HTML |
---|
<div id="google_translate_element"></div>
<script type="text/javascript">
function googleTranslateElementInit() {
new google.translate.TranslateElement({pageLanguage: 'en'}, 'google_translate_element');
}
</script>
<script type="text/javascript" src="//translate.google.com/translate_a/element.js?cb=googleTranslateElementInit"></script> |
CentOS 7
Table of Contents |
---|
Before You Begin
Ensure that System Requirements have been met prior to proceeding with the CentOS Configuration Guide.
...
Code Block | ||
---|---|---|
| ||
yum update |
...
Installations of ProVision 7.x and newer require PHP 7.1 (and related extensions). CentOS 6 comes with PHP 5.3 by default. You can either add a repository which provides PHP 7.1 or install PHP manually.
Note | ||
---|---|---|
| ||
The Webtatic and Remi repos both have versions of PHP which are newer than those in the official repos. For this example, we'll be using Webtatic. If using a different repo or installing manually, your installation syntax may be different from what is listed here. |
Add the repository:
Code Block | ||
---|---|---|
| ||
rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm |
Install PHP and extensions:
Expand | ||
---|---|---|
| ||
PHP 7.x / Apache2 / extensions
Development tools for pecl / additional system packages:
|
Code Block | ||
---|---|---|
| ||
yum install httpd php71w php71w-opcache php71w-mysqlnd php71w-pdo php71w-ldap php71w-pecl-memcache php71w-bcmath php71w-devel php71w-pear php71w-cli php7.1-imap curl openssl memcached mod_ssl |
MySQL
...
Expand | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||
If it is not installed:
Set the MySQL root password:
|
Expand | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||||
If you prefer to install MariaDB:
Set the root password, as currently it is not set, just hit ENTER on the current password:
Set so that it starts on boot:
|
DNS and Additional Utilities
...
Expand | |||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Generate private key, CSR, and temporary key if one hasn't been provided.
Copy the files to the correct locations
Edit the apache ssl config and put in the appropriate options: (shown using the vi editor, though you may use the editor of your choice)
Find the lines that start with SSHCertificateFile and change them to be like:
Then restart.
|
Apache
Allow overwrites in the apache vhosts
Code Block | ||
---|---|---|
| ||
sed -i 's/AllowOverride None/AllowOverride All/g' /etc/httpd/conf/httpd.conf |
...
Set the MySQL Configuration:
...
Code Block | ||
---|---|---|
| ||
mysql -p -e "SET GLOBAL sql_mode='NO_ENGINE_SUBSTITUTION';SET SESSION sql_mode='NO_ENGINE_SUBSTITUTION';" |
Then enter the MySQL root password when prompted.
Note | ||
---|---|---|
| ||
We recommend setting the max_allowed_packet setting in the MySQL configuration file to 128MB (or similar) to account for the typical dataset size handled in ProVision. |
4) Optional configurations:
Configure SELinux
Warning | ||
---|---|---|
| ||
SELinux is a very powerful method of securing the CentOS environment, but it is not "turn key" and requires expertise to configure it correctly. If you do not know how to configure SELinux, please do not use it. A badly configured SELinux install will not work well and result in frustration. If you have any questions or concerns about this - please contact 6connect Support at support@6connect.com. |
Note | ||
---|---|---|
| ||
Please remember - if you change the IP address of the your server, then you will need to update SELinux functions accordingly |
Code Block | ||
---|---|---|
| ||
/usr/sbin/getsebool -a | grep httpd |
Code Block | ||
---|---|---|
| ||
/usr/sbin/setsebool -P httpd_can_network_connect 1 |
Configure IPTables
IPTables is enabled by default on CentOS. Add a new rule to allow 443 from anywhere. Make sure that this rule is in the chain BEFORE any blanket reject rule:
Expand | ||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||||||||||||||||||||||||||||||
To list all current IPTable rules:
To add a rule for 443:
To save the new config:
OR (some versions of centOS have different iptables names, so the above won't work)
With the file open for editing, add:
Once complete - restart the iptables service:
|
...
4. Go to http://﹤web root﹥/install/configTest.php. Follow the provided instructions, correcting any configuration errors if they occur. Once all steps are completed, you are ready to use your ProVision instance!