Setting up a CentOS server

in Server , by klejnieks

More recently I have been having some issues with Plesk, I’ve felt like I’ve been fighting with Plesk’s default generic templates and cookie cutter processes. What should be simple such as adding custom wars to Tomcat end up proving more times then not to be a royal pain. This passed month I ended up playing around with Hudson, a Continous Integration server, and I found myself struggling through what should have been a seamless installation. Basically it took me 10 minutes to setup, install, and configure my first build in Hudson on my Mac but to be honest I ended up giving up after 3 days of struggling to get Hudson installed on my dedicated CentOS server that ran Plesk. Dont get me wrong, there are plenty of other things that bug me about Plesk but this latest thing was what ended up pushing me to get a basic server setup from scratch and configured exactly as I wanted it.

With that said, I would be remiss if I didn’t also mention that fact that, while I have some issue with plesk and its somewhat cookie cutter approach to web administration, it still is a great web administration tool for the most part.

My goal is basically to get a bare server up and running and administer-able without using Plesk or CPanel. The more I play around with this setup the more I will update the server section of this site with new configurations and additions as I learn them.

Setting up a fresh CentOS server

  1. Get a dedicated server from someone, I used aplus.net
  2. Choose a basic installation, this means no plesk, cpanel etc… (keep in mind, eventually we will setup Webmin)
  3. Start setting up your new box

The setup
shell into you server

# ssh root@111.111.11.111

Install LAMP (Linux Apache MySQL PHP) installed.
You will do this using yum. Yum is an rpm wrapper that will allow you to install various services and applications with a lot more ease.

# yum -y install httpd
# yum -y install php
# yum -y install mysql
# yum -y install mysql-server
# yum -y install php-mysql

note: the -y switch forces “yes” when prompted, so you don’t have to

Next configure the services you just installed to start automatically when the server restarts

# /sbin/chkconfig httpd on
# /sbin/chkconfig --add mysqld
# /sbin/chkconfig mysqld on
# /sbin/service httpd start
# /sbin/service mysqld start

At this point, you now have mysql installed, but you will want to set up the mysql database root password. Without a password, any user on the box can login to mysql as database root. The mysql root account is a separate password from the machine root account.

# mysqladmin -u root password 'new-password'

At this point, some of you may be able to navigate to your public ip address and see the default CentOS page, I was not able to see this. Basically at this point, what I had was LAMP installed on my shiny new server but no one would ever know because port 80 was blocked.

Enter iptables...
Iptables is your firewall, its baked into CentOS, and its extremely powerful. I don’t know the complete depth of iptables but for this tutorial you’ll need to just get a few ports opened up and that’s it.

# iptables -F
# iptables -A INPUT -p udp -m udp --dport domain -j ACCEPT
# iptables -A INPUT -p tcp --dport 22 -j ACCEPT
# iptables -A INPUT -p tcp --dport 10000 -j ACCEPT
# iptables -A INPUT -p tcp --dport 25 -j ACCEPT
# iptables -A INPUT -p tcp --dport 8080 -j ACCEPT
# iptables -A INPUT -p tcp --dport 80 -j ACCEPT
# iptables -A INPUT -p tcp -m tcp --dport domain -j ACCEPT
# iptables -A FORWARD -o eth0 -j LOG  --log-level 7 --log-prefix BANDWIDTH_OUT:
# iptables -A FORWARD -i eth0 -j LOG  --log-level 7 --log-prefix BANDWIDTH_IN:
# iptables -A OUTPUT -o eth0 -j LOG  --log-level 7 --log-prefix BANDWIDTH_OUT:
# iptables -A INPUT -i eth0 -j LOG  --log-level 7 --log-prefix BANDWIDTH_IN:

make sure you save your iptables configuration so you don’t have to re-edit it when you reboot your server

# /sbin/service iptables save

now just restart your firewall

# /etc/init.d/iptables restart

now you can check your configuration

# iptables -L -v

at this point, for good measure you might want to reboot your server

# reboot

once your server reboots you should now be able to browse to your public IP address and get the default CentOS page.

you can learn more about iptables here: http://wiki.centos.org/HowTos/Network/IPTables

2 Responses

  1. Scott says:

    This was very helpful. I’d love to see some more in terms of setting up security, but this walkthrough is one of the view that actually works out of the box.

    Thanks for taking the time!

  2. Memo says:

    Hi, i have a question… installing in this way is not required to configure selinux policies?

Leave a Reply