Versions Compared

Old Version 1

changes.mady.by.user The Force

Saved on

compared with

New Version Current

changes.mady.by.user The Force

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Published by Scroll Versions from space DOC and version 7.2.0
HTML
<div id="google_translate_element"></div>
<script type="text/javascript">
function googleTranslateElementInit() {
  new google.translate.TranslateElement({pageLanguage: 'en'}, 'google_translate_element');
}
</script>
<script type="text/javascript" src="//translate.google.com/translate_a/element.js?cb=googleTranslateElementInit"></script>

CentOS 7

Table of Contents

Before You Begin

Ensure that System Requirements have been met prior to proceeding with the CentOS Configuration Guide.

...

Upgrade your current packages.


 

Code Block
languagepowershell
yum update

...

Installations of ProVision 7.x and newer require  PHP 7.1 (and related extensions). CentOS 6 comes with PHP 5.3 by default. You can either add a repository which provides PHP 7.1 or install PHP manually. 

Note
titleRepository & Syntax

The Webtatic and Remi repos both have versions of PHP which are newer than those in the official repos. For this example, we'll be using Webtatic.

If using a different repo or installing manually, your installation syntax may be different from what is listed here.


Add the repository:

Code Block
languagebash
  rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
  rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm

Install PHP and extensions:

Expand
titleClick here for the list of extensions...

PHP 7.x / Apache2 / extensions

  • httpd 
  • php71w 
  • php71w-opcache 
  • php71w-mysqlnd 
  • php71w-pdo 
  • php71w-ldap 
  • php71w-pecl-memcache 
  • php71w-bcmath 
  • php71w-devel 
  • php71w-pear 
  • php71w-cli
  • php7.1-imap

Development tools for pecl / additional system packages:

  • curl 
  • openssl 
  • memcached 
  • mod_ssl
 


Code Block
languagebash
yum install httpd php71w php71w-opcache php71w-mysqlnd php71w-pdo php71w-ldap php71w-pecl-memcache php71w-bcmath php71w-devel php71w-pear php71w-cli php7.1-imap curl openssl memcached mod_ssl

 


MySQL

Install MySQL 5.7 / MariaDB to use a local database.

...

Expand
titleIf MySQL is not installed, click here...

If it is not installed:

Code Block
languagebash
   rpm -Uvh http://repo.mysql.com/mysql-community-release-el7-5.noarch.rpm
   yum install mysql-server
   service mysqld start
   chkconfig mysqld on
 Set the MySQL root password:


 

Code Block
languagebash
    /usr/bin/mysqladmin -u root password 'new-password'
Expand
titleTo install MariaDB instead of MySQL, click here...

If you prefer to install MariaDB:

Code Block
languagebash
   yum install mariadb-server mariadb
   systemctl start mariadb 
   
Set the root password, as currently it is not set, just hit ENTER on the current password: 


Code Block
languagebash
mysql_secure_installation
   Set so that it starts on boot: 


Code Block
systemctl enable mariadb.service

 


DNS and Additional Utilities

...

Expand

 Generate private key, CSR, and temporary key if one hasn't been provided.


 

Code Block
languagebash
   openssl genrsa -out ca.key 1024
   openssl req -new -key ca.key -out ca.csr
   openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.crt

Copy the files to the correct locations 
Code Block
languagebash
   cp ca.crt /etc/pki/tls/certs
   cp ca.key /etc/pki/tls/private/ca.key
   cp ca.csr /etc/pki/tls/private/ca.csr
  
Note
   Make sure that you copy the files and do not move them if SELinux is enabled (which it is by default)
 
Edit the apache ssl config and put in the appropriate options:
 (shown using the vi editor, though you may use the editor of your choice)


 

Code Block
languagebash
vi /etc/httpd/conf.d/ssl.conf

Find the lines that start with SSHCertificateFile and change them to be like:
Code Block
languagetext
SSLCertificateFile /etc/pki/tls/certs/ca.crt 
SSLCertificateKeyFile /etc/pki/tls/private/ca.key 

Then restart.


 

Code Block
languagepowershell
/etc/init.d/httpd restart
Add 443 virtual hosts as needed in httpd.conf. 
 

Apache

Allow overwrites in the apache vhosts  


 

Code Block
languagebash
sed -i 's/AllowOverride None/AllowOverride All/g' /etc/httpd/conf/httpd.conf

...

Set the MySQL Configuration:

...


Code Block
languagebash
mysql -p -e "SET GLOBAL sql_mode='NO_ENGINE_SUBSTITUTION';SET SESSION sql_mode='NO_ENGINE_SUBSTITUTION';"

Then enter the MySQL root password when prompted.


Note
titleMySQL Packet Size Configuration
 We recommend setting the max_allowed_packet setting in the MySQL configuration file to 128MB (or similar) to account for the typical dataset size handled in ProVision.



4) Optional configurations:

Configure SELinux

Warning
titleREAD THIS BEFORE YOU USE SELINUX

SELinux is a very powerful method of securing the CentOS environment, but it is not "turn key" and requires expertise to configure it correctly. If you do not know how to configure SELinux, please do not use it. A badly configured SELinux install will not work well and result in frustration. If you have any questions or concerns about this - please contact 6connect Support at support@6connect.com.

Note
titleRE-IP WARNING

Please remember - if you change the IP address of the your server, then you will need to update SELinux functions accordingly


Most CentOS install have SELinux enabled by default.  One of its protections is to not allow   httpd daemon to make network connections, we need to disable this for license checks.

   To view the SELinux configuration for http:


 

Code Block
languagebash
/usr/sbin/getsebool -a | grep httpd
   To turn protection off for the httpd daemon for creating network connections:


 

Code Block
languagebash
 /usr/sbin/setsebool -P httpd_can_network_connect 1

Configure IPTables

IPTables is enabled by default on CentOS.  Add a new rule to allow 443 from anywhere.  Make sure that this rule is in the chain BEFORE any blanket reject rule:

 
Expand
titleIf you are going to run iptables, click here

To list all current IPTable rules:


 

Code Block
languagebash
iptables -L


To add a rule for 443: 


Code Block
languagebash
/sbin/iptables  RH-Firewall-1-INPUT -I 5 -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT
 

 Note
titleNote
    The -I 5 is what adds the rule to the 5th chain position.  You might need to change this depending on existing rules.  Look at what rules are there before running.

To save the new config:

 
 Code Block
languagebash
/etc/rc.d/init.d/iptables save
OR (some versions of centOS have different iptables names, so the above won't work) 

 
 Code Block
languagebash
vi /etc/sysconfig/iptables
 

With the file open for editing, add:
 Code Block
languagepowershell
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT 

Once complete - restart the iptables service:
 Code Block
languagepowershell
/etc/init.d/iptables restart
 Info
Customers can alter this post install to allow only their IP space, plus the 6connect management space.
...
4. Go to http://﹤web root﹥/install/configTest.php.  Follow the provided instructions, correcting any configuration errors if they occur. Once all steps are completed, you are ready to use your ProVision instance!