Each time Fedora would release a new version I would install a fresh install of the latest version. The difficulty was always trying to remember how I setup the previous system so that everything would work. In this case the primary function of the Fedor server was for web site hosting. These are the typical steps I used to create my Linux server based on research from others that have posted their process as well as my own experience in the process.
One additional aspect of this process was to support Joomla installations. You will note specific configuration settings that relate to the operation of Joomla in Linux at the end.
How to setup a Fedora web server
- Get Fedora
You can download the Fedora linux distribution from the Fedora Project web site. There are several version yoiu can choose from. At the time of this test I had issues with the lastest version and so I reverted back to Fedora 16. The main issue I had was with the newer version of Gnome not working the VMware virtual machine that I was using for my installation.
- Create a virtual machine
If you are performing this install on a physical server or desktop, you can skip this step. For my iinstallation I created a virtual machine in our VMware environment. I used the following minimum requirements.
2048 MB RAM
32 GB Hard Disk
- Install Fedora
At this point it doesn't matter whether or not you are using a physical or virtual machine, just boot the machine and begin the installation with the following options selected to be installed.
Web Server option
GNome Desktop
Red Hat Server tools
MySQL
Once the installation is completed the system will likely reboot to complete the installation
- Install Updates
Run the software update to get the latest security patches.
- Configure the Firewall
Using the Gnome Firewall GUI, enable the following options:
DNS
FTP
SMTP
Samba
SSH
Secure WWW (HTTPS)
WWW (HTTP)
Run the Add/Remove Software, search for SELinux, select the SELinux GUI and install.
- Gnome Service Configuration
Run the Gnome Service Configuration GUI and check for the following services:
HTTPD
Samba
If these are missing you will need to add them to the services configuration so that they will run each time the server reboots.
a. Open a terminal session
b. Run the SU command to become a super user (root)
c. Run the command: systemctl enable smb.service nmb.service
d. Run the command: systemctl enable httpd.service
- Samba Configuration
Setup Samba for general file access. I do this so that I have remote access to the files on the server over my LAN. Even though this server sits behind a firewall I still try to maintain as much security as can be tollerated.
- Go to Applications, Other and run FIREWALL
- Go to TRUSTED SERVICES and check SAMBA and SAMBA CLIENT that are located in the list of services
- Click APPLY
- Go to ICMP FILTER and check ECHO REPLY (PONG) and ECHO REQUEST (PING)
- Click APPLY
- Go to Applications, System tools and run Add/Remove Software
- Search for SElinux
- Install SELINUX CONFIGURATION GUI
- Go to Applications, Other and run SELINUX MANAGEMENT
- Go to Boolean
- Check "Allow samba share any file/directory read only"
- Check "Allow samba share any file/directory read/write"
- From the Supper User (SU) prompt run the command
setsebool -P samba_export_all_rw 1
- Follow the Samba Configuration Guidelines. Replace the {User} token with a valid user name.
Directory Share Name Permisions Visibility Access /var/www www Read/Write Visible {User} /var/httpd httpd Read/Write Visible {User} / root Read/Write Visible {User} - Server SettingsReplace the token values with your own valid settings
- Workgroup: {Your Workgroup}
- Description: {Server Name} - Samba Server Version %v
- Authentication Mode: User
- Authentication Server: *Kerberos
- Realm: {blank}
- Encrypt Passwords: Yes
- Guest Account: No guest account
- Go to Applications, Other and run FIREWALL
- Configure Apache
- Open the httpd.conf file so you can modify it.
/etc/httpd/conf/httpd.conf
- Change the "AllowOverride None" to "AllowOverride All" if you are installing Joomla or WordPress to allow for permalinks
- Create virtual hosts
- Setup logs for each virtual host
- Add an alias for phpMyAdmin so that is can be found in the directory:
/usr/share/phpMyAdmin
- Test the configuration by running apachectl -k start
Note: if the HTTPD configuration GUI utility is
used, then it will create it's own configuration
file in the /etc/httpd/conf.d directory and it
will prevent the manual file from being used. - Reboot the service to verify that it starts using the command:
service httpd reload
- The paramater "php_admin_value upload_tmp_dir /xx/xx/xx/images" may need to be modified or added to the configuration file.
- Open the httpd.conf file so you can modify it.
- Setup MySQL on Fedora Linux
Follow the steps below to configur MySQL. For additional instructions for setting up MySQL check out the MySQL Forum on the Fedora Forum web site.
- Open a command line
- Change to the root user using the "su" command
- Run the command "service mysqld start"
- Run the command "mysql_secure_installation"
- Press Enter for the default password
- Select Y to set a new password
- Enter a new root password for the database "id=C0nf1d3nt"
- Remove the anonymous users? Yes
- Disallow root login from remote logins? Yes
- Remove the test database? Yes
- Reload the privilege tables now? Yes
- Once MySQL is ready, run "systemctl enable mysqld.service" to make the service start at boot.
- Reboot the system to verify that it starts.
- Setup phpMyAdmin
* http://www.howtoforge.com/installing-apache2-with-php5-and-mysql-support-on-fedora-15-lamp-p2
- create a blank file named "info.php"
- Paste the php code:
<?php
phpinfo();
?>
- Open the page from a browser and verify php is working
- Open the Add/Remove Software GUI and search for phpMyAdmin and install it.
- Open a web browser on the local system with the URL http://localhost/phpmyadmin/
- If the connection fails locate the phpMyAdmin configuration file in the etc/httpd/conf.d directory
- Replace the local host loopback address 127.0.0.1 in the allowed ip address to the assigned IP of the system
- Restart httpd service: httpd -k restart
- Try connecing again.
- Setup Webmin for remote management
- Download the webmin software and install
- Open a browser and connect to http://localhost:10000
Setup vsftp
- Open the Add/Remove Software GUI and search for vsftp and install it.
- Open the etc/vsftpd/vsftpd.conf
- Modify the following configuration settings:
# line 12: no anonymous
anonymous_enable=NO
# line 82,83: uncomment ( allow ascii mode )
ascii_upload_enable=YES
ascii_download_enable="YES"
# line 97, 98: uncomment ( enable chroot )
chroot_local_user=YES
chroot_list_enable="YES"
# line 100: uncomment ( specify chroot list )
chroot_list_file="/etc/vsftpd/chroot_list"
# line 106: uncomment
ls_recurse_enable="YES"
# add at the last line
# specify root directory ( if don't specify, users' home directory become FTP home directory)
local_root=public_html
# use localtime
use_localtime=YES
- Open the file etc/shells
- Add the following configuration settings to the end of the list and save it:
/bin/bash
- Test the ftp connection
Install Joomla for web domain
- Download and extract the full Joomla software package to the /var/www/html/{domain folder}
- Create a blank configuration.php file in the domain folder
- Connect to the domain with a web browser and begin the setup
- Copy the completed configuration information and paste it into the configuration.php file
- Remove or rename the installation folder
- Configure Linux for Joomla
NOTE: The following information was tested and allowed most of the functionality of Joomla
but issues still resulted. The easiest option is to disable the SELinux security application.
- Install SELinux Administration GUI and open it.
- Enable the following Boolen options:
apache Allow http daemon to send mail
apache Allow httpd to execute cgi scripts
apache Unify HTTPD handling of all content files
apache Unify HTTPD to communicate with the terminal.
apache Allow HTTPD scripts and modules to connect to the network using any TCP port
apache Allow httpd to use built in scripting (usually php)
domain Allow all domains to use other domains file descriptors
global Allow logging in and using the system from /dev/console
global Allow unconfined executable to map a memory region as both executable and writable
global Allow unconfined executable to make their stack executable
global Allow all unconfined executables to use libraries requiring text relocation
global Allow any files/direcctores to be exported read/write via NFS
global Allow any files/direcctores to be exported read/only via NFS
init Allow all daemons to write corefiles to /
init Enable support for upstart as the init program
init Enable support for systemd as the init program
kerberos Allow confined applications to run with kerberos
mount Allow the mount command to mount any directory or file
nscd Allow confined applications to use nscd shared memory
nsplugin Allow nsplugin code to execmem/execstack
nsplugin Allow nsplugin code to connect to unreserved ports
openvpn Allow openvpn to read home directories
postfix Allow postfix_local domain full write access to mail_spool directories
postgresql Allow database admins to execute DML statement
postgresql Allow unprivileged users to execute DDL statement
privoxy Allow privoxy to connect to all ports, not just HTTP, FTP, and Gopher
qemu Allow qemu to use nfs file system
qemu Allow qemu to use usb devices
qemu Allow qemu to connect fully to the network
qemu Allow qemu to use cifs/Samba file system
rpc Allow gssd to read temp directory. For access to kerberos tgt
samba Allow samba to share any file/directory read only
samba Allow samba to share any file/directory read/write
squid Allow squid to connect to all ports, not jut HTTP, FTP, and Gopher
ssh allow sshd to forward port connections
telepathy Allow the Telepathy connection managers to connect to any generic TCP port
unconfined Allow a user to login as an unconfined domain
unconfined allow unconfined users to transition to the chrome sandbox domains when running chrome
unknown allow_staff_exec_content
unknown allow_sysadm_exec_content
unknown allow_user_exec_content
userdomain Allow user to r/w files on filesystems that do not have extended attributes
virt Allow confined virtual guests to use usb devices
xen Allow xend to run qemu-dm. Not required if using paravirt and no vfb
xen Allow xend to run blktapctrl/tapdisk. Not required if using dedicated logical volumes
xguest Allow xguest users to configure Network Manager and connect to apache ports
xguest Allow xguest users to use blue tooth devices
xguest Allow xguest users to mount removable media
xserver Allow regular users direct dri device access
Change Directory Permissions
chown -R {owner}:apache {site's root directory}
chmod -R 755 {site's root directory}
chmod -R 777 {site's root directory}\tmp
chmod -R 777 {site's root directory}\images
chmod -R 777 {site's root directory}\logs
chmod -R 777 {site's root directory}\modules (only if you want remote changes allowed)
SEO for Joomla
a. Joomla SEO configuration
- Locate the htaccess.txt file in the root of your Joomla installation
- Rename the file to .htaccess
- Log on to: http://www.yoursite.com/administrator/
- Open the Global Configuration
- Select the Site tab and locat the SEO Settings group
- Set all of the settings to YES and then clic the Save option
b. Add Google Analytics (http://forum.joomla.org/viewtopic.php?t=404104)
- Log on to: http://www.yoursite.com/administrator/
- In the top menu select: "Extensions" > "Template Manager"
- Now select the template which is marked as default and click "Edit"
- In the template edit page click "Edit HTML"
Adding the code within the template
If you have followed the steps above you should now be looking at your template's HTML.
- Scroll right down to the bottom of all this code
- On the second to bottom line you should see the tag </body>
- You need to paste your Google Analytics tracking code just before this tag
- Now press "save" and Google Analytics is installed on your website!
We hope that this information is helpful. Please let us know how this has helped you or if you have additional questions. As always Firestone Technical Resources, Inc. is here to help with your computer support issues - "Providing personal service for your impersonal technology."