... after making partion with their (OVH) inner tools, following procedures:

passwd

yum install nano

cp ~/.bashrc ~/.bashrc.orig.$(date +%F)

nano ~/.bashrc

export PS1="{\w}\n[\[\e[31m\]\u\[\e[m\]@\[\e[34;40m\]\H\[\e[m\] \W\[$(tput sgr0)\]]\\$ "
export HISTTIMEFORMAT="%h %d %H:%M:%S "
export HISTSIZE=100000
export HISTFILESIZE=100000
export HISTCONTROL=ignoredups
export HISTIGNORE="ls:ps:history"

export HISTFILE=~/.terminal_history

df -h

 lvs

 pvs

lsblk

umount /cache/lv_cache_meta

umount /cache/lv_cache

nano /etc/fstab

#UUID=ac3bad7b-ecba-41ac-a6e5-e5dcd070fe33      /cache/lv_cache xfs     defaults        0       0
#UUID=83063739-99f2-4ae9-81e7-07eae2e37bde      /cache/lv_cache_meta    xfs     defaults        0  0
reboot
 

lvdisplay

lvconvert --type cache-pool --cachemode writethrough --poolmetadata vg/lvcachemeta vg/lvcache

   lsblk

    pvs

  lvs -a -o +devices

   lvconvert --type cache --cachepool vg/lvcache vg/centos7

    lvs -a -o +devices

   lsblk

Enabling quota on the / (root) partition

Normally you would enable quota in the /etc/fstab file, but if the filesystem is the root filesystem "/", then quota has to be enabled by a boot parameter of the Linux Kernel.

Edit the grub configuration file:

nano /etc/default/grub

search fole the line that starts with GRUB_CMDLINE_LINUX and add rootflags=uquota,gquota to the commandline parameters so that the resulting line looks like this:

GRUB_CMDLINE_LINUX="vconsole.keymap=us selinux=0 net.ifnames=0 biosdevname=0 crashkernel=auto  vconsole.font=latarcyrheb-sun16 rhgb quiet rootflags=uquota,gq$
GRUB_DISABLE_RECOVERY="true"

and apply the changes by running the following command.

cp /boot/grub2/grub.cfg /boot/grub2/grub.cfg_bak
grub2-mkconfig -o /boot/grub2/grub.cfg

and reboot the server.

reboot

Now check if quota is enabled:

mount | grep ' / '

When quota is active, we can see "usrquota,grpquota" in the mount option list.

SWAPPINESS

Tuning Virtual Memory

ACCESS BACKUP STORAGE and MAKE NEW FOLDERS on there

yum install ncftp

SERVER_HOST=xx.xx.xx.xx
SERVER_USERNAME=xxxxxx
FTP_USERNAME=nsxxxxxx.ip-xx-xx-xxx.eu
FTP_PASSWORD=xxxxxx
FTP_HOSTNAME=ftpback-rbx3-xxx.ovh.net

cat > ~/.netrc <<EOF
machine $FTP_HOSTNAME
	login $FTP_USERNAME
	password $FTP_PASSWORD
EOF
chmod 600 ~/.netrc

ncftp -u $FTP_USERNAME -p $FTP_PASSWORD $FTP_HOSTNAME

mkdir backups

MariDB-10

rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY*
  yum -y install epel-release
  yum -y update
  yum -y groupinstall 'Development Tools'
 yum install yum-utils
   yum install http://rpms.remirepo.net/enterprise/remi-release-7.rpm
       yum-config-manager --enable remi-php81
     yum install ntp httpd mod_ssl  php php-mysql php-mbstring phpmyadmin

echo "RequestHeader unset Proxy early" >> /etc/httpd/conf/httpd.conf

service httpd restart

yum install iptables-services

iptables -I INPUT -p tcp --dport 80 -m state --state NEW -j ACCEPT

iptables -I INPUT -p tcp --dport 443 -m state --state NEW -j ACCEPT
 
   yum info mariadb-server
  cd /etc/yum.repos.d/
    nano mariadb.repo                           https://mariadb.com/kb/en/yum/

curl -sS https://downloads.mariadb.com/MariaDB/mariadb_repo_setup | sudo bash

[mariadb]
name = MariaDB-10.3.34
baseurl= http://archive.mariadb.org/mariadb-10.3.34/yum/centos/$releasever/$basearch
gpgkey= https://archive.mariadb.org/PublicKey
gpgcheck=1

  yum-config-manager --enable  MariaDB.repo

yum info mariadb-server
   yum update
   rpm --import https://supplychain.mariadb.com/MariaDB-Server-GPG-KEY

yum clean all
  yum install MariaDB-server

systemctl enable mysql.service

systemctl start mysql.service

nano /etc/my.cnf

[mysqld]
datadir = /var/lib/mysql
socket = /var/lib/mysql/mysql.sock
# Disabling symbolic-links is recommended to prevent assorted security risks
symbolic-links = 0
# Settings user and group are ignored when systemd is used.
# If you need to run mysqld under a different user or group,
# customize your systemd unit file for mariadb according to the
# instructions in http://fedoraproject.org/wiki/Systemd

character-set-server = utf8mb4

performance_schema = ON

#max_allowed_packet=32M
max_allowed_packet = 16M

open_files_limit = 65535

#Configure tmp_table_size and max_heap_table_size
#Both directives should have the same size and will help you prevent disk writes. The tmp_table_siz$
max_heap_table_size = 16M # Increase to higher amount, if you have lots of temporary tables because of missing indices in JOINs
tmp_table_size = 16M

#max_connections = 100
max_connections = 150
#thread_cache_size = 50
#thread_cache_size = 26
thread_cache_size = 50
thread_stack = 192K

#query_cache_type=OPTION
#Set the query cache type. Possible options are as follows:
#0 : Don't cache results in or retrieve results from the query cache.
#1 : Cache all query results except for those that begin with SELECT S_NO_CACHE.
#2 : Cache results only for queries that begin with SELECT SQL_CACHE
# query_cache_size = 16M
query_cache_type = 1
query_cache_size = 16M
query_cache_limit = 4M
#query_cache_min_res_unit = 2k
query_cache_min_res_unit = 4k



# CALCULATIONS: 1048576 = 1M
key_buffer_size = 26M
read_buffer_size = 64k
read_rnd_buffer_size = 64k
sort_buffer_size = 1M
join_buffer_size = 2M

#interactive_timeout = 60
#wait_timeout = 60
#connect_timeout = 60
#wait_timeout=300
#interactive_timeout = 300
interactive_timeout = 50
wait_timeout = 1800
connect_timeout = 20
innodb-flush-log-at-trx-commit = 2

#Enabling MySQL Slow query Logs
slow-query-log = 1
slow-query-log-file = /var/lib/mysql/mysql-slow.log
long_query_time = 1



#skip-character-set-client-handshake !!! STOPS SEND-MAIL PROCESS
#skip-name-resolve=1  !!! STOPS SEND-MAIL PROCESS
# Skip reverse DNS lookup of clients
#skip-name-resolve {with opened doesn't allow sending}

#innodb_buffer_pool_size = 378435456
#innodb_buffer_pool_size = 128M !!!previous stable
innodb_buffer_pool_size = 512M
innodb_log_file_size = 64M
#innodb_buffer_pool_size = 256M - equation
#innodb_additional_mem_pool_size = 16106127

# NEWLY ADDED
#according mysqltuner recommendations
#innodb_file_per_table = on
#innodb_log_file_size = 32M

myisam_sort_buffer_size = 64M
# This replaces the startup script and checks MyISAM tables if needed
# the first time they are touched
myisam-recover         = BACKUP
#key_buffer = 36M
key_buffer = 36M

#InnoDB Multi-byte UTF-8 support
innodb_large_prefix = true
innodb_file_format = barracuda
innodb_file_per_table = true


#[client]
#default-character-set=utf8mb4

[mysqld_safe]
log-error = /var/log/mariadb/mariadb.log
pid-file = /var/run/mariadb/mariadb.pid

open_files_limit = 65535
#
# include all files from the config directory
#
!includedir /etc/my.cnf.d

[mysqldump]
quick
max_allowed_packet = 32M

#[mysql]
#no-auto-rehash
#default-character-set = utf8mb4

Set MySQL Passwords and Configure phpMyAdmin

mysql_secure_installation

cp /etc/httpd/conf.d/phpMyAdmin.conf /etc/httpd/conf.d/phpMyAdmin.conf.orig.$(date +%F)

cp /etc/phpMyAdmin/config.inc.php /etc/phpMyAdmin/config.inc.php.orig.$(date +%F)

nano /etc/httpd/conf.d/phpMyAdmin.conf

     #  Require ip 127.0.0.1
     #  Require ip ::1
        Require all granted

nano /etc/phpMyAdmin/config.inc.php

[...]
/* Authentication type */
$cfg['Servers'][$i]['auth_type'] = 'http';
[...]

cp -p /etc/ssh/sshd_config /etc/ssh/sshd_config.orig.$(date +%F)

 nano /etc/ssh/sshd_config

#
Port 269
#AddressFamily any

systemctl restart sshd

iptables -I INPUT -p tcp --dport 269 -m state --state NEW -j ACCEPT

chkconfig iptables on

iptables -I INPUT -p tcp -m tcp --dport 269 -m state --state NEW  -j LOG --log-level 1 --log-prefix "Possible ATTACKS"

== Portmapper servers ==

Portmapper is a service usually used with NFS.  When this is not properly firewalled, it can be abused to conduct DDOS attacks.  We recommend that all portmapper services be behind a firewall, and restricted to only IPs that need to contact them.

For Linux machines, please add firewall rules to block port 111 on both UDP and TCP:

iptables -I INPUT 1 -m tcp -p tcp --dport 111 -j DROP

iptables -I INPUT 1 -m udp -p udp --dport 111 -j DROP

service iptables save

iptables -L --line-numbers -n

How to Install and Uninstall remi-release.noarch Package on CentOS 7 / RHEL 7

1. Install "remi-release.noarch" package

yum makecache

yum install remi-release.noarch

2. Uninstall "remi-release.noarch" package

yum remove remi-release.noarch

yum autoremove

(for instance, additional setting) yum-config-manager --disable remi-php72

Fixing GD error

php --ri gd
PHP Warning:  PHP Startup: Unable to load dynamic library 'gd' (tried: /usr/lib64/php/modules/gd (/usr/lib64/php/modules/gd: cannot open shared object file: No such file or directory), /usr/lib64/php/modules/gd.so (libwebp.so.7: cannot open shared object file: No such file or directory)) in Unknown on line 0

yum remove libwebp7

yum install libwebp7

yum install php-gd

== Imagick with WebP support ==

yum install php-devel
yum install ImageMagick-devel

Install wepb from source:

1. wget https://storage.googleapis.com/downloads.webmproject.org/releases/webp/l...
2. tar xvzf libwebp-1.3.2.tar.gz
3. cd libwebp-1.3.2
4. ./configure
5. make && sudo make install

Install Imagick from source with webp support:

1. wget https://imagemagick.org/download/ImageMagick.tar.gz
2. tar xzvf ImageMagick.tar.gz
3. cd ImageMagick-7.1.1-28

4. export PKG_CONFIG_PATH=/usr/local/lib/pkgconfig

   ./configure --with-webp=yes
5. sudo make && sudo make install

Install Imagick using PECL:

1. sudo pecl install imagick

echo "extension=imagick.so" > /etc/php.d/20-imagick.ini

php -r "print_r(Imagick::queryFormats());"

php -i |grep "ImageMagick supported formats"

MEMCACHED

cd /tmp
 wget https://launchpad.net/libmemcached/1.0/1.0.18/+download/libmemcached-1.0...
 tar xzvf libmemcached-1.0.18.tar.gz
cd libmemcached-*
 phpize

./configure
 make
 make install

 pecl install igbinary

Add the following lines to your php.ini:

 pecl install msgpack

Memcached Library

 cd /tmp
wget http://memcached.org/latest
 mv latest latest.tar.gz
 tar xzvf latest.tar.gz
cd memcached-1.6.23
./configure && make && make test && sudo make install

Install Memcached PHP Extension

If you want to use Memcached as a caching database for PHP-based applications. Then, you will need to install Memcached PHP extension on your server.

cd ..

wget http://pecl.php.net/get/memcached-3.2.0.tgz

 tar xzvf memcached-3.2.0.tgz

cd memcached-3.2.0

phpize

make

make test

make install

cp /usr/local/src/php5-build/memcached-2.2.0/memcached.ini /etc/php.d/memcached.ini

nano /etc/php.d/memcached.ini

; Enable memcached extension module
extension=memcached.so

; ----- Options to use the memcached session handler

; RPM note : save_handler and save_path are defined
; for mod_php, in /etc/httpd/conf.d/php.conf
; for php-fpm, in /etc/php-fpm.d/*conf

;  Use memcache as a session handler
;session.save_handler=memcached
;  Defines a comma separated list of server urls to use for session storage
;session.save_path="localhost:11211"

; ----- Configuration options
; http://php.net/manual/en/memcached.configuration.php

memcached.serializer = "igbinary"

Configure Memcached Service

By default, Memcached is configured to listen on port 11211 on all interface. So it is recommended to configure Memcached to listen on the local (127.0.0.1) interface only. This will protect your server from denial of service attacks. You can do it by editing the Memcached default configuration file /etc/sysconfig/memcached:

nano /etc/sysconfig/memcached

PORT="11211"
USER="memcached"

# max connection 1024
#MAXCONN="2048"
MAXCONN="1024"

# set ram size to 1024 - 1GiB
CACHESIZE="1024"
#CACHESIZE="512"

# disable UDP and listen to loopback ip 127.0.0.1, for network connection use real ip e.g., 10.0.0.5
OPTIONS="-l 127.0.0.1 -U 0"
OPTIONS="-vv >> /var/log/memcached 2>&1"

updatedb

 locate bin/memcached
/usr/local/bin/memcached

ln -s /usr/local/bin/memcached /usr/bin/memcached

 memcached --version
 

And let's create daemon "service.file"

nano /usr/lib/systemd/system/memcached.service

[Unit]
Description=Memcached
Before=httpd.service
After=network.target

[Service]
Type=simple
EnvironmentFile=-/etc/sysconfig/memcached
ExecStart=/usr/bin/memcached -u $USER -p $PORT -m $CACHESIZE -c $MAXCONN $OPTIONS

[Install]
WantedBy=multi-user.target

ln -s /usr/lib/systemd/system/memcached.service /etc/systemd/system/multi-user.target.wants/memcached.service

or

systemctl enable memcached

groupadd memcached

adduser --system -g memcached --no-create-home memcached

systemctl start memcached

systemctl status memcached

uploadprogress

cd /tmp
wget https://pecl.php.net/get/uploadprogress-2.0.2.tgz
phpize
./configure --enable-uploadprogress
make

cat /etc/php.d/uploadprogress.ini
extension=uploadprogress.so
uploadprogress.get_contents=On
uploadprogress.file.filename_template=/tmp/upt_%s.txt
uploadprogress.file.contents_template=/tmp/upload_contents_%s

.htaccess

 # Reroute HTTPS upload requests to HTTP for progress bar support.
  <IfModule mod_ssl.c>
    RewriteCond %{HTTPS} =on
    RewriteCond %{QUERY_STRING} filefield/ahah|filefield/progress
    RewriteRule ^(.*)$ http://%{HTTP_HOST}%{REQUEST_URI}
  </IfModule>