Building a secure web server with CentOS 5, part 1
Posted on 05.Jan 2010 by Ray Heffer in LAMP, Linux, Web HostingPart 1 | Part 2 | Part 3 | Troubleshooting
Introduction
This is an updated version of my original LAMP (Linux Apache MySQL and Perl/PHP) guide that was based on CentOS 4. Now updated and tweaked for CentOS 5, I will take you through the steps required to build a secure Linux web server (LAMP) on CentOS 5.
I have a background working for an ISP, so I’ve based this build on the same configuration many hosting providers use. It supports virtual hosts (multiple websites), secure FTP access, locked down SSH access, and a sensible directory structure.
If you follow this guide, you will get a web server up and running within a couple of hours depending on whether you follow it step by step, or prefer to experiment first. If you are new to Linux then give it a try and learn something new, you never know you may surprise yourself!
Good luck!
Building a secure web server with CentOS 5, part 2
Posted on 05.Jan 2010 by Ray Heffer in LAMP, Linux, Web HostingPart 1 | Part 2 | Part 3 | Troubleshooting
Part 2: Configuring the Server
Configuring CentOS
- Edit
/etc/hostsand/etc/sysconfig/networkwith hostnames - Install Packages
Example of /etc/hosts:
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1 localhost
67.34.32.11 www.mydomain.com
Example of /etc/sysconfig/network
NETWORKING=yes
HOSTNAME=www.mydomain.com
Installing Packages
# yum -y install httpd openssl-devel openssl mod_ssl vsftpd rpm-build rpm-devel autoconf automake lynx gcc
# yum -y install mysql mod_auth_mysql mysql-devel mysql-server
# yum -y install mod_python python python-devel
# yum -y install perl mod_perl mod_perl-devel openssl-perl perl-Convert-ASN1 perl-Date-Calc perl-DateManip perl-HTML-Parser perl-libwww-perl perl-CPAN perl-DBD-MySQL perl-XML-Parser
# yum -y install php-devel php php-domxml php-gd php-mbstring php-mysql php-ncurses php-pear
# yum -y install webalizer
# yum -y install sendmail sendmail-cf
Building a secure web server with CentOS 5, part 3
Posted on 05.Jan 2010 by Ray Heffer in LAMP, Linux, Web HostingPart 1 | Part 2 | Part 3 | Troubleshooting
Part 3: Adding websites
In the following steps, we will base our configuration on a fictitious company called Happy Burger who has already registered the domain name, happyburger.net. We will point www.happyburger.net to the IP address of this web server. When you are creating your own site, substitute the customer name and domain name for that of the actual customer. * If a Happy Burger really exists, then this is in no way associated with them and is purely coincidental.
Create a User Account
The first step is to create a user account that will be associated with this website and be used to authenticate via FTP. When creating the password, make sure that it is at least 8 characters, alphanumeric, mixed case and includes numbers. I usually generate random passwords for this.
# adduser –s /sbin/nologin happyburger
# passwd happyburger
Creating the directory structure
Each website must have the following directory structure in order to support access logs, web statistics, .htpasswd files, CGI scripts and the public web directory.
Building a secure web server with CentOS 5, Troubleshooting
Posted on 05.Jan 2010 by Ray Heffer in LAMP, LinuxPart 1 | Part 2 | Part 3 | Troubleshooting
Problems with Sendmail
When setting up my first Linux web server it was actually sendmail that caused me the most trouble. If you get the following errors:
<< 550-Verification failed for
<<< 550-Unrouteable address
<<< 550- does not appear to be valid. Sender verify
<<< 550 failed.
550 5.1.1 ... User unknown
<<< 503 valid RCPT command must precede DATA
