New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
LHMP - Hiawatha PHP-FPM MariaDB, install and administration
Hi all,
I posted before about this tool,but i didn't have time for updates last few months and in last few weeks few nice people asked when tool will be updated. I took few evenings hours and i made first version to support Devuan and Debian 8.
What this tool is about
- Easy way to set secure web server
- Save server setting time
- Run on Pi 2 and BeagleBone board
What this tool do for you
Where to get your copy
https://gist.github.com/ZEROF/10743343
How to
-Save script as hiawatha.sh
-Set permission chmod +x hiawatha.sh
-Run it ./hiawatha.sh
Use it
If you can, use it on fresh installed servers.
Have fun and send your ideas.
Comments
Good job buddy.
Can you give us a short comparison of hiawatha and nginx?
thanks, bookmarked for future refference.
@GM2015 Sure, if you are for more secure server you will go with Hiawatha, because page load speed is almost same for me. And it's easy to use, nginx can be complicated in some advanced settings. If you want simple, Apache is around for long time.
@simonindia Thanks man!
@Mark_R Have fun
Does it support hiawathaproxy (hiawatha+httpd)?
Any chance for mail and jailkit too?
Read http://forum.mratwork.com/kloxo-mr-development/(6-5-1a)-webwebcache-servers-benchmark
@Fritz I never tested Hiawatha as Apache proxy but it's easy to do. I think it's much better to be done by user then script. I will check out and if it's working with let's say wordpress installation i will add, but that will ask for some extra stuff as well etc..
I tested on my server with just apache default page and it's working. On apache side you just need to edit two files, /etc/apache2/ports.conf and file inside /etc/apache2/sites-enabled, for demo i just edited 000-deafult template.
In ports.conf replace port 80 with 8080, in 000-default vhost settings do the same replace *:80 with *:8080.
Second part is hiawatha, not much to be done here, just inside hiawatha.conf, section vhost, add ReverseProxy = .* http://127.0.0.1:8080 30 keep-alive
With netstat we see that hiawatha and apache are good friends now (netstat -tunlp)
Mail
I don't see what this have with Hiawatha, and that will be to much of work, i will try to keep this script in capacity to run simple configuration with better security and mail server don't have place around. We need 2nd man for that .
True is, that kind of script can be made, but that is not issue, it's all about updates, and keeping soft up to date, and because of that it's better to keep simple as possible and work on one project and not 10 in same time.
Jailkit
For what?
P.S. I'm not a coder, just sys admin with special needs
For mail server setup script i use MAILCOW this one is great
@ZEROF: Thank you very much for updating your script! It's always great when someone takes the time to make the life of others easier! I first heard about Hiawatha by earlier versions of your script and deployed it on many servers since then. I will never understand why Hiawatha is not more widespread - it does not have to hide behind nginx in terms of performance and does SO MUCH more for security than most (if not all) other webservers out there.
I can only encourage everyone here to give it a try! It's well worth it!
Kloxo-MR is the first (and maybe only one) CP can handle Hiawatha (as standalone or reverseproxy).
Thats gr8 mustafa ! Awesome.
Also, Can we install VestaCP over this ?
No. Because Kloxo-MR is also control panel like VestaCP.
@ZEROF
That will be great if user can choose what to use.
Some of my servers are already using your script.
as for mail, that's just an option not mandatory.
Small update folks. Thanks to people asked for fail2ban.
Install fail2ban (you can set port, you don't need to use 22, because LES and other NAT boxes don't use standard ports)
This will add SFTP protection as well.
Remove fail2ban and settings.
Cheers!