{"id":768,"date":"2009-08-05T21:57:59","date_gmt":"2009-08-06T01:57:59","guid":{"rendered":"http:\/\/mattclare.ca\/wordpress\/?p=768"},"modified":"2009-08-06T23:34:32","modified_gmt":"2009-08-07T03:34:32","slug":"my_server-centos_5_linux_operating_system","status":"publish","type":"post","link":"https:\/\/mattclare.ca\/blog\/2009\/08\/05\/my_server-centos_5_linux_operating_system\/","title":{"rendered":"Building-Up CentOS 5 Linux Operating System"},"content":{"rendered":"

\"HyperVM<\/a>When setting up my VPS server there were a number of options for building it. The VPS admin tool gives you “virtual” control over the power switch and the ability to rebuild the server with a fresh OS image at any time. A2 Web Hosting<\/a> has a few flavours of Linux to choose from: CentOS<\/a> (the GPL-based rebuild of Red Hat’s Enterprise Server 5), Gentoo<\/a> and Ubuntu<\/a>. I went with CentOS<\/a> as I use it at work, and Enterprise-Grade always seems good to me.<\/p>\n

From here on I’ll assume that you know something about the command line, and that you’ve got a good SSH<\/a> client like the OS X Terminal or Putty<\/a> and a way to upload files via an SFTP client like Cyberduck<\/a> or Filezilla<\/a>.<\/p>\n

One my first steps with a pristine Linux operating system is to create a folder called “backup” and an “etc_original” folder in there and copy all of the original etc folder files there for reference.
\nmkdir \/backup
\nmkdir \/backup_original
\ncp -r \/etc\/ \/backup\/etc_original<\/code><\/p>\n

What you’ll need on your server<\/h3>\n

Depending on the install\/image you use you may have everything you need right there, but here are the packages I install out of the gate:<\/p>\n

First off I install the screen tool (more about screen at http:\/\/www.cyberciti.biz\/tips\/how-to-use-screen-command-under-linux.html<\/a>) so that I can walk away and reconnect to this process, rsync for moving things and backing things up and telnet for testing ports\/servers:
\nyum install screen rsync telnet<\/code>
\nMake sure Apache’s installed and that we’ve got all the PHP modules we need:
\nyum install httpd php php-cli php-zip php-mysql php-mcrypt php-mbstring<\/code>
\nAlso get some SSL support:
\nyum install mod_ssl openssl<\/code>
\nInstall MySQL client and server:
\nyum install mysql mysql-server<\/code>
\nInstall the firewall
\nyum install iptables<\/code><\/p>\n

Once all of those packages are installed you’ll need to set them up.<\/p>\n

Securing SSH and the rest of the server<\/h3>\n

Here’s a great a guide to securing SSH itself and setting up iptables, so I will deffer to it: http:\/\/wiki.centos.org\/HowTos\/Network\/SecuringSSH<\/a><\/p>\n

Be sure to allow the appropriate ports you’ll need later (http 80, https 443, and your current ssh port because you’d never keep it at 22, right?<\/small>).<\/p>\n

Setting up Apache<\/h3>\n

For Apache I like to edit the httpd.conf nano -w \/etc\/httpd\/conf\/httpd.conf<\/code> and turn off the following modules by commenting them out with a #:
\n
\nLoadModule auth_basic_module modules\/mod_auth_basic.so
\nLoadModule auth_digest_module modules\/mod_auth_digest.so
\nLoadModule authn_file_module modules\/mod_authn_file.so
\nLoadModule authn_alias_module modules\/mod_authn_alias.so
\nLoadModule authn_anon_module modules\/mod_authn_anon.so
\n#LoadModule authn_dbm_module modules\/mod_authn_dbm.so
\nLoadModule authn_default_module modules\/mod_authn_default.so
\nLoadModule authz_host_module modules\/mod_authz_host.so
\nLoadModule authz_user_module modules\/mod_authz_user.so
\nLoadModule authz_owner_module modules\/mod_authz_owner.so
\n#LoadModule authz_groupfile_module modules\/mod_authz_groupfile.so
\n#LoadModule authz_dbm_module modules\/mod_authz_dbm.so
\n#LoadModule authz_default_module modules\/mod_authz_default.so
\n#LoadModule ldap_module modules\/mod_ldap.so
\n#LoadModule authnz_ldap_module modules\/mod_authnz_ldap.so
\n#LoadModule include_module modules\/mod_include.so
\nLoadModule log_config_module modules\/mod_log_config.so
\nLoadModule logio_module modules\/mod_logio.so
\nLoadModule env_module modules\/mod_env.so
\nLoadModule ext_filter_module modules\/mod_ext_filter.so
\nLoadModule mime_magic_module modules\/mod_mime_magic.so
\nLoadModule expires_module modules\/mod_expires.so
\nLoadModule deflate_module modules\/mod_deflate.so
\nLoadModule headers_module modules\/mod_headers.so
\nLoadModule usertrack_module modules\/mod_usertrack.so
\nLoadModule setenvif_module modules\/mod_setenvif.so
\nLoadModule env_module modules\/mod_env.so
\nLoadModule ext_filter_module modules\/mod_ext_filter.so
\nLoadModule mime_magic_module modules\/mod_mime_magic.so
\nLoadModule expires_module modules\/mod_expires.so
\nLoadModule deflate_module modules\/mod_deflate.so
\nLoadModule headers_module modules\/mod_headers.so
\nLoadModule usertrack_module modules\/mod_usertrack.so
\nLoadModule setenvif_module modules\/mod_setenvif.so
\nLoadModule mime_module modules\/mod_mime.so
\n#LoadModule dav_module modules\/mod_dav.so
\n#LoadModule status_module modules\/mod_status.so
\nLoadModule autoindex_module modules\/mod_autoindex.so
\n#LoadModule info_module modules\/mod_info.so
\n#LoadModule dav_fs_module modules\/mod_dav_fs.so
\nLoadModule vhost_alias_module modules\/mod_vhost_alias.so
\nLoadModule negotiation_module modules\/mod_negotiation.so
\nLoadModule dir_module modules\/mod_dir.so
\nLoadModule actions_module modules\/mod_actions.so
\nLoadModule speling_module modules\/mod_speling.so
\nLoadModule userdir_module modules\/mod_userdir.so
\nLoadModule alias_module modules\/mod_alias.so
\nLoadModule rewrite_module modules\/mod_rewrite.so
\n#LoadModule proxy_module modules\/mod_proxy.so
\n#LoadModule proxy_balancer_module modules\/mod_proxy_balancer.so
\n#LoadModule proxy_ftp_module modules\/mod_proxy_ftp.so
\n#LoadModule proxy_http_module modules\/mod_proxy_http.so
\n#LoadModule proxy_connect_module modules\/mod_proxy_connect.so
\nLoadModule cache_module modules\/mod_cache.so
\nLoadModule suexec_module modules\/mod_suexec.so
\nLoadModule disk_cache_module modules\/mod_disk_cache.so
\nLoadModule file_cache_module modules\/mod_file_cache.so
\nLoadModule mem_cache_module modules\/mod_mem_cache.so
\nLoadModule cgi_module modules\/mod_cgi.so
\n<\/code><\/p>\n

Other than a few tweaks like commenting out the cgi-bin there isn’t much else I do to the httpd.conf. You may also need to remove the \/etc\/httpd\/conf.d\/proxy_ajp.conf file.<\/p>\n

What I like to do for the rest of my Apache configurations is create a file with a name\/location like “\/etc\/httpd\/conf.d\/current_server_name.conf”. This is where I put the rest of my modifications. This file will get loaded and applied when Apache starts and is protected from updates etc by being placed in the conf.d folder.<\/p>\n

Some examples of configurations I often add are:
\nDirectoryIndex index.rss index.php index.html<\/p>\n

# THINGS TO CHANGE WHEN THE SERVER GETS SLOW (switch 'em)
\n# Buffering logs - Not good for dev, very good for production
\nBufferedLogs On
\nHostnameLookups Off<\/code><\/p>\n

When you’re ready start apache:
\n\/etc\/init.d\/httpd start<\/code><\/p>\n

and to make sure it always starts with the server:
\n\/sbin\/chkconfig --add httpd<\/code><\/p>\n

Turbo Charge PHP<\/h3>\n

I’m a big fan of the APC<\/a> PHP Pre-Compiler\/Accelerator<\/a>. It works by caching the text-based PHP file’s compiled opcode and runs that until the original file is modified. This greatly speeds up the process of PHP files and speeds up larger PHP-based applications with a lot of files, like WordPress. You can even tell APC to not even check the drive for updates, just served the cached page, until the server is restarted or the cached cleared. I also like the persistent shared memory it can introduce to PHP.<\/p>\n

It requires the developer tools to be installed:
\ninstall gcc make mlocate autoconf<\/code><\/p>\n

Then I’d recommend install APC based on this guide: http:\/\/2bits.com\/articles\/installing-php-apc-gnulinux-centos-5.html<\/a><\/p>\n

For the record, here’s what my “\/etc\/php.d\/apc.ini” file currently looks like. I’ve assigned 48mb of ram, and I’m telling APC not to check the disk for updates, just serve the cached page:
\nextension=\"apc.so\"
\napc.enabled = 1
\napc.shm_size = 48
\napc.ttl = 7200
\napc.user_ttl = 7200
\napc.optimization = 1
\napc.stat=0
\n<\/code><\/p>\n

MySQL<\/h3>\n

Start MySQL:
\n\/etc\/init.d\/mysql start<\/code><\/p>\n

and to make sure it always starts with the server:
\n\/sbin\/chkconfig --add mysql<\/code><\/p>\n

You’ll have to set a root password for MySQL:
\nmysqladmin -u root password yourrootsqlpassword<\/code><\/p>\n

and then proceed to add whatever accounts and database you’d like to add however you’d like to do that. In my case I download PHPMyAdmin<\/a> and configuring it. What I also do is add to my own Apache config file some IP restrictions like this (with some example IPs):<\/p>\n

<Location \"\/phpmyadmin\">
\nOrder deny,allow
\ndeny from ALL
\nAllow from 127.0.0.1
\nAllow from 192.168.
\n# Force clients from the Internet to use HTTPS
\n RewriteEngine on
\n RewriteCond %{SERVER_PORT} ^80$
\n RewriteRule ^phpmyadmin\/*$ https:\/\/%{SERVER_NAME}%{REQUEST_URI} [R,L]
\n<\/Location><\/code><\/p>\n

That’s the really geeky part covered, next I’ll look at the more interesting element: Setting-up Google Apps including Gmail for the whole system’s mail.<\/p>\n","protected":false},"excerpt":{"rendered":"

When setting up my VPS server there were a number of options for building it. The VPS admin tool gives you “virtual” control over the power switch and the ability to rebuild the server with a fresh OS image at any time. A2 Web Hosting has a few flavours of Linux to choose from: CentOS… Continue Reading Building-Up CentOS 5 Linux Operating System<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[4,38,44,3],"tags":[],"_links":{"self":[{"href":"https:\/\/mattclare.ca\/blog\/wp-json\/wp\/v2\/posts\/768"}],"collection":[{"href":"https:\/\/mattclare.ca\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mattclare.ca\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mattclare.ca\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mattclare.ca\/blog\/wp-json\/wp\/v2\/comments?post=768"}],"version-history":[{"count":32,"href":"https:\/\/mattclare.ca\/blog\/wp-json\/wp\/v2\/posts\/768\/revisions"}],"predecessor-version":[{"id":803,"href":"https:\/\/mattclare.ca\/blog\/wp-json\/wp\/v2\/posts\/768\/revisions\/803"}],"wp:attachment":[{"href":"https:\/\/mattclare.ca\/blog\/wp-json\/wp\/v2\/media?parent=768"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mattclare.ca\/blog\/wp-json\/wp\/v2\/categories?post=768"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mattclare.ca\/blog\/wp-json\/wp\/v2\/tags?post=768"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}