CentOS 7
Before You Begin
Ensure that System Requirements have been met prior to proceeding with the CentOS Configuration Guide.
Install Requirements
1) Upgrade your current packages
yum update
2) Install Required Packages
PHP
Installations of ProVision 7.x and newer require PHP 7.1 (and related extensions). CentOS 6 comes with PHP 5.3 by default. You can either add a repository which provides PHP 7.1 or install PHP manually.
Repository & Syntax
The Webtatic and Remi repos both have versions of PHP which are newer than those in the official repos. For this example, we'll be using Webtatic.
If using a different repo or installing manually, your installation syntax may be different from what is listed here.
Add the repository:
rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm
Install PHP and extensions:
yum install httpd php71w php71w-opcache php71w-mysqlnd php71w-pdo php71w-ldap php71w-pecl-memcache php71w-bcmath php71w-devel php71w-pear php71w-cli php7.1-imap curl openssl memcached mod_ssl
MySQL
MySQL is included with most CentOS installs, check for it with:
yum list installed | grep mysql
DNS and Additional Utilities
yum install curl openssl nmap bind-utils bind expect wget bzip2
3) Configuring the requirements:
SSL
1. Self signed certificates in CentOS 7 by default have been already installed.
If you want to change it, follow the steps below:
Note: For production install, it is HIGHLY RECOMMENDED to use organization signed certs
Apache
Allow overwrites in the apache vhosts
sed -i 's/AllowOverride None/AllowOverride All/g' /etc/httpd/conf/httpd.conf
systemctl start httpd.service systemctl enable httpd.service
mod rewrite REQUIRED
Please note that mod_rewrite is required! If it is not enabled in Apache, key elements will not work as expected.
MySQL
Set the MySQL Configuration:
mysql -p -e "SET GLOBAL sql_mode='NO_ENGINE_SUBSTITUTION';SET SESSION sql_mode='NO_ENGINE_SUBSTITUTION';"
Then enter the MySQL root password when prompted.
MySQL Packet Size Configuration
4) Optional configurations:
Configure SELinux
READ THIS BEFORE YOU USE SELINUX
SELinux is a very powerful method of securing the CentOS environment, but it is not "turn key" and requires expertise to configure it correctly. If you do not know how to configure SELinux, please do not use it. A badly configured SELinux install will not work well and result in frustration. If you have any questions or concerns about this - please contact 6connect Support at support@6connect.com.
RE-IP WARNING
Please remember - if you change the IP address of the your server, then you will need to update SELinux functions accordingly
/usr/sbin/getsebool -a | grep httpd
/usr/sbin/setsebool -P httpd_can_network_connect 1
Configure IPTables
IPTables is enabled by default on CentOS. Add a new rule to allow 443 from anywhere. Make sure that this rule is in the chain BEFORE any blanket reject rule:
Radius (Optional)
This section only needs to be followed if the customer will be using Radius for authentication.
SSH
yum install libssh2-devel pecl install -f ssh2 echo extension=ssh2.so > /etc/php.d/ssh2.ini
5) Install 6connect ProVision Software:
1. Remove the current contents in the ProVision web folder (currently the www root) and after extract the archive contents (where 7.x.x is the version number for the build) :
tar -xf productionBuild-7.x.x-php7.x.tar -C /var/www/html
2. Change the permissions to be the web user permissions
chown -R apache.apache /var/www/html
3. If enabled SELinux you must execute the following command:
chcon -R -t httpd_sys_rw_content_t /var/www/html chcon -R -t httpd_sys_rw_content_t /tmp
You must also execute the same command for the 6c secure path created from configSecureKeys.sh
4. Go to http://﹤web root﹥/install/configTest.php. Follow the provided instructions, correcting any configuration errors if they occur. Once all steps are completed, you are ready to use your ProVision instance!