Install virtualmin / webmin on centos – complete server setup.

Install Virtualmin:

Virtualmin is free control panel for server. It helps to manage multiple host / websites by managing Apache, Nginx, PHP, DNS, MYSql, FTP, SSH and many more. It is recommended to install virtualmin in fresh server rather ran existing server to prevent conflicts.

This tutorial will help you to setup complete virtualmin server with everything you need to run websites on your VPS or dedicated servers.

Step 1:
Update Yum and install perl and wget which is required for virtualmin.

$ yum update
$ yum install wget
$ yum install perl

Step 2:
Setup Hostname for server:

More details on hostname can be read here.
Let setup hostname as server.mydomain.com ( this is just a example you can setup any hostname you like but make sure you have that domain name with you. )

$ hostname server.mydomain.com

Step 3:
Set timezone:

Please refer to this article for timezone setup (click here)

Step 4:
Add more swap memory:

Please refer to this article for swap memory (click here)

Step 5:
Temp folder management.

we need to delete tmp folder time to time otherwise it will run out of space. To do that lets intsall tmpwatch and set the corn job to run it daily to auto clean up.

$ yum install tmpwatch -y

#update corntab and add following line
0 4 * * * /usr/sbin/tmpwatch -am 12 /tmp

Step 6:
Install virtualmin:

$ wget http://software.virtualmin.com/gpl/scripts/install.sh
$ chmod +x install.sh
$ ./install.sh

Once virtualmin installed, you can login to virtualmin admin by ip address
https:<your server ip>:10000

Step 7:
Security

a) Change port number for virtualmin.

Login to your server https:<your server ip>:10000 with root and system password .

go to webmin > webmin configuration > port and addresss  and change default port 10000 to any port you like .

B) Fix DNS  open resolver attack :

Open DNS will allow anyone to use your dns server and send attack to other servers. So to prevent this we need to allow only our ip ( IP of server). Please refer to this article to fix this problem. ( click here)
Before we work on virtualmin, lets install additional modules for the server.

C) INSTALL FIREWALL:

We can install any open source firewall but my personal choice is CSF firewall. Setup is very simple.  Please read http://download.configserver.com/csf/install.txt document to install it and also option to add interface to webmin.

Installation is quite straightforward:

cd /usr/src
rm -fv csf.tgz
wget https://download.configserver.com/csf.tgz
tar -xzf csf.tgz
cd csf
sh install.sh

To install or upgrade the csf webmin module:

Install csf as above
Install the csf webmin module in:
  Webmin > Webmin Configuration > Webmin Modules >
  From local file > /usr/local/csf/csfwebmin.tgz > Install Module

Note:
CSF Firewall comes will lots of options. But to start with , make sure your newly added port for virtualmin / webmin is listed in port list.

a) go to Webmin > System > ConfigServer Security & Firewall > Firewall Configuration 
make sure your port ( for webmin ) is there in  TCP_IN, TCP_OUT. If not please add it. 

b) You can also click on check server security to check if there are any loop holes. 
c) Once you happy you can change it from testing mode to live. 

d) SSH only login

Its better to have SSH only login to prevent brute force attacks. Please refer to this article for setup instruction. ( click here)

 

Aditional Setups:

So far you are now ready to host domains / website in your site but you may also consider to install following for more security.

a) Php_suhosin
Php Suhosin will prevent any illegal activity in php code to execute.

b) mod Security:
Its a proxy to prevent cross browsers attacks, injection attacks, brute force e.t.c

c) Nginx

light weight server for web application. ( click here for how to )

 

 

Advertisements

Solved: Fatal Error Unable to create lock file: Bad file descriptor (9)

File Descriptors and Open Files Limit CentOS 7

 

Some programs like Apache and MySQL requires a higher number of file descriptors.By default its  1024, which is not enough for current high load servers. Which will give you error in apache like “Fatal Error Unable to create lock file: Bad file descriptor (9)“. To solve this problem, here are the steps to increase this limit.

Common errors we get  with file descriptor limits:
a) Fatal Error Unable to create lock file: Bad file descriptor (9)
b) Too many open files (24)
c) Unable to lock file

I) Check default limit:

$ ulimit -a

default will be 1024.

check global limit:

$ cat /proc/sys/fs/file-max

if you get output like 10000 that means  normal user can only open 10000 files in a single login session. To see the hard and soft values,

Hard limit:

$ ulimit -Hn
# To check by user 
$ su <user>
$ ulimit -Hn


Soft Limit:

$ ulimit -Sn
# To check by user
$ su <user>
$ulimit -Sn

 

II) Changing system-wide file descriptors limits:

a) increase global limit:

$ vi /etc/sysctl.conf 
# edit line 
 fs.file-max = 100000 #set this value as you need

 

b) Also need to increase hard and soft limit.

$ vi  /etc/security/limits.conf

Add / Edit following lines.

*      soft nproc 10000
*      hard nproc 10000
*      soft nofile 10000
*      hard nofile 10000

Note: If we need to increase limit by user then we need to replace * with username. For example, to increase limit by user apache we do as follows.

apache      soft nproc 10000
apache      hard nproc 10000
apache      soft nofile 10000
apache      hard nofile 10000

 

c) reload systl

$ sysctl -p
$ systemctl daemon-reload

 

d) Verify New Limits

Use following command to see max limit of file descriptors:

cat /proc/sys/fs/file-max

Hard Limit

ulimit -Hn

Soft Limit

ulimit -Sn