Static Website Configuration for Nginx Web Server on CentOS 6 / CentOS 7

Q. How to configure and host static website on Nginx web server?

A. Nginx is a lightweight web server and an alternative to Apache. In order to run a static website on Nginx web server, you must configure your server to at least the following basic configuration. Failure to do this will stop some basic functions such as access to sitemap.xml which is required when submit a page to google and bing in webmaster tool.

Note : The following steps has been tested using root access on Nginx web server :

Static Website Configuration for Nginx Web Server

1. This is main Nginx configuration file. Make sure that sites-available folder was included at the bottom of the configuration as below :

# sudo vim /etc/nginx/nginx.conf

user  nginx;
worker_processes  2;

error_log  /var/log/nginx/error.log warn;
pid        /var/run/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;


    include /etc/nginx/sites-available/*.conf;
}

2. Create static.conf file which contains the configuration specific for static website that running on Nginx web server :

# sudo vim /etc/nginx/conf.d/static.conf

# WORDPRESS : Rewrite rules, sends everything through index.php and keeps the appended query string intact
location / {
    try_files $uri $uri/ /index.php?q=$uri&$args;
}

# SECURITY : Deny all attempts to access PHP Files in the uploads directory
location ~* /(?:uploads|files)/.*.php$ {
    deny all;
}
# REQUIREMENTS : Enable PHP Support
location ~ .php$ {
    # SECURITY : Zero day Exploit Protection
    try_files $uri =404;
    # ENABLE : Enable PHP, listen fpm sock
    fastcgi_split_path_info ^(.+.php)(/.+)$;
    #fastcgi_pass unix:/tmp/php-fpm.sock;
    fastcgi_pass   127.0.0.1:9000;
    fastcgi_index index.php;
    fastcgi_send_timeout 300s;
    fastcgi_read_timeout 300s;
    include fastcgi_params;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    fastcgi_buffer_size 128k;
    fastcgi_buffers 256 4k;
    fastcgi_busy_buffers_size 256k;
    fastcgi_temp_file_write_size 256k;
    fastcgi_intercept_errors on;
}

location /sitemap.xml.gz {
    add_header Cache-Control "public, must-revalidate";
}

3. Create common.conf file for common option in Nginx web server :

# sudo vim /etc/nginx/conf.d/common.conf

Add below :

# Global configuration file.
# ESSENTIAL : Configure Nginx Listening Port
listen 80;
# ESSENTIAL : Default file to serve. If the first file isn't found,
index index.php index.html index.htm;
# ESSENTIAL : no favicon logs
location = /favicon.ico {
    log_not_found off;
    access_log off;
}
# ESSENTIAL : robots.txt
location = /robots.txt {
    allow all;
    log_not_found off;
    access_log off;
}
# ESSENTIAL : Configure 404 Pages
error_page 404 /404.html;
# ESSENTIAL : Configure 50x Pages
error_page 500 502 503 504 /50x.html;
    location = /50x.html {
        root /usr/share/nginx/html;
    }
# SECURITY : Deny all attempts to access hidden files .abcde
location ~ /. {
    deny all;
}
# PERFORMANCE : Set expires headers for static files and turn off logging.
location ~* ^.+.(js|css|swf|xml|txt|ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|rss|atom|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ {
    access_log off; log_not_found off; expires 30d;
   add_header Pragma no-cache;
   add_header Cache-Control "public";
}

4. Configure website1 configuration :

# sudo vim /etc/nginx/sites-available/website1.com.conf

server {
    listen      80;
    server_name website1.com;
    rewrite ^/(.*)$ http://www.website1.com/$1 permanent;

}

server {
        server_name www.website1.com;
        root /var/www/html/website1.com;
        access_log /var/log/nginx/website1.com.access.log;
        error_log /var/log/nginx/website1.com.error.log;
        include conf.d/common.conf;
        include conf.d/static.conf;

}

5. Verify Nginx configuration syntax :

# sudo nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

6. Restart Nginx web server :

For CentOS 7 :

# sudo systemctl restart nginx

For CentOS 5/ CentOS 6

# sudo service nginx restart

Static website are the cheapest was to start a website and does not require a lot of server resources to run it. Basic shared hosting plan is sufficient to use and nowaday static website is widely used by companies that are smaller.

April 13, 2015

How to Install IonCube Loader in CentOS 6 / CentOS 7

What is IonCube Loader ?

IonCube Loader is a PHP module or extension for PHP files decoding encrypted and is often required for many applications based on PHP. It helps us to protect php applications from unauthorized execution and at the same time can accelerate the website. This article will show you how you can install ioncube loader on CentOS 6 and the steps also works on CentOS 7.

1. Check and verify ioncube version :

# php -v

PHP 5.4.33 (cli) (built: Sep 20 2014 16:20:03)
Copyright (c) 1997-2014 The PHP Group
Zend Engine v2.4.0, Copyright (c) 1998-2014 Zend Technologies

Your PHP version must match ioncube version :
eg. PHP 5.5 will use file: ioncube_loader_lin_5.5.so
eg. PHP 5.4 will use file: ioncube_loader_lin_5.4.so
eg. PHP 5.3 will use file: ioncube_loader_lin_5.3.so

In this case, php version is PHP 5.4, and the matching ioncube loader version should be ioncube_loader_lin_5.4.so.

2. Create directory for ioncube :

# mkdir /usr/local/ioncube

3. Download and extract the ioncube:

# wget http://downloads3.ioncube.com/loader_downloads/ioncube_loaders_lin_x86-64.tar.gz
# tar xzvf ioncube_loaders_lin_x86-64.tar.gz

4. Open the extracted ioncube folder and copy the ioncube loader file match to your php version. :

# cd ioncube
# cp -p ioncube_loader_lin_5.4.so /usr/local/ioncube

5. Now locate php.ini file. This is how you can find location of php.ini.

# php -i| grep php.ini

Configuration File (php.ini) Path => /etc
Loaded Configuration File => /etc/php.ini

6. Edit php.ini file and save :

# vim /etc/php.ini

Add the following at the bottom of php.ini :

..
..
zend_extension = /usr/local/ioncube/ioncube_loader_lin_5.4.so

7. Verify the php version, it is now should include file “ioncube_loader_lin_5.4.so” in PHP 5.4 if you get the display as below :

# php -v

PHP 5.4.33 (cli) (built: Sep 20 2014 16:20:03)
Copyright (c) 1997-2014 The PHP Group
Zend Engine v2.4.0, Copyright (c) 1998-2014 Zend Technologies
    with the ionCube PHP Loader v4.7.5, Copyright (c) 2002-2014, by ionCube Ltd.

If you can see the version of PHP with ionCube loader version, meaning you have successfully installed and configured ioncube PHP loader in your linux system.

April 1, 2015

How to Install and Update OpenSSL on CentOS 6 / CentOS 7

I have CentOS 6 server and still running with OpenSSL 1.0.1e (openssl-1.0.1e-30) that vulnerable to a remote attacker to access parts of memory on systems using vulnerable versions of OpenSSL. OpenSSL is a library that provides cryptographic functionality, specifically SSL/TLS for popular applications such as secure web servers (nginx web server, Apache web server) and MySQL database server.

OpenSSL is a library that provides cryptographic functionality, specifically SSL/TLS for popular applications such as secure web servers, MySQL databases and email applications.

I have tried to perform command “yum update openssl” but I receive “No Packages marked for Update” even though the latest version of tar version has been published.

The following steps describe how to install and update OpenSSL on CentOS 6 and CentOS 7.

Install and Update OpenSSL on CentOS 6 / CentOS 7

1. Get the current version with “openssl version” and “yum info openssl” command :

# openssl version
OpenSSL 1.0.1e-fips 11 Feb 2013

# yum info openssl

Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * Webmin: download.webmin.com
 * base: centos.netonboard.com
 * epel: ftp.cuhk.edu.hk
 * extras: centos.netonboard.com
 * updates: ossm.utm.my
Installed Packages
Name        : openssl
Arch        : x86_64
Version     : 1.0.1e
Release     : 30.el6_6.7
Size        : 4.0 M
Repo        : installed
From repo   : updates
Summary     : A general purpose cryptography library with TLS implementation
URL         : http://www.openssl.org/
License     : OpenSSL
Description : The OpenSSL toolkit provides support for secure communications between
            : machines. OpenSSL includes a certificate management tool and shared
            : libraries which provide various cryptographic algorithms and
            : protocols.

Available Packages
Name        : openssl
Arch        : i686
Version     : 1.0.1e
Release     : 30.el6_6.7
Size        : 1.5 M
Repo        : updates
Summary     : A general purpose cryptography library with TLS implementation
URL         : http://www.openssl.org/
License     : OpenSSL
Description : The OpenSSL toolkit provides support for secure communications between
            : machines. OpenSSL includes a certificate management tool and shared
            : libraries which provide various cryptographic algorithms and
            : protocols.

2. To download the latest version of OpenSSL, do as follows:

# cd /usr/src
# wget https://www.openssl.org/source/openssl-1.0.2-latest.tar.gz
# tar -zxf openssl-1.0.2-latest.tar.gz

3. To manually compile OpenSSL and install/upgrade OpenSSL, do as follows:

# cd openssl-1.0.2a
# ./config
# make
# make test
# make install

4. If the old version is still displayed or installed before, please make acopy of openssl bin file :

# mv /usr/bin/openssl /root/
# ln -s /usr/local/ssl/bin/openssl /usr/bin/openssl

5. Verify the OpenSSL version :

# openssl version

Output :

OpenSSL 1.0.2a 19 Mar 2015

March 6, 2015

How to Install EPEL Yum Repository on Linux CentOS 7 / RHEL 7

Epel yum repository is an open source centos yum repository or rpm repository for developers and system administrators to perform the installation of RPM packages via yum on their virtual private server (VPS) or dedicated server.

EPEL yum repository is redhat yum repository for CentOS and additional yum repository for the existing CentOS repository.

It provides 100 % high quality software packages for Linux distributions, including RHEL (Red Hat Enterprise Linux), CentOS and Debian, and all packages maintained by Fedora repo team.

1. Prepare EPEL repository for RHEL 7/CentOS 7 64 bit (epel centos 7/epel rhel 7) :

# sudo rpm --import https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-7
# # sudo rpm -Uvh https://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-9.noarch.rpm

Example :

# sudo rpm --import https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-7
# sudo rpm -Uvh https://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-9.noarch.rpm
Retrieving https://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-9.noarch.rpm
Preparing...                          ################################# [100%]
Updating / installing...
   1:epel-release-7-9                 ################################# [100%]

In CentOS 7, an alternative way to install the EPEL repo is by using the command yum :

# sudo yum install epel-release -y

2. Command to verify that the EPEL repository is enabled.

# sudo yum repolist

Sample output :

# sudo yum repolist
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * base: mirrors.linode.com
 * epel: ftp.osuosl.org
 * extras: mirrors.linode.com
 * updates: mirrors.linode.com
repo id                                                       repo name                                                                                 status
base/7/x86_64                                                 CentOS-7 - Base                                                                            9,363
epel/x86_64                                                   Extra Packages for Enterprise Linux 7 - x86_64                                            11,046
extras/7/x86_64                                               CentOS-7 - Extras                                                                            200
nginx/x86_64                                                  nginx repo                                                                                    41
updates/7/x86_64                                              CentOS-7 - Updates                                                                           438
varnish-4.1/x86_64                                            Varnish Cache 4.1 for Enterprise Linux                                                        31
repolist: 21,119

3. Install httpd package using epel repo option –enablerepo=epel :

# sudo yum --enablerepo=epel install httpd

February 21, 2015

How to Remove / Uninstall Nginx on CentOS 7 / RHEL 7 / Oracle Linux 7

Nginx web server is alternative web server to Apache and Lighttpd. Nginx popularity now growing because it focuses on high concurrency, high performance while maintaining low memory usage. However, due to certain reasons webmaster or system administrator can not use Nginx on their server and decide to uninstall Nginx. Most of the webmaster, administrator and programmer still prefer to user Apache over Nginx as a web server because of the following reasons :

Not many webmaster, administrator and programmer comfortable with Nginx configuration
Apache has built-in support for a wide range of web programming languages, including Perl, PHP and Python
Apache languages are easy to learn and can be used to create powerful online applications
Apache is still the most popular web server on the Internet
Apache is the oldest web server, you won’t have any trouble finding people skilled in configuring it.

For the linux server platform that running on CentOS 7, RHEL 7 and Oracle linux 7, the removal step for Nginx is quite different from older version. Therefore, this article will explain the steps to remove or uninstall Nginx that was installed from source on CentOS 7, RHEL 7 and Oracle Linux 7.

Note : These steps to Remove / Uninstall Nginx has been tested on CentOS, RHEL and Oracle Linux platform and was running under root privilege.

1. Stop Nginx service and remove Nginx auto start script :

[root@rhel7 ~]# sudo systemctl stop nginx.service
[root@rhel7 ~]# sudo systemctl disable nginx.service

2. Remove Nginx user and it related directory :

[root@rhel7 ~]# sudo userdel -r nginx

3. Delete and related Nginx installation directory :

[root@rhel7 ~]# sudo rm -rf /etc/nginx
[root@rhel7 ~]# sudo rm -rf /var/log/nginx
[root@rhel7 ~]# sudo rm -rf /var/cache/nginx/

4. Remove the created nginx.service script under systemd :

[root@rhel7 ~]# sudo rm -rf /usr/lib/systemd/system/nginx.service

February 21, 2015

How to Grant a New User to Root Privileges on CentOS 6 / CentOS 7

One recommended way to manage virtual private server (VPS) or a dedicated linux server is not using the root account as the main access for SSH login. This is because usually the hackers will try to brute force your root password and potentially get access to your server. Instead of using the default root account, you can create a new account and assign root privileges to it and issue the sudo command line to root from it. Please make sure that the normal user account given root privileges accounts work properly before you disable the default root login access. The following command has been tested works on CentOS 6, CentOS 7, RHEL 6 and RHEL 7 VPS.

1. Create new account named skytech and set the password :

[root@vps ~]# useradd skytech
[root@vps ~]# passwd skytech
Changing password for user skytech.
New password:
Retype new password:
passwd: all authentication tokens updated successfully.

2. Grant a New User to Root Privileges

[root@vps ~]# visudo

Add the following code at the bottom of the file and save the file with the command :wq :

## Allow skytech user to run any commands anywhere
skytech    ALL=(ALL)       ALL

This will grant a root privileges to the normal user skytech.

February 20, 2015

How to Install Nginx on CentOS 7 / RHEL 7

NGINX is a web server that focuses to high performance and high concurrency and at the same time very low memory usage. It is a flexible web server and lightly if compare to the Apache HTTP Web Server. Since the advent of RHEL 7 and CentOS 7, many webmasters or system administrators and the owner of Virtual Private Server (VPS) or dedicated server start to find a best way to update and install Nginx on CentOS 7 and RHEL 7. The article below discusses how to install Nginx with two method option and the steps are tested on CentOS 7 and RHEL 7 operating system.

OPTION A. Install Nginx – Source Installation :

1. Install Nginx software prerequisites :

# yum install pcre pcre-devel openssl-devel perl gcc make -y

2. Create Nginx user :

# useradd nginx
# usermod -s /sbin/nologin nginx

3. Create the following directory to keep all the installation files and logs :

# mkdir -p /etc/nginx
# mkdir -p /var/log/nginx
# mkdir -p /var/cache/nginx

4. Download Nginx from official website and extract it :

# wget http://nginx.org/download/nginx-1.6.2.tar.gz
# tar xzvf nginx-1.6.2.tar.gz

5. Go to the extracted directory and start Compiling and install Nginx :

# cd nginx-1.6.2

# ./configure --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-http_ssl_module --with-http_realip_module --with-http_addition_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_stub_status_module --with-http_auth_request_module --with-mail --with-mail_ssl_module --with-file-aio --with-ipv6 --with-http_spdy_module --with-cc-opt='-O2 -g -pipe -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic'

If your Nginx software compiling is successful, you will received below configuration summary :

Configuration summary
  + using system PCRE library
  + using system OpenSSL library
  + md5: using OpenSSL library
  + sha1: using OpenSSL library
  + using system zlib library

  nginx path prefix: "/etc/nginx"
  nginx binary file: "/usr/sbin/nginx"
  nginx configuration prefix: "/etc/nginx"
  nginx configuration file: "/etc/nginx/nginx.conf"
  nginx pid file: "/var/run/nginx.pid"
  nginx error log file: "/var/log/nginx/error.log"
  nginx http access log file: "/var/log/nginx/access.log"
  nginx http client request body temporary files: "/var/cache/nginx/client_temp"
  nginx http proxy temporary files: "/var/cache/nginx/proxy_temp"
  nginx http fastcgi temporary files: "/var/cache/nginx/fastcgi_temp"
  nginx http uwsgi temporary files: "/var/cache/nginx/uwsgi_temp"
  nginx http scgi temporary files: "/var/cache/nginx/scgi_temp"

6. Still in the current, nginx-1.x.x directory, issue the installation command as below :

# make && make install

7. Register Nginx service into systemd as a service by create the file named nginx.service :

# vi /usr/lib/systemd/system/nginx.service

Add the following :

[Unit]
Description=nginx - high performance web server
Documentation=http://nginx.org/en/docs/
After=network.target remote-fs.target nss-lookup.target

[Service]
Type=forking
PIDFile=/run/nginx.pid
ExecStartPre=/usr/sbin/nginx -t -c /etc/nginx/nginx.conf
ExecStart=/usr/sbin/nginx -c /etc/nginx/nginx.conf
ExecReload=/bin/kill -s HUP $MAINPID
ExecStop=/bin/kill -s QUIT $MAINPID
PrivateTmp=true

[Install]
WantedBy=multi-user.target

8. Start Nginx service and make it start at boot :

# sudo systemctl start nginx.service
# sudo systemctl enable nginx.service

9. Stop and disable Firewalld service :

# sudo systemctl stop firewalld.service
# sudo systemctl disable firewalld.service

OPTION B. Install Nginx – Installation via yum repository :

1. To enable automatic updates of Linux packages set up the yum repository for the RHEL/CentOS distributions, you can added manually without installing the nginx-release package. Create the file named /etc/yum.repos.d/nginx.repo with the following contents:

# vi /etc/yum.repos.d/nginx.repo

[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/OS/OSRELEASE/$basearch/
gpgcheck=0
enabled=1

Note : Please replace “OS” with “rhel” or “centos“, depending on the distribution used, and “OSRELEASE” with CentOS or RHEL version such as “5”, “6”, or “7”, for 5.x, 6.x, or 7.x versions, respectively.

As an example for RHEL 7 :

[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/rhel/7/$basearch/
gpgcheck=0
enabled=1

2. Alternatively you can install the prepare yum repository using nginx-release package followed by the OS version.

a) RHEL 7 :

# rpm -Uvh http://nginx.org/packages/rhel/7/noarch/RPMS/nginx-release-rhel-7-0.el7.ngx.noarch.rpm

b) CentOS 7 :

# rpm -Uvh http://nginx.org/packages/centos/7/noarch/RPMS/nginx-release-centos-7-0.el7.ngx.noarch.rpm

3. Start install Nginx with yum command :

# yum install nginx -y

How to verify the both installation method are successful or not ?

Visit http://Nginx-ipaddres

February 17, 2015

How to Install Varnish 4 on CentOS 6 / CentOS 7

Varnish is an open source web accelerator typically run in front of web servers such as Apache or Nginx. It is also known as HTTP reverse proxy and designed to serve static content, such as images, stylesheets or scripts. Varnish will keep copies of pages from page revisit the same web server ( Apache or Nginx ) and re-use the cached copy for subsequent requests. This will help dynamic website such as wordpress or joomla improve in website response times and also will reduce the server load.

Varnish is also can be downloaded from EPEL (Extra Packages for Enterprise Linux) package repositories but the new major versions will not hit EPEL and it is not necessarily up to date. The following steps will describe how we can install Varnish 4 on CentOS 6 and CentOS 7.

Install Varnish 4 on CentOS 6 :

1. Prepare varnish repository :

# rpm -Uvh http://repo.varnish-cache.org/redhat/varnish-4.0/el6/noarch/varnish-release/varnish-release-4.0-4.el6.noarch.rpm

2. Prepare EPEL repository :

# rpm --import https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-6
# rpm -Uvh https://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm

3. Install Varnish :

# yum install varnish -y

4. Start varnish and make varnish start at boot :

# service varnish start
# chkconfig varnish on

Install Varnish 4 on CentOS 7 :

1. Prepare EPEL repository :

# rpm --import https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-7
# rpm -Uvh https://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-5.noarch.rpm

Or alternatively you can install by using yum command :

# sudo yum install epel-release -y

2. Install Varnish :

# sudo yum install varnish -y

3. Start varnish and make varnish start at boot :

# sudo systemctl start varnish.service
# sudo systemctl enable varnish.service

February 8, 2015

How to Disable Autostart for a Service at boot on Linux CentOS 7 / RHEL 7

Question : Due to some reason, I had to stop a service on linux CentOS 7. But when i restarted the server, the service starts again automatically. How to stop or disabled auto start services at boot ?

Answer : Just issue the following command to disabled auto start for particular service.

Syntax :

sudo systemctl disable <service-named>.service

Example :

[root@centos7 ~]# sudo systemctl disable named-chroot.service
rm '/etc/systemd/system/multi-user.target.wants/named-chroot.service'

February 5, 2015

How to Install LAMP on CentOS 7 / RHEL 7

LAMP stack is a group of open source software that installed together to let you run a web server to host dynamic websites. “L” stand for Linux, “A” stand for Apache (to host Web server), “M” stand for MySQL(to store database) but in RHEL 7, MariaDB will in place of MySQL by default. “P” stand for PHP(to process dynamic content). This brief tutorial will explain how to install LAMP on CentOS 7 / RHEL 7 / Oracle Linux 7.

How to Install LAMP on CentOS 7 / RHEL 7 / Oracle Linux 7

The LAMP stack is just short reference for Linux, Apache, MySQL/MariaDB and PHP :

L = Linux
A = Apache
M = MariaDB /MySQL
P = PHP

If you’re a newbie, these steps can help to install web server and database server on linux operating system. It is very simple to install install LAMP on CentOS 7 / RHEL 7 / Oracle Linux 7. You just need to follow these steps one by one.

1. Install Apache web server, Mariadb database and PHP packages :

When come to the question, how to install web server i ? The answer is very easy,

[root@centos7 ~]# sudo yum install mariadb mariadb-server httpd php php-mysql php-gd php-ldap php-odbc php-pear php-xml php-xmlrpc php-mbstring php-snmp php-soap -y

2. Start Apache web server and Mariadb database. Make it auto start at boot :

[root@centos7 ~]# sudo systemctl start httpd.service
[root@centos7 ~]# sudo systemctl enable httpd.service
[root@centos7 ~]# sudo systemctl start mariadb
[root@centos7 ~]# sudo systemctl enable mariadb.service

3. Settings for MariaDB.

[root@centos7 ~]# sudo mysql_secure_installation
/usr/bin/mysql_secure_installation: line 379: find_mysql_client: command not found

NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
      SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!

In order to log into MariaDB to secure it, we'll need the current
password for the root user.  If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.

Enter current password for root (enter for none):
OK, successfully used password, moving on...

Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.

You already have a root password set, so you can safely answer 'n'.

Change the root password? [Y/n] n
 ... skipping.

By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them.  This is intended only for testing, and to make the installation
go a bit smoother.  You should remove them before moving into a
production environment.

Remove anonymous users? [Y/n] y
 ... Success!

Normally, root should only be allowed to connect from 'localhost'.  This
ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n] y
 ... Success!

By default, MariaDB comes with a database named 'test' that anyone can
access.  This is also intended only for testing, and should be removed
before moving into a production environment.

Remove test database and access to it? [Y/n] y
 - Dropping test database...
ERROR 1008 (HY000) at line 1: Can't drop database 'test'; database doesn't exist
 ... Failed!  Not critical, keep moving...
 - Removing privileges on test database...
 ... Success!

Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.

Reload privilege tables now? [Y/n] y
 ... Success!

Cleaning up...

All done!  If you've completed all of the above steps, your MariaDB
installation should now be secure.

Thanks for using MariaDB!

4. Browse to your server ip http://IPaddress.

Follow the instruction in welcome.conf before proceed to configure the virtual host :

[root@centos7 ~]# vi /etc/httpd/conf.d/welcome.conf

5. Configure Apache Virtual host :

a. Create DocumentRoot directory for new domain :

[root@centos7 ~]# mkdir -p /var/www/html/ehowstuff

b. Create vhost.conf to place Name-based virtual host. For example, the default domain is centos7.ehowstuff.local and you wish to add the new virtual host www.ehowstuff.local, which points at the same IP address.

[root@centos7 ~]# vi /etc/httpd/conf.d/vhost.conf

Add the following. Please note that “NameVirtualHost *:80” no longer valid in Apache 2.4.x :

#Create new default domain
<VirtualHost *:80>
   DocumentRoot /var/www/html
   ServerName centos7.ehowstuff.local
</VirtualHost>
# for virtual domain
<VirtualHost *:80>
   DocumentRoot /var/www/html/ehowstuff
   ServerName www.ehowstuff.local
   ServerAdmin webmaster@ehowstuff.local
   ErrorLog logs/www.ehowstuff.local-error_log
   CustomLog logs/www.ehowstuff.local-access_log combined
</VirtualHost>

6. To debug apache configuration :

[root@centos7 ~]# httpd -S

VirtualHost configuration:
*:80                   is a NameVirtualHost
         default server centos7.ehowstuff.local (/etc/httpd/conf.d/vhost.conf:2)
         port 80 namevhost centos7.ehowstuff.local (/etc/httpd/conf.d/vhost.conf:2)
         port 80 namevhost centos7.ehowstuff.local (/etc/httpd/conf.d/vhost.conf:2)
         port 80 namevhost www.ehowstuff.local (/etc/httpd/conf.d/vhost.conf:7)
         port 80 namevhost www.ehowstuff.local (/etc/httpd/conf.d/vhost.conf:7)
ServerRoot: "/etc/httpd"
Main DocumentRoot: "/var/www/html"
Main ErrorLog: "/etc/httpd/logs/error_log"
Mutex proxy: using_defaults
Mutex authn-socache: using_defaults
Mutex default: dir="/run/httpd/" mechanism=default
Mutex mpm-accept: using_defaults
Mutex authdigest-opaque: using_defaults
Mutex proxy-balancer-shm: using_defaults
Mutex rewrite-map: using_defaults
Mutex authdigest-client: using_defaults
PidFile: "/run/httpd/httpd.pid"
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name="apache" id=48
Group: name="apache" id=48

7. To get more information about apache :

[root@centos7 ~]# httpd -V

Server version: Apache/2.4.6 (CentOS)
Server built:   Jan 12 2015 13:22:31
Server's Module Magic Number: 20120211:23
Server loaded:  APR 1.4.8, APR-UTIL 1.5.2
Compiled using: APR 1.4.8, APR-UTIL 1.5.2
Architecture:   64-bit
Server MPM:     prefork
  threaded:     no
    forked:     yes (variable process count)
Server compiled with....
 -D APR_HAS_SENDFILE
 -D APR_HAS_MMAP
 -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)
 -D APR_USE_SYSVSEM_SERIALIZE
 -D APR_USE_PTHREAD_SERIALIZE
 -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
 -D APR_HAS_OTHER_CHILD
 -D AP_HAVE_RELIABLE_PIPED_LOGS
 -D DYNAMIC_MODULE_LIMIT=256
 -D HTTPD_ROOT="/etc/httpd"
 -D SUEXEC_BIN="/usr/sbin/suexec"
 -D DEFAULT_PIDLOG="/run/httpd/httpd.pid"
 -D DEFAULT_SCOREBOARD="logs/apache_runtime_status"
 -D DEFAULT_ERRORLOG="logs/error_log"
 -D AP_TYPES_CONFIG_FILE="conf/mime.types"
 -D SERVER_CONFIG_FILE="conf/httpd.conf"

8. Check php version :

[root@centos7 ~]# php -v

PHP 5.4.16 (cli) (built: Oct 31 2014 12:59:36)
Copyright (c) 1997-2013 The PHP Group
Zend Engine v2.4.0, Copyright (c) 1998-2013 Zend Technologies

I hope this article gives you some ideas and essential guidance on how to install LAMP on CentOS 7 / RHEL 7 / Oracle Linux 7.

January 31, 2015

How to Create LVM in Linux CentOS 7 / RHEL 7 / Oracle Linux 7

Storage technology plays a important role in improving the availability, performance, and ability to manage Linux servers.

One of the most useful and helpful technology to linux system administrator is Linux Logical Volume Manager(LVM), version 2 (or LVM 2).

LVM is a widely-used technique and extremely flexible disk management scheme for deploying logical rather than physical storage. With LVM, system administrator can easily resize and extend the logical drive when it is required.

The following steps will describe how to create LVM in Linux CentOS 7 or RHEL 7 or Oracle Linux 7.

How to Create Lvm in Linux Step by Step

1. Add the new 20GB vdisk from the ESXi or vCenter :

2. create a new Partiton using fdisk tool and select partition type LVM :

[root@centos7 ~]# fdisk /dev/sdb
Welcome to fdisk (util-linux 2.23.2).

Changes will remain in memory only, until you decide to write them.
Be careful before using the write command.

Device does not contain a recognized partition table
Building a new DOS disklabel with disk identifier 0xfd3bf27d.

Command (m for help): n
Partition type:
   p   primary (0 primary, 0 extended, 4 free)
   e   extended
Select (default p): p
Partition number (1-4, default 1): 1
First sector (2048-41943039, default 2048):
Using default value 2048
Last sector, +sectors or +size{K,M,G} (2048-41943039, default 41943039):
Using default value 41943039
Partition 1 of type Linux and of size 20 GiB is set

Command (m for help): p

Disk /dev/sdb: 21.5 GB, 21474836480 bytes, 41943040 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk label type: dos
Disk identifier: 0xfd3bf27d

   Device Boot      Start         End      Blocks   Id  System
/dev/sdb1            2048    41943039    20970496   83  Linux

Command (m for help): t
Selected partition 1
Hex code (type L to list all codes): L

 0  Empty           24  NEC DOS         81  Minix / old Lin bf  Solaris
 1  FAT12           27  Hidden NTFS Win 82  Linux swap / So c1  DRDOS/sec (FAT-
 2  XENIX root      39  Plan 9          83  Linux           c4  DRDOS/sec (FAT-
 3  XENIX usr       3c  PartitionMagic  84  OS/2 hidden C:  c6  DRDOS/sec (FAT-
 4  FAT16 <32M      40  Venix 80286     85  Linux extended  c7  Syrinx
 5  Extended        41  PPC PReP Boot   86  NTFS volume set da  Non-FS data
 6  FAT16           42  SFS             87  NTFS volume set db  CP/M / CTOS / .
 7  HPFS/NTFS/exFAT 4d  QNX4.x          88  Linux plaintext de  Dell Utility
 8  AIX             4e  QNX4.x 2nd part 8e  Linux LVM       df  BootIt
 9  AIX bootable    4f  QNX4.x 3rd part 93  Amoeba          e1  DOS access
 a  OS/2 Boot Manag 50  OnTrack DM      94  Amoeba BBT      e3  DOS R/O
 b  W95 FAT32       51  OnTrack DM6 Aux 9f  BSD/OS          e4  SpeedStor
 c  W95 FAT32 (LBA) 52  CP/M            a0  IBM Thinkpad hi eb  BeOS fs
 e  W95 FAT16 (LBA) 53  OnTrack DM6 Aux a5  FreeBSD         ee  GPT
 f  W95 Ext'd (LBA) 54  OnTrackDM6      a6  OpenBSD         ef  EFI (FAT-12/16/
10  OPUS            55  EZ-Drive        a7  NeXTSTEP        f0  Linux/PA-RISC b
11  Hidden FAT12    56  Golden Bow      a8  Darwin UFS      f1  SpeedStor
12  Compaq diagnost 5c  Priam Edisk     a9  NetBSD          f4  SpeedStor
14  Hidden FAT16 <3 61  SpeedStor       ab  Darwin boot     f2  DOS secondary
16  Hidden FAT16    63  GNU HURD or Sys af  HFS / HFS+      fb  VMware VMFS
17  Hidden HPFS/NTF 64  Novell Netware  b7  BSDI fs         fc  VMware VMKCORE
18  AST SmartSleep  65  Novell Netware  b8  BSDI swap       fd  Linux raid auto
1b  Hidden W95 FAT3 70  DiskSecure Mult bb  Boot Wizard hid fe  LANstep
1c  Hidden W95 FAT3 75  PC/IX           be  Solaris boot    ff  BBT
1e  Hidden W95 FAT1 80  Old Minix
Hex code (type L to list all codes): 8e
Changed type of partition 'Linux' to 'Linux LVM'

Command (m for help): p

Disk /dev/sdb: 21.5 GB, 21474836480 bytes, 41943040 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk label type: dos
Disk identifier: 0xfd3bf27d

   Device Boot      Start         End      Blocks   Id  System
/dev/sdb1            2048    41943039    20970496   8e  Linux LVM

3. Initializes the partition /dev/sdb1 as an LVM physical volume :

[root@centos7 ~]# pvcreate /dev/sdb1
  Physical volume "/dev/sdb1" successfully created

4. Scanning for Block Devices

[root@centos7 ~]# lvmdiskscan
  /dev/centos/swap [       2.00 GiB]
  /dev/sda1        [     500.00 MiB]
  /dev/centos/root [      27.51 GiB]
  /dev/sda2        [      29.51 GiB] LVM physical volume
  /dev/sdb1        [      20.00 GiB] LVM physical volume
  2 disks
  1 partition
  0 LVM physical volume whole disks
  2 LVM physical volumes

5. Displaying Physical Volumes :

There are three commands you can use to display properties of LVM physical volumes: pvs,
pvdisplay, and pvscan.

The pvdisplay command provides a verbose multi-line output for each physical volume. It displays
physical properties (size, extents, volume group, etc.) in a fixed format.

[root@centos7 ~]# pvdisplay
  --- Physical volume ---
  PV Name               /dev/sda2
  VG Name               centos
  PV Size               29.51 GiB / not usable 3.00 MiB
  Allocatable           yes (but full)
  PE Size               4.00 MiB
  Total PE              7554
  Free PE               0
  Allocated PE          7554
  PV UUID               JvDOto-KDiF-gtca-TveX-ne9M-frsB-qsP1aJ

  "/dev/sdb1" is a new physical volume of "20.00 GiB"
  --- NEW Physical volume ---
  PV Name               /dev/sdb1
  VG Name
  PV Size               20.00 GiB
  Allocatable           NO
  PE Size               0
  Total PE              0
  Free PE               0
  Allocated PE          0
  PV UUID               rJ8wl7-xzIN-2qqV-ov7Z-lHKe-ELge-aAV29V

The pvscan command scans all supported LVM block devices in the system for physical volumes

[root@centos7 ~]# pvscan
  PV /dev/sda2   VG centos          lvm2 [29.51 GiB / 0    free]
  PV /dev/sdb1                      lvm2 [20.00 GiB]
  Total: 2 [49.51 GiB] / in use: 1 [29.51 GiB] / in no VG: 1 [20.00 GiB]

6. Create volume group name vg_newlvm and add /dev/sdb1 partition into the group.

[root@centos7 ~]# vgcreate vg_newlvm /dev/sdb1
  Volume group "vg_newlvm" successfully created

If you have more than one partition, you can add multiple partition in single command. This command creates a local volume named vg_newlvm that contains physical volumes /dev/sdb1 and /dev/sdc1 :

[root@centos7 ~]# vgcreate vg_newlvm /dev/sdb1 /dev/sdc1

7. Creates a logical volume called centos7_newvol that uses all of the unallocated space in the volume group vg_newlvm :

[root@centos7 ~]# lvcreate --name centos7_newvol -l 100%FREE vg_newlvm
  Logical volume "centos7_newvol" created

You can see more example of lvcreate command in article “4 lvcreate Command Examples on Linux”

8. Display the created logical volumes :

[root@centos7 ~]# lvdisplay

..
..
  --- Logical volume ---
  LV Path                /dev/vg_newlvm/centos7_newvol
  LV Name                centos7_newvol
  VG Name                vg_newlvm
  LV UUID                szlkNP-0lwe-f59Z-PJVU-X7pG-unBL-qN10D4
  LV Write Access        read/write
  LV Creation host, time centos7.ehowstuff.local, 2015-01-25 15:15:48 +0800
  LV Status              available
  # open                 0
  LV Size                20.00 GiB
  Current LE             5119
  Segments               1
  Allocation             inherit
  Read ahead sectors     auto
  - currently set to     8192
  Block device           253:2

9. Use the mkfs command to format a newly created LVM :

[root@centos7 ~]# mkfs.ext4 /dev/vg_newlvm/centos7_newvol
mke2fs 1.42.9 (28-Dec-2013)
Filesystem label=
OS type: Linux
Block size=4096 (log=2)
Fragment size=4096 (log=2)
Stride=0 blocks, Stripe width=0 blocks
1310720 inodes, 5241856 blocks
262092 blocks (5.00%) reserved for the super user
First data block=0
Maximum filesystem blocks=2153775104
160 block groups
32768 blocks per group, 32768 fragments per group
8192 inodes per group
Superblock backups stored on blocks:
        32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632, 2654208,
        4096000

Allocating group tables: done
Writing inode tables: done
Creating journal (32768 blocks): done
Writing superblocks and filesystem accounting information: done

10. Create the mount point and mount the new LVM :

[root@centos7 ~]# mkdir -p /data
[root@centos7 ~]# mount /dev/vg_newlvm/centos7_newvol /data

11. Verify thew new disk layout :

[root@centos7 ~]# df
Filesystem                           1K-blocks    Used Available Use% Mounted on
/dev/mapper/centos-root               28260132 9191032  17610516  35% /
devtmpfs                               1935888       0   1935888   0% /dev
tmpfs                                  1941892       0   1941892   0% /dev/shm
tmpfs                                  1941892    8728   1933164   1% /run
tmpfs                                  1941892       0   1941892   0% /sys/fs/cgroup
/dev/sda1                               487634   73191    384747  16% /boot
tmpfs                                  1941892    8728   1933164   1% /var/named/chroot/run/named
/dev/mapper/vg_newlvm-centos7_newvol  20507216   45080  19397384   1% /data

January 3, 2015

How to Prepare for Zimbra 8 Installation Prerequisites on RHEL 7/CentOS 7

Before we install Zimbra 8, I would recommend you to meet all of these requirements. Some software prerequisites should be installed first, then setup the DNS and MX records, provides internet access to and from the Zimbra server, install the latest patches on the server zimbra 8, properly configure iptables filter or firewalld service, turn off SELinux, turn off unnecessary services that can interfere with the process installation. As a guide, i have prepared a checklist or step -by-step reference to Zimbra e-mail administrator. These steps have been tested on RHEL 7/CentOS 7

1. Prepare for a fully qualified domain name ( FQDN ) for your Zimbra mail server mx record and ensure your domain is configured correctly.

2. Configure /etc/hosts and hostname.

3. Allow iptables to by-pass all zimbra ports.

4. Disabled SELINUX :

[root@centos7 ~]# vim /etc/sysconfig/selinux

Change enforcing to disabled :

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these two values:
#     targeted - Targeted processes are protected,
#     minimum - Modification of targeted policy. Only selected processes are protected.
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted

5. Stop sendmail, postfix or any MTA service :

[root@centos7 ~]# systemctl stop postfix
[root@centos7 ~]# systemctl disable postfix
[root@centos7 ~]# systemctl stop sendmail
[root@centos7 ~]# systemctl disable sendmail

6. Make sure CentOS and RHEL is the latest :

[root@centos7 ~]# yum update -y

7. Install the required packages and libraries using the following command :

[root@centos7 ~]# yum install perl perl-core ntpl nmap sudo libidn gmp libaio libstdc++ unzip sysstat sqlite -y