pparidans/setup-centos7-vps.txt

## setup-centos7-vps.txt
timedatectl set-timezone 'Europe/Brussels'

hostnamectl set-hostname <hostname>

vi /etc/hosts
    <public_ip> <fqdn> <hostname>

vi /etc/cloud/cloud.cfg
    preserve_hostname: 1

yum update

yum install yum-cron

vi /etc/yum/yum-cron.conf
    apply_updates = yes

useradd <username>
passwd <username>
usermod -aG wheel <username>

vi /etc/ssh/sshd_config
    PermitRootLogin no
    AllowUsers <username>
    PasswordAuthentication yes

systemctl restart sshd

yum install epel-release
yum update

yum install fail2ban
systemctl start fail2ban
systemctl enable fail2ban
cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

vi /etc/fail2ban/jail.local
    backend = systemd
    maxretry = 3

systemctl reload fail2ban

systemctl start firewalld
systemctl enable firewalld
firewall-cmd --zone=public --add-service=http --permanent
firewall-cmd --reload

yum groupinstall 'Development Tools'
yum install vim

yum install mariadb mariadb-server

vi /etc/my.cnf.d/server.cnf
    max_connections = 75
    max_allowed_packet = 1M
    thread_stack = 128K
    table_open_cache = 32M
    key_buffer_size = 32M

systemctl start mariadb
systemctl enable mariadb
mysql_secure_installation

yum install nginx
systemctl start nginx
systemctl enable nginx

mkdir /var/www
chcon -Rt httpd_sys_content_t /var/www

yum install http://rpms.remirepo.net/enterprise/remi-release-7.rpm
yum install yum-utils
yum-config-manager --enable remi-php70
yum update

yum install php-fpm php-mysql php-gd php-xml php-pecl-mysql

vi /etc/php-fpm.conf.d/www.conf
    listen = /var/run/php-fpm.sock
    listen.owner = nginx
    listen.group = nginx
    listen.mode = 0660
    pm.max_children = 5
    pm.start_servers = 1
    pm.min_spare_servers = 1
    pm.max_spare_servers = 5
    php_admin_value[memory_limit] = 48M

systemctl start php-fpm
systemctl enable php-fpm

dd if=/dev/zero of=/swapfile bs=1M count=1024
chmod 0600 /swapfile
mkswap /swapfile
swapon /swapfile

vi /etc/fstab
    /swapfile swap swap defaults 0 0

## setup-ubuntu16.04-vps.txt
apt update
apt upgrade

adduser <your_username>
usermod -aG sudo <your_username>

/etc/ssh/sshd_config
  PermitRootLogin no

systemctl restart ssh

ufw limit OpenSSH
ufw enable

fallocate -l 2G /swapfile
chmod 600 /swapfile
mkswap /swapfile
swapon /swapfile
sysctl vm.swappiness=10
sysctl vm.vfs_cache_pressure=50

/etc/fstab
  /swapfile none swap sw 0 0

/etc/sysctl.conf
  vm.swappiness=10
  vm.vfs_cache_pressure=50

apt install apache2
ufw allow Apache
a2enmod headers

/etc/apache2/conf-available/security.conf
  ServerTokens Prod
  ServerSignature Off

apt install python-letsencrypt-apache
ufw allow "Apache Secure"
letsencrypt --domains `hostname -f`

crontab -e
  30 0,13 * * * letsencrypt renew >> /var/log/le-renew.log

apt install git curl vim build-essential htop

apt install php7.0-fpm
a2enmod proxy_fcgi
a2enconf php7.0-fpm

/etc/php/7.0/fpm/pool.d/www.conf
  pm.max_children = 3
  pm.start_servers = 1
  pm.min_spare_servers = 1
  pm.max_spare_servers = 2
  pm.max_requests = 500
  php_admin_value[memory_limit] = 32M

apt install mariadb-server
mysql_secure_installation

/etc/mysql/mariadb.conf.d/50-server.cnf
  #
  # * Fine Tuning
  #
  key_buffer              = 16K
  max_allowed_packet      = 1M
  thread_stack            = 64K
  thread_cache_size       = 8
  sort_buffer_size        = 64K
  read_buffer_size        = 256K
  read_rnd_buffer_size    = 256K
  net_buffer_length       = 2K
  # This replaces the startup script and checks MyISAM tables if needed
  # the first time they are touched
  myisam-recover         = BACKUP
  max_connections        = 50
  table_cache            = 32
  thread_concurrency     = 5
  #
  # * Query Cache Configuration
  #
  query_cache_limit       = 1M
  query_cache_size        = 16K
	timedatectl set-timezone 'Europe/Brussels'

	hostnamectl set-hostname <hostname>

	vi /etc/hosts
	<public_ip> <fqdn> <hostname>

	vi /etc/cloud/cloud.cfg
	preserve_hostname: 1

	yum update

	yum install yum-cron

	vi /etc/yum/yum-cron.conf
	apply_updates = yes

	useradd <username>
	passwd <username>
	usermod -aG wheel <username>

	vi /etc/ssh/sshd_config
	PermitRootLogin no
	AllowUsers <username>
	PasswordAuthentication yes

	systemctl restart sshd

	yum install epel-release
	yum update

	yum install fail2ban
	systemctl start fail2ban
	systemctl enable fail2ban
	cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

	vi /etc/fail2ban/jail.local
	backend = systemd
	maxretry = 3

	systemctl reload fail2ban

	systemctl start firewalld
	systemctl enable firewalld
	firewall-cmd --zone=public --add-service=http --permanent
	firewall-cmd --reload

	yum groupinstall 'Development Tools'
	yum install vim

	yum install mariadb mariadb-server

	vi /etc/my.cnf.d/server.cnf
	max_connections = 75
	max_allowed_packet = 1M
	thread_stack = 128K
	table_open_cache = 32M
	key_buffer_size = 32M

	systemctl start mariadb
	systemctl enable mariadb
	mysql_secure_installation

	yum install nginx
	systemctl start nginx
	systemctl enable nginx

	mkdir /var/www
	chcon -Rt httpd_sys_content_t /var/www

	yum install http://rpms.remirepo.net/enterprise/remi-release-7.rpm
	yum install yum-utils
	yum-config-manager --enable remi-php70
	yum update

	yum install php-fpm php-mysql php-gd php-xml php-pecl-mysql

	vi /etc/php-fpm.conf.d/www.conf
	listen = /var/run/php-fpm.sock
	listen.owner = nginx
	listen.group = nginx
	listen.mode = 0660
	pm.max_children = 5
	pm.start_servers = 1
	pm.min_spare_servers = 1
	pm.max_spare_servers = 5
	php_admin_value[memory_limit] = 48M

	systemctl start php-fpm
	systemctl enable php-fpm

	dd if=/dev/zero of=/swapfile bs=1M count=1024
	chmod 0600 /swapfile
	mkswap /swapfile
	swapon /swapfile

	vi /etc/fstab
	/swapfile swap swap defaults 0 0
	apt update
	apt upgrade

	adduser <your_username>
	usermod -aG sudo <your_username>

	/etc/ssh/sshd_config
	PermitRootLogin no

	systemctl restart ssh

	ufw limit OpenSSH
	ufw enable

	fallocate -l 2G /swapfile
	chmod 600 /swapfile
	mkswap /swapfile
	swapon /swapfile
	sysctl vm.swappiness=10
	sysctl vm.vfs_cache_pressure=50

	/etc/fstab
	/swapfile none swap sw 0 0

	/etc/sysctl.conf
	vm.swappiness=10
	vm.vfs_cache_pressure=50

	apt install apache2
	ufw allow Apache
	a2enmod headers

	/etc/apache2/conf-available/security.conf
	ServerTokens Prod
	ServerSignature Off

	apt install python-letsencrypt-apache
	ufw allow "Apache Secure"
	letsencrypt --domains `hostname -f`

	crontab -e
	30 0,13 * * * letsencrypt renew >> /var/log/le-renew.log

	apt install git curl vim build-essential htop

	apt install php7.0-fpm
	a2enmod proxy_fcgi
	a2enconf php7.0-fpm

	/etc/php/7.0/fpm/pool.d/www.conf
	pm.max_children = 3
	pm.start_servers = 1
	pm.min_spare_servers = 1
	pm.max_spare_servers = 2
	pm.max_requests = 500
	php_admin_value[memory_limit] = 32M

	apt install mariadb-server
	mysql_secure_installation

	/etc/mysql/mariadb.conf.d/50-server.cnf
	#
	# * Fine Tuning
	#
	key_buffer = 16K
	max_allowed_packet = 1M
	thread_stack = 64K
	thread_cache_size = 8
	sort_buffer_size = 64K
	read_buffer_size = 256K
	read_rnd_buffer_size = 256K
	net_buffer_length = 2K
	# This replaces the startup script and checks MyISAM tables if needed
	# the first time they are touched
	myisam-recover = BACKUP
	max_connections = 50
	table_cache = 32
	thread_concurrency = 5
	#
	# * Query Cache Configuration
	#
	query_cache_limit = 1M
	query_cache_size = 16K