Author Topic: [Tutorial] How to configure your server  (Read 32172 times)

0 Members and 1 Guest are viewing this topic.

Offline
**
[Tutorial] How to configure your server
« on: April 28, 2015, 08:25:20 PM »
Read everything first before doing something wrong
You might also be interested on this tutorial: http://forum.centos-webpanel.com/how-to/%28tutorial%29%28windows-users%29-how-to-configure-test-your-server/


----

After you proceed with these steeps:
http://centos-webpanel.com/installation-instructions

You'll have a fresh installation and you will need to configure your server step-by-step.
The following tutorial explains how to configure more than 1 domain with different domain accounts.
Usually i configure every domain with a different account, so i have everything split and if i need to give access to someone i don't give them access to everything - altho you can create 1 Main account with your main domain and add add-on domains, but i don't recommend you to do it this way, because of what i explained above.

User advise:
I'm not responsible for your actions and configurations, everything that you do based on my tutorial it's your own responsibility.
These are the steeps that i make every time i have to format and reinstall my server - this was tested before.

------------------------------ Let's proceed ----------------------------
Every action as index.php?module=bla-bla-bla this refers to the page that you need to access, so, for example, if your CWP webpage is https://37.100.200.100:2031/ you'll need to access to the link: https://37.100.200.100:2031/index.php?module=bla-bla-bla

------
I'm using dynadot as my DNS provider, so i have to configure this (if you are using other DNS provider, please take your time to ask them what should be your DNS domains):

index.php?module=nameservers - Name servers configuration (DNS Functions - Edit Nameservers IPs)
NS1 SubDomain: ns1.dynadot.com
NS2 SubDomain: ns2.dynadot.com
NS1 IP: 127.0.0.1
NS2 IP: 127.0.0.1
Overwrite DNS Zone file: Check
Restart DNS Server: Check

If you want to use Centos DNS configurations, just leave it as it is :)

------
index.php?module=settings - Server settings  (CWP Settings - Edit Settings)
Shared IP: (same as default)
Apache Port: 80
Root Email: (some email that you use, it can be an email that is going to be created in the previous future on your server - it should be created or exist already because you might want to receive important emails from it)
Forward root emails: (It's up to you, if you check it, you'll receive Cronjobs emails daily, and this might not be usefull for you, i leave it un-checked)

------
index.php?module=change_hostname - Hostname (Server Settings - Change Hostname)
hostname: (Every server has a main domain, for example: mycompanny.com, you have to configure this based on that, usually i add "srv1." before my main domain, example: svr1.mycompanny.com - also mycompanny.com should be registered already and you should have control of it, otherwise your emails are going to be sent with an invalid hostname
- I also recommend you to add an A record to your DNS based on your hostname, for example: svr1.mycompanny.com > A > 37.100.200.100 (your server IP address that you are configuring)
- Never add "http://" or "www"
- Always add a sub-domain to your hostname like "srv1." or whatever you feel right (don't forget the "." on your sub-domain).
- Make sure you don't mess with this configurations, because it's going to ruin your email configurations.

------
/index.php?module=edit_package&id=1 - Edit your main packadge (Packages - List Packages - [Edit Package])
- Since my server is to be used just by me, and i have total control of it, i configure it with almost no restrictions, but take care on my notes.

Disk Quota: This is the quota of diskspace that every sever user should have (maximum) - you have to install disk quota before if you want to make this work, i don't need it so i just ignore this and leave it as it is or just configure it as 0 (zero))
Bandwidth: 9999999
FTP Accounts: 100
Email Accounts: 300
Email Lists: 500
Databases: 500
Sub Domains: 500
Parked Domains: 500
Addon Domains: 500
Hourly Emails: 500 (I don't recommend you to configure it like 9999999, because you might one day have an hacker on your server destroying your email reputation blacklisting it, by sending spam out of it, mining emails accounts, etc.)
Update Quota: Check

------
index.php?module=new_account - Creating a new account (User Accounts - New Account)
- If you have more than one domain, i recommend you to repeat this step over and over for each domain, before proceed to the next steps (altho you can do this in the future any time, but keep yourself organized).

domain: mycompanny.com
username: mycomp
email: (usually i use the same as i've configured on the host name)
Shell Access: uncheck (usually i access to my server as root user, but if you want to give SSH access to other people, check it! It's more secure!)
Processes: 40
(the other fields, leave them as they are)

-----
index.php?module=postfix_manager - configure your email (Email - Postfix Manager)
AntiSpam/AntiVirus: Uncheck - If you check this, you'll have to remove manually the spam that you get on your server (spam get email queue) - usually i don't check this option, i let the other people clean their own spam by themselves - but this is up to you.
rDNS Check: Check - But take in mind that every email that doesn't complain with this, will get mail queued as well
Install DKIM & SPF: Check - This is very useful and you should have this! So you can sign and verify your emails so they never go to spam
Reject Unknown Hostname: Check - But take in mind that every email that doesn't complain with this, will get mail queued as well
Hostname: (don't change this!!)
Domain: (don't change this!! It must be equal to the hostname but without the subdomain, for example if your hostname is "svr1.mycompanny.com", your domain should be "mycompanny.com" (in this case, without "srv1."))

(Althow by my needs i just check: Install DKIM & SPF)

1) Press: Rebuild Mail Server
2) Press: Restart All Mail Server Services

-----
Go to your webserver directory /etc/postfix/ and edit the file: main.cf
> Edit the line:
   mydestination = $myhostname, localhost.$mydomain, localhost
> To:
   mydestination = localhost.$mydomain, localhost
> Add to the end of the file:
   spamass_destination_recipient_limit = 1
   dovecot_destination_recipient_limit = 1

(this fix a lot of problems on having multiple domains on your server, sometimes you can't receive emails on some domains - with this modification everything will work just fine)
- If you "Rebuild Mail Server" again, you'll need to reconfigure this once again!
------
index.php?module=mail_add-new - Create email accounts or email alias (Email - Add Email Account)
> Now you can create every email account or email alias you need to

------
index.php?module=phpini_editor - Edit PHP configurations (PHP Settings - PHP Simple Editor)
- If you need to import mysql Databases and they have more than 150MB, i recommend you to change this values first, based on your databases' size, then i recommend you to configure them as they were before, for security reasons.

upload_max_filesize = 500M
post_max_size = 500M
> Now you can import all databases you have throw phpmyadmin or other fancy way you use.
> When you finish importing databases, make sure you configure this values back again to their default values, to avoid security problems.
-----
index.php?module=file_editor&file=/usr/local/php/php.ini - Edit PHP main configurations (PHP Settings - PHP.ini Configuration)
> Search for "date.timezone", if this line starts with ";", remove the semicolon.
   Configure it with your timezone, for example: date.timezone="Europe/Lisbon"
> Search for "disable_functions", if this line starts with ";", remove the semicolon.
   Configure it as: disable_functions=system,exec,shell_exec,passthru,popen,proc_open,parse_ini_file,show_shource,symlink,chmod
   This way, you'll increase your server security, avoiding an hacker to use some insecure php functions, but take in mind if you'll need some of those functions! If so, just remove them from the configuration!

-----
Restart your apache server at this point, you can do it by shell command "service httpd restart" or go to your CWP main page and restart it from there

-----
Now access to "/home/some user that you have created/public_html" and clean every file that you see there - do this for each user

-----
index.php?module=add_subdomain - Add new sub-domains (Domains - Add SubDomain)
- Create all sub-domains you need
- Make sure you configure the field "Path: /home/USERNAME" correctly, and always take a look on index.php?module=list_subdomains to see if everything is going as planned.

Note: You can also add domains, but i recommend you to create an individual account for each domain you have as mentioned on steep "Creating a new account"

-----
Now you can import every website file you have to each individual folder you have configured on your sub-Domains.
Do this with your FTP client.
> Note: You have created an account for each individual domain right? So if you want to import an website with a specific domain, you have to access with that specific account. But you can also access with root user, upload every website file and then fix every folder ownership permissions after the importation (next steep bellow) - if you don't do this, you'll see a server error.

-----
index.php?module=fix_acc_perm - Fix ownership permissions (User Accounts - Fix Permissions)
Sometimes you forget and you access with the root user and you upload files and your websites stop working (you see a server error instead), so i recommend you to fix permissions to each user you see on that combo box.
This option fix all folder permissions and ownership and everything starts working again.

----
If you need roundcube to allow users to store their passwords on their browser:
> Go to this directory "\usr\local\apache\htdocs\roundcube\config\" open "main.inc.php" with an editor
> And edit this $rcmail_config['login_autocomplete'] = 1

----
Every-time you send a php email throw mail() function, the email used there are based on your root user and your hostname, so if you want to change that to a new fancy email.

/index.php?module=file_editor&file=/usr/local/php/php.ini - Main php configurations (PHP Settings - PHP.ini Configuration)
> Search for "sendmail_path", if this line starts with ";", remove the semicolon.
   And edit it by:
      sendmail_path = /usr/sbin/sendmail -t -i -f fancyName@myFancyDomain.com
   > The email name can be anything you want to, and it doesn't need to exist on your server, but the domain used on that email should exist on your server - you cant just create an fancy domain like that young boy! Otherwise, your PHP emails are going to the spam folder.

----
Now you should configure your domain redirections
> Go to this directory "/usr/local/apache/conf.d/" open "domain-redirects.conf" with an editor
   I recommend you to remove everything, for security reasons
   > Then add these 2 lines:
      RewriteEngine on
      Alias /mail /usr/local/apache/htdocs/roundcube
   > This allows you to redirect to roundcube every-time you access to http://www.anyone_of_my_domains.com/mail
   > Note, i don't recommend you to access to roundcube with your server IP, like: https://37.100.200.100/roundcube  because your emails are not going to be sent out with a specific domain, because roundcube doesn't know your domains so roundcube always send your emails based on your URL, and those emails might get into the spam folder.

> Go to this directory "/usr/local/apache/conf.d/" open "system-redirects.conf" with an editor
   I recommend you to remove everything, for security reasons
   > Add this line:
       Redirect permanent /roundcube http://my_main_domain.com/mail
       > my_main_domain.com - should be your main domain

----
/index.php?module=crontab - Cron jobs (Server Settings - Crontab)
If you need to create a specific job that is executed various times in time, you can use this option here.
You can, for example: reboot your server at 0AM of every day, for this:
> Area: "Add Common Cron Jobs"
  > Settings: Once a day (0 0 * * *)
  > Command: reboot
>This is recommended to be done, you can specific the day and the month you need to reboot your server, just follow the scheme on the right side

If you are receiving cronjob emails
> You can avoid it by adding (To "Add Full Custom Cron Jobs" area):
   MAILTO=""
   > Or you can specify another email, for example: MAILTO="myfancyemail@gmail.com" (it can be whatever email you need to)

If you want to edit this area manually, the file you should edit are stored on: "/var/spool/cron/" and it's called "root"

> Restart your crontab at this point, you can do it by shell command "service crond restart" or go to your CWP main page and restart it from there

----
If you access your server with your IP address, or access to a bad configured domain or subdomain - you'll see the centos-webpanel main page, if you want to change it or redirect users to elsewere when that happens, just go to "/usr/local/apache/htdocs" and edit the file "index.html"

-----
WebFTP is a Centos-Webpanel feature, i don't use it and for security reasons i disallow access to it, if you want to do the same
> Go to "/usr/local/apache/htdocs/" directory
> This website is stored on "webftp_simple" folder, you can simply change its name to anything else.

-----
PhpMyAdmin has a security rule of 1400 seconds per session, if you get inactive for that time, you lose your session and you have to re-login, and that is annoying, if you want to chose that
> Go to "/usr/local/apache/htdocs/phpMyAdmin/" directory, and edit the file "config.inc.php"
> Add this line to the bottom of your file:
   $cfg['LoginCookieValidity'] = 10000;
   > 10000 are the total of seconds for interaction, in this case: 2,78 hours
   > Configure this value based on the value you feel better for yourself.
   > 3600 - 1 hour | 7200 = 2 hours | 10 800 - 3 hours | ...

------
I'm using OVH services, and they allow me to have a backup storage for free (in this case i use NFS), this is basically an external server that is used only for cloud service proposes.
If you want to configure this, you just need to execute this commands on your SSH (i use putty)

Code: [Select]
yum install nfs-utils rpcbind
/etc/init.d/rpcbind start

Now you might have an OVH email with your NFS data, for example:
Code: [Select]
Login: myOvhHostName.eu
Password: *******
FTP server: ftpback-blabla.ovh.net

Then you need to mount a virtual folder by executing this SSH command:
mount -t nfs ftpback-blabla.ovh.net:/export/ftpbackup/myOvhHostName.eu /backup_storage

ftpback-blabla.ovh.net - FTP server
/export/ftpbackup/myOvhHostName.eu - Login
/backup_storage - Your destination server folder

Then you need to go to "/etc/" directory and edit "fstab" file with an editor
> Add this line to the bottom
   ftpback-blabla.ovh.net:/export/ftpbackup/myOvhHostName.eu /backup_storage nfs rw 0 0

----
/index.php?module=backups - Configure backups (CWP Settings - Backup Configuration)
Enable Backup: Check
Backup Folder Location: /backup_storage (here i configure the NFS folder)
Daily Backup Retention: Check
Weekly Backup Retention: Check
Monthly Backup Retention: Check
MySQL Backup: Check
Backup All Users: Check

----
Reboot your server now :)
« Last Edit: April 29, 2015, 01:03:43 PM by pedromidiasf »

Offline
*
Re: [Tutorial] How to configure your server
« Reply #1 on: May 13, 2015, 09:56:39 AM »
thanks

Offline
**
Re: [Tutorial] How to configure your server
« Reply #2 on: May 18, 2015, 02:46:29 PM »

Offline
***
Re: [Tutorial] How to configure your server
« Reply #3 on: May 22, 2015, 05:23:49 PM »
Really do you send backup data over FTP? Unencrypted backup data?
8==D it's a function that try to compare 8 (int) against D (string) and not ALWAYS does return false.

Offline
**
Re: [Tutorial] How to configure your server
« Reply #4 on: May 26, 2015, 05:42:12 PM »
Really do you send backup data over FTP? Unencrypted backup data?

Yes why? This is an OVH private network, nothing access to it, it's how OVH handles backups since when you format the server everything gets lost

Offline
***
Re: [Tutorial] How to configure your server
« Reply #5 on: June 05, 2015, 03:54:57 PM »
If it's a private network connection my question does not apply to you unless you don't trust your own provider.
8==D it's a function that try to compare 8 (int) against D (string) and not ALWAYS does return false.

Offline
*
Re: [Tutorial] How to configure your server
« Reply #6 on: July 12, 2016, 04:06:42 PM »
Bandwidth: 9999999

what is the meaning of bandwidth here? it is life time bandwidth quota for a user like disk space or what and how to monitoring / track its usage?

Offline
*
Re: [Tutorial] How to configure your server
« Reply #7 on: November 11, 2016, 02:51:37 PM »
I don't understand.

If I setup my server as hostname srv.domain.com once setup do I also need to add the sub domain srv in the domains section of the admin panel ?

Offline
*
Re: [Tutorial] How to configure your server
« Reply #8 on: April 09, 2017, 07:20:56 AM »
How to do it ?

1. Add second port for SMTP for example 2525 ?
2. Make CWP stay with domain when login. I donot want it will redirect to IP:PORT

Offline
**
Re: [Tutorial] How to configure your server
« Reply #9 on: July 07, 2017, 08:58:43 PM »
I don't understand.

If I setup my server as hostname srv.domain.com once setup do I also need to add the sub domain srv in the domains section of the admin panel ?

No you just need to create that on your DNS server, you don't need to create an virtual host since that is not going to be used to any website, well only if you need to, but i clear don't see any reason.

Offline
**
Re: [Tutorial] How to configure your server
« Reply #10 on: July 07, 2017, 09:00:48 PM »
Bandwidth: 9999999

what is the meaning of bandwidth here? it is life time bandwidth quota for a user like disk space or what and how to monitoring / track its usage?

Bandwidth is in fact the amount of data the user is able to download\upload, but i'm not quite sure if this counting it daily, weekly or monthly, i just add it to the maximum so i don't have any issues latter on. But this doesn't mean you will need to do the same, maybe you need to limit the bandwidth for some user.

Offline
**
Re: [Tutorial] How to configure your server
« Reply #11 on: July 07, 2017, 09:10:25 PM »
How to do it ?

1. Add second port for SMTP for example 2525 ?
2. Make CWP stay with domain when login. I donot want it will redirect to IP:PORT

1)
Some services like httpd allows you to add multiple ports like here:
https://www.cyberciti.biz/faq/fedora-rhel-centos-configure-httpd-listen-multipleports/
Not quite sure about SMTP

2)
That is already happening at least with my server, maybe you have configured something wrong, or maybe i have configured something right?  :D