Setting Up CentOS 8 Web Server
Server Stuff

Setting Up CentOs 8 Web Server

5 min read

I’m trying out A2 Hosting’s unmanaged virtual private solution for my web hosting solution. The draw of this option is that it provides a barebones VPS at a low cost. The catch (or opportunity depending on how you look at it) is that you’re in charge of setting everything up. Here are the steps I took to get everything set up.

Start by SSHing into your new server. For right now, you can only login as root.

ssh root@your_server_ip

Create a new user

This example creates a new user called userdude, but you should replace it with any username that you prefer:

adduser userdude

Next, set a strong password for the userdude user:

passwd userdude

Now, set the new user to be an admin. To add these privileges to our new user, we need to add the new user to the wheel group. By default, on CentOS 8, users who belong to the wheel group are allowed to use the sudo command.

usermod -aG wheel userdude

Setting Up a Firewall

Before we get too far, let’s setup a basic firewall.

dnf install firewalld -y

A2 changes the default port for SSH, so we will want to allow the custom SSH port

sudo firewall-cmd --zone=public --add-port=7822/tcp --permanent

Start the firewall and check the status to makes sure everything is running smoothly

systemctl start firewalld
systemctl status firewalld

Add HTTP and HTTPS to be allowed by the firewall

firewall-cmd --permanent --add-service=http
firewall-cmd --permanent --add-service=https
firewall-cmd --reload

Installing Apache

sudo dnf install httpd

Start up Apache.

systemctl start httpd

You should now be able to navigate to your server’s IP address in a web browser and see the default Apache webpage.

Basic Apache Commands

To stop your web server, type:

sudo systemctl stop httpd

To start the web server when it is stopped, type:

sudo systemctl start httpd

To stop and then start the service again, type:

sudo systemctl restart httpd

If you are simply making configuration changes, Apache can often reload without dropping connections. To do this, use this command:

sudo systemctl reload httpd

By default, Apache is configured to start automatically when the server boots. If this is not what you want, disable this behavior by typing:

sudo systemctl disable httpd

To re-enable the service to start up at boot, type:

sudo systemctl enable httpd

Setting Up PHP

Let’s start by installing PHP

My server had 7.3 available, but I wanted to use 7.4. You can check this with the following command:

sudo dnf module list php

If you do not see 7.4 listed, you will need to add the Remi repository. Remi, a third-party repository which offers multiple versions of PHP (7.4 / 7.3 / 7.2) for Red Hat Enterprise Linux.

sudo rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
sudo dnf install -y https://rpms.remirepo.net/enterprise/remi-release-8.rpm

Enable everything with the following command:

sudo dnf module enable php:remi-7.4
sudo dnf install -y php php-bcmath php-mcrypt php-pdo php-xml php-tokenizer php-mysqlnd php-pecl-xdebug php-gd php-intl php-zip php-opcache
sudo systemctl restart httpd

Install MYSQL

Run the following command to install the mysql-server package and a number of its dependencies:

sudo dnf install mysql-server

Start up MySQL and enable it to start on startup

sudo systemctl start mysqld.service
sudo systemctl enable mysqld

Secure MySQL:

sudo mysql_secure_installation

This will take you through a series of prompts asking if you want to make certain changes to your MySQL installation’s security options. The first prompt will ask whether you’d like to set up the Validate Password Plugin, which you can use to test the strength of your MySQL password.

Once you have everything answered and ready to go, test it out:

mysqladmin -u root -p version

If you’re like me, you disabled root remote access. You’ll now have to create a new user to access mysql.

mysql -u root -p
CREATE USER 'newuser'@'%' IDENTIFIED BY 'user_password';
GRANT ALL PRIVILEGES ON database_name.* TO 'database_user'@'%';

Update the firewall to allow remote access to MySQL

sudo firewall-cmd --zone=public --add-port=3306/tcp --permanent
sudo firewall-cmd --reload

A2 didn’t require any additional configuration for remote MySQL, but your milage may vary.

Creating a virtual host file on CentOS 8

If you’re like me, you’ll be using your fancy new VPS to host multiple websites. This is where virtual hosts comes in. Let’s set one up.

Create a simple webpage

Create dedicated folders for your new website.

sudo mkdir -p /var/www/website.com/site

Make sure to create a file in order to store the log files of your website.

sudo mkdir -p /var/www/website.com/log

Create your first HTML page

cd /var/www/website.com/site
sudo vim index.html
<!doctype html>

<html lang="en">
<head>
  <meta charset="utf-8">

  <title>Website.com</title>
  <meta name="description" content="Website.com Homepage">
  <meta name="author" content="Your Name">
</head>

<body>
  This is the index page of website.com, welcome!
</body>
</html>

Setup the .conf files

Second, create a sites-available and sites-enabled directories:

sudo mkdir -p /etc/httpd/sites-enabled /etc/httpd/sites-available

Now that your folders are created, edit your default Apache configuration and find the following line.

sudo vim /etc/httpd/conf/httpd.conf

# Load config files in the "/etc/httpd/conf.d" directory if any
IncludeOptional conf.d/*.conf

Add this line below:

IncludeOptional sites-enabled/*.conf

Now that your Apache Web Server configuration is updated, create a virtual host file for your “website.com” website.

sudo vim /etc/httpd/sites-available/website.com.conf

Paste the following configuration in it.

<VirtualHost *:80>
    ServerName website.com
    ServerAlias www.website.com
    DocumentRoot /var/www/website.com/site
    ErrorLog /var/www/website.com/log/error.log
    CustomLog /var/www/website.com/log/requests.log combined
</VirtualHost>

Save your file, and make sure that your configuration is okay by running the following command.

$ sudo apachectl configtest
Syntax OK

Now, your website won’t be directly available just by restarting your Apache Web server, it needs to be located in the sites-enabled folder.

To link it to the sites-enabled directory, create a symbolic link using this command.

$ sudo ln -s /etc/httpd/sites-available/website.com.conf /etc/httpd/sites-enabled/website.com.conf

Update your SELinux firewall rules

By default, SELinux is configured to work with default Apache configuration folders. However, I did not have it working correctly. I was able to remedy that here.

As you created custom ones, you need to enable them in SELinux.

In order for the Apache Web Server to start correctly, you need to modify your Apache policy to include custom log directories.

To enable custom directories, run the following command

$ sudo setsebool -P httpd_unified 1

Restart your Apache server

Now that everything is correctly set up, it is time for you to restart your server to see your changes.

$ sudo systemctl restart httpd