en:installation:centos6

Hosting server with CentOS 6

Contents

This article describes the installation of a shared webhosting server with the linux distribution CentOS 6 and the hosting control panel LiveConfig. Following services are installed for this purpose:

  • Web server: Apache httpd 2.2.15
  • PHP 5.3.2 (with suPHP 0.7.1)
  • Mail server: Postfix 2.6.6
  • POP3/IMAP server: Dovecot 2.0.9
  • Database: MySQL 5.1.52
  • FTP server: vsftpd 2.2.2

This manual makes no claim to be complete or free of errors. Please don't hesitate to contact us for any comments.

Prerequisites

It is assumed that you've already prepared a minimal install of CentOS 6.

Your system should be up to date (eventually run yum update).

Quota

To limit storage space for webspace users, the quota system has to be enabled. Install the package quota:

[root@localhost ~]# yum install quota

Then enable group quota for the filesystem which will contain the webspace (/var/www/). Check by using df, which filesystem is in charge of this directory:

[root@localhost ~]# df /var/www
Filesystem           1K-blocks      Used Available Use% Mounted on
/dev/mapper/VolGroup-lv_root
                       7007016    891068   5760008  14% /

In this example the directory /var/www is located at the file system /dev/mapper/VolGroup-lv_root.

Add the mount options grpjquota=aquota.group,jqfmt=vfsv0 to this filesystem entry in /etc/fstab, eg:

/dev/mapper/VolGroup-lv_root /   ext4   defaults,grpjquota=aquota.group,jqfmt=vfsv0   1 1

Now remount the file system:

[root@localhost ~]# mount -vo remount /
/dev/mapper/VolGroup-lv_root on / type ext4 (rw,grpjquota=aquota.group,jqfmt=vfsv0)

Calculate current quota usage:

[root@localhost ~]# quotacheck -vgm /
quotacheck: WARNING -  Quotafile //aquota.group was probably truncated. Cannot save quota settings...
quotacheck: Scanning /dev/mapper/VolGroup-lv_root [/] done
quotacheck: Old user file not found. Usage will not be substracted.
quotacheck: Checked 3100 directories and 17878 files

If you have enabled SElinux, adjust the permissions (otherwise your quota can't be activated automatically after a reboot):

[root@localhost ~]# chcon -u system_u -r object_r -t quota_db_t /aquota.group

Finally enable the quota system:

[root@localhost ~]# quotaon -vg /
/dev/mapper/VolGroup-lv_root [/]: group quotas turned on

Apache httpd, PHP and suPHP

Install the required web server packages httpd and mod_ssl:

[root@localhost ~]# yum install httpd mod_ssl

To start Apache httpd automatically after a reboot:

[root@localhost ~]# chkconfig httpd on

If you have enabled SElinux, allow the web server to access the user directories:

[root@localhost ~]# setsebool -P httpd_enable_homedirs=1

Then install PHP and some common extensions, eg.:

[root@localhost ~]# yum install php php-gd php-imap php-mbstring php-mysql \
php-pear php-pdo php-soap php-xml php-xmlrpc

For more security on a shared webhosting server we recommend to install suPHP. This Apache module is not contained in the officical CentOS repository, so first add Repoforge (former RPMforge) to the list of your repositories:

[root@localhost ~]# rpm -Uvh http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm

Then you can install mod_suphp with yum:

[root@localhost ~]# yum install mod_suphp

Some settings have to be adjusted in the configuration file /etc/suphp.conf. For example to allow displaying of images which got uploaded via a PHP script, change the umask to 0022:

[root@localhost ~]# vi /etc/suphp.conf
umask=0022

To allow applications to be installed into the apps directory, the option check_vhost_docroot has to be set to false:

check_vhost_docroot=false

Furthermore the PHP binary has to be changed from the CLI version to the CGI version:

[handlers]
;Handler for php-scripts
x-httpd-php="php:/usr/bin/php-cgi"

Finally start the Apache web server. Eventual warnings about a missing ServerName can safely be ignored (LiveConfig will take care of this):

[root@localhost ~]# service httpd start
Starting httpd: httpd: Could not reliably determine the server's fully qualified domain name,
using localhost.localdomain for ServerName
                                                           [  OK  ]

If you use the default firewall, you must allow incoming connections for HTTP (port 80) and HTTPS (port 443):

[root@localhost ~]# iptables -D INPUT -j REJECT --reject-with icmp-host-prohibited
[root@localhost ~]# iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
[root@localhost ~]# iptables -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
[root@localhost ~]# iptables -A INPUT -j REJECT --reject-with icmp-host-prohibited
[root@localhost ~]# service iptables save
iptables: Saving firewall rules to /etc/sysconfig/iptables:[  OK  ]
[root@localhost ~]# service iptables restart
iptables: Flushing firewall rules:                         [  OK  ]
iptables: Setting chains to policy ACCEPT: filter          [  OK  ]
iptables: Unloading modules:                               [  OK  ]
iptables: Applying firewall rules:                         [  OK  ]

Postfix mail server

Install the mail server Postfix:

[root@localhost ~]# yum install postfix

Dovecot POP3/IMAP server

Install the pop3/imap server Dovecot:

[root@localhost ~]# yum install dovecot

MySQL database

To install a local MySQL server and its client programs, use this command:

[root@localhost ~]# yum install mysql mysql-server

To start MySQL automatically after a reboot:

[root@localhost ~]# chkconfig mysqld on

Now start the MySQL server:

[root@localhost ~]# service mysqld start

To enable local applications to connect via a unix socket with MySQL, add these lines to /etc/my.cnf:

[root@localhost ~]# vi /etc/my.cnf
[client]
socket=/var/lib/mysql/mysql.sock

Finally run the installation program:

[root@localhost ~]# /usr/bin/mysql_secure_installation

This programs helps at setting a root password for the MySQL database and deletes unneeded test tables and test users. You may also disable root access via network to the database (»Disallow root login remotely«).

FTP server

Install the ftp server vsftpd as well as the required package db4-utils:

[root@localhost ~]# yum install vsftpd db4-utils

To start vsftpd automatically after a reboot:

[root@localhost ~]# chkconfig vsftpd on

If you have enable SElinux, allow ftp access to the user directories:

[root@localhost ~]# setsebool -P ftp_home_dir=1

Then start vsftpd:

[root@localhost ~]# service vsftpd start

Finally open the required ports in the local firewall. For active FTP mode the kernel module ip_conntrack_ftp has to be loaded. Add this to the file /etc/sysconfig/iptables-config:

[root@localhost ~]# vi /etc/sysconfig/iptables-config
# Load additional iptables modules (nat helpers)
#   Default: -none-
# Space separated list of nat helpers (e.g. 'ip_nat_ftp ip_nat_irc'), which
# are loaded after the firewall rules are applied. Options for the helpers are
# stored in /etc/modprobe.conf.
IPTABLES_MODULES="ip_conntrack_ftp"

The commands for the firewall rules are:

[root@localhost ~]# iptables -D INPUT -j REJECT --reject-with icmp-host-prohibited
[root@localhost ~]# iptables -A INPUT -p tcp --sport 1024:65535 --dport 21 -m state --state NEW -j ACCEPT
[root@localhost ~]# iptables -A INPUT -m helper --helper ftp -j ACCEPT
[root@localhost ~]# iptables -A INPUT -j REJECT --reject-with icmp-host-prohibited
[root@localhost ~]# service iptables save
iptables: Saving firewall rules to /etc/sysconfig/iptables:[  OK  ]
[root@localhost ~]# service iptables restart
iptables: Flushing firewall rules:                         [  OK  ]
iptables: Setting chains to policy ACCEPT: filter          [  OK  ]
iptables: Unloading modules:                               [  OK  ]
iptables: Applying firewall rules:                         [  OK  ]

LiveConfig

Download and install the latest version of LiveConfig with the following command:

[root@localhost ~]# rpm -i http://download.liveconfig.com/latest?liveconfig.x86_64.rpm
Starting LiveConfig Server: liveconfig.

Then allow port 8443 for incoming connections to LiveConfig:

[root@localhost ~]# iptables -D INPUT -j REJECT --reject-with icmp-host-prohibited
[root@localhost ~]# iptables -A INPUT -p tcp -m tcp --dport 8443 -j ACCEPT
[root@localhost ~]# iptables -A INPUT -j REJECT --reject-with icmp-host-prohibited
[root@localhost ~]# service iptables save
iptables: Saving firewall rules to /etc/sysconfig/iptables:[  OK  ]
[root@localhost ~]# service iptables restart
iptables: Flushing firewall rules:                         [  OK  ]
iptables: Setting chains to policy ACCEPT: filter          [  OK  ]
iptables: Unloading modules:                               [  OK  ]
iptables: Applying firewall rules:                         [  OK  ]

If you already have a license key for LiveConfig, activate your license and restart LiveConfig:

[root@localhost liveconfig]# /usr/sbin/liveconfig --activate
 _    _          ___           __ _     (R)
| |  (_)_ _____ / __|___ _ _  / _(_)__ _
| |__| \ V / -_) (__/ _ \ ' \|  _| / _` |
|____|_|\_/\___|\___\___/_||_|_| |_\__, |_____________________________________
                                   |___/
Welcome to the LiveConfig license activation.
License key file: '/etc/liveconfig/liveconfig.key'
Please enter your license key: #################
Generating license activation request, please wait... ok.
Connecting to license.liveconfig.com ([62.146.188.68]:443)... ok.
Sending license request... ok.
=> License successfully activated.
[root@localhost liveconfig]# service liveconfig restart
Stopping LiveConfig Server: liveconfig.
Starting LiveConfig Server: liveconfig.

You should now be able to access LiveConfig at https://<server IP>:8443/. The default user name is admin, the password also admin.

Now immediately change the password of the admin account!

en/installation/centos6.txt · Zuletzt geändert: 2015/05/28 10:41 von wikiadmin

Benutzer-Werkzeuge