Basic setup of web-server

Server Config
1

Hello guys and girls!

I’m at the moment hosted by a good friend, in the US - But I’m living in EU, and my customers are from europa only - And to be honest, then I can’t see the reason why I should be in New York.

The last few months, I’ve been planning to buy a dedicated server at a datacenter in Amsterdam - Unmanaged, because they don’t sell Managed servers.

So I’m having some questions, I would like to get answered if you have time!

I’m running a small business that develop websites for customers, and host them, we’re using wordpress and joomla - But some few other systems too, and building our websites from scratch too. - But what is “needed” for the setup, to be running our customers sites, but also be able to sell a few ‘shared hosting’ plans?

The server will be delivered with CentOS 64 bit (Version 5.6 I think). WHM/cPanel.

We want each website to have their own cPanel account (as we have at current host). We also want to have Softaculous installed.

So this is the plan:
Dedicated Server: CentOS5 64bit
WHM/cPanel
Softaculous
Awstats
Each account have cPanel
Able to install WHMCS Later with SSL on domain
MySQLi Support
Daily/Weekly or monthly Backup of every cpanel account.

What else is needed? What version of PHP? - We’ll hire a server admin for sure, but we want to know, what we should have when he/she is done.

I can inform, that we’ll get a server with 4 gigs ram, 2.8ghz dual core, 2x250gb SATA2 drives, on a 1000/1000mbit connection, with 6TB bandwidth. - The 2 drives is separate. Aka no raid.

Hope you can help guiding me a little more. What I should have on the server, to be running, a stable server, and secure ofc.

Thank you!
best regards,
Lucas Rolff

2

Personally, I would not risk the operations of paying customer sites with a few $5.99/month hosting plans – just isn’t worth it.

3

So it’s better just to keep our customers we create websites for, and then drop the shared hosting part of it?

4

Well, just get the server - cpanel auto install will do everything, you will be able to choose apache & php version later in easyapache setup at WHM. (I use php 5.2.17 & apache 2.2). It working just fine and works with any scripts. But disable magic_quotes in php config first.

Your admin should be knowing linux good, as cpanel auto install will not harden OS, will not set firewall, will not tune up exim (it must be hardened to get spammers off and add clamav to exim to get rid of viruses)

The configuration is good, but my own opinion is to have a raid, or to collaborate with somebody and share backups, so you will spam your backups to other server, and in back get the backups of your friend. Or just check r1soft solutions.

After some time of using your server i recommend to tune up mysql with mysql_primer script. Many options must be tuned to get a great performance of that database. Also if your clients dont need transactions (for bank sphere etc…) just use myisam bases, not innodb.

Setup joomla & wordpress from cpanel - so cpanel auto-update it. Outdated wordpress = insanelly spammed blogs = thats bad.

Also recommend you to set rootkithunter and disable shell access to your clients.

5

Hello inky2k,

Thank you very much for the details, I’ll first buy the server here at 1st October, and I’m still adding things to “Remember this” list, to the server, so I’m sure I’m getting what I at least want - about backups, I’ve found a solution, I’ll generate backups, setting up a sync with my external harddrive, then making another harddrive copy the current external + secure cloud storage.

The server admin I will use is setting up the server to be running at good performance, but will ask about getting clamav added.

About Joomla and Wordpress, I’m using a small script that auto-updates it anyway, and I will use softaculous… I will disable Shell access for my clients, I won’t be a shared host at the moment, because it was not recommended, and the customers I have, doesn’t need all those features, so I will only enable what they really need.

To everyone else, and inky2k, I’ve created this list what I really want on my server at the moment, can anyone look at it, and say if something of those things I’ve added is the default setting?

Thank you:

  • Stable version of PHP and MySQL (Is PHP 5.2.17 best? Or 5.3.x?)
  • Stable version of phpMyAdmin with “Pmahomme” as default theme - It should be included standard in 3.4+
  • Softaculous install
  • Able to use Remote MySQL from cPanel
  • Customers backup weekly/daily (daily for development, and weekly when sites are done). to a backup folder, that we have access to, but not the customer itself (It’s a part of our feature, to backup their websites and download them to our backup here in our Office for 1 month).
  • Firewall
  • Daily server reports with failed logins etc.
  • Awstats support in cPanel
  • PHP Memory Limit on 64MB
  • Gzip Compression (via .htaccess or ob_gzhandler)
  • Get PHP Zip Extension Enabled
  • Easy Mail setup in email clients
  • Online email client like “Horde”, Roundcube" or “SquirrelMail” if not better alternatives, up to you
  • IMAP Support
  • POP Default address for incoming and outgoing mail: mail.“domain.com
  • Access to WHM and cPanel via server.domain.tld (This will be our nameserver domain, and our main website is domain.tld).
  • DNS setup with ns1.domain.tld and ns2.domain.tld
  • MySQLi Support
  • PDO Support
  • Bandwidth Limiter Module
  • Able to use .htaccess for sure
  • MultiByte Support Enabled (mb_strtoLower(); etc)
  • Mod_rewrite
  • What is best, Active or Passive FTP?

Best regards,

6

no probs at all, anytime.

well, thats a good backup solution, without it will be just a timebomb, i had very bad experience with no backups - cost me alot of time getting my sites back from webarchive & search engines cache and rewriting all the code for my sites. (got my home pc broken with no point of return and hdd crashed at server) - just bad luck ;((

  • cpanel-autoinstall will setup and install everything for you. phpmyadmin is included in any cpanel/whm installation so you dont need to bother with it.
  • backups will be configured by you in WHM - (when you firstly install cpanel/whm - after first steps will be finished in shell - you going to web interface - there is a setup wizard - you will be prompted to give just few options for it to be put to work everyday).
  • firewall must be configured wisely by your admin or you can read many information about it on cpanel forums and configure it yourself.
  • autoreports (security, mail stats) automatically dropped everyday to email address that you provided to whm as administrative contact.
  • awstats/webalizer may be configured by you or your client from cpanel panel, general configuration options present at whm.
  • i dont know what sites your users have and what they doing - but sometimes php needs 128mb. (if you have 6GB of memory - its np, also recommend after some time to check mysql_primer script and do what it will tell you - i giving mysql like 40-50% of the memory). also execution time for php scripts is 30-60 seconds - there you decide.
  • i recommend to enable in php gzip extension. (user always may disable it by .htaccess) - it will reduce bandwidth (but if you will have a ton of users - then it may eat cpu time alot)
  • zip extension - not very supported by browsers on how i remember - just modern ones (gzip enough)
  • easy mail, and 3 webmail clients, imap, pop, exim (smtp) its all default cpanel installation.
  • forgot to mention about whm/cpanel - there will be option to redirect to ssl host when client wants to go to cpanel - recommend to check it (you dont really need a “real” buyed one certificate for this to function - you can always to generate your one. - yes it will be not trusted by all btrowsers - but you always can say to clients - it’s not a threat - its ok.
  • dns must be setuped by admin. (need to setup root zone, add some tweeks, remove version info, disable recursion (so your dns will not be open to any queries - it must do only queries to your hosted domains))
  • mysqli support will be installed by default (and an option to use “old” mysql passwords will be available in whm itself - i always check it - no threat at all)
  • pdo may be configured and build into php at easyapache (whm)
  • bandwidth limiter module is installed in default configuration.
  • .htaccess will be working ofc on default. its a must for any webhost - and cpanel knows that ;))
  • on how i remember multibyte is supported on default (or configured at easyapache).
  • mod_rewrite on default too.
  • you will be firewalled (i hope) so ofc - you will have passive ftp.

hope that will help you ;))

7

whoppss… misspelled not 6gb - 4gb. anyways both are enough.
also make sure to disable root access through ssh. there is other ways to become superuser from any “approved” user (added to wheel group or set directly on sshd config).
and install rootkithunter - and set it in cronjob to make everyday report & update itself, very handly tool. sometimes its arguing on cpanel scripts but really detect alot of root kits & worms.

8

Also install CSF, and I’d recommend getting your server security hardened by configserver.com. Spend some time going through the CSF config file /etc/csf/csf.conf and dialing down the settings a little. You’ll need some sort of anti-spam solution and they have an excellent product which extends what cPanel has to add anti-virus and filtering of attachments. Some sort of mod_security ruleset coupled with CSF is a lifesaver.

You might want to check out our cPanel backup rotation script ‘postcpbackup’ at www.whmscripts.net - it provides configurable rotation of backups, and the accompanying cprevert provides one-line restores of directories and files. There is other stuff there that would also be useful - for example, rebootnotify, rblcheck, and prekillacct are all must-haves.