1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Minimal Configuration for Dedicated XenForo server?

Discussion in 'Server Configuration and Hosting' started by Marcus, Aug 24, 2013.

  1. Marcus

    Marcus Well-Known Member

    I am running a single xenForo community on my server and played with the idea of just setting up the packages my CentOS server needs for xenForo. From what I guess there are:

    nginx (or apache)
    Java (for elasticsearch)

    Currently I use Plesk and I am open for comments to stay on Plesk. I do have a contract with a Server Management company managing my Plesk server but they are not that helpful with upgrading to PHP 5.5 ("it's not possible" and I had to point them to the manual where Plesk outlines how to upgrade to PHP 5.5 etc.). The idea is to have minimal services hence minimal points for security hacks.
    Last edited: Aug 24, 2013
  2. Slavik

    Slavik XenForo Moderator Staff Member

    Don't forget IP tables. But yea, thats pretty much all you'll need.

    Use the REMI repo aswell to keep with nice up to date php versions.
  3. Marcus

    Marcus Well-Known Member

    Server management companies always tell me they "harden" their servers and build a "hardened kernel". If I just have the minimal configuration, there are no "open holes" I would have to fix, right?
  4. Slavik

    Slavik XenForo Moderator Staff Member

    With IP tables and an up-to-date install, centos is *pretty* tough to crack as it stands.

    How much you want to harden realy depends on how much you want to learn or feel is nessissary.

    Simple stuff and basics, like moving SSH port or using SSH keys: http://www.gridvirt.com/blog/beginners-linux-security-guide-centos-6-2/ (I highly reccomend bookmarking gridvirt.com)

    To NSA's documentation: http://www.nsa.gov/ia/_files/os/redhat/NSA_RHEL_5_GUIDE_v4.2.pdf

    Paid solutions: http://www.atomicorp.com/products/asl.html

    and free: http://grsecurity.net/

    And a whole variety inbetween.
    Marcus likes this.
  5. Marcus

    Marcus Well-Known Member

    Thanks, I guess I will start with the few basic packages and iptables. Just noticed that my server management company did not set any rules in iptables - which is not that bad, but paying for that kind of service is. I prefer a lean system so I can update PHP and MySQL myself and don't have to worry about Plesk Panel compatibility. As I have installed
    • Percona MySQL and the new
    • PHP 5.5.3 next to
    • nginx
    on my Plesk 11.5 server I use pretty much my own software where I don't need Plesk anyway.

Share This Page