The Perfect Server - CentOS 6.2 x86_64 With Apache2 [ISPConfig 3] - Page 3

4 Adjust /etc/hosts

Next we edit /etc/hosts. Make it look like this:

vi /etc/hosts

127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
192.168.0.100   server1.example.com     server1

::1         localhost localhost.localdomain localhost6 localhost6.localdomain6

 

5 Configure The Firewall

(You can skip this chapter if you have already disabled the firewall at the end of the basic system installation.)

I want to install ISPConfig at the end of this tutorial which comes with its own firewall. That's why I disable the default CentOS firewall now. Of course, you are free to leave it on and configure it to your needs (but then you shouldn't use any other firewall later on as it will most probably interfere with the CentOS firewall).

Run

system-config-firewall

and disable the firewall.

To check that the firewall has really been disabled, you can run

iptables -L

afterwards. The output should look like this:

[root@server1 ~]# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
[root@server1 ~]#

 

6 Disable SELinux

SELinux is a security extension of CentOS that should provide extended security. In my opinion you don't need it to configure a secure system, and it usually causes more problems than advantages (think of it after you have done a week of trouble-shooting because some service wasn't working as expected, and then you find out that everything was ok, only SELinux was causing the problem). Therefore I disable it (this is a must if you want to install ISPConfig later on).

Edit /etc/selinux/config and set SELINUX=disabled:

vi /etc/selinux/config

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these two values:
#     targeted - Targeted processes are protected,
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted

Afterwards we must reboot the system:

reboot

 

7 Enable Additional Repositories And Install Some Software

First we import the GPG keys for software packages:

rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY*

Then we enable the RPMforge and EPEL repositories on our CentOS system as lots of the packages that we are going to install in the course of this tutorial are not available in the official CentOS 6.2 repositories:

rpm --import http://dag.wieers.com/rpm/packages/RPM-GPG-KEY.dag.txt

cd /tmp
wget http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm
rpm -ivh rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm

(If the above link doesn't work anymore, you can find the current version of rpmforge-release here: http://packages.sw.be/rpmforge-release/)

rpm --import https://fedoraproject.org/static/0608B895.txt
wget http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-5.noarch.rpm
rpm -ivh epel-release-6-5.noarch.rpm

yum install yum-priorities

Edit /etc/yum.repos.d/epel.repo...

vi /etc/yum.repos.d/epel.repo

... and add the line priority=10 to the [epel] section:

[epel]
name=Extra Packages for Enterprise Linux 6 - $basearch
#baseurl=http://download.fedoraproject.org/pub/epel/6/$basearch
mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-6&arch=$basearch
failovermethod=priority
enabled=1
priority=10
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6
[...]

Then we update our existing packages on the system:

yum update

Now we install some software packages that are needed later on:

yum groupinstall 'Development Tools'

 

8 Quota

(If you have chosen a different partitioning scheme than I did, you must adjust this chapter so that quota applies to the partitions where you need it.)

To install quota, we run this command:

yum install quota

Edit /etc/fstab and add ,usrjquota=aquota.user,grpjquota=aquota.group,jqfmt=vfsv0 to the / partition (/dev/mapper/vg_server1-lv_root):

vi /etc/fstab

#
# /etc/fstab
# Created by anaconda on Fri Dec 16 00:22:26 2011
#
# Accessible filesystems, by reference, are maintained under '/dev/disk'
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info
#
/dev/mapper/vg_server1-lv_root /                       ext4    defaults,usrjquota=aquota.user,grpjquota=aquota.group,jqfmt=vfsv0        1 1
UUID=d995c881-fbc7-409f-bcad-86d255331a3f /boot                   ext4    defaults        1 2
/dev/mapper/vg_server1-lv_swap swap                    swap    defaults        0 0
tmpfs                   /dev/shm                tmpfs   defaults        0 0
devpts                  /dev/pts                devpts  gid=5,mode=620  0 0
sysfs                   /sys                    sysfs   defaults        0 0
proc                    /proc                   proc    defaults        0 0

Then run

mount -o remount /

quotacheck -avugm
quotaon -avug

to enable quota.

 

9 Install Apache, MySQL, phpMyAdmin

We can install the needed packages with one single command:

yum install ntp httpd mod_ssl mysql-server php php-mysql php-mbstring phpmyadmin

Share this page:

31 Comment(s)

Add comment

Comments

From: Elton at: 2012-01-25 15:21:47

I'm trying to use your tutorial, but there are a lot of diferences between what I read here and what I found into CentOS 6.2

 For example, I don't have anymore system-config-* command files :(

From: Deunan Knute at: 2012-02-01 04:49:14

You may need to separately install them, if you chose Minimal Install

Try this -

yum install system-config-network-tui system-config-firewall-tui

From: damaster at: 2014-05-15 12:51:15

YES..... Very important step..... thanks for this tip :)

From: PlanetMaster at: 2012-02-01 23:46:00

Great tutorial, just migrated from cPanel and Apache and I am very happy with the performance and financial savings. I had the issue with courier-imap install but building from source fixed that.


Thanks!

From: Nubbyless at: 2012-02-14 00:17:39

Would be great to have this as a script with minimal user input but i dont have the knowledge to do it

From: D-Spayre at: 2012-03-18 02:24:23

Hi,

I did a fresh install and when trying to access ISPconfig I'm just getting a White Screen.

Would that have to do with PHP 5.3.3?

Thanks

From: at: 2013-01-16 20:16:03

I am installing a fresh CentOS 6.3 instead of 6.2 following this guide.   The order of installation windows is a bit different for a 6.3 install than 6.2 but most of the information in the steps still apply.  Here is one big difference which gave me tons of frustration on my previous 6.3 install following this guide that I have discovered an easy solution during installation for:

Where the guide says:

"Next we do the partitioning. Select Replace Existing Linux System(s). This will give you a small /boot partition and a large / partition which is fine for our purposes:"

Problem: This isn't true in 6.3, instead, this will give you a large /home partition and a small / partition and a very small /boot partition.  The problem is that for a server we want a large / partition (technically a large /var partition but I just like to make the whole / partition large because its quick & easy)

Solution: Make sure you check the box on the bottom: "Review and modify partitioning layout" before clicking next.  On the next screen, simply swap the size on the / and the /home partitions and you're all set. Make sure to set the /home partition to the / partition size first to free up the resources.

Important: If you don't do this now then you will need to boot from the OS disk later in order to modify the / partition, so best to do it now and save yourself the hassle of running out of room in your /var/www folder later.

From: at: 2013-01-16 21:51:37

If you're like me and completely missed the button to setup your network when setting your server host name during installation, then there are some additional steps to take that may save you some time that I learned the hard way.  I'm installing CentOS 6.3 by the way:

Problem: Even after using system-config-network, the eth0 card won't automatically connect nor will it be set to automatically connect on boot unless you've set these options during install.

Solution:  First use system-config-network as described in the guide to set both the Device Configuration and the DNS Configuration.  After that use the command:

vi /etc/sysconfig/network-scripts/ifcfg-eth0

and update the following settings:

NM_CONTROLLED=yes
ONBOOT=yes
BOOTPROTO=static

Then do a:

reboot

Then run a:

ifconfig

and all should be well to continue with the guide!   Cheers to us button skippers!

 

From: Anonymous at: 2012-02-21 01:05:48

wget http://download.fedora.redhat.com/pub/epel/6/i386/epel-release-6-5.noarch.rpm is now at  wget http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-5.noarch.rpm

 

From: nikitux at: 2012-02-01 19:20:30

A little Trick for add line priority=10 with sed (only  on enabled repository)

 sed -i -e '/enabled=1/a priority=10'  /etc/yum.repos.d/epel.repo

 

 

 

From: DPO at: 2012-05-11 15:07:17

as reported here: https://bugzilla.redhat.com/show_bug.cgi?id=820360

6.5 link is obsolete http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-5.noarch.rpm

You can use the new version 6.6

http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-6.noarch.rpm

hope this can help D.

From: at: 2012-05-20 00:33:04

the wget command in step seven that references http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-5.noarch.rpm needs to be changed to  http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-6.noarch.rpm.

From: Patricio at: 2012-05-29 09:51:56

Step 7 (fail wget epel-relase-6-5)

wget http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-7.noarch.rpm

rpm -Uvh epel-release-6-7.noarch.rpm

From: at: 2012-06-09 20:39:22

cd /tmp
wget http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-7.noarch.rpm
rpm -ivh epel-release-6-7.noarch.rpm

 Worked for me on CentOS 6.2 i386 flavor.

From: Donald at: 2013-01-17 02:10:33

Another release:

 wget http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm 

Is the new hotness.

From: Ramin at: 2012-02-18 10:02:05

In my case the  https://sourceforge.net didn't work. removing "s" from the https worked fine.

From: polcrito at: 2012-07-12 23:18:42

Follow the entire manual and I have almost everything working, just something I fail, teams can only send emails blackberry can not receive them, add the blackberry to my_networks networks in / etc / postfix / main.cf ..... any of you have any idea of my fault .. if we use mail clients pc or iphone everything envua and receive, only blackberry that gives me this fault ..,. appreciate your comments .... att ... native pol

From: Chris at: 2012-03-03 23:17:20

This installs the 2.11 version of phpMyAdmin. 'yum install phpMyAdmin' will grab one from the 3.4 branch, but it's still outdated a bit. I'd recommend getting the latest 3.4 version from http://www.phpmyadmin.net and install from source.

From: Anonymous at: 2012-03-27 00:32:27

Looks like it grabs 3.4.9-1 now, however in the step

vi /etc/httpd/conf.d/phpmyadmin.conf 

You now have to put in vi /etc/httpd/conf.d/phpMyAdmin.conf and the next step it changed to vi /usr/share/phpMyAdmin/config.sample.inc.php 

From: Gabrym at: 2012-04-30 21:35:38

smtp not work properly

I mast install cyrus-sasl-plain:


yum install cyrus-sasl-plain
service saslauthd stop
service postfix stop
service saslauthd start
service postfix start
chkconfig --levels 235 saslauthd on

From: Jay at: 2012-06-20 15:15:07

Step 10 start courier-imap on my CentOS 32bit failed.

I needed to use as root:

/usr/lib/courier-imap/libexec/imapd.rc start

Because:

/etc/init.d/courier-imap

was not found

From: at: 2012-06-10 00:01:23

Step 15 php-xcache doesn't install.

 Had to follow instructions here to install and configure it.

http://www.howtoforge.com/integrating-xcache-into-php5-fedora-13-centos-5.5-and-apache2

 

From: Chris at: 2012-06-30 21:45:41

STEP 14:

 [root@s2 ~]# chkconfig --levels 235 clamd.amavisd on
error reading information on service clamd.amavisd: No such file or directory

 [root@s2 ~]# /etc/init.d/clamd.amavisd start
-bash: /etc/init.d/clamd.amavisd: No such file or directory

??? Anybody has idea???

From: ali firdaus at: 2012-07-05 10:12:05

Make sure install EPEL Packet.  Install the EPEL package using the command below.

rpm -Uvh http://bit.ly/KANG3P

It's work for me.

From: Anonymous at: 2012-07-03 19:20:15

Check repository settings. Make sure you install from below repositories:

Installed Packages
amavisd-new.noarch          2.6.4-2.el6           @epel
clamav.x86_64               0.97.3-3.el6          @epel
clamd.x86_64                0.97.3-3.el6          @epel
spamassassin.x86_64         3.3.1-2.el6           @base
Available Packages
clamav.i686                 0.97.3-3.el6          epel

From: ShadowMerlin at: 2013-06-21 20:28:05

mod_ruby is no longer at modruby.net (unless it's now completely in Japanese).

Change that line to wget http://ftp.riken.go.jp/pub/FreeBSD/distfiles/ruby/mod_ruby-1.3.0.tar.gz

From: Brian at: 2012-04-12 09:15:29

Great tutorial!
Even this linux nono did it with this great tutorial.

 

From: Anonymous at: 2012-07-07 09:29:37

I agree I have never used any form of linux before and was a great set of instructions!
very well put together tutorial.
also learned a lot during the install.

Would be great if anyone knows of a tutorial or guide to fully secure and lock down the server after the install, remove vunralbilities etc...

Great work

From: daro at: 2012-10-10 11:27:20

The best ever tutorial online. I start to prefer Linux Command Lines after this Great Tutorial; and I will never go to automatic applications such as Webmin and Virtualmin which produce lots of bugs causing me to be stuck with them for two weeks until I found this brilliant perfect VPS server. I am at the final stage of Squirrelmail configuration, and seems to be working fine at moment. Cheers

From: IPVS at: 2012-12-14 01:56:24

I'm baffled.. I spent 3 hours installing IPSConfig3.  It went perfect.    It then installed ISPConfig , noted Installation Completed.   And within 5 seconds, the system went dead.   I couldn't ping it... Nothing.   I powered the system off, then powered it back on maintaining a ping to it... As soon as it was ping-able, I ssh'ed into it... and it went completely dead again within 5 seconds... ????

See the ouptut for the last part of the install...  I'm completely baffled on where to go from here???

 Thanks,

 

Tim

 

 

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
writing RSA key
Configuring DBServer
Installing ISPConfig crontab
no crontab for root
no crontab for getmail
Restarting services ...
Stopping mysqld:                                           [  OK  ]
Starting mysqld:                                           [  OK  ]
Shutting down postfix:                                     [  OK  ]
Starting postfix:                                          [  OK  ]
Stopping saslauthd:                                        [FAILED]
Starting saslauthd:                                        [  OK  ]
Shutting down amavisd: Daemon [16405] terminated by SIGTERM
                                                           [  OK  ]
amavisd stopped
Starting amavisd:                                          [  OK  ]

Stopping clamd.amavisd:                                    [  OK  ]
Starting clamd.amavisd:                                    [  OK  ]
Stopping Courier authentication services: authdaemond
Starting Courier authentication services: authdaemond
Stopping Courier-IMAP server: imap imap-ssl pop3 pop3-ssl
Starting Courier-IMAP server: imap imap-ssl pop3 pop3-ssl
Stopping Courier-IMAP server: imap imap-ssl pop3 pop3-ssl
Starting Courier-IMAP server: imap imap-ssl pop3 pop3-ssl
Stopping Courier-IMAP server: imap imap-ssl pop3 pop3-ssl
Starting Courier-IMAP server: imap imap-ssl pop3 pop3-ssl
Stopping Courier-IMAP server: imap imap-ssl pop3 pop3-ssl
Starting Courier-IMAP server: imap imap-ssl pop3 pop3-ssl
Stopping httpd:                                            [  OK  ]
[Thu Dec 13 16:28:00 2012] [warn] NameVirtualHost *:80 has no VirtualHosts
Starting httpd:                                            [  OK  ]
Stopping pure-ftpd:                                        [  OK  ]
Starting pure-ftpd:                                        [  OK  ]
Installation completed.
16:28:03-root@Web1:/tmp/ispconfig3_install/install#Write failed: Broken pipe
16:30:12-tim@tim-ipvsinc-com:~#
 

From: Anonymous at: 2012-07-21 23:38:03

This is the best tutorial I've ever discovered! Thank you so much!    I had only 2 issues during the process:

 1.) service named start

This hung for several minutes so I spent about 2 hours trying to debug.  Bind requires using /dev/random to create a key the first time its run, which can take a very long time depending on your system.  Just let it run until its done, it will eventually finish.

 

2.) I installed mailman exactly as the tutorial says, and used wget http://www.ispconfig.org/downloads/ISPConfig-3-stable.tar.gz to install ISPConfig 3, however, mailman wasn't detected during the install php script.   Not a big deal for me for now I guess, but I'm not sure what happened.