Here’s the steps I use in setting up a web server. Specifically, this is a CenOS5 32-bit with Apache, MySQL, PHP and suPHP. I also threw in the steps for proFTP.

**** NOTE : If you notice, it’s still a draft. It came from a number of sources but these are the steps I use. So I know it works. **********

Preparation

update current packages (including apache)
yum -y update

install utilities and compiler
yum -y install zip nmap fileutils gcc-c++ acl
It installs zip, nmap, fileutils, gcc compiler(we’ll need it later) and acl(access control).

install make
yum -y install make

MySQL Installation


yum -y install mysql mysql-devel mysql-server
chkconfig --levels 235 mysqld on
service mysqld start
/usr/bin/mysql_secure_installation

What has just Happened?

  1. Install MySQL
  2. Add mysqld service in the auto-start
  3. Start MySQL service
  4. Secure MySQL installation by setting the root password, remove remote access to root, etc. This is part of the basic server hardening.

Install PHP

yum -y install php php-devel php-gd php-imap php-ldap php-mysql php-odbc php-pear php-xml php-xmlrpc curl curl-devel perl-libwww-perl ImageMagick libxml2 libxml2-devel

The command above install the basic php 5.1.6 package as well as important php extensions used by normal php-based websites.

Upgrade PHP to 5.3

rpm -Uvh http://repo.webtatic.com/yum/centos/5/latest.rpm
yum --enablerepo=webtatic update php

Install ProFTP

yum -y remove vsftpd --to remov vsftpd if it's existing
cd /tmp
wget --passive-ftp ftp://ftp.proftpd.org/distrib/source/proftpd-1.3.3e.tar.gz
tar xvfz proftpd-1.3.3e.tar.gz
cd proftpd-1.3.3e
./configure --sysconfdir=/etc; make; make install
cd /tmp; rm -rf ./proftpd-1.3.3*
ln -s /usr/local/sbin/proftpd /usr/sbin/proftpd
touch /etc/init.d/proftpd
chmod 755 /etc/init.d/proftpd
vi /etc/init.d/proftpd

Paste the following settings and then save.

#!/bin/sh
# $Id: proftpd.init,v 1.1 2004/02/26 17:54:30 thias Exp $
#
# proftpd This shell script takes care of starting and stopping
# proftpd.
#
# chkconfig: - 80 30
# description: ProFTPD is an enhanced FTP server with a focus towards
# simplicity, security, and ease of configuration.
# It features a very Apache-like configuration syntax,
# and a highly customizable server infrastructure,
# including support for multiple 'virtual' FTP servers,
# anonymous FTP, and permission-based directory visibility.
# processname: proftpd
# config: /etc/proftp.conf
# pidfile: /var/run/proftpd.pid

# Source function library.
. /etc/rc.d/init.d/functions

# Source networking configuration.
. /etc/sysconfig/network

# Check that networking is up.
[ ${NETWORKING} = "no" ] && exit 0

[ -x /usr/sbin/proftpd ] || exit 0

RETVAL=0

prog="proftpd"

start() {
echo -n $"Starting $prog: "
daemon proftpd
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && touch /var/lock/subsys/proftpd
}

stop() {
echo -n $"Shutting down $prog: "
killproc proftpd
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/proftpd
}

# See how we were called.
case "$1" in
start)
start
;;
stop)
stop
;;
status)
status proftpd
RETVAL=$?
;;
restart)
stop
start
;;
condrestart)
if [ -f /var/lock/subsys/proftpd ]; then
stop
start
fi
;;
reload)
echo -n $"Re-reading $prog configuration: "
killproc proftpd -HUP
RETVAL=$?
echo
;;
*)
echo "Usage: $prog {start|stop|restart|reload|condrestart|status}"
exit 1
esac

exit $RETVAL

vi /etc/proftpd.conf

Group nobody
DefaultRoot ~
IdentLookups off
ServerIdent on "FTP Server ready."

Add ProFTP in the start-tasks

chkconfig --levels 235 proftpd on

Enable Mod ReWrite

Though the mod_rewrite module is installed in apache by default, it won’t work because some directives inside the httpd.conf prevents the rewrite for security reasons. We have to enable this feature only for specific folder.

  1. Edit the apache configuration file.

    vi +/DocumentRoot httpd.conf
  2. Set DocumentRoot to wherever you placed your default page. I usually place this somewhere else so that regular script kiddies won’t be able to easily find it.

    DocumentRoot "/var/www/html"
  3. Set the AllowOverride to All to activate mod_rewrite to the folder.
    <Directory “/var/www/html”&glt;
    Options Indexes FollowSymLinks
    AllowOverride All
    Order allow,deny
    Allow from all
    </Directory>
    In case your physical files for your virtual hosts are placed on different folders, you can add separate entries of <Directory> to activate mod security to all of them

Install suPHP

Run the commands below one by one

cd /tmp
wget http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.2-2.el5.rf.i386.rpm
rpm --import http://apt.sw.be/RPM-GPG-KEY.dag.txt
rpm -K rpmforge-release-0.5.2-2.el5.rf.*.rpm
rpm -i rpmforge-release-0.5.2-2.el5.rf.*.rpm
yum -y install htop
yum -y install mod_suphp

Edit /etc/suphp.conf

vi /etc/suphp.conf

make sure these lines are there:

webserver_user=apache
x-httpd-php="php:/usr/bin/php-cgi"
x-suphp-cgi="execute:!self"

edit /etc/httpd/conf.d/suphp.conf (which is the global configuration for suPHP).

vi +/suPHP_Engine /etc/httpd/conf.d/suphp.conf

set suPHP_Engine off

Enable VirtualHost

To make suPHP to work with VirtualHost, add these few lines inside tag.

suPHP_Engine on
suPHP_UserGroup username groupname
AddHandler x-httpd-php .php .php3 .php4 .php5
suPHP_AddHandler x-httpd-php

Example :


ServerAdmin support@yourdomain.com
DocumentRoot /usr/kitty/yourdomain.com
ServerName yourdomain.com
ServerAlias *.yourdomain.com
suPHP_Engine on
suPHP_UserGroup kitty kitty
AddHandler x-httpd-php .php .php3 .php4 .php5
suPHP_AddHandler x-httpd-php
ErrorLog logs/yourdomain.com-error_log
CustomLog logs/yourdomain.com-access_log common

I usually put the virtual host entries in a separate file. I edit it via the command below

vi /etc/httpd/conf.d/httpd-vhosts.conf

Source : CentOS Additional Packages

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Post Navigation