To begin with, first install necessary software.
Setting up web server
For security purproses, we should use Apache MPM-ITK, that allows running PHP scripts as different users for different vhosts. Unfortutately, it is not available in default repositories, so, to install it, first add an alternative repository to yum configuration:
rpm -Uvh http://mirror.webtatic.com/yum/centos/5/latest.rpm
Then install Apache MPM-ITK:
yum install --enablerepo=webtatic httpd-itk
Then edit /etc/sysconfig/httpd and add the following line:
Check /etc/httpd/conf.d/itk.conf and make it look like
<IfModule itk.c> StartServers 2 MinSpareServers 2 MaxSpareServers 10 ServerLimit 256 MaxClients 256 MaxRequestsPerChild 4000 </IfModule>
In the next step we are going to install PHP and MySQL as the most required tools. As well we'll add some PHP extensions, such as bcmath, APC accelerator, GD graphics library. You can also install Ruby, if necessary:
yum install php php-pecl-apc php-mysql php-cli php-gd php-bcmath php-mbstring php-intl mysql mysql-server
Then edit /etc/httpd/conf.d/php.conf - insert the following lines:
<IfModule itk.c> LoadModule php5_module modules/libphp5.so</IfModule>
After that, create user home directory template. I'm going to use user's home subdirectory as site's www root. We assing a separate user to each website, so this will be consistent.
[[email protected] ~]# cd /etc/skel/ [[email protected] skel]# mkdir logs [[email protected] skel]# mkdir tmp [[email protected] skel]# mkdir www
Create a separate directory containing configuration files for VirtualHosts
[[email protected] skel]# mkdir /etc/httpd/conf.vhosts
Then add to the end of /etc/httpd/conf/httpd.conf the following lines:
# # Load config files from the config directory "/etc/httpd/conf.vhosts". # Include conf.vhosts/*.conf
Allow MySQL server to start automatically when the system boots:
[[email protected] ~]# chkconfig mysqld on
Start the server and set up password (answer Y to all questions):
[[email protected] ~]# service mysqld start# /usr/bin/mysql_secure_installation
Do not forget to allow incoming connections in firewall. In CentOS, run
[[email protected] ~]# system-config-firewall-tui
You will need to open port 80 (and 443, if you plan to use SSL).
Adding a new website / user
As long as we use 'one site - one user' principle, we should create a new user:
[[email protected] ~]# adduser hosting01
I assume that example.org is your domain in this example. You will also need to set up A record for yor domain, so it will point to your server's IP address. (You can do this at your domain registrar/nameserver)
In the next step we'll add separate VirtualHost to Apache. Create a new file named /etc/httpd/conf.vhosts/hosting01.conf and make it look like:
Add new MySQL user/database, if necessary:
# mysql -u root -p
CREATE DATABASE hosting01;CREATE USER 'hosting01'@'localhost' IDENTIFIED BY 'password';GRANT ALL PRIVILEGES ON hosting01.* TO 'hosting01'@'localhost'; FLUSH PRIVILEGES; quit
Then restart Apache:
# apachectl restart
If there are no errors, navigate to http://example.org (I assume that example.org is your domain) and you will see contents of your /home/hosting01/www/index.php or index.html.
PHP scripts will run with privileges of hosting01 user, and will be able to work with files in /home/hosting01/www and /home/hosting01/tmp directories only. You may also set /home/hosting01/tmp as temporary directory in your CMS.
This is much more secure way to run several blog/sites on yor VPS: if a hacker attempts to upload malicious file, it will not be accessible from the web. If he manages to hack your website, he will be only able to change it's contents, not neighbouring site's.
If something goes wrong, first check file permissions:
chown -R hosting01 /home/hosting01/www/*