How to Setup a minimal Virtualmin LEMP Stack in CentOS 7

# yum install nano get

# nano /etc/selinux/config (and change it to disabled)

# reboot

# wget http://software.virtualmin.com/gpl/scripts/install.sh

# sh install.sh -m -b LEMP

# yum remove php* rh-php72*

# yum install rh-php73 rh-php73-php-fpm rh-php73-php-cgi rh-php73-php-mysqlnd rh-php73-php-imap rh-php73-php-curl rh-php73-php-gd rh-php73-php-xmlrpc rh-php73-php-xsl rh-php73-php-mbstring rh-php73-php-zip rh-php73-php-cli rh-php73-php-dom rh-php73-php-pdo rh-php73-php-soap rh-php73-php-json rh-php73-php-xml rh-php73-php-pear rh-php73-php-bcmath rh-php73-php-pecl-apcu rh-php73-php-pecl-apcu-devel rh-php73-php-intl -y

# nano /etc/opt/rh/rh-php73/php.ini (increase upload_max_filesize and post_max_size)

# systemctl enable rh-php73-php-fpm

# systemctl start rh-php73-php-fpm

# systemctl enable nginx

# systemctl start nginx

Now log into Virtualmin and complete the install wizard. Then setup the Fail2Ban Intrusion Detector module. Copy the following to /etc/fail2ban/jail.local if it’s empty:

[sshd]
enabled = true
port = ssh
[ssh-ddos]
enabled = true
port = ssh,sftp
filter = sshd-ddos
[webmin-auth]
enabled = true
port = 10000
[proftpd]
enabled = true
port = ftp,ftp-data,ftps,ftps-data
[postfix]
enabled = true
port = smtp,465,submission
[dovecot]
enabled = true
port = pop3,pop3s,imap,imaps,submission,465,sieve
[postfix-sasl]
enabled = true
port = smtp,465,submission,imap3,imaps,pop3,pop3s

Also go to Webmin -> Webmin Configuration -> Authentication and tick the box to Block users with more than 4 failed logins for 1200 seconds. Then save.

Go to Webmin -> Hardware -> System Time and change the timezone to your local timezone. Then click on the ‘Time server sync’ tab and add pool.ntp.org as the timeserver hostname. Then click on the ‘Sync and Apply’ button.

Go to Virtualmin -> System Settings -> Features and Plugins and make sure all Apache plugins are unchecked (Apache website, SSL website, Protected web directories) and that the Nginx plugins are checked (Nginx website and Nginx SSL website). Go ahead and uncheck ‘BIND DNS domain’ if you are using your registrar’s nameservers or some other third party.

Go to Virtualmin -> System Settings -> Virtualmin Configuration and go to SSL settings. Make sure that ‘Request Let’s Encrypt certificate at domain creation time?’ and ‘Redirect HTTP to HTTPS by default?’ are set to ‘Yes’.

Go to Virtualmin -> System Settings -> Server Templates and click on ‘Default Settings’. Select ‘PHP Options’ from the template section dropdown and change the default PHP execution mode to FPM and save.