Poa Linux Shared Hosting Deployment Guide 5.0

(1)

Parallels

Parallels Operations

Automation 5.0

Linux Shared Hosting Deployment Guide

Revision 7.26 (June 12, 2010)

(2)

Distribution of this work or derivative of this work in any form is prohibited unless prior written permission is obtained from the copyright holder.

{ Patented technology protected by U.S.Patents 7,328,225; 7,325,017; 7,293,033; 7,099,948; 7,076,633.

Patents pending in the U.S.}

Product and service names mentioned herein are the trademarks of their respective owners. Parallels Operations Automation is a registered trademark of Parallels.

(3)

Preface

6

Documentation Conventions... 6 Typographical Conventions ... 6 General Conventions ... 8 Feedback ... 8

Deploying Apache Web Hosting

9

Installing Apache Web Server ... 9

System Requirements for Apache Web Servers ... 9

Installation Requirements for Apache 2.2... 11

Installing FrontPage on Host ... 17

Installing ionCube Loader and SQLite2 PHP Extensions ... 17

Configuring IP Pool for WebSites With SSL Support ... 20

Installing Web File Manager ... 21

System Requirements for Web File Manager Server ... 23

Upgrading Web Server from Apache 2.0 to Apache 2.2 ... 33

Legacy File Manager to Web File Manager Transition ... 38

Installing Domain Parking Service ... 38

System Requirements for Domain Parking Server ... 39

Installation Requirements for Domain Parking Service ... 39

Installing SSL Proxy Server ... 43

System Requirements for SSL Proxy Server... 44

Installation Requirements ... 45

Creating Certificate... 47

Updating Certificate ... 51

Installing phpMyAdmin Service ... 52

System Requirements for phpMyAdmin Servers ... 52

Installing phpPgAdmin Service ... 55

System Requirements for phpPgAdmin Servers ... 55

Installing CM4all WebsiteCreator Service ... 58

Deploying WebsiteCreator Service ... 58

Registering WebsiteCreator Server in POA ... 59

Providing WebsiteCreator Resource ... 59

Installing osCommerce (Separate) ... 60

System Requirements for osCommerce Server ... 60

Installing Urchin Service ... 64

System Requirements for Urchin Server ... 64

Installing Backup Service ... 66

(4)

Installation Requirements for Customer Backup Service ... 67

Configuring Customer Backup Server ... 68

Installation Requirements for VPS Backup Service ... 68

Adding Account Information Into Header of E-mail Sent From Web Server ... 69

Deploying Mail Sender ID Server ... 69

Deploying Client Part ... 72

Installing Web Statistics Processor Server ... 73

Description ... 73

Hardware Requirements for Web Statistics Processor Server ... 75

Installation Requirements for Web Statistics Processor Server ... 76

Installing POA Packages ... 80

Configuring Web Statistics Processor Server ... 81

Uninstalling Web Statistics Processor Server ... 84

Deploying Linux-based Database Hosting

85

Installing MySQL Service ... 85

Installing MySQL 4 ... 85

Installing MySQL 5 ... 88

Upgrading MySQL4 Database Servers to MySQL5... 91

Viewing List of All MySQL4 Service Nodes ... 91

Checking MySQL Databases on Service Node ... 92

Upgrading MySQL Database Server on Hardware Node ... 93

Upgrading MySQL Database Server on VPS ... 94

Upgrading MySQL PPM Package on Service Node ... 97

Installing PostgreSQL Service ... 97

System Requirements for PostgreSQL Database Servers ... 97

Deploying Parallels Plesk Sitebuilder for Linux/Unix

100

System Requirements ... 100

Setting Users Privileges ... 101

Installing Plesk Sitebuilder ... 102

Installing POA Packages ... 103

Registering Plesk Sitebuilder Servers in POA ... 104

Preparing Apache Web Servers for Site Publishing ... 104

Activating Plesk Sitebuilder License ... 104

Upgrading Plesk Sitebuilder ... 105

Common Operations

106

Configuring Firewall ... 107

Installing Service on Linux-based Host ... 107

Installing PPM Packages ... 109

Adding a Package ... 110

Installing a Package on the Host ... 113

Creating IP Pool ... 117

Adding IP Pool to Host ... 118

Registering Linux-based Hardware Nodes ... 119

Prerequisites ... 119

Creating 'Hardware Nodes' Resource Type ... 120

Creating 'Traffic' Resource Type ... 120

(5)

Prerequisites ... 124

Creating 'Traffic' Resource Type ... 125

Creating 'VPS Hardware Nodes' Resource Type ... 126

Creating 'Shared VPSs BackNet IPs' IP Pool ... 127

Synchronizing VPS Hardware Node with World Time ... 128

Registering VPS Hardware Node in POA... 129

Adding Attribute to Host ... 129

Creating VPS ... 130

Installing RPM on Host ... 131

Installing Standard OS/Application Templates ... 131

Installing Templates Using POA Control Panel ... 132

Installing Templates Without Using POA Control Panel... 136

Marking Host as 'Ready To Provide' ... 136

Upgrading Linux/Windows VPS Hardware Node from PVC 3.x to PVC 4.x (Shared VPSs) .... 137

Index

139

(6)

In This Chapter

Documentation Conventions ... 6 Feedback ... 8

Documentation Conventions

Before you start using this guide, it is important to understand the documentation conventions used in it.

Typographical Conventions

The following kinds of formatting in the text identify special information. Formatting convention Type of Information Example Special Bold Items you must select, such

as menu options, command buttons, or items in a list.

Navigate to the QoS tab.

Titles of modules, sections, and subsections.

Read the Basic Administration module.

Italics Used to emphasize the

importance of a point, to introduce a term or to designate a command line placeholder, which is to be replaced with a real name or value.

These are the so-called shared

VEs.

To destroy a VE, type vzctl destroy VEid.

C

H A P T E R

1

(7)

information that is essential to the completion of a task. Users can disregard

information in a note and still complete a task, but they should not disregard an important note.

drivers installed

automatically during Setup are required by your system. If you remove one of these drivers, your system may not work properly.

Note A note with the heading _{―Note‖ indicates neutral or}

positive information that emphasizes or supplements important points of the main text. A note supplies

information that may apply only in special cases—for example, memory limitations, equipment configurations, or details that apply to specific versions of a program.

Note: If Windows prompts

you for a network password at startup, your network is already set up and you can skip this section.

Monospace The names of commands, files, and directories.

Use vzctl start to start a VE.

Preformatted _{On-screen computer output} in your command-line sessions; source code in XML, C++, or other programming languages.

Saved parameters for VE 101

Preformatted Bold _{What you type, contrasted}

with on-screen computer output.

# rpm –V virtuozzo-release

CAPITALS Names of keys on the keyboard.

SHIFT, CTRL, ALT KEY+KEY Key combinations for which

the user must press and hold down one key and then press another.

(8)

General Conventions

Be aware of the following conventions used in this book.

 Modules in this guide are divided into sections, which, in turn, are subdivided into subsections. For example, Documentation Conventions is a section, and General

Conventions is a subsection.

 When following steps or using examples, be sure to type double-quotes ("), left single-quotes (`), and right single-single-quotes (') exactly as shown.

 The key referred to as RETURN is labeled ENTER on some keyboards.

Commands in the directories included into the PATH variable are used without absolute path names. Steps that use commands in other, less common, directories show the absolute paths in the examples.

Feedback

If you have found a mistake in this guide, or if you have suggestions or ideas on how to improve this guide, please send your feedback using the online form at

http://www.parallels.com/en/support/usersdoc/. Please include in your report the guide's title, chapter and section titles, and the fragment of text in which you have found an error.

(9)

This service provides all the functionality necessary for the customers' websites like Apache, FTP, FileManager, Web applications, etc.

In This Chapter

Installing Apache Web Server ... 9

Installing Web File Manager ... 21

Upgrading Web Server from Apache 2.0 to Apache 2.2 ... 33

Legacy File Manager to Web File Manager Transition ... 38

Installing Domain Parking Service ... 38

Installing SSL Proxy Server ... 43

Installing phpMyAdmin Service... 52

Installing phpPgAdmin Service ... 55

Installing CM4all WebsiteCreator Service ... 58

Installing osCommerce (Separate) ... 60

Installing Urchin Service ... 64

Installing Backup Service ... 66

Adding Account Information Into Header of E-mail Sent From Web Server ... 69

Installing Web Statistics Processor Server ... 73

Installing Apache Web Server

System Requirements for Apache Web Servers

Apache Web servers carry the customers' websites running by Apache on Linux. Each physical server has to meet the following requirements:

Server Names LINWEB

Description Linux Web Server. These servers carry the websites running Apache on Linux.

Density 2000-4000 Apache websites with moderate visit rate depending on the disk usage and content profile.

Quantity To be calculated based on the projected customer base and the density above

(10)

OS  RHES 4 (x86)  CentOS 4 (x86)  RHEL 5 (x64)  CentOS 5 (x64)

Software To be installed by the Customer:  OS only

Supported

Virtualization Parallels Virtuozzo Containers (PVC) 4.0 for Linux CPU 2 core (3GHz or higher)

RAM 4GB

Disks Array 1:

 OS and software - 3 x 146 GB, SCSI, RAID 5 (hardware impl.)

Disk Partitioning Array 1:

 / 4GB - for OS  2 x RAM size (8GB) - swap

 /usr - remaining space - for software and customers' websites

(11)

Installation Requirements for Apache 2.2

To install the Apache web service based on Apache 2.2, follow the instructions at Installing Service on Linux-based Host (on page 107) and use the data from the tables below. To deploy Apache 2.2 on a VPS running RHES 4 or CentOS 4, it is necessary to use the OS template and the mod_ssl application template versions 20090117-1.0-1 or later. The required templates are available for downloading at the following URLs:

 RHES 4  http://download.pa.parallels.com/download/templates/pvclin/redhat-as4-template-20090117-1.0-1.i386.rpm  http://download.pa.parallels.com/download/templates/pvclin/mod_ssl-as4-template-20090117-1.0-1.i386.rpm  CentOS 4  http://download.pa.parallels.com/download/templates/pvclin/centos-4-template-20090117-1.0-1.i386.rpm  http://download.pa.parallels.com/download/templates/pvclin/mod_ssl-ce4-template-20090117-1.0-1.i386.rpm

Note: All previous versions of the OS template and the mod_ssl application template

should also be imported to POA. System-wide Requirements

Management Node apache (SC) UI Node(s) apache (CP) common_filemanager (CP) filemanager (CP) stat_profile (CP) proftpd (CP) Host-wide Requirements

Physical Servers Scenario Virtual Servers Scenario

Internal IP yes RPMs none

(12)

RPMs For RHEL 5 and CentOS 5:

see the full list of RPMs in section Installation Requirements for Apache 2.0 (on page 14).

For RHES 4 and CentOS 4: apr (version 1.2.8-1 or later) apr-util (version 1.2.8-1 or later) httpd (version 2.2.11-1 or later) httpd-manual (version 2.2.11-1 or later) mod_ssl (version 2.2.11-1 or later) openssl (version 0.9.8b-8 or later) openssl-perl (version 0.9.8b-8 or later) openssl097a (version 0.9.7a-9 or later) pcre (version 6.6-1 or later)

Note: If the required

versions of the packages above are unavailable, contact your Parallels representative for instructions on obtaining newer versions of these packages. mod_cband-httpd22x mod_init_crypto-httpd22x mod_limitipconn-httpd22x mod_mono-httpd22x php4-httpd22x php4-httpd22x-curl php4-httpd22x-domxml php4-httpd22x-gd php4-httpd22x-imap php4-httpd22x-ldap php4-httpd22x-mbstring

Application Templates For RHEL 5 and CentOS 5: .pa-apache-httpd .pa-php .pa-pleskd .pa-webalizer .pa-mysql-client .pa-pgsql-client .mod_ssl .pa-proftpd .pa-php5-cgi

For RHES 4 and CentOS 4: vzpem-apache-httpd22x vzpem-php-httpd22x vzpem-pleskd vzpem-webalizer vzpem-mysql-client vzpem-pgsql-client mod_ssl (version 20090117-1.0-1 or later) vzpem-proftpd vzpem-php5-cgi-httpd22x

(13)

php4-httpd22x-mhash php4-httpd22x-mysql php4-httpd22x-ncurses php4-httpd22x-odbc php4-httpd22x-pear php4-httpd22x-pgsql php4-httpd22x-snmp php4-httpd22x-xmlrpc php5-cgi-httpd22x perl-BerkeleyDB php4-pear-HTTP-Request libc-client libmcrypt libmhash webalizer gd db4 MySQL4-client MySQL-shared-compat MySQL-python mx perl-DBD-MySQL perl-DBD-Pg postgresql-libs proftpd vixie-cron perl curl

(14)

Notes on installation:

 While creating the Resource Type for Web Server VPSs, set the following QoS Parameters on the Activation Parameters step:

 quotaugidlimit to 1000000

 tcpsndbuf to 2097152:3145728

 If you wish to change the default path /usr/local/pem/vhosts/ where webspaces are provisioned with the custom path, change the directory where virtual hosts DocRoots be

created (apache.vhostdir) property of the Apache package (type: service) during the

package installation. If the specified path does not exist, POA creates this path.  If you plan to provide your customers the Web File Manager service, deploy the Web

File Manager application as described in section Installing Web File Manager (on page 21).

Installation Requirements for Apache 2.0

To install the Apache web service based on Apache 2.0, follow the instructions at Installing Service on Linux-based Host (on page 107) and use the data from the tables below. Note that Apache 2.0 can be installed only on RHES 4 and CentOS 4 operating systems.

System-wide Requirements

Management Node apache (SC) UI Node(s) apache (CP) common_filemanager (CP) filemanager (CP) stat_profile (CP) proftpd (CP) Host-wide Requirements

(15)

mod_init_crypto mod_limitipconn pem-suexec perl-BerkeleyDB php4 php4-curl php4-domxml php4-gd php4-imap php4-ldap php4-mbstring php4-mcrypt php4-mhash php4-mysql php4-ncurses php4-odbc php4-pear php4-pear-HTTP-Request php4-pgsql php4-snmp php4-xmlrpc libc-client libmcrypt libmhash webalizer gd db4 MySQL4-client MySQL-shared-compat MySQL-python mx perl-DBD-MySQL perl-DBD-Pg postgresql-libs mod_ssl proftpd php5-cgi httpd vixie-cron perl vzpem-php vzpem-pleskd vzpem-webalizer vzpem-mysql-client vzpem-pgsql-client mod_ssl vzpem-proftpd vzpem-php5-cgi

(16)

curl

Service package webve (other) IP pools internal, external

 Do not upgrade the OS template and mod_ssl application to versions 20090117-1.0-1 or later.

 While creating the Resource Type for Web Server VPSs, set the following QoS Parameters on the Activation Parameters step:

 quotaugidlimit to 1000000

 tcpsndbuf to 2097152:3145728

 If you wish to change the default path /usr/local/pem/vhosts/ where webspaces are provisioned with the custom path, change the directory where virtual hosts DocRoots be

created (apache.vhostdir) property of the Apache package (type: service) during the

package installation. If the specified path does not exist, POA creates this path.  If you plan to provide your customers the Web File Manager service, deploy the Web

File Manager application as described in section Installing Web File Manager (on page 21).

(17)

Installing FrontPage on Host

To offer your customer the FrontPage service, you need to install FrontPage on all Apache hosts you plan to provision the service on.

To install FrontPage on a Hardware Node-based Apache host, install the following RPMs on the host:

 For Apache 2.0:  mod_frontpage

 frontpage

 For Apache 2.2:

 on RHES 4 and CentOS 4:

mod_frontpage-httpd22x frontpage

 on RHEL 5 and CentOS 5:

mod_frontpage frontpage

For instructions on installing RPMs, refer to section Installing Package on the Host (on page 113).

To install FrontPage on a VPS-based Apache host, install the following Application templates on the host:

 For Apache 2.0:

vzpem-frontpage

 For Apache 2.2:

 on RHES 4 and CentOS 4:

vzpem-frontpage

 on RHEL 5 and CentOS 5:

.pa-frontpage

To install Application templates, go to Top > Service Director > Virtuozzo Manager > VPSs > VPS name > Application Templates tab, click Install, select the packages in the list and click

Install.

Installing ionCube Loader and SQLite2 PHP Extensions

This section describes on how to install the ionCube Loader and SQLite2 PHP extensions on Apache Web Server.

(18)

Note: The ionCube Loader and SQLite2 PHP extensions are required for websites, which

are created through Plesk SiteBuilder. You should install these extensions if Plesk SiteBuilder is going to be used.

Installation Requirements

VPS Scenario

The following PVC Templates should be installed on Apache Web Server: For Apache 2.0 on RHES 4/CentOS 4

 vzpem-sitebuilder-support

 vzpem-sitebuilder-support-php5

 vzpem-php5-cgi

Note: The vzpem-php5-cgi PVC Template adds the SQLite2 PHP extension support for

PHP 5. This PVC Template is installed during the Apache Web Server deployment. For Apache 2.2 on RHES 4/CentOS 4

 vzpem-sitebuilder-support

 vzpem-sitebuilder-support-php5

 vzpem-php5-cgi-httpd22x

Note: The vzpem-php5-cgi-httpd22x PVC Template adds the SQLite2 PHP extension

support for PHP 5. This PVC Template is installed during the Apache Web Server deployment.

Apache 2.2 on RHEL 5/CentOS 5  .pa-sitebuilder-support

 .pa-sitebuilder-support-php5

 .pa-php5-cgi

Note: The .pa-php5-cgi PVC Template adds the SQLite2 PHP extension support for

PHP 5. This PVC Template is installed during the Apache Web Server deployment. To import a PVC Template in POA, follow the instruction of Installing Standard

OS/Application Templates section (on page 131).

To install the required PVC Template on VPS, perform the following actions:

1 Go to Top > Service Director > Virtuozzo Manager > VPSs and click on the VPS. 2 Select the Application Templates tab and click on the Install button.

3 Select the checkbox opposite the required PVC Template(s) and click on the Install

(19)

The following RPMs should be installed on Apache Web Server: For Apache 2.0 on RHES 4/CentOS 4

 php-ioncube-loader

 php5-ioncube-loader

 php4-sqlite2

 php5-cgi

Note: The php5-cgi RPM adds the SQLite2 PHP extension support for PHP 5. This

RPM is installed during the Apache Web Server deployment. For Apache 2.2 on RHES 4/CentOS 4

 php-ioncube-loader

 php5-cgi-httpd22x

Note: The php5-cgi-httpd22x RPM adds the SQLite2 PHP extension support for PHP 5.

This RPM is installed during the Apache Web Server deployment. Apache 2.2 on RHEL 5/CentOS 5

 php5-cgi

Note: The php5-cgi RPM adds the SQLite2 PHP extension support for PHP 5. This

RPM is installed during the Apache Web Server deployment.

To install RPM on the required host, follow the instruction of Installing RPM on Host section (on page 131).

Note: POA uses the Native Repositories to automatically install the required RPM

packages on the Linux-based Hardware Node during the POA Packages installation. It is recommended to deploy the System and External Native Repositories for required OSs.

Installing POA Packages

The following POA Packages should be installed on Apache Web Server:  php4-ioncube-loader (type: other)

 php5-ioncube-loader (type: other)

(20)

Note: The support of SQLite2 PHP extension for PHP 5 is added by the Apache (type: service) POA Package. This POA Package is installed during the Apache Web Server

deployment.

To obtain the instructions on how to install POA Packages, refer to the Installing PPM Packages section (on page 109).

Restarting Apache Service

Restart the Apache Service using the following instructions:

1 Log on to host using SSH under root user's credentials.

2 Restart the Apache Service using the service pemhttpd restart command.

Configuring IP Pool for WebSites With SSL Support

Configure the IP Pool for WebSites with SSL support:

1 Create the IP Pool following the instructions of the Creating IP Pool section (on page

117). Specify the following parameters:  Name: Exclusive FrontNet IPs

 Pool available for: Everyone

 Purpose: Shared hosting

 Initial IP and Final IP: lower bound and upper bound FrontNet IP Addresses

Note: The number of IP Addresses of this IP Pool should be not less than the total

number of WebSites with SSL support, which will be provisioned in POA.  Netmask: netmask of the IP Pool subnet

 Gateway: default gateway of the IP Pool subnet

2 Add the IP Pool to the web server following the instructions of the Adding IP Pool to

(21)

Installing Web File Manager

Web File Manager (hereinafter FM) is a powerful web-based software tool that helps to perform various online actions with files on a web space server. These actions include:  file/directory creating

 file uploading

 file/directory copying  file/directory moving

 changing the file/directory last modification time to the current time  file/directory deleting

 file/directory renaming

 viewing and setting the file/directory access permission attributes

Web File Manager service is designed to stand on a separate Hardware Node and manage all customer files remotely to achieve a better performance of FM itself and Web hosts in particular.

Below is the Web File Manager service deployment scheme.

(22)

Earlier, Web File Manager could be installed on a Web Server node only, thus decreasing its productivity. Now it can also be installed on a separate node or even on a group of nodes (two or more) for better performance. In case of a group of servers, the Customer will have several FMs (one on each server). Hence, the servers will not be united, but they will have one common service controller installed on POA Management Node.

So, there are two possible installation scenarios of FM:

1 Installing FM service on a Web Server Node

2 Installing FM service on a separate Linux Node (or a group of Linux Nodes) - new

installation scenario

Choice of a certain installation scenario should be made depending on the number of FM accounts you are planning to offer to Customers:

 If the general number of your FM accounts is less than 500, you can use the first scenario.

 If the general number of your FM accounts is greater than 500, it is recommended to use the second scenario to avoid decrease in the productivity of FM service.

Depending on the choice you have made, follow one of the installation scenarios described below.

WFM installation according to scenario #1

To install Web File Manager on a separate Web Server Node, follow these steps:

1 Install the WebFileManager SC POA package on your management node. 2 Install the common_filemanager CP POA package on all your UI servers.

3 Import and install package WebFileManager (type: service, platform:Linux) onto the

(Apache+Mono) web server that is intended to host Web File Manager. While installing the package, specify the following package properties:

 Request Length. The maximum size (in kilobytes) of HTTP request that will be

accepted by a web server that holds WebFileManager. This size is composed of HTTP header, of POST data, and of uploaded file content.

 Execution Timeout. The period of time that WebFileManager is allowed to waste for

one client‘s request. Note, that prolonged operations with files will be broken off after this time.

 Port. The port that WebFileManager will be listening for. By default this value equals

to 1299.

Note: If you specify the port used by the Apache (service) package, the

WebFileManager package will not be installed and the following error will appear: Port ${port} already used by Apache(service) package. Please choose another one or reinstall Apache with different port settings.

 Proxy Suffix. The proxy suffix to be registered in branding proxy.

(23)

default, this value equals to 1.

 Maximum Number of requests - maximum number of simultaneous requests allowed

for the service.

 Maximum number of accounts - this value is very important. As soon as the limit set

here is reached, adding FM accounts becomes impossible.

Note: Do not enter a big value for this parameter as it may lead to the significant

performance decrease of the FM service.

WFM installation according to scenario #2

To install Web File Manager on a separate Linux Node (or a group of Linux Nodes), follow these steps:

1 Install the WebFileManager SC POA package on your management node. 2 Install the common_filemanager CP POA package on all your UI servers.

3 Import and install package WebFileManager (type: service, platform:Linux) on each Linux

node which you want to use in cluster of FM nodes with installed OS.

While installing the package, specify its properties (which are exactly the same as in the first scenario).

If you still have an old File Manager installed on some Service Node and would like to migrate to the new one, Web File Manager, you just need to uninstall the filemanager.default POA package on that node (for instructions on uninstalling POA packages, consult POA Provider's Guide). Once you are done, the new Web File Manager becomes available for Customers assigned to the Service Node.

Note: It is supposed you have already installed the new Web File Manager on some

Service Node(s) according to the installation scenarios described above.

System Requirements for Web File Manager Server

FM service must be installed on a Linux Node (physical or virtual) that meets the following requirements:

Server Names LINFM

Description Web File Manager

Density Up to 20000 customer webspaces and/or websites.

Quantity To be calculated based on the projected customer base and the density above.

(24)

Software To be installed by the Customer:  OS only To be installed by Parallels:  Apache 2.0/2.2  Mono 2.4 Supported

RAM 4GB

Disks Array 1:

 OS and software - 2 x 80 GB, SATA RAID 1 (software impl.)

 / 4GB - for OS  2 x RAM size (8GB) - swap

 /usr - remaining space - for software and Web File Manager data

(25)

Installation Requirements for Apache 2.2

To install the Web File manager service based on Apache 2.2, follow the instructions at Installing Service on Linux-based Host (on page 107) and use the data from the tables below.

To deploy Apache 2.2 on a VPS running RHES 4 or CentOS 4, it is necessary to use the OS template and the mod_ssl application template versions 20090117-1.0-1 or later. The required templates are available for downloading at the following URLs:

 RHES 4  http://download.pa.parallels.com/download/templates/pvclin/redhat-as4-template-20090117-1.0-1.i386.rpm  http://download.pa.parallels.com/download/templates/pvclin/mod_ssl-as4-template-20090117-1.0-1.i386.rpm  CentOS 4  http://download.pa.parallels.com/download/templates/pvclin/centos-4-template-20090117-1.0-1.i386.rpm  http://download.pa.parallels.com/download/templates/pvclin/mod_ssl-ce4-template-20090117-1.0-1.i386.rpm

should also be imported to POA. System-wide Requirements

Management Node WebFileManager (SC)

UI Node(s) common_filemanager (CP)

Host-wide Requirements (Physical Servers Scenario)

Internal IP yes

(26)

RPMs For RHEL 5 and CentOS 5:

see the full list of RPMs in section Installation Requirements for Apache 2.0 (on page 28).

For RHES 4 and CentOS 4:

mod_ssl (version 2.2.11-1 or later) httpd (version 2.2.11-1 or later)

Note: If the required versions of the packages

above are unavailable, contact your Parallels representative for instructions on obtaining newer versions of these packages.

php4-httpd22x php4-httpd22x-curl php4-httpd22x-domxml php4-httpd22x-gd php4-httpd22x-imap php4-httpd22x-ldap php4-httpd22x-mbstring php4-httpd22x-mcrypt php4-httpd22x-mhash php4-httpd22x-mysql php4-httpd22x-ncurses php4-httpd22x-odbc php4-httpd22x-pear php4-pear-HTTP-Request php4-httpd22x-pgsql php4-httpd22x-snmp php4-httpd22x-xmlrpc mod_cband-httpd22x mod_init_crypto-httpd22x mod_limitipconn-httpd22x apache2-mod_mono-httpd22x libc-client libmcrypt libmhash libexif

(27)

Host-wide Requirements (Physical Servers Scenario) libgdiplus0 mono-basic mono-core mono-data mono-data-sqlite mono-extras mono-nunit mono-web mono-winforms xsp libungif perl-DBD-Pg postgresql-libs FileManager MySQL4-client MySQL-shared-compat MySQL-python mx perl-DBD-MySQL webalizer gd db4 pem-suexec perl-BerkeleyDB perl curl php5-cgi-httpd22x xorg-x11-Mesa-libGL xorg-x11-libs

Service package WebFileManager (service)

Host-wide Requirements (Virtual Servers Scenario)

RPMs The list of RPMs is the same as in the Host-wide Requirements (Physical Servers Scenario) above

(28)

Application Templates For RHEL 5 and CentOS 5:

.mod_ssl .pa-pleskd .pa-php .pa-mono .pa-pgsql-client .pa-webfilemanager .pa-mysql-client .pa-webalizer .pa-apache-httpd .pa-php5-cgi

For RHEL 4 and CentOS 4:

mod_ssl (version 20090117-1.0-1 or later) vzpem-pleskd vzpem-php-httpd22x vzpem-mono-httpd22x vzpem-pgsql-client vzpem-webfilemanager vzpem-mysql-client vzpem-webalizer vzpem-apache-httpd22x vzpem-php5-cgi-httpd22x

IP pools external, internal

Installation Requirements for Apache 2.0

Note that Apache 2.0 can be installed only on RHES 4 and CentOS 4 operating systems. System-wide Requirements

Management Node WebFileManager (SC)

(29)

Internal IP yes

(30)

Host-wide Requirements (Physical Servers Scenario) RPMs mod_ssl php4 php4-curl php4-domxml php4-gd php4-imap php4-ldap php4-mbstring php4-mcrypt php4-mhash php4-mysql php4-ncurses php4-odbc php4-pear php4-pear-HTTP-Request php4-pgsql php4-snmp php4-xmlrpc libc-client libmcrypt libmhash libexif libgdiplus0 mono-basic mono-core mono-data mono-data-sqlite mono-extras mono-nunit mono-web mono-winforms xsp apache2-mod_mono

libungif (For RHES 4), giflib (for RHEL 5) perl-DBD-Pg

postgresql-libs FileManager php5-cgi

(31)

Host-wide Requirements (Physical Servers Scenario) MySQL4-client MySQL-shared-compat MySQL-python mx perl-DBD-MySQL webalizer gd db4 mod_cband mod_init_crypto mod_limitipconn pem-suexec perl-BerkeleyDB httpd perl curl xorg-x11-Mesa-libGL xorg-x11-libs

Host-wide Requirements (Virtual Servers Scenario)

RPMs The list of RPMs is the same as in the Host-wide Requirements (Physical Servers Scenario) above

Application Templates mod_ssl vzpem-pleskd vzpem-php vzpem-mono vzpem-pgsql-client vzpem-webfilemanager vzpem-mysql-client vzpem-webalizer vzpem-apache-httpd vzpem-php5-cgi

(32)

(33)

Upgrading Web Server from Apache 2.0 to

Apache 2.2

First, we recommend you to make a list of Apache web servers (Hardware Nodes and VPSs) you wish to upgrade to Apache 2.2. All such hosts will have the Apache application installed.

Then, for each of such hosts, perform the procedure described below.

To upgrade a Hardware Node-based Apache host from Apache 2.0 to Apache 2.2, perform these steps:

1 In your POA Panel, go to Top > Deployment Director > Server Manager > Hardware Nodes >

Hardware Node name > Packages tab > RPM subtab.

2 Make sure that the packages listed below are updated to the following versions:

 apr (version 1.2.8-1 or later)  apr-util (version 1.2.8-1 or later)  httpd (version 2.2.11-1 or later)

 httpd-manual (version 2.2.11-1 or later)  mod_ssl (version 2.2.11-1 or later)  openssl (version 0.9.8b-8 or later)  openssl-perl (version 0.9.8b-8 or later)  openssl097a (version 0.9.7a-9 or later)  pcre (version 6.6-1 or later)

If necessary, update the RPMs using the rpm -Uhv rpm1 rpm2 rpm3 command. If the RPM versions above are unavailable in POA, contact your Parallels

representative to obtain the URL of the POA Updates server.

3 Log on to the target host via SSH as root.

4 To any directory of your choice, upload the following RPMs from the POA distribution:

 mod_cband-httpd22x  mod_frontpage-httpd22x  mod_init_crypto-httpd22x  mod_limitipconn-httpd22x  mod_mono-httpd22x  php4-httpd22x

(34)

 php4-httpd22x-curl  php4-httpd22x-domxml  php4-httpd22x-gd  php4-httpd22x-imap  php4-httpd22x-ldap  php4-httpd22x-mbstring  php4-httpd22x-mcrypt  php4-httpd22x-mhash  php4-httpd22x-mysql  php4-httpd22x-ncurses  php4-httpd22x-odbc  php4-httpd22x-pear  php4-httpd22x-pgsql  php4-httpd22x-snmp  php4-httpd22x-xmlrpc  php5-cgi-httpd22x  php4-ioncube-loader  php5-ioncube-loader  php4-sqlite2

- for example, using the command: wget <url>

If the RPMs listed in Step 2 are unavailable in POA, upload them from the POA Updates server (the one pointed by your Parallels representative) to the same directory.

Note: The php4-ioncube-loader, php5-ioncube-loader and php4-sqlite2

RPMs are necessary for provisioning of Parallels Plesk Sitebuilder (see page 100); they also install ionCube PHP Loader support and SQLite2 support for PHP 4 on the Apache server.

5 From the same directory, run the RPM update command:

rpm -Uvh rpm1 rpm2 rpm3

Important: In the command, indicate the full list of new RPMs: the ones listed in Step 4

and, if necessary, the ones listed in Step 2.

6 On POA Management Node, re-generate the Apache service configuration files:

Depending on the platform of your POA Management Node, log in to the:  Linux-based POA Management Node via SSH as root and go to the

(35)

 Windows-based POA Management Node via RDP as administrator, open the command prompt and go to the "C:\Program Files\SWsoft\PEM\bin" directory

and execute: apache_ctl service dumpStaticConfig <service_id> To get the value of the <service_id> parameter, go the host management Top >

Deployment Director > Server Manager > Hardware Nodes > Hardware Node name > Applications tab and view the ID of the Apache application.

7 Go to Top > System Director > Task Manager > Background Tasks and wait until the task Generate config for apache service <service_id> is executed successfully.

To upgrade a VPS-based Apache host(s) from Apache 2.0 to Apache 2.2, perform these steps:

1 Download from POA Updates server and import the following OS and Application

templates:

 [OS]-template-20090117-1.0-1.i386.rpm

 mod_ssl-[OS]-template-20090117-1.0-1.i386.rpm

- where [OS] indicates the corresponding Operating system version of the template: redhat-as4, centos-4 for the OS template; or as4, ce4 for the mod_ssl

Application template.

The required OS template and the mod_ssl Application template are available for downloading at the following URLs:

RHES 4 http://download.pa.parallels.com/download/templates/pvclin/redhat-as4-template-20090117-1.0-1.i386.rpm http://download.pa.parallels.com/download/templates/pvclin/mod_ssl-as4-template-20090117-1.0-1.i386.rpm CentOS 4 http://download.pa.parallels.com/download/templates/pvclin/centos-4-template-20090117-1.0-1.i386.rpm http://download.pa.parallels.com/download/templates/pvclin/mod_ssl-ce4-template-20090117-1.0-1.i386.rpm

should also be imported to POA.

For importing instructions, refer to section Importing Templates (on page 134).

2 Remove the following Apache 2.0-specific Application templates from the host (one by

one, in the specified order):  vzpem-apache-httpd

(36)

 vzpem-sitebuilder-support (if present; this template contains PHP 4 extensions required for operation of Parallels Plesk Sitebuilder (see page 100))  vzpem-sitebuilder-support-php5 (if present; this template contains PHP 5

extensions required for operation of Parallels Plesk Sitebuilder (see page 100))  vzpem-php5-cgi

 version 20090212 of vzpem-php Application Template.

To find this version, click the Show detailed view button on the Top > Service Director >

Virtuozzo Manager > VPSs > VPS name > Application Templates tab and view the

expanded list of vzpem-php Application template versions

 vzpem-php itself. To delete the package, click Hide details and select the

vzpem-php Application template in the list

 vzpem-webfilemanager (if present; this template contains WebFileManager)  vzpem-mono (if present; this template contains WebFileManager)

To remove the Application templates, go to Top > Service Director > Virtuozzo Manager >

VPSs > VPS name > Application Templates tab, select the application templates in the list

and click Uninstall.

3 Upgrade the redhat-as4 (centos-4) and mod_ssl-as4 (mod_ssl-ce4)

templates to the version imported at Step 1 (20090117-1.0-1 or later).

To upgrade the templates, in POA CP, go to Top > Service Director > Virtuozzo Manager >

VPSs > VPS name > Application Templates tab, click Install Updates, select the imported

versions of the OS template and mod_ssl Application template and click Install.

4 Install the following Application templates on the host:

 vzpem-apache-httpd22x  vzpem-php-httpd22x  vzpem-php5-cgi-httpd22x

 vzpem-mono-httpd22x (contains WebFileManager)  vzpem-webfilemanager (contains WebFileManager)  vzpem-sitebuilder-support (if was present; see above)  vzpem-sitebuilder-support-php5 (if was present; see above)

To install these Application templates, import them all from the POA distribution package as described in section Importing Templates, and then go to Top > Service

Director > Virtuozzo Manager > VPSs > VPS name > Application Templates tab, click Install,

select the packages in the list and click Install.

5 On POA MN, re-generate the Apache service configuration files:

Depending on the platform of your POA Management Node, log in to the:  Linux-based POA Management Node via SSH as root and go to the

(37)

 Windows-based POA Management Node via RDP as administrator, open the command prompt and go to the "C:\Program Files\SWsoft\PEM\bin" directory

and execute: apache_ctl service dumpStaticConfig <service_id> To get the value of the service_id parameter, go the host management Top >

Deployment Director > Server Manager > Hardware Nodes > Hardware Node name > Applications Templates tab and view the ID of the Apache application.

6 Go to Top > System Director > Task Manager > Background Tasks and wait until the task Generate config for apache service <service_id> is executed successfully.

(38)

Legacy File Manager to Web File Manager

Transition

Since POA 2.9, Legacy File Manager is no longer maintained. It is recommended to make a transition from Legacy File Manager to Web File Manager. Transition procedure is the following:

1 Deploy Web File Manager following the instructions of the Installing Web File Manager

section (on page 21).

2 Uninstall the filemanager.* (type: service) Package from the required web servers. To

obtain the instructions on how to uninstall a Package, refer to POA Provider's Guide,

Managing Packages > Managing Single Package > Uninstalling Packages.

Note: The mixed installation scenario is possible. If, Legacy File Manager is not

removed from a set of web servers, webspaces provisioned on these web servers remain accessible through Legacy File Manager.

When Legacy File Manager is removed from a web server, Web File Manager should be activated through Customer Control Panel for webspaces provisioned on a web server.

Note: You can use the POA Notification Messages system to notify the Customers that

Web File Manager should be activated. To obtain the information about the POA Notification Messages system, refer to POA Provider's Guide, Marketing Operations >

Publishing News Messages and Notifications > Managing Notification Messages.

Installing Domain Parking Service

This service provides your subscribers with the possibility to register and park their domain names for future use. A subscriber is able to set up a domain name (a website without any content) to point to another working domain name.

For example, your subscriber owns the subscriber.provider.com and

name.subscriber.provider.com domain names. He/she already has a website for subscriber.provider.com, but he/she does not want to create a new website for

name.subscriber.provider.com at the moment. By parking name.subscriber.provider.com for subscriber.provider.com, all URL requests for name.subscriber.provider.com will automatically go to subscriber.provider.com instead.

(39)

System Requirements for Domain Parking Server

For the Domain Parking Server, you need an Apache web server with the following system requirements:

Server Names LINDP

Description Domain Parking Server on Linux

Density Quantity 1 OS  RHES 4 (x86)  CentOS 4 (x86)  RHEL 5 (x64)  CentOS 5 (x64)

Supported

RAM 2GB

Disks Array 1:

 OS and software - 2 x 80 GB SATA, RAID1 (software impl.)

 / 5GB - for OS  2 x RAM size (4GB) - swap  /usr - remaining space - for software

NICs FrontNet, BackNet

Installation Requirements for Domain Parking Service

To install the Domain Parking service, follow the instructions at Installing Service on Linux-based Host (on page 107) and use the data from the tables below.

Management Node DomainParking (SC) UI Node(s) domain_parking (CP)

(40)

Host-wide Requirements

External IP yes Service package domain_parking

(41)

mod_init_crypto mod_limitipconn pem-suexec perl-BerkeleyDB php4 php4-curl php4-domxml php4-gd php4-imap php4-ldap php4-mbstring php4-mcrypt php4-mhash php4-mysql php4-ncurses php4-odbc php4-pear php4-pear-HTTP-Request php4-pgsql php4-snmp php4-xmlrpc libc-client libmcrypt libmhash webalizer gd db4 MySQL4-client MySQL-shared-compat MySQL-python mx perl-DBD-MySQL perl-DBD-Pg postgresql-libs mod_ssl httpd perl curl php5-cgi 5:  .pa-apache-httpd  .pa-php  .pa-pleskd  .pa-webalizer  .pa-mysql-client  .pa-pgsql-client  .pa-php5-cgi  .mod_ssl

For RHES 4 and CentOS 4:  vzpem-apache-httpd  vzpem-php  vzpem-pleskd  vzpem-webalizer  vzpem-mysql-client  vzpem-pgsql-client  vzpem-php5-cgi  mod_ssl

(42)

(43)

 Before the installation of service package to Domain Parking VPS, you should edit the etc/hosts file on the VPS. When the VPS is created the etc/hosts file contains the string:

127.0.0.1 <Host_Name_full> <Hostname_Short> localhost localhost.localdomain. You should delete the following entries: <Host_Name_full> <Hostname_Short>.  During the domain parking (service) package installation, provide the following

information:

 dp.company - enter the name of the company to appear on the default page of the

parked domain.

 dp.mail - enter the contact e-mail. It will be displayed at the default page of the

parked domain.

Important: Domain Parking Service's host is intended for Domain Parking only and this

host should not be used for provisioning of Customers' WebSites.

Installing SSL Proxy Server

SSL protocol enables client and server applications to communicate in a way that is designed to prevent eavesdropping, tampering, and message forgery. This is especially useful for web-commerce organizations that use SSL protocol for transmitting private information via Internet.

SSL connection requires dedicated IP addresses. However, you can deploy an SSL Proxy server that will enable shared hosting customers to use SSL without actually having dedicated IP addresses.

SSL Proxy server receives HTTPS requests addressed to a specific host, then passes the request to its actual destination, and then passes the answer back in a ciphered form. All the data is transferred between the SSL Proxy server and webspaces via back-net. SSL Proxy server ensures security of the data transfer between web and the SSL Proxy server itself. All the data transfers between the SSL Proxy server and webspaces remain insecure. Yet, this is not a big problem, as the risk of eavesdropping or tampering during such transfers is minimal.

(44)

Figure 2: Shared SSL Model

System Requirements for SSL Proxy Server

For the SSL Proxy server, you need an Apache web server with the following system requirements:

Server Names LINSSLPR

Description SSL Proxy Server on Linux

Density Quantity 1 OS  RHES 4 (x86)  CentOS 4 (x86)  RHEL 5 (x64)  CentOS 5 (x64)

Supported

(45)

 OS and software - 2 x 80 GB SATA, RAID1 (software impl.)

Installation Requirements

To install the SSL Proxy service, follow the instructions at Installing Service on Linux-based Host (on page 107) and use the data from the tables below.

Management Node ApacheSSLProxy (SC) Apache (SC)

InternalIPResolver (SC) IIS (SC) - optional UI Node(s) apache (CP)

Internal IP yes RPMs openldap

openldap-servers openldap-clients nss_ldap nscd

(46)

RPMs mod_cband mod_init_crypto mod_limitipconn pem-suexec perl-BerkeleyDB php4 php4-curl php4-domxml php4-gd php4-imap php4-ldap php4-mbstring php4-mcrypt php4-mhash php4-mysql php4-ncurses php4-odbc php4-pear php4-pear-HTTP-Request php4-pgsql php4-snmp php4-xmlrpc libc-client libmcrypt libmhash webalizer gd db4 MySQL4-client MySQL-shared-compat MySQL-python mx perl-DBD-MySQL perl-DBD-Pg postgresql-libs mod_ssl httpd perl curl nss_ldap openldap-servers

Application Templates For RHEL 5 and CentOS 5:  .pa-apache-httpd  .pa-php  .pa-pleskd  .pa-webalizer  .pa-mysql-client  .pa-pgsql-client  .mod_ssl  .pa-php5-cgi

For RHES 4 and CentOS 4:  vzpem-apache-httpd  vzpem-php  vzpem-pleskd  vzpem-webalizer  vzpem-mysql-client  vzpem-pgsql-client  mod_ssl  vzpem-php5-cgi

(47)

 Before installing the shared_ssl_config package, you need to configure the Internal IP

Resolver service. This implies the following activity:

a Create the OpenLDAP server by installing the openldap-servers RPM on any host

registered in POA. In case of installing the OpenLDAP server on a Hardware Node (not VPS), the openldap-servers RPM is installed automatically.

b Install the service_InternalIPResolver package on the same host. Specify the root

password for OpenLDAP server as the bind_password package property.

c Install the config_InternalIPResolver package on the host where shared_ssl_config will

be installed.

 When installing the package shared_ssl_config (type: service), you will be prompted to

put down the the access point domain name for SSL Proxy.

Creating Certificate

To make your SSL Proxy server work properly, you need to obtain an SSL certificate - an attachment to an electronic message used for security purposes. The most common use of a certificate is to verify that a user sending a message is who he or she claims to be, and to provide the receiver with the means to encode a reply. Usually certificates are required to initialize an SSL session.

In POA you can generate a self-signed certificate or create a Certificate Signing Request (CSR) to get your certificate from a certificate authority (CA). Below in this chapter, the step sequence for both procedures is described.

Notes on Certificates:

 In order to use SSL certificates for a given domain, the domain must be set-up for IP-based hosting.

 For your domains you can use either a self-signed certificate or a certificate signed by a recognized CA. The self-signed certificate is valid and secure, but many clients prefer to have certificates signed by known CAs.

If using an SSL certificate issued by a CA other than Thawte or Verisign, a rootchain certificate is required to appropriately identify and authenticate the CA that has issued your SSL certificate.

If the given domain has the www prefix enabled, you must set up your CSR or self-signed certificate with the www prefix included. If you do not, you will receive a warning message when trying to access the domain with the www prefix.

(48)

Generating Self-Signed Certificate

POA enables you to create a self-signed certificate for your domain. Please note that a self-signed certificate will not provide the security guarantees provided by a CA-signed certificate.

To generate a self-signed certificate, follow these steps:

1 Log on to POA as Provider, and go to Top > Personal Info > SSL Certificates. Click on the Self-signed link in the main window.

2 Click the Self-signed link in the Certificates area and enter the information needed for

generating a Self-Signed certificate:

Option Description

Bits Select the level of encryption of your SSL certificate by selecting an appropriate number from the drop-down menu.

Key type For asynchronous encryption and signing there are keys needed. For generating your certificate you can choose between the RSA and DSA keys.

Country Select a country from the drop-down list.

State/Province Specify a state or province.

Location (City) Specify a location (city).

Organization name Enter an appropriate organization name.

Organization Unit

name Type an appropriate department/division of your organization.

Common name Enter the domain name for which you wish to generate the self-signed certificate. The expected format is www.domainname.com or

domainname.com.

E-mail Specify an email address.

Valid from / Valid to Define the period during which the self-signed certificate will be valid for using it.

Store in user

repository RSA private keys and certificates are stored in the user repository automatically. You must clean the checkbox if you do not want to store them.

3 After you have provided the necessary information, click on the Submit button. 4 On the displayed page you can see two different text sections: Certificate and Private

(49)

Store button to immediately store the generated certificate to the repository or the Download button to download the certificate to your local computer.

 In the Private Key form below the private key is displayed. Do not lose it! You will

need this key during the certificate installation process. Losing it is likely to result in the need to generate another certificate. You can store the key to the repository immediately by clicking the Store button or download it to your local computer by clicking the Download button. Your self-signed certificate will be immediately generated and added to the repository.

Note: The Store button is hidden if the Store in user repository option was checked

during the private keys/certificates generating.

5 After performing the corresponding operations, click OK.

All your generated keys or obtained by a Certificate Authority certificates are stored in the user repository. When creating your self-signed certificate, you can store it immediately or add any certificate to the user repository later on by clicking the Store button.

Note: If you install the self-signed certificate to the webmail server, watch that its validity

dates not yet expired and the domain name agrees with one in the certificate. Otherwise, your customers won't be able to log in to the server using IMAP over SSL.

Creating Certificate Signing Request

Certificate Signing Requests are used to supply a Certification Authority with the needed information to issue a valid certificate for you without knowing your private key. This includes your personal information and your public key. You can get a CA-signed

certificate by creating a Certificate Signing Request. A CA-signed certificate provides two important capabilities for your server:

 Browsers will (usually) automatically recognize the certificate and allow a secure connection to be made, without prompting the user.

 When a CA issues a signed certificate, they are guaranteeing the identity of the organization that is providing the Web pages to the browser.

To generate a Certificate Signing Request, perform the following operations:

1 Select Top > Personal Info > SSL Certificates and then click on the Request link in the main

window.

2 On the displayed page enter the information needed for creating a Certificate Signing

Request.

Option Description

Bits Select the level of encryption of your SSL certificate. Select an appropriate number from the drop-down menu.

Key type For asynchronous encryption and signing there are keys needed. For generating your certificate you can choose between the RSA and DSA keys.

(50)

Country Select a country from the drop-down list.

State/Province Specify a state or province.

Location (City) Specify a location (city).

Organization name Enter an appropriate organization name.

Organization Unit name Type an appropriate department/division of your organization.

Common name Enter the domain name for which you wish to generate the self-signed certificate. The expected format is

www.domainname.com or domainname.com.

E-mail Specify an email address.

Store in user repository RSA private keys and certificates are stored in the user repository automatically. You must clean the check box if you do not want to store them.

(51)

where the Certificate Request and Private Key are displayed.

3. On this page you can see two different text sections, the Certificate and the RSA Private Key.

 In the Certificate form you can see the request you should send to a Certificate

Authority in order to get your certificate. Download this request to your local computer by clicking the Download button. Later on, you can attach the request to your email and send it to a Certificate Authority like Verisign or Thawte.

 In the form below the Private Key field, your RSA private key is displayed. Do not

lose it. You will need this key during the certificate installation process. Losing it is likely to result in the need to generate another certificate. You can store the key to the repository immediately by clicking the Store button or download it to your local computer by clicking the Download button.

Note: The Store button is hidden if the Store in user repository option was checked

during the private keys/certificates generating. After performing the corresponding operations, click OK.

All your generated keys or obtained by a Certificate Authority certificates are stored in the user repository. When you create your self-signed certificate, you can store it immediately or add any certificate to the user repository later on by clicking the Store button.

Updating Certificate

When a certificate is issued, its validity is limited by an expiration date. After the certificate is expired, you can update it in the following way:

1 Connect via SSH to the server with installed SSL Proxy Service,

2 In the /usr/local/pem/etc/apache/httpsd.pem file directory replace your

old Private Key and SSL Certificate with the new one. The format of the file is the following:

---BEGIN RSA PRIVATE KEY---

MIICXQIBAAKBgQCdu0cjQwLuPs7CgCZB/0mvhJuflLN3wV+jM5By4W/ykZ2hkH22 BnS2TWucvoqmZp3qGaebXwT76xG5AaXFLKUgAB8tV3q5jTGVujAa1YE/AnP5c+jJ CVLVkYf3jFnzjBftB9QWX7kq4RAwz7I3Iuyt6vdL+qbyiMb1mYf1Iy+oUwIDAQAB AoGAQG+idxhIGTYVV0Xs2ydEXeyper7PtkuMG2rURuorxoeQQtF5WaQ3h8YHAUih 8aqYNmt2mjVuHtAANHkk1HERn2XGW/38kWM50yCJGSuila7SMgnQElWKZl2mt3g7 yHrTMqvy8Z/KC53EV4VJbLQ/FeLRCo68xqPAcn1IrpWzHEECQQDP5axnR+aQADBa aMSOd9VraYLljcIlNbOnNWw0dH3ibilIPKZdlANTp12+ildKoiI2AbJt7TiVWGQK xZTa4DqhAkEAwjon9jUk5eN99r1FbCYTbwQbFk4i2BjZgyia0xHn69p/K1Qu87NH PgIR4euuuBkvovR/IeMzwSoQpaYVcpYScwJBALtzx6PIfOfSg8bBOJmNC24yUMhS rX+HkFlwHgSeFPOZiLeNmCRAVU+UVT581oCA+H/hv9TGVIK0lF/yD2nbTIECQQCS gP+HrYqJhVGMfjQRYZ8jDDvKVWHfEs9vKX+vWkBQHV3zNuq7lC1WzoTinr4Jy6Wt CzOiQhjVyX8JE//1kNGVAkBayDncDnR9K1+CcH17MPOp1YgYHAJY6aYPRDmz9aKh 59KuHcxUMcNwZr0tE0eIzTUVcuKFioTqzda4GMAZ66zk

---END RSA PRIVATE KEY--- ---BEGIN CERTIFICATE---

(52)

MAkGA1UECBMCVkExEjAQBgNVBAcTCUNoYW50aWxseTETMBEGA1UEChMKUGxlc2sg SW5jLjESMBAGA1UEAxMJcGxlc2suY29tMSAwHgYJKoZIhvcNAQkBFhFzdXBwb3J0 QHBsZXNrLmNvbTAeFw0wMDExMTAyMzI0NDFaFw0wMTExMTAyMzI0NDFaMHkxCzAJ BgNVBAYTAlVTMQswCQYDVQQIEwJWQTESMBAGA1UEBxMJQ2hhbnRpbGx5MRMwEQYD VQQKEwpQbGVzayBJbmMuMRIwEAYDVQQDEwlwbGVzay5jb20xIDAeBgkqhkiG9w0B CQEWEXN1cHBvcnRAcGxlc2suY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB gQCdu0cjQwLuPs7CgCZB/0mvhJuflLN3wV+jM5By4W/ykZ2hkH22BnS2TWucvoqm Zp3qGaebXwT76xG5AaXFLKUgAB8tV3q5jTGVujAa1YE/AnP5c+jJCVLVkYf3jFnz jBftB9QWX7kq4RAwz7I3Iuyt6vdL+qbyiMb1mYf1Iy+oUwIDAQABo4HWMIHTMB0G A1UdDgQWBBT2zaAoFZ5VmekJeHsaUbp9TVhYHzCBowYDVR0jBIGbMIGYgBT2zaAo FZ5VmekJeHsaUbp9TVhYH6F9pHsweTELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAlZB MRIwEAYDVQQHEwlDaGFudGlsbHkxEzARBgNVBAoTClBsZXNrIEluYy4xEjAQBgNV BAMTCXBsZXNrLmNvbTEgMB4GCSqGSIb3DQEJARYRc3VwcG9ydEBwbGVzay5jb22C AQAwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQQFAAOBgQAmHfypVB/5muH/sF0B gAOH9MBe35xvu+JaYBucuCPZz2VTeVpg/6pdLavlXVE7LHPjDm8gM31vzeFvY5/J Z54BcyQ0HIluPG2MMF2+BBYPEJ0ubl9BK/XHaNk2ff1FhbJPBbWjnwqR1sUyuVij 3Z2oznbWvsE7cpdYJJBYOw1c7Q== ---END CERTIFICATE---

3 Restart HTTPD using the service pemhttpd restart command, 4 Validate that SSL Certificate is replaced successfully: open

https://SSL_PROXY_HOSTNAME URL in IE and check that new SSL Certificate is used.

Installing phpMyAdmin Service

phpMyAdmin is a popular, powerful web-based interface for administering MySQL databases. It is open source, written in PHP, and is among the better tools available for working with MySQL databases.

After installing it, you can include it in your hosting plan and provide your customers with the access to their databases via phpMyAdmin.

System Requirements for phpMyAdmin Servers

Server Names PHPMYADM

Description phpMyAdmin Server

This server hosts the application for web-based databases management: phpMyAdmin.

Density Up to 10,000 customers per server depending on activity.

Quantity To be calculated based on the projected customer base and the density above. * Can be deployed as a VPS on one of the Multi-Purpose servers - see below

(53)

 OS only

Supported

RAM 2GB

Disks Array 1:

 OS and software - 2 x 80GB SATA, RAID1 (soft impl.)

Installation Requirements

Management Node MySQL (SC)

UI Node(s) none

External IP yes Service package First install the

"phpMyAdmin_skin_<SK IN name> (other)" package (if necessary), then "phpMyAdmin (other)" (point out skin if necessary, package property: theme.default).

(54)

RPMs mod_cband mod_init_crypto mod_limitipconn pem-suexec perl-BerkeleyDB php4 php4-curl php4-domxml php4-gd php4-imap php4-ldap php4-mbstring php4-mcrypt php4-mhash php4-mysql php4-ncurses php4-odbc php4-pear php4-pear-HTTP-Request php4-pgsql php4-snmp php4-xmlrpc libc-client libmcrypt libmhash webalizer gd db4 MySQL4-client MySQL-shared-compat MySQL-python mx perl-DBD-MySQL perl-DBD-Pg postgresql-libs mod_ssl httpd perl curl php5-cgi

Application Templates For RHEL 5 and CentOS 5:  .pa-apache-httpd  .pa-php  .pa-mysql-client  .pa-pgsql-client  .pa-pleskd  .pa-webalizer  .mod_ssl  .pa-php5-cgi

For RHES 4 and CentOS 4:  vzpem-apache-httpd  vzpem-php  vzpem-mysql-client  vzpem-pgsql-client  vzpem-pleskd  vzpem-webalizer  mod_ssl  vzpem-php5-cgi

Poa Linux Shared Hosting Deployment Guide 5.0

Parallels

Parallels Operations

Automation 5.0

Linux Shared Hosting Deployment Guide

Revision 7.26 (June 12, 2010)

Contents

Preface

6

Deploying Apache Web Hosting

9

Deploying Linux-based Database Hosting

85

Deploying Parallels Plesk Sitebuilder for Linux/Unix

100

Common Operations

106

Index

139

In This Chapter

Documentation Conventions

Typographical Conventions

C

1

General Conventions

Feedback

In This Chapter

Installing Apache Web Server

System Requirements for Apache Web Servers

Installation Requirements for Apache 2.2

Installation Requirements for Apache 2.0

Installing FrontPage on Host

Installing ionCube Loader and SQLite2 PHP Extensions

Installation Requirements

Installing POA Packages

Restarting Apache Service

Configuring IP Pool for WebSites With SSL Support

Installing Web File Manager

System Requirements for Web File Manager Server

Installation Requirements for Apache 2.2

Installation Requirements for Apache 2.0

Upgrading Web Server from Apache 2.0 to

Apache 2.2

Legacy File Manager to Web File Manager

Transition

Installing Domain Parking Service

System Requirements for Domain Parking Server

Installation Requirements for Domain Parking Service

Installing SSL Proxy Server

System Requirements for SSL Proxy Server

Installation Requirements

Creating Certificate

Generating Self-Signed Certificate

Creating Certificate Signing Request

Updating Certificate

Installing phpMyAdmin Service

System Requirements for phpMyAdmin Servers

Installation Requirements