New Linux Server Checklist (2017 Edition)

These are some of the basic things I do when I setup a new server

Get the latest directadmin.conf values

With each version of DirectAdmin, new configuration values are introduced that you may not know about. To see ALL these values do the following:

/usr/local/directadmin/directadmin c | sort -n

You can essentially copy/paste the entire results into your /usr/local/directadmin/conf/directadmin.conf replacing anything else in there.

Setup DirectAdmin with an SSL certificate

source: http://help.directadmin.com/item.php?id=15

If you don't own a certificate, you can create your own with letsencrypt.com:

cd /usr/local/directadmin/custombuild
./build update
./build letsencrypt
cd /usr/local/directadmin/conf
echo "letsencrypt=1" >> directadmin.conf
systemctl restart directadmin
cd /usr/local/directadmin/scripts
./letsencrypt.sh request your.hostname.com 4096
cd /usr/local/directadmin/conf
perl -pi -e 's/SSL=0/SSL=1/' directadmin.conf
echo "carootcert=/usr/local/directadmin/conf/carootcert.pem" >> directadmin.conf
​# OPTIONAL; as you would need to have a fully qualified hostname
echo "force_hostname=your.hostname.com" >> directadmin.conf
echo "ssl_redirect_host=your.hostname.com" >> directadmin.conf
systemctl restart directadmin

Or... If you already have your own certificate and key, then copy/paste them into the following

Certificate:

vi /usr/local/directadmin/conf/cacert.pem

Key:

vi /usr/local/directadmin/conf/cakey.pem

Reset MySQL root password

Find out the mysql da_admin password from here (da_admin has root priviledges):

vi /usr/local/directadmin/conf/mysql.conf

Login to mysql

mysql -u da_admin -p

Change the mysql root user password to whatever you want

use mysql
UPDATE mysql.user SET password=PASSWORD('yourpassword') WHERE user='root';
FLUSH PRIVILEGES;
quit

Now shutdown all mysqld processes and restart mysqld

killall -9 mysqld_safe; killall -9 mysqld
service mysqld start 
#or
systemctl start mysqld

Or if you need to update user da_admin@localhost then follow this guide:

https://help.directadmin.com/item.php?id=45 

Install HTTP/2 with Apache

How to install HTTP/2 on DirectAdmin

Optimize MySQL for MariaDB

vi /etc/my.conf
 
# Generated by Percona Configuration Wizard (http://tools.percona.com/) version REL5-20120208                                                                           
# Configuration name cci generated for 2016-11-29 13:07:40
#  Xeon(R) CPU E5-1650 v3 @ 3.50GHz; 64GB SDRAM, 4 x Samsung SSD 840 Pro in RAID 10.
 
 
[mysql]
 
# CLIENT #
#port                           = 3306
#socket                         = /var/lib/mysql/mysql.sock
 
[mysqld]
 
# GENERAL #
user                           = mysql
default-storage-engine         = InnoDB
socket                         = /var/lib/mysql/mysql.sock
pid-file                       = /var/lib/mysql/mysql.pid
 
# MyISAM #
key-buffer-size                = 32M 
myisam-recover                 = FORCE,BACKUP
 
# SAFETY #
max-allowed-packet             = 16M 
max-connect-errors             = 1000000
skip-name-resolve
 
# DATA STORAGE #
datadir                        = /var/lib/mysql/
 
# BINARY LOGGING #
log-bin                        = /var/lib/mysql/mysql-bin
expire-logs-days               = 14
sync-binlog                    = 1 
 
# CACHES AND LIMITS #
tmp-table-size                 = 32M 
max-heap-table-size            = 32M 
query-cache-type               = 0 
query-cache-size               = 0 
max-connections                = 500 
thread-cache-size              = 50
open-files-limit               = 65535
table-definition-cache         = 4096
table-open-cache               = 10240
 
# INNODB #
innodb-flush-method            = O_DIRECT
innodb-log-files-in-group      = 2 
innodb-log-file-size           = 512M
innodb-flush-log-at-trx-commit = 1 
innodb-file-per-table          = 1 
innodb-buffer-pool-size        = 54G
 
 
 
# LOGGING #
log-error                      = /var/lib/mysql/mysql-error.log
log-queries-not-using-indexes  = 1 
#slow-query-log                 = 1 
#slow-query-log-file            = /var/lib/mysql/mysql-slow.log

MariaDB with 128GB RAM

[server]
 
# this is only for the mysqld standalone daemon
[mysqld]
local-infile = 0
#max-allowed-packets=50M
bind-address = 127.0.0.1
 
# CLIENT #
port                           = 3306  
socket                         = /var/lib/mysql/mysql.sock
 
[mysqld]
 
# GENERAL #
user                           = mysql 
default-storage-engine         = InnoDB
socket                         = /var/lib/mysql/mysql.sock
pid-file                       = /var/lib/mysql/mysql.pid
 
# MyISAM #
key-buffer-size                = 64M   
myisam-recover                 = FORCE,BACKUP
 
# SAFETY #
max-allowed-packet             = 16M   
max-connect-errors             = 1000000 
skip-name-resolve
# Uncomment if needed strict settings
#sql-mode                       = STRICT_TRANS_TABLES,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_AUTO_VALUE_ON_ZERO,NO_ENGINE_SUBSTITUTION,NO_ZERO_DATE,NO_ZERO_IN_DATE,ONLY_FULL_GROUP_BY
sysdate-is-now                 = 1     
 
# DATA STORAGE #
datadir                        = /var/lib/mysql/
 
# BINARY LOGGING #
log-bin                        = /var/lib/mysql/mysql-bin
expire-logs-days               = 14    
sync-binlog                    = 1     
 
# CACHES AND LIMITS #
tmp-table-size                 = 128M  
max-heap-table-size            = 128M  
query-cache-type               = 1     
query-cache-size               = 80M   
query-cache-limit              = 256K  
query_cache_min_res_unit       = 2k    
max-connections                = 500   
thread-cache-size              = 50    
open-files-limit               = 1024000 
table-definition-cache         = 4096  
table-open-cache               = 10240 
 
# INNODB #
innodb-flush-method            = O_DIRECT
innodb-log-files-in-group      = 2     
innodb-log-file-size           = 27G   
innodb-flush-log-at-trx-commit = 1
innodb-file-per-table          = 1     
innodb_large_prefix=true
innodb_file_format=barracuda
innodb_file_per_table=true
 
# LOGGING #
log-error                      = /var/lib/mysql/mysql-error.log
log-queries-not-using-indexes  = 1
slow-query-log                 = 0
slow-query-log-file            = /var/lib/mysql/mysql-slow.log
 
[mysqld_safe]
open_files_limit = 1024000

Increase the server ulimit 'open files' and MySQL 'open_files_limit'

Read here: How to permanently raise ulimit 'open files' and MySQL 'open_files_limit'

Change your SSH port

vi /etc/ssh/sshd_config

Find "Port", and change it (YOURSECRETPORT) to whatever port number you want

Port YOURSECRETPORT

Also, disable UseDNS--this can make your SSH login take very long, resulting will timeout SFTP clients.

UseDNS no

Restart SSH

service sshd restart
# OR
systemctl restart sshd

Install SSH Screen

Screen is a SSH session manager, that will stay running even if you're not connected with your SSH client. This is good for poor network connections, and/or if you're running really long sessions--like RETS data import (where you have to process 100,000 properites, which can take days to finish)

yum -y install screen

It's fairly simple to use.

To create a NEW screen session:

screen

To connect to an existing screen session:

screen -ls
# the above will list all screen sessions

This will list all screen sessions; example:

There is a screen on:
        2962.pts-0.server       (Attached)
1 Socket in /var/run/screen/S-root.

Using the info above, we can now do the following to connect to that particular screen session:

screen -r 2962.pts-0.server 

To connect to the first available screen session:

screen -D -r

To disconnect from a screen session, type:

	exit

Or you can do it via key combos, by quickly pressing:

Ctrl+A then Ctrl+D

To list all ongoing screen sessions while outside of screen::

screen -ls

To list all ongoing sreen sessions while inside of screen, quickly hit:

Ctrl + A then W

To open up another screen session within a session, hit the following keys quickly:

Ctrl+A then C

To switch between screen sessions while in screen, hit the following key combos quickly:

Ctrl+A then Ctrl+A

And that's it for screen.

Check drive stats and usage

This will show you full stats of all the installed drives on your system 

lsblk -o NAME,FSTYPE,SIZE,MOUNTPOINT,LABEL,UUID

This will show you the total size of all parent directories from the current directory you are in.

du * -mhsc | sort -h

To see the drives connected to a RAID controller, where only the controller shows, then do the following:

Get latest version here: http://support.lenovo.com/us/en/downloads/ds041827

cd /usr/src
wget https://download.lenovo.com/pccbbs/thinkservers/ul_avago_storcli_1.18.11_anyos.zip
unzip ul_avago_storcli_1.18.11_anyos.zip
cd storcli_all_os/Linux
rpm -Uvh storcli-1.18.11-1.noarch.rpm
ln -s /opt/MegaRAID/storcli/storcli64 /usr/bin/storcli

​Show all attached drives:

storcli /c0 show all
# or
/opt/MegaRAID/storcli/storcli64 /c0 show all

Setup a new drive

Read here: How to install a new drive in Linux larger than 2TB with proper alignment

Update server via custombuild

Read here: Update CentOS / DirectAdmin Server with custombuild 2.0

Enable OpCache (part of with PHP 5.5)

Read here: Enable Zend OPcache for PHP 5.5 or Install ZendOpcache for PHP 5.3 or PHP 5.4

Install CSF (ConfigServer Security & Firewall)

Read here: How to install CSF (ConfigServer Security & Firewall) with DirectAdmin

Secure named/BIND

Read here: Deny recursive DNS lookups in named (in newer or older versions of BIND)

Install memcached and PHP extension PECL/memcached

Read here: How to install memcached on CentOS with memcached PHP extension on CentOS

Install Apache Solr with Apache Tomcat

Read here: How to install Apache Solr 4.6 with Apache Tomcat 7, for use with Drupal

Secure and speed up Apache SSL encryption.

Read here: Speed up and secure Apache SSL encryption

Optimize Apache 2.4 httpd.conf

Read here: Optimized Apache 2.4 httpd.conf

Tags: how-to Linux Server checklist best-practice