Configure Apache

Basic Configuration

vim /etc/php.ini
Few useful parameters: upload_max_filesize, memory_limit and post_max_size

/etc/init.d/httpd restart

Compress the log file

vim /etc/logrotate.d/httpd
missingok
notifempty
compress   <== Add This
sharedscripts
delaycompress
postrotate
/sbin/service httpd reload > /dev/null 2>/dev/null || true
endscript

Setup logrotate for custom log file

vim /etc/logrotate.d/httpd
/var/www/vhosts/my-helper/logs/*log {
weekly
size=10M
rotate 4
compress
sharedscripts
postrotate
/sbin/service httpd reload > /dev/null 2>/dev/null || true
endscript
}

logrotate -v /etc/logrotate.d/httpd

Reference:
http://linux.vbird.org/linux_server/0360apache.php#other_pkg_syslog
http://linux.vbird.org/linux_basic/0570syslog.php#rotate

Setup postfix

Install postfix

yum install postfix

Remove sendmail

/etc/init.d/sendmail stop
yum remove sendmail sendmail-cf

Start postfix

/etc/init.d/postfix start
chkconfig postfix on

Configuration

vim /etc/postfix/main.cf
myhostname = www.my-helper.com
myorigin = $myhostname

Restart postfix

/etc/init.d/postfix check
/etc/init.d/postfix restart
netstat -tlunp | grep :25

reference: http://linux.vbird.org/linux_server/0380mail.php

Upgrade PHP

Create the file /etc/yum.repos.d/CentOS-Testing.repo and add enter the following content:

# CentOS-Testing:
# !!!! CAUTION !!!!
# This repository is a proving grounds for packages on their way to CentOSPlus and CentOS Extras.
# They may or may not replace core CentOS packages, and are not guaranteed to function properly.
# These packages build and install, but are waiting for feedback from testers as to
# functionality and stability. Packages in this repository will come and go during the
# development period, so it should not be left enabled or used on production systems without due
# consideration.
[c5-testing]
name=CentOS-5 Testing
baseurl=http://dev.centos.org/centos/$releasever/testing/$basearch/
enabled=1
gpgcheck=1
gpgkey=http://dev.centos.org/centos/RPM-GPG-KEY-CentOS-testing
includepkgs=php*

yum update
service httpd restart

reference: http://wiki.centos.org/HowTos/PHP_5.1_To_5.2

Configure SSH Server

Disable root login
vim /etc/ssh/sshd_config

PermitRootLogin no

service sshd restart

Limit user login
vim /etc/ssh/sshd_config

AllowUsers user1 user2

service sshd restart

Change port
vim /etc/ssh/sshd_config

Port 10000

service sshd restart

Disable sftp
vim /etc/ssh/sshd_config

# Comment the following line
# Subsystem sftp /usr/lib/openssh/sftp-server

service sshd restart

Install FTP Server

Install vsftpd
yum install vsftpd

Automatic Turn on ftp server on reboot
chkconfig vsftpd on

Start ftp server
service vsftpd start

Change Default Directory
vim /etc/vsftpd/vsftpd.conf

local_root=/directory

Only allow specific users to login
vim /etc/vsftpd/vsftpd.conf

userlist_enable=YES
userlist_deny=NO
userlist_file=/etc/vsftpd/user_list

vim /etc/vsftpd/user_list

user1
user2

Create a custom config for a specific user
vim /etc/vsftpd/vsftpd.conf

user_config_dir=/etc/vsftpd/userconfig

vim /etc/vsftpd/userconfig/username

local_root=/var/www/vhosts/my-helper/htdocs/upload

Enable sftp
openssl req -x509 -nodes -days 365 -newkey rsa:1024 \
-keyout /etc/vsftpd/vsftpd.pem \
-out /etc/vsftpd/vsftpd.pem
vim /etc/vsftpd/vsftpd.conf
Add the following lines

ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=YES
force_local_logins_ssl=YES
ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO
rsa_cert_file=/etc/vsftpd/vsftpd.pem
force_local_logins_ssl=YES

Enable chroot
vim /etc/vsftpd/vsftpd.conf

chroot_local_user=YES
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd/chroot_list

vim /etc/vsftpd/chroot_list (exclude list)

user1
user2

Change port
vim /etc/vsftpd/vsftpd.conf

listen_port=8121
ftp_data_port=8120
pasv_min_port=8000
pasv_max_port=8100

vim /etc/sysconfig/iptables

-A RH-Firewall-1-INPUT -m state –state NEW -m tcp -p tcp –dport 8121 -j ACCEPT
-A RH-Firewall-1-INPUT -m state –state NEW -m tcp -p tcp –dport 8120 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp –dport 8000:8100 -j ACCEPT

reference:
http://wiki.vpslink.com/Configuring_vsftpd_for_secure_connections_%28TLS/SSL/SFTP%29
http://howto.gumph.org/content/setup-virtual-users-and-directories-in-vsftpd/

Setup VirtualHost

Create virtural host config file
mkdir /etc/httpd/conf/extra
vim /etc/httpd/conf/extra/httpd-vhosts.conf

<VirtualHost *:80>
DocumentRoot “/var/www/vhosts/my-helper/htdocs”
ServerName my-helper.com
ServerAlias www.my-helper.com
<Directory “/var/www/vhosts/my-helper/htdocs”>
Options Indexes FollowSymLinks
AllowOverride All
Order allow,deny
Allow from all
</Directory>
ErrorLog “/var/www/vhosts/my-helper/logs/error.log”
CustomLog “/var/www/vhosts/my-helper/logs/access.log” common
</VirtualHost>

Enable virtural host
vim /etc/httpd/conf/httpd.conf
Uncomment the following line:

NameVirtualHost *:80

Append the following line to the end of the file:

Include /etc/httpd/conf/extra/httpd-vhosts.conf

Check config file
apachectl graceful

Restart server
/etc/init.d/httpd restart

Install DNS

Install
yum install bind caching-nameserver

Create config file
touch /var/named/chroot/etc/named.conf
ln -s /var/named/chroot/etc/named.conf /etc/named.conf
chown -R named /var/named/chroot
vim /etc/named.conf

options {
listen-on port 53 { any; };
listen-on-v6 port 53 { any; };
directory “/var/named”;
dump-file “/var/named/data/cache_dump.db”;
statistics-file “/var/named/data/named_stats.txt”;
};

zone “my-helper.com” {
type master;
file “my-helper.com”;
};

Create zone file
vim /var/named/chroot/var/named/my-helper.com

$TTL 86400
@ IN SOA ns1.my-helper.com info.my-helper.com (
2011061800 ; serial
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum

IN NS ns1.my-helper.com.
IN NS ns2.my-helper.com.
ns1 IN A 127.0.0.1
ns2 IN A 127.0.0.1
www IN A 127.0.0.1

Restart server
service named restart

Automatic turn on servers on reboot
chkconfig named on

Edit hostname resolver config file
vim /etc/resolv.conf

nameserver 10.0.0.1

reference:
http://blog.weithenn.org/2009/04/centosbind9-domain-nameip.html
http://fastcreators.com/article/2007/01/24/howto-caching-nameserver-and-bind-9-togather/