Get a CentOS Server Web-Ready

Here are the command-line steps needed to get a bare CentOS 7.2 distro ready for full LAMP (Apache-MySQL-PHP) hosting:

(Note - replace with the domain name of your own website, and with this server's hostname.)

vi /etc/hosts
	(Set public IP address to proper FQDN)
vi /etc/sysconfig/network

yum install -y perl-CPAN netutils bind-utils logwatch rsync smartmontools php php-mysql php-devel mysqltuner mysqltop mariadb mariadb-server mariadb-devel httpd
systemctl enable httpd.service
systemctl enable mariadb.service
systemctl enable smartd.service
systemctl start httpd.service
systemctl start mariadb.service
systemctl start smartd.service

mkdir /home/
chown -R /home/

yum install -y php-pear php-xml php-posix gcc gcc-devel make json
echo >> /etc/php.d/json.ini
yum install -y php-mbstring php-gd
systemctl restart httpd.service
vi /etc/php.ini 
	(set memory limit, check error-reporting)

Add the RPMForge module, to give you many more packages in yum.  Check for the latest RPM at
rpm -ivh

yum install -y sysstat htop smem
systemctl enable sysstat.service
systemctl start sysstat.service
sar -q

vi /etc/my.cnf 
	(add slow-logging)
touch /var/log/mysql-slow.log
chown mysql.mysql /var/log/mysql-slow.log
systemctl restart mariadb.service

usermod  -G apache

yum install -y vsftpd
systemctl enable vsftpd.service
systemctl start vsftpd.service

Add firewall rules for MySQL, FTP and SMTP.  We need to replace my_ip with our personal IP address.  By the way, we don't accept non-localhost SMTP connect requests.
iptables -I INPUT -p tcp --dport 3306 -s -j ACCEPT
iptables -I INPUT -p tcp --dport 3306 -s my_ip/32 -j ACCEPT
iptables -A INPUT -p tcp --dport 3306 -j DROP
iptables -I INPUT -p tcp --dport 21 -s my_ip/32 -j ACCEPT
iptables -I INPUT -p tcp --dport 20 -s my_ip/32 -j ACCEPT
iptables -A INPUT -p tcp --dport 21 -j DROP
iptables -A INPUT -p tcp --dport 20 -j DROP
iptables -I INPUT -p tcp --dport 25 -s -j ACCEPT
iptables -A INPUT -p tcp --dport 25 -j DROP
iptables -L --line-numbers

Keep yum packages up to date:
yum install -y yum-cron
systemctl enable yum-cron.service
systemctl start yum-cron.service

vi /etc/aliases 
	(send root email to external account, eg, root
yum install -y postfix
systemctl enable postfix.service
systemctl start postfix.service


For GeoIP support:
yum install -y geoip geoip-devel
pecl install geoip
echo  "" > /etc/php.d/geoip.ini
systemctl restart httpd.service

For ImageMagick support:
yum install -y ImageMagick ImageMagick-devel
pecl install Imagick
echo "" > /etc/php.d/imagick.ini
systemctl restart httpd.service

For php file upload progress support:
pecl install uploadprogress
echo "" > /etc/php.d/uploadprogress.ini

cd /etc/httpd/conf.d/
vi vhosts.conf
	(Add virtualhost entries)
service httpd restart

yum install -y fail2ban
systemctl enable fail2ban.service
systemctl start fail2ban.service

For sendmail TLS/SSL support (using a 'real' SSL certificate):
yum install -y sendmail sendmail-cf
Edit these lines in /etc/mail/
define(`confCACERT_PATH', `/etc/pki/tls/certs')dnl
define(`confCACERT', `/etc/pki/tls/certs/ca-bundle.crt')dnl
define(`confSERVER_CERT', `/etc/pki/tls/certs/mydomain.crt')dnl
define(`confSERVER_KEY', `/etc/pki/tls/private/mydomain-nopass.key')dnl
systemctl enable saslauthd.service
systemctl start saslauthd.service
systemctl enable sendmail.service
systemctl start sendmail.service


by John Swindells on 16 October 2013
Good instructions for adding DKIM support (using opendkim): Set Up DKIM (DomainKeys Identified Mail) Working With Postfix On CentOS Using OpenDKIM
by Gregg on 25 March 2011
Great stuff, as a server newb I'd love to see a few comments describing some of the tasks like how to add rules for ports 20 and 21 add how to add an ftp exclusion and where those variables are in the files.

Thanks though, great stuff.

Add your comment