Levent Ozturk
Enter
centos7 server setup ======================================================================== 1.reinstall (in SolusVM CP) CentOS 7.0 x86_64 Minimal 2. Clean and update all installed packages sudo yum clean all sudo yum -y update 3. OS Firewall sudo firewall-cmd --permanent --add-port=80/tcp sudo firewall-cmd --permanent --add-port=443/tcp sudo firewall-cmd --reload ======================================================================== APACHE ======================================================================== 4. install apache. sudo yum install httpd mod_ssl 5a.Configure Apache sudo /usr/sbin/apachectl start vi /etc/httpd/conf/httpd.conf => edit ServerName change DocumentRoot to something other than /var/www change AllowOverride for the new root folder to All (for sub htaccess) sudo /usr/sbin/apachectl restart sudo /sbin/chkconfig httpd on # autostart on reboot sudo /sbin/chkconfig --list httpd 5b.Configure Apache sudo systemctl start httpd sudo systemctl enable httpd # autostart on reboot sudo systemctl status httpd sudo systemctl stop httpd ======================================================================== 10. Apache Virtual host sudo mkdir -p /var/www/example.com/public_html sudo chown -R $USER:$USER /var/www/example.com/public_html sudo chmod -R 755 /var/www sudo mkdir /etc/httpd/sites-available sudo mkdir /etc/httpd/sites-enabled vi /etc/httpd/sites-available/example.com.conf => ServerName www.example.com ServerAlias example.com DocumentRoot /var/www/example.com/public_html ErrorLog /var/www/example.com/error.log CustomLog /var/www/example.com/requests.log combined See https://httpd.apache.org/docs/2.4/vhosts/examples.html for examples sudo ln -s /etc/httpd/sites-available/example.com.conf /etc/httpd/sites-enabled/example.com.conf ======================================================================== 6. Apache Install mod_perl httpd -M # list apache modules yum install -y epel-release yum install -y mod_perl 7. Configure content /var/www/html/ /etc/httpd/conf.d/welcome.conf ======================================================================== 8. MariaDB sudo yum install mariadb-server sudo systemctl enable mariadb.service sudo systemctl start mariadb.service mysql_secure_installation # root pw: levent 8b. Create DB mysql -u root -p #no space after -p create database webdata; grant all on webdata.* to 'webuser' identified by 'password'; ======================================================================== 9. PHP sudo yum install php php-pear sudo yum install php-mysql vi /etc/php.ini => error_reporting = E_COMPILE_ERROR|E_RECOVERABLE_ERROR|E_ERROR|E_CORE_ERROR error_log = /var/log/php/error.log max_input_time = 30 sudo mkdir /var/log/php sudo chown apache /var/log/php sudo systemctl reload httpd ======================================================================== VPN ======================================================================== 11 OpenVPN yum install epel-release yum install openvpn easy-rsa -y #also install easy-rsa for key generaton for secure vpn cp /usr/share/doc/openvpn-*/sample/sample-config-files/server.conf /etc/openvpn/vpn_server_0.conf vi /etc/openvpn/vpn_server_0.conf => dh dh2048.pem #key encryption length for Easy RSA will be 2048 push "redirect-gateway def1 bypass-dhcp" #tells the client to redirect all traffic through our OpenVPN push "dhcp-option DNS 8.8.8.8" #provide DNS servers to the client, as it will not be able to use the default DNS servers provided by your Internet service provider. push "dhcp-option DNS 8.8.4.4" # Use Googles's user nobody # OpenVPN to run with no privileges once it has started group nobody 11.b Generate keys mkdir -p /etc/openvpn/easy-rsa/keys cp -rf /usr/share/easy-rsa/2.0/* /etc/openvpn/easy-rsa vi /etc/openvpn/easy-rsa/vars export KEY_NAME="vpn_server_0" export KEY_CN=openvpn.sefika.com" # must have duplicate in vpn_sever_0.conf export KEY_COUNTRY="US" export KEY_PROVINCE="NY" export KEY_CITY="New York" export KEY_ORG="sefika.com" export KEY_EMAIL="openvpn@sefika.com" export KEY_OU="Community" cp /etc/openvpn/easy-rsa/openssl-1.0.0.cnf /etc/openvpn/easy-rsa/openssl.cnf cd /etc/openvpn/easy-rsa source ./vars ./clean-all ./build-ca ./build-key-server vpn_server_0 ./build-dh cd /etc/openvpn/easy-rsa/keys cp dh2048.pem ca.crt vpn_server_0.crt vpn_server_0.key /etc/openvpn cd /etc/openvpn/easy-rsa ./build-key vpn_server_0_client_0 # Client keys for both way security. Each client 11.c Routing firewall-cmd --list-services firewall-cmd --add-service openvpn firewall-cmd --list-services firewall-cmd --permanent --add-service openvpn firewall-cmd --add-masquerade firewall-cmd --permanent --add-masquerade firewall-cmd --query-masquerade vi /etc/sysctl.conf => net.ipv4.ip_forward = 1 systemctl restart firewalld systemctl restart network.service 11.c Start systemctl -f enable openvpn@server.service systemctl start openvpn@server.service Alternate: (--deamon fails) openvpn --daemon --writepid /var/run/openvpn/openvpn.pid --config /etc/openvpn/server.conf --cd /etc/openvpn 11.d Client copy following files in to openvpn config in the client computer /etc/openvpn/easy-rsa/keys/ca.crt /etc/openvpn/easy-rsa/keys/vpn_server_0_client_0.crt /etc/openvpn/easy-rsa/keys/vpn_server_0_client_0.key vi vpn_server_0_client_0.ovpn => vpn_server_0_client_0 dev tun proto udp remote 1194 resolv-retry infinite nobind persist-key persist-tun comp-lzo verb 3 ca /path/to/ca.crt cert /path/to/vpn_server_0_client_0.crt key /path/to/vpn_server_0_client_0.key The binding order of your network interfaces determines the order Windows will access DNS servers. Run ncpa.cpl in wiindows Tap 'Alt' to get the menu to appear. Then go to Advanced -> Advanced Settings Put the OpenVPN "NIC" at the top of the list in the "Connections" list and its DNS servers will be queried first. ======================================================================== VNC SERVER ======================================================================== login as root yum groupinstall "GNOME Desktop" yum install tigervnc-server Repeat following steps for each user. Incremet vnc number. Firewall cmds needs to be executed once only Port starts from 5901 and increments for each new user. useradd new_vnc_user cp /lib/systemd/system/vncserver@.service /etc/systemd/system/vncserver@:1.service replace in /etc/systemd/system/vncserver@:1.service with new_vnc_user vi /etc/systemd/system/vncserver@:1.service => [...] [Service] Type=forking # Clean any existing files in /tmp/.X11-unix environment ExecStartPre=/bin/sh -c '/usr/bin/vncserver -kill %i > /dev/null 2>&1 || :' #ExecStart=/sbin/runuser -l -c "/usr/bin/vncserver %i" #PIDFile=/home//.vnc/%H%i.pid ExecStart=/sbin/runuser -l srijan -c "/usr/bin/vncserver %i" PIDFile=/home/srijan/.vnc/%H%i.pid ExecStop=/bin/sh -c '/usr/bin/vncserver -kill %i > /dev/null 2>&1 || :' If you wish to add more users you would create a new vncserver@:#.service file and change the string to the new users. firewall-cmd --permanent --zone=public --add-service vnc-server firewall-cmd --reload su - new_vnc_user vncserver Enter a new vnc password su - systemctl daemon-reload systemctl enable vncserver@:1.service reboot systemctl start vncserver@:1.service ======================================================================== VNC CLIENT ======================================================================== Use Realvnc-client :5901 :5902 .... for each client ======================================================================== FTP Server: (No need for this .and dangerous. always use secure ftp which is installed default) yum -y update yum -y install vsftpd vim /etc/vsftpd/vsftpd.conf => anonymous_enable=NO local_enable=YES write_enable=YES chroot_local_user=YES systemctl restart vsftpd systemctl enable vsftpd firewall-cmd --permanent --add-port=21/tcp firewall-cmd --reload
All the material listed and linked at this World Wide Web domain are strictly private property and copyrighted. © Copyright -∞-∞ Levent Ozturk. All rights reserved. Reproduction or use of any material, documents and related graphics and any other material from this World Wide Web server is strictly prohibited. Site Map