Tuesday, October 18, 2011

1and1 VPS, Step 3: PHP Configuration

During the update process, I noticed that the base CentOS image had PHP 5.3 installed. I am used to using PHP 5.2, so I hope that my web services work okay.
The web services and sites are a mix of Joomla, Wordpress, Drupal and a few custom websites. For these to be supported, I need to ensure that the relevant modules are installed. The PHP configuration also needs some modification for better security.

  1. Install additional php modules: 
    • yum install php-devel.x86_64 php-mcrypt.x86_64 php-tidy.x86_64 php-xmlrpc.x86_64
  2. Check and change configuration settings in php.ini:
    • safe_mode = off
    • disable_functions="dl,exec,fsockopen,passthru,pcntl_exec,pfsockopen,popen,posix_kill,posix_mkfifo,posix_setuid,proc_close,proc_open,proc_terminate,shell_exec,system"
    • memory_limit = 256M
    • max_execution_time = 120
    • max_input_time = 240
  3. Restart the httpd service: 
    • service httpd restart
I'll probably have to change the contents of the disable_functions for Joomla and Drupal. However, there may be some workarounds.

Posted by Mark Carson at 11:00 AM 0 comments
Labels: , ,

1and1 VPS, Step 2: System Updates

Logging into Plesk for the first time since the reimage.
  1. Change password.
  2. Update Profile (so that the server can send status reports)
  3. Optional. Access the IP Address Restrictions settings page and add your IP address as the only IP that can access the panel. Making very sure that, if your IP is not fixed, to include some wildcards for an IP address range.
Updating base CentOS packages is the essential next step. SSH into the server:
  1. Export a list of all installed packages to a file: 
    • yum list installed > /root/base_packages.txt
  2. Perform the update: 
    • yum update
  3. Export a list of all installed packages now that the update is complete: 
    • yum list installed > /root/installed_updates.txt
Now, login to Plesk to update. (With luck this time, the update should work - yesterday it broke the server!)
  1. Selecting Install or Upgrade Product, proceeding to update from 10.1.1 to 10.3.1. Installing the update takes some time, particularly with all the 'microupdates'. Started to think it had crashed! Update successful.
  2. Entering the update interface again, I am selecting other components. In this instance, SpamAssassin for additional features for the mail server and Watchdog; for system monitoring. The latter may mean I don't need to install Cacti. (Why is Plesk downloading more 'microupdates'?)
  3. SpamAssassin seems to have failed to install correctly. Probably needs some configuration changes. Get to that later.
  4. The update interface now reports available component upgrades. Looked odd to me (apache and mysql), so a quick search uncovered Component Updates won't install. Lucky I checked, I hate errors. Just have to watch this link for the Plesk team to answer.
Now that the Plesk update is complete I do not want Plesk to automatically update. Log into Virtuozzo and disable the firewall rule.
Posted by Mark Carson at 8:19 AM 0 comments
Labels: , ,

1and1 VPS, Step 1: Reimage and setup

After the recent problems, I have decided to reimage my VPS with 1and1.

Logging into the Control Panel, selecting CentOS 5.5 and Plesk Panel 10, punching the reimage button. Says it will be ready in an hour. We'll see...

Twenty minutes later; done. Excellent. Now just a few very important changes to make:

  1. Login to Virtuozzo and change the password.
  2. Enable the firewall and add rules for Web, DNS, Plesk (SSL), SSH, Mail and FTP.
  3. Change the SSH port to something different, by editing /etc/ssh/sshd.config, updating the firewall with the new rules. Also helps if you got a fixed IP; modifying the source and destination IP addresses so that security is a bit better.
  4. Restart the sshd service to load the changes to the port number
Now, using PuTTY, connect to the server and test credentials. Before logging out of Viruozzo and using Plesk, it is recommended to start 'psa', 'mysqld' and 'named' in the system services section.

And, before I forget; open another firewall port (8447) so that Plesk can be updated.
Posted by Mark Carson at 6:27 AM 0 comments
Labels: , ,

Parallels Plesk - broken!

Just got another Virtual Private Server (VPS) from 1and1. Comes with Plesk 10. Completed a re-image this morning and got it up and running.
Done some updates on CentOS, PHP and MySQL. Tried to apply the updates to Plesk 10.3 and; server broken.
So, another reimage. This time though, I am documenting the steps to find out what breaks it. Probably Plesk...

Update
The first attempt at upgrading Plesk failed resulting in total inability to upgrade/update. This occurred for the following reasons:

  • Mulitple additional component was selected for install onto version 10.1.1. These were applied successfully with no apparent errors.
  • The update to 10.2.1 was selected to update the Panel software. This failed.
The additional components installed were the latest versions designed for the latest version of Plesk. The later update to the panel was 'expecting' older versions of the components, so these were skipped/corrupted causing dependencies to be broken.
It is fortunate that I was not performing this method of update to an existing Panel with live websites. That would have been disastrous (and embarrassing).
Posted by Mark Carson at 6:15 AM 0 comments
Subscribe to: Posts (Atom)