Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
CentOS 7.4 - New Web Server Configuration (DigitalOcean) + EPEL + IUS + PHP
# [General/Initial Section]
# Update system
yum update
# Set your timezone
timedatectl set-timezone UTC
# Check date is set correct
# If you want yum to update datebase auto
# no packges will be installed in any case
yum install yum-cron
# Reboot system, login back to server (as root)
# [Adding Users/Groups Section]
# Create yourself a user (super important)
adduser josh
# Set user password
passwd josh
# Copy root key to user (you can remove itfrom the root user later)
cp -r -p /root/.ssh/ /home/josh/
chown -R josh:josh /home/josh/.ssh
# Add your user to 'wheel' group (as supplementary group (-G), primary group still 'josh')
usermod -a -G wheel josh
# Logout server, and login again as your user
# Check sudo access is working, now you should be 'root' again
sudo su
# [SWAP Space Section]
# Check if server has swap, if it does, you can skip this step
swapon -s
# Check how much memory the machine has, and how much disk space
free -m && df -h
# Create swap file on disk, and confirm it's size
dd if=/dev/zero of=/swapfile count=4096 bs=1MiB && ls -lh /swapfile
# Enable swap
chmod 600 /swapfile && ls -lh /swapfile
mkswap /swapfile
swapon /swapfile
swapon -s
# Make the swap file permanent
nano /etc/fstab
/swapfile swap swap sw 0 0
# Add this line ^^^ to fstab file
# [Swap Install and Optimization Section]
# CentOS 7 defaults to a swappiness setting of 30, which is a fair middle ground for most desktops and local servers.
# For a VPS system, we'd probably want to move it closer to 0.
sysctl vm.swappiness=10
# This setting will persist until the next reboot.
# To make the setting persist between reboots, we can add the outputted line to our sysctl configuration file:
nano /etc/sysctl.conf
# Cache Pressure
# Another related value that you might want to modify is the vfs_cache_pressure.
# This setting affects the storage of special filesystem metadata entries.
# Constantly reading and refreshing this information is generally very costly,
# so storing it on the cache for longer is excellent for your system's performance.
cat /proc/sys/vm/vfs_cache_pressure
# To make cache inode information from the cache more slowly:
sysctl vm.vfs_cache_pressure=50
# This setting will persist until the next reboot.
# To make the setting persist between reboots, we can add the outputted line to our sysctl configuration file:
nano /etc/sysctl.conf
# [Extra Repositories Section]
yum install epel-release
# Install IUS Repository
rpm -ivh
# [HTTP/Apache Web Server Section]
# Install Apache HTTP Server (2.4 IUS)
yum install httpd24u httpd24u-filesystem httpd24u-manual httpd24u-tools httpd24u-mod_ssl
# Start server, check it's working, enable during boot
systemctl start httpd
systemctl status httpd
systemctl enable httpd
# [Firewall Section]
# You might need to install the service
yum install firewalld
# Check firewall status (should be off in most cases)
firewall-cmd --state
# If not running, execute:
systemctl start firewalld.service
# Some firewall info
firewall-cmd --get-active-zones
firewall-cmd --list-all
# Add HTTP/HTTPS rule to public zone
firewall-cmd --zone=public --add-service=http
firewall-cmd --zone=public --add-service=https
# Add HTTP/HTTPS rule *permanently* to public zone
firewall-cmd --zone=public --add-service=http --permanent
firewall-cmd --zone=public --add-service=https --permanent
# Or ...
firewall-cmd --zone=public --add-port=80/tcp --permanent
firewall-cmd --zone=public --add-port=443/tcp --permanent
# For more info @ DigitalOcean:
# [PHP Section]
# Install PHP 7.2 + FPM (Apache) (IUS)
yum install \
php72u-fpm \
php72u-fpm-httpd \
php72u-common \
php72u-bcmath \
php72u-mbstring \
php72u-cli \
php72u-dba \
php72u-gd \
php72u-mcrypt \
php72u-opcache \
php72u-intl \
php72u-pdo \
php72u-pdo-dblib \
php72u-mysqlnd \
php72u-pgsql \
php72u-process \
php72u-tidy \
php72u-xml \
php72u-xmlrpc \
php72u-json \
php72u-pecl-memcached \
# Restart the web server
systemctl restart php-fpm httpd
systemctl status php-fpm httpd
# Create PHP test page
cd /var/www/html/
echo "<?php phpinfo(); ?>" > index.php
# Open browser, goto: http://<server_ip>/
# You should see PHP info page
rm index.php
# [PHP-FPM + MPM_EVENT + pthreads + Apache]
nano /etc/php-fpm.d/www.conf
# uncomment this line (so both apache and nginx would be able to use):
listen.acl_users = apache
# (optional) Comment this line:
;listen =
# (optional) Uncomment following line:
listen = /run/php-fpm/www.sock
nano /etc/httpd/conf.modules.d/00-mpm.conf
# Comment:
#LoadModule mpm_prefork_module modules/
# Uncomment:
LoadModule mpm_event_module modules/
# (if optional ?)
nano /etc/httpd/conf.d/php-fpm.conf
# Change end of file to:
<FilesMatch \.php$>
#SetHandler "proxy:fcgi://"
SetHandler "proxy:unix:/run/php-fpm/www.sock|fcgi://localhost"
# Add to apache <VirtualHost> directive:
<IfModule mpm_event_module>
#ProxyPassMatch ^/(.*\.php(/.*)?)$ fcgi://$1
ProxyPassMatch ^/(.*\.php(/.*)?)$ "unix:/run/php-fpm/www.sock|fcgi://$1"
# Now you can enable multi-threading in PHP ...
yum install php56u-pecl-pthreads.x86_64
# Restart web services
systemctl restart php-fpm httpd
# Install basic components
yum install nodejs npm
# [MariaDB Section (IUS)]
# Install IUS Repository
rpm -ivh
yum -y remove mariadb-libs
yum -y install mariadb101u-server mariadb101u
systemctl start mariadb.service
systemctl status mariadb.service
systemctl enable mariadb.service
# if removed because removal of old mariadb-libs package
yum -y install postfix
# Secure databse
# try connecting database
mysql -uroot -p
# Create new databse
> CREATE DATABASE `joshdb` CHARACTER SET utf8 COLLATE utf8_general_ci;
# Create new user
> CREATE USER 'josh'@'%' IDENTIFIED BY 'YouSecurePassword!';
> GRANT ALL PRIVILEGES ON joshdb.* TO 'josh'@'localhost';
# Or admin access to all databases
# Refresh server privileges
# [Memcached Section]
yum -y install memcached
# Change configuration
nano /etc/sysconfig/memcached
# Enable service
systemctl start memcached
systemctl enable memcached
# [PostgreSQL Section]
# Install PosgreSQL 9.4 official RHEL7 repository
yum localinstall -y pgdg-centos95-9.5-2.noarch.rpm
# Install PostgreSQL packages
yum install postgresql95 \
postgresql95-libs \
postgresql95-server \
postgresql95-contrib \
postgresql95-docs \
postgresql95-devel \
postgresql95-plperl \
postgresql95-plpython \
# Init initial database
/usr/pgsql-9.5/bin/postgresql95-setup initdb
# Start service and enable on boot
systemctl start postgresql-9.5
systemctl enable postgresql-9.5
# Add server port to firewall and restart firewall
firewall-cmd --permanent --zone=public --add-service=postgresql
## OR ##
firewall-cmd --permanent --zone=public --add-port=5432/tcp
# Restart firewall
systemctl restart firewalld.service
# Change to postgres user, check server is running
su - postgres
# Create remote admin user, with db creation access
createuser -W -d -s pgadmin
# Create dtabase for user (UTF8)
createdb -T template0 -l en_US.UTF-8 -E UTF8 -O pgadmin pgadmin
# Allow remote user to connect, edit hosts file:
nano /var/lib/pgsql/9.5/data/pg_hba.conf
# Add following entry:
host all pgadmin <user_ip_address>/32 trust
# Remote user test
psql -h dbserver_name_or_ip_address -U pgsql -W <password>
# [MongoDB Section]
# Add MongoDB repository to yum
nano /etc/yum.repos.d/mongodb.repo
# Paste inside the following:
name=MongoDB Repository
# Install MongoDB server, client and tools
yum install -y mongodb-org
# Start MongoDB server
systemctl start mongod
# Enable MongoDB on system boot (this done without systemctl!)
chkconfig mongod on
# Install MongoDB PHP extension
yum install php56u-pecl-mongo.x86_64
# Restart web server again, check the phpinfo page
systemctl restart httpd
# [Sentry (7.4)]
yum install python-devel.x86_64
yum install libxml2-python.x86_64
yum install libxml2-devel.x86_64
yum install libxml2-python.x86_64
yum install libxslt-devel.x86_64
yum install python-cffi.x86_64
yum install python-pycparser.noarch
yum install libffi-devel.x86_64
$ After installing deps, you can install sentry
pip install sentry
# Sentry SQL Extentions
pip install sentry[mysql]
pip install sentry[pgsql]
# Postgres only
yum install libpqxx-devel.x86_64
pip install psycopg2
# Create user for sentry
adduser sentry ; su - sentry
# Init sentry system
sentry init
# Install Redis
yum install redis
# Migrations
sentry upgrade
# Create admin user
sentry createsuperuser
# We are ready to start Sentry.
sentry start
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment