Install CentOS 7 and login in via putty.
Change Password
Check for new updates
Update your server
Install commonly used programs
yum install -y links htop nano
|
Install the EPEL repository
sudo yum install epel-release
|
More info on https://support.rackspace.com/how-to/install-epel-and-additional-repositories-on-centos-and-red-hat/
Install Development Tools
yum groupinstall "Development Tools"
|
Command to list groups
Install PHP
Install PHP-FPM and dependancies from base repo
yum install -y php-cli php-common php-devel php-fpm php-gd php-mbstring php-mysqlnd php-pdo php-pear php-pecl-memcache php-process php-xml php-pecl-redis
|
Install PHP FPM 5.6
Include remi repo to get PHP FPM 5.6
cd /home/;wget http://rpms.famillecollet.com/enterprise/remi-release-7.rpm
|
install it using RPM command
rpm -Uvh remi-release-7.rpm
|
More info on http://www.servermom.org/how-to-enable-remi-repo-on-centos-7-6-and-5/2790/
After you have compiled run the command to install php fpm 5.6
yum install -y php56-php-cli php56-php-common php56-php-devel php56-php-fpm php56-php-gd php56-php-mbstring php56-php-mysqlnd php56-php-pdo php56-php-pear php56-php-pecl-memcache php56-php-process php56-php-xml php56-php-pecl-redis
|
yum install -y gcc php-devel php-pear ImageMagick ImageMagick-devel
|
At this point you have successfully installed ImageMagick package on your system. Now are are going to install ImageMagick php extension, So that we can use it through php code.
pecl install imagick
|
echo "extension=imagick.so" > /etc/php.d/imagick.ini
|
If you get this error Message: session_start(): open(/var/lib/php/session/sess_m4qebv1i35l7biibc2hslthk26, O_RDWR) failed: Permission denied (13)
Run the following command
chmod -R 777 /var/lib/php/
|
Reload Apache
service httpd reload
|
or
|
systemctl reload httpd.service
|
Restart Apache
Check if Imagick was installed ok
Install Apache
sudo yum -y install httpd
|
Allow Apache Through the Firewall
Allow the default HTTP and HTTPS port, ports 80 and 443, through firewalld:
sudo firewall-cmd --permanent --add-port=80/tcp
|
sudo firewall-cmd --permanent --add-port=443/tcp
|
install Apache devel
yum install -y httpd-devel
|
start Apache
sudo systemctl start httpd
|
Edit /etc/httpd/conf/httpd.conf and add the following at end
IncludeOptional sites-enabled/*.conf
Also add index.php in the block
<IfModule dir_module>
|
DirectoryIndex index.html index.php
|
</IfModule>
|
Create folders in apache
mkdir /etc/httpd/sites-available
|
mkdir /etc/httpd/sites-enabled
|
mkdir /var/www/vhosts
|
Create a dummy vhost for all not configured properties in “/var/www/vhosts/”
99-all.conf
<VirtualHost *:8888>
|
ServerName null
|
ServerAlias *
|
Redirect 404 /
|
</VirtualHost>
|
How to create a vhost for new property
mkdir /var/www/vhosts/xyz.abc.com
|
mkdir /var/www/vhosts/xyz.abc.com/httpdocs
|
mkdir /var/www/vhosts/xyz.abc.com/logs
|
Create a new site in “/etc/httpd/sites-available” with name “01-xyz-abc.conf”
nano /etc/httpd/sites-available/01-xyz-abc.conf
|
Place the virtual host code
<VirtualHost *:80>
|
ServerName xyz.abc.com
|
# ServerAlias www.xyz.abc.com
|
DocumentRoot /var/www/vhosts/xyz.abc.com/httpdocs
|
#ErrorLog /var/www/vhosts/xyz.abc.com/logs/error_log
|
ErrorLog /var/log/httpd/error_log
|
CustomLog /var/www/vhosts/xyz.abc.com/logs/access.log combined
|
<FilesMatch \.php$>
|
SetHandler "proxy:unix:/var/run/php-fpm/php5-fpm_xyz.abc.com.sock|fcgi://xyz.abc.com/"
|
</FilesMatch>
|
<Proxy fcgi://xyz.abc.com>
|
ProxySet connectiontimeout=5 timeout=240
|
</Proxy>
|
<Directory "/var/www/vhosts/xyz.abc.com/httpdocs">
|
Order allow,deny
|
Allow from all
|
AllowOverride FileInfo All
|
# New directive needed in Apache 2.4.3:
|
Require all granted
|
</Directory>
|
</VirtualHost>
|
Create a file in /etc/php-fpm.d/01-xyz-abc.conf and place this content
nano /etc/php-fpm.d/01-xyz-abc.conf
|
; Start a new pool named 'www'.
|
[xyz.abc.com]
|
;listen = 127.0.0.1:9000
|
listen = /var/run/php-fpm/php5-fpm_xyz.abc.com.sock
|
listen.allowed_clients = 127.0.0.1
|
user = xyz-abc-user
|
group = xyz-abc-user
|
listen.mode = 0666
|
; By default use ondemand spawning (this requires php-fpm >= 5.3.9)
|
pm = ondemand
|
pm.max_children = 100
|
pm.process_idle_timeout = 3s
|
pm.max_requests = 10000
|
request_terminate_timeout = 600
|
; Following pm.* options are used only when 'pm = dynamic'
|
; pm.start_servers = 30
|
; pm.min_spare_servers = 30
|
; pm.max_spare_servers = 150
|
;pm.status_path = /status
|
;ping.path = /ping
|
;ping.response = pong
|
;request_terminate_timeout = 0
|
;request_slowlog_timeout = 0
|
; The log file for slow requests
|
; Default Value: not set
|
; Note: slowlog is mandatory if request_slowlog_timeout is set
|
slowlog = /var/log/php-fpm/www-slow.log
|
;rlimit_files = 1024
|
;rlimit_core = 0
|
;chroot =
|
;chdir = /var/www
|
;catch_workers_output = yes
|
;security.limit_extensions = .php .php3 .php4 .php5
|
; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from
|
; the current environment.
|
; Default Value: clean env
|
;env[HOSTNAME] = $HOSTNAME
|
;env[PATH] = /usr/local/bin:/usr/bin:/bin
|
;env[TMP] = /tmp
|
;env[TMPDIR] = /tmp
|
;env[TEMP] = /tmp
|
; Additional php.ini defines, specific to this pool of workers. These settings
|
; overwrite the values previously defined in the php.ini. The directives are the
|
; same as the PHP SAPI:
|
; php_value/php_flag - you can set classic ini defines which can
|
; be overwritten from PHP call 'ini_set'.
|
; php_admin_value/php_admin_flag - these directives won't be overwritten by
|
; PHP call 'ini_set'
|
; For php_*flag, valid values are on, off, 1, 0, true, false, yes or no.
|
; Defining 'extension' will load the corresponding shared extension from
|
; extension_dir. Defining 'disable_functions' or 'disable_classes' will not
|
; overwrite previously defined php.ini values, but will append the new value
|
; instead.
|
; Default Value: nothing is defined by default except the values in php.ini and
|
; specified at startup with the -d argument
|
;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f www@my.domain.com
|
;php_flag[display_errors] = off
|
php_admin_value[error_log] = /var/www/vhosts/xyz.abc.com/logs/www-error.log
|
php_admin_flag[log_errors] = on
|
;php_admin_value[memory_limit] = 128M
|
; Set session path to a directory owned by process user
|
php_value[session.save_handler] = files
|
php_value[session.save_path] = /var/lib/php/session
|
php_value[open_basedir] = "/var/www/vhosts/xyz.abc.com/:/tmp/:/dev/urandom"
|
Once you have create a vhost config, now you need to enable it
ln -s /etc/httpd/sites-available/01-xyz-abc.conf /etc/httpd/sites-enabled/01-xyz-abc.conf
|
Add new user to to new vhost entry
useradd -s /user/sbin/nologin -d /var/www/vhosts/xyz.abc.com xyz-abc-user
|
Change ownership of vhost
chown -R xyz-abc-user:xyz-abc-user /var/www/vhosts/xyz.abc.com
|
Change Permissions of vhost
find /var/www/vhosts/xyz.abc.com -type d -exec chmod 755 {} \;
|
find /var/www/vhosts/xyz.abc.com -type f -exec chmod 644 {} \;
|
Now you need to restart apache
Restart the php fpm
install MariaDB
nano /etc/yum.repos.d/MariaDB.repo
|
Add the follwing files
# MariaDB 10.2 CentOS repository list - created 2017-11-09 08:10 UTC
|
# http://downloads.mariadb.org/mariadb/repositories/
|
[mariadb]
|
name = MariaDB
|
baseurl = http://yum.mariadb.org/10.2/centos7-amd64
|
gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB
|
gpgcheck=1
|
Save the file and install MariaDB
sudo yum install -y MariaDB-server MariaDB-client
|
You can also check for new updates and see the install guide on https://downloads.mariadb.org/mariadb/repositories
create myslq temp folder in /dev/shm everytime after restarting server.
mkdir /dev/shm/mysql
|
chown -R mysql:mysql /dev/shm/mysql
|
MySql config file path /etc/my.cnf.d/server.cnf
Change the password and reset the settings after installation
sudo mysql_secure_installation
|
Create new user privilidges
CREATE USER 'example-user'@'localhost' IDENTIFIED VIA mysql_native_password USING 'example-password';GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, FILE, INDEX, ALTER, CREATE TEMPORARY TABLES, CREATE VIEW, EVENT, TRIGGER, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, EXECUTE ON *.* TO 'example-user'@'localhost' REQUIRE NONE WITH MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0 MAX_USER_CONNECTIONS 0;
|
REVOKE ALL PRIVILEGES ON `example-database-name`.* FROM 'example-user'@'localhost'; GRANT ALL PRIVILEGES ON `example-database-name`.* TO 'example-user'@'localhost';
|
Install Redis
sudo yum install -y redis php-pecl-redis
|
Start Redis
sudo systemctl start redis
|
To automatically start Redis on boot
sudo systemctl enable redis
|
Verify that Redis is running with redis-cli
Install ProFTPD
Import the EPEL GPG-key:
rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
|
update the packages
We will install ProFTPD and OpenSSL
yum install -y proftpd openssl proftpd-utils
|
We need to start the service and enable it to start at boot automatically.
systemctl start proftpd.service
|
systemctl enable proftpd.service
|
Check ProFTPD version
Edit /etc/proftpd.conf file and modify
Search for AuthOrder and replace with:
AuthOrder mod_auth_file.c mod_auth_unix.c
|
AuthUserFile /etc/proftpd/ftpd.passwd
|
AuthGroupFile /etc/proftpd/ftpd.group
|
Create a folder in etc
get user id and group id for below command.
Create ftp users
cd /etc/proftpd
|
ftpasswd --passwd --name=xyz-abc-user --home=/var/www/vhosts/xyz.abc.com/httpdocs/ --shell=/sbin/nologin --uid=1000 --gid=1000
|
ftpasswd --group --gid=1000 --name=xyz-abc-user
|
Restart ProFTPD
Install php 7
Create a file in “/etc/opt/remi/php71/php-fpm.d/01-xyz-abc.conf” and place same code from above /etc/php-fpm.d/01-xyz-abc.conf
Also please make sure to change below line in “/etc/opt/remi/php71/php-fpm.d/01-xyz-abc.conf”
listen = /var/run/php-fpm/php5-fpm_xyz.abc.com.sock
|
Also change the existing /opt/remi/php56/root/etc/php-fpm.d/www.conf file and change
to
create a folder for sessions
mkdir /var/lib/php/sessions/
|
chmod 0777 /var/lib/php/sessions/
|
Restart Apache
Restart php fpm
service php71-php-fpm restart
|
Install webmin
https://www.digitalocean.com/community/tutorials/how-to-install-and-use-webmin-on-centos-7
change webmin port
/etc/webmin/stop
|
nano /etc/webmin/miniserv.conf
|
change port=10000 to port=7777
|
/etc/webmin/start
|
Configure PHP Settings
Install phpMyAdmin
Copy latest link downoad link from https://www.phpmyadmin.net/downloads/
wget https://files.phpmyadmin.net/phpMyAdmin/4.7.6/phpMyAdmin-4.7.6-all-languages.zip
|
unzip phpMyAdmin-4.7.6-all-languages.zip
|
Correct ownership
chown -R xyz-abc-user:xyz-abc-user /var/www/vhosts/xyz.abc.com/phpmyadmin
|
Follow the guide to install phpmyadmin http://www.trustfm.net/ebooks/DedicatedServer.php?page=MySQL
Reboot the server
Install OpenVPN Access
copy latest link from https://openvpn.net/index.php/access-server/download-openvpn-as-sw/113.html?osfamily=CentOS
curl -O http://swupdate.openvpn.org/as/openvpn-as-2.1.12-CentOS7.x86_64.rpm
|
sudo rpm -i openvpn-as-2.1.12-CentOS7.x86_64.rpm
|
sudo passwd openvpn
|
bind to all ports on digital ocean otherwise admin wont open
login to admin panel and change its ports if hosting provider is blocking vpn
Go to admin -> Server Network Settings -> change TCP Port number, also change UDP Port number and change Port number
|
Daily Basic Command
backup command
tar -cpf - /var/www/vhosts/abc.com/httpdocs | gzip > /var/www/vhosts/abc.com/backup-2017-12-01.tar.gz
|
Rsync command
rsync -av --progress --exclude 'uploads' /abc-directory-old/ /abc-directory-new/ --progress
|
Rsync to another server.
rsync-av-e "ssh -p 8822"/SOURCE/ root@IP:/DESTINATION/ --progress
|
Example
rsync-av-e "ssh -p 8822"root@111.111.1111.111:/backup/rdiff/ /home/db/CLIENT/ --progress
|
