Set up Apache 2.4 on Centos 6.5 VPS without WHM/cPanel

By | 2 September 2014

I recently signed up a VPS account without a management panel. I write this post to record the steps that I took to set it up so that I can refer back when I need in the future. I hope this will also help anyone out there trying to do the same.

The VPS is set up with Centos 6.5 (64 bit) Operating System. Since I don’t want to pay for additional cost of licence for Management Panel (cPanel or Plesk Panel, or others), all the installation and management of the VPS will be done through command line (SSH). I might actually try to install free management panel like Webuzo, Zpanel or other later on, but SSH is all I have for now.

The following are the main steps that I will do:

  1. Set up web server (Apache 2.4 or nginx)
  2. Set up MySQL Database Server
  3. Set up PHP
  4. Set up phpMyAdmin
  5. Set up Postfix, Cyrus and webmail client
  6. Set up Config Server Firewall
  7. Set up ClamAV
  8. Set up email server (Exim)
  9. Create user accounts for different websites that I will host on this server

As I progress with my set up, I will update this post. At the moment, I’ve just finished with installing Apache 2.4. I decided to use Apache after doing some research and considering nginx.

1. Setting up the web server

I would like to thank Jason Powell for his post on installing Apache 2.4 on CentOS. The following steps are adapted from his post.

First, install the required packages

yum groupinstall "Development Tools"
yum install openssl-devel
yum install pcre-devel

Then, download Apache. At the time of this writing the latest Apache version is 2.4.10. I downloaded it from the nearest mirror.

cd /usr/src
wget http://mirror.nus.edu.sg/apache/httpd/httpd-2.4.10.tar.gz
tar zxvf httpd-2.4.10.tar.gz

Next, download the APR and APR-Util (also from the same mirror).

wget http://mirror.nus.edu.sg/apache/apr/apr-1.5.1.tar.gz
wget http://mirror.nus.edu.sg/apache/apr/apr-util-1.5.3.tar.gz
tar zxvf apr-1.5.1.tar.gz
tar zxvf apr-util-1.5.3.tar.gz

Move the apr and apr-util to our apache source files.

mv apr-1.5.1 /usr/src/httpd-2.4.10/srclib/apr
mv apr-util-1.5.3 /usr/src/httpd-2.4.10/srclib/apr-util

Compiling.

cd /usr/src/httpd-2.4.10
./configure --enable-so --enable-ssl --with-mpm=prefork --with-included-apr --enable-mods-shared=all --enable-deflate
make
make install

Edit the Apache configuration file /usr/local/apache2/conf/httpd.conf

vi /usr/local/apache2/conf/httpd.conf

and uncomment these two lines to enable SSL

LoadModule ssl_module modules/mod_ssl.so
Include conf/extra/httpd-ssl.conf

The file conf/extra/httpd-ssl.conf contains the default configuration for SSL. It also specifies the location of the server.crt and server.key files which will need to be created.

SSLCertificateFile "/usr/local/apache2/conf/server.crt"
SSLCertificateKeyFile "/usr/local/apache2/conf/server.key"

Creating the server.crt and server.key files

First, use openssl to generate the server.key

cd /usr/src
openssl genrsa -des3 -out server.key 2048

The above command will ask for a password which will be required when starting Apache later.

Next, generate a certificate request file (server.csr) using the above server.key file.

openssl req -new -key server.key -out server.csr

Finally, generate a self signed ssl certificate (server.crt) using the above server.key and server.csr file.

openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

Copy the server.key and server.crt file to appropriate Apache configuration directory location.

cp server.key /usr/local/apache2/conf/
cp server.crt /usr/local/apache2/conf/

Start Apache

Start apache by running the following command.

/usr/local/apache2/bin/apachectl start

A couple of error message might pop op preventing Apache from running. Please edit the https.conf file and uncomment the lines shown below

AH00526: Syntax error on line 51 of /usr/local/apache2/conf/extra/httpd-ssl.conf:
Invalid command 'SSLCipherSuite', perhaps misspelled or defined by a module not included in the server configuration

LoadModule ssl_module modules/mod_ssl.so

AH00526: Syntax error on line 76 of /usr/local/apache2/conf/extra/httpd-ssl.conf:
SSLSessionCache: 'shmcb' session cache not supported (known names: ). Maybe you need to load the appropriate socache module (mod_socache_shmcb?).

LoadModule socache_shmcb_module modules/mod_socache_shmcb.so

Once the httpd.conf pass without any error, you will need to enter the password for you private key that you defined earlier.

/usr/local/apache2/bin/apachectl start
Apache/2.4.10 mod_ssl (Pass Phrase Dialog)
Some of your private key files are encrypted for security reasons.
In order to read them you have to provide the pass phrases.

Private key www.example.com:443:0 (/usr/local/apache2/conf/server.key)
Enter pass phrase:

To stop apache, use the following command.

/usr/local/apache2/bin/apachectl stop

Adding Apache bin folder to $PATH

For convenience, I add the /usr/local/apache2/bin/ to the path so that I can run apachectl from anywhere.

echo 'pathmunge /usr/local/apache2/bin' > /etc/profile.d/httpd.sh
chmod +x /etc/profile.d/httpd.sh

Reload the profile by logging off and on again or by running

. /etc/profile

Opening port 80 and 443 in the firewall

To ensure that both port 80 and 443 is opened in the firewall for web traffic, edit the iptables file and lines shown below.

vi /etc/sysconfig/iptables

-A INPUT -i eth0 -p tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT
-A OUTPUT -o eth0 -p tcp --sport 80 -m state --state ESTABLISHED -j ACCEPT
-A INPUT -i eth0 -p tcp --dport 443 -m state --state NEW,ESTABLISHED -j ACCEPT
-A OUTPUT -o eth0 -p tcp --sport 443 -m state --state ESTABLISHED -j ACCEPT

Restart the iptables service

service iptables restart

Check that the websites can be accessed remotely using your ip address or domain name.

http://<<ip address or domain name>>
https://<<ip address or domain name>>

Leave a Reply

Your email address will not be published. Required fields are marked *