Contact Sales Sitemap Customer Login

HOWTO: CentOS 5 setup for LAMP and ISPconfig

This guide explains provides step-by-step instructions to install and configure a Link-4 level VPS hosting plan with the CentOS 5 operating system, LAMP, and ISPconfig.



Contents

Credits

This guide is based upon the Perfect Server - CentOS 5 and Perfect Server - CentOS 5.2 guides written by Falko Timme.

The instructions are tuned based on personal experience together with the hints collected from borgo (this guide's original author), bfp, Pablasso, sleddog, abbas, and many others from the VPSlink forums and other forums.



Introduction

This guide will explain how to install:

Upon completing this guide, you should have a system that works reliably and may be used with the free webhosting control panel ISPConfig. (ISPConfig should run "out of the box" on this configuration)

There are many ways to complete the task of setting up a CentOS 5.2 LAMP server with mail services. Improvements and suggestions for this guide are welcomed - simply log in or create an account to contribute.

The commands below may be copied and pasted into an SSH session. Remember to provide your own IP addresses, hostnames, and passwords where necessary.

As an alternative to copy-pasting, a bash Installation Script is included at the end of this guide to automate the installation.


Disclaimer

These documents are provided "as is" in the hope that they will be useful, but WITHOUT ANY WARRANTY, to the extent permitted by law; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.


Step-by-step Installation Guide

Install VPSlink CentOS 5.2 OS Template

  1. Browse to My.VPSLink.com and log in
  2. Click through the Manage Server > Manage OS > Install OS icons
  3. Select Centos 5 from the New Operating System drop-down and click Change OS
  4. Confirm your choice (keep in mind that any data on the VPS will be lost)
  5. Within several minutes the installation will complete and your VPS will be rebooted


Set VPS Timezone

  1. Open an SSH session to your VPS
  2. Enter rm -f /etc/localtime to remove the /etc/localtime file (if it exists)
  3. Enter ln -s /usr/share/zoneinfo/UTC /etc/localtime to set your timezone to UTC
  4. Enter date to confirm that your VPS is reporting the correct time
  5. Enter reboot to restart your VPS - this will ensure that your daemons are synchronized with the new timezone setting

Note: It is preferable to set your timezone to a "neutral" zone (UTC means Coordinated Universal Time) to prevent users from guessing when you will likely be awake to administer the system, however, you can set the timezone to your local timezone by observing the instructions in the Setting the Linux System Timezone guide.


Configure yum

VPSlink uses public mirrors for CentOS distribution. Yum will automatically pick the fastest mirror.

  1. Enter cp /etc/yum.conf /etc/yum.conf.backup to back up your yum configuration
  2. Enter mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.backup to prevent your CentOS repository from being duplicated
  3. Add the following lines to the end of the [main] section of your /etc/yum.conf file:
    exclude=kernel* udev* glibc* MAKEDEV* mkinitrd module-init-tools
    The udev restriction applies for all OpenVZ installations. The ImageMagick package lists udev as a dependency, however, ImageMagick will still install successfully without udev.



Update your Base CentOS Installation

  1. Enter yum -y update to retrieve the latest repository information before installing
  2. Enter yum -y install zip nmap fileutils gcc-c++ to install the zip, nmap, fileutils, and gcc-c++ packages


Optional: Install and Configure quota

To Be Completed

The quota package is already installed in CentOS 5 template, however, the configuration will need to be modified from the instructions presented in Falko's CentOS 5.0 Perfect Setup.

For more information, please see the quota support in a CentOS VPS thread on the VPSLink Forums.


Install Required Packages

  1. Enter yum -y install make to install make (used to compile ProFTPd)
  2. Enter yum -y install bind-chroot to download and install the chroot BIND9 package
  3. Enter yum -y install mysql mysql-devel mysql-server to download and install MySQL
  4. Enter yum -y install cyrus-sasl cyrus-sasl-devel cyrus-sasl-gssapi cyrus-sasl-md5 cyrus-sasl-plain postfix dovecot to install Postfix, Dovecot, and related packages
  5. Enter yum -y install php php-devel php-gd php-imap php-ldap php-mysql php-odbc php-pear php-xml php-xmlrpc curl curl-devel perl-libwww-perl ImageMagick libxml2 libxml2-devel to install PHP and commonly-used optional packages
  6. Enter yum -y install webalizer to install Webalizer
  7. Enter yum -y install perl-HTML-Parser perl-DBI perl-Net-DNS perl-Digest-SHA1 to install Perl libraries used by SpamAssassin
  8. Enter yum -y install which flex to install which and flex (ISPconfig dependencies)


Remove Unnecessary Packages

  1. Enter chkconfig --levels 235 sendmail off; /etc/init.d/sendmail stop; yum -y remove sendmail to remove sendmail
  2. Enter yum -y remove vsftpd to remove vsftpd (ProFTPd is recommended over vsftpd for use with ISPconfig)


Configure BIND9 (chrooted DNS Server)

BIND will run in a chroot jail under /var/named/chroot/var/named/ to allow BIND management via ISPConfig.

  1. Enter chmod 755 /var/named/ to set permissions for the /var/named directory
  2. Enter chmod 775 /var/named/chroot/ to set permissions for the /var/named/chroot directory
  3. Enter chmod 775 /var/named/chroot/var/ to set permissions for the /var/named/chroot/var directory
  4. Enter chmod 775 /var/named/chroot/var/named/ to set permissions for the /var/named/chroot/var/named directory
  5. Enter chmod 775 /var/named/chroot/var/run/ to set permissions for the /var/named/chroot/var/run directory
  6. Enter chmod 777 /var/named/chroot/var/run/named/ to set permissions for the /var/named/chroot/var/run/named directory
  7. Enter cd /var/named/chroot/var/named/ to switch to the /var/named/chroot/var/named directory
  8. Enter ln -s ../../ chroot to create a symbolic link from the /var/named/chroot/var/named/chroot directory to the /var/named/chroot/ directory
  9. Enter cp /usr/share/doc/bind-9.3.4/sample/var/named/named.local /var/named/chroot/var/named/named.local to copy the sample named.local into your chroot jail
  10. Enter cp /usr/share/doc/bind-9.3.4/sample/var/named/named.root /var/named/chroot/var/named/named.root to copy the default root domain server file into your chroot jail
  11. Enter touch /var/named/chroot/etc/named.conf to create an empty named.conf file in your chroot jail
  12. Enter chkconfig --levels 235 named on to set BIND to start when your server boots


Configure MySQL

  1. Enter chkconfig --levels 235 mysqld on to set MySQL to start when your server boots

Note: Consider reviewing the MySQL Tuning guide and Low memory MySQL / Apache configurations for additional MySQL configuration suggestions.


Configure postfix with saslauthd

Enter the following postfix configuration commands:

  1. postconf -e 'smtpd_sasl_local_domain ='
  2. postconf -e 'smtpd_sasl_auth_enable = yes'
  3. postconf -e 'smtpd_sasl_security_options = noanonymous'
  4. postconf -e 'broken_sasl_auth_clients = yes'
  5. postconf -e 'smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination'
  6. postconf -e 'inet_interfaces = all'
  7. postconf -e 'mynetworks = 127.0.0.0/8'

Generate an SSL Certificate for postfix

A Certificate Signing Request (CSR) file named /root/csr_data.txt will be used to simplify the certificate generation process.

Enter vi /root/csr_data.txt to begin editing the file - the contents of the file should look appear as follows with your certificate information in place of the dummy values:

XX
<COUNTRY_NAME>
<CITY_NAME>
<COMPANY_NAME>
<COMPANY_DIVISION_NAME>
<SERVER_HOSTNAME>
<SERVER_ADMINISTRATOR_EMAIL>
.
.

Replace XX with the two-letter abbreviation of your country name and ensure that the two . characters and newline at the end of the file are entered.

Enter the following commands to generate an SSL certificate for use with postfix:

  1. mkdir /etc/postfix/ssl
  2. cd /etc/postfix/ssl/
  3. openssl genrsa -passout pass:<PASSWORD> -des3 -rand /var/log/messages -out smtpd.key 1024 (where <PASSWORD> is the password you have selected for your certificate)
  4. chmod 600 smtpd.key
  5. openssl req -new -key smtpd.key -passin pass:<PASSWORD> -batch -out smtpd.csr < /root/csr_data.txt (where <PASSWORD> is the password you have selected for your certificate)
  6. openssl x509 -req -days 730 -in smtpd.csr -signkey smtpd.key -passin pass:<PASSWORD> -out smtpd.crt (where <PASSWORD> is the password you have selected for your certificate)
  7. openssl rsa -in smtpd.key -passin pass:<PASSWORD> -out smtpd.key.unencrypted (where <PASSWORD> is the password you have selected for your certificate)
  8. mv -f smtpd.key.unencrypted smtpd.key
  9. openssl req -new -x509 -extensions v3_ca -passout pass:<CA_PASSWORD> -batch -keyout cakey.pem -out cacert.pem -days 730 < /root/cacert_csr_data.txt (where <CA_PASSWORD> is the Certificate Authority (CA) password for your certificate)
  10. chmod 600 smtpd.crt

Configure postfix for SSL

  1. Modify the /usr/lib/sasl2/smtpd.conf file:
    1. Enter vi /usr/lib/sasl2/smtpd.conf to open the file for editing
    2. Locate the pwcheck_method: saslauthd line and add the following line below it:
      mech_list: plain login
    3. Exit vi
  2. Enter the following commands to configure postfix to accept SSL connections:
    1. postconf -e 'smtpd_tls_auth_only = no'
    2. postconf -e 'smtp_use_tls = yes'
    3. postconf -e 'smtpd_use_tls = yes'
    4. postconf -e 'smtp_tls_note_starttls_offer = yes'
    5. postconf -e 'smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key'
    6. postconf -e 'smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt'
    7. postconf -e 'smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem'
    8. postconf -e 'smtpd_tls_loglevel = 1'
    9. postconf -e 'smtpd_tls_received_header = yes'
    10. postconf -e 'smtpd_tls_session_cache_timeout = 3600s'
    11. postconf -e 'tls_random_source = dev:/dev/urandom'


Optional: Dovecot uses Maildir format (not mbox), so if you install ISPConfig on the server, please make sure you enable Maildir under Management -> Server -> Settings -> Email. ISPConfig will then do the necessary configuration.

If you do not want to install ISPConfig, enter the following commands to configure postfix to deliver emails to a user's Maildir:

  1. postconf -e 'home_mailbox = Maildir/'
  2. postconf -e 'mailbox_command ='


Configure dovecot

Optional: By default, the dovecot daemon will provide IMAP and IMAPS services. If you wish to use POP3 and POP3S, you must configure dovecot to accept these protocols.

To enable POP3 and POP3 protocols:

  1. Enter vi /etc/dovecot.conf to begin editing the /etc/dovecot.conf file
  2. Locate and uncomment the following line:
    protocols = imap imaps pop3 pop3s
  3. Save the file and exit vi


Configure Apache

  1. Modify the DirectoryIndex directive in your httpd.conf file:
    1. Enter vi /etc/httpd/conf/httpd.conf to begin editing the file
    2. Locate the DirectoryIndex for your web root
    3. Modify the line to read as follows:
      DirectoryIndex index.html index.htm index.shtml index.cgi index.php index.php3 index.pl
    4. Exit vi
  2. Enter chkconfig --levels 235 httpd on to start Apache whenever your server boots


Disable PHP by Default

Note: PHP must be disabled by default in the /etc/httpd/conf.d/php.conf file if you intend to limit PHP execution with ISPconfig.

Replace the contents of the /etc/httpd/conf.d/php.conf file with the following:

#
# PHP is an HTML-embedded scripting language which attempts to make it
# easy for developers to write dynamically generated webpages.
#

LoadModule php5_module modules/libphp5.so

#
# Cause the PHP interpreter to handle files with a .php extension.
#
#AddHandler php5-script .php
#AddType text/html .php

#
# Add index.php to the list of files that will be served as directory
# indexes.
#
DirectoryIndex index.php

#
# Uncomment the following line to allow PHP to pretty-print .phps
# files as PHP source code:
#
#AddType application/x-httpd-php-source .phps


Compile and Configure ProFTPd

  1. Enter cd /tmp to switch to the /tmp directory
  2. Enter wget --passive-ftp ftp://ftp.proftpd.org/distrib/source/proftpd-1.3.3.tar.gz to download the latest stable version of ProFTPd
  3. Enter tar xvfz proftpd-1.3.3.tar.gz; cd proftpd-1.3.3 to unpack the ProFTPd source and switch to the unpacked directory
  4. Enter ./configure --sysconfdir=/etc; make; make install to prepare, compile, and install ProFTPd
  5. Enter cd /tmp; rm -rf ./proftpd-1.3.3* to remove ProFTPd's source archive and unpacked directory
  6. Enter ln -s /usr/local/sbin/proftpd /usr/sbin/proftpd to create a symbolic link from /usr/sbin/proftpd to /usr/local/sbin/proftpd
  7. Enter touch /etc/init.d/proftpd && chmod 755 /etc/init.d/proftpd to create an init script for ProFTPd
  8. Enter vi /etc/init.d/proftpd and copy the following script into the file:
#!/bin/sh
# $Id: proftpd.init,v 1.1 2004/02/26 17:54:30 thias Exp $
#
# proftpd This shell script takes care of starting and stopping
# proftpd.
#
# chkconfig: - 80 30
# description: ProFTPD is an enhanced FTP server with a focus towards \
# simplicity, security, and ease of configuration. \
# It features a very Apache-like configuration syntax, \
# and a highly customizable server infrastructure, \
# including support for multiple 'virtual' FTP servers, \
# anonymous FTP, and permission-based directory visibility.
# processname: proftpd
# config: /etc/proftp.conf
# pidfile: /var/run/proftpd.pid

# Source function library.
. /etc/rc.d/init.d/functions

# Source networking configuration.
. /etc/sysconfig/network

# Check that networking is up.
[ ${NETWORKING} = "no" ] && exit 0

[ -x /usr/sbin/proftpd ] || exit 0

RETVAL=0

prog="proftpd"

start() {
echo -n $"Starting $prog: "
daemon proftpd
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && touch /var/lock/subsys/proftpd
}

stop() {
echo -n $"Shutting down $prog: "
killproc proftpd
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/proftpd
}

# See how we were called.
case "$1" in
start)
start
;;
stop)
stop
;;
status)
status proftpd
RETVAL=$?
;;
restart)
stop
start
;;
condrestart)
if [ -f /var/lock/subsys/proftpd ]; then
stop
start
fi
;;
reload)
echo -n $"Re-reading $prog configuration: "
killproc proftpd -HUP
RETVAL=$?
echo
;;
*)
echo "Usage: $prog {start|stop|restart|reload|condrestart|status}"
exit 1
esac

exit $RETVAL
  1. Update your ProFTPd configuration:
    1. Enter vi /etc/proftpd.conf to begin editing the /etc/proftpd.conf file
    2. Add the following lines:
      Group nobody
      DefaultRoot ~
      IdentLookups off
      ServerIdent on "FTP Server ready."
    3. Exit vi
  2. Enter chkconfig --levels 235 proftpd on to automatically start ProFTPd when your server boots


Optional: Configure SuExec with ISPconfig

If you would like to run CGI scripts under SuExec, you should specify /var/www as the home directory for websites created by ISPConfig because SuExec for CentOS is compiled with /var/www as the default document root.

To ensure that SuExec will work with ISPconfig, your Apache configuration's document root should specify the same DOC_ROOT setting which is being used by SuExec.

Check the present DOC_ROOT setting for SuExec by running /usr/sbin/suexec -V and specify the same value (/var/www by default) in your /etc/httpd/httpd.conf file.


Test Your Configuration

BIND

  1. Enter /etc/init.d/named restart to restart BIND

MySQL

  1. Enter /etc/init.d/mysqld start to start the MySQL daemon
  2. Enter netstat -tap | grep mysql - if a line with the word LISTEN displays, MySQL was configured successfully and is now running
  3. Enter mysqladmin -u root password <YOUR_MYSQL_PASSWORD> (where <YOUR_MYSQL_PASSWORD> is the unique password for your MySQL root account)

postfix, saslauthd, and dovecot

  1. Enter the following commands to automatically start the postfix, saslauthd, and dovecot daemons when your server boots:
    • chkconfig --levels 235 postfix on
    • chkconfig --levels 235 saslauthd on
    • chkconfig --levels 235 dovecot on
  2. Enter the following commands to start the postfix, saslauthd, and dovecot daemons for testing:
    • /etc/init.d/postfix start
    • /etc/init.d/saslauthd start
    • /etc/init.d/dovecot start
  3. Test SMTP authentication:
    1. Enter telnet localhost 25 to open a local connection to your mail server
    2. Upon establishing a connection, enter ehlo localhost to test your mail server's response
    3. If your mail server's response contains the following lines, the installation was successful:
      250-STARTTLS
      250-AUTH LOGIN PLAIN
    4. Enter quit to return to the bash prompt

Apache

  1. Enter /etc/init.d/httpd start to start Apache
  2. Enter wget http://127.0.0.1 to test Apache

ProFTPd

  1. Enter /etc/init.d/proftpd start to start the ProFTP daemon


Scripted Installation Guide

Important: This script will overwrite existing files without asking. The installation script should not be run on a VPS which has already been configured. Review your logs to correct errors and proceed with the instructions listed above if the installation script fails

To run the CentOS 5 setup for LAMP and ISPconfig configuration script:

  1. Go to the Addon files for Centos 5 LAMP and ISPConfig setup article to retrieve the script and related files.
  2. Upload copies of the script and related files to the /root/ directory on your VPS.
    • centos5_vps4_install_v1.2.sh - The script
    • yum.conf - yum configuration file
    • proftpd - ProFTPd script
  3. SSH to your VPS and log in as the root user.
  4. Enter cd ~ to switch to the /root/ directory on your VPS.
  5. Edit the centos5_vps4_install_v1.2.sh to include your configuration parameters and passwords for use throughout the installation process.
  6. Enter chmod 700 centos5_vps4_install_v1.2.sh to set the executable bit for the script.
  7. Enter ./centos5_vps4_install_v1.2 to execute the installation script.
  8. Follow the instructions presented during script execution.
  9. Upon successful completion, the script it will erase itself for security reasons - before erasing itself, the script will write any configuration variables which were specified (excepting your passwords) to the /root/my_install_environment.txt file for future reference.


Installing ISPconfig

Your VPS is now ready to complete the installation of ISPconfig. Proceed to the ISPconfig installation manual for further instructions.

Retrieved from "http://wiki.vpslink.com/index.php?title=HOWTO:_CentOS_5_setup_for_LAMP_and_ISPconfig&oldid=15222"
Recent Changes | RSS RSS Feed