Resources for Setting Up New Server

SETTING UP NEW SERVER ON A2 HOSTING

This is for CentOS 7 on A2server

A2 hosting was chosen because of: https://hostingfacts.com/hosting-reviews/

1. Setting up LAMP stack

How to install Apache, PHP 7.3 and MySQL on CentOS 7.6 (LAMP)HowtoForge

2. Accessing your account:

Accessing your account

• SSH set up: https://www.a2hosting.com/kb/getting-started-guide/accessing-your-account/using-ssh-secure-shell

  • https://www.digitalocean.com/community/tutorials/initial-server-setup-with-centos-7
  • https://wiki.centos.org/HowTos/Network/SecuringSSH
• SSH using keys: https://www.a2hosting.com/kb/getting-started-guide/accessing-your-account/using-ssh-keys

  • https://www.digitalocean.com/community/tutorials/how-to-configure-ssh-key-based-authentication-on-a-linux-server
  • Possible error while setting up ssh key: http://unix.stackexchange.com/questions/36540/why-am-i-still-getting-a-password-prompt-with-ssh-with-public-key-authentication

    • http://askubuntu.com/questions/110814/server-keeps-asking-for-password-after-ive-copied-my-ssh-public-key-to-authoriz
• Disable SSH login for root (recommended): https://www.a2hosting.com/kb/getting-started-guide/accessing-your-account/disabling-ssh-logins-for-root
• FTP: https://www.a2hosting.com/kb/getting-started-guide/accessing-your-account/using-ftp-file-transfer-protocol
• SCP: https://www.a2hosting.com/kb/getting-started-guide/accessing-your-account/transferring-files-using-scp-secure-copy

3. Back-up data (document from A2), also should see Khoi’s document on OE:

• https://www.a2hosting.com/kb/getting-started-guide/backing-up-your-data/backups-on-dedicated-servers-and-vps
• https://www.experts-exchange.com/questions/28429417/CentOS-How-to-Back-Up-and-Restore-Full-Server.html
• To make a script to delete files older than X days when there is less than XGB left, see this:

  • https://stackoverflow.com/questions/8110530/check-free-disk-space-for-current-partition-in-bash/37167246#37167246
• To monitor uptime for the server, use: https://uptimerobot.com/
• Rclone is used to automatically backup file toGoogle Drive account:

  • Install: https://rclone.org/install/
  • Configuration for Google Drive: https://rclone.org/drive/ or https://linoxide.com/file-system/configure-rclone-linux-sync-cloud/
  • Usage: https://rclone.org/docs/
  • For Rclone filtering: https://rclone.org/filtering/
• To back up the whole VPS, follow this:

  • https://www.serverpronto.com/kb/page.php?id=Backing+Up+and+Restore+Your+Server
  • This is more options: http://tamxuanla.blogspot.com/2015/10/how-to-backup-full-centos-server_22.html
  • Modified script as this:

tar cvpzf /backups/backup-$(date +\%Y\%m\%d).tgz --exclude=/proc --exclude=/lost+found --exclude=/backups --exclude=/dev --exclude=/sys --exclude=/boot/grub --exclude=/etc/fstab --exclude=/etc/sysconfig/network-scripts/ --exclude=/etc/udev/rules.d/70-persistent-net.rules --exclude=/home/some_other_folders

4. Install EPEL repository on CentOS 7:

How to install the EPEL repository on CentOS

5. Change timezone on Linux shell:

How to change the time zone in the Linux shell

6. Set default text Editor:

How to set the default text editor in Linux

7. Obtaining free SSL certificate (from Let’sEncrypt):

• First: Make sure you have the your_site.com.conf file inside /etc/httpd/conf.d. Following the following website: https://www.rosehosting.com/blog/apache-virtual-hosts-on-centos/ ; For more elaborate see: https://devops.profitbricks.com/tutorials/how-to-set-up-name-based-virtual-hosting-vhosts-with-apache-web-server-on-centos-7-1/
• Optional, here is another way the step above can be set up (Note: this website set up a bit different than the one above, specifically, the above website use /etc/httpd/conf.d/ instead of /etc/httpd/sites-enabled): https://www.digitalocean.com/community/tutorials/how-to-set-up-apache-virtual-hosts-on-centos-7
• danielromogroup.com and other sites on this server has been set up using /etc/httpd/conf.d/site.com.conf

• This is a good installation for Certbot Let’sEncrypt (ignore the multiple certificate setting): https://certbot.eff.org/#centosrhel7-apache
• Using Certbot (Intro): https://certbot.eff.org/#centosrhel7-other
• Doc: https://certbot.eff.org/docs/intro.html
• Rate limit for Let’sEncrypt: https://community.letsencrypt.org/t/rate-limits-for-lets-encrypt/6769
• To test your SSL for your site:

  • https://www.ssllabs.com/ssltest/
  • https://www.digicert.com/help/
• To read more about SSL: https://yoast.com/dev-blog/move-website-https-ssl/
• To strengthen your SSL connection:

  • Info:

    • https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
    • https://yoast.com/dev-blog/move-website-https-ssl/
  • Remove SSLv3 SSLv2: https://www.digitalocean.com/community/tutorials/how-to-protect-your-server-against-the-poodle-sslv3-vulnerability
  • HSTS Strict-Transport-Security:

    • https://itigloo.com/security/how-to-configure-http-strict-transport-security-hsts-on-apache-nginx/
    • https://raymii.org/s/tutorials/HTTP_Strict_Transport_Security_for_Apache_NGINX_and_Lighttpd.html
    • https://www.howtoforge.com/community/threads/hsts-centos-7.72384/
  • OCSP Stapling: help with all SSL security connection a little faster:

    • https://wiki.apache.org/httpd/OCSPStapling
    • https://www.digitalocean.com/community/tutorials/how-to-configure-ocsp-stapling-on-apache-and-nginx
    • https://www.digicert.com/ssl-support/apache-enable-ocsp-stapling-on-server.htm

8. Setting up owner of /var/www/html folders, to easy update website:

Owner of /var/www/html and subfolders - CentOS

9. Creating groups, users; Assigning passwords:

• https://www.digitalocean.com/community/tutorials/how-to-add-and-delete-users-on-a-centos-7-server
• Assinging password and require immediate pass change after log in: https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Security_Guide/chap-Hardening_Your_System_with_Tools_and_Services.html#sec-Password_Security
• Add Linux users to a group: http://www.cyberciti.biz/faq/howto-linux-add-user-to-group/

  • http://www.howtogeek.com/50787/add-a-user-to-a-group-or-second-group-on-linux/
  • http://www.tecmint.com/add-users-in-linux/

10. Force using https access using .htaccess:

• http://www.inmotionhosting.com/support/website/ssl/how-to-force-https-using-the-htaccess-file
• http://www.webhostinghub.com/help/learn/website/ssl/force-website-to-use-ssl

11. Configure PHP to read .htaccess file on a CentOS 7 server

We need to modify the httpd.conf file:

vi /etc/httpd/conf/httpd.conf

In this file: after <Directory "/var/www/html">, modify AllowOverride None to AllowOverride Options.

Save the file (hit Esc, type :wq and then Enter)

Restart httpd service:

systemctl restart httpd

12. Dreamweaver:

• Creating Template:

  • http://www.thesitewizard.com/dreamweaver/dreamweaver-cs5-5-tutorial-7.shtml
  • https://helpx.adobe.com/dreamweaver/using/creating-dreamweaver-template.html
  • https://www.siteground.com/tutorials/dreamweaver/dreamweaver_templates.htm
  • http://www.dummies.com/how-to/content/how-to-save-any-page-as-a-dreamweaver-template.html

13. Setting up firewall for CentOS 7:

• DON’T FORGET TO OPEN PORT 7822 FOR SSH WHILE USING A2 SERVER

• If forgot to open port 7822, follow this link: https://www.a2hosting.com/kb/getting-started-guide/accessing-your-account/using-the-solusvm-control-panel#Using-the-serial-console
• https://www.digitalocean.com/community/tutorials/how-to-set-up-a-firewall-using-firewalld-on-centos-7
• http://www.codero.com/knowledge-base/questions/377/
• https://www.linode.com/docs/security/firewalls/introduction-to-firewalld-on-centos

14. MySQL/MariaDB

• Error that need to change packet size: http://stackoverflow.com/questions/8062496/how-to-change-max-allowed-packet-size

15. Installing phpMyAdmin

• https://docs.phpmyadmin.net/en/latest/setup.html
• https://github.com/phpmyadmin/phpmyadmin/wiki
• https://docs.phpmyadmin.net/en/latest/setup.html
• https://docs.phpmyadmin.net/en/latest/faq.html#security
• https://www.digitalocean.com/community/tutorials/how-to-install-and-secure-phpmyadmin-with-apache-on-a-centos-7-server

16. Working with tar files

• http://www.techbrown.com/linux-tar-commands-examples-centos-7-rhel-7.shtml
• https://www.tecmint.com/18-tar-command-examples-in-linux/
• https://stackoverflow.com/questions/18681595/tar-a-directory-but-dont-store-full-absolute-paths-in-the-archive
• https://serverfault.com/questions/339762/how-to-tarball-a-directory-without-carrying-over-path-to-folder

17. Setting up multiple websites with multiple domains on the same server

• On current A2 hosting, the server config can be found in /etc/httpd/conf/httpd.conf

• https://devops.profitbricks.com/tutorials/how-to-set-up-name-based-virtual-hosting-vhosts-with-apache-web-server-on-centos-7-1/
• Setting up multiple Let’sEncrypt certificates for multiple hosts on the same server: https://www.digitalocean.com/community/tutorials/how-to-set-up-let-s-encrypt-certificates-for-multiple-apache-virtual-hosts-on-ubuntu-14-04 (this is for Ubuntu)

  • For CentOS, generate two #.conf files in /etc/httpd/conf.d/. For example: /etc/httpd/conf.d/site1.com.conf and /etc/httpd/conf.d/site2.com.conf. Each conf file is the apache set up for the site. Example of the content of site2.com.conf:

<VirtualHost XX.XX.XX.XX:80>
    DocumentRoot /var/www/html/site2.com
    ServerName server.site2.com
    ServerAlias site2.com www.site2.com
</VirtualHost>

• • After that use “/usr/local/sbin/certbot --apache -d example.com -d www.example.com” . The content of site2.com.conf file will be automatically changed. Here is example of the content of site2.com.conf after running the “certbot-auto…”

<VirtualHost XX.XX.XX.XX:80>
    DocumentRoot /var/www/html/site2.com
    ServerName server.site2.com
    ServerAlias site2.com www.site2.com
</VirtualHost>
<IfModule mod_ssl.c>
    <VirtualHost XX.XX.XX.XX:443>
        DocumentRoot /var/www/html/site2.com
        ServerName server.site2.com
        ServerAlias site2.com www.site2.com
        SSLCertificateFile /etc/letsencrypt/live/site2.com/cert.pem
        SSLCertificateKeyFile /etc/letsencrypt/live/site2.com/privkey.pem
        Include /etc/letsencrypt/options-ssl-apache.conf
        SSLCertificateChainFile /etc/letsencrypt/live/site2.com/chain.pem
    </VirtualHost>
</IfModule>

• Read here for more info about a set up a conf file for SSL certificate: https://www.linode.com/docs/security/ssl/ssl-certificates-with-apache-2-on-centos

18. Working with WordPress

• Initial Install: https://www.digitalocean.com/community/tutorials/how-to-install-wordpress-on-centos-7

  • From A2: https://www.a2hosting.com/kb/installable-applications/manual-installations/installing-wordpress-manually
  • WP security, from A2 hosting: https://www.a2hosting.com/kb/security/application-security/wordpress-security
  • UpdraftPlus Plugin is used to back up WordPress. To restore Wordpress

    • Create a fresh install of wordpress as in the link above

    • Install Updraftplus plugin

    • Load the backup files

    • Restore

    • If there is issue after restore, check here first. A common issue is the rewrite link issue (Wordpress Permanet link), follow the solution in “Using ‘Pretty’ permalinks” in this link: https://codex.wordpress.org/Using_Permalinks
  • Optimizing WP, from A2 hosting: https://www.a2hosting.com/kb/installable-applications/optimization-and-configuration/wordpress2/optimizing-wordpress-with-the-a2-optimized-plugin;

    • https://www.a2hosting.com/kb/installable-applications/optimization-and-configuration/wordpress2/optimizing-wordpress-with-w3-total-cache-and-gtmetrix
• Multiple sites (using WordPress) installation: https://www.digitalocean.com/community/tutorials/how-to-set-up-multiple-wordpress-sites-using-multisite
• Moving Wordpress site(s): https://codex.wordpress.org/Moving_WordPress
• Uninstall Wordpress: https://www.tipsandtricks-hq.com/how-to-uninstall-and-reinstall-wordpress-245
• To use 1-click update on Wordpress, you need

  • Wordpress folder (in this case /var/www/html/baylorcpritlab.com) to be owned by apache:apache with 755 permission

  • To secure Wordpress, all folders inside the baylorcpritlab.com should have 755 persmission and all files should have 644 permission

• Wordpress login trouble: https://codex.wordpress.org/Login_Trouble

19. Setting up Booked Scheduler

• See here for official guide: http://www.bookedscheduler.com/help
• Note: when change the info in the config.php file, make sure to change the:

  1. Install password

  2. User: to ‘root’

  3. Password to ‘root_passowrd’

• Also see: https://www.bookedscheduler.com/images/community-contrib/CentOS_booked_v3.pdf