How To Install PhpMyAdmin On CentOS 6

It's very easy, just follow the steps:

1. Download the epel repo :

cd /tmp
wget http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm

2. Install the epel repo :

cd /tmp

rpm -ivh epel-release-6-8.noarch.rpm

3. install phpmyadmin using yum :

yum install phpmyadmin

=======================================================
 Package               Arch         Version                 Repository     Size
=======================================================
Installing:
 phpMyAdmin            noarch       3.5.8.2-1.el6           epel          4.3 M

Installing for dependencies:
 libmcrypt             x86_64       2.5.8-9.el6             epel           96 k
 php-gd                x86_64       5.3.3-27.el6_5          updates       107 k
 php-mbstring          x86_64       5.3.3-27.el6_5          updates       455 k
 php-mcrypt            x86_64       5.3.3-3.el6             epel           19 k
 php-php-gettext       noarch       1.0.11-3.el6            epel           21 k

4. Config phpmyadmin, we change the Apache configuration so that phpMyAdmin allows connections not just from localhost (add or just replace):

vi /etc/httpd/conf.d/phpmyadmin.conf

<Directory /usr/share/phpMyAdmin/>
   <IfModule mod_authz_core.c>
     # Apache 2.4
     <RequireAny>
       Require ip 127.0.0.1
       Require ip ::1
       Require ip 192.168.0.6
     </RequireAny>
   </IfModule>
   <IfModule !mod_authz_core.c>
     # Apache 2.2
     Order Deny,Allow
     Deny from All
     Allow from 127.0.0.1
     Allow from ::1
     Allow from 192.168.0.6
   </IfModule>
</Directory>
 

5. Restart httpd service.

Now test from your browser!

Httpd : Enable public_html In User Home Directory with SELinux

asas<

1. First of all, enable mod_userdir module in /etc/httpd/conf/httpd.conf

IfModule mod_userdir.c>
    #
    # UserDir is disabled by default since it can confirm the presence
    # of a username on the system (depending on home directory
    # permissions).
    #
    # UserDir enabled
 
    #
    # To enable requests to /~user/ to serve the user's public_html
    # directory, remove the "UserDir disabled" line above, and uncomment
    # the following line instead:
    #
    UserDir public_html
 
</IfModule>

2. Now we create public_html under user home directory.

mkdir ~user1/public_html

3. To make it work with SELinux, we need to change SELinux context of the public_html.

chcon --reference /var/www/html ~user1/public_html

4. Also change the permission of the public_html from 700 to 711.

chmod 711 ~user1/public_html

5. Enable SElinux boolean for httpd_enable_homedirs

sesetbool -P httpd_enable_homedirs 1

6. * Enable SElinux module mypol.pp

 
semodule -i mypol.pp 

7. * Enable SELinux boolean for httpd_read_user_content

setsebool -P httpd_read_user_content 1

8. Restart httpd.  

9. Done! 

* is optional

BIND Error : DLV validation error

I just got the dns bind error when resolver cannot resolve any outside domain, but work for local domain. The symptoms :

1. Resolver error when try to resolve to outside domain. But it works for local domain.
2. Found the error from /var/log/messages :

May  8 18:14:40 server1 named[3782]:   validating @0x7fa0e467a780: write.coffee.dlv.isc.org NSEC: bad cache hit (dlv.isc.org/DNSKEY)
May  8 18:14:40 server1 named[3782]: error (broken trust chain) resolving 'safebrowsing-cache.google.com.dlv.isc.org/DLV/IN': 8.8.8.8#53
May  8 18:14:40 server1 named[3782]: error (broken trust chain) resolving 'safebrowsing-cache.google.com/AAAA/IN': 8.8.8.8#53

Obviously I know that this might related with my laptop date and time as my cmos battery already died (drained and not replaced yet!) So, the hardware clock (RTC) is not reliable. It will be always 2008 after boot up.

This will lead to dnssec error, and ntpdate not working properly. I mean DLV validation failed.

It can be found in /etc/named.conf, you can either enable or disable it. I believe this kind of problem (battery) rarely happen for a real server (not like my lovely laptop).

 dnssec-enable yes;
 dnssec-validation yes;

So my solutions was :

1. I choose not to disable dnssec.

2. Run the ntpdate, and after date and time is synced.

ntpdate 0.centos.pool.ntp.org 

3. Restart named service, and try to dig any domain back.

service named restart

4. If you want to rely on hardware clock (RTC), run this.

hwclock --systohc

Done! 

Some reference for the solution (many thanks):

http://www.topdog.za.net/2012/08/22/fix-bind-error--broken-trust-chain--resolving/

http://pewetheb.blogspot.co.uk/2013/11/named-error-broken-trust-chain.html