Jump to content



Photo

Guide - Preparing your CentOS 6 VPS for hosting a website.


  • Please log in to reply
1 reply to this topic

#1 Khevin

Khevin

    Advanced Member

  • Administrators
  • 235 posts
  • LocationMauritius

Posted 05 August 2014 - 06:02 PM

Original Thread By GandalfTheWhite,

 

I figured it would be a nice gesture to write up a guide on how to setup your Cloud VPS, while I was actually setting mine up. Kloxo only works with CentOS 5 currently, so I'm using Webmin. This is a work-in-progress, and I'm sure some people will want features that I won't have listed in this guide. For the most part, this is to help with basic setup. If you want to use SSL, startssl.com provides free Class 1 certificates.


Section A - Connecting to your VPS, running updates, and installing Webmin

1. Log into your VPS Control panel and make sure your server is online.

2. Reset your 'Root Password' and 'Console Password' to a password of your choosing.

2b. (optional) If you haven't already, setup your hostname as vps.yourdomain.com.

3. Using your DNS management console (such as ClouDNS), you want to setup an A record for yourdomain.com to point to your VPS IP and then CNAME www.yourdomain.com to yourdomain.com.

3b. (optional) Setup the appropriate CNAME record pointing vps.yourdomain.com to yourdomain.com.

4. Use an SSH client, such as Putty, to connect to the IP address that is assigned to your VPS on port 22. If you setup the above records in DNS, then you should be able to access your VPS via your hostnames that you created earlier. If you are prompted to accept a fingerprint / encryption key, pick yes.

5. The username appears to be 'root' (without quotes), and the password will be whatever you setup earlier.

6. Now type 'yum update' and choose yes to the download / update prompts. Then type 'yum install policycoreutils'. This installs various tools, such as commands for managing your iptables (firewall).

7. Now it's time to install a control panel. I'm using webmin. Type the following lines into your shell prompt.

cat > /etc/yum.repos.d/webmin.repo << EOF

[Webmin]
name=Webmin Distribution Neutral
#baseurl=http://download.webmin.com/download/yum
mirrorlist=http://download.webmin.com/download/yum/mirrorlist
enabled=1
EOF

rpm --import http://www.webmin.com/jcameron-key.asc

yum install webmin

8. You can now log into webmin by putting the IP of your vps into your browser. After the ip, put in :10000 which means you are connecting on port 10,000. The username / password is the same as step 4. (Example http://1.2.3.4:10000)


Section B - Secure access to webmin and have it load on-demand

Currently webmin runs in the background all the time. What this means is that the server is always using up part of your available memory (~17MB usage). By changing the server to run on-demand, the server will only run when you need to access it and free up the memory it uses when you are not using it.

1. You want to make sure you are logged into your VPS via SSH. Stop webmin with the command /etc/webmin/stop

2. You want to open up the file /etc/webmin/miniserv.conf and comment out the line that says session=1. Then you want to add the line inetd=1 and save the file.

3. Create a new file in the directory /etc/xinetd.d/ called webmin. Add the following lines into the file and save it...

service webmin
{
user = root
env = LANG=
port = 10000
socket_type = stream
protocol = tcp
wait = no
disable = no
type = UNLISTED
server = /usr/libexec/webmin/miniserv.pl
server_args = /etc/webmin/miniserv.conf
}

3b. (optional) If you wish to restrict webmin access to a an IP address / IP range, then add the following line into the webmin file created above and save it...

only_from = IP address or IP range. (Example. 1.2.3.4 or 1.2.0.0/16)

4. Now you will need to restart xinetd to have the settings take effect. Issue the command /etc/rc.d/init.d/xinetd restart. You should still be able to access webmin on port 10000 as normal.

5. Once in webmin, click on the 'system' link in the upper left, then click 'boot up and shut down'. Checkmark 'webmin' from within the list, and click on 'Disable now and on boot'. This will stop the webmin server from automatically loading when the server boots up.

5b. (optional) If you also want to setup the same IP restriction within webmin itself, as we did in the webmin file, here's how. Click 'webmin', then 'webmin configuration', then 'ip access control'. Mark it for 'only allow from listed addresses' and put in the IP information below. Then click on save.

6. From 'webmin configuration', click on 'ports and addresses'. Where it mentions 'web server hostname', put in your vps hostname (example: vps.yourdomain.com). Then click on save.

7. To enable SSL within webmin, click on 'SSL Encryption' within the 'webmin configuration' page. The page should mention needing the Net::SSLeay Perl module installed to use SSL. Click on the link to install the module. Once that is done, enable SSL within the 'SSL Encryption' page if it is not already on. The server will now only connect over HTTPS and currently uses a self-signed SSL certificate. You can upload your own SSL Cert at anytime.


Section C - Configuring apache to host a simple website

By default, apache is setup to send HTTP responses to any domain that is pointed to your VPS IP address. To verify that apache is working at this time, put your VPS IP / hostname into your browser. You should see an apache test page.

To stop apache from responding to any domain request that someone points to your VPS IP, we will setup apache to only respond to HTTP requests on your domain. We do this by configuring a few virtual servers within the apache config file. We will also be installing SSL and PHP support.

1. From webmin, go into the 'Servers' section, and click on 'Apache Webserver'. In the upper-right, click on 'Stop Apache'. If you are logged into your VPS via SSH, instead type service httpd stop. No need in having apache running until we upload some content to it.

2. Log into your VPS via SSH and type yum install mod_ssl. This will download and install the module(s) needed to provide HTTPS support.

3. Now type yum install php. This will download and install the module(s) needed for PHP support.

4. Within webmin, while still in the 'Apache Webserver' area, click on 'Global Configuration'. Then click on 'Edit Config Files'. We will be setting up apache to not give out unnecessary information about your VPS and also configure the virtual servers.

5. The initial file to open should be httpd.conf. Under section 1, look for the line that says 'ServerTokens OS' and change it to 'ServerTokens ProductOnly'.

6. A bit further down in the config file, looks for 'ServerSignature On' and change to 'ServerSignature Off'. This will prevent apache from showing your server info on any type of error-related pages.

7. Now scroll down to the bottom of the httpd.conf file. Add the following lines, which are needed for setting up our virtual hosts. This part configures apache to send a 403 error to any domain request that comes in, which you don't setup an explicit entry for. After entering the lines, click the save button at the bottom.

NameVirtualHost VPS-IP-ADDRESS:80
NameVirtualHost VPS-IP-ADDRESS:443

<VirtualHost VPS-IP-ADDRESS:80>
</VirtualHost>

8. On the 'apache webserver' page, click on 'Create Virtual Host'. You want to mark 'specify ip address' and put in your VPS IP. Make sure port is set for 80. Root document will be /var/www/yourdomain.com/ (we will create the actual folder later). Uncheck 'allow access to this directory' to prevent directory indexing. Set server name as www.yourdomain.com. Then click on 'Create Now'.

8b. (optional) If you want to setup HTTPS, create another virtual host with the same information but using port 443.

9. Click on the new virtual server that shows up for your domain for port 80, then click on 'networking & addresses'. Where it says 'alternate virtual server names', put in yourdomain.com. Now click on save.

9b. (optional) If you did step 8b, then follow step 9 for the virtual domain you setup with port 443.

10. Click on 'refresh modules' on the left side of webmin to have it re-scan your VPS. Once the scan is done, click on 'others' section and you should see an entry for 'PHP Configuration'. Click on this, then click 'manage' on the right side of the page, then click on 'other settings'.

11. In here, we want to mark YES for 'Allow PHP scripts starting with <?'. We also want to mark NO for 'Allow opening of URLs as files?'. Go ahead and click on save.

12. Use WinSCP or another SFTP program to connect to your VPS via port 22. You want to be in /var/www/ and then create the folder yourdomain.com. Inside this folder, you would upload your index.html / index.php file, along with any other files for your site.

12b. (optional) If you created the virtual host for port 443, then we will need to upload your SSL crt & key files. Name the files www.yourdomain.com.key & www.yourdomain.com.crt.

12c. (optional) The crt file will be uploaded to /etc/pki/tls/certs/. The key file will be uploaded to /etc/pki/tls/private/.

12d. (optional) In webmin, go into the 'servers' section & click on 'apache webserver'. Then click on the virtual host you setup earlier for port 443. Now click on 'SSL options'. Put /etc/pki/tls/certs/www.yourdomain.com.crt into the Certificates keyfile line and then /etc/pki/tls/private/www.yourdomain.com.key into the private keyfile line. Uncheck SSLv2 in the upper right, mark YES for enable ssl, and click on save.

13. If you are in logged into your VPS via SSH, type service httpd start. From webmin, go into the 'Servers' section, and click on 'Apache Webserver'. In the upper-right, click on 'Start Apache'. You should be able to pull up your website at www.yourdomain.com and yourdomain.com via HTTP and HTTPS.
  • cloudfastservers likes this

Undefined/Khevin | Haphost Support Administrator

Grab Your Free VPS And Web Hosting Here!

Follow Us On Facebook Twitter Google+ LinkedIn Youtube


#2 Rikky

Rikky

    Newbie

  • Members
  • Pip
  • 1 posts

Posted 31 October 2014 - 05:22 PM

Section B

No access webmin after the next steps:

Via webmin file manager open up the file /etc/webmin/miniserv.conf and comment out the line that says session=1,  then  add the line inetd=1 and save the file:

port=10000
root=/usr/libexec/webmin
mimetypes=/usr/libexec/webmin/mime.types
addtype_cgi=internal/cgi
realm=Webmin Server
logfile=/var/webmin/miniserv.log
errorlog=/var/webmin/miniserv.error
pidfile=/var/webmin/miniserv.pid
logtime=168
ppath=
ssl=0
env_WEBMIN_CONFIG=/etc/webmin
env_WEBMIN_VAR=/var/webmin
atboot=1
logout=/etc/webmin/logout-flag
listen=10000
denyfile=\.pl$
log=1
blockhost_failures=5
blockhost_time=60
syslog=1
#session=1
 inetd=1
premodules=WebminCore
server=MiniServ/1.710
userfile=/etc/webmin/miniserv.users
keyfile=/etc/webmin/miniserv.pem
passwd_file=/etc/shadow
passwd_uindex=0
passwd_pindex=1
passwd_cindex=2
passwd_mindex=4
passwd_mode=0
preroot=gray-theme
passdelay=1
logouttimes=

Create a new file in the directory /etc/xinetd.d/ called webmin

Then via SSH stoped webmin with the command /etc/webmin/stop

Then /etc/rc.d/init.d/xinetd restart

Then /etc/webmin/start

but had the failure


  • cloudfastservers likes this




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users