Linux - Will be the death of me

[Tazzi]

If you're going to use Virtualmin, start with a fresh install of CentOS and just run their install script, it will basically do everything you want from there.
https://www.virtualmin.com/download.html

Once that's done, add any missing components and make all configuration changes via Webmin/Virtualmin and you should be good. Its pretty reliable these days and you only generally run into problems if you try to configure stuff manually.

Create a single domain/virtual site for whatever you're doing as if doing normal re-seller/shared hosting even if you only have the one, will keep things simple and do all the user creation and permissions for you. You then won't need any of those other tutorials, it will be all done.

You can do that from virtualmin??

Well.. I imagine this isnt going to be my last reinstall anyways. Learning new stuff every time round.

When I added virtualmin, I think the self signed SSL that it implements started causing a bit of grief through FTP (filezilla).

[antus]

some random general advice to get your head in the right place for this:

yeah sus it out in a vm on your workstation. then you can snapshot, rollback, start again a lot easier. do it on the vps when you have it sussed out.
in general dont move things, dont change permissions. set groups as needed. everything is set how it is for a reason, and changes like that will cause problems.
to install built in software use yum search <searchstring> and yum install <packagename>. Yum will handle the dependencies.
In general if using 3rd party software, use a trusted, supported 3rd party repository, so you can do a normal yum update when you need to update the whole system.
go outside of the package management as little as possible.
go outside of redhats ecosystem as little as possible.
use winscp to upload files over a secure connection instead of ftp.
i dont think virtualmin will really help at all, it'll just be something else to setup and maintain.

having said all that the docs you linked look pretty straight forward and right. and i cant seem to find a wordpress el7 repo, so you'll need to maintain it manually. most wordpress sites that get hacked are through security vulnerabilities in low quality plugins. Try to avoid plugins, and if you need them read the code and try to see if it looks quality and if you can trust it.

[Tazzi]

Thanks Ant! Great advice! Figured thats the case with permissions and groups. Although it becomes a problem with trying to edit/add files in file manager.

Ill look into winscp shortly.

Trying to install wordpress in the root director of www/html

For whatever reason.. it doesnt want to do it. When I run the install "ServerIP/wp-admin/setup-config.php" in the browser, keeps going on about not having permission.

Yet, if I through the install into www/html/MySite, I can then open browser and runs with ServerIP/Mysite/wp-admin-setup-config.php

I guess its not exactly important.. but still not doing what I want it to

[antus]

ssh in, run sudo -i to become root, then less or tail -f on /var/log/httpd/error-log and see whats its saying.
also you can become the apache user with sudo -u apache -s /bin/bash (to override that the user does not normally have a shell (one of the layers of the security)) then cd /var/www/html/ and try and run it with ./Mysite/wp-admin-setup-config.php
if it runs you'll get the output you would expect in the browser, on the screen. if it doesnt you might get an error that makes more sense (which should be the same or similar to what you see in the error log).
if it does run, then its likely to do with the config of the virtual host not having enough permissions or not trying to execute php files.

[Tazzi]

On the ball there Ant. Not enough permissions to execute php files.

Just followed tutorial from this chap and seem to be all sweet: https://techblog.jeppson.org/2016/10/in ... -centos-7/

Further down the guide, it has a troubleshooting "Permission denied when accessing"

[antus]

Yeah so that restorecon stuff is for selinux rules and thats another layer of security (originally sponsored/developed by the nsa! https://www.nsa.gov/what-we-do/research ... faqs.shtml). it makes life hard but provides another line of defence even after this is a security hole. Many many guides will tell you to turn it off, but dont. It makes your system much more secure and increases the difficulty to to exploit an existing vulnerability. Android has inherited it from Linux (Linux kernel based OS) and its one of the reasons rooting many android phones became so difficult if not impossible. When you create a file it gets permissions based on the location it was created, and when you move it they dont change. If you move a file or change the selinux path rules you need to do a restorecon as root to update the file config (context). This is why i suggested not moving files. Selinux is a very indepth topic so i wouldnt suggest trying to learn it at this stage.

In the page you link watch out for the suggestion that says sed 's/AllowOverride None/AllowOverride All/g'. That'll set all sites configured on the host to allow a .htaccess file to override any permissions set. You probably dont want to do that. Most of the time not allowing any override and configuring the site properly through the normal configuration file is ok, and it prevents someone from finding a way to drop a .htaccess file on disk in the wordpress dir from overriding the next layer of security that way.

[Tazzi]

Ahhhhhh I see!

Ok, I believe I didn't run that part. But will go back over what I did anyways to be certain.

Finally to a point its all working.. no f'ups. Time to research backups, and finally test out compiling this damn linux app.

[antus]

For backups look in to creating a script that will tar up the install directory and use mysqldump to dump the database. Look at bzip2 to compress the files. You can use pipes to stream the data so you dont need so many temp files. Use whatever tool to move the backups of server.
make sure you use the --single-transaction switch when dumping the database so it doesnt block and stop the site serving users while the dump is occurring.

[Tazzi]

Awesome, put that on the todo list for learning. Might as well work it out now while its still in its infancy.

[antus]

Oh yeah once you have that working, look in to using cron to automate running it at intervals.