Knowledgebase: Cloud VPS - Linux
Common tasks on a new CentOS 5 Cloud VPS [EOL]
Posted by Helpdesk Admin on 22 March 2012 04:11 PM

Note that CentOS 5 went end-of life in April 2016 so is no longer receiving security updates.

CentOS 5 should no longer be deployed for new projects and you should arrange to migrate existing production servers to CentOS 6 or similar urgently. All remaining CentOS 5 servers will be deactivated during Q4 2017, however servers may be removed sooner in the event of a critical security issue being found.

The following article explains some common tasks you may wish to undertake on your Centos 5 Cloud VPS. 

Note that Cloud VPS is a self-managed service so you are responsible for installation and configuration of all required applications etc on your server. Where you need additional assistance managing your VPS, our professional services team can handle these for you on a case-by-case basis as a paid service, please contact your account manager for additional information.

Installing or Updating Packages on your CentOS VPS

The main way to install your own versions of packages such as PHP, MySQL, Apache etc on your VPS is to use the “yum” program.

By default, yum is not installed on your VPS to prevent accidental updates.
There are two ways of installing yum:

Firstly, you can obtain the required rpms from the CentOS repository and install them yourself.

Or, you can log a support request at helpdesk@irishdomains.com and as us to enable it for you.

Once yum is installed, you can install or uninstall packages from the VPS at will. 

The following link contains information on using yum: http://www.centos.org/docs/5/html/yum/

Important:

You must *not* ever remove or update the kernel as this is tied to the virtualization system.
Kernel security updates & patches are rolled out automatically to your VPS as and when required.

You should ensure that you have a recent backup of your site (Hosting -> VPS-> VPS Backups) on your control panel before updating applications.

Changing PHP versions

Note: The default version of various applications on your VPS may appear older than that used my many developers. This is because CentOS is an Enterprise Linux system and is designed for maximum stability rather than having the latest version of every application. Please note that even though your VPS may contain older major versions of applications such as PHP, these are regularly updated with back-ported security updates so are absolutely safe to use. 

The default version of PHP installed on your CentOS 5 VPS is PHP5.1.6. This is suitable for very many open-source programs currently available. Some applications however may recommend or require other versions of PHP. The Centos Plus repository (enabled by default on your account once yum is installed) also contains PHP 5.3 which you can use instead. To update to this version, execute the following commands:

1) Remove the existing version of php

yum remove php* 

2) Install PHP5.3 and any other required extensions. The following installs the most commonly used ones:

yum install php53 php53-cli php53-common php53-mysql php53-pdo php53-xml php53-gd php53-mbstring

3) Restart the web server so that apache uses the new version:

service httpd restart

If additional PHP extensions are required, they can usually be installed via yum if they are available in the CentOS repository.

Other builds and versions of PHP may be available in third-party repositories such as EPEL/REMI, Atomic, IUS etc.

Note that we do not explicitly support such third party repositories, however many customers have found these very useful to obtain specific versions of software (e.g. APC, php-mcrypt etc) that they require. Please ensure you have a recent backup of your VPS before installing software from another repository (especially on a Plesk VPS) as you may encounter package dependency issues that need to be resolved.

Enabling MySQL

Note: The default version of various applications on your VPS may appear older than that used my many developers. This is because CentOS is an Enterprise Linux system and is designed for maximum stability rather than having the latest version of every application. Please note that even though your VPS may contain older major versions of applications such as PHP, these are regularly updated with back-ported security updates so are absolutely safe to use.

The default version of MySQL installed on your CentOS 5 VPS is MySQL 5.0.95. This is suitable for very many open-source programs currently available. Some applications however may recommend or require other versions of MySQL.

By default, MySQL is not set running on your VPS. It is quite simple to enable MySQL on your VPS, however there are certain tasks you must do in order to ensure your database is secure. To enable MySQL, proceed as follows:

1) Disable TCP/IP networking for MySQL. Most applications will use a local socket connection to mysql and do not require network access. Disabling networking allows almost all applications to run normally, but makes it impossible for anyone to connect to your MySQL from outside. To disable MySQL network connections you need to edit the MySQL configuration file /etc/my.cnf as follows 

vim /etc/my.cnf

Move the cursor to the second line (underneath [mysqld])
Type i to enable editing in insert mode.
On a new line of its own, insert the phrase: skip-networking
Press  ESC  then :wq  to save and exit

2) Start the MySQL service, and configure it to start on every boot. Enter the followingcommands:

service mysqld start
chkconfig mysqld on

3) At this point, MySQL should be running but with no databases, and no root password (not very secure). To set the password, enter the following command (where “xxxxyyyy” is  your desired password):

mysqladmin -u root password xxxxyyyy

4) Now MySQL is running more securely. To use it, we should create a new database “mynewdb” and a user “mynewuser” with access to that database only (best practice). 
We’ll use the mysql command line tool to execute the remaining commands (at the mysql> prompt) :

mysql –p –u root
mysql> CREATE DATABASE mynewdb;
mysql> GRANT ALL ON mynewdb.* TO 'mynewuser'@'localhost' IDENTIFIED BY 'mynewpwd';
mysql> FLUSH PRIVILEGES;
mysql> quit;

You should now be able to connect to this database using the hostname: localhost, the database name: mynewdb, and the user details: mynewuser/mynewpwd

Installing FTP

By default, there is no FTP program installed on a CentOS VPS. In many cases, it is not required as more secure transfers may be effected using SCP (via free application WinSCP)  or other methods. The following instructions show how to install and FTP program and configure one user with access to the default website root location only: 

1) We will install the popular vsftpd program. Via the command line, enter: 

yum install vsftpd

2) We need to make some changes to the FTP configuration. Edit the file /etc/vsftpd/vsftpd.conf and ensure the following directives are set as shown:

anonymous_enable=NO
userlist_enable=NO
chroot_local_user=YES

3) Edit the list of allowed users in /etc/vsftpd/user_list  … remove all users and insert only the name of the user we are about to create (say “siteuser”)

4) Create the new user (non-login) "siteuser" and make their home directory the same as the web root (or specific site you want them restricted to):

useradd -d /var/www/html -M -s /sbin/nologin siteuser

5) Set a password for the user (you will be prompted to enter the password twice):

passwd siteuser 

6) Start up the FTP service:

service vsftpd start

At this point, FTP service is running and the new user should be able to log in. Note that we have not configured the FTP service to start automatically on boot. For security, we recommend that FTP service is *not*left running and is only started before uploading files, and stopped again afterwards using “service vsftpd stop”. If you need the service running automatically on boot, enable this with the command “chkconfig vsftpd on”.

If there is an existing website present at /var/www/html, you may wish to consider changing ownership all files in that directory to user "siteuser" and group "siteuser" so that the FTP user can overwrite & modify files there.


Installing PHPMyAdmin

The default way to manage SQL databases is via the MySQL command line tools (mysql, mysqladmin, mysqldump etc).

If you prefer a graphical interface to manage your database, then you can install a utility like PhpMyAdmin to achieve this.

The following steps can be used to achieve this:

1) Download the appropriate version of PhpMyAdmin into the root directory of the site you want it to appear on (default: /var/www/html). If using PHP 5.2 or higher, the latest version will work, if using PHP5.1 you may need to download an older stable version. Extract/Unzip the archive, and rename the downloaded directory to something shorter (like “phpmyadmin”).

cd /var/www/html
wget http://sourceforge.net/projects/phpmyadmin/files/phpMyAdmin/3.4.10.1/phpMyAdmin-3.4.10.1-english.tar.gz
tar -xzf phpMyAdmin-3.4.10.1-english.tar.gz
mv phpMyAdmin-3.4.10.1-english  phpmyadmin
rm phpMyAdmin-3.4.10.1-english.tar.gz

2) You should be able to access the phpMyAdmin login at <your_ip_address>/phpmyadmin – initially you may see errors flagged and also will not yet be able to log in. It is necessary to make some changes to the configuration before everything will work OK. In the phpMyAdmin directory (default: /var/www/html/phpmyadmin) create a file called config.inc.php containing the following:

<?php

$cfg['blowfish_secret'] = 'sdfas870as98sdfsafdf70axs98df70';    /* CHANGE RANDOMLY */
$cfg['McryptDisableWarning']= true;
$cfg['PmaNoRelation_DisableWarning']= true;
$cfg['Servers'][1]['AllowDeny']['order'] = 'explicit';
$cfg['Servers'][1]['AllowDeny']['rules'] = array('allow mynewuser from 111.222.333.444');
$cfg['Servers'][1][AllowRoot'] = false;

?> 

Replace 111.222.333.444 with the IP address you want to log in from and mynewuser with your database user name (you can add more lines with other addresses and/or users). Replace the jumble of characters in the blowfish_secret string with your own random jumble.

Although it is possible to run phpMyAdmin without IP checking, this is strongly discouraged for security reasons. The recommended alternative is to use Apache authentication checking (.htaccess & .htpasswd files) to enable a second level of username and password. This will reduce the chances of your database being hacked in the event of other information disclosure on your site.

Setting Apache Connection Limits to Sensible Values

By default, the number of concurrent HTTP connections that your VPS can handle is limited to about 10 by the file /etc/httpd/conf.d/swtune.conf

This is usually fine for testing, but is often two low for a busy site. This limit can be removed by renaming this file:

mv /etc/httpd/conf.d/swtune.conf  /etc/httpd/conf.d/swtune.conf.disabled

Note that you should still set a sensible limit on HTTP connections to prevent a sudden burst of unexpected traffic from exhausting all the resources on your VPS and causing it to crash. We recommend initially setting the MaxClients value in /etc/httpd/conf/httpd.conf to 64, this can then be raised or lowered as appropriate after stress testing your application.

Installing APC (Advanced PHP Cache)

This will speed up delivery of PHP pages by precompiling them into bytecodes, thereby increasing the amount of traffic your site can handle. In addition, many popular web applications can leverage APC's caching to further improve site performance.

The easiest way to install APC is from the IUS repository: 

wget http://dl.iuscommunity.org/pub/ius/stable/Redhat/5/x86_64/ius-release-1-2.ius.el5.noarch.rpm
wget http://dl.iuscommunity.org/pub/ius/stable/Redhat/5/x86_64/ius-release-1.0-10.ius.el5.noarch.rpm rpm -Uvh epel-release-5-4.noarch.rpm rpm -Uvh ius-release-1.0-10.ius.el5.noarch.rpm yum remove php53* (or php*) yum install php53u php53u-cli php53u-common php53u-dba php53u-devel php53u-gd php53u-mbstring  php53u-mysql php53u-pdo php53u-xml php53u-pecl-apc
(148 vote(s))
This article was helpful
This article was not helpful