CentOS 7 Server Part 2 Page 1
- Edward Kimmel
January 26, 2020
Prepare The CentOS Server
In this part of the tutorial we will install the software needed to configure a secure CentOS server to host multiple web sites. This server will handle all of the web hosting and database services. In the next part we will configure the software that we will install in this step.
This tutorial assumes that you are logged in using "root". If you can not log into your server as "root", then you will need to add "sudo" in front of all of the following commands.
Now that we have a fresh installation of CentOS 7 on the server we need to perform a few preliminary steps before we begin to install the different software packages.
In my example I use the following hostname and IP address for my web hosting server:
CentOS 7 Web Server, Database and Time Server
IP Address: 192.168.1.230
Where ever this hostname or IP address occurs in any of the following tutorial procedure steps you will have to change them to match the hostname and IP address of your server.
Server Internet Access
Your CentOS server will need to have a static IP address and should of been set up during the CentOS OS installation procedures from the last section. To confirm the server network settings have been set up correctly and permit Internet access, let's try to "ping" the CentOS web site. (To stop the ping request, you will need to press and hold the CTRL key and then press the C key):
Successful ping output:
[root@mail ~]# ping www.centos.org PING www.centos.org (188.8.131.52) 56(84) bytes of data. 64 bytes from ip-184.108.40.206.centos.org (220.127.116.11): icmp_seq=1 ttl=54 time=94.4ms 64 bytes from ip-18.104.22.168.centos.org (22.214.171.124): icmp_seq=2 ttl=54 time=94.2ms 64 bytes from ip-126.96.36.199.centos.org (188.8.131.52): icmp_seq=3 ttl=54 time=94.1ms 64 bytes from ip-184.108.40.206.centos.org (220.127.116.11): icmp_seq=4 ttl=54 time=94.2ms 64 bytes from ip-18.104.22.168.centos.org (22.214.171.124): icmp_seq=5 ttl=54 time=94.2ms ^C --- www.centos.org ping statistics --- 5 packets transmitted, 5 received, 0% packet loss, time 4123ms rtt min/avg/max/mdev = 94.197/94.286/94.483/0.351ms [root@mail ~]#
Unsuccessful ping output:
[root@mail ~]# ping www.centos.org ping: www.centos.org: Name or service not known [root@mail ~]#
If your ping attempt failed to reach the CentOS web site, we will need to do a bit of troubleshooting to figure out why it failed. Make sure the server's network cord is plugged in to Network Adapter and into an active router or hub port. You should see an "activity" LED light is lit on the Network Adapter and/or router or hub port to confirm a good network connection.
Once ruling out a hardware failure such as unplugged network cable and you can see the network activity LED is lit, we will need to look at the server's network adapter configuration file. We need to check this anyway to confirm the server does have a static IP address even if you have a successful ping. Find the name of your network adapter by running:
From the output below from my server I can see my network adapter is named enp2s0.
[root@mail ~]# ip a 1: lo:
mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: enp2s0: mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 00:0a:cd:23:41:6a brd ff:ff:ff:ff:ff:ff inet 192.168.1.240/24 brd 192.168.1.255 scope global noprefixroute enp2s0 valid_lft forever preferred_lft forever inet6 fe80::ef25:8a95:827a:e1f1/64 scope link noprefixroute valid_lft forever preferred_lft forever [root@mail ~]#
Your network configuration file is located at /etc/sysconfig/network-scripts/, open network the configuration file with your network adapter name, i.e. ifcfg-enp2s0. If you created a minimum CentOS server you will have to use "VI" text editor, we will be installing "NANO" text editor which I prefer to use later in this tutorial.
VI is a bit tricky to get used to but there are many web sites out there to give you some help. I hope to make an instruction page in the near future. NANO is a much easier command line text editor to use and why I personally prefer it. Sometimes you won't have NANO and you need to edit files so it doesn't hurt to learn how to use VI.
Edit the file replacing all IP addresses according to your network requirements. You will need to make sure that ONBOOT=yes is set so your network connection is always activated as soon as your server boots.
HWADDR=00:0A:CD:23:41:6A TYPE=Ethernet PROXY_METHOD=none BROWSER_ONLY=no BOOTPROTO=static IPADDR=192.168.1.240 PREFIX=24 GATEWAY=192.168.1.1 DNS1=192.168.1.1 DEFROUTE=yes IPV4_FAILURE_FATAL=no IPV6INIT=yes IPV6_AUTOCONF=yes IPV6_DEFROUTE=yes IPV6_FAILURE_FATAL=no IPV6_ADDR_GEN_MODE=stable-privacy NAME="enp2s0" UUID=e8d00f10-5ef1-3c1d-b2cf-395f736bc3b7 ONBOOT=yes AUTOCONNECT_PRIORITY=-999
You don't have to reboot your server after editing your network adapter's configuration file. You can simply restart your network adapter using this command:
service network restart
Restart your network adapter should look like this:
[root@mail network-scripts]# service network restart Restarting network (via systemctl): [ OK ] [root@mail network-scripts]#
Once you can successfully ping the CentOS web site, you can continue configuring your server.
First we enable the EPEL repository on our CentOS system as lots of the packages that we are going to install in the course of this tutorial are not available in the official CentOS 7 repository:
yum -y install epel-release
Then we import the GPG keys for software packages:
rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY*
Install Utility Software Packages
Development tools packages are required to be installed on your system if you have plans to build software. It's also useful for building packages on your system. Development tools contain useful tools like GCC, g++, make, libtool, rpmbuild and autoconf etc packages.
yum -y groupinstall 'Development Tools'
GNU nano is an easy to use command line text editor for Unix and Linux operating systems. It includes all the basic functionality you'd expect from a regular text editor, like syntax highlighting, multiple buffers, search and replace with regular expression support, spellchecking, UTF-8 encoding, and more.
NetworkManager is a software utility that aims to simplify the use of computer networks.
yum-utils is a collection of tools and programs for managing yum repositories, installing debug packages, source packages, extended information from repositories and administration.
Install the network configuration editor and the shell based editor "nano" that will be used in the the following steps to edit config files:
yum -y install nano wget NetworkManager-tui yum-utils dos2unix
Adjusting Hosts File
The hosts file is found at /etc/hosts and is an operating system file that translate hostnames or domain names to IP addresses. This is useful for testing websites changes or the SSL setup before taking a website publicly live.
Edit the hosts file and add the IP addresses and hostnames for both servers and the desktop computer. (The hostnames and IP addresses have to be adjusted to match your setup.)
Use "nano" to edit /etc/hosts file. Make the hosts file look like this:
A hosts file example:
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 192.168.1.240 mail.laurelhosting.com mail ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
Set Computer Hostname
The hostname command in Linux is used to obtain the DNS (Domain Name System) name and set the system's hostname or NIS (Network Information System) domain name. A hostname is a name which is given to a computer to identify it when it is connected to a network. Its main purpose is to uniquely identify the computer when connected to a network. You should of set the computer hostame in the last part of the tutorial, this is for reference only.
Set the hostname in the /etc/hostname file. The file shall contain the fully qualified domain name (e.g. mail.laurelhosting.com in my case for the main server) and not just the short name like "mail". Open the hostname file with the nano editor:
Set the hostname in the file for each server and the desktop computer as listed. (Adjust the hostname to match your setup)
Save the file and exit nano. If you edited the hostname file, your change will not take effect until you reboot the server.
SELinux is a security extension of CentOS that should provide extended security. We are not going to disable or lessen the SELinux control in any way. We do not plan to install any type of an ISP control panel, this tutorial teaches you how to set up a web hosting server manually without the ease of a control panel.
[root@mail ~]# getenforce Enforcing [root@mail ~]#
If SELinux shows as "Permissive" or "Disabled" you need to edit /etc/selinux/config and set SELINUX=enforcing:
# This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - No SELinux policy is loaded. SELINUX=enforcing # SELINUXTYPE= can take one of these two values: # targeted - Targeted processes are protected, # mls - Multi Level Security protection. SELINUXTYPE=targeted
Check CentOS Firewall
The built in Firewall on CentOS is FirewallD which is the front end controller for iptables used to implement persistent network traffic rules. It provides command line and graphical interfaces and is available in the repositories of most Linux distributions.
Now to check that the firewall status, run the command:
If the built-n CentOS 7 Firewall is active:
[root@mail ~]# firewall-cmd --state running [root@mail ~]#
If the built-in CentOS 7 Firewall has been disabled:
[root@mail ~]# firewall-cmd --state not running [root@mail ~]#
If you discover the built-in firewall is not running, we need to change that, to start and enable the built in Firewall:
systemctl start firewalld
systemctl enable firewalld
Update Server OS Files
Now let's update all of the computer's software and operating system files to bring everything up to date:
yum -y update
Let's reboot the computer before we continue the tutorial:
Log back into using "root" once computer has rebooted and confirm that SELinux is set properly before proceeding:
[root@mail ~]# getenforce Enforcing [root@mail ~]#
And confirm the computer hostname is correct:
[root@mail ~]# hostname mail.laurelhosting.com [root@mail ~]#