Build a CentOS 7 Server

Configured with Apache, PHP, Perl, Ruby,
MariaDB, phpMyAdmin, NTP, and PureFTP

by Edward Kimmel

Install Software To Prepare The CentOS Server

Build a
CentOS 7 Server
Part 2 Page 1
  • Edward Kimmel
    January 26, 2020

Prepare The CentOS Server

  In this part of the tutorial we will install the software needed to configure a secure CentOS server to host multiple web sites. This server will handle all of the web hosting and database services. In the next part we will configure the software that we will install in this step.

This tutorial assumes that you are logged in using "root". If you can not log into your server as "root", then you will need to add "sudo" in front of all of the following commands.

Server Preparations

  Now that we have a fresh installation of CentOS 7 on the server we need to perform a few preliminary steps before we begin to install the different software packages.

Network Identity

  In my example I use the following hostname and IP address for my web hosting server:

CentOS 7 Web Server, Database and Time Server
Hostname: mail.laurelhosting.com
IP Address: 192.168.1.230

  Where ever this hostname or IP address occurs in any of the following tutorial procedure steps you will have to change them to match the hostname and IP address of your server.


Server Internet Access

  Your CentOS server will need to have a static IP address and should of been set up during the CentOS OS installation procedures from the last section. To confirm the server network settings have been set up correctly and permit Internet access, let's try to "ping" the CentOS web site. (To stop the ping request, you will need to press and hold the CTRL key and then press the C key):

ping www.centos.org

  Successful ping output:

[root@mail ~]# ping www.centos.org
PING www.centos.org (81.171.33.201) 56(84) bytes of data.
64 bytes from ip-81.171.33.201.centos.org (81.171.33.201): icmp_seq=1 ttl=54 time=94.4ms
64 bytes from ip-81.171.33.201.centos.org (81.171.33.201): icmp_seq=2 ttl=54 time=94.2ms
64 bytes from ip-81.171.33.201.centos.org (81.171.33.201): icmp_seq=3 ttl=54 time=94.1ms
64 bytes from ip-81.171.33.201.centos.org (81.171.33.201): icmp_seq=4 ttl=54 time=94.2ms
64 bytes from ip-81.171.33.201.centos.org (81.171.33.201): icmp_seq=5 ttl=54 time=94.2ms
^C
--- www.centos.org ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4123ms
rtt min/avg/max/mdev = 94.197/94.286/94.483/0.351ms
[root@mail ~]# 

  Unsuccessful ping output:

[root@mail ~]# ping www.centos.org
ping: www.centos.org: Name or service not known
[root@mail ~]# 

  If your ping attempt failed to reach the CentOS web site, we will need to do a bit of troubleshooting to figure out why it failed. Make sure the server's network cord is plugged in to Network Adapter and into an active router or hub port. You should see an "activity" LED light is lit on the Network Adapter and/or router or hub port to confirm a good network connection.

  Once ruling out a hardware failure such as unplugged network cable and you can see the network activity LED is lit, we will need to look at the server's network adapter configuration file. We need to check this anyway to confirm the server does have a static IP address even if you have a successful ping. Find the name of your network adapter by running:

ip a

  From the output below from my server I can see my network adapter is named enp2s0.

[root@mail ~]# ip a
1: lo:  mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: enp2s0:  mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:0a:cd:23:41:6a brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.240/24 brd 192.168.1.255 scope global noprefixroute enp2s0
       valid_lft forever preferred_lft forever
    inet6 fe80::ef25:8a95:827a:e1f1/64 scope link noprefixroute
       valid_lft forever preferred_lft forever
[root@mail ~]# 

  Your network configuration file is located at /etc/sysconfig/network-scripts/, open network the configuration file with your network adapter name, i.e. ifcfg-enp2s0. If you created a minimum CentOS server you will have to use "VI" text editor, we will be installing "NANO" text editor which I prefer to use later in this tutorial.

  VI is a bit tricky to get used to but there are many web sites out there to give you some help. I hope to make an instruction page in the near future. NANO is a much easier command line text editor to use and why I personally prefer it. Sometimes you won't have NANO and you need to edit files so it doesn't hurt to learn how to use VI.

cd /etc/sysconfig/network-scripts
vi ifcfg-enp2s0

  Edit the file replacing all IP addresses according to your network requirements. You will need to make sure that ONBOOT=yes is set so your network connection is always activated as soon as your server boots.

HWADDR=00:0A:CD:23:41:6A
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=static
IPADDR=192.168.1.240
PREFIX=24
GATEWAY=192.168.1.1
DNS1=192.168.1.1
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME="enp2s0"
UUID=e8d00f10-5ef1-3c1d-b2cf-395f736bc3b7
ONBOOT=yes
AUTOCONNECT_PRIORITY=-999

  You don't have to reboot your server after editing your network adapter's configuration file. You can simply restart your network adapter using this command:

service network restart

  Restart your network adapter should look like this:

[root@mail network-scripts]# service network restart
Restarting network (via systemctl):                        [  OK  ]
[root@mail network-scripts]# 

  Once you can successfully ping the CentOS web site, you can continue configuring your server.


Enable Repositories

  First we enable the EPEL repository on our CentOS system as lots of the packages that we are going to install in the course of this tutorial are not available in the official CentOS 7 repository:

yum -y install epel-release

  Then we import the GPG keys for software packages:

rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY*

Install Utility Software Packages

  Development tools packages are required to be installed on your system if you have plans to build software. It's also useful for building packages on your system. Development tools contain useful tools like GCC, g++, make, libtool, rpmbuild and autoconf etc packages.

yum -y groupinstall 'Development Tools'

  GNU nano is an easy to use command line text editor for Unix and Linux operating systems. It includes all the basic functionality you'd expect from a regular text editor, like syntax highlighting, multiple buffers, search and replace with regular expression support, spellchecking, UTF-8 encoding, and more.

  NetworkManager is a software utility that aims to simplify the use of computer networks.

  yum-utils is a collection of tools and programs for managing yum repositories, installing debug packages, source packages, extended information from repositories and administration.

  Install the network configuration editor and the shell based editor "nano" that will be used in the the following steps to edit config files:

yum -y install nano wget NetworkManager-tui yum-utils dos2unix

Adjusting Hosts File

  The hosts file is found at /etc/hosts and is an operating system file that translate hostnames or domain names to IP addresses. This is useful for testing websites changes or the SSL setup before taking a website publicly live.

  Edit the hosts file and add the IP addresses and hostnames for both servers and the desktop computer. (The hostnames and IP addresses have to be adjusted to match your setup.)

  Use "nano" to edit /etc/hosts file. Make the hosts file look like this:

nano /etc/hosts

  A hosts file example:

127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
192.168.1.240   mail.laurelhosting.com     mail
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6

Set Computer Hostname

  The hostname command in Linux is used to obtain the DNS (Domain Name System) name and set the system's hostname or NIS (Network Information System) domain name. A hostname is a name which is given to a computer to identify it when it is connected to a network. Its main purpose is to uniquely identify the computer when connected to a network. You should of set the computer hostame in the last part of the tutorial, this is for reference only.

  Set the hostname in the /etc/hostname file. The file shall contain the fully qualified domain name (e.g. mail.laurelhosting.com in my case for the main server) and not just the short name like "mail". Open the hostname file with the nano editor:

nano /etc/hostname

  Set the hostname in the file for each server and the desktop computer as listed. (Adjust the hostname to match your setup)

mail.laurelhosting.com

  Save the file and exit nano. If you edited the hostname file, your change will not take effect until you reboot the server.


Check SELinux

  SELinux is a security extension of CentOS that should provide extended security. We are not going to disable or lessen the SELinux control in any way. We do not plan to install any type of an ISP control panel, this tutorial teaches you how to set up a web hosting server manually without the ease of a control panel.

getenforce

  Should display:

[root@mail ~]# getenforce
Enforcing
[root@mail ~]# 

  If SELinux shows as "Permissive" or "Disabled" you need to edit /etc/selinux/config and set SELINUX=enforcing:

nano /etc/selinux/config

  SELinux file:

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=enforcing
# SELINUXTYPE= can take one of these two values:
#     targeted - Targeted processes are protected,
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted

Check CentOS Firewall

  The built in Firewall on CentOS is FirewallD which is the front end controller for iptables used to implement persistent network traffic rules. It provides command line and graphical interfaces and is available in the repositories of most Linux distributions.

  Now to check that the firewall status, run the command:

firewall-cmd --state

  If the built-n CentOS 7 Firewall is active:

[root@mail ~]# firewall-cmd --state
running
[root@mail ~]#

  If the built-in CentOS 7 Firewall has been disabled:

[root@mail ~]# firewall-cmd --state
not running
[root@mail ~]#

  If you discover the built-in firewall is not running, we need to change that, to start and enable the built in Firewall:

systemctl start firewalld
systemctl enable firewalld

Update Server OS Files

  Now let's update all of the computer's software and operating system files to bring everything up to date:

yum -y update

  Let's reboot the computer before we continue the tutorial:

reboot

  Log back into using "root" once computer has rebooted and confirm that SELinux is set properly before proceeding:

getenforce

  Should display:

[root@mail ~]# getenforce
Enforcing
[root@mail ~]# 

  And confirm the computer hostname is correct:

hostname

  Should display:

[root@mail ~]# hostname
mail.laurelhosting.com
[root@mail ~]# 
Total Page Views to Date = 48