4. HelpSpot Server Setup: RedHat/CentOS
RedHat (RHEL) and CentOS have additional security and configuration that you may not find on Debian/Ubuntu servers. This guide will help you setup a Server on RedHat/CentOS servers that may be missing some PHP modules HelpSpot requires, along with some setup for ensuring HelpSpot will work in environments where SELinux is enabled.
We'll cover setting up an RedHat/CentOS server for use with HelpSpot.
This will install PHP, Apache and MariaDB (a MySQL drop-in replacement). PostgreSQL can alternatively be used.
As of CentOS 7/RedHat 7, MariaDB is the default "MySQL" database available. HelpSpot will work fine with MariaDB and it's replacement of the InnoDB storage engine, ExtraDB.
If you with to use MySQL over MariaDB, however, you can find the appropriate RPMs available for MySQL 5.6 here.
Install Apache & PHP
First we'll install Apache and PHP.
As of CentOS/RedHat 6, a required PHP package "php-imap" (and other optional ones) are not available with the standard repositories. We suggest getting the Fedora EPEL package repository if you are able to. This can be done with one command:
sudo rpm -Uvh \ http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-5.noarch.rpm
Note: If you are using the Amazon AWS RHEL7 image, you may need to enable the Extras and Optional repositories.
To do so, run the following:# ONLY IF USING AMAZON AWS'S RHEL7 IMAGE
sudo yum-config-manager --enable rhui-REGION-rhel-server-extras rhui-REGION-rhel-server-optional
Once that's done, we can install all of the needed Apache and PHP packages:
# Install Apache + PHP sudo yum install httpd php php-pdo php-mysql php-gd php-mcrypt php-curl php-imap php-xml # Set Apache to start on boot: sudo systemctl enable httpd.service # Start Apache: sudo service httpd start
Users of SELinux can also ensure that Apache has permission to use the network to connect to MySQL/MariaDB (essentially connect over 127.0.0.1 rather than via hostname "localhost"):
sudo setsebool -P httpd_can_network_connect_db on sudo service httpd restart
Next we need to edit the PHP.ini configuration file for one needed adjustment: Setting the timezone. Newer PHP often throws off errors if the timezone isn't set, which can cause issues with HelpSpot's error reporter.
Edit /etc/php.ini and set the "date.timezone" setting to any valid timezone, such as UTC. HelpSpot will use the correct timezone within the application despite this setting, but this will prevent PHP from throwing "warning" and "notice" type errors about the timezone not being set.
Change this from:
date.timezone = UTC
(Note that it is no longer commented out with the preceding ";" character)
We also suggest setting PHP memory limits up from the stock settings. What you need depends on your use case, typically if there are larger files being sent in as attachments. We recommend 128M or 256M as a memory limit.
memory_limit = 256M
Once this is done, restart Apache for the change to take affect:
sudo service httpd restart
Lastly we'll create an Apache VirtualHost for use with HelpSpot. You can skip this and add HelpSpot into the default /var/www/html directory, but this is more useful to add some extra security.
We'll make a few assumptions:
- The site is hosted at url http://support.example.com
- The site files will be on the server in directory /var/www/support.example.com
Create or edit file /etc/httpd/conf.d/vhosts.conf. The following VirtualHost is recommended for HelpSpot:
<VirtualHost *:80> ServerName support.example.com DocumentRoot /var/www/support.example.com <Directory /var/www/support.example.com> Options -Indexes +FollowSymLinks +MultiViews # Disallow .htaccess file usage: AllowOverride None Require all granted </Directory> <Directory /var/www/support.example.com/data> # Disallow web access to "data" directory: Deny from all </Directory> ErrorLog /var/log/httpd/support.example.com-error.log # Possible values include: debug, info, notice, warn, error, crit, # alert, emerg. LogLevel warn CustomLog /var/log/httpd/support.example.com-access.log combined </VirtualHost>
This configuration will be read automatically by Apache. Once that's saved, you can ensure your configuration is OK:
sudo service httpd configtest
If everything checks out, reload Apache to load in the new config:
sudo service httpd reload
We'll next install MariaDB, the drop-in replace for MySQL which CentOS7/RedHat7 now come with.
sudo yum install mariadb-server sudo systemctl enable mariadb.service sudo service mariadb start sudo mysql_secure_installation
Once that's installed and you've run through the steps to secure the installation (remove test databases and anything but local root access), you can optionally setup MariaDB to be listen on the localhost network 127.0.0.1. (Otherwise you will only be able to connect to it with hostname "localhost"). Use this in conjunction with the SELinux setsebool above, if you are using SELinux.
Edit the /etc/my.cnf.d/server.cnf and append the following under [mysqld]:
[mysqld] bind-address = 127.0.0.1
Then restart MariaDB:
sudo service mariadb restart
Once that's done, we can create a new database for HelpSpot. Run the following SQL after logging into the mysql command:
# This will prompt you for the root password: mysql -u root -p
Then use the following to create a new database:
CREATE DATABASE helpspot_db CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
This will create a database. The last step is to create a user that can connect to the HelpSpot database locally. We'll use "localhost" For the host that the user can connect from. You should create additional users with other hosts or IP addresses defined if connecting to a remote MySQL server.
Still within the MySQL command prompt, run the following two commands. Note I'm assuming you created a database named "helpspot_db" and want a user named "helpspot_user". Also use a more secure password than the example here:
CREATE USER 'helpspot_user'@'localhost' IDENTIFIED BY 'some_secure_password'; GRANT ALL PRIVILEGES on helpspot_db.* TO 'helpspot_user'@'localhost';
Once that's done, edit your HelpSpot's config.php file to use the database and password you created above.
We recommend using the IonCube loader to read HelpSpot code files. In future HelpSpot versions, we may do away with Zend Loader support do to issues in building HelpSpot with the Zend Loader.
IonCube loader can be downloaded from here. You'll likely need the Linux 64bit version. Downloading the Uploader file of the appropriate version will download the Loader files and an HTML wizard which will inform you of how to install the IonCube loader. Downloading these files and running the wizard can be done by:
- Downloading the files to your server, using curl or wget (e.g. "wget http://downloads3.ioncube.com/loader_downloads/ioncube_loaders_lin_x86-64.zip")
- Unzipping the file (e.g. "unzip ioncube_loaders_lin_x86-64.zip")
- Moving the files to your /var/www/support.example.com site and heading to the included .html file in the wizard directory from your browser.
An example vide of this process of installing IonCube loader via the wizard can be seen here.
A list of command which should work for the latest CentOS/IonCube (assuming they install php version 5.4):
curl -o ioncube_loaders_lin_x86-64.tar.gz \ http://downloads3.ioncube.com/loader_downloads/ioncube_loaders_lin_x86-64.tar.gz # Uncompress .tar.gz file tar -xvf ioncube_loaders_lin_x86-64.tar.gz # Change into the new ioncube files cd ioncube # Add the ioncube loader for php 5.4, assuming that is what's installed sudo cp ioncube_loader_lin_5.4.so /usr/lib64/php/modules/ioncube_loader_lin_5.4.so # If you are using SELinux, give this file the proper owner and SELinux contenx: sudo chown root:root /usr/lib64/php/modules/ioncube_loader_lin_5.4.so sudo chcon -v --user=system_u --role=object_r --type=lib_t \ /usr/lib64/php/modules/ioncube_loader_lin_5.4.so # Edit/create the php module to load IonCube: sudo vi /etc/php.d/00-ioncube.ini
Make the 00-ioncube.ini file look like this:
; Enable ioncube extension module zend_extension=/usr/lib64/php/modules/ioncube_loader_lin_5.4.so
Then restart Apache:
sudo service httpd restart
HelpSpot Files & SELinux
If you are using SELinux, and assuming your HelpSpot installation is found at /var/www/support.example.com, make sure that your HelpSpot has the proper SELinux settings. We'll also ensure the "data" can be written to, as needed by HelpSpot.
# Set file ownership for HelpSpot files sudo chown -R apache:apache /var/www/support.example.com # Check current SELinux settings for HelpSpot files: cd /var/www/support.example.com ls -Z # Set SELinux context for Apache files: sudo chcon -Rv --user=system_u --role=object_r --type=httpd_sys_content_t \ /var/www/support.example.com # Set write ability to "data" directory: sudo chmod -R gu+rw /var/www/support.example.com/data # Ensure SELinux allows Apache has permission to write to the data directory: sudo chcon -Rv --type=httpd_sys_content_rw_t /var/www/support.example.com/data
Once these steps are done, you can include your HelpSpot files in the /var/www/support.example.com directory, copy the config-empty.php file to config.php, edit that config.php file as needed (database configuration + cHOST variables) and then run the installer.php file from your web browser e.g. http://support.example.com/installer.php.
If you experience errors, check for PHP errors at the configured Apache error log. In this example, that log location is /var/log/httpd/support.example.com-error.log.
You may also wish to edit the /etc/php.ini file to change PHP configuration. For example, you may wish to enable display_errors and set the error_reporting to the example "development" setting to see more errors and debug potential issues during HelpSpot installation.
If you edit the php.ini file, be sure to restart Apache after configuration changes:
sudo service httpd restart
Assuming everything else is setup, you are now ready to run HelpSpot's installer. This is usually done in the web browser, using "installer.php" (e.g. http://your-helpspot-site.com/installer.php), but you can also run the installer using HelpSpot's new "install" CLI command as well.