The following article contains information on your new CentOS 6 Cloud VPS including some common tasks you may wish to undertake.

Note that Cloud VPS is a self-managed service so you are responsible for installation and configuration of all required applications etc on your server. Where you need additional assistance managing your VPS, our professional services team can handle these for you on a case-by-case basis as a paid service, please contact your account manager for additional information.

Yum is usually installed by default on your Centos 6 Cloud VPS.

Important:

You must *not* ever remove or update the kernel as this is tied to the virtualization system.
Applying kernel updates via yum will render your VPS unbootable (by default yum will not update the kernel)
Kernel security updates & patches are rolled out automatically to your VPS as and when required.

You should also ensure that you have a recent backup of your site (Hosting -> VPS-> VPS Backups) on your control panel before updating applications.

Updates to VPS core files (operating system) should be performed periodically. This can be done two ways. From the command line (SSH shell) you can issue the command "yum update". Or you can use the "Update OS" button on the Irish Domains control panel on the "VPS Management" page.

Default versions of common packages (as of June 2013)

Note: The default version of various applications on your VPS may appear older than that used by some developers. This is because CentOS 6 is an Enterprise Linux system and is designed for maximum stability rather than having the latest version of every application. Please note that even though your VPS may contain older major versions of applications such as PHP, these are regularly updated with back-ported security updates so are safe to use.

PHP5.3.3

Apache 2.2.15

Perl 5.8.5

MySQL 5.1.69

APC 3.1.9

Vsftpd 2.2.2

Useful file locations

Log files: /var/log

Default website location: /var/www/html

MySQL Working Directory: /var/lib/mysql

MySQL Configuration: /etc/my.cnf

Apache Configuration: /etc/httpd/conf/httpd.conf & /etc/httpd/conf.d

PHP Configuration: /etc/php.ini & /etc/php.d

FTP Configuration: /etc/vsftpd/vsftpd.conf & /etc/vsftpd/user_list

Enabling MySQL

By default, MySQL is not set running on your VPS. It is quite simple to enable MySQL on your VPS, however there are certain tasks you must do in order to ensure your database is secure. To enable MySQL, proceed as follows:

1) Disable TCP/IP networking for MySQL. Most applications will use a local socket connection to mysql and do not require network access. Disabling networking allows almost all applications to run normally, but makes it impossible for anyone to connect to your MySQL from outside. To disable MySQL network connections you need to edit the MySQL configuration file /etc/my.cnf as follows 

vim /etc/my.cnf

Move the cursor to the second line (underneath [mysqld])
Type i to enable editing in insert mode.
On a new line of its own, insert the phrase: skip-networking
Press  ESC  then :wq  to save and exit

2) Start the MySQL service, and configure it to start on every boot. Enter the following commands:

service mysqld start
chkconfig mysqld on

3) At this point, MySQL should be running but with no databases, and no root password (not very secure). To set the password, enter the following command (where “xxxxyyyy” is  your desired password):

mysqladmin -u root password xxxxyyyyNo

4) Now MySQL is running more securely. To use it, we should create a new database “mynewdb” and a user “mynewuser” with access to that database only (best practice).  We’ll use the mysql command line tool to execute the remaining commands (at the mysql> prompt) :

mysql –p –u root    [you will need to enter the password set above]
mysql> CREATE DATABASE MyNewDB;
mysql> GRANT ALL ON MyNewDB.* TO 'MyNewUSER'@'localhost' IDENTIFIED BY 'MyNewPWD';
mysql> FLUSH PRIVILEGES;
mysql> quit;

You should now be able to connect to this database using the hostname: localhost, the database name: MyNewDB, and the user details: MyNewUSER/MyNewPWD

Installing an FTP server

In many cases, FTP is not required as more secure transfers may be effected using SCP (via free application WinSCP)  or other methods. However, the following instructions show how configure vsftpd to allow one user access to the default website root location only:

1) The popular vsftpd program is usually included with CentOS 6.

2) We need to make some changes to the default FTP configuration.

Edit the file /etc/vsftpd/vsftpd.conf and ensure the following directives are set as shown:

anonymous_enable=NO
userlist_enable=NO
chroot_local_user=YES

3) Edit the list of allowed users in /etc/vsftpd/user_list  … remove all users and insert only the name of the user we are about to create (say “siteUSER”)

4) Create the new user (non-login) "siteUSER" and make their home directory the same as the web root (or specific site you want them restricted to):

useradd -d /var/www/html -M -s /sbin/nologin siteUSER

5) Set a password for the user (you will be prompted to enter the password twice):

passwd siteUSER

6) Start up the FTP service:

service vsftpd start

At this point, FTP service is running and the new user should be able to log in. Note that we have not configured the FTP service to start automatically on boot. For security, we recommend that FTP service is *not*left running and is only started before uploading files, and stopped again afterwards using “service vsftpd stop”. If you need the service running automatically on boot, enable this with the command “chkconfig vsftpd on”.

If there is an existing website present at /var/www/html, you may wish to consider changing ownership all files in that directory to user "siteUSER" and group "siteUSER" so that the FTP user can overwrite & modify files there.

Installing Mcrypt for PHP

The php-mcrypt extension is not part of the CentOS 6 distribution and is therefore not installed by default. Some open-source applications (most notably Magento) require php-mcrypt. If you are running such an application, then you should manually install this from a third party repository such as EPEL.

You can do this from the VPS command line via SSH as outlined below:

1) Enable EPEL Repository - please note the URL may change with version so check on the site for the latest version (for EL6).

rpm -Uvh http://ftp.heanet.ie/pub/fedora/epel/6/i386/epel-release-6-8.noarch.rpm

2) Install the extension:

yum install php-mcrypt

3) If you are running PHP as an apache module (not recommended) then restart it

service httpd restart