jonathonbyrdziak · October 10, 2011 08:02 · Mar 22, 2012 · Mar 22, 2012 · Mar 22, 2012 · Mar 22, 2012
diff --git a/Instructions b/Instructions
@@ -84,7 +84,7 @@ cd /tmp && rpm -Uph http://download.fedora.redhat.com/pub/epel/6/x86_64/epel-rel
 # and install the LAMP stack packages
 
 yum update
-yum install -y httpd php-common php gd gd-devel php-mcrypt php-xml php-xml php-devel php-imap php-soap php-mbstring php-mysql php-mhash php-simplexml php-dom php-gd php-pear php-pecl-imagick php-magickwand httpd-devel gcc curl php-curl mod_ssl pcre-devel mysql mysql-server php-mysql php-pdo
+yum install -y httpd php53-common php53 gd gd-devel php53-mcrypt php53-xml php53-devel php53-imap php53-soap php53-mbstring php53-mysql php-mhash php-simplexml php-dom php53-gd php-pear php-pecl-imagick php-magickwand httpd-devel gcc curl php53-curl mod_ssl pcre-devel mysql mysql-server php-mysql php-pdo
 
 ############################################################
 # Turning off a bunch of stuff that's not needed for this server

diff --git a/Instructions b/Instructions
@@ -75,6 +75,7 @@ passwd YOURNAME
 
 ############################################################
 # some good things in this repo
+# @see http://fedoraproject.org/wiki/EPEL
 
 cd /tmp && rpm -Uph http://download.fedora.redhat.com/pub/epel/6/x86_64/epel-release-6-5.noarch.rpm
 
@@ -268,4 +269,3 @@ openssl req -new -key $servername.key -out $servername.csr
 openssl x509 -req -days 365 -in $servername.csr -signkey $servername.key -out $servername.crt
 
 cp $servername.crt /etc/pki/tls/certs && cp $servername.csr /etc/pki/tls/certs && cp $servername.key /etc/pki/tls/private
-
diff --git a/Instructions b/Instructions
@@ -6,6 +6,8 @@
 # first things first, set your iptables for a web server. If you jack these 
 # up you don't want to have to re-install your os after doing much more.
 # @see http://www.thegeekstuff.com/2011/06/iptables-rules-examples/
+# and
+# @see https://help.ubuntu.com/community/IptablesHowTo
 
 # turn off until you've got it figured out, this way you can reboot and log back in
 chkconfig iptables off
@@ -267,4 +269,3 @@ openssl x509 -req -days 365 -in $servername.csr -signkey $servername.key -out $s
 
 cp $servername.crt /etc/pki/tls/certs && cp $servername.csr /etc/pki/tls/certs && cp $servername.key /etc/pki/tls/private
 
-
diff --git a/Instructions b/Instructions
@@ -15,26 +15,20 @@ chkconfig iptables off
 # keep in mind if you do anything wrong, you can now just reboot
 # clear all rules and start with blocking all traffic
 
-iptables -F
-iptables -P INPUT ACCEPT
-iptables -P OUTPUT ACCEPT
-iptables -P FORWARD ACCEPT
+iptables -F && iptables -P INPUT ACCEPT && iptables -P OUTPUT ACCEPT && iptables -P FORWARD ACCEPT
 
 ### Add your rules form the link above, here
 # ssh,smtp,imap,http,https,pop3,imaps,pop3s
 iptables -A INPUT -i eth0 -p tcp -m multiport --dports 22,25,143,80,443,110,993,995 -m state --state NEW,ESTABLISHED -j ACCEPT
-iptables -A OUTPUT -o eth0 -p tcp -m multiport --sports 22,25,143,80,110,443,993,995 -m state --state ESTABLISHED -j ACCEPT
+iptables -A OUTPUT -o eth0 -p tcp -m multiport --sports 22,25,143,80,110,443,993,995 -m state --state NEW,ESTABLISHED -j ACCEPT
 
 ## allow dns
-iptables -A OUTPUT -p udp -o eth0 --dport 53 -j ACCEPT
-iptables -A INPUT -p udp -i eth0 --sport 53 -j ACCEPT
+iptables -A OUTPUT -p udp -o eth0 --dport 53 -j ACCEPT && iptables -A INPUT -p udp -i eth0 --sport 53 -j ACCEPT
 
 # handling pings
-iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
-iptables -A OUTPUT -p icmp --icmp-type echo-reply -j ACCEPT
+iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT && iptables -A OUTPUT -p icmp --icmp-type echo-reply -j ACCEPT
 
-iptables -A OUTPUT -p icmp --icmp-type echo-request -j ACCEPT
-iptables -A INPUT -p icmp --icmp-type echo-reply -j ACCEPT
+iptables -A OUTPUT -p icmp --icmp-type echo-request -j ACCEPT && iptables -A INPUT -p icmp --icmp-type echo-reply -j ACCEPT
 
 # manage ddos attacks
 iptables -A INPUT -p tcp --dport 80 -m limit --limit 25/minute --limit-burst 100 -j ACCEPT
@@ -50,6 +44,11 @@ iptables -A LOGGING -j DROP
 # so if the traffic has not been accepted, block it
 iptables -A INPUT -j DROP
 iptables -I INPUT 1 -i lo -j ACCEPT
+iptables -A OUTPUT -j DROP
+
+# allow only internal port forwarding
+iptables -A FORWARD -i eth0 -o eth1 -j ACCEPT
+iptables -P FORWARD DROP
 
 # create an iptables config file
 iptables-save > /root/dsl.fw
@@ -269,4 +268,3 @@ openssl x509 -req -days 365 -in $servername.csr -signkey $servername.key -out $s
 cp $servername.crt /etc/pki/tls/certs && cp $servername.csr /etc/pki/tls/certs && cp $servername.key /etc/pki/tls/private
 
 
-
diff --git a/Instructions b/Instructions
@@ -39,19 +39,18 @@ iptables -A INPUT -p icmp --icmp-type echo-reply -j ACCEPT
 # manage ddos attacks
 iptables -A INPUT -p tcp --dport 80 -m limit --limit 25/minute --limit-burst 100 -j ACCEPT
 
-# once a rule affects traffic then it is no longer managed
-# so if the traffic has not been accepted, block it
-iptables -A INPUT -j DROP
-iptables -I INPUT 1 -i lo -j ACCEPT
-
-## You'll probably notice that some traffic is already being dropped, so let's find
-# out what it is
+## Implement some logging so that we know what's getting dropped
 
 iptables -N LOGGING
 iptables -A INPUT -j LOGGING
 iptables -A LOGGING -m limit --limit 2/min -j LOG --log-prefix "IPTables Packet Dropped: " --log-level 7
 iptables -A LOGGING -j DROP
 
+# once a rule affects traffic then it is no longer managed
+# so if the traffic has not been accepted, block it
+iptables -A INPUT -j DROP
+iptables -I INPUT 1 -i lo -j ACCEPT
+
 # create an iptables config file
 iptables-save > /root/dsl.fw
 

diff --git a/Instructions b/Instructions
@@ -42,8 +42,15 @@ iptables -A INPUT -p tcp --dport 80 -m limit --limit 25/minute --limit-burst 100
 # once a rule affects traffic then it is no longer managed
 # so if the traffic has not been accepted, block it
 iptables -A INPUT -j DROP
-iptables -A OUTPUT -j DROP
+iptables -I INPUT 1 -i lo -j ACCEPT
 
+## You'll probably notice that some traffic is already being dropped, so let's find
+# out what it is
+
+iptables -N LOGGING
+iptables -A INPUT -j LOGGING
+iptables -A LOGGING -m limit --limit 2/min -j LOG --log-prefix "IPTables Packet Dropped: " --log-level 7
+iptables -A LOGGING -j DROP
 
 # create an iptables config file
 iptables-save > /root/dsl.fw
@@ -264,4 +271,3 @@ cp $servername.crt /etc/pki/tls/certs && cp $servername.csr /etc/pki/tls/certs &
 
 
 
-
diff --git a/Instructions b/Instructions
@@ -21,7 +21,7 @@ iptables -P OUTPUT ACCEPT
 iptables -P FORWARD ACCEPT
 
 ### Add your rules form the link above, here
-# ssh, http, https, sendmail, pop3, imap
+# ssh,smtp,imap,http,https,pop3,imaps,pop3s
 iptables -A INPUT -i eth0 -p tcp -m multiport --dports 22,25,143,80,443,110,993,995 -m state --state NEW,ESTABLISHED -j ACCEPT
 iptables -A OUTPUT -o eth0 -p tcp -m multiport --sports 22,25,143,80,110,443,993,995 -m state --state ESTABLISHED -j ACCEPT
 
@@ -265,4 +265,3 @@ cp $servername.crt /etc/pki/tls/certs && cp $servername.csr /etc/pki/tls/certs &
 
 
 
-
diff --git a/Instructions b/Instructions
@@ -18,7 +18,7 @@ chkconfig iptables off
 iptables -F
 iptables -P INPUT ACCEPT
 iptables -P OUTPUT ACCEPT
-iptables -P FORWARD DROP
+iptables -P FORWARD ACCEPT
 
 ### Add your rules form the link above, here
 # ssh, http, https, sendmail, pop3, imap
@@ -266,4 +266,3 @@ cp $servername.crt /etc/pki/tls/certs && cp $servername.csr /etc/pki/tls/certs &
 
 
 
-
diff --git a/Instructions b/Instructions
@@ -12,12 +12,9 @@ chkconfig iptables off
 /etc/init.d/iptables on
 
 # allow ssh connections before you lock out everybody lol
-# keep in mind if you do anything wrong, just reboot
-
-iptables -A INPUT -i eth0 -p tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT
-iptables -A OUTPUT -o eth0 -p tcp --sport 80 -m state --state ESTABLISHED -j ACCEPT
-
+# keep in mind if you do anything wrong, you can now just reboot
 # clear all rules and start with blocking all traffic
+
 iptables -F
 iptables -P INPUT ACCEPT
 iptables -P OUTPUT ACCEPT

diff --git a/Instructions b/Instructions
@@ -9,7 +9,7 @@
 
 # turn off until you've got it figured out, this way you can reboot and log back in
 chkconfig iptables off
-/etc/init.d/iptables oon
+/etc/init.d/iptables on
 
 # allow ssh connections before you lock out everybody lol
 # keep in mind if you do anything wrong, just reboot

diff --git a/Instructions b/Instructions
@@ -9,15 +9,44 @@
 
 # turn off until you've got it figured out, this way you can reboot and log back in
 chkconfig iptables off
-service iptables off
+/etc/init.d/iptables oon
+
+# allow ssh connections before you lock out everybody lol
+# keep in mind if you do anything wrong, just reboot
+
+iptables -A INPUT -i eth0 -p tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT
+iptables -A OUTPUT -o eth0 -p tcp --sport 80 -m state --state ESTABLISHED -j ACCEPT
 
 # clear all rules and start with blocking all traffic
 iptables -F
-iptables -P INPUT DROP
-iptables -P OUTPUT DROP
+iptables -P INPUT ACCEPT
+iptables -P OUTPUT ACCEPT
 iptables -P FORWARD DROP
 
 ### Add your rules form the link above, here
+# ssh, http, https, sendmail, pop3, imap
+iptables -A INPUT -i eth0 -p tcp -m multiport --dports 22,25,143,80,443,110,993,995 -m state --state NEW,ESTABLISHED -j ACCEPT
+iptables -A OUTPUT -o eth0 -p tcp -m multiport --sports 22,25,143,80,110,443,993,995 -m state --state ESTABLISHED -j ACCEPT
+
+## allow dns
+iptables -A OUTPUT -p udp -o eth0 --dport 53 -j ACCEPT
+iptables -A INPUT -p udp -i eth0 --sport 53 -j ACCEPT
+
+# handling pings
+iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
+iptables -A OUTPUT -p icmp --icmp-type echo-reply -j ACCEPT
+
+iptables -A OUTPUT -p icmp --icmp-type echo-request -j ACCEPT
+iptables -A INPUT -p icmp --icmp-type echo-reply -j ACCEPT
+
+# manage ddos attacks
+iptables -A INPUT -p tcp --dport 80 -m limit --limit 25/minute --limit-burst 100 -j ACCEPT
+
+# once a rule affects traffic then it is no longer managed
+# so if the traffic has not been accepted, block it
+iptables -A INPUT -j DROP
+iptables -A OUTPUT -j DROP
+
 
 # create an iptables config file
 iptables-save > /root/dsl.fw
@@ -241,4 +270,3 @@ cp $servername.crt /etc/pki/tls/certs && cp $servername.csr /etc/pki/tls/certs &
 
 
 
-
diff --git a/Instructions b/Instructions
@@ -7,6 +7,31 @@
 # up you don't want to have to re-install your os after doing much more.
 # @see http://www.thegeekstuff.com/2011/06/iptables-rules-examples/
 
+# turn off until you've got it figured out, this way you can reboot and log back in
+chkconfig iptables off
+service iptables off
+
+# clear all rules and start with blocking all traffic
+iptables -F
+iptables -P INPUT DROP
+iptables -P OUTPUT DROP
+iptables -P FORWARD DROP
+
+### Add your rules form the link above, here
+
+# create an iptables config file
+iptables-save > /root/dsl.fw
+
+vi /etc/rc.local
+/sbin/iptables-restore < /root/dsl.fw
+
+/etc/init.d/iptables save
+
+## check to see if this setting is working great.
+service iptables restart
+
+## log out/in testing
+chkconfig iptables on
 
 ############################################################
 # locking down the ssh system next.
@@ -217,4 +242,3 @@ cp $servername.crt /etc/pki/tls/certs && cp $servername.csr /etc/pki/tls/certs &
 
 
 
-
diff --git a/Instructions b/Instructions
@@ -1,133 +1,145 @@
 # 
 # @author Jonathon byrd
-# @website http://www.redrokk.com
-# @
 # 
 
-# make sure we're working with the latest copy of everything
-  yum update
-
-# Add IP and a hostname
-# use the following command to save and exit this file
-# ESC :wq  
-  vi /etc/hosts
-
-# setting up the services to start on startup
-  chkconfig NetworkManager off
-  chkconfig NetworkManagerDispatcher off
-  chkconfig anacron off
-  chkconfig atd off
-  chkconfig bluetooth off
-  chkconfig cpuspeed off
-  chkconfig cups off
-  chkconfig gpm off
-  chkconfig hidd off
-  chkconfig ip6tables off
-  chkconfig irda off
-  chkconfig mdmonitor off
-  chkconfig mdmpd off
-  chkconfig pcscd off
-  chkconfig portmap off
-  chkconfig yum-updatesd off
-  chkconfig smartd off
-  chkconfig sshd on
-
-  service smartd stop
-  service NetworkManager stop
-  service NetworkManagerDispatcher stop
-  service anacron stop
-  service atd stop
-  service bluetooth stop
-  service cpuspeed stop
-  service cups stop
-  service gpm stop
-  service hidd stop
-  service ip6tables stop
-  service irda stop
-  service mdmonitor stop
-  service mdmpd stop
-  service pcscd stop
-  service portmap stop
-  service yum-updatesd stop
-
-# install apache
-  yum install httpd
-  chkconfig httpd on
-  service httpd start
+############################################################
+# first things first, set your iptables for a web server. If you jack these 
+# up you don't want to have to re-install your os after doing much more.
+# @see http://www.thegeekstuff.com/2011/06/iptables-rules-examples/
 
-# install the LAMP repo from epel
-  cd /tmp
-  rpm -Uph http://download.fedora.redhat.com/pub/epel/6/x86_64/epel-release-6-5.noarch.rpm
 
-# installing everything needed by our server
-  yum install -y php-common php gd gd-devel php-mcrypt php-xml php-xml php-devel php-imap php-soap php-mbstring php-mysql php-mhash php-simplexml php-dom php-gd php-pear php-pecl-imagick php-magickwand httpd-devel gcc curl php-curl mod_ssl pcre-devel
+############################################################
+# locking down the ssh system next.
+# see http://www.howtogeek.com/howto/linux/security-tip-disable-root-ssh-login-on-linux/
 
+useradd YOURNAME
+passwd YOURNAME
 
-# Finish installing mod_ssl
-# add this 'NameVirtualHost *:443' after 'Listen 443' in this file
-  vi /etc/httpd/conf.d/ssl.conf
+############################################################
+# some good things in this repo
 
-# installing mysql server
-  yum install -y mysql mysql-server php-mysql php-pdo 
-  mv /etc/my.cnf /etc/my.cnf.bkp && cp /usr/share/mysql/my-huge.cnf /etc/my.cnf
-  chkconfig mysqld on
-  service mysqld start
+cd /tmp && rpm -Uph http://download.fedora.redhat.com/pub/epel/6/x86_64/epel-release-6-5.noarch.rpm
 
-  mysql_install_db
-  mysqladmin -u root password SOMEPASSWORD
-
+############################################################
+# make sure we're working with the latest copy of everything
+# and install the LAMP stack packages
+
+yum update
+yum install -y httpd php-common php gd gd-devel php-mcrypt php-xml php-xml php-devel php-imap php-soap php-mbstring php-mysql php-mhash php-simplexml php-dom php-gd php-pear php-pecl-imagick php-magickwand httpd-devel gcc curl php-curl mod_ssl pcre-devel mysql mysql-server php-mysql php-pdo
+
+############################################################
+# Turning off a bunch of stuff that's not needed for this server
+# and then turning on the few items that we do want.
+
+chkconfig NetworkManager off
+chkconfig NetworkManagerDispatcher off
+chkconfig anacron off
+chkconfig atd off
+chkconfig bluetooth off
+chkconfig cpuspeed off
+chkconfig cups off
+chkconfig gpm off
+chkconfig hidd off
+chkconfig ip6tables off
+chkconfig irda off
+chkconfig mdmonitor off
+chkconfig mdmpd off
+chkconfig pcscd off
+chkconfig portmap off
+chkconfig yum-updatesd off
+chkconfig smartd off
+chkconfig sshd on
+chkconfig httpd on
+chkconfig mysqld on
+
+service smartd stop
+service NetworkManager stop
+service NetworkManagerDispatcher stop
+service anacron stop
+service atd stop
+service bluetooth stop
+service cpuspeed stop
+service cups stop
+service gpm stop
+service hidd stop
+service ip6tables stop
+service irda stop
+service mdmonitor stop
+service mdmpd stop
+service pcscd stop
+service portmap stop
+service yum-updatesd stop
+service httpd start
+service mysqld start
+
+############################################################
+# configuring the mysql server
+# NOTICE: the my-huge.cnf file sets aside a lot of resources
+
+cp /etc/my.cnf /etc/my.cnf.bkp && cp /usr/share/mysql/my-huge.cnf /etc/my.cnf
+mysql_install_db
+mysqladmin -u root password SOMEPASSWORD
 
+############################################################
+# only if you're going to be setting up virtual hosts
 # Mod Macro makes VirtualHosts a Breeze
-  wget http://www.coelho.net/mod_macro/mod_macro-latest.tar.gz
-  tar -zxvf mod_macro-latest.tar.gz
-  apxs -c -i -a mod_macro-1.1.11/mod_macro.c
-
+
+wget http://www.coelho.net/mod_macro/mod_macro-latest.tar.gz
+tar -zxvf mod_macro-latest.tar.gz
+apxs -c -i -a mod_macro-1.1.11/mod_macro.c
 
-# I've saved three .conf files for httpd that you can copy to the /etc/httpd/conf.d directory.
-# Once done create the vhosts.conf file
-  touch /home/vhosts.conf
+touch /home/vhosts.conf
 
+############################################################
+# my mod macro scripts are also saved here. take a second and post them 
+# to the /etc/httpd/conf.d directory.
 
-# my mod macro scripts are also saved here. take a second and post them to the /etc/httpd/conf.d directory.
-  mkdir /home/default && mkdir /home/default/logs && mkdir /home/default/web && mkdir /home/default/web/cgi-bin && mkdir /home/default/web/webroot
-  touch /home/default/web/webroot/index.html
+mkdir /home/default && mkdir /home/default/logs && mkdir /home/default/web && mkdir /home/default/web/cgi-bin && mkdir /home/default/web/webroot
 
+touch /home/default/web/webroot/index.html
 
+############################################################
 # Installing phpmyadmin
-  wget http://downloads.sourceforge.net/project/phpmyadmin/phpMyAdmin/3.4.5/phpMyAdmin-3.4.5-english.tar.gz?r=&ts=1318233825&use_mirror=superb-dca2
-  tar -C  /home/default/ -zxvf phpMyAdmin-3.4.5-english.tar.gz
-  mv /home/default/phpMyAdmin-3.4.5-english /home/default/phpmyadmin
+
+wget http://downloads.sourceforge.net/project/phpmyadmin/phpMyAdmin/3.4.5/phpMyAdmin-3.4.5-english.tar.gz?r=&ts=1318233825&use_mirror=superb-dca2
 
+tar -C  /home/default/ -zxvf phpMyAdmin-3.4.5-english.tar.gz
+mv /home/default/phpMyAdmin-3.4.5-english /home/default/phpmyadmin
 
+############################################################
 # I use github for everything
-  yum install git-core
-  mkdir ~/.ssh && cd ~/.ssh
-  ssh-keygen -t rsa -C "your_email@youremail.com"
-
+
+yum install git-core
+mkdir ~/.ssh && cd ~/.ssh
+ssh-keygen -t rsa -C "your_email@youremail.com"
 
+############################################################
 # After adding the key to your github account you can test your connection like this
-  ssh -T git@github.com
-  git config --global user.name "Firstname Lastname"
-  git config --global user.email "your_email@youremail.com"
-  git config --global github.user username
-  git config --global github.token 0123456789yourf0123456789token
-
+
+ssh -T git@github.com
+git config --global user.name "Firstname Lastname"
+git config --global user.email "your_email@youremail.com"
+git config --global github.user username
+git config --global github.token 0123456789yourf0123456789token
 
+############################################################
 # create your users default directory setup
-  mkdir /etc/skel/www.example.com && mkdir /etc/skel/www.example.com/logs && mkdir /etc/skel/www.example.com/web && mkdir /etc/skel/www.example.com/web/cgi-bin && mkdir /etc/skel/www.example.com/web/webroot
 
-  touch /etc/skel/www.example.com/web/webroot/index.php
+mkdir /etc/skel/www.example.com && mkdir /etc/skel/www.example.com/logs && mkdir /etc/skel/www.example.com/web && mkdir /etc/skel/www.example.com/web/cgi-bin && mkdir /etc/skel/www.example.com/web/webroot
 
+touch /etc/skel/www.example.com/web/webroot/index.php
 
+############################################################
 # create your users
-  useradd production
-  passwd production
+
+useradd production
+passwd production
 
-  usermod -a -G apache production
-  usermod -a -G ftp production
+usermod -a -G apache production
+usermod -a -G ftp production
 
 
-####################################3
+############################################################
 # A few other packages that I like to use
 
 # Xdebug
@@ -156,7 +168,7 @@
   vi /etc/php.d/apc.ini
 
 
-# 
+############################################################
 # It's time to install magento
 # Find the latest magento files here 
 # http://www.magentocommerce.com/wiki/groups/227/installing_magento_via_shell_ssh
@@ -181,14 +193,14 @@
   chgrp apache skin
   chgrp apache var
 
-
+############################################################
 # Install the magento-cleanup.php script into your web directory, its safer there
 # Add the following line to your crontab
 # 1 1 * * * php /home/production/www.example.com/web/magento-cleanup.php
-  crontab -e
 
-
-
+crontab -e
+
+############################################################
 # generate certificates for the web server:
 openssl genrsa -des3 -out $servername.key 2048
 openssl rsa -in $servername.key -out $servername.key.insecure
@@ -206,4 +218,3 @@ cp $servername.crt /etc/pki/tls/certs && cp $servername.csr /etc/pki/tls/certs &
 
 
 
-
diff --git a/Instructions b/Instructions
@@ -57,8 +57,7 @@
 
 # install the LAMP repo from epel
   cd /tmp
-  wget http://download.fedora.redhat.com/pub/epel/6/x86_64/epel-release-6-5.noarch.rpm
-  rpm -Uph epel-release-6-5.noarch.rpm
+  rpm -Uph http://download.fedora.redhat.com/pub/epel/6/x86_64/epel-release-6-5.noarch.rpm
 
 # installing everything needed by our server
   yum install -y php-common php gd gd-devel php-mcrypt php-xml php-xml php-devel php-imap php-soap php-mbstring php-mysql php-mhash php-simplexml php-dom php-gd php-pear php-pecl-imagick php-magickwand httpd-devel gcc curl php-curl mod_ssl pcre-devel
@@ -208,4 +207,3 @@ cp $servername.crt /etc/pki/tls/certs && cp $servername.csr /etc/pki/tls/certs &
 
 
 
-
diff --git a/Instructions b/Instructions
@@ -23,7 +23,6 @@
   chkconfig gpm off
   chkconfig hidd off
   chkconfig ip6tables off
-  chkconfig iptables off
   chkconfig irda off
   chkconfig mdmonitor off
   chkconfig mdmpd off
@@ -44,7 +43,6 @@
   service gpm stop
   service hidd stop
   service ip6tables stop
-  service iptables stop
   service irda stop
   service mdmonitor stop
   service mdmpd stop
@@ -211,4 +209,3 @@ cp $servername.crt /etc/pki/tls/certs && cp $servername.csr /etc/pki/tls/certs &
 
 
 
-
diff --git a/Instructions b/Instructions
@@ -200,7 +200,7 @@ openssl req -new -key $servername.key -out $servername.csr
 
 openssl x509 -req -days 365 -in $servername.csr -signkey $servername.key -out $servername.crt
 
-cp $servername.crt /etc/ssl/certs && cp $servername.csr /etc/ssl/certs && cp $servername.key /etc/ssl/private
+cp $servername.crt /etc/pki/tls/certs && cp $servername.csr /etc/pki/tls/certs && cp $servername.key /etc/pki/tls/private
 
 
 

diff --git a/Instructions b/Instructions
@@ -192,7 +192,15 @@
 
 
 
+# generate certificates for the web server:
+openssl genrsa -des3 -out $servername.key 2048
+openssl rsa -in $servername.key -out $servername.key.insecure
+mv $servername.key $servername.key.secure && mv $servername.key.insecure $servername.key
+openssl req -new -key $servername.key -out $servername.csr
 
+openssl x509 -req -days 365 -in $servername.csr -signkey $servername.key -out $servername.crt
+
+cp $servername.crt /etc/ssl/certs && cp $servername.csr /etc/ssl/certs && cp $servername.key /etc/ssl/private
 
 
 

diff --git a/magento-cleanup.php b/magento-cleanup.php
@@ -1,5 +1,5 @@
 <?php
-$basepath = dirname(__file__).'/web/webroot/';
+$basepath = dirname(__file__).'/webroot/';
 $xml = simplexml_load_file($basepath.'app/etc/local.xml', NULL, LIBXML_NOCDATA);
 
 $db['host'] = $xml->global->resources->default_setup->connection->host;

diff --git a/magento-cleanup.php b/magento-cleanup.php
@@ -8,8 +8,8 @@
 $db['pass'] = $xml->global->resources->default_setup->connection->password;
 $db['pref'] = $xml->global->resources->db->table_prefix;
 
-if($_GET['clean'] == 'log') clean_log_tables();
-if($_GET['clean'] == 'var') clean_var_directory();
+clean_log_tables();
+clean_var_directory();
 
 function clean_log_tables() {
     global $db;

diff --git a/magento-cleanup.php b/magento-cleanup.php
@@ -1,5 +1,6 @@
 <?php
-$xml = simplexml_load_file('./app/etc/local.xml', NULL, LIBXML_NOCDATA);
+$basepath = dirname(__file__).'/web/webroot/';
+$xml = simplexml_load_file($basepath.'app/etc/local.xml', NULL, LIBXML_NOCDATA);
 
 $db['host'] = $xml->global->resources->default_setup->connection->host;
 $db['name'] = $xml->global->resources->default_setup->connection->dbname;
@@ -38,16 +39,16 @@ function clean_log_tables() {
 
 function clean_var_directory() {
     $dirs = array(
-        'downloader/pearlib/cache/*',
-        'downloader/pearlib/download/*',
-        'var/cache/',
-        'var/log/',
-        'var/report/',
-        'var/session/',
-        'var/tmp/'
+        $basepath.'downloader/pearlib/cache/*',
+        $basepath.'downloader/pearlib/download/*',
+        $basepath.'var/cache/',
+        $basepath.'var/log/',
+        $basepath.'var/report/',
+        $basepath.'var/session/',
+        $basepath.'var/tmp/'
     );
 
     foreach($dirs as $v => $k) {
-        exec('rm -rf '.$k);
+        exec("rm -rf $k && mkdir $k && chmod -R 0777 $k");
     }
-}
+}
diff --git a/gistfile1.txt → Instructions b/gistfile1.txt → Instructions
@@ -148,7 +148,7 @@
   service httpd restart
 
   http://xxx.xxx.xxx.xxx/loader-wizard.php
-
+  rm -f /home/default/web/webroot/loader-wizard.php
 
 # APC
   pecl install apc
@@ -185,7 +185,11 @@
   chgrp apache var
 
 
-
+# Install the magento-cleanup.php script into your web directory, its safer there
+# Add the following line to your crontab
+# 1 1 * * * php /home/production/www.example.com/web/magento-cleanup.php
+  crontab -e
+
 
 
 

diff --git a/magento-cleanup.php b/magento-cleanup.php
@@ -0,0 +1,53 @@
+<?php
+$xml = simplexml_load_file('./app/etc/local.xml', NULL, LIBXML_NOCDATA);
+
+$db['host'] = $xml->global->resources->default_setup->connection->host;
+$db['name'] = $xml->global->resources->default_setup->connection->dbname;
+$db['user'] = $xml->global->resources->default_setup->connection->username;
+$db['pass'] = $xml->global->resources->default_setup->connection->password;
+$db['pref'] = $xml->global->resources->db->table_prefix;
+
+if($_GET['clean'] == 'log') clean_log_tables();
+if($_GET['clean'] == 'var') clean_var_directory();
+
+function clean_log_tables() {
+    global $db;
+
+    $tables = array(
+        'dataflow_batch_export',
+        'dataflow_batch_import',
+        'log_customer',
+        'log_quote',
+        'log_summary',
+        'log_summary_type',
+        'log_url',
+        'log_url_info',
+        'log_visitor',
+        'log_visitor_info',
+        'log_visitor_online',
+        'report_event'
+    );
+
+    mysql_connect($db['host'], $db['user'], $db['pass']) or die(mysql_error());
+    mysql_select_db($db['name']) or die(mysql_error());
+
+    foreach($tables as $v => $k) {
+        mysql_query('TRUNCATE `'.$db['pref'].$k.'`') or die(mysql_error());
+    }
+}
+
+function clean_var_directory() {
+    $dirs = array(
+        'downloader/pearlib/cache/*',
+        'downloader/pearlib/download/*',
+        'var/cache/',
+        'var/log/',
+        'var/report/',
+        'var/session/',
+        'var/tmp/'
+    );
+
+    foreach($dirs as $v => $k) {
+        exec('rm -rf '.$k);
+    }
+}
diff --git a/gistfile1.txt b/gistfile1.txt
@@ -63,7 +63,7 @@
   rpm -Uph epel-release-6-5.noarch.rpm
 
 # installing everything needed by our server
-  yum install -y php-common php gd gd-devel php-mcrypt php-xml php-xml php-devel php-imap php-soap php-mbstring php-mysql php-mhash php-simplexml php-dom php-gd php-pear php-pecl-imagick php-magickwand httpd-devel gcc curl php-curl mod_ssl
+  yum install -y php-common php gd gd-devel php-mcrypt php-xml php-xml php-devel php-imap php-soap php-mbstring php-mysql php-mhash php-simplexml php-dom php-gd php-pear php-pecl-imagick php-magickwand httpd-devel gcc curl php-curl mod_ssl pcre-devel
 
 
 # Finish installing mod_ssl
@@ -72,6 +72,7 @@
 
 # installing mysql server
   yum install -y mysql mysql-server php-mysql php-pdo 
+  mv /etc/my.cnf /etc/my.cnf.bkp && cp /usr/share/mysql/my-huge.cnf /etc/my.cnf
   chkconfig mysqld on
   service mysqld start
 
@@ -148,6 +149,16 @@
 
   http://xxx.xxx.xxx.xxx/loader-wizard.php
 
+
+# APC
+  pecl install apc
+
+# add the following two lines to this file
+# ; Enable APC extension module
+# extension=apc.so
+  vi /etc/php.d/apc.ini
+
+
 # 
 # It's time to install magento
 # Find the latest magento files here 

diff --git a/gistfile1.txt b/gistfile1.txt
@@ -91,7 +91,8 @@
 
 
 # my mod macro scripts are also saved here. take a second and post them to the /etc/httpd/conf.d directory.
-  mkdir /home/default && mkdir /home/default/logs && mkdir /home/default/cgi-bin && mkdir /home/default/web
+  mkdir /home/default && mkdir /home/default/logs && mkdir /home/default/web && mkdir /home/default/web/cgi-bin && mkdir /home/default/web/webroot
+  touch /home/default/web/webroot/index.html
 
 
 # Installing phpmyadmin
@@ -137,7 +138,13 @@
 # IonCube
   cd /tmp && wget http://downloads2.ioncube.com/loader_downloads/ioncube_loaders_lin_x86-64.tar.gz
   tar -zxvf ioncube_loaders_lin_x86-64.tar.gz
-  cp ioncube/loader-wizard.php /home/default/web/
+  cp ioncube/loader-wizard.php /home/default/web/webroot
+  mv ioncube /usr/src
+
+# Paste the following line into your php.ini
+# zend_extension=/usr/src/ioncube/ioncube_loader_lin_5.3.so
+  vi /etc/php.ini
+  service httpd restart
 
   http://xxx.xxx.xxx.xxx/loader-wizard.php
 

diff --git a/vhosts-default.conf b/vhosts-default.conf
@@ -2,17 +2,19 @@
 # www.5twentystudios.com
 
 # domain: www.5twentystudios.com
-# public: /home/default/web/
-
-<VirtualHost default_:80>
+# public: /home/default/web/webroot
+
+NameVirtualHost *:80
+
+<VirtualHost _default_:80>
 
   # Admin email, Server Name (domain name) and any aliases
-  ServerName  xxx.xxx.xxx.xxx
+  ServerName ${SERVER_ADDR}
 
   # Index file and Document Root (where the public files are located)
-  DocumentRoot /home/default/web/
+  DocumentRoot /home/default/web/webroot
 
-  <Directory /home/default/web/>
+  <Directory /home/default/web/webroot/>
     Options -Indexes FollowSymLinks MultiViews
     AllowOverride All
 	Order allow,deny
@@ -43,6 +45,173 @@
 # SSL Management
 #
 
+NameVirtualHost *:443
+
+<VirtualHost _default_:443>
+
+  # Admin email, Server Name (domain name) and any aliases
+  ServerName ${SERVER_ADDR}
+
+  # Index file and Document Root (where the public files are located)
+  DocumentRoot /home/default/web/webroot
+
+  <Directory /home/default/web/webroot/>
+    Options -Indexes FollowSymLinks MultiViews
+    AllowOverride All
+	Order allow,deny
+	allow from all
+  </Directory>
+
+  <Directory />
+    Options FollowSymLinks
+    AllowOverride All
+  </Directory>
+
+  # Custom log file locations
+  LogLevel warn
+  ErrorLog  /home/default/logs/ssl_error.log
+  CustomLog /home/default/logs/ssl_access.log combined
+
+  # Configuring the cgi-bin overrides
+  ScriptAlias /cgi-bin/ /home/default/web/cgi-bin/
+  <Location /home/default/web/cgi-bin>
+	Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
+	Order allow,deny
+	Allow from all
+  </Location>
+
+  #   SSL Engine Switch:
+  #   Enable/Disable SSL for this virtual host.
+SSLEngine on
+
+  #   SSL Protocol support:
+  # List the enable protocol levels with which clients will be able to
+  # connect.  Disable SSLv2 access by default:
+SSLProtocol all -SSLv2
+
+  #   SSL Cipher Suite:
+  # List the ciphers that the client is permitted to negotiate.
+  # See the mod_ssl documentation for a complete list.
+SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
+
+  #   Server Certificate:
+  # Point SSLCertificateFile at a PEM encoded certificate.  If
+  # the certificate is encrypted, then you will be prompted for a
+  # pass phrase.  Note that a kill -HUP will prompt again.  A new
+  # certificate can be generated using the genkey(1) command.
+SSLCertificateFile /etc/pki/tls/certs/localhost.crt
+
+  #   Server Private Key:
+  #   If the key is not combined with the certificate, use this
+  #   directive to point at the key file.  Keep in mind that if
+  #   you've both a RSA and a DSA private key you can configure
+  #   both in parallel (to also allow the use of DSA ciphers, etc.)
+SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
+
+  #   Server Certificate Chain:
+  #   Point SSLCertificateChainFile at a file containing the
+  #   concatenation of PEM encoded CA certificates which form the
+  #   certificate chain for the server certificate. Alternatively
+  #   the referenced file can be the same as SSLCertificateFile
+  #   when the CA certificates are directly appended to the server
+  #   certificate for convinience.
+#SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt
+
+  #   Certificate Authority (CA):
+  #   Set the CA certificate verification path where to find CA
+  #   certificates for client authentication or alternatively one
+  #   huge file containing all of them (file must be PEM encoded)
+#SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt
+
+  #   Client Authentication (Type):
+  #   Client certificate verification type and depth.  Types are
+  #   none, optional, require and optional_no_ca.  Depth is a
+  #   number which specifies how deeply to verify the certificate
+  #   issuer chain before deciding the certificate is not valid.
+#SSLVerifyClient require
+#SSLVerifyDepth  10
+
+  #   Access Control:
+  #   With SSLRequire you can do per-directory access control based
+  #   on arbitrary complex boolean expressions containing server
+  #   variable checks and other lookup directives.  The syntax is a
+  #   mixture between C and Perl.  See the mod_ssl documentation
+  #   for more details.
+  #<Location />
+  #SSLRequire (    %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
+  #            and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
+  #            and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
+  #            and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
+  #            and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20       ) \
+  #           or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
+  #</Location>
+
+  #   SSL Engine Options:
+  #   Set various options for the SSL engine.
+  #   o FakeBasicAuth:
+  #     Translate the client X.509 into a Basic Authorisation.  This means that
+  #     the standard Auth/DBMAuth methods can be used for access control.  The
+  #     user name is the `one line' version of the client's X.509 certificate.
+  #     Note that no password is obtained from the user. Every entry in the user
+  #     file needs this password: `xxj31ZMTZzkVA'.
+  #   o ExportCertData:
+  #     This exports two additional environment variables: SSL_CLIENT_CERT and
+  #     SSL_SERVER_CERT. These contain the PEM-encoded certificates of the
+  #     server (always existing) and the client (only existing when client
+  #     authentication is used). This can be used to import the certificates
+  #     into CGI scripts.
+  #   o StdEnvVars:
+  #     This exports the standard SSL/TLS related `SSL_*' environment variables.
+  #     Per default this exportation is switched off for performance reasons,
+  #     because the extraction step is an expensive operation and is usually
+  #     useless for serving static content. So one usually enables the
+  #     exportation for CGI and SSI requests only.
+  #   o StrictRequire:
+  #     This denies access when "SSLRequireSSL" or "SSLRequire" applied even
+  #     under a "Satisfy any" situation, i.e. when it applies access is denied
+  #     and no other module can change it.
+  #   o OptRenegotiate:
+  #     This enables optimized SSL connection renegotiation handling when SSL
+  #     directives are used in per-directory context. 
+  #SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
+<Files ~ "\.(cgi|shtml|phtml|php3?)$">
+    SSLOptions +StdEnvVars +FakeBasicAuth +ExportCertData +StrictRequire
+</Files>
+<Directory "/home/default/cgi-bin">
+    SSLOptions +StdEnvVars
+</Directory>
+
+  #   SSL Protocol Adjustments:
+  #   The safe and default but still SSL/TLS standard compliant shutdown
+  #   approach is that mod_ssl sends the close notify alert but doesn't wait for
+  #   the close notify alert from client. When you need a different shutdown
+  #   approach you can use one of the following variables:
+  #   o ssl-unclean-shutdown:
+  #     This forces an unclean shutdown when the connection is closed, i.e. no
+  #     SSL close notify alert is send or allowed to received.  This violates
+  #     the SSL/TLS standard but is needed for some brain-dead browsers. Use
+  #     this when you receive I/O errors because of the standard approach where
+  #     mod_ssl sends the close notify alert.
+  #   o ssl-accurate-shutdown:
+  #     This forces an accurate shutdown when the connection is closed, i.e. a
+  #     SSL close notify alert is send and mod_ssl waits for the close notify
+  #     alert of the client. This is 100% SSL/TLS standard compliant, but in
+  #     practice often causes hanging connections with brain-dead browsers. Use
+  #     this only for browsers where you know that their SSL implementation
+  #     works correctly. 
+  #   Notice: Most problems of broken clients are also related to the HTTP
+  #   keep-alive facility, so you usually additionally want to disable
+  #   keep-alive for those clients, too. Use variable "nokeepalive" for this.
+  #   Similarly, one has to force some clients to use HTTP/1.0 to workaround
+  #   their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
+  #   "force-response-1.0" for this.
+SetEnvIf User-Agent ".*MSIE.*" \
+         nokeepalive ssl-unclean-shutdown \
+         downgrade-1.0 force-response-1.0
+
+</VirtualHost>
+
+
 <VirtualHost *:443>
 
   # Admin email, Server Name (domain name) and any aliases

diff --git a/gistfile1.txt b/gistfile1.txt
@@ -63,7 +63,12 @@
   rpm -Uph epel-release-6-5.noarch.rpm
 
 # installing everything needed by our server
-  yum install -y php-common php gd gd-devel php-mcrypt php-xml php-xml php-devel php-imap php-soap php-mbstring php-mysql php-mhash php-simplexml php-dom php-gd php-pear php-pecl-imagick php-magickwand httpd-devel gcc curl php-curl
+  yum install -y php-common php gd gd-devel php-mcrypt php-xml php-xml php-devel php-imap php-soap php-mbstring php-mysql php-mhash php-simplexml php-dom php-gd php-pear php-pecl-imagick php-magickwand httpd-devel gcc curl php-curl mod_ssl
+
+
+# Finish installing mod_ssl
+# add this 'NameVirtualHost *:443' after 'Listen 443' in this file
+  vi /etc/httpd/conf.d/ssl.conf
 
 # installing mysql server
   yum install -y mysql mysql-server php-mysql php-pdo 
@@ -79,34 +84,62 @@
   tar -zxvf mod_macro-latest.tar.gz
   apxs -c -i -a mod_macro-1.1.11/mod_macro.c
 
+
+# I've saved three .conf files for httpd that you can copy to the /etc/httpd/conf.d directory.
+# Once done create the vhosts.conf file
+  touch /home/vhosts.conf
+
+
 # my mod macro scripts are also saved here. take a second and post them to the /etc/httpd/conf.d directory.
   mkdir /home/default && mkdir /home/default/logs && mkdir /home/default/cgi-bin && mkdir /home/default/web
 
+
 # Installing phpmyadmin
   wget http://downloads.sourceforge.net/project/phpmyadmin/phpMyAdmin/3.4.5/phpMyAdmin-3.4.5-english.tar.gz?r=&ts=1318233825&use_mirror=superb-dca2
   tar -C  /home/default/ -zxvf phpMyAdmin-3.4.5-english.tar.gz
   mv /home/default/phpMyAdmin-3.4.5-english /home/default/phpmyadmin
 
+
 # I use github for everything
   yum install git-core
   mkdir ~/.ssh && cd ~/.ssh
   ssh-keygen -t rsa -C "your_email@youremail.com"
 
+
 # After adding the key to your github account you can test your connection like this
   ssh -T git@github.com
   git config --global user.name "Firstname Lastname"
   git config --global user.email "your_email@youremail.com"
   git config --global github.user username
   git config --global github.token 0123456789yourf0123456789token
 
+
 # create your users default directory setup
   mkdir /etc/skel/www.example.com && mkdir /etc/skel/www.example.com/logs && mkdir /etc/skel/www.example.com/web && mkdir /etc/skel/www.example.com/web/cgi-bin && mkdir /etc/skel/www.example.com/web/webroot
 
   touch /etc/skel/www.example.com/web/webroot/index.php
 
 
 # create your users
+  useradd production
+  passwd production
+
+  usermod -a -G apache production
+  usermod -a -G ftp production
+
+
+####################################3
+# A few other packages that I like to use
+
+# Xdebug
+  pear install pecl/xdebug
+
+# IonCube
+  cd /tmp && wget http://downloads2.ioncube.com/loader_downloads/ioncube_loaders_lin_x86-64.tar.gz
+  tar -zxvf ioncube_loaders_lin_x86-64.tar.gz
+  cp ioncube/loader-wizard.php /home/default/web/
 
+  http://xxx.xxx.xxx.xxx/loader-wizard.php
 
 # 
 # It's time to install magento

diff --git a/gistfile1.txt b/gistfile1.txt
@@ -31,6 +31,8 @@
   chkconfig portmap off
   chkconfig yum-updatesd off
   chkconfig smartd off
+  chkconfig sshd on
+
   service smartd stop
   service NetworkManager stop
   service NetworkManagerDispatcher stop
@@ -49,7 +51,7 @@
   service pcscd stop
   service portmap stop
   service yum-updatesd stop
-
+  
 # install apache
   yum install httpd
   chkconfig httpd on
@@ -65,7 +67,13 @@
 
 # installing mysql server
   yum install -y mysql mysql-server php-mysql php-pdo 
+  chkconfig mysqld on
+  service mysqld start
 
+  mysql_install_db
+  mysqladmin -u root password SOMEPASSWORD
+
+
 # Mod Macro makes VirtualHosts a Breeze
   wget http://www.coelho.net/mod_macro/mod_macro-latest.tar.gz
   tar -zxvf mod_macro-latest.tar.gz
@@ -75,9 +83,69 @@
   mkdir /home/default && mkdir /home/default/logs && mkdir /home/default/cgi-bin && mkdir /home/default/web
 
 # Installing phpmyadmin
-  cd /tmp
   wget http://downloads.sourceforge.net/project/phpmyadmin/phpMyAdmin/3.4.5/phpMyAdmin-3.4.5-english.tar.gz?r=&ts=1318233825&use_mirror=superb-dca2
   tar -C  /home/default/ -zxvf phpMyAdmin-3.4.5-english.tar.gz
   mv /home/default/phpMyAdmin-3.4.5-english /home/default/phpmyadmin
 
+# I use github for everything
+  yum install git-core
+  mkdir ~/.ssh && cd ~/.ssh
+  ssh-keygen -t rsa -C "your_email@youremail.com"
+
+# After adding the key to your github account you can test your connection like this
+  ssh -T git@github.com
+  git config --global user.name "Firstname Lastname"
+  git config --global user.email "your_email@youremail.com"
+  git config --global github.user username
+  git config --global github.token 0123456789yourf0123456789token
+
+# create your users default directory setup
+  mkdir /etc/skel/www.example.com && mkdir /etc/skel/www.example.com/logs && mkdir /etc/skel/www.example.com/web && mkdir /etc/skel/www.example.com/web/cgi-bin && mkdir /etc/skel/www.example.com/web/webroot
+
+  touch /etc/skel/www.example.com/web/webroot/index.php
+
+
+# create your users
+
+
+# 
+# It's time to install magento
+# Find the latest magento files here 
+# http://www.magentocommerce.com/wiki/groups/227/installing_magento_via_shell_ssh
+  wget http://somewhere/magento-1.2.1.2.tar.bz2
+  wget http://somewhere/magento-sample-data-1.2.0.tar.bz2
+  bunzip2 magento-1.2.1.2.tar.bz2
+  bunzip2 magento-sample-data-1.2.0.tar.bz2
+  tar xvf magento-sample-data-1.2.0.tar
+  tar xvf magento-1.2.1.2.tar
+  mv magento /var/www/html
+  mv catalog/ /var/www/html/magento/media/
+  mysqladmin create database magento
+  mysql magento < magento_sample_data_for_1.2.0.sql
+  cd /var/www/html/magento
+  chgrp apache app
+  chgrp apache downloader
+  chgrp apache js
+  chgrp apache lib
+  chgrp apache media
+  chgrp apache pkginfo
+  chgrp apache report
+  chgrp apache skin
+  chgrp apache var
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
 
diff --git a/gistfile1.txt b/gistfile1.txt
@@ -72,8 +72,12 @@
   apxs -c -i -a mod_macro-1.1.11/mod_macro.c
 
 # my mod macro scripts are also saved here. take a second and post them to the /etc/httpd/conf.d directory.
+  mkdir /home/default && mkdir /home/default/logs && mkdir /home/default/cgi-bin && mkdir /home/default/web
 
-
-
+# Installing phpmyadmin
+  cd /tmp
+  wget http://downloads.sourceforge.net/project/phpmyadmin/phpMyAdmin/3.4.5/phpMyAdmin-3.4.5-english.tar.gz?r=&ts=1318233825&use_mirror=superb-dca2
+  tar -C  /home/default/ -zxvf phpMyAdmin-3.4.5-english.tar.gz
+  mv /home/default/phpMyAdmin-3.4.5-english /home/default/phpmyadmin
 
 
diff --git a/vhosts-default.conf b/vhosts-default.conf
@@ -39,19 +39,17 @@
 
 </VirtualHost>
 
-
-
 # 
 # SSL Management
 #
 
 <VirtualHost *:443>
 
   # Admin email, Server Name (domain name) and any aliases
-  ServerName  pma.redrokk.com
+  ServerName  phpmyadmin.redrokk.com
 
   # Index file and Document Root (where the public files are located)
-  DocumentRoot /home/default/web/phpmyadmin/
+  DocumentRoot /home/default/phpmyadmin/
 
   # Use separate log files for the SSL virtual host; note that LogLevel
   # is not inherited from httpd.conf.

diff --git a/gistfile1.txt b/gistfile1.txt
@@ -0,0 +1,79 @@
+# 
+# @author Jonathon byrd
+# @website http://www.redrokk.com
+# @
+# 
+
+# make sure we're working with the latest copy of everything
+  yum update
+
+# Add IP and a hostname
+# use the following command to save and exit this file
+# ESC :wq  
+  vi /etc/hosts
+
+# setting up the services to start on startup
+  chkconfig NetworkManager off
+  chkconfig NetworkManagerDispatcher off
+  chkconfig anacron off
+  chkconfig atd off
+  chkconfig bluetooth off
+  chkconfig cpuspeed off
+  chkconfig cups off
+  chkconfig gpm off
+  chkconfig hidd off
+  chkconfig ip6tables off
+  chkconfig iptables off
+  chkconfig irda off
+  chkconfig mdmonitor off
+  chkconfig mdmpd off
+  chkconfig pcscd off
+  chkconfig portmap off
+  chkconfig yum-updatesd off
+  chkconfig smartd off
+  service smartd stop
+  service NetworkManager stop
+  service NetworkManagerDispatcher stop
+  service anacron stop
+  service atd stop
+  service bluetooth stop
+  service cpuspeed stop
+  service cups stop
+  service gpm stop
+  service hidd stop
+  service ip6tables stop
+  service iptables stop
+  service irda stop
+  service mdmonitor stop
+  service mdmpd stop
+  service pcscd stop
+  service portmap stop
+  service yum-updatesd stop
+
+# install apache
+  yum install httpd
+  chkconfig httpd on
+  service httpd start
+
+# install the LAMP repo from epel
+  cd /tmp
+  wget http://download.fedora.redhat.com/pub/epel/6/x86_64/epel-release-6-5.noarch.rpm
+  rpm -Uph epel-release-6-5.noarch.rpm
+
+# installing everything needed by our server
+  yum install -y php-common php gd gd-devel php-mcrypt php-xml php-xml php-devel php-imap php-soap php-mbstring php-mysql php-mhash php-simplexml php-dom php-gd php-pear php-pecl-imagick php-magickwand httpd-devel gcc curl php-curl
+
+# installing mysql server
+  yum install -y mysql mysql-server php-mysql php-pdo 
+
+# Mod Macro makes VirtualHosts a Breeze
+  wget http://www.coelho.net/mod_macro/mod_macro-latest.tar.gz
+  tar -zxvf mod_macro-latest.tar.gz
+  apxs -c -i -a mod_macro-1.1.11/mod_macro.c
+
+# my mod macro scripts are also saved here. take a second and post them to the /etc/httpd/conf.d directory.
+
+
+
+
+
diff --git a/macro-vhosts-localssl.conf b/macro-vhosts-localssl.conf
@@ -0,0 +1,173 @@
+#
+# RedRokk Designed vhosts macro file
+# www.redrokk.com
+# 
+# Naming the vhosts here 
+# | Use VHostLocalSSL $user $host $alias
+# 
+# Use VHostLocalSSL production www.redrokk.com redrokk.com
+
+<Macro VHostLocalSSL $user $host $alias>
+
+<VirtualHost *:443>
+
+  # Admin email, Server Name (domain name) and any aliases
+  ServerName  $host
+  ServerAlias  $alias
+
+  # Index file and Document Root (where the public files are located)
+  DocumentRoot /home/$user/$host/web/webroot/
+
+  # Use separate log files for the SSL virtual host; note that LogLevel
+  # is not inherited from httpd.conf.
+  LogLevel warn
+  ErrorLog  /home/$user/$host/logs/ssl_error.log
+  CustomLog /home/$user/$host/logs/ssl_access.log combined
+
+  <Directory /home/$user/$host/web/webroot/>
+    Options All -Indexes FollowSymLinks MultiViews
+    AllowOverride All
+	Order allow,deny
+	allow from all
+  </Directory>
+
+  # Configuring the cgi-bin overrides
+  ScriptAlias /cgi-bin/ /home/$user/$host/cgi-bin/
+  <Location /home/$user/$host/cgi-bin>
+ 	Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
+	Order allow,deny
+	Allow from all
+  </Location>
+
+  #   SSL Engine Switch:
+  #   Enable/Disable SSL for this virtual host.
+SSLEngine on
+
+  #   SSL Protocol support:
+  # List the enable protocol levels with which clients will be able to
+  # connect.  Disable SSLv2 access by default:
+SSLProtocol all -SSLv2
+
+  #   SSL Cipher Suite:
+  # List the ciphers that the client is permitted to negotiate.
+  # See the mod_ssl documentation for a complete list.
+SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
+
+  #   Server Certificate:
+  # Point SSLCertificateFile at a PEM encoded certificate.  If
+  # the certificate is encrypted, then you will be prompted for a
+  # pass phrase.  Note that a kill -HUP will prompt again.  A new
+  # certificate can be generated using the genkey(1) command.
+SSLCertificateFile /etc/pki/tls/certs/localhost.localdomain.crt
+
+  #   Server Private Key:
+  #   If the key is not combined with the certificate, use this
+  #   directive to point at the key file.  Keep in mind that if
+  #   you've both a RSA and a DSA private key you can configure
+  #   both in parallel (to also allow the use of DSA ciphers, etc.)
+SSLCertificateKeyFile /etc/pki/tls/private/localhost.localdomain.key
+
+  #   Server Certificate Chain:
+  #   Point SSLCertificateChainFile at a file containing the
+  #   concatenation of PEM encoded CA certificates which form the
+  #   certificate chain for the server certificate. Alternatively
+  #   the referenced file can be the same as SSLCertificateFile
+  #   when the CA certificates are directly appended to the server
+  #   certificate for convinience.
+#SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt
+
+  #   Certificate Authority (CA):
+  #   Set the CA certificate verification path where to find CA
+  #   certificates for client authentication or alternatively one
+  #   huge file containing all of them (file must be PEM encoded)
+#SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt
+
+  #   Client Authentication (Type):
+  #   Client certificate verification type and depth.  Types are
+  #   none, optional, require and optional_no_ca.  Depth is a
+  #   number which specifies how deeply to verify the certificate
+  #   issuer chain before deciding the certificate is not valid.
+#SSLVerifyClient require
+#SSLVerifyDepth  10
+
+  #   Access Control:
+  #   With SSLRequire you can do per-directory access control based
+  #   on arbitrary complex boolean expressions containing server
+  #   variable checks and other lookup directives.  The syntax is a
+  #   mixture between C and Perl.  See the mod_ssl documentation
+  #   for more details.
+  #<Location />
+  #SSLRequire (    %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
+  #            and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
+  #            and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
+  #            and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
+  #            and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20       ) \
+  #           or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
+  #</Location>
+
+  #   SSL Engine Options:
+  #   Set various options for the SSL engine.
+  #   o FakeBasicAuth:
+  #     Translate the client X.509 into a Basic Authorisation.  This means that
+  #     the standard Auth/DBMAuth methods can be used for access control.  The
+  #     user name is the `one line' version of the client's X.509 certificate.
+  #     Note that no password is obtained from the user. Every entry in the user
+  #     file needs this password: `xxj31ZMTZzkVA'.
+  #   o ExportCertData:
+  #     This exports two additional environment variables: SSL_CLIENT_CERT and
+  #     SSL_SERVER_CERT. These contain the PEM-encoded certificates of the
+  #     server (always existing) and the client (only existing when client
+  #     authentication is used). This can be used to import the certificates
+  #     into CGI scripts.
+  #   o StdEnvVars:
+  #     This exports the standard SSL/TLS related `SSL_*' environment variables.
+  #     Per default this exportation is switched off for performance reasons,
+  #     because the extraction step is an expensive operation and is usually
+  #     useless for serving static content. So one usually enables the
+  #     exportation for CGI and SSI requests only.
+  #   o StrictRequire:
+  #     This denies access when "SSLRequireSSL" or "SSLRequire" applied even
+  #     under a "Satisfy any" situation, i.e. when it applies access is denied
+  #     and no other module can change it.
+  #   o OptRenegotiate:
+  #     This enables optimized SSL connection renegotiation handling when SSL
+  #     directives are used in per-directory context. 
+  #SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
+<Files ~ "\.(cgi|shtml|phtml|php3?)$">
+    SSLOptions +StdEnvVars +FakeBasicAuth +ExportCertData +StrictRequire
+</Files>
+<Directory "/home/$user/$host/web/cgi-bin">
+    SSLOptions +StdEnvVars
+</Directory>
+
+  #   SSL Protocol Adjustments:
+  #   The safe and default but still SSL/TLS standard compliant shutdown
+  #   approach is that mod_ssl sends the close notify alert but doesn't wait for
+  #   the close notify alert from client. When you need a different shutdown
+  #   approach you can use one of the following variables:
+  #   o ssl-unclean-shutdown:
+  #     This forces an unclean shutdown when the connection is closed, i.e. no
+  #     SSL close notify alert is send or allowed to received.  This violates
+  #     the SSL/TLS standard but is needed for some brain-dead browsers. Use
+  #     this when you receive I/O errors because of the standard approach where
+  #     mod_ssl sends the close notify alert.
+  #   o ssl-accurate-shutdown:
+  #     This forces an accurate shutdown when the connection is closed, i.e. a
+  #     SSL close notify alert is send and mod_ssl waits for the close notify
+  #     alert of the client. This is 100% SSL/TLS standard compliant, but in
+  #     practice often causes hanging connections with brain-dead browsers. Use
+  #     this only for browsers where you know that their SSL implementation
+  #     works correctly. 
+  #   Notice: Most problems of broken clients are also related to the HTTP
+  #   keep-alive facility, so you usually additionally want to disable
+  #   keep-alive for those clients, too. Use variable "nokeepalive" for this.
+  #   Similarly, one has to force some clients to use HTTP/1.0 to workaround
+  #   their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
+  #   "force-response-1.0" for this.
+SetEnvIf User-Agent ".*MSIE.*" \
+         nokeepalive ssl-unclean-shutdown \
+         downgrade-1.0 force-response-1.0
+
+</VirtualHost>   
+
+</Macro>
diff --git a/macro-vhosts-ssl.conf b/macro-vhosts-ssl.conf
@@ -0,0 +1,180 @@
+#
+# RedRokk Designed vhosts macro file
+# www.redrokk.com
+# 
+# Naming the vhosts here 
+# | Use VHostSSL $user $host $alias
+# 
+# Use VHostSSL production www.redrokk.com redrokk.com
+
+<Macro VHostSSL $user $host $alias>
+
+# 
+# SSL Management
+#
+
+<VirtualHost *:443>
+
+  # Admin email, Server Name (domain name) and any aliases
+  ServerName  $host
+  ServerAlias  $alias
+
+  # Index file and Document Root (where the public files are located)
+  DocumentRoot /home/$user/$host/web/webroot
+
+  # Use separate log files for the SSL virtual host; note that LogLevel
+  # is not inherited from httpd.conf.
+  LogLevel warn
+  ErrorLog  /home/$user/$host/logs/ssl_error.log
+  CustomLog /home/$user/$host/logs/ssl_access.log combined
+
+  <Directory /home/$user/$host/web/webroot/>
+    Options All -Indexes FollowSymLinks MultiViews
+    AllowOverride All
+	Order allow,deny
+	allow from all
+  </Directory>
+
+  <Directory />
+    Options FollowSymLinks
+    AllowOverride All
+  </Directory>
+
+  # Configuring the cgi-bin overrides
+  ScriptAlias /cgi-bin/ /home/$user/$host/cgi-bin/
+  <Location /home/$user/$host/cgi-bin>
+	SSLOptions +StdEnvVars
+ 	Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
+	Order allow,deny
+	Allow from all
+  </Location>
+
+  #   SSL Engine Switch:
+  #   Enable/Disable SSL for this virtual host.
+SSLEngine on
+
+  #   SSL Protocol support:
+  # List the enable protocol levels with which clients will be able to
+  # connect.  Disable SSLv2 access by default:
+SSLProtocol all -SSLv2
+
+  #   SSL Cipher Suite:
+  # List the ciphers that the client is permitted to negotiate.
+  # See the mod_ssl documentation for a complete list.
+SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
+
+  #   Server Certificate:
+  # Point SSLCertificateFile at a PEM encoded certificate.  If
+  # the certificate is encrypted, then you will be prompted for a
+  # pass phrase.  Note that a kill -HUP will prompt again.  A new
+  # certificate can be generated using the genkey(1) command.
+SSLCertificateFile /etc/pki/tls/certs/$host.crt
+
+  #   Server Private Key:
+  #   If the key is not combined with the certificate, use this
+  #   directive to point at the key file.  Keep in mind that if
+  #   you've both a RSA and a DSA private key you can configure
+  #   both in parallel (to also allow the use of DSA ciphers, etc.)
+SSLCertificateKeyFile /etc/pki/tls/private/$host.key
+
+  #   Server Certificate Chain:
+  #   Point SSLCertificateChainFile at a file containing the
+  #   concatenation of PEM encoded CA certificates which form the
+  #   certificate chain for the server certificate. Alternatively
+  #   the referenced file can be the same as SSLCertificateFile
+  #   when the CA certificates are directly appended to the server
+  #   certificate for convinience.
+SSLCertificateChainFile /etc/pki/tls/certs/$host.bundle.crt
+
+  #   Certificate Authority (CA):
+  #   Set the CA certificate verification path where to find CA
+  #   certificates for client authentication or alternatively one
+  #   huge file containing all of them (file must be PEM encoded)
+#SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt
+
+  #   Client Authentication (Type):
+  #   Client certificate verification type and depth.  Types are
+  #   none, optional, require and optional_no_ca.  Depth is a
+  #   number which specifies how deeply to verify the certificate
+  #   issuer chain before deciding the certificate is not valid.
+SSLVerifyClient require
+SSLVerifyDepth  10
+
+  #   Access Control:
+  #   With SSLRequire you can do per-directory access control based
+  #   on arbitrary complex boolean expressions containing server
+  #   variable checks and other lookup directives.  The syntax is a
+  #   mixture between C and Perl.  See the mod_ssl documentation
+  #   for more details.
+  #<Location />
+  #SSLRequire (    %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
+  #            and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
+  #            and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
+  #            and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
+  #            and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20       ) \
+  #           or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
+  #</Location>
+
+  #   SSL Engine Options:
+  #   Set various options for the SSL engine.
+  #   o FakeBasicAuth:
+  #     Translate the client X.509 into a Basic Authorisation.  This means that
+  #     the standard Auth/DBMAuth methods can be used for access control.  The
+  #     user name is the `one line' version of the client's X.509 certificate.
+  #     Note that no password is obtained from the user. Every entry in the user
+  #     file needs this password: `xxj31ZMTZzkVA'.
+  #   o ExportCertData:
+  #     This exports two additional environment variables: SSL_CLIENT_CERT and
+  #     SSL_SERVER_CERT. These contain the PEM-encoded certificates of the
+  #     server (always existing) and the client (only existing when client
+  #     authentication is used). This can be used to import the certificates
+  #     into CGI scripts.
+  #   o StdEnvVars:
+  #     This exports the standard SSL/TLS related `SSL_*' environment variables.
+  #     Per default this exportation is switched off for performance reasons,
+  #     because the extraction step is an expensive operation and is usually
+  #     useless for serving static content. So one usually enables the
+  #     exportation for CGI and SSI requests only.
+  #   o StrictRequire:
+  #     This denies access when "SSLRequireSSL" or "SSLRequire" applied even
+  #     under a "Satisfy any" situation, i.e. when it applies access is denied
+  #     and no other module can change it.
+  #   o OptRenegotiate:
+  #     This enables optimized SSL connection renegotiation handling when SSL
+  #     directives are used in per-directory context. 
+  #SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
+<Files ~ "\.(cgi|shtml|phtml|php3?)$">
+    SSLOptions +StdEnvVars +FakeBasicAuth +ExportCertData +StrictRequire
+</Files>
+
+  #   SSL Protocol Adjustments:
+  #   The safe and default but still SSL/TLS standard compliant shutdown
+  #   approach is that mod_ssl sends the close notify alert but doesn't wait for
+  #   the close notify alert from client. When you need a different shutdown
+  #   approach you can use one of the following variables:
+  #   o ssl-unclean-shutdown:
+  #     This forces an unclean shutdown when the connection is closed, i.e. no
+  #     SSL close notify alert is send or allowed to received.  This violates
+  #     the SSL/TLS standard but is needed for some brain-dead browsers. Use
+  #     this when you receive I/O errors because of the standard approach where
+  #     mod_ssl sends the close notify alert.
+  #   o ssl-accurate-shutdown:
+  #     This forces an accurate shutdown when the connection is closed, i.e. a
+  #     SSL close notify alert is send and mod_ssl waits for the close notify
+  #     alert of the client. This is 100% SSL/TLS standard compliant, but in
+  #     practice often causes hanging connections with brain-dead browsers. Use
+  #     this only for browsers where you know that their SSL implementation
+  #     works correctly. 
+  #   Notice: Most problems of broken clients are also related to the HTTP
+  #   keep-alive facility, so you usually additionally want to disable
+  #   keep-alive for those clients, too. Use variable "nokeepalive" for this.
+  #   Similarly, one has to force some clients to use HTTP/1.0 to workaround
+  #   their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
+  #   "force-response-1.0" for this.
+SetEnvIf User-Agent ".*MSIE.*" \
+         nokeepalive ssl-unclean-shutdown \
+         downgrade-1.0 force-response-1.0
+
+</VirtualHost>   
+
+</Macro>
diff --git a/macro-vhosts.conf b/macro-vhosts.conf
@@ -0,0 +1,49 @@
+#
+# RedRokk Designed vhosts macro file
+# www.redrokk.com
+# 
+# Naming the vhosts here 
+# | Use VHost $user $host $alias
+# 
+# Use VHost production www.redrokk.com redrokk.com
+
+
+<Macro VHost $user $host $alias>
+
+<VirtualHost *:80>
+
+  # Admin email, Server Name (domain name) and any aliases
+  ServerName  $host
+  ServerAlias  $alias
+
+  # Index file and Document Root (where the public files are located)
+  DocumentRoot /home/$user/$host/web/webroot/
+
+  <Directory /home/$user/$host/web/webroot/>
+    Options All -Indexes FollowSymLinks MultiViews
+    AllowOverride All
+	Order allow,deny
+	allow from all
+  </Directory>
+
+  <Directory />
+    Options FollowSymLinks
+    AllowOverride All
+  </Directory>
+
+  # Custom log file locations
+  LogLevel warn
+  ErrorLog  /home/$user/$host/logs/error.log
+  CustomLog /home/$user/$host/logs/access.log combined
+
+  # Configuring the cgi-bin overrides
+  ScriptAlias /cgi-bin/ /home/$user/$host/cgi-bin/
+  <Location /home/$user/$host/cgi-bin>
+ 	Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
+	Order allow,deny
+	Allow from all
+  </Location>
+
+</VirtualHost>
+
+</Macro>
diff --git a/vhosts-default.conf b/vhosts-default.conf
@@ -0,0 +1,198 @@
+# 5Twenty Studios Designed vhosts file
+# www.5twentystudios.com
+
+# domain: www.5twentystudios.com
+# public: /home/default/web/
+
+<VirtualHost default_:80>
+
+  # Admin email, Server Name (domain name) and any aliases
+  ServerName  xxx.xxx.xxx.xxx
+
+  # Index file and Document Root (where the public files are located)
+  DocumentRoot /home/default/web/
+
+  <Directory /home/default/web/>
+    Options -Indexes FollowSymLinks MultiViews
+    AllowOverride All
+	Order allow,deny
+	allow from all
+  </Directory>
+
+  <Directory />
+    Options FollowSymLinks
+    AllowOverride All
+  </Directory>
+
+  # Custom log file locations
+  LogLevel warn
+  ErrorLog  /home/default/logs/error.log
+  CustomLog /home/default/logs/access.log combined
+
+  # Configuring the cgi-bin overrides
+  ScriptAlias /cgi-bin/ /home/default/web/cgi-bin/
+  <Location /home/default/web/cgi-bin>
+	Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
+	Order allow,deny
+	Allow from all
+  </Location>
+
+</VirtualHost>
+
+
+
+# 
+# SSL Management
+#
+
+<VirtualHost *:443>
+
+  # Admin email, Server Name (domain name) and any aliases
+  ServerName  pma.redrokk.com
+
+  # Index file and Document Root (where the public files are located)
+  DocumentRoot /home/default/web/phpmyadmin/
+
+  # Use separate log files for the SSL virtual host; note that LogLevel
+  # is not inherited from httpd.conf.
+  LogLevel warn
+  ErrorLog  /home/default/logs/pma.ssl_error.log
+  CustomLog /home/default/logs/pma.ssl_access.log combined
+
+  #   SSL Engine Switch:
+  #   Enable/Disable SSL for this virtual host.
+SSLEngine on
+
+  #   SSL Protocol support:
+  # List the enable protocol levels with which clients will be able to
+  # connect.  Disable SSLv2 access by default:
+SSLProtocol all -SSLv2
+
+  #   SSL Cipher Suite:
+  # List the ciphers that the client is permitted to negotiate.
+  # See the mod_ssl documentation for a complete list.
+SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
+
+  #   Server Certificate:
+  # Point SSLCertificateFile at a PEM encoded certificate.  If
+  # the certificate is encrypted, then you will be prompted for a
+  # pass phrase.  Note that a kill -HUP will prompt again.  A new
+  # certificate can be generated using the genkey(1) command.
+SSLCertificateFile /etc/pki/tls/certs/localhost.crt
+
+  #   Server Private Key:
+  #   If the key is not combined with the certificate, use this
+  #   directive to point at the key file.  Keep in mind that if
+  #   you've both a RSA and a DSA private key you can configure
+  #   both in parallel (to also allow the use of DSA ciphers, etc.)
+SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
+
+  #   Server Certificate Chain:
+  #   Point SSLCertificateChainFile at a file containing the
+  #   concatenation of PEM encoded CA certificates which form the
+  #   certificate chain for the server certificate. Alternatively
+  #   the referenced file can be the same as SSLCertificateFile
+  #   when the CA certificates are directly appended to the server
+  #   certificate for convinience.
+#SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt
+
+  #   Certificate Authority (CA):
+  #   Set the CA certificate verification path where to find CA
+  #   certificates for client authentication or alternatively one
+  #   huge file containing all of them (file must be PEM encoded)
+#SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt
+
+  #   Client Authentication (Type):
+  #   Client certificate verification type and depth.  Types are
+  #   none, optional, require and optional_no_ca.  Depth is a
+  #   number which specifies how deeply to verify the certificate
+  #   issuer chain before deciding the certificate is not valid.
+#SSLVerifyClient require
+#SSLVerifyDepth  10
+
+  #   Access Control:
+  #   With SSLRequire you can do per-directory access control based
+  #   on arbitrary complex boolean expressions containing server
+  #   variable checks and other lookup directives.  The syntax is a
+  #   mixture between C and Perl.  See the mod_ssl documentation
+  #   for more details.
+  #<Location />
+  #SSLRequire (    %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
+  #            and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
+  #            and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
+  #            and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
+  #            and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20       ) \
+  #           or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
+  #</Location>
+
+  #   SSL Engine Options:
+  #   Set various options for the SSL engine.
+  #   o FakeBasicAuth:
+  #     Translate the client X.509 into a Basic Authorisation.  This means that
+  #     the standard Auth/DBMAuth methods can be used for access control.  The
+  #     user name is the `one line' version of the client's X.509 certificate.
+  #     Note that no password is obtained from the user. Every entry in the user
+  #     file needs this password: `xxj31ZMTZzkVA'.
+  #   o ExportCertData:
+  #     This exports two additional environment variables: SSL_CLIENT_CERT and
+  #     SSL_SERVER_CERT. These contain the PEM-encoded certificates of the
+  #     server (always existing) and the client (only existing when client
+  #     authentication is used). This can be used to import the certificates
+  #     into CGI scripts.
+  #   o StdEnvVars:
+  #     This exports the standard SSL/TLS related `SSL_*' environment variables.
+  #     Per default this exportation is switched off for performance reasons,
+  #     because the extraction step is an expensive operation and is usually
+  #     useless for serving static content. So one usually enables the
+  #     exportation for CGI and SSI requests only.
+  #   o StrictRequire:
+  #     This denies access when "SSLRequireSSL" or "SSLRequire" applied even
+  #     under a "Satisfy any" situation, i.e. when it applies access is denied
+  #     and no other module can change it.
+  #   o OptRenegotiate:
+  #     This enables optimized SSL connection renegotiation handling when SSL
+  #     directives are used in per-directory context. 
+  #SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
+<Files ~ "\.(cgi|shtml|phtml|php3?)$">
+    SSLOptions +StdEnvVars +FakeBasicAuth +ExportCertData +StrictRequire
+</Files>
+<Directory "/home/default/cgi-bin">
+    SSLOptions +StdEnvVars
+</Directory>
+
+  #   SSL Protocol Adjustments:
+  #   The safe and default but still SSL/TLS standard compliant shutdown
+  #   approach is that mod_ssl sends the close notify alert but doesn't wait for
+  #   the close notify alert from client. When you need a different shutdown
+  #   approach you can use one of the following variables:
+  #   o ssl-unclean-shutdown:
+  #     This forces an unclean shutdown when the connection is closed, i.e. no
+  #     SSL close notify alert is send or allowed to received.  This violates
+  #     the SSL/TLS standard but is needed for some brain-dead browsers. Use
+  #     this when you receive I/O errors because of the standard approach where
+  #     mod_ssl sends the close notify alert.
+  #   o ssl-accurate-shutdown:
+  #     This forces an accurate shutdown when the connection is closed, i.e. a
+  #     SSL close notify alert is send and mod_ssl waits for the close notify
+  #     alert of the client. This is 100% SSL/TLS standard compliant, but in
+  #     practice often causes hanging connections with brain-dead browsers. Use
+  #     this only for browsers where you know that their SSL implementation
+  #     works correctly. 
+  #   Notice: Most problems of broken clients are also related to the HTTP
+  #   keep-alive facility, so you usually additionally want to disable
+  #   keep-alive for those clients, too. Use variable "nokeepalive" for this.
+  #   Similarly, one has to force some clients to use HTTP/1.0 to workaround
+  #   their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
+  #   "force-response-1.0" for this.
+SetEnvIf User-Agent ".*MSIE.*" \
+         nokeepalive ssl-unclean-shutdown \
+         downgrade-1.0 force-response-1.0
+
+</VirtualHost>
+
+#
+# Load Virtual Host Files
+# Normally this is where I declare all of my mod macro calls
+# The rest of your Virtual Hosts should be declared after your defaults here
+#
+Include /home/vhosts.conf