Hi, On Sun, 25 Aug 2024 20:10:52 -0400 David Colburn <q...@kd4e.com> wrote:
> On 8/25/24 17:55, Zé Loff wrote: > > On Sun, Aug 25, 2024 at 02:49:03PM -0400, David Colburn wrote: > >>> After a cursory reading, it looks OK. But don't forget to read the > >>> supplied documentation, after installing the package: > >>> > >>> less /usr/local/share/doc/pkg-readmes/mariadb-server > >>> > >>> Also, most of those steps don't have to do with mariadb, but with simple > >>> system administration. Installing the package, starting and stopping > >>> services, and checking if processes are running and ports are open are > >>> all tasks you should be familiar with. > >> All good to this point, thanks. > >> > >> Now I'm reading this in > >> > >> /usr/local/share/doc/pkg-readmes/mariadb-server > >> > >> Given that lighttpd runs in chroot am I correct that I need to run the > >> following > >> > >> install and then edit /etc/my.cnf for things to play nicely together? > >> > >> Thanks, > >> > >> David > >> > >> -------------------------------------------------------------------------------------------------------------------- > >> > >> chrooted daemons and MariaDB socket > >> =================================== > >> > >> For external program running under a chroot(8) to be able to access the > >> MariaDB server without using a network connection, the socket must be > >> placed inside the chroot. > >> > >> e.g. httpd(8) or nginx(8): connecting to MariaDB from PHP > >> --------------------------------------------------------- > >> Create a directory for the MariaDB socket: > >> > >> # install -d -m 0711 -o _mysql -g _mysql /var/www/var/run/mysql > >> > >> Adjust /etc/my.cnf to use the socket in the chroot - this > >> applies to both client and server processes: > >> > >> [client-server] > >> socket = /var/www/var/run/mysql/mysql.sock > > You have three progressively less restrictive ways of providing access > > to your database server: > > > > * A Unix socket: > > If all the database consumers will be running locally, you can use a > > socket. If any of the consumers will be running chrooted to /var/www, > > then you'll need to put the socket in the chroot, as described on the > > pkg-readme (and remember not to use the full path when configuring the > > chrooted clients). > > > > * TCP, listening on 127.0.0.1: > > If all consumers will be running on the same host, and if you don't want > > the hassle of setting up the socket -- the tradeoff being having the > > socket available for every process that can use inet -- then you can > > just configure mariadb to listen on the loopback interface. If you have > > "set skip on lo0" on pf.conf (it's there by default), then you won't > > need to add anything else to that file. > > > > * TCP, listening on other interfaces: > > You'll need this if the database is to be accessible to other hosts. > > Using this option might require adjusting your filtering rules on > > pf.conf. > > > > > > You can use any combination of the above methods (socket only, loopback > > only, socket+loopback, socket+other interfaces, etc). See the "port", > > "socket", "skip-networking" and "bind-address" options on the [mysqld] > > section of /etc/my.cnf, and remember to setup the [client] section > > accordingly (i.e., if you skip-networking, don't configure the client to > > use TCP/IP, and if you don't setup a server socket, don't configure the > > client to use it). > > > > And make sure you know what you need, and why, before configuring > > things. > > > Thank you for your reply. > > Here's my attempt to assess & describe what I need, and why ... > > This will be a self-hosted Web-facing server using the Chamilo-LMS > > (learning management system) interface. > > All of the users, students and teachers alike, would log into the > Chamilo-LMS host. > > All of the data that Chamilo-LMS would serve would be hosted on the same > > machine where it resides. > > (Note: If I understand, correctly, the preferred best-security practice > is to require > a user of Chamilo-LMS to access any external links by leaving the server - > e.g. a remote user would open a second tab on their machine to open a > non-local > URL, rather than my server passing that content. True?) huh?? I'm not sure what exactly you mean. > > As I understand it, Chamilo-LMS is based on PHP and uses MariaDB, but > Lighttpd > is what manages the internal and Web-facing network side of things? > So, database consumers would only communicate with MariaDB via Chamilo-LMS? > Would Chamilo-LMS need a Unix socket to communicate with MariaDB? > And then Lighttpd would use TCP (listening on 127.0.0.1) between the > Chamilo-LMS > consumer login accounts and the world? Communication is: user/web browser <---> web server(lighttpd) <---> PHP(chamilo-LMS) <---> database(MariaDB) The Admin guide of chamilo-LMS (step 4 of 6) seems to imply it uses UNIX sockets when you supply “localhost” as Database Host. My guess would be, if you use 127.0.0.1 as Database host it will use a TCP/IP connection. Best regards Robert > > Thanks! >
