First steps, installation!
yum install php php-mysqlnd httpd
You'll want either MySQL
yum install mysql-server mysql-client
Or MariaDB, a variant of MySQL
yum install MariaDB-server, MariaDB-client
You'll probably want git, memcache, and php apc as well. You'll have to start the memcache service yourself.
yum install git memcached php-pecl-apc
Second step, configure MySQL and allow remote access
Start up MySQL with " service mysql start " then run: " mysql_secure_installation " You'll probably want to make sure you can't login to the root account and get rid of the other unnecessary stuff.
Now depending on your instance, you'll want to tune the installation.
For MySQL, you'll find your config file in /etc/my.cnf. For MariaDB, you'll find your config file in /etc/my.cnf.d/server.conf
Some my.cnf examples.
You'll probably want these settings, but basically tune the buffer sizes according to your uses. Make sure that you actually tune the server settings a couple of times and run: " free " or " ps aux " to see how much memory is used and free/cached and how much MySQL is taking/reserving.
Now you'll want to create some users for MySQ, so go run "mysql -p" and type in your password
In this command shell you'll want to create a user for yourself.
" CREATE USER 'BLAHHUSER'@'youriphere' IDENTIFIED by 'somepassword' "
You can use the wildcard operator (%) for your user if you are not sure your IP is static. WhatsMyIPhttp://dev.mysql.com/doc/refman/5.5/en/adding-users.html
Okay, we have a user, but no permissions!
" GRANT ALL PRIVILEGES ON *.* TO 'user'@'youriphere' WITH GRANT OPTION"
You can restrict the permissions of course and use IDENTIFIED BY to further limit which user gets what as you should generally be careful here as that statement.
If you have a webapp or whatever that's going to access the database, you should create a new user with localhost with a restricted set of permissions, so that sql injections are limited in destruction if it ever comes to that case.
Okay, so we are DONE with MySQL!
...almost… we actually need to add the mysql port to the whitelist of iptables
" iptables -I INPUT -p tcp --dport http -j ACCEPT "
" iptables -I INPUT -p tcp --dport mysql -j ACCEPT "
Now there is a traditional (probably safer) way of saving and restoring rules the for which you use
" iptables-save > /etc/iptables.rules"
" iptables-restore < /etc/iptables.rules"
And you put these guys into a start up/shutdown script, but I am lazy!
So we are going what I dub the "modern" way of doing this
" vim /etc/sysconfig/iptables-config"
Look for IPTABLES_SAVE_ON_STOP and IPTABLES_SAVE_ON_RESTART and set both to yes. You probably want to keep the restart one to no, if you don't want to save the rules on an "service iptables restart ". I found that the second one won't work without the first and I'm not sure if this is a bug. Most likely isn't given my understanding so far.
Anyway do " service iptables restart " or "service iptables stop" to save the rules from now on. It will save on shutdown as well, soooo no startup scripts for us!
Make sure you test that you can connect to make sure the settings were saved though! BE CAREFUL WHAT RULES YOU ADD IF YOU ENABLE SAVE_ON_RESTART!
Okay, the iptables drama saga has ended. Lets take a moment of silence. Now, were are off to setting up Apache!
Just a mention
Before we start, I'd like to give mention to Navicat MySQL as it is very simple to use and it will make your life as simple as pie in managing your sql databases. Please take a look at it and consider buying it as it is worth its value. Anyways….
Apache
(If you hate apache and want nginx only, then you'll want to stop here and google for that tutorial because I setup nginx as a reverse proxy to apache)
Let's go to "/etc/httpd/conf.d" and create a "sites" folder, so what I like to do is add a new file for all of the virtual hosts I will have.
Here is an example virtual host.
You'll need to use "yum install mod_ssl" if you have any https(secure) sites.
Now you may need to tune some settings in httpd.conf. In fact, you should! Here is an example:
Timeout 45
KeepAlive On
MaxKeepAliveRequests 200
KeepAliveTimeout 3
StartServers 5
MinSpareServers 1
MaxSpareServers 10
MaxClients 30
MaxRequestsPerChild 2000
Tune them, don't just copy... seriously. I have no responsibility for any unforeseen damages that take place because I have warned you.
Look for <directory /> or <directory /var/www/html> and turn AllowOverride None to All as this is needed for htaccess override.
Looks like we are done! I wrote this for my usage, but I feel it can be helpful to others as well.
Some tips
Chgrp and chown are super useful for managing access control. If you want to create a good structure, draw it out. To figure out how to segment groups and owners. For example, apache may need to upload files to certain places and you might want to let your developers edit that directory, well, create a group that has those two users and chgrp on the directory. The group could be called uploaders or something. Almost never have write permission for everyone.
Webmin makes your life easier being an open source control panel!
Read my article on setting up git for a dev/staging/product environment!