Centos 8 LAMP (Linux, Apache 2.4, MySQL 8.0, PHP 7.2) server setup
This is a tutorial on how to setup a basic LAMP server with Centos 8 (released on September 25, 2019) for SCHLIX CMS. SCHLIX CMS v2.2.x series, released in August 2019, works out of the box with only minimal changes to the default configuration in Centos 8. This document is a general guide on CentOS 8 setup and covers basic web server & database setup with emphasis on securing the default MySQL installation and proper configuration of /var/www/html directory without having to disable SELinux with setenforce 0. The following topics are not covered in this document:
- Additional security configuration (e.g. fail2ban, changing SSH port number, etc)
- Further MySQL optimization
- Up-to-date SSL cipher list (only up to September 2019)
1. Overview
Centos 8 shipped with PHP 7.2 with PHP-FPM enabled by default. It also ships with the option to install either MySQL 8.0.x or MariaDB 10.3.x. Please note that the default configuration of MySQL 8.0 shipped in CentOS 8.0 uses a different authentication plugin from its upstream release. See /etc/my.cnf.d/mysql-default-authentication-plugin.cnf. By default, MySQL 8.0 uses caching_sha2_password. However, in Centos 8.0, it's set to use the old mysql_native_password instead for broader compatibilities with other connectors and applications. Other changes: the new Cockpit web interface (default - port 9090) and dnf (yum still works).
2. Initial CentOS 8 setup from scratch
For this tutorial, we selected [Server] for the Base Environment option and selected the following add-ons:
- Remote Management
- Basic Web Server
- Security Tools (semanage, etc)
- System Tools
3. Installation of the required software (MySQL 8.0, PHP 7.2, and Apache 2.4)
Since we already chose the Server setup, Apache is already installed. If you chose the [Minimal Install] option, simply type dnf install httpd.
This command will install MySQL 8.0 server and the following PHP packages:
- PHP-FPM
- XML
- JSON
- Multibyte string
- Opcache
- GD
- Command Line Interface
4. Configuring the Services
First, open the firewall ports (80, 443) for Apache:
Enable the services:
Then start the services:
5. MySQL 8.0 Configuration
When you start MySQL 8.0 for the first time, it will be set up with a blank password, as shown in the following log file in /var/log/mysql/mysqld.log:
To secure the installation type mysql_secure_installation
Choose yes for all of the questions below and set it to strong password.
Let's setup the MySQL user for SCHLIX CMS with access only to that database.
1. Create the database (e.g. schlixdb) with utf8mb4_unicode_ci collation.
2. Create the user. In this example, the user is schlixuser.
3. Grant privileges to that particular user for that particular database.
4. And finally
Then just type "quit".
6. PHP Configuration
PHP should work out of the box in CentOS 8. To check if PHP is working, create a file test.php in /var/www/html/ containing the following:
Then try accessing the file from your web browser:
7. Apache 2.4 Configuration
In this example, we'll use the following domain name: test-centos8.schlix.com. The default root directory has been moved from /var/www/html to /var/www/html/test-centos8/public_html. You can change the ServerName (and Alias if necessary) to suit your needs.
Create a new file called mywebsite.conf in /etc/httpd/conf.d:
Please ensure that you've manually created the directories If you customized the DocumentRoot, ErrorLog, and CustomLog config key as in the above example:
- /var/www/html/test-centos8/public_html
- /var/log/httpd/test-centos8
Then restart Apache.
8. SELinux configuration
Before you start the CMS installation, you'll need to configure SELinux. By default, SELinux disables write to the particular directory even if PHP and Apache user (user: apache) has write access to the file. SCHLIX CMS is self-updating and although it can be configured with a manual upgrade, it can be cumbersome especially if this is just a development or test machine.
It's highly recommended to keep SELinux on as it also governs other components in the operating system, not just the web server. It's highly recommended NOT use setenforce 0 as it will compromise the security of the whole machine.
Type the following commands to enable write access to /var/www/html/test-centos8/public_html (or custom web root directory of your choice):
That's it.
9. SCHLIX CMS installation
Once you've completed the steps above, you can install SCHLIX CMS.
1. Change the directory to the web root
2. Download it with wget and output the file to /tmp/schlix-cms-latest.zip
3. Unzip the file. This will extract the ZIP file to /var/www/html/test-centos8/public_html/schlix.
4. Since we're installing it in the example domain test-centos8.schlix.com and not a sub-directory, we can move all the files from extracted ZIP file inside schlix directory. If you want to install it inside a directory, simply rename schlix to something else (e.g. site).
5. Change the file owner to apache user.
6. Begin the installation by browsing the domain name from your web browser and you will be prompted to install SCHLIX CMS.
7. Done. However, it will say "Not Secure" since SSL/https has not been set up yet.
10. SSL installation
In this example, we copied the purchased SSL certificate to /etc/ssl/mycert. You'll need all 3 files - the public certificate, the private key, and the CA Bundle.
Add the following lines to the /etc/httpd/conf.d/mywebsite.conf that was previosly created (step 7).
Then restart Apache again one more time.
Edit config.inc.php from the "main" web subsite directory (full path: /var/www/html/test-centos8/public_html/web/main)
Change the 4 lines below from:
to:
Screenshots:
You will also need to edit the .htaccess file and change the domain to your domain. Simply uncomment the #.
Screenshots:
That's it, your website is ready to use:
Centos 8 LAMP (Linux, Apache 2.4, MySQL 8.0, PHP 7.2)