Professional Documents
Culture Documents
in Centos 6.5
After the installation of fresh centos, set the appropriate network configuration
vi /etc/sysconfig/network-scripts/ifcfg-eth0
After editing of the network script press the ESC key and type :wq to save and exit.
Upgrade to the latest version.
yum -y upgrade
yum -y install nano
Preparations
Set a fully qualified domain name (FQDN) hostname on your server
No matter your server is a testing machine or production server, it's strongly recommended to set
a fully qualified domain name (FQDN) hostname.
Enter command hostname -f to view the current hostname:
$ hostname -f
hrms.goldenoiltd.com
: hostname <=> IP address mapping. Warning: List the FQDN hostname as first
item.
127.0.0.1
Verify the FQDN hostname. If it wasn't changed, please reboot server to make it work.
$ hostname -f
hrms.goldenoiltd.com
Disable SELinux.
SELinux will be disabled by setting below value in its config file /etc/selinux/config. After
server reboot, SELinux will be completely disabled.
Vi /etc/selinux/config
SELINUX=disabled
If you prefer to let SELinux prints warnings instead of enforcing, you can set below value
instead:
SELINUX=permissive
Reboot centos
Reboot
Adjust Iptables/Firewall
Add the following line:
iptables -F
iptables
iptables
iptables
iptables
-A
-A
-A
-A
INPUT
INPUT
INPUT
INPUT
-p
-p
-p
-i
-j ACCEPT
-j ACCEPT
-j ACCEPT
iptables -L
iptables-save | sudo tee /etc/sysconfig/iptables
Install PHP
PHP is an open source web scripting language that is widely used to build dynamic webpages.
To install PHP on your virtual private server, open terminal and type in this command:
yum search phpyum -y install php php-pgsql php-bcmath php-common php-dba php-devel php-gd
php-cli php-mbstring php-embedded php-pdo php-pear php-imap php-soap
su - postgres
-bash-4.1$ psql -U postgres
psql (8.4.20)
type "help" for help.
postgres=#
To exit from posgresql prompt, type \q following by typing exit to return back to the Terminal.
Set postgres user password
Login to postgresql prompt,
su - postgres
-bash-4.1$ psql -U postgres
postgres=#
DATABASE
USER
ADDRESS
METHOD
md5
md5
host
all
all
# IPv6 local connections:
host
all
all
[...]
192.168.1.0/24
md5
::1/128
md5
Uncomment both lines, and set the IP address of your postgresql server or set * to listen from
all clients as shown below:
listen_addresses = '*'
port = 5432
To tightly secure PostgreSQL for unwanted write access (to the public schemas anyway) we first
have to revoke it for everyone:
postgres=# REVOKE CREATE ON SCHEMA public FROM PUBLIC;
postgres=# REVOKE USAGE ON SCHEMA public FROM PUBLIC;
GRANT
GRANT
GRANT
GRANT
From now on, every user that you create does not have write access to the public schema of any
database. I think this is a better default, you now explicitly have to grant write access to a user if
you really need it.
Now, lets create the database and the necessary tables for storing our data. We already know the
database is going to be called "goldenoil_hrm" so go ahead and create it and grant our fresh
user (read) access to it:
postgres=# CREATE DATABASE goldenoil_hrm WITH OWNER goil_users;
postgres=# \l
postgres=# GRANT ALL PRIVILEGES ON DATABASE goldenoil_hrm TO goil_users;
postgres=# \q
We should also set the processes to run automatically when the server boots (php will run
automatically once Apache starts):
chkconfig httpd on
chkconfig postgresql on
Now, you can check your phpinfo.php page to verify the change took place.
Go back to root
cd
mkdir
chmod
mkdir
chmod
mkdir
chmod
/var/log/timetrex
-R 777 /var/log/timetrex
/var/timetrex/storage
-R 777 /var/timetrex/storage
/tmp/timetrex
-R 777/tmp/timetrex
open the timetrex.ini.php file, edit to your choice that sue your system
;<?php die('Access denied...');?>
;
;
; TimeTrex Configuration File
; *Linux* Example
;
;
;
; System paths. NO TRAILING SLASHES!
;
[path]
cache_dir = /tmp/timetrex
storage_dir = /var/timetrex/storage
log_dir = /var/log/timetrex
;URL to TimeTrex web root directory. ie: http://your.domain.com/<*BASE_URL*>
;DO NOT INCLUDE http://your.domain.com, just the directory AFTER your domain
base_url = /interface
;
;log directory
;
;Linux
log = /var/log/timetrex
;
;Misc storage, for attachments/images
;
;Linux
storage = /var/timetrex/storage
;
;Full path and name to the PHP CLI Binary
;
;Linux
php_cli = /usr/bin/php
;
; Database connection settings. These can be set from the installer.
;
[database]
;type = mysqli
type = postgres8
host = localhost
database_name = goldenoil_hrm
user = goil_users
password = GOIL.Goldenoil
;
; Email delivery settings.
;
[mail]
;Least setup, deliver email through TimeTrex's email relay via SOAP (HTTP
port 80)
;Deliver email through local sendmail command specified in php.ini
;delivery_method = mail
;Deliver email through remote SMTP server with the following settings.
delivery_method = soap, smtp
smtp_host = goldenoiltd.com
smtp_port = 465
smtp_username = hrms@goldenoiltd.com
smtp_password = wUGi#zMUdX2T
;
; Cache settings
;
[cache]
enable = TRUE
;Linux
dir = /tmp/timetrex
[debug]
;Set to false if you're debugging
production = TRUE
enable = FALSE
enable_display = FALSE
buffer_output = TRUE
enable_log = FALSE
verbosity = 10
[other]
; Force all clients to use SSL.
force_ssl = FALSE
installer_enabled = FALSE
primary_company_id = 2
hostname = localhost
; System Administrators Email address to send critical errors to if
necessary. Set to FALSE to disable completely.
system_admin_email = hrms@goldenoiltd.com
default_interface = html5
;WARNING: DO NOT CHANGE THIS AFTER YOU HAVE INSTALLED TIMETREX.
;If you do it will cause all your passwords to become invalid,
;and you may lose access to some encrypted data.
salt = 0
vi /etc/httpd/conf.d/goldenoiltd.conf
<VirtualHost *:80>
ServerAdmin webmaster@goldenoiltd.com
DocumentRoot /var/www/TimeTrex
ServerName hrms.goldenoiltd.com
<Directory "/var/www/TimeTrex">
Options -Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
</Directory>
ErrorLog /var/www/TimeTrex/goldenoiltd.com-error.log
CustomLog /var/www/TimeTrex/goldenoiltd.com-ccess.log combined
</VirtualHost>
or
Configure Apache to use the Signed SSL Certificate (Self-sign and CA sign)
These instructions will help you generate a generic self-signed certificate, which may be used to
provide SSL service for all name-based hosts on your VPS. Please note that self-signed
certificates will generate warnings in a visitors browser; proceed to Installing a Commercial
SSL Certificate if you need to set up SSL on a domain using a certificate signed by a
commercial SSL provider.
Self-Signed Certificate
mkdir /etc/httpd/ssl
openssl req -new -x509 -sha256 -days 365 -nodes -out
/etc/httpd/ssl/hrms.goldenoiltd.com.pem -keyout
/etc/httpd/ssl/hrms.goldenoiltd.com.key
You will be asked for several configuration values. Enter values appropriate for your
organization and server, as shown here. This example will create a certificate valid for 365 days;
you may wish to increase this value. Weve specified the FQDN (fully qualified domain name)
of the VPS for the Common Name entry, as this certificate will be used for generic SSL
service.
Generating a 1024 bit RSA private key
...................................++++++
..............................++++++
writing new private key to '/etc/httpd/ssl/hrms.goldenoiltd.com.pem'
----You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
----Country Name (2 letter code) [GB]:NG
State or Province Name (full name) [Berkshire]:Anambra
Locality Name (eg, city) [Newbury]:Onitsha
Organization Name (eg, company) [My Company Ltd]:Goldenoil LTD, LLC
Organizational Unit Name (eg, section) []:Palm Oil refining
Common Name (eg, YOUR name) []:hrms.goldenoiltd.com
Email Address []:it@goldenoiltd.com
CA signed
mkdir /etc/httpd/ssl
cd /etc/httpd/ssl
openssl req -new -days 365 -nodes -keyout hrms_goldenoiltd_com.key -out
hrms_goldenoiltd_com.csr
Here are the values we entered for our example certificate. Note that you can ignore the extra
attributes.
Generating a 1024 bit RSA private key
......................................................++++++
....++++++
writing new private key to 'hrms.goldenoiltd.com.key'
----You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
----Country Name (2 letter code) [GB]:NG
State or Province Name (full name) [Berkshire]:Anambra
Locality Name (eg, city) [Newbury]:Onitsha
Organization Name (eg, company) [My Company Ltd]:Goldenoiltd LTD
Organizational Unit Name (eg, section) []:Oil Refining
Common Name (eg, YOUR name) []:hrms.goldenoiltd.com
Email Address []:it@goldenoiltd.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
Files for your domain will be created in /etc/httpd/ssl. You may now submit the file ending
in .csr to a commercial SSL provider for signing. You will receive a signed file after the CA
signs the request. Save this file as /etc/httpd/ssl/hrms_goldenoiltd_com.crt.
Execute the following command to protect the signed certificate:
chmod 400 /etc/httpd/ssl/hrms_goldenoiltd_com.crt
/etc/httpd/ssl/hrms_goldenoiltd_com.ca-bundle.
Configure Apache to use the Signed SSL Certificate and Redirect Request to SSL
In the following example, edit the virtual host configuration file for the site you would like to
enable SSL on (hrms.goldenoiltd.com in our example). Add the following stanza to your
virtual hosting configuration file, (e.g. /etc/httpd/conf.d/goldenoiltd.conf). Note that
weve reproduced the configuration for the non-SSL version of the site, with the addition of four
lines for SSL. This example uses the CA certificate file for a certificate signed by Comodo.
nano /etc/httpd/conf.d/goldenoiltd.conf
NameVirtualHost *:80
<VirtualHost *:80>
ServerName hrms.goldenoiltd.com
Redirect permanent / https://hrms.goldenoiltd.com/
</VirtualHost>
Go to /etc/httpd/conf.d/ssl.conf file and disable the entire virtualhost and path to default
self-signed certificate with # sign before the line statement e.g
Add # sign first to the following line statements in the ssl.conf file
#<VirtualHost _default_:443>
#ErrorLog logs/ssl_error_log
#TransferLog logs/ssl_access_log
#LogLevel warn
#SSLEngine on
#SSLProtocol all -SSLv2
#SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
#SSLCertificateFile /etc/pki/tls/certs/localhost.crt
#SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
#<Files ~ "\.(cgi|shtml|phtml|php3?)$">
#
SSLOptions +StdEnvVars
#</Files>
#<Directory "/var/www/cgi-bin">
#
SSLOptions +StdEnvVars
#</Directory>
#CustomLog logs/ssl_request_log \
#
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
#</VirtualHost>
Then configure your own custom ssl virtualhost config file in /etc/httpd/conf.d directory.
nano /etc/httpd/conf.d/vhost.conf
NameVirtualHost *:443
<VirtualHost *:443>
SSLEngine On
SSLProtocol all -SSLv2
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
SSLCertificateFile /etc/httpd/ssl/hrms_goldenoiltd_com.crt
SSLCertificateKeyFile /etc/httpd/ssl/hrms_goldenoiltd_com.key
SSLCACertificateFile /etc/httpd/ssl/hrms_goldenoiltd_com.ca-bundle
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
SSLOptions +StdEnvVars
</Files>
<Directory /var/www/TimeTrex>
AllowOverride All
</Directory>
ServerAdmin webmaster@goldenoiltd.com
DocumentRoot /var/www/TimeTrex
ServerName hrms.goldenoiltd.com
ErrorLog /var/www/TimeTrex/goldenoiltd.com-error.log
CustomLog /var/www/TimeTrex/goldenoiltd.com-ccess.log combined
</VirtualHost>
http://192.168.1.213/interface/html5/#!m=Login
https://hrms.goldenoiltd.com/interface/html5/#!m=Login