Install virtualmin / webmin on centos – complete server setup.

Install Virtualmin:

Virtualmin is free control panel for server. It helps to manage multiple host / websites by managing Apache, Nginx, PHP, DNS, MYSql, FTP, SSH and many more. It is recommended to install virtualmin in fresh server rather ran existing server to prevent conflicts.

This tutorial will help you to setup complete virtualmin server with everything you need to run websites on your VPS or dedicated servers.

Step 1:
Update Yum and install perl and wget which is required for virtualmin.

$ yum update
$ yum install wget
$ yum install perl

Step 2:
Setup Hostname for server:

More details on hostname can be read here.
Let setup hostname as server.mydomain.com ( this is just a example you can setup any hostname you like but make sure you have that domain name with you. )

$ hostname server.mydomain.com

Step 3:
Set timezone:

Please refer to this article for timezone setup (click here)

Step 4:
Add more swap memory:

Please refer to this article for swap memory (click here)

Step 5:
Temp folder management.

we need to delete tmp folder time to time otherwise it will run out of space. To do that lets intsall tmpwatch and set the corn job to run it daily to auto clean up.

$ yum install tmpwatch -y

#update corntab and add following line
0 4 * * * /usr/sbin/tmpwatch -am 12 /tmp

Step 6:
Install virtualmin:

$ wget http://software.virtualmin.com/gpl/scripts/install.sh
$ chmod +x install.sh
$ ./install.sh

Once virtualmin installed, you can login to virtualmin admin by ip address
https:<your server ip>:10000

Step 7:
Security

a) Change port number for virtualmin.

Login to your server https:<your server ip>:10000 with root and system password .

go to webmin > webmin configuration > port and addresss  and change default port 10000 to any port you like .

B) Fix DNS  open resolver attack :

Open DNS will allow anyone to use your dns server and send attack to other servers. So to prevent this we need to allow only our ip ( IP of server). Please refer to this article to fix this problem. ( click here)
Before we work on virtualmin, lets install additional modules for the server.

C) INSTALL FIREWALL:

We can install any open source firewall but my personal choice is CSF firewall. Setup is very simple.  Please read http://download.configserver.com/csf/install.txt document to install it and also option to add interface to webmin.

Installation is quite straightforward:

cd /usr/src
rm -fv csf.tgz
wget https://download.configserver.com/csf.tgz
tar -xzf csf.tgz
cd csf
sh install.sh

To install or upgrade the csf webmin module:

Install csf as above
Install the csf webmin module in:
  Webmin > Webmin Configuration > Webmin Modules >
  From local file > /usr/local/csf/csfwebmin.tgz > Install Module

Note:
CSF Firewall comes will lots of options. But to start with , make sure your newly added port for virtualmin / webmin is listed in port list.

a) go to Webmin > System > ConfigServer Security & Firewall > Firewall Configuration 
make sure your port ( for webmin ) is there in  TCP_IN, TCP_OUT. If not please add it. 

b) You can also click on check server security to check if there are any loop holes. 
c) Once you happy you can change it from testing mode to live. 

d) SSH only login

Its better to have SSH only login to prevent brute force attacks. Please refer to this article for setup instruction. ( click here)

 

Aditional Setups:

So far you are now ready to host domains / website in your site but you may also consider to install following for more security.

a) Php_suhosin
Php Suhosin will prevent any illegal activity in php code to execute.

b) mod Security:
Its a proxy to prevent cross browsers attacks, injection attacks, brute force e.t.c

c) Nginx

light weight server for web application. ( click here for how to )

 

 

Advertisements

How to install APC in centos for PHP better performance ( opcode)

APC for PHP better performance:

APC is a op-code caching for PHP. Once PHP code is run, APC caches the complied PHP code so for next time, time for compiling PHP will be reduce and gives faster performance.  APC caches files in memory so  performance of PHP code improves significantly.

Installing APC:

Make sure PHP is installed first 🙂 . we need to install few pre-requist for PHP.

$ yum install php-pear php-devel httpd-devel pcre-devel gcc make

$ pecl install apc


Configuring APC:

Open APC config file and make sure you have atlest following configuration:

vi /etc/php.d/apc.ini

Enable APC for php.

 extension=apc.so
 apc.enabled=1

The number of seconds a cache entry is allowed to idle in a slot before APC dumps the cache.

 apc.ttl=72000
 apc.user_ttl=72000
 apc.gc_ttl=3600

Size of memory for apc ( 1024 M)

apc.shm_size=1024M

Enable apc stats.

apc.stat=1

Enable APC for command line php operations.

apc.enable_cli=1

Allow 2 seconds after a file is created before it is cached. This will prevent premature PHP pages to get cached.

apc.file_update_protection=2

Maximum size of single file that apc can store.

apc.max_file_size=1M

Maximum number of files APC can store ( rotation).

apc.num_files_hint=200000

Maximum number of users data entries that APC can store.

apc.user_entries_hint=20000

 

You can put your configuration in php.ini file but i prefer to have separate file like above for configuration. Values mentioned above are for demonstration purpose, different values  for APC can be set  which depends on number of PHP pages, size of memory in server, number of page hits e.t.c

Restart httpd server:

service httpd restart

 

APC installation comes with apc.php file, which can be use to monitor APC performance. This file can be found inside APC package  OR can be download from http://pecl.php.net/package/APC ( unzip and look for apc.php file).

Once apc.php is downloaded copy it to your domain so that you can assess it.

Now from browser, you can go to  http://domain.com/apc.php. I prefer to wait for a day to see the APC performance so we can have clear idea how well our configuration did.

 

Sample output of APC:

apc1
Here, we clearly see that APC is not performing very well as we have 44% misses. To optimize this we can reduce the memory and also we can increase max_file_size and also TTL time so that more can be cached in APC.  Normally when missed rate is more than 10% ,  its better to reconfigure the settings of APC.

Well tuned APC will look like below: 

APC INFO  luke.savvysme.com.au   128.199.188.56-s