Guide to Installing cPanel on Rackspace Cloud Servers

I have seen a lot of questions about cPanel on the cloud and several people were having issues getting it going. I wrote this guide for myself a while back and thought I would share it with you. I have had my server up and running for about 1 year now. If you have any questions, please do not hesitate to ask.

There are some parts where I could not put code in the code tag. It would generate a url that would not allow you to copy+paste. If you see any errors, please let me know and I will change it in the post.

I have included in this post some extra server hardening and some extra software that I found useful. Please do not assume that your server is fully hardened using this guide. I would recommend googling Server Hardening

This is pretty much a step by step guide.

You must have a cPanel license. You can google for places to get one.

Big help in writing this guide.
http://forums.cpanel.net/f185/beginners-guide-securing-your-server-30159.html
http://cloudservers.rackspacecloud.com/index.php/CentOS_-_cPanel/WHM_11.24

Setup Hostname

Code:
nano /etc/sysconfig/network

Change the line in the file to

Code:
HOSTNAME=myserver.domain.com

Restart Server
Restart the server after making hostname change.

Setup Basic System Stuff

Change Password

Code:
passwd

Update The System

Code:
yum update

Install Perl

Code:
 cd ~
 sudo yum install perl

Disable SELinux

Code:
nano /etc/selinux/config

change line in file to

Code:
SELINUX=disabled

Install Cpanel

cd /home
wget -N http://layer1.cpanel.net/latest
sh latest
/usr/local/cpanel/cpkeyclt

Config Server (IPTables) Install

Instructions from – http://www.configserver.com/free/csf/install.txt

rm -fv csf.tgz
wget http://www.configserver.com/free/csf.tgz
tar -xzf csf.tgz
cd csf
sh install.sh

Next, test whether you have the required iptables modules:

Code:
perl /etc/csf/csftest.pl

Then Remove files

Code:
 rm -rf csf
 rm -rf csf.tgz

Don’t worry if you cannot run all the features, so long as the script doesn’t
report any FATAL errors

That’s it. You can then configure csf and lfd by editing the files
directly in /etc/csf/*, or on cPanel servers use the WHM UI

If you need to remove

Code:
 cd /etc/csf
 sh uninstall.sh

Connect to cPanel
https://IP:2087
where IP is the ip of your cloud server instance.
root as username
password that was entered from above.

Nameserver Setup
Go to tweak Settings

Check box – ** Disable whois lookups for the nameserver IP manager.

You should then be able to go into Nameserver IPs and assign IP’s

Update Preferences
Select Automatic (RELEASE tree)
This is what I recommend. You can select whatever release tree you wish however.

Automatic

bandmin – Inherit
courier – Inherit
dovecot – Inherit
exim – Inherit
ftp – Inherit
mysql – Inherit
nsd – Inherit
python – Inherit

Automatic

Let the system do the upgrade.

Tweak Settings
You can check settings as needed later. Nothing is needed to be done immediately.

If you so choose to…

Under Domains
Prevent users from parking/adding on common internet domains. (ie hotmail.com, aol.com)

Under Mail
Default catch-all/default address behavior for new accounts – blackhole

Under System
Use jailshell as the default shell for all new accounts and modified accounts

ConfigServer Security&Firewall (under Plugins)
On the WHM UI menu, scroll all the way to the bottom. You will see ConfigServer Security&Firewall. Click that to make changes to your firewall.

Change testing from 1 to 0

You may also want to setup automatic updates.

Enable open_basedir Security
Go to Security Center then Tweak PHP open_basedir Security

Then Enable php open_basedir Protection.

Click Save.

Enable Shell Fork Bomb Protection
Go to Security Center then Shell Fork Bomb Protection

Then click enable protection button.

Enable cPHulk
Go to Security Center then Configure cPHulk

Then click enable button.

Disable Anonymous FTP
Goto Service Configuration =>> FTP Server Configuration

Disable Allow Anonymous FTP for both Annonymous logins and uploads.

Click save.

Change MySQL Root Password
Goto Mysql =>> MySQL Root Password

Change root password for MySQL

Imagemagick Install

Code:
yum install ImageMagick

Ruby Install

Code:
/scripts/installruby

iftop Install
From – http://ex-parrot.com/pdw/iftop/

cd ~
mkdir src
cd src
wget http://anduin.linuxfromscratch.org/sources/BLFS/6.3/l/libpcap-0.9.6.tar.gz
tar -xzf libpcap-0.9.6.tar.gz
cd libpcap-0.9.6
./configure
make
make install
cd ..

wget http://ex-parrot.com/pdw/iftop/download/iftop-0.17.tar.gz
tar -xzf iftop-0.17.tar.gz
cd iftop-0.17
./configure && make
make install
cd ../..
rm -rf src/

To use just issue the command iftop from the command line
ctrl-c to exit

mytop Install
From – http://jeremy.zawodny.com/mysql/mytop/

cd ~
mkdir src
cd src
wget http://jeremy.zawodny.com/mysql/mytop/mytop-1.6.tar.gz
tar -xzf mytop-1.6.tar.gz
cd mytop-1.6
perl Makefile.PL
make
make test
make install

After installation you will need to change a file to allow this program to function. There were some changes that happened in the later CentOS distributions.

Code:
nano /usr/local/bin/mytop

Ctrl+w
Search for
long|!
Then change

Code:
 "long|!" => \$config{long_nums},

to

Code:
 # "long|!" => \$config{long_nums},

All you are doing is commenting out a single line.

DOCUMENTATION
man mytop

IPTraf Install

Code:
yum install iptraf

To use just issue command iptraf from command line.

Install Clam Antivirus and cPanel Pro
!!! MAKE SURE TO GET LICENSE FIRST !!!
Go to – http://pro.cpanel.net/activate/

Go to Manage Plugins
Select Install and Keep Updated for both cPanel Pro and clamavconnector.
Click save

After install is complete go to the Configure ClamAV Scanner under plugins
and enable the Scan Mail. Then click save.

Set an SSH Legal Message

Code:
nano /etc/motd

Enter the following into the file.

Code:
 ALERT! You are entering a secured area! Your IP and login information
 have been recorded. System administration has been notified.

 This system is restricted to authorized access only. All activities on
 this system are recorded and logged. Unauthorized access will be fully
 investigated and reported to the appropriate law enforcement agencies.

You should be setup and ready to go with your new server! Please let me know if there is anything else that needs to be edited.

What Rackspace Cloud Sucks At? Customers Vote at Rackspace Feedback

Rackspace Cloud has a very nice and cozy small forum for all their customers and users to submit and vote for ideas and feedback, such as features they want but are currently not available, or improvements / fixes that need to be done to make the cloud a better product.

Check out the feedback forum here: http://feedback.rackspace.com/

You can read through all the ideas and requests as well as the comments to get an idea of what Rackspace Cloud is like and how it is doing in the eyes of their current customers and users. How the company is responding to these invaluable input is also an important factor in deciding to go with them or not.

A great move by Rackspace.

Cron jobs for rotating backups on Rackspace Cloud

I had found several scripts to run as cron jobs to create rolling back ups of my sites. But I couldn’t get any of them to work. The rolling backs ups that is. I turned to RSC tech support and they referred me to this blog post: http://capellic.com/blog/backup-script-rackspace-cloud

It worked the first time. The only changes I made were to set the script with the proper variables for my site.

Then I went ahead and modified the scripts so I had 7 days of daily backups and created a second script and cron job for 8 weeks of weekly backups. What is great about this script is I can set the frequency of the Cron jobs such that I tested the full run in one day. I set the daily script to run every 5 minutes and the weekly script every hour.

Here is my daily script dailybackup.sh:

Code:
#!/bin/bash
 # Modeled after <a href="http://snippets.dzone.com/posts/show/4172" target="_blank" rel="nofollow">http://snippets.dzone.com/posts/show/4172</a>

 #### VARIABLES
 # ACCOUNT_ROOT can be found on the Features tab in the control panel for the site
 export ACCOUNT_ROOT="/mnt/stor2-wc2-dfw1/427054/www.DOMAIN_NAME.com"
 export WEB_ROOT="${ACCOUNT_ROOT}/web/content"
 export DB_HOST="DB_SERVER_INTERNAL_NAME"
 export DB_USER="DB_USERNAME"
 export DB_PASSWORD="DB_PASSWORD"
 export DB_NAME="DB_NAME"

 #### PROGRAM - NO EDITING AFTER THIS LINE SHOULD BE NECESSARY
 echo "Rotating daily backups..."
 rm -rf $ACCOUNT_ROOT/backup_daily/07
 mv $ACCOUNT_ROOT/backup_daily/06 $ACCOUNT_ROOT/backup_daily/07
 mv $ACCOUNT_ROOT/backup_daily/05 $ACCOUNT_ROOT/backup_daily/06
 mv $ACCOUNT_ROOT/backup_daily/04 $ACCOUNT_ROOT/backup_daily/05
 mv $ACCOUNT_ROOT/backup_daily/03 $ACCOUNT_ROOT/backup_daily/04
 mv $ACCOUNT_ROOT/backup_daily/02 $ACCOUNT_ROOT/backup_daily/03
 mv $ACCOUNT_ROOT/backup_daily/01 $ACCOUNT_ROOT/backup_daily/02
 mkdir $ACCOUNT_ROOT/backup_daily/01
 echo "... done rotating daily backups."

 echo "Starting database backup..."
 mysqldump --host=$DB_HOST --user=$DB_USER --password=$DB_PASSWORD --all-databases | bzip2 > $ACCOUNT_ROOT/backup_daily/01/mysql-`date +%Y-%m-%d`.bz2
 echo "... daily database backup complete."

 echo "Starting file system backup..."
 tar czf $ACCOUNT_ROOT/backup_daily/01/web_backup.tgz $ACCOUNT_ROOT/web/content/
 echo "... daily file system backup complete."

 exit 0
 #### END PROGRAM

Here is my weekly script weeklybackup.sh:

Code:
#!/bin/bash

 #### VARIABLES
 # ACCOUNT_ROOT can be found on the Features tab in the control panel for the site
 export ACCOUNT_ROOT="/mnt/stor2-wc2-dfw1/427054/www.DOMAIN_NAME.com"

 #### PROGRAM 
 echo "Rotating backups..."
 rm -rf $ACCOUNT_ROOT/backup_weekly/08
 mv $ACCOUNT_ROOT/backup_weekly/07 $ACCOUNT_ROOT/backup_weekly/08
 mv $ACCOUNT_ROOT/backup_weekly/06 $ACCOUNT_ROOT/backup_weekly/07
 mv $ACCOUNT_ROOT/backup_weekly/05 $ACCOUNT_ROOT/backup_weekly/06
 mv $ACCOUNT_ROOT/backup_weekly/04 $ACCOUNT_ROOT/backup_weekly/05
 mv $ACCOUNT_ROOT/backup_weekly/03 $ACCOUNT_ROOT/backup_weekly/04
 mv $ACCOUNT_ROOT/backup_weekly/02 $ACCOUNT_ROOT/backup_weekly/03
 mv $ACCOUNT_ROOT/backup_weekly/01 $ACCOUNT_ROOT/backup_weekly/02
 mv $ACCOUNT_ROOT/backup_daily/07 $ACCOUNT_ROOT/backup_weekly/01
 echo "... done rotating backups."

 exit 0
 #### END PROGRAM

Each of theses scripts are stored in a cronjobs directory inside of web/content.

I created a backup_daily and backup_weekly directory at the root for the site. This is where the scripts will store the back up files.

Then I created two cronjobs. One that runs the daily backup each day at 3am and the other that runs the weekly backup every 7 days at 2:30 am.

From Rackspace Cloud Servers to Linode VPS – A move by Sacha Chua

Sacha Chua is a lovely girl hacker who knows computer, manages her own Linux server and developes in Emacs. She used to be on Rackspace Cloud Servers but later moved to Linode because the price is cheaper there. Both are unmanaged, which means you have to be the server administrator all on your own.

Check out her article about this move and how she likes Linode: http://sachachua.com/blog/2011/10/decision-review-switching-from-rackspace-cloud-to-linode/

In my opinion, Linode is indeed a fine alternative to Rackspace Cloud Server, especially to people who don’t need provision so often and who don’t need to scale.

A very full-fledged review of Rackspace Cloud

Here’s a very comprehensive review of Rackspace Cloud that deals with many different aspects of the cloud hosting provider, such as products offered, support, performance, reliability, documentation and resources, etc.. It’s a bit old but it’s still true in many ways as an introductory guide to people who are new to or want to know about Rackspace Cloud.

Check it out: http://srced.com/2010/12/rackspace-cloud-review-the-best-cloud-host/

Rackspace Rack Review – December 2012

Happy holidays and welcome to Rack Review! This monthly digest features new product updates, combined with news and tips to help make your Rackspace® experience a rewarding one.
Cloud Networks Now Available
Cloud Networks is a powerful new addition to the open cloud that provides you with the ability to create isolated, layer 2 networks that look like traditional networks in both architecture and function – simplifying networking in the cloud. With the click of a button, you are now able to create software-defined networks allowing you to enhance the network security for your Cloud Servers™, creating sub-nets and controlling the traffic that flows between servers. Learn more.
The Architecture and Development Behind Cloud Block Storage
Last month we introduced one of our latest open cloud offerings, Cloud Block Storage, and this month we want to dive into the technical details behind it. Cloud Block Storage provides high performance and is ideal for applications that require large amounts of storage, scaling independently of your Cloud Server. There is a lot of history behind how this came about and how it can be leveraged. Come read about it on our DevOps blog.
Send and Receive Email in Your App for FREE
A few months ago, Rackspace acquired Mailgun, making it easy for you to send, receive and track emails through your websites and applications via the RESTful API or SMTP. Mailgun is the email automation engine trusted by over 10,000 developers who are sick of fighting with email servers. With sample code written in all of the most popular languages, like Ruby, PHP, Python, C# and Java, integration is easy. All Rackspace customers receive a $19/month credit for Mailgun services (use coupon code mg4rackspace). That’s enough to send up to 19,000 emails per month at no cost to you! Visit Mailgun to sign up.
Manage the Rackspace Open Cloud with the New Windows 8 App
We are offering you a new application that gives you the option to manage your Rackspace Cloud account directly from Microsoft’s newly-launched Windows 8 operating system. This free application can help you get even more out of your investment in the Rackspace Cloud by allowing you to manage your Cloud Servers directly from Windows 8. Learn more.
Help Protect Your VMware Virtual Machines with Replication
You need to have the ability to recover business-critical virtual machines (VMs) and restart the important apps in the event of a data center outage or unplanned downtime. Geographical redundancy is a key component to any sound disaster recovery (DR) strategy, and it’s a must-have for when disaster strikes. Read how VM Replication helps protect and recover Rackspace-hosted VMs by easily and affordably replicating VMs between our data centers.
Protect Servers Using Bastion Hosts and Isolated Cloud Networks
The public Internet can be a scary place for servers. Log files of servers attached to public addresses will show regular port scans and URL snooping. These log entries are the inescapable reminder that your hosts are always one misconfiguration away from disaster. We can help! We have created a guide that will teach you how to create a bastion host and an isolated cloud network so you can reduce the number of servers that have to encounter these threats. Learn more on our DevOps blog.
Giving Back to the Local Community
We held the largest Thanksgiving drive and distribution in San Antonio, Texas, – providing 1,000 families with turkeys and all the trimmings through our annual Turkey Drive, supported by the San Antonio Food Bank.
NoSQL Explained
For over thirty years, relational database technology has been the gold standard. Modern workloads and unprecedented data volumes, however, are driving businesses to look at alternatives to the traditional relational database. This “NoSQL movement” has given rise to a host of non-relational-database technologies, designed for large-capacity storage and scalability. We’ve taken some time to explain some of the popular options available for NoSQL.
Caching for the Holidays
Around the holidays, getting cash for a gift might make you think that the person didn’t put a lot of thought into your present. However, in the world of server configurations, giving cache to your customers is probably one of the best things you can do. Learn more about caching.
25 Most Influential Executives of 2012
Our own Lanham Napier, Rackspace CEO, was on the list of “The 25 Most Influential Executives of 2012.” See the full list here.
Tired of Email Management Hassles? Make the Move Now with Free Hosted Microsoft® Exchange Migrations
Tired of the headache of managing your own Exchange email server? Or worse, dealing with an unreliable or unresponsive provider? For a limited time, we are offering free email migrations (up to 250 Exchange mailboxes) when you sign up for a new Rackspace Hosted Exchange account. Our reliable, business-class Exchange hosting takes email off of your worry list, so you can stay focused on your business, while we manage your email. Learn more about our migration services. (Offer ends December 31, 2012)
Join Us in the Fight Against Patent Trolls
Fed up with patent trolls? So are we. Find out what we’re doing to help keep technologies out of the claws of patent trolls. And, better yet, join us in the fight. Find out more.
Start Using SharePoint® 2013 Today
We are glad to offer you two ways to get your own SharePoint 2013 site up and running today. The first option is the free trial, where you can get 45 days to explore and experience SharePoint 2012. Sign up for this limited time offer. The second option is to create your own Cloud Server with SharePoint 2013 and SQL Server 2012 images, ideal for project-based SharePoint deployments. To do this, simply go to the Cloud Control Panel and choose one of the available SharePoint images to get started right away.
Looking for extra help to reach your goals in the cloud? Visit the Rackspace Cloud Tools Marketplaceto find a catalogue of third-party-developed applications designed for the Rackspace open cloud. This month’s featured partners are:

SOASTA – Load and Performance Testing Solution
SOASTA CloudTestis an end-to-end integrated platform, available as a turnkey on-demand service for external, web-scale testing and as on-premise editions for use by testers behind the firewall. Cloud testing easily enables fast, low-cost testing at full web-scale, providing the confidence that the web or mobile application or site can withstand daily load in addition to the largest peaks and surges in traffic.Papertrail – Detect & Avoid Infrastructure Problems
Papertrail helps detect, resolve and avoid infrastructure problems using log messages. Aggregate and manage log messages from Cloud Servers, Managed Hosting, Hybrid Hosting, and other servers — both flat files and syslog. Setup takes a minute, then tail, search, react, analyze and archive.

 

Featured Rackspace Blog Postsfrom this past month:

  • Scale Storage Independently From Your Cloud Servers With Cloud Block Storage – Read
  • Mobile Sync for Rackspace Email, Take it Anywhere – Read
  • Cassandra By Example – Read
  • Out of time this holiday season? 5 Survival Tips to get ready for the rush – Read
  • Business Email Blunders: Could This Happen To You? – Read
  • Which CMS is right for you? – Read

Freebie: Python Chron to Delete Files Older than X

Several of my ASP.NET web applications on Cloud create large numbers of log files on a fairly regular basis and it is necessary for me to prune those logs from time to time. Because ASP.NET in medium trust can’t talk to the /logs folder which automatically purges itself every 6 days, I built a Python script which will automatically delete all files older than a specified time interval within a given directory.

If you need this functionality just save the script, update the path accordingly and set up a Chron job to call it. The code below is set to delete files older than 7 days (7 * 86400), customize as needed. Enjoy!

Code:
 # Purges all ELMAH log files older than 7 days and all tempfiles older than 3 days.

 import os, time
 def purgeDir(dir, age):
 	print "Scanning:", dir
 	for f in os.listdir(dir):
 		now = time.time()
 		filepath = os.path.join(dir, f)
 		modified = os.stat(filepath).st_mtime
 		if modified < now - age: 
 			if os.path.isfile(filepath):
 				os.remove(filepath)
 				print 'Deleted: %s (%s)' % (f, modified)

 # 1 Day	= 86400 seconds
 purgeDir("/system/path/to/folder", (7 * 86400))

Infinite Redirect Loop When Going From non-SSL to SSL

Hi,

I’m trying to get things up and running in a cloud environment.

when I click on pages(ASP.NET) that use HTTPS protocol, page hangs. I think it is really doing the loop due to re-direction from HTTP to HTTPS.

Any ideas on how to fix this?

I tried asking tech support environment and they told me to use SSL throught my site or don’t use it.

Please help!!

thanks,

regards,

CK

=========== Answer 1 ===========

.IsSecureConnection doesn’t work. You have to use an environment variable to check for SSL

https://manage.rackspacecloud.com/forum/posts/list/1464.page

=========== Answer 2 ===========

correct! I had the following code:

if (!Request.IsSecureConnection)
{
// send user to SSL
string serverName =HttpUtility.UrlEncode(Request.ServerVariables[“SERVER_NAME”]);
string filePath = Request.FilePath;
Response.Redirect(“https://” + serverName + filePath);
}

and it hangs. what is the equivalent code that I should use for cluster environment? Thanks,

CK

=========== Answer 3 ===========

if(Request.ServerVariables[“HTTP_CLUSTER_HTTPS”] != “on”) { // we need to redirect
// check to see if the other Server Var is defined, if not redirect otherwise dont

if(Request.ServerVariables.Get(“HTTP_CLUSTER-HTTPS”) == null) {
Response.Redirect(“https://” + Request.ServerVariables[“HTTP_HOST”] + newUrl);
}
}

Here is another one:

<system.webServer>
<rewrite>
<rules>

<rule name=”Redirect to HTTPS” stopProcessing=”true”>
<match url=”(.*)” />
<conditions>
<add input=”{HTTP_CLUSTER_HTTPS}” pattern=”^OFF$” />
</conditions>
<action type=”Redirect” url=”https://{HTTP_HOST}/{R:1}” redirectType=”SeeOther” />
</rule>

</rules>
</rewrite>
</system.webServer>

=========== Answer 4 ===========

Yep, I linked too fast. I linked to a thread on getting the IP address for SSL, which is related, but different.

You may want to take note of it though, because you may at some point want to get the IP address of your visitors, and ServerVariables(“REMOTE_ADDR”) won’t work, you’ll need the HTTP_X_FORWARDED_FOR variable if you are on SSL.

=========== Answer 5 ===========

Hi,

I am using URLRewriter an open source module. Following is the script I use

<rewriter>
<if header=”HTTP_HOST” match=”^www.MyDomain\.com$”>
<redirect url=”^(.+)$” to=”http://MyDomain.com$1″/>
</if>
<!–<if header=”HTTP_CLUSTER_HTTPS” match=”^OFF$”>
<redirect url=”^~/test.aspx$” to=”https://MyDomain.com/test.aspx”/>
</if>–>
</rewriter>

I tested this last night and the page still hangs.

regards,

Chandar

UBUNTU 9.10 — NGINX + PHP5 + APC + MEMCACHED + IMAGEMAGICK ..

OK, SO I’VE BEEN DOING SOME RESEARCH ON NGINX, AND HOW TO USE IT WITH PHP AND I’VE COME UP WITH SOMETHING FAST, SIMPLE, AND A METHOD THAT JUST WORKS WITH EXTRAS LIKE APC, MEMCACHED, AND IMAGEMAGICK. YOU CAN ALSO ADD FFMPEG, OR W/E…SINCE YOU HAVE THE PHPIZE FUNCTION.

SO LET’S START OUT FRESH WITH UBUNTU 9.10
GO GO GO!

…UPDATE AND UPGRADE YOUR DISTRO
apt-get update && apt-get upgrade && apt-get install build-essential

LETS BEGIN THE APTGETTING
apt-get install bison flex gcc make patch autoconf subversion locate libxml2-dev libbz2-dev libpcre3-dev libssl-dev zlib1g-dev libmcrypt-dev libmhash-dev libmhash2 libcurl4-openssl-dev libpq-dev libpq5 libsyck0-dev libpng-dev libmysqlclient15-dev libevent-dev libjpeg62-dev memcached imagemagick libmagickwand-dev

IF YOU’RE USING UBUNTU 8.10 AND BELOW, YOU’LL NEED make AND libpng12-dev

OK, SO THAT’S ALL FINISH, LET’S PROCEED WITH THE COMPILING OF PHP5 w/FASTCGI
cd /usr/local/src && wget http://us3.php.net/get/php-5.2.10.tar.gz/from/us.php.net/mirror && wget http://php-fpm.org/downloads/php-5.2.10-fpm-0.5.13.diff.gz && tar -xzf ./php-5.2.10.tar.gz && gzip -cd php-5.2.10-fpm-0.5.13.diff.gz | patch -d php-5.2.10 -p1 && cd php-5.2.10

Alright so we’ve downloaded PHP5.2 and have patched it with PHP-FPM, that was easy right? Now let’s configure:
./configure –with-openssl –enable-fastcgi –enable-fpm –with-zlib –enable-mbstring –with-mysqli –with-mysql –with-pdo_mysql –with-gd –with-jpeg-dir=/usr/lib/libjpeg.so.62 –without-sqllite –enable-gd-native-tff

AND MAKE AND MAKE INSTALL. 
make all install

LET’S MAKE SOME A SYMLINK
cp /usr/local/src/php-5.2.*/php.ini-recommended /usr/local/lib/php.ini

MAKING LIFE EASIER AND CLEAN UP SOME THINGS
mkdir /etc/php/ && ln -s /usr/local/lib/php.ini /etc/php/php.ini && ln -s /usr/local/etc/php-fpm.conf /etc/php/php-fpm.conf && rm -rf /usr/local/lib/php/.channels && /usr/local/bin/pear update-channels && cd /usr/local/src

ADD THOSE EXTENSIONS! AND IF IT ASKS YOU ABOUT APACHE, THEN JUST SAY NO!
/usr/local/bin/pecl install memcache
/usr/local/bin/pecl install apc
/usr/local/bin/pecl install pecl_http
/usr/local/bin/pecl install imagick

SO NOW WE HAVE PHP5.2 INSTALLED, WITH MEMCACHE, APC, HTTP, and IMAGEMAGICK. SO NOW I’M GOING TO GIVE YOU MY PHP.INI I USE FOR MY WEBSITE, YOU CAN CHANGE WHAT YOU WANT OR ADD AS YOU SEE FIT…

THE PHP.INI IS LOCATED -> /etc/php/php.ini
REMEMBER WE CREATED A SYMLINK RIGHT? … RIGHT.

[PHP]
engine = On
short_open_tag = On
asp_tags = Off
precision = 14
y2k_compliance = On
output_buffering = 4096
;output_handler =
zlib.output_compression = Off
;zlib.output_compression_level = -1
;zlib.output_handler =
implicit_flush = Off
unserialize_callback_func=
serialize_precision = 100
allow_call_time_pass_reference = Off

safe_mode = Off
safe_mode_gid = Off
safe_mode_include_dir =
safe_mode_exec_dir =
safe_mode_allowed_env_vars = PHP_
safe_mode_protected_env_vars = LD_LIBRARY_PATH
open_basedir =
output_buffering = On
disable_functions =
disable_classes =
;highlight.string = #DD0000
;highlight.comment = #FF9900
;highlight.keyword = #007700
;highlight.bg = #FFFFFF
;highlight.default = #0000BB
;highlight.html = #000000
; ignore_user_abort = On
; realpath_cache_size=16k
; realpath_cache_ttl=120

expose_php = Off

max_execution_time = 0;
max_input_time = 0;
;max_input_nesting_level = 64;
memory_limit = 512M;

error_reporting = E_ALL
display_errors = Off
display_startup_errors = Off
log_errors = On
log_errors_max_len = 1024
ignore_repeated_errors = Off
ignore_repeated_source = Off
report_memleaks = On
;report_zend_debug = 0
track_errors = Off
;xmlrpc_errors = 0
;xmlrpc_error_number = 0
;html_errors = Off
;docref_root = “/phpmanual/”
;docref_ext = .html
;error_prepend_string = “<font color=#ff0000>”
;error_append_string = “</font>”
;error_log = filename
;error_log = syslog

;arg_separator.output = “&”
;arg_separator.input = “;&”
variables_order = “GPCS”
;request_order = “GP”
register_globals = Off
register_long_arrays = Off
register_argc_argv = On
auto_globals_jit = On
post_max_size = 200M

magic_quotes_gpc = Off
magic_quotes_runtime = Off
magic_quotes_sybase = Off
auto_prepend_file =
auto_append_file =
default_mimetype = “text/html”
default_charset = “utf-8”
;always_populate_raw_post_data = On

;include_path = “.:/php/includes”
;include_path = “.;c:\php\includes”
doc_root =
user_dir =
extension_dir = “./”
enable_dl = On
; cgi.force_redirect = 1
; cgi.nph = 1
; cgi.redirect_status_env = ;
; cgi.fix_pathinfo=1
; fastcgi.impersonate = 1;
; fastcgi.logging = 0
;cgi.rfc2616_headers = 0

file_uploads = On
;upload_tmp_dir =
upload_max_filesize = 200M

allow_url_fopen = On
allow_url_include = Off
;from=”john@doe.com”
; user_agent=”PHP”
default_socket_timeout = 60
; auto_detect_line_endings = Off

extension=apc.so
extension=http.so
extention=imagick.so
extension=memcache.so
extension_dir = “/usr/local/lib/php/extensions/no-debug-non-zts-20060613”

[Date]
;date.timezone =

;date.default_latitude = 31.7667
;date.default_longitude = 35.2333

;date.sunrise_zenith = 90.583333
;date.sunset_zenith = 90.583333

[filter]
;filter.default = unsafe_raw
;filter.default_flags =

[iconv]
;iconv.input_encoding = ISO-8859-1
;iconv.internal_encoding = ISO-8859-1
;iconv.output_encoding = ISO-8859-1

[sqlite]
;sqlite.assoc_case = 0

[Pcre]
;pcre.backtrack_limit=100000
;pcre.recursion_limit=100000

[Syslog]
define_syslog_variables = Off

[mail function]
SMTP = localhost
smtp_port = 25
;sendmail_from = me@example.com
sendmail_path = /usr/sbin/sendmail -t -i
;mail.force_extra_parameters =

[SQL]
sql.safe_mode = Off

[ODBC]
;odbc.default_db = Not yet implemented
;odbc.default_user = Not yet implemented
;odbc.default_pw = Not yet implemented
odbc.allow_persistent = On
odbc.check_persistent = On
odbc.max_persistent = -1
odbc.max_links = -1
odbc.defaultlrl = 4096
odbc.defaultbinmode = 1

[MySQL]
mysql.allow_persistent = On
mysql.max_persistent = -1
mysql.max_links = -1
mysql.default_port =
mysql.default_socket =
mysql.default_host =
mysql.default_user =
mysql.default_password =
mysql.connect_timeout = 60
mysql.trace_mode = Off

[MySQLi]
mysqli.max_links = -1
mysqli.default_port = 3306
mysqli.default_socket =
mysqli.default_host =
mysqli.default_user =
mysqli.default_pw =
mysqli.reconnect = Off

[mSQL]
msql.allow_persistent = On
msql.max_persistent = -1
msql.max_links = -1

[OCI8]
;oci8.privileged_connect = Off
;oci8.max_persistent = -1
;oci8.persistent_timeout = -1
;oci8.ping_interval = 60
;oci8.statement_cache_size = 20
;oci8.default_prefetch = 10
;oci8.old_oci_close_semantics = Off

[PostgresSQL]
pgsql.allow_persistent = On
pgsql.auto_reset_persistent = Off
pgsql.max_persistent = -1
pgsql.max_links = -1
pgsql.ignore_notice = 0
pgsql.log_notice = 0

[Sybase]
sybase.allow_persistent = On
sybase.max_persistent = -1
sybase.max_links = -1
;sybase.interface_file = “/usr/sybase/interfaces”
sybase.min_error_severity = 10
sybase.min_message_severity = 10
sybase.compatability_mode = Off

[Sybase-CT]
sybct.allow_persistent = On
sybct.max_persistent = -1
sybct.max_links = -1
sybct.min_server_severity = 10
sybct.min_client_severity = 10

[bcmath]
bcmath.scale = 0

[browscap]
;browscap = extra/browscap.ini

[Informix]
ifx.default_host =
ifx.default_user =
ifx.default_password =
ifx.allow_persistent = On
ifx.max_persistent = -1
ifx.max_links = -1
ifx.textasvarchar = 0
ifx.byteasvarchar = 0
ifx.charasvarchar = 0
ifx.blobinfile = 0
ifx.nullformat = 0

[Session]
session.save_handler = files
;session.save_path = “/tmp”
session.use_cookies = 1
;session.cookie_secure =
; session.use_only_cookies = 1
session.name = PHPSESSID
session.auto_start = 0
session.cookie_lifetime = 0
session.cookie_path = /
session.cookie_domain =
session.cookie_httponly =
session.serialize_handler = php
session.gc_probability = 1
session.gc_divisor = 1000
session.gc_maxlifetime = 144000
session.bug_compat_42 = 0
session.bug_compat_warn = 1
session.referer_check =
session.entropy_length = 0
session.entropy_file =
;session.entropy_length = 16
;session.entropy_file = /dev/urandom
session.cache_limiter = nocache
session.cache_expire = 180
session.use_trans_sid = 0
session.hash_function = 0
session.hash_bits_per_character = 5
url_rewriter.tags = “a=href,area=href,frame=src,input=src,form=fakeentry”

[MSSQL]
mssql.allow_persistent = On
mssql.max_persistent = -1
mssql.max_links = -1
mssql.min_error_severity = 10
mssql.min_message_severity = 10
mssql.compatability_mode = Off
;mssql.connect_timeout = 5
;mssql.timeout = 60
;mssql.textlimit = 4096
;mssql.textsize = 4096
;mssql.batchsize = 0
;mssql.datetimeconvert = On
mssql.secure_connection = Off
;mssql.max_procs = -1
;mssql.charset = “ISO-8859-1”

[Assertion]
;assert.active = On
;assert.warning = On
;assert.bail = Off
;assert.callback = 0
;assert.quiet_eval = 0

[COM]
;com.typelib_file =
;com.allow_dcom = true
;com.autoregister_typelib = true
;com.autoregister_casesensitive = false
;com.autoregister_verbose = true

[mbstring]
;mbstring.language = Japanese
;mbstring.internal_encoding = EUC-JP
;mbstring.http_input = auto
;mbstring.http_output = SJIS
;mbstring.encoding_translation = Off
;mbstring.detect_order = auto
;mbstring.substitute_character = none;
;mbstring.func_overload = 0

; enable strict encoding detection.
;mbstring.strict_detection = Off

[FrontBase]
;fbsql.allow_persistent = On
;fbsql.autocommit = On
;fbsql.show_timestamp_decimals = Off
;fbsql.default_database =
;fbsql.default_database_password =
;fbsql.default_host =
;fbsql.default_password =
;fbsql.default_user = “_SYSTEM”
;fbsql.generate_warnings = Off
;fbsql.max_connections = 128
;fbsql.max_links = 128
;fbsql.max_persistent = -1
;fbsql.max_results = 128

[gd]
;gd.jpeg_ignore_warning = 0

[exif]
;exif.encode_unicode = ISO-8859-15
;exif.decode_unicode_motorola = UCS-2BE
;exif.decode_unicode_intel = UCS-2LE
;exif.encode_jis =
;exif.decode_jis_motorola = JIS
;exif.decode_jis_intel = JIS

[Tidy]
;tidy.default_config = /usr/local/lib/php/default.tcfg
tidy.clean_output = Off

[soap]
soap.wsdl_cache_enabled=1
soap.wsdl_cache_dir=”/tmp”
soap.wsdl_cache_ttl=86400

NOW WE NEED TO EDIT THE PHP-FPM WHICH IS LOCATED -> /etc/php/php-fpm.conf — USE THIS CONF FILE I CREATED

Code:
<?xml version="1.0" ?>
 <configuration>
 	<section name="global_options">
 		<value name="pid_file">/usr/local/logs/php-fpm.pid</value>
 		<value name="error_log">/usr/local/logs/php-fpm.log</value>
 		<value name="log_level">notice</value>
 		<value name="emergency_restart_threshold">10</value>
 		<value name="emergency_restart_interval">1m</value>
 		<value name="process_control_timeout">5s</value>
 		<value name="daemonize">yes</value>
 	</section>

 	<workers>
 		<section name="pool">
 			<value name="name">default</value>
 			<value name="listen_address">127.0.0.1:9000</value>
 			<value name="listen_options">
 				<value name="backlog">-1</value>
 				<value name="owner"></value>
 				<value name="group"></value>
 				<value name="mode">0666</value>
 			</value>
 			<value name="php_defines">
 				<value name="sendmail_path">/usr/sbin/sendmail -t -i</value>
 				<value name="display_errors">0</value>
 			</value>
 			<value name="user">www-data</value>
 			<value name="group">www-data</value>
 			<value name="pm">
 				<value name="style">static</value>
 				<value name="max_children">5</value>
 				<value name="apache_like">
 					<value name="StartServers">20</value>
 					<value name="MinSpareServers">5</value>
 					<value name="MaxSpareServers">35</value>
 				</value>
 			</value>
 			<value name="request_terminate_timeout">0s</value>
 			<value name="request_slowlog_timeout">0s</value>
 			<value name="slowlog">logs/slow.log</value>
 			<value name="rlimit_files">1024</value>
 			<value name="rlimit_core">0</value>
 			<value name="chroot"></value>
 			<value name="chdir"></value>
 			<value name="catch_workers_output">yes</value>

 			How much requests each process should execute before respawn.
 			Useful to work around memory leaks in 3rd party libraries.
 			For endless request processing please specify 0
 			Equivalent to PHP_FCGI_MAX_REQUESTS
 			<value name="max_requests">500</value>
 			<value name="allowed_clients">127.0.0.1</value>

 			Pass environment variables like LD_LIBRARY_PATH
 			All $VARIABLEs are taken from current environment
 			<value name="environment">
 				<value name="HOSTNAME">$HOSTNAME</value>
 				<value name="PATH">/usr/local/bin:/usr/bin:/bin</value>
 				<value name="TMP">/tmp</value>
 				<value name="TMPDIR">/tmp</value>
 				<value name="TEMP">/tmp</value>
 				<value name="OSTYPE">$OSTYPE</value>
 				<value name="MACHTYPE">$MACHTYPE</value>
 				<value name="MALLOC_CHECK_">2</value>
 			</value>
 		</section>
 	</workers>
 </configuration>

PHEWWW, NOW WE FINALLY GOT OUR PHP ALL SETUP, NOW LETS MOVE ON TO THE WEBSERVER, NGINX 0.7.65
cd /usr/local/src && wget http://nginx.org/download/nginx-0.7.65.tar.gz && tar -xzf nginx-0.7.65.tar.gz && cd nginx-0.7.65

CONFIGURE, AND OF COURSE MAKE AND INSTALL IT! (OF COURSE YOU CAN CHANGE THE CONFIGURATION IF YOU’D LIKE )
./configure –with-http_ssl_module –sbin-path=/usr/local/sbin –without-mail_pop3_module –without-mail_imap_module –without-mail_smtp_module –with-http_stub_status_module && make build install

LET’S ENABLE MEMCACHED, WHICH IS OPTIONAL…
vi /etc/default/memcached
CHANGE no TO yes
SAVE and CLOSE

NOW IN YOUR NGINX CONFIGURATION FILE WHICH IS LOCATED -> /usr/local/nginx/conf/nginx.conf — YOU NEED TO EDIT THAT TO LET NGINX KNOW, “HEY I GOT PHP DUDE, PLEASE RUN PHP FOR ME, THNX” SO USE THIS CONF FILE, AND OF COURSE YOU CAN CHANGE IT HOW YOU WANT, MAKE SURE YOU HAVE THAT.

Code:
 user  www-data;
 worker_processes  4;

 #error_log  logs/error.log;
 #error_log  logs/error.log  notice;
 #error_log  logs/error.log  info;

 #pid        logs/nginx.pid;

 events {
     worker_connections  1024;
 }

 http {
     include       mime.types;
     default_type  application/octet-stream;

     #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
     #                  '$status $body_bytes_sent "$http_referer" '
     #                  '"$http_user_agent" "$http_x_forwarded_for"';
     #access_log  logs/access.log  main;

     sendfile        on;
     #tcp_nopush     on;

     #keepalive_timeout  0;
     keepalive_timeout  65;

     #client_body_timeout 10;
     #client_header_timeout 10;
     client_max_body_size 200M;
     client_body_buffer_size 50M;

     gzip  on;
     gzip_http_version 1.1;
     gzip_vary on;
     gzip_comp_level 1;
     gzip_proxied any;
     gzip_buffers 16 8k;
     gzip_disable .MSIE [1-6].(?!.*SV1).;

     #send_timeout 10;

     server {
         listen       80;
         server_name  localhost;

         charset utf-8;

         #access_log  logs/host.access.log  main;

         location / {
             root   html;
             index  index.html index.htm index.php;
         }

         #error_page  404              /404.html;

         # redirect server error pages to the static page /50x.html
         #
         error_page   500 502 503 504  /50x.html;
         location = /50x.html {
             root   html;
         }

         # proxy the PHP scripts to Apache listening on 127.0.0.1:80
         #
         #location ~ \.php$ {
         #    proxy_pass   <a href="http://127.0.0.1;" target="_blank">http://127.0.0.1;</a>
         #}
  	 location ~ \.php$ {
                 include /usr/local/nginx/conf/fastcgi_params;
                 keepalive_timeout 10;
                 fastcgi_param   SCRIPT_FILENAME  /usr/local/nginx/html$fastcgi_script_name;
                 fastcgi_pass    127.0.0.1:9000;
 		  fastcgi_index   index.php;
         }

         # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
         #
         #location ~ \.php$ {
         #    root           html;
         #    fastcgi_pass   127.0.0.1:9000;
         #    fastcgi_index  index.php;
         #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
         #    include        fastcgi_params;
         #}

         # deny access to .htaccess files, if Apache's document root
         # concurs with nginx's one
         #
         #location ~ /\.ht {
         #    deny  all;j
         #}
     }

     # another virtual host using mix of IP-, name-, and port-based configuration
     #
     #server {
     #    listen       8000;
     #    listen       somename:8080;
     #    server_name  somename  alias  another.alias;

     #    location / {
     #        root   html;
     #        index  index.html index.htm;
     #    }
     #}

     # HTTPS server
     #
     #server {
     #    listen       443;
     #    server_name  localhost;

     #    ssl                  on;
     #    ssl_certificate      cert.pem;
     #    ssl_certificate_key  cert.key;

     #    ssl_session_timeout  5m;

     #    ssl_protocols  SSLv2 SSLv3 TLSv1;
     #    ssl_ciphers  ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
     #    ssl_prefer_server_ciphers   on;

     #    location / {
     #        root   html;
     #        index  index.html index.htm;
     #    }
     #}

 }

BEFORE WE CAN STARTUP NGINX, WE NEED TO CREATE A STARTUP SCRIPT FOR IT MANUALLY.
vi /etc/init.d/nginx
and ADD THIS

Code:
#! /bin/sh

 ### BEGIN INIT INFO
 # Provides:          nginx
 # Required-Start:    $all
 # Required-Stop:     $all
 # Default-Start:     2 3 4 5
 # Default-Stop:      0 1 6
 # Short-Description: starts the nginx web server
 # Description:       starts nginx using start-stop-daemon
 ### END INIT INFO

 PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
 DAEMON=/usr/local/sbin/nginx
 NAME=nginx
 DESC=nginx

 test -x $DAEMON || exit 0

 # Include nginx defaults if available
 if [ -f /etc/default/nginx ] ; then
         . /etc/default/nginx
 fi

 set -e

 case "$1" in
   start)
         echo -n "Starting $DESC: "
         start-stop-daemon --start --quiet --pidfile /usr/local/nginx/logs/$NAME.pid \
                 --exec $DAEMON -- $DAEMON_OPTS
         echo "$NAME."
         ;;
   stop)
         echo -n "Stopping $DESC: "
         start-stop-daemon --stop --quiet --pidfile /usr/local/nginx/logs/$NAME.pid \
                 --exec $DAEMON
         echo "$NAME."
         ;;
   restart|force-reload)
         echo -n "Restarting $DESC: "
         start-stop-daemon --stop --quiet --pidfile \
                 /usr/local/nginx/logs/$NAME.pid --exec $DAEMON
         sleep 1
         start-stop-daemon --start --quiet --pidfile \
                 /usr/local/nginx/logs/$NAME.pid --exec $DAEMON -- $DAEMON_OPTS
         echo "$NAME."
         ;;
   reload)
       echo -n "Reloading $DESC configuration: "
       start-stop-daemon --stop --signal HUP --quiet --pidfile /usr/local/nginx/logs/$NAME.pid \
           --exec $DAEMON
       echo "$NAME."
       ;;
   *)
         N=/etc/init.d/$NAME
         echo "Usage: $N {start|stop|restart|force-reload}" >&2
         exit 1
         ;;
 esac

 exit 0

WOOT WOOT, WE HAVE NGINX, PHP5.2, APC, MEMCACHED, IMAGEMAGICK, and LET’S START ALL THIS STUFF UP!
service nginx start
php-fpm start
service memcached start

AND THAT’S IT! EVERYTHING SHOULD WORK WITHOUT QUESTION, LOL. I’VE DONE THIS 34038940 TIMES.. OF COURSE I’M EXAGGERATING ABOUT THE NUMBER, BUT STILL IT JUST WORKS. PHEWW I’M DONE TYPING. ANY QUESTIONS? JUST ASK AWAY!

OH BY THE WAY, THE WEB ROOT IS LOCATED -> /usr/local/nginx/html

MMM I THINK THATS EVERYTHING. KTHXBAI
IF THIS HAS HELPED YOU, LET ME KNOW!

=========== Answer 1 ===========

This is awesome, thank you! I was in the process of writing a cloud server set up guide for our company’s reference, and you just me a load of work.

Dave
Productiontrax.com

=========== Answer 2 ===========

Great Article! I’ll pass it along to our Technical Writer and see if we can get this included into the KB.

That said, one thing I would recommend is to make sure everything is enabled via chkconfig so that it starts itself up in the event that you reboot your server. This will solve a few headaches in troubleshooting in the event that you have an issue that requires a reboot. I know it’s typically done automatically, but it is always a good idea to double check!

=========== Answer 3 ===========

Thanks!

Of course I could have added MySQL along with all of this to make it complete with database support and fine tuned, but I didn’t think it was necessary. :/

I’ll add the MySQL later on and fine tune this.

Subdomains as Accounts

Be Warned!!!

If you want to set up accounts for subdomains of your main account, they MUST be created in the same “client” as the main domain

ie “this.domain.com”, “that.domain.com” as accounts when you own “domain.com”

The control panel will allow you to create the domain – but it will fail and you will need support to remove the accounts as the delete also fails.

This once was possible to do, but in the last month, changes where made to stop it from happening – but not to stop us from entering it. (I have some sub-domains in a different client account I did months ago that worked).

The recent change is due to “security” I have been told. More like a coding mistake!

This message reads like one of those pass this email on messages or the world will blow up!!!

Anyway, If you want to set up a subdomain for a client – you can no longer have separate “client” billing. Thanks Mosso!

=========== Answer 1 ===========

just tested this again today. doh, i was hoping to separate the sub domains so they are not in the same ftp and therefore more secure but its not possible.

=========== Answer 2 ===========

Yep.

I actually had some subdomains I had created before they imposed this restriction in different accounts. I ended up having to delete them and recreate them in the same account as the master domain.

I wonder though? If there was no master domain – only subdomains – would the restriction apply then? And what to do with the master domain? Set it up as a forward to a selected subdomain….

In the past, I would park a subdomain on top of a clients domain I was designing so they could access and see their domain before it went into production. Or just create a subdomain to test a new CMS or technology – keeping it separate from the main account. Not any more!

=========== Answer 3 ===========

yes, i used to do somethin similar. maybe it is for a security reason, its kinda annoying though.

=========== Answer 4 ===========

It is NOT for security reasons as I want to have separate accounts for each subdomain BECAUSE OF security reasons, and RS doesn´t let me do that.

=========== Answer 5 ===========

It is NOT for security reasons as I want to have separate accounts for each subdomain BECAUSE OF security reasons, and RS doesn´t let me do that. 

And I need to have subdomains into separate accounts, because on same account they are vulnerable if ANY of the subdomains get hacked, then ALL your subdomains and main domain could be accessed-hacked too easily then.

Maybe RS can bring this feature to all of us soon!