Setting up a LAMP stack on CentOS 8

By John Swindells 05 Oct 2021 | Comment

| Share: Facebook Twitter Copy link https://swinny.net/Technology/-5148-Setting-up-a-LAMP-stack-on-CentOS-8

Here are the command-line steps needed to get a bare CentOS 8.0 distro ready for full LAMP (Apache-MySQL-PHP) hosting:

(Note - replace mysite.com with the domain name of your own website, and server1.mysite.com with this server's hostname.)

hostname 
vi /etc/hosts
#	(Set public IP address to proper FQDN)
hostname server1.mysite.com
vi /etc/sysconfig/network
#	(Set HOSTNAME=server1.mysite.com)

yum install -y epel-release perl-CPAN bind-utils logwatch rsync smartmontools php mysql-server httpd php-pear php-xml php-posix php-json php-mbstring php-gd php-mysqlnd php-pdo gcc make wget smem

vi /etc/php.ini 
#	(set memory limit, check error-reporting)

# GeoIP support
yum install geoip-devel
pecl install http://pecl.php.net/get/geoip-1.1.1.tgz
echo extension=geoip.so >> /etc/php.d/40-geoip.ini

# Set up a local SSL cert
openssl req -x509 -out localhost.crt -keyout localhost.key   -newkey rsa:2048 -nodes -sha256   -subj '/CN=localhost' -extensions EXT -config <( \
     printf "[dn]\nCN=localhost\n[req]\ndistinguished_name = dn\n[EXT]\nsubjectAltName=DNS:localhost\nkeyUsage=digitalSignature\nextendedKeyUsage=serverAuth")
mv localhost.crt /etc/pki/tls/certs/
mv localhost.key /etc/pki/tls/private/

# Set up certbot (from certbot.eff.org)
yum install snapd
systemctl enable --now snapd.socket
ln -s /var/lib/snapd/snap /snap
<(logout & login again)
snap install core
snap refresh core
yum remove certbot # (may already have been done by the old certbot's auto-renew)
snap install --classic certbot
ln -s /snap/bin/certbot /usr/bin/certbot
(logout & login again)
certbot --apache
certbot renew --dry-run

# httpd: consider using the mpm_prefork model
vi /etc/httpd/conf.modules.d/00-mpm.conf

systemctl enable --now httpd
systemctl enable --now mysqld
systemctl enable --now smartd

# Add firewall rules for HTTP, HTTPS and MySQL.  We need to replace my_ip with our personal IP address.  By the way, we don't accept non-localhost SMTP connect requests.
firewall-cmd --zone=public --permanent --add-service=http
firewall-cmd --zone=public --permanent --add-service=https
firewall-cmd --reload
firewall-cmd --new-zone=special --permanent
firewall-cmd --reload
firewall-cmd --zone=special --add-source=my_ip/32
firewall-cmd --zone=special --add-port=4567/tcp

# Set up the website
adduser mysite.com
usermod  -G apache mysite.com
passwd mysite.com
mkdir /var/www/vhosts/mysite.com/www
chown -R mysite.com.apache /var/www/vhosts/mysite.com
vi /etc/httpd/conf.d/vhosts.conf
#	(Add virtualhost entries)

# Confirm that your website is working on https, at https://www.ssllabs.com/ssltest/

# For resource monitoring over time:
yum install -y sysstat
systemctl enable --now sysstat
sar -q

vi /etc/my.cnf.d/mysql-server.cnf 
	(add slow-logging)
	(add sql_mode=)

touch /var/log/mysql-slow.log && chown mysql.mysql /var/log/mysql-slow.log
systemctl restart mysqld

# Keep yum packages up to date:
dnf install dnf-automatic
systemctl enable --now dnf-automatic.timers

vi /etc/aliases 
	(send root email to external account, eg, root me@mydomain.com)
yum install -y postfix
systemctl enable --now postfix

# For GraphicsMagick support: (from https://www.tecmint.com/install-imagemagick-in-linux/)
dnf install GraphicsMagick GraphicsMagick-devel GraphicsMagick-perl
cd /usr/local/src &&  wget https://pecl.php.net/get/gmagick &&  tar xfvz gmagick &&  cd gmagick-* &&  phpize &&  ./configure  &&  make && make install
echo extension=gmagick.so >> /etc/php.d/40-gmagick.ini
systemctl restart php-fpm.service && apachectl restart

yum install -y fail2ban
# Create /etc/fail2ban/jail/local with this content:

[DEFAULT]
# Ban hosts for one hour:
bantime = 3600
banaction = firewallcmd-ipset

[sshd]
enabled = true


systemctl enable --now fail2ban

For sendmail TLS/SSL support (using a 'real' SSL certificate):
yum install -y sendmail sendmail-cf
Edit these lines in /etc/mail/sendmail.mc:
define(`confCACERT_PATH', `/etc/pki/tls/certs')dnl
define(`confCACERT', `/etc/pki/tls/certs/ca-bundle.crt')dnl
define(`confSERVER_CERT', `/etc/pki/tls/certs/mydomain.crt')dnl
define(`confSERVER_KEY', `/etc/pki/tls/private/mydomain-nopass.key')dnl
/etc/mail/make
systemctl enable saslauthd.service
systemctl start saslauthd.service
systemctl enable sendmail.service
systemctl start sendmail.service

Share: Facebook Twitter Copy link https://swinny.net/Technology/-5148-Setting-up-a-LAMP-stack-on-CentOS-8

Comments

• Ajax
• Computer Programming
• Computer Retailers Rated and
• Computing
• Crivit products
• Internet Access: UK Broadban
• iPhone and other Smartphone
• Laptops
• Linux Solutions
• My IP Address
• Rackspace Cloud Hosting
• Robotics
• The Broadband Selection Guide
• The Developer's Apple Mac
• The Social Web
• Twitter
• Web Programming
• Windows Vista

Related Reading

• Options for escaping Google Workspace
• Don't let someone else use your broadband DSL login!
• Using the Mac Migration Assistant
• Broadband auto-compensation really rolling out?
• Screenshot browser element in Javascript
• Developer notes for MacOS Mojave
• CSS method for adding "new window" icon to external links
• Get digging for better rural broadband
• Free tool to check your Wi-Fi performance