Sever setup of apache vhots, php with different versions, varnish, redis, proFTPD, Webmin, OpenVPN on CentOS 7

Sever setup of apache vhots, php with different versions, varnish, redis, proFTPD, Webmin, OpenVPN on CentOS 7

Install CentOS 7 and login in via putty.
Change Password

passwd

Check for new updates

yum check-update

Update your server

yum update

Install commonly used programs

yum install -y links htop nano

Install the EPEL repository

sudo yum install epel-release

More info on https://support.rackspace.com/how-to/install-epel-and-additional-repositories-on-centos-and-red-hat/
Install Development Tools

yum groupinstall "Development Tools"

Command to list groups

yum group list

 

Install PHP

Install PHP-FPM and dependancies from base repo

yum install -y php-cli php-common php-devel php-fpm php-gd php-mbstring php-mysqlnd php-pdo php-pear php-pecl-memcache php-process php-xml php-pecl-redis

Install PHP FPM 5.6
Include remi repo to get PHP FPM 5.6

cd /home/;wget http://rpms.famillecollet.com/enterprise/remi-release-7.rpm

install it using RPM command

rpm -Uvh remi-release-7.rpm

More info on http://www.servermom.org/how-to-enable-remi-repo-on-centos-7-6-and-5/2790/
After you have compiled run the command to install php fpm 5.6

yum install -y php56-php-cli php56-php-common php56-php-devel php56-php-fpm php56-php-gd php56-php-mbstring php56-php-mysqlnd php56-php-pdo php56-php-pear php56-php-pecl-memcache php56-php-process php56-php-xml php56-php-pecl-redis
yum install -y gcc php-devel php-pear ImageMagick ImageMagick-devel

At this point you have successfully installed ImageMagick package on your system. Now are are going to install ImageMagick php extension, So that we can use it through php code.

pecl install imagick
echo "extension=imagick.so" > /etc/php.d/imagick.ini

If you get this error Message: session_start(): open(/var/lib/php/session/sess_m4qebv1i35l7biibc2hslthk26, O_RDWR) failed: Permission denied (13)
Run the following command

chmod -R 777 /var/lib/php/

Reload Apache

service httpd reload
or
systemctl reload httpd.service

Restart Apache

service httpd restart

Check if Imagick was installed ok

php -i | grep Imagick

 

Install Apache

sudo yum -y install httpd

Allow Apache Through the Firewall
Allow the default HTTP and HTTPS port, ports 80 and 443, through firewalld:

sudo firewall-cmd --permanent --add-port=80/tcp
sudo firewall-cmd --permanent --add-port=443/tcp

install Apache devel

yum install -y httpd-devel

start Apache

sudo systemctl start httpd

Edit /etc/httpd/conf/httpd.conf and add the following at end
IncludeOptional sites-enabled/*.conf
Also add index.php in the block

<IfModule dir_module>
DirectoryIndex index.html index.php
</IfModule>

Create folders in apache

mkdir /etc/httpd/sites-available
mkdir /etc/httpd/sites-enabled
mkdir /var/www/vhosts

Create a dummy vhost for all not configured properties in “/var/www/vhosts/”
99-all.conf

<VirtualHost *:8888>
ServerName null
ServerAlias *
Redirect 404 /
</VirtualHost>

How to create a vhost for new property

mkdir /var/www/vhosts/xyz.abc.com
mkdir /var/www/vhosts/xyz.abc.com/httpdocs
mkdir /var/www/vhosts/xyz.abc.com/logs

Create a new site in “/etc/httpd/sites-available” with name “01-xyz-abc.conf”

nano /etc/httpd/sites-available/01-xyz-abc.conf

Place the virtual host code

<VirtualHost *:80>
ServerName xyz.abc.com
# ServerAlias www.xyz.abc.com
DocumentRoot /var/www/vhosts/xyz.abc.com/httpdocs
#ErrorLog /var/www/vhosts/xyz.abc.com/logs/error_log
ErrorLog /var/log/httpd/error_log
CustomLog /var/www/vhosts/xyz.abc.com/logs/access.log combined
<FilesMatch \.php$>
SetHandler "proxy:unix:/var/run/php-fpm/php5-fpm_xyz.abc.com.sock|fcgi://xyz.abc.com/"
</FilesMatch>
<Proxy fcgi://xyz.abc.com>
ProxySet connectiontimeout=5 timeout=240
</Proxy>
<Directory "/var/www/vhosts/xyz.abc.com/httpdocs">
Order allow,deny
Allow from all
AllowOverride FileInfo All
# New directive needed in Apache 2.4.3:
Require all granted
</Directory>
</VirtualHost>

Create a file in /etc/php-fpm.d/01-xyz-abc.conf and place this content

nano /etc/php-fpm.d/01-xyz-abc.conf
; Start a new pool named 'www'.
[xyz.abc.com]
;listen = 127.0.0.1:9000
listen = /var/run/php-fpm/php5-fpm_xyz.abc.com.sock
listen.allowed_clients = 127.0.0.1
user = xyz-abc-user
group = xyz-abc-user
listen.mode = 0666
; By default use ondemand spawning (this requires php-fpm &gt;= 5.3.9)
pm = ondemand
pm.max_children = 100
pm.process_idle_timeout = 3s
pm.max_requests = 10000
request_terminate_timeout = 600
; Following pm.* options are used only when 'pm = dynamic'
; pm.start_servers = 30
; pm.min_spare_servers = 30
; pm.max_spare_servers = 150
;pm.status_path = /status
;ping.path = /ping
;ping.response = pong
;request_terminate_timeout = 0
;request_slowlog_timeout = 0
; The log file for slow requests
; Default Value: not set
; Note: slowlog is mandatory if request_slowlog_timeout is set
slowlog = /var/log/php-fpm/www-slow.log
;rlimit_files = 1024
;rlimit_core = 0
;chroot =
;chdir = /var/www
;catch_workers_output = yes
;security.limit_extensions = .php .php3 .php4 .php5
; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from
; the current environment.
; Default Value: clean env
;env[HOSTNAME] = $HOSTNAME
;env[PATH] = /usr/local/bin:/usr/bin:/bin
;env[TMP] = /tmp
;env[TMPDIR] = /tmp
;env[TEMP] = /tmp
; Additional php.ini defines, specific to this pool of workers. These settings
; overwrite the values previously defined in the php.ini. The directives are the
; same as the PHP SAPI:
; php_value/php_flag - you can set classic ini defines which can
; be overwritten from PHP call 'ini_set'.
; php_admin_value/php_admin_flag - these directives won't be overwritten by
; PHP call 'ini_set'
; For php_*flag, valid values are on, off, 1, 0, true, false, yes or no.
; Defining 'extension' will load the corresponding shared extension from
; extension_dir. Defining 'disable_functions' or 'disable_classes' will not
; overwrite previously defined php.ini values, but will append the new value
; instead.
; Default Value: nothing is defined by default except the values in php.ini and
; specified at startup with the -d argument
;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f www@my.domain.com
;php_flag[display_errors] = off
php_admin_value[error_log] = /var/www/vhosts/xyz.abc.com/logs/www-error.log
php_admin_flag[log_errors] = on
;php_admin_value[memory_limit] = 128M
; Set session path to a directory owned by process user
php_value[session.save_handler] = files
php_value[session.save_path] = /var/lib/php/session
php_value[open_basedir] = "/var/www/vhosts/xyz.abc.com/:/tmp/:/dev/urandom"

Once you have create a vhost config, now you need to enable it

ln -s /etc/httpd/sites-available/01-xyz-abc.conf /etc/httpd/sites-enabled/01-xyz-abc.conf

Add new user to to new vhost entry

useradd -s /user/sbin/nologin -d /var/www/vhosts/xyz.abc.com xyz-abc-user

Change ownership of vhost

chown -R xyz-abc-user:xyz-abc-user /var/www/vhosts/xyz.abc.com

Change Permissions of vhost

find /var/www/vhosts/xyz.abc.com -type d -exec chmod 755 {} \;
find /var/www/vhosts/xyz.abc.com -type f -exec chmod 644 {} \;

Now you need to restart apache

service httpd restart

Restart the php fpm

service php-fpm restart

install MariaDB

nano /etc/yum.repos.d/MariaDB.repo

Add the follwing files

# MariaDB 10.2 CentOS repository list - created 2017-11-09 08:10 UTC
# http://downloads.mariadb.org/mariadb/repositories/
[mariadb]
name = MariaDB
baseurl = http://yum.mariadb.org/10.2/centos7-amd64
gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB
gpgcheck=1

Save the file and install MariaDB

sudo yum install -y MariaDB-server MariaDB-client

You can also check for new updates and see the install guide on https://downloads.mariadb.org/mariadb/repositories
create myslq temp folder in /dev/shm everytime after restarting server.

mkdir  /dev/shm/mysql
chown -R mysql:mysql /dev/shm/mysql

MySql config file path /etc/my.cnf.d/server.cnf
Change the password and reset the settings after installation

sudo mysql_secure_installation

Create new user privilidges

CREATE USER 'example-user'@'localhost' IDENTIFIED VIA mysql_native_password USING 'example-password';GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, FILE, INDEX, ALTER, CREATE TEMPORARY TABLES, CREATE VIEW, EVENT, TRIGGER, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, EXECUTE ON *.* TO 'example-user'@'localhost' REQUIRE NONE WITH MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0 MAX_USER_CONNECTIONS 0;
REVOKE ALL PRIVILEGES ON `example-database-name`.* FROM 'example-user'@'localhost'; GRANT ALL PRIVILEGES ON `example-database-name`.* TO 'example-user'@'localhost';

 

Install Redis

sudo yum install -y redis php-pecl-redis

Start Redis

sudo systemctl start redis

To automatically start Redis on boot

sudo systemctl enable redis

Verify that Redis is running with redis-cli

redis-cli ping

 

Install ProFTPD

Import the EPEL GPG-key:

rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7

update the packages

yum -y update

We will install ProFTPD and OpenSSL

yum install -y proftpd openssl proftpd-utils

We need to start the service and enable it to start at boot automatically.

systemctl start proftpd.service
systemctl enable proftpd.service

 
Check ProFTPD version

proftpd -v

 
Edit /etc/proftpd.conf file and modify
Search for AuthOrder and replace with:

AuthOrder mod_auth_file.c mod_auth_unix.c
AuthUserFile /etc/proftpd/ftpd.passwd
AuthGroupFile /etc/proftpd/ftpd.group

Create a folder in etc

mkdir /etc/proftpd

get user id and group id for below command.

tail /etc/passwd

Create ftp users

cd /etc/proftpd
ftpasswd --passwd --name=xyz-abc-user --home=/var/www/vhosts/xyz.abc.com/httpdocs/ --shell=/sbin/nologin --uid=1000 --gid=1000
ftpasswd --group --gid=1000 --name=xyz-abc-user

Restart ProFTPD

service proftpd restart

Install php 7

yum install php71

Create a file in “/etc/opt/remi/php71/php-fpm.d/01-xyz-abc.conf” and place same code from above /etc/php-fpm.d/01-xyz-abc.conf
Also please make sure to change below line in  “/etc/opt/remi/php71/php-fpm.d/01-xyz-abc.conf”

listen = /var/run/php-fpm/php5-fpm_xyz.abc.com.sock

 
Also change the existing /opt/remi/php56/root/etc/php-fpm.d/www.conf file and change

listen = 127.0.0.1:9000

to

listen = 127.0.0.1:9010

create a folder for sessions

mkdir /var/lib/php/sessions/
chmod 0777 /var/lib/php/sessions/

Restart Apache

service httpd restart

Restart php fpm

service php71-php-fpm restart

 

Install webmin

https://www.digitalocean.com/community/tutorials/how-to-install-and-use-webmin-on-centos-7
change webmin port

/etc/webmin/stop
nano /etc/webmin/miniserv.conf
change port=10000 to port=7777
/etc/webmin/start

Configure PHP Settings

 
 

Install phpMyAdmin

Copy latest link downoad link from https://www.phpmyadmin.net/downloads/

wget https://files.phpmyadmin.net/phpMyAdmin/4.7.6/phpMyAdmin-4.7.6-all-languages.zip
unzip phpMyAdmin-4.7.6-all-languages.zip

Correct ownership

chown -R xyz-abc-user:xyz-abc-user /var/www/vhosts/xyz.abc.com/phpmyadmin

 
Follow the guide to install phpmyadmin http://www.trustfm.net/ebooks/DedicatedServer.php?page=MySQL

yum install phpmyadmin

Reboot the server

reboot

Install OpenVPN Access

copy latest link from https://openvpn.net/index.php/access-server/download-openvpn-as-sw/113.html?osfamily=CentOS

curl -O http://swupdate.openvpn.org/as/openvpn-as-2.1.12-CentOS7.x86_64.rpm
sudo rpm -i openvpn-as-2.1.12-CentOS7.x86_64.rpm
sudo passwd openvpn

bind to all ports on digital ocean otherwise admin wont open
login to admin panel and change its ports if hosting provider is blocking vpn

Go to admin -&gt; Server Network Settings -&gt; change TCP Port number, also change UDP Port number and change Port number

 

Daily Basic Command

backup command

tar -cpf - /var/www/vhosts/abc.com/httpdocs | gzip &gt; /var/www/vhosts/abc.com/backup-2017-12-01.tar.gz

Rsync command

rsync -av --progress --exclude 'uploads' /abc-directory-old/ /abc-directory-new/ --progress

Rsync to another server.

rsync-av-e "ssh -p 8822"/SOURCE/ root@IP:/DESTINATION/ --progress

Example

rsync-av-e "ssh -p 8822"root@111.111.1111.111:/backup/rdiff/ /home/db/CLIENT/ --progress

 
 

Share this post

Leave a Reply

Your email address will not be published. Required fields are marked *