The Perfect Server - CentOS 5.6 x86_64 [ISPConfig 2] - Page 6

12 Apache2 With PHP, Ruby, Python, WebDAV

Now we install Apache with PHP (this is PHP 5.1.6):

yum install php php-devel php-gd php-imap php-ldap php-mysql php-odbc php-pear php-xml php-xmlrpc curl curl-devel perl-libwww-perl ImageMagick libxml2 libxml2-devel

Then edit /etc/httpd/conf/httpd.conf:

vi /etc/httpd/conf/httpd.conf

and change DirectoryIndex to

DirectoryIndex index.html index.htm index.shtml index.cgi index.php index.php3

Now configure your system to start Apache at boot time:

chkconfig --levels 235 httpd on

Start Apache:

/etc/init.d/httpd start


12.1 Disable PHP Globally

(If you do not plan to install ISPConfig on this server, please skip this section!)

In ISPConfig you will configure PHP on a per-website basis, i.e. you can specify which website can run PHP scripts and which one cannot. This can only work if PHP is disabled globally because otherwise all websites would be able to run PHP scripts, no matter what you specify in ISPConfig.

To disable PHP globally, we edit /etc/httpd/conf.d/php.conf and comment out the AddHandler and AddType lines:

vi /etc/httpd/conf.d/php.conf

# PHP is an HTML-embedded scripting language which attempts to make it
# easy for developers to write dynamically generated webpages.
<IfModule prefork.c>
  LoadModule php5_module modules/
<IfModule worker.c>
  # Use of the "ZTS" build with worker is experimental, and no shared
  # modules are supported.
  LoadModule php5_module modules/

# Cause the PHP interpreter to handle files with a .php extension.
#AddHandler php5-script .php
#AddType text/html .php

# Add index.php to the list of files that will be served as directory
# indexes.
DirectoryIndex index.php

# Uncomment the following line to allow PHP to pretty-print .phps
# files as PHP source code:
#AddType application/x-httpd-php-source .phps

Afterwards we restart Apache:

/etc/init.d/httpd restart


12.2 Installing mod_ruby

For CentOS 5.6, there's no mod_ruby package available, so we must compile it ourselves. First we install some prerequisites:

yum install httpd-devel ruby ruby-devel

Next we download and install mod_ruby as follows:

cd /tmp
tar zxvf mod_ruby-1.3.0.tar.gz
cd mod_ruby-1.3.0/
./configure.rb --with-apr-includes=/usr/include/apr-1
make install

Finally we must add the mod_ruby module to the Apache configuration, so we create the file /etc/httpd/conf.d/ruby.conf...

vi /etc/httpd/conf.d/ruby.conf

LoadModule ruby_module modules/

... and restart Apache:

/etc/init.d/httpd restart


12.3 Installing mod_python

To install mod_python, we simply run...

yum install mod_python

... and restart Apache afterwards:

/etc/init.d/httpd restart


12.4 WebDAV

WebDAV should already be enabled, but to check this, open /etc/httpd/conf/httpd.conf and make sure that the following three modules are active:

vi /etc/httpd/conf/httpd.conf

LoadModule auth_digest_module modules/
LoadModule dav_module modules/
LoadModule dav_fs_module modules/

If you have to modify /etc/httpd/conf/httpd.conf, don't forget to restart Apache afterwards:

/etc/init.d/httpd restart


13 ProFTPd

ISPConfig has better support for proftpd than vsftpd, so let's remove vsftpd:

yum remove vsftpd

Because CentOS has no proftpd package, we have to compile Proftpd manually:

cd /tmp/
wget --passive-ftp
tar xvfz proftpd-1.3.3e.tar.gz
cd proftpd-1.3.3e/
./configure --sysconfdir=/etc
make install
cd ..
rm -fr proftpd-1.3.3e*

The proftpd binary gets installed in /usr/local/sbin, but we need it in /usr/sbin, so we create a symlink:

ln -s /usr/local/sbin/proftpd /usr/sbin/proftpd

Now create the init script /etc/init.d/proftpd:

vi /etc/init.d/proftpd

# $Id: proftpd.init,v 1.1 2004/02/26 17:54:30 thias Exp $
# proftpd        This shell script takes care of starting and stopping
#                proftpd.
# chkconfig: - 80 30
# description: ProFTPD is an enhanced FTP server with a focus towards \
#              simplicity, security, and ease of configuration. \
#              It features a very Apache-like configuration syntax, \
#              and a highly customizable server infrastructure, \
#              including support for multiple 'virtual' FTP servers, \
#              anonymous FTP, and permission-based directory visibility.
# processname: proftpd
# config: /etc/proftp.conf
# pidfile: /var/run/

# Source function library.
. /etc/rc.d/init.d/functions

# Source networking configuration.
. /etc/sysconfig/network

# Check that networking is up.
[ ${NETWORKING} = "no" ] && exit 0

[ -x /usr/sbin/proftpd ] || exit 0



start() {
        echo -n $"Starting $prog: "
        daemon proftpd
        [ $RETVAL -eq 0 ] && touch /var/lock/subsys/proftpd

stop() {
        echo -n $"Shutting down $prog: "
        killproc proftpd
        [ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/proftpd

# See how we were called.
case "$1" in
        status proftpd
        if [ -f /var/lock/subsys/proftpd ]; then
        echo -n $"Re-reading $prog configuration: "
        killproc proftpd -HUP
        echo "Usage: $prog {start|stop|restart|reload|condrestart|status}"
        exit 1

exit $RETVAL

Then we make the init script executable:

chmod 755 /etc/init.d/proftpd

Next we open /etc/proftpd.conf and change Group to nobody:

vi /etc/proftpd.conf

Group                           nobody

For security reasons you can also add the following lines to /etc/proftpd.conf (thanks to Reinaldo Carvalho; more information can be found here:

vi /etc/proftpd.conf

DefaultRoot ~
IdentLookups off
ServerIdent on "FTP Server ready."

To make sure that FTP users can use the chmod command, comment out the <Limit SITE_CHMOD> section:

# Bar use of SITE CHMOD by default
#  DenyAll

Now we can create the system startup links for Proftpd:

chkconfig --levels 235 proftpd on

And finally we start Proftpd:

/etc/init.d/proftpd start

Share this page:

5 Comment(s)

Add comment


From: Ivan at: 2011-04-30 15:19:13

CentOS just went three months without a security update, how can that possibly be considered for the "perfect" server?

From: Bob McConnell at: 2011-04-27 12:55:46

I don't see any mention of PCI compliance in the article. That is absolutely necessary before you can accept any credit cards on your servers. Did someone forget that section?

From: Joseph J. Geller at: 2011-05-05 11:41:26


I did not even think of this with regards to ISPConfig but probably a good question. I am developing a site that has to be PCI compliant and just finishing up adding the site using ISPConfig so I will be pursuing this and post what I find here. I know it facilitates SSL Certificates as I am adding a Comodo one next but realize there are a lot more considerations to pass a PCI audit on the server side. I am an MSP and have also posed this question to the CTO at CloudSigma ( which provides the cloud server I am running CentOS 5.5 on with Apache, MySQL and PHP using Joomla, Droomla (Drupal 6 running on Joomla), and Ubercart. I'll see if I can get Falko's attention so we can cut to the chase quickly as I have to have this site up in the next few days.


Stony Creek Consulting, Inc.

Joseph J. Geller 

From: Anonymous at: 2011-06-01 21:33:00

I followed a few guides. I'm waiting to hear you report back. I'm using CentOS, apache, php5.2, joomla1.6 too and would like to know more. 

From: mksa at: 2011-07-18 21:18:24

Dear all,

 Thanks for this guide. I tried it on my VPS with no luck, after digging around I found that you have to move the old installation directories found under "/home" to another path "example /backup" then rerun the installation script again. when its done move out the installation directory "cd /" and restart ispconfig_server service.

 Its working  as it suppose to be now.