# Hosting Server Related

## CHANGE TIME ZONE

1. Edit `php.ini` file (/Applications/XAMPP/xamppfiles/etc/php.ini if you use XAMPP in MacOS)

Change:

```php
date.timezone=Europe/Berlin
```

to:

```php
date.timezone=America/Chicago
```

    2\. Restart server

## SETTING UP HTTPS (SECURED HTTP) FOR OE (RECOMMENDED)

This is optional but recommend for any site that requires user login

This specifically apply to: 

* CentOS 7 

1. Follow the instruction in this website to install and enable ssl: <http://wiki.centos.org/HowTos/Https#head-35299da4f7078eeba5f5f62b0222acc8c5f2db5f>

{% hint style="danger" %}
Ignore Step 3 in the tutorial above
{% endhint %}

&#x20;   2\. Create `/etc/httpd/conf.d/oe.conf` (same name as the folder contain Open Enventory, in this case `/var/www/html/oe`*)*

In Terminal, type:

```bash
sudo vi /etc/httpd/conf.d/oe.conf
```

Add the content below:

```bash
NameVirtualHost *:80
<VirtualHost *:80>
    ServerName your_url.net
    DocumentRoot /var/www/html/oe
    Redirect permanent / https://your_url.net
</VirtualHost>

NameVirtualHost *:443
<VirtualHost *:443>
    SSLEngine on
    SSLCertificateFile /etc/pki/tls/certs/ca.crt
    SSLCertificateKeyFile /etc/pki/tls/private/ca.key
    <Directory /var/www/html/oe>
        AllowOverride All
    </Directory>
    DocumentRoot /var/www/html/oe
    ServerName your_url.net
</VirtualHost>
```

{% hint style="info" %}
All of these below info (highlighted in red can be change to match specific ip address as well as document location:

* ServerName your\_url.net
* DocumentRoot /var/www/html/oe
* Redirect permanent / <https://romo.ddns.net/>
  {% endhint %}

&#x20;   2\. Restart apache service, in Terminal:

```bash
sudo systemctl restart httpd.service
```

## SETTING UP CRONTAB TO AUTOMATICALLY BACKUP YOUR DATABASE

This is optional but recommend for auto back up the OE database as well as the user’s info and password

This specifically apply to: CentOS 7 (Apache version: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips PHP/5.5.25\
PHP version: 5.5.25\
MySQL server version: 5.5.41-MariaDB)

1. Set up sshpass to automatically pass the password. Note: this is not ultrasafe but it is simple. Check out this link: <http://www.server-world.info/en/note?os=CentOS_7&p=ssh&f=7> \
   (only need to follow how to install, step 1)
2. Go into Terminal in your server and log in as root user (type: “su” and then *password* at the command line

Note: you can do the rest of the command lines below with prefix “sudo *your-command-here”* if you don’t want to log in as root

&#x20;   3\. At the command line, type:

```bash
crontab –e
```

&#x20;   4\. When the file is open, insert the following. Note: everything is red can be changed to match specific details. -$(date +\\%Y\\%m\\%d): is used to set automatic date

```bash
#This is to back up the Romo's OE database into home/khoi/OEbackup, every day at 00:05 am
5 0 * * * mysqldump -u root –pyour-password romo > /home/khoi/OEbackup/romo-backup-`date +"%Y%m%d"`.sql

#This is to back up the user table in mysql in order to save users' password, every day at 00:10 am
10 0 * * * mysqldump -u root -pyour-password mysql user > /home/khoi/OEbackup/romo-backup-user`date +"%Y%m%d"`.sql

#This is to copy the back up file to External harddrive, every day at 00:15 am
15 0 * * * sshpass -p your-password rsync -ave ssh --ignore-existing /home/khoi/OEbackup/ daniel@romomacpro.ddns.net:/Users/daniel/Documents/OEbackup/

#This is to delete the file every month
0 0 * * */4 rm -r /home/khoi/OEbackup/romo-backup-*.sql
```

&#x20;   5\. More example of crontab can be read here:

{% embed url="<http://www.thegeekstuff.com/2009/06/15-practical-crontab-examples/>" %}

{% embed url="<http://tecadmin.net/crontab-in-linux-with-20-examples-of-cron-schedule/#>" %}

## OPTIMIZING CENTOS 7 PERFORMANCE

{% embed url="<https://medium.com/@sbuckpesch/apache2-and-php-fpm-performance-optimization-step-by-step-guide-1bfecf161534>" %}

{% embed url="<https://blog.vpscheap.net/how-to-optimize-apache-performance-on-centos-7/>" %}

## &#x20;IP BLOCKING FOR SECURITY ENHANCEMENT ON CENTOS 7 SERVER

This guide to use access\_log to find out some high frequent access ip and then check them manually and form a block ip if necessary

### Find IP address with the most access

1. Follow this: <https://stackoverflow.com/questions/18682308/sort-uniq-ip-address-in-from-apache-log> , first answer
2. Specifically, ssh into the server and then log in as root user
3. Use following command:

```bash
cat /var/log/httpd/access_log | awk '{print $1}' | sort -n | uniq -c | sort -nr | head -20
```

change “-20” to “-xx” with “xx” is the number of result. This is sort from most to least access request

&#x20;   4\. Google any ip lookup website and check these IPs(e.g: <https://whatismyipaddress.com/ip-lookup>). If find any suspicious ones, you can add a rule to block those ip network address by the next step

###

### Setting up rule to block ip network.

Follow this guide: <https://www.getpagespeed.com/server-setup/security/centos-7-ban-bad-ips-and-networks-with-firewalld>

###

### Finding info about the network list

1. Follow this guide: <https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/security_guide/sec-setting_and_controlling_ip_sets_using_firewalld>
2. Specifically using this command (after ssh into the server and then log in as root)

To list the IP sets known to firewalld in the permanent environment, use the following command as root:

```bash
firewall-cmd --permanent --get-ipsets
```

&#x20;   3\. To get more information about the IP set, use the following command as root: (in the example below, “test” is the name of ipsets you got from the above command

```bash
firewall-cmd --permanent --info-ipset=test
```

Or:

To see the extended entries list of the IP set, use the following command as root:

```bash
firewall-cmd --permanent --ipset=test --get-entries
```

###

### To block IP from a whole country

1. Follow this guide:&#x20;

{% embed url="<https://www.linode.com/community/questions/11143/top-tip-firewalld-and-ipset-country-blacklist>" %}

## FREEING DISK SPACE IN CENTOS 7

See these references:

{% embed url="<https://maryrosecook.com/blog/post/freeing-disk-space-on-your-linux-server>" %}

{% embed url="<https://stackoverflow.com/questions/11316664/how-do-i-clear-space-on-my-main-system-drive-on-a-linux-centos-system>" %}

{% embed url="<https://stackoverflow.com/questions/42385996/how-to-free-up-space-on-centos-server>" %}

## ADVANCE FILE AND FOLDER PERMISSION/OWNERSHIP SETTING IN CENTOS 7

See the following resources:

* Good and comprehensive: <http://www.vanemery.com/Linux/ACL/linux-acl.html#default>
* Simple preservation of parent folder group owernship for all files newly created: <https://serverfault.com/a/361666>
* <https://unix.stackexchange.com/questions/115631/getting-new-files-to-inherit-group-permissions-on-linux>
* <https://askubuntu.com/questions/642236/how-to-make-the-newly-created-files-inherit-the-directorys-permissions>