Skip to content
Matic Korošec

Blog · 15 January 2019 · Guides

CentOS 7 + Webmin

Deprecated. CentOS 7 reached end of life in June 2024, so don’t follow this guide for new servers. I’ve since switched my stack to Ubuntu LTS in most cases. Kept here for the archive.

Hello there!

Today I will demonstrate how to prepare a server running CentOS 7 for development purposes. I will only repeat steps that I have already done, so they might not work for every possible configuration or instance out there.

I am using time4vps.eu as a hosting provider for all live VPS servers. The service is great, prices are fair and in 3 yrs not a single provider-side incident occurred.

In the hosting dashboard there are a couple of quick-install options available that I use when setting up new environments. They work and they save time. I chose CentOS 7 + Webmin. Webmin is a web-based system configuration tool that works well with CentOS. Also, cPanel (which I like a lot too) costs $300 per year, so no, thanks.

The main chapters of this post:

  • Virtualmin post-install wizard,
  • new admin user,
  • public key authentication for SSH,
  • disable root SSH access,
  • new virtual server,
  • install PHP 7,
  • update all packages,
  • create and configure swap.

Complete the Virtualmin post-install wizard

Straightforward process. I used the following options:

  • Preload Virtualmin libraries - YES
  • Email domain lookup server - YES
  • ClamAV server scanner - NO
  • SpamAssassin filter - NO
  • MySQL database server - YES
  • PostgreSQL server - NO
  • Set MySQL password - NO (I change it later via console)
  • MySQL configuration size - Large, 1 GB
  • Setting nameserver - of course
  • Password storage mode - only hashed passwords

Re-check and refresh the configuration and make sure everything looks good. I also turned off the BIND DNS domain under “Features and plugins” because I manage DNS on a different server.

Create a new user

Log in via SSH:

ssh root@your-ip
adduser matic
passwd matic
gpasswd -a matic wheel

Configure public key authentication for SSH

This provides better security compared to basic password authentication. On your local machine run:

ssh-keygen

Hit enter or assign a new name, then enter a password to protect your key from unauthorized use. This creates a private key and a public key. The private key stays on your local machine and the public key must be uploaded to the server:

ssh-copy-id matic@your-ip

After you enter the password, your public key will be saved in the remote user’s home directory at .ssh/authorized_keys. Check that the .ssh folder has permissions 600.

Now you can log in to your server without providing an admin password - much better than basic password authentication.

Disable SSH root login

This is generally more secure because we can now connect to the server with the newly created administrator account.

vi /etc/ssh/sshd_config

Find the line that looks like this:

# PermitRootLogin yes

Replace “yes” with “no”. For the new configuration to take effect, restart the SSH service:

systemctl reload sshd

You can test this by logging out and trying to connect with the root account again. The connection should be refused.

Create a new virtual server

Navigate to the Virtualmin tab, then select “Create new virtual server”. Enter the domain name the server should bind to; a description is also recommended for clarity if you run a couple of instances. Best practice is to create a new user and a unique password for every instance.

Update all packages

Before any further customization, update all packages and dependencies. CentOS uses yum:

yum list all        # all installed and available packages
yum check-update    # list available updates
yum update          # perform the update (run with sudo, confirm with y)

Install PHP 7

If your application requires PHP, use PHP 7 over PHP 5 - significantly better performance and security.

Add the Fedora EPEL repository:

yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
yum install yum-utils
yum-config-manager --enable remi-php72
yum install php php-mcrypt php-cli php-gd php-curl php-mysql php-ldap php-zip php-fileinfo
php -v

Create and configure swap

Swap can extend system memory by saving temporary data on disk. I recommend twice the size of your system RAM:

sudo fallocate -l 8G /swapfile
sudo chmod 600 /swapfile
sudo mkswap /swapfile
sudo swapon /swapfile
sudo sh -c 'echo "/swapfile none swap sw 0 0" >> /etc/fstab'

The last line makes the change permanent across reboots.

Where to go from here

These are the basic steps to set up your development environment. Some things you could do going forward: customize firewall rules, tune PHP variables, create a new Webmin user, set up an SSL certificate, change the MySQL root password (recommended!), customize the email server, install git and other tools.

The whole process should take less than 20 minutes, mostly depending on the speed of your server’s internet connection.

← back to blog