Resources for Setting Up New Server

​Upcloud and A2hosting are two fantastic VPS hosting.
SETTING UP NEW SERVER ON A2 HOSTING
This is for CentOS 7 on A2server
A2 hosting was chosen because of:
https://websitesetup.org/hosting-reviews/best-vps-hosting-review/
websitesetup.org
​
1. Setting up LAMP stack
How to install Apache, PHP 7.3 and MySQL on CentOS 7.6 (LAMP)
HowtoForge
    2. Accessing your account:
Accessing your account
SSH set up: https://www.a2hosting.com/kb/getting-started-guide/accessing-your-account/using-ssh-secure-shell​
​https://www.digitalocean.com/community/tutorials/initial-server-setup-with-centos-7​
​https://wiki.centos.org/HowTos/Network/SecuringSSH​
SSH using keys: https://www.a2hosting.com/kb/getting-started-guide/accessing-your-account/using-ssh-keys​
​https://www.digitalocean.com/community/tutorials/how-to-configure-ssh-key-based-authentication-on-a-linux-server​
Possible error while setting up ssh key: http://unix.stackexchange.com/questions/36540/why-am-i-still-getting-a-password-prompt-with-ssh-with-public-key-authentication​
​http://askubuntu.com/questions/110814/server-keeps-asking-for-password-after-ive-copied-my-ssh-public-key-to-authoriz​
Disable SSH login for root (recommended): https://www.a2hosting.com/kb/getting-started-guide/accessing-your-account/disabling-ssh-logins-for-root​
FTP: https://www.a2hosting.com/kb/getting-started-guide/accessing-your-account/using-ftp-file-transfer-protocol​
SCP: https://www.a2hosting.com/kb/getting-started-guide/accessing-your-account/transferring-files-using-scp-secure-copy​
    
    3. Back-up data (document from A2), also should see Khoi’s document on OE:
​https://www.a2hosting.com/kb/getting-started-guide/backing-up-your-data/backups-on-dedicated-servers-and-vps​
​https://www.experts-exchange.com/questions/28429417/CentOS-How-to-Back-Up-and-Restore-Full-Server.html​
To make a script to delete files older than X days when there is less than XGB left, see this:
​https://stackoverflow.com/questions/8110530/check-free-disk-space-for-current-partition-in-bash/37167246#37167246​
To monitor uptime for the server, use: https://uptimerobot.com/​
Rclone is used to automatically backup file toGoogle Drive account:
Install: https://rclone.org/install/​
Configuration for Google Drive: https://rclone.org/drive/ or https://linoxide.com/file-system/configure-rclone-linux-sync-cloud/​
Usage: https://rclone.org/docs/​
For Rclone filtering: https://rclone.org/filtering/​
To back up the whole VPS, follow this:
​https://www.serverpronto.com/kb/page.php?id=Backing+Up+and+Restore+Your+Server​
This is more options: http://tamxuanla.blogspot.com/2015/10/how-to-backup-full-centos-server_22.html​
Modified script as this:
1
tar cvpzf /backups/backup-$(date +\%Y\%m\%d).tgz --exclude=/proc --exclude=/lost+found --exclude=/backups --exclude=/dev --exclude=/sys --exclude=/boot/grub --exclude=/etc/fstab --exclude=/etc/sysconfig/network-scripts/ --exclude=/etc/udev/rules.d/70-persistent-net.rules --exclude=/home/some_other_folders
Copied!
    
    4. Install EPEL repository on CentOS 7:
How to install the EPEL repository on CentOS
​
    5. Change timezone on Linux shell: 
How to change the time zone in the Linux shell
​
    6. Set default text Editor:
How to set the default text editor in Linux
​
    7. Obtaining free SSL certificate (from Let’sEncrypt):
First: Make sure you have the your_site.com.conf file inside /etc/httpd/conf.d. Following the following website: https://www.rosehosting.com/blog/apache-virtual-hosts-on-centos/ ; For more elaborate see: https://devops.profitbricks.com/tutorials/how-to-set-up-name-based-virtual-hosting-vhosts-with-apache-web-server-on-centos-7-1/​
Optional, here is another way the step above can be set up (Note: this website set up a bit different than the one above, specifically, the above website use /etc/httpd/conf.d/ instead of /etc/httpd/sites-enabled): https://www.digitalocean.com/community/tutorials/how-to-set-up-apache-virtual-hosts-on-centos-7​
danielromogroup.com and other sites on this server has been set up using /etc/httpd/conf.d/site.com.conf
This is a good installation for Certbot Let’sEncrypt (ignore the multiple certificate setting): https://certbot.eff.org/#centosrhel7-apache​
Using Certbot (Intro): https://certbot.eff.org/#centosrhel7-other​
Doc: https://certbot.eff.org/docs/intro.html​
Rate limit for Let’sEncrypt: https://community.letsencrypt.org/t/rate-limits-for-lets-encrypt/6769​
To test your SSL for your site:
 https://www.ssllabs.com/ssltest/​
​https://www.digicert.com/help/​
To read more about SSL: https://yoast.com/dev-blog/move-website-https-ssl/​
To strengthen your SSL connection:
Info:
 https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/​
​https://yoast.com/dev-blog/move-website-https-ssl/​
Remove SSLv3 SSLv2: https://www.digitalocean.com/community/tutorials/how-to-protect-your-server-against-the-poodle-sslv3-vulnerability​
HSTS Strict-Transport-Security:
 https://itigloo.com/security/how-to-configure-http-strict-transport-security-hsts-on-apache-nginx/​
​https://raymii.org/s/tutorials/HTTP_Strict_Transport_Security_for_Apache_NGINX_and_Lighttpd.html​
​https://www.howtoforge.com/community/threads/hsts-centos-7.72384/​
OCSP Stapling: help with all SSL security connection a little faster:
​https://wiki.apache.org/httpd/OCSPStapling​
​https://www.digitalocean.com/community/tutorials/how-to-configure-ocsp-stapling-on-apache-and-nginx​
​https://www.digicert.com/ssl-support/apache-enable-ocsp-stapling-on-server.htm​
​
    8. Setting up owner of /var/www/html folders, to easy update website: 
Owner of /var/www/html and subfolders - CentOS
​
    9. Creating groups, users; Assigning passwords:
​https://www.digitalocean.com/community/tutorials/how-to-add-and-delete-users-on-a-centos-7-server​
Assinging password and require immediate pass change after log in: https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Security_Guide/chap-Hardening_Your_System_with_Tools_and_Services.html#sec-Password_Security​
Add Linux users to a group: http://www.cyberciti.biz/faq/howto-linux-add-user-to-group/​
​http://www.howtogeek.com/50787/add-a-user-to-a-group-or-second-group-on-linux/​
​http://www.tecmint.com/add-users-in-linux/​
​
    10. Force using https access using .htaccess:
​http://www.inmotionhosting.com/support/website/ssl/how-to-force-https-using-the-htaccess-file​
​http://www.webhostinghub.com/help/learn/website/ssl/force-website-to-use-ssl​
​
    11. Configure PHP to read .htaccess file on a CentOS 7 server
We need to modify the httpd.conf file:
1
vi /etc/httpd/conf/httpd.conf
Copied!
In this file: after <Directory "/var/www/html">, modify AllowOverride None to AllowOverride Options.
 Save the file (hit Esc, type :wq and then Enter)
Restart httpd service:
1
systemctl restart httpd
Copied!
​
    12. Dreamweaver:
Creating Template:
​http://www.thesitewizard.com/dreamweaver/dreamweaver-cs5-5-tutorial-7.shtml​
​https://helpx.adobe.com/dreamweaver/using/creating-dreamweaver-template.html​
​https://www.siteground.com/tutorials/dreamweaver/dreamweaver_templates.htm​
​http://www.dummies.com/how-to/content/how-to-save-any-page-as-a-dreamweaver-template.html​
​
    13. Setting up firewall for CentOS 7:
DON’T FORGET TO OPEN PORT 7822 FOR SSH WHILE USING A2 SERVER
If forgot to open port 7822, follow this link: https://www.a2hosting.com/kb/getting-started-guide/accessing-your-account/using-the-solusvm-control-panel#Using-the-serial-console​
​https://www.digitalocean.com/community/tutorials/how-to-set-up-a-firewall-using-firewalld-on-centos-7​
​http://www.codero.com/knowledge-base/questions/377/​
​https://www.linode.com/docs/security/firewalls/introduction-to-firewalld-on-centos​
​
    14. MySQL/MariaDB
Error that need to change packet size: http://stackoverflow.com/questions/8062496/how-to-change-max-allowed-packet-size​
​
    15. Installing phpMyAdmin
​https://docs.phpmyadmin.net/en/latest/setup.html​
​https://github.com/phpmyadmin/phpmyadmin/wiki​
​https://docs.phpmyadmin.net/en/latest/setup.html​
​https://docs.phpmyadmin.net/en/latest/faq.html#security​
​https://www.digitalocean.com/community/tutorials/how-to-install-and-secure-phpmyadmin-with-apache-on-a-centos-7-server​
​
    16. Working with tar files
​http://www.techbrown.com/linux-tar-commands-examples-centos-7-rhel-7.shtml​
​https://www.tecmint.com/18-tar-command-examples-in-linux/​
​https://stackoverflow.com/questions/18681595/tar-a-directory-but-dont-store-full-absolute-paths-in-the-archive​
​https://serverfault.com/questions/339762/how-to-tarball-a-directory-without-carrying-over-path-to-folder​
​
    17. Setting up multiple websites with multiple domains on the same server
On current A2 hosting, the server config can be found in /etc/httpd/conf/httpd.conf
​https://devops.profitbricks.com/tutorials/how-to-set-up-name-based-virtual-hosting-vhosts-with-apache-web-server-on-centos-7-1/​
Setting up multiple Let’sEncrypt certificates for multiple hosts on the same server: https://www.digitalocean.com/community/tutorials/how-to-set-up-let-s-encrypt-certificates-for-multiple-apache-virtual-hosts-on-ubuntu-14-04 (this is for Ubuntu)
For CentOS, generate two #.conf files in /etc/httpd/conf.d/. For example: /etc/httpd/conf.d/site1.com.conf and /etc/httpd/conf.d/site2.com.conf. Each conf file is the apache set up for the site. Example of the content of site2.com.conf:
1
<VirtualHost XX.XX.XX.XX:80>
2
    DocumentRoot /var/www/html/site2.com
3
    ServerName server.site2.com
4
    ServerAlias site2.com www.site2.com
5
</VirtualHost>
Copied!
​
After that use “/usr/local/sbin/certbot --apache -d example.com -d www.example.com” . The content of site2.com.conf file will be automatically changed. Here is example of the content of site2.com.conf after running the “certbot-auto…”
1
<VirtualHost XX.XX.XX.XX:80>
2
    DocumentRoot /var/www/html/site2.com
3
    ServerName server.site2.com
4
    ServerAlias site2.com www.site2.com
5
</VirtualHost>
6
<IfModule mod_ssl.c>
7
    <VirtualHost XX.XX.XX.XX:443>
8
        DocumentRoot /var/www/html/site2.com
9
        ServerName server.site2.com
10
        ServerAlias site2.com www.site2.com
11
        SSLCertificateFile /etc/letsencrypt/live/site2.com/cert.pem
12
        SSLCertificateKeyFile /etc/letsencrypt/live/site2.com/privkey.pem
13
        Include /etc/letsencrypt/options-ssl-apache.conf
14
        SSLCertificateChainFile /etc/letsencrypt/live/site2.com/chain.pem
15
    </VirtualHost>
16
</IfModule>
Copied!
Read here for more info about a set up a conf file for SSL certificate: https://www.linode.com/docs/security/ssl/ssl-certificates-with-apache-2-on-centos​
​
    18. Working with WordPress
Initial Install: https://www.digitalocean.com/community/tutorials/how-to-install-wordpress-on-centos-7​
From A2: https://www.a2hosting.com/kb/installable-applications/manual-installations/installing-wordpress-manually​
WP security, from A2 hosting: https://www.a2hosting.com/kb/security/application-security/wordpress-security​
UpdraftPlus Plugin is used to back up WordPress. To restore Wordpress
Create a fresh install of wordpress as in the link above
Install Updraftplus plugin
Load the backup files
Restore
If there is issue after restore, check here first. A common issue is the rewrite link issue (Wordpress Permanet link), follow the solution in “Using ‘Pretty’ permalinks” in this link: https://codex.wordpress.org/Using_Permalinks​
Optimizing WP, from A2 hosting: https://www.a2hosting.com/kb/installable-applications/optimization-and-configuration/wordpress2/optimizing-wordpress-with-the-a2-optimized-plugin;
 https://www.a2hosting.com/kb/installable-applications/optimization-and-configuration/wordpress2/optimizing-wordpress-with-w3-total-cache-and-gtmetrix​
Multiple sites (using WordPress) installation: https://www.digitalocean.com/community/tutorials/how-to-set-up-multiple-wordpress-sites-using-multisite​
Moving Wordpress site(s): https://codex.wordpress.org/Moving_WordPress​
Uninstall Wordpress: https://www.tipsandtricks-hq.com/how-to-uninstall-and-reinstall-wordpress-245​
To use 1-click update on Wordpress, you need
Wordpress folder (in this case /var/www/html/baylorcpritlab.com) to be owned by apache:apache with 755 permission
To secure Wordpress, all folders inside the baylorcpritlab.com should have 755 persmission and all files should have 644 permission
Wordpress login trouble: https://codex.wordpress.org/Login_Trouble​
​
    19. Setting up Booked Scheduler
See here for official guide: http://www.bookedscheduler.com/help​
Note: when change the info in the config.php file, make sure to change the:
1.Install password
2.User: to ‘root’
3.Password to ‘root_passowrd’
Also see: https://www.bookedscheduler.com/images/community-contrib/CentOS_booked_v3.pdf​