I recently signed up a VPS account without a management panel. I write this post to record the steps that I took to set it up so that I can refer back when I need in the future. I hope this will also help anyone out there trying to do the same.
The VPS is set up with Centos 6.5 (64 bit) Operating System. Since I don’t want to pay for additional cost of licence for Management Panel (cPanel or Plesk Panel, or others), all the installation and management of the VPS will be done through command line (SSH). I might actually try to install free management panel like Webuzo, Zpanel or other later on, but SSH is all I have for now.
The following are the main steps that I will do:
- Set up web server (Apache 2.4 or nginx)
- Set up MySQL Database Server
- Set up PHP
- Set up phpMyAdmin
- Set up Postfix, Cyrus and webmail client
- Set up Config Server Firewall
- Set up ClamAV
- Set up email server (Exim)
- Create user accounts for different websites that I will host on this server
As I progress with my set up, I will update this post. At the moment, I’ve just finished with installing Apache 2.4. I decided to use Apache after doing some research and considering nginx.
1. Setting up the web server
I would like to thank Jason Powell for his post on installing Apache 2.4 on CentOS. The following steps are adapted from his post.
First, install the required packages
yum groupinstall "Development Tools"
yum install openssl-devel
yum install pcre-devel
Then, download Apache. At the time of this writing the latest Apache version is 2.4.10. I downloaded it from the nearest mirror.
cd /usr/src
wget http://mirror.nus.edu.sg/apache/httpd/httpd-2.4.10.tar.gz
tar zxvf httpd-2.4.10.tar.gz
Next, download the APR and APR-Util (also from the same mirror).
wget http://mirror.nus.edu.sg/apache/apr/apr-1.5.1.tar.gz
wget http://mirror.nus.edu.sg/apache/apr/apr-util-1.5.3.tar.gz
tar zxvf apr-1.5.1.tar.gz
tar zxvf apr-util-1.5.3.tar.gz
Move the apr and apr-util to our apache source files.
mv apr-1.5.1 /usr/src/httpd-2.4.10/srclib/apr
mv apr-util-1.5.3 /usr/src/httpd-2.4.10/srclib/apr-util
Compiling.
cd /usr/src/httpd-2.4.10
./configure --enable-so --enable-ssl --with-mpm=prefork --with-included-apr --enable-mods-shared=all --enable-deflate
make
make install
Edit the Apache configuration file /usr/local/apache2/conf/httpd.conf
vi /usr/local/apache2/conf/httpd.conf
and uncomment these two lines to enable SSL
LoadModule ssl_module modules/mod_ssl.so
Include conf/extra/httpd-ssl.conf
The file conf/extra/httpd-ssl.conf contains the default configuration for SSL. It also specifies the location of the server.crt and server.key files which will need to be created.
SSLCertificateFile "/usr/local/apache2/conf/server.crt"
SSLCertificateKeyFile "/usr/local/apache2/conf/server.key"
Creating the server.crt and server.key files
First, use openssl to generate the server.key
cd /usr/src
openssl genrsa -des3 -out server.key 2048
The above command will ask for a password which will be required when starting Apache later.
Next, generate a certificate request file (server.csr) using the above server.key file.
openssl req -new -key server.key -out server.csr
Finally, generate a self signed ssl certificate (server.crt) using the above server.key and server.csr file.
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
Copy the server.key and server.crt file to appropriate Apache configuration directory location.
cp server.key /usr/local/apache2/conf/
cp server.crt /usr/local/apache2/conf/
Start Apache
Start apache by running the following command.
/usr/local/apache2/bin/apachectl start
A couple of error message might pop op preventing Apache from running. Please edit the https.conf file and uncomment the lines shown below
AH00526: Syntax error on line 51 of /usr/local/apache2/conf/extra/httpd-ssl.conf:
Invalid command 'SSLCipherSuite', perhaps misspelled or defined by a module not included in the server configurationLoadModule ssl_module modules/mod_ssl.so
AH00526: Syntax error on line 76 of /usr/local/apache2/conf/extra/httpd-ssl.conf:
SSLSessionCache: 'shmcb' session cache not supported (known names: ). Maybe you need to load the appropriate socache module (mod_socache_shmcb?).LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
Once the httpd.conf pass without any error, you will need to enter the password for you private key that you defined earlier.
/usr/local/apache2/bin/apachectl start
Apache/2.4.10 mod_ssl (Pass Phrase Dialog)
Some of your private key files are encrypted for security reasons.
In order to read them you have to provide the pass phrases.Private key www.example.com:443:0 (/usr/local/apache2/conf/server.key)
Enter pass phrase:
To stop apache, use the following command.
/usr/local/apache2/bin/apachectl stop
Adding Apache bin folder to $PATH
For convenience, I add the /usr/local/apache2/bin/ to the path so that I can run apachectl from anywhere.
echo 'pathmunge /usr/local/apache2/bin' > /etc/profile.d/httpd.sh
chmod +x /etc/profile.d/httpd.sh
Reload the profile by logging off and on again or by running
. /etc/profile
Opening port 80 and 443 in the firewall
To ensure that both port 80 and 443 is opened in the firewall for web traffic, edit the iptables file and lines shown below.
vi /etc/sysconfig/iptables-A INPUT -i eth0 -p tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT
-A OUTPUT -o eth0 -p tcp --sport 80 -m state --state ESTABLISHED -j ACCEPT
-A INPUT -i eth0 -p tcp --dport 443 -m state --state NEW,ESTABLISHED -j ACCEPT
-A OUTPUT -o eth0 -p tcp --sport 443 -m state --state ESTABLISHED -j ACCEPT
Restart the iptables service
service iptables restart
Check that the websites can be accessed remotely using your ip address or domain name.
http://<<ip address or domain name>>
https://<<ip address or domain name>>