Drupal on my VPS: On CentOS 5.2 LAMP VPS (clean reinstall)
Prevent udev from being updated or installed accidentally as part of a yum operation. udev is known to cause issues on systems running in OpenVZ. http://wiki.openvz.org/Container_enter_failed
sudoedit vi /etc/yum.conf
Add the the following line to the end of the file.
exclude=udev*
The system-config-securitylevel and system-config-network-tui packages will complicate your life. See the section above on udev and http://wiki.openvz.org/Container_enter_failed to see how to work around it. Obviously, Webmin or the console can be used as an alternative to the system-config packages.
yum install -y system-config-securitylevel system-config-network-tui
With the system-config-* packages installed, you can use the tui to set the host name, firewall and SELinux.
execute setup, select firewall configuration,
enable security level (firewall) and set SELinux to disabled.
select customize, and select allow incoming ports for ssh, http and https
The listed repository urls unfortunately timeout even when access form within the vps. http://wiki.vpslink.com/VPSLink_Mirrors_and_Repositories
Verify that the host name is set. Update the hostname to copeland.ovrevik.com.
Install midnight commander just cause I like it. yum install -y mc
Verify that the operating system is completely updated. sudo yum update
Inspect the operating system release version. cat /etc/redhat-release
Perform minimal hardening described in other documents.
Complete instructions are here http://webmin.com/rpm.html.
sudoedit /etc/yum.repos.d/webmin.repo
Add the following to the end of the file.
[Webmin]
name=Webmin Distribution Neutral
#baseurl=http://download.webmin.com/download/yum
mirrorlist=http://download.webmin.com/download/yum/mirrorlist
enabled=1
Download and install the yum key for Webmin.
wget http://www.webmin.com/jcameron-key.asc
sudo rpm --import jcameron-key.asc
Finally, install Webmin
sudo yum install webmin
Configure Webmin to use ssl.
sudo yum install perl-Net-SSLeay
Configure Webmin to only listen on a single interface.
Configure the firewall with Webmin.
Yikes! the template for the VM has the firewall wide open!
Select the Packet filtering (filter) IPtable.
Set the default action to drop for incoming packets.
Set the default action to drop for forwarded packets.
Accept (action to take) traffic if the connection is ESTABLISHED or RELATED (connection states)
Accept (action to take) tcp traffic (network protocol) destined to ssh (destination tcp or udp port).
Accept (action to take) tcp traffic (network protocol) destined to http (destination tcp or udp port).
Accept (action to take) tcp traffic (network protocol) destined to https (destination tcp or udp port).
Accept (action to take) tcp traffic (network protocol) destined to 10000 (webmin) (destination tcp or udp port).
Update ssh and Webmin rules to only allow connections to a specific interface (Destination address or network 64.79.197.105)
Select the Packet alteration (mangle) IPtable.
Set the default action to drop for forwarded packets.
Leave the Network address translation (nat) IPtable. unmodified
Configure Apache Webserver (httpd) with Webmin.
Install the Apache SSL module if necessary.
sudo yum install mod_ssl
Update the Global configuration for Networking and Addresses. Update the Listen on addresses and ports: address 64.79.194.202 for ports 80 (http) and 443 (https).
Configure the firewall to only allow web access originating from a single specific IP address while setting up phpMyAdmin and Drupal (with the web interface).
Configure Apache Webserver Virtual host
Set up a httpd virtual host for skymdm.
Create a new virtual host for a specific ip address and Server Name.
sudo mkdir /var/www/skmdm
set the document root to /var/www/skymdm
Create certificates and such for the web server.
cd /etc/httpd/conf/
site=skymdm
openssl req -newkey rsa:512 -x509 -nodes -out ${site}-cert.pem -keyout ${site}-key.pem
sudo chown apache /etc/httpd/conf/${site}-key.pem
sudo chmod 600 ${site}-key.pem
sudo chown apache /etc/httpd/conf/${site}-cert.pem
unset site
Use lynx to download the latest version of Drupal 7 or 6.1
drupal=drupal-7.8
site=skymdm
#Extract the tar.
tar -xzf ${drupal}.tar.gz
#Move the extracted directory to the web directory.
sudo mv ${drupal} /var/www/${site}-${drupal}
#Set the permissions for the moved directory.
sudo chown root.root /var/www/${site}-${drupal}
#Recursively set the permissions for the contents moved directory.
sudo chown -R apache.apache /var/www/${site}-${drupal}/.
#Verify the permissions
sudo ls -la /var/www /var/www/${site}-${drupal}
drupal=/var/www/${site}-drupal-7.8
sudo cp ${drupal}/sites/default/default.settings.php ${drupal}/sites/default/settings.php
sudo chown apache.root ${drupal}/sites/default/settings.php
sudo ls -la ${drupal}/sites/default/default.settings.php ${drupal}/sites/default/settings.php
unset drupal
unset site
Configure the MySQL database for Drupal.
The MySQL version 5..0.x is the default for centos 5.6.
The version-specific MySQL documentation http://dev.mysql.com/doc/refman/5.0/en/.
(Re)create MySQL database for Drupal instance.
Drop existing database.
Create new database.
yum install php-mbstring
paypal or comerce support
form to request and manage userconfigure MySQL
Verify start on load.
Create default users?
execute mysql from the command line.
UPDATE mysql.user SET Password=PASSWORD('booger') WHERE User='root';
FLUSH PRIVILEGES;
Verify user accounts present in MySQL?
Ensure that all accounts have a password.
I don't remember why I wanted to do this.
wget http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.2-2.el5.rf.i386.rpm
rpm --import http://apt.sw.be/RPM-GPG-KEY.dag.txt
rpm -K rpmforge-release-0.5.2-2.el5.rf.*.rpm
yum localinstall rpmforge-release-0.5.2-2.el5.rf.i386.rpm
See what php packages are installed. Need to make a note of all the packages that are installed to allow dependent application to continue to function after the version upgrade.
rpm -qa | grep php | sort
#remove all of the discovered php packages
yum remove php php-cli php-common php-mysql php-pdo
#verify all of the php packeages are gone
rpm -qa | grep php
Install the latest version of the php packages from the standard repository (5.3 is the latest). The problem with this is that the set of other php packages is limited.
yum install php53 php53-cli php53-common php53-mysql php53-pdo
Install the very latest version of the php packages from http://iuscommunity.org/. The the ius community site is referred to on php.net.
wget http://dl.iuscommunity.org/pub/ius/stable/Redhat/5/i386/ius-release-1.0-8.ius.el5.noarch.rpm
wget http://dl.iuscommunity.org/pub/ius/stable/Redhat/5/i386/epel-release-5-4.noarch.rpm
yum localinstall --nogpgcheck epel-release-5-4.noarch.rpm
yum localinstall --nogpgcheck ius-release-1.0-8.ius.el5.noarch.rpm
yum install php53u php53u-cli php53u-common php53u-mysql php53u-pdo
some other php packages that were need at some point
yum install php53u-xml php53u-gd
Verify that the installed version is what is expected.
php -version
Restart apache so it will start using the new version of php.
sudo /sbin/service httpd restart
note: phpinfo.php is in the www root by default
Download the install package.
wget {the dynamic phpMyAdmin url}
tar xzvf phpMyAdmin-3.4.3.2-english.tar.gz
mv phpMyAdmin-3.4.3.2-english /var/www/html/phpMyAdmin
chown -R apache:apache /var/www/html/phpMyAdmin/
prepare for execution of phpMyAdmin/setup
mkdir /var/www/html/phpMyAdmin/config
chown -R apache:apache /var/www/html/phpMyAdmin/config
chmod o+rw /var/www/html/phpMyAdmin/config
cp /var/www/html/phpMyAdmin/config.sample.inc.php /var/www/html/phpMyAdmin/config/config.inc.php
chmod o+w /var/www/html/phpMyAdmin/config/config.inc.php
execute phpMyAdmin/setup
mv /var/www/html/phpMyAdmin/config/config.inc.php /var/www/html/phpMyAdmin/config.inc.php
chmod o-rw /var/www/html/phpMyAdmin/config.inc.php
rm -rf /var/www/html/phpMyAdmin/config
chown apache:apache /var/www/html/phpMyAdmin/config.inc.php
yum install php{|53|53u}-mcrypt
Update dns (godaddy)
Add A record for www host to point the specified ip.
Remove existing CNAME record for www if necessary.