The file we'll be modifying is:


/scripts/securetmp


Until recently, modifying one variable was enough to change this, but it seems like there was a change recently that has caused that method to no longer remount /tmp properly. Luckily, the fix for this is two additional small changes to the file.

Let's open up /scripts/securetmp in your favorite editor:


nano /scripts/securetmp


First, we're going to modify line 49:


my $auto = 1


If this isn't already set to 1, set it. Just makes things easier. Next, let's set the /tmp size, line 148:


my $tmpdsksize = 2097152;


This size is in KB - 2GB aught to do it. Now, to fix the issue of mounting /tmp, line 289:


system 'mount', '-o', $mountkeyword . ',loop,noexec,nosuid', $tmpmnt, '/tmp';


We're adding "loop," to the options passed to the mount command to ensure that the system understands /tmp is a loopback device being created on /usr/tmpDSK. Save and exit your file.

Next, we need to shut off anything using /tmp:


/etc/init.d/mysql stop
/etc/init.d/httpd stop


And unmount it and /var/tmp:


umount /tmp
umount /var/tmp


If you get errors, retry a few times, it'll usually unmount after the 2nd or 3rd try. If you're still getting errors, make sure nothing is open in /tmp:


lsof | grep /tmp


Shut it down or delete it. Next, we need to remove the existing /tmp partition file:


rm -f /usr/tmpDSK


And finally, create the new device:


/scripts/securetmp


Depending on the size of your partition, this may take up to 15-20 minutes. After you're done, start everything back up and ensure /tmp is mounted and the right size with a simple:


df -h


Ever been in a Plesk box but can’t find certain components, like ASP support, or the backup manager? This is because Plesk installs whatever you tell it to at the initial install, and only whatever you tell it to. This leads to a lot of missing components that you might be used to having access to. Plesk won’t tell you anything in the GUI except that the component is not installed, so you must hunt down this binary:

/usr/local/psa/admin/bin/autoinstaller

This is the Plesk Autoinstaller, which will allow you, through its byzantine menu corridors, to find the gold that is the component you need. Navigating it is fairly simple, although you’ll probably want to read all of the text on the screen if this is your first time.

However, a more sinister condition awaits you – the fact that the Plesk autoinstaller apparently doesn’t know how to fucking resolve rpm dependencies. Why is it called an autoinstaller if it doesn’t automatically install anything extra? I don’t know.

Resolving Plesk Component Dependencies

Luckily, it’s not that difficult to resolve RPM dependency errors. Did you get an error message that looks something like this?


Retrieving information about the installed packages...
File downloading PSA_9.3.0/dist-rpm-CentOS-5-x86_64/build-9.3.0-cos5-x86_64.hdr.gz: 10%..20%..30%..40%..50%..60%..70%..80%..90%..100% was finished.
File downloading PSA_9.3.0/update-rpm-CentOS-5-x86_64/update-9.3.0-cos5-x86_64.hdr.gz: 10%..20%..30%..40%..50%..60%..70%..80%..90%..100% was finished.
File downloading PSA_9.3.0/thirdparty-rpm-CentOS-5-x86_64/thirdparty-9.3.0-cos5-x86_64.hdr.gz: 13%..25%..31%..40%..54%..60%..72%..83%..95%..100% was finished.
Determining the packages that need to be installed.
ERROR: Unable to install the "psa-backup-manager-9.3.0-cos5.build93091230.06.x86_64" package.
Not all packages were installed.
Please, contact product technical support.
[root@host2 plesk]#

Not to worry! First, try Google to find that RPM – Plesk allows their FTP server to be directory indexed, so it shouldn’t be hard to find the exact RPM it’s erroring out on. Try downloading the .rpm file and installing it manually using rpm -i:

wget http://autoinstall.swsoft.com.cn/PSA_9.3.0/dist-rpm-CentOS-5-x86_64/opt/backup/psa-backup-manager-9.3.0-cos5.build93091230.06.x86_64.rpm
rpm -i psa-backup-manager-9.3.0-cos5.build93091230.06.x86_64.rpm

If all goes well, you’ll get output messages listing the failed dependencies. Ignore any Plesk-looking dependencies, the auto-installer actually fixes these. Use yum to install any other system packages you may need.

/usr/local/cpanel/3rdparty/etc/php.ini

And, since it’s slightly relevant, you can rebuild the internal PHP installation with this script:

/scripts/makecppphp

Prerequisites

mtop requires curses. In CentOS, this is as simple as a few yum commands. There are a few extra steps for cPanel compatibility.

1. Install curses and curses-devel:
   
yum install curses curses-devel
2. Install curses-Perl:

   yum install curses-Perl

   1. If you’re on cPanel, you’ll first need to remove the perl* exclude from yum.conf.

      nano /etc/yum.conf

      In the exclude= line, remove “perl*” – save (CTRL+O) and exit (CTRL+X). Be sure to add it back after installing curses-Perl as per the above command.

Install mtop

Now it’s time to fetch the latest version of mtop and compile it. The homepage is here if you wish to check for the latest version. As of this post, we will be using 0.6.6, the latest version.

1. Grab the mtop source:

   wget http://softlayer.dl.sourceforge.net/project/mtop/mtop/v0.6.6/mtop-0.6.6.tar.gz

2. Configure, make, and install:

   tar -zxf mtop-0.6.6.tar.gz
cd mtop-0.6.6
perl Makefile.PL
make
make install

Configure and run

By default, mtop doesn’t connect as the root user. For most server installations, we want to connect as root. Here’s the quickest and easiest way to run mtop.

1. Find your current mySQL root password:

   cat /root/.my.cnf

2. Copy the root password (and hostname, if different than localhost) and run the command as follows:

   mtop --host=YOURHOSTNAME --dbuser=root --password=YOURPASSWORD --seconds=1

Add the new hostname

1. Back up the “mysql” database before making ANY changes.

2. Log in to WHM as root
3. Navigate to SQL Services->Additional SQL Access Hosts
4. Put the new IP address that you’ll be accessing FROM in the box

If you’ve got a deadline, you can add the host % here – this will allow access to mySQL from all hosts. SQL authentication is still required, so you’re not exposing any passwords, but if your clients use insecure mySQL usernames, passwords, and database prefixes, this could still leave you open to a huge SQL injection vulnerability risk, so it is highly not recommended.

Add the grants

1. Navigate back to the Additional SQL Access Hosts page, and at the bottom of the page, click the link labeled “click here.”
2. Wait for the process to finish and confirm access.

This quick-and-dirty method will ensure your users will still be able to authenticate using their same passwords, and saves a lot of nasty mySQL batch work.

Prerequisites

There are a few prerequisites set up for this. If you installed IIS 7 and you know all of the available Security modules are installed, you may skip this step. Otherwise, we need to install the Windows Authentication and URL Authorization modules.

1. Open Server Manager – Start->Administrative Tools->Server Manager
2. Navigate Roles->Web Server (IIS).
3. Click “Add Features”
4. Ensure that “Windows Authentication” and “URL Authorization” are checked off under the “Security” options.

Creating the User Accounts

1. Open Computer Management – Start->Administrative Tools->Computer Management.
2. Expand Local Users and Groups, select Users
3. Right-click, select New User…
4. Fill in an appropriate username and password – and I recommend putting the domain name in the Full Name field, for record-keeping. Make sure to uncheck “user must change password at next logon,” and check “Password never expires” to prevent issues down the road.
5. Repeat as needed.

Set up the IIS site

1. Open Internet Information Services (IIS) Manager – Start->Administrative Tools->Internet Information Services (IIS) Manager.
2. Expand the Sites tab and select your domain name
3. Click Authentication
4. Right-click Anonymous Authentication, click Disable
5. Right-click Windows Authentication, click Enable

That’s put IIS out of pass-through anonymous authentication mode using the IUSR and has set it to require a Windows authentication pop-up box. That’s half the battle – now to make sure the site only loads when our specific user inputs their username and password.

1. Go back to the domain name in IIS and click Authorization Rules.
2. Right-click on the default rule and click Edit.
3. Click the radio next to Specified Users and type your username into the box

For more background information on these commands, check out these IIS help pages: Windows Authentication, Security Authorization.

Some Prerequisites

There are a few things you’ll need to prepare if you’re on a fresh installation.

1. Subversion

Subversion is required to download and install ffmpeg and mplayer. First, you need to allow yum to install Perl packages.

nano -w /etc/yum.conf

In the exclude= line, remove “perl*” – save (CTRL+O) and exit (CTRL+X).

yum install subversion

Be sure to add the perl* line back to /etc/yum.conf after you install subversion! This is to prevent yum from accidentally overwriting cPanel’s Perl modules.

2. Git

Git is required because for some reason, when you install mplayer, it forces you to download a Git repository of ffmpeg. Don’t use this repository for installing ffmpeg – it breaks with a strange error message. How you install Git will vary across OSes. On CentOS 5.5 x64, there are several dependencies as well.

yum install gettext-devel expat-devel curl-devel zlib-devel openssl-devel
cd /usr/local/src
wget http://git-core.googlecode.com/files/git-1.7.7.tar.gz
tar -zxf git-1.7.7.tar.gz
cd git-1.7.7
make prefix=/usr/local all
make prefix=/usr/local install


3. Ruby

Ruby is required for flvtool. You can install this using the cPanel script:

/scripts/installruby

If you’re not using cPanel, you can probably install this using your package manager.

4. libXext

libXext is required for MP4Box. It’s in the yum repositories.

yum install libXext libXext-devel


5. Remove any other installations

You might already have ffmpeg installed. If it was compiled in, that’s fine, this will overwrite it. But if you have RPM binaries installed, this will cause issues. Run the following:

rpm -qa | grep ffmpeg
rpm -qa | grep mplayer
rpm -qa | grep mencoder
rpm -qa | grep 264

Remove with rpm -e any libraries, common files, or binary installations of these packages to prevent conflicts.

Download All The Things

One note; the official distribution release of ffmpeg-php no longer compiles. The SVN version available here works, but the SVN tarball link here can’t easily be downloaded in a terminal session, so I’ve rehosted the file here on this server. This is not my file, I haven’t modified it, and I take no responsibility for it – it’s merely a copy of the file available from the above link.

1. Let’s get started! This step can and probably should be copy/pasted into your terminal all in one block.


cd /usr/local/src
wget http://rubyforge.org/frs/download.php/17497/flvtool2-1.0.6.tgz
tar zxf flvtool2-1.0.6.tgz
wget http://switch.dl.sourceforge.net/sourceforge/lame/lame-398-2.tar.gz
tar zxf lame-398-2.tar.gz
wget http://hasaninter.net/ffmpeg-php.tar.gz
tar xzf ffmpeg-php.tar.gz
wget http://downloads.xiph.org/releases/vorbis/libvorbis-1.2.3.tar.bz2
tar xjf libvorbis-1.2.3.tar.bz2
wget http://downloads.xiph.org/releases/ogg/libogg-1.1.4.tar.gz
tar xzf libogg-1.1.4.tar.gz
wget http://sourceforge.net/projects/opencore-amr/files/opencore-amr/0.1.2/opencore-amr-0.1.2.tar.gz/download
tar xzf opencore-amr-0.1.2.tar.gz
wget http://downloads.xiph.org/releases/theora/libtheora-1.1.1.tar.bz2
tar xjf libtheora-1.1.1.tar.bz2
wget http://downloads.xvid.org/downloads/xvidcore-1.3.2.tar.gz
tar zxf xvidcore-1.3.2.tar.gz
wget http://downloads.sourceforge.net/faac/faad2-2.7.tar.gz
tar zxf faad2-2.7.tar.gz
wget http://downloads.sourceforge.net/faac/faac-1.28.tar.gz
tar zxf faac-1.28.tar.gz
mkdir /usr/local/lib/codecs
wget ftp://ftp.mplayerhq.hu/MPlayer/releases/codecs/essential-20071007.tar.bz2
tar xjf essential-20071007.tar.bz2
wget http://www.tortall.net/projects/yasm/releases/yasm-1.2.0.tar.gz
tar zxf yasm-1.2.0.tar.gz
cp /usr/local/src/essential-20071007/* /usr/local/lib/codecs/
chmod -R 755 /usr/local/lib/codecs/
mkdir /usr/local/src/tmp
chmod 777 /usr/local/src/tmp
export TMPDIR=/usr/local/src/tmp
svn co https://gpac.svn.sourceforge.net/svnroot/gpac/trunk/gpac gpac
git clone git://git.videolan.org/x264.git


2. Now it’s time to grab mplayer and ffmpeg, the latest versions possible.


git clone git://git.videolan.org/ffmpeg.git ffmpeg
svn checkout svn://svn.mplayerhq.hu/mplayer/trunk mplayer


Let’s Compile This Shit!

Alright, now we’re down to the good stuff – compilation! Hopefully if the above steps went correctly this will just fly by. However I do not recommend that you copy and paste the entire command tree into the terminal at this point. Run everything one step at a time to catch any errors if they do occur. Google is your friend, but feel free to leave a comment here if you run in to any problems.

1. Lame


cd /usr/local/src/lame-398-2/
./configure
make
make install


2. Libogg


cd /usr/local/src/libogg-1.1.4
./configure
make
make install


3. Libvorbis


cd /usr/local/src/libvorbis-1.2.3
./configure
make
make install


4. yasm


cd /usr/local/src/yasm-1.2.0
./configure
make
make install


5. Libxvid


cd /usr/local/src/xvidcore/build/generic
./configure
make
make install


6. Libx264


cd /usr/local/src/x264
./configure --enable-shared
make
make install


7. Flvtool


cd /usr/local/src/flvtool2-1.0.6
ruby setup.rb config
ruby setup.rb setup
ruby setup.rb install


8. Opencore-amr


cd /usr/local/src/opencore-amr-0.1.2
./configure
make
make install


9. Libtheora


cd /usr/local/src/libtheora-1.1.1
./configure
make
make install


10. faad2


cd /usr/local/src/faad2-2.7
./configure
make
make install


11. faac


cd /usr/local/src/faac-1.28
./configure
make
make install


12. MP4Box


cd /usr/local/src/gpac
./configure
make
make install


13. ldconfig

To make sure mplayer and ffmpeg install using the correct libs, we need to make sure ld knows where to find our libraries. First, check:

nano /etc/ld.so.conf

Make sure that this file contains the line:

/usr/local/lib

If you’re on a 64-bit system you should also add:

/usr/local/lib64

Save (CTRL+O), exit (CTRL+W), and then update:

ldconfig

If you run in to any “file not found” errors, it’s probably ldconfig.

14. Mplayer – remember, this will download a new version of ffmpeg for some crazy reason. When it asks, just hit enter and allow it to download. It’s only used for compiling mplayer. We must use –yasm=” because we’ve switched from yasm to nasm and mplayer can’t deal with that.


cd /usr/local/src/mplayer/
./configure --enable-jpeg
make
make install


15. FFMpeg


cd /usr/local/src/ffmpeg
./configure --enable-libmp3lame --enable-libvorbis --enable-shared --enable-libopencore-amrnb --enable-libopencore-amrwb --enable-nonfree --enable-libtheora --enable-version3 --enable-gpl --enable-libxvid
make
make install


16. FFMpeg-PHP – at this point you may receive an error message. To fix this error refer to the second code block.


cd /usr/local/src/ffmpeg-php
phpize
./configure
make
make install


nano -w ffmpeg_frame.c
CTRL+W CTRL+R PIX_FMT_RGBA32 [enter] PIX_FMT_RGB32
A
CTRL+O CTRL+X

What this does is replaces all instances of PIX_FMT_RGBA32 with PIX_FMT_RGB32, saves, and exits. This will happen after the “make” step – you will need to run “make” again, then “make install.”

17. php.ini – All that’s left is to modify your php.ini file! Add the following near the top of the file /usr/local/lib/php.ini (to avoid conflicts)


extension=ffmpeg.so


18. Restart Apache

/etc/init.d/httpd restart

That’s It!

At this point you should have a fully functional ffmpeg installation compiled in to PHP. You can test this with the following:


php -m | grep ffmpeg
You should get the output:

ffmpeg

Thank you very much to serverhostingsecrets.com for providing a very stable base for me to build this tutorial on!