Linux Server Configuration
Server will be deployed to ep1.mini01.mups.co.uk running on a VM. Initially firewalled to allow only port 22 (ssh) traffic.
Web Backend
On ep1.mini01.mups.co.uk install
apache2 php5 php5-mysql php5-gd rrdtool screen php5-mcrypt mysql-server mysql-client
/etc/apache2/sites-available/ryzom.conf
<VirtualHost *:80>
ServerName ep1.mini01.mups.co.uk
ServerAdmin webmaster@mups.co.uk
DocumentRoot /srv/www/ryzom/public_php
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
<VirtualHost *:40916>
ServerName ep1.mini01.mups.co.uk
ServerAdmin webmaster@mups.co.uk
DocumentRoot /srv/www/ryzom/public_php
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
<Directory "/srv/www/ryzom/public_php">
Options Indexes FollowSymLinks
AllowOverride None
Require all Granted
</Directory>
/srv/www should be owned by root:www-data as should all sub directories/files that the web server needs access to. Note, SSL keys are kept in /srv/www/ssl and should be owned by root:root and o-rwx likewise for any digest file.
There were a few places where “../../../private_php” was hard-coded despite the setup page allowing you to put in a new custom path. It’s easier to use the defaults above until you have everything working.
Activate site "a2ensite ryzom.conf"
Edit /etc/apache2/ports.conf adding Listen 40916
allow port 80 and 40916 through firewall eg ufw allow 80
mkdir -p /srv/www/ryzom && chmod 750 /srv/www/ryzom && chown ryzom:www-data /srv/www/ryzom
upload ${RYZOM_ROOT}/ryzomcore/code/web/public_php to /srv/www/ryzom/public_php
upload ${RYZOM_ROOT}/ryzomcore/code/web/private_php to /srv/www/ryzom/private_php
chown -R ryzom:www-data /srv/www/ryzom*
chmod -R o-rwx /srv/www/ryzom*
service apache2 stop/start
The server requires write permissions to the following directories:
chmod g+w public_php/login/logs/ public_php/admin/graphs_output/ public_php/admin/templates/default_c/ public_php/ams/cache/ public_php/ams/templates_c/ public_php/ private_php/ private_php/ams/tmp
NOTE: /srv/www/ryzom/private_php should be accessible to the web server/php scripts BUT not part of a directly accessible/public DocumentRoot.
The website will not initially be accessible due to firewall rules. Initial setup should be performed using a 127.0.0.1:80 connection via ssh tunnel.
Be aware this is for a development setup only. For a production installation please take time to review the security implications of any particular MySQL configuration and apache2 permissions and to use SSL.
Visit http://ep1.mini01.mups.co.uk and follow the setup instructions. i.e fill in the root SQL password as well as a setup password and passwords for the shard and AMS admin user. Leave everything else at the defaults.
You’ll receive a warning: “Invalid argument supplied for foreach() in /srv/www/ryzom/private_php/ams/autoload/users.php on line 360”. This has yet to be investigated, ignore it for now.
Wait for DB creation/population to complete then authenticate using the setup password.
Database Setup
A single development domain “mini01” will be configured and assumed to be running on the machine ep1.mini01.mups.co.uk.
Using mysql or mysql-workbench (via ssh tunnel) make the following additions to the databases the setup procedure created.
Nel DB
Domain table:
| Key | Value |
|---|---|
| domain_id | 20 |
| domain_name | mini01 |
| status | ds_open |
| patch_version | 1 |
| login_address | ep1.mini01.mups.co.uk:49998 |
| session_manager_address | ep1.mini01.mups.co.uk:49999 |
| ring_db_name | ring_mini01 |
| web_host_php | ep1.mini01.mups.co.uk:40916 |
| description | Mini01 Development Domain |
Shard table:
| Key | Value |
|---|---|
| ShardId | 301 |
| domain_id | 20 |
| WsAddr | ep1.mini01.mups.co.uk |
| Name | Mainland 01 |
| State | ds_open |
Nel_tool DB
Neltool_domains table:
| Key | Value |
|---|---|
| domain_id | 20 |
| domain_name | mini01 |
| domain_as_host | ep1.mini01.mups.co.uk |
| domain_as_port | 46710 |
| domain_rrd_path | /srv/core/mini01/rrd_graphs |
| domain_application | mini01 |
| domain_sq_string | mysql://shard@localhost/ring_mini01 |
Ensure the rrd path exists and that the user you will run the services as, has rwx permissions.
Neltool_shards table:
| Key | Value |
|---|---|
| shard_id | 300 |
| shard_name | Unifier |
| shard_as_id | unifier |
| shard_domain_id | 20 |
| shard_lang | en |
Neltool_shards table:
| Key | Value |
|---|---|
| shard_id | 301 |
| shard_name | Mainland 01 |
| shard_as_id | mainland01 |
| shard_domain_id | 20 |
| shard_lang | en |
Ring_main01
Sessions table:
| Key | Value |
|---|---|
| session_id | 301 |
| session_type | st_mainland |
| title | Mainland 01 |
Shard table:
| Key | Value |
|---|---|
| shard_id | 301 |
| required_state | ds_open |
Permissions
Grant the “shard” user access to a few databases.
mysql> grant all on nel.* to shard@localhost;
Query OK, 0 rows affected (0.02 sec)
mysql> grant all on nel_tool.* to shard@localhost;
Query OK, 0 rows affected (0.00 sec)
mysql> grant all on ring_mini01.* to shard@localhost;
Query OK, 0 rows affected (0.00 sec)
Admin website admin/groups section, for each group select the mini01 “domain access” and update. Repeat for shard access to “Unifier” plus “Mainland 01”. This should also set the default domain and shard automatically. You may want a more fine grained setup for live domains.
Users will need permissions adding to allow access to the development domain via the “Users” and “Permissions” tables but we have no users registered yet. To register a user, use the AMS page, then add the domain “20” and shard “301” for the created user id into the nel.permission table and access priv OPEN. Without this you’ll get a “valid subscription needed” error.
Continue on to Deployment/Patchman