Setting up a LAMP stack on CentOS 8

Here are the command-line steps needed to get a bare CentOS 8.0 distro ready for full LAMP (Apache-MySQL-PHP) hosting:

(Note - replace mysite.com with the domain name of your own website, and server1.mysite.com with this server's hostname.)

hostname 
vi /etc/hosts
#	(Set public IP address to proper FQDN)
hostname server1.mysite.com
vi /etc/sysconfig/network
#	(Set HOSTNAME=server1.mysite.com)

yum install -y epel-release perl-CPAN bind-utils logwatch rsync smartmontools php mysql-server httpd php-pear php-xml php-posix php-json php-mbstring php-gd gcc make wget

vi /etc/php.ini 
#	(set memory limit, check error-reporting)

# Set up a local SSL cert
openssl req -x509 -out localhost.crt -keyout localhost.key   -newkey rsa:2048 -nodes -sha256   -subj '/CN=localhost' -extensions EXT -config <( \
     printf "[dn]\nCN=localhost\n[req]\ndistinguished_name = dn\n[EXT]\nsubjectAltName=DNS:localhost\nkeyUsage=digitalSignature\nextendedKeyUsage=serverAuth")
mv localhost.crt /etc/pki/tls/certs/
mv localhost.key /etc/pki/tls/private/

# Set up certbot
wget https://dl.eff.org/certbot-auto
mv certbot-auto /usr/local/bin/certbot-auto && chmod 0755 /usr/local/bin/certbot-auto
/usr/local/bin/certbot-auto --apache

systemctl enable --now httpd
systemctl enable --now mysqld
systemctl enable --now smartd

# Add firewall rules for HTTP, HTTPS and MySQL.  We need to replace my_ip with our personal IP address.  By the way, we don't accept non-localhost SMTP connect requests.
firewall-cmd --zone=public --permanent --add-service=http
firewall-cmd --zone=public --permanent --add-service=https
firewall-cmd --reload
firewall-cmd --new-zone=special --permanent
firewall-cmd --reload
firewall-cmd --zone=special --add-source=my_ip/32
firewall-cmd --zone=special --add-port=4567/tcp

# Set up the website
adduser mysite.com
usermod  -G apache mysite.com
passwd mysite.com
mkdir /var/www/vhosts/mysite.com/www
chown -R mysite.com.apache /var/www/vhosts/mysite.com
usermod  -G apache mysite.com
passwd mysite.com
vi /etc/httpd/conf.d/vhosts.conf
#	(Add virtualhost entries)

# Confirm that your website is working on https, at https://www.ssllabs.com/ssltest/

yum install -y sysstat
systemctl enable --now sysstat
sar -q
#	(for resource monitoring over time)

vi /etc/my.cnf.d/mysql-server.cnf 
	(add slow-logging)
touch /var/log/mysql-slow.log && chown mysql.mysql /var/log/mysql-slow.log
systemctl restart mysqld

# Keep yum packages up to date:
dnf install dnf-automatic
systemctl enable --now dnf-automatic.timers

vi /etc/aliases 
	(send root email to external account, eg, root me@mydomain.com)
yum install -y postfix
systemctl enable --now postfix

# For ImageMagick support:
yum install -y php-devel GraphicsMagick GraphicsMagick-devel GraphicsMagick-perl

yum install -y fail2ban
# Create /etc/fail2ban/jail/local with this content:
[DEFAULT] # Ban hosts for one hour: bantime = 3600 banaction = firewallcmd-ipset [sshd] enabled = true
systemctl enable --now fail2ban For sendmail TLS/SSL support (using a 'real' SSL certificate): yum install -y sendmail sendmail-cf Edit these lines in /etc/mail/sendmail.mc: define(`confCACERT_PATH', `/etc/pki/tls/certs')dnl define(`confCACERT', `/etc/pki/tls/certs/ca-bundle.crt')dnl define(`confSERVER_CERT', `/etc/pki/tls/certs/mydomain.crt')dnl define(`confSERVER_KEY', `/etc/pki/tls/private/mydomain-nopass.key')dnl /etc/mail/make systemctl enable saslauthd.service systemctl start saslauthd.service systemctl enable sendmail.service systemctl start sendmail.service


Comments

It's quiet in here...Add your comment