Setting up a LAMP stack on CentOS 8

Here are the command-line steps needed to get a bare CentOS 8.0 distro ready for full LAMP (Apache-MySQL-PHP) hosting:

(Note - replace with the domain name of your own website, and with this server's hostname.)

vi /etc/hosts
#	(Set public IP address to proper FQDN)
vi /etc/sysconfig/network
#	(Set

yum install -y epel-release perl-CPAN bind-utils logwatch rsync smartmontools php mysql-server httpd php-pear php-xml php-posix php-json php-mbstring php-gd php-mysqlnd php-pdo gcc make wget smem

vi /etc/php.ini 
#	(set memory limit, check error-reporting)

# GeoIP support
yum install geoip-devel
pecl install
echo >> /etc/php.d/40-geoip.ini

# Set up a local SSL cert
openssl req -x509 -out localhost.crt -keyout localhost.key   -newkey rsa:2048 -nodes -sha256   -subj '/CN=localhost' -extensions EXT -config <( \
     printf "[dn]\nCN=localhost\n[req]\ndistinguished_name = dn\n[EXT]\nsubjectAltName=DNS:localhost\nkeyUsage=digitalSignature\nextendedKeyUsage=serverAuth")
mv localhost.crt /etc/pki/tls/certs/
mv localhost.key /etc/pki/tls/private/

# Set up certbot (from
yum install snapd
systemctl enable --now snapd.socket
ln -s /var/lib/snapd/snap /snap
<(logout & login again)
snap install core
snap refresh core
yum remove certbot # (may already have been done by the old certbot's auto-renew)
snap install --classic certbot
ln -s /snap/bin/certbot /usr/bin/certbot
(logout & login again)
certbot --apache
certbot renew --dry-run

# httpd: consider using the mpm_prefork model
vi /etc/httpd/conf.modules.d/00-mpm.conf

systemctl enable --now httpd
systemctl enable --now mysqld
systemctl enable --now smartd

# Add firewall rules for HTTP, HTTPS and MySQL.  We need to replace my_ip with our personal IP address.  By the way, we don't accept non-localhost SMTP connect requests.
firewall-cmd --zone=public --permanent --add-service=http
firewall-cmd --zone=public --permanent --add-service=https
firewall-cmd --reload
firewall-cmd --new-zone=special --permanent
firewall-cmd --reload
firewall-cmd --zone=special --add-source=my_ip/32
firewall-cmd --zone=special --add-port=4567/tcp

# Set up the website
usermod  -G apache
mkdir /var/www/vhosts/
chown -R /var/www/vhosts/
vi /etc/httpd/conf.d/vhosts.conf
#	(Add virtualhost entries)

# Confirm that your website is working on https, at

# For resource monitoring over time:
yum install -y sysstat
systemctl enable --now sysstat
sar -q

vi /etc/my.cnf.d/mysql-server.cnf 
	(add slow-logging)
	(add sql_mode=)

touch /var/log/mysql-slow.log && chown mysql.mysql /var/log/mysql-slow.log
systemctl restart mysqld

# Keep yum packages up to date:
dnf install dnf-automatic
systemctl enable --now dnf-automatic.timers

vi /etc/aliases 
	(send root email to external account, eg, root
yum install -y postfix
systemctl enable --now postfix

# For GraphicsMagick support: (from
dnf install GraphicsMagick GraphicsMagick-devel GraphicsMagick-perl
cd /usr/local/src &&  wget &&  tar xfvz gmagick &&  cd gmagick-* &&  phpize &&  ./configure  &&  make && make install
echo >> /etc/php.d/40-gmagick.ini
systemctl restart php-fpm.service && apachectl restart

yum install -y fail2ban
# Create /etc/fail2ban/jail/local with this content:
[DEFAULT] # Ban hosts for one hour: bantime = 3600 banaction = firewallcmd-ipset [sshd] enabled = true
systemctl enable --now fail2ban For sendmail TLS/SSL support (using a 'real' SSL certificate): yum install -y sendmail sendmail-cf Edit these lines in /etc/mail/ define(`confCACERT_PATH', `/etc/pki/tls/certs')dnl define(`confCACERT', `/etc/pki/tls/certs/ca-bundle.crt')dnl define(`confSERVER_CERT', `/etc/pki/tls/certs/mydomain.crt')dnl define(`confSERVER_KEY', `/etc/pki/tls/private/mydomain-nopass.key')dnl /etc/mail/make systemctl enable saslauthd.service systemctl start saslauthd.service systemctl enable sendmail.service systemctl start sendmail.service


It's quiet in here...Add your comment