Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Build a LAMP Stack for OSC


clustersolutions

Recommended Posts

Just had to bring up another Centos 7 LAMP stack DO Droplet. I extracted these notes from my bash and mysql history. I have done these on both the AWS and DO and they are the same...hope this can be useful...I always start with the $5 instance as they can be scaled easily. Takes less than 30mins.

# add swap space & disable SElinux
sudo dd if=/dev/zero of=/swapfile count=2000 bs=1MiB
mkswap /swapfile
swapon /swapfile
echo "/swapfile   swap    swap    sw  0   0" >> /etc/fstab
sed -i -e 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config

#reboot server
reboot

# Configure yum repos.
yum install -y epel-release
yum install -y wget
wget http://rpms.remirepo.net/enterprise/remi-release-7.rpm
rpm -Uvh remi-release-7.rpm
yum-config-manager --enable remi-php70
yum install -y http://www.percona.com/downloads/percona-release/redhat/0.1-4/percona-release-0.1-4.noarch.rpm

# install LAMP stack. PHP 7, Apache 2.4, and MySql/Percona 5.7
yum install -y httpd
yum install -y php
yum install -y php-mysqlnd
yum install -y Percona-Server-server-57
yum install -y python-certbot-apache

# setup Apache document root.
useradd abc.com
mkdir /home/abc.com/public_html

cat << EOF > /etc/httpd/conf.d/abc.com.conf
<VirtualHost *:80>
        ServerAdmin [email protected]
        DocumentRoot /home/abc.com/public_html
        ServerName abc.com
        ServerAlias www.abc.com
        ErrorLog "/var/log/abc.com-error_log"
        CustomLog "/var/log/abc.com-access_log" combined
        LogLevel error
</VirtualHost>
EOF

# Start Apache
systemctl start httpd

# Set you DNS for abc.com, then install Let's Encrypt's free SSL.
certbot --apache -d abc.com -d www.abc.com

# Init MySQL
systemctl start mysqld

# Get MySQl root password.
grep password /var/log/mysqld.log

# Login to MySQL
mysql -p

# Run in MySQL client, change root password and create a mysql user
ALTER USER 'root'@'localhost' IDENTIFIED BY 'new_password';
CREATE USER 'mysql'@'localhost' IDENTIFIED BY 'password';
GRANT ALL PRIVILEGES ON *.* TO 'mysql'@'localhost';

# Back to Bash shell. Restart and enable boot startup of Apache and MySQL
systemctl enable httpd
systemctl enable mysqld
systemctl restart httpd
systemctl restart mysqld

 

Link to comment
Share on other sites

I would not go encouraging merchants to host their own system, or even to manage their own server within some sort of hosting. The vast majority of people don't know as much about security as the hackers do, and will be eaten for lunch. My suggestion is always to go with a reputable hosting service... pay them a few bucks a month to worry about security. Just the time alone you'll save not having to maintain your system (exclusive of security issues) could pay for the hosting. Just something to think about before trying to save $5 a month or whatever.

Link to comment
Share on other sites

Ah, @MrPhil, nothing's being encouraged at all, I think it's more like not being discouraged from utilizing some of these awesome technologies. You know for what it use to take a senior guy to manage it can now be done by my 13 yr old snapping and spawning and moving instances across data centers or adding CPUs and RAMs with just a few clicks.

Link to comment
Share on other sites

Routine resource management may indeed now be simple enough for a 13 y.o. to handle, but my worry is about what the Bad Guys are doing, trying to break into the system and steal information or corrupt the place, or even just commit vandalism in the form of denying service to your customers. It takes a lot of training and experience to keep even a half step ahead of them! Security alone is a full time job. I don't have time to keep up with it.

Link to comment
Share on other sites

on the other hand, it is a great piece of info to show off what you can and are knowledgeable about. The kind of thing I like to do on a raspberry pi just for the fun of it :D

KEEP CALM AND CARRY ON

I do not use the responsive bootstrap version since i coded my responsive version earlier, but i have bought every 28d of code package to support burts effort and keep this forum alive (albeit more like on life support).

So if you are still here ? What are you waiting for ?!

 

Find the most frequent unique errors to fix:

grep "PHP" php_error_log.txt | sed "s/^.* PHP/PHP/g" |grep "line" |sort | uniq -c | sort -r > counterrors.txt

Link to comment
Share on other sites

18 hours ago, bruyndoncx said:

on the other hand, it is a great piece of info to show off what you can and are knowledgeable about. The kind of thing I like to do on a raspberry pi just for the fun of it :D

Well, @bruyndoncx, LAMP stack is no comparison to a raspberry pi, I would triple firewall that pi so it'd be all mine!!! :cool:

Link to comment
Share on other sites

forgot to mention, that RPI is just on the local network. It is an easy way for a unix environment where you have full control vs a cheap host.

KEEP CALM AND CARRY ON

I do not use the responsive bootstrap version since i coded my responsive version earlier, but i have bought every 28d of code package to support burts effort and keep this forum alive (albeit more like on life support).

So if you are still here ? What are you waiting for ?!

 

Find the most frequent unique errors to fix:

grep "PHP" php_error_log.txt | sed "s/^.* PHP/PHP/g" |grep "line" |sort | uniq -c | sort -r > counterrors.txt

Link to comment
Share on other sites

I went with a dedicated server in 2007 and there is a ton of stuff to learn.  I like learning, but there's just a ton.  I had help with getting it setup an managing in the beginning.  I think the most important security piece I learned is protecting SSH.  Changing the port to some hard to guess number, not being able to log in as root, then having a wheel user that is only for logging in and using a certificate to log in with it.  For firewall, I only have ports I need open.  As I think about it, the list goes on and on.  On the positive side, you can zip it up pretty tight.  For instance, I only use SFTP, so port 21 is dissabled. 

I would never want to be an actual webhost though. 

I'm not really a dog.

Link to comment
Share on other sites

@bruyndoncx, well, I'm id10t. I have no idea what's a RPI so I looked it up and now I am with you. I am kinda hungry, I guess.

@John W, you know, I think it could be misleading that if you use a hosting company then it must be secure. I think if you run an eCommerce site, it would be your responsibility to make sure that your site is secure. I think most of the posts I had read in the past regarding a site being hacked or hi-jacked were hosted at some hosting company. So learn we must I guess, and you may be surprised how some of the vanilla install of these latest Linux distros are reasonably secured. Also, as much as we are concerned with "bad guys," I tend to keep nothing to be desired by "bad guys" in my sites. I think most eCommerce sites are if they are PCI compliance. I am not "encouraging" everyone to run out and host their own LAMP stack, I think I was just hoping to show how simple it is to bring up a LAMP instance at a very reasonable cost. I also do agree with you that running your own dedicated server/instance can give you more flexibility in managing its security and etc. Yes, but it would be required to also learn how to use ssh, rsa keys and command line and etc.

Lastly, AWS or DO, you are still not technically the hosting company, you r just getting a hosted instance without cPanel and the LAMP stack....


 

 

 

Link to comment
Share on other sites

@clustersolutions, You are absolutely correct about some host not being secure.  Over time, I've seen some posts on the Cpanel forums by people hosting a lot of sites asking really stupid questions.  The thing is, no one cares more about my site and business than I do.  I do have to admit that taking on my own server, which is at a SoftLayer datacernter, has been a big undertaking. 

Personally, I enjoyed post.

 

I'm not really a dog.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...