Static Website Configuration for Nginx Web Server on CentOS 6 / CentOS 7

Q. How to configure and host static website on Nginx web server?

A. Nginx is a lightweight web server and an alternative to Apache. In order to run a static website on Nginx web server, you must configure your server to at least the following basic configuration. Failure to do this will stop some basic functions such as access to sitemap.xml which is required when submit a page to google and bing in webmaster tool.

Note : The following steps has been tested using root access on Nginx web server :

Static Website Configuration for Nginx Web Server

1. This is main Nginx configuration file. Make sure that sites-available folder was included at the bottom of the configuration as below :

# sudo vim /etc/nginx/nginx.conf
user  nginx;
worker_processes  2;

error_log  /var/log/nginx/error.log warn;
pid        /var/run/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;


    include /etc/nginx/sites-available/*.conf;
}

2. Create static.conf file which contains the configuration specific for static website that running on Nginx web server :

# sudo vim /etc/nginx/conf.d/static.conf
# WORDPRESS : Rewrite rules, sends everything through index.php and keeps the appended query string intact
location / {
    try_files $uri $uri/ /index.php?q=$uri&$args;
}

# SECURITY : Deny all attempts to access PHP Files in the uploads directory
location ~* /(?:uploads|files)/.*.php$ {
    deny all;
}
# REQUIREMENTS : Enable PHP Support
location ~ .php$ {
    # SECURITY : Zero day Exploit Protection
    try_files $uri =404;
    # ENABLE : Enable PHP, listen fpm sock
    fastcgi_split_path_info ^(.+.php)(/.+)$;
    #fastcgi_pass unix:/tmp/php-fpm.sock;
    fastcgi_pass   127.0.0.1:9000;
    fastcgi_index index.php;
    fastcgi_send_timeout 300s;
    fastcgi_read_timeout 300s;
    include fastcgi_params;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    fastcgi_buffer_size 128k;
    fastcgi_buffers 256 4k;
    fastcgi_busy_buffers_size 256k;
    fastcgi_temp_file_write_size 256k;
    fastcgi_intercept_errors on;
}

location /sitemap.xml.gz {
    add_header Cache-Control "public, must-revalidate";
}

3. Create common.conf file for common option in Nginx web server :

# sudo vim /etc/nginx/conf.d/common.conf

Add below :

# Global configuration file.
# ESSENTIAL : Configure Nginx Listening Port
listen 80;
# ESSENTIAL : Default file to serve. If the first file isn't found,
index index.php index.html index.htm;
# ESSENTIAL : no favicon logs
location = /favicon.ico {
    log_not_found off;
    access_log off;
}
# ESSENTIAL : robots.txt
location = /robots.txt {
    allow all;
    log_not_found off;
    access_log off;
}
# ESSENTIAL : Configure 404 Pages
error_page 404 /404.html;
# ESSENTIAL : Configure 50x Pages
error_page 500 502 503 504 /50x.html;
    location = /50x.html {
        root /usr/share/nginx/html;
    }
# SECURITY : Deny all attempts to access hidden files .abcde
location ~ /. {
    deny all;
}
# PERFORMANCE : Set expires headers for static files and turn off logging.
location ~* ^.+.(js|css|swf|xml|txt|ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|rss|atom|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ {
    access_log off; log_not_found off; expires 30d;
   add_header Pragma no-cache;
   add_header Cache-Control "public";
}

4. Configure website1 configuration :

# sudo vim /etc/nginx/sites-available/website1.com.conf
server {
    listen      80;
    server_name website1.com;
    rewrite ^/(.*)$ http://www.website1.com/$1 permanent;

}

server {
        server_name www.website1.com;
        root /var/www/html/website1.com;
        access_log /var/log/nginx/website1.com.access.log;
        error_log /var/log/nginx/website1.com.error.log;
        include conf.d/common.conf;
        include conf.d/static.conf;

}

5. Verify Nginx configuration syntax :

# sudo nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

6. Restart Nginx web server :

For CentOS 7 :

# sudo systemctl restart nginx

For CentOS 5/ CentOS 6

# sudo service nginx restart

static website

Static website are the cheapest was to start a website and does not require a lot of server resources to run it. Basic shared hosting plan is sufficient to use and nowaday static website is widely used by companies that are smaller.

Securing and Hardening Linux Dedicated Server

securing linuxWhen we hosted the linux dedicated server or virtual private server(VPS) in a data center, security of the system is very important in order to ensure the data and the information are safe from the hackers. Securing and hardening linux dedicated server is mandatory when nearly every computing resources and the application systems is online and susceptible to attack. This post share basic security and hardening tips for the linux dedicated server. If you are plan to host your own linux dedicated server, then this post should able to provide you a good baseline and ideas. The following are the best practices to securing and hardening linux dedicated server :

1. Patching Linux Systems
2. Keep Linux Kernel and Software such as WordPress/Joomla Up to Date
3. Secure SSH
4. Enforcing Stronger Passwords and Password Aging
5. Disable Unnecessary Processes, Services and Daemons
6. Install a host based firewall to protect your dedicated server from unauthorized access
7. Implement Linux Kernel /etc/sysctl.conf hardening
8. Configure Logging and Auditing
9. Install And Use Intrusion Detection System

How to Setup Apache httpd on CentOS Dedicated Server

apachehttpdThe Apache HTTP Server is a free or open source Web server developed by the Apache Software Foundation (http://www.apache.org/). This post describes the basic steps to setup Apache httpd on CentOS 6.4 64 bit dedicated server to host the website and blog. Having dedicated web server, you will get more control and flexibility on the configuration and you does not share its resources with anyone else. With at least 2GB RAM, you will get fairly consistent load times and better speed if compared to shared hosting and virtual private server (VPS). Bloggers or webmasters can get reasonable dedicated server price starting at $139 at very reputable companies such as hostgator.

1. How to Install httpd :

[root@centos64 ~]# yum install httpd -y

2. How to Check Apache server version :

[root@centos64 ~]# httpd -V
Server version: Apache/2.2.15 (Unix)
Server built:   Feb 22 2013 11:19:58
Server's Module Magic Number: 20051115:25
Server loaded:  APR 1.3.9, APR-Util 1.3.9
Compiled using: APR 1.3.9, APR-Util 1.3.9
Architecture:   64-bit
Server MPM:     Prefork
  threaded:     no
    forked:     yes (variable process count)
Server compiled with....
 -D APACHE_MPM_DIR="server/mpm/prefork"
 -D APR_HAS_SENDFILE
 -D APR_HAS_MMAP
 -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)
 -D APR_USE_SYSVSEM_SERIALIZE
 -D APR_USE_PTHREAD_SERIALIZE
 -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
 -D APR_HAS_OTHER_CHILD
 -D AP_HAVE_RELIABLE_PIPED_LOGS
 -D DYNAMIC_MODULE_LIMIT=128
 -D HTTPD_ROOT="/etc/httpd"
 -D SUEXEC_BIN="/usr/sbin/suexec"
 -D DEFAULT_PIDLOG="run/httpd.pid"
 -D DEFAULT_SCOREBOARD="logs/apache_runtime_status"
 -D DEFAULT_LOCKFILE="logs/accept.lock"
 -D DEFAULT_ERRORLOG="logs/error_log"
 -D AP_TYPES_CONFIG_FILE="conf/mime.types"
 -D SERVER_CONFIG_FILE="conf/httpd.conf"

3. Change /etc/hosts file :

[root@centos64 ~]# vi /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6

192.168.2.62 centos64.ehowstuff.local

4. Always backup the original configuration file before doing any changes :

[root@centos64 ~]# cp -p /etc/httpd/conf/httpd.conf /etc/httpd/conf/httpd.conf.backup.01042013

Note : -p mean preserve the specified attributes (default: mode,ownership,timestamps)

5. How to Configure httpd Apache service :

[root@centos64 ~]# vi /etc/httpd/conf/httpd.conf
ServerTokens Prod
KeepAlive On
ServerAdmin root@ehowstuff.local
ServerName www.ehowstuff.local:80
Options Indexes FollowSymLinks ExecCGI
AllowOverride All
DirectoryIndex index.html index.cgi index.php
ServerSignature Off
#AddDefaultCharset UTF-8
AddHandler cgi-script .cgi .pl

6. Restart Apache httpd :

[root@centos64 ~]# /sbin/service httpd restart
Stopping httpd:                                            [  OK  ]
Starting httpd:                                            [  OK  ]

7. How to configure Apache httpd auto start at boot :

[root@centos64 ~]# chkconfig httpd on

8. How to check the apache access log :

[root@centos64 ~]# tail -f /var/log/httpd/access_log
192.168.2.52 - - [01/Apr/2013:23:14:35 +0800] "GET /index.php?=PHPE9568F34-D428-11d2-A769-00AA001ACF42 HTTP/1.1" 200 2524 "http://192.168.2.62/" "Mozilla/5.0 (Windows NT 5.1; rv:18.0) Gecko/20100101 Firefox/18.0"
192.168.2.52 - - [01/Apr/2013:23:14:35 +0800] "GET /index.php?=PHPE9568F35-D428-11d2-A769-00AA001ACF42 HTTP/1.1" 200 2146 "http://192.168.2.62/" "Mozilla/5.0 (Windows NT 5.1; rv:18.0) Gecko/20100101 Firefox/18.0"
192.168.2.52 - - [01/Apr/2013:23:14:35 +0800] "GET / HTTP/1.1" 200 71412 "-" "Mozilla/5.0 (Windows NT 5.1; rv:18.0) Gecko/20100101 Firefox/18.0"
192.168.2.52 - - [01/Apr/2013:23:14:36 +0800] "GET /favicon.ico HTTP/1.1" 404 209 "-" "Mozilla/5.0 (Windows NT 5.1; rv:18.0) Gecko/20100101 Firefox/18.0"
192.168.2.52 - - [01/Apr/2013:23:14:36 +0800] "GET /favicon.ico HTTP/1.1" 404 209 "-" "Mozilla/5.0 (Windows NT 5.1; rv:18.0) Gecko/20100101 Firefox/18.0"

9 Steps to Setup Dedicated Server for your Website

dedicated serverThere are different types of hosting services are used in the computer technology such as shared hosting, VPS (Virtual Private Server) and Dedicated Server hosting. For new websites with low numbers of visitors, I would highly recommend getting a shared hosting. If you need more control of the server, then you should moving from shared hosting to a VPS. There are plenty of hosting companies offering Virtual Private Servers, and VPS hosting is getting cheaper. This blog hosted at RamNode VPS.

At some point, your site will get super slow server performance impact on limited resources when running VPS hosting. More server resources required is due to the increased number of visitors to the tens of thousands or hundreds of thousands per day.

At the situation when you are hitting super slow website performance due to huge numbers of traffic, I would recommend you to getting dedicated servers. Cheaper way is to setup VPS additional to balance the load. If cost is not an issue, I always recommend you to purchase a dedicated server as this will give you excellent processing performance. In a dedicated server environment , resources such as memory , hard drive storage capacity, processing power, and network access are all 100% to dedicated servers instead of shared with multiple VPS or dozens of shared hosting customers. Popular websites on the Internet certainly have excellent servers behind them. Without such an excellent server, web sites with high concurrency of visitors will not be able to survive.

If you are an experienced system administrator, the following articles may not attract you, but for web developers and those new to the web hosting, the following article can be a useful guide on their first steps. I believe the popular website on the internet has been setup by a consultant who specializes in servers or installed by an experienced system administrator. In this article, I would like to share 9 steps to setup Dedicated Server for your Website.

Once you have purchased a dedicated server, you can log in to your server to complete the setup of your server from start to finish. Below is a guide and checklist for you who are new to server administration.

9 Steps to Setup Dedicated Server

1. Choose and Install Linux operating system :

Choosing the right platform on which to host your dedicated server. Please make sure that you are familiar with the preferred operating system (OS) either CentOS or Fedora or Ubuntu or maybe Windows OS. If you choose linux OS, I would recommend you to do a clean minimal installed of the OS.

2. Update operating system :

Make sure that the OS has been applied the latest patches.
How to Update CentOS 6.4 System using ‘yum update’

3. Install Apache or Nginx Web server :

Apache httpd is one of the most popular web servers and has a lot of features that make it very extensible and useful for many different types of websites. As an alternative to Apache http server, you also can install NGINX. Nginx or “engine x” is a free, open-source HTTP server that provide high-performance edge web server with the lowest memory footprint and the key features to build modern and efficient web infrastructure. I used Nginx to run this blog.

How to Setup Nginx With PHP-FastCGI on CentOS 6.2/CentOS 6.3 VPS Server

4. Install MySQL Database server :

MySQL server is a database server that can stores and retrieves data for the blog, websites and applications. It is one of the most popular most used in the internet especially for content management and blogging site.

5. Install PHP :

PHP: Hypertext Preprocessor is a widely used, free and open-source server-side scripting language that was especially designed for web development to produce dynamic web pages and can be embedded into HTML.

6. Install Bind DNS server :

BIND (the Berkeley Internet Name Domain) also known as NAMED is the most widely used DNS server in the internet. Bind DNS helps to resolve domain name to ip address and ip address to domain name.

7. Install FTP server :

File Transfer Protocol (FTP) is a network protocol used transfer file in the network. one of the most popular FTP server for Unix/Linux is vsftpd. Vsftpd stand for Very Secure FTP Daemon. Vsftpd not only just another popular FTP server for Unix/Linux systems, but vsftpd delivers excellent performance by consuming less memory.

8. Harden and Secure the dedicated server :

There are a few steps to harden the OS of dedicated server.
a) Install a host based firewall to protect your dedicated server from unauthorized access:
Once you have your web server running, you have to install host based firewall and open only certain port in your firewall. I would recommend you tosetting up iptables on your linux dedicated server.

b) Use Strong passwords :
Password complexity requirements should be in place to enforce strong password. A strong password should have mixed case, special characters, numbers, and be longer than 8 characters. Additional security, the passwords should be changed regularly.

c) Disable Unnecessary Processes, Services and Daemons :
I would recommend you to disable unneeded processes,services and daemon such as bluetooth, hidd, cups, yum-updatesd, ypbind, nfs, snmpd, saslauthd, netfs, gpm, pcmcia and sendmail. SELinux also should be set to “Disabled”. This is still very experimental so I would leave this disabled unless you really know what you are doing.

9. Install or migrate over the content of your website or blog :

You can start to migrate over the content of your website or blog to your new dedicated server. For dynamic content blog, i would recommend you to use WordPress as a platform. WordPress is an open-source blogging platform. It’s a free blogging tool and content management system (CMS) based on PHP and MySQL.

I hope that this 9 steps to setup dedicated server can be a useful guide on your first steps to have your own dedicated server to run a websites.