HOWTO CentOS 7.x Base Server Setup

Introduction

All of our servers will start with this install. This base server is based on CentOS 7.

Downloading the ISO

Visit the CentOS website and download the Minimal install ISO.

Initial Install

Boot the install DVD.

The graphical install loads and we’re ready to go.
*Choose your language and click next.
The next screen has a menu with groups of settings that need to be configured.
*Click on ‘DATE & TIME’ and set your timezone.
*Click on ‘INSTALLATION DESTINATION’ and click done to let it auto partition the drive.
*Click on ‘NETWORK & HOSTNAME’ and set the hostname. Click the ‘Configure’ button and set the adaptor to auto connect. Then click done.
*Click on ‘SOFTWARE SELECTION’. Select ‘Minimal Install’. Check the option for ‘Compatibility Libraries’. Then click done.
*When done click ‘Begin Installation’.
The installation progress screen has a couple of menu items for setting the root password and creating users.
*set the root password.
*You should create a user to admin the system.
*Click ‘Finish Configuration’ when it appears.
*Click ‘Reboot’ when it appears.

First boot

Reboot the machine when the install finishes.
The OS will boot. Log in.

Get everything updated and install a couple of items.
> yum -y install nano net-tools deltarpm
> yum -y group install ‘Infrastructure Server’
> yum -y upgrade

Disable selinux

Now we need to disable selinux. There is some software that doesn’t play well with selinux.
Edit /etc/selinux/config and change SELINUX=enforcing to SELINUX=disabled

Disable the firewall

> systemctl stop firewalld
> systemctl disable firewalld

WARNING: My server isn’t directly connected to the internet. The firewall is disabled to help with installation, configuration and testing easier. Once everything is working, turn on the firewall and configure it. I wil remind you to secure your server at the end of this howto.

now reboot the server.

The Second Boot – Installing Additional Packages

We need quite a few other packages. A change in this howto is that I’m installing RPMs reguardless if they were already installed by another dependency. This guards against RPM changes that could cause a package to not be installed.

We need to add and enable a few repositories.
Type nano -w /etc/yum.repos.d/CentOS-Base.repo
For the centosplus section change ‘enable=0’. Change the 0 to a 1.

We need the webmin repo. Create webmin.repo with the text below.
> nano -w /etc/yum.repos.d/webmin.repo

[Webmin]
 name=Webmin Distribution Neutral
 #baseurl=http://download.webmin.com/download/yum
 mirrorlist=http://download.webmin.com/download/yum/mirrorlist
 enabled=1

And the EPEL repo.
> yum install epel-release

Finish up by installing hte remi repo.
> wget http://rpms.remirepo.net/enterprise/remi-release-7.rpm
> rpm -Uvh remi-release-7.rpm

Edit /etc/yum.repos.d/remi.repo. Change enable=0 to enable=1 in the sections “remi” and “remi-php56”.

Now bring everything up to date.
> yum -y update

Install the following RPMs. Multiple lines to make cut and paste easier.
> yum -y install gcc gcc-c++ wget bison nano make createrepo screen
> yum -y install libmcrypt caching-nameserver

Now lets install webmin. We need SSL support in perl. Setup is easier if you get this installed before webmin.
> yum -y install perl-Net-SSLeay
> rpm –import http://www.webmin.com/jcameron-key.asc
> yum -y install webmin
> systemctl enable webmin
> service webmin start

Install MariaDB.
> yum -y install mariadb-server mariadb
> systemctl enable mariadb
> systemctl start mariadb

Run the following script to setup mariadb.
> mysql_secure_installation

Install PHP.
> yum -y install php php-cli php-fpm
> yum -y install php-gd php-ncurses php-snmp php-mbstring php-mysql php-devel
> yum -y install php-odbc php-imap php-pecl-apc
> yum -y install php-xmlrpc php-dba php-pear-DB php-mcrypt
> systemctl enable php-fpm
> systemctl start php-fpm

Install Apache web server
> yum -y install @web-server
> systemctl enable httpd
> systemctl start httpd

Installing and Configuring phpMyAdmin

I prefer to phpMyAdmin to manage my MySQL databases.

Now install phpMyAdmin.
> yum -y install phpMyAdmin

You will need to add access to phpMyAdmin. By default only the local server can access it. Edit /etc/httpd/conf.d/phpMyAdmin.conf to look like the following.

# phpMyAdmin - Web based MySQL browser written in php
# 
# Allows only localhost by default
#
# But allowing phpMyAdmin to anyone other than localhost should be considered
# dangerous unless properly secured by SSL

Alias /phpMyAdmin /usr/share/phpMyAdmin
Alias /phpmyadmin /usr/share/phpMyAdmin

<Directory /usr/share/phpMyAdmin/>
 AddDefaultCharset UTF-8

<IfModule mod_authz_core.c>
 # Apache 2.4
 Require local
 Require ip 192.168.0.0/16
 Require ip 10.0.0.0/8
 </IfModule>
 <IfModule !mod_authz_core.c>
 # Apache 2.2
 Order Deny,Allow
 Deny from All
 Allow from 127.0.0.1
 Allow from ::1
 </IfModule>
</Directory>

<Directory /usr/share/phpMyAdmin/setup/>
 <IfModule mod_authz_core.c>
 # Apache 2.4
 Require local
 Require ip 192.168.0.0/16
 Require ip 10.0.0.0/8
 </IfModule>
 <IfModule !mod_authz_core.c>
 # Apache 2.2
 Order Deny,Allow
 Deny from All
 Allow from 127.0.0.1
 Allow from 192.168. 
 Allow from 10.
 Allow from ::1
 </IfModule>
</Directory>

# These directories do not require access over HTTP - taken from the original
# phpMyAdmin upstream tarball
#
<Directory /usr/share/phpMyAdmin/libraries/>
 Order Deny,Allow
 Deny from All
 Allow from None
</Directory>

<Directory /usr/share/phpMyAdmin/setup/lib/>
 Order Deny,Allow
 Deny from All
 Allow from None
</Directory>

<Directory /usr/share/phpMyAdmin/setup/frames/>
 Order Deny,Allow
 Deny from All
 Allow from None
</Directory>

# This configuration prevents mod_security at phpMyAdmin directories from
# filtering SQL etc. This may break your mod_security implementation.
#
#<IfModule mod_security.c>
# <Directory /usr/share/phpMyAdmin/>
# SecRuleInheritance Off
# </Directory>
#</IfModule>

Restart Apache.
> systemctl restart httpd

Now test it out.

Installing cockpit

I’m trying cockpit as my server admin tool.  Do the following to set it up.
> yum -y install cockpit cockpit-dashboard cockpit-networkmanager cockpit-packagekit
> yum -y install cockpit-selinux cockpit-sosreport cockpit-storaged
> systemctl start cockpit
> systemctl enable cockpit.socket

You can now login to https://yourserver.tld:9090 to administer your server.

Getting root’s and other’s mail

You need to get some local system user’s mail. We’ll use postfix’s virtual file to get the emails to the right place.

Add the following to /etc/postfix/virtual

root admin@yourdomain.tld
 postmaster admin@yourdomain.tld
 abuse admin@yourdomain.tld

Now add the configuration option to main.cf
> postconf -e “virtual_alias_maps = hash:/etc/postfix/virtual”
Just a couple commands to wrap everything up.
> postmap /etc/postfix/virtual
> systemctl restart postfix

Final Settings

You may want to enable the linux firewall.
Set your timezone in /etc/php.ini

Conclusion

That’s it for the basic server setup. This is an example of a standard linux server setup. Be sure to use setup or webmin to set which services you want to start at boot time. See the other pages for info on configuring servers for virtual webhosting or virtual email hosting. Remember to configure the firewall on the server.