Categories
Linux

First VPS #3 : How to configure LAMP on CentOS7.

同一記事の日本語版

   Yesterday, they announced Hayabusa 2 Launch rescheduled again. The new schedule for it is at 13:22:04 on December 3(JST). I hope good weather which makes third time lucky aha.

   I’ll create a LAMP server on CentOS7 with SELinux enforcing in VPS.
   But before this, I did the three four things.

  1. $ sudo vi /etc/pam.d/su
    Then, uncomment the next line.
    #auth required pam_wheel.so use_uid –>> auth required pam_wheel.so use_uid
    Now the OS permits for only the users in Wheel Group can become root by ‘su’ command.
  2. $ sudo vi /etc/aliases
    Then, uncomment the last line of the file and change the user name.
    #root: marc –>> root: centos
    $ sudo newaliases
    By this, the user centos can get root’s mail.
  3. Check up on the time zone.
    $ sudo timedatectl status
    Everything is OK.
    $ sudo systemctl status chronyd.service
    I had “System clock wrong by 1.088336 seconds, adjustment started” in the result, so I edited /etc/chrony.conf.
    $ sudo vi /etc/chrony.conf
    In the file I found “# Use public servers from the pool.ntp.org project.”, and I went to pool.ntp.org. I added the lines with ‘+’ at their head and deleted ‘-’s by the instructions.
    +server 0.pool.ntp.org iburst
    +server 1.pool.ntp.org iburst
    +server 2.pool.ntp.org iburst
    +server 3.pool.ntp.org iburst
    server 0.centos.pool.ntp.org iburst
    server 1.centos.pool.ntp.org iburst
    server 2.centos.pool.ntp.org iburst
    server 3.centos.pool.ntp.org iburst
    Then, restart the service and check again.
    $ sudo systemctl restart chronyd.service
    $ sudo systemctl status chronyd.service
    Now everything is OK.
  4. For automatic updates.
    $ sudo yum install yum-cron
    $ sudo vi /etc/yum/yum-cron.conf
     line# 20: apply_updates = no –>> apply_updates = yes
    $ sudo systemctl start yum-cron.service
    $ sudo systemctl enable yum-cron.service

1 Install Apache Httpd   2 Install MariaDB   3 Install PHP
4 Install phpMyAdmin   5 Install vsftpd

 
||Install Apache Httpd||

  1. $ sudo yum install httpd
    The installed version is httpd.x86_64 2.4.6-18.el7.centos.
  2. Edit /etc/httpd/conf/httpd.conf.
    $ sudo vi /etc/httpd/conf/httpd.conf
     
    Show line numbers by ‘:set nu’.

    • line# 42: Listen 80 –>> Listen Server_global_IP:80
    • line# 86: ServerAdmin root@localhost –>> ServerAdmin My_email_address
    • line# 95: #ServerName www.example.com:80 –>> ServerName VPS_DomainName:80
    • line# 119: DocumentRoot "/var/www/html" –>> DocumentRoot "/home/centos/www/html"
    • line# 124: <Directory "/var/www"> –>> <Directory "/home/centos/www">
    • line# 131: <Directory "/var/www/html"> –>> <Directory "/home/centos/www/html">
    • line# 144: Options Indexes FollowSymLinks –>> Options FollowSymLinks
    • line# 151: AllowOverride None –>> AllowOverride FileInfo Indexes Limit
      In my case, this change is for WordPress use.
    • line# 164: DirectoryIndex index.html –>> DirectoryIndex index.php index.html
  3. Note) The location of exstra.conf files: /etc/httpd/conf.d
    The extra conf files by default: autoindex.conf, userdir.conf, welcome.conf
  4. Note2) The location of module.conf files: /etc/httpd/conf.modules.d/
  5. Note3) I do not rotate log files but the Apache Httpd seems to be able to make it automatically (See /var/log/httpd/ after more than one-day server running). From when can it do this?? Or is this CentOS7’s own feature?
  6. Usually ~userid has the permission 700, but it needs 701 for httpd accessibility. This information on the userdir.conf.
    $ chmod 701 centos
  7. I set the DocumentRoot to an user’s home directory, so I need to tell it to SELinux and to allow httpd to access User Home Directory. This information is on httpd_selinux(8). However, when I tried to read it, CentOS7 said it’s empty, oops!!
    See online httpd_selinux(8).
    $ sudo setsebool -P httpd_enable_homedirs on
    $ sudo systemctl start httpd.service
    I had the error message “Job for httpd.service failed. See ‘systemctl status httpd.service’ and ‘journalctl -xn’ for details.” when I first started httpd.service. Because I forgot to create ‘www’ and ‘html’ directories. So I made them as the user centos.
    [centos@localhost ~]$ mkdir www
    [centos@localhost ~]$ cd www
    [centos@localhost www]$ mkdir html
    Check the directories context.
    $ ls -Z
    drwxrwxr-x. test test unconfined_u:object_r:httpd_user_content_t:s0 www
    $ ls -Z
    drwxrwxr-x. test test unconfined_u:object_r:httpd_user_content_t:s0 html
  8. $ sudo systemctl start httpd.service again.
  9. $ sudo firewall-cmd --permanent --zone=public --add-service=http
    Httpd Testing page
    Httpd Testing page
    $ sudo firewall-cmd --reload
    $ sudo systemctl enable httpd.service
    Note4) Each Well-Known-Port seems to be set by default. So you don’t need firewall-cmd command for port 80.
  10. Access http://VPS_DomainName/. You can see a page like the right image.

||Install MariaDB||

  1. $ sudo yum install mariadb-server mariadb
    The installed version is mariadb.x86_64 1:5.5.40-1.el7_0 & mariadb-server.x86_64 1:5.5.40-1.el7_0.
  2. $ sudo systemctl start mariadb
  3. $ sudo mysql_secure_installation
    Enter current password for root (enter for none): <<-- Hit [Enter] key. Set root password? [Y/n] <<-- Hit [Enter] key. New password: <<-- Type a password for root. Re-enter new password: <<-- Type the password again.   Hit [Enter] key for each question below ⇩. Remove anonymous users? [Y/n]
    Disallow root login remotely? [Y/n]
    Remove test database and access to it? [Y/n]
    Reload privilege tables now? [Y/n]
  4. $ sudo systemctl enable mariadb.service

||Install PHP||

  1. $ sudo yum install php php-mysql php-mbstring
    The installed version is php.x86_64 5.4.16-23.el7_0.3 , php-mbstring.x86_64 5.4.16-23.el7_0.3 & php-mysql.x86_64 5.4.16-23.el7_0.3.
    At the instllation, the php.conf is created in /etc/httpd/conf.d automatically.
  2. Edit /etc/php.ini.
    $ sudo vi /etc/php.ini
     
    Show line numbers by ‘:set nu’.

    • line# 243: output_buffering = 4096 –>> output_buffering = Off
    • line# 314: disable_functions = –>> disable_functions ="shell_exec, suexec, passthru"
    • line# 375: expose_php = On –>> expose_php = Off
    • line# 811: allow_url_fopen = On –>> allow_url_fopen = Off
    • line# 878: ;date.timezone = –>> date.timezone ="Asia/Tokyo"

    Note5) The location of additional.ini files: /etc/php.d
    The additional ini files by default: curl.ini, fileinfo.ini, json.ini, mbstring.ini, mysql.ini, mysqli.ini, pdo.ini, pdo_mysql.ini, pdo_sqlite.ini, phar.ini, sqlite3.ini, zip.ini

  3. $ sudo systemctl restart httpd.service

||Install phpMyAdmin||

  1. I need phpMyAdmin he-he. However I could not find it among the three repositories, base, extras and updates. So, I added ‘epel’.
    $ sudo yum install epel-release
  2. $ sudo yum install phpmyadmin
    The installed version is phpMyAdmin.noarch 4.2.11-1.el7.
    At the instllation, the phpMyAdmin.conf is created in /etc/httpd/conf.d automatically.
  3. Edit /etc/httpd/conf.d/phpMyAdmin.conf
    $ sudo vi /etc/httpd/conf.d/phpMyAdmin.conf

    Here is my phpMyAdmin.conf. See below.
    # phpMyAdmin - Web based MySQL browser written in php
    #
    # Allows only localhost by default
    #
    # But allowing phpMyAdmin to anyone other than localhost should be considered
    # dangerous unless properly secured by SSL

    Alias /phpMyAdmin /usr/share/phpMyAdmin
    Alias /phpmyadmin /usr/share/phpMyAdmin

    <Directory /usr/share/phpMyAdmin/>
       AddDefaultCharset UTF-8

       <IfModule mod_authz_core.c>
         # Apache 2.4
         <RequireAny>
           Require ip my_global_IP
           Require host my_mobile_host
         </RequireAny>
       </IfModule>
    </Directory>

    <Directory /usr/share/phpMyAdmin/setup/>
       <IfModule mod_authz_core.c>
         # Apache 2.4
         <RequireAny>
           Require ip my_global_IP
           Require host my_mobile_host
         </RequireAny>
       </IfModule>
    </Directory>

  4. $ sudo systemctl restart httpd.service

||Install vsftpd||

  1. $ sudo yum install vsftpd
    The installed version is vsftpd.x86_64 3.0.2-9.el7.
  2. Edit /etc/vsftpd/vsftpd.conf.
    $ sudo vi /etc/vsftpd/vsftpd.conf
     
    Show line numbers by ‘:set nu’.

    • line# 12: anonymous_enable=YES –>> anonymous_enable=NO
    • line# 82: #ascii_upload_enable=YES –>> ascii_upload_enable=YES
    • line# 83: #ascii_download_enable=YES –>> ascii_download_enable=YES
    • line# 100: #chroot_local_user=YES –>> chroot_local_user=YES
    • line# 101: #chroot_list_enable=YES –>> chroot_list_enable=YES
    • line# 103: #chroot_list_file=/etc/vsftpd/chroot_list –>> chroot_list_file=/etc/vsftpd/chroot_list
    • line# 128: –>> local_root=www/html
  3. $ sudo setsebool -P ftp_home_dir on
    Because I uncomment local_enable=YES. This information is on the vsftpd.conf.
  4. $ sudo vi /etc/vsftpd/chroot_list
    I added ‘admin’ to the chroot_list.
  5. When I made “chroot_~” uncommented and an access via FTP as a normal user, I had 500 OOPS: vsftpd: refusing to run with writable root inside chroot(), so I added allow_writeable_chroot=YES to the vsftpd.conf. This information I found on 500 OOPS: vsftpd: refusing to run with writable root inside chroot() Login failed on debian.
    line# 104: –>> allow_writeable_chroot=YES
  6. $ sudo systemctl start vsftpd.service
    $ sudo systemctl enable vsftpd.service
    $ sudo firewall-cmd --permanent --zone=public --add-service=ftp
    $ sudo firewall-cmd --reload

Leave a Reply

Your email address will not be published. Required fields are marked *