Category: Linux Tutorials

Posted on

How To Install Let’s Encrypt SSL With Nginx on CentOS 7

Let’s Encrypt SSL With Nginx on CentOS 7

LetsEncrypt is a free open certificate authority (CA) that provides free certificates for websites and other services. The service, which is backed by the Electronic Frontier Foundation, Mozilla, Cisco Systems, and Akamai. Unfortunately, LetsEncrypt.org certificates currently have a 3 month lifetime. This means you’ll need to renew your certificate quarterly for now.

Prerequisites

This article assumes you have at least basic knowledge of linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo’ to the commands to get root privileges. I will show you through the step by step installation Let’s Encrypt SSL with Nginx on a CentOS 7 server.
Install Let’s Encrypt SSL With Nginx on CentOS 7

Step 1. First let’s start by ensuring your system is up-to-date.

yum clean all
yum -y update
Step 2. Installing Let’s Encrypt SSL on CentOS 7.

In CentOS 7, you can find Certbot on the EPEL repository; if you enable it, just install what you need:
yum install epel-release
yum install certbot

You will also need to have nginx installed and running. Of course, if you are adding certificates onto a previously configured web host this would already be installed:

yum install nginx
systemctl start nginx

The first step to install let’s encrypt ssl on CentOS Linux is to add a simple configuration inside your nginx virtual host configuration. Add this line to your vhost configuration:

location ~ /.well-known {
allow all;
}

Save and exit to apply changes:

nginx -t
systemctl restart nginx

Obtaining a certificate with Certbot:

Run the command as you see below, replace “wpcademy.com” with your real domain name and /var/www/wpcademy.com with your real webroot path:

certbot certonly -a webroot --webroot-path=/var/www/wpcademy.com -d wpcademy.com -d www.wpcademy.com

Result:

[[email protected]:~]certbot certonly -a webroot --webroot-path=/var/www/wpcademy.com -d wpcademy.com -d www.wpcademy.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for wpcademy.com
Using the webroot path /var/www/html for all unmatched domains.
Waiting for verification...
Cleaning up challenges
Generating key (2048 bits): /etc/letsencrypt/keys/0001_key-certbot.pem
Creating CSR: /etc/letsencrypt/csr/0001_csr-certbot.pem
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at
/etc/letsencrypt/live/idroot.us/fullchain.pem. Your cert
will expire on 2017-07-16. To obtain a new or tweaked version of
this certificate in the future, simply run certbot again. To
non-interactively renew *all* of your certificates, run "certbot
renew"
- If you like Certbot, please consider supporting our work by:

Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
[[email protected]:~]

Step 3. Configure Let’s Encrypt TLS/SSL on Nginx Web Server.

First, edit the Virtual Host file you specified during configuration through Certbot and add this three directives:

listen 443 ssl http2;
ssl_certificate /etc/letsencrypt/live/idroot.us/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/idroot.us/privkey.pem;

The full nginx vhost configuration may look like this:

server {
listen 80;
server_name wpcademy.com www.wpcademy.com;
rewrite ^(.*) https://wpcademy.com$1 permanent;
}

server {
access_log off;
log_not_found off;
error_log logs/idroot.us-error_log warn;

server_name wpcademy.com;
root /var/www/wpcademy.com;
index index.php index.html index.htm;

listen 443 ssl http2;
ssl_certificate /etc/letsencrypt/live/wpcademy.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/wpcademy.com/privkey.pem;

## Stuff required by certbot
location ~ /.well-known {
allow all;
}

## SSL
ssl_session_cache shared:SSL:20m;
ssl_session_timeout 10m;

ssl_prefer_server_ciphers On;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS;

ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.8.8 8.8.4.4 valid=300s;
resolver_timeout 10s;

access_log /var/www/wpcademy.com/logs/access.log;
error_log /var/www/wpcademy.com/logs/error.log;

# php-script handler
location ~ \.php$ {
fastcgi_index index.php;
fastcgi_pass 127.0.0.1:9000; fastcgi_read_timeout 150;
root /var/www/wpcademy.com/public_html;
fastcgi_param SCRIPT_FILENAME /var/www/idroot.us$fastcgi_script_name;
include /etc/nginx/fastcgi_params;
}
location ~ /\.ht {
deny all;
}
}

Step 5. Set Up Let’s Encrypt SSL Auto Renewal.

We will add a cronjob to run the renewal command every week, run this command:

export VISUAL=nano; crontab -e

Paste the following lines:

01 1 * * 0 /usr/bin/certbot renew >> /var/log/ssl-renew.log
06 1 * * 0 /usr/bin/systemctl nginx reload

Save and Exit from the crontab table.

This will create a new cronjob that will be executed every Sunday at 01 AM, and then it will reload Nginx web server to apply the changes. The output will be logged into /var/log/ssl-renew.log file for further analysis if needed.

Congratulation’s! You have successfully installed Let’s Encrypt. Thanks for using this tutorial for installing Let’s Encrypt SSL on CentOS 7 system. For additional help or useful information, we recommend you to check the official Let’s Encrypt web site.

Posted on

How To Install Cerb on CentOS 7

Cerb on CentOS 7

Cerb is an open-source application for web-based collaboration and automation. Cerb can also be used for sending a high volume of emails. Cerb is written in PHP and uses MySQL/MariaDB to store its data

Prerequisites

This article assumes you have at least basic knowledge of linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo’ to the commands to get root privileges. I will show you through the step by step installation Cerb on a CentOS 7 server.
Install Cerb on CentOS 7

Step 1. First let’s start by ensuring your system is up-to-date.

yum clean all
yum -y install epel-release
yum -y update

Step 2. Install LAMP server.

A CentOS 7 LAMP stack server is required. If you do not have a LAMP installed, you can follow our guide here. Also install required PHP modules:

yum install install php70w-cli php70w-pear php70w-gd php70w-xml php70w-curl php70w-gmp php70w-pdo php70w-mysql php70w-zip php70w-mbstring php70w-mcrypt

Once the installation is finished, you will need to modify the php.ini configuration file:

nano /etc/php.ini

Change the following line:

memory_limit = 128M # 128M or Higher according to the memory available
upload_max_filesize = 2M # 32M or Higher
post_max_size = 8M # 32M or Higher
;upload_tmp_dir = # Uncomment and change it to upload_tmp_dir = /tmp

Step 3. Configuring MariaDB for Cerb.

By default, MariaDB is not hardened. You can secure MariaDB using the mysql_secure_installation script. you should read and below each steps carefully which will set root password, remove anonymous users, disallow remote root login, and remove the test database and access to secure MariaDB:

mysql_secure_installation

Configure it like this:

- Set root password? [Y/n] y
- Remove anonymous users? [Y/n] y
- Disallow root login remotely? [Y/n] y
- Remove test database and access to it? [Y/n] y
- Reload privilege tables now? [Y/n] y

Next we will need to log in to the MariaDB console and create a database for the Cerb. Run the following command:

mysql -u root -p

This will prompt you for a password, so enter your MariaDB root password and hit Enter. Once you are logged in to your database server you need to create a database for Cerb installation:

CREATE DATABASE cerb_data;
CREATE USER 'cerb_user'@'localhost' IDENTIFIED BY 'StrongPassword';
GRANT ALL PRIVILEGES ON cerb_data.* TO 'cerb_user'@'localhost';
FLUSH PRIVILEGES;
EXIT;

Step 4. Installing Cerb.

Once Database is configured, you will need to install Cerb. You can download the latest version of Cerb from GitHub repository with the following command:

yum -y install git
cd /var/www/html
git clone git://github.com/wgm/cerb.git cerb

Next, you’ll have to change proper ownership and provide file permissions, you can do so using following command:

cd /var/www/html/cerb
chown -R apache:apache .
chmod -R u+w framework.config.php storage

Step 5. Configure Firewall for Cerb.

You may also need to allow HTTP traffic on port 80 through the system firewall:

firewall-cmd --zone=public --permanent --add-service=http
firewall-cmd --reload

Step 6. Accessing Cerb.

Cerb will be available on HTTP port 80 by default. Open your favorite browser and navigate to http://yourdomain.com/cerb or http://server-ip/cerb and complete the required the steps to finish the installation.

Congratulation’s! You have successfully installed Cerb. Thanks for using this tutorial for installing Cerb on CentOS 7 system. For additional help or useful information, we recommend you to check the official Cerb web site.

Posted on

How To Install Mail Server With PostfixAdmin on CentOS 7

Mail Server With PostfixAdmin on CentOS 7

Postfixadmin is a web frontend to the mysql or mariaDB database used by Postfix. With Postfixadmin we can easily manage from a web browser our Postfix service, adding and removing mail users and domains, mail aliases, disk quotas, etc.

Prerequisites

This article assumes you have at least basic knowledge of linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo’ to the commands to get root privileges. I will show you through the step by step installation Seafile Secure Cloud Storage on a CentOS 7 server.
Install Mail Server With PostfixAdmin on CentOS 7

Step 1. First, let’s start by ensuring your system is up-to-date.

yum clean all
yum -y update

Step 2. Install LAMP server.

A CentOS 7 LAMP stack server is required. If you do not have a LAMP installed, you can follow our guide here. Also install required PHP modules:

yum install php70w-cli php70w-gd php70w-xml php70w-curl php70w-mysql php70w-zip php70w-mbstring php70w-mcrypt

Step 3. Configuring MariaDB for PostfixAdmin.

By default, MariaDB is not hardened. You can secure MariaDB using the mysql_secure_installation script. You should read and below each step carefully which will set the root password, remove anonymous users, disallow remote root login, and remove the test database and access to secure MariaDB:

mysql_secure_installation

Configure it like this:

- Set root password? [Y/n] y
- Remove anonymous users? [Y/n] y
- Disallow root login remotely? [Y/n] y
- Remove test database and access to it? [Y/n] y
- Reload privilege tables now? [Y/n] y

Next we will need to log in to the MariaDB console and create a database for the PostfixAdmin. Run the following command:

mysql -u root -p

This will prompt you for a password, so enter your MariaDB root password and hit Enter. Once you are logged in to your database server you need to create a database for PostfixAdmin installation:

CMariaDB [(none)]> CREATE DATABASE postfixadmin;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON postfixadmin.* TO 'postfixadmin'@'localhost' IDENTIFIED BY 'strong_password';
MariaDB [(none)]> FLUSH PRIVILEGES;
MariaDB [(none)]> \q

Step 4. Installing PostfixAdmin.

The first thing to do is to go to PostfixAdmin’s download page and download the latest stable version of PostfixAdmin:

wget -q -O - "https://downloads.sourceforge.net/project/postfixadmin/postfixadmin/postfixadmin-3.0.2/postfixadmin-3.0.2.tar.gz" | tar -xzf - -C /var/www/html

Open the mail configuration file:

nano /var/www/html/postfixadmin-3.0.2/config.inc.php

Edit the following values:

$CONF['configured'] = true;
$CONF['database_type'] = 'mysqli';
$CONF['database_host'] = 'localhost';
$CONF['database_user'] = 'postfixadmin';
$CONF['database_password'] = 'strong_password';
$CONF['database_name'] = 'postfixadmin';
$CONF['domain_path'] = 'NO';
$CONF['domain_in_mailbox'] = 'YES';

Now you need to assign the ownership of the files and folders to Apache’s user and group. To do so, the command is:

chown -R apache: /var/www/html/postfixadmin-3.0.2

To populate the database go to https://Your_IP_Address/postfixadmin-3.0.2/setup.php and you should see something like below:

Testing database connection - OK - mysqli://postfixadmin:xxxxx@localhost/postfixadmin
Everything seems fine... attempting to create/update database structure

Create a new admin user:

bash /var/www/html/postfixadmin-3.0.2/scripts/postfixadmin-cli admin add admin@your_domain_wpcademy.com --password strong_password22 --password2 strong_password22 --superadmin 1 --active 1
<.pre>

Step 5. Installing and configure Postfix.

Install postfix with the following command:
yum -y install postfix

Once the installation is completed, we need to create configuration files:

mkdir -p /etc/postfix/sql/

nano /etc/postfix/sql/mysql_virtual_alias_domain_catchall_maps.cf

Edit the following values:

user = postfixadmin
password = strong_password
hosts = localhost
dbname = postfixadmin
query = SELECT goto FROM alias,alias_domain WHERE alias_domain.alias_domain = '%d' and alias.address = CONCAT('@', alias_domain.target_domain) AND alias.active = 1 AND alias_domain.active='1'

nano /etc/postfix/sql/mysql_virtual_alias_domain_mailbox_maps.cf

Edit the following values:

user = postfixadmin
password = strong_password
hosts = localhost
dbname = postfixadmin
query = SELECT maildir FROM mailbox,alias_domain WHERE alias_domain.alias_domain = '%d' and mailbox.username = CONCAT('%u', '@', alias_domain.target_domain) AND mailbox.active = 1 AND alias_domain.active='1'

nano /etc/postfix/sql/mysql_virtual_alias_domain_maps.cf

Edit the following values:

user = postfixadmin
password = strong_password
hosts = localhost
dbname = postfixadmin
query = SELECT goto FROM alias,alias_domain WHERE alias_domain.alias_domain = '%d' and alias.address = CONCAT('%u', '@', alias_domain.target_domain) AND alias.active = 1 AND alias_domain.active='1'

nano /etc/postfix/sql/mysql_virtual_alias_maps.cf

Edit the following values:

user = postfixadmin
password = strong_password
hosts = localhost
dbname = postfixadmin
query = SELECT goto FROM alias WHERE address='%s' AND active = '1'
#expansion_limit = 100

nano /etc/postfix/sql/mysql_virtual_domains_maps.cf

Edit the following values:

user = postfixadmin
password = strong_password
hosts = localhost
dbname = postfixadmin
query = SELECT domain FROM domain WHERE domain='%s' AND active = '1'
#query = SELECT domain FROM domain WHERE domain='%s'
#optional query to use when relaying for backup MX
#query = SELECT domain FROM domain WHERE domain='%s' AND backupmx = '0' AND active = '1'
#expansion_limit = 100

nano /etc/postfix/sql/mysql_virtual_mailbox_limit_maps.cf

Edit the following values:

user = postfixadmin
password = strong_password
hosts = localhost
dbname = postfixadmin
query = SELECT quota FROM mailbox WHERE username='%s' AND active = '1'

nano /etc/postfix/sql/mysql_virtual_mailbox_maps.cf

Edit the following values:

user = postfixadmin
password = strong_password
hosts = localhost
dbname = postfixadmin
query = SELECT maildir FROM mailbox WHERE username='%s' AND active = '1'
#expansion_limit = 100

Next, edit the main.cf file:

postconf -e "myhostname = $(hostname -f)"

postconf -e "virtual_mailbox_domains = proxy:mysql:/etc/postfix/sql/mysql_virtual_domains_maps.cf"
postconf -e "virtual_alias_maps = proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_maps.cf, proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_domain_maps.cf, proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_domain_catchall_maps.cf"
postconf -e "virtual_mailbox_maps = proxy:mysql:/etc/postfix/sql/mysql_virtual_mailbox_maps.cf, proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_domain_mailbox_maps.cf"
postconf -e "smtpd_tls_cert_file = /etc/pki/tls/certs/localhost.crt"
postconf -e "smtpd_tls_key_file = /etc/pki/tls/private/localhost.key"
postconf -e "smtpd_use_tls = yes"
postconf -e "smtpd_tls_auth_only = yes"
postconf -e "smtpd_sasl_type = dovecot"
postconf -e "smtpd_sasl_path = private/auth"
postconf -e "smtpd_sasl_auth_enable = yes"
postconf -e "smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination"
postconf -e "mydestination = localhost"
postconf -e "mynetworks = 127.0.0.0/8"
postconf -e "inet_protocols = ipv4"
postconf -e "inet_interfaces = all"
postconf -e "virtual_transport = lmtp:unix:private/dovecot-lmtp"

Open the master.cf file, find submission inet n and smtps inet n sections and edit as follows:

nano /etc/postfix/master.cf

Edit the following values:

submission inet n - n - - smtpd
-o syslog_name=postfix/submission
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
# -o smtpd_reject_unlisted_recipient=no
# -o smtpd_client_restrictions=$mua_client_restrictions
# -o smtpd_helo_restrictions=$mua_helo_restrictions
# -o smtpd_sender_restrictions=$mua_sender_restrictions
# -o smtpd_recipient_restrictions=
-o smtpd_relay_restrictions=permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING
smtps inet n - n - - smtpd
-o syslog_name=postfix/smtps
# -o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
# -o smtpd_reject_unlisted_recipient=no
# -o smtpd_client_restrictions=$mua_client_restrictions
# -o smtpd_helo_restrictions=$mua_helo_restrictions
# -o smtpd_sender_restrictions=$mua_sender_restrictions
# -o smtpd_recipient_restrictions=
-o smtpd_relay_restrictions=permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING

Finally, enable the postfix service:

systemctl enable postfix
systemctl restart postfix

Step 6. Installing and Configure Dovecot.

Install dovecot using the command bellow:

yum install dovecot dovecot-mysql

Open the /etc/dovecot/conf.d/10-mail.conf file:

nano /etc/dovecot/conf.d/10-mail.conf

Change the following values:

mail_location = maildir:/var/vmail/%d/%n
mail_privileged_group = mail
mail_uid = vmail
mail_gid = mail
first_valid_uid = 150
last_valid_uid = 150

Open the /etc/dovecot/conf.d/10-auth.conf file:

nano /etc/dovecot/conf.d/10-auth.conf

Change the following values:

auth_mechanisms = plain login
#!include auth-system.conf.ext
!include auth-sql.conf.ext

Create a new dovecot-sql.conf.ext file:

nano /etc/dovecot/dovecot-sql.conf.ext

Edit the following values:

driver = mysql
connect = host=localhost dbname=postfixadmin user=postfixadmin password=strong_password
default_pass_scheme = MD5-CRYPT
password_query = SELECT username as user, password, '/var/vmail/%d/%n' as userdb_home, 'maildir:/var/vmail/%d/%n' as userdb_mail, 150 as userdb_uid, 8 as userdb_gid FROM mailbox WHERE username = '%u' AND active = '1'
user_query = SELECT '/var/vmail/%d/%u' as home, 'maildir:/var/vmail/%d/%u' as mail, 150 AS uid, 8 AS gid, concat('dirsize:storage=', quota) AS quota FROM mailbox WHERE username = '%u' AND active = '1'

In the /etc/dovecot/conf.d/10-ssl.conf file enable SSL support:

ssl = yes

Open the /etc/dovecot/conf.d/15-lda.conf file and set the postmaster_address email address:

postmaster_address = postmaster@your_domain_name.com

Open the /etc/dovecot/conf.d/10-master.conf file, find the service lmtp section and change it to:

service lmtp {
unix_listener /var/spool/postfix/private/dovecot-lmtp {
mode = 0600
user = postfix
group = postfix
}
}

Find the service auth section and change it to:

service auth {
unix_listener /var/spool/postfix/private/auth {
mode = 0666
user = postfix
group = postfix
}
unix_listener auth-userdb {
mode = 0600
user = vmail
#group = vmail
}
user = dovecot
}

Change the service auth-worker section to the following:

service auth-worker {
user = vmail
}

Now you need to assign the ownership of the files and folders. To do so, the command is:

chown -R vmail:dovecot /etc/dovecot
chmod -R o-rwx /etc/dovecot

Finally, enable and restart the dovecot service:

systemctl enable dovecot
systemctl restart dovecot

Step 7. Installing and configure Spamassassin.

Install spamassassin using the command bellow:

yum -y install spamassassin

Create a spamassassin system user:

groupadd spamd
useradd -g spamd -s /bin/false -d /var/log/spamassassin spamd
chown spamd:spamd /var/log/spamassassin

Next, configure Postfix to use SpamAssassin:

nano /etc/postfix/master.cf

Change values:

smtp inet n - n - - smtpd

With:

smtp inet n - n - - smtpd -o content_filter=spamassassin

Add the following line at the end of the file:

systemctl enable spamassassin
systemctl restart spamassassin

Finally, restart the postfix service:

systemctl restart postfix

Step 8. Accessing PostfixAdmin.

If everything is set up correctly now you should be able to log in to your PostfixAdmin backend by going to http://Your_IP_Address/postfixadmin-3.0.2.2 and create your first virtual domain and mailbox.

Congratulation’s! You have successfully installed PostfixAdmin. Thanks for using this tutorial for installing Mail Server With PostfixAdmin on CentOS 7 system. For additional help or useful information, we recommend you to check the official PostfixAdmin web site.

Posted on

How To Install Let’s Encrypt SSL With Apache on CentOS 7

Let’s Encrypt SSL With Apache on CentOS 7

LetsEncrypt is a free open certificate authority (CA) that provides free certificates for websites and other services. The service, which is backed by the Electronic Frontier Foundation, Mozilla, Cisco Systems, and Akamai. Unfortunately, LetsEncrypt.org certificates currently have a 3 month lifetime. This means you’ll need to renew your certificate quarterly for now.

Prerequisites

This article assumes you have at least basic knowledge of linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo’ to the commands to get root privileges. I will show you through the step by step installation Let’s Encrypt SSL with Apache on a CentOS 7 server.
Install Let’s Encrypt SSL With Apache on CentOS 7

Step 1. First let’s start by ensuring your system is up-to-date.

yum clean all
yum -y update

Step 2. Installing Let’s Encrypt SSL using Certbot.

In CentOS 7, you can find Certbot on the EPEL repository; if you enable it, just install what you need:

yum install epel-release
yum install python-certbot-apach

Certbot has a fairly solid beta-quality Apache plugin, which is supported on many platforms, and automates both obtaining and installing certs:

certbot --apache

After that, you’ll see a guide to customize your options, just like this:
Let%u2019s-Encrypt-SSL-Apache
Enter the domain you want to secure; then, Certbot will prompt you to enter your email address:
Let%u2019s-Encrypt-SSL-Apache-1
Next, you will choose the Virtual Host file, being the default ssh.conf. After that, you can decide whether to enable both http and https access or redirect to https. The secure option is the second one (https). At the end of the procedure, Certbot will display a message containing configuration information.

Step 3. Configuration CentOS SSL.

First, edit the Virtual Host file you specified during configuration through Certbot. If you used the default one, the file should be /etc/httpd/conf.d/ssl.conf:

SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
SSLProtocol All -SSLv2 -SSLv3
SSLHonorCipherOrder On
Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
Header always set X-Frame-Options DENY
Header always set X-Content-Type-Options nosniff
# Requires Apache >= 2.4
SSLCompression off
SSLUseStapling on
SSLStaplingCache "shmcb:logs/stapling-cache(150000)"
# Requires Apache >= 2.4.11
SSLSessionTickets Off

Save and close the file. Restart the apache service for the changes to take effects:

systemctl restart httpd.service

Step 4. Automating renewal Let’s Encrypt.

Certbot can be configured to renew your certificates automatically before they expire. Since Let’s Encrypt certificates last for 90 days, it’s highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

certbot renew --dry-run

Congratulation’s! You have successfully installed Let’s Encrypt. Thanks for using this tutorial for installing Let’s Encrypt SSL on CentOS 7 system. For additional help or useful information, we recommend you to check the official Let’s Encrypt web site.

Posted on

How To Enable HTTP/2.0 Support on Apache

Enable HTTP2

HTTP/2 is the new updated HTTP protocol, and its supposed to be much more efficient than the now outdated http/1.1 version. Its goal is to reduce the latency as well as to make the web applications faster by allowing multiple concurrent requests between the web browser and the server across a single TCP connection. If you are looking to speed up the loading time of your website or blog then you should enable http/2.0 in your web server.

Prerequisites

This article assumes you have at least basic knowledge of linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo’ to the commands to get root privileges. I will show you through the step by step enable HTTP/2.0 support in Apache running Ubuntu 16.04 (Xenial Xerus) server.
Enable HTTP/2.0 Support on Apache running Ubuntu 16.04 LTS

Step 1. First make sure that all your system packages are up-to-date by running these following apt-get commands in the terminal.

sudo apt-get update
sudo apt-get upgrade

Step 2. Enable HTTP/2.0 Apache web server.

So make sure that your Apache version supporting HTTP/2 protocol. If you have not installed Apache or using older version upgrade it first. Use the following commands to add PPA for installing latest Apache2 version on your Ubuntu system:

sudo apt-get install python-software-properties
sudo add-apt-repository ppa:ondrej/apache2
sudo apt-get update
sudo apt-get install apache2

Once installed, verify Apache version:

### apache2 -v
Server version: Apache/2.4.17 (Ubuntu)
Server built: 2017-03-05T00:00:00

Enable the HTTP/2.0 module by typing this commands:

sudo a2enmod http2

Restart Apache for the changes to take effect:

systemctl restart apache2

Now open your VirtualHost file ( e.g. most likely at this path /etc/apache2/sites-available/ ) and put this code in:

Protocols h2 http/1.1

Step 3. Verify HTTP/2.

Go to https://tools.keycdn.com/http2-test and test if http/2.0 is detected in your domain.

https://tools.keycdn.com/http2-test

Congratulation’s! You have successfully enable HTTP/2.0 apache web server. Thanks for using this tutorial for enable HTTP/2.0 support on Apache running Ubuntu 16.04 LTS (Xenial Xerus) system. For additional help or useful information, we recommend you to check the official Apache web site.

Posted on

How To Install XAMPP on CentOS 7

XAMPP on CentOS 7

XAMPP is an open source software that provides users with an out-of-the-box server experience. It is a complex, yet very easy-to-use AMPP (Apache, MySQL, PHP and Perl) distribution that’s compatible with the Linux, Microsoft Windows and Mac OS X operating systems. The best tool for those who want to install a fully functional web development environment.

Prerequisites

This article assumes you have at least basic knowledge of linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo’ to the commands to get root privileges. I will show you through the step by step installation XAMPP stack on a CentOS 7 server.
Features XAMPP

Regularly updated to the latest versions of Apache, MariaDB, PHP and Perl.
Supports other modules like OpenSSL, phpMyAdmin, MediaWiki, Joomla, WordPress etc.,
Tests the website designers and programmers work without Internet.
Secured package.
Allows creation and manipulation of databases in MariaDB and SQLite.

Install XAMPP on CentOS 7

Step 1. First let’s start by ensuring your system is up-to-date.

yum clean all
yum -y update

Step 2. Installing XAMPP on CentOS 7.

The first step is to download script from official xampp and to add the code in a new .run file on your Ubuntu machine, wherever you’d like this:

https://www.apachefriends.org/xampp-files/7.1.1/xampp-linux-x64-7.1.1-0-installer.run

Next, run the following command to make XAMPP executable:

chmod +x xampp-linux-x64-7.1.1-0-installer.run

Now is the time to run the script file to install XAMPP and wait until xampp is fully installed:

./xampp-linux-x64-7.1.1-0-installer.run

That should start the XAMPP installation setup. Continue with the installation as you usually do:
XAMPP1
xampp2
xampp3
xampp4
xampp5
xampp6
Once the setup is finished, XAMPP should be available for its usage in your Desktop or open your browser and follow this link : http://localhost/dashboard/

Congratulation’s! You have successfully installed XAMPP. Thanks for using this tutorial for installing XAMPP stack on CentOS 7 system. For additional help or useful information, we recommend you to check the official XAMPP web site.

Posted on

How To Install PowerDNS on CentOS 7

PowerDNS on CentOS 7

PowerDNS is a MySQL-based DNS server, written in C++ and licensed under the GPL. PowerDNS can be managed through a web interface (PowerAdmin). Unlike Bind, PowerDNS can be setup using a multitude of backends such as Bind Zone Files, or various Databases.

Prerequisites

This article assumes you have at least basic knowledge of linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo’ to the commands to get root privileges. I will show you through the step by step installation PowerDNS on a CentOS 7 server.
Install PowerDNS on CentOS 7

Step 1. First let’s start by ensuring your system is up-to-date.

yum clean all
yum -y update

Step 2. Installing PowerDNS and backend.

First, you need to enable EPEL repository and all required packages on your system:

yum install epel-release
yum install bind-utils pdns pdns-recursor pdns-backend-mysql mariadb mariadb-server

Enable PowerDNS on boot and start PowerDNS server:

systemctl enable mariadb
systemctl enable pdns
systemctl enable pdns-recursor

Step 3. Configuring MariaDB.

By default, MariaDB is not hardened. You can secure MariaDB using the mysql_secure_installation script. you should read and below each steps carefully which will set root password, remove anonymous users, disallow remote root login, and remove the test database and access to secure MariaDB.

mysql_secure_installation

Step 4. Create PowerDNS Database and User in MariaDB.

Login as a MariaDB root and create a new database and tables:

### mysql -uroot -p

create user 'powerdns'@'localhost' identified by 'password';
grant all privileges on powerdns.* to 'powerdns'@'localhost';
flush privileges;
use powerdns;

CREATE TABLE domains (
id INT AUTO_INCREMENT,
name VARCHAR(255) NOT NULL,
master VARCHAR(128) DEFAULT NULL,
last_check INT DEFAULT NULL,
type VARCHAR(6) NOT NULL,
notified_serial INT DEFAULT NULL,
account VARCHAR(40) DEFAULT NULL,
PRIMARY KEY (id)
) Engine=InnoDB;

CREATE UNIQUE INDEX name_index ON domains(name);

CREATE TABLE records (
id INT AUTO_INCREMENT,
domain_id INT DEFAULT NULL,
name VARCHAR(255) DEFAULT NULL,
type VARCHAR(10) DEFAULT NULL,
content VARCHAR(64000) DEFAULT NULL,
ttl INT DEFAULT NULL,
prio INT DEFAULT NULL,
change_date INT DEFAULT NULL,
disabled TINYINT(1) DEFAULT 0,
ordername VARCHAR(255) BINARY DEFAULT NULL,
auth TINYINT(1) DEFAULT 1,
PRIMARY KEY (id)
) Engine=InnoDB;

CREATE INDEX nametype_index ON records(name,type);
CREATE INDEX domain_id ON records(domain_id);
CREATE INDEX recordorder ON records (domain_id, ordername);

CREATE TABLE supermasters (
ip VARCHAR(64) NOT NULL,
nameserver VARCHAR(255) NOT NULL,
account VARCHAR(40) NOT NULL,
PRIMARY KEY (ip, nameserver)
) Engine=InnoDB;

CREATE TABLE comments (
id INT AUTO_INCREMENT,
domain_id INT NOT NULL,
name VARCHAR(255) NOT NULL,
type VARCHAR(10) NOT NULL,
modified_at INT NOT NULL,
account VARCHAR(40) NOT NULL,
comment VARCHAR(64000) NOT NULL,
PRIMARY KEY (id)
) Engine=InnoDB;

CREATE INDEX comments_domain_id_idx ON comments (domain_id);
CREATE INDEX comments_name_type_idx ON comments (name, type);
CREATE INDEX comments_order_idx ON comments (domain_id, modified_at);

CREATE TABLE domainmetadata (
id INT AUTO_INCREMENT,
domain_id INT NOT NULL,
kind VARCHAR(32),
content TEXT,
PRIMARY KEY (id)
) Engine=InnoDB;

CREATE INDEX domainmetadata_idx ON domainmetadata (domain_id, kind);

CREATE TABLE cryptokeys (
id INT AUTO_INCREMENT,
domain_id INT NOT NULL,
flags INT NOT NULL,
active BOOL,
content TEXT,
PRIMARY KEY(id)
) Engine=InnoDB;

CREATE INDEX domainidindex ON cryptokeys(domain_id);

CREATE TABLE tsigkeys (
id INT AUTO_INCREMENT,
name VARCHAR(255),
algorithm VARCHAR(50),
secret VARCHAR(255),
PRIMARY KEY (id)
) Engine=InnoDB;

CREATE UNIQUE INDEX namealgoindex ON tsigkeys(name, algorithm);

Step 5. Configure PowerDNS.

Open the /etc/pdns/pdns.conf file and add the following lines:
allow-axfr-ips=
allow-recursion=
launch=gmysql
gmysql-host=127.0.0.1
gmysql-user=
gmysql-password=
gmysql-dbname=powerdns
local-address=
local-port=53
master=yes
recursor=127.0.0.1:5353
setgid=pdns
setuid=pdns
webserver=yes
webserver-address=
webserver-password=
webserver-port=8081

Finally, restart the Power DNS service:

systemctl restart pdns.service
systemctl enable pdns.service

Step 6. Configure Recursor.

Open the /etc/pdns-recursor/recursor.conf file and add the following lines:

setuid=pdns-recursor
setgid=pdns-recursor
allow-from=127.0.0.0/8
local-address=127.0.0.1
local-port=5353

Start the Recursor service:

systemctl restart pdns-recursor

Test Recursor:

host ping.wpcademy.com 127.0.0.1

Using domain server:
Name: 127.0.0.1
Address: 127.0.0.1#53
Aliases:

ping.wpcademy.com has address 194.109.46.8
ping.wpcademy.com has IPv6 address 2001:888:0:25:169:109:21:66

Congratulation’s! You have successfully installed PowerDNS. Thanks for using this tutorial for installing PowerDNS on CentOS 7 system. For additional help or useful information, we recommend you to check the official PowerDNS web site.