Pages

February 23, 2014

A Basic CentOS LAMP Server Build in VirtualBox

I've been using Fedora for more than a month now and I wanted to create a virtual machine (VM) in VirtualBox which I can use for learning web development. I usually go for a Debian based VM but this time, since I'm on Fedora, then I decided to go with CentOS.

I have used CentOS before so I knew that it took a bit of effort to get it up and running. In this post, I put down my notes into how I built a CentOS VM for a basic LAMP server.

Creating the CentOS guest

The CentOS OS is easy enough to install. Just download the ISO image from their site; I chose to use the CentOS-6.5-x86_64-minimal.iso image. It's just a matter of using the downloaded image as the DVD media for the VM. Installation is straightforward and fast and finishes in under 30 minutes.

NOTE: In my setup, I have set 2 network interfaces -- one for Host-only adapter and another for NAT adapter. At this time of posting, I suggest to set Host-only as adapter 1 and NAT as adapter 2 because I've run into some issues with the network interfaces. Host-only interface is for accessing the VM from the host machine while the NAT interface takes care of the connection to the Internets.

Enable networking in the CentOS guest

Network interfaces are down by default in CentOS [1]. So there is a need to do some manual configuration. To show the interfaces, use command ip addr show. Since my setup has 2 network adapters set in VirtualBox, the result of that command shows eth0 and eth2, for the Host-only adapter and the NAT adapter, respectively. The configuration files for these are located in /etc/sysconfig/network-scripts/ifcfg-ethX where X is the interface number.

Configure these files accordingly.

For ifcfg-eth0, the host-only adapter:

    DEVICE=eth0
    HWADDR=08:00:27:12:AB:3C
    TYPE=Ethernet
    ONBOOT=yes
    NM_CONTROLLED=yes
    BOOTPROTO=static
    DHCPCLASS=
    IPADDR=192.168.56.100
    NETMASK=255.255.255.0

For ifcfg-eth2, the NAT adapter:

    DEVICE=eth2
    HWADDR=08:00:27:45:DE:6F
    TYPE=Ethernet
    ONBOOT=yes
    NM_CONTROLLED=yes
    BOOTPROTO=dhcp

  • DEVICE= is dependent on the interfaces found during the ip addr show command
  • HWADDR= is dependent on the MAC address for the interfaces provided by VirtualBox (and can also be found out using the ip addr show command)
  • ONBOOT= is set to yes so the interface is brought up during VM start up
  • IPADDR= is dependent on the host-only network IP created within VirtualBox; it defaults to 192.168.56.1

Once configured, running the command service network restart brings up the interface(s). To confirm that the interfaces are UP and running, issue the ip addr show command. To test if there's Internet connection, issue the ping -c 3 www.example.com command.

Configuring the CentOS guest firewall

This is a development VM so it may be optional to configure the firewall. But as this is also a learning experience in Linux, I decided to go on ahead and configure it via iptables. I just basically read and followed this great CentOS guide in setting it up.

Here's the rule set I set, as root, for this VM: 

    # iptables -P INPUT ACCEPT
    # iptables -F
    # iptables -A INPUT -i lo -j ACCEPT
    # iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
    # iptables -A INPUT -p tcp --dport 22 -j ACCEPT
    # iptables -A INPUT -p tcp --dport 80 -j ACCEPT
    # iptables -P INPUT DROP
    # iptables -P FORWARD DROP
    # iptables -P OUTPUT ACCEPT

Here's what I understand to be doing with the above commands:

  • iptables -P INPUT ACCEPT - accept all incoming connections; this is important because of the next command
  • iptables -F - this clears the iptables table; be sure to have set the default to ACCEPT for all INPUT (see previous command) because if ever connected via ssh, it could lock the user out
  • iptables -A INPUT -i lo -j ACCEPT - accept incoming packets for the lo or localhost interface; this is required by many applications so it's best to set it like so
  • iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT - accept incoming packets for ESTABLISHED and packets for RELATED to the established connections
  • iptables -A INPUT -p tcp --dport 22 -j ACCEPT - accepts incoming packets for port 22 a.k.a. the SSH port
  • iptables -A INPUT -p tcp --dport 80 -j ACCEPT - accepts incoming packets for port 80 a.k.a. the web server port
  • iptables -P INPUT DROP - for all other incoming packets, DROP them
  • iptables -P FORWARD DROP - I won't use the VM to FORWARD packets so I'll just DROP 'em like it hot
  • iptables -P OUTPUT ACCEPT - Of course, allow all outgoing packets from the VM to go through

Check the iptables entries with the command iptables -L -v. If everything is fine and dandy, save all changes by using the /sbin/service iptables save command.

Create users in the CentOS guest

During the install, only the root account is created. I created 2 user accounts: admin to be used for administrative tasks using sudo (because explicitly using root all the time is a bad idea) and devel to be used for the development tasks (obviously, this is optional). Of course, preference on usernames will vary.

So, as root: 

    # useradd admin
    # passwd admin
    # usermod -a -G wheel admin

  • useradd admin - creates a new user admin
  • passwd admin - sets the default password for user admin
  • usermod -a -G wheel admin - add user admin to group wheel

Replace the username accordingly for creation of user devel (and adding it to group wheel is optional).

Since admin is added to the wheel group, said group needs to be activated in the /etc/sudoers file. This can be done using the visudo command and uncommenting the %wheel group. 

     # visudo

Securing SSH connections to the CentOS guest

The CentOS wiki has a great how-to for securing SSH. All I did for this VM was to disable root login via SSH (thus the need to create the admin user in the previous section). SSH server settings are in /etc/ssh/sshd_config. To disable root logins, make sure the following entry is in the file: 

    # Prevent root logins:
    PermitRootLogin no

Restart the SSH daemon, if needed, using the command service sshd restart (as root). It's also advisable to use public/private keys for authentication but I didn't do so with this VM (perhaps I will do so in the future).

Installing the AMP part of the stack in the CentOS guest

Now that the Linux part of the LAMP stack is running and configured, it's time to install the rest of the stack.

Installing the Apache web server

Unlike in Debian, the Apache web server in CentOS (and related distributions) is called httpd. So, install that. 

    # yum install httpd

I prefer using the userdir module. For this to work, it needs to be enabled. To do so, a file /etc/httpd/conf.d/userdir.conf needs to be created. Add the following lines to the file [2]. 

    <IfModule mod_userdir.c>
      # Enable for user devel
      UserDir enabled devel
      # Enable requests to /~user/ to serve user's public_html directory
      UserDir public_html
    </IfModule>

    <Directory /home/*/public_html>
      Options Indexes Includes FollowSymLinks

      # CentOS has httpd version 2.2.x
      AllowOverride All
      Allow from all
      Order deny,allow
    </Directory>

Then start the web server with command service httpd start.

Create a public_html directory for the user devel (which is the user to be used for development purposes). 

    [devel@localhost ~]$ mkdir public_html

Set some permissions to the home and public_html directory for user devel. 

    [devel@localhost ~]$ chmod 711 /home/devel
    [devel@localhost ~]$ chown devel:devel /home/devel/public_html
    [devel@localhost ~]$ chmod 755 /home/devel/public_html

  • chmod 711 /home/devel - sets read,write,execute (rwx) mode for the owner and only execute (x) for the group and everyone else
  • chown devel:devel /home/devel/public_html - change owner and group to devel for folder /home/devel/public_html
  • chmod 755 /home/devel/public_html - sets read,write,execute (rwx) mode for the owner and read,execute (rx) for the group and everyone else

Lastly, configure SELinux properly for the web server. As root, issue the following commands: 

    # setsebool -P httpd_enable_homedirs true
    # chcon -R -t httpd_sys_content_t /home/devel/public_html

Installing the PHP server-side scripting language

Install PHP, do as root: 

    # yum install php
    # yum install php-pdo php-mysql

  • yum install php - installs PHP
  • yum install php-pdo php-mysql - installs optional modules; install based on development needs

Installing the MySQL database server

Install MySQL, do as root: 

    # yum install mysql-server
    # service mysqld start
    # /usr/bin/mysql_secure_installation

  • yum install mysql-server - installs the MySQL server
  • service mysqld start - starts the MySQL daemon service
  • /usr/bin/mysql_secure_installation - performs the MySQL secure installation which basically secures the MySQL database by doing some sort of optimizations to it

Final steps

Now that the LAMP stack installation is complete, set the httpd and mysqld services to start when the VM starts. As root, do: 

    # chkconfig httpd on
    # chkconfig mysqld on

Now, you should have a working LAMP VM using CentOS. Thanks for reading! 

----------

[1] The network interface(s) can be enabled to automatically start from the CentOS installer, but it's very easy to miss this option so look carefully

[2] Reference: Apache Userdir with SELinux on Fedora 19/18, CentOS/RHEL 6.4/5.9

Posted by at
Labels: , , , , , , , , ,

1 comment:

  1. UnknownJuly 05, 2015

    Here is a detailed doc on LAMP server setup http://iserversupport.com/how-to-setup-lamp-server-on-centos/

    ReplyDelete

Subscribe to: Post Comments (Atom)