Versions Compared

Old Version 2

changes.mady.by.user The Force

Saved on

compared with

New Version Current

changes.mady.by.user The Force

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


HTML
<div id="google_translate_element"></div>
<script type="text/javascript">
function googleTranslateElementInit() {
  new google.translate.TranslateElement({pageLanguage: 'en'}, 'google_translate_element');
}
</script>
<script type="text/javascript" src="//translate.google.com/translate_a/element.js?cb=googleTranslateElementInit"></script>

CentOS 6

Table of Contents

Before You Begin

Ensure that System Requirements have been met prior to proceeding with the CentOS Configuration Guide.

...

Installations of ProVision 7.x and newer require  PHP 7.1 (and related extensions). CentOS 6 comes with PHP 5.3 by default. You can either add a repository which provides PHP 7.1 or install PHP manually.

Note
titleRepository & Syntax

The Webtatic and Remi repos both have versions of PHP which are newer than those in the official repos. For this example, we'll be using Webtatic.

If using a different repo or installing manually, your installation syntax may be different from what is listed here.

 

Add the repository:

Code Block
languagebash
rpm -Uvh https://mirror.webtatic.com/yum/el6/latest.rpm


Update:


Code Block
languagepowershell
yum update


Install:

Expand

PHP 7.x / Apache2 / extensions

  • httpd 
  • php71w 
  • php71w-opcache 
  • php71w-mysqlnd 
  • php71w-pdo 
  • php71w-ldap 
  • php71w-pecl-memcache 
  • php71w-bcmath 
  • php71w-devel 
  • php71w-pear 
  • php71w-cli
  • php7.1-imap

Development tools for pecl / additional system packages:

  • curl 
  • openssl 
  • memcached 
  • mod_ssl


 

Code Block
languagebash
yum install httpd php71w php71w-opcache php71w-mysqlnd php71w-pdo php71w-ldap php71w-pecl-memcache php71w-bcmath php71w-devel php71w-pear php71w-cli php7.1-imap curl openssl memcached mod_ssl

MySQL

...


Code Block
languagebash
openssl genrsa -out ca.key 1024    openssl req -new -key ca.key -out ca.csr    
openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.crt
 
Copy the files to the correct locations 

...


Code Block
languagebash
vi /etc/httpd/conf.d/ssl.conf
 
Find the lines that start with SSHCertificateFile and change them to be like:
Code Block
languagetext
SSLCertificateFile /etc/pki/tls/certs/ca.crt 
SSLCertificateKeyFile /etc/pki/tls/private/ca.key 

Then restart:


Code Block
languagepowershell
/etc/init.d/httpd restart
Add 443 virtual hosts as needed in httpd.conf. 

Apache

 
Allow overwrites in the apache vhosts:

...


Code Block
languagebash
mysql -p -e "SET GLOBAL sql_mode='NO_ENGINE_SUBSTITUTION';SET SESSION sql_mode='NO_ENGINE_SUBSTITUTION';"

then enter the MySQL root password when prompted.


Note
titleMySQL Packet Size Configuration
 We recommend setting the max_allowed_packet setting in the MySQL configuration file to 128MB (or similar) to account for the typical dataset size handled in ProVision.

 

 

4) Optional configurations:

Configure SELinux

Warning
titleREAD THIS BEFORE YOU USE SELINUX

SELinux is a very powerful method of securing the CentOS environment, but it is not "turn key" and requires expertise to configure it correctly. If you do not know how to configure SELinux, please do not use it. A badly configured SELinux install will not work well and result in frustration. If you have any questions or concerns about this - please contact 6connect Support at support@6connect.com.


Note
titleRE-IP WARNING

Please remember - if you change the IP address of the your server, then you will need to update SELinux functions accordingly

 
Most CentOS install have SELinux enabled by default.  One of its protections is to not allow   httpd daemon to make network connections, we need to disable this for license checks.
 
To view the SELinux configuration for http:


Code Block
languagebash
/usr/sbin/getsebool -a | grep httpd

To turn protection off for the httpd daemon for creating network connections:


Code Block
languagebash
   /usr/sbin/setsebool -P httpd_can_network_connect 1


Configure IPTables

IPTables is enabled by default on CentOS.  Add a new rule to allow 443 from anywhere.  Make sure that this rule is in the chain BEFORE any blanket reject rule:

 
Expand
titleIf you are going to run iptables, click here
 
To list all current IPTable rules:


Code Block
languagebash
/etc/rc.d/init.d/iptables status

To add a rule for 443:


Code Block
languagebash
/sbin/iptables  RH-Firewall-1-INPUT -I 5 -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT



Note
titleNote
    The -I 5 is what adds the rule to the 5th chain position.  You might need to change this depending on existing rules.  Look at what rules are there before running.

To save the new config:


Code Block
languagebash
/etc/rc.d/init.d/iptables save

OR (some versions of centOS have different iptables names, so the above won't work)

   
Code Block
languagebash
vi /etc/sysconfig/iptables

With the file open for editing, add:

Code Block
languagepowershell
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT

Once complete - restart the iptables service:

Code Block
languagepowershell
/etc/init.d/iptables restart


Info
Customers can alter this post install to allow only their IP space, plus the 6connect management space.


...

 
Code Block
languagebash
    yum install libssh2-devel     pecl install -f ssh2     echo extension=ssh2.so > /etc/php.d/ssh2.ini
 
 

4) Install 6connect ProVision Software:

...