Difference between revisions of "LAMP Server Installation Guide on Fedora 16 Verne"

From Acenet Knowledgebase
Jump to: navigation, search
(test)
 
m (Docs admin moved page LAMP Server Installation Guide on Fedora 16 (Verne) to LAMP Server Installation Guide on Fedora 16 Verne: Text replacement - "LAMP Server Installation Guide on Fedora 16 (Verne)" to "LAMP Server Installation Guide on Fedor...)
 
(2 intermediate revisions by the same user not shown)
Line 1: Line 1:
<html> If you've ever installed a LAMP server on RedHat Enterprise Linux or CentOS Linux this process will look pretty familiar to you.  Fedora 16, RHEL, and CentOS all use yum to manage packages so setting up a LAMP server is a breeze.  
+
If you've ever installed a LAMP server on RedHat Enterprise Linux or CentOS Linux this process will look pretty familiar to you.  Fedora 16, RHEL, and CentOS all use yum to manage packages so setting up a LAMP server is a breeze.
One thing you may notice that differs in this guide from RHEL and CentOS is the lack of 'service' and 'chkconfig' commands.  The Linux commands 'service' and 'chkconfig' are part of the init daemon SysVinit.  Fedora is moving away from SysVinit and is instead using systemd.  Although most commands from SysVinit are supported in systemd, this guide will use systemd-style commands exclusively.  
+
 
In this example, our server's hostname is vps.example.com and resolves to the IP address 169.254.1.2.  
+
One thing you may notice that differs in this guide from RHEL and CentOS is the lack of 'service' and 'chkconfig' commands.  The Linux commands 'service' and 'chkconfig' are part of the init daemon SysVinit.  Fedora is moving away from SysVinit and is instead using systemd.  Although most commands from SysVinit are supported in systemd, this guide will use systemd-style commands exclusively.
<div class="acenet_article_legend"><strong><span style="font-size: large;">Contents</span></strong><br /><a href="#fedora16-update-your-system">Update your system</a><br /> <a href="#fedora16-install-apache-web-server-and-php-53">Install the Apache Web Server and PHP 5.3</a><br /> <a href="#fedora16-install-mysql">Install MySQL</a></div>
+
 
<br />
+
In this example, our server's hostname is vps.example.com and resolves to the IP address 169.254.1.2.
<h1 class="acenet_article_title"><a name="fedora16-update-your-system" href="#fedora16-update-your-system">Update your System</a></h1>
+
 
Connect to your server via SSH as the root user. Ensure your system is up to date using yum.  
+
 
<div class="code_style">yum update</div>
+
__TOC__
<h1 class="acenet_article_title"><a name="fedora16-install-apache-web-server-and-php-53" href="#fedora16-install-apache-web-server-and-php-53">Install the Apache Web Server and PHP 5.3</a></h1>
+
 
  Install the "Web Server" package using yum groupinstall.  
+
==Update your System==
<div class="code_style">yum groupinstall "Web Server"</div>
+
 
Like CentOS, this will install PHP as well.  The "Web Server" group also installs PHP 5.3.14.  
+
Connect to your server via SSH as the root user. Ensure your system is up to date using yum.
Configure the Apache Web Server (httpd) to start automatically on reboot  
+
 
<div class="code_style">systemctl enable httpd.service</div>
+
<syntaxhighlight lang="bash">yum update</syntaxhighlight>
  Start the Apache Web Server (httpd)  
+
 
<div class="code_style">systemctl start httpd.service</div>
+
==Install the Apache Web Server and PHP 5.3==
The web server is now installed, but requires some configuration.  Open the Apache configuration file with your favorite text editor.  We'll use nano in this example.  
+
 
<div class="code_style">nano /etc/httpd/conf/httpd.conf</div>
+
Install the "Web Server" package using yum groupinstall.
Let's first change the ServerName directive.  If your hostname has a properly resolving DNS entry, you can use your server's hostname.  Otherwise, you can use the IP address for your server.  
+
<syntaxhighlight lang="bash">yum groupinstall "Web Server"</syntaxhighlight>
<div class="code_style">ServerName 169.254.1.2:80</div>
+
Like CentOS, this will install PHP as well.  The "Web Server" group also installs PHP 5.3.14.
The DocumentRoot directive defines where Apache will serve documents.  By default, this path is set to /var/www/html.  If you prefer to have your documents served from a different directory, you can adjust this as desired.  
+
Configure the Apache Web Server (httpd) to start automatically on reboot
The Listen directive defines which IP addresses and ports Apache will bind to.  The default value *:80 will cause Apache to bind to all IP addresses which is often unnecessary.  Unless you know you need a certain IP to be bound to port 80 for Apache, it will usually suffice to list only your server's main IP.  
+
<syntaxhighlight lang="bash">systemctl enable httpd.service</syntaxhighlight>
<div class="code_style">Listen 169.254.1.2:80</div>
+
Start the Apache Web Server (httpd)
Anytime the Apache configuration file is modified, the Apache service needs to be restarted for the changes to take effect.  Let's restart Apache:  
+
<syntaxhighlight lang="bash">systemctl start httpd.service</syntaxhighlight>
<div class="code_style">systemctl restart httpd.service</div>
+
The web server is now installed, but requires some configuration.  Open the Apache configuration file with your favorite text editor.  We'll use nano in this example.
For additional safety, let's set the user and group ownership of /var/www/html/ to the apache user.  This will prevent PHP scripts from being executed as root and performing potentially harmful actions.  
+
<syntaxhighlight lang="bash">nano /etc/httpd/conf/httpd.conf</syntaxhighlight>
<div class="code_style">chown apache.apache /var/www/html</div>
+
Let's first change the ServerName directive.  If your hostname has a properly resolving DNS entry, you can use your server's hostname.  Otherwise, you can use the IP address for your server.
Apache can be customized far beyond the few directives we've covered here.  However, these few changes are all that's required to get a working installation.  We can now upload our HTML and PHP files to /var/www/html/ and visit our site in a web browser.  
+
<syntaxhighlight lang="bash">ServerName 169.254.1.2:80</syntaxhighlight>
<h1 class="acenet_article_title"><a name="fedora16-install-mysql" href="#fedora16-install-mysql">Install MySQL</a></h1>
+
 
Install the MySQL database server using yum groupinstall  
+
The DocumentRoot directive defines where Apache will serve documents.  By default, this path is set to /var/www/html.  If you prefer to have your documents served from a different directory, you can adjust this as desired.
<div class="code_style">yum groupinstall "MySQL Database"</div>
+
The Listen directive defines which IP addresses and ports Apache will bind to.  The default value *:80 will cause Apache to bind to all IP addresses which is often unnecessary.  Unless you know you need a certain IP to be bound to port 80 for Apache, it will usually suffice to list only your server's main IP.
Configure the MySQL service to start on boot  
+
<syntaxhighlight lang="bash">Listen 169.254.1.2:80</syntaxhighlight>
<div class="code_style">systemctl enable mysqld.service</div>
+
 
Start the MySQL service  
+
Anytime the Apache configuration file is modified, the Apache service needs to be restarted for the changes to take effect.  Let's restart Apache:
<div class="code_style">systemctl start mysqld.service</div>
+
<syntaxhighlight lang="bash">systemctl restart httpd.service</syntaxhighlight>
Secure your new MySQL service with mysql_secure_installation  
+
For additional safety, let's set the user and group ownership of /var/www/html/ to the apache user.  This will prevent PHP scripts from being executed as root and performing potentially harmful actions.
<div class="code_style">mysql_secure_installation</div>
+
<syntaxhighlight lang="bash">chown apache.apache /var/www/html</syntaxhighlight>
This will prompt you to answer several questions about your MySQL service.  
+
 
<div class="code_style">NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MySQL<br />      SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!<br /><br />In order to log into MySQL to secure it, we'll need the current<br />password for the root user.  If you've just installed MySQL, and<br />you haven't set the root password yet, the password will be blank,<br />so you should just press enter here.</div>
+
Apache can be customized far beyond the few directives we've covered here.  However, these few changes are all that's required to get a working installation.  We can now upload our HTML and PHP files to /var/www/html/ and visit our site in a web browser.
Since we just installed the MySQL service, there is no MySQL root password.  As the message indicates, simply press ENTER at the following prompt.  
+
 
<div class="code_style">Enter current password for root (enter for none):<br /> OK, successfully used password, moving on...</div>
+
==Install MySQL==
You'll next be prompted to configure a new MySQL root password.  At the prompt, enter "Y" and then provide a secure password for the root MySQL user.  Remember that secure passwords should contain a mix of letters and numbers and should not be words contained within a dictionary.  
+
Install the MySQL database server using yum groupinstall
<div class="code_style">Setting the root password ensures that nobody can log into the MySQL<br />root user without the proper authorisation.<br /> Set root password? [Y/n] Y<br />New password:<br />Re-enter new password:<br /> Password updated successfully!<br />Reloading privilege tables..<br /> ... Success!</div>
+
<syntaxhighlight lang="bash">yum groupinstall "MySQL Database"</syntaxhighlight>
Remove the anonymous MySQL user which is intended for testing only  
+
Configure the MySQL service to start on boot
<div class="code_style">By default, a MySQL installation has an anonymous user, allowing anyone<br />to log into MySQL without having to have a user account created for<br />them.  This is intended only for testing, and to make the installation<br />go a bit smoother.  You should remove them before moving into aproduction environment.<br /> <br />Remove anonymous users? [Y/n] Y<br /> ... Success!</div>
+
<syntaxhighlight lang="bash">systemctl enable mysqld.service</syntaxhighlight>
We'll now disable remote logins for the root user.  This will prevent brute force attacks against the root MySQL user's password.  If you don't plan to have outside servers connect to your database, you could take this one step further and block MySQL's port 3306 in your firewall.  This is beyond the scope of this guide.  
+
Start the MySQL service
<div class="code_style">Normally, root should only be allowed to connect from 'localhost'.  This<br />ensures that someone cannot guess at the root password from the network.<br /><br />Disallow root login remotely? [Y/n] Y<br /> ... Success!</div>
+
<syntaxhighlight lang="bash">systemctl start mysqld.service</syntaxhighlight>
Remove the the 'test' databaes from MYSQL  
+
Secure your new MySQL service with mysql_secure_installation
<div class="code_style">By default, MySQL comes with a database named 'test' that anyone can<br />access.  This is also intended only for testing, and should be removed<br />before moving into a production environment.<br /><br />Remove test database and access to it? [Y/n] Y<br /> - Dropping test database...<br /> ... Success!<br /> - Removing privileges on test database...<br /> ... Success!</div>
+
<syntaxhighlight lang="bash">mysql_secure_installation</syntaxhighlight>
Now reload the privilege tables to have our changes take effect.  
+
This will prompt you to answer several questions about your MySQL service.
<div class="code_style">Reloading the privilege tables will ensure that all changes made so far<br /> will take effect immediately.<br /> <br /> Reload privilege tables now? [Y/n] Y<br /> ... Success!<br /> <br /> Cleaning up...</div>
+
<syntaxhighlight lang="bash">NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MySQL
We're finished securing MySQL  
+
      SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!
<div class="code_style">All done!  If you've completed all of the above steps, your MySQL<br /> installation should now be secure.<br /> <br /> Thanks for using MySQL!</div></html> [[Category:LAMP Guides]]
+
 
 +
In order to log into MySQL to secure it, we'll need the current
 +
password for the root user.  If you've just installed MySQL, and
 +
you haven't set the root password yet, the password will be blank,
 +
so you should just press enter here.</syntaxhighlight>
 +
Since we just installed the MySQL service, there is no MySQL root password.  As the message indicates, simply press ENTER at the following prompt.
 +
<syntaxhighlight lang="bash">Enter current password for root (enter for none):
 +
OK, successfully used password, moving on...</syntaxhighlight>
 +
You'll next be prompted to configure a new MySQL root password.  At the prompt, enter "Y" and then provide a secure password for the root MySQL user.  Remember that secure passwords should contain a mix of letters and numbers and should not be words contained within a dictionary.
 +
<syntaxhighlight lang="bash">Setting the root password ensures that nobody can log into the MySQL
 +
root user without the proper authorisation.
 +
Set root password? [Y/n] Y
 +
New password:
 +
Re-enter new password:
 +
Password updated successfully!
 +
Reloading privilege tables..
 +
... Success!</syntaxhighlight>
 +
Remove the anonymous MySQL user which is intended for testing only
 +
<syntaxhighlight lang="bash">By default, a MySQL installation has an anonymous user, allowing anyone
 +
to log into MySQL without having to have a user account created for
 +
them.  This is intended only for testing, and to make the installation
 +
go a bit smoother.  You should remove them before moving into aproduction environment.
 +
 
 +
Remove anonymous users? [Y/n] Y
 +
... Success!</syntaxhighlight>
 +
We'll now disable remote logins for the root user.  This will prevent brute force attacks against the root MySQL user's password.  If you don't plan to have outside servers connect to your database, you could take this one step further and block MySQL's port 3306 in your firewall.  This is beyond the scope of this guide.
 +
<syntaxhighlight lang="bash">Normally, root should only be allowed to connect from 'localhost'.  This
 +
ensures that someone cannot guess at the root password from the network.
 +
 
 +
Disallow root login remotely? [Y/n] Y
 +
... Success!</syntaxhighlight>
 +
Remove the the 'test' databaes from MYSQL
 +
<syntaxhighlight lang="bash">By default, MySQL comes with a database named 'test' that anyone can
 +
access.  This is also intended only for testing, and should be removed
 +
before moving into a production environment.
 +
 
 +
Remove test database and access to it? [Y/n] Y
 +
- Dropping test database...
 +
... Success!
 +
- Removing privileges on test database...
 +
... Success!</syntaxhighlight>
 +
Now reload the privilege tables to have our changes take effect.
 +
<syntaxhighlight lang="bash">Reloading the privilege tables will ensure that all changes made so far
 +
will take effect immediately.
 +
 
 +
Reload privilege tables now? [Y/n] Y
 +
... Success!
 +
 
 +
Cleaning up...</syntaxhighlight>
 +
We're finished securing MySQL
 +
<syntaxhighlight lang="bash">All done!  If you've completed all of the above steps, your MySQL
 +
installation should now be secure.
 +
 
 +
Thanks for using MySQL!</syntaxhighlight> [[Category:LAMP Guides]]

Latest revision as of 14:50, 22 July 2015

If you've ever installed a LAMP server on RedHat Enterprise Linux or CentOS Linux this process will look pretty familiar to you. Fedora 16, RHEL, and CentOS all use yum to manage packages so setting up a LAMP server is a breeze.

One thing you may notice that differs in this guide from RHEL and CentOS is the lack of 'service' and 'chkconfig' commands. The Linux commands 'service' and 'chkconfig' are part of the init daemon SysVinit. Fedora is moving away from SysVinit and is instead using systemd. Although most commands from SysVinit are supported in systemd, this guide will use systemd-style commands exclusively.

In this example, our server's hostname is vps.example.com and resolves to the IP address 169.254.1.2.


Update your System

Connect to your server via SSH as the root user. Ensure your system is up to date using yum. 

yum update

Install the Apache Web Server and PHP 5.3

Install the "Web Server" package using yum groupinstall. 

yum groupinstall "Web Server"

Like CentOS, this will install PHP as well. The "Web Server" group also installs PHP 5.3.14. Configure the Apache Web Server (httpd) to start automatically on reboot 

systemctl enable httpd.service

Start the Apache Web Server (httpd) 

systemctl start httpd.service

The web server is now installed, but requires some configuration. Open the Apache configuration file with your favorite text editor. We'll use nano in this example. 

nano /etc/httpd/conf/httpd.conf

Let's first change the ServerName directive. If your hostname has a properly resolving DNS entry, you can use your server's hostname. Otherwise, you can use the IP address for your server. 

ServerName 169.254.1.2:80

The DocumentRoot directive defines where Apache will serve documents. By default, this path is set to /var/www/html. If you prefer to have your documents served from a different directory, you can adjust this as desired. The Listen directive defines which IP addresses and ports Apache will bind to. The default value *:80 will cause Apache to bind to all IP addresses which is often unnecessary. Unless you know you need a certain IP to be bound to port 80 for Apache, it will usually suffice to list only your server's main IP. 

Listen 169.254.1.2:80

Anytime the Apache configuration file is modified, the Apache service needs to be restarted for the changes to take effect. Let's restart Apache: 

systemctl restart httpd.service

For additional safety, let's set the user and group ownership of /var/www/html/ to the apache user. This will prevent PHP scripts from being executed as root and performing potentially harmful actions. 

chown apache.apache /var/www/html

Apache can be customized far beyond the few directives we've covered here. However, these few changes are all that's required to get a working installation. We can now upload our HTML and PHP files to /var/www/html/ and visit our site in a web browser.

Install MySQL

Install the MySQL database server using yum groupinstall 

yum groupinstall "MySQL Database"

Configure the MySQL service to start on boot 

systemctl enable mysqld.service

Start the MySQL service 

systemctl start mysqld.service

Secure your new MySQL service with mysql_secure_installation 

mysql_secure_installation

This will prompt you to answer several questions about your MySQL service. 

NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MySQL
      SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!

In order to log into MySQL to secure it, we'll need the current
password for the root user.  If you've just installed MySQL, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.

Since we just installed the MySQL service, there is no MySQL root password. As the message indicates, simply press ENTER at the following prompt. 

Enter current password for root (enter for none):
 OK, successfully used password, moving on...

You'll next be prompted to configure a new MySQL root password. At the prompt, enter "Y" and then provide a secure password for the root MySQL user. Remember that secure passwords should contain a mix of letters and numbers and should not be words contained within a dictionary. 

Setting the root password ensures that nobody can log into the MySQL
root user without the proper authorisation.
 Set root password? [Y/n] Y
New password:
Re-enter new password:
 Password updated successfully!
Reloading privilege tables..
 ... Success!

Remove the anonymous MySQL user which is intended for testing only 

By default, a MySQL installation has an anonymous user, allowing anyone
to log into MySQL without having to have a user account created for
them.  This is intended only for testing, and to make the installation
go a bit smoother.  You should remove them before moving into aproduction environment.

Remove anonymous users? [Y/n] Y
 ... Success!

We'll now disable remote logins for the root user. This will prevent brute force attacks against the root MySQL user's password. If you don't plan to have outside servers connect to your database, you could take this one step further and block MySQL's port 3306 in your firewall. This is beyond the scope of this guide. 

Normally, root should only be allowed to connect from 'localhost'.  This
ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n] Y
 ... Success!

Remove the the 'test' databaes from MYSQL 

By default, MySQL comes with a database named 'test' that anyone can
access.  This is also intended only for testing, and should be removed
before moving into a production environment.

Remove test database and access to it? [Y/n] Y
 - Dropping test database...
 ... Success!
 - Removing privileges on test database...
 ... Success!

Now reload the privilege tables to have our changes take effect. 

Reloading the privilege tables will ensure that all changes made so far
 will take effect immediately.

 Reload privilege tables now? [Y/n] Y
 ... Success!

 Cleaning up...

We're finished securing MySQL 

All done!  If you've completed all of the above steps, your MySQL
 installation should now be secure.

 Thanks for using MySQL!
Retrieved from "https://kb.acenet.us/index.php?title=LAMP_Server_Installation_Guide_on_Fedora_16_Verne&oldid=1789"