Hi,
On Sun, 25 Aug 2024 20:10:52 -0400
David Colburn <qrv@kd4e.com> wrote:
> On 8/25/24 17:55, Zé Loff wrote:
> > On Sun, Aug 25, 2024 at 02:49:03PM -0400, David Colburn wrote:
> >>> After a cursory reading, it looks OK. But don't forget to read the
> >>> supplied documentation, after installing the package:
> >>>
> >>> less /usr/local/share/doc/pkg-readmes/mariadb-server
> >>>
> >>> Also, most of those steps don't have to do with mariadb, but with simple
> >>> system administration. Installing the package, starting and stopping
> >>> services, and checking if processes are running and ports are open are
> >>> all tasks you should be familiar with.
> >> All good to this point, thanks.
> >>
> >> Now I'm reading this in
> >>
> >> /usr/local/share/doc/pkg-readmes/mariadb-server
> >>
> >> Given that lighttpd runs in chroot am I correct that I need to run the
> >> following
> >>
> >> install and then edit /etc/my.cnf for things to play nicely together?
> >>
> >> Thanks,
> >>
> >> David
> >>
> >> --------------------------------------------------------------------------------------------------------------------
> >>
> >> chrooted daemons and MariaDB socket
> >> ===================================
> >>
> >> For external program running under a chroot(8) to be able to access the
> >> MariaDB server without using a network connection, the socket must be
> >> placed inside the chroot.
> >>
> >> e.g. httpd(8) or nginx(8): connecting to MariaDB from PHP
> >> ---------------------------------------------------------
> >> Create a directory for the MariaDB socket:
> >>
> >> # install -d -m 0711 -o _mysql -g _mysql /var/www/var/run/mysql
> >>
> >> Adjust /etc/my.cnf to use the socket in the chroot - this
> >> applies to both client and server processes:
> >>
> >> [client-server]
> >> socket = /var/www/var/run/mysql/mysql.sock
> > You have three progressively less restrictive ways of providing access
> > to your database server:
> >
> > * A Unix socket:
> > If all the database consumers will be running locally, you can use a
> > socket. If any of the consumers will be running chrooted to /var/www,
> > then you'll need to put the socket in the chroot, as described on the
> > pkg-readme (and remember not to use the full path when configuring the
> > chrooted clients).
> >
> > * TCP, listening on 127.0.0.1:
> > If all consumers will be running on the same host, and if you don't want
> > the hassle of setting up the socket -- the tradeoff being having the
> > socket available for every process that can use inet -- then you can
> > just configure mariadb to listen on the loopback interface. If you have
> > "set skip on lo0" on pf.conf (it's there by default), then you won't
> > need to add anything else to that file.
> >
> > * TCP, listening on other interfaces:
> > You'll need this if the database is to be accessible to other hosts.
> > Using this option might require adjusting your filtering rules on
> > pf.conf.
> >
> >
> > You can use any combination of the above methods (socket only, loopback
> > only, socket+loopback, socket+other interfaces, etc). See the "port",
> > "socket", "skip-networking" and "bind-address" options on the [mysqld]
> > section of /etc/my.cnf, and remember to setup the [client] section
> > accordingly (i.e., if you skip-networking, don't configure the client to
> > use TCP/IP, and if you don't setup a server socket, don't configure the
> > client to use it).
> >
> > And make sure you know what you need, and why, before configuring
> > things.
> >
> Thank you for your reply.
>
> Here's my attempt to assess & describe what I need, and why ...
>
> This will be a self-hosted Web-facing server using the Chamilo-LMS
>
> (learning management system) interface.
>
> All of the users, students and teachers alike, would log into the
> Chamilo-LMS host.
>
> All of the data that Chamilo-LMS would serve would be hosted on the same
>
> machine where it resides.
>
> (Note: If I understand, correctly, the preferred best-security practice
> is to require
> a user of Chamilo-LMS to access any external links by leaving the server -
> e.g. a remote user would open a second tab on their machine to open a
> non-local
> URL, rather than my server passing that content. True?)
huh?? I'm not sure what exactly you mean.
>
> As I understand it, Chamilo-LMS is based on PHP and uses MariaDB, but
> Lighttpd
> is what manages the internal and Web-facing network side of things?
> So, database consumers would only communicate with MariaDB via Chamilo-LMS?
> Would Chamilo-LMS need a Unix socket to communicate with MariaDB?
> And then Lighttpd would use TCP (listening on 127.0.0.1) between the
> Chamilo-LMS
> consumer login accounts and the world?
Communication is:
user/web browser <---> web server(lighttpd) <---> PHP(chamilo-LMS) <---> database(MariaDB)
The Admin guide of chamilo-LMS (step 4 of 6) seems to imply it uses UNIX sockets when you supply "localhost" as Database Host. My guess would be, if you use 127.0.0.1 as Database host it will use a TCP/IP connection.
Best regards
Robert
>
> Thanks!
>
No comments:
Post a Comment