Check the CentOS version.
cat /etc/centos-release
# CentOS Linux release 7.5.1804 (Core)
Create a new non-root user account with sudo
access and switch to it.
useradd -c "John Doe" johndoe && passwd johndoe
usermod -aG wheel johndoe
su - johndoe
NOTE: Replace johndoe
with your username.
Set up the timezone.
timedatectl list-timezones
sudo timedatectl set-timezone 'Region/City'
Ensure that your system is up to date.
sudo yum update -y
Install necessary packages.
sudo yum install -y wget curl vim git
For simplicity, disable SELinux and Firewall.
sudo setenforce 0
sudo systemctl stop firewalld
sudo systemctl disable firewalld
Setup the Webtatic YUM repo.
sudo rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm
Install PHP and required PHP extensions.
sudo yum install -y php70w php70w-cli php70w-fpm php70w-common php70w-xml php70w-gd php70w-zip php70w-mbstring php70w-mysql php70w-pgsql php70w-sqlite3 php70w-mcrypt php70w-apc
Check the version.
php --version
# PHP 7.0.30 (cli) (built: Apr 28 2018 08:14:08) ( NTS )
Start and enable PHP-FPM.
sudo systemctl start php-fpm.service
sudo systemctl enable php-fpm.service
Setup the MariDB repo. Run sudo vi /etc/yum.repos.d/MariaDB.repo
and populate it with the following.
[mariadb]
name = MariaDB
baseurl = https://yum.mariadb.org/10.2/centos7-amd64
gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB
gpgcheck=1
Install MariaDB database server.
sudo yum install -y MariaDB-server MariaDB-client
Check the version.
mysql --version
# mysql Ver 15.1 Distrib 10.2.16-MariaDB, for Linux (x86_64) using readline 5.1
Start and enable MariaDB.
sudo systemctl start mariadb.service
sudo systemctl enable mariadb.service
Run mysql_secure_installation
to improve security and set the password for the MariaDB root
user.
sudo mysql_secure_installation
Connect to the MariaDB shell as the root
user.
mysql -u root -p
# Enter password:
Create an empty MariaDB database and user for Cachet, and remember the credentials.
CREATE DATABASE dbname;
GRANT ALL ON dbname.* TO 'username' IDENTIFIED BY 'password';
FLUSH PRIVILEGES;
EXIT
Install Nginx.
sudo yum install -y nginx
Check the version.
nginx -v
# nginx version: nginx/1.12.2
Start and enable Nginx.
sudo systemctl start nginx.service
sudo systemctl enable nginx.service
Configure Nginx. Run sudo vim /etc/nginx/conf.d/cachet.conf
and populate the file with the following configuration.
server {
listen 80;
listen [::]:80;
server_name status.example.com; # Check this
root /var/www/cachet/public; # Check this
index index.php;
location / {
try_files $uri /index.php$is_args$args;
}
location ~ \.php$ {
include fastcgi_params;
fastcgi_pass 127.0.0.1:9000; # Check this
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_index index.php;
fastcgi_keep_conn on;
}
}
Test the configuration.
sudo nginx -t
Reload Nginx.
sudo systemctl reload nginx.service
Install Composer globally.
php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
php -r "if (hash_file('SHA384', 'composer-setup.php') === '544e09ee996cdf60ece3804abc52599c22b1f40f4323403c44d44fdfdd586475ca9813a858088ffbc1f233e9b180f061') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); } echo PHP_EOL;"
php composer-setup.php
php -r "unlink('composer-setup.php');"
sudo mv composer.phar /usr/local/bin/composer
Check the version.
composer --version
# Composer version 1.6.5 2018-05-04 11:44:59
Create a document root directory.
sudo mkdir -p /var/www/cachet
Change ownership of the /var/www/cachet
directory to johndoe
.
sudo chown -R johndoe:johndoe /var/www/cachet
Download the Cachet source code with Git and checkout the latest tagged release.
cd /var/www/cachet
git clone https://github.com/cachethq/Cachet.git .
git tag -l
git checkout v2.3.15
Copy .env.example
to .env
file and configure the database and APP_URL
settings in .env
.
cp .env.example .env
vim .env
Install dependencies with composer.
composer install --no-dev -o
Set the application key.
php artisan key:generate
Install Cachet.
php artisan app:install
Change ownership of the /var/www/cachet
directory to nginx
.
sudo chown -R nginx:nginx /var/www/cachet
Run sudo vim /etc/php-fpm.d/www.conf
and set the user and group to nginx
. Initially, it will be set to apache
.
sudo vim /etc/php-fpm.d/www.conf
# user = nginx
# group = nginx
Restart PHP-FPM.
sudo systemctl restart php-fpm.service
Open your site in a web browser and follow the instructions on the screen to finish Cachet installation. To access the Cachet dashboard append /dashboard
to your website URL.
Before you can install PyroCMS on a server, there are a few requirements that need to be met.
Check the CentOS version.
cat /etc/centos-release
# CentOS Linux release 7.4.1708 (Core)
Create a new non-root
user account with sudo
access and switch to it.
useradd -c "John Doe" johndoe && passwd johndoe
usermod -aG wheel johndoe
su - johndoe
NOTE: Replace johndoe
with your username.
Set up the timezone.
timedatectl list-timezones
sudo timedatectl set-timezone 'Region/City'
Ensure that your system is up to date.
sudo yum update -y
Install required and useful packages.
sudo yum install -y wget vim unzip bash-completion
Disable SELinux.
sudo setenforce 0
CentOS does not provide the latest PHP version in its default software repositories. We’ll need to add a Webtatic YUM repo.
Download and install PHP 7.2 and required PHP extensions.
sudo yum install -y php72w php72w-cli php72w-fpm php72w-mysql php72w-curl php72w-sqlite3 php72w-mbstring php72w-gd php72w-dom
Check PHP version.
php --version
PHP 7.2.2 (cli) (built: Feb 4 2018 10:14:07) ( NTS )
Copyright (c) 1997-2018 The PHP Group
Zend Engine v3.2.0, Copyright (c) 1998-2018 Zend Technologies
Download and install MariaDB.
sudo vim /etc/yum.repos.d/MariaDB.repo
# Copy/paste this to the /etc/yum.repos.d/MariaDB.repo file
[mariadb]
name = MariaDB baseurl = https://yum.mariadb.org/10.2/centos7-amd64 gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB gpgcheck=1 sudo yum install -y MariaDB-server MariaDB-client
Check the MariaDB version.
mysql --version
# mysql Ver 15.1 Distrib 10.2.13-MariaDB, for Linux (x86_64) using readline 5.1
Start and enable MariaDB.
sudo systemctl enable mariadb.service
sudo systemctl start mariadb.service
Run the mysql_secure_installation
script to improve the security of your MariaDB installation.
sudo mysql_secure_installation
Log into MariaDB as the root user.
mysql -u root -p
# Enter password:
Create a new MariaDB database and user, and remember the credentials.
create database dbname;
grant all on dbname.* to 'username' identified by 'password';
Exit MySQL.
exit
Install NGINX.
sudo vim /etc/yum.repos.d/nginx_mainline.repo
# Copy/paste this to the /etc/yum.repos.d/nginx_mainline.repo file
[nginx]
name=nginx repo baseurl=https://nginx.org/packages/mainline/centos/7/$basearch/ gpgcheck=1 enabled=1 wget https://nginx.org/keys/nginx_signing.key sudo rpm –import nginx_signing.key rm nginx_signing.key sudo yum install -y nginx
Check the NGINX version.
nginx -v
Start and enable NGINX.
sudo systemctl enable nginx.service
sudo systemctl start nginx.service
Configure NGINX as a FastCGI proxy. Run sudo vim /etc/nginx/conf.d/pyro.conf
and populate it with the following text.
server {
listen 80;
server_name example.com; # Check this
root /var/www/pyro/public; # Check this
index index.php index.html;
charset utf-8;
location / {
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000; # Check this
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
NOTE: Make sure to point the web root to Pyro’s public
directory.
Test the NGINX configuration.
sudo nginx -t
Reload NGINX.
sudo systemctl reload nginx.service
Download the Composer dependencies.
sudo yum install -y curl git unzip
Download and install Composer, the dependency manager for PHP.
php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
php -r "if (hash_file('SHA384', 'composer-setup.php') === '544e09ee996cdf60ece3804abc52599c22b1f40f4323403c44d44fdfdd586475ca9813a858088ffbc1f233e9b180f061') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); } echo PHP_EOL;"
php composer-setup.php
php -r "unlink('composer-setup.php');"
sudo mv composer.phar /usr/local/bin/composer
Check the Composer version.
composer --version
# Composer version 1.6.3 2018-01-31 16:28:17
Create a document root directory.
sudo mkdir -p /var/www/pyro
Change the ownership of the /var/www/pyro
directory to johndoe
.
sudo chown -R johndoe:johndoe /var/www/pyro
Download the latest stable release of PyroCMS from the command line.
cd /var/www/pyro
composer create-project pyrocms/pyrocms .
NOTE: You may run out of memory when installing Pyro via Composer. It may be wise to stop Nginx, PHP-FPM and MySQL servers with sudo systemctl stop nginx.service php-fpm.service mysql.service
to save on memory usage and start them again after this step.
Change the ownership of the /var/www/pyro
directory to nginx
.
sudo chown -R nginx:nginx /var/www/pyro
Run sudo vim /etc/php-fpm.d/www.conf
and set the user and group to nginx
.
sudo vim /etc/php-fpm.d/www.conf
# user = nginx
# group = nginx
Restart the php-fpm.service
.
sudo systemctl restart php-fpm.service
Using your preferred web browser, open your site and follow the PyroCMS installer. After following the installer you will have PyroCMS up and running. To access the PyroCMS admin area, append /admin
to your site URL.
This guide was written for Vanilla Forums 2.3, but may also work on newer releases.
For this tutorial, we will use forum.example.com
as the domain name pointed towards the AKLWEB HOST instance. Please make sure to replace all occurrences of the example domain name with the actual one.
Install Apache.
sudo yum -y install httpd
Start Apache and enable it to automatically run at boot time.
sudo systemctl start httpd
sudo systemctl enable httpd
We will use PHP 7.1 to obtain maximum security and stability. First, add and enable the Remi repository.
sudo rpm -Uvh http://rpms.remirepo.net/enterprise/remi-release-7.rpm
sudo yum -y install yum-utils
sudo yum-config-manager --enable remi-php71
Install the latest version of PHP along with the modules required by Vanilla Forum.
sudo yum -y install php php-gd php-mysqli php-mbstring php-curl php-cli php-pear php-devel php-openssl
MariaDB is a fork of MySQL. Add the MariaDB repository into your system. The default YUM
repository contains an older version of MariaDB, which is unsupported by Vanilla.
echo "[mariadb]
name = MariaDB
baseurl = http://yum.mariadb.org/10.2/centos7-amd64
gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB
gpgcheck=1" | sudo tee /etc/yum.repos.d/mariadb.repo
Install MariaDB.
sudo yum -y install mariadb mariadb-server
Start MariaDB and enable it to automatically start at boot time.
sudo systemctl start mariadb
sudo systemctl enable mariadb
Before configuring the database, you will need to secure MariaDB first.
sudo mysql_secure_installation
You will be asked for the current MariaDB root password. By default, there is no root password in a fresh MariaDB installation. Press the “Enter
” key to proceed. Set a strong password for the root
user of your MariaDB server and answer “Y
” to all of the other questions that are asked. The questions asked are self-explanatory.
Log into the MySQL shell as root.
mysql -u root -p
Provide the password for the MariaDB root user to log in.
Run the following queries to create a database and a database user for the Vanilla installation.
CREATE DATABASE vanilla_data CHARACTER SET utf8 COLLATE utf8_general_ci;
CREATE USER 'vanilla_user'@'localhost' IDENTIFIED BY 'StrongPassword';
GRANT ALL PRIVILEGES ON vanilla_data.* TO 'vanilla_user'@'localhost';
FLUSH PRIVILEGES;
EXIT;
You can replace the database name vanilla_data
and username vanilla_user
according to your choice. Please make sure to change StrongPassword
to a very strong password.
Download the Vanilla forum zip archive.
wget https://open.vanillaforums.com/get/vanilla-core.zip
Install unzip.
sudo yum -y install unzip
Extract the archive.
sudo unzip vanilla-core.zip -d /var/www/vanilla
Provide the appropriate ownership.
sudo chown -R apache:apache /var/www/vanilla
Allow HTTP
traffic on port 80
through the firewall.
sudo firewall-cmd --zone=public --permanent --add-service=http
sudo firewall-cmd --zone=public --permanent --add-service=https
sudo firewall-cmd --reload
Create a virtual host for your Vanilla forum site.
sudo nano /etc/httpd/conf.d/forum.example.com.conf
Populate the file.
<VirtualHost *:80>
ServerName forum.example.com
DocumentRoot /var/www/vanilla
<Directory /var/www/vanilla>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
</Directory>
</VirtualHost>
Restart Apache.
sudo systemctl restart httpd
Now that you have successfully installed and configured Vanilla forum, you can access the application on http://forum.example.com
. Provide the database and administrator details. Once you have provided the required database and admin details, the setup will write into the database and you will be taken to the administration interface. You can now configure the forum according to your needs.
Congratulations, you have successfully installed Vanilla forum in CentOS 7 server.
]]>/var/www/html
.Since CentOS 7 is a 64-bit Linux distribution, you should download the ionCube 64-bit Linux package as follows:
cd
wget https://downloads.ioncube.com/loader_downloads/ioncube_loaders_lin_x86-64.tar.gz
sudo tar -zxvf ioncube_loaders_lin_x86-64.tar.gz -C /usr/lib64/php/modules
sudo chown -R root:root /usr/lib64/php/modules/ioncube
sudo cp /usr/local/ioncube/loader-wizard.php /var/www/html
sudo systemctl restart httpd.service
Now, an ionCube Loader setup script loader-wizard.php
has been copied to the web root directory /var/www/html
. We will use that script to Configure and test ionCube Loader on the server.
Note: This tutorial assumes your Document Root is /var/www/html
. If you have your web server configured differently, you need to place loader-wizard.php
in a directory where you can access it via your web browser.
http://203.0.113.1/loader-wizard.php
to enter the ionCube Loader Wizard
interface.ionCube
Loader Wizard
interface, choose the Dedicated or VPS (server with full root ssh access)
option.AKLWEB HOST
https://www.aklwebhost.com
Next
button.Note: If your version of PHP is different from PHP 7.1, you should specify the proper ionCube Loader file in above command accordingly. Use the command php -v
to confirm the PHP version.
ionCube Loader Wizard
interface, and then use the link click here to test the Loader
to test your installation.Loader Installed Successfully
message.That’s all. Having the ionCube Loader module properly installed, you are eligible to install any app licensed with ionCube on your server now. Enjoy it.
]]>PHP-based Zikula is an open-source framework for online applications. With Zikula, you can create editable and interactive webpages. It is a cross-platform program that works with every widely used operating system. For database-related tasks, Zikula uses Microsoft SQL Server, Oracle, PostgreSQL, and MySQL on the back end.
We’ll talk about installing Zikula on a CentOS 7 server in this article.
First, update your system to the latest stable version by running the following command:
sudo yum update -y
sudo reboot
You will need to install Apache, MariaDB, PHP and other required PHP modules on your system. You can install all of these packages with the following command:
sudo yum install httpd mariadb mariadb-server php php-common php-mysql php-mcrypt php-gd php-xml php-mbstring php-xmlrpc unzip wget -y
Once the installation is complete, start both Apache and MariaDB services and enable them to start at boot with the following commands:
sudo systemctl start httpd
sudo systemctl start mariadb
sudo systemctl enable httpd
sudo systemctl enable mariadb
MariaDB installation is not hardened, so you will need to secure it first. You can secure it with the following script:
sudo mysql_secure_installation
Answer all of the questions as follows.
Set root password? [Y/n] n
Remove anonymous users? [Y/n] y
Disallow root login remotely? [Y/n] y
Remove test database and access to it? [Y/n] y
Reload privilege tables now? [Y/n] y
Next, login to the MariaDB console.
mysql -u root -p
This will prompt you for a password, enter your MariaDB root password. After logging in, create a database for Zikula:
MariaDB [(none)]>CREATE DATABASE zikuladb;
MariaDB [(none)]>GRANT ALL PRIVILEGES on zikuladb.* to 'user'@'localhost' identified by 'password';
MariaDB [(none)]>FLUSH PRIVILEGES;
MariaDB [(none)]>exit
you will need to download the latest version of the Zikula CMS from GitHub. You can also download it using the wget
command.
wget https://github.com/zikula/core/releases/download/1.4.6/Zikula_Core-1.4.6.build119.zip
Extract the downloaded zip archive.
unzip Zikula_Core-1.4.6.build119.zip
Move the extracted directory into the Apache root directory.
sudo mv Zikula_Core-1.4.6 /var/www/html/zikula
Give necessary permission to zikula
directory.
sudo chown -R apache:apache /var/www/html/zikula
Before accessing Zikula, you will need to allow port 80
through firewalld. You can do this with the following command:
sudo firewall-cmd --permanent --zone=public --add-port=80/tcp
sudo firewall-cmd --reload
Open your web browser and type the URL http://192.168.15.110/install.php
or http://your-domain.com/install.php
, then complete the required the steps to finish the installation.
Thats it. You have successfully installed Zikula on your CentOS 7 server.
]]>Update the system.
yum check-update
Official RHEL/CentOS 6/7 repositories do not provide any binary packages for ProFTPD Server, so you need to add extra package repositories on your system provided by EPEL 6/7 repo using one of the following commands.
CentOS 6:
sudo rpm -Uvh http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm
CentOS 7:
sudo rpm -Uvh http://ftp.astral.ro/mirrors/fedora/pub/epel/beta/7/x86_64/epel-release-7-0.2.noarch.rpm
Download all of the metadata for the currently enabled yum repos.
sudo yum makecache
Install proftpd
.
sudo yum install proftpd
Install ftp
.
sudo yum install ftp
Open the ProFTPd configuration file.
sudo nano /etc/proftpd.conf
The file will resemble the following text.
The file will resemble the following text.
# This is the ProFTPD configuration file
#
# See: http://www.proftpd.org/docs/directives/linked/by-name.html
# Server Config - config used for anything outside a <VirtualHost> or <Global> $
# See: http://www.proftpd.org/docs/howto/Vhost.html
ServerName "ProFTPD server"
ServerIdent on "FTP Server ready."
ServerAdmin root@localhost
DefaultServer on
# Cause every FTP user except adm to be chrooted into their home directory
# Aliasing /etc/security/pam_env.conf into the chroot allows pam_env to
# work at session-end time (http://bugzilla.redhat.com/477120)
VRootEngine on
DefaultRoot ~ !adm
VRootAlias /etc/security/pam_env.conf etc/security/pam_env$
# Use pam to authenticate (default) and be authoritative
AuthPAMConfig proftpd
AuthOrder mod_auth_pam.c* mod_auth_unix.c
# If you use NIS/YP/LDAP you may need to disable PersistentPasswd
#PersistentPasswd off
# Don't do reverse DNS lookups (hangs on DNS problems)
UseReverseDNS off
# Set the user and group that the server runs as
User nobody
Group nobody
# To prevent DoS attacks, set the maximum number of child processes
# to 20. If you need to allow more than 20 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode; in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances 20
...
ServerName
: Specifies the name of the FTP server. This name will be displayed when clients connect to the server.DefaultRoot
: Controls the default root directory assigned to a user upon login.MaxInstances
: The maximum number of simultaneous connections you want to allow on your FTP server.Now, we have to change the ServerName
.
ServerName : the name of your FTP server
Note: By default, someone who connects to the FTP server can access all of the server folders, so it’s recommended to enable the option DefaultRoot
.
DefaultRoot ~ !adm
After the configuration has been changed, restart the server.
sudo service proftpd restart
Note: If an error line is displayed as “unable to resolve host
“, be aware that it does not matter and you can ignore it.
Add a user.
useradd --shell /bin/false myuser
Create the home directory of our user “myuser
“.
mkdir /home/myuser
Change the ownership of that directory to the user and group “myuser
“.
chown myuser:myuser /home/myuser/
Set a password for the user “myuser
“.
passwd myuser
]]>As a starter guide, this article explains how to install Apache Tomcat 8, the latest stable version of Apache Tomcat, onto an AKLWEB HOST CentOS 7 server instance.
Before further reading, you need to:
First things first, you need to update the system to the latest stable status:
sudo yum install epel-release
sudo yum update -y && sudo reboot
Use the same sudo user to log into the system after the reboot finishes.
You need to install Java SE 7.0 or later before Apache Tomcat can run properly. Here, I will install OpenJDK Runtime Environment 1.8.0 using YUM:
sudo yum install java-1.8.0-openjdk.x86_64
Now, you can confirm your installation with:
java -version
The output will resemble the following:
openjdk version "1.8.0_91"
OpenJDK Runtime Environment (build 1.8.0_91-b14)
OpenJDK 64-Bit Server VM (build 25.91-b14, mixed mode)
For security purposes, you need to create a dedicated non-root user “tomcat” who belongs to the “tomcat” group:
sudo groupadd tomcat
sudo mkdir /opt/tomcat
sudo useradd -s /bin/nologin -g tomcat -d /opt/tomcat tomcat
In this fashion, you created a user “tomcat” who belongs to the group “tomcat”. You cannot use this user account to log into the system. The home directory is /opt/tomcat
, which is where the Apache Tomcat program will reside.
You can always find the latest stable version of Apache Tomcat 8 from its official download page, which is 8.0.33 as of writing.
Under the “Binary Distributions” section and then the “Core” list, use the link pointing to the “tar.gz” archive to compose a wget command:
cd ~
wget http://www-us.apache.org/dist/tomcat/tomcat-8/v8.0.33/bin/apache-tomcat-8.0.33.tar.gz
sudo tar -zxvf apache-tomcat-8.0.33.tar.gz -C /opt/tomcat --strip-components=1
Before you can run Apache Tomcat, you need to setup proper permissions for several directories:
cd /opt/tomcat
sudo chgrp -R tomcat conf
sudo chmod g+rwx conf
sudo chmod g+r conf/*
sudo chown -R tomcat logs/ temp/ webapps/ work/
sudo chgrp -R tomcat bin
sudo chgrp -R tomcat lib
sudo chmod g+rwx bin
sudo chmod g+r bin/*
As a matter of convenience, you should setup a Systemd unit file for Apache Tomcat:
sudo vi /etc/systemd/system/tomcat.service
Populate the file with:
[Unit]
Description=Apache Tomcat Web Application Container
After=syslog.target network.target
[Service]
Type=forking
Environment=JAVA_HOME=/usr/lib/jvm/jre
Environment=CATALINA_PID=/opt/tomcat/temp/tomcat.pid
Environment=CATALINA_HOME=/opt/tomcat
Environment=CATALINA_BASE=/opt/tomcat
Environment='CATALINA_OPTS=-Xms512M -Xmx1024M -server -XX:+UseParallelGC'
Environment='JAVA_OPTS=-Djava.awt.headless=true -Djava.security.egd=file:/dev/./urandom'
ExecStart=/opt/tomcat/bin/startup.sh
ExecStop=/bin/kill -15 $MAINPID
User=tomcat
Group=tomcat
[Install]
WantedBy=multi-user.target
Save and quit:
:wq
For security purposes, you should install haveged as well:
sudo yum install haveged
sudo systemctl start haveged.service
sudo systemctl enable haveged.service
Now, start the Apache Tomcat service and set it run on system boot:
sudo systemctl start tomcat.service
sudo systemctl enable tomcat.service
In order to test Apache Tomcat in a web browser, you need to modify the firewall rules:
sudo firewall-cmd --zone=public --permanent --add-port=8080/tcp
sudo firewall-cmd --reload
Then, you can test your installation of Apache Tomcat by visiting the following URL from a web browser:
http://[your-Vultr-server-IP]:8080
If nothing goes wrong, you will see the default Apache Tomcat front page.
In order to use the “Manager App” and the “Host manager” in the Apache Tomcat web interface, you need to create an admin user for your Apache Tomcat server:
sudo vi /opt/tomcat/conf/tomcat-users.xml
Within the </tomcat-users ...>...</tomcat-users>
segment, insert a line to define a admin user:
<user username="yourusername" password="yourpassword" roles="manager-gui,admin-gui"/>
Remember to replace “yourusername” and “yourpassword” with your own ones, the less common the better.
Save and quit:
:wq
Restart Apache Tomcat to put your modifications into effect:
sudo systemctl restart tomcat.service
Refresh the Apache Tomcat front page from your web browser. Log in the “Manager App” and the “Host manager” using the credentials you had setup earlier.
The Apache Tomcat setup is complete. You can now use it to deploy your own applications.
]]>Security-Enhanced Linux (SELinux) is an enhanced security mechanism at the kernel level. Follow this guide to reinstall SELinux and reset the policy to default settings. If SELinux is not already installed, go directly to step 2.
Perform these steps as a sudo-enabled user, or root. This guide has been tested on:
# setenforce 0
# yum remove selinux-policy\*
# rm -rf /etc/selinux/targeted /etc/selinux/config
# yum install selinux-policy-targeted
# yum install selinux-policy-devel policycoreutils
# touch /.autorelabel; reboot
SELinux will detect the /.autorelabel file on reboot, and then relabel all files with the correct SELinux contexts. If you have many files, the instance may be unavailable for a long time.
]]>yarn
Check the CentOS version.
cat /etc/centos-release
# CentOS Linux release 7.5.1804 (Core)
Create a new non-root user account with sudo
access and switch to it.
useradd -c "John Doe" johndoe && passwd johndoe
usermod -aG wheel johndoe
su - johndoe
NOTE: Replace johndoe
with your username.
Set up the timezone.
timedatectl list-timezones
sudo timedatectl set-timezone 'Region/City'
Ensure that your system is up to date.
sudo yum update -y
Install necessary packages.
sudo yum install -y wget curl vim git && sudo yum groupinstall -y "Development Tools"
For simplicity, disable SELinux and Firewall.
sudo setenforce 0
sudo systemctl stop firewalld
sudo systemctl disable firewalld
Setup the Webtatic YUM repo.
sudo rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm
Install PHP and required PHP extensions.
sudo yum install -y php72w php72w-cli php72w-fpm php72w-common php72w-mysql php72w-curl php72w-json php72w-zip php72w-xml php72w-mbstring
Check the version.
php --version
# PHP 7.2.7 (cli) (built: Jul 1 2018 08:22:47) ( NTS )
Start and enable the PHP-FPM service.
sudo systemctl start php-fpm.service
sudo systemctl enable php-fpm.service
Create the repo for MariaDB. Open sudo vi /etc/yum.repos.d/MariaDB.repo
and populate it with the following.
[mariadb]
name = MariaDB
baseurl = https://yum.mariadb.org/10.2/centos7-amd64
gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB
gpgcheck=1
Save and exit, then install MariaDB.
sudo yum install -y MariaDB-server MariaDB-client
Check the version.
mysql --version
# mysql Ver 15.1 Distrib 10.2.16-MariaDB, for Linux (x86_64) using readline 5.1
Start and enable the MariaDB service.
sudo systemctl start mariadb.service
sudo systemctl enable mariadb.service
Run mysql_secure_installation
to improve security and set the password for the MariaDB root
user.
sudo mysql_secure_installation
Connect to MariaDB as the root
user.
mysql -u root -p
# Enter password:
Create an empty MariaDB database and user for Koel, and remember the credentials.
CREATE DATABASE dbname;
GRANT ALL ON dbname.* TO 'username' IDENTIFIED BY 'password';
FLUSH PRIVILEGES;
EXIT
Install Nginx.
sudo yum install -y nginx
Check the version.
sudo nginx -v
# nginx version: nginx/1.12.2
Start and enable Nginx.
sudo systemctl start nginx.service
sudo systemctl enable nginx.service
Configure Nginx. Run sudo vim /etc/nginx/conf.d/koel.conf
and populate the file with the following configuration.
server {
listen 80;
server_name example.com;
root /var/www/koel;
index index.php;
# Allow only index.php, robots.txt, and those start with public/ or api/ or remote
if ($request_uri !~ ^/$|index\.php|robots\.txt|api/|public/|remote) {
return 404;
}
location /media/ {
internal;
# A 'X-Media-Root' should be set to media_path settings from upstream
alias $upstream_http_x_media_root;
}
location / {
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
try_files $uri $uri/ /index.php?$args;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_intercept_errors on;
include fastcgi_params;
}
}
Test the Nginx configuration.
sudo nginx -t
Reload Nginx.
sudo systemctl reload nginx.service
Install Node.js.
curl --silent --location https://rpm.nodesource.com/setup_8.x | sudo bash -
sudo yum -y install nodejs
Check the version.
node --version
# v8.11.3
Install the Yarn package manager.
curl --silent --location https://dl.yarnpkg.com/rpm/yarn.repo | sudo tee /etc/yum.repos.d/yarn.repo
sudo yum install -y yarn
Check the version.
yarn --version
# 1.9.2
Install Composer.
php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
php -r "if (hash_file('sha384', 'composer-setup.php') === '93b54496392c062774670ac18b134c3b3a95e5a5e5c8f1a9f115f203b75bf9a129d5daa8ba6a13e2cc8a1da0806388a8') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); } echo PHP_EOL;"
php composer-setup.php
php -r "unlink('composer-setup.php');"
sudo mv composer.phar /usr/local/bin/composer
Check the version.
composer --version
# Composer version 1.6.5 2018-05-04 11:44:59
Create an empty document root folder where Koel will be installed.
sudo mkdir -p /var/www/koel
Navigate to the document root folder.
cd /var/www/koel
Change ownership of the /var/www/koel
folder to user johndoe
.
sudo chown -R johndoe:johndoe /var/www/koel
Clone the Koel repository to it, checkout the latest tagged release and install its dependencies.
git clone https://github.com/phanan/koel.git .
git checkout v3.7.2
composer install
Run php artisan koel:init
command to setup the database and admin account.
php artisan koel:init
Run vim .env
and set APP_URL
to your URL.
APP_URL=http://example.com
Run yarn install
to compile and install front-end dependencies.
yarn install
NOTE: If you run out of memory, you will receive an error message. To avoid that, you can temporarily stop MariaDB, Nginx and PHP-FPM services, or configure swap memory, if the first solution does not help.
Change ownership of the /var/www/koel
directory to nginx
.
sudo chown -R nginx:nginx /var/www/koel
Run sudo vim /etc/php-fpm.d/www.conf
and set the user and group to nginx
. Initially, it will be set to apache
.
sudo vim /etc/php-fpm.d/www.conf
# user = nginx
# group = nginx
Restart PHP-FPM.
sudo systemctl restart php-fpm.service
The setup is now complete. To continue, open your domain in a web browser and you will see a login page. Then, login by entering your admin account credentials that you have previously created.
]]>203.0.113.1
.airsonic.example.com
being pointed to the server instance mentioned above.In order to get better system performance, it’s recommended to create a 2GB (2048M) swap file on a machine with 2GB of memory:
sudo dd if=/dev/zero of=/swapfile count=2048 bs=1M
sudo chmod 600 /swapfile
sudo mkswap /swapfile
sudo swapon /swapfile
echo '/swapfile none swap sw 0 0' | sudo tee -a /etc/fstab
free -m
Note: If you are using a different server size, the suitable size of the swap partition may vary.
Properly setting up a hostname and an FQDN for the machine is required for enabling HTTPS security with a Let’s Encrypt SSL certificate.
The following commands will setup a hostname airsonic
and an FQDN airsonic.example.com
for the machine:
sudo hostnamectl set-hostname airsonic
cat <<EOF | sudo tee /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
203.0.113.1 airsonic.example.com airsonic
127.0.0.1 airsonic
::1 airsonic
EOF
The results can be confirmed with the following:
hostname
hostname -f
Remove CentOS 7’s default block on ports 80
(HTTP
) and 443
(HTTPS
):
sudo firewall-cmd --permanent --add-service=http
sudo firewall-cmd --permanent --add-service=https
sudo systemctl reload firewalld.service
Install the EPEL YUM repo and then update the system:
sudo yum install -y epel-release
sudo yum -y update && sudo shutdown -r now
After the system reboots, log back in as the same sudo user to move on.
Install OpenJDK JRE 8 and then confirm the result on CentOS 7:
sudo yum install -y java-1.8.0-openjdk.x86_64
java -version
The output of the second command will be similar to the following:
openjdk version "1.8.0_171"
OpenJDK Runtime Environment (build 1.8.0_171-8u171-b11-0ubuntu0.18.04.1-b11)
OpenJDK 64-Bit Server VM (build 25.171-b11, mixed mode)
In addition, you need to setup the JAVA_HOME
environment variable as follows:
echo "JAVA_HOME=$(readlink -f /usr/bin/java | sed "s:bin/java::")" | sudo tee -a /etc/profile
source /etc/profile
AirSonic can be deployed using various methods. In this tutorial, we will install AirSonic using the AirSonic WAR package.
Create a dedicated user and a dedicated group, both named airsonic
:
sudo groupadd airsonic
sudo mkdir /var/airsonic
sudo useradd -s /bin/nologin -g airsonic -d /var/airsonic -M airsonic
Download the latest AirSonic WAR package:
cd /var/airsonic
sudo wget https://github.com/airsonic/airsonic/releases/download/v10.1.2/airsonic.war
sudo chown -R airsonic:airsonic /var/airsonic
Download the predefined AirSonic systemd
unit files and then start the AirSonic service:
sudo wget https://raw.githubusercontent.com/airsonic/airsonic/master/contrib/airsonic.service -O /etc/systemd/system/airsonic.service
sudo wget https://raw.githubusercontent.com/airsonic/airsonic/master/contrib/airsonic-systemd-env -O /etc/sysconfig/airsonic
sudo systemctl daemon-reload
sudo systemctl start airsonic.service
sudo systemctl enable airsonic.service
Note: You may need to review and customize the two AirSonic systemd
unit files on your own machine.
AirSonic will be up and running now, listening on port 8080
. You can use the following command to confirm that this is the case:
ps -ef|grep airsonic
You can also directly visit the AirSonic site, but you need to temporarily modify firewall rules first:
sudo firewall-cmd --permanent --add-port=8080/tcp
sudo systemctl reload firewalld.service
Next, point your favorite web browser to http://203.0.113.1:8080/airsonic
, and then use the default credentials listed below to log in:
admin
admin
For security purposes, you should change the administrator’s password immediately after logging in.
Once the result is confirmed, restrict access on port 8080 again:
sudo firewall-cmd --permanent --remove-port=8080/tcp
sudo systemctl reload firewalld.service
For security purposes, it’s recommended to enable HTTPS security on every newly created website. The most convenient practice for that is to deploy a Let’s Encrypt SSL certificate as follows.
Install the Certbot utility on CentOS 7:
sudo yum -y install yum-utils
sudo yum-config-manager --enable rhui-REGION-rhel-server-extras rhui-REGION-rhel-server-optional
sudo yum install -y certbot
Use Certbot to apply for a Let’s Encrypt SSL certificate for the domain airsonic.example.com
:
sudo certbot certonly --standalone --agree-tos --no-eff-email -m admin@example.com -d airsonic.example.com
The certificate and chain will be saved at the following:
/etc/letsencrypt/live/airsonic.example.com/fullchain.pem
The key file will be saved here:
/etc/letsencrypt/live/airsonic.example.com/privkey.pem
The Let’s Encrypt SSL certificate is designed to expire in three months. You can setup a cron job to renew your certificates automatically:
sudo crontab -e
Press I, and then input the following entry:
0 0,12 * * * python -c 'import random; import time; time.sleep(random.random() * 3600)' && certbot renew
Save and quit:
:wq
This cron job will attempt to update the Let’s Encrypt certificate every day at noon.
With the help of Nginx, you can both facilitate visitors’ access (so that they no longer need to input the 8080
port number), and enable HTTPS security on your AirSonic website.
Install Nginx using YUM:
sudo yum install -y nginx
Next, create a config file for AirSonic:
cat <<EOF | sudo tee /etc/nginx/conf.d/airsonic.conf
# Redirect HTTP to HTTPS
server {
listen 80;
server_name airsonic.example.com;
return 301 https://\$server_name\$request_uri;
}
server {
# Setup HTTPS certificates
listen 443 default ssl;
server_name airsonic.example.com;
ssl_certificate /etc/letsencrypt/live/airsonic.example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/airsonic.example.com/privkey.pem;
# Proxy to the Airsonic server
location /airsonic {
proxy_set_header X-Real-IP \$remote_addr;
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Host \$http_host;
proxy_set_header Host \$http_host;
proxy_max_temp_file_size 0;
proxy_pass http://127.0.0.1:8080;
proxy_redirect http:// https://;
}
}
EOF
Restart Nginx in order to put your configuration into effect:
sudo systemctl restart nginx.service
sudo systemctl enable nginx.service
Finally, point your favorite web browser to http://airsonic.example.com/airsonic
or https://airsonic.example.com/airsonic
to start exploring your AirSonic website.