Ns8-lamp needs testers

Development Testing
,
1

Hello mates, something new to play

NS8-lamp, the purpose is to install mariadb 10.11, php8.3 and apache 2.4 together

to install it

add-module ghcr.io/stephdl/lamp:1.0.0-dev.4

the documentation usage can be read from the readme of the project

I tried to document a simple usage to install wordpress, but any php application should run.

[PHP Modules]
apcu
bcmath
bz2
calendar
Core
ctype
curl
date
dba
dom
enchant
exif
FFI
fileinfo
filter
ftp
gd
gettext
gmp
hash
iconv
igbinary
imagick
imap
intl
json
ldap
libxml
mbstring
mcrypt
memcached
msgpack
mysqli
mysqlnd
odbc
openssl
pcntl
pcre
PDO
PDO_Firebird
pdo_mysql
PDO_ODBC
pdo_sqlite
Phar
posix
pspell
random
readline
Reflection
session
shmop
SimpleXML
snmp
soap
sockets
sodium
SPL
sqlite3
standard
sysvmsg
sysvsem
sysvshm
tidy
tokenizer
xdebug
xml
xmlreader
xmlrpc
xmlwriter
xsl
Zend OPcache
zip
zlib

the clone, the backup, the database creation is supposed to work, but I am waiting your tests and inputs

a database can be created the first time you configure the module, if you miss this step, you can reinstall or create it with phpmyadmin

go to https://FQDN/phpmyadmin/

to access the container, do

runagent -m lamp1 podman exec -ti lamp-app bash

to download the web app to the container you have many tools

git, rsync, sftp, ftp, ftp-ssl, wget

8 Likes
2

Congratulations for this module!
I think it was expected by many people.

I just installed it and everything went well.

A first question: how can I configure MySQL to access phpmyadmin only from “inside” (for example: https://10.10.10.25/phpmyadmin/)? My server is placed in the DMZ and I don’t want to give access to MySQL from the WAN. It will only be accessed via VPN, from “inside”.

Thanks in advance for the answer.

2 Likes
3

Good point

I would go with a .htaccess in the folder of /app

Would you test it, we could document it.

4 
Aug 28 14:34:10 r3-pve.rocky9-pve3.org traefik[132146]: 192.168.13.210 - - [28/Aug/2024:12:34:10 +0000] "GET /phpmyadmin/ HTTP/2.0" 403 286 "-" "-" 1601 "lamp1-https@file" "http://127.0.0.1:20010" 1ms
Aug 28 14:34:10 r3-pve.rocky9-pve3.org lamp-app[135183]: 10.0.2.100 - - [28/Aug/2024:12:34:10 +0000] "GET /phpmyadmin/ HTTP/1.1" 403 447 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36"
Aug 28 14:34:11 r3-pve.rocky9-pve3.org lamp-app[135183]: [Wed Aug 28 12:34:11.253399 2024] [authz_core:error] [pid 182] [client 10.0.2.100:47746] AH01630: client denied by server configuration: /var/www/phpmyadmin/
Aug 28 14:34:11 r3-pve.rocky9-pve3.org lamp-app[135183]: 10.0.2.100 - - [28/Aug/2024:12:34:11 +0000] "GET /phpmyadmin/ HTTP/1.1" 403 447 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36"

hum I need to think on it, traefik see the correct IP, but not the container, I recall some traefik directives to relay the correct IP

5

the easiest way is probably in traefik, we need to implement a way to block IP not local, I think it is still in discussion

6

Dejavu with something called an i-Bay
 :wink:

7

new version ghcr.io/stephdl/lamp:1.0.0-dev.4 the container startup time should be improved

1 Like
8

yep, IT is moving fast. That was a good old time

Webserver does the ibay principle but people does not like it :confused:

1 Like
9

I liked it, but it is complicated. With this module it is more easy to get a web accessible site up and running, with good control and goodies. Compliments!

This module for me replaces webserver and/or Wordpress module. Altho the WP module is very comfortable to install if you need a WP site.

Merci!

2 Likes
10

To protect the /phpmyadmin endpoint, I need to add a restriction in the set-route of ns8-traefik to limit access to private networks. I believe this is still the best option, and I haven’t given up on it yet. The ns8-lamp has been released as stable, but please add tests and feedbacks for further improvements.

3 Likes
11

I have made the first attempt to use the new LAMp module.

  1. mostly works well
  2. findings:

I cannot estimate the consequences.

Sincerely, Marko

Ps.: seems to be work
A big issue: .htaccess and robots.txt are read only and cannot restored by UpdraftPlus-restore and cannot be changed by WP-Plugins

3 Likes
12

Permissions issues you are root inside the container you can chmod chown as you want. Use www-data as the www user

13

For the utf8 I think I am guilty

1 Like
14

hum I am not sure, we have already utf8mb4 enabled

image
image693×458 46.8 KB

15

confirmed

[root@R1-pve ~]# runagent -m lamp7 podman exec -ti lamp-app bash
root@lamp:/# grep -srni 'UTF8' /etc/mysql/
/etc/mysql/mariadb.conf.d/50-server.cnf:94:# utf8 4-byte character set. See also client.cnf
/etc/mysql/mariadb.conf.d/50-server.cnf:95:character-set-server  = utf8mb4
/etc/mysql/mariadb.conf.d/50-server.cnf:96:collation-server      = utf8mb4_general_ci
1 Like
16

I think the issue is that the imported database has an old encoding: utf8. So the Updraft Restore wants to convert it to utf8mb*
We also used utf8 on NS7.

2 Likes
17

ok you run the old default format of database utf8 that is utf8mb3, now standart is utf8mb4

Probably you have to alter the database after the migration, this is an example

2 Likes
18

One additional question: How I can change PHP / MySQL-Settingings like ‘max_allowed_packet’ within the LAMP-App?

19

what values do you need IIUC it is not php but pure mysql setting

20

Yes, I know.
Currently, I need to change ‘max_allowed_packet’ up to 64MB.

I have therefore asked the question in a somewhat generalised way, as I think the need to change the relevant parameters will arise from time to time and it would be good to describe the procedure.

1 Like