Server Setup Guide Part 2 (CentOS, OpenLiteSpeed, Percona) (With Pictures!).

Discussion in 'OpenLiteSpeed Tips and Guides' started by Slavik, Aug 25, 2013.

  1. Slavik

    Slavik Administrator

    Pre-Word and Disclaimer
    This guide may not be published, broadcast, rewritten or redistributed in whole or part with out the express written permission of Slavik at XenForo.com. The author takes no responsbility for any steps, in part, or in whole, undertaken by users of this guide and does not guarantee against any losses, material or otherwise.


    Introduction

    In Part 1 of this guide you updated the system, installed Percona MySQL Server and installed OpenLiteSpeed Web Server.

    In Part 2, we will install PHP, do some basic MySQL configuration, configure LiteSpeed to serve files on port 80, and set up basic IP Tables.


    Prerequisites

    Completed Part 1.

    Installation Guide

    Firstly we will install PHP. OpenLiteSpeed offers 2 ways of doing this. Either via the web-based PHP configuration utility where you can select the PHP version, and then add your configure parameters, save it and then LiteSpeed will give you a command to run in the Putty client, or, alternatively we can use "yum" to install and maintain PHP for us.
    Both ways of installing PHP have their advantages and disadvantages, however, whilst the yum option is easier to initially set up, compiling PHP ourselves via the OpenLiteSpeed Panel allows for greater control in the versions and what we compile PHP to run with.

    So lets get PHP compiled.

    First go to the OpenLiteSpeed Admin Panel.

    Code:
    https://YOURSERVERIP:7080

    And log in with the details

    Code:
    Username: admin
    Password: 123456
    
    [IMG]

    The first thing we will do is change this weak admin password. To do so after logging in click Web Console > General > Security > admin and then enter the current password (123456) followed by the new password you chose and hit save.


    Next, click Actions > Compile PHP.


    Select the PHP version you wish to use, for this guide we will use PHP 5.4.17 and hit next.

    [IMG]

    On this page, the only options we are interested in are the Configure Parameters and the Add-on Modules.


    There are 2 ways we can compile PHP at this point, either, a) as a minimal install, with the base essentials for XenForo and a few other minor bits, or b) as a complete "include all" type install, to basically run 99% of anything.

    We will run the minimal install, so enter the following into the Configure Parameters box:

    Code:
    '--with-mysql' '--with-mysqli' '--with-mysql-sock=/var/lib/mysql/mysql.sock' '--with-zlib' '--with-gd' '--enable-shmop' '--enable-sockets' '--enable-sysvmsg' '--enable-sysvsem' '--enable-sysvshm' '--enable-mbstring' '--with-iconv' '--with-libdir=lib64' '--with-litespeed' '--with-curl' '--enable-zip' '--with-bz2' '--with-jpeg-dir=lib64' '--enable-bcmath' '--enable-calendar' '--enable-ftp' '--enable-gd-native-ttf' '--enable-exif' '--with-openssl' '--with-xmlrpc' '--with-freetype-dir=lib64' '--with-png-dir=lib64' '--enable-inline-optimization' '--enable-xml'
    And for the Add-on modules I select Mail Source Handler, APC and Memcached, then hit Compile PHP 5.4.17.

    [IMG]

    OpenLiteSpeed will then download the required packages and configure it. When it is done, hit Next.

    [IMG]

    This will bring up the following page, so go back to Putty and enter the command the OpenLiteSpeed has given you at the top black box.

    Code:
    /usr/local/lsws/phpbuild/buildphp_manual_run.sh
    [IMG]

    [IMG]

    You can then go back to the web page, and watch the progress. This may take some time, 10 minutes is not uncommon.

    [IMG]

    Head back to putty and copy the php.ini to the right place.

    Code:
    cp /usr/local/lsws/phpbuild/php-5.4.17/php.ini-development /usr/local/lsws/lsphp5/lib/php.ini
    [IMG]

    Next, select Actions > Graceful Restart and hit OK

    [IMG]

    Head to your live URL and test your PHP is working.

    Code:
    http://YOURSERVERIP:8088/phpinfo.php
    If the page loads correctly, PHP is all sorted!

    [IMG]

    Finally, we need to alter OpenLiteSpeed to serve up from port 80. So in the Admin Panel go to Configuration > Listeners > Default > Edit and change the port from 8088 to 80 and hit Save.

    [IMG]

    Then, select Actions > Graceful Restart and hit OK.

    [IMG]

    Check it works correctly once again by simply loading

    Code:
    http://YOURSERVERIP/
    If it loads, then we have OpenLiteSpeed working correctly!

    [IMG]

    Time to do some basic MySQL configuration. This will vary from server to server, however as a basic starting point, first open up WinSCP and enter your servers root login information.

    First stop MySQL

    Code:
    /etc/init.d/mysql stop
    [IMG]

    Next, navigate to /etc/ and open my.cnf

    [IMG]

    Delete the contents already in place and replace with the following

    Code:
    [mysql]
    # CLIENT #
    port  = 3306
    socket  = /var/lib/mysql/mysql.sock
    [mysqld]
    # GENERAL #
    user  = mysql
    default-storage-engine  = InnoDB
    socket  = /var/lib/mysql/mysql.sock
    pid-file  = /var/lib/mysql/mysql.pid
    # MyISAM #
    key-buffer-size  = 32M
    myisam-recover  = FORCE,BACKUP
    # SAFETY #
    max-allowed-packet  = 16M
    max-connect-errors  = 1000000
    skip-name-resolve
    innodb  = FORCE
    # DATA STORAGE #
    datadir  = /var/lib/mysql/
    # CACHES AND LIMITS #
    tmp-table-size  = 32M
    max-heap-table-size  = 32M
    query-cache-type  = 0
    query-cache-size  = 0
    max-connections  = 500
    thread-cache-size  = 50
    open-files-limit  = 65535
    table-definition-cache  = 4096
    table-open-cache  = 4096
    # INNODB #
    innodb-flush-method  = O_DIRECT
    innodb-flush-log-at-trx-commit = 2
    innodb-file-per-table  = 1
    innodb-buffer-pool-size  = 592M
    # LOGGING #
    log-error  = /var/lib/mysql/mysql-error.log
    slow-query-log  = 1
    slow-query-log-file  = /var/lib/mysql/mysql-slow.log
    
    [IMG]

    Now go to Putty and restart Percona.

    Code:
    /etc/init.d/mysql start
    [IMG]

    Finally on the list is basic IP Tables configuration. IP Tables can be as complex or as lean as you like. As a basic rule the best methods are to only allow connections you specify, and drop all others.

    So lets restart IP Tables

    Code:
    /etc/init.d/iptables start
    [IMG]

    Next, lets load in the following rules

    Code:
    iptables -A INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
    
    Code:
    iptables -I INPUT 1 -p tcp --dport 22 -j ACCEPT
    
    Code:
    iptables -I INPUT 1 -p tcp --dport 80 -j ACCEPT
    
    Code:
    iptables -I INPUT 1 -p tcp --dport 7080 -j ACCEPT
    
    Code:
    iptables -P INPUT DROP
    
    [IMG]

    So what do all these do?

    The first Allows all established connections, eg ones made by your server though.

    The second Allows connections to the SSH port.

    The third Allows traffic to the web server.

    The fourth Allows you to access the OpenLiteSpeed Admin Panel

    And finally, the 5th Denies (drops) connections to all other ports.

    How does this secure your server? Well the basic theory is that your IP Tables limit the attack vectors on a server, by only allowing these specific ports, you exclude attackers from finding potential flaws in other running services. The only things they can look to find weaknesses in are the SSH Login, the OpenLiteSpeed Admin Panel or the Web application, and as long as those are kept up to date and are secure, you severely reduce any attackers chances of success. More aggressive IP Tables and services are out there, however that falls down to the individual sysadmin to decide what level of protection they wish to deploy.

    Lets save those IPTables rules, so on a server restart they are applied.

    Code:
    /etc/init.d/iptables save
    [IMG]

    And that concludes Part 2 of this guide! In Part 3, we will install XenForo and PhpMyAdmin.
    Last edited: Dec 30, 2013
    lsmichael likes this.
  2. nagu

    nagu New Member

    Looking forward for part 3...installing phpmydmin
  3. hungck83

    hungck83 New Member

    it's really useful for newbie , thanks
  4. evieward

    evieward New Member

    nice thread, it was well explained!

Share This Page