How to Stop and Disable Firewalld on CentOS 7

Firewalld is a complete firewall solution that has been made available by default on all CentOS 7 servers, including Liquid Web Core Managed CentOS 7, and Liquid Web Self Managed CentOS 7. On occasion, perhaps for testing, disabling or stopping firewalld may be necessary. Follow the instructions below to disable firewalld and stop firewalld.

It is highly recommended that you have another firewall protecting your network or server before, or immediately after, disabling firewalld.

Pre-Flight Check
These instructions are intended specifically for stopping and disabling firewalld CentOS 7.
I’ll be working from a Liquid Web Self Managed CentOS 7 server, and I’ll be logged in as root.

Disable Firewalld
To disable firewalld, run the following command as root:

systemctl disable firewalld

Stop Firewalld
To stop firewalld, run the following command as root:

systemctl stop firewalld

Check the Status of Firewalld
And finally, to check the status of firewalld, run the following command as root:

systemctl status firewalld

Wait, you actually wanted to Start and Enable Firewalld on CentOS 7? Then hit our tutorial on: How to Start and Enable Firewalld on CentOS 7!

Continue Reading

How To Upgrade to PHP 7 on CentOS 7

Introduction

PHP 7, which was released on December 3, 2015, promises substantial speed improvements over previous versions of the language, along with new features like scalar type hinting. This guide explains how to quickly upgrade an Apache or Nginx web server running PHP 5.x (any release) to PHP 7, using community-provided packages.

Warning: As with most major-version language releases, it’s best to wait a little while before switching to PHP 7 in production. In the meanwhile, it’s a good time to test your applications for compatibility with the new release, perform benchmarks, and familiarize yourself with new language features.

 

Subscribing to the IUS Community Project Repository

Since PHP 7.x is not yet packaged in official repositories for the major distributions, we’ll have to rely on a third-party source. Several repositories offer PHP 7 RPM files. We’ll use the IUS repository.

IUS offers an installation script for subscribing to their repository and importing associated GPG keys. Make sure you’re in your home directory, and retrieve the script using curl:

cd ~
curl 'https://setup.ius.io/' -o setup-ius.sh

Run the script:

sudo bash setup-ius.sh

Upgrading mod_php with Apache

This section describes the upgrade process for a system using Apache as the web server and mod_php to execute PHP code. If, instead, you are running Nginx and PHP-FPM, skip ahead to the next section.

Begin by removing existing PHP packages. Press y and hit Enter to continue when prompted.

sudo yum remove php-cli mod_php php-common

Install the new PHP 7 packages from IUS. Again, press y and Enter when prompted.

sudo yum install mod_php70u php70u-cli php70u-mysqlnd

Finally, restart Apache to load the new version of mod_php:

sudo apachectl restart

You can check on the status of Apache, which is managed by the httpd systemd unit, using systemctl:

 
systemctl status httpd

Upgrading PHP-FPM with Nginx

This section describes the upgrade process for a system using Nginx as the web server and PHP-FPM to execute PHP code. If you have already upgraded an Apache-based system, skip ahead to the PHP Testing section.

Begin by removing existing PHP packages. Press y and hit Enter to continue when prompted.

sudo yum remove php-fpm php-cli php-common

Install the new PHP 7 packages from IUS. Again, press y and Enter when prompted.

sudo yum install php70u-fpm-nginx php70u-cli php70u-mysqlnd

Once the installation is finished, you’ll need to make a few configuration changes for both PHP-FPM and Nginx. As configured, PHP-FPM listens for connections on a local TCP socket, while Nginx expects a Unix domain socket, which maps to a path on the filesystem.

PHP-FPM can handle multiple pools of child processes. As configured, it provides a single pool called www, which is defined in /etc/php-fpm.d/www.conf. Open this file with nano (or your preferred text editor):

sudo nano /etc/php-fpm.d/www.conf

Look for the block containing listen = 127.0.0.1:9000, which tells PHP-FPM to listen on the loopback address at port 9000. Comment this line with a semicolon, and uncomment listen = /run/php-fpm/www.sock a few lines below.
/etc/php-fpm.d/www.conf

; The address on which to accept FastCGI requests.
; Valid syntaxes are:
;   'ip.add.re.ss:port'    - to listen on a TCP socket to a specific IPv4 address on
;                            a specific port;
;   '[ip:6:addr:ess]:port' - to listen on a TCP socket to a specific IPv6 address on
;                            a specific port;
;   'port'                 - to listen on a TCP socket to all addresses
;                            (IPv6 and IPv4-mapped) on a specific port;
;   '/path/to/unix/socket' - to listen on a unix socket.
; Note: This value is mandatory.
;listen = 127.0.0.1:9000
; WARNING: If you switch to a unix socket, you have to grant your webserver user
;          access to that socket by setting listen.acl_users to the webserver user.
listen = /run/php-fpm/www.sock

Next, look for the block containing listen.acl_users values, and uncomment listen.acl_users = nginx:
/etc/php-fpm.d/www.conf

; When POSIX Access Control Lists are supported you can set them using
; these options, value is a comma separated list of user/group names.
; When set, listen.owner and listen.group are ignored
;listen.acl_users = apache,nginx
;listen.acl_users = apache
listen.acl_users = nginx
;listen.acl_groups =

Exit and save the file. In nano, you can accomplish this by pressing Ctrl-X to exit, y to confirm, and Enter to confirm the filename to overwrite.

Next, make sure that Nginx is using the correct socket path to handle PHP files. Start by opening /etc/nginx/conf.d/default.conf:

sudo nano /etc/nginx/conf.d/php-fpm.conf

php-fpm.conf defines an upstream, which can be referenced by other Nginx configuration directives. Inside of the upstream block, use a # to comment out server 127.0.0.1:9000;, and uncomment server unix:/run/php-fpm/www.sock;:
/etc/nginx/conf.d/php-fpm.conf

# PHP-FPM FastCGI server
# network or unix domain socket configuration

upstream php-fpm {
#server 127.0.0.1:9000;
server unix:/run/php-fpm/www.sock;
}

Exit and save the file, then open /etc/nginx/conf.d/default.conf:

sudo nano /etc/nginx/conf.d/default.conf

Look for a block beginning with location ~ \.php$ {. Within this block, look for the fastcgi_pass directive. Comment out or delete this line, and replace it with fastcgi_pass php-fpm, which will reference the upstream defined in php-fpm.conf:
/etc/nginx/conf.d/default.conf

location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
# fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
fastcgi_pass php-fpm;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}

Exit and save the file, then restart PHP-FPM and Nginx so that the new configuration directives take effect:

sudo systemctl restart php-fpm
sudo systemctl restart nginx

You can check on the status of each service using systemctl:

systemctl status php-fpm
systemctl status nginx

Testing PHP

With a web server configured and the new packages installed, we should be able to verify that PHP is up and running. Begin by checking the installed version of PHP at the command line:

php -v

Output

PHP 7.0.1 (cli) (built: Dec 18 2015 16:35:26) ( NTS )
Copyright (c) 1997-2015 The PHP Group
Zend Engine v3.0.0, Copyright (c) 1998-2015 Zend Technologies

You can also create a test file in the web server’s document root. Although its location depends on your server configuration, the document root is typically set to one of these directories:

/var/www/html
/var/www/
/usr/share/nginx/html

Using nano, open a new file called info.php in the document root. By default, on Apache, this would be:

sudo nano /var/www/html/info.php

On Nginx, you might instead use:

sudo nano /usr/share/nginx/html/info.php

Paste the following code:

info.php

<?php
phpinfo();

Exit the editor, saving info.php. Now, load the following address in your browser:

http://server_domain_name_or_IP/info.php

You should see the PHP 7 information page, which lists the running version and configuration. Once you’ve double-checked this, it’s safest to delete info.php:

sudo rm /var/www/html/info.php

You now have a working PHP 7 installation.

Continue Reading

How To Install and Configure Bacula Server on CentOS 7

Introduction
Bacula is an open source network backup solution that allows you create backups and perform data recovery of your computer systems. It is very flexible and robust, which makes it, while slightly cumbersome to configure, suitable for backups in many situations. A backup system is an important component in most server infrastructures, as recovering from data loss is often a critical part of disaster recovery plans.

Getting Started

The first thing to do after the installation is complete is update the CentOS using:

yum update

This goes through the update which takes a couple of minutes depending on how fast the network is.  You may be prompted to enter a “Y” at various stages of this process.
Installing Nano Text Editor

The next thing to do is install nano text editor so I can easily edit files.  I  find it much easier to use than vi so I prefer using nano.  To install this, I use:

yum -y install nano

Installing wget

Install wget because you will need it later in the installation process.

yum -y install wget

Installing Webmin on CentOS 7

After nano is installed, you need to create a new file called webmin.repo and save it in /etc/yum.repos.d/.  To do this, you can type:

nano /etc/yum.repos.d/webmin.repo

This opens a blank file where you can type in (or copy and paste):

[Webmin]
name=Webmin Distribution Neutral
#baseurl=http://download.webmin.com/download/yum
mirrorlist=http://download.webmin.com/download/yum/mirrorlist
enabled=1

Once it’s pasted (by right clicking), hit Control+X and then Y then Enter to save the file.

Now, install Webmin GPG key using this command:

rpm --import http://www.webmin.com/jcameron-key.asc

Now lets check for any updates by typing:

yum check-update

Now it’s time to install Webmin and we do that by typing in:

yum -y install webmin

1

After a short period of time, Webmin will be installed and it’s time to set it to start automatically by typing the following lines:

chkconfig webmin on
service webmin start

Webmin is now installed and running but we need to allow port 10000 through the firewall so we can access it from another computer.  In order to do this, type the following command:

firewall-cmd --add-port=10000/tcp

If you want to make this rule permanent, you can also type in this which will add it to the rules:

firewall-cmd --permanent --add-port=10000/tcp

If you plan on running Webmin on a different port, you can skip adding 10000 as a permanent rule and set it later with the port of your choice.

Now you should be able to access Webmin using the IP address you used to set up the server when you installed it by going to the browser and typing:

http://192.168.1.2:10000 (where 192.168.1.2 is the IP of your server)

2

Installing Bacula 7 on CentOS 7

Now that I have Webmin installed and running, it’s time to install Bacula.

The first thing that you need to do is install epel.  To do this, go find the latest release for CentOS 7 and right click on it to copy the link:

http://www.rpmfind.net/linux/rpm2html/search.php?query=epel-release

Once you have the link copied, type in wget and paste the link…  it should look like

wget  ftp://195.220.108.108/linux/centos/7.0.1406/extras/x86_64/Packages/epel-release-7-5.noarch.rpm

This will download the RPM and now you will need to install it by typing in the following:

yum -y install epel-release-7-5.noarch.rpm

NOTE: the latest version may be different than shown above so be sure to change it if that is the case.

After the installation of the EPEL, Go ahead and do another update by typing in:

yum update

Now we need to create a file in the /etc/yum.repos.d/ directory like we did with Webmin above.  To to that, we will use nano again and type in the following:

nano /etc/yum.repos.d/epel-bacula7.repo

Now you will need to copy and paste the following into the file we just created:

[epel-bacula7]
name=Bacula backports from rawhide
baseurl=http://repos.fedorapeople.org/repos/slaanesh/bacula7/epel-$releasever/$basearch/
enabled=1
skip_if_unavailable=1
gpgkey=http://repos.fedorapeople.org/repos/slaanesh/bacula7/RPM-GPG-KEY-slaanesh
gpgcheck=1
[epel-bacula7-source]
name=Bacula backports from rawhide - Source
baseurl=http://repos.fedorapeople.org/repos/slaanesh/bacula7/epel-$releasever/SRPMS
enabled=0
skip_if_unavailable=1
gpgkey=http://repos.fedorapeople.org/repos/slaanesh/bacula7/RPM-GPG-KEY-slaanesh
gpgcheck=1

Now hit Control + X to exit and hit Y and then Enter to save the new file.

Once you have saved the file, verify that Bacula 7 shows up on the list by typing the following and hitting enter:

yum list bacula*

3

If you don’t see Bacula 7, verify that you did the steps above correctly.
Now we are ready to Install MariaDB and Bacula

Next you will install MariaDB and all of the Bacula files.  To do that, type in the following:

yum -y install mariadb mariadb-server bacula-director-mysql bacula-console
yum -y install bacula-client bacula-storage-mysql mysql-server mysql-devel

Once everything installs (takes about a minute or two), you will need to start the MariaDB database server by typing in:

systemctl start mariadb.service
chkconfig mariadb on

Next you need to run through the secure installation process for MariaDB which will allow you to set the root password, remove test users etc.  The prompts are easy to follow and everything should be Yes.

mysql_secure_installation

The default root password is blank to just hit enter and set a new root password.  This isn’t the password you will use for Bacula, it’s the root mysql password.

After you have completed this step, you will want to go to Webmin which you installed earlier so you can set up the database and a Bacula user for the database.

If you look under Servers, you will probably not see MySql Database Server because you just installed it.  You will need to go to Refresh Modules at the bottom of the menu and click it.  Now you should see MySql Database Server in the list.  Click it and you will be asked to enter the username and password for the database.  This will be root and the password you just entered when setting up the database.

Now you will need to add a bacula database so click Create a New Database.

Type in bacula as your database name for your bacula database and leave the rest of the fields default.  Note, the name must be bacula!

4

Now you will need to create a bacula user for your database.  To do this, go to User Permissions and Add User to add the user.  Be sure to set the Hosts to localhost and don’t worry about setting permissions.  Click Create.
5
Now you will click on Database Permissions and add all permissions except Grant for the user you created to the bacula database.  Once again, be sure to have the hosts set as localhost.

6

Now that your database is created and the user is setup, you will need to create the tables.  You can do this by going back to your SSH terminal and typing (note: add the username you created):

/usr/libexec/bacula/make_mysql_tables -u usernameyoucreated -p

Enter the password you used for the user.

7

Now we need to tell Bacula to use Mysql as the libary.  To do this, lets first stop the services by typing in:

systemctl stop bacula-dir
systemctl stop bacula-fd
systemctl stop bacula-sd

Now lets set Bacula to use the Mysql library:

su -c 'alternatives --config libbaccats.so'

This should show you the following:
There are 3 programs which provide ‘libbaccats.so’.

Selection    Command
———————————————–
1           /usr/lib64/libbaccats-mysql.so
2           /usr/lib64/libbaccats-sqlite3.so
*+  3           /usr/lib64/libbaccats-postgresql.so

Hit 1 and press enter to select MySql.

Now lets start the services back by using the following commands:

systemctl start bacula-dir

systemctl start bacula-fd

systemctl start bacula-sd

Now you should be able to go to Webmin and look under System and you will need to click on Bacula Backup System.  Don’t worry if it gives you an error.  This is because you haven’t set up the config yet.  You will need click on Module Configuration and set it up to use MySql and enter the login information you created previously for your Bacula user.

8

Click Save and you should be able to access the Bacula page where you can set up your Bacula System.

9

Getting Everything Working

Now that you have that part working, you still can not start any of the daemons yet since they are not set up.  You will have to go into each file and modify them so that they will communicate with each other.

If you try to start Bacula, you may receive the following message:

The Bacula console command /sbin/bconsole could not communicate with the Bacula director. Make sure the password in /etc/bacula/bconsole.conf is correct.

You can either use the File Manager within Webmin or connect to your server using sftp and look in the /etc/bacula directory and you will find the following files you need to edit.  I just drag them back to my desktop and edit them in a text editor.

bacula-dir.conf
bacula-fd.conf
bacula-sd.conf
bconsole.conf

There are a lot of passwords and IP addresses that need to be changed in there files so pay attention to and @@PASSWORD@@ areas and change them accordingly.

Be sure to catch the bottom of the bacula-dir.conf file and change the catalog database password to the one you assigned when you created the database user.

Also, look for localhost and change this to your local IP address on your backup server.  You don’t need to do this on the clients since you will be setting those up later on.  In fact, you can delete most of the test clients that are in the default if you wish.  I will post a guide on setting up all the configuration files later on.
Firewall Ports

In order to allow clients and consoles to talk to your Bacula server, you need to open ports 9101, 9102 and 9103.  The following command in your SSH console with open these ports.

firewall-cmd --add-port=9101/tcp
firewall-cmd  --permanent --add-port=9101/tcp
firewall-cmd --add-port=9102/tcp
firewall-cmd  --permanent --add-port=9102/tcp
firewall-cmd --add-port=9103/tcp
firewall-cmd  --permanent --add-port=9103/tcp

Now you should be able to start Bacula and see all of the Daemons are showing UP.

Installing Bacula-Web

Bacula-Web uses Apache to serve up the pages so you will need to install Apache and get it running using the following:

yum -y install httpd
chkconfig httpd on
service httpd start

Configure Apache to start at boot:

systemctl start httpd.service
systemctl enable httpd.service

Next you need to add MySql support to Apache by entering the following:

yum -y install php php-gd php-gettext php-mysql php-pdo

Install other common modules needed…

yum -y install php-gd php-ldap php-odbc php-pear php-xml php-xmlrpc php-mbstring php-snmp php-soap curl curl-devel

In order for Apache to get past the firewall, you will need to open the ports by using the following:

firewall-cmd --permanent --zone=public --add-service=http
firewall-cmd --permanent --zone=public --add-service=https
firewall-cmd --reload

Now you need to get the web files.  Go to the Bacula-Web website and download the latest version.

http://www.bacula-web.org/download.html

Save and unpack the archive to your desktop or another location.  We will need to modify the config file before uploading to the server.

Open the Application/Config directory and rename config.php.sample to config.php and then open it in a text editor.

Look for the MySql area and change the settings to match your server.  Be sure to uncomment the config settings be removing the “//” in front of the $config settings.  You probably just need to edit the password at this point.

//MySQL bacula catalog
$config[0]['label'] = 'Backup Server';
$config[0]['host'] = 'localhost';
$config[0]['login'] = 'bacula';
$config[0]['password'] = 'verystrongpassword';
$config[0]['db_name'] = 'bacula';
$config[0]['db_type'] = 'mysql';
$config[0]['db_port'] = '3306';

After you have saved the config file, you need to upload the files to your server under the /var/www/ directory.  You can SFTP to your server using FileZilla and the IP of your server.   If this server is only serving as a backup server, you can upload the files into the root HTML directory, otherwise you can put the files in whatever directory you wish.   Go ahead and upload the files now.

10.

Now you will need to modify the php.ini file so it has the correct time zone for your system.  Since you already have the FTP up, browse to /etc/php.ini and copy if over to your desktop and them open it in a text editor.  Do a search for “date.timezone” which should be around line 878.  You can find the different time zones available by going to: http://php.net/date.timezone

11

Make the change and save the file then re-upload it to the server.

Now you need to go into SELINUX and change the settings to PERMISSIVE.  In order to do this, exit the config file for SELINUX:

nano /etc/selinux/config

Change if from enforcing to permissive and hit Control + X then Y then Enter to exit and save.

12

Type reboot

After the system comes back online, you should be able to use your IP address to access Bacula-Web!

13
YOU’RE DONE!

Continue Reading

How to install Webmin on CentOS 7

Webmin is a web-based graphical tool for unix . It is used to manage services like User management, Disk managemet, Network, Iptables (Firewall), Cron, Apache, DNS, File sharing and much more .
In this article i will show you how to install webmin on CentOS 7 linux.

 

Install Webmin on CentOS 7

To get started, login your remote server and follow the steps below:
First, create a new file webmin.repo in /etc/yum.repos.d/ :

vi /etc/yum.repos.d/webmin.repo

and paste below line:

[Webmin]
name=Webmin Distribution Neutral
#baseurl=http://download.webmin.com/download/yum
mirrorlist=http://download.webmin.com/download/yum/mirrorlist
enabled=1

Install webmin GPG key using below command.

rpm --import http://www.webmin.com/jcameron-key.asc

Now, update the repositorys:

yum check-update

Install webmin:

yum install webmin -y

Start the service and make it start automatically

chkconfig webmin on
service webmin start

By default, Webmin will listen on port 10000. Enable webmin Port:

firewall-cmd --add-port=10000/tcp

Now, open http://ip.add.re.ss:10000 in your browser and enter yor root username and password:

1

2

That is all!

Continue Reading

How to Install iRedMail on CentOS 7 & RHEL 7

iRedMail is out of the box open source mail server solution on Linux like operating system. The beauty of iRedMail is that it provides web based admin panel from where mail admin or system admins can do all email related operations task. Some of other features are listed below :

Support unlimited email accounts.
It provides Roundcube as webmail (MUA )
It used Postfix as MTA & Dovecot as MDA
It pvoides Calendar service via CalDAV & Contact service via CardDAV
It uses SpamAssassin for Spam scan and Amavis & Clamav for Mail virus scan.
OpenLDAP, MariaDB and PostgreSQL can be used to save mail accounts

In this article we will demonstrate how to install and configure iRedMail on CentOS 7 & RHEL 7. I am going to use followings for iRedMail setup.

OS = CentOS 7 or RHEL 7
Domain = nsitmail.com
Server Hostname = mail.nsitmail.com

Note : In case if you want mails from your mail server to be delivered in inbox not in spam folder then update the DNS records like A & PTR  before installation and TXT ( SPF & DKIM ) after installation.

Step:1 Set hostname and disable Selinux.

Set the proper hostname using hostnamectl command if it is not set.

[root@mail ~]# hostnamectl set-hostname mail.nsitmail.com
[root@mail ~]# hostname -f
mail.nsitmail.com
[root@mail ~]#

Update the /etc/hosts file

127.0.0.1 mail.nsitmail.com localhost.localdomain localhost

Disable Selinux

[root@mail ~]# setenforce 0

Edit the file /etc/sysconfig/selinux , set the parameter “SELINUX=disabled” , Reboot the server to disable selinux completely.
Step:2 Download the tar file of iRedmail.

Download the latest version of iRedmail from their Official Web Site or use below wget command to download from terminal.

[root@mail ~]# wget https://bitbucket.org/zhb/iredmail/downloads/iRedMail-0.9.3.tar.bz2

Step:3 Extract the tar file & execute installation Script.

[root@mail ~]# ll
total 124
-rw-r--r-- 1 root root 126277 Dec 20 19:12 iRedMail-0.9.3.tar.bz2
[root@mail ~]#
[root@mail ~]# tar -jxvf iRedMail-0.9.3.tar.bz2
[root@mail ~]# cd iRedMail-0.9.3
[root@mail iRedMail-0.9.3]# sh iRedMail.sh

After couple of seconds , below screen will appear , Select yes and press enter.

1

Define the folder or directory where users mailbox will be stored.

2

Select the web Server for iRedmail. Default is Nginx.

3

Select the database of your choice which will store domain names and mail accounts. In my case i am using MariaDB.

4

Define the domain name for your mail server. In my case domain name is “nsitmail.com”

5

Set Password for postmaster account.

6

Select Optional Components of iRedmail installation8

Press “y” to continue installation, Mail Server info & Credentials are kept in the file “/root/iRedMail-0.9.3/config”. Please keep this file in secure place.

9

10

As per instructions , reboot the server to enable all mail services.

Postfix mail logs and iRedmail logs are stored in “/var/log/maillog” and “/var/log/iredapd/iredapd.log” respectively.

Note : Default administrator name is “postmaster@nsitmail.com”

Following are the Important URLs after the Installation is completed , replace the domain name as per your setup in mentioned URLs.

iRedAdmin – official web-based admin panel:

https://mail.nsitmail.com/iredadmin/

Username: postmaster@nsitmail.com, password: XXXXXXXXXX

Roundcube webmail URL :

http://mail.nsitmail.com/mail/

SOGo Groupware

https://mail.nsitmail.com/SOGo/

Step:4 Create Users & domain from Admin Panel.

To create users first login to admin panel. Use user name as “postmaster@<domain>” and password that we set during installation.

1-11-2

Click on Add option and then Select Users.

1-3

Add a new Domain :

From the admin Panel , Select “Domain & accounts” option and then click on Add domain

1-4

Define the domain name & Organization Name and then further we can create users on newly created domain.

1-5

Step:5 Access Roundcube (Webmail).

Open the url in the browser “https://mail.nsitmail.com/mail/” , replace the domain name as per your setup.

1-6

1-7

Send a test mail to verify the functionality.

1-8

As we see that i got the mail from iRedmail mail server, so we can say the iRedmail is successfully installed and configured.

Continue Reading