In the last post we looked at planning your perfect web-server :
- You know exactly what you want this server to do.
- You have some hardware on the way
It is now time to decide what Operating system you are going to run. This will really depend on your preference but whatever you choose should be the minimal distribution. This means that it comes with very few packages pre-installed.
Because the last webserver I did was a Centos 6.5 I will use CentOS 6.5 minimal.
Download the CentOS 6.5 ISO
We want the minimal for your Hardware, if you have new hardware it will be the X86 version of whatever you download.
For how to install CentOS there are plenty of HowTo’s available so I will just skip to the interesting bits.
Encrypt file system.
On paper this is a great idea but the boot process will stop on boot. If you are accessing this system remotely then make sure you have console access. Because I am building this in a virtual machine ( KVM ) and have access to the boot system I will encrypt it.
Set a decent root password. This will be closed down after we have finished building the web server, but systems can get hacked during the build process.
We need Apache Php and Mysql so that, and the dependencies are going to be installed first.
Before we do anything though we update all the packages on the system to the latest version
Start up the network interface and make it come back on boot and will get an IP address if you have a DHCP server
ifup eth0 chkconfig network on
yum -y update
When done just reboot the machine because at time of writing the update included a kernel update and that needs a reboot.
Now we can install some basic rpm’s. If you want to compile your own web server and you can skip straight to part three. I am going to stick with rpm’s because I don’t want to have to maintain my own packages and I want to take advantage of the considerable quality assurance done by Redhat and CentOS.
yum -y install httpd php mysql-server
As it stands the built in firewall is going to block all requests to your shiny new web server (except OpenSSH ) so temporarily allow all access from your IPaddress.
iptables -I INPUT -s "YOURIP" -j ACCEPT
My IP is 192.168.122.1 so the command would be:
iptables -I INPUT -s 192.168.122.1 -j ACCEPT
Start up Apache and make it start on boot:
/etc/init.d/httpd start chkconfig httpd on
Start up mysql and make it start on boot:
/etc/init.d/mysqld start chkconfig mysql on
Point a browser at your web servers IP address and hopefully you will see this.
This means we have a basic working web server and we are ready to start making your web server a little more friendly for you, and much tougher for crackers.
Before I finish up for the day I am also going to install some light weight utilities and a yum-plugin or two to make managing and debugging this system easier.
- htop is a nice console process viewer
- iptraf is a console traffic monitor
- yum-security searches for security patches and can install them automatically
- yum-presto speeds up your downloads from your yum repository