Difference between revisions of "Install a new server (CentOS)"
m |
m |
||
(5 intermediate revisions by 2 users not shown) | |||
Line 1: | Line 1: | ||
− | + | {{legacy}} | |
+ | {{procedure}} | ||
Generally it's best to add specific users and disable the root login, then use key-based login rather than passwords so that a potential hacker requires a private key to be able to login. And even then is only in an unprivileged account and requires the root password to gain root access. | Generally it's best to add specific users and disable the root login, then use key-based login rather than passwords so that a potential hacker requires a private key to be able to login. And even then is only in an unprivileged account and requires the root password to gain root access. | ||
If you don't already have an RSA key-pair, then first generate them on your local Linux host with the following command: | If you don't already have an RSA key-pair, then first generate them on your local Linux host with the following command: | ||
− | + | <source lang="bash"> | |
+ | ssh-keygen -t rsa | ||
+ | </source> | ||
+ | |||
Then send me the public key which will be called '''id_rsa.pub''' in a hidden directory called '''.ssh''' in your home directory. I will then create a user for you and add the key to your '''.ssh/authorized_keys''' file (it will need to be created initially for the first key to be added). The following settings were then adjusted in the '''/etc/ssh/sshd_config''' to prevent root or password-based logins. | Then send me the public key which will be called '''id_rsa.pub''' in a hidden directory called '''.ssh''' in your home directory. I will then create a user for you and add the key to your '''.ssh/authorized_keys''' file (it will need to be created initially for the first key to be added). The following settings were then adjusted in the '''/etc/ssh/sshd_config''' to prevent root or password-based logins. | ||
− | + | <source> | |
− | PasswordAuthentication no</ | + | PermitRootLogin no |
+ | PasswordAuthentication no | ||
+ | </source> | ||
The SSH server was then restarted for the changes to take effect: | The SSH server was then restarted for the changes to take effect: | ||
− | + | <source lang="bash"> | |
+ | /etc/init.d/sshd restart | ||
+ | </source> | ||
Login for known users with RSA certicate on the server now goes like this: | Login for known users with RSA certicate on the server now goes like this: | ||
− | + | <source> | |
+ | ssh [username]@109.75.175.229 | ||
+ | </source> | ||
== LAMP installation == | == LAMP installation == | ||
By default the server came with only the bare minimum installed (the best way to do it - no desktop, web or database servers, no cpanel). So first install Apache, PHP and MySQL using the [[Wikipedia:Yellowdog Updater, Modified|YUM]] package manager: | By default the server came with only the bare minimum installed (the best way to do it - no desktop, web or database servers, no cpanel). So first install Apache, PHP and MySQL using the [[Wikipedia:Yellowdog Updater, Modified|YUM]] package manager: | ||
− | + | <source lang="bash"> | |
− | + | yum install subversion mysql-server mysql httpd php php-mysql php-soap ImageMagick | |
− | + | ||
− | + | /etc/init.d/httpd start | |
+ | /etc/init.d/mysqld start | ||
+ | </source> | ||
Line 30: | Line 42: | ||
Next modify the Apache configuration in '''/etc/httpd/conf/httpd.conf'''. Change the document root from '''/var/www/html''' to '''/var/www''' and then add the following virtual host container to the bottom which allows the wiki to use "friendly URLs": | Next modify the Apache configuration in '''/etc/httpd/conf/httpd.conf'''. Change the document root from '''/var/www/html''' to '''/var/www''' and then add the following virtual host container to the bottom which allows the wiki to use "friendly URLs": | ||
− | + | <source lang="apache"> | |
+ | <VirtualHost *:80> | ||
RewriteEngine On | RewriteEngine On | ||
Line 49: | Line 62: | ||
RewriteRule (.*) /wiki/index.php$1 [L] | RewriteRule (.*) /wiki/index.php$1 [L] | ||
− | </VirtualHost></ | + | </VirtualHost> |
+ | </source> | ||
Line 55: | Line 69: | ||
Retrieve the various extensions required, for example: | Retrieve the various extensions required, for example: | ||
− | + | <source lang="bash"> | |
+ | svn co svn+ssh://nad@organicdesign.co.nz/svn/work/WhatLeadership | ||
− | svn co http://svn.wikimedia.org/svnroot/mediawiki/branches/REL1_16/extensions/Variables</ | + | svn co http://svn.wikimedia.org/svnroot/mediawiki/branches/REL1_16/extensions/Variables |
+ | </source> | ||
Latest revision as of 21:30, 3 June 2018
Install a new server (CentOS) Organic Design procedure |
Generally it's best to add specific users and disable the root login, then use key-based login rather than passwords so that a potential hacker requires a private key to be able to login. And even then is only in an unprivileged account and requires the root password to gain root access.
If you don't already have an RSA key-pair, then first generate them on your local Linux host with the following command:
ssh-keygen -t rsa
Then send me the public key which will be called id_rsa.pub in a hidden directory called .ssh in your home directory. I will then create a user for you and add the key to your .ssh/authorized_keys file (it will need to be created initially for the first key to be added). The following settings were then adjusted in the /etc/ssh/sshd_config to prevent root or password-based logins.
PermitRootLogin no
PasswordAuthentication no
The SSH server was then restarted for the changes to take effect:
/etc/init.d/sshd restart
Login for known users with RSA certicate on the server now goes like this:
ssh [username]@109.75.175.229
LAMP installation
By default the server came with only the bare minimum installed (the best way to do it - no desktop, web or database servers, no cpanel). So first install Apache, PHP and MySQL using the YUM package manager:
yum install subversion mysql-server mysql httpd php php-mysql php-soap ImageMagick
/etc/init.d/httpd start
/etc/init.d/mysqld start
Note that the 7za executable needs to be manually put into /bin. The 7zip compression utility is far more effective that gzip for compression wiki databases.
Next modify the Apache configuration in /etc/httpd/conf/httpd.conf. Change the document root from /var/www/html to /var/www and then add the following virtual host container to the bottom which allows the wiki to use "friendly URLs":
<VirtualHost *:80>
RewriteEngine On
RewriteCond %{REQUEST_URI} ^/$
RewriteRule .* /wiki/index.php?title=Main_Page [L]
RewriteCond %{REQUEST_URI} ^/wiki/images/thumb/./../.*\&
RewriteRule ^(.*?)\&(.*)$ $1\%26$2
RewriteCond %{REQUEST_URI} ^/wiki/images/thumb/./../.+?/[0-9]+px-
RewriteRule ^.+/(.+?)/([0-9]+)px- /wiki/thumb.php?w=$2&f=$1 [L]
RewriteCond %{REQUEST_URI} ^/(wiki/|files/|[fF]avicon.ico|[rR]obots.txt)
RewriteRule (.*) $1 [L]
RewriteCond %{REQUEST_URI} ^/
RewriteRule (.*) /wiki/index.php$1 [L]
</VirtualHost>
Test that Apache and PHP are running correctly by going to the IP in the browser and seeing the Apache test page, and then creating a file called /var/www/wiki/info.php containing <?php phpinfo(); ?> and then view that file in the browser and seeing the PHP configuration summary.
Retrieve the various extensions required, for example:
svn co svn+ssh://nad@organicdesign.co.nz/svn/work/WhatLeadership
svn co http://svn.wikimedia.org/svnroot/mediawiki/branches/REL1_16/extensions/Variables
Doing it this way allows us to keep the extensions up to date using svn update.