CentOS 6
Before You Begin
Ensure that System Requirements have been met prior to proceeding with the CentOS Configuration Guide.
Install Requirements
1) Upgrade your current packages
yum update
2) Install Required Packages
PHP
All installations of ProVision require at least PHP 5.6 (and related extensions). CentOS 6 comes with PHP 5.3 by default. You can either add a repository which provides PHP 5.6 or install PHP manually.
The Webtatic and Remi repos both have versions of PHP which are newer than those in the official repos. For this example, we'll be using Webtatic
Add the repository:
rpm -Uvh https://mirror.webtatic.com/yum/el6/latest.rpm
Update:
yum update
Install:
yum install httpd php56w php56w-opcache php56w-mysqlnd php56w-pdo php56w-ldap php56w-pecl-memcache php56w-bcmath php56w-devel php56w-pear php56w-cli curl openssl memcached mod_ssl
MySQL
MySQL is included with most CentOS installs, check for it with:
yum list installed | grep mysql
The default MySqL version included with most CentOS installs will need to be upgraded to the latest version:
rpm -Uvh https://mirror.webtatic.com/yum/el6/latest.rpm
If you have an existing installation, you can replace it with:
yum install mysql.`uname -i` yum-plugin-replace yum replace mysql --replace-with mysql56w
For a fresh install:
yum install mysql56w mysql56w-server
Then, re-start and configure.
service mysqld start chkconfig mysqld on
/usr/bin/mysqladmin -u root password 'new-password'
For an existing install / upgrade, you will need to upgrade the existing tables after the restart.
mysql_upgrade -u root -p
This will issue a password prompt for the user. If you don't have a root user password, remove the "-p".
DNS and Additional Utilities
yum install curl openssl nmap bind-utils bind expect
DNSSEC-Tools
yum groupinstall 'Development Tools' yum install openssl-devel perl-devel perl-CPAN cd /usr/src wget https://www.dnssec-tools.org/download/dnssec-tools-2.1.tar.gz tar -xzf dnssec-tools-2.1.tar.gz ./configure make make install
3) Configuring the requirements:
SSL
Self signed certificates in CentOS 6 by default have been already installed.
If you want to change it, follow the steps below:
Generate private key, CSR, and temporary key if one hasn't been provided.
openssl genrsa -out ca.key 1024 openssl req -new -key ca.key -out ca.csr openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.crt
cp ca.crt /etc/pki/tls/certs cp ca.key /etc/pki/tls/private/ca.key cp ca.csr /etc/pki/tls/private/ca.csr
vi /etc/httpd/conf.d/ssl.conf
SSLCertificateFile /etc/pki/tls/certs/ca.crt SSLCertificateKeyFile /etc/pki/tls/private/ca.key
/etc/init.d/httpd restart
Apache
sed -i 's/AllowOverride None/AllowOverride All/g' /etc/httpd/conf/httpd.conf
chkconfig httpd on service httpd start
mod rewrite REQUIRED
Please note that mod_rewrite is required! If it is not enabled in Apache, key elements will not work as expected.
MySQL
Set the MySQL Configuration:
mysql -p -e "SET GLOBAL sql_mode='NO_ENGINE_SUBSTITUTION';SET SESSION sql_mode='NO_ENGINE_SUBSTITUTION';"
then enter the MySQL root password when prompted.
4) Optional configurations:
Configure SELinux
RE-IP WARNING
Please remember - if you change the IP address of the your server, then you will need to update SELinux functions accordingly
/usr/sbin/getsebool -a | grep httpd
/usr/sbin/setsebool -P httpd_can_network_connect 1
Configure IPTables
IPTables is enabled by default on CentOS. Add a new rule to allow 443 from anywhere. Make sure that this rule is in the chain BEFORE any blanket reject rule:
Radius (Optional)
This section only needs to be followed if the customer will be using Radius for authentication.
SSH
yum install libssh2-devel pecl install -f ssh2 echo extension=ssh2.so > /etc/php.d/ssh2.ini
4) Install 6connect ProVision Software:
1. Remove the current contents in the ProVision web folder (currently the www root) and after extract the archive contents (where 5.x.x is the version number for the build) :
tar -xf productionBuild-5.x.x-php5.6.tar -C /var/www/html
2. Change the permissions to be the web user permissions
chown -R apache.apache /var/www/html
3. Go to http://﹤web root﹥/install/configTest.php. Follow the provided instructions, correcting any configuration errors if they occur. Once all steps are completed, you are ready to use your ProVision instance!