Requirements

• Git
• PHP version 5.5.9 or greater
• HTTP server with PHP support. This guide will use Nginx.
• A supported database: MySQL/MariaDB, PostgreSQL or SQLite. This guide will use MariaDB.
• Composer

Before you begin

Check the CentOS version.

cat /etc/centos-release
# CentOS Linux release 7.5.1804 (Core)

Create a new non-root user account with sudo access and switch to it.

useradd -c "John Doe" johndoe && passwd johndoe
usermod -aG wheel johndoe
su - johndoe

NOTE: Replace johndoe with your username.

Set up the timezone.

timedatectl list-timezones
sudo timedatectl set-timezone 'Region/City'

Ensure that your system is up to date.

sudo yum update -y

Install necessary packages.

sudo yum install -y wget curl vim git

For simplicity, disable SELinux and Firewall.

sudo setenforce 0
sudo systemctl stop firewalld
sudo systemctl disable firewalld

Install PHP and required PHP extensions

Setup the Webtatic YUM repo.

sudo rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm

Install PHP and required PHP extensions.

sudo yum install -y php70w php70w-cli php70w-fpm php70w-common php70w-xml php70w-gd php70w-zip php70w-mbstring php70w-mysql php70w-pgsql php70w-sqlite3 php70w-mcrypt php70w-apc

Check the version.

php --version
# PHP 7.0.30 (cli) (built: Apr 28 2018 08:14:08) ( NTS )

Start and enable PHP-FPM.

sudo systemctl start php-fpm.service
sudo systemctl enable php-fpm.service

Install MariaDB and create a database

Setup the MariDB repo. Run sudo vi /etc/yum.repos.d/MariaDB.repo and populate it with the following.

[mariadb]
name = MariaDB
baseurl = https://yum.mariadb.org/10.2/centos7-amd64
gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB
gpgcheck=1

Install MariaDB database server.

sudo yum install -y MariaDB-server MariaDB-client

Check the version.

mysql --version
# mysql  Ver 15.1 Distrib 10.2.16-MariaDB, for Linux (x86_64) using readline 5.1

Start and enable MariaDB.

sudo systemctl start mariadb.service
sudo systemctl enable mariadb.service

Run mysql_secure_installation to improve security and set the password for the MariaDB root user.

sudo mysql_secure_installation

Connect to the MariaDB shell as the root user.

mysql -u root -p
# Enter password:

Create an empty MariaDB database and user for Cachet, and remember the credentials.

CREATE DATABASE dbname;
GRANT ALL ON dbname.* TO 'username' IDENTIFIED BY 'password';
FLUSH PRIVILEGES;
EXIT

Install and configure Nginx

Install Nginx.

sudo yum install -y nginx

Check the version.

nginx -v
# nginx version: nginx/1.12.2

Start and enable Nginx.

sudo systemctl start nginx.service
sudo systemctl enable nginx.service

Configure Nginx. Run sudo vim /etc/nginx/conf.d/cachet.conf and populate the file with the following configuration.

server {
  listen 80;
  listen [::]:80;

  server_name status.example.com; # Check this
  root /var/www/cachet/public; # Check this

  index index.php;

  location / {
    try_files $uri /index.php$is_args$args;
  }

  location ~ \.php$ {
    include fastcgi_params;
    fastcgi_pass 127.0.0.1:9000; # Check this
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    fastcgi_index index.php;
    fastcgi_keep_conn on;
  }
}

Test the configuration.

sudo nginx -t

Reload Nginx.

sudo systemctl reload nginx.service

Install Composer

Install Composer globally.

php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
php -r "if (hash_file('SHA384', 'composer-setup.php') === '544e09ee996cdf60ece3804abc52599c22b1f40f4323403c44d44fdfdd586475ca9813a858088ffbc1f233e9b180f061') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); } echo PHP_EOL;"
php composer-setup.php
php -r "unlink('composer-setup.php');"
sudo mv composer.phar /usr/local/bin/composer

Check the version.

composer --version
# Composer version 1.6.5 2018-05-04 11:44:59

Install Cachet

Create a document root directory.

sudo mkdir -p /var/www/cachet

Change ownership of the /var/www/cachet directory to johndoe.

sudo chown -R johndoe:johndoe /var/www/cachet

Download the Cachet source code with Git and checkout the latest tagged release.

cd /var/www/cachet
git clone https://github.com/cachethq/Cachet.git .
git tag -l
git checkout v2.3.15

Copy .env.example to .env file and configure the database and APP_URL settings in .env.

cp .env.example .env
vim .env

Install dependencies with composer.

composer install --no-dev -o

Set the application key.

php artisan key:generate

Install Cachet.

php artisan app:install

Change ownership of the /var/www/cachet directory to nginx.

sudo chown -R nginx:nginx /var/www/cachet

Run sudo vim /etc/php-fpm.d/www.conf and set the user and group to nginx. Initially, it will be set to apache.

sudo vim /etc/php-fpm.d/www.conf
# user = nginx
# group = nginx

Restart PHP-FPM.

sudo systemctl restart php-fpm.service

Open your site in a web browser and follow the instructions on the screen to finish Cachet installation. To access the Cachet dashboard append /dashboard to your website URL.

Requirements

Before you can install PyroCMS on a server, there are a few requirements that need to be met.

• 1GB of RAM
• LEMP/LAMP stack
• PHP >= 7.0
• PDO PHP Extension
• cURL PHP Extension
• SQLite PHP Extension
• OpenSSL PHP Extension
• Mbstring PHP Extension
• Fileinfo PHP Extension
• Tokenizer PHP Extension
• GD Library (>=2.0) OR Imagick PHP extension (>=6.5.7)

Check the CentOS version.

cat /etc/centos-release
# CentOS Linux release 7.4.1708 (Core)

Create a new non-root user account with sudo access and switch to it.

useradd -c "John Doe" johndoe && passwd johndoe
usermod -aG wheel johndoe
su - johndoe

NOTE: Replace johndoe with your username.

Set up the timezone.

timedatectl list-timezones
sudo timedatectl set-timezone 'Region/City'

Ensure that your system is up to date.

sudo yum update -y

Install required and useful packages.

sudo yum install -y wget vim unzip bash-completion

Disable SELinux.

sudo setenforce 0

Install PHP and required extensions

CentOS does not provide the latest PHP version in its default software repositories. We’ll need to add a Webtatic YUM repo.

Download and install PHP 7.2 and required PHP extensions.

sudo yum install -y php72w php72w-cli php72w-fpm php72w-mysql php72w-curl php72w-sqlite3 php72w-mbstring php72w-gd php72w-dom

Check PHP version.

php --version
PHP 7.2.2 (cli) (built: Feb  4 2018 10:14:07) ( NTS )
Copyright (c) 1997-2018 The PHP Group
Zend Engine v3.2.0, Copyright (c) 1998-2018 Zend Technologies

Install MySQL/MariaDB and create a database

Download and install MariaDB.

sudo vim /etc/yum.repos.d/MariaDB.repo

# Copy/paste this to the /etc/yum.repos.d/MariaDB.repo file

[mariadb]

name = MariaDB baseurl = https://yum.mariadb.org/10.2/centos7-amd64 gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB gpgcheck=1 sudo yum install -y MariaDB-server MariaDB-client

Check the MariaDB version.

mysql --version
# mysql  Ver 15.1 Distrib 10.2.13-MariaDB, for Linux (x86_64) using readline 5.1

Start and enable MariaDB.

sudo systemctl enable mariadb.service
sudo systemctl start mariadb.service

Run the mysql_secure_installation script to improve the security of your MariaDB installation.

sudo mysql_secure_installation

Log into MariaDB as the root user.

mysql -u root -p
# Enter password:

Create a new MariaDB database and user, and remember the credentials.

create database dbname;
grant all on dbname.* to 'username' identified by 'password';

Exit MySQL.

exit

Install and configure NGINX

Install NGINX.

sudo vim /etc/yum.repos.d/nginx_mainline.repo

# Copy/paste this to the /etc/yum.repos.d/nginx_mainline.repo file

[nginx]

name=nginx repo baseurl=https://nginx.org/packages/mainline/centos/7/$basearch/ gpgcheck=1 enabled=1 wget https://nginx.org/keys/nginx_signing.key sudo rpm –import nginx_signing.key rm nginx_signing.key sudo yum install -y nginx

Check the NGINX version.

nginx -v

Start and enable NGINX.

sudo systemctl enable nginx.service
sudo systemctl start nginx.service

Configure NGINX as a FastCGI proxy. Run sudo vim /etc/nginx/conf.d/pyro.conf and populate it with the following text.

server {
  listen 80;

  server_name example.com; # Check this
  root /var/www/pyro/public; # Check this
  
  index index.php index.html;
  charset utf-8;
  
  location / {
    try_files $uri $uri/ /index.php?$args;
  }

  location ~ \.php$ {
    fastcgi_pass 127.0.0.1:9000; # Check this
    fastcgi_index index.php;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    include fastcgi_params;
  }
}

NOTE: Make sure to point the web root to Pyro’s public directory.

Test the NGINX configuration.

sudo nginx -t

Reload NGINX.

sudo systemctl reload nginx.service

Download and install Composer

Download the Composer dependencies.

sudo yum install -y curl git unzip

Download and install Composer, the dependency manager for PHP.

php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
php -r "if (hash_file('SHA384', 'composer-setup.php') === '544e09ee996cdf60ece3804abc52599c22b1f40f4323403c44d44fdfdd586475ca9813a858088ffbc1f233e9b180f061') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); } echo PHP_EOL;"
php composer-setup.php
php -r "unlink('composer-setup.php');"
sudo mv composer.phar /usr/local/bin/composer

Check the Composer version.

composer --version
# Composer version 1.6.3 2018-01-31 16:28:17

Download and install PyroCMS via Composer

Create a document root directory.

sudo mkdir -p /var/www/pyro

Change the ownership of the /var/www/pyro  directory to johndoe.

sudo chown -R johndoe:johndoe /var/www/pyro

Download the latest stable release of PyroCMS from the command line.

cd /var/www/pyro
composer create-project pyrocms/pyrocms .

NOTE: You may run out of memory when installing Pyro via Composer. It may be wise to stop Nginx, PHP-FPM and MySQL servers with sudo systemctl stop nginx.service php-fpm.service mysql.service to save on memory usage and start them again after this step.

Change the ownership of the /var/www/pyro directory to nginx.

sudo chown -R nginx:nginx /var/www/pyro

Run sudo vim /etc/php-fpm.d/www.conf and set the user and group to nginx.

sudo vim /etc/php-fpm.d/www.conf
# user = nginx
# group = nginx

Restart the php-fpm.service.

sudo systemctl restart php-fpm.service

Using your preferred web browser, open your site and follow the PyroCMS installer. After following the installer you will have PyroCMS up and running. To access the PyroCMS admin area, append /admin to your site URL.

This guide was written for Vanilla Forums 2.3, but may also work on newer releases.

Prerequisites

• A AKLWEB HOST CentOS 7 server instance.
• A sudo user.

For this tutorial, we will use forum.example.com as the domain name pointed towards the AKLWEB HOST instance. Please make sure to replace all occurrences of the example domain name with the actual one.

Install Apache

Install Apache.

sudo yum -y install httpd

Start Apache and enable it to automatically run at boot time.

sudo systemctl start httpd
sudo systemctl enable httpd

Install PHP 7.1

We will use PHP 7.1 to obtain maximum security and stability. First, add and enable the Remi repository.

sudo rpm -Uvh http://rpms.remirepo.net/enterprise/remi-release-7.rpm
sudo yum -y install yum-utils
sudo yum-config-manager --enable remi-php71

Install the latest version of PHP along with the modules required by Vanilla Forum.

sudo yum -y install php php-gd php-mysqli php-mbstring php-curl php-cli php-pear php-devel php-openssl

Install MariaDB

MariaDB is a fork of MySQL. Add the MariaDB repository into your system. The default YUM repository contains an older version of MariaDB, which is unsupported by Vanilla.

echo "[mariadb]
name = MariaDB
baseurl = http://yum.mariadb.org/10.2/centos7-amd64
gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB
gpgcheck=1" | sudo tee /etc/yum.repos.d/mariadb.repo

Install MariaDB.

sudo yum -y install mariadb mariadb-server

Start MariaDB and enable it to automatically start at boot time.

sudo systemctl start mariadb
sudo systemctl enable mariadb

Before configuring the database, you will need to secure MariaDB first.

sudo mysql_secure_installation

You will be asked for the current MariaDB root password. By default, there is no root password in a fresh MariaDB installation. Press the “Enter” key to proceed. Set a strong password for the root user of your MariaDB server and answer “Y” to all of the other questions that are asked. The questions asked are self-explanatory.

Log into the MySQL shell as root.

mysql -u root -p

Provide the password for the MariaDB root user to log in.

Run the following queries to create a database and a database user for the Vanilla installation.

CREATE DATABASE vanilla_data CHARACTER SET utf8 COLLATE utf8_general_ci;
CREATE USER 'vanilla_user'@'localhost' IDENTIFIED BY 'StrongPassword';
GRANT ALL PRIVILEGES ON vanilla_data.* TO 'vanilla_user'@'localhost';
FLUSH PRIVILEGES;
EXIT;

You can replace the database name vanilla_data and username vanilla_user according to your choice. Please make sure to change StrongPassword to a very strong password.

Install Vanilla forum

Download the Vanilla forum zip archive.

wget https://open.vanillaforums.com/get/vanilla-core.zip

Install unzip.

sudo yum -y install unzip

Extract the archive.

sudo unzip vanilla-core.zip -d /var/www/vanilla

Provide the appropriate ownership.

sudo chown -R apache:apache /var/www/vanilla

Allow HTTP traffic on port 80 through the firewall.

sudo firewall-cmd --zone=public --permanent --add-service=http
sudo firewall-cmd --zone=public --permanent --add-service=https
sudo firewall-cmd --reload

Create virtual host

Create a virtual host for your Vanilla forum site.

sudo nano /etc/httpd/conf.d/forum.example.com.conf

Populate the file.

<VirtualHost *:80>
    ServerName forum.example.com
    DocumentRoot /var/www/vanilla
    <Directory /var/www/vanilla>
        Options Indexes FollowSymLinks MultiViews
        AllowOverride All
        Order allow,deny
        allow from all
    </Directory>
</VirtualHost>

Restart Apache.

sudo systemctl restart httpd

Wrapping Up

Now that you have successfully installed and configured Vanilla forum, you can access the application on http://forum.example.com. Provide the database and administrator details. Once you have provided the required database and admin details, the setup will write into the database and you will be taken to the administration interface. You can now configure the forum according to your needs.

Congratulations, you have successfully installed Vanilla forum in CentOS 7 server.

Prerequisites

• A CentOS 7 x64 instance.
• An Apache web server properly installed. Say the web root directory is /var/www/html.
• PHP version 7.1.
• A sudo user.
• Firewall rules finely tuned. At least the HTTP 80 port should be open.

Step 1: Download and prepare ionCube Loader packages for CentOS 7

Since CentOS 7 is a 64-bit Linux distribution, you should download the ionCube 64-bit Linux package as follows:

cd
wget https://downloads.ioncube.com/loader_downloads/ioncube_loaders_lin_x86-64.tar.gz
sudo tar -zxvf ioncube_loaders_lin_x86-64.tar.gz -C /usr/lib64/php/modules
sudo chown -R root:root /usr/lib64/php/modules/ioncube
sudo cp /usr/local/ioncube/loader-wizard.php /var/www/html
sudo systemctl restart httpd.service

Now, an ionCube Loader setup script loader-wizard.php has been copied to the web root directory /var/www/html. We will use that script to Configure and test ionCube Loader on the server.

Note: This tutorial assumes your Document Root is /var/www/html. If you have your web server configured differently, you need to place loader-wizard.php in a directory where you can access it via your web browser.

Step 2: Configure ionCube Loader

1. Point your web browser to http://203.0.113.1/loader-wizard.php to enter the ionCube Loader Wizard interface.
2. In the ionCube Loader Wizard interface, choose the Dedicated or VPS (server with full root ssh access) option.
3. Input hosting provider name and URL as follows:

• Name of your hosting provider AKLWEB HOST
• URL of your hosting provider https://www.aklwebhost.com

4. click the Next button.
5. Create an PHP ini file to specify the location of ionCube Loader for PHP 7.1:echo ‘zend_extension = /usr/lib64/php/modules/ioncube/ioncube_loader_lin_7.1.so’ | sudo tee /etc/php.d/00-ioncube.ini

Note: If your version of PHP is different from PHP 7.1, you should specify the proper ionCube Loader file in above command accordingly. Use the command php -v to confirm the PHP version.

6. Restart Apache to load the update:sudo systemctl restart httpd.service
7. Go back to the ionCube Loader Wizard interface, and then use the link click here to test the Loader to test your installation.
8. If nothing goes wrong, you should see the Loader Installed Successfully message.
9. For security purposes, you should delete the IonCube loader wizard script in the web root directory once you pass the test:sudo rm /var/www/html/loader-wizard.php

That’s all. Having the ionCube Loader module properly installed, you are eligible to install any app licensed with ionCube on your server now. Enjoy it.

PHP-based Zikula is an open-source framework for online applications. With Zikula, you can create editable and interactive webpages. It is a cross-platform program that works with every widely used operating system. For database-related tasks, Zikula uses Microsoft SQL Server, Oracle, PostgreSQL, and MySQL on the back end.

We’ll talk about installing Zikula on a CentOS 7 server in this article.

Prerequisites

• AKLWEB HOST CentOS 7 server instance that has just been deployed.
• A user on your server who is not root but has sudo capabilities set up.
• 192.168.15.110 set as a static IP address on your machine. This would be your server’s primary IP address.

Step 1: Update the system

First, update your system to the latest stable version by running the following command:

sudo yum update -y
sudo reboot

Step 2: Install LAMP Server Packages

You will need to install Apache, MariaDB, PHP and other required PHP modules on your system. You can install all of these packages with the following command:

sudo yum install httpd mariadb mariadb-server php php-common php-mysql php-mcrypt php-gd php-xml php-mbstring php-xmlrpc unzip wget -y

Once the installation is complete, start both Apache and MariaDB services and enable them to start at boot with the following commands:

sudo systemctl start httpd
sudo systemctl start mariadb
sudo systemctl enable httpd
sudo systemctl enable mariadb

Configure MariaDB Database By default

MariaDB installation is not hardened, so you will need to secure it first. You can secure it with the following script:

sudo mysql_secure_installation

Answer all of the questions as follows.

Set root password? [Y/n] n
Remove anonymous users? [Y/n] y
Disallow root login remotely? [Y/n] y
Remove test database and access to it? [Y/n] y
Reload privilege tables now? [Y/n] y

Next, login to the MariaDB console.

mysql -u root -p

This will prompt you for a password, enter your MariaDB root password. After logging in, create a database for Zikula:

MariaDB [(none)]>CREATE DATABASE zikuladb;
MariaDB [(none)]>GRANT ALL PRIVILEGES on zikuladb.* to 'user'@'localhost' identified by 'password';
MariaDB [(none)]>FLUSH PRIVILEGES;
MariaDB [(none)]>exit

Install Zikula First

you will need to download the latest version of the Zikula CMS from GitHub. You can also download it using the wget command.

wget https://github.com/zikula/core/releases/download/1.4.6/Zikula_Core-1.4.6.build119.zip

Extract the downloaded zip archive.

unzip Zikula_Core-1.4.6.build119.zip

Move the extracted directory into the Apache root directory.

sudo mv Zikula_Core-1.4.6 /var/www/html/zikula

Give necessary permission to zikula directory.

sudo chown -R apache:apache /var/www/html/zikula

Access Zikula Web Interface

Before accessing Zikula, you will need to allow port 80 through firewalld. You can do this with the following command:

sudo firewall-cmd --permanent --zone=public --add-port=80/tcp
sudo firewall-cmd --reload

Open your web browser and type the URL http://192.168.15.110/install.php or http://your-domain.com/install.php, then complete the required the steps to finish the installation.

Thats it. You have successfully installed Zikula on your CentOS 7 server.

Prerequisites

• A newly deployed AKLWEB HOST CentOS server instance.
• A Sudo user.

Installation

Update the system.

yum check-update

Official RHEL/CentOS 6/7 repositories do not provide any binary packages for ProFTPD Server, so you need to add extra package repositories on your system provided by EPEL 6/7 repo using one of the following commands.

CentOS 6:

sudo rpm -Uvh http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm

CentOS 7:

sudo rpm -Uvh http://ftp.astral.ro/mirrors/fedora/pub/epel/beta/7/x86_64/epel-release-7-0.2.noarch.rpm

Download all of the metadata for the currently enabled yum repos.

sudo yum makecache

Install proftpd.

sudo yum install proftpd

Install ftp.

sudo yum install ftp

Configuration

Open the ProFTPd configuration file.

sudo nano /etc/proftpd.conf

The file will resemble the following text.

The file will resemble the following text.

# This is the ProFTPD configuration file

#

# See: http://www.proftpd.org/docs/directives/linked/by-name.html



# Server Config - config used for anything outside a <VirtualHost> or <Global> $

# See: http://www.proftpd.org/docs/howto/Vhost.html



ServerName                      "ProFTPD server"

ServerIdent                     on "FTP Server ready."

ServerAdmin                     root@localhost

DefaultServer                   on



# Cause every FTP user except adm to be chrooted into their home directory

# Aliasing /etc/security/pam_env.conf into the chroot allows pam_env to

# work at session-end time (http://bugzilla.redhat.com/477120)

VRootEngine                     on

DefaultRoot                     ~ !adm

VRootAlias                      /etc/security/pam_env.conf etc/security/pam_env$



# Use pam to authenticate (default) and be authoritative

AuthPAMConfig                   proftpd

AuthOrder                       mod_auth_pam.c* mod_auth_unix.c

# If you use NIS/YP/LDAP you may need to disable PersistentPasswd

#PersistentPasswd               off



# Don't do reverse DNS lookups (hangs on DNS problems)

UseReverseDNS                   off



# Set the user and group that the server runs as

User                            nobody

Group                           nobody



# To prevent DoS attacks, set the maximum number of child processes

# to 20.  If you need to allow more than 20 concurrent connections

# at once, simply increase this value.  Note that this ONLY works

# in standalone mode; in inetd mode you should use an inetd server

# that allows you to limit maximum number of processes per service

# (such as xinetd)

MaxInstances                    20

...

Main configuration directives

• ServerName: Specifies the name of the FTP server. This name will be displayed when clients connect to the server.
• DefaultRoot: Controls the default root directory assigned to a user upon login.
• MaxInstances: The maximum number of simultaneous connections you want to allow on your FTP server.

Now, we have to change the ServerName.

ServerName : the name of your FTP server

Note: By default, someone who connects to the FTP server can access all of the server folders, so it’s recommended to enable the option DefaultRoot.

DefaultRoot                     ~ !adm

After the configuration has been changed, restart the server.

sudo service proftpd restart

Note: If an error line is displayed as “unable to resolve host“, be aware that it does not matter and you can ignore it.

Add an FTP user

Add a user.

useradd --shell /bin/false myuser

Create the home directory of our user “myuser“.

mkdir /home/myuser

Change the ownership of that directory to the user and group “myuser“.

chown myuser:myuser /home/myuser/

Set a password for the user “myuser“.

passwd myuser

As a starter guide, this article explains how to install Apache Tomcat 8, the latest stable version of Apache Tomcat, onto an AKLWEB HOST CentOS 7 server instance.

Prerequisites

Before further reading, you need to:

• Deploy a fresh AKLWEB HOST CentOS 7 server instance.
• Log into this machine from your SSH terminal as a non-root sudo user.

Step 1: Update your CentOS system

First things first, you need to update the system to the latest stable status:

sudo yum install epel-release

sudo yum update -y && sudo reboot

Use the same sudo user to log into the system after the reboot finishes.

Step 2: Install Java

You need to install Java SE 7.0 or later before Apache Tomcat can run properly. Here, I will install OpenJDK Runtime Environment 1.8.0 using YUM:

sudo yum install java-1.8.0-openjdk.x86_64

Now, you can confirm your installation with:

java -version

The output will resemble the following:

openjdk version "1.8.0_91"

OpenJDK Runtime Environment (build 1.8.0_91-b14)

OpenJDK 64-Bit Server VM (build 25.91-b14, mixed mode)

Step 3: Create a dedicated user for Apache Tomcat

For security purposes, you need to create a dedicated non-root user “tomcat” who belongs to the “tomcat” group:

sudo groupadd tomcat

sudo mkdir /opt/tomcat

sudo useradd -s /bin/nologin -g tomcat -d /opt/tomcat tomcat

In this fashion, you created a user “tomcat” who belongs to the group “tomcat”. You cannot use this user account to log into the system. The home directory is /opt/tomcat, which is where the Apache Tomcat program will reside.

Step 4: Download and install the latest Apache Tomcat

You can always find the latest stable version of Apache Tomcat 8 from its official download page, which is 8.0.33 as of writing.

Under the “Binary Distributions” section and then the “Core” list, use the link pointing to the “tar.gz” archive to compose a wget command:

cd ~

wget http://www-us.apache.org/dist/tomcat/tomcat-8/v8.0.33/bin/apache-tomcat-8.0.33.tar.gz

sudo tar -zxvf apache-tomcat-8.0.33.tar.gz -C /opt/tomcat --strip-components=1

Step 5: Setup proper permissions

Before you can run Apache Tomcat, you need to setup proper permissions for several directories:

cd /opt/tomcat

sudo chgrp -R tomcat conf

sudo chmod g+rwx conf

sudo chmod g+r conf/*

sudo chown -R tomcat logs/ temp/ webapps/ work/



sudo chgrp -R tomcat bin

sudo chgrp -R tomcat lib

sudo chmod g+rwx bin

sudo chmod g+r bin/*

Step 6: Setup a Systemd unit file for Apache Tomcat

As a matter of convenience, you should setup a Systemd unit file for Apache Tomcat:

sudo vi /etc/systemd/system/tomcat.service

Populate the file with:

[Unit]

Description=Apache Tomcat Web Application Container

After=syslog.target network.target



[Service]

Type=forking



Environment=JAVA_HOME=/usr/lib/jvm/jre

Environment=CATALINA_PID=/opt/tomcat/temp/tomcat.pid

Environment=CATALINA_HOME=/opt/tomcat

Environment=CATALINA_BASE=/opt/tomcat

Environment='CATALINA_OPTS=-Xms512M -Xmx1024M -server -XX:+UseParallelGC'

Environment='JAVA_OPTS=-Djava.awt.headless=true -Djava.security.egd=file:/dev/./urandom'



ExecStart=/opt/tomcat/bin/startup.sh

ExecStop=/bin/kill -15 $MAINPID



User=tomcat

Group=tomcat



[Install]

WantedBy=multi-user.target

Save and quit:

:wq

Step 7: Install haveged, a security-related program

For security purposes, you should install haveged as well:

sudo yum install haveged

sudo systemctl start haveged.service

sudo systemctl enable haveged.service

Step 8: Start and test Apache Tomcat

Now, start the Apache Tomcat service and set it run on system boot:

sudo systemctl start tomcat.service

sudo systemctl enable tomcat.service

In order to test Apache Tomcat in a web browser, you need to modify the firewall rules:

sudo firewall-cmd --zone=public --permanent --add-port=8080/tcp

sudo firewall-cmd --reload

Then, you can test your installation of Apache Tomcat by visiting the following URL from a web browser:

http://[your-Vultr-server-IP]:8080

If nothing goes wrong, you will see the default Apache Tomcat front page.

Step 9: Configure the Apache Tomcat web management interface

In order to use the “Manager App” and the “Host manager” in the Apache Tomcat web interface, you need to create an admin user for your Apache Tomcat server:

sudo vi /opt/tomcat/conf/tomcat-users.xml

Within the </tomcat-users ...>...</tomcat-users> segment, insert a line to define a admin user:

<user username="yourusername" password="yourpassword" roles="manager-gui,admin-gui"/>

Remember to replace “yourusername” and “yourpassword” with your own ones, the less common the better.

Save and quit:

:wq

Restart Apache Tomcat to put your modifications into effect:

sudo systemctl restart tomcat.service

Refresh the Apache Tomcat front page from your web browser. Log in the “Manager App” and the “Host manager” using the credentials you had setup earlier.

The Apache Tomcat setup is complete. You can now use it to deploy your own applications.

Security-Enhanced Linux (SELinux) is an enhanced security mechanism at the kernel level. Follow this guide to reinstall SELinux and reset the policy to default settings. If SELinux is not already installed, go directly to step 2.

Perform these steps as a sudo-enabled user, or root. This guide has been tested on:

• CentOS 8
• CentOS 7
• CentOS 6

1. Disable and Remove SELinux

# setenforce 0

# yum remove selinux-policy\*

# rm -rf /etc/selinux/targeted /etc/selinux/config

2. Install SELinux

# yum install selinux-policy-targeted

# yum install selinux-policy-devel policycoreutils

# touch /.autorelabel; reboot

SELinux will detect the /.autorelabel file on reboot, and then relabel all files with the correct SELinux contexts. If you have many files, the instance may be unavailable for a long time.

Requirements

• PHP version 5.6.4 or greater, with the following extensions:
  • OpenSSL
  • PDO
  • Mbstring
  • Tokenizer
  • XML
• MariaDB
• Latest stable version of Node.js with yarn
• Composer
• Nginx

Before you begin

Check the CentOS version.

cat /etc/centos-release

# CentOS Linux release 7.5.1804 (Core)

Create a new non-root user account with sudo access and switch to it.

useradd -c "John Doe" johndoe && passwd johndoe

usermod -aG wheel johndoe

su - johndoe

NOTE: Replace johndoe with your username.

Set up the timezone.

timedatectl list-timezones

sudo timedatectl set-timezone 'Region/City'

Ensure that your system is up to date.

sudo yum update -y

Install necessary packages.

sudo yum install -y wget curl vim git && sudo yum groupinstall -y "Development Tools"

For simplicity, disable SELinux and Firewall.

sudo setenforce 0

sudo systemctl stop firewalld

sudo systemctl disable firewalld

Install PHP

Setup the Webtatic YUM repo.

sudo rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm

Install PHP and required PHP extensions.

sudo yum install -y php72w php72w-cli php72w-fpm php72w-common php72w-mysql php72w-curl php72w-json php72w-zip php72w-xml php72w-mbstring

Check the version.

php --version

# PHP 7.2.7 (cli) (built: Jul  1 2018 08:22:47) ( NTS )

Start and enable the PHP-FPM service.

sudo systemctl start php-fpm.service

sudo systemctl enable php-fpm.service

Install MariaDB and setup a database

Create the repo for MariaDB. Open sudo vi /etc/yum.repos.d/MariaDB.repo and populate it with the following.

[mariadb]

name = MariaDB

baseurl = https://yum.mariadb.org/10.2/centos7-amd64

gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB

gpgcheck=1

Save and exit, then install MariaDB.

sudo yum install -y MariaDB-server MariaDB-client

Check the version.

mysql --version

# mysql  Ver 15.1 Distrib 10.2.16-MariaDB, for Linux (x86_64) using readline 5.1

Start and enable the MariaDB service.

sudo systemctl start mariadb.service

sudo systemctl enable mariadb.service

Run mysql_secure_installation to improve security and set the password for the MariaDB root user.

sudo mysql_secure_installation

Connect to MariaDB as the root user.

mysql -u root -p

# Enter password:

Create an empty MariaDB database and user for Koel, and remember the credentials.

CREATE DATABASE dbname;

GRANT ALL ON dbname.* TO 'username' IDENTIFIED BY 'password';

FLUSH PRIVILEGES;

EXIT

Install and configure Nginx

Install Nginx.

sudo yum install -y nginx

Check the version.

sudo nginx -v

# nginx version: nginx/1.12.2

Start and enable Nginx.

sudo systemctl start nginx.service

sudo systemctl enable nginx.service

Configure Nginx. Run sudo vim /etc/nginx/conf.d/koel.conf and populate the file with the following configuration.

server {

  listen 80;

  server_name example.com;

  root /var/www/koel;

  index index.php;





  # Allow only index.php, robots.txt, and those start with public/ or api/ or remote

  if ($request_uri !~ ^/$|index\.php|robots\.txt|api/|public/|remote) {

    return 404;

  }



  location /media/ {

    internal;

    # A 'X-Media-Root' should be set to media_path settings from upstream

    alias $upstream_http_x_media_root;

   }



   location / {

     try_files $uri $uri/ /index.php?$args;

   }



   location ~ \.php$ {

     try_files $uri $uri/ /index.php?$args;

     fastcgi_param PATH_INFO $fastcgi_path_info;

     fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;

     fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;

     fastcgi_pass 127.0.0.1:9000;

     fastcgi_index index.php;

     fastcgi_split_path_info ^(.+\.php)(/.+)$;

     fastcgi_intercept_errors on;

     include fastcgi_params;

   }

}

Test the Nginx configuration.

sudo nginx -t

Reload Nginx.

sudo systemctl reload nginx.service

Install Node.js

Install Node.js.

curl --silent --location https://rpm.nodesource.com/setup_8.x | sudo bash -

sudo yum -y install nodejs

Check the version.

node --version

# v8.11.3

Install Yarn

Install the Yarn package manager.

curl --silent --location https://dl.yarnpkg.com/rpm/yarn.repo | sudo tee /etc/yum.repos.d/yarn.repo

sudo yum install -y yarn

Check the version.

yarn --version

# 1.9.2

Install Composer

Install Composer.

php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"

php -r "if (hash_file('sha384', 'composer-setup.php') === '93b54496392c062774670ac18b134c3b3a95e5a5e5c8f1a9f115f203b75bf9a129d5daa8ba6a13e2cc8a1da0806388a8') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); } echo PHP_EOL;"

php composer-setup.php

php -r "unlink('composer-setup.php');"

sudo mv composer.phar /usr/local/bin/composer

Check the version.

composer --version

# Composer version 1.6.5 2018-05-04 11:44:59

Install Koel

Create an empty document root folder where Koel will be installed.

sudo mkdir -p /var/www/koel

Navigate to the document root folder.

cd /var/www/koel

Change ownership of the /var/www/koel folder to user johndoe.

sudo chown -R johndoe:johndoe /var/www/koel

Clone the Koel repository to it, checkout the latest tagged release and install its dependencies.

git clone https://github.com/phanan/koel.git .

git checkout v3.7.2

composer install

Run php artisan koel:init command to setup the database and admin account.

php artisan koel:init

Run vim .env and set APP_URL to your URL.

APP_URL=http://example.com

Run yarn install to compile and install front-end dependencies.

yarn install

NOTE: If you run out of memory, you will receive an error message. To avoid that, you can temporarily stop MariaDB, Nginx and PHP-FPM services, or configure swap memory, if the first solution does not help.

Change ownership of the /var/www/koel directory to nginx.

sudo chown -R nginx:nginx /var/www/koel

Run sudo vim /etc/php-fpm.d/www.conf and set the user and group to nginx. Initially, it will be set to apache.

sudo vim /etc/php-fpm.d/www.conf

# user = nginx

# group = nginx

Restart PHP-FPM.

sudo systemctl restart php-fpm.service

The setup is now complete. To continue, open your domain in a web browser and you will see a login page. Then, login by entering your admin account credentials that you have previously created.

Prerequisites

• A newly deployed AKLWEB HOST CentOS 7 server instance with at least 2GB of memory. Say it has an IPv4 address 203.0.113.1.
• A sudo user.
• A domain airsonic.example.com being pointed to the server instance mentioned above.

Step 1: Basic system configuration

Create a swap file

In order to get better system performance, it’s recommended to create a 2GB (2048M) swap file on a machine with 2GB of memory:

sudo dd if=/dev/zero of=/swapfile count=2048 bs=1M

sudo chmod 600 /swapfile

sudo mkswap /swapfile

sudo swapon /swapfile

echo '/swapfile   none    swap    sw    0   0' | sudo tee -a /etc/fstab

free -m

Note: If you are using a different server size, the suitable size of the swap partition may vary.

Setup the machine’s hostname and fully qualified domain name (FQDN)

Properly setting up a hostname and an FQDN for the machine is required for enabling HTTPS security with a Let’s Encrypt SSL certificate.

The following commands will setup a hostname airsonic and an FQDN airsonic.example.com for the machine:

sudo hostnamectl set-hostname airsonic

cat <<EOF | sudo tee /etc/hosts

127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4

::1         localhost localhost.localdomain localhost6 localhost6.localdomain6

203.0.113.1 airsonic.example.com airsonic

127.0.0.1 airsonic

::1       airsonic

EOF

The results can be confirmed with the following:

hostname

hostname -f

Modify firewall rules in order to allow inbound HTTP and HTTPS traffic

Remove CentOS 7’s default block on ports 80 (HTTP) and 443 (HTTPS):

sudo firewall-cmd --permanent --add-service=http

sudo firewall-cmd --permanent --add-service=https

sudo systemctl reload firewalld.service

Install the repo

Install the EPEL YUM repo and then update the system:

sudo yum install -y epel-release

sudo yum -y update && sudo shutdown -r now

After the system reboots, log back in as the same sudo user to move on.

Step 2: Install OpenJDK Java Runtime Environment (JRE) 8

Install OpenJDK JRE 8 and then confirm the result on CentOS 7:

sudo yum install -y java-1.8.0-openjdk.x86_64

java -version

The output of the second command will be similar to the following:

openjdk version "1.8.0_171"

OpenJDK Runtime Environment (build 1.8.0_171-8u171-b11-0ubuntu0.18.04.1-b11)

OpenJDK 64-Bit Server VM (build 25.171-b11, mixed mode)

In addition, you need to setup the JAVA_HOME environment variable as follows:

echo "JAVA_HOME=$(readlink -f /usr/bin/java | sed "s:bin/java::")" | sudo tee -a /etc/profile

source /etc/profile

Step 3: Install AirSonic

AirSonic can be deployed using various methods. In this tutorial, we will install AirSonic using the AirSonic WAR package.

Create a dedicated user and a dedicated group, both named airsonic:

sudo groupadd airsonic

sudo mkdir /var/airsonic

sudo useradd -s /bin/nologin -g airsonic -d /var/airsonic -M airsonic

Download the latest AirSonic WAR package:

cd /var/airsonic

sudo wget https://github.com/airsonic/airsonic/releases/download/v10.1.2/airsonic.war

sudo chown -R airsonic:airsonic /var/airsonic

Download the predefined AirSonic systemd unit files and then start the AirSonic service:

sudo wget https://raw.githubusercontent.com/airsonic/airsonic/master/contrib/airsonic.service -O /etc/systemd/system/airsonic.service

sudo wget https://raw.githubusercontent.com/airsonic/airsonic/master/contrib/airsonic-systemd-env -O /etc/sysconfig/airsonic

sudo systemctl daemon-reload

sudo systemctl start airsonic.service

sudo systemctl enable airsonic.service

Note: You may need to review and customize the two AirSonic systemd unit files on your own machine.

Step 4: Test the installation

AirSonic will be up and running now, listening on port 8080. You can use the following command to confirm that this is the case:

ps -ef|grep airsonic

You can also directly visit the AirSonic site, but you need to temporarily modify firewall rules first:

sudo firewall-cmd --permanent --add-port=8080/tcp

sudo systemctl reload firewalld.service

Next, point your favorite web browser to http://203.0.113.1:8080/airsonic, and then use the default credentials listed below to log in:

• Username: admin
• Password: admin

For security purposes, you should change the administrator’s password immediately after logging in.

Once the result is confirmed, restrict access on port 8080 again:

sudo firewall-cmd --permanent --remove-port=8080/tcp

sudo systemctl reload firewalld.service

Step 5: Obtain a Let’s Encrypt SSL certificate for your AirSonic site

For security purposes, it’s recommended to enable HTTPS security on every newly created website. The most convenient practice for that is to deploy a Let’s Encrypt SSL certificate as follows.

Install the Certbot utility on CentOS 7:

sudo yum -y install yum-utils

sudo yum-config-manager --enable rhui-REGION-rhel-server-extras rhui-REGION-rhel-server-optional

sudo yum install -y certbot

Use Certbot to apply for a Let’s Encrypt SSL certificate for the domain airsonic.example.com:

sudo certbot certonly --standalone --agree-tos --no-eff-email -m admin@example.com -d airsonic.example.com

The certificate and chain will be saved at the following:

/etc/letsencrypt/live/airsonic.example.com/fullchain.pem

The key file will be saved here:

/etc/letsencrypt/live/airsonic.example.com/privkey.pem

The Let’s Encrypt SSL certificate is designed to expire in three months. You can setup a cron job to renew your certificates automatically:

sudo crontab -e

Press I, and then input the following entry:

0 0,12 * * * python -c 'import random; import time; time.sleep(random.random() * 3600)' && certbot renew

Save and quit:

:wq

This cron job will attempt to update the Let’s Encrypt certificate every day at noon.

Step 6: Install Nginx as a reverse proxy

With the help of Nginx, you can both facilitate visitors’ access (so that they no longer need to input the 8080 port number), and enable HTTPS security on your AirSonic website.

Install Nginx using YUM:

sudo yum install -y nginx

Next, create a config file for AirSonic:

cat <<EOF | sudo tee /etc/nginx/conf.d/airsonic.conf

# Redirect HTTP to HTTPS

server {

    listen      80;

    server_name airsonic.example.com;

    return      301 https://\$server_name\$request_uri;

}



server {



    # Setup HTTPS certificates

    listen       443 default ssl;

    server_name  airsonic.example.com;

    ssl_certificate      /etc/letsencrypt/live/airsonic.example.com/fullchain.pem;

    ssl_certificate_key  /etc/letsencrypt/live/airsonic.example.com/privkey.pem;



    # Proxy to the Airsonic server

    location /airsonic {

        proxy_set_header X-Real-IP         \$remote_addr;

        proxy_set_header X-Forwarded-For   \$proxy_add_x_forwarded_for;

        proxy_set_header X-Forwarded-Proto https;

        proxy_set_header X-Forwarded-Host  \$http_host;

        proxy_set_header Host              \$http_host;

        proxy_max_temp_file_size           0;

        proxy_pass                         http://127.0.0.1:8080;

        proxy_redirect                     http:// https://;

    }

}

EOF

Restart Nginx in order to put your configuration into effect:

sudo systemctl restart nginx.service

sudo systemctl enable nginx.service

Finally, point your favorite web browser to http://airsonic.example.com/airsonic or https://airsonic.example.com/airsonic to start exploring your AirSonic website.