Resources for Setting Up New Server
This is for CentOS 7 on A2server
A2 hosting was chosen because of:
- Disable SSH login for root (recommended): https://www.a2hosting.com/kb/getting-started-guide/accessing-your-account/disabling-ssh-logins-for-root
- To make a script to delete files older than X days when there is less than XGB left, see this:
- Rclone is used to automatically backup file toGoogle Drive account:
- Configuration for Google Drive: https://rclone.org/drive/ or https://linoxide.com/file-system/configure-rclone-linux-sync-cloud/
- To back up the whole VPS, follow this:
- This is more options: http://tamxuanla.blogspot.com/2015/10/how-to-backup-full-centos-server_22.html
- Modified script as this:
tar cvpzf /backups/backup-$(date +\%Y\%m\%d).tgz --exclude=/proc --exclude=/lost+found --exclude=/backups --exclude=/dev --exclude=/sys --exclude=/boot/grub --exclude=/etc/fstab --exclude=/etc/sysconfig/network-scripts/ --exclude=/etc/udev/rules.d/70-persistent-net.rules --exclude=/home/some_other_folders
- First: Make sure you have the your_site.com.conf file inside /etc/httpd/conf.d. Following the following website: https://www.rosehosting.com/blog/apache-virtual-hosts-on-centos/ ; For more elaborate see: https://devops.profitbricks.com/tutorials/how-to-set-up-name-based-virtual-hosting-vhosts-with-apache-web-server-on-centos-7-1/
- Optional, here is another way the step above can be set up (Note: this website set up a bit different than the one above, specifically, the above website use /etc/httpd/conf.d/ instead of /etc/httpd/sites-enabled): https://www.digitalocean.com/community/tutorials/how-to-set-up-apache-virtual-hosts-on-centos-7
- danielromogroup.com and other sites on this server has been set up using /etc/httpd/conf.d/site.com.conf
- This is a good installation for Certbot Let’sEncrypt (ignore the multiple certificate setting): https://certbot.eff.org/#centosrhel7-apache
- To test your SSL for your site:
- To strengthen your SSL connection:
- OCSP Stapling: help with all SSL security connection a little faster:
- Assinging password and require immediate pass change after log in: https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Security_Guide/chap-Hardening_Your_System_with_Tools_and_Services.html#sec-Password_Security
We need to modify the
httpd.conf
file:vi /etc/httpd/conf/httpd.conf
In this file: after
<Directory "/var/www/html">
, modify AllowOverride None
to AllowOverride Options
. Save the file (hit Esc, type
:wq
and then Enter)
Restart httpd service:
systemctl restart httpd
- Creating Template:
- DON’T FORGET TO OPEN PORT 7822 FOR SSH WHILE USING A2 SERVER
- If forgot to open port 7822, follow this link: https://www.a2hosting.com/kb/getting-started-guide/accessing-your-account/using-the-solusvm-control-panel#Using-the-serial-console
- Error that need to change packet size: http://stackoverflow.com/questions/8062496/how-to-change-max-allowed-packet-size
- On current A2 hosting, the server config can be found in /etc/httpd/conf/httpd.conf
- Setting up multiple Let’sEncrypt certificates for multiple hosts on the same server: https://www.digitalocean.com/community/tutorials/how-to-set-up-let-s-encrypt-certificates-for-multiple-apache-virtual-hosts-on-ubuntu-14-04 (this is for Ubuntu)
- For CentOS, generate two #.conf files in /etc/httpd/conf.d/. For example: /etc/httpd/conf.d/site1.com.conf and /etc/httpd/conf.d/site2.com.conf. Each conf file is the apache set up for the site. Example of the content of site2.com.conf:
<VirtualHost XX.XX.XX.XX:80>
DocumentRoot /var/www/html/site2.com
ServerName server.site2.com
ServerAlias site2.com www.site2.com
</VirtualHost>
-
- After that use “/usr/local/sbin/certbot --apache -d example.com -d www.example.com” . The content of site2.com.conf file will be automatically changed. Here is example of the content of site2.com.conf after running the “certbot-auto…”
<VirtualHost XX.XX.XX.XX:80>
DocumentRoot /var/www/html/site2.com
ServerName server.site2.com
ServerAlias site2.com www.site2.com
</VirtualHost>
<IfModule mod_ssl.c>
<VirtualHost XX.XX.XX.XX:443>
DocumentRoot /var/www/html/site2.com
ServerName server.site2.com
ServerAlias site2.com www.site2.com
SSLCertificateFile /etc/letsencrypt/live/site2.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/site2.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateChainFile /etc/letsencrypt/live/site2.com/chain.pem
</VirtualHost>
</IfModule>
- Read here for more info about a set up a conf file for SSL certificate: https://www.linode.com/docs/security/ssl/ssl-certificates-with-apache-2-on-centos
- WP security, from A2 hosting: https://www.a2hosting.com/kb/security/application-security/wordpress-security
- UpdraftPlus Plugin is used to back up WordPress. To restore Wordpress
- Create a fresh install of wordpress as in the link above
- Install Updraftplus plugin
- Load the backup files
- Restore
- If there is issue after restore, check here first. A common issue is the rewrite link issue (Wordpress Permanet link), follow the solution in “Using ‘Pretty’ permalinks” in this link: https://codex.wordpress.org/Using_Permalinks
- Multiple sites (using WordPress) installation: https://www.digitalocean.com/community/tutorials/how-to-set-up-multiple-wordpress-sites-using-multisite
- To use 1-click update on Wordpress, you need
- Wordpress folder (in this case /var/www/html/baylorcpritlab.com) to be owned by apache:apache with 755 permission
- To secure Wordpress, all folders inside the baylorcpritlab.com should have 755 persmission and all files should have 644 permission
- Note: when change the info in the config.php file, make sure to change the:
- 1.Install password
- 2.User: to ‘root’
- 3.Password to ‘root_passowrd’