[Server] Initial Setup of CentOS 6.3 on Sakura VPS

First, as a prerequisite, the CentOS installed on Sakura VPS appears to be the 64-bit version.

(Last updated: 2013/09/15)

Prerequisites

Replace “your_username” with your actual username.

Creating Administrator Account

■ Create an administrator user since root privileges are dangerous

useradd -G wheel your_username
passwd your_username

■ Change so that only users in the wheel group can use su

vi /etc/pam.d/su

#auth required pam_wheel.so use_uid
↓（Change）
auth required pam_wheel.so use_uid

■ Change so that users in the wheel group can use sudo

visudo

#%wheel ALL=(ALL) ALL
↓（Change）
%wheel ALL=(ALL) ALL

SSH Configuration

■ Create .ssh directory

mkdir /home/your_username/.ssh

■ Create public key on client side and transfer to server

ssh-keygen -t rsa
scp .ssh/id_rsa.pub your_username@host:/home/your_username/.ssh
mv /home/your_username/.ssh/id_rsa.pub /home/your_username/.ssh/authorized_keys

Or create by copying and pasting via remote console.

vi /home/your_username/.ssh/authorized_keys
ssh-rsa xxxx （Paste）

■ Change access permissions and ownership of public key file

chmod 700 /home/your_username/.ssh/
chmod 600 /home/your_username/.ssh/*
chown -R your_username. /home/your_username/.ssh/

■ SSH configuration changes

Replace using sed command.

sed -i 's/^#Port 22/Port 20022/' /etc/ssh/sshd_config
sed -i 's/^#PermitRootLogin yes/PermitRootLogin no/' /etc/ssh/sshd_config
sed -i 's/^#PasswordAuthentication yes/PasswordAuthentication no/' /etc/ssh/sshd_config

If manually changing, refer to below.

vim /etc/ssh/sshd_config

Port 20022
PermitRootLogin no
PasswordAuthentication no

service sshd restart

I got stuck because I couldn’t change the Port number, but the cause was editing ssh_config instead of sshd_config…

・Reference：Starting to Use Sakura VPS 2 – sudo and SSH Port Change | Akabeko Diary

■ SSH connection with public key authentication

ssh -p 20022 -i /Users/your_username/.ssh/id_rsa [email protected]

・Reference：ssh command - Must-see for Administrators! Network Command Collection：ITpro

Building Firewall

■ Configure firewall

・Since SFTP is used for content transfer, FTP ports are not opened

$ vim /etc/sysconfig/iptables

*filter
:INPUT   ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT  ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]

-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

# SSH
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 20022 -j ACCEPT
# HTTP
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80    -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 8080  -j ACCEPT
# MySQL
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 3306  -j ACCEPT

-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited

COMMIT

After configuration, restart firewall.

service iptables restart

yum Configuration

■ Repository changes

rpm -ivh http://rpms.famillecollet.com/enterprise/remi-release-6.rpm
rpm --import http://rpms.famillecollet.com/RPM-GPG-KEY-remi
 
rpm -ivh http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm
rpm --import http://dag.wieers.com/rpm/packages/RPM-GPG-KEY.dag.txt

# vim /etc/yum.repos.d/remi.repo

[remi]
enabled=1

■ yum upgrade

# yum -y upgrade

Hostname Configuration

If hostname is already determined, configure it around this time.

・[Linux] How to Change Hostname

Various Software Installation (to be updated as needed)

■ Apache

■ Nginx

■ MySQL

■ PHP

Reference Articles

■ Basic Configuration

・Trying “Sakura VPS” - Sakura Internet Founding Diary

・Basic Configuration for Using CentOS as a Server - Sakura Internet Founding Diary

・LAMP Environment Setup in 1 Hour for Web Developers (CentOS Edition) - Sakura Internet Founding Diary

・First-time Sakura VPS + CentOS Initial Configuration to Tuning Work Summary | Weble

・Low Price Under 1,000 Yen, Checking “Sakura VPS” - Server Construction Edition - SourceForge.JP Magazine

・How to Set Up VPS Initial Configuration and LAMP Environment - For Now 9JP

・【Sakura VPS】Initial Configuration | Untitled Documents.

■ Tuning etc.

・What I Did to Handle 60,000 PV Per Day with Sakura VPS - 2nd Year New Graduate Infrastructure Engineer

■ Comparison Articles with Other VPS

・Comparing Low-cost Budget VPS - Sakura Internet Founding Diary

That’s all from the Gemba.