CentOS

Education Series Part 05 – Setup and Configure Apache Web Server (CentOS 7)

John, , , Leave a comment

Install Apache (httpd)

# yum -y install httpd

Enable the apache service so it starts when CentOS boots.

# systemctl enable httpd.service

Create the directory structure – I am going to configure this for virtual hosts from the get-go since that is the most common.

# mkdir -p /var/www/sample.com/public_html
# mkdir -p /var/www/sample2.com/public_html

Change permission so a regular user can modify the files:

# chown -R $USER:$USER /var/www/sample.com/public_html
# chown -R $USER:$USER /var/www/sample2.com/public_html

Modify permissions so that it has full read access:

# chmod -R 755 /var/www/

Add a quick demo page for each site:

# vi /var/www/sample.com/public_html/index.html
# cp /var/www/sample.com/public_html/index.html /var/www/sample2.com/public_html

Create two directories firsts sites-available which will hold all the virtual files, and then a sites-enabled to hold all of the symbolic links.

# mkdir /etc/httpd/sites-available
# mkdir /etc/httpd/sites-enabled

 Now to tell Apache to look for the sites-enabled by editing the httpd.conf

# vi /etc/httpd/conf/httpd.conf

Scroll to the end of the file (page down) and at the very end of the file add the following:

IncludeOptional sites-enabled/*.conf

Create the virtual hosts file.

# vi /etc/httpd/sites-available/sample.com.conf

Inside of the file fill it out appropriately:

<VirtualHost *:80>
ServerName www.sample.com
ServerAlias sample.com
DocumentRoot /var/www/sample.com/public_html
ErrorLog /var/www/sample.com/error.log
CustomLog /var/www/sample.com/requests.log combined
</VirtualHost>

Copy the file to the other domains.

# cp /etc/httpd/sites-available/sample.com.conf /etc/httpd/sites-available/sample2.com.conf

Modify the sample2.com.conf file to reflect the second domain.

# vi /etc/httpd/sites-available/sample2.com.conf
<VirtualHost *:80>
ServerName www.sample2.com
ServerAlias sample2.com
DocumentRoot /var/www/sample2.com/public_html
ErrorLog /var/www/sample2.com/error.log
CustomLog /var/www/sample2.com/requests.log combined
</VirtualHost>

Create symbolic links for the virtual hosts:

# ln -s /etc/httpd/sites-available/sample.com.conf /etc/httpd/sites-enabled/sample.com.conf
# ln -s /etc/httpd/sites-available/sample2.com.conf /etc/httpd/sites-enabled/sample2.com.conf

Since it’s a test on a local machine I modified my hosts file in order to test the site out:

#  vi /etc/hosts
10.0.0.15    sample.com
10.0.0.15    sample2.com

After this restart apache:

# systemctl restart httpd.service

Of course it failed.  I added the firewall rules.

# firewall-cmd --add-service=http 
# firewall-cmd --state
# firewall-cmd --list-all
# firewall-cmd --list-interfaces
# firewall-cmd --get-service
# firewall-cmd --query-service service_name
# firewall-cmd --add-port=8080/tcp
# systemctl restart firewalld

Still errored out ran apache config.

#  apachectl configtest

There was a problem with copying the sample2.com.conf file, I typoed it.  Changed the name, still failed.

Added exception to selinux:

# chcon --reference /var/log/httpd/error_log /var/www/sample.com/error.log
# chcon --reference /var/log/httpd/error_log /var/www/sample2.com/error.log
# chcon --reference /var/log/httpd/access_log /var/www/sample.com/request.log
# chcon --reference /var/log/httpd/access_log /var/www/sample2.com/request.log

Once again restart httpd.service

# systemctl restart httpd.service

This time it loaded up without any errors.  I opened up Firefox and went to sample.com and voila it worked.

Always and I mean always triple-check selinux!

Education Series Part 05 – Setup and Configure Apache Web Server (CentOS 7)

Education Series Part 04 – CentOS 7 File and Directory Management

John, , Leave a comment

Redirect output with cat:

# cat > lovely.txt
Insert what you want to input into the file.
On each of these lines.
When you are done.
Press ctrl+d to exit cat.

View the file:

# cat lovely.txt

Merge the files together now:

#cat meow.txt lovely.txt > lovely_meow.txt

Note:  The text from the first file listed will be first.  Followed by the second, third, etc…

Append information from one file to the other without overwriting the contents.

# cat thug.txt >> meow.txt

Compare to files together:

# cat example.txt; cat example2.txt

View contents one screen at a time:

# ls -al /etc/ | less

View the first 10 lines of a file

# head boot.log

Change the number of lines to view at a time in a file:

# head -20 boot.log

View the last ten lines of a file:

# tail boot.log

Watch a log actively:

# tail -f /var/log/messages
Education Series Part 04 – CentOS 7 File and Directory Management

Education Part 02 – CentOS 7 Users & Groups

John, , , , Leave a comment

A big part of Linux is managing users and groups.  Eventually I will setup and configure LDAP, but until then I am just doing this on the local machine.

I made myself root so that I did not have to constantly type sudo.

#  su -

Create three users in CentOS:

# useradd david
# useradd christine
# useradd ccf

Create a user that is not permitted to log in to the system.  (Like when setting up Samba).

# useradd -s /usr/sbin/nologin no_login_test

Set passwords for the users:

# passwd david
# passwd ccf
# passwd christine

Set an expiration date for a user:

# usermod --expiredate=2015-03-29 ccf

Verify the expiration date:

# chage -l ccf

 Creating Groups:

# groupadd test1
# groupadd test2
# groupadd developers

Add a user to a group or groups:

# usermod -G developers -a david
# usermod -G test1 - a david

Verify which groups the user is now in:

# groups david
david : david test 1 developers

Lock a user account (stops them from being able to login):

# usermod -L ccf

Unlock a user account (permits them to log back into the system):

# usermod -U ccf

Deleting a group:

# groupdel test2

Deleting a user – the -r switch deletes all traces of the user including their home directory.

# userdel -r ccf

Give a user root access

# gpasswd -a david wheel

This adds the user to the wheel group, and gives them sudo access to the system.  I suppose no more visudo?

Log In as that user and test it out:

# sudo -l david
# sudo yum search chrome

Change a users home directory.

Create/locate the directory you want to use for my experiment I created a new directory:

# mkdir /mnt/fake_home
# usermod -d /mnt/fake_home christine

Verify that it worked:

# grep -E --color '/mnt/fake_home' /etc/passwd
christine:x:1002:1002::/mnt/fake_home:/bin/bash

Changing a user’s primary group.

First verify the users current group

# id christine
uid=1002(christine) gid=1002(christine) groups=1002(christine),1006(developer)

Now we will set the primary group to test1

# usermod -g test1 christine

Verify the change

# id christine
# uid=1002(christine) gid=1002(christine) groups=1004(test1),1006(developer)

Set an un-encrypted password for a user

# usermod -p password plinko

View the password:

# cat /etc/shadow | grep plinko
plinko:password:16522:0:99999:7:::

QUESTION:  Why would anyone want to create an account with an unencrypted password?

Education Part 02 – CentOS 7 Users & Groups

Setting up an NFS Server and Client – CentOS 7

John, , , Leave a comment

An NFS Server is a Network File System server in Linux.  In other words you setup a server with folders and files that you permit other systems to connect to, share files, and all of that fun stuff.

I decided since it had been ages since I setup an NFS server that this should be one of the first tasks I partake in.  I am working with a basic install of CentOS 7.

1.  Install Utilities

yum install nfs-utils

2.  Create the share

mkdir /var/nfs_share

I find this easier than doing the /home directory since it doesn’t screw up all the permissions

3.  Set permissions

chmod -R 777 /var/nfs_share

4.  Start/Stop the services while enabling them for start up.

systemctl enable rpcbind
systemctl enable nfs-server
systemctl enable nfs-lock
systemctl enable nfs-idmap
systemctl start rpcbind
systemctl start nfs-server
systemctl start nfs-lock
systemctl start nfs-idmap

5.  Share the directory over the network

vim /etc/exports

Edit the file to include:

/var/nfs_share 192.168.1.32(rw,sync,no_root_squash,no_all_squash)

6.  Start the service

systemctl restart nfs-server

7.  Add the firewall rule

This I forgot about and it took me quite a bit to figure out what I had missed.  So make sure you do this step.

firewall-cmd --permanent --zone=public --add-service=nfs
firewall-cmd --permanent --zone=public --add-service=mountd
firewall-cmd --permanent --zone=public --add-service=rpc-bind
firewall-cmd --reload

Now shift over the client end of things (also running CentOS for me at least).

1.  Install the nfs utils.

yum install nfs-utils

2.  Create the mount points.

You can do this anywhere but I have always used /mnt/ for every thing.

mkdir -p /mnt/nfs/home
mkdir -p /mnt/nfs/nfs_share

3.  Start the services and add them to boot

systemctl enable rpcbind
systemctl enable nfs-server
systemctl enable nfs-lock
systemctl enable nfs-idmap
systemctl start rpcbind
systemctl start nfs-server
systemctl start nfs-lock
systemctl start nfs-idmap

4.  Mount the share

mount -t nfs 192.168.1.30:/home /mnt/nfs/home/
 mount -t nfs 192.168.1.30:/var/nfs_share /mnt/nfs/var/nfs_share/

5.  Verify that it’s mounted 

df -kh

6.  Check the read/write permissions on the share

touch /mnt/nfs/var/nfs_share/test_nfs

If you want to mount it permanently do the following

vim /etc/fstab

Add the entries:

192.168.1.30:/home /mnt/nfs/home nfs defaults 0 0
192.168.1.30:/var/nfs_share /mnt/nfs/var/nfs_share nfs defaults 0 0
Setting up an NFS Server and Client – CentOS 7