Update your system

It might be a good idea to update your system before installing something. Kind of ironic isn’t it? We’ll do it anyway.

[root@rocky ~]# yum update

Install dnf-automatic

[root@rocky ~]# yum install dnf-automatic

Configure dnf-automatic

This will enable daily updates

[root@rocky ~]# vi /etc/dnf/automatic.conf

apply_updates = yes                  

Set a schedule for updates

By default updates are installed once a day at 06:00 with a random delay of 60m, I suggest changing that to 04:00 with a delay of 15m

[root@rocky ~]# systemctl edit -f dnf-automatic-install.timer

# [Timer]
# OnCalendar=*-*-* 4:00
# RandomizedDelaySec=10m
# Persistent=true
                 

Start dnf-automatic

Lastly start dnf-automatic and enable it to start automatically at boot time

[root@rocky ~]# systemctl enable dnf-automatic.timer
[root@rocky ~]# systemctl start dnf-automatic.timer

1. RHEL/CentOS Software Collections (SCL)
2. 3rd Party repository such as Remi

I’ll go through the second approach, I might or might not do a SCL edition of this post (probably not).
Remi provides a nice configuration wizard if you want to go for another distro/PHP version.

Update your system

Get the latest updates for your CentOS server

[root@centos ~]# yum update

Add the EPEL repo to your system

You’ll need to have the EPEL repository installed.

[root@centos ~]# yum install epel-release

Add the Remi repo to your system

PHP will be installed from this repository

[root@centos ~]# yum install http://rpms.remirepo.net/enterprise/remi-release-7.rpm

Install yum-utils

Used to manage yum repositories

[root@centos ~]# yum install yum-utils

Enable the remi-php73 repo

That will enable the installed repository

[root@centos ~]# yum-config-manager --enable remi-php73

Upgrade PHP

This will upgrade PHP 5.4 to PHP 7.3

[root@centos ~]# yum update

Zabbix is a mature and effortless enterprise-class open source monitoring solution for network monitoring and application monitoring of millions of metrics.

Update your system

Get the latest updates for your CentOS server

[root@centos ~]# yum update

Add Zabbix repo

In order to install Zabbix you will need to add the Zabbix repository to your system, if your are using anything other than CentOS 7 navigate to the Zabbix repository generator to get guidance on how to install it on your desired system.

[root@centos ~]# rpm -i https://repo.zabbix.com/zabbix/4.0/rhel/7/x86_64/zabbix-release-4.0-1.el7.noarch.rpm

Install Zabbix

The following command will install Zabbix (Server, Web frontend & agent) including some of its dependencies (MariaDB, httpd, PHP ecc. - basically the LAMP stack)
If you want to install MariaDB on your own, check out this blog post for guidance on that.

[root@centos ~]# yum install zabbix-server-mysql zabbix-web-mysql zabbix-agent

Create MariaDB user, database & import schema

In order for Zabbix to work it needs a database so what we’re going to do next is set up a blank DB & then import the Zabbix schema/data.
If you want to do this using phpMyAdmin go for it, I might post a phpMyAdmin article on that soon.
I prefer the command line approach since that is way quicker (please set a strong password in the 3rd line).
The import might take a few minutes to be patient.

[root@centos ~]# # mysql -uroot -p
MariaDB> create database zabbix character set utf8 collate utf8_bin;
MariaDB> grant all privileges on zabbix.* to zabbix@localhost identified by 'yourdesiredpw';
MariaDB> quit;
[root@centos ~]# zcat /usr/share/doc/zabbix-server-mysql*/create.sql.gz | mysql -uzabbix -p zabbix

Modify Zabbix conf

Now we need to tell the Zabbix config file the password of the earlier created MariaDB user. All you need to do is uncomment & edit the DBPassword= parameter.

[root@centos ~]# vi /etc/zabbix/zabbix_server.conf
edit:
DBPassword=password

Modify Zabbix Apache conf or php.ini

Zabbix wants you to set the a zone, you can do this by either setting it in the Zabbix apache conf file or by editing the php.ini config file.

[root@centos ~]# vi /etc/httpd/conf.d/zabbix.conf
edit:
php_value date.timezone Europe/Rome

Open firewall ports

In order to be able to connect to the Web interface you’ll need to open up some ports.
I’m also opening the Zabbix server port 10051.

[root@centos ~]# firewall-cmd --permanent --zone=public --add-service=http
[root@centos ~]# firewall-cmd --permanent --zone=public --add-service=https
[root@centos ~]# firewall-cmd --permanent --zone=public --add-port=10051/tcp
[root@centos ~]# firewall-cmd --reload

SELinux

For the sake of simplicity I’ll set SELinux to permissive, if you want to know how to set it up with enforcing let me know in the comments, I might have a look at it.

[root@centos ~]# vi /etc/selinux/config
edit:
SELINUX=permissive
[root@centos ~]# reboot

Start & enable services

At this point everything should be set up, now you’ll want to launch & enable Zabbix. If you had apache installed on your system before, you want to restart it also

[root@centos ~]# systemctl start zabbix-server zabbix-agent httpd
[root@centos ~]# systemctl enable zabbix-server zabbix-agent httpd
[root@centos ~]# apachectl restart
[root@centos ~]# service zabbix-server status

Configure Zabbix via the web installer

You shoul’d be ready for the final part of the set-up, navigate to your Servers IP / Hostname / FQDN.
In my case it’s: http://zabbix.rabanser.local/zabbix

Start the installation

Verify the installation checks

Database settings

Server settings

Verify the summary and start the installation

Installation succeeded

Login to your new installation, the defaults are: Admin / zabbix

The Dashboard

Wrap up

Thats it, that’s all there is to it. For now at least. I’m going to publish a few more articles about Initial configuration & Windows monitoring.
Stay tuned for that.

Update your system

Get the latest updates for your server

[root@centos ~]# yum update

Add the EPEL repo to your system

In order to install the certbot client on CentOS 7 you’ll need to have the EPEL repository installed.

[root@centos ~]# yum install epel-release

Install certbot

Navigate to certbot’s configurator to select your distro. I’m using Apache on CentOS 7.
This command below will install the certbot client and it’s needed dependencies.

[root@centos ~]# yum install python2-certbot-apache

Generate certificates / keys

[root@centos ~]# certbot --apache

When you run this command for the first time you will be asked for your renewal email, Terms of Service Agreement and if you are willing to share your E-Mail with the EFF:

Enter email address (used for urgent renewal and security notices) (Enter 'c' to
cancel): daniel@rabanser.tech
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server at
https://acme-v02.api.letsencrypt.org/directory
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(A)gree/(C)ancel: A

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let's Encrypt project and the non-profit
organization that develops Certbot? We'd like to send you email about our work
encrypting the web, EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: N

Then you can proceed with your certificate request:

Which names would you like to activate HTTPS for?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: simple-demo.rabanser.tech
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 1

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Redirecting vhost in /etc/httpd/conf.d/simple-demo.rabanser.tech.conf to ssl vhost in /etc/httpd/conf.d/simple-demo.rabanser.tech-le-ssl.conf

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations! You have successfully enabled https://simple-demo.rabanser.tech

Enter email address (used for urgent renewal and security notices) (Enter 'c' to
cancel): daniel@rabanser.tech
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server at
https://acme-v02.api.letsencrypt.org/directory
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(A)gree/(C)ancel: A

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let's Encrypt project and the non-profit
organization that develops Certbot? We'd like to send you email about our work
encrypting the web, EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: N
Which names would you like to activate HTTPS for?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: simple-demo.rabanser.tech
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 1
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for simple-demo.rabanser.tech
Waiting for verification...
Cleaning up challenges
Created an SSL vhost at /etc/httpd/conf.d/simple-demo.rabanser.tech-le-ssl.conf
Deploying Certificate to VirtualHost /etc/httpd/conf.d/simple-demo.rabanser.tech-le-ssl.conf

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Redirecting vhost in /etc/httpd/conf.d/simple-demo.rabanser.tech.conf to ssl vhost in /etc/httpd/conf.d/simple-demo.rabanser.tech-le-ssl.conf

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations! You have successfully enabled https://simple-demo.rabanser.tech

You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=simple-demo.rabanser.tech
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/simple-demo.rabanser.tech/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/simple-demo.rabanser.tech/privkey.pem
   Your cert will expire on 2019-01-19. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot again
   with the "certonly" option. To non-interactively renew *all* of
   your certificates, run "certbot renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

You can now navigate to your site and check your new certificate.

Renew your certificates

Manual renewal:

[root@centos ~]# certbot renew

Since Let’s Encrypt Certificates have a validity period of 90 days, you might want to set up a cron-job which renews the certificates for you

Cron-job:

[root@centos ~]# crontab -e

Insert the following for a cron job which runs every day at 6 AM

0 6 * * * certbot renew >/dev/null 2>&1

• Install Apache on CentOS 7
• Set up Apache
• Serve a simple HTML site
  – with a Virtual Hosts configuration (accessible with a FQDN)

Update your system

Get the latest updates for your server

[root@centos ~]# yum update

Install Apache

Install the Apache version that comes with CentOS 7

[root@centos ~]# yum install httpd

Start Apache

Now you can start the web server and enable it to start automatically at boot time

[root@centos ~]# systemctl start httpd
[root@centos ~]# systemctl enable httpd

Set firewall rules

In order to access the websites hosted on the web server you’ll need to allow HTTP/s communications

[root@centos ~]# firewall-cmd --permanent --zone=public --add-service=http
[root@centos ~]# firewall-cmd --permanent --zone=public --add-service=https
[root@centos ~]# firewall-cmd --reload

Test your setup

If you followed everything correctly, you should see “The Testing 123…” when navigating to your Servers IP address

Initial Apache setup

So, your server could now serve a website in the root path /var/www/html/*, but you might want to use the web server to serve multiple sites which are accessible by different FQDN’s (at least that’s how I use my servers). In order to do that you firstly want to disable the Apache Welcome page by placing a sample index.html file in the /var/www/html folder.
I prefer a simple index.html file that redirects users to my main website (in case someone tries to access the Servers IP address / FQDN ecc.)

[root@centos ~]# vi /var/www/html/index.html

Tweak to your needs, and insert that into the file:

<!DOCTYPE html>
<html>
   <head>
      <title>Redirecting</title>
      <meta http-equiv="refresh" content="0; URL='https://www.rabanser.tech'" />
   </head>
   <body>
      <p><a href="https://www.rabanser.tech">If you are not being redirected automatically click on this link</a></p>
   </body>
</html>

Create a website

Now you’re all set to deploy websites on your server, I’ll start by setting up a demo site accessible at http://simple-demo.rabanser.tech
Let’s start by creating the required folder structure and provide it with a small index.html file:

[root@centos ~]# mkdir /var/www/html/simple-demo.rabanser.tech
[root@centos ~]# vi /var/www/html/simple-demo.rabanser.tech/index.html

<!DOCTYPE html>
<html>
   <head>
      <title>Demo Site</title>
   </head>
   <body>
      <h1>This is a demo site</h1>
   </body>
</html>

Let’s continue with the Apache config file for our demo website, config files are located in /etc/httpd/conf.d/ and have a .conf extension.
I create a config file per web:

[root@centos ~]# vi /etc/httpd/conf.d/simple-demo.rabanser.tech.conf

Tweak to your needs and then insert it in the config file

<VirtualHost *:80>
   ServerName simple-demo.rabanser.tech
   DocumentRoot "/var/www/html/simple-demo.rabanser.tech"
</VirtualHost>

Test the configuration and restart the server

[root@centos ~]# apachectl configtest
Syntax OK
[root@centos ~]# apachectl restart

Lastly you want to set your DNS configuration (I’m just running a lab environment, so I’m going to change my host file).
If you’re all set with DNS you can try to navigate to your site, you should see your site at http://simple-demo.rabanser.tech

Wrap up

That’s it, that all you need to do in order to serve web sites with Apache on CentOS, if you want to host multiple sites, all you need to do is repeat the “Create a website” step and you’re all sorted.

In the next post I’ll go through how to secure your websites with Let’s Encrypt certificates (since you ever want to serve your sites securely)

Update your system

Get the latest updates for your server

[root@centos ~]# yum update

Install using repository generator

Navigate to MariaDB’s repository generator to really get the latest version
Hit up vi or your preferred text editor

[root@centos ~]# vi /etc/yum.repos.d/MariaDB.repo

Insert the following and save the file

# MariaDB 10.3 CentOS repository list - created 2018-10-12 18:16 UTC
# http://downloads.mariadb.org/mariadb/repositories/
[mariadb]
name = MariaDB
baseurl = http://yum.mariadb.org/10.3/centos7-amd64
gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB
gpgcheck=1

Install MariaDB Server

Now you’ll be able to install MariaDB 10.3:

[root@centos ~]# yum install MariaDB-server MariaDB-client

Start MariaDB / Enable autostart

What you want to do next is to start MariaDB and enable it to start automatically on boot time

[root@centos ~]# systemctl start mariadb
[root@centos ~]# systemctl enable mariadb

Initial configuration

Now you’ll need to run the installation script, it sets up the server
Watch out if you want to manage the server using MySQL Workbench (you want to choose “n” for remote root login),
I prefer to user phpMyAdmin so I’m turning it off though

[root@centos ~]# mysql_secure_installation

Set root password? [Y/n] y
Remove anonymous users? [Y/n] Y
Disallow root login remotely? [Y/n] Y
Remove test database and access to it? [Y/n] Y
Reload privilege tables now? [Y/n] Y

Wrap up

That’s it, that’s all you need to do to get MariaDB up and running. You can verify the installed version of MariaDB by typing:

[root@centos ~]# mysql -V

If you want to know how to install and set up phpMyAdmin(will let you administer MariaDB via a Web Browser) I might do a post on that soon.

Update your system

It might be a good idea to update your system before installing something. Kind of ironic isn’t it? We’ll do it anyway.

[root@centos ~]# yum update

Install yum-cron

[root@centos ~]# yum install yum-cron

Configure yum-cron

This will enable daily updates

[root@centos ~]# vi /etc/yum/yum-cron.conf

apply_updates = yes                  

This will enable hourly security updates

[root@centos ~]# vi /etc/yum/yum-cron-hourly.conf

update_cmd = security
update_messages = yes
download_updates = yes
apply_updates = yes

Start yum-cron

Lastly start yum-cron and enable it to start automatically at boot time

[root@centos ~]# systemctl enable yum-cron
[root@centos ~]# systemctl start yum-cron

In this post you will learn how to install CentOS 7 and do some basic system setup.

Start the installation

Test the media and install Set your preferred language Set your time zone Set your preferred keyboard layout Configure you disk, I prefer the manual way since all my Linux Server are webservers Create the basic partitioning If you wish to leave it to the defaults, proceed without making any further changes If you want to set up dedicated partitions for /home and /var Confirm the custom partitioning Set your hostname and enable networking If you have a DHCP server on your network you should see something like this Start the installtion While we wait, set up the root password Reboot the system If you have forgotten the hostname/IP of your system log in and check it

Basic system setup

Proceed with a very basic system setup/configuration

Update your system

First thing you want to do is update your system

[root@centos ~]# yum update

Install drivers

If you are running CentOS 7 as a VM on Hyper-V you don’t need to do anything :)
If you are running on vmWare ESXi you will need to install vmWare Tools:

[root@centos ~]# yum install open-vm-tools

Update 2018/0908 Now with reactions? Maybe I don’t know.

So what can you expect on this Blog?

Well to be honest probably nothing at all. I might post IT related stuff here at some point…