBox#Arch Linux guests|VirtualBox Guest Additions]].<br />
<br />
Empty lines and lines starting with {{ic|#}} or {{ic|;}} are ignored.<br />
<br />
==== Hostname ====<br />
<br />
Set the [[Wikipedia:hostname|hostname]] to your liking (e.g. ''arch''):<br />
<br />
# echo ''myhostname'' > /etc/hostname<br />
<br />
{{Note|There is no need to edit {{ic|/etc/hosts}}.}}<br />
<br />
=== Configure the network ===<br />
<br />
You need to configure the network again, but this time for your newly installed environment. The procedure and prerequisites are very similar to the one described [[#Establish an internet connection|above]], except we are going to make it persistent and automatically run at boot.<br />
<br />
{{Note|For more in-depth information on network configration, visit [[Network Configuration]] and [[Wireless Setup]].}}<br />
<br />
==== Wired ====<br />
<br />
; Dynamic IP<br />
<br />
{{Warning|A bug has been noted in the install ISO, in which the name your interface has during installation differs from the one it will have upon reboot. See [https://bugs.archlinux.org/task/33923 Bug #33923] for more details.<br />
Until this bug is fixed, you can use the following script to find the name your interface will have after boot:<br />
for i in /sys/class/net/*; do<br />
echo "&#61;&#61;$i"<br />
udevadm test-builtin net_id "$i";<br />
echo<br />
done 2>/dev/null<br />
}}<br />
<br />
If you only use a single fixed wired network connection, you do not need a network management service and can simply enable the {{ic|dhcpcd}} service. Where <interface> is your wired interface:<br />
# systemctl enable dhcpcd@<interface>.service<br />
<br />
Alternatively, you can use {{Pkg|netcfg}}'s {{ic|net-auto-wired}}, which gracefully handles dynamic connections to new networks:<br />
<br />
Install {{Pkg|ifplugd}}, which is required for {{ic|net-auto-wired}}:<br />
# pacman -S ifplugd<br />
<br />
Edit {{ic|/etc/conf.d/netcfg}} and modify the network interface name, most likely it is not eth0. You can find out more about the naming in the warning above.<br />
{{hc|nano /etc/conf.d/netcfg|2=<br />
WIRED_INTERFACE="<interface>"}}<br />
<br />
Enable the {{ic|net-auto-wired}} service.<br />
# systemctl enable net-auto-wired.service<br />
<br />
; Static IP<br />
<br />
Copy a sample profile from {{ic|/etc/network.d/examples}} to {{ic|/etc/network.d}}:<br />
# cd /etc/network.d<br />
# cp examples/ethernet-static .<br />
<br />
Edit the profile as needed (modify {{ic|INTERFACE}}, {{ic|ADDR}}, {{ic|GATEWAY}} and {{ic|DNS}}):<br />
# nano ethernet-static<br />
<br />
Edit {{ic|/etc/conf.d/netcfg}} and add the new network profile to the {{ic|NETWORKS}} array:<br />
{{hc|nano /etc/conf.d/netcfg|<br />
2=NETWORKS=(ethernet-static)}}<br />
<br />
Enable the {{ic|netcfg}} service:<br />
# systemctl enable netcfg.service<br />
<br />
==== Wireless ====<br />
<br />
You will need to install additional programs to be able to configure and manage wireless network profiles for [[netcfg]].<br />
<br />
[[NetworkManager]] and [[Wicd]] are other popular alternatives.<br />
<br />
* Install the required packages:<br />
<br />
# pacman -S wireless_tools wpa_supplicant wpa_actiond dialog<br />
<br />
If your wireless adapter requires a firmware (as described in the above [[#Wireless|Establish an internet connection]] section and also [[Wireless Setup#Drivers and firmware|here]]), install the package containing your firmware. For example:<br />
<br />
# pacman -S zd1211-firmware<br />
<br />
* After finishing the rest of this installation and rebooting, you can connect to the network with {{ic|wifi-menu <interface>}} (where {{ic|<interface>}} is the interface of your wireless chipset), which will generate a profile file in {{ic|/etc/network.d}} named after the SSID. There are also templates available in {{ic|/etc/network.d/examples/}} for manual configuration.<br />
<br />
# wifi-menu <interface><br />
<br />
{{Warning|If you're using {{ic|wifi-menu}}, this must be done *after* your reboot when you're no longer chrooted. The process spawned by this command will conflict with the one you have running outside of the chroot. Alternatively, you could just configure a network profile manually using the templates previously mentioned so that you don't have to worry about using {{ic|wifi-menu}} at all.}}<br />
<br />
* Enable the {{ic|net-auto-wireless}} service, which will connect to known networks and gracefully handle roaming and disconnects:<br />
<br />
# systemctl enable net-auto-wireless.service<br />
<br />
{{Note|[[Netcfg]] also provides {{ic|net-auto-wired}}, which can be used in conjunction with {{ic|net-auto-wireless}}.}}<br />
<br />
* Make sure that the correct wireless interface (e.g. {{ic|wlp3s0}}) is set in {{ic|/etc/conf.d/netcfg}}:<br />
<br />
{{hc|# nano /etc/conf.d/netcfg|2=<br />
WIRELESS_INTERFACE="wlp3s0"}}<br />
<br />
It is also possible to define a list of network profiles that should be automatically connected, using the {{ic|AUTO_PROFILES}} variable in {{ic|/etc/conf.d/netcfg}}. If {{ic|AUTO_PROFILES}} is not set, all known wireless networks will be tried.<br />
<br />
==== xDSL (PPPoE), analog modem or ISDN ====<br />
<br />
For xDSL, dial-up and ISDN connections, see [[Direct Modem Connection]].<br />
<br />
=== Configure pacman ===<br />
<br />
Pacman is the Arch Linux '''pac'''kage '''man'''ager. It is highly recommended to study and learn how to use it. Read {{ic|man pacman}}, have a look at the [[pacman]] and [[Pacman - An Introduction]] articles, or check out the [[Pacman Rosetta]] article for a comparison to other popular package managers.<br />
<br />
For repository selections and pacman options, edit {{ic|pacman.conf}}:<br />
# nano /etc/pacman.conf<br />
<br />
Most people will want to use {{ic|[core]}}, {{ic|[extra]}} and {{ic|[community]}}.<br />
<br />
If you installed Arch Linux x86_64, it's recommended that you enable the {{ic|[multilib]}} repository, as well (to be able to run both 32 bit and 64 bit applications):<br />
<br />
{{Note|When choosing repos, be sure to uncomment both the {{ic|[''repo_name'']}} header lines, as well as the lines below. Failure to do so will result in the selected repository being omitted! This is a very common error. A correct example for the multilib repository is found below.}}<br />
<br />
[multilib]<br />
SigLevel = PackageRequired<br />
Include = /etc/pacman.d/mirrorlist<br />
<br />
You will then need to update the package list by running {{ic|pacman}} with the {{ic|-Sy}} switch. Failing to do so will generate "warning: database file for 'multilib' does not exist" error when next using pacman.<br />
<br />
See [[Official Repositories]] for more information, including details about the purpose of each repository.<br />
<br />
For software unavailable directly through pacman, see [[Arch User Repository]].<br />
<br />
=== Create an initial ramdisk environment ===<br />
<br />
{{Tip|Most users can skip this step and use the defaults provided in {{ic|mkinitcpio.conf}}. The initramfs image (from the {{ic|/boot}} folder) has already been generated based on this file when the {{Pkg|linux}} package (the Linux kernel) was installed earlier with {{ic|pacstrap}}.}}<br />
<br />
Here you need to set the right [[Mkinitcpio#HOOKS|hooks]] if the root is on a USB drive, if you use RAID, LVM, or if {{ic|/usr}} is on a separate partition.<br />
<br />
Edit {{ic|/etc/mkinitcpio.conf}} as needed and re-generate the initramfs image with:<br />
<br />
# mkinitcpio -p linux<br />
<br />
{{Note|Arch VPS installations on QEMU (e.g. when using {{ic|virt-manager}}) may need {{ic|virtio}} modules in {{ic|mkinitcpio.conf}} to be able to boot.<br />
<br />
{{hc|# nano /etc/mkinitcpio.conf|2=<br />
MODULES="virtio virtio_blk virtio_pci virtio_net"}}}}<br />
<br />
=== Set the root password ===<br />
<br />
Set the root password with:<br />
<br />
# passwd<br />
<br />
=== Install and configure a bootloader ===<br />
<br />
==== For BIOS motherboards ====<br />
<br />
For BIOS systems, there are three bootloaders - Syslinux, GRUB, and [[LILO]]. Choose the bootloader as per your convenience. Below only Syslinux and GRUB are explained. <br />
<br />
* Syslinux is (currently) limited to loading only files from the partition where it was installed. Its configuration file is considered to be easier to understand. An example configuration can be found [https://bbs.archlinux.org/viewtopic.php?pid=1109328#p1109328 here].<br />
<br />
* GRUB is more feature-rich and supports more complex scenarios. Its configuration file(s) is more similar to a scripting language, which may be difficult for beginners to manually write. It is recommended that they automatically generate one.<br />
<br />
{{Note|Some BIOS systems may have issues with GPT. See http://mjg59.dreamwidth.org/8035.html and http://rodsbooks.com/gdisk/bios.html for more info and possible workarounds.}}<br />
<br />
===== Syslinux =====<br />
<br />
Install the {{Pkg|syslinux}} package and then use the {{ic|syslinux-install_update}} script to automatically ''install'' the files ({{ic|-i}}), mark the partition ''active'' by setting the boot flag ({{ic|-a}}), and install the ''MBR'' boot code ({{ic|-m}}):<br />
<br />
{{Note|If you have partitioned the drive as GPT, install {{Pkg|gptfdisk}} package, as well ({{ic|pacman -S gptfdisk}}), because it contains {{ic|sgdisk}}, which will be used to set the GPT-specific boot flag.}}<br />
<br />
# pacman -S syslinux<br />
# syslinux-install_update -i -a -m<br />
<br />
Configure {{ic|syslinux.cfg}} to point to the right root partition. This step is vital. If it points to the wrong partition, Arch Linux will not boot. Change {{ic|/dev/sda3}} to reflect your root partition ''(if you partitioned your drive as in [[#Prepare the storage drive|the example]], your root partition is sda1)''. Do the same for the fallback entry.<br />
<br />
{{hc|# nano /boot/syslinux/syslinux.cfg|2=<br />
...<br />
LABEL arch<br />
...<br />
APPEND root=/dev/sda3 ro<br />
...}}<br />
<br />
For more information on configuring and using Syslinux, see [[Syslinux]].<br />
<br />
===== GRUB =====<br />
<br />
Install the {{Pkg|grub-bios}} package and then run {{ic|grub-install /dev/sda}}:<br />
<br />
{{Note|Change {{ic|/dev/sda}} to reflect the drive you installed Arch on. Do not append a partition number (do not use {{ic|sda''X''}}).}}<br />
<br />
{{Note|For GPT-partitioned drives on BIOS motherboards, GRUB needs a "[[GRUB2#GUID Partition Table (GPT) specific instructions|BIOS Boot Partition]]".}}<br />
<br />
# pacman -S grub-bios<br />
# grub-install --target=i386-pc --recheck /dev/sda<br />
# cp /usr/share/locale/en\@quot/LC_MESSAGES/grub.mo /boot/grub/locale/en.mo<br />
<br />
While using a manually created {{ic|grub.cfg}} is absolutely fine, it's recommended that beginners automatically generate one:<br />
<br />
{{Tip|To automatically search for other operating systems on your computer, install {{Pkg|os-prober}} ({{ic|pacman -S os-prober}}) before running the next command.}}<br />
<br />
# grub-mkconfig -o /boot/grub/grub.cfg<br />
<br />
For more information on configuring and using GRUB, see [[GRUB2]].<br />
<br />
==== For UEFI motherboards ====<br />
<br />
For UEFI boot, the drive needs to be GPT-partitioned, and a UEFI System Partition (512 MiB or higher, FAT32, type {{ic|EF00}}) must be present and mounted on {{ic|/boot/efi}}. If you have followed this guide from the beginning, you've already done all of these.<br />
<br />
While there are other [[UEFI Bootloaders|UEFI bootloaders]] available, using EFISTUB is recommended. Below are instructions for setting up EFISTUB and GRUB.<br />
<br />
{{Note|Syslinux does not yet support UEFI.}}<br />
<br />
===== EFISTUB =====<br />
<br />
The Linux kernel can act as its own bootloader using EFISTUB. This is the UEFI boot method recommended by developers and simpler compared to {{ic|grub-efi-x86_64}}. The below steps set up rEFInd (a fork of rEFIt) to provide a menu for EFISTUB kernels, as well as for booting other UEFI bootloaders. You can also use [[UEFI Bootloaders#Using gummiboot|gummiboot]] instead of rEFInd. Both rEFInd and gummiboot can detect Windows UEFI bootloader in case of dual-boot.<br />
<br />
1. Boot in UEFI mode and load {{ic|efivars}} kernel module before chrooting:<br />
<br />
# modprobe efivars # before chrooting<br />
<br />
2. Mount the UEFISYS partition at {{ic|/mnt/boot/efi}}, chroot and [[UEFI_Bootloaders#Setting_up_EFISTUB|copy the kernel and initramfs files]] as described below.<br />
<br />
* Create {{ic|/boot/efi/EFI/arch/}} directory.<br />
<br />
* Copy {{ic|/boot/vmlinuz-linux}} to {{ic|/boot/efi/EFI/arch/vmlinuz-arch.efi}}. The {{ic|.efi}} file extension is very important as some UEFI firmwares refuse to launch a file without this extension. '''Important:''' Remember that the file is called vmlinu'''z''', but not vmlinu'''x'''.<br />
<br />
* Copy {{ic|/boot/initramfs-linux.img}} to {{ic|/boot/efi/EFI/arch/initramfs-arch.img}}.<br />
<br />
* Copy {{ic|/boot/initramfs-linux-fallback.img}} to {{ic|/boot/efi/EFI/arch/initramfs-arch-fallback.img}}.<br />
<br />
Every time the kernel and initramfs files are updated in {{ic|/boot}}, they need to be updated in {{ic|/boot/efi/EFI/arch}}. This can be automated either [[UEFI Bootloaders#Sync EFISTUB Kernel in UEFISYS partition using Systemd|using systemd]] or [[UEFI Bootloaders#Sync EFISTUB Kernel in UEFISYS partition using Incron|using incron]] (for non-systemd setups).<br />
<br />
3. In this guide you set up a bootloader GUI called rEFInd. Alternative bootloaders can be found on the page [[UEFI Bootloaders#Booting EFISTUB]].<br />
For the recommended rEFInd bootloader install the following packages:<br />
# pacman -S refind-efi efibootmgr<br />
<br />
4. Install rEFInd to the UEFISYS partition (summarized from [[UEFI Bootloaders#Using rEFInd]]):<br />
<br />
# mkdir -p /boot/efi/EFI/refind<br />
# cp /usr/lib/refind/refind_x64.efi /boot/efi/EFI/refind/refind_x64.efi<br />
# cp /usr/lib/refind/config/refind.conf /boot/efi/EFI/refind/refind.conf<br />
# cp -r /usr/share/refind/icons /boot/efi/EFI/refind/icons<br />
<br />
5. Create a {{ic|refind_linux.conf}} file with the kernel parameters to be used by rEFInd:<br />
<br />
{{hc|# nano /boot/efi/EFI/arch/refind_linux.conf|2=<br />
"Boot to X" "root=/dev/sdaX ro rootfstype=ext4 systemd.unit=graphical.target"<br />
"Boot to console" "root=/dev/sdaX ro rootfstype=ext4 systemd.unit=multi-user.target"}}<br />
<br />
{{Note|{{ic|refind_linux.conf}} is copied in the directory {{ic|/boot/efi/EFI/arch/}} where the initramfs and the kernel have been copied to in step 2. }}<br />
{{Note|In {{ic|refind_linux.conf}}, sdaX refers to your root file system, not your boot partition, if you created them separately. }}<br />
<br />
6. Add rEFInd to UEFI boot menu using [[UEFI#efibootmgr|efibootmgr]]. <br />
<br />
{{Warning|Using {{ic|efibootmgr}} on Apple Macs may brick the firmware and may need reflash of the motherboard ROM. For Macs, use {{AUR|mactel-boot}}, or "bless" from within Mac OS X.}}<br />
<br />
# efibootmgr -c -g -d /dev/sdX -p Y -w -L "rEFInd" -l '\EFI\refind\refind_x64.efi'<br />
<br />
{{Note|In the above command, X and Y denote the drive and partition of the UEFISYS partition. For example, in {{ic|/dev/sdc5}}, X is "c" and Y is "5".}}<br />
<br />
7. (Optional) As a fallback, in case {{ic|efibootmgr}} created boot entry does not work, copy {{ic|refind_x64.efi}} to {{ic|/boot/efi/EFI/boot/bootx64.efi}} as follows:<br />
<br />
# cp -r /boot/efi/EFI/refind/* /boot/efi/EFI/boot/<br />
# mv /boot/efi/EFI/boot/refind_x64.efi /boot/efi/EFI/boot/bootx64.efi<br />
<br />
===== GRUB =====<br />
<br />
{{Note|In case you have a system with 32-bit EFI, like pre-2008 Macs, install {{ic|grub-efi-i386}} instead, and use {{ic|1=--target=i386-efi}}.}}<br />
<br />
# pacman -S grub-efi-x86_64 efibootmgr<br />
# grub-install --target=x86_64-efi --efi-directory=/boot/efi --bootloader-id=arch_grub --recheck<br />
# cp /usr/share/locale/en\@quot/LC_MESSAGES/grub.mo /boot/grub/locale/en.mo<br />
<br />
The next command creates a menu entry for GRUB in the UEFI boot menu. However, as of {{Pkg|grub-efi-x86_64}} version 2.00, {{ic|grub-install}} tries to create a menu entry, so running {{ic|efibootmgr}} may not be necessary. See [[UEFI#efibootmgr]] for more info.<br />
<br />
# efibootmgr -c -g -d /dev/sdX -p Y -w -L "Arch Linux (GRUB)" -l '\EFI\arch_grub\grubx64.efi'<br />
<br />
Next, while using a manually created {{ic|grub.cfg}} is absolutely fine, it's recommended that beginners automatically generate one:<br />
<br />
{{Tip|To automatically search for other operating systems on your computer, install {{Pkg|os-prober}} ({{ic|pacman -S os-prober}}) before running the next command.}}<br />
<br />
# grub-mkconfig -o /boot/grub/grub.cfg<br />
<br />
For more information on configuring and using GRUB, see [[GRUB]].<br />
<br />
=== Unmount the partitions and reboot ===<br />
<br />
Exit from the chroot environment:<br />
<br />
# exit<br />
<br />
Since the partitions are mounted under {{ic|/mnt}}, we use the following command to unmount them:<br />
<br />
# umount /mnt/{boot,home,}<br />
<br />
Reboot the computer:<br />
<br />
# reboot<br />
<br />
{{Tip|Be sure to remove the installation media, otherwise you will boot back into it.}}<noinclude><br />
{{Beginners' Guide navigation}}</noinclude></div>Pimanachttps://wiki.archlinux.org/index.php?title=PhpMyAdmin&diff=232663PhpMyAdmin2012-10-31T03:36:49Z<p>Pimanac: /* creating phpMyAdmin database */</p>
<hr />
<div>[[Category:Web Server]]<br />
{{lowercase title}}<br />
[[cs:PhpMyAdmin]]<br />
[[es:PhpMyAdmin]]<br />
[[fr:phpmyadmin]]<br />
[[ru:PhpMyAdmin]]<br />
[[tr:PhpMyAdmin]]<br />
[[zh-CN:PhpMyAdmin]]<br />
==Pre-Installation==<br />
See [[LAMP]] for a guide to setting up Apache, MySQL, and PHP.<br />
<br />
==Installation==<br />
To install [http://www.phpmyadmin.net/ phpMyAdmin], install the ''phpmyadmin'' and ''php-mcrypt'' packages with<br />
{{bc|<br />
pacman -S phpmyadmin php-mcrypt<br />
}}<br />
<br />
== Configuration ==<br />
Ensure you do not have an older copy of phpMyAdmin.<br />
{{bc|<br />
rm -r /srv/http/phpMyAdmin<br />
}}<br />
<br />
Copy the example configuration file to your httpd configuration directory.<br />
{{bc|<br />
cp /etc/webapps/phpmyadmin/apache.example.conf /etc/httpd/conf/extra/httpd-phpmyadmin.conf<br />
}}<br />
<br />
Add the following lines to {{ic|/etc/httpd/conf/httpd.conf}}:<br />
{{bc|<br />
# phpMyAdmin configuration<br />
Include conf/extra/httpd-phpmyadmin.conf<br />
}}<br />
<br />
You can type this into the terminal to produce the same effect:<br />
{{bc|<br />
echo -e "\nInclude conf/extra/httpd-phpmyadmin.conf" >> /etc/httpd/conf/httpd.conf<br />
}}<br />
<br />
=== Check php module configuration ===<br />
<br />
Add the following lines to {{ic|/etc/httpd/conf/httpd.conf}}:<br />
{{bc|<br />
# Use for PHP 5.x:<br />
LoadModule php5_module modules/libphp5.so<br />
AddHandler php5-script php<br />
}}<br />
<br />
You can append PHP support using follow command:<br />
<br />
# echo -e "\nLoadModule php5_module modules/libphp5.so\nAddHandler php5-script php\n" >> /etc/httpd/conf/httpd.conf<br />
<br />
Add index.php after "DirectoryIndex index.html"<br />
{{bc|<br />
# DirectoryIndex: sets the file that Apache will serve if a directory<br />
# is requested.<br />
#<br />
<IfModule dir_module><br />
DirectoryIndex index.html index.php<br />
</IfModule><br />
}}<br />
<br />
=== Adjust access rights ===<br />
<br />
In {{ic|/etc/webapps/phpmyadmin/.htaccess}}, comment out ''deny from all''. The line should look like this:<br />
#deny from all<br />
<br />
Alternatively, you can restrict access to localhost and your local network only. Replace ''192.168.1.0/24'' with your network's IP block.<br />
deny from all<br />
allow from localhost<br />
allow from 192.168.1.0/24<br />
<br />
The lines above are not enough if you use ipv6 in {{ic|/etc/hosts}}. If so, add one more line to {{ic|/etc/webapps/phpmyadmin/.htaccess}}:<br />
allow from ::1<br />
<br />
Otherwise you'll get an error similar to "Error 403 - Access forbidden!" when you attempt to access your phpMyAdmin installation.<br />
<br />
=== Review apache phpmyadmin configuration ===<br />
<br />
Your {{ic|/etc/httpd/conf/extra/httpd-phpmyadmin.conf}} should have the following information:<br />
{{bc|<br />
Alias /phpmyadmin "/usr/share/webapps/phpMyAdmin"<br />
<Directory "/usr/share/webapps/phpMyAdmin"><br />
AllowOverride All<br />
Options FollowSymlinks<br />
Order allow,deny<br />
Allow from all<br />
php_admin_value open_basedir "/srv/:/tmp/:/usr/share/webapps/:/etc/webapps:/usr/share/pear/"<br />
</Directory><br />
}}<br />
<br />
You need the mcrypt (if you want phpmyadmin internal authentication) and mysql modules, so uncomment the following in {{ic|/etc/php/php.ini}}:<br />
extension=mcrypt.so<br />
extension=mysql.so<br />
extension=mysqli.so (optional)<br />
<br />
and {{ic|rc.d restart httpd}}.<br />
<br />
=== Add blowfish_secret passphrase ===<br />
If you see the following error message at the bottom of the page when you first log in to /phpmyadmin (using a previously setup MySQL username and password) :<br />
<br />
ERROR: The configuration file now needs a secret passphrase (blowfish_secret)<br />
<br />
You need to add a blowfish password to the phpMyAdmin's config file. Edit {{ic|/etc/webapps/phpmyadmin/config.inc.php}} and insert a random blowfish "password" in the line <br />
<br />
$cfg['blowfish_secret'] = ''; /* YOU MUST FILL IN THIS FOR COOKIE AUTH! */<br />
<br />
Go [http://www.question-defense.com/tools/phpmyadmin-blowfish-secret-generator here] to get a nicely generated blowfish_secret and paste it between the '' marks. It should now look something like this:<br />
<br />
$cfg['blowfish_secret'] = 'qtdRoGmbc9{8IZr323xYcSN]0s)r$9b_JUnb{~Xz'; /* YOU MUST FILL IN THIS FOR COOKIE AUTH! */<br />
<br />
The error should go away if you refresh the phpmyadmin page.<br />
<br />
=== Enabling Configuration Storage (optional) ===<br />
Now that the basic database server has been setup, it ''is'' functional, however by default, extra options such as table linking, change tracking, PDF creation, and bookmarking queries are disabled. You will see a message at the bottom of the main phpMyAdmin page, "The phpMyAdmin configuration storage is not completely configured, some extended features have been deactivated. To find out why...", This section addresses how to to enable these extra features.<br />
<br />
{{note|This example assumes you want to use the username '''pma''' as the controluser, and '''pmapass''' as the controlpass. These should be changed (the ''very'' least, you should change the password!) to something more secure.}}<br />
<br />
In {{ic|/etc/webapps/phpmyadmin/config.inc.php}}, uncomment (remove the leading "//"s on) these two lines, and change them to your desired credentials:<br />
{{bc|1=<br />
// $cfg['Servers'][$i]['controluser'] = 'pma';<br />
// $cfg['Servers'][$i]['controlpass'] = 'pmapass';<br />
}}<br />
You will need this information later, so keep it in mind.<br />
<br />
Beneath the controluser setup section, uncomment these lines:<br />
{{bc|1=<br />
/* Storage database and tables */<br />
// $cfg['Servers'][$i]['pmadb'] = 'phpmyadmin';<br />
// $cfg['Servers'][$i]['bookmarktable'] = 'pma_bookmark';<br />
// $cfg['Servers'][$i]['relation'] = 'pma_relation';<br />
// $cfg['Servers'][$i]['table_info'] = 'pma_table_info';<br />
// $cfg['Servers'][$i]['table_coords'] = 'pma_table_coords';<br />
// $cfg['Servers'][$i]['pdf_pages'] = 'pma_pdf_pages';<br />
// $cfg['Servers'][$i]['column_info'] = 'pma_column_info';<br />
// $cfg['Servers'][$i]['history'] = 'pma_history';<br />
// $cfg['Servers'][$i]['tracking'] = 'pma_tracking';<br />
// $cfg['Servers'][$i]['designer_coords'] = 'pma_designer_coords';<br />
// $cfg['Servers'][$i]['userconfig'] = 'pma_userconfig';<br />
// $cfg['Servers'][$i]['recent'] = 'pma_recent';<br />
}}<br />
<br />
Next, create the user with the above details. Don't set any permissions for it just yet.<br />
{{note|If you can't login to phpmyadmin, make sure that your mysql server is started.}}<br />
<br />
<br />
===== creating phpMyAdmin database =====<br />
Using the phpMyAdmin web interface:<br />
Import {{ic|/usr/share/webapps/phpMyAdmin/examples/create_tables.sql}} from phpMyAdmin -> Import.<br />
'''or'''<br />
Using command line:<br />
{{ic|mysql -uroot -p < /usr/share/webapps/phpMyAdmin/examples/create_tables.sql }}<br />
<br />
===== creating phpMyAdmin database user =====<br />
Now to apply the permissions to your controluser, in the SQL tab, make sure to replace all instances of 'pma' and 'pmapass' to the values set in config.inc.php. If you are setting this up for a remote database, then you must also change 'localhost' to the proper host:<br />
{{bc|<br />
GRANT USAGE ON mysql.* TO 'pma'@'localhost' IDENTIFIED BY 'pmapass';<br />
GRANT SELECT (<br />
Host, User, Select_priv, Insert_priv, Update_priv, Delete_priv,<br />
Create_priv, Drop_priv, Reload_priv, Shutdown_priv, Process_priv,<br />
File_priv, Grant_priv, References_priv, Index_priv, Alter_priv,<br />
Show_db_priv, Super_priv, Create_tmp_table_priv, Lock_tables_priv,<br />
Execute_priv, Repl_slave_priv, Repl_client_priv<br />
) ON mysql.user TO 'pma'@'localhost';<br />
GRANT SELECT ON mysql.db TO 'pma'@'localhost';<br />
GRANT SELECT ON mysql.host TO 'pma'@'localhost';<br />
GRANT SELECT (Host, Db, User, Table_name, Table_priv, Column_priv)<br />
ON mysql.tables_priv TO 'pma'@'localhost';<br />
}}<br />
<br />
In order to take advantage of the bookmark and relation features, you will also need to give '''pma''' some additional permissions:<br />
{{Note|as long as you did not change the value of '''$cfg['Servers'][$i]['pmadb']''' in {{ic|/etc/webapps/phpmyadmin/config.inc.php}}, then '''<pma_db>''' should be '''phpmyadmin'''}}<br />
{{bc|GRANT SELECT, INSERT, UPDATE, DELETE ON <pma_db>.* TO 'pma'@'localhost';}}<br />
<br />
Log out, and back in to ensure the new features are activated. The message at the bottom of the main screen should now be gone.<br />
<br />
==Accessing your phpMyAdmin installation==<br />
Finally your phpmyadmin installation is complete. Before you start using it you need to restart your apache server by following command:<br />
<br />
{{bc|<br />
# rc.d restart httpd<br />
}}<br />
<br />
You can access your phpmyadmin installation using the following url:<br />
<br />
{{bc|<br />
http://localhost/phpmyadmin/<br />
or<br />
http://localhost/phpmyadmin/index.php<br />
}}<br />
<br />
Note: 'localhost' is the hostname in your /etc/rc.conf file.<br />
<br />
If you want to access it using:<br />
<br />
{{bc|<br />
http://localhost/phpmyadmin<br />
}}<br />
<br />
in '/etc/httpd/conf/extra/httpd-phpmyadmin.conf' change:<br />
<br />
{{bc|<br />
Alias /phpmyadmin/ "/usr/share/webapps/phpMyAdmin/"<br />
}}<br />
<br />
to<br />
<br />
{{bc|<br />
Alias /phpmyadmin "/usr/share/webapps/phpMyAdmin"<br />
}}<br />
<br />
You should also read [http://bbs.archlinux.org/viewtopic.php?pid=632500 this thread].<br />
<br />
If you get the error "#2002 - The server is not responding (or the local MySQL server's socket is not correctly configured)" then you might want to change "localhost" in /etc/webapps/phpmyadmin/config.inc.php on this line:<br />
<br />
{{bc|1=<br />
$cfg['Servers'][$i]['host'] = 'localhost';<br />
}}<br />
<br />
to your hostname specified in /etc/hosts and /etc/rc.conf under HOSTNAME.<br />
<br />
If you would like to use phpmyadmin setup script by calling http://localhost/phpmyadmin/setup you will need to create a config directory that's writeable by the httpd in the /usr/share/webapps/phpmyadmin as follows:<br />
<br />
{{bc|<br />
cd /usr/share/webapps/phpMyAdmin<br />
sudo mkdir config<br />
sudo chgrp http config<br />
sudo chmod g+w config<br />
}}<br />
<br />
==Lighttpd Configuration==<br />
The php setup for lighttpd is exactly the same as for apache.<br />
Make an alias for phpmyadmin in your lighttpd config.<br />
alias.url = ( "/phpmyadmin" => "/usr/share/webapps/phpMyAdmin/")<br />
Then enable mod_alias, mod_fastcgi and mod_cgi in your config ( server.modules section )<br />
<br />
Update open_basedir in /etc/php/php.ini and add "/usr/share/webapps/".<br />
open_basedir = /srv/http/:/home/:/tmp/:/usr/share/pear/:/usr/share/webapps/:/etc/webapps/<br />
<br />
Make sure lighttpd is setup to serve php files, [[Lighttpd]]<br />
<br />
Restart lighttpd and browse to http://localhost/phpmyadmin/index.php<br />
<br />
==NGINX Configuration==<br />
Also similar to apache configuration (and Lighttpd, for that matter).<br />
<br />
Create a symbolic link to the /usr/share/webapps/phpmyadmin directory from whichever directory your vhost is serving files from, e.g. /srv/http/<domain>/public_html/<br />
<br />
sudo ln -s /usr/share/webapps/phpMyAdmin /srv/http/<domain>/public_html/phpmyadmin<br />
<br />
You can also setup a sub domain with a server block like so (if using php-fpm):<br />
<br />
server {<br />
server_name phpmyadmin.<domain.tld>;<br />
access_log /srv/http/<domain>/logs/phpmyadmin.access.log;<br />
error_log /srv/http/<domain.tld>/logs/phpmyadmin.error.log;<br />
<br />
location / {<br />
root /srv/http/<domain.tld>/public_html/phpmyadmin;<br />
index index.html index.htm index.php;<br />
}<br />
<br />
location ~ \.php$ {<br />
root /srv/http/<domain.tld>/public_html/phpmyadmin;<br />
fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;<br />
fastcgi_index index.php;<br />
fastcgi_param SCRIPT_FILENAME /srv/http/<domain.tld>/public_html/phpmyadmin/$fastcgi_script_name;<br />
include fastcgi_params;<br />
}<br />
}<br />
<br />
Update open_basedir in /etc/php/php.ini and add "/usr/share/webapps/".<br />
open_basedir = /srv/http/:/home/:/tmp/:/usr/share/pear/:/usr/share/webapps/:/etc/webapps/<br />
<br />
You may run into some issues with phpmyadmin telling you "The Configuration File Now Needs A Secret Passphrase" and no matter what you enter, the error is still displayed. Try changing the ownership of the files to the NGINX specified user/group, e.g. nginx...<br />
<br />
sudo chown -R http:http /usr/share/webapps/phpMyAdmin<br />
<br />
If the above doesn't fix it try adding the following to your NGINX Configuration below the other fastcgi_param (I think its something to do with the Suhosin-Patch)<br />
<br />
fastcgi_param PHP_ADMIN_VALUE open_basedir="/srv/:/tmp/:/usr/share/webapps/:/etc/webapps:/usr/share/pear/";<br />
<br />
While you can enter anything for the blowfish password, you may want to choose a randomly generated string of characters (most likely for security reasons). Here's a handy tool that will do that for you on the web[http://www.question-defense.com/tools/phpmyadmin-blowfish-secret-generator].<br />
<br />
When using SSL, you might run into the problem that the links on the pages generated by phpMyAdmin incorrectly start with "http" instead of "https" which may cause errors. To fix this, you can add the following fcgi_param to your SSL-enabled server section (in addition to your usual fastcgi params):<br />
<br />
fastcgi_param HTTPS on;<br />
<br />
==Other (Older) information==<br />
<br />
This page holds a sample 'config.inc.php' file that you can place in the main phpMyAdmin directory so that it immediately starts working<br />
<br />
'''Things you should do first'''<br />
<br />
Create a 'controluser', so that phpmyadmin can read from the main mysql database.<br />
<br />
{{bc|mysql -u root -pYOURROOTPASSWORD<br />
mysql> grant usage on mysql.* to controluser@localhost identified by 'CONTROLPASS';<br />
}}<br />
<br />
'''Where is phpmyadmin'''<br />
<br />
in phpmyadmin 3.2.2-3 the file is missing /srv/http/ create this symlik<br />
<br />
{{bc|ln -s /usr/share/webapps/phpMyAdmin/ /srv/http/phpmyadmin<br />
}}<br />
<br />
'''Things you should change'''<br />
<br />
controluser is set to controluser <br><br />
controlpass is set to password <br><br />
verbose is set to name_of_server<br />
<br />
'''Sample 'config.inc.php' file'''<br />
{{bc|1=<br />
<?php<br />
/*<br />
* Generated configuration file<br />
* Generated by: phpMyAdmin 2.11.8.1 setup script by Michal Čihař <michal@cihar.com><br />
* Version: $Id: setup.php 11423 2008-07-24 17:26:05Z lem9 $<br />
* Date: Mon, 01 Sep 2008 20:34:02 GMT<br />
*/<br />
<br />
/* Servers configuration */<br />
$i = 0;<br />
<br />
/* Server ravi-test-mysql (http) [1] */<br />
$i++;<br />
$cfg['Servers'][$i]['host'] = 'localhost';<br />
$cfg['Servers'][$i]['extension'] = 'mysql';<br />
$cfg['Servers'][$i]['port'] = '3306';<br />
$cfg['Servers'][$i]['connect_type'] = 'tcp';<br />
$cfg['Servers'][$i]['compress'] = false;<br />
$cfg['Servers'][$i]['controluser'] = 'controluser';<br />
$cfg['Servers'][$i]['controlpass'] = 'password';<br />
$cfg['Servers'][$i]['auth_type'] = 'http';<br />
$cfg['Servers'][$i]['verbose'] = 'name_of_server';<br />
<br />
/* End of servers configuration */<br />
<br />
$cfg['LeftFrameLight'] = true;<br />
$cfg['LeftFrameDBTree'] = true;<br />
$cfg['LeftFrameDBSeparator'] = '_';<br />
$cfg['LeftFrameTableSeparator'] = '__';<br />
$cfg['LeftFrameTableLevel'] = 1;<br />
$cfg['LeftDisplayLogo'] = true;<br />
$cfg['LeftDisplayServers'] = false;<br />
$cfg['DisplayServersList'] = false;<br />
$cfg['DisplayDatabasesList'] = 'auto';<br />
$cfg['LeftPointerEnable'] = true;<br />
$cfg['DefaultTabServer'] = 'main.php';<br />
$cfg['DefaultTabDatabase'] = 'db_structure.php';<br />
$cfg['DefaultTabTable'] = 'tbl_structure.php';<br />
$cfg['LightTabs'] = false;<br />
$cfg['ErrorIconic'] = true;<br />
$cfg['MainPageIconic'] = true;<br />
$cfg['ReplaceHelpImg'] = true;<br />
$cfg['NavigationBarIconic'] = 'both';<br />
$cfg['PropertiesIconic'] = 'both';<br />
$cfg['BrowsePointerEnable'] = true;<br />
$cfg['BrowseMarkerEnable'] = true;<br />
$cfg['ModifyDeleteAtRight'] = false;<br />
$cfg['ModifyDeleteAtLeft'] = true;<br />
$cfg['RepeatCells'] = 100;<br />
$cfg['DefaultDisplay'] = 'horizontal';<br />
$cfg['TextareaCols'] = 40;<br />
$cfg['TextareaRows'] = 7;<br />
$cfg['LongtextDoubleTextarea'] = true;<br />
$cfg['TextareaAutoSelect'] = false;<br />
$cfg['CharEditing'] = 'input';<br />
$cfg['CharTextareaCols'] = 40;<br />
$cfg['CharTextareaRows'] = 2;<br />
$cfg['CtrlArrowsMoving'] = true;<br />
$cfg['DefaultPropDisplay'] = 'horizontal';<br />
$cfg['InsertRows'] = 2;<br />
$cfg['EditInWindow'] = true;<br />
$cfg['QueryWindowHeight'] = 310;<br />
$cfg['QueryWindowWidth'] = 550;<br />
$cfg['QueryWindowDefTab'] = 'sql';<br />
$cfg['ForceSSL'] = false;<br />
$cfg['ShowPhpInfo'] = false;<br />
$cfg['ShowChgPassword'] = false;<br />
$cfg['AllowArbitraryServer'] = false;<br />
$cfg['LoginCookieRecall'] = 'something';<br />
$cfg['LoginCookieValidity'] = 1800;<br />
?><br />
}}</div>Pimanachttps://wiki.archlinux.org/index.php?title=PhpMyAdmin&diff=232662PhpMyAdmin2012-10-31T03:34:58Z<p>Pimanac: /* Enabling Configuration Storage (optional) */</p>
<hr />
<div>[[Category:Web Server]]<br />
{{lowercase title}}<br />
[[cs:PhpMyAdmin]]<br />
[[es:PhpMyAdmin]]<br />
[[fr:phpmyadmin]]<br />
[[ru:PhpMyAdmin]]<br />
[[tr:PhpMyAdmin]]<br />
[[zh-CN:PhpMyAdmin]]<br />
==Pre-Installation==<br />
See [[LAMP]] for a guide to setting up Apache, MySQL, and PHP.<br />
<br />
==Installation==<br />
To install [http://www.phpmyadmin.net/ phpMyAdmin], install the ''phpmyadmin'' and ''php-mcrypt'' packages with<br />
{{bc|<br />
pacman -S phpmyadmin php-mcrypt<br />
}}<br />
<br />
== Configuration ==<br />
Ensure you do not have an older copy of phpMyAdmin.<br />
{{bc|<br />
rm -r /srv/http/phpMyAdmin<br />
}}<br />
<br />
Copy the example configuration file to your httpd configuration directory.<br />
{{bc|<br />
cp /etc/webapps/phpmyadmin/apache.example.conf /etc/httpd/conf/extra/httpd-phpmyadmin.conf<br />
}}<br />
<br />
Add the following lines to {{ic|/etc/httpd/conf/httpd.conf}}:<br />
{{bc|<br />
# phpMyAdmin configuration<br />
Include conf/extra/httpd-phpmyadmin.conf<br />
}}<br />
<br />
You can type this into the terminal to produce the same effect:<br />
{{bc|<br />
echo -e "\nInclude conf/extra/httpd-phpmyadmin.conf" >> /etc/httpd/conf/httpd.conf<br />
}}<br />
<br />
=== Check php module configuration ===<br />
<br />
Add the following lines to {{ic|/etc/httpd/conf/httpd.conf}}:<br />
{{bc|<br />
# Use for PHP 5.x:<br />
LoadModule php5_module modules/libphp5.so<br />
AddHandler php5-script php<br />
}}<br />
<br />
You can append PHP support using follow command:<br />
<br />
# echo -e "\nLoadModule php5_module modules/libphp5.so\nAddHandler php5-script php\n" >> /etc/httpd/conf/httpd.conf<br />
<br />
Add index.php after "DirectoryIndex index.html"<br />
{{bc|<br />
# DirectoryIndex: sets the file that Apache will serve if a directory<br />
# is requested.<br />
#<br />
<IfModule dir_module><br />
DirectoryIndex index.html index.php<br />
</IfModule><br />
}}<br />
<br />
=== Adjust access rights ===<br />
<br />
In {{ic|/etc/webapps/phpmyadmin/.htaccess}}, comment out ''deny from all''. The line should look like this:<br />
#deny from all<br />
<br />
Alternatively, you can restrict access to localhost and your local network only. Replace ''192.168.1.0/24'' with your network's IP block.<br />
deny from all<br />
allow from localhost<br />
allow from 192.168.1.0/24<br />
<br />
The lines above are not enough if you use ipv6 in {{ic|/etc/hosts}}. If so, add one more line to {{ic|/etc/webapps/phpmyadmin/.htaccess}}:<br />
allow from ::1<br />
<br />
Otherwise you'll get an error similar to "Error 403 - Access forbidden!" when you attempt to access your phpMyAdmin installation.<br />
<br />
=== Review apache phpmyadmin configuration ===<br />
<br />
Your {{ic|/etc/httpd/conf/extra/httpd-phpmyadmin.conf}} should have the following information:<br />
{{bc|<br />
Alias /phpmyadmin "/usr/share/webapps/phpMyAdmin"<br />
<Directory "/usr/share/webapps/phpMyAdmin"><br />
AllowOverride All<br />
Options FollowSymlinks<br />
Order allow,deny<br />
Allow from all<br />
php_admin_value open_basedir "/srv/:/tmp/:/usr/share/webapps/:/etc/webapps:/usr/share/pear/"<br />
</Directory><br />
}}<br />
<br />
You need the mcrypt (if you want phpmyadmin internal authentication) and mysql modules, so uncomment the following in {{ic|/etc/php/php.ini}}:<br />
extension=mcrypt.so<br />
extension=mysql.so<br />
extension=mysqli.so (optional)<br />
<br />
and {{ic|rc.d restart httpd}}.<br />
<br />
=== Add blowfish_secret passphrase ===<br />
If you see the following error message at the bottom of the page when you first log in to /phpmyadmin (using a previously setup MySQL username and password) :<br />
<br />
ERROR: The configuration file now needs a secret passphrase (blowfish_secret)<br />
<br />
You need to add a blowfish password to the phpMyAdmin's config file. Edit {{ic|/etc/webapps/phpmyadmin/config.inc.php}} and insert a random blowfish "password" in the line <br />
<br />
$cfg['blowfish_secret'] = ''; /* YOU MUST FILL IN THIS FOR COOKIE AUTH! */<br />
<br />
Go [http://www.question-defense.com/tools/phpmyadmin-blowfish-secret-generator here] to get a nicely generated blowfish_secret and paste it between the '' marks. It should now look something like this:<br />
<br />
$cfg['blowfish_secret'] = 'qtdRoGmbc9{8IZr323xYcSN]0s)r$9b_JUnb{~Xz'; /* YOU MUST FILL IN THIS FOR COOKIE AUTH! */<br />
<br />
The error should go away if you refresh the phpmyadmin page.<br />
<br />
=== Enabling Configuration Storage (optional) ===<br />
Now that the basic database server has been setup, it ''is'' functional, however by default, extra options such as table linking, change tracking, PDF creation, and bookmarking queries are disabled. You will see a message at the bottom of the main phpMyAdmin page, "The phpMyAdmin configuration storage is not completely configured, some extended features have been deactivated. To find out why...", This section addresses how to to enable these extra features.<br />
<br />
{{note|This example assumes you want to use the username '''pma''' as the controluser, and '''pmapass''' as the controlpass. These should be changed (the ''very'' least, you should change the password!) to something more secure.}}<br />
<br />
In {{ic|/etc/webapps/phpmyadmin/config.inc.php}}, uncomment (remove the leading "//"s on) these two lines, and change them to your desired credentials:<br />
{{bc|1=<br />
// $cfg['Servers'][$i]['controluser'] = 'pma';<br />
// $cfg['Servers'][$i]['controlpass'] = 'pmapass';<br />
}}<br />
You will need this information later, so keep it in mind.<br />
<br />
Beneath the controluser setup section, uncomment these lines:<br />
{{bc|1=<br />
/* Storage database and tables */<br />
// $cfg['Servers'][$i]['pmadb'] = 'phpmyadmin';<br />
// $cfg['Servers'][$i]['bookmarktable'] = 'pma_bookmark';<br />
// $cfg['Servers'][$i]['relation'] = 'pma_relation';<br />
// $cfg['Servers'][$i]['table_info'] = 'pma_table_info';<br />
// $cfg['Servers'][$i]['table_coords'] = 'pma_table_coords';<br />
// $cfg['Servers'][$i]['pdf_pages'] = 'pma_pdf_pages';<br />
// $cfg['Servers'][$i]['column_info'] = 'pma_column_info';<br />
// $cfg['Servers'][$i]['history'] = 'pma_history';<br />
// $cfg['Servers'][$i]['tracking'] = 'pma_tracking';<br />
// $cfg['Servers'][$i]['designer_coords'] = 'pma_designer_coords';<br />
// $cfg['Servers'][$i]['userconfig'] = 'pma_userconfig';<br />
// $cfg['Servers'][$i]['recent'] = 'pma_recent';<br />
}}<br />
<br />
Next, create the user with the above details. Don't set any permissions for it just yet.<br />
{{note|If you can't login to phpmyadmin, make sure that your mysql server is started.}}<br />
<br />
<br />
===== creating phpMyAdmin database =====<br />
<br />
Using the phpMyAdmin web interface:<br />
Import {{ic|/usr/share/webapps/phpMyAdmin/examples/create_tables.sql}} from phpMyAdmin -> Import.<br />
<br />
Using command line:<br />
{{ic|mysql -uroot -p < /usr/share/webapps/phpMyAdmin/examples/create_tables.sql }}<br />
<br />
Now to apply the permissions to your controluser, in the SQL tab, make sure to replace all instances of 'pma' and 'pmapass' to the values set in config.inc.php. If you are setting this up for a remote database, then you must also change 'localhost' to the proper host:<br />
{{bc|<br />
GRANT USAGE ON mysql.* TO 'pma'@'localhost' IDENTIFIED BY 'pmapass';<br />
GRANT SELECT (<br />
Host, User, Select_priv, Insert_priv, Update_priv, Delete_priv,<br />
Create_priv, Drop_priv, Reload_priv, Shutdown_priv, Process_priv,<br />
File_priv, Grant_priv, References_priv, Index_priv, Alter_priv,<br />
Show_db_priv, Super_priv, Create_tmp_table_priv, Lock_tables_priv,<br />
Execute_priv, Repl_slave_priv, Repl_client_priv<br />
) ON mysql.user TO 'pma'@'localhost';<br />
GRANT SELECT ON mysql.db TO 'pma'@'localhost';<br />
GRANT SELECT ON mysql.host TO 'pma'@'localhost';<br />
GRANT SELECT (Host, Db, User, Table_name, Table_priv, Column_priv)<br />
ON mysql.tables_priv TO 'pma'@'localhost';<br />
}}<br />
<br />
In order to take advantage of the bookmark and relation features, you will also need to give '''pma''' some additional permissions:<br />
{{Note|as long as you did not change the value of '''$cfg['Servers'][$i]['pmadb']''' in {{ic|/etc/webapps/phpmyadmin/config.inc.php}}, then '''<pma_db>''' should be '''phpmyadmin'''}}<br />
{{bc|GRANT SELECT, INSERT, UPDATE, DELETE ON <pma_db>.* TO 'pma'@'localhost';}}<br />
<br />
Log out, and back in to ensure the new features are activated. The message at the bottom of the main screen should now be gone.<br />
<br />
==Accessing your phpMyAdmin installation==<br />
Finally your phpmyadmin installation is complete. Before you start using it you need to restart your apache server by following command:<br />
<br />
{{bc|<br />
# rc.d restart httpd<br />
}}<br />
<br />
You can access your phpmyadmin installation using the following url:<br />
<br />
{{bc|<br />
http://localhost/phpmyadmin/<br />
or<br />
http://localhost/phpmyadmin/index.php<br />
}}<br />
<br />
Note: 'localhost' is the hostname in your /etc/rc.conf file.<br />
<br />
If you want to access it using:<br />
<br />
{{bc|<br />
http://localhost/phpmyadmin<br />
}}<br />
<br />
in '/etc/httpd/conf/extra/httpd-phpmyadmin.conf' change:<br />
<br />
{{bc|<br />
Alias /phpmyadmin/ "/usr/share/webapps/phpMyAdmin/"<br />
}}<br />
<br />
to<br />
<br />
{{bc|<br />
Alias /phpmyadmin "/usr/share/webapps/phpMyAdmin"<br />
}}<br />
<br />
You should also read [http://bbs.archlinux.org/viewtopic.php?pid=632500 this thread].<br />
<br />
If you get the error "#2002 - The server is not responding (or the local MySQL server's socket is not correctly configured)" then you might want to change "localhost" in /etc/webapps/phpmyadmin/config.inc.php on this line:<br />
<br />
{{bc|1=<br />
$cfg['Servers'][$i]['host'] = 'localhost';<br />
}}<br />
<br />
to your hostname specified in /etc/hosts and /etc/rc.conf under HOSTNAME.<br />
<br />
If you would like to use phpmyadmin setup script by calling http://localhost/phpmyadmin/setup you will need to create a config directory that's writeable by the httpd in the /usr/share/webapps/phpmyadmin as follows:<br />
<br />
{{bc|<br />
cd /usr/share/webapps/phpMyAdmin<br />
sudo mkdir config<br />
sudo chgrp http config<br />
sudo chmod g+w config<br />
}}<br />
<br />
==Lighttpd Configuration==<br />
The php setup for lighttpd is exactly the same as for apache.<br />
Make an alias for phpmyadmin in your lighttpd config.<br />
alias.url = ( "/phpmyadmin" => "/usr/share/webapps/phpMyAdmin/")<br />
Then enable mod_alias, mod_fastcgi and mod_cgi in your config ( server.modules section )<br />
<br />
Update open_basedir in /etc/php/php.ini and add "/usr/share/webapps/".<br />
open_basedir = /srv/http/:/home/:/tmp/:/usr/share/pear/:/usr/share/webapps/:/etc/webapps/<br />
<br />
Make sure lighttpd is setup to serve php files, [[Lighttpd]]<br />
<br />
Restart lighttpd and browse to http://localhost/phpmyadmin/index.php<br />
<br />
==NGINX Configuration==<br />
Also similar to apache configuration (and Lighttpd, for that matter).<br />
<br />
Create a symbolic link to the /usr/share/webapps/phpmyadmin directory from whichever directory your vhost is serving files from, e.g. /srv/http/<domain>/public_html/<br />
<br />
sudo ln -s /usr/share/webapps/phpMyAdmin /srv/http/<domain>/public_html/phpmyadmin<br />
<br />
You can also setup a sub domain with a server block like so (if using php-fpm):<br />
<br />
server {<br />
server_name phpmyadmin.<domain.tld>;<br />
access_log /srv/http/<domain>/logs/phpmyadmin.access.log;<br />
error_log /srv/http/<domain.tld>/logs/phpmyadmin.error.log;<br />
<br />
location / {<br />
root /srv/http/<domain.tld>/public_html/phpmyadmin;<br />
index index.html index.htm index.php;<br />
}<br />
<br />
location ~ \.php$ {<br />
root /srv/http/<domain.tld>/public_html/phpmyadmin;<br />
fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;<br />
fastcgi_index index.php;<br />
fastcgi_param SCRIPT_FILENAME /srv/http/<domain.tld>/public_html/phpmyadmin/$fastcgi_script_name;<br />
include fastcgi_params;<br />
}<br />
}<br />
<br />
Update open_basedir in /etc/php/php.ini and add "/usr/share/webapps/".<br />
open_basedir = /srv/http/:/home/:/tmp/:/usr/share/pear/:/usr/share/webapps/:/etc/webapps/<br />
<br />
You may run into some issues with phpmyadmin telling you "The Configuration File Now Needs A Secret Passphrase" and no matter what you enter, the error is still displayed. Try changing the ownership of the files to the NGINX specified user/group, e.g. nginx...<br />
<br />
sudo chown -R http:http /usr/share/webapps/phpMyAdmin<br />
<br />
If the above doesn't fix it try adding the following to your NGINX Configuration below the other fastcgi_param (I think its something to do with the Suhosin-Patch)<br />
<br />
fastcgi_param PHP_ADMIN_VALUE open_basedir="/srv/:/tmp/:/usr/share/webapps/:/etc/webapps:/usr/share/pear/";<br />
<br />
While you can enter anything for the blowfish password, you may want to choose a randomly generated string of characters (most likely for security reasons). Here's a handy tool that will do that for you on the web[http://www.question-defense.com/tools/phpmyadmin-blowfish-secret-generator].<br />
<br />
When using SSL, you might run into the problem that the links on the pages generated by phpMyAdmin incorrectly start with "http" instead of "https" which may cause errors. To fix this, you can add the following fcgi_param to your SSL-enabled server section (in addition to your usual fastcgi params):<br />
<br />
fastcgi_param HTTPS on;<br />
<br />
==Other (Older) information==<br />
<br />
This page holds a sample 'config.inc.php' file that you can place in the main phpMyAdmin directory so that it immediately starts working<br />
<br />
'''Things you should do first'''<br />
<br />
Create a 'controluser', so that phpmyadmin can read from the main mysql database.<br />
<br />
{{bc|mysql -u root -pYOURROOTPASSWORD<br />
mysql> grant usage on mysql.* to controluser@localhost identified by 'CONTROLPASS';<br />
}}<br />
<br />
'''Where is phpmyadmin'''<br />
<br />
in phpmyadmin 3.2.2-3 the file is missing /srv/http/ create this symlik<br />
<br />
{{bc|ln -s /usr/share/webapps/phpMyAdmin/ /srv/http/phpmyadmin<br />
}}<br />
<br />
'''Things you should change'''<br />
<br />
controluser is set to controluser <br><br />
controlpass is set to password <br><br />
verbose is set to name_of_server<br />
<br />
'''Sample 'config.inc.php' file'''<br />
{{bc|1=<br />
<?php<br />
/*<br />
* Generated configuration file<br />
* Generated by: phpMyAdmin 2.11.8.1 setup script by Michal Čihař <michal@cihar.com><br />
* Version: $Id: setup.php 11423 2008-07-24 17:26:05Z lem9 $<br />
* Date: Mon, 01 Sep 2008 20:34:02 GMT<br />
*/<br />
<br />
/* Servers configuration */<br />
$i = 0;<br />
<br />
/* Server ravi-test-mysql (http) [1] */<br />
$i++;<br />
$cfg['Servers'][$i]['host'] = 'localhost';<br />
$cfg['Servers'][$i]['extension'] = 'mysql';<br />
$cfg['Servers'][$i]['port'] = '3306';<br />
$cfg['Servers'][$i]['connect_type'] = 'tcp';<br />
$cfg['Servers'][$i]['compress'] = false;<br />
$cfg['Servers'][$i]['controluser'] = 'controluser';<br />
$cfg['Servers'][$i]['controlpass'] = 'password';<br />
$cfg['Servers'][$i]['auth_type'] = 'http';<br />
$cfg['Servers'][$i]['verbose'] = 'name_of_server';<br />
<br />
/* End of servers configuration */<br />
<br />
$cfg['LeftFrameLight'] = true;<br />
$cfg['LeftFrameDBTree'] = true;<br />
$cfg['LeftFrameDBSeparator'] = '_';<br />
$cfg['LeftFrameTableSeparator'] = '__';<br />
$cfg['LeftFrameTableLevel'] = 1;<br />
$cfg['LeftDisplayLogo'] = true;<br />
$cfg['LeftDisplayServers'] = false;<br />
$cfg['DisplayServersList'] = false;<br />
$cfg['DisplayDatabasesList'] = 'auto';<br />
$cfg['LeftPointerEnable'] = true;<br />
$cfg['DefaultTabServer'] = 'main.php';<br />
$cfg['DefaultTabDatabase'] = 'db_structure.php';<br />
$cfg['DefaultTabTable'] = 'tbl_structure.php';<br />
$cfg['LightTabs'] = false;<br />
$cfg['ErrorIconic'] = true;<br />
$cfg['MainPageIconic'] = true;<br />
$cfg['ReplaceHelpImg'] = true;<br />
$cfg['NavigationBarIconic'] = 'both';<br />
$cfg['PropertiesIconic'] = 'both';<br />
$cfg['BrowsePointerEnable'] = true;<br />
$cfg['BrowseMarkerEnable'] = true;<br />
$cfg['ModifyDeleteAtRight'] = false;<br />
$cfg['ModifyDeleteAtLeft'] = true;<br />
$cfg['RepeatCells'] = 100;<br />
$cfg['DefaultDisplay'] = 'horizontal';<br />
$cfg['TextareaCols'] = 40;<br />
$cfg['TextareaRows'] = 7;<br />
$cfg['LongtextDoubleTextarea'] = true;<br />
$cfg['TextareaAutoSelect'] = false;<br />
$cfg['CharEditing'] = 'input';<br />
$cfg['CharTextareaCols'] = 40;<br />
$cfg['CharTextareaRows'] = 2;<br />
$cfg['CtrlArrowsMoving'] = true;<br />
$cfg['DefaultPropDisplay'] = 'horizontal';<br />
$cfg['InsertRows'] = 2;<br />
$cfg['EditInWindow'] = true;<br />
$cfg['QueryWindowHeight'] = 310;<br />
$cfg['QueryWindowWidth'] = 550;<br />
$cfg['QueryWindowDefTab'] = 'sql';<br />
$cfg['ForceSSL'] = false;<br />
$cfg['ShowPhpInfo'] = false;<br />
$cfg['ShowChgPassword'] = false;<br />
$cfg['AllowArbitraryServer'] = false;<br />
$cfg['LoginCookieRecall'] = 'something';<br />
$cfg['LoginCookieValidity'] = 1800;<br />
?><br />
}}</div>Pimanachttps://wiki.archlinux.org/index.php?title=PhpMyAdmin&diff=232661PhpMyAdmin2012-10-31T03:30:57Z<p>Pimanac: /* Enabling Configuration Storage (optional) */</p>
<hr />
<div>[[Category:Web Server]]<br />
{{lowercase title}}<br />
[[cs:PhpMyAdmin]]<br />
[[es:PhpMyAdmin]]<br />
[[fr:phpmyadmin]]<br />
[[ru:PhpMyAdmin]]<br />
[[tr:PhpMyAdmin]]<br />
[[zh-CN:PhpMyAdmin]]<br />
==Pre-Installation==<br />
See [[LAMP]] for a guide to setting up Apache, MySQL, and PHP.<br />
<br />
==Installation==<br />
To install [http://www.phpmyadmin.net/ phpMyAdmin], install the ''phpmyadmin'' and ''php-mcrypt'' packages with<br />
{{bc|<br />
pacman -S phpmyadmin php-mcrypt<br />
}}<br />
<br />
== Configuration ==<br />
Ensure you do not have an older copy of phpMyAdmin.<br />
{{bc|<br />
rm -r /srv/http/phpMyAdmin<br />
}}<br />
<br />
Copy the example configuration file to your httpd configuration directory.<br />
{{bc|<br />
cp /etc/webapps/phpmyadmin/apache.example.conf /etc/httpd/conf/extra/httpd-phpmyadmin.conf<br />
}}<br />
<br />
Add the following lines to {{ic|/etc/httpd/conf/httpd.conf}}:<br />
{{bc|<br />
# phpMyAdmin configuration<br />
Include conf/extra/httpd-phpmyadmin.conf<br />
}}<br />
<br />
You can type this into the terminal to produce the same effect:<br />
{{bc|<br />
echo -e "\nInclude conf/extra/httpd-phpmyadmin.conf" >> /etc/httpd/conf/httpd.conf<br />
}}<br />
<br />
=== Check php module configuration ===<br />
<br />
Add the following lines to {{ic|/etc/httpd/conf/httpd.conf}}:<br />
{{bc|<br />
# Use for PHP 5.x:<br />
LoadModule php5_module modules/libphp5.so<br />
AddHandler php5-script php<br />
}}<br />
<br />
You can append PHP support using follow command:<br />
<br />
# echo -e "\nLoadModule php5_module modules/libphp5.so\nAddHandler php5-script php\n" >> /etc/httpd/conf/httpd.conf<br />
<br />
Add index.php after "DirectoryIndex index.html"<br />
{{bc|<br />
# DirectoryIndex: sets the file that Apache will serve if a directory<br />
# is requested.<br />
#<br />
<IfModule dir_module><br />
DirectoryIndex index.html index.php<br />
</IfModule><br />
}}<br />
<br />
=== Adjust access rights ===<br />
<br />
In {{ic|/etc/webapps/phpmyadmin/.htaccess}}, comment out ''deny from all''. The line should look like this:<br />
#deny from all<br />
<br />
Alternatively, you can restrict access to localhost and your local network only. Replace ''192.168.1.0/24'' with your network's IP block.<br />
deny from all<br />
allow from localhost<br />
allow from 192.168.1.0/24<br />
<br />
The lines above are not enough if you use ipv6 in {{ic|/etc/hosts}}. If so, add one more line to {{ic|/etc/webapps/phpmyadmin/.htaccess}}:<br />
allow from ::1<br />
<br />
Otherwise you'll get an error similar to "Error 403 - Access forbidden!" when you attempt to access your phpMyAdmin installation.<br />
<br />
=== Review apache phpmyadmin configuration ===<br />
<br />
Your {{ic|/etc/httpd/conf/extra/httpd-phpmyadmin.conf}} should have the following information:<br />
{{bc|<br />
Alias /phpmyadmin "/usr/share/webapps/phpMyAdmin"<br />
<Directory "/usr/share/webapps/phpMyAdmin"><br />
AllowOverride All<br />
Options FollowSymlinks<br />
Order allow,deny<br />
Allow from all<br />
php_admin_value open_basedir "/srv/:/tmp/:/usr/share/webapps/:/etc/webapps:/usr/share/pear/"<br />
</Directory><br />
}}<br />
<br />
You need the mcrypt (if you want phpmyadmin internal authentication) and mysql modules, so uncomment the following in {{ic|/etc/php/php.ini}}:<br />
extension=mcrypt.so<br />
extension=mysql.so<br />
extension=mysqli.so (optional)<br />
<br />
and {{ic|rc.d restart httpd}}.<br />
<br />
=== Add blowfish_secret passphrase ===<br />
If you see the following error message at the bottom of the page when you first log in to /phpmyadmin (using a previously setup MySQL username and password) :<br />
<br />
ERROR: The configuration file now needs a secret passphrase (blowfish_secret)<br />
<br />
You need to add a blowfish password to the phpMyAdmin's config file. Edit {{ic|/etc/webapps/phpmyadmin/config.inc.php}} and insert a random blowfish "password" in the line <br />
<br />
$cfg['blowfish_secret'] = ''; /* YOU MUST FILL IN THIS FOR COOKIE AUTH! */<br />
<br />
Go [http://www.question-defense.com/tools/phpmyadmin-blowfish-secret-generator here] to get a nicely generated blowfish_secret and paste it between the '' marks. It should now look something like this:<br />
<br />
$cfg['blowfish_secret'] = 'qtdRoGmbc9{8IZr323xYcSN]0s)r$9b_JUnb{~Xz'; /* YOU MUST FILL IN THIS FOR COOKIE AUTH! */<br />
<br />
The error should go away if you refresh the phpmyadmin page.<br />
<br />
=== Enabling Configuration Storage (optional) ===<br />
Now that the basic database server has been setup, it ''is'' functional, however by default, extra options such as table linking, change tracking, PDF creation, and bookmarking queries are disabled. You will see a message at the bottom of the main phpMyAdmin page, "The phpMyAdmin configuration storage is not completely configured, some extended features have been deactivated. To find out why...", This section addresses how to to enable these extra features.<br />
<br />
{{note|This example assumes you want to use the username '''pma''' as the controluser, and '''pmapass''' as the controlpass. These should be changed (the ''very'' least, you should change the password!) to something more secure.}}<br />
<br />
In {{ic|/etc/webapps/phpmyadmin/config.inc.php}}, uncomment (remove the leading "//"s on) these two lines, and change them to your desired credentials:<br />
{{bc|1=<br />
// $cfg['Servers'][$i]['controluser'] = 'pma';<br />
// $cfg['Servers'][$i]['controlpass'] = 'pmapass';<br />
}}<br />
You will need this information later, so keep it in mind.<br />
<br />
Beneath the controluser setup section, uncomment these lines:<br />
{{bc|1=<br />
/* Storage database and tables */<br />
// $cfg['Servers'][$i]['pmadb'] = 'phpmyadmin';<br />
// $cfg['Servers'][$i]['bookmarktable'] = 'pma_bookmark';<br />
// $cfg['Servers'][$i]['relation'] = 'pma_relation';<br />
// $cfg['Servers'][$i]['table_info'] = 'pma_table_info';<br />
// $cfg['Servers'][$i]['table_coords'] = 'pma_table_coords';<br />
// $cfg['Servers'][$i]['pdf_pages'] = 'pma_pdf_pages';<br />
// $cfg['Servers'][$i]['column_info'] = 'pma_column_info';<br />
// $cfg['Servers'][$i]['history'] = 'pma_history';<br />
// $cfg['Servers'][$i]['tracking'] = 'pma_tracking';<br />
// $cfg['Servers'][$i]['designer_coords'] = 'pma_designer_coords';<br />
// $cfg['Servers'][$i]['userconfig'] = 'pma_userconfig';<br />
// $cfg['Servers'][$i]['recent'] = 'pma_recent';<br />
}}<br />
<br />
Next, create the user with the above details. Don't set any permissions for it just yet.<br />
{{note|If you can't login to phpmyadmin, make sure that your mysql server is started.}}<br />
<br />
Import {{ic|/usr/share/webapps/phpMyAdmin/examples/create_tables.sql}} from phpMyAdmin -> Import.<br />
or from the command line<br />
{{ic|mysql -uroot -p < /usr/share/webapps/phpMyAdmin/examples/create_tables.sql }}<br />
<br />
Now to apply the permissions to your controluser, in the SQL tab, make sure to replace all instances of 'pma' and 'pmapass' to the values set in config.inc.php. If you are setting this up for a remote database, then you must also change 'localhost' to the proper host:<br />
{{bc|<br />
GRANT USAGE ON mysql.* TO 'pma'@'localhost' IDENTIFIED BY 'pmapass';<br />
GRANT SELECT (<br />
Host, User, Select_priv, Insert_priv, Update_priv, Delete_priv,<br />
Create_priv, Drop_priv, Reload_priv, Shutdown_priv, Process_priv,<br />
File_priv, Grant_priv, References_priv, Index_priv, Alter_priv,<br />
Show_db_priv, Super_priv, Create_tmp_table_priv, Lock_tables_priv,<br />
Execute_priv, Repl_slave_priv, Repl_client_priv<br />
) ON mysql.user TO 'pma'@'localhost';<br />
GRANT SELECT ON mysql.db TO 'pma'@'localhost';<br />
GRANT SELECT ON mysql.host TO 'pma'@'localhost';<br />
GRANT SELECT (Host, Db, User, Table_name, Table_priv, Column_priv)<br />
ON mysql.tables_priv TO 'pma'@'localhost';<br />
}}<br />
<br />
In order to take advantage of the bookmark and relation features, you will also need to give '''pma''' some additional permissions:<br />
{{Note|as long as you did not change the value of '''$cfg['Servers'][$i]['pmadb']''' in {{ic|/etc/webapps/phpmyadmin/config.inc.php}}, then '''<pma_db>''' should be '''phpmyadmin'''}}<br />
{{bc|GRANT SELECT, INSERT, UPDATE, DELETE ON <pma_db>.* TO 'pma'@'localhost';}}<br />
<br />
Log out, and back in to ensure the new features are activated. The message at the bottom of the main screen should now be gone.<br />
<br />
==Accessing your phpMyAdmin installation==<br />
Finally your phpmyadmin installation is complete. Before you start using it you need to restart your apache server by following command:<br />
<br />
{{bc|<br />
# rc.d restart httpd<br />
}}<br />
<br />
You can access your phpmyadmin installation using the following url:<br />
<br />
{{bc|<br />
http://localhost/phpmyadmin/<br />
or<br />
http://localhost/phpmyadmin/index.php<br />
}}<br />
<br />
Note: 'localhost' is the hostname in your /etc/rc.conf file.<br />
<br />
If you want to access it using:<br />
<br />
{{bc|<br />
http://localhost/phpmyadmin<br />
}}<br />
<br />
in '/etc/httpd/conf/extra/httpd-phpmyadmin.conf' change:<br />
<br />
{{bc|<br />
Alias /phpmyadmin/ "/usr/share/webapps/phpMyAdmin/"<br />
}}<br />
<br />
to<br />
<br />
{{bc|<br />
Alias /phpmyadmin "/usr/share/webapps/phpMyAdmin"<br />
}}<br />
<br />
You should also read [http://bbs.archlinux.org/viewtopic.php?pid=632500 this thread].<br />
<br />
If you get the error "#2002 - The server is not responding (or the local MySQL server's socket is not correctly configured)" then you might want to change "localhost" in /etc/webapps/phpmyadmin/config.inc.php on this line:<br />
<br />
{{bc|1=<br />
$cfg['Servers'][$i]['host'] = 'localhost';<br />
}}<br />
<br />
to your hostname specified in /etc/hosts and /etc/rc.conf under HOSTNAME.<br />
<br />
If you would like to use phpmyadmin setup script by calling http://localhost/phpmyadmin/setup you will need to create a config directory that's writeable by the httpd in the /usr/share/webapps/phpmyadmin as follows:<br />
<br />
{{bc|<br />
cd /usr/share/webapps/phpMyAdmin<br />
sudo mkdir config<br />
sudo chgrp http config<br />
sudo chmod g+w config<br />
}}<br />
<br />
==Lighttpd Configuration==<br />
The php setup for lighttpd is exactly the same as for apache.<br />
Make an alias for phpmyadmin in your lighttpd config.<br />
alias.url = ( "/phpmyadmin" => "/usr/share/webapps/phpMyAdmin/")<br />
Then enable mod_alias, mod_fastcgi and mod_cgi in your config ( server.modules section )<br />
<br />
Update open_basedir in /etc/php/php.ini and add "/usr/share/webapps/".<br />
open_basedir = /srv/http/:/home/:/tmp/:/usr/share/pear/:/usr/share/webapps/:/etc/webapps/<br />
<br />
Make sure lighttpd is setup to serve php files, [[Lighttpd]]<br />
<br />
Restart lighttpd and browse to http://localhost/phpmyadmin/index.php<br />
<br />
==NGINX Configuration==<br />
Also similar to apache configuration (and Lighttpd, for that matter).<br />
<br />
Create a symbolic link to the /usr/share/webapps/phpmyadmin directory from whichever directory your vhost is serving files from, e.g. /srv/http/<domain>/public_html/<br />
<br />
sudo ln -s /usr/share/webapps/phpMyAdmin /srv/http/<domain>/public_html/phpmyadmin<br />
<br />
You can also setup a sub domain with a server block like so (if using php-fpm):<br />
<br />
server {<br />
server_name phpmyadmin.<domain.tld>;<br />
access_log /srv/http/<domain>/logs/phpmyadmin.access.log;<br />
error_log /srv/http/<domain.tld>/logs/phpmyadmin.error.log;<br />
<br />
location / {<br />
root /srv/http/<domain.tld>/public_html/phpmyadmin;<br />
index index.html index.htm index.php;<br />
}<br />
<br />
location ~ \.php$ {<br />
root /srv/http/<domain.tld>/public_html/phpmyadmin;<br />
fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;<br />
fastcgi_index index.php;<br />
fastcgi_param SCRIPT_FILENAME /srv/http/<domain.tld>/public_html/phpmyadmin/$fastcgi_script_name;<br />
include fastcgi_params;<br />
}<br />
}<br />
<br />
Update open_basedir in /etc/php/php.ini and add "/usr/share/webapps/".<br />
open_basedir = /srv/http/:/home/:/tmp/:/usr/share/pear/:/usr/share/webapps/:/etc/webapps/<br />
<br />
You may run into some issues with phpmyadmin telling you "The Configuration File Now Needs A Secret Passphrase" and no matter what you enter, the error is still displayed. Try changing the ownership of the files to the NGINX specified user/group, e.g. nginx...<br />
<br />
sudo chown -R http:http /usr/share/webapps/phpMyAdmin<br />
<br />
If the above doesn't fix it try adding the following to your NGINX Configuration below the other fastcgi_param (I think its something to do with the Suhosin-Patch)<br />
<br />
fastcgi_param PHP_ADMIN_VALUE open_basedir="/srv/:/tmp/:/usr/share/webapps/:/etc/webapps:/usr/share/pear/";<br />
<br />
While you can enter anything for the blowfish password, you may want to choose a randomly generated string of characters (most likely for security reasons). Here's a handy tool that will do that for you on the web[http://www.question-defense.com/tools/phpmyadmin-blowfish-secret-generator].<br />
<br />
When using SSL, you might run into the problem that the links on the pages generated by phpMyAdmin incorrectly start with "http" instead of "https" which may cause errors. To fix this, you can add the following fcgi_param to your SSL-enabled server section (in addition to your usual fastcgi params):<br />
<br />
fastcgi_param HTTPS on;<br />
<br />
==Other (Older) information==<br />
<br />
This page holds a sample 'config.inc.php' file that you can place in the main phpMyAdmin directory so that it immediately starts working<br />
<br />
'''Things you should do first'''<br />
<br />
Create a 'controluser', so that phpmyadmin can read from the main mysql database.<br />
<br />
{{bc|mysql -u root -pYOURROOTPASSWORD<br />
mysql> grant usage on mysql.* to controluser@localhost identified by 'CONTROLPASS';<br />
}}<br />
<br />
'''Where is phpmyadmin'''<br />
<br />
in phpmyadmin 3.2.2-3 the file is missing /srv/http/ create this symlik<br />
<br />
{{bc|ln -s /usr/share/webapps/phpMyAdmin/ /srv/http/phpmyadmin<br />
}}<br />
<br />
'''Things you should change'''<br />
<br />
controluser is set to controluser <br><br />
controlpass is set to password <br><br />
verbose is set to name_of_server<br />
<br />
'''Sample 'config.inc.php' file'''<br />
{{bc|1=<br />
<?php<br />
/*<br />
* Generated configuration file<br />
* Generated by: phpMyAdmin 2.11.8.1 setup script by Michal Čihař <michal@cihar.com><br />
* Version: $Id: setup.php 11423 2008-07-24 17:26:05Z lem9 $<br />
* Date: Mon, 01 Sep 2008 20:34:02 GMT<br />
*/<br />
<br />
/* Servers configuration */<br />
$i = 0;<br />
<br />
/* Server ravi-test-mysql (http) [1] */<br />
$i++;<br />
$cfg['Servers'][$i]['host'] = 'localhost';<br />
$cfg['Servers'][$i]['extension'] = 'mysql';<br />
$cfg['Servers'][$i]['port'] = '3306';<br />
$cfg['Servers'][$i]['connect_type'] = 'tcp';<br />
$cfg['Servers'][$i]['compress'] = false;<br />
$cfg['Servers'][$i]['controluser'] = 'controluser';<br />
$cfg['Servers'][$i]['controlpass'] = 'password';<br />
$cfg['Servers'][$i]['auth_type'] = 'http';<br />
$cfg['Servers'][$i]['verbose'] = 'name_of_server';<br />
<br />
/* End of servers configuration */<br />
<br />
$cfg['LeftFrameLight'] = true;<br />
$cfg['LeftFrameDBTree'] = true;<br />
$cfg['LeftFrameDBSeparator'] = '_';<br />
$cfg['LeftFrameTableSeparator'] = '__';<br />
$cfg['LeftFrameTableLevel'] = 1;<br />
$cfg['LeftDisplayLogo'] = true;<br />
$cfg['LeftDisplayServers'] = false;<br />
$cfg['DisplayServersList'] = false;<br />
$cfg['DisplayDatabasesList'] = 'auto';<br />
$cfg['LeftPointerEnable'] = true;<br />
$cfg['DefaultTabServer'] = 'main.php';<br />
$cfg['DefaultTabDatabase'] = 'db_structure.php';<br />
$cfg['DefaultTabTable'] = 'tbl_structure.php';<br />
$cfg['LightTabs'] = false;<br />
$cfg['ErrorIconic'] = true;<br />
$cfg['MainPageIconic'] = true;<br />
$cfg['ReplaceHelpImg'] = true;<br />
$cfg['NavigationBarIconic'] = 'both';<br />
$cfg['PropertiesIconic'] = 'both';<br />
$cfg['BrowsePointerEnable'] = true;<br />
$cfg['BrowseMarkerEnable'] = true;<br />
$cfg['ModifyDeleteAtRight'] = false;<br />
$cfg['ModifyDeleteAtLeft'] = true;<br />
$cfg['RepeatCells'] = 100;<br />
$cfg['DefaultDisplay'] = 'horizontal';<br />
$cfg['TextareaCols'] = 40;<br />
$cfg['TextareaRows'] = 7;<br />
$cfg['LongtextDoubleTextarea'] = true;<br />
$cfg['TextareaAutoSelect'] = false;<br />
$cfg['CharEditing'] = 'input';<br />
$cfg['CharTextareaCols'] = 40;<br />
$cfg['CharTextareaRows'] = 2;<br />
$cfg['CtrlArrowsMoving'] = true;<br />
$cfg['DefaultPropDisplay'] = 'horizontal';<br />
$cfg['InsertRows'] = 2;<br />
$cfg['EditInWindow'] = true;<br />
$cfg['QueryWindowHeight'] = 310;<br />
$cfg['QueryWindowWidth'] = 550;<br />
$cfg['QueryWindowDefTab'] = 'sql';<br />
$cfg['ForceSSL'] = false;<br />
$cfg['ShowPhpInfo'] = false;<br />
$cfg['ShowChgPassword'] = false;<br />
$cfg['AllowArbitraryServer'] = false;<br />
$cfg['LoginCookieRecall'] = 'something';<br />
$cfg['LoginCookieValidity'] = 1800;<br />
?><br />
}}</div>Pimanachttps://wiki.archlinux.org/index.php?title=PhpMyAdmin&diff=232660PhpMyAdmin2012-10-31T03:12:11Z<p>Pimanac: /* Enabling Configuration Storage (optional) */</p>
<hr />
<div>[[Category:Web Server]]<br />
{{lowercase title}}<br />
[[cs:PhpMyAdmin]]<br />
[[es:PhpMyAdmin]]<br />
[[fr:phpmyadmin]]<br />
[[ru:PhpMyAdmin]]<br />
[[tr:PhpMyAdmin]]<br />
[[zh-CN:PhpMyAdmin]]<br />
==Pre-Installation==<br />
See [[LAMP]] for a guide to setting up Apache, MySQL, and PHP.<br />
<br />
==Installation==<br />
To install [http://www.phpmyadmin.net/ phpMyAdmin], install the ''phpmyadmin'' and ''php-mcrypt'' packages with<br />
{{bc|<br />
pacman -S phpmyadmin php-mcrypt<br />
}}<br />
<br />
== Configuration ==<br />
Ensure you do not have an older copy of phpMyAdmin.<br />
{{bc|<br />
rm -r /srv/http/phpMyAdmin<br />
}}<br />
<br />
Copy the example configuration file to your httpd configuration directory.<br />
{{bc|<br />
cp /etc/webapps/phpmyadmin/apache.example.conf /etc/httpd/conf/extra/httpd-phpmyadmin.conf<br />
}}<br />
<br />
Add the following lines to {{ic|/etc/httpd/conf/httpd.conf}}:<br />
{{bc|<br />
# phpMyAdmin configuration<br />
Include conf/extra/httpd-phpmyadmin.conf<br />
}}<br />
<br />
You can type this into the terminal to produce the same effect:<br />
{{bc|<br />
echo -e "\nInclude conf/extra/httpd-phpmyadmin.conf" >> /etc/httpd/conf/httpd.conf<br />
}}<br />
<br />
=== Check php module configuration ===<br />
<br />
Add the following lines to {{ic|/etc/httpd/conf/httpd.conf}}:<br />
{{bc|<br />
# Use for PHP 5.x:<br />
LoadModule php5_module modules/libphp5.so<br />
AddHandler php5-script php<br />
}}<br />
<br />
You can append PHP support using follow command:<br />
<br />
# echo -e "\nLoadModule php5_module modules/libphp5.so\nAddHandler php5-script php\n" >> /etc/httpd/conf/httpd.conf<br />
<br />
Add index.php after "DirectoryIndex index.html"<br />
{{bc|<br />
# DirectoryIndex: sets the file that Apache will serve if a directory<br />
# is requested.<br />
#<br />
<IfModule dir_module><br />
DirectoryIndex index.html index.php<br />
</IfModule><br />
}}<br />
<br />
=== Adjust access rights ===<br />
<br />
In {{ic|/etc/webapps/phpmyadmin/.htaccess}}, comment out ''deny from all''. The line should look like this:<br />
#deny from all<br />
<br />
Alternatively, you can restrict access to localhost and your local network only. Replace ''192.168.1.0/24'' with your network's IP block.<br />
deny from all<br />
allow from localhost<br />
allow from 192.168.1.0/24<br />
<br />
The lines above are not enough if you use ipv6 in {{ic|/etc/hosts}}. If so, add one more line to {{ic|/etc/webapps/phpmyadmin/.htaccess}}:<br />
allow from ::1<br />
<br />
Otherwise you'll get an error similar to "Error 403 - Access forbidden!" when you attempt to access your phpMyAdmin installation.<br />
<br />
=== Review apache phpmyadmin configuration ===<br />
<br />
Your {{ic|/etc/httpd/conf/extra/httpd-phpmyadmin.conf}} should have the following information:<br />
{{bc|<br />
Alias /phpmyadmin "/usr/share/webapps/phpMyAdmin"<br />
<Directory "/usr/share/webapps/phpMyAdmin"><br />
AllowOverride All<br />
Options FollowSymlinks<br />
Order allow,deny<br />
Allow from all<br />
php_admin_value open_basedir "/srv/:/tmp/:/usr/share/webapps/:/etc/webapps:/usr/share/pear/"<br />
</Directory><br />
}}<br />
<br />
You need the mcrypt (if you want phpmyadmin internal authentication) and mysql modules, so uncomment the following in {{ic|/etc/php/php.ini}}:<br />
extension=mcrypt.so<br />
extension=mysql.so<br />
extension=mysqli.so (optional)<br />
<br />
and {{ic|rc.d restart httpd}}.<br />
<br />
=== Add blowfish_secret passphrase ===<br />
If you see the following error message at the bottom of the page when you first log in to /phpmyadmin (using a previously setup MySQL username and password) :<br />
<br />
ERROR: The configuration file now needs a secret passphrase (blowfish_secret)<br />
<br />
You need to add a blowfish password to the phpMyAdmin's config file. Edit {{ic|/etc/webapps/phpmyadmin/config.inc.php}} and insert a random blowfish "password" in the line <br />
<br />
$cfg['blowfish_secret'] = ''; /* YOU MUST FILL IN THIS FOR COOKIE AUTH! */<br />
<br />
Go [http://www.question-defense.com/tools/phpmyadmin-blowfish-secret-generator here] to get a nicely generated blowfish_secret and paste it between the '' marks. It should now look something like this:<br />
<br />
$cfg['blowfish_secret'] = 'qtdRoGmbc9{8IZr323xYcSN]0s)r$9b_JUnb{~Xz'; /* YOU MUST FILL IN THIS FOR COOKIE AUTH! */<br />
<br />
The error should go away if you refresh the phpmyadmin page.<br />
<br />
=== Enabling Configuration Storage (optional) ===<br />
Now that the basic database server has been setup, it ''is'' functional, however by default, extra options such as table linking, change tracking, PDF creation, and bookmarking queries are disabled. You will see a message at the bottom of the main phpMyAdmin page, "The phpMyAdmin configuration storage is not completely configured, some extended features have been deactivated. To find out why...", This section addresses how to to enable these extra features.<br />
<br />
{{note|This example assumes you want to use the username '''pma''' as the controluser, and '''pmapass''' as the controlpass. These should be changed (the ''very'' least, you should change the password!) to something more secure.}}<br />
<br />
In {{ic|/etc/webapps/phpmyadmin/config.inc.php}}, uncomment (remove the leading "//"s on) these two lines, and change them to your desired credentials:<br />
{{bc|1=<br />
// $cfg['Servers'][$i]['controluser'] = 'pma';<br />
// $cfg['Servers'][$i]['controlpass'] = 'pmapass';<br />
}}<br />
You will need this information later, so keep it in mind.<br />
<br />
Beneath the controluser setup section, uncomment these lines:<br />
{{bc|1=<br />
/* Storage database and tables */<br />
// $cfg['Servers'][$i]['pmadb'] = 'phpmyadmin';<br />
// $cfg['Servers'][$i]['bookmarktable'] = 'pma_bookmark';<br />
// $cfg['Servers'][$i]['relation'] = 'pma_relation';<br />
// $cfg['Servers'][$i]['table_info'] = 'pma_table_info';<br />
// $cfg['Servers'][$i]['table_coords'] = 'pma_table_coords';<br />
// $cfg['Servers'][$i]['pdf_pages'] = 'pma_pdf_pages';<br />
// $cfg['Servers'][$i]['column_info'] = 'pma_column_info';<br />
// $cfg['Servers'][$i]['history'] = 'pma_history';<br />
// $cfg['Servers'][$i]['tracking'] = 'pma_tracking';<br />
// $cfg['Servers'][$i]['designer_coords'] = 'pma_designer_coords';<br />
// $cfg['Servers'][$i]['userconfig'] = 'pma_userconfig';<br />
// $cfg['Servers'][$i]['recent'] = 'pma_recent';<br />
}}<br />
<br />
Next, create the user with the above details. Don't set any permissions for it just yet.<br />
{{note|If you can't login to phpmyadmin, make sure that your mysql server is started.}}<br />
<br />
Import {{ic|/usr/share/webapps/phpMyAdmin/examples/create_tables.sql}} from phpMyAdmin -> Import.<br />
<br />
Now to apply the permissions to your controluser, in the SQL tab, make sure to replace all instances of 'pma' and 'pmapass' to the values set in config.inc.php. If you are setting this up for a remote database, then you must also change 'localhost' to the proper host:<br />
{{bc|<br />
GRANT USAGE ON mysql.* TO 'pma'@'localhost' IDENTIFIED BY 'pmapass';<br />
GRANT SELECT (<br />
Host, User, Select_priv, Insert_priv, Update_priv, Delete_priv,<br />
Create_priv, Drop_priv, Reload_priv, Shutdown_priv, Process_priv,<br />
File_priv, Grant_priv, References_priv, Index_priv, Alter_priv,<br />
Show_db_priv, Super_priv, Create_tmp_table_priv, Lock_tables_priv,<br />
Execute_priv, Repl_slave_priv, Repl_client_priv<br />
) ON mysql.user TO 'pma'@'localhost';<br />
GRANT SELECT ON mysql.db TO 'pma'@'localhost';<br />
GRANT SELECT ON mysql.host TO 'pma'@'localhost';<br />
GRANT SELECT (Host, Db, User, Table_name, Table_priv, Column_priv)<br />
ON mysql.tables_priv TO 'pma'@'localhost';<br />
}}<br />
<br />
In order to take advantage of the bookmark and relation features, you will also need to give '''pma''' some additional permissions:<br />
{{Note|as long as you did not change the value of '''$cfg['Servers'][$i]['pmadb']''' in {{ic|/etc/webapps/phpmyadmin/config.inc.php}}, then '''<pma_db>''' should be '''phpmyadmin'''}}<br />
{{bc|GRANT SELECT, INSERT, UPDATE, DELETE ON <pma_db>.* TO 'pma'@'localhost';}}<br />
<br />
Log out, and back in to ensure the new features are activated. The message at the bottom of the main screen should now be gone.<br />
<br />
==Accessing your phpMyAdmin installation==<br />
Finally your phpmyadmin installation is complete. Before you start using it you need to restart your apache server by following command:<br />
<br />
{{bc|<br />
# rc.d restart httpd<br />
}}<br />
<br />
You can access your phpmyadmin installation using the following url:<br />
<br />
{{bc|<br />
http://localhost/phpmyadmin/<br />
or<br />
http://localhost/phpmyadmin/index.php<br />
}}<br />
<br />
Note: 'localhost' is the hostname in your /etc/rc.conf file.<br />
<br />
If you want to access it using:<br />
<br />
{{bc|<br />
http://localhost/phpmyadmin<br />
}}<br />
<br />
in '/etc/httpd/conf/extra/httpd-phpmyadmin.conf' change:<br />
<br />
{{bc|<br />
Alias /phpmyadmin/ "/usr/share/webapps/phpMyAdmin/"<br />
}}<br />
<br />
to<br />
<br />
{{bc|<br />
Alias /phpmyadmin "/usr/share/webapps/phpMyAdmin"<br />
}}<br />
<br />
You should also read [http://bbs.archlinux.org/viewtopic.php?pid=632500 this thread].<br />
<br />
If you get the error "#2002 - The server is not responding (or the local MySQL server's socket is not correctly configured)" then you might want to change "localhost" in /etc/webapps/phpmyadmin/config.inc.php on this line:<br />
<br />
{{bc|1=<br />
$cfg['Servers'][$i]['host'] = 'localhost';<br />
}}<br />
<br />
to your hostname specified in /etc/hosts and /etc/rc.conf under HOSTNAME.<br />
<br />
If you would like to use phpmyadmin setup script by calling http://localhost/phpmyadmin/setup you will need to create a config directory that's writeable by the httpd in the /usr/share/webapps/phpmyadmin as follows:<br />
<br />
{{bc|<br />
cd /usr/share/webapps/phpMyAdmin<br />
sudo mkdir config<br />
sudo chgrp http config<br />
sudo chmod g+w config<br />
}}<br />
<br />
==Lighttpd Configuration==<br />
The php setup for lighttpd is exactly the same as for apache.<br />
Make an alias for phpmyadmin in your lighttpd config.<br />
alias.url = ( "/phpmyadmin" => "/usr/share/webapps/phpMyAdmin/")<br />
Then enable mod_alias, mod_fastcgi and mod_cgi in your config ( server.modules section )<br />
<br />
Update open_basedir in /etc/php/php.ini and add "/usr/share/webapps/".<br />
open_basedir = /srv/http/:/home/:/tmp/:/usr/share/pear/:/usr/share/webapps/:/etc/webapps/<br />
<br />
Make sure lighttpd is setup to serve php files, [[Lighttpd]]<br />
<br />
Restart lighttpd and browse to http://localhost/phpmyadmin/index.php<br />
<br />
==NGINX Configuration==<br />
Also similar to apache configuration (and Lighttpd, for that matter).<br />
<br />
Create a symbolic link to the /usr/share/webapps/phpmyadmin directory from whichever directory your vhost is serving files from, e.g. /srv/http/<domain>/public_html/<br />
<br />
sudo ln -s /usr/share/webapps/phpMyAdmin /srv/http/<domain>/public_html/phpmyadmin<br />
<br />
You can also setup a sub domain with a server block like so (if using php-fpm):<br />
<br />
server {<br />
server_name phpmyadmin.<domain.tld>;<br />
access_log /srv/http/<domain>/logs/phpmyadmin.access.log;<br />
error_log /srv/http/<domain.tld>/logs/phpmyadmin.error.log;<br />
<br />
location / {<br />
root /srv/http/<domain.tld>/public_html/phpmyadmin;<br />
index index.html index.htm index.php;<br />
}<br />
<br />
location ~ \.php$ {<br />
root /srv/http/<domain.tld>/public_html/phpmyadmin;<br />
fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;<br />
fastcgi_index index.php;<br />
fastcgi_param SCRIPT_FILENAME /srv/http/<domain.tld>/public_html/phpmyadmin/$fastcgi_script_name;<br />
include fastcgi_params;<br />
}<br />
}<br />
<br />
Update open_basedir in /etc/php/php.ini and add "/usr/share/webapps/".<br />
open_basedir = /srv/http/:/home/:/tmp/:/usr/share/pear/:/usr/share/webapps/:/etc/webapps/<br />
<br />
You may run into some issues with phpmyadmin telling you "The Configuration File Now Needs A Secret Passphrase" and no matter what you enter, the error is still displayed. Try changing the ownership of the files to the NGINX specified user/group, e.g. nginx...<br />
<br />
sudo chown -R http:http /usr/share/webapps/phpMyAdmin<br />
<br />
If the above doesn't fix it try adding the following to your NGINX Configuration below the other fastcgi_param (I think its something to do with the Suhosin-Patch)<br />
<br />
fastcgi_param PHP_ADMIN_VALUE open_basedir="/srv/:/tmp/:/usr/share/webapps/:/etc/webapps:/usr/share/pear/";<br />
<br />
While you can enter anything for the blowfish password, you may want to choose a randomly generated string of characters (most likely for security reasons). Here's a handy tool that will do that for you on the web[http://www.question-defense.com/tools/phpmyadmin-blowfish-secret-generator].<br />
<br />
When using SSL, you might run into the problem that the links on the pages generated by phpMyAdmin incorrectly start with "http" instead of "https" which may cause errors. To fix this, you can add the following fcgi_param to your SSL-enabled server section (in addition to your usual fastcgi params):<br />
<br />
fastcgi_param HTTPS on;<br />
<br />
==Other (Older) information==<br />
<br />
This page holds a sample 'config.inc.php' file that you can place in the main phpMyAdmin directory so that it immediately starts working<br />
<br />
'''Things you should do first'''<br />
<br />
Create a 'controluser', so that phpmyadmin can read from the main mysql database.<br />
<br />
{{bc|mysql -u root -pYOURROOTPASSWORD<br />
mysql> grant usage on mysql.* to controluser@localhost identified by 'CONTROLPASS';<br />
}}<br />
<br />
'''Where is phpmyadmin'''<br />
<br />
in phpmyadmin 3.2.2-3 the file is missing /srv/http/ create this symlik<br />
<br />
{{bc|ln -s /usr/share/webapps/phpMyAdmin/ /srv/http/phpmyadmin<br />
}}<br />
<br />
'''Things you should change'''<br />
<br />
controluser is set to controluser <br><br />
controlpass is set to password <br><br />
verbose is set to name_of_server<br />
<br />
'''Sample 'config.inc.php' file'''<br />
{{bc|1=<br />
<?php<br />
/*<br />
* Generated configuration file<br />
* Generated by: phpMyAdmin 2.11.8.1 setup script by Michal Čihař <michal@cihar.com><br />
* Version: $Id: setup.php 11423 2008-07-24 17:26:05Z lem9 $<br />
* Date: Mon, 01 Sep 2008 20:34:02 GMT<br />
*/<br />
<br />
/* Servers configuration */<br />
$i = 0;<br />
<br />
/* Server ravi-test-mysql (http) [1] */<br />
$i++;<br />
$cfg['Servers'][$i]['host'] = 'localhost';<br />
$cfg['Servers'][$i]['extension'] = 'mysql';<br />
$cfg['Servers'][$i]['port'] = '3306';<br />
$cfg['Servers'][$i]['connect_type'] = 'tcp';<br />
$cfg['Servers'][$i]['compress'] = false;<br />
$cfg['Servers'][$i]['controluser'] = 'controluser';<br />
$cfg['Servers'][$i]['controlpass'] = 'password';<br />
$cfg['Servers'][$i]['auth_type'] = 'http';<br />
$cfg['Servers'][$i]['verbose'] = 'name_of_server';<br />
<br />
/* End of servers configuration */<br />
<br />
$cfg['LeftFrameLight'] = true;<br />
$cfg['LeftFrameDBTree'] = true;<br />
$cfg['LeftFrameDBSeparator'] = '_';<br />
$cfg['LeftFrameTableSeparator'] = '__';<br />
$cfg['LeftFrameTableLevel'] = 1;<br />
$cfg['LeftDisplayLogo'] = true;<br />
$cfg['LeftDisplayServers'] = false;<br />
$cfg['DisplayServersList'] = false;<br />
$cfg['DisplayDatabasesList'] = 'auto';<br />
$cfg['LeftPointerEnable'] = true;<br />
$cfg['DefaultTabServer'] = 'main.php';<br />
$cfg['DefaultTabDatabase'] = 'db_structure.php';<br />
$cfg['DefaultTabTable'] = 'tbl_structure.php';<br />
$cfg['LightTabs'] = false;<br />
$cfg['ErrorIconic'] = true;<br />
$cfg['MainPageIconic'] = true;<br />
$cfg['ReplaceHelpImg'] = true;<br />
$cfg['NavigationBarIconic'] = 'both';<br />
$cfg['PropertiesIconic'] = 'both';<br />
$cfg['BrowsePointerEnable'] = true;<br />
$cfg['BrowseMarkerEnable'] = true;<br />
$cfg['ModifyDeleteAtRight'] = false;<br />
$cfg['ModifyDeleteAtLeft'] = true;<br />
$cfg['RepeatCells'] = 100;<br />
$cfg['DefaultDisplay'] = 'horizontal';<br />
$cfg['TextareaCols'] = 40;<br />
$cfg['TextareaRows'] = 7;<br />
$cfg['LongtextDoubleTextarea'] = true;<br />
$cfg['TextareaAutoSelect'] = false;<br />
$cfg['CharEditing'] = 'input';<br />
$cfg['CharTextareaCols'] = 40;<br />
$cfg['CharTextareaRows'] = 2;<br />
$cfg['CtrlArrowsMoving'] = true;<br />
$cfg['DefaultPropDisplay'] = 'horizontal';<br />
$cfg['InsertRows'] = 2;<br />
$cfg['EditInWindow'] = true;<br />
$cfg['QueryWindowHeight'] = 310;<br />
$cfg['QueryWindowWidth'] = 550;<br />
$cfg['QueryWindowDefTab'] = 'sql';<br />
$cfg['ForceSSL'] = false;<br />
$cfg['ShowPhpInfo'] = false;<br />
$cfg['ShowChgPassword'] = false;<br />
$cfg['AllowArbitraryServer'] = false;<br />
$cfg['LoginCookieRecall'] = 'something';<br />
$cfg['LoginCookieValidity'] = 1800;<br />
?><br />
}}</div>Pimanachttps://wiki.archlinux.org/index.php?title=Minecraft&diff=142788Minecraft2011-05-25T18:49:53Z<p>Pimanac: /* Play the game */</p>
<hr />
<div>[[Category:Games and entertainment (English)]]<br />
[[Category:General (English)]]<br />
{{i18n|Minecraft}}<br />
<br />
Minecraft is a commercial game very popular with geeks. It's a game about blocks. You can build a computer out of the game thanks to logical switches. There is a parallel world. Zombies, pigs, spiders, sheeps, wolves that you can tame, etc...<br />
This wiki page is here to help you install the game :)<br />
<br />
==Getting the game==<br />
Buy your copy here : http://www.minecraft.net<br />
<br />
Put the files in {{Filename|~/.minecraft/}} or wherever you want to.<br />
And make the game executable : <br />
$ chmod u+x minecraft.jar<br />
<br />
==Install java==<br />
The devs say Sun's java is required but OpenJDK works fine :<br />
# pacman -S openjdk6<br />
<br />
==Play the game==<br />
Run minecraft with :<br />
$ java -jar $HOME/.minecraft/minecraft.jar<br />
<br />
==Extras==<br />
There are several programs which can make your Minecraft experience a little easier to navigate. The most common of these programs are map generators. Using one of these programs will allow you to load up a Minecraft world file and render it as a 2D image, providing you with a top-down map of the world.<br />
===Minutor===<br />
Minutor is described as a minimalistic map generator for Minecraft. Don't let this mislead you, it generates maps of existing worlds, not the other way around. You are provided with a simple GTK based interface for viewing your world. Several rendering modes are available, as well as custom coloring modes and the ability to slice through z-levels. Minutor is available in the [[AUR]] and can be installed and then run like so :<br />
$ yaourt -S minutor<br />
$ mintor<br />
<br />
==Useful links==<br />
* Main site : http://www.minecraft.net/<br />
* The recipes for crafting things : http://www.minecraftwiki.net/wiki/Crafting<br />
* Data values (useful in multiplayer mode) : http://www.minecraftwiki.net/wiki/Data_values<br />
* The reddit community : http://www.reddit.com/r/minecraft<br />
* The main dev twitter : https://twitter.com/#!/notch<br />
* The forum : http://www.minecraftforum.net/</div>Pimanachttps://wiki.archlinux.org/index.php?title=Syslog-ng&diff=141263Syslog-ng2011-05-13T14:48:16Z<p>Pimanac: </p>
<hr />
<div>[[Category:Daemons and system services (English)]]<br />
==Quick Start==<br />
Syslog-ng is a great logging replacement/enhancement for syslog. I used to use rsyslog, now I only use syslog-ng. The power of syslog-ng lies in the configuration file syslog-ng.conf.<br />
<br />
For a quick start, here there is a classic configuration file slightly modified from the one in the <br />
[http://www.gentoo.org/doc/en/security/security-handbook.xml?part=1&chap=3#doc_chap4 Gentoo Security Guide], the default syslog-ng.conf provided with the source distribution, and my own personal preferences.<br />
<br />
== syslog-ng.conf ==<br />
<pre><br />
@version: 3.0<br />
# For a description of syslog-ng configuration file directives, please read<br />
# the syslog-ng Administrator's guide at:<br />
#<br />
# http://www.balabit.com/dl/html/syslog-ng-admin-guide_en.html/bk01-toc.html<br />
#<br />
<br />
##########################################################<br />
# OPTIONS<br />
#<br />
options {<br />
create_dirs(yes);<br />
# use_dns(no);<br />
use_dns(persist_only);<br />
dns_cache_hosts(/etc/hosts);<br />
dns_cache_expire(87600);<br />
<br />
# disable the chained hostname format in logs (default is enabled)<br />
chain_hostnames(0);<br />
<br />
# the number of lines fitting in the output queue<br />
log_fifo_size(512);<br />
<br />
# enable or disable directory creation for destination files<br />
create_dirs(yes);<br />
<br />
# default owner, group, and permissions for log files (defaults are 0, 0, 0600)<br />
owner(root);<br />
group(log);<br />
perm(0640);<br />
<br />
# default owner, group, and permissions for created directories (defaults are 0, 0, 0700)<br />
dir_owner(root);<br />
dir_group(root);<br />
dir_perm(0740); <br />
<br />
# the time to wait before a died connection is re-established (default is 60)<br />
time_reopen(10);<br />
<br />
# the time to wait before an idle destination file is closed (default is 60)<br />
time_reap(360);<br />
<br />
# default no<br />
use_fqdn(no);<br />
<br />
keep_hostname(yes);<br />
<br />
# disable stats<br />
stats_freq(0);<br />
}; <br />
<br />
<br />
##########################################################<br />
# SOURCES<br />
#<br />
source local_src {<br />
# message generated by Syslog-NG<br />
internal();<br />
<br />
# standard Linux log source (this is the default place for the syslog() function to send logs to)<br />
unix-stream("/dev/log");<br />
<br />
# from a chrooted bind install<br />
unix-stream("/var/named/chroot/dev/log");<br />
<br />
# messages from the kernel<br />
file("/proc/kmsg" program_override("kernel: "));<br />
};<br />
<br />
# source s_syslog { syslog(ip(127.0.0.1) port(1999) transport("tcp")); };<br />
# source s_pipe { pipe("/dev/pipe" pad_size(2048)); };<br />
<br />
<br />
<br />
##########################################################<br />
# DESTINATIONS<br />
#<br />
destination d_file { file("/var/log/$YEAR.$MONTH.$DAY/everything.log" template("$HOUR:$MIN:$SEC [$LEVEL] [$FACILITY] [$PROGRAM] $MSG\n") template_escape(no)); };<br />
<br />
destination d_askapacheloghost {<br />
tcp("askapacheloghost.dyndns.org" port(65514));<br />
udp("askapacheloghost.dyndns.org" port(65514));<br />
udp("askapacheloghost.dyndns.org" port(514));<br />
};<br />
<br />
destination d_authlog { file("/var/log/auth.log"); };<br />
destination d_cron { file("/var/log/cron.log"); };<br />
destination d_daemon { file("/var/log/daemon.log"); };<br />
destination d_kern { file("/var/log/kern.log"); };<br />
destination d_lpr { file("/var/log/lpr.log"); };<br />
destination d_user { file("/var/log/user.log"); };<br />
destination d_uucp { file("/var/log/uucp.log"); };<br />
destination d_ppp { file("/var/log/ppp.log"); };<br />
<br />
destination d_mail { file("/var/log/mail.log"); };<br />
destination d_mailinfo { file("/var/log/mail.info"); };<br />
destination d_mailwarn { file("/var/log/mail.warn"); };<br />
destination d_mailerr { file("/var/log/mail.err"); };<br />
<br />
destination d_newscrit { file("/var/log/news/news.crit"); };<br />
destination d_newserr { file("/var/log/news/news.err"); };<br />
destination d_newsnotice { file("/var/log/news/news.notice"); };<br />
<br />
destination d_debug { file("/var/log/debug"); };<br />
destination d_messages { file("/var/log/messages"); };<br />
<br />
destination d_everything { file("/var/log/everything"); };<br />
destination d_console { usertty("root"); };<br />
destination d_console_all { file("/dev/tty12"); };<br />
destination d_loghost { udp("loghost" port(999)); };<br />
destination d_xconsole { pipe("/dev/xconsole"); };<br />
<br />
<br />
<br />
##########################################################<br />
# FILTERS<br />
#<br />
filter f_auth { facility(auth); };<br />
filter f_authpriv { facility(auth, authpriv); }; <br />
filter f_syslog { program(syslog-ng); };<br />
filter f_cron { facility(cron); };<br />
filter f_daemon { facility(daemon); };<br />
filter f_kernel { facility(kern) and not filter(f_iptables); };<br />
filter f_lpr { facility(lpr); };<br />
filter f_mail { facility(mail); };<br />
filter f_news { facility(news); };<br />
filter f_user { facility(user); };<br />
filter f_uucp { facility(cron); };<br />
filter f_news { facility(news); };<br />
filter f_ppp { facility(local2); };<br />
filter f_debug { not facility(auth, authpriv, news, mail); };<br />
filter f_messages { level(info..warn) and not facility(auth, authpriv, mail, news, cron) and not program(syslog-ng) and not filter(f_iptables); };<br />
filter f_everything { level(debug..emerg); };<br />
filter f_emergency { level(emerg); };<br />
filter f_info { level(info); };<br />
filter f_notice { level(notice); };<br />
filter f_warn { level(warn); };<br />
filter f_crit { level(crit); };<br />
filter f_err { level(err); };<br />
filter f_iptables { match("IN=" value("MESSAGE")) and match("OUT=" value("MESSAGE")); };<br />
filter f_acpid { program("acpid"); };<br />
filter f_failed { match("failed" value(MESSAGE)); };<br />
filter f_denied { match("denied" value(MESSAGE)); };<br />
filter f_noshorewall { not match("Shorewall" value(MESSAGE)); }; # Filter everything except regex keyword Shorewall<br />
filter f_shorewall { match("Shorewall" value(MESSAGE)); }; # Filter regex keyword Shorewall<br />
<br />
<br />
<br />
<br />
##########################################################<br />
# LOG<br />
#<br />
log { source(local_src); destination(d_askapacheloghost); };<br />
log { source(local_src); destination(d_file); };<br />
<br />
log { source(local_src); filter(f_authpriv); destination(d_authlog); };<br />
log { source(local_src); filter(f_user); destination(d_user); };<br />
<br />
log { source(local_src); filter(f_cron); destination(d_cron); };<br />
log { source(local_src); filter(f_daemon); destination(d_daemon); };<br />
log { source(local_src); filter(f_kern); destination(d_kern); };<br />
log { source(local_src); filter(f_lpr); destination(d_lpr); };<br />
log { source(local_src); filter(f_mail); destination(d_mail); };<br />
log { source(local_src); filter(f_uucp); destination(d_uucp); };<br />
log { source(local_src); filter(f_mail); filter(f_info); destination(d_mailinfo); };<br />
log { source(local_src); filter(f_mail); filter(f_warn); destination(d_mailwarn); };<br />
log { source(local_src); filter(f_mail); filter(f_err); destination(d_mailerr); };<br />
log { source(local_src); filter(f_news); filter(f_crit); destination(d_newscrit); };<br />
log { source(local_src); filter(f_news); filter(f_err); destination(d_newserr); };<br />
log { source(local_src); filter(f_news); filter(f_notice); destination(d_newsnotice); };<br />
log { source(local_src); filter(f_debug); destination(d_debug); };<br />
log { source(local_src); filter(f_messages); destination(d_messages); };<br />
log { source(local_src); filter(f_ppp); destination(d_ppp); };<br />
log { source(local_src); destination(d_messages); };<br />
<br />
#default log<br />
log { source(local_src); destination(console_all); };<br />
</pre><br />
<br />
== Sources ==<br />
Syslog-ng receives log messages from a source. To define a source you should follow the following syntax:<br />
<br />
source <identifier> { source-driver(params); source-driver(params); ... };<br />
<br />
<br />
You can look at the identifiers and source-drivers in the [http://www.balabit.com/support/documentation/ official manuals]. <br />
This will follow the manual to explain the configuration file above. The unix-stream() source-driver opens the given AF_UNIX<br />
[http://en.wikipedia.org/wiki/Berkeley_sockets socket] and starts listening on it for messages. <br />
The internal() source-driver gets messages generated by syslog-ng.<br />
<br />
Therefore, the following means: src gets messages from /dev/log socket and syslog-ng.<br />
<br />
source src { unix-stream("/dev/log"); internal(); };<br />
<br />
<br />
The kernel sends log messages to /proc/kmsg and the file() driver reads log messages from files. Therefore, the following means:<br />
kernsrc gets messages from file /proc/kmsg<br />
<br />
source kernsrc { file("/proc/kmsg"); };<br />
<br />
<br />
In the default configuration file after emerging syslog-ng, the source is defined as:<br />
<br />
source src { unix-stream("/dev/log"); internal(); pipe("/proc/kmsg"); };<br />
<br />
Reading messages by pipe("/proc/kmsg") gives a better performance but because it opens its argument in read-write mode can be a security<br />
hazard as the [http://www.balabit.com/dl/white_papers/syslog_admin_guide_en.pdf syslog-ng admin guide] states in section 7.1.6:<br />
<br />
"Pipe is very similar to the file() driver, but there are a few differences, for example pipe() opens its argument in read-write mode, therefore it is not recommended to be used on special files like /proc/kmsg." (You can follow this discussion in [http://forums.gentoo.org/viewtopic-t-558161.html this post].)<br />
<br />
To open a port to read data from a remote server a source must be defined with this syntax:<br />
<br />
source s_net { udp(); };<br />
<br />
for UDP or<br />
<br />
source s_net { tcp(); };<br />
<br />
to receive log messages via TCP. Both listen in port 514<br />
<br />
== Destinations ==<br />
In syslog-ng log messages are sent to files. The syntax is very similar to sources:<br />
<br />
destination <identifier> {destination-driver(params); destination-driver(params); ... };<br />
<br />
<br />
You will be normally logging to a file, but you could log to a different destination-driver: pipe, unix socket, TCP-UDP ports,<br />
terminals or to specific programs. Therefore, this means sending authlog messages to /var/log/auth.log:<br />
<br />
destination authlog { file("/var/log/auth.log"); };<br />
<br />
<br />
If the user is logged in, usertty() sends messages to the terminal of the specified user. If you want to send console messages<br />
to root's terminal if it is logged in:<br />
<br />
destination console { usertty("root"); };<br />
<br />
<br />
Messages can be sent to a pipe with pipe(). The following sends xconsole messages to the pipe /dev/xconsole. <br />
This needs some more configuration, so you could look at the sub-section xconsole below.<br />
<br />
destination xconsole { pipe("/dev/xconsole"); };<br />
<br />
<br />
To send messages on the network, use udp(). The following will send your log data out to another server.<br />
<br />
destination remote_server { udp("10.0.0.2" port(514)); };<br />
<br />
<br />
<br />
<br />
== Creating Filters for Messages ==<br />
The syntax for the filter statement is:<br />
<br />
filter <identifier> { expression; };<br />
<br />
<br />
Functions can be used in the expression, such as the fuction facility() which selects messages based on the facility codes. <br />
The linux kernel has a few facilities you can use for logging. Each facility has a log-level; where debug is the most verbose,<br />
and panic only shows serious errors. You can find the facilities, log levels and priority names in /usr/include/sys/syslog.h.<br />
To filter those messages coming from authorisation, like <br />
''<nowiki>May 11 23:42:31 mimosinnet su(pam_unix)[18569]: session opened for user root by (uid=1000)</nowiki>'', use the following:<br />
<br />
filter f_auth { facility(auth); };<br />
<br />
<br />
The facility expression can use the boolean operators ''and'', ''or'', and ''not'', so the following filter<br />
selects those messages not coming from authorisation, network news or mail:<br />
<br />
filter f_debug { not facility(auth, authpriv, news, mail); };<br />
<br />
<br />
The function level() selects messages based on its priority level, so if you want to select informational levels:<br />
<br />
filter f_info { level(info); };<br />
<br />
<br />
Functions and boolean operators can be combined in more complex expressions. The following line filters messages with a priority level from<br />
informational to warning not coming from atuh, authpriv, mail and news facilities:<br />
<br />
filter f_messages { level(info..warn) and not facility(auth, authpriv, mail, news); };<br />
<br />
<br />
Messages can also be selected by matching a regular expression in the message with the function match("regex" value("keyword")). For example:<br />
<br />
filter f_failed { match("regex" value("failed")); };<br />
<br />
<br />
To filter messages received from a paticular remote host the host() function must be used:<br />
<br />
filter f_host { host( "192.168.1.1" ); };<br />
<br />
== Log Paths ==<br />
Syslog-ng connects sources, filters and destinations with log statements. The syntax is:<br />
<pre>log {source(s1); source(s2); ...<br />
filter(f1); filter(f2); ...<br />
destination(d1); destination(d2); ...<br />
flags(flag1[, flag2...]); };</pre><br />
<br />
<br />
The following for example sends messages from 'src' source to 'mailinfo' destination filtered by 'f_info' filter.<br />
<br />
log { source(src); filter(f_mail); filter(f_info); destination(mailinfo); };<br />
<br />
<br />
== Tips and Tricks ==<br />
After understanding the logic behind syslog-ng, many possible and complex configuration are possible. Here there are some examples.<br />
<br />
=== Failover Logging to Remote Host ===<br />
This setup shows how to send the default unencrypted syslog packets across both tcp and udp protocols, using the standard port (514) and an alternate port. This is sending the same output to the same machine 4 different ways to try and make sure packets make it. Mostly useful if you are debugging a remote server that fails to reboot. The different ports and protocols are to make it past any firewall filters or other network problems. Also useful for port-forwarding and using tunnels. Something like this setup is ideal to tunnel across an ssh connection that the prone-to-failover host initiates through a reverse connection.<br />
<br />
<pre><br />
#sending to a remote syslog server on tcp and udp ports (not encrypted)<br />
destination askapache_failover_loghost {<br />
tcp("208.86.158.195" port(25214));<br />
udp("208.86.158.195" port(25214));<br />
udp("mysyslog1.dyndns.org" port(514));<br />
};<br />
log { <br />
source(src); <br />
destination(askapache_failover_loghost);<br />
};<br />
</pre><br />
<br />
<br />
And then on the loghost receiving these logs:<br />
<pre><br />
#a usb redirected console for flexible viewing<br />
destination debugging_console {<br />
file("/dev/ttyU1");<br />
};<br />
<br />
# listens on ips and ports, sets the incoming settings<br />
source prone_to_failover_host {<br />
tcp(ip(208.86.158.195),port(25214));<br />
udp(ip(208.86.158.195) port(25214));<br />
<br />
udp(default-facility(syslog) default-priority(emerg));<br />
tcp(default-facility(syslog) default-priority(emerg));<br />
}<br />
<br />
# log it<br />
log {<br />
source(prone_to_failover_host); <br />
destination(debugging_console);<br />
};<br />
</pre><br />
<br />
=== Log directly to MySQL ===<br />
[[Syslog-ng directly to MySQL]]<br />
<br />
=== Move log to another file ===<br />
In order to move some log from /var/log/messages to another file:<br />
<br />
<pre><br />
#sshd configuration<br />
destination ssh { file("/var/log/ssh.log"); };<br />
filter f_ssh { program("sshd"); };<br />
log { source(src); filter(f_ssh); destination(ssh); };<br />
</pre><br />
<br />
<br />
=== Configuring as a loghost ===<br />
Configuring your system to be a loghost is quite simple. Drop the following into your configuration, and create the needed directory.<br />
With this simple configuration, log filenames will be based on the [http://en.wikipedia.org/wiki/FQDN FQDN] of the remote host,<br />
and located in /var/log/remote/. After creating the remote directory, reload your syslog-ng configuration.<br />
<br />
<br />
<pre><br />
source net { udp(); };<br />
destination remote { file("/var/log/remote/$FULLHOST"); };<br />
log { source(net); destination(remote); };<br />
</pre><br />
<br />
<br />
=== Improve Performance ===<br />
Syslog-ng's performance can be improved in different ways:<br />
<br />
==== Write every so often ====<br />
It seems that the old 'sync(X)' '''option''' is called 'flush_lines(X)' now, where the writing to the file is buffered for X lines. Default is 0 (no buffering).<br />
<br />
==== Avoid redundant processing and disk space ====<br />
A single log message can be sent to different log files several times. For example, in the initial configuration file, we have the following definitions:<br />
<br />
<pre><br />
destination cron { file("/var/log/cron.log"); };<br />
destination messages { file("/var/log/messages"); };<br />
filter f_cron { facility(cron); };<br />
filter f_messages { level(info..warn) <br />
and not facility(auth, authpriv, mail, news); };<br />
log { source(src); filter(f_cron); destination(cron); };<br />
log { source(src); filter(f_messages); destination(messages); };<br />
</pre><br />
<br />
<br />
The same message from the 'cron' facility will end up in both the cron.log and messages file. To change this behavior we can use the final flag, <br />
ending up further processing with the message. Therefore, in this example, if we want messages from the 'cron' facility not ending up in the<br />
messages file, we should change the cron's log sentence by:<br />
<br />
log { source(src); filter(f_cron); destination(cron); flags(final); };<br />
<br />
another way is to exclude the cron facility from f_messages filter:<br />
filter f_messages { level(info..warn) and not facility(cron, auth, authpriv, mail, news); };<br />
<br />
=== Postgresql Destination ===<br />
This section will use two roles: ''syslog'' and ''logwriter''. ''syslog'' will be the administrator of the database ''syslog'' and ''logwriter'' will only be able to add records to the ''logs'' table.<br />
<br />
No longer needed to create table for logs. Syslog-ng will create automatically.<br />
<br />
psql -U postgres<br />
<br />
postgres=# CREATE ROLE syslog WITH LOGIN;<br />
postgres=# \password syslog # Using the \password function is secure because<br />
postgres=# \password logwriter # the password isn't saved in history.<br />
postgres=# CREATE DATABASE syslog OWNER syslog;<br />
postgres=# \q # You're done here for the moment<br />
<br />
Edit pg_hba.conf to allow ''syslog'' and ''logwriter'' to establish a connection to PostgreSQL.<br />
<br />
/var/lib/postgresql/8.4/data/pg_hba.conf<br />
<pre><br />
# TYPE DATABASE USER CIDR-ADDRESS METHOD<br />
<br />
host syslog logwriter 192.168.0.1/24 md5<br />
host syslog syslog 192.168.0.10/32 md5<br />
</pre><br />
<br />
<br />
Tell PostgreSQL to reload the configuration files:<br />
/etc/rc.d/postgresql-8.4 reload<br />
<br />
<br />
Edit /etc/syslog-ng.conf so that it knows where and how to write to PostgreSQL. Syslog-ng will utilize the ''logwriter'' role.<br />
<br />
<pre><br />
...<br />
#<br />
# SQL logging support<br />
#<br />
<br />
destination d_pgsql {<br />
sql(type(pgsql)<br />
host("127.0.0.1") username("logwriter") password("password")<br />
database("syslog")<br />
table("logs_${HOST}_${R_YEAR}${R_MONTH}${R_DAY}") #or whatever you want, example ${HOST}" for hosts, ${LEVEL}" for levels.. etc<br />
columns("datetime varchar(16)", "host varchar(32)", "program varchar(8)", "message varchar(200)")<br />
values("$R_DATE", "$HOST", "$PROGRAM", "$PID", "$MSG")<br />
indexes("datetime", "host", "program", "pid", "message"));<br />
};<br />
<br />
<br />
log { source(src); destination(d_pgsql); };<br />
</pre><br />
<br />
<br />
Finally, restart Syslog-ng.<br />
/etc/rc.d/syslog-ng restart<br />
<br />
<br />
And check to see if things are being logged.<br />
psql -U logwriter -d syslog<br />
syslog=> SELECT * FROM <your table name> ORDER BY datetime DESC LIMIT 10;<br />
<br />
=== ISO 8601 timestamps ===<br />
'''Before''' :<br />
#logger These timestamps are not optimal.<br />
#tail -n 1 /var/log/messages.log<br />
Feb 18 14:25:01 hostname logger: These timestamps are not optimal.<br />
#<br />
<br />
Add <tt>ts_format(iso);</tt><br />
to ''/etc/syslog-ng.conf'' in the options section. Example:<br />
options {<br />
stats_freq (0);<br />
flush_lines (0);<br />
time_reopen (10);<br />
log_fifo_size (1000);<br />
long_hostnames(off); <br />
use_dns (no);<br />
use_fqdn (no);<br />
create_dirs (no);<br />
keep_hostname (yes);<br />
perm(0640);<br />
group("log");<br />
ts_format(iso); #make ISO8601 timestamps<br />
};<br />
<br />
Then :<br />
# killall -HUP syslog-ng<br />
<br />
'''After''' :<br />
#logger Now THAT is a timestamp!<br />
#tail -n 2 /var/log/messages.log<br />
Feb 18 14:25:01 hostname logger: These timestamps are not optimal.<br />
2010-02-18T20:23:58-05:00 electron logger: Now THAT is a timestamp!<br />
#<br />
<br />
=== RFC 3339 timestamps ===<br />
same as above, except use ''rfc3339'' instead of ''iso'' for <tt>ts_format</tt><br />
<br />
== See Also ==<br />
* [[Netconsole]] A kernel module that sends all kernel log messages (i.e. dmesg) over the network to another computer, without involving user space (e.g. syslogd).<br />
<br />
== External Links ==<br />
* [http://en.gentoo-wiki.com/wiki/Syslog-ng Syslog-ng Gentoo wiki]<br />
* [http://en.wikipedia.org/wiki/ISO_8601 ISO_8601] Wikipedia page for ISO 8601<br />
* [http://tools.ietf.org/html/rfc3339 RFC3339] Text of RFC 3339<br />
* [http://www.syslog.org/syslog-ng/v2/#reference_destinationdrivers syslog-ng_manual] syslog-ng v2.0 reference manual<br />
* [http://freshmeat.net/projects/syslog-ng/ Syslog-ng Project Page on Freshmeat]<br />
* [http://www.balabit.com/support/documentation/ Portal to Syslog-ng Documentation]<br />
* [http://www.gentoo.org/doc/en/security/security-handbook.xml?part=1&chap=3 Gentoo's Security Handbook on Logging]<br />
* [http://www.kdough.net/docs/syslog_postgresql/ Syslog Logging with PostgreSQL HOWTO]</div>Pimanachttps://wiki.archlinux.org/index.php?title=Network_configuration/Wireless&diff=141216Network configuration/Wireless2011-05-12T19:56:35Z<p>Pimanac: /* See also */</p>
<hr />
<div>{{i18n|Wireless Setup}}<br />
[[Category:HOWTOs (English)]]<br />
[[Category:Wireless Networking (English)]]<br />
[[fr:Wifi]]<br />
<br />
{{Article summary start}}<br />
{{Article summary text|A complete guide to enabling and configuring wireless networking.}}<br />
{{Article summary heading|Overview}}<br />
{{Article summary text|{{Networking overview}}}}<br />
{{Article summary end}}<br />
<br />
Configuring wireless is a two-part process; the first part is to identify and ensure the correct driver for your wireless device is installed, (they are available on the installation media, so make sure you install them) and to configure the interface. The second is choosing a method of managing wireless connections. This article covers both parts, and provides additional links to wireless management tools.<br />
<br />
'''About new Arch systems:''' The wireless drivers and tools are available during Arch set-up under the ''base-devel'' category. Be sure to install the proper driver for your card. Udev will usually load the appropriate module, thereby creating the wireless interface, in the initial live system of the installer, as well as the newly installed system on your hard drive. If you are configuring your wireless functionality after, and not during, Arch installation, simply ensure the required packages are installed with pacman, (driver, firmware if needed, wireless_tools, wpa_supplicant, etc.) and follow the guidelines below.<br />
<br />
== Part I: Identify Card/Install Driver ==<br />
<br />
=== Identify and Discover if Supported ===<br />
<br />
First you will need to check and see if the Linux kernel has support for your card or if a user-space driver is available for it.<br />
<br />
; Identify your card<br />
<br />
:* You can find your card type by running <br />
lspci | grep -i net<br />
from the command line.<br />
:* Or, if you have a USB device, run<br />
lsusb<br />
<br />
{{Note| The internal wifi card in some laptops can actually be usb device, so make sure you check both commands.}}<br />
<br />
; Discover if card is supported<br />
<br />
:* The [https://help.ubuntu.com/community/WifiDocs/WirelessCardsSupported Ubuntu Wiki] has a good list of wireless cards and whether or not they are supported either in the Linux kernel or by a user-space driver (includes driver name).<br />
:* [http://linux-wless.passys.nl/ Linux Wireless Support] and The Linux Questions' [http://www.linuxquestions.org/hcl/index.php?cat=10 Hardware Compatibility List] (HCL) also have a good database of kernel-friendly hardware. <br />
:* The [http://wireless.kernel.org/en/users/Devices kernel page] additionaly has a matrix of supported hardware.<br />
<br />
; If your card isn't listed<br />
<br />
:* If your wireless hardware isn't listed above, likely it is supported only under Windows (some Broadcom, 3com, etc). For these you will need to use [http://ndiswrapper.sourceforge.net/wiki/index.php/List ndiswrapper]. Ndiswrapper is a wrapper script that allows you to use some Windows drivers in Linux. See the compatibility list [http://ndiswrapper.sourceforge.net/mediawiki/index.php/List here]. You will need the {{Filename|.inf}} and {{Filename|.sys}} files from your Windows install. If you have a newer card, or more exotic card, you might want to look up your exact model name and 'linux' and search the internet before doing this step.<br />
<br />
===How it works===<br />
The default Arch kernel is ''modular'', meaning many of the drivers for machine hardware reside on the hard drive and are available as ''modules''. At boot, udev takes an inventory of your hardware. Udev will load appropriate modules (drivers) for your corresponding hardware, and the driver, in turn, will allow creation of a kernel ''interface''. <br />
<br />
The interface name for different drivers and chipsets will vary. Some examples are wlan0, eth1, and ath0.<br />
<br />
*Note: Udev is not perfect. If the proper module is not loaded by udev on boot, simply modprobe it and add the module name to etc/rc.conf on the '''MODULES=''' line. Note also that udev may occasionally load more than one driver for a device, and the resulting conflict will prevent successful configuration. Be sure to blacklist the unwanted module on the '''MODULES=''' line by prefixing it with a bang (!).<br />
<br />
===Installation===<br />
<br />
====If you have wired internet available====<br />
If you have wired ethernet available, and are simply adding wireless functionality to an existing system, and did not include wireless_tools during initial installation, use pacman to install:<br />
# pacman -S wireless_tools<br />
The drivers' corresponding package names are all highlighted in '''bold''' on this page. The packages can be installed during initial package selection on the Arch installation media and can also be installed later with pacman, e.g.:<br />
# pacman -S madwifi<br />
<br />
====If you have only wireless internet available====<br />
The '''wireless_tools''' package is now available as part of the base system and is also on the live installation media (CD/USB stick image) under the '''base-devel''' category. <br />
<br />
You cannot initialize wireless hardware without these user-space tools, so ensure they are installed from the installer media, (during package selection), especially if you have no means of networking other than wirelessly. Otherwise, you will be stuck in a recursion when you reboot your newly installed Arch system; you will need wireless_tools and drivers, but in order to get them, you will need wireless_tools and drivers.<br />
<br />
===Drivers and firmware===<br />
Methods and procedures for installing drivers for various chip-sets are covered below. In addition, certain chip-sets require the installation of corresponding ''firmware'' (also covered below).<br />
<br />
====wlan-ng (obsolete)====<br />
<br />
Packages: '''wlan-ng26-utils'''<br />
<br />
This driver supports PRISM based cards, which are hard to find now. The PRISM card is an IEEE 802.11 compliant 2.4 GHz DSSS WLAN network interface card that uses the Intersil PRISM chip-set for its radio functions and the AMD PCNet-Mobile chip (AM79C930) for its Media Access Controller (MAC) function. The supported adapters can be found from here: http://www.linux-wlan.org/docs/wlan_adapters.html.gz<br />
<br />
For wlan-ng you do not need the wireless_tools package as mentioned above. Instead you will need to learn the tools in the wlan-ng26-utils package: '''wlancfg and wlanctl-ng'''.<br />
<br />
See http://www.linux-wlan.org/<br />
<br />
====rt2860 and rt2870====<br />
In kernel since 2.6.29 and requires no extra packages. It can be configured using the standard wpa_supplicant and iwconfig tools. Unfortunately this does not go for Arch. In order to get it to work, disabling the following modules in rc.conf has proven to be successful:<br />
<br />
MODULES=(!rt2800pci !rt61pci !rt2x00pci !rt2800usb !rt2800lib !rt2x00usb !rt2x00lib)<br />
<br />
It has a wide range of options that can be configured with iwpriv. These are documented in the [http://web.ralinktech.com/ralink/Home/Support/Linux.html source tarballs] available from Ralink<br />
<br />
For rt2870sta, also see [[Rt2870]]<br />
<br />
====w322u====<br />
Treat this Tenda card as an rt2870sta. See: [[Rt2870]]<br />
<br />
====rtl8180====<br />
Realtek rtl8180 PCI/Cardbus 802.11b now fully supported in the kernel. It can be configured using the standard wpa_supplicant and iwconfig tools.<br />
<br />
====rtl8192e====<br />
<br />
The driver is part of the current kernel package. It can be configured using the standard wpa_supplicant and iwconfig tools.<br />
<br />
Note: [[wicd]] may cause excessive dropped connections with this driver, while [[NetworkManager]] appears to work better.<br />
<br />
====rtl8192s====<br />
<br />
The driver is part of the current kernel package. Firmware may need to be added manually if /lib/firmware/RTL8192SU/rtl8192sfw.bin does not exist. (dmesg will report ''"rtl819xU:FirmwareRequest92S(): failed"'' if the firmware is missing)<br />
<br />
To download and install firmware:<br />
<pre>$ wget http://launchpadlibrarian.net/33927923/rtl8192se_linux_2.6.0010.1012.2009.tar.gz<br />
# mkdir /lib/firmware/RTL8192SU<br />
# tar -xzOf rtl8192se_linux_2.6.0010.1012.2009.tar.gz \<br />
rtl8192se_linux_2.6.0010.1012.2009/firmware/RTL8192SE/rtl8192sfw.bin > \<br />
/lib/firmware/RTL8192SU/rtl8192sfw.bin</pre><br />
<br />
Note: An alternate version of the firmware may be found [http://launchpadlibrarian.net/37387612/rtl8192sfw.bin.gz here], but this version may cause dropped connections.<br />
<br />
Note: [[wicd]] may cause excessive dropped connections with this driver, while [[NetworkManager]] appears to work better.<br />
<br />
====rt2x00====<br />
Unified driver for Ralink chip-sets (replaces rt2500,rt61,rt73 etc). In kernel since 2.6.24, some devices require extra firmware. It can be configured using the standard wpa_supplicant and iwconfig tools.<br />
<br />
Some chips require a firmware file, which can be installed as follows, depending on the chip-set:<br />
<pre>pacman -S linux-firmware</pre><br />
<br />
See: [[Using the new rt2x00 beta driver]]<br />
<br />
====rt2500, rt61, rt73 (obsolete)====<br />
For Ralink <br />
* PCI/PCMCIA based rt2500 series chip-sets.<br />
* PCI/PCMCIA based rt61 series chip-sets<br />
* USB based rt73 series chip-sets. <br />
<br />
Drivers are now '''obsolete''' and '''unsupported'''. The rt2x00 driver family is stable and to be used instead.<br />
<br />
Support standard iwconfig tools for unencrypted and WEP connections, although it can be quite sensitive to the order of commands.<br />
The driver does support WPA (using hardware encryption), but in a non-standard way. wpa_supplicant appears to include special support for this driver, and it is also possible to negotiate a WPA connection manually using iwpriv commands.<br />
See [http://rt2400.cvs.sourceforge.net/*checkout*/rt2400/source/rt2500/Module/iwpriv_usage.txt these instructions] for details.<br />
<br />
====madwifi-ng====<br />
Package: '''madwifi''' (and optionaly '''madwifi-utils''')<br />
<br />
The module is called <tt>ath_pci</tt>.<br />
<br />
Note there are newer modules maintained by the MadWifi team:<br />
* [[#ath5k|ath5k]] will eventually phase out ath_pci. Currently a better choice for some chipsets.<br />
* [[#ath9k|ath9k]] is the new, official, superior driver for newer Atheros hardware (see below).<br />
<br />
modprobe ath_pci<br />
for the older driver, or:<br />
modprobe ath5k<br />
for the development version. Note that not all cards work with ath5k yet.<br />
<br />
If using ath_pci, you may need to blacklist ath5k by adding it to the MODULES=array in /etc/rc.conf, and subsequently prefixing it with a bang (!):<br />
MODULES=(!ath5k forcedeth snd_intel8x0 ... ...)<br />
<br />
Some users '''may need''' to use the 'countrycode' option when loading the MadWifi driver in order to use channels and transmit power settings that are legal in their country/region. In the Netherlands, for example, you would load the module like this:<br />
<br />
modprobe ath_pci countrycode=528<br />
<br />
You can verify the settings with the <tt>iwlist</tt> command. See <tt>man iwlist</tt> and the [http://madwifi-project.org/wiki/UserDocs/CountryCode CountryCode page on the MadWifi wiki]. To have this setting automatically applied during boot, add the following to <tt>/etc/modprobe.d/modprobe.conf</tt>:<br />
<br />
{{Note| The new module-init-tools 3.8 package changes the location of the configuration file: /etc/modprobe.conf is no longer read, instead /etc/modprobe.d/modprobe.conf is used. [http://www.archlinux.org/news/450/ link]}}<br />
<br />
options ath_pci countrycode=528<br />
<br />
{{Note|A user had to remove the countrycode option completely or else the ath0 device was not created (kernel 2.6.21).}}<br />
<br />
====ath5k====<br />
ath5k is the preferred driver for AR5xxx chipsets including those which are already working with madwifi-ng and for some chipsets older than AR5xxx. <br />
<br />
If ath5k is conflicting with ath_pci on your system, blacklist (and unload using rmmod or reboot) the following drivers...<br />
MODULES=(<br />
...<br />
!ath_hal !ath_pci !ath_rate_amrr !ath_rate_onoe !ath_rate_sample !wlan !wlan_acl !wlan_ccmp !wlan_scan_ap !wlan_scan_sta !wlan_tkip !wlan_wep !wlan_xauth<br />
...<br />
)<br />
<br />
then modprobe ath5k manualy or reboot. wlan0 (or wlanX) in sta mode should spawn and become ready to use.<br />
<br />
Info:<br />
* http://wireless.kernel.org/en/users/Drivers/ath5k<br />
* http://wiki.debian.org/ath5k<br />
<br />
{{Note|Some laptop have problem of Wireless LED indicator flickers red and blue. To solve this problem do :<br />
echo none > "/sys/class/leds/ath5k-phy0::tx/trigger"<br />
echo none > "/sys/class/leds/ath5k-phy0::rx/trigger"<br />
For alternative look {{[https://bugzilla.redhat.com/show_bug.cgi?id=618232 here]}}}}<br />
<br />
====ath9k====<br />
ath9k is Atheros' officially supported driver for the newer 11n chip-sets. All of the chips with 11n capabilities are supported, with a maximum throughput around 180 Mbps. To see a complete list of supported hardware, check this [http://wireless.kernel.org/en/users/Drivers/ath9k page].<br />
<br />
Working modes: Station, AP and Adhoc.<br />
<br />
ath9k has been part of the kernel as of 2.6.27. Support seems acceptable as of 2.6.32 (see [http://linuxwireless.org/en/users/Drivers/ath9k/bugs#Minimal_kernel_requirements details on linuxwireless.org]). (In the unlikely event that you have stability issues that trouble you, you could try using the [http://wireless.kernel.org/en/users/Download compat-wireless] package.<br />
An [https://lists.ath9k.org/mailman/listinfo/ath9k-devel ath9k mailing list] exists for support and development related discussions.)<br />
<br />
Info:<br />
* http://wireless.kernel.org/en/users/Drivers/ath9k<br />
* http://wiki.debian.org/ath9k<br />
<br />
====ath9k_htc====<br />
ath9k_htc is Atheros' officially supported driver for 11n USB devices. Station and Ad-Hoc modes are supported. Since 2.6.35, the driver has been included in the kernel. For more information, see http://wireless.kernel.org/en/users/Drivers/ath9k_htc .<br />
<br />
====ipw2100 and ipw2200====<br />
Fully supported in the kernel, but requires additional firmware. It can be configured using the standard wpa_supplicant and iwconfig tools.<br />
<br />
Depending on which of the chips you have, use either:<br />
<br />
'''ipw2100-fw'''<br />
pacman -S ipw2100-fw<br />
<br />
or:<br />
<br />
'''ipw2200-fw'''<br />
pacman -S ipw2200-fw<br />
<br />
If installing after initial Arch installation, the module may need to be reloaded for the firmware to be loaded; run the following as root:<br />
<br />
rmmod ipw2200<br />
modprobe ipw2200<br />
<br />
=====Enabling the radiotap interface=====<br />
Launch the following (as root):<br />
<br />
rmmod ipw2200<br />
modprobe ipw2200 rtap_iface=1<br />
<br />
=====Enabling the LED=====<br />
Most laptops will have a front LED to indicate when the wireless is connected (or not). Run the following (as root) to enable this feature:<br />
<br />
echo "options ipw2200 led=1" >> /etc/modprobe.d/ipw2200.conf<br />
<br />
or if using sudo:<br />
<br />
echo "options ipw2200 led=1" | sudo tee -a /etc/modprobe.d/ipw2200.conf<br />
<br />
====iwl3945, iwl4965 and iwl5000-series====<br />
'''I'''ntel's open source '''W'''iFi drivers for '''L'''inux (See [http://intellinuxwireless.org iwlwifi]) will work for both the 3945 and 4965 chipsets since kernel v2.6.24. And iwl5000-series chipsets (including 5100BG, 5100ABG, 5100AGN, 5300AGN and 5350AGN) module has been supported since '''kernel 2.6.27''', by the intree driver '''iwlagn'''.<br />
<br />
=====Installing Firmware (Microcode)=====<br />
'''Important:''' Installing these firmware packages is not required since the 2.6.34 kernel<br />
update, when the firmware files were moved to the linux-firmware package:<br />
<br />
# pacman -S linux-firmware<br />
<br />
If you need wireless connectivity to access pacman's repositories, the firmware files are also available direct from Intel. See [http://intellinuxwireless.org/?n=downloads this ] page, select and download the archive.<br />
$ wget http://intellinuxwireless.org/iwlwifi/downloads/iwlwifi-XXXX-ucode-XXX.XX.X.XX.tgz<br />
<br />
After downloading, you must extract and copy the *.ucode file to the firmware directory, commonly /lib/firmware<br />
# tar zxvf iwlwifi-XXXX-ucode-XXX.XX.X.XX.tgz<br />
# cd iwlwifi-XXXX-ucode-XXX.XX.X.XX/<br />
# cp iwlwifi-XXXX-X.ucode /lib/firmware/<br />
<br />
=====Loading the Driver=====<br />
If MOD_AUTOLOAD is set to yes in /etc/rc.conf (it is by default) that should be all that is required. Simply check for the presence of the drivers by running '''ifconfig -a''' from a terminal. There should be a listing for wlan0.<br />
<br />
Do this ONLY if MOD_AUTOLOAD is not set: to manually load the driver at startup, edit <tt>/etc/rc.conf</tt> as root and add '''iwl3945''' or '''iwl4965''' respectively to the MODULES array. For example:<br />
<br />
MODULES=( ... b44 mii '''iwl3945''' snd-mixer-oss ...)<br />
<br />
The drivers should now load after a reboot, and running '''ifconfig -a''' from a terminal should report '''wlan0''' as a new network interface.<br />
<br />
=====Disabling LED blink=====<br />
<br />
The default settings on the module are to have the LED blink on activity. Some people like myself find this extremely annoying. To have the LED on solid when wifi is active:<br />
<br />
# echo "options iwlcore led_mode=1" >> /etc/modprobe.d/modprobe.conf<br />
# rmmod iwlagn<br />
# rmmod iwlcore<br />
# modprobe iwlcore<br />
# modprobe iwlagn<br />
<br />
=====Other Notes=====<br />
* The windows NETw4x32 driver can be used with ndiswrapper as an alternative to the iwl3945 and ipw3945 drivers<br />
* In some cases (specifically a [[Dell Latitude D620]] with Arch 2008.06, though it could happen elsewhere) after installation you may have both iwl3945 and ipw3945 in your <tt>MODULES=()</tt> section of rc.conf. The card will not work with both modules loaded, so you will have to ! out the ipw3945 module and then reboot or remove the module manually before you can use your wireless card.<br />
* By default iwl3945 is configured to only work with networks on channels 1-11. Higher ranges are not allowed in some parts of the world (US). In the EU however channels 12 and 13 are used quite common. To make iwl3945 scan for all channels, add "options cfg80211 ieee80211_regdom=EU" to /etc/modprobe.d/modprobe.conf. With "iwlist f" you can check which channels are allowed.<br />
* If you want to enable more channels on Intel Wifi 5100 (and quite possible other cards too) you can do that with the crda package. After install, edit /etc/conf.d/wireless-regdom and uncomment the line where your country code is found. Add wireless-regdom to your DAEMONS in rc.conf and restart (which is the easiest thing to do). You should now, when writing sudo iwlist wlan0 channel, have access to more channels (depending on your location).<br />
* The wifi power management can be enabled by adding:<br />
iwconfig wlan0(change as appropriate) power on<br />
to /etc/rc.local.<br />
<br />
====ipw3945 (obsolete)====<br />
{{Note| ''The ipw3945 driver is no longer actively developed, and the iwlwifi driver (described above) should work perfectly, but may conflict with the former one. Therefore only one of them should be installed. If you choose to use the iwlwifi driver, the '''ipw3945-ucode''' package is still required.''}}<br />
# pacman -S ipw3945 ipw3945-ucode ipw3945d<br />
To initialize the driver on startup, edit <tt>/etc/rc.conf</tt> as root and add '''ipw3945''' to the MODULES array and '''ipw3945d''' to the DAEMONS array. For example:<br />
<br />
MODULES=(... mii '''ipw3945''' snd-mixer-oss ...)<br />
<br />
DAEMONS=(syslog-ng '''ipw3945d''' network ...)<br />
<br />
'''Note:''' The '''ipw3945d''' daemon ''must'' be inserted BEFORE all other network daemons in the array.<br />
<br />
====orinoco====<br />
This should be part of the kernel package and be installed already.<br />
<br />
Note: Some orinoco chipsets are Hermes I/II. You can use http://aur.archlinux.org/packages.php?ID=9637 to replace the orinoco driver and gain WPA support. See http://ubuntuforums.org/showthread.php?p=2154534#post2154534 for more information.<br />
<br />
To use the driver, blacklist orinoco_cs in rc.conf (!orinoco_cs in the MODULES array) and add wlags49_h1_cs. Example:<br />
MODULES=(!eepro100 ''!orinoco_cs'' '''wlags49_h1_cs''')<br />
<br />
====ndiswrapper====<br />
Ndiswrapper is not a real driver, but you can use it when there are no native Linux kernel drivers for your wireless chips. So it is very useful in some situations. To use it you need the *.inf file from your Windows driver (the *.sys file must also be present in the same directory). Be sure to use drivers appropriate to your architecture (i.e. 32/64bit). If you need to extract these files from an *.exe file, you can use either cabextract or wine. Ndiswrapper is included on the Arch Linux installation CD.<br />
<br />
Follow these steps to configure ndiswrapper.<br />
<pre><br />
#Install the driver to /etc/ndiswrapper/*<br />
ndiswrapper -i filename.inf<br />
#List all installed driver for ndiswrapper<br />
ndiswrapper -l<br />
#Write configuration file in /etc/modprobe.d/ndiswrapper.conf<br />
ndiswrapper -m<br />
depmod -a</pre><br />
<br />
Now the ndiswrapper install is almost finished; you just have to update /etc/rc.conf to load the module at boot (below is a sample of my config; yours might look slightly different):<br />
<br />
<pre>MODULES=(ndiswrapper snd-intel8x0 !usbserial)</pre><br />
<br />
The important part is making sure that ndiswrapper exists on this line, so just add it alongside the other modules. It would be best to test that ndiswrapper will load now, so:<br />
<br />
<pre>modprobe ndiswrapper<br />
iwconfig</pre><br />
<br />
and wlan0 should exist. Check this page if you're having problems:<br />
[http://ndiswrapper.sourceforge.net/joomla/index.php?/component/option,com_openwiki/Itemid,33/id,installation/ Ndiswrapper installation wiki].<br />
<br />
====prism54====<br />
Download the firmware driver for your appropriate card from [http://linuxwireless.org/en/users/Drivers/p54 this site]. Rename the firmware file to 'isl3890'.<br />
If nonexistent, create the directory /lib/firmware and place the file 'isl3890' in it. This should do the trick. [http://bbs.archlinux.org/viewtopic.php?t=16569&start=0&postdays=0&postorder=asc&highlight=siocsifflags+such+file++directory]<br />
<br />
If that did not work, try this:<br />
<br />
*Reload the prism module (modprobe p54usb or modprobe p54pci, depending on your hardware)<br />
alternatively remove your wifi card and then reconnect it<br />
*Use the "dmesg" command, and look at the end of the output it prints out.<br />
Look for a section looking like this: <br />
firmware: requesting '''isl3887usb_bare'''<br />
p54: LM86 firmware<br />
p54: FW rev 2.5.8.0 - Softmac protocol 3.0<br />
and try renaming the firmware file to the name corresponding to the part bolded here.<br />
<br />
If you get message <br />
SIOCSIFFLAGS: Operation not permitted<br />
when performing 'ifconfig wlan0 up' OR <br />
prism54: Your card/socket may be faulty, or IRQ line too busy :(<br />
appears in dmesg this may be because you have both the deprecated kernel module "prism54" and the newer kernel module "p54pci" or "p54usb" loaded at the same time and they are fighting over ownership of the IRQ. Use command "lsmod | grep prism54" to see if indeed the deprecated module is being loaded. If so you need to stop "prism54" loading by [[blacklisting]] it (there are several ways to do this which are described elsewhere). Once blacklisted, you may find you have to rename the firmware as prism54 and p54pci/p54usb look for different firmware filenames (i.e. recheck the dmesg output after performing ifconfig wlan0 up).<br />
<br />
====ACX100/111====<br />
packages: tiacx tiacx-firmware<br />
<br />
The driver should tell you which firmware it needs; check /var/log/messages.log or use the dmesg command.<br />
<br />
Link the appropriate firmware to '/lib/firmware':<br />
ln -s /usr/share/tiacx/acx111_2.3.1.31/tiacx111c16 /lib/firmware<br />
<br />
For another way to determine which firmware revision number to use, see the [http://acx100.sourceforge.net/wiki/Firmware "Which firmware" section] of the acx100.sourceforge wiki. For ACX100, you can follow the links provided there, to a table of card model number vs. "firmware files known to work"; you can figure out the rev. number you need, by looking at the suffix there. E.g. a dlink_dwl650+ uses "1.9.8.b", in which case you'd do this:<br />
ln -s /usr/share/tiacx/acx100_1.9.8.b/* /lib/firmware<br />
<br />
If you find that the driver is spamming your kernel log, for example because you're running Kismet with channel-hopping, you could put this in /etc/modprobe.d/modprobe.conf:<br />
options acx debug=0<br />
<br />
{{Note|The open-source acx driver does not support WPA/RSN encryption. Ndiswrapper will have to be used with the windows driver to enable the enhanced encryption. See ndiswrapper, this page, for more details.}}<br />
<br />
==== b43 ====<br />
See the [[Broadcom_wireless|Broadcom wireless]] page.<br />
<br />
====broadcom-wl====<br />
See the [[Broadcom_wireless|Broadcom wireless]] page.<br />
<br />
====brcm80211====<br />
See the [[Broadcom_wireless|Broadcom wireless]] page.<br />
<br />
====rtl8187====<br />
See: [[Rtl8187_wireless|rtl8187]]<br />
<br />
====zd1211rw====<br />
[http://zd1211.wiki.sourceforge.net/ zd1211rw] is a driver for the ZyDAS ZD1211 802.11b/g USB WLAN chipset and it is included in recent versions of the Linux kernel. See [http://www.linuxwireless.org/en/users/Drivers/zd1211rw/devices] for a list of supported devices. You only need to install the firmware for the device: <pre>pacman -S zd1211-firmware</pre><br />
<br />
====carl9170====<br />
[http://wireless.kernel.org/en/users/Drivers/carl9170/ carl9170] is the 802.11n USB driver with GPLv2 firmware for Atheros USB AR9170 devices. It support these [http://wireless.kernel.org/en/users/Drivers/carl9170#available_devices devices]. The '''firmware''' is not yet part of the linux-firmware package, it is available in [https://aur.archlinux.org/packages.php?ID=44102/ AUR]. The '''driver''' is part of '''kernel 2.6.37''', for older kernel use the driver package from [https://aur.archlinux.org/packages.php?ID=44100/ AUR]. <br />
In order to use this driver, the older ar9170usb driver module must be blocked by adding '''!arusb_lnx''' and '''!ar9170usb''' to MODULES() in /etc/rc.conf:<br />
<pre>MODULES=(... !arusb_lnx !ar9170usb ...)</pre><br />
<br />
===Test installation===<br />
After loading your driver run<br />
iwconfig<br />
to ensure a wireless interface (wlan''x'', eth''x'', ath''x'') is created.<br />
<br />
If no such interface is visible, modprobing it might work. To start your driver, use the '''rmmod''' and '''modprobe''' commands (if rmmod fails, continue with modprobe).<br />
<br />
Example: if your driver is called "driverXXX", you would run the following commands:<br />
# rmmod driverXXX<br />
# modprobe driverXXX<br />
<br />
Bring the interface up with <code>ifconfig <interface> up</code>. e.g. assuming the interface is <code>wlan0</code>:<br />
# ifconfig wlan0 up<br />
If you get this error message: <code>SIOCSIFFLAGS: No such file or directory</code> it most certainly means your wireless chipset requires a firmware to function, which you need to install as explained above.<br />
<br />
==Part II: Wireless management==<br />
Assuming that your drivers are installed and working properly, you will need to choose a method for managing your wireless connections. The following subsections will help you decide the best way to do just that.<br />
<br />
Procedure and tools required will depend on several factors:<br />
* The desired nature of configuration management; from a completely manual command line setup procedure repeated at each boot to a software-managed, automated solution<br />
* The encryption type (or lack thereof) which protects the wireless network<br />
* The need for network profiles, if the computer will frequently change networks (such as a laptop)<br />
<br />
===Management methods===<br />
This table shows the different methods that can be used to activate and manage a wireless network connection, depending on the encryption and management types, and the various tools that are required. Although there may be other possibilities, these are the most frequently used:<br />
{| border="1"<br />
! Management || No encryption/WEP || WPA/WPA2 PSK<br />
|-<br />
| Manual, need to repeat at each computer reboot || <code>ifconfig + iwconfig + dhcpcd/ifconfig</code> || <code>ifconfig + iwconfig + wpa_supplicant + dhcpcd/ifconfig</code><br />
|-<br />
| Automatically managed, centralized without network profile support || define interface in <code>/etc/rc.conf</code> || not covered<br />
|-<br />
| Automatically managed, with network profiles support || colspan="2" align="center" | <code>Netcfg, newlan (AUR), wicd, NetworkManager, etc…</code><br />
|}<br />
<br />
More choice guide: <br />
<br />
{| border="1"<br />
! - || Netcfg+Newlan(AUR) || Wicd ||NetworkManager+network-manager-applet<br />
|-<br />
| auto connect at boot || with net-profiles daemon config in rc.conf || yes || yes<br />
|-<br />
| auto connect if dropped <br>or changed location || with net-auto-wireless daemon config in rc.conf || yes || yes<br />
|-<br />
| support 3G Modem || || || yes<br />
|-<br />
| GUI (proposes to manage and connect/disconnect<br> profiles from a systray icon. <br>Automatic wireless detection is also available) || with ArchAssitant || yes || yes<br />
|-<br />
| console tools || with wifi-select || wicd-curses(part of wicd package) || nmcli<br />
|-<br />
| connect speed || slow || || fast<br />
|}<br />
<br />
Whatever your choice, you should try to connect using the manual method first. This will help you understand the different steps that are required and debug them in case a problem arose. Another tip: if possible (e.g. if you manage your wifi access point), try connecting with no encryption, to check everything works. Then try using encryption, either WEP (simpler to configure -- but crackable in a matter of minutes, so it's hardly more secure than an unencrypted connection) or WPA.<br />
<br />
When it comes to easy of use, NetworkManager (with Gnome network-manager-applet) and wicd have good GUIs and can provide a list of available networks to connect, they prompt for passwords, which is straightforward and highly recommended. (Note Gnome network-manager-applet also works under xfce4 if you install xfce4-xfapplet-plugin first, also there are applet available for KDE.) <br />
<br />
====Manual setup====<br />
The programs provided by the package '''wireless_tools''' are the basic set of tools to set up a wireless network. Moreover, if you use WPA/WPA2 encryption, you will need the package '''wpa_supplicant'''. These powerful userspace console tools work extremely well and allow complete, manual control from the shell.<br />
<br />
These examples assume your wireless device is <code>wlan0</code>. Replace <code>wlan0</code> with the appropriate device name.<br />
{{Note| Depending on your hardware and encryption type, some of these steps may not be necessary. Some cards are known to require interface activation and/or access point scanning before being associated to an access point and being given an IP address. Some experimentation may be required. For instance, WPA/WPA2 users may directly try to activate their wireless network from step 3.}}<br />
<br />
'''Step 0.''' ''(Optional, may be required)'' At this step you may need to set the proper operating mode of the wireless card. More specifically, if you're going to connect an ad-hoc network, you might need to set the operating mode to ''ad-hoc:''<br />
# iwconfig wlan0 mode ad-hoc<br />
<br />
{{Note| Ideally, you should a priori know, which type of network you are going to connect. If you don't, scan the network as described in step 2 below, then, if necessary, return back to this step and change the mode. Also, please, bear in mind that changing the operating mode might require the wlan interface to be ''down'' (<code>ifconfig wlan0 down</code>).}}<br />
<br />
'''Step 1.''' ''(Also optional, may be required)'' Some cards require that the kernel interface be activated before you can use the wireless_tools:<br />
# ifconfig wlan0 up<br />
<br />
'''Step 2.''' See what access points are available:<br />
# iwlist wlan0 scan<br />
<br />
{{Note| If it displays "''Interface does not support scanning''" then you probably forgot to install the firmware. You can also try bringing up the interface first as shown in point 1.}}<br />
<br />
'''Step 3.''' Depending on the encryption, you need to associate your wireless device with the access point to use and pass the encryption key.<br />
<br />
Assuming you want to use the ESSID named <code>MyEssid</code>:<br />
* ''No encryption''<br />
# iwconfig wlan0 essid "MyEssid"<br />
* ''WEP''<br />
using an hexadecimal key:<br />
# iwconfig wlan0 essid "MyEssid" key 1234567890<br />
using an ascii key:<br />
# iwconfig wlan0 essid "MyEssid" key s:asciikey<br />
* ''WPA/WPA2''<br />
<br />
You need to edit the <code>/etc/wpa_supplicant.conf</code> file as described in [[WPA_Supplicant]]. Then, issue this command:<br />
# wpa_supplicant -i wlan0 -c /etc/wpa_supplicant.conf<br />
<br />
This is assuming your device uses the <code>wext</code> driver. If this does not work, you may need to adjust these options. <br />
If connected successfully, continue in a new terminal (or quit wpa_supplicant with CTRL+C and add the -B switch to above command to run it in the background). [[WPA_Supplicant]] contains more information and troubleshooting.<br />
<br />
Regardless of the method used, you can check if you have associated successfully as follows:<br />
# iwconfig wlan0<br />
Note: In some setups it may still display "Access Point: Not-Associated", continue onto the next step.<br />
<br />
<br />
'''Step 4.''' Finally, provide an IP address to the network interface. Simple examples are:<br />
# dhcpcd wlan0<br />
for DHCP, or<br />
# ifconfig wlan0 192.168.0.2<br />
# route add default gw 192.168.0.1<br />
for static IP.<br />
<br />
Note: If you get an timeout error due to a ''waiting for carrier'' problem then you might have to set channel mode to auto for the specific device.<br />
<br />
# iwconfig wlan0 channel auto <br />
<br />
{{Note| Although the manual configuration method will help troubleshoot wireless problems, you will have to retype every command each time you reboot.}}<br />
<br />
====Automatic setup====<br />
There are many solutions to choose from, but remember that all of them are mutually exclusive; you should not run two daemons simultaneously.<br />
<br />
=====Standard network daemon=====<br />
{{Note| This method and configuration examples are only valid for unencrypted or WEP-encrypted networks, which are particularly unsecure. To use WPA/WPA2, you will need to use other solutions such as '''[[netcfg]]''' or '''[[wicd]]'''. Also, avoid mixing these methods as they may create a conflict and prevent the wireless card from functioning.}}<br />
<br />
* The '''/etc/rc.conf''' file is sourced by the network script. Therefore, you may define and configure a simple wireless setup within /etc/rc.conf for a centralized approach with '''wlan_<interface>="<interface> essid <essid>"''' and '''INTERFACES=(<interface1> <interface2>)'''. The name of the network goes in place of '''MyEssid'''.<br />
<br />
For example:<br />
# /etc/rc.conf<br />
eth0="dhcp"<br />
wlan0="dhcp"<br />
wlan_wlan0="wlan0 essid MyEssid" # Unencrypted<br />
#wlan_wlan0="wlan0 essid MyEssid key 1234567890" # hex WEP key<br />
#wlan_wlan0="wlan0 essid MyEssid key s:asciikey" # ascii WEP key<br />
INTERFACES=(eth0 wlan0)<br />
<br />
Not all wireless cards are <code>wlan0</code>. Determine your wireless interface with ifconfig -a. <br />
Atheros-based cards, for example, are typically <code>ath0</code>, so change <code>wlan_wlan0</code> to:<br />
wlan_ath0="ath0 essid MyEssid key 12345678" <br />
Also define ath0 in the INTERFACES=line.)<br />
<br />
* Alternatively, you may define wlan_<interface> within /etc/conf.d/wireless, (which is also sourced by the network script), for a de-centralized approach:<br />
# /etc/conf.d/wireless<br />
wlan_wlan0="wlan0 essid MyEssid"<br />
<br />
These solutions are limited for a laptop which is always on the move. It would be good to have multiple [[Network Profiles]] and be able to easily switch from one to another. That is the aim of network managers, such as netcfg.<br />
<br />
=====Netcfg=====<br />
'''netcfg''' provides a ''versatile, robust and fast'' solution to networking on Arch.<br />
<br />
It uses a profile based setup and is capable of detection and connection to a wide range of network types. This is no harder than using graphical tools. Following the directions above, you can get a list of wireless networks. Then, as with graphical tools, you will need a password.<br />
<br />
See: [[Network Profiles]], and [[Network Profiles development]]<br />
<br />
=====Netcfg Easy Wireless LAN (newlan)=====<br />
newlan is a mono console application that starts a user-friendly wizard to create netcfg profiles, it supports also wired connections.<br />
<br />
Install from [[AUR]]: http://aur.archlinux.org/packages.php?ID=33649<br />
<br />
Or use the [[AUR]] helper of your choice.<br />
<br />
newlan must be run with root privileges:<br />
# sudo newlan -n mynewprofile<br />
<br />
=====Autowifi=====<br />
<br />
{{Box|Autowifi is deprecated|Autowifi has been deprecated in favor of [[netcfg]]'s [[Netcfg#net-auto-wireless|net-auto-wireless]] mode|#DF0000|#FFDFDF}}<br />
<br />
Autowifi is a daemon that configures your wireless network automatically depending on the ESSID. Once configured, no user interaction is necessary and no GUI tools are required.<br />
<br />
See: [[Autowifi]]<br />
<br />
=====Wicd=====<br />
Wicd is a network manager that can handle both wireless and wired connections. It is written in Python and Gtk with fewer dependencies than NetworkManager, making it an ideal solution for lightweight desktop users. Wicd is now available in the extra repository for both i686 and x86_64.<br />
<br />
See: [[Wicd]]<br />
<br />
=====NetworkManager=====<br />
NetworkManager is an advanced network management tool that is enabled by default in most popular GNU/Linux distributions. In addition to managing wired connections, NetworkManager provides worry-free wireless roaming with an easy-to-use GUI program for selecting your desired network. <br />
<br />
See: [[NetworkManager]]<br />
<br />
=====Wifi Radar=====<br />
WiFi Radar is Python/PyGTK2 utility for managing wireless profiles (and ''only'' wireless). It enables you to scan for available networks and create profiles for your preferred networks.<br />
<br />
See: [[Wifi Radar]]<br />
<br />
=====Wlassistant=====<br />
Wlassistant is a very intuitive and straightforward GUI application for managing your wireless connections. <br />
<br />
Install from AUR: http://aur.archlinux.org/packages.php?ID=1726<br />
<br />
Wlassistant must be run with root privileges:<br />
# sudo wlassistant<br />
One method of using wlassistant is to configure your wireless card within /etc/rc.conf, specifying the access point you use most often. On startup, your card will automatically be configured for this ESSID, but if other wireless networks are needed/available, wlassistant can then be invoked to access them. Background the network daemon in /etc/rc.conf, by prefixing it with a @, to avoid boot delays.<br />
<br />
==See also==<br />
*[[Sharing ppp connection with wlan interface]]<br />
*[[Ad-hoc networking]]<br />
<br />
==External links==<br />
*[http://www.gnome.org/projects/NetworkManager/ NetworkManager] -- The official website for NetworkManager<br />
*[http://wicd.sourceforge.net/ WICD] -- The official website for WICD<br />
*[https://lists.anl.gov/mailman/listinfo/wifi-radar Wifi Radar] -- Wifi Radar information page<br />
*[http://madwifi.org/wiki/UserDocs/FirstTimeHowTo The madwifi project's method of installing] -- Recommended if you are having trouble after reading this article</div>Pimanachttps://wiki.archlinux.org/index.php?title=OpenSSH&diff=141215OpenSSH2011-05-12T19:38:59Z<p>Pimanac: /* Allowing others in */</p>
<hr />
<div>[[Category:Daemons and system services (English)]]<br />
{{i18n|SSH}}<br />
[[pl:SSH]]<br />
[[fr:ssh]]<br />
<br />
Secure Shell or SSH is a network protocol that allows data to be exchanged over a secure channel between two computers. Encryption provides confidentiality and integrity of data. SSH uses public-key cryptography to authenticate the remote computer and allow the remote computer to authenticate the user, if necessary.<br />
<br />
SSH is typically used to log into a remote machine and execute commands, but it also supports tunneling, forwarding arbitrary TCP ports and X11 connections; file transfer can be accomplished using the associated SFTP or SCP protocols.<br />
<br />
An SSH server, by default, listens on the standard TCP port 22. An SSH client program is typically used for establishing connections to an ''sshd'' daemon accepting remote connections. Both are commonly present on most modern operating systems, including Mac OS X, GNU/Linux, Solaris and OpenVMS. Proprietary, freeware and open source versions of various levels of complexity and completeness exist.<br />
<br />
(Source: [[Wikipedia:Secure Shell]])<br />
<br />
= OpenSSH =<br />
<br />
OpenSSH (OpenBSD Secure Shell) is a set of computer programs providing encrypted communication sessions over a computer network using the ssh protocol. It was created as an open source alternative to the proprietary Secure Shell software suite offered by SSH Communications Security. OpenSSH is developed as part of the OpenBSD project, which is led by Theo de Raadt.<br />
<br />
OpenSSH is occasionally confused with the similarly-named OpenSSL; however, the projects have different purposes and are developed by different teams, the similar name is drawn only from similar goals.<br />
<br />
== Installing OpenSSH ==<br />
# pacman -S openssh<br />
<br />
== Configuring SSH ==<br />
===Client===<br />
The SSH client configuration file can be found and edited in {{Filename|/etc/ssh/ssh_config}}.<br />
<br />
An example configuration: <br />
<br />
{{File|name=/etc/ssh/ssh_config|content=<br />
<br />
# $OpenBSD: ssh_config,v 1.25 2009/02/17 01:28:32 djm Exp $<br />
<br />
# This is the ssh client system-wide configuration file. See<br />
# ssh_config(5) for more information. This file provides defaults for<br />
# users, and the values can be changed in per-user configuration files<br />
# or on the command line.<br />
<br />
# Configuration data is parsed as follows:<br />
# 1. command line options<br />
# 2. user-specific file<br />
# 3. system-wide file<br />
# Any configuration value is only changed the first time it is set.<br />
# Thus, host-specific definitions should be at the beginning of the<br />
# configuration file, and defaults at the end.<br />
<br />
# Site-wide defaults for some commonly used options. For a comprehensive<br />
# list of available options, their meanings and defaults, please see the<br />
# ssh_config(5) man page.<br />
<br />
Host *<br />
# ForwardAgent no<br />
# ForwardX11 no<br />
# RhostsRSAAuthentication no<br />
# RSAAuthentication yes<br />
# PasswordAuthentication yes<br />
# HostbasedAuthentication no<br />
# GSSAPIAuthentication no<br />
# GSSAPIDelegateCredentials no<br />
# BatchMode no<br />
# CheckHostIP yes<br />
# AddressFamily any<br />
# ConnectTimeout 0<br />
# StrictHostKeyChecking ask<br />
# IdentityFile ~/.ssh/identity<br />
# IdentityFile ~/.ssh/id_rsa<br />
# IdentityFile ~/.ssh/id_dsa<br />
# Port 22<br />
# Protocol 2,1<br />
# Cipher 3des<br />
# Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc<br />
# MACs hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160<br />
# EscapeChar ~<br />
# Tunnel no<br />
# TunnelDevice any:any<br />
# PermitLocalCommand no<br />
# VisualHostKey no<br />
HashKnownHosts yes<br />
StrictHostKeyChecking ask}}<br />
<br />
It is recommended to change the Protocol line into this:<br />
Protocol 2<br />
<br />
That means that only Protocol 2 will be used, since Protocol 1 is considered somewhat insecure.<br />
<br />
===Daemon===<br />
The SSH daemon configuration file can be found and edited in {{Filename|/etc/ssh/ssh'''d'''_config}}.<br />
<br />
An example configuration: <br />
<br />
{{File|name=/etc/ssh/sshd_config|content=<br />
<br />
# $OpenBSD: sshd_config,v 1.75 2007/03/19 01:01:29 djm Exp $<br />
<br />
# This is the sshd server system-wide configuration file. See<br />
# sshd_config(5) for more information.<br />
<br />
# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin<br />
<br />
# The strategy used for options in the default sshd_config shipped with<br />
# OpenSSH is to specify options with their default value where<br />
# possible, but leave them commented. Uncommented options change a<br />
# default value.<br />
<br />
#Port 22<br />
#Protocol 2,1<br />
ListenAddress 0.0.0.0<br />
#ListenAddress ::<br />
<br />
# HostKey for protocol version 1<br />
#HostKey /etc/ssh/ssh''host''key<br />
# HostKeys for protocol version 2<br />
#HostKey /etc/ssh/ssh''host''rsa_key<br />
#HostKey /etc/ssh/ssh''host''dsa_key<br />
<br />
# Lifetime and size of ephemeral version 1 server key<br />
#KeyRegenerationInterval 1h<br />
#ServerKeyBits 768<br />
<br />
# Logging<br />
#obsoletes ~QuietMode and ~FascistLogging<br />
#SyslogFacility AUTH<br />
#LogLevel INFO<br />
<br />
# Authentication:<br />
<br />
#LoginGraceTime 2m<br />
#PermitRootLogin yes<br />
#StrictModes yes<br />
#MaxAuthTries 6<br />
<br />
#RSAAuthentication yes<br />
#PubkeyAuthentication yes<br />
#AuthorizedKeysFile .ssh/authorized_keys<br />
<br />
# For this to work you will also need host keys in /etc/ssh/ssh''known''hosts<br />
#RhostsRSAAuthentication no<br />
# similar for protocol version 2<br />
#HostbasedAuthentication no<br />
# Change to yes if you don't trust ~/.ssh/known_hosts for<br />
# RhostsRSAAuthentication and HostbasedAuthentication<br />
#IgnoreUserKnownHosts no<br />
# Don't read the user's ~/.rhosts and ~/.shosts files<br />
#IgnoreRhosts yes<br />
<br />
# To disable tunneled clear text passwords, change to no here!<br />
#PasswordAuthentication yes<br />
#PermitEmptyPasswords no<br />
<br />
# Change to no to disable s/key passwords<br />
#ChallengeResponseAuthentication yes<br />
<br />
# Kerberos options<br />
#KerberosAuthentication no<br />
#KerberosOrLocalPasswd yes<br />
#KerberosTicketCleanup yes<br />
#KerberosGetAFSToken no<br />
<br />
# GSSAPI options<br />
#GSSAPIAuthentication no<br />
#GSSAPICleanupCredentials yes<br />
<br />
# Set this to 'yes' to enable PAM authentication, account processing,<br />
# and session processing. If this is enabled, PAM authentication will<br />
# be allowed through the ~ChallengeResponseAuthentication mechanism.<br />
# Depending on your PAM configuration, this may bypass the setting of<br />
# PasswordAuthentication, ~PermitEmptyPasswords, and<br />
# "PermitRootLogin without-password". If you just want the PAM account and<br />
# session checks to run without PAM authentication, then enable this but set<br />
# ChallengeResponseAuthentication=no<br />
#UsePAM no<br />
<br />
#AllowTcpForwarding yes<br />
#GatewayPorts no<br />
#X11Forwarding no<br />
#X11DisplayOffset 10<br />
#X11UseLocalhost yes<br />
#PrintMotd yes<br />
#PrintLastLog yes<br />
#TCPKeepAlive yes<br />
#UseLogin no<br />
#UsePrivilegeSeparation yes<br />
#PermitUserEnvironment no<br />
#Compression yes<br />
#ClientAliveInterval 0<br />
#ClientAliveCountMax 3<br />
#UseDNS yes<br />
#PidFile /var/run/sshd.pid<br />
#MaxStartups 10<br />
<br />
# no default banner path<br />
#Banner /some/path<br />
<br />
# override default of no subsystems<br />
Subsystem sftp /usr/lib/ssh/sftp-server}}<br />
<br />
<br />
To allow access only for some users add this line:<br />
AllowUsers user1 user2<br />
<br />
You might want to change some lines so that they look as following:<br />
<pre><br />
Protocol 2<br />
.<br />
.<br />
.<br />
LoginGraceTime 120<br />
.<br />
.<br />
.<br />
PermitRootLogin no # (put yes here if you want root login)<br />
</pre><br />
<br />
You could also uncomment the BANNER option and edit {{Filename|/etc/issue}} for a nice welcome message.<br />
<br />
{{Tip| You may want to change the default port from 22 to any higher port (see [http://en.wikipedia.org/wiki/Security_through_obscurity security through obscurity]).}} <br />
<br />
Even though the port ssh is running on could be detected by using a port-scanner like nmap, changing it will reduce the number of log entries caused by automated authentication attempts.<br />
<br />
{{Tip| Disabling password logins entirely may also increase security, since each user with access to the server will need to create ssh keys. (see [http://wiki.archlinux.org/index.php/Using_SSH_Keys Using SSH Keys]).}}<br />
<br />
{{File|name=/etc/ssh/sshd_config|content=<br />
PasswordAuthentication no<br />
ChallengeResponseAuthentication no}}<br />
<br />
===Allowing others in===<br />
{{Box Note | You have to adjust this file to remotely connect to your machine since the file is empty by default}}<br />
<br />
To let other people ssh to your machine you need to adjust {{Filename|/etc/hosts.allow}}, add the following:<br />
<br />
<pre><br />
# let everyone connect to you<br />
sshd: ALL<br />
<br />
# OR you can restrict it to a certain ip<br />
sshd: 192.168.0.1<br />
<br />
# OR restrict for a specific IP mask<br />
sshd: 10.0.0.0/255.255.255.0<br />
<br />
# OR restrict for an IP match<br />
sshd: 192.168.1.<br />
</pre><br />
<br />
Now you should check your {{Filename|/etc/hosts.deny}} for the following line and make sure it looks like this:<br />
ALL: ALL<br />
<br />
That's it. You can SSH out and others should be able to SSH in :).<br />
<br />
To start using the new configuration, restart the daemon (as root):<br />
# rc restart sshd<br />
<br />
== Managing SSHD Daemon ==<br />
Just add sshd to the "DAEMONS" section of your {{Filename|/etc/[[rc.conf]]}}:<br />
DAEMONS=(... ... '''sshd''' ... ...)<br />
<br />
To start/restart/stop the daemon, use the following:<br />
# rc {start|stop|restart} sshd<br />
<br />
==Connecting to the server==<br />
To connect to a server, run:<br />
$ ssh -p port user@server-address<br />
<br />
= Tips and Tricks =<br />
<br />
== Encrypted Socks Tunnel ==<br />
This is highly useful for laptop users connected to various unsafe wireless connections. The only thing you need is an SSH server running at a somewhat secure location, like your home or at work. It might be useful to use a dynamic DNS service like [http://www.dyndns.org/ DynDNS] so you don't have to remember your IP-address.<br />
<br />
=== Step 1: Start the Connection ===<br />
You only have to execute this single command in your favorite terminal to start the connection:<br />
$ ssh -ND 4711 user@host<br />
where {{Codeline|"user"}} is your username at the SSH server running at the {{Codeline|"host"}}. It will ask for your password, and then you're connected! The {{Codeline|"N"}} flag disables the interactive prompt, and the {{Codeline|"D"}} flag specifies the local port on which to listen on (you can choose any port number if you want).<br />
<br />
One way to make this easier is to put an alias line in your {{Filename|~/.bashrc}} file as following:<br />
alias sshtunnel="ssh -ND 4711 -v user@host"<br />
It's nice to add the verbose {{Codeline|"-v"}} flag, because then you can verify that it's actually connected from that output. Now you just have to execute the {{Codeline|"sshtunnel"}} command :)<br />
<br />
=== Step 2: Configure your Browser (or other programs) ===<br />
<br />
The above step is completely useless if you don't configure your web browser (or other programs) to use this newly created socks tunnel. Since the current version of SSH supports both SOCKS4 and SOCKS5, you can use either of them.<br />
<br />
* For Firefox: ''Edit &rarr; Preferences &rarr; Advanced &rarr; Network &rarr; Connection &rarr; Setting'':<br />
: Check the ''"Manual proxy configuration"'' radio button, and enter "localhost" in the ''"SOCKS host"'' text field, and then enter your port number in the next text field (I used 4711 above).<br />
<br />
Firefox does not automatically make DNS requests through the socks tunnel. This potential privacy concern can be mitigated by the following steps:<br />
<br />
# Type about:config into the Firefox location bar.<br />
# Search for network.proxy.socks_remote_dns<br />
# Set the value to true.<br />
# Restart the browser.<br />
<br />
* For Chromium: You can set the SOCKS settings as enviroment variables or as command line options. I recommend to add one of the following functions to your {{Filename|.bashrc}}:<br />
function secure_chromium {<br />
port=4711<br />
export SOCKS_SERVER=localhost:$port<br />
export SOCKS_VERSION=5<br />
chromium &<br />
exit<br />
}<br />
OR<br />
function secure_chromium {<br />
port=4711<br />
chromium --proxy-server="socks://localhost:$port" &<br />
exit<br />
}<br />
<br />
Now open a terminal and just do:<br />
$ secure_chromium<br />
<br />
Enjoy your secure tunnel!<br />
<br />
== X11 Forwarding ==<br />
<br />
To run graphical programs through a SSH connection you can enable X11 forwarding. An option needs to be set in the configuration files on the server and client (here "client" means your (desktop) machine your X11 Server runs on, and you will run X applications on the "server").<br />
<br />
Install xorg-xauth on the server:<br />
# pacman -S xorg-xauth<br />
<br />
* Enable the '''AllowTcpForwarding''' option in {{Filename|sshd_config}} on the '''server'''.<br />
* Enable the '''X11Forwarding''' option in {{Filename|sshd_config}} on the '''server'''.<br />
* Set the '''X11DisplayOffset''' option in {{Filename|sshd_config}} on the '''server''' to 10.<br />
* Enable the '''X11UseLocalhost''' option in {{Filename|sshd_config}} on the '''server'''.<br />
<br />
<br />
* Enable the '''ForwardX11''' option in {{Filename|ssh_config}} on the '''client'''.<br />
<br />
To use the forwarding, log on to your server through ssh:<br />
# ssh -X -p port user@server-address<br />
If you receive errors trying to run graphical applications try trusted forwarding instead:<br />
# ssh -Y -p port user@server-address<br />
You can now start any X program on the remote server, the output will be forwarded to your local session:<br />
# xclock<br />
<br />
If you get "Cannot open display" errors try the following command as the non root user:<br />
$ xhost +<br />
<br />
the above command will allow anybody to forward X11 applications. To restrict forwarding to a particular host type:<br />
$ xhost +hostname<br />
<br />
where hostname is the name of the particular host you want to forward to. Type "man xhost" for more details.<br />
<br />
Be careful with some applications as they check for a running instance on the local machine. Firefox is an example. Either close running Firefox or use the following start parameter to start a remote instance on the local machine<br />
$ firefox -no-remote<br />
<br />
== Speed up SSH ==<br />
You can make all sessions to the same host use a single connection, which will greatly speed up subsequent logins, by adding those line under the proper host in {{Filename|/etc/ssh/ssh_config}}:<br />
ControlMaster auto<br />
ControlPath ~/.ssh/socket-%r@%h:%p<br />
<br />
Changing the ciphers used by SSH to less cpu-demanding ones can improve speed. In this aspect, the best choices are arcfour and blowfish-cbc. '''Please do not do this unless you know what you are doing; arcfour has a number of known weaknesses'''. To use them, run SSH with the {{Codeline|"c"}} flag, like this:<br />
# ssh -c arcfour,blowfish-cbc user@server-address<br />
To use them permanently, add this line under the proper host in {{Filename|/etc/ssh/ssh_config}}:<br />
Ciphers arcfour,blowfish-cbc<br />
Another option to improve speed is to enable compression with the {{Codeline|"C"}} flag. A permanent solution is to add this line under the proper host in {{Filename|/etc/ssh/ssh_config}}:<br />
Compression yes<br />
Login time can be shorten by using the {{Codeline|"4"}} flag, which bypasses IPv6 lookup. This can be made permanent by adding this line under the proper host in {{Filename|/etc/ssh/ssh_config}}:<br />
AddressFamily inet<br />
Another way of making these changes permanent is to create an alias in {{Filename|~/.bashrc}}:<br />
alias ssh='ssh -C4c arcfour,blowfish-cbc'<br />
<br />
=== Trouble Shooting ===<br />
<br />
make sure your DISPLAY string is resolveable on the remote end:<br />
<br />
ssh -X user@server-address<br />
server$ echo $DISPLAY<br />
localhost:10.0<br />
server$ telnet localhost 6010<br />
localhost/6010: lookup failure: Temporary failure in name resolution <br />
<br />
can be fixed by adding localhost to {{Filename|/etc/hosts}}.<br />
<br />
== Mounting a Remote Filesystem with SSHFS ==<br />
<br />
Install sshfs<br />
# pacman -S sshfs<br />
<br />
Load the Fuse module<br />
# modprobe fuse<br />
Add fuse to the ''modules'' array in {{Filename|/etc/rc.conf}} to load it on each system boot.<br />
<br />
Mount the remote folder using sshfs<br />
# mkdir ~/remote_folder<br />
# sshfs USER@remote_server:/tmp ~/remote_folder<br />
<br />
The command above will cause the folder /tmp on the remote server to be mounted as ~/remote_folder on the local machine. Copying any file to this folder will result in transparent copying over the network using SFTP. Same concerns direct file editing, creating or removing.<br />
<br />
When we’re done working with the remote filesystem, we can unmount the remote folder by issuing:<br />
# fusermount -u ~/remote_folder<br />
<br />
If we work on this folder on a daily basis, it is wise to add it to the {{Filename|/etc/fstab}} table. This way is can be automatically mounted upon system boot or mounted manually (if {{Codeline|noauto}} option is chosen) without the need to specify the remote location each time. Here is a sample entry in the table:<br />
sshfs#USER@remote_server:/tmp /full/path/to/directory fuse defaults,auto,allow_other 0 0<br />
<br />
== Keep Alive ==<br />
<br />
Your ssh session will automatically log out if it is idle. To keep the connection active (alive) add this to {{Filename|~/.ssh/config}} or to {{Filename|/etc/ssh/ssh_config}} on the client.<br />
<br />
ServerAliveInterval 120<br />
<br />
This will send a "keep alive" signal to the server every 120 seconds.<br />
<br />
Conversely, to keep incoming connections alive, you can set<br />
<br />
ClientAliveInterval 120<br />
<br />
(or some other number greater than 0) in {{Filename|/etc/ssh/sshd_config}} on the server.<br />
<br />
== Save connection data in .ssh/config ==<br />
<br />
Whenever you want to connect to a server, you usually have to type at least its address and your username. To save that typing work for servers you regularly connect to, you can use the {{Filename|$HOME/.ssh/config}} file as shown in the following example:<br />
<br />
{{File|name=$HOME/.ssh/config|content=<br />
<br />
Host myserver<br />
HostName 123.123.123.123<br />
Port 12345<br />
User bob<br />
Host other_server<br />
HostName test.something.org<br />
User alice<br />
CheckHostIP no<br />
Cipher blowfish<br />
}}<br />
<br />
Now you can simply connect to the server by using the name you specified:<br />
<br />
$ ssh myserver<br />
<br />
To see a complete list of the possible options, check out ssh_config's manpage on your system or the [http://www.openbsd.org/cgi-bin/man.cgi?query=ssh_config ssh_config documentation] on the official website.<br />
<br />
= Troubleshooting =<br />
<br />
== Connection Refused Problem ==<br />
<br />
=== Is SSH running and listening? ===<br />
<br />
netstat -tnlp | grep ssh<br />
<br />
If the above command doesn't display anything, then SSH is NOT running. Check <code>/var/log/messages</code> for errors etc.<br />
<br />
=== Are there firewall rules blocking the connection? ===<br />
<br />
Flush your iptables rules to make sure they are not interfering:<br />
<br />
rc stop iptables<br />
<br />
or:<br />
<br />
iptables -P INPUT ACCEPT<br />
iptables -P OUTPUT ACCEPT<br />
iptables -F INPUT<br />
iptables -F OUTPUT<br />
<br />
=== Have you allowed SSH in hosts.allow? ===<br />
<br />
Double check you have done [[#Allowing_others_in|this section]] correctly.<br />
<br />
=== Is the traffic even getting to your computer? ===<br />
<br />
Start a traffic dump on the computer you're having problems with:<br />
<br />
tcpdump -lnn -i any port ssh and tcp-syn<br />
<br />
This should show some basic information, then wait for any matching traffic to happen before displaying it. Try your connection now. If you don't see any output when you attempt to connect, then something outside of your computer is blocking the traffic (eg, hardware firewall, NAT router etc)<br />
<br />
= See Also =<br />
*[[Using SSH Keys]]<br />
*[[Pam_abl]]<br />
<br />
= Links & References =<br />
*[http://www.soloport.com/iptables.html A Cure for the Common SSH Login Attack]<br />
*[http://webssh.cz.cc Using your browser as SSH client]<br />
*[http://www.la-samhna.de/library/brutessh.html Defending against brute force ssh attacks]</div>Pimanac