New Server Checklist for directadmin (2009)

-Add all your ips in directadmin under "IP management"
(and assign 2 ips to admin)
http://xx.xxx.xxx.xxx:2222/CMD_IP_MANAGER

-Register nameserver at registrar
(namecheap.com is my fav; networksolution.com is the worst for this... it's not longer an option you can click on the website, you have to send an email request for this)

-Add nameservers to server:
1. go to user level, and add the new domain you registered (leave default settings, and tweak them after)
2. go back to reseller level, and click "nameserver" and select 2 ips you want to use and click "create" then set the 2 new nameservers for "Set the Nameservers that will be assigned to new users" (it should be added by default)

-Share nameserver ips (so you're able to add other domains to them):
1. go to reseller -->ip management and select the 2 ips, and click 'share'

- Contact your server data center and tell them to add reverse dns entries for your nameservers

- change hostname via /usr/local/directadmin/scripts/hostname.sh to your one.
or go to directadmin administrative settings https://67.220.205.106:2222/CMD_ADMIN_SETTINGS

Force SSL on admin and create default server SSL

source: http://help.directadmin.com/item.php?id=15

#/usr/bin/openssl req -x509 -newkey rsa:1024 -keyout /usr/local/directadmin/conf/cakey.pem -out /usr/local/directadmin/conf/cacert.pem -days 9999 -nodes

#chown diradmin:diradmin /usr/local/directadmin/conf/cakey.pem
#chmod 400 /usr/local/directadmin/conf/cakey.pem

now we create a symlink to the above certificate to be used for default server SSL (including exim and dovecot)...

# mv /etc/httpd/conf/ssl.crt/server.crt /etc/httpd/conf/ssl.crt/server-01.crt
# mv /etc/httpd/conf/ssl.key/server.key /etc/httpd/conf/ssl.key/server-01.key

# ln -s /usr/local/directadmin/conf/cakey.pem /etc/httpd/conf/ssl.key/server.key
# ln -s /usr/local/directadmin/conf/cacert.pem /etc/httpd/conf/ssl.crt/server.crt

# vi /etc/exim.conf

change:
daemon_smtp_ports = 25 : 587
to:
daemon_smtp_ports = 25 : 587 : 465

create new exim ssl certificates:
http://help.directadmin.com/item.php?id=245

# /usr/bin/openssl req -x509 -newkey rsa:1024 -keyout /etc/exim.key -out /etc/exim.cert -days 9999 -nodes
# chown mail:mail /etc/exim.key
# chmod 600 /etc/exim.key
# chmod 644 /etc/exim.cert
# /etc/init.d/exim restart

**Related error message in the /var/log/exim/mainlog:
(SSL_CTX_use_PrivateKey_file file=/etc/exim.key): error:0200100D:system library:fopen:Permission denied

reset mysql password

- Error connecting to MySQL: Access denied for user: 'da_admin@localhost' (Using password: YES) Last Modified: May 7, 2005, 4:06 pm
When connecting to the MySQL screens in DirectAdmin, if this error appears, that would indicated that the "da_admin" user has not been setup correctly. To resolve this do the following.

1) Make sure the root mysql password works. If you know it, skip to 2). The mysql root password can be found in the /usr/local/directadmin/scripts/setup.txt if it has not been deleted. It's under the header "mysql=". If it cannot be found, then mysqld will have to be restarted with the --skip-grant-tables option:

service mysqld stop (Redhat)
mysqld_safe --skip-grant-tables &
That should start up mysql without the need for a root password. Once in, type

use mysql
UPDATE user SET password=PASSWORD('newpass') WHERE user='root';
FLUSH PRIVILEGES;
quit
That will reset the root password for you.

Type "killall -9 mysqld_safe; killall -9 mysqld" to shut down mysqld.
Start it up again with

/sbin/service mysqld start

2) Once the root mysql password is set and known, then you can begin the process of resetting the da_admin mysql user. Type:

mysql -uroot -p
Then press enter. You'll be asked for the password. Once in mysql, type:

GRANT ALL PRIVILEGES ON *.* TO da_admin@localhost IDENTIFIED BY 'newdapass' WITH GRANT OPTION;
FLUSH PRIVILEGES;
quit
That should set the password for da_admin in mysql.

3) Now we need to make sure it's setup correctly for DA to use. Edit /usr/local/directadmin/conf/mysql.conf and set

user=da_admin
passwd=newdapass

4) Test it out in DirectAdmin.

PHP settings

# vi /usr/local/lib/php.ini

max_execution_time = 1000
max_input_time = 1000
memory_limit = 512M
upload_max_filesize = 200M
post_max_size = 200M

eaccelerator

http://duntuk.com/how-to-install-eaccelerator-turck-mmcache-replacement

my.cnf

[mysqld]
#skip-name-resolve
safe-show-database
#old_passwords
back_log = 50
skip-innodb
max_connections = 500
key_buffer_size = 384M
myisam_sort_buffer_size = 64M
join_buffer_size = 1M
read_buffer_size = 1M
sort_buffer_size = 2M
table_cache = 8000
thread_cache_size = 512
wait_timeout = 20
connect_timeout = 10
tmp_table_size = 64M
max_heap_table_size = 64M
max_allowed_packet = 64M
net_buffer_length = 16384
max_connect_errors = 100000
thread_concurrency = 8
concurrent_insert = 2
table_lock_wait_timeout = 30
read_rnd_buffer_size = 786432
bulk_insert_buffer_size = 8M
query_cache_limit = 4M
query_cache_size = 256M ##32MB for every 1GB
query_cache_type = 1
query_prealloc_size = 262144
query_alloc_block_size = 65536
transaction_alloc_block_size = 8192
transaction_prealloc_size = 4096
default-storage-engine = innodb
max_write_lock_count = 8

[mysql.server]
user=mysql

[mysqld_safe]
err-log=/var/log/mysqld.log
pid-file=/var/lib/mysql/mysql.pid
nice = -10
open_files_limit = 8192

[mysqldump]
quick
max_allowed_packet = 16M

[myisamchk]
key_buffer = 512M ## 64MB for every 1GB
sort_buffer = 64M
read_buffer = 16M
write_buffer = 16M

httpd settings

# vi /etc/httpd/conf/extra/httpd-ssl.conf

make sure you're using

SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
and not:
#SSLCipherSuite ALL:-ADH:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP

Install CSF (ConfigServer Security & Firewall)