= Setting up a BOINC server = == Using a virtual machine == The easiest (and recommended) way to set up a BOINC server is in a [VirtualMachines virtual machine] that we've created for that purpose, with all the necessary software already installed. You can run this virtual machine using the [http://www.vmware.com/download/player/ VMWare player] and any Intel-based computer (Windows, Linux, or Mac OS X). If you take this approach, skip the rest of this page. == Using a real machine == You can potentially use any Unix system as a BOINC server (we recommend using a recent Linux release). Set up the machine as follows. === Groups and permissions === BOINC server programs run as two different users: * The scheduler and file upload handler are CGI programs, so they run as the same user as the web server (typically user 'apache', group 'apache'). * BOINC daemons runs as whoever created the project (let's say user 'boincadm', group 'boinc'). By default, the directories created by user apache are not world-writeable. This causes problems: for example, when the file upload handler creates a directory in the [DirHierarchy upload hierarchy], it's owned by (apache, apache), and the [http://boinc.berkeley.edu/trac/wiki/FileDeleter file deleter] (which runs as boincadm) won't be able to delete the files there. To solve this problem, edit /etc/group so that apache belongs to group boinc, i.e. the line: {{{ boinc:x:566: }}} becomes: {{{ boinc:x:566:apache }}} (Apache will need to be stopped/restarted for this to take effect.) When you create a BOINC project using [MakeProject make_project], the critical directories are owned by boincadm and have the set-GID bit set; this means that any directories or files created by apache in those directories will have group boinc (not group apache). The BOINC software makes all directories group read/write. Thus, both apache and boinc will have read/write access to all directories and files, but other users will have no access. To fix permissions on an existing project, do: {{{ chmod 02770 upload chmod 02770 html/cache chmod 02770 html/inc chmod 02770 html/languages chmod 02770 html/languages/compiled chmod 02770 html/user_profiles }}} You may also need to change the ownership of these directories and all their subdirectories to boincadm/boinc. If you're running several projects on the same server and want to isolate them from each other, you can create a different user and group for each project, and add apache to all of the groups. When serving your project files from apache, note that all directories up to and including the html directory must have execute permissions. For example, if you use make_project to create the project template in your home directory, your home directory must have 711 permissions as opposed to the default of 700. If this is not corrected, you will receive a 403 Permission Denied error when attempted to browse to your project page. === Installing BOINC software === * Download and install whatever [SoftwarePrereqsUnix software prerequisites] are needed on your system. * [SourceCode Download the BOINC software]. * [BuildSystem Configure and build] the BOINC software. === Operating system configuration === Some parts of the BOINC server (the feeder and scheduling server) use shared memory. Hosts where these run must have shared memory enabled, with a maximum segment size of at least 32 MB. How to do this depends on the operating system; some information is [http://developer.postgresql.org/docs/postgres/kernel-resources.html here]. === MySQL notes === * After installing and running the server, grant permissions for your own account and for the account under which Apache runs ('nobody' in the following; may be different on your machine). All mysql accounts should be password protected including root. {{{ mysql -u root grant all on *.* to yourname@localhost identified by 'password'; grant all on *.* to yourname identified by 'password'; grant all on *.* to nobody@localhost identified by 'password'; grant all on *.* to nobody identified by 'password'; }}} * Set your PATH variable to include MySQL programs (typically /usr/local/mysql and /usr/local/mysql/bin). * You'll need to back up your database. Generally this requires stopping the project, making a copy or snapshot, and restarting. An example is [http://boinc.berkeley.edu/mysql_backup.txt here]. * BOINC gets MySQL compiler and linker flags from a program called mysql_config which comes with your MySQL distribution. This sometimes references libraries that are not part of your base system installation, such as -lnsl or -lnss_files. You may need to install additional packages (often you can use something called 'mysql-dev' or 'mysql-devel') or fiddle with Makefiles. * MySQL can be the bottleneck in a BOINC server. To optimize its performance, read about [MysqlConfig configuring MySQL for BOINC]. * [http://boinc.berkeley.edu/mysql_cluster.txt Notes on running MySQL on a cluster]. == MySQLclient notes == * Configure mysql with the --enable-thread-safe-client switch. * Set your LD_LIBRARY_PATH to refer to the correct library. === Apache notes === In httpd.conf, set the default MIME type as follows (otherwise you'll get file upload signature verification errors): {{{ DefaultType application/octet-stream }}} To limit denial-of-service attacks, we recommend turning off directory indexing by adding -Indexes to the Options directive. === PHP notes === * Make sure 'magic quotes' are enabled (this is the default). The file /etc/php.ini should contain {{{ magic_quotes_gpc = On }}} * By default, BOINC uses PHP's mail function to send email to participants. This uses sendmail. If this doesn't work, you can use [http://phpmailer.sourceforge.net/ PHPMailer] instead, which is a very flexible mail-sending mechanism. To do this: * Download PHPMailer and put it under PROJECT/html/inc/phpmailer. * Set the following variables in your PROJECT/html/project/project.inc file (substitute your own values): {{{ = true; = "xxx.xxx.xxx"; = "smtp"; }}}