Alpine Linux Setup

Installation

• parted & mkfs.ext4...

  setup-alpine -q
  setup-timezone
  setup-sshd
  setup-ntp

• mount /mnt + /mnt/boot...

  setup-disk /mnt

Alix tweaks

sed -i '/ext4/ s/relatime/noatime/g' /etc/fstab
sed -i '/^default_kernel_opts/ s/=.*/="libata.force=1.0:udma66 console=tty0 console=ttyS0,38400 quiet"/' /etc/update-extlinux.conf
update-extlinux

Serial console

sed -i '/^serial_port/ s/=.*/=0/' /etc/update-extlinux.conf
sed -i '/^serial_baud/ s/=.*/=38400/' /etc/update-extlinux.conf
update-extlinux
echo 'ttyS0::respawn:/sbin/getty -L ttyS0 38400 vt100' >> /etc/inittab
echo 'ttyS0' >> /etc/securetty

Swap file

dd if=/dev/zero of=/swapfile bs=1M count=512
chmod 600 /swapfile
mkswap /swapfile
echo '/swapfile none swap sw 0 0' >> /etc/fstab

Disable IPv6

echo 'ipv6' >> /etc/modules
echo 'net.ipv6.conf.all.disable_ipv6 = 1' >> /etc/sysctl.d/01-disable-ipv6.conf

Packages

sed -i '/^http/ s/^/#/g' /etc/apk/repositories
sed -i '/edge/ s/^#//g' /etc/apk/repositories
apk update
apk upgrade --available
apk add man mc screen iputils rsync subversion git build-base

NFS server

apk add nfs-utils
sed -i '/^OPTS_RPC_MOUNTD/ s/""/"-p 32767"/' /etc/conf.d/nfs
sed -i '/^OPTS_RPC_STATD/ s/""/"-p 32765 -o 32766"/' /etc/conf.d/nfs
echo 'options lockd nlm_udpport=32768 nlm_tcpport=32768' >> /etc/modprobe.d/local.conf
echo 'options nfs callback_tcpport=32764' >> /etc/modprobe.d/local.conf
rc-update add nfs

MySQL

apk add mariadb mariadb-client
/etc/init.d/mariadb setup && /etc/init.d/mariadb start
mysql_secure_installation
sed -i '/^\[mysqld\]/ s/$/\nbind-address = 127.0.0.1/' /etc/mysql/my.cnf
rc-update add mariadb

Apache + PHP + FastCGI + suEXEC + Pound

apk add apache2 apache2-utils apache-mod-fcgid php5 php5-cgi pound openssl lynx
apk add php5-pdo_sqlite php5-pdo_mysql php5-json
sed -i '/LoadModule.*rewrite/ s/^#//' /etc/apache2/httpd.conf
sed -i '/LoadModule.*suexec/ s/^#//' /etc/apache2/httpd.conf
sed -i '/^\s*DirectoryIndex/ s/$/ index.htm index.php/' /etc/apache2/httpd.conf
sed -i '31 s/HTTP/HTTPS/' /etc/pound.cfg
sed -i '32 s/127.0.0.1/0.0.0.0/' /etc/pound.cfg
sed -i '33 s/8888/443/' /etc/pound.cfg
sed -i '/^Port 443/ s_$_\nCert "/etc/ssl/pound/bundle.pem"_' /etc/pound.cfg
sed -i '/^xHTTP/ s/0/2/' /etc/pound.cfg
mkdir /etc/ssl/pound
# create SSL certificate
rc-update add apache2
rc-update add pound

• Example: VirtualHost configuration

  adduser web1
  mkdir ~web1/etc ~web1/tmp /var/www/vhosts
  mkdir -m 750 /var/www/vhosts/web1
  mkdir /var/www/vhosts/web1/html /var/www/vhosts/web1/fcgi-bin

  cat >/var/www/vhosts/web1/fcgi-bin/php-fcgi-starter <<EOF
  #!/bin/sh
  export PHPRC="/home/web1/etc"
  export TMPDIR="/home/web1/tmp"
  exec /usr/bin/php-cgi
  EOF

  chmod +x /var/www/vhosts/web1/fcgi-bin/php-fcgi-starter
  chown -hR web1:web1 /var/www/vhosts/web1 ~web1
  chgrp -h www-data /var/www/vhosts/web1

  cat >/etc/apache2/conf.d/web1.conf <<EOF
  <VirtualHost *:80>
  ServerName web1.stelas.de
  ServerAlias *.web1.stelas.de
  SuexecUserGroup web1 web1
  DocumentRoot "/var/www/vhosts/web1/html"
  <Directory "/var/www/vhosts/web1/html">
      AddHandler fcgid-script .php
      Options SymLinksIfOwnerMatch ExecCGI
      AllowOverride AuthConfig FileInfo Limit
      FcgidWrapper /var/www/vhosts/web1/fcgi-bin/php-fcgi-starter .php
      Require all granted
  </Directory>
  CustomLog /var/log/apache2/web1_access.log combined
  ErrorLog /var/log/apache2/web1_error.log
  RewriteEngine On
  RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
  </VirtualHost>
  EOF

AWall

• TBD

slrn, ansiweather

apk add bc curl jq slrn

• Install AnsiWeather

Backup

export LBU_BACKUPDIR=/export/backup
lbu ci