...
Installations of ProVision 7.x and newer require PHP 7.1 (and related extensions). CentOS 6 comes with PHP 5.3 by default. You can either add a repository which provides PHP 7.1 or install PHP manually.
| Note |
|---|
|
The Webtatic and Remi repos both have versions of PHP which are newer than those in the official repos. For this example, we'll be using Webtatic. If using a different repo or installing manually, your installation syntax may be different from what is listed here. |
Add the repository:
| Code Block |
|---|
|
rpm -Uvh https://mirror.webtatic.com/yum/el6/latest.rpm |
Update:
Install:
| Expand |
|---|
PHP 7.x / Apache2 / extensions - httpd
- php71w
- php71w-opcache
- php71w-mysqlnd
- php71w-pdo
- php71w-ldap
- php71w-pecl-memcache
- php71w-bcmath
- php71w-devel
- php71w-pear
- php71w-cli
- php7.1-imap
Development tools for pecl / additional system packages: - curl
- openssl
- memcached
- mod_ssl
|
| Code Block |
|---|
|
yum install httpd php71w php71w-opcache php71w-mysqlnd php71w-pdo php71w-ldap php71w-pecl-memcache php71w-bcmath php71w-devel php71w-pear php71w-cli php7.1-imap curl openssl memcached mod_ssl |
MySQL
...
5. Install the DNS and other remaining utilities:
| Expand |
|---|
- curl
- openssl
- nmap
- bind-utils
- bind
- expect
|
...
| Code Block |
|---|
|
vi /etc/httpd/conf.d/ssl.conf |
Find the lines that start with SSHCertificateFile and change them to be like:
| Code Block |
|---|
|
SSLCertificateFile /etc/pki/tls/certs/ca.crt
SSLCertificateKeyFile /etc/pki/tls/private/ca.key |
Then restart:
| Code Block |
|---|
|
/etc/init.d/httpd restart |
Add 443 virtual hosts as needed in httpd.conf. Apache
...
Allow overwrites in the apache vhosts :
| Code Block |
|---|
|
sed -i 's/AllowOverride None/AllowOverride All/g' /etc/httpd/conf/httpd.conf |
Start Apache and make it to start on boot boot:
| Code Block |
|---|
|
chkconfig httpd on service httpd start |
...
4) Optional configurations:
| Warning |
|---|
| title | READ THIS BEFORE YOU USE SELINUX |
|---|
|
SELinux is a very powerful method of securing the CentOS environment, but it is not "turn key" and requires expertise to configure it correctly. If you do not know how to configure SELinux, please do not use it. A badly configured SELinux install will not work well and result in frustration. If you have any questions or concerns about this - please contact 6connect Support at support@6connect.com. |
| Note |
|---|
|
Please remember - if you change the IP address of the your server, then you will need to update SELinux functions accordingly |
Most CentOS install have SELinux enabled by default. One of its protections is to not allow httpd daemon to make network connections, we need to disable this for license checks.
To To view the SELinux configuration for http:
| Code Block |
|---|
|
/usr/sbin/getsebool -a | grep httpd |
To To turn protection off for the httpd daemon for creating network connections:
| Code Block |
|---|
|
/usr/sbin/setsebool -P httpd_can_network_connect 1 |
IPTables is enabled by default on CentOS. Add a new rule to allow 443 from anywhere. Make sure that this rule is in the chain BEFORE any blanket reject rule:
| Expand |
|---|
| title | If you are going to run iptables, click here |
|---|
|
To list all current IPTable rules:
| Code Block |
|---|
| /etc/rc.d/init.d/iptables status |
To add a rule for 443:
| Code Block |
|---|
| /sbin/iptables RH-Firewall-1-INPUT -I 5 -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT |
| Note |
|---|
| | The -I 5 is what adds the rule to the 5th chain position. You might need to change this depending on existing rules. Look at what rules are there before running. |
To save the new config:
| Code Block |
|---|
| /etc/rc.d/init.d/iptables save |
OR (some versions of centOS have different iptables names, so the above won't work) | Code Block |
|---|
| vi /etc/sysconfig/iptables |
With the file open for editing, add: | Code Block |
|---|
| -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT |
Once complete - restart the iptables service: | Code Block |
|---|
| /etc/init.d/iptables restart |
| Info |
|---|
| Customers can alter this post install to allow only their IP space, plus the 6connect management space. |
|
...
This section only needs to be followed if the customer will be using Radius for authentication.
| Expand |
|---|
| title | If you are going to use radius authentication, click here. |
|---|
|
Install radius module: | Code Block |
|---|
pecl install radius echo extension=radius.so > /etc/php.d/radius.ini |
|
...
