In the past week I migrated my main LAMP based vps to another vps with a newer version of CentOS running cPanel, as well as got another CentOS server with absolutely nothing on it. (Didn't even have make)
So the point of this is to make a listing of common programs and dependencies you need to set up a basic functioning lamp stack. It is designed for CentOS but I imagine the only main difference between distro's is what package manager you use. It is also meant for people connecting remotely via ssh. If it is your own physical machine than you will be able to bootstrap yourself by using physical media.
Software assumptions: The distro has a package manager installed (yum for centos). The distro has sshd running (so you can connect). The networking is configured so it can resolve and access urls.
First move: "yum install make" . I'll be building most things from source to make sure I have the latest version, so make is necessary.
Also, "yum install gcc" . I didn't have gcc on my vanilla vps.
SSH and User Configuration:
Before you get too much further, it's also a good idea to add at least one other user beside root and to harden your ssh access.
Add a user: "adduser username -d /home/username" Create user 'username' and give them a directory in /home
Switch to the user in ssh "su username" and then "passwd" to set the password
Go back to root user "exit if you used su", and edit /etc/group . Find the line starting with "wheel" and at the end add ",username" - so it might look like :
"wheel::10:root,username" - the number in the middle may vary, don't change that
This adds the username to the wheel group, which gives you permission to switch to root user from there.
Last you'll update ssh so it only accepts logins from your new user, to prevent people from bruteforce password guessing directly into root.
Edit /etc/ssh/sshd_config and look for a line starting with "DenyUsers" . If there isn't one, insert
"DenyUsers root" . Any username added to this line will be blocked from logging in directly through ssh.
Another good move is to change ssh from the default port of 22. At the top you can add
"Port 43545" for example to change to running on 43545. Most hack attempts are automated and look specifically at port 22 for ssh, so simply changing the port is a good way to prevent those types of attacks.
Security Note: The best way to make a secure login is to use Authorized Keys and completely block out password logins, as well as only authorizing specific IP's.
Firewall Configuration
By default your firewall should be blocking everything except a few ports (like 22, which you used to connect). Whenever you setup a new service you'll need to add lines to your iptables firewall to allow connections. If you changed ssh ports previously, you'll need to allow the new ports access with (replace NEW_PORT with the correct port):
"iptables -I INPUT -p tcp --dport NEW_PORT -m state --state NEW,ESTABLISHED -j ACCEPT"
"iptables -I OUTPUT -p tcp --sport NEW_PORT -m state --state ESTABLISHED -j ACCEPT"
then to save your changes for future restarts
"service iptables save"
MySQL
MySQL is one of the first applications I install, because several programming languages need it to compile mysql support in. The easy way to install is
"yum install mysql mysql-server mysql-devel"
The more complicated way is to go to
The MySQL Download page and download generic linux packages or distro specific packages for MySQL Client, MySQL Development and MySQL Server (you'll need all 3). I used the rpm's because they were newer than what the yum repository had.
-Setting Root Password-
Once you install, make sure you stop mysql from running "/etc/init.d/mysql stop"
Start mysql without grant tables (used for authorization) "/usr/sbin/mysqld --skip-grant &"
Set the password with:
mysqladmin -u root password NEWPASSWORD
then restart mysql in normal mode "/etc/init.d/mysql restart"
This is a good time to set your mysql configuration how you want while it is not running anything
Perl/Python
These both usually install easily. I usually put the source for anything I'm installing in /usr/local/src. You can get the latest copies at :
For perl do "./Configure -de" to use the defaults, for python just "./configure" .
Apache
I install apache first and then when I install php I use Apache's apxs to install it into apache.
There is nothing tricky here either, once you have the source it's configure,make,make install which should default to installing in /usr/local/apache2
Next you'll need to add the httpd service to chkconfig
"chkconfig --add httpd"
"chkconfig --level 2345 httpd on"
"chkconfig --list" to verify
This associates httpd with level 2,3,4 and 5 run levels, so it should run whenever the server is started in those modes (which is normally).
Mod_Perl
If you want the option to run Perl through Apache instead of as a cgi process, you'll want to install mod_perl.
To install run "perl Makefile.PL MP_APXS=/usr/local/apache2/bin/apxs" (assuming that's where you installed apache)
then "make && make test" , "make install"
You can check your httpd.conf file to make sure it added the LoadModule line for mod_perl.so
PHP Prerequisites
PHP builds support for a number of libraries directly into the core, which means before you build php you need to install the libraries you want to use.
The major ones I want to start with:
GD: which requires libjpeg, zlib and libjpeg (and freetype for text)
All of these should be pretty straightforward. Only thing to pay attention to is if they install in /usr/lib or /usr/lib64 depending on your machine, as you'll need the path when you install PHP
PHP!
Now you can grab a copy of the latest stable source at
http://php.net/ and untar it.
The configuration line for PHP is usually the trickiest part of installing it, so I usually write it out in notepad(++) and copy it over.
My configure line ended up as:
./configure --with-apxs2=/usr/local/apache2/bin/apxs --with-mysql --with-zlib-dir=/usr/lib --with-png-dir=/usr/lib --with-jpeg-dir=/usr/lib --with-gd --with-curl=/usr/lib --with-xsl --with-mysqli --with-pdo
Then make and make install
Last, to associate .php files with PHP, edit your Apache httpd.conf file and add the line
"AddType application/x-httpd-php .php"
At this point you'll probably want to add some VirtualHost files to your apache configuration to serve up different domain names.
