Posts Tagged

webmin

CentOS 7 + Webmin

Hello there!

Today I will demonstrate how to prepare server running on CentOS 7 for development purposes. I will only repeat steps that I have already done so they might not work for every possible configuration/instance out there.

I am using time4vps.eu as a hosting provider for all live VPS servers. I mostly use Linux but have used Windows before as well. Service is great, prices are fair and in 3 years not a single provider-side incident accurred.

In hosting dashboard there are couple quick install options available that I use when setting up new environments. They work and they save time.

So, I chose CentOS 7 + Webmin. CentOS 7 is the latest major release of this distribution, that was derived from RedHat OS (bought by IBM in 2018). Webmin is a web-based system configuration tool that works well with CentOS. Also, cPanel (which I also like a lot) costs 300$ per year, so no, thanks.

Anyway, main chapters of this post:
– Virtualmin post-install wizard,
– new admin user,
– public key authentication for SSH,
– disable root SSH access,
– new virtual server,
– Install PHP 7,
– Update all packages,
– create and config swap.

Complete Virtualmin post-install wizard

Straightforward process. I used the following options based on my desires:
– Preload Virtualmin libraries – YES,
– Email domain lookup server – YES,
– ClamAV server scanner – NO,
– SpamAssasin filter – NO,
– MySQL database server – YES,
– PostgreSQL server – NO,
– Set MySQL password – NO (I change it later via console),
– MySQL configuration size – Large 1 GB,
– Setting nameserver – OFC,
– Password storage mode – only hashed passwords.

That is it. Re-check and refresh configuration and make sure everything looks good. Also I turned off BIND DNS domain under “Features and plugins” section because I manage DNS on a different server.

Create new user

Login via SSH.

ssh root@your-ip

adduser matic

passwd matic

gpasswd -a matic wheel

Config public key authentication for SSH

This provides better security compared to basic password authentication.

On your local machine run:

ssh-keygen

Hit enter or assign new name. Then enter password to protect your key from unauthorized use.

This command creates a private key and a public key. The private key stays on your local and the public key must be uploaded to the server.

The fastest way to add public key to server is via this command:

ssh-copy-id matic@your-ip

After you enter password, your public key will be saved in remote user home directory at .ssh/authorized_keys. Check that the .ssh folder has permissions 600.

Now you can login to your server without providing an admin password or even without a password at all, if you didn’t set password for private key. Anyway, much better than basic password authentication.

Disable SSH root login

This is generally more secure because we can now connect to the server with a newly created administrator account.

vi /etc/ssh/sshd_config

Now find the line that looks like this:

# PermitRootLogin yes

Now replace “yes” with “no”.

For new configuration to take effect, we need to restart SSH service:

systemctl reload sshd

You can test if this works by logging out and try to connect again with the root account. Connection should be refused by server.

Create new virtual server

Creating a new virtual server is a straightforward process. Navigate to Virtualmin tab, then select option “Create new virtual server”.

Enter domain name, to which server should bind to, a description is also recommended for more clarity, if you use couple of instances.

The best practice is that you create a new user and unique password for every instance. It depends on what you want to do with this virtual server, but other options can be left as they are.

Update all packages

Before we do any further customizations it’s recommended that you update all packages and dependencies that server uses.

CentOS uses “yum” command in most cases.

To show all installed and available packages, enter following command:

yum list all

If you want to know all dependecises for specific package:

yum deplist

In order to see list of all available updates, enter:

yum check-update

To update all enter this command:

yum check-update

In order to be able to perform update, you should run command with “sudo” and confirm changes with “y”.

Install PHP 7

If your application requires PHP in order to run it’s recommended to use PHP 7 over PHP 5, because it provides significantly better performance and security.

First, add Fedora repository to repository list:

yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm

Next, check if “yum-utils” are already installed, otherwise install it:

yum install yum-utils

In order to use PHP 7.2, enter the following command:

yum-config-manager --enable remi-php72

Now install some core PHP extensions:

yum install php php-mcrypt php-cli php-gd php-curl php-mysql php-ldap php-zip php-fileinfo

Now check, if changes took effect by:

php -v

This should show which version of PHP is active.

Create and config swap

Swap can help extend system memory by saving temporary data on disk. Here is how you can set it up.

Navigate to root path on your server and define swap file. I recommend twice the size of your system RAM. “/swapfile” is the name of the file, to which system will write.

sudo fallocate -l 8G /swapfile

Now restrict file access, so other users can’t read it.

sudo chmod 600 /swapfile

Now tell the system where swap file is located:

sudo mkswap /swapfile

Now tell system, that it can use file as swap:

sudo swapon /swapfile

This changes only last until system reboots. To make changes permanent, use the following command:

sudo sh -c 'echo "/swapfile none swap sw 0 0" >> /etc/fstab'

Where to go from here

These are the basic steps to set up your development environment. There are lots of extra things you could do, but are specific to your goals.

Here are some things you could do going forward:
– Customize firewall rules,
– Change PHP variables,
– Create new Webmin user,
– Setup SSL certificate,
– Change Mysql root password (recommended!) and create new user,
– Customize email server,
– Install git and/or other tools,
– Etc..

This is it. Whole process should take less then 20 min, mostly depending on the speed of your server internet connection.

Feel free to message me if you have any questions or want to recommend any extra chapters in this quick guide. Contact me via contact form (comments are disabled for security reasons).