仝 tóng

VPS一步一步搭建网站环境(centos+fail2ban+iptables+apache+php+mysql)

Centos 6.5,Apache, PHP, Mysql, fail2ban, iptables, httpd.conf, php-xcache,Timezone,Hostname

1.Buy a empty VPS

2.Install centos 6.5 as your system

3. Install fail2ban
3.1 Download fail2ban-0.8.14 https://github.com/fail2ban/fail2ban/archive/0.8.14.tar.gz
3.2 $ tar -zxf 0.8.14.tar.gz //Decompression
3.3 $ cd fail2ban-0.8.14 && ./setup.py install // Install fail2ban
3.4 $ cp files/redhat-initd /etc/init.d/fail2ban // add fail2ban as system service
3.5 $ chmod 755 /etc/init.d/fail2ban // change permission
3.6 $ service fail2ban start // start fail2ban
3.7 $ chkconfig fail2ban on // start as system on
3.8 $ chmod 664 jail.conf
3.9 $ create sshd.log and mail.log in /var/log
3.10 $ download this jail.conf instead of default jail.conf

4. Iptables (/etc/sysconfig/iptables)
4.1 iptables // Add next content into it.
*security
:INPUT ACCEPT [381407:58691975]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [529616:285512383]
COMMIT

*raw
:PREROUTING ACCEPT [608692:71589164]
:OUTPUT ACCEPT [529616:285512383]
COMMIT

*nat
:PREROUTING ACCEPT [244339:14152813]
:INPUT ACCEPT [29053:1739515]
:OUTPUT ACCEPT [6794:427201]
:POSTROUTING ACCEPT [6794:427201]
COMMIT

*mangle
:PREROUTING ACCEPT [608692:71589164]
:INPUT ACCEPT [608692:71589164]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [529616:285512383]
:POSTROUTING ACCEPT [529616:285512383]
COMMIT

*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -d 127.0.0.0/8 -j REJECT --reject-with icmp-port-unreachable
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 25 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 110 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 25 -m state --state NEW,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m tcp --dport 110 -m state --state NEW,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -m limit --limit 20/min --limit-burst 100 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 443 -m limit --limit 20/min --limit-burst 100 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7
-A INPUT -j DROP
-A FORWARD -j DROP
-A OUTPUT -j ACCEPT
-A OUTPUT -p tcp -m tcp --sport 25 -m state --state ESTABLISHED -j ACCEPT
-A OUTPUT -p tcp -m tcp --sport 110 -m state --state ESTABLISHED -j ACCEPT
COMMIT

4.2 ip6tables
*filter

-A INPUT -i lo -j ACCEPT
-A INPUT ! -i lo -s ::1/128 -j REJECT

-A INPUT -p icmpv6 -j ACCEPT

-A INPUT -p tcp --dport 80 -m state --state NEW -j ACCEPT
-A INPUT -p tcp --dport 443 -m state --state NEW -j ACCEPT

-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

-A INPUT -m limit --limit 5/min -j LOG --log-prefix "ip6tables_INPUT_denied: " --log-level 7

-A INPUT -j REJECT

-A FORWARD -m limit --limit 5/min -j LOG --log-prefix "ip6tables_FORWARD_denied: " --log-level 7

-A FORWARD -j REJECT

COMMIT

4.3 $ service iptables restart
4.4 $ service ip6tables restart

5. Install Apache, PHP, Mysql
5.0 $ yum install epel-release && rpm -Uvh http://rpms.famillecollet.com/enterprise/remi-release-6.rpm
5.01 $ vim /etc/yum.repos.d/remi.repo //编辑[remi-php56] enabled=1
5.1 $ yum -y install httpd php mysql mysql-server php-mysql httpd-manual mod_ssl mod_perl mod_auth_mysql php-mcrypt php-gd php-xml php-mbstring php-ldap php-pear php-xmlrpc mysql-connector-odbc mysql-devel libdbi-dbd-mysql php-devel -y
5.2 $ service httpd start
5.3 $ service mysqld start
5.4 $ chkconfig httpd on
5.5 $ chkconfig mysqld on
5.6 $ mysqladmin -u root password 'your_mysql_password_you_want'
5.7 $ mysql_secure_installation
Enter current password for root: insert password just set
Change the root password?: n
Remove anonymous users?: Y
Disallow root login remotely?: Y
Remove test database and access to it?: Y
Reload privilege tables now?: Y
5.8 $ mysql -uroot -p
5.9 $ create database your_database;
5.10 $ grant all privileges on mysql_user.* to [email protected] identified by '123123 or you_want';
5.11 $ mysql -uroot -p your_database < your_database.sql

6. Hostname,ServerName,Timezone
6.1 Hostname $ vim /etc/sysconfig/network //change HOSTNAME=You-Host-Name
6.2 ServerName $ vim /etc/httpd/conf/httpd.conf //Add ServerName Your-ServerName
6.3 Timezone $ sudo cp /usr/share/zoneinfo/America/New_York /etc/localtime

7. Set httpd.conf
7.1 $ vim /etc/httpd/conf/httpd.conf

# </VirtualHost>
NameVirtualHost *:80
NameVirtualHost *:443
#

<VirtualHost *:80>
DocumentRoot /var/www/html/**
ServerName vps-ip-address
Redirect 301 / http://localhost
</VirtualHost>

<VirtualHost *:80>
DocumentRoot /var/www/html/**
ServerName www.example.com
ServerAlias example.com
<Directory /var/www/html/**>
AllowOverride All
</Directory>
</VirtualHost>

8. Install xcache
8.1 $ yum install epel-release
8.2 $ yum install php-xcache
8.3 $ service httpd restart
8.4 $ php -v

PHP 5.3.3 (cli) (built: Aug 11 2016 20:33:53)
Copyright (c) 1997-2010 The PHP Group
Zend Engine v2.3.0, Copyright (c) 1998-2010 Zend Technologies
    with XCache v3.0.4, Copyright (c) 2005-2013, by mOo
    with XCache Optimizer v3.0.4, Copyright (c) 2005-2013, by mOo
    with XCache Cacher v3.0.4, Copyright (c) 2005-2013, by mOo
    with XCache Coverager v3.0.4, Copyright (c) 2005-2013, by mOo