Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
CentOS 7.x - Web Server Bootstrap (DigitalOcean/Bluemix)

CentOS 7.x - Web Server Bootstrap

General (and init)

Update system

yum update

Set your timezone

timedatectl set-timezone UTC
date

If you want yum to update datebase automatically

yum install yum-cron

Set the machine hostname

hostnamectl set-hostname my.domain

Reboot system, login back to server (as root)

reboot

Users and groups

Create yourself a user, and set password (super important)

adduser josh
passwd josh

Copy root key to user home (you can remove it from the root user later)

cp -r -p /root/.ssh/ /home/josh/
chown -R josh:josh /home/josh/.ssh

Add your user to 'wheel' group (as supplementary group (-G), primary group still 'josh')

usermod -a -G wheel josh

Logout server, and login again as your user

exit

Check sudo access is working, now you should be 'root' again

sudo su

Swap Space (if you need swap)

Check if server has swap, if it does, you can skip this step

swapon -s

Check how much memory the machine has, and how much disk space

free -m && df -h

Create swap file on disk, and confirm size

dd if=/dev/zero of=/swapfile count=4096 bs=1MiB && ls -lh /swapfile

Enable swap

chmod 600 /swapfile && ls -lh /swapfile
mkswap /swapfile
swapon /swapfile
swapon -s

Make the swap file permanent

nano /etc/fstab

Add the following line to /etc/fstab

/swapfile   swap    swap    sw  0   0

Swap Optimization

CentOS 7 defaults to a swappiness setting of 30, which is a fair middle ground for most desktops and local servers. For a VPS system, we'd probably want to move it closer to 0.

sysctl vm.swappiness=10 

This setting will persist until the next reboot. To make the setting persist between reboots, we can add the outputted line to our sysctl configuration file:

nano /etc/sysctl.conf

Cache Pressure

Another related value that you might want to modify is the vfs_cache_pressure. This setting affects the storage of special filesystem metadata entries. Constantly reading and refreshing this information is generally very costly, so storing it on the cache for longer is excellent for your system's performance.

cat /proc/sys/vm/vfs_cache_pressure

To make cache inode information from the cache more slowly:

sysctl vm.vfs_cache_pressure=50

This setting will persist until the next reboot. To make the setting persist between reboots, we can add the outputted line to our sysctl configuration file:

nano /etc/sysctl.conf

Extra Repositories

EPEL

Install EPEL repository

yum install epel-release

Install IUS Repository

rpm -ivh https://centos7.iuscommunity.org/ius-release.rpm

HTTP/Apache Web Server

Install Apache HTTP Server (2.4 IUS)

yum install httpd24u httpd24u-filesystem httpd24u-manual httpd24u-tools httpd24u-mod_ssl

Start server, check it's working, enable during boot

systemctl start httpd
systemctl status httpd
systemctl enable httpd

Firewall

You might need to install the service

yum install firewalld

Check firewall status (should be off in most cases)

firewall-cmd --state

If firewall not running, execute:

systemctl start firewalld.service

Some firewall info commands:

firewall-cmd --get-active-zones
firewall-cmd --list-all

Add HTTP/HTTPS rule to public zone

firewall-cmd --zone=public --add-service=http
firewall-cmd --zone=public --add-service=https

Add HTTP/HTTPS rule permanently to public zone

firewall-cmd --zone=public --add-service=http --permanent
firewall-cmd --zone=public --add-service=https --permanent

Or ...

firewall-cmd --zone=public --add-port=80/tcp --permanent
firewall-cmd --zone=public --add-port=443/tcp --permanent

DigitalOcean: How to set up a firewall using firewalld on CentOS 7:

PHP Installation

Install PHP 7.3 + FPM (Apache) (IUS)

yum install \
php73-fpm \
php73-fpm-httpd \
php73-common \
php73-bcmath \
php73-mbstring \
php73-cli \
php73-dba \
php73-gd \
php73-opcache \
php73-intl \
php73-pdo \
php73-pdo-dblib \
php73-mysqlnd \
php73-pgsql \
php73-process \
php73-tidy \
php73-xml \
php73-xmlrpc \
php73-json \
php73-pecl-memcached \
php73-pecl-igbinary

Restart the web server

systemctl restart php-fpm httpd
systemctl status php-fpm httpd
systemctl enable php-fpm

Create PHP test page

cd /var/www/html/
echo "<?php phpinfo(); ?>" > index.php

Open browser, goto: http://<server_ip>/ You should see PHP info page, remove the index page afterwards.

rm index.php

PHP-FPM + MPM_EVENT + pthreads + Apache

nano /etc/php-fpm.d/www.conf

uncomment this line (so both apache and nginx would be able to use):

listen.acl_users = apache

(optional) Comment this line:

;listen = 127.0.0.1:9000

(optional) Uncomment following line:

listen = /run/php-fpm/www.sock

Install MPM

nano /etc/httpd/conf.modules.d/00-mpm.conf

Comment:

#LoadModule mpm_prefork_module modules/mod_mpm_prefork.so

Uncomment:

LoadModule mpm_event_module modules/mod_mpm_event.so

Update FPM configuration

nano /etc/httpd/conf.d/php-fpm.conf

Change end of file to:

<FilesMatch \.php$>
    #SetHandler "proxy:fcgi://127.0.0.1:9000"
    SetHandler "proxy:unix:/run/php-fpm/www.sock|fcgi://localhost"
</FilesMatch>

Add to apache directive:

<IfModule mpm_event_module>
        #ProxyPassMatch ^/(.*\.php(/.*)?)$ fcgi://127.0.0.1:9000/var/www/moo/public/$1
        ProxyPassMatch ^/(.*\.php(/.*)?)$ "unix:/run/php-fpm/www.sock|fcgi://127.0.0.1:9000/var/www/moo/public/$1"
</IfModule>

Now you can enable multi-threading in PHP ...

yum install php73-ecl-pthreads

Restart web services

systemctl restart php-fpm httpd

Node.js Installation

Install basic components

yum install nodejs npm

MariaDB Installation (IUS)

Remove system mariadb-libs and install mariadb from IUS prepository

yum -y remove mariadb-libs
yum -y install mariadb103 mariadb103-server

Start database service

systemctl start mariadb.service
systemctl status mariadb.service
systemctl enable mariadb.service

In case postfix was removed because of mariadb-libs package, reinstall it

yum -y install postfix

Secure the databse

mysql_secure_installation

Try connecting database

mysql -uroot -p

Create new databse

> CREATE DATABASE `joshdb` CHARACTER SET utf8 COLLATE utf8_general_ci;

Create new database user

> CREATE USER 'josh'@'%' IDENTIFIED BY 'YouSecurePassword!';
> GRANT ALL PRIVILEGES ON joshdb.* TO 'josh'@'%';

Or admin access to all databases

> GRANT ALL PRIVILEGES ON *.* TO 'josh'@'%' WITH GRANT OPTION;

Refresh server privileges

> FLUSH PRIVILEGES;

Memcached

yum -y install memcached

Edit configuration

nano /etc/sysconfig/memcached

Enable service

systemctl start memcached
systemctl enable memcached

PostgreSQL Installation

Install PosgreSQL 10.x official RHEL7 repository

wget https://download.postgresql.org/pub/repos/yum/10/redhat/rhel-7-x86_64/pgdg-centos10-10-2.noarch.rpm
yum localinstall -y pgdg-centos10-10-2.noarch.rpm

Install PostgreSQL packages

yum install postgresql10 \
postgresql10-libs \
postgresql10-server \
postgresql10-contrib \
postgresql10-docs \
postgresql10-devel \
postgresql10-plperl \
postgresql10-plpython \
postgresql10-pltcl

Init initial database

/usr/pgsql-10/bin/postgresql-10-setup initdb

Start service and enable on boot

systemctl start postgresql-10
systemctl enable postgresql-10
systemctl status postgresql-10

Add server port to firewall and restart firewall

firewall-cmd --permanent --zone=public --add-service=postgresql

Or ...

firewall-cmd --permanent --zone=public --add-port=5432/tcp

Restart firewall

systemctl restart firewalld.service

Change to postgres user, check server is running

su - postgres
psql

Create remote admin user, with db creation access

createuser -W -d -s pgadmin

Create dtabase for user (UTF8)

createdb -T template0 -l en_US.UTF-8 -E UTF8 -O pgadmin pgadmin

Allow remote user to connect, edit hosts file:

nano /var/lib/pgsql/9.5/data/pg_hba.conf

Add following entry:

host        all        pgadmin      <user_ip_address>/32        trust

Test remote user:

psql -h dbserver_name_or_ip_address -U pgsql -W <password>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment