I changed my blog server recently. Thus, I write this one about some basic points of server setup. This passage is suitable for CentOs 7.2 with latest PHP 7.
1, Install Apache and Mariadb
yum install httpd -y
yum install mariadb mariadb-server -y
2, Install php 7
The default yum source of many cloud server doesn’t contain php 7. So we should install some yum sources first.
#Source from webtatic
rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm
Now install PHP 7
yum install php70w php70w-opcache php70w-mysql php70w-pdo php70w-xml php70w-mbstring php70w-mcrypt php70w-gd -y
3, Ports setup
Only port 22 is opened by default in CentOs 7 (If I got it right). As a server, Http port(80), Https port(443) and MySql port(3306) are necessary. Other ports shall be opened base on service provided by the server.
Stop firewall
systemctl stop firewalld
systemctl mask firewalld
Install and setup iptable
yum install iptables-services
/sbin/iptables -I INPUT -p tcp --dport 80 -j ACCEPT
/sbin/iptables -I INPUT -p tcp --dport 443 -j ACCEPT
/sbin/iptables -I INPUT -p tcp --dport 3306 -j ACCEPT
service iptables save
Start iptable
systemctl enable iptables
systemctl enable ip6tables
systemctl start iptables
systemctl start ip6tables
Check the ports opened
netstat -ntlp
At this time, we can only see port 22, but that’s not a problem as apache and mysql are not working yet.
If use the auto update and intallation function of wordpress, vsftpd is also nessary. Vsftpd us port 21, so I’m gonna list the action below, too.
# intall vsftpd
yum install vsftpd
# open port 21
/sbin/iptables -I INPUT -p tcp --dport 21 -j ACCEPT
service iptables save
systemctl restart iptables
# start vsftpd
systemctl enable vsftpd
systemctl start vsftpd
4、Setup apache and mariadb
First, apache
systemctl enable httpd.service
systemctl start httpd.service
Try enter the IP address of server in browser. If an apache welcome page is shown, that means apache is working.
Second, mariadb
systemctl enable mariadb.service
systemctl start mariadb
mysql_secure_installation
This will request you to reset password. Current password is empty, so just type enter.
Enter current password for root (enter for none):
OK, successfully used password, moving on...
Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorization.
New password: password
Re-enter new password: password
Password updated successfully!
Reloading privilege tables..
... Success!
Say yes to all the rest options.
Finally, test php
vi /var/www/html/info.php
Add codes below
<?php phpinfo(); ?>
Now goto http://your_server_IP_address/info.php and check if php infomation is shown.
5、Install and setup ssl
I have a passage about. However, it’s in Chinese. I will translate it some other day.
I will just talk about the basics here
yum install mod_ssl openssl
# Generate private key
openssl genrsa -out ca.key 2048
# Generate CSR
openssl req -new -key ca.key -out ca.csr
Some personal information will be needed. Finish those information and open that csr file and cope the code to certificate provider. Certificate provider will reture certificate to you. I used wosign service and I got two file named 1_root_bundle.crt and 2_stringblog.com.crt. They are both useful. And of cause the key file created just now is needed as well.
Copy those three files to /etc/pki/tls/certs/. We wil use them later.
Others may refer to another passage I wrote. (It in Chinese)
6, Multiple domain names setup
Add a new file name vhost.conf in apache setting floder (/etc/httpd/conf.d/). Write as code below.
<VirtualHost *:80>
DocumentRoot /var/www/wordpress
ServerName stringblog.com
ServerAlias wordpress
ErrorLog "/var/log/httpd/wordpress-error.log"
CustomLog "/var/log/httpd/wordpress.log" common
</VirtualHost>
<VirtualHost *:443>
DocumentRoot "/var/www/wordpress/"
ServerName stringblog.com
ServerAlias wordpress
ErrorLog "/var/log/httpd/wordpress-error.log"
TransferLog "/var/log/httpd/access_wordpress_log"
CustomLog "/var/log/httpd/wordpress.log" \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
SSLCertificateFile "/etc/pki/tls/certs/2_stringblog.com.crt"
SSLCertificateKeyFile "/etc/pki/tls/certs/stringblog.key"
SSLCertificateChainFile "/etc/pki/tls/certs/1_root_bundle.crt"
</VirtualHost>
Then http and https domain setting is done. Make a little adjustment for other domains.
Then go to the setup page of domain register and setup a A address to this server. Then restart apache.
service httpd restart
Now enter domain name in browser and the website shall be seen. And of cause it may take some time before DNS servers are updated that you shall see you website through domain name.
This passage simply concluded the basis of server setup. Might be useful reseting up a server.
That’s all.
Reference:
[1] How To Install Linux, Apache, MySQL, PHP (LAMP) stack On CentOS 7, Mitchell Anicas, Jul 21, 2014
[2] CentOS 7 下 yum 安装 Apache / MariaDB / php7, 小蒋, Feb 23, 2016
[3] 面向初学者的vsftpd安装指南, 北南南北, Aug 26, 2010
[4] Setting up an SSL secured Webserver with CentOS, ChristophGaluschka, Feb 15, 2014
[5] 为WordPress配置SSL(Apache+Linux), 浩 Hao, Apr 16, 2016