These are some of the basic things I do when I setup a new server
Get the latest directadmin.conf values
With each version of DirectAdmin, new configuration values are introduced that you may not know about. To see ALL these values do the following:
/usr/local/directadmin/directadmin c | sort -n
You can essentially copy/paste the entire results into your /usr/local/directadmin/conf/directadmin.conf replacing anything else in there.
Setup DirectAdmin with an SSL certificate
source: http://help.directadmin.com/item.php?id=15
If you don't own a certificate, you can create your own with letsencrypt.com:
cd /usr/local/directadmin/custombuild ./build update ./build letsencrypt cd /usr/local/directadmin/conf echo "letsencrypt=1" >> directadmin.conf systemctl restart directadmin cd /usr/local/directadmin/scripts ./letsencrypt.sh request your.hostname.com 4096 cd /usr/local/directadmin/conf perl -pi -e 's/SSL=0/SSL=1/' directadmin.conf echo "carootcert=/usr/local/directadmin/conf/carootcert.pem" >> directadmin.conf # OPTIONAL; as you would need to have a fully qualified hostname echo "force_hostname=your.hostname.com" >> directadmin.conf echo "ssl_redirect_host=your.hostname.com" >> directadmin.conf systemctl restart directadmin
Or... If you already have your own certificate and key, then copy/paste them into the following
Certificate:
vi /usr/local/directadmin/conf/cacert.pem
Key:
vi /usr/local/directadmin/conf/cakey.pem
Reset MySQL root password
Find out the mysql da_admin password from here (da_admin has root priviledges):
vi /usr/local/directadmin/conf/mysql.conf
Login to mysql
mysql -u da_admin -p
Change the mysql root user password to whatever you want
use mysql
UPDATE mysql.user SET password=PASSWORD('yourpassword') WHERE user='root';
FLUSH PRIVILEGES;
quitNow shutdown all mysqld processes and restart mysqld
killall -9 mysqld_safe; killall -9 mysqld service mysqld start #or systemctl start mysqld
Or if you need to update user da_admin@localhost then follow this guide:
https://help.directadmin.com/item.php?id=45
Install HTTP/2 with Apache
How to install HTTP/2 on DirectAdmin
Optimize MySQL for MariaDB
vi /etc/my.conf # Generated by Percona Configuration Wizard (http://tools.percona.com/) version REL5-20120208 # Configuration name cci generated for 2016-11-29 13:07:40 # Xeon(R) CPU E5-1650 v3 @ 3.50GHz; 64GB SDRAM, 4 x Samsung SSD 840 Pro in RAID 10. [mysql] # CLIENT # #port = 3306 #socket = /var/lib/mysql/mysql.sock [mysqld] # GENERAL # user = mysql default-storage-engine = InnoDB socket = /var/lib/mysql/mysql.sock pid-file = /var/lib/mysql/mysql.pid # MyISAM # key-buffer-size = 32M myisam-recover = FORCE,BACKUP # SAFETY # max-allowed-packet = 16M max-connect-errors = 1000000 skip-name-resolve # DATA STORAGE # datadir = /var/lib/mysql/ # BINARY LOGGING # log-bin = /var/lib/mysql/mysql-bin expire-logs-days = 14 sync-binlog = 1 # CACHES AND LIMITS # tmp-table-size = 32M max-heap-table-size = 32M query-cache-type = 0 query-cache-size = 0 max-connections = 500 thread-cache-size = 50 open-files-limit = 65535 table-definition-cache = 4096 table-open-cache = 10240 # INNODB # innodb-flush-method = O_DIRECT innodb-log-files-in-group = 2 innodb-log-file-size = 512M innodb-flush-log-at-trx-commit = 1 innodb-file-per-table = 1 innodb-buffer-pool-size = 54G # LOGGING # log-error = /var/lib/mysql/mysql-error.log log-queries-not-using-indexes = 1 #slow-query-log = 1 #slow-query-log-file = /var/lib/mysql/mysql-slow.log
MariaDB with 128GB RAM
[server] # this is only for the mysqld standalone daemon [mysqld] local-infile = 0 #max-allowed-packets=50M bind-address = 127.0.0.1 # CLIENT # port = 3306 socket = /var/lib/mysql/mysql.sock [mysqld] # GENERAL # user = mysql default-storage-engine = InnoDB socket = /var/lib/mysql/mysql.sock pid-file = /var/lib/mysql/mysql.pid # MyISAM # key-buffer-size = 64M myisam-recover = FORCE,BACKUP # SAFETY # max-allowed-packet = 16M max-connect-errors = 1000000 skip-name-resolve # Uncomment if needed strict settings #sql-mode = STRICT_TRANS_TABLES,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_AUTO_VALUE_ON_ZERO,NO_ENGINE_SUBSTITUTION,NO_ZERO_DATE,NO_ZERO_IN_DATE,ONLY_FULL_GROUP_BY sysdate-is-now = 1 # DATA STORAGE # datadir = /var/lib/mysql/ # BINARY LOGGING # log-bin = /var/lib/mysql/mysql-bin expire-logs-days = 14 sync-binlog = 1 # CACHES AND LIMITS # tmp-table-size = 128M max-heap-table-size = 128M query-cache-type = 1 query-cache-size = 80M query-cache-limit = 256K query_cache_min_res_unit = 2k max-connections = 500 thread-cache-size = 50 open-files-limit = 1024000 table-definition-cache = 4096 table-open-cache = 10240 # INNODB # innodb-flush-method = O_DIRECT innodb-log-files-in-group = 2 innodb-log-file-size = 27G innodb-flush-log-at-trx-commit = 1 innodb-file-per-table = 1 innodb_large_prefix=true innodb_file_format=barracuda innodb_file_per_table=true # LOGGING # log-error = /var/lib/mysql/mysql-error.log log-queries-not-using-indexes = 1 slow-query-log = 0 slow-query-log-file = /var/lib/mysql/mysql-slow.log [mysqld_safe] open_files_limit = 1024000
Increase the server ulimit 'open files' and MySQL 'open_files_limit'
Read here: How to permanently raise ulimit 'open files' and MySQL 'open_files_limit'
Change your SSH port
vi /etc/ssh/sshd_config
Find "Port", and change it (YOURSECRETPORT) to whatever port number you want
Port YOURSECRETPORT
Also, disable UseDNS--this can make your SSH login take very long, resulting will timeout SFTP clients.
UseDNS no
Restart SSH
service sshd restart # OR systemctl restart sshd
Install SSH Screen
Screen is a SSH session manager, that will stay running even if you're not connected with your SSH client. This is good for poor network connections, and/or if you're running really long sessions--like RETS data import (where you have to process 100,000 properites, which can take days to finish)
yum -y install screen
It's fairly simple to use.
To create a NEW screen session:
screen
To connect to an existing screen session:
screen -ls # the above will list all screen sessions
This will list all screen sessions; example:
There is a screen on:
2962.pts-0.server (Attached)
1 Socket in /var/run/screen/S-root.
Using the info above, we can now do the following to connect to that particular screen session:
screen -r 2962.pts-0.server
To connect to the first available screen session:
screen -D -r
To disconnect from a screen session, type:
exit
Or you can do it via key combos, by quickly pressing:
Ctrl+A then Ctrl+D
To list all ongoing screen sessions while outside of screen::
screen -ls
To list all ongoing sreen sessions while inside of screen, quickly hit:
Ctrl + A then W
To open up another screen session within a session, hit the following keys quickly:
Ctrl+A then C
To switch between screen sessions while in screen, hit the following key combos quickly:
Ctrl+A then Ctrl+A
And that's it for screen.
Check drive stats and usage
This will show you full stats of all the installed drives on your system
lsblk -o NAME,FSTYPE,SIZE,MOUNTPOINT,LABEL,UUID
This will show you the total size of all parent directories from the current directory you are in.
du * -mhsc | sort -h
To see the drives connected to a RAID controller, where only the controller shows, then do the following:
Get latest version here: http://support.lenovo.com/us/en/downloads/ds041827
cd /usr/src wget https://download.lenovo.com/pccbbs/thinkservers/ul_avago_storcli_1.18.11_anyos.zip unzip ul_avago_storcli_1.18.11_anyos.zip cd storcli_all_os/Linux rpm -Uvh storcli-1.18.11-1.noarch.rpm ln -s /opt/MegaRAID/storcli/storcli64 /usr/bin/storcli
Show all attached drives:
storcli /c0 show all # or /opt/MegaRAID/storcli/storcli64 /c0 show all
Setup a new drive
Read here: How to install a new drive in Linux larger than 2TB with proper alignment
Update server via custombuild
Read here: Update CentOS / DirectAdmin Server with custombuild 2.0
Enable OpCache (part of with PHP 5.5)
Read here: Enable Zend OPcache for PHP 5.5 or Install ZendOpcache for PHP 5.3 or PHP 5.4
Install CSF (ConfigServer Security & Firewall)
Read here: How to install CSF (ConfigServer Security & Firewall) with DirectAdmin
Secure named/BIND
Read here: Deny recursive DNS lookups in named (in newer or older versions of BIND)
Install memcached and PHP extension PECL/memcached
Read here: How to install memcached on CentOS with memcached PHP extension on CentOS
Install Apache Solr with Apache Tomcat
Read here: How to install Apache Solr 4.6 with Apache Tomcat 7, for use with Drupal
Secure and speed up Apache SSL encryption.
Read here: Speed up and secure Apache SSL encryption
Optimize Apache 2.4 httpd.conf
Read here: Optimized Apache 2.4 httpd.conf