Set up lnux box for hosting a-z

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Posted by microchasm on Server Fault See other posts from Server Fault or by microchasm
Published on 2010-05-16T17:01:21Z Indexed on 2010/05/17 4:50 UTC
Read the original article Hit count: 352

Filed under:
|
|
|
|

I am in the process of reinstalling the OS on a machine that will be used to host a couple of apps for our business. The apps will be local only; access from external clients will be via vpn only.

The prior setup used a hosting control panel (Plesk) for most of the admin, and I was looking at using another similar piece of software for the reinstall - but I figured I should finally learn how it all works. I can do most of the things the software would do for me, but am unclear on the symbiosis of it all. This is all an attempt to further distance myself from the land of Configuration Programmer/Programmer, if at all possible.

I can't find a full walkthrough anywhere for what I'm looking for, so I thought I'd put up this question, and if people can help me on the way I will edit this with the answers, and document my progress/pitfalls. Hopefully someday this will help someone down the line.

The details:

  • CentOS 5.5 x86_64
  • httpd: Apache/2.2.3
  • mysql: 5.0.77 (to be upgraded)
  • php: 5.1 (to be upgraded)

The requirements:

  • SECURITY!!
    • Secure file transfer
    • Secure client access (SSL Certs and CA)
    • Secure data storage
  • Virtualhosts/multiple subdomains
  • Local email would be nice, but not critical

The Steps:

  • Download latest CentOS DVD-iso (torrent worked great for me).

  • Install CentOS:
    While going through the install, I checked the Server Components option thinking I was going to be using another Plesk-like admin. In hindsight, considering I've decided to try to go my own way, this probably wasn't the best idea.

  • Basic config:
    Setup users, networking/ip address etc. Yum update/upgrade.

  • Upgrade PHP:
    To upgrade PHP to the latest version, I had to look to another repo outside CentOS. IUS looks great and I'm happy I found it!

cd /tmp

#wget http://dl.iuscommunity.org/pub/ius/stable/Redhat/5/x86_64/epel-release-1-1.ius.el5.noarch.rpm

#rpm -Uvh epel-release-1-1.ius.el5.noarch.rpm

#wget http://dl.iuscommunity.org/pub/ius/stable/Redhat/5/x86_64/ius-release-1-4.ius.el5.noarch.rpm

#rpm -Uvh ius-release-1-4.ius.el5.noarch.rpm

yum list | grep -w \.ius\.

[will list all packages available in the IUS repo]

rpm -qa | grep php

[will list installed packages needed to be removed. the installed packages need to be removed before you can install the IUS packages otherwise there will be conflicts]

#yum shell

>remove php-gd php-cli php-odbc php-mbstring php-pdo php php-xml php-common php-ldap php-mysql php-imap

Setting up Remove Process

>install php53 php53-mcrypt php53-mysql php53-cli php53-common php53-ldap php53-imap php53-devel

>transaction solve

>transaction run

Leaving Shell

#php -v

PHP 5.3.2 (cli) (built: Apr 6 2010 18:13:45)

This process removes the old version of PHP and installs the latest.

  • To upgrade mysql: Pretty much the same process as above with PHP

#/etc/init.d/mysqld stop

[OK]

rpm -qa | grep mysql

[installed mysql packages]

#yum shell

>remove mysql mysql-server

Setting up Remove Process

>install mysql51 mysql51-server mysql51-devel

>transaction solve

>transaction run

Leaving Shell

#service mysqld start

[OK]

#mysql -v

Server version: 5.1.42-ius Distributed by The IUS Community Project

The above upgrade instructions courtesy of IUS wiki: http://wiki.iuscommunity.org/Doc/ClientUsageGuide

  • Create a chroot jail to hold sftp user via rssh. This will force SCP/SFTP and will circumvent traditional FTP server setup.

#cd /tmp

#wget http://dag.wieers.com/rpm/packages/rssh/rssh-2.3.2-1.2.el5.rf.x86_64.rpm

#rpm -ivh rssh-2.3.2-1.2.el5.rf.x86_64.rpm

#useradd -m -d /home/dev -s /usr/bin/rssh dev

#passwd dev

Edit /etc/rssh.conf to grant access to SFTP to rssh users.

#vi /etc/rssh.conf

Uncomment line allowscp

This allows me to connect to the machine via SFTP protocol in Transmit (my FTP program of choice; I'm sure it's similar with other FTP apps).

Above instructions for SFTP appropriated (with appreciation!) from http://www.cyberciti.biz/tips/linux-unix-restrict-shell-access-with-rssh.html

And this is where I'm at. I will keep editing this as I make progress. Any tips on how to Configure virtual interfaces/ip based virtual hosts for SSL, setting up a CA, or anything else would be appreciated.

© Server Fault or respective owner

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Related posts about webserver

Related posts about apache

Categories cloud

.NET ASP.NET iphone linux python Windows mysql android sql windows-7 html c ruby-on-rails css objective-c ubuntu networking sql-server wpf asp.net-mvc ruby database Xml apache AJAX osx security regex django Performance 12.04 windows-xp mac web-development iphone-sdk vb.net Silverlight apache2 flash server perl best-practices email installation eclipse visual-studio algorithm windows-server-2008 winforms wcf firefox bash dns /Oracle