As you might have already read in my previous blog post, I took the plunge, and setup a VPS server on Time4VPS running Centos 7. This blog post is about how I went about setting up and configuring the Server to become a web server, and how I migrated websites from a shared hosting provider (Bluehost in this case) to the new server without any downtime whatsoever.
At this point, I am assuming Centos 7 is up and running on your shining new VPS, and you have console access to the machine. I am also assuming apache is installed.
1. Create an organised directory structure for your virtual hosts
The first step is to create a directory structure under /var/www/html to contain all your virtual hosts. In my case I like to have a directory called “live-servers”, with sub-directories containing the different domains, and further sub directory containing the actual websites.
# cd /var/www/html # mkdir live-servers # cd live-servers # mkdir domain1.com # mkdir domain2.com # cd domain1.com # mkdir www.domain1.com # mkdir shop.domain1.com # mkdir blog.domain1.com # cd ../domain2.com # mkdir www.domain2.com
2. Install missing services, start, and enable start on boot
If maria-db is not installed, install it using
# yum install mariadb-server
and configure it via
Remeber the root password you setup for your mysql installation. DO NOT USE THE SAME ROOT PASSWORD YOU USE TO ACCESS THE SERVER !
I do not recommend installing phpmyadmin, but if you really want to, at least make sure you allow connection only from specific ip addresses in its configuration. You can install phpmyadmin from epel-releases
# yum install epel-release # yum install phpmyadmin
# systemctl enable mariadb # systemctl enable httpd
3. Secure the server using firewalld
Keep in mind that the VPS server is exposed to the internet 24 X 7, and moments after you set it up, chances are someone will try to hack into it. I cannot stress enough about the importance of secure passwords, and the use of different passwords for different services. Also keep the number of open ports to an absolute minimum.
Set the network interface(s) to external, and if you absolutely must leave sshd running, do not open port 22 for it, but rather forward some random port in like 32212 to 22 internal. This will reduce a bit the chances of someone trying to hack in by making them having to guess which port is used for what. It is also a good idea to disable root login via ssh.
# vi /etc/ssh/sshd_config
Change this line:
Edit to this:
Save and quit and restart the sshd daemon to commit the changes
# systemctl restart sshd
You will obviously need to open port 80 (http) and port 443 (https) to make the web server accessible from the outside world.
Configure network card as “external”
# firewall-cmd --zone=external --add-interface=vmnet0:0 --permanent
Remove access to port 22 (ssh)
# firewall-cmd --permanent --zone=external --remove-port=22/tcp # firewall-cmd --permanent --zone=external --remove-service=ssh
Allow access to http and https
# firewall-cmd --zone=external --add-service=http --permanent
# firewall-cmd --zone=external --add-service=https --permament
If desired, forward a random port to ssh
# firewall-cmd --zone=external --add-port=32216/tcp --permanent # firewall-cmd --zone=external --add-forward-port=port=32216:proto=tcp:toport=22 --permanent
After the configuration is complete
# firewall-cmd --zone=external --list-all
should return something like this :-
external (active) target: default icmp-block-inversion: no interfaces: venet0:0 sources: services: http https ports: protocols: masquerade: yes forward-ports: port=32216:proto=tcp:toport=22:toaddr= sourceports: icmp-blocks: rich rules:
finally enable firewalld on startup
# systemctl enable firewalld
4. Lets start copying the files and databases
At this point, if everything is configured well, you should be able to see the centos apache test page of your server by pointing your browser to http://server-ip-address.
If not, double check the firewalld settings, and issue a
# systemctl status httpd
to make sure the apache server is running.
Once everything is ok, it is not time to start copying files.
In order to copy files, we will need ssh access to your “old” server. We will be using rsync to copy the files from the “old” server to our vps server. Later on we will also need a list of usernames and passwords of the old sql server. If these are no longer available, the relative websites will need to be configures with new credentials to access their relative databases.
# cd /var/www/html/live-servers/domain1.com/www.domain1.com # rsync -avz -e ssh [email protected]:public_html/domain1.com/www.domain1.com .
The command will ask for the ssh password of the [email protected] and will take some time, depending on how large the website actually is. Be patient !
Repeat the above command for the other domains you will to transfer.
When the transfer finishes, it is time to copy all the databases from the old sql server to the new server.
# ssh [email protected] mysqldump -usql_user -p'THE PASSWORD' --all-databases > all_databases.sql
The above command, will dump all databases (assuming sql_user has access to all databases) to a file called all_databases.sql on the new server. Again depending on the size of the databases, this could take a while.
Once the database dump is complete, we need to import all databases into our new sql server as follows :-
# mysql -h127.0.0.1 -uroot -p'the_new_password' < all_databases.sql
Once the import is complete, login to the mysql server and list the databases.
# mysql -uroot -p'the_new_password' Welcome to the MariaDB monitor. Commands end with ; or \g. Your MariaDB connection id is 15584 Server version: 5.5.52-MariaDB MariaDB Server Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. MariaDB [(none)]>show databases; +---------------------------+ | Database | +---------------------------+ | information_schema | | database 1 | | database 2 | ........... | mysql | | performance_schema | +---------------------------+
You should be able to see a list of all the databases present on the old server. If not it means that the user you used to dump the databases, did not have the privileges on all the databases. Fix that and redo the export and import.
Next you need to create the usernames and passwords inside the sql server and grant them access to their relative databases. Maintaining the username / password scheme on the old server, will save you the trouble of having to re-configure each website accordingly.
MariaDB [(none)]>create user 'user1'@'localhost' IDENTIFIED BY 'password';
MariaDB [(none)]>grant all privileges on database.* to 'user1'@'localhost' identified by 'password';
MariaDB [(none)]>Flush privileges;
The above commands will need to be issued for each user in the old sql server.
5. Configure the virtual hosts
Normally the last line of /etc/httpd/conf/httpd.conf is IncludeOptional conf.d/*.conf.
# Supplemental configuration # # Load config files in the "/etc/httpd/conf.d" directory, if any. IncludeOptional conf.d/*.conf
What this essentially means is that any files with the “.conf” extension, located at /etc/httpd/conf.d will be loaded and parsed as part of the httpd.conf configuration. You could therefore add all your virtual hosts inside one file, or create a separate .conf file for each host.
I have created a single file called “virtualhosts.conf” and added all my virtual hosts there. You can also create a separate conf file for each of your virtual hosts. Remember that the extension must always be “.conf”, otherwse the configuration file will not be loaded.
# vim /etc/httpd/conf.d/virtualhosts.conf
Create the virtual host, based on your needs, I will create one based on the paths explained in Step 1.
NameVirtualHost *:80 <VirtualHost *:80> DocumentRoot /var/www/html/live-servers/domain1.com/www.domain1.com/ ServerName domain1.com ServerAlias www.domain1.com ErrorLog logs/domain1.com-error_log CustomLog logs/domain1.com-access_log common # Other directives here </VirtualHost>
# service restart httpd # service status httpd
If the httpd service fails to start, rename the file you have just created to *.conf_
# mv /etc/httpd/conf.d/virtualhosts.conf /etc/httpd/conf.d/virtualhosts.conf_
Try to restart httpd again
# service restart httpd # service status httpd
If this time httpd is successful it means that something is wrong with the syntax of the virtualhosts.conf you have just created. Find the problem, rename the file to virtualhosts.conf and restart the service.
6. Install php and any missing modules
Depending on your needs, you will most likely need to install the php modules to your apache web server. Issuing :-
yum install php php-mysql php-xml
will install php 5.6 at the time of writing. php-mysql is a module you will most definitely need too. Depending on your website, you might need additional php modules like php-ldap etc.
Install these as required
Finally restart the httpd (yet again)
# systemctl restart httpd
7. Test the new server by modifying your HOSTS file
The website you have just copied is now available on the new server. To access it we need however to point our broswser to www.domain1.com, using the new server I.P. Address.
We do not want to mess up DNS records yet, just in case something is still missing from our website. We will therefore edit our local HOSTS file to force our PC to use the new IP Address for the domain.
On a Windows PC open and elevated command prompt (right click, run as administrator on cmd)
navigate to C:\Widnows\System32\drivers\etc and open the hosts file using notepad
Microsoft Windows [Version 10.0.14393] (c) 2016 Microsoft Corporation. All rights reserved. C:\WINDOWS\system32> C:\WINDOWS\system32>cd drivers C:\Windows\System32\drivers>cd etc C:\Windows\System32\drivers\etc>notepad hosts
Add an entry to the end of the hosts file with your vps server IP Address followed by a space and the domain name (the same same you defined in virtual hosts) in step 5. Optionally you may also add the “www” entry (the one we added as a server alias in step 5)
Note: If you are using a Mac PC or Laptop, the hosts file is located in /private/etc/hosts
You will need to sudo privileges to edit it, but the concept is the same
aaa.bbb.ccc.ddd domain1.com www.domain1.com
(where aaa.bbb.ccc.ddd is the vps IP Address)
Save and close notepad. Test things out by pinging domain1.com, and making sure that the right address comes up.
C:\Windows\System32\drivers\etc>ping domain1.com Pinging domain1.com aaa.bbb.ccc.ddd] with 32 bytes of data: Reply from aaa.bbb.ccc.ddd: bytes=32 time=62ms TTL=53 Reply from aaa.bbb.ccc.ddd: bytes=32 time=63ms TTL=53 Reply from aaa.bbb.ccc.ddd: bytes=32 time=63ms TTL=53 Reply from aaa.bbb.ccc.ddd: bytes=32 time=63ms TTL=53 Ping statistics for aaa.bbb.ccc.ddd: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 62ms, Maximum = 63ms, Average = 62ms C:\Windows\System32\drivers\etc>
Note also that your server could be configured not to reply to pings, in which case you will see a Request timed out. The most important thing at this point is that the IP Address is correct.
Next open your browser, clear the cache for good measure, and point it to http://domain1.com or http://www.domain1.com
The web page should appear on your browser after a couple of seconds. If it does not, it probably means you are missing some dependency (most likely a php module). In this case /var/log/httpd/domain1.com-error.log is the place to start
8. Modify the DNS A record to point to the new server
Once the wesbite is up and running, and thoroughly tested, it is now time to modify our dns records, to tell the world about our change. Head to the “old” server’s domain records, and point the A record of domain1.com to the new server I.P.
For a while, while the DNS records propagate across the web, users accessing your website might still get the old IP. This depends on the T.T.L (time to live) of the record. This process will most likely take no more than a couple of hours, but to be safe you should leave your old server running for at least 24 hours.
9. Create a new user, add him to apache group for upload and to the sudoers group
As a final thing, add a user to the new server
and set a SECURE password for the user
Changing password for user username. New password: Retype new password: passwd: all authentication tokens updated successfully.
Finally add this user to the apache group. This will give the users read/write access to the html directories, and can be used to upload files to the serve via sftp or scp.
#usermod -a -G apache <username>
Finally add the users to the “sudoers” group, this will give you flexibility in case you need it.
add the following to the last line of the file
<username> ALL=(ALL) ALL
Save the file, and that’s it. You can now enjoy your new server 🙂