Building a perfect web server | Part 2

In the last post we looked at planning your perfect web-server :

  • You know exactly what you want this server to do.
  • You have some hardware on the way

It is now time to decide what Operating system you are going to run. This will really depend on your preference but whatever you choose should be the minimal distribution. This means that it comes with very few packages pre-installed.

Because the last webserver I did was a Centos 6.5 I will use CentOS 6.5 minimal.

Download the CentOS 6.5 ISO
We want the minimal for your Hardware, if you have new hardware it will be the X86 version of whatever you download.

For how to install CentOS there are plenty of HowTo’s available so I will just skip to the interesting bits.

Encrypt file system.
On paper this is a great idea but the boot process will stop on boot. If you are accessing this system remotely then make sure you have console access. Because I am building this in a virtual machine ( KVM ) and have access to the boot system I will encrypt it.

Set a decent root password. This will be closed down after we have finished building the web server, but systems can get hacked during the build process.

We need Apache Php and Mysql so that, and the dependencies are going to be installed first.
Before we do anything though we  update all the packages on the system to the latest version

Start up the network interface and make it come back on boot and will get an IP address if you have a DHCP server

ifup eth0
chkconfig network on
yum -y update

When done just reboot the machine because at time of writing the update included a kernel update and that needs a reboot.

reboot

Now we can install some basic rpm’s. If you want to compile your own web server  and you can skip straight  to part three.  I am going to stick with rpm’s because I don’t want to have to maintain my own packages and I want to take advantage of the considerable quality assurance done by Redhat and CentOS.

yum -y install  httpd php mysql-server

As it stands the built in firewall is going to block all requests to your shiny new web server (except OpenSSH ) so temporarily allow all access from your IPaddress.

iptables -I INPUT -s "YOURIP"  -j ACCEPT

My IP is 192.168.122.1 so the command would be:

iptables -I INPUT -s  192.168.122.1  -j ACCEPT

Start up Apache and make it start on boot:

/etc/init.d/httpd start
chkconfig httpd on

Start up mysql and make it start on boot:

/etc/init.d/mysqld start
chkconfig mysql on

You will get a screen full  of information about changing your password, don’t worry about this now.
Setup your mysql password so that it is secure.

Point a browser at your web servers IP address  and hopefully you will see this.
This means we have a basic working web server and we are ready to start making your web server a little more friendly for you, and much tougher for crackers.

Before I finish up for the day I am also going to install some light weight utilities and a yum-plugin or two to make managing and debugging this system easier.

yum -y install vim htop iptraf yum-security yum-presto

  • htop is a nice console process viewer
  • iptraf is a console traffic monitor
  • yum-security searches for security patches and can install them automatically
  • yum-presto speeds up your downloads from your yum repository

Building the Perfect Web Server | Part 3