Yesterday, they announced Hayabusa 2 Launch rescheduled again. The new schedule for it is at 13:22:04 on December 3(JST). I hope good weather which makes third time lucky aha.
I’ll create a LAMP server on CentOS7 with SELinux enforcing in VPS.
But before this, I did the three four things.
$ sudo vi /etc/pam.d/su
Then, uncomment the next line. #auth required pam_wheel.so use_uid –>> auth required pam_wheel.so use_uid
Now the OS permits for only the users in Wheel Group can become root by ‘su’ command.
$ sudo vi /etc/aliases
Then, uncomment the last line of the file and change the user name. #root: marc –>> root: centos
$ sudo newaliases
By this, the user centos can get root’s mail.
Check up on the time zone.
$ sudo timedatectl status
Everything is OK.
$ sudo systemctl status chronyd.service
I had “System clock wrong by 1.088336 seconds, adjustment started” in the result, so I edited /etc/chrony.conf.
$ sudo vi /etc/chrony.conf
In the file I found “# Use public servers from the pool.ntp.org project.”, and I went to pool.ntp.org. I added the lines with ‘+’ at their head and deleted ‘-’s by the instructions.
+server 0.pool.ntp.org iburst
+server 1.pool.ntp.org iburst
+server 2.pool.ntp.org iburst
+server 3.pool.ntp.org iburst
–server 0.centos.pool.ntp.org iburst
–server 1.centos.pool.ntp.org iburst
–server 2.centos.pool.ntp.org iburst
–server 3.centos.pool.ntp.org iburst
Then, restart the service and check again.
$ sudo systemctl restart chronyd.service
$ sudo systemctl status chronyd.service
Now everything is OK.
Note) The location of exstra.conf files: /etc/httpd/conf.d
The extra conf files by default: autoindex.conf, userdir.conf, welcome.conf
Note2) The location of module.conf files: /etc/httpd/conf.modules.d/
Note3) I do not rotate log files but the Apache Httpd seems to be able to make it automatically (See /var/log/httpd/ after more than one-day server running). From when can it do this?? Or is this CentOS7’s own feature?
Usually ~userid has the permission 700, but it needs 701 for httpd accessibility. This information on the userdir.conf.
$ chmod 701 centos
I set the DocumentRoot to an user’s home directory, so I need to tell it to SELinux and to allow httpd to access User Home Directory. This information is on httpd_selinux(8). However, when I tried to read it, CentOS7 said it’s empty, oops!!
See online httpd_selinux(8).
$ sudo setsebool -P httpd_enable_homedirs on
$ sudo systemctl start httpd.service
I had the error message “Job for httpd.service failed. See ‘systemctl status httpd.service’ and ‘journalctl -xn’ for details.” when I first started httpd.service. Because I forgot to create ‘www’ and ‘html’ directories. So I made them as the user centos.
[centos@localhost ~]$ mkdir www
[centos@localhost ~]$ cd www
[centos@localhost www]$ mkdir html
Check the directories context.
$ ls -Z
drwxrwxr-x. test test unconfined_u:object_r:httpd_user_content_t:s0 www
$ ls -Z
drwxrwxr-x. test test unconfined_u:object_r:httpd_user_content_t:s0 html
$ sudo systemctl start httpd.service again.
$ sudo firewall-cmd --permanent --zone=public --add-service=http Httpd Testing page$ sudo firewall-cmd --reload
$ sudo systemctl enable httpd.service
Note4) Each Well-Known-Port seems to be set by default. So you don’t need firewall-cmd command for port 80.
Access http://VPS_DomainName/. You can see a page like the right image.
||Install MariaDB||
$ sudo yum install mariadb-server mariadb
The installed version is mariadb.x86_64 1:5.5.40-1.el7_0 & mariadb-server.x86_64 1:5.5.40-1.el7_0.
$ sudo systemctl start mariadb
$ sudo mysql_secure_installation Enter current password for root (enter for none): <<-- Hit [Enter] key.
Set root password? [Y/n] <<-- Hit [Enter] key.
New password: <<-- Type a password for root.
Re-enter new password: <<-- Type the password again.
Hit [Enter] key for each question below ⇩.
Remove anonymous users? [Y/n] Disallow root login remotely? [Y/n] Remove test database and access to it? [Y/n] Reload privilege tables now? [Y/n]
$ sudo systemctl enable mariadb.service
||Install PHP||
$ sudo yum install php php-mysql php-mbstring
The installed version is php.x86_64 5.4.16-23.el7_0.3 , php-mbstring.x86_64 5.4.16-23.el7_0.3 & php-mysql.x86_64 5.4.16-23.el7_0.3.
At the instllation, the php.conf is created in /etc/httpd/conf.d automatically.
Edit /etc/php.ini.
$ sudo vi /etc/php.ini
Show line numbers by ‘:set nu’.
line# 243: output_buffering = 4096 –>> output_buffering = Off
Note5) The location of additional.ini files: /etc/php.d
The additional ini files by default: curl.ini, fileinfo.ini, json.ini, mbstring.ini, mysql.ini, mysqli.ini, pdo.ini, pdo_mysql.ini, pdo_sqlite.ini, phar.ini, sqlite3.ini, zip.ini
$ sudo systemctl restart httpd.service
||Install phpMyAdmin||
I need phpMyAdmin he-he. However I could not find it among the three repositories, base, extras and updates. So, I added ‘epel’.
$ sudo yum install epel-release
$ sudo yum install phpmyadmin
The installed version is phpMyAdmin.noarch 4.2.11-1.el7.
At the instllation, the phpMyAdmin.conf is created in /etc/httpd/conf.d automatically.
Edit /etc/httpd/conf.d/phpMyAdmin.conf
$ sudo vi /etc/httpd/conf.d/phpMyAdmin.conf
Here is my phpMyAdmin.conf. See below. # phpMyAdmin - Web based MySQL browser written in php # # Allows only localhost by default # # But allowing phpMyAdmin to anyone other than localhost should be considered # dangerous unless properly secured by SSL
Alias /phpMyAdmin /usr/share/phpMyAdmin Alias /phpmyadmin /usr/share/phpMyAdmin
$ sudo setsebool -P ftp_home_dir on
Because I uncomment local_enable=YES. This information is on the vsftpd.conf.
$ sudo vi /etc/vsftpd/chroot_list
I added ‘admin’ to the chroot_list.
When I made “chroot_~” uncommented and an access via FTP as a normal user, I had 500 OOPS: vsftpd: refusing to run with writable root inside chroot(), so I added allow_writeable_chroot=YES to the vsftpd.conf. This information I found on 500 OOPS: vsftpd: refusing to run with writable root inside chroot() Login failed on debian.
line# 104: –>> allow_writeable_chroot=YES
