Time: 25 minutes
I created this post about provisioning a new CentOS server years ago before CentOS 7 was depreceted. Well, time to update things a bit!
One difference that you’ll come to notice is that we’re now using a tool called dnf to install packages, where we had used yum in previous distros. Don’t let this overwhelm you, dnf is just a glorified version of yum with a few more options.
Choosing a Server Template
If you’re provisioning a VPS or Cloud instance, you might be given the option to apply a “template” to the server. This template indicates which distribution to install, but also can offer installation of other software, such as the LAMP stack.
I’d encourage you to avoid installing anything except for the bare-bones distribution itself. I’ve struggled to “clean up” after these templates have installed packages far too many times.
Creating a non-root superuser account.
The very first thing you should do is say goodbye to that root login. Don’t ever use it again. It’s not worth ever putting the root password at risk. Okay, but how will I gain admin privileges to the server?
useradd myusername
passwd myusername (then choose a password)
Great, you have a new user account. Now let’s give it superpowers:
visudo
Locate the line that looks like this:
root ALL=(ALL) ALL
Then, create another similar looking line directly under it:
myusername ALL=(ALL) ALL
What is this program, I can’t type anything! You’re using an age-old tool called vi, it’s not user-friendly at all, but there are die-hard linux fans that would dive in front of a bullet for it (yes, I have tried to physically harm the software program vi from time to time).
Press the i key on your keyboard to allow editing.
When you’re done, press the Esc key, then colon, then the letters w, then q.
Let’s update the OS itself first
sudo dnf upgrade --refresh -y
Indexing the filesystem search database
While you’re provisioning the server, you’ll probably find yourself using the locate command to find utilities. Depending on your host, they may or may not have setup a cron job to auto-index the search database daily. If not, you’ll need to do this before issuing your first locate command.
updatedb
Yup, that’s it!
Well, unless you don’t have the mlocate tool installed. Not to worry:
dnf install mlocate
Get the latest repositories
Before you start installing software, let’s make sure you’re using the most up-to-date repositories of the software.
sudo dnf config-manager --set-enabled crb
sudo dnf install https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm https://dl.fedoraproject.org/pub/epel/epel-next-release-latest-9.noarch.rpm
sudo dnf install dnf-utils http://rpms.remirepo.net/enterprise/remi-release-9.rpm -y
sudo dnf update --refresh -y
Installing your web server, development tools and database
Otherwise known as the LAMP stack, Apache, MySQL and PHP (or Python/Perl) are your most common installs for a web server. Being so common, it’s not a real heavy lift to get these installed.
There are a few ways to install packages, the two most common are:
- From source (requires us to compile the source code on our server)
- RPM (software comes packaged and installation is managed by the package)
I typically choose the RPM method as it’s works for my needs 90% of the time. Occasionally, you’ll find yourself compiling from source (it’s easier than it sounds), but I encourage you to stick with RPM until it’s no longer sufficient.
dnf is an excellent front-end tool that leverages the RPM packaging system. With dnf, you are able to use common names for packages and install them with a single command. Let’s start with Apache.
Installing Apache
dnf install httpd httpd-devel
dnf install mod_ssl
It’s a good ideal to install Apache’s development tools (httpd-devel), as you’ll find them necessary when you add modules such as OpenSSL and others. The same goes for other services such as PHP and MySQL; if a development tools library is available, it usually doesn’t hurt to install it.
You’ll also notice that we’ve install mod_ssl. Might as well while we’re at it.
Now, here’s the kicker. Depending on your version of CentOS, you might be greeted by a server error when you enter your server’s IP address in a web browser. The reason is that the default firewall rules are blocking port 80.
No problem, drop in these commands and you should be good to go:
firewall-cmd --permanent --zone=public --add-service=http firewall-cmd --permanent --zone=public --add-service=https firewall-cmd --reload
If that doesn’t work, try adding these lines to /etc/sysconfig/iptables:
-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
Directly after
:OUTPUT ACCEPT [3:440]
Then running service iptables save.
Installing Development Tools
At some point, you will need to compile from source, so it makes sense to have the development tools “suite” on your machine:
yum groupinstall "Development Tools"
Installing PHP
I like to grab the most recent PHP version. The problem is that older versions of PHP are the default choice for standard installation.
To see what’s available, use
sudo dnf module list php
Once you’ve decided on a version, enable it with (using PHP 8.1 as an example):
sudo dnf module enable php:remi-8.1 -y
And finally, install it:
sudo dnf install php-fpm -y
sudo dnf install php-cli php-curl php-gd php-opcache php-zip php-intl php-common php-bcmath php-imap php-imagick php-xmlrpc php-json php-readline php-memcached php-redis php-mbstring php-apcu php-xml php-dom php-redis php-memcached php-memcache
Installing MySQL
sudo dnf install mysql mysql-server -y
At this point, it makes sense to setup MySQL using the included secure installation script:
mysql_secure_installation
Installing PHP Modules
Now that MySQL is installed, let’s install the PHP modules necessary to connect to MySQL. While we’re at it, we should snag as many other useful modules as possible
sudo dnf install php-mysqlnd
Installing nano
As I mentioned before, unless you’re a die-hard, you won’t be happy with the vi text editor that comes installed on the server. nano is a step up, something you might more closely equate with Windows Notepad.
dnf install nano
Verifying your mail sender
It’s likely that you distribution will include sendmail by default, but it’s possible that it won’t. In some cases, by doing:
locate sendmail
It appeared to me that sendmail was actually installed. But when I tried to test it (as shown below), it returned errors. Sendmail wasn’t actually installed.
If this happens, you can easily install it with yum.
yum install sendmail
Then, verify it’s working using this sendmail test snippet.
Fire it up!
Now that you have everything installed, it’s time to start Apache and MySQL.
You can call these programs directly:
/etc/init.d/httpd start
/etc/init.d/mysqld start
Or, you can use the systemctl command to start them. service is basically a convenience utility to start, stop or restart any daemon located in the /etc/init.d directory.
systemctl httpd start
systemctl mysqld start
systemctl php-fpm start
Make ’em last forever
Once you start your services, you’re good to go. For now. But what happens when you need to restart your server (or it restarts automatically for some unforeseen reason, like a power outage)?
Thankfully, the chkconfig command has been provided to use to manage our starting lineup. To ensure that both Apache and MySQL start automatically on boot, issue the following two commands:
systemctl enable httpd --now systemctl enable mysqld --now systemctl enable --now php-fpm
Configuring Apache
nano /etc/httpd/conf/httpd.conf
Uncomment this line:
#NameVirtualHost *:80
Then, add any VirtualHost stanzas required, either directly in httpd.conf, or preferably within a separate file. Many use the convention of having a separate file for virtual host directives, called vhosts.conf
/etc/httpd/conf.d/vhosts.conf
After you’re done setting up your virtual hosts, restart apache.
service httpd graceful
By using the graceful argument, you’re telling Apache not restart in the middle of a request. Of course, when first provisioning your server, it’s not likely that you’re getting production requests from your web site. But, it’s a good idea to get in the habit of gracefully restarting your web server.
I’ve found that some of my CentOs servers tend to fall out of sync with time. The NTP service can be used to keep the server’s time in sync against a remote time service.
#install ntp
sudo yum install ntp
# make sure it's starts up after reboot
sudo /sbin/chkconfig ntpd on
# start the ntp service now
sudo /etc/init.d/ntpd start