1- Initial CentOS setup
Set correct time and date. here we use “America/New_York”:# timedatectl set-timezone America/New_York
Set SELinux to permissive mode by editing /etc/selinux/config:# vi /etc/selinux/config
SELINUX=permissive
Also to apply it immediately run:# setenforce 0
Install EPEL repository:# yum install epel-release
Update OS:# yum -y update
The NETWORKING variable must be set to yes if you want networking to start at boot time:# vi /etc/sysconfig/network
NETWORKING=yes
Here we disable kdump service. you can skip it if you want:# systemctl disable kdump
2- Install CSF.
CSF preparation. Stop and disable firewalld.
# systemctl disable firewalld# systemctl stop firewalld
Install iptables-services.
# yum install iptables-services
Create files required by iptables.
# touch /etc/sysconfig/iptables# touch /etc/sysconfig/ip6tables
Start iptables.
# systemctl start iptables# systemctl start ip6tables
Enable iptables at boot.
# systemctl enable iptables# systemctl enable ip6tables
Install CSF
Install the CSF dependencies.
# yum install wget perl unzip net-tools perl-libwww-perl perl-LWP-Protocol-https perl-GDGraph
Download and launch the CSF installer.
# cd /opt# wget https://download.configserver.com/csf.tgz# tar -xzf csf.tgz# cd csf# sh install.sh
Remove the installation files.
# rm -rf /opt/csf# rm /opt/csf.tgz# perl /usr/local/csf/bin/csftest.pl
The expected output of the above command would be:
Testing ip_tables/iptable_filter...OK
Testing ipt_LOG...OK
Testing ipt_multiport/xt_multiport...OK
Testing ipt_REJECT...OK
Testing ipt_state/xt_state...OK
Testing ipt_limit/xt_limit...OK
Testing ipt_recent...OK
Testing xt_connlimit...OK
Testing ipt_owner/xt_owner...OK
Testing iptable_nat/ipt_REDIRECT...OK
Testing iptable_nat/ipt_DNAT...OK
RESULT: csf should function on this server
# vi /etc/csf/csf.conf
Change TESTING = “1” to TESTING = “0” (otherwise, the lfd daemon will fail to start) and list allowed incoming and outgoing ports as a comma-separated list (TCP\_IN and TCP\_OUT, respectively) in /etc/csf/csf.conf as shown in the below output:
Testing flag – enables a CRON job that clears iptables incase of configuration problems when you start csf. This should be enabled until you are sure that the firewall works – i.e. incase you get locked out of your server! Then do remember to set it to 0 and restart csf when you’re sure everything is OK. Stopping csf will remove the line from /etc/crontab
CSF configuration
lfd (login failure daemon) will not start while this is enabled
# TESTING = "0"
Allow incoming TCP ports
# TCP_IN = "21,22,25,80,110,143,443,465,587,636,990,993,995"
Allow outgoing TCP ports
# TCP_OUT = "21,22,25,80,110,143,443,465,587,636,990,993,995"
Allow incoming UDP ports
# UDP_IN = "20,21,53"
Allow outgoing UDP ports
To allow outgoing traceroute add 33434:33523 to this list
# UDP_OUT = "20,21,53"
Restart and Test CSF
# systemctl restart {csf,lfd}# systemctl enable {csf,lfd}# systemctl is-active {csf,lfd}# csf -v
Optional Temporarily disable CSF
if you want to disable CSF temporarily, you could use:
# csf -x
Apply change and reload CSF
Any time you make change to csf config, you need to reload csf. so issue the following command:
# csf -r
3- Install PHP 7.3 and Apache
Install remi repository for PHP 7 installation:
# yum install http://rpms.remirepo.net/enterprise/remi-release-7.rpm
Install yum-utils:
# yum install yum-utils
Enable remi repository:
# yum-config-manager --enable remi-php73
then install PHP 7.3:
# yum install php php-mbstring php-pear php73-php-pdo.x86_64 php-pdo.x86_64 php-mysql.x86_64 php-ioncube-loader.x86_64 php-curl curl php-soap.x86_64 php73-php-soap.x86_64 php-gd.x86_64 php73-php-gd.x86_64
Edit php.ini and set options like the following:
# vi /etc/php.ini
date.timezone = "America/New_York"memory_limit = 1024Mextension=pdo.soextension=pdo_mysql.so
Install apache and start it:
# yum install httpd# systemctl enable httpd# systemctl start httpd# systemctl status httpd
Add Document Roots
# mkdir -p /var/www/domain.com
Add Virtual Host Files
# /etc/httpd/conf.d/domain.com.conf
<VirtualHost *:80>
ServerName domain.com
ServerAlias www.domain.com
DocumentRoot /var/www/domain.com
ErrorLog /etc/httpd/logs/error_log
CustomLog /etc/httpd/logs/access_log combined
</VirtualHost>
Test And Restart Apache
Once the files are written, we can run a config test:
# httpd -t
This command will return
Syntax OK
if there are no problems seen. If there are issues, the httpd command should tell us what line, as well as what file caused the concern. Now we can reload the configuration i
into Apache:
# systemctl reload httpd
Again, if that reload is successful, this command will have no output. We can confirm that we loaded the VirtualHosts by running:
# httpd -S
The output of this command will show Apache’s current running configuration, including the VirtualHost blocks that are loaded. You should see two entries that say ‘*:80’ at the beginning of the line, which will be domain.com and domain.net.
4- Install Mariadb 10.5.
# vi /etc/yum.repos.d/MariaDB.repo
Now add the following lines to your respective Linux distribution version as shown.
[mariadb]name = MariaDBbaseurl = http://yum.mariadb.org/10.1/centos7-amd64gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDBgpgcheck=1
Install MariaDB
# yum install MariaDB-server MariaDB-client -y
Start the database server daemon for the time being, and also enable it to start automatically at the next boot like so:
# systemctl start mariadb# systemctl enable mariadb# systemctl status mariadb
Secure MariaDB in CEntOS 7
# mysql_secure_installation
After securing the database server, you may want to check certain MariaDB features such as: installed version, default program argument list, and also login to the MariaDB command shell as follows:
# mysql -V# mysqld --print-defaults# mysql -u root -p
5. Install WHMCS
Create database
CREATE USER 'typeusernamehere'@'localhost' IDENTIFIED BY 'typeyourpasswordhere';
GRANT ALL PRIVILEGES ON *.* TO 'typeusernamehere'@'localhost';
CREATE DATABASE typeyourdatabasenamehere;
Extract whmcs installation files to /var/www/domain.com and change owner of files to apache:
# chown -R apache:apache /var/www/domain.com/*
Create new configuration.php file and change permission to 777:
# mv /var/www/domain.com/configuration.php.new /var/www/domain.com/configuration.php# chmod 777 /var/www/domain.com/configuration.php
In Google Chrome or Firefox navigate to your server IP address and install WHMCS. follow the instruction and filll required fiels. after installation, delete install folder from /var/www/domain.com/
# rm -rf /var/www/domain.com/install/
To improve security, move downloads, template_c and attachments directory from /var/www/domain.com/ to /var/www/ :
# mv /var/www/domain.com/attachments/ /var/www/attachments/# mv /var/www/domain.com/downloads/ /var/www/downloads/# mv /var/www/domain.com/templates_c/ /var/www/templates_c/
Change owner and permission of above directory:
# chmod 777 /var/www/attachments/ /var/www/downloads/ /var/www/templates_c/# chown apache:apache /var/www/attachments/ /var/www/downloads/ /var/www/templates_c/
Add the following lines to /var/www/domain.com/configuration.php
$mysql_charset = "utf8";$display_errors="off";$templates_compiledir = "/var/www/templates_c/";$attachments_dir = "/var/www/attachments/";$downloads_dir = "/var/www/downloads/";
Add the following line to /etc/crontab
# /etc/crontab -e
SHELL=/bin/bash
PATH=/sbin:/bin:/usr/sbin:/usr/bin
MAILTO=root
HOME=/
# For details see man 4 crontabs
# Example of job definition:
# .---------------- minute (0 - 59)
# | .------------- hour (0 - 23)
# | | .---------- day of month (1 - 31)
# | | | .------- month (1 - 12) OR jan,feb,mar,apr ...
# | | | | .---- day of week (0 - 6) (Sunday=0 or 7) OR sun,mon,tue,wed,thu,fri,sat
# | | | | |
# * * * * * user-name command to be executed*/5 * * * * root /usr/bin/php -q /var/www/html/crons/cron.php
Change /var/www/domain.com/configuration permission to 600:
All Done!
