Update system
yum update
Set your timezone
timedatectl set-timezone UTC
date
If you want yum to update datebase automatically
yum install yum-cron
Set the machine hostname
hostnamectl set-hostname my.domain
Reboot system, login back to server (as root)
reboot
Create yourself a user, and set password (super important)
adduser josh
passwd josh
Copy root key to user home (you can remove it from the root user later)
cp -r -p /root/.ssh/ /home/josh/
chown -R josh:josh /home/josh/.ssh
Add your user to 'wheel' group (as supplementary group (-G), primary group still 'josh')
usermod -a -G wheel josh
Logout server, and login again as your user
exit
Check sudo access is working, now you should be 'root' again
sudo su
Check if server has swap, if it does, you can skip this step
swapon -s
Check how much memory the machine has, and how much disk space
free -m && df -h
Create swap file on disk, and confirm size
dd if=/dev/zero of=/swapfile count=4096 bs=1MiB && ls -lh /swapfile
Enable swap
chmod 600 /swapfile && ls -lh /swapfile
mkswap /swapfile
swapon /swapfile
swapon -s
Make the swap file permanent
nano /etc/fstab
Add the following line to /etc/fstab
/swapfile swap swap sw 0 0
CentOS 7 defaults to a swappiness setting of 30, which is a fair middle ground for most desktops and local servers. For a VPS system, we'd probably want to move it closer to 0.
sysctl vm.swappiness=10
This setting will persist until the next reboot. To make the setting persist between reboots, we can add the outputted line to our sysctl configuration file:
nano /etc/sysctl.conf
Another related value that you might want to modify is the vfs_cache_pressure. This setting affects the storage of special filesystem metadata entries. Constantly reading and refreshing this information is generally very costly, so storing it on the cache for longer is excellent for your system's performance.
cat /proc/sys/vm/vfs_cache_pressure
To make cache inode information from the cache more slowly:
sysctl vm.vfs_cache_pressure=50
This setting will persist until the next reboot. To make the setting persist between reboots, we can add the outputted line to our sysctl configuration file:
nano /etc/sysctl.conf
Install EPEL repository
yum install epel-release
Install IUS Repository
rpm -ivh https://centos7.iuscommunity.org/ius-release.rpm
Install Apache HTTP Server (2.4 IUS)
yum install httpd24u httpd24u-filesystem httpd24u-manual httpd24u-tools httpd24u-mod_ssl
Start server, check it's working, enable during boot
systemctl start httpd
systemctl status httpd
systemctl enable httpd
You might need to install the service
yum install firewalld
Check firewall status (should be off in most cases)
firewall-cmd --state
If firewall not running, execute:
systemctl start firewalld.service
Some firewall info commands:
firewall-cmd --get-active-zones
firewall-cmd --list-all
Add HTTP/HTTPS rule to public zone
firewall-cmd --zone=public --add-service=http
firewall-cmd --zone=public --add-service=https
Add HTTP/HTTPS rule permanently to public zone
firewall-cmd --zone=public --add-service=http --permanent
firewall-cmd --zone=public --add-service=https --permanent
Or ...
firewall-cmd --zone=public --add-port=80/tcp --permanent
firewall-cmd --zone=public --add-port=443/tcp --permanent
DigitalOcean: How to set up a firewall using firewalld on CentOS 7:
yum install \
php73-fpm \
php73-fpm-httpd \
php73-common \
php73-bcmath \
php73-mbstring \
php73-cli \
php73-dba \
php73-gd \
php73-opcache \
php73-intl \
php73-pdo \
php73-pdo-dblib \
php73-mysqlnd \
php73-pgsql \
php73-process \
php73-tidy \
php73-xml \
php73-xmlrpc \
php73-json \
php73-pecl-memcached \
php73-pecl-igbinary
Restart the web server
systemctl restart php-fpm httpd
systemctl status php-fpm httpd
systemctl enable php-fpm
Create PHP test page
cd /var/www/html/
echo "<?php phpinfo(); ?>" > index.php
Open browser, goto: http://<server_ip>/ You should see PHP info page, remove the index page afterwards.
rm index.php
nano /etc/php-fpm.d/www.conf
uncomment this line (so both apache and nginx would be able to use):
listen.acl_users = apache
(optional) Comment this line:
;listen = 127.0.0.1:9000
(optional) Uncomment following line:
listen = /run/php-fpm/www.sock
Install MPM
nano /etc/httpd/conf.modules.d/00-mpm.conf
Comment:
#LoadModule mpm_prefork_module modules/mod_mpm_prefork.so
Uncomment:
LoadModule mpm_event_module modules/mod_mpm_event.so
Update FPM configuration
nano /etc/httpd/conf.d/php-fpm.conf
Change end of file to:
<FilesMatch \.php$>
#SetHandler "proxy:fcgi://127.0.0.1:9000"
SetHandler "proxy:unix:/run/php-fpm/www.sock|fcgi://localhost"
</FilesMatch>
Add to apache directive:
<IfModule mpm_event_module>
#ProxyPassMatch ^/(.*\.php(/.*)?)$ fcgi://127.0.0.1:9000/var/www/moo/public/$1
ProxyPassMatch ^/(.*\.php(/.*)?)$ "unix:/run/php-fpm/www.sock|fcgi://127.0.0.1:9000/var/www/moo/public/$1"
</IfModule>
Now you can enable multi-threading in PHP ...
yum install php73-ecl-pthreads
Restart web services
systemctl restart php-fpm httpd
Install basic components
yum install nodejs npm
Remove system mariadb-libs and install mariadb from IUS prepository
yum -y remove mariadb-libs
yum -y install mariadb103 mariadb103-server
Start database service
systemctl start mariadb.service
systemctl status mariadb.service
systemctl enable mariadb.service
In case postfix was removed because of mariadb-libs package, reinstall it
yum -y install postfix
Secure the databse
mysql_secure_installation
Try connecting database
mysql -uroot -p
Create new databse
> CREATE DATABASE `joshdb` CHARACTER SET utf8 COLLATE utf8_general_ci;
Create new database user
> CREATE USER 'josh'@'%' IDENTIFIED BY 'YouSecurePassword!';
> GRANT ALL PRIVILEGES ON joshdb.* TO 'josh'@'%';
Or admin access to all databases
> GRANT ALL PRIVILEGES ON *.* TO 'josh'@'%' WITH GRANT OPTION;
Refresh server privileges
> FLUSH PRIVILEGES;
yum -y install memcached
Edit configuration
nano /etc/sysconfig/memcached
Enable service
systemctl start memcached
systemctl enable memcached
Install PosgreSQL 10.x official RHEL7 repository
wget https://download.postgresql.org/pub/repos/yum/10/redhat/rhel-7-x86_64/pgdg-centos10-10-2.noarch.rpm
yum localinstall -y pgdg-centos10-10-2.noarch.rpm
Install PostgreSQL packages
yum install postgresql10 \
postgresql10-libs \
postgresql10-server \
postgresql10-contrib \
postgresql10-docs \
postgresql10-devel \
postgresql10-plperl \
postgresql10-plpython \
postgresql10-pltcl
Init initial database
/usr/pgsql-10/bin/postgresql-10-setup initdb
Start service and enable on boot
systemctl start postgresql-10
systemctl enable postgresql-10
systemctl status postgresql-10
Add server port to firewall and restart firewall
firewall-cmd --permanent --zone=public --add-service=postgresql
Or ...
firewall-cmd --permanent --zone=public --add-port=5432/tcp
Restart firewall
systemctl restart firewalld.service
Change to postgres user, check server is running
su - postgres
psql
Create remote admin user, with db creation access
createuser -W -d -s pgadmin
Create dtabase for user (UTF8)
createdb -T template0 -l en_US.UTF-8 -E UTF8 -O pgadmin pgadmin
Allow remote user to connect, edit hosts file:
nano /var/lib/pgsql/9.5/data/pg_hba.conf
Add following entry:
host all pgadmin <user_ip_address>/32 trust
Test remote user:
psql -h dbserver_name_or_ip_address -U pgsql -W <password>