SiteKickr Web Development

Provisioning a New Linux Server (CentOS Stream Edition)

Time: 25 minutes

I created this post about provisioning a new CentOS server years ago before CentOS 7 was depreceted. Well, time to update things a bit!

One difference that you’ll come to notice is that we’re now using a tool called dnf to install packages, where we had used yum in previous distros. Don’t let this overwhelm you, dnf is just a glorified version of yum with a few more options.

Choosing a Server Template

If you’re provisioning a VPS or Cloud instance, you might be given the option to apply a “template” to the server. This template indicates which distribution to install, but also can offer installation of other software, such as the LAMP stack.

I’d encourage you to avoid installing anything except for the bare-bones distribution itself. I’ve struggled to “clean up” after these templates have installed packages far too many times.

Creating a non-root superuser account.

The very first thing you should do is say goodbye to that root login. Don’t ever use it again. It’s not worth ever putting the root password at risk. Okay, but how will I gain admin privileges to the server?

useradd myusername
passwd myusername      (then choose a password)

Great, you have a new user account. Now let’s give it superpowers:

visudo

Locate the line that looks like this:

root    ALL=(ALL)       ALL

Then, create another similar looking line directly under it:

myusername    ALL=(ALL)       ALL

What is this program, I can’t type anything! You’re using an age-old tool called vi, it’s not user-friendly at all, but there are die-hard linux fans that would dive in front of a bullet for it (yes, I have tried to physically harm the software program vi from time to time).

Press the i key on your keyboard to allow editing.

When you’re done, press the Esc key, then colon, then the letters w, then q.

Let’s update the OS itself first

sudo dnf upgrade --refresh -y

Indexing the filesystem search database

While you’re provisioning the server, you’ll probably find yourself using the locate command to find utilities. Depending on your host, they may or may not have setup a cron job to auto-index the search database daily. If not, you’ll need to do this before issuing your first locate command.

updatedb

Yup, that’s it!

Well, unless you don’t have the mlocate tool installed. Not to worry:

dnf install mlocate

Get the latest repositories

Before you start installing software, let’s make sure you’re using the most up-to-date repositories of the software.

sudo dnf config-manager --set-enabled crb
sudo dnf install https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm https://dl.fedoraproject.org/pub/epel/epel-next-release-latest-9.noarch.rpm
sudo dnf install dnf-utils http://rpms.remirepo.net/enterprise/remi-release-9.rpm -y
sudo dnf update --refresh -y

Installing your web server, development tools and database

Otherwise known as the LAMP stack, Apache, MySQL and PHP (or Python/Perl) are your most common installs for a web server. Being so common, it’s not a real heavy lift to get these installed.

There are a few ways to install packages, the two most common are:

I typically choose the RPM method as it’s works for my needs 90% of the time. Occasionally, you’ll find yourself compiling from source (it’s easier than it sounds), but I encourage you to stick with RPM until it’s no longer sufficient.

dnf is an excellent front-end tool that leverages the RPM packaging system. With dnf, you are able to use common names for packages and install them with a single command. Let’s start with Apache.

Installing Apache

dnf install httpd httpd-devel
dnf install mod_ssl

It’s a good ideal to install Apache’s development tools (httpd-devel), as you’ll find them necessary when you add modules such as OpenSSL and others. The same goes for other services such as PHP and MySQL; if a development tools library is available, it usually doesn’t hurt to install it.

You’ll also notice that we’ve install mod_ssl. Might as well while we’re at it.

Now, here’s the kicker. Depending on your version of CentOS, you might be greeted by a server error when you enter your server’s IP address in a web browser. The reason is that the default firewall rules are blocking port 80.

No problem, drop in these commands and you should be good to go:

firewall-cmd --permanent --zone=public --add-service=http
firewall-cmd --permanent --zone=public --add-service=https
firewall-cmd --reload

If that doesn’t work, try adding these lines to  /etc/sysconfig/iptables:

-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT

Directly after

:OUTPUT ACCEPT [3:440]

Then running service iptables save.

Installing Development Tools

At some point, you will need to compile from source, so it makes sense to have the development tools “suite” on your machine:

yum groupinstall "Development Tools"

Installing PHP

I like to grab the most recent PHP version. The problem is that older versions of PHP are the default choice for standard installation.

To see what’s available, use

sudo dnf module list php

Once you’ve decided on a version, enable it with (using PHP 8.1 as an example):

sudo dnf module enable php:remi-8.1 -y

And finally, install it:

sudo dnf install php-fpm -y
sudo dnf install php-cli php-curl php-gd php-opcache php-zip php-intl php-common php-bcmath php-imap php-imagick php-xmlrpc php-json php-readline php-memcached php-redis php-mbstring php-apcu php-xml php-dom php-redis php-memcached php-memcache

Installing MySQL

sudo dnf install mysql mysql-server -y

At this point, it makes sense to setup MySQL using the included secure installation script:

mysql_secure_installation

Installing PHP Modules

Now that MySQL is installed, let’s install the PHP modules necessary to connect to MySQL. While we’re at it, we should snag as many other useful modules as possible

sudo dnf install php-mysqlnd

Installing nano

As I mentioned before, unless you’re a die-hard, you won’t be happy with the vi text editor that comes installed on the server. nano is a step up, something you might more closely equate with Windows Notepad.

dnf install nano

Verifying your mail sender

It’s likely that you distribution will include sendmail by default, but it’s possible that it won’t. In some cases, by doing:

locate sendmail

It appeared to me that sendmail was actually installed. But when I tried to test it (as shown below), it returned errors. Sendmail wasn’t actually installed.

If this happens, you can easily install it with yum.

yum install sendmail

Then, verify it’s working using this sendmail test snippet.

Fire it up!

Now that you have everything installed, it’s time to start Apache and MySQL.

You can call these programs directly:

/etc/init.d/httpd start
/etc/init.d/mysqld start

Or, you can use the systemctl command to start them. service is basically a convenience utility to start, stop or restart any daemon located in the /etc/init.d directory.

systemctl httpd start
systemctl mysqld start
systemctl php-fpm start

Make ’em last forever

Once you start your services, you’re good to go. For now. But what happens when you need to restart your server (or it restarts automatically for some unforeseen reason, like a power outage)?

Thankfully, the chkconfig command has been provided to use to manage our starting lineup. To ensure that both Apache and MySQL start automatically on boot, issue the following two commands:

systemctl enable httpd --now
systemctl enable mysqld --now
systemctl enable --now php-fpm

Configuring Apache

nano /etc/httpd/conf/httpd.conf

Uncomment this line:

#NameVirtualHost *:80

Then, add any VirtualHost stanzas required, either directly in httpd.conf, or preferably within a separate file. Many use the convention of having a separate file for virtual host directives, called vhosts.conf

/etc/httpd/conf.d/vhosts.conf

After you’re done setting up your virtual hosts, restart apache.

service httpd graceful

By using the graceful argument, you’re telling Apache not restart in the middle of a request. Of course, when first provisioning your server, it’s not likely that you’re getting production requests from your web site. But, it’s a good idea to get in the habit of gracefully restarting your web server.

I’ve found that some of my CentOs servers tend to fall out of sync with time. The NTP service can be used to keep the server’s time in sync against a remote time service.

#install ntp
sudo yum install ntp

# make sure it's starts up after reboot
sudo /sbin/chkconfig ntpd on

# start the ntp service now
sudo /etc/init.d/ntpd start