Cherokee  is a very fast, flexible and easy to configure Web Server. It supports the widespread technologies nowadays: FastCGI, SCGI, PHP, CGI, SSI, TLS and SSL encrypted connections, Virtual hosts, Authentication, on the fly encoding, Load Balancing, Apache compatible log files, Data Base Balancing, Reverse HTTP Proxy, Traffic Shaper, Video Streaming and much more.

One of the exciting features of the product is the web-based administration tool, cherokee-admin. Rather than fiddling around with text files which may not mean much to an administrator new to Cherokee, the server can be entirely setup from cherokee-admin.

To access cherokee-admin from outside the server, one need to create an ssh tunnel using the below command.

ssh -L 9090: root@<server_ip_address>

Then execute


one onetime password for admin user will be displayed on terminal.

Then issue address on browser's addressbar! and login as 'admin' user

base : Turnkey core lucid

Currently phpmyadmin is not configured , though the package is installed :(

Hans Harder's picture

Thx Basil.

I asked for Cherokee some time ago, but haven't got the time yet to see how I can make a TKLpatch for it...  Cherokee also supports streaming WebM (VP8) support...

The rate you are adding new appliances with TKLpatch is amazing...

I have to make some time to get experience with TKLpatch also.


QUOTE:  ech`echo xiun|tr nu oc|sed 'sx\([sx]\)\([xoi]\)xo un\2\1 is xg'`ol

I 'm happy to hear that the appliance is useful for someone  :)

Hans Harder's picture

You are doing a wonderfull job :)

Almost most topics in the forum are now your TKLpatch appliances....

Perhaps they should make a separate directory overview off contributed TKLpatch appliances, perhaps  divided in categories.


If you continue like this, the complete request list for new appliances will be finished shortly smiley

QUOTE:  ech`echo xiun|tr nu oc|sed 'sx\([sx]\)\([xoi]\)xo un\2\1 is xg'`ol

Liraz Siri's picture

I'm a bit conflicted with regards to whether or not this would make a good TurnKey appliance. It's helpful that Hans seems to think that it would. My personal view on this is that a prerequisite to a good appliance is a good definition of what problem it solves. The best kind of appliance solves a well defined problem with a very difficult integration. That's when pre-integration adds the most value. The worst kind of appliance solves a poorly defined problem with a trivial integration.

Most appliances of course fall somewhere between these two extremes.

A few questions/comments:

Lucid PPA package: Now that a Lucid PPA for Cherokee is available (as of Sep 6th), should we be using that for Lucid? Since it's the same version I doubt there is much of a difference anyhow but I could be wrong.

Admin interface: Should we be running the admin service on demand or as a permanent service? If we run it permanently I assume we'd better set the admin password to something more secure than a blank password (like maybe the root password)?

Name: Since you included Mysql and PHP this is more than a Cherokee web server. Is Cherokee still the right name for what this appliance provides? If we cut out MySQL and PHP would installing Cherokee from a PPA be enough to justify an appliance? I would argue yes if the appliance provides added value in the integration (e.g., admin interface works out of the box).

* PPA repo can be changed to lucid

>> Should we be running the admin service on demand or as a permanent service?

* Cherokee recommends running admin interface , "on demand basis" with "one time password" (random one ). It will be displayed on terminal when the command "cherokee-admin " is executed.

Regarding the name, people normaly use the word CUMP [ ] for such a stack. We can use that , if you people find it is ok.

Hans Harder's picture

Admin interface only on demand I think

I did a small modification to my turnkey machines, that I default block the webmin interface with firewall rules.

When I want to get to the admin interfaces, I login with ssh on the box, and in the login script I add an allow rule for my specific connection ip for the webmin interface (using the SSH env vars). As soon as I logout the role will be removed again and access will be denied. This way I can keep the webmin interface running without any worries about security holes or about password attacks.  SSH login is only allowed with private/public keys and kbdinteractive/password logins are disables.

QUOTE:  ech`echo xiun|tr nu oc|sed 'sx\([sx]\)\([xoi]\)xo un\2\1 is xg'`ol

Liraz Siri's picture

But I think we can expect the average user to have some difficulty doing that, in which case we're limiting an important part of the functionality to advanced users, which probably won't get as much value out of an appliance that just sets of Cherokee. Or they won't mind applying a TKLPatch by hand.
dmtelf's picture

I'd love to give this a try.  Could you please give some details on how to set it up?

Liraz Siri's picture

Are you asking for details on applying the TKLPatch, fixing the cherokee admin interface or setting up SSH tunnels? I'm going to guess SSH tunnels. I might write a blog post about this in the future. In the meantime, try googling, I'll bet there are tutorials on this subject.
Hans Harder's picture

Yes, I understand, advanced users can always adapt things if they want it differently

I just wanted to share how you can do thing a little different and very secure. For advanced users its no problem to apply a TKLpatch. However, Basil is bringing out new TKLpatches so fast that even advanced users can't keep up with it :)

QUOTE:  ech`echo xiun|tr nu oc|sed 'sx\([sx]\)\([xoi]\)xo un\2\1 is xg'`ol

Since very few people are interested in cherokee webserver and because we can't provide the the easy to use acess to cherokee-admin interface , we can remove this patch from build queue.

Add new comment