Preparazione installazione Scientific Linux 7 per Joomla 3.6.x

L'installazione procede dal template realizzato come descritto in https://wiki.infn.it/strutture/lnf/dr/calcolo/sistemi/scientific_linux_7_template.

Installazione pacchetti prerequisiti

Installare i seguenti pacchetti da repo:

$ yum install php-mysql php-gd php-pear php-cli php-pdo php-xml php-mbstring php-process wget vim curl httpd php-devel httpd-devel pcre-devel gcc php perl-ExtUtils-CBuilder perl-local-lib perl-version perl-Compress-Raw-Zlib perl-DBI perl-Params-Check perl-Archive-Extract perl-Module-Pluggable perl-FCGI perl-Pod-Perldoc perl-Pod-Usage perl-CPANPLUS-Dist-Build perl-Time-Local perl-Text-Unidecode perl-PathTools perl-autodie perl-File-Temp perl-Test-Simple perl-Filter perl-B-Lint perl-IO-HTML perl-HTTP-Date perl-LWP-MediaTypes perl-Net-LibIDN perl-HTTP-Daemon perl-HTTP-Cookies perl-macros perl-Data-Dumper perl-Time-Piece perl-Object-Accessor perl-Digest-SHA perl-ExtUtils-Manifest perl-parent perl-podlators perl-Text-ParseWords perl-Storable perl-constant perl-Socket perl-Time-HiRes perl-Scalar-List-Utils perl-Pod-Simple perl-File-Path perl-threads perl-ExtUtils-Install perl-ExtUtils-Embed perl-ExtUtils-ParseXS perl-core perl-ExtUtils-MakeMaker perl-Module-Load perl-Module-Metadata perl-CPAN-Meta-YAML perl-Net-Daemon perl-Compress-Raw-Bzip2 perl-PlRPC perl-DBD-SQLite perl-Log-Message perl-DBIx-Simple perl-Term-UI perl-File-Fetch perl-Parse-CPAN-Meta perl-CPANPLUS perl-Archive-Tar perl-CGI perl-Perl-OSType perl-CPAN-Meta-Requirements perl-Module-Build perl-Pod-LaTeX perl-Text-Soundex perl-DB_File perl-Sys-Syslog perl-Locale-Codes perl-Env perl-Version-Requirements perl-DBD-MySQL perl-HTML-Tagset perl-TimeDate perl-Business-ISBN-Data perl-URI perl-HTTP-Message perl-File-Listing perl-HTTP-Negotiate perl-Net-SSLeay perl-IO-Socket-IP perl-Net-HTTP perl-libwww-perl perl-libxml-perl perl-libs perl-Locale-Maketext-Simple perl-Module-Load-Conditional perl-Pod-Escapes perl-Module-Loaded perl-Package-Constants perl-IO-Zlib perl-devel perl-Digest perl-IO-Compress perl-Locale-Maketext perl-IPC-Cmd perl-Log-Message-Simple perl-JSON-PP perl-HTTP-Tiny perl-Pod-Parser perl-Encode perl-CPAN-Meta perl-Exporter perl-Pod-Checker perl-Carp perl-File-CheckTree perl-Digest-MD5 perl-threads-shared perl-Getopt-Long perl-Crypt-SSLeay perl-Encode-Locale perl-Business-ISBN perl-HTML-Parser perl-WWW-RobotRules perl-IO-Socket-SSL perl-XML-Parser perl perl-Module-CoreList perl-Thread-Queue perl-CPAN perl-Test-Harness gdbm-devel pyparsing systemtap-sdt-devel

Installazione e configurazione ''apc''

Installare apc come estenzione pecl:

$ pecl install apc

Editare il file di configurazione /etc/php.d/apc.ini con le seguenti impostazioni:

; Enable apc extension module
extension = apc.so

; Options for the APC module version >= 3.1.3
; See http://www.php.net/manual/en/apc.configuration.php

; This can be set to 0 to disable APC. 
apc.enabled=1
; The number of shared memory segments to allocate for the compiler cache. 
apc.shm_segments=1
; The size of each shared memory segment, with M/G suffix
apc.shm_size=64M
; A "hint" about the number of distinct source files that will be included or 
; requested on your web server. Set to zero or omit if you are not sure;
apc.num_files_hint=1536
; Just like num_files_hint, a "hint" about the number of distinct user cache
; variables to store.  Set to zero or omit if you are not sure;
apc.user_entries_hint=4096
; The number of seconds a cache entry is allowed to idle in a slot in case this
; cache entry slot is needed by another entry.
apc.ttl=7200
; use the SAPI request start time for TTL
apc.use_request_time=1
; The number of seconds a user cache entry is allowed to idle in a slot in case
; this cache entry slot is needed by another entry.
apc.user_ttl=7200
; The number of seconds that a cache entry may remain on the garbage-collection list. 
apc.gc_ttl=3600
; On by default, but can be set to off and used in conjunction with positive
; apc.filters so that files are only cached if matched by a positive filter.
apc.cache_by_default=1
; A comma-separated list of POSIX extended regular expressions.
apc.filters
; The mktemp-style file_mask to pass to the mmap module 
apc.mmap_file_mask=/tmp/apc.XXXXXX
; This file_update_protection setting puts a delay on caching brand new files.
apc.file_update_protection=2
; Setting this enables APC for the CLI version of PHP (Mostly for testing and debugging).
apc.enable_cli=0
; Prevents large files from being cached
apc.max_file_size=1M
; Whether to stat the main script file and the fullpath includes.
apc.stat=1
; Vertification with ctime will avoid problems caused by programs such as svn or rsync by making 
; sure inodes have not changed since the last stat. APC will normally only check mtime.
apc.stat_ctime=0
; Whether to canonicalize paths in stat=0 mode or fall back to stat behaviour
apc.canonicalize=0
; With write_lock enabled, only one process at a time will try to compile an 
; uncached script while the other processes will run uncached
apc.write_lock=1
; Logs any scripts that were automatically excluded from being cached due to early/late binding issues.
apc.report_autofilter=0
; RFC1867 File Upload Progress hook handler
apc.rfc1867=0
apc.rfc1867_prefix =upload_
apc.rfc1867_name=APC_UPLOAD_PROGRESS
apc.rfc1867_freq=0
apc.rfc1867_ttl=3600
; Optimize include_once and require_once calls and avoid the expensive system calls used.
apc.include_once_override=0
apc.lazy_classes=0
apc.lazy_functions=0
; Enables APC handling of signals, such as SIGSEGV, that write core files when signaled. 
; APC will attempt to unmap the shared memory segment in order to exclude it from the core file
apc.coredump_unmap=0
; Records a md5 hash of files. 
apc.file_md5=0
; not documented
apc.preload_path

Riavviare Apache:

$ systemctl restart httpd.service

Ottimizzazione

Inserire il file al percorso /etc/httpd/conf.d/optimization.conf con il seguente contenuto:

<IfModule mod_mime.c>
    AddType application/java .class
    AddType application/msword .doc .docx
    AddType application/pdf .pdf
    AddType application/vnd.ms-access .mdb
    AddType application/vnd.ms-excel .xla .xls .xlsx .xlt .xlw
    AddType application/vnd.ms-fontobject .eot
    AddType application/vnd.ms-powerpoint .pot .pps .ppt .pptx
    AddType application/vnd.ms-project .mpp
    AddType application/vnd.ms-write .wri
    AddType application/vnd.oasis.opendocument.chart .odc
    AddType application/vnd.oasis.opendocument.database .odb
    AddType application/vnd.oasis.opendocument.formula .odf
    AddType application/vnd.oasis.opendocument.graphics .odg
    AddType application/vnd.oasis.opendocument.presentation .odp
    AddType application/vnd.oasis.opendocument.spreadsheet .ods
    AddType application/vnd.oasis.opendocument.text .odt
    AddType application/zip .zip
    AddType application/x-font-otf .otf
    AddType application/x-font-ttf .ttf .ttc
    AddType application/x-font-woff .woff
    AddType application/x-gzip .gz .gzip
    AddType application/x-javascript .js
    AddType application/x-msdownload .exe
    AddType application/x-shockwave-flash .swf
    AddType application/x-tar .tar
    AddType audio/midi .mid .midi
    AddType audio/mpeg .mp3 .m4a
    AddType audio/ogg .ogg
    AddType audio/wav .wav
    AddType audio/wma .wma
    AddType audio/x-realaudio .ra .ram
    AddType image/bmp .bmp
    AddType image/gif .gif
    AddType image/jpeg .jpg .jpeg .jpe
    AddType image/png .png
    AddType image/svg+xml .svg .svgz
    AddType image/tiff .tif .tiff
    AddType image/x-icon .ico
    AddType text/css .css
    AddType text/plain .txt
    AddType text/html .html .htm
    AddType text/richtext .rtf .rtx
    AddType text/x-component .htc
    AddType text/xsd .xsd
    AddType text/xsl .xsl
    AddType text/xml .xml
    AddType video/asf .asf .asx .wax .wmv .wmx
    AddType video/avi .avi
    AddType video/divx .divx
    AddType video/quicktime .mov .qt
    AddType video/mp4 .mp4 .m4v
    AddType video/mpeg .mpeg .mpg .mpe
</IfModule>

<IfModule mod_deflate.c>
    <filesMatch "\.(js|css|html|php|svg)$">
        SetOutputFilter DEFLATE
    </filesMatch>

    <IfModule mod_setenvif.c>
	BrowserMatch ^Mozilla/4 gzip-only-text/html
	BrowserMatch ^Mozilla/4\.0[678] no-gzip
	BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
	BrowserMatch \bMSI[E] !no-gzip !gzip-only-text/html
    </IfModule>

    <IfModule mod_headers.c>
        Header append Vary User-Agent env=!dont-vary
        Header set Connection keep-alive
    </IfModule>

    <IfModule mod_filter.c>
	AddOutputFilterByType DEFLATE application/javascript
	AddOutputFilterByType DEFLATE application/rss+xml
	AddOutputFilterByType DEFLATE application/x-javascript
	AddOutputFilterByType DEFLATE application/xml
	AddOutputFilterByType DEFLATE application/xhtml+xml
	AddOutputFilterByType DEFLATE image/svg
	AddOutputFilterByType DEFLATE image/svg+xml
	AddOutputFilterByType DEFLATE image/x-icon
	AddOutputFilterByType DEFLATE text/css
	AddOutputFilterByType DEFLATE text/html
	AddOutputFilterByType DEFLATE text/plain
	AddOutputFilterByType DEFLATE text/richtext
	AddOutputFilterByType DEFLATE text/x-component
	AddOutputFilterByType DEFLATE text/xml
	AddOutputFilterByType DEFLATE text/xsd
	AddOutputFilterByType DEFLATE text/xsl
    </IfModule>

</IfModule>

<ifModule mod_gzip.c>
    mod_gzip_on Yes
    mod_gzip_dechunk Yes
    mod_gzip_item_include file .(html?|txt|css|js|php|pl|svg)$
    mod_gzip_item_include handler ^cgi-script$
    mod_gzip_item_include mime ^text/.*
    mod_gzip_item_include mime ^application/x-javascript.*
    mod_gzip_item_exclude mime ^image/.*
    mod_gzip_item_exclude rspheader ^Content-Encoding:.*gzip.*
</ifModule>

<IfModule mod_expires.c>
    ExpiresActive On
    ExpiresDefault A604800

    ExpiresByType application/java A604800
    ExpiresByType application/msword A604800
    ExpiresByType application/pdf A604800
    ExpiresByType application/vnd.ms-access A604800
    ExpiresByType application/vnd.ms-excel A604800
    ExpiresByType application/vnd.ms-fontobject A604800
    ExpiresByType application/vnd.ms-powerpoint A604800
    ExpiresByType application/vnd.ms-project A604800
    ExpiresByType application/vnd.ms-write A604800
    ExpiresByType application/vnd.oasis.opendocument.chart A604800
    ExpiresByType application/vnd.oasis.opendocument.database A604800
    ExpiresByType application/vnd.oasis.opendocument.formula A604800
    ExpiresByType application/vnd.oasis.opendocument.graphics A604800
    ExpiresByType application/vnd.oasis.opendocument.presentation A604800
    ExpiresByType application/vnd.oasis.opendocument.spreadsheet A604800
    ExpiresByType application/vnd.oasis.opendocument.text A604800
    ExpiresByType application/x-font-otf A604800
    ExpiresByType application/x-font-ttf A604800
    ExpiresByType application/x-gzip A604800
    ExpiresByType application/x-javascript A604800
    ExpiresByType application/x-msdownload A604800
    ExpiresByType application/x-shockwave-flash A604800
    ExpiresByType application/x-tar A604800
    ExpiresByType application/zip A604800
    ExpiresByType audio/basic A604800
    ExpiresByType audio/midi A604800
    ExpiresByType audio/mpeg A604800
    ExpiresByType audio/ogg A604800
    ExpiresByType audio/x-aiff A604800
    ExpiresByType audio/x-pn-realaudio A604800
    ExpiresByType audio/x-pn-realaudio-plugin A604800
    ExpiresByType audio/x-realaudio A604800
    ExpiresByType audio/x-wav A604800
    ExpiresByType audio/wav A604800
    ExpiresByType audio/wma A604800
    ExpiresByType image/bmp A604800
    ExpiresByType image/gif A604800
    ExpiresByType image/ief A604800
    ExpiresByType image/jpeg A604800
    ExpiresByType image/jpg A604800
    ExpiresByType image/png A604800
    ExpiresByType image/svg+xml A604800
    ExpiresByType image/tiff A604800
    ExpiresByType image/x-cmu-raster A604800
    ExpiresByType image/x-icon A604800
    ExpiresByType image/x-portable-anymap A604800
    ExpiresByType image/x-portable-bitmap A604800
    ExpiresByType image/x-portable-graymap A604800
    ExpiresByType image/x-portable-pixmap A604800
    ExpiresByType image/x-rgb  A604800
    ExpiresByType image/x-xbitmap A604800
    ExpiresByType image/x-xpixmap A604800
    ExpiresByType image/x-xwindowdump A604800
    ExpiresByType text/css A604800
    ExpiresByType text/html A604800
    ExpiresByType text/javascript A604800
    ExpiresByType text/plain A604800
    ExpiresByType text/richtext A604800
    ExpiresByType text/x-component A604800
    ExpiresByType text/xml A604800
    ExpiresByType text/xsd A604800
    ExpiresByType text/xsl A604800
    ExpiresByType video/asf A604800
    ExpiresByType video/avi A604800
    ExpiresByType video/divx A604800
    ExpiresByType video/quicktime A604800
    ExpiresByType video/mp4 A604800
    ExpiresByType video/mpeg A604800
    ExpiresByType video/x-msvideo A6048000
    ExpiresByType video/x-sgi-movie A6048000

    <FilesMatch "\.(gif¦jpe?g¦png¦ico¦css¦js¦swf)$">
        Header set Cache-Control "public"
    </FilesMatch>

    <FilesMatch "\.(php|cgi|pl)$">
        ExpiresActive Off
        Header set Cache-Control "private, no-cache, no-store, proxy-revalidate, no-transform"
        Header set Pragma "no-cache"
    </FilesMatch>

    <FilesMatch ".(eot|ttf|otf|woff|woff2)">
        Header set Access-Control-Allow-Origin "*"
    </FilesMatch>
</IfModule>

<IfModule mod_headers.c>
    FileETag MTime Size
</IfModule>

Configurazione virtual host macchina amministrazione

Per configurare un virtual host utilizzare le direttive negli appositi file di configurazione di Apache:

Alias /apc.php /usr/share/pear/apc.php
Alias /it/apc.php /usr/share/pear/apc.php

<Directory "/usr/share/pear">
    Require all granted
</Directory>

<VirtualHost *:80>
    ServerName www.<SITE_NAME>.it
    ServerAdmin wwwlnf@lnf.infn.it
    DocumentRoot <DOC_ROOT_PATH>/<SITE_NAME>

    <Directory "<DOC_ROOT_PATH>/<SITE_NAME>">
       #
       # Richiesto da Apache v2.4
       #
       AllowOverride All
       Require all granted
    </Directory>

    <Directory "<DOC_ROOT_PATH>/sysprivate/<SITE_NAME>">
       #
       # Richiesto da Apache v2.4
       #
       AllowOverride All
       Require all granted
    </Directory>

# Set timezone to Europe/Rome UTC+01:00
    SetEnv TZ Europe/Rome

    DirectoryIndex index.php index.html

    php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f comunicazione@presid.infn.it" 

    php_admin_value open_basedir "<DOC_ROOT_PATH>/<SITE_NAME>:<DOC_ROOT_PATH>/sysprivate/<SITE_NAME>:/dev/urandom:/usr/share/pear"

    php_admin_value sys_temp_dir "<DOC_ROOT_PATH>/sysprivate/<SITE_NAME>/upload_tmp"
    php_admin_value upload_tmp_dir "<DOC_ROOT_PATH>/sysprivate/<SITE_NAME>/upload_tmp"
    php_admin_value upload_max_filesize "16M"
    php_admin_value post_max_size "16M"

    php_admin_value session.save_path "<DOC_ROOT_PATH>/sysprivate/<SITE_NAME>/phpsessions"

    php_admin_value disable_functions "apache_child_terminate,apache_getenv,apache_get_modules,apache_get_version,apache_note,apache_setenv,chgrp,chmod,chown,crack_check,crack_closedict,crack_getlastmessage,crack_opendict,ctrl_dir,debugger_off,debugger_on,define_syslog_variables,diskfreespace,disk_free_space,dl,escapeshellarg,escapeshellcmd,exec,expect_expectl,expect_popen,fpassthru,ftp_connect,ftp_exec,ftp_get,ftp_login,ftp_nb_fput,ftp_put,ftp_raw,ftp_rawlist,get_current_user,highlight_file,ini_alter,ini_restore,leak,link,passthru,pclose,pcntl_exec,pcntl_fork,pcntl_setpriority,pcntl_signal,pcntl_sigprocmask,pfsockopen,phpinfo,phpini,php_ini_scanned_files,popen,posix_access,posix_ctermid,posix_getcwd,posix_getegid,posix_geteuid,posix_getgid,posix_getgrgid,posix_getgrnam,posix_getgroups,posix_get_last_error,posix_getlogin,posix_getpgid,posix_getpgrp,posix_getpid,posix_getppid,posix_getpwnam,posix_getpwuid,posix_getrlimit,posix_getsid,posix_getuid,posix_initgroups,posix_isatty,posix_kill,posix_mkfifo,posix_mknod,posix_setegid,posix_seteuid,posix_setgid,posix_setpgid,posix_setsid,posix_setuid,posix_strerror,posix_times,posix_ttyname,posix_uname,proc_close,proc_get_status,proc_nice,proc_open,proc_terminate,psockopen,putenv,safe_mode,session_save_path,server_software,shell_exec,show_source,symlink,system,systemroot,umask"

    php_flag "output_buffering" Off

    <DirectoryMatch "^<DOC_ROOT_PATH>/<SITE_NAME>/(|.+/)administrator">
       #
       # Richiesto da Apache v2.4
       #
       Require all denied
    </DirectoryMatch>

    <Directory "<DOC_ROOT_PATH>/<SITE_NAME>/cache/">
       php_flag engine off
    </Directory>

    <FilesMatch "^.*\..+~$">
       #
       # Richiesto da Apache v2.4
       #
       Require all denied
    </FilesMatch>

    LogFormat "%v %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" commonvhost
    ErrorLog "|/usr/custom/scripts/apache2syslog local4 httpd-www.<SITE_NAME>.it"
    CustomLog "|/usr/custom/scripts/apache2syslog local6 httpd" commonvhost

</VirtualHost>

Configurazione virtual host macchina utente