LinuxGateway

How to install Nginx Webserver with ssl

Unknown

Link Author

Title: How to install Nginx Webserver with ssl
Author: Unknown
Rating 5 of 5 Des:

Introduction Nginx pronounced engine-x is a free, open-source, high-performance HTTP server and reverse proxy, as well as an IMAP...

<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="td_block_wrap td_text_with_title">
<h3 class="block-title" style="text-align: left;">
Introduction</h3>
<h4 class="block-title">
 </h4>
<div class="td_mod_wrap">
Nginx
 pronounced engine-x is a free, open-source, high-performance HTTP 
server and reverse proxy, as well as an IMAP/POP3 proxy server. Igor 
Sysoev started development of Nginx in 2002, with the first public 
release in 2004. Nginx now hosts nearly<a href="http://news.netcraft.com/archives/2012/01/03/january-2012-web-server-survey.html">.</a>12.18%
 (22.2M)of active sites across all domains. Nginx is known for its high 
performance, stability, rich feature set, simple configuration, and low 
resource consumption.Nginx is one of a handful of servers written to 
address the C10K problem .Unlike traditional servers, Nginx doesn’t rely
 on threads to handle requests. Instead it uses a much more scalable 
event-driven (asynchronous) architecture. This architecture uses small, 
but more importantly, predictable amounts of memory under load.
Even if you don’t expect to handle 
thousands of simultaneous requests, you can still benefit from Nginx’s 
high-performance and small memory footprint. Nginx scales in all 
directions: from the smallest VPS all the way up to clusters of servers.

Nginx powers several high-visibility 
sites, such asNetflix, Hulu, Pinterest, CloudFlare, Airbnb, 
WordPress.com, GitHub, SoundCloud, Zynga, Eventbrite, Zappos, Media 
Temple, Heroku, RightScale, Engine Yard and MaxCDN .</div>
</div>
<div class="td_block_wrap td_text_with_title">
<h4 class="block-title">
 </h4>
<h4 class="block-title">
LEMP stack</h4>
<h4 class="block-title">
 </h4>
<div class="td_mod_wrap">
LEMP
 stack is nothing but a group of open source softwares combined together
 to make a webserver.  LEMP refers to the first letters of Linux , Nginx
 ( Engine x ) , Mysql and PHP .
About Nginx, It is a lightweight 
webserver which is more stable and secure, it serves static content 50 
times faster than Apache.</div>
</div>
<div class="td_block_wrap td_text_with_title">
<h4 class="block-title">
Prerequisities:</h4>
<h4 class="block-title">
 </h4>
<div class="td_mod_wrap">
Requirements:</div>
<div class="td_mod_wrap">
 
1. OS as any Linux flavour, Here we are using Centos 6.x.

2. Required RAM. 
 
<h4 class="block-title">
Install LEMP on centos 6.6</h4>
Let’s start the installation . 
Nginx installation</div>
<div class="td_mod_wrap">
 </div>
<div class="td_mod_wrap">
 
Step 1 » Install Nginx repository package . you could find the latest package here. 
 
Please follow all the steps as per given for installation of nginx. 
First of all ,we will download and install nginx repo .

<code class="western">#</code><code class="western"> rpm -ivh <a href="http://nginx.org/packages/centos/6/noarch/RPMS/nginx-release-centos-6-0.el6.ngx.noarch.rpm">http://nginx.org/packages/centos/6/noarch/RPMS/nginx-release-centos-6-0.el6.ngx.noarch.rpm</a></code> 
 
 
<code class="western"><img alt="ng2d" class="alignnone size-medium wp-image-1247" height="97" src="http://linuxgateway.in/wp-content/uploads/2015/05/ng2d-300x97.png" width="300" />  </code> 
 
 
You can also first download the packages, and then intsall using rpm command.

Create a file /etc/yum.repos.d/nginx.repo and add the following lines to the file.

For this you should know that all the 
packages ,which we install are either placed in repos or install with 
the help of related repositories in linux.

You can look at path , /etc/yum.repos.d.

I m giving you snapshot and view of all repos in linux. 
 
 Just look at all the repos and then nginx.repo, which we have just installed above , which comes here at this path.

Note: For future , there will be one lecture , video and detailed description for regarding yum , its repos and related to co.  
 
 <img alt="ng3" class="alignnone size-medium wp-image-1248" height="68" src="http://linuxgateway.in/wp-content/uploads/2015/05/ng3-300x68.png" width="300" />  
 
# vi nginx.repo   
 
 <img alt="ng4" class="alignnone size-medium wp-image-1249" height="80" src="http://linuxgateway.in/wp-content/uploads/2015/05/ng4-300x80.png" width="300" />  
 
 
# nginx.repo

[nginx]

name=nginx repo 
baseurl=http://nginx.org/packages/centos/6/$basearch/ 
gpgcheck=0 
enabled=1 
 
<div class="td_block_wrap td_text_with_title">
<h4 class="block-title">
Step 2: Update the repository and install nginx.</h4>
<div class="td_mod_wrap">
<code class="western">[root@nginxserver ~]#yum check-update 
[root@nginxserver ~]#yum install nginx -y</code></div>
<div class="td_mod_wrap">
<code class="western"> </code></div>
</div>
<div class="td_block_wrap td_text_with_title">
<h4 class="block-title">
Step 3 » After the installation . Let’s start the service .</h4>
<div class="td_mod_wrap">
<code class="western">[root@nginxserver ~]#service nginx start</code>
Issue the below command to start service automatically while reboot. 
 <code class="western">[root@nginxserver ~]#chkconfig nginx on</code></div>
</div>
<div class="td_block_wrap td_text_with_title">
<h4 class="block-title">
 </h4>
<h4 class="block-title">
Step 4: These are the default directories and files</h4>
<div class="td_mod_wrap">
Default document root directory: /usr/share/nginx/html 
 Default configuration file: /etc/nginx/nginx.conf 
 Default Virtual host config directory: /etc/nginx/conf.d/ 
 Default Virtual host config file: /etc/nginx/conf.d/default.conf</div>
</div>
<h4 class="block-title">
 </h4>
<h4 class="block-title">
Step 5» Now the nginx service has started</h4>
Check the listening 80 port using netstat command
[root@nginxserver ~]# netstat -ntlp | grep 80

tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 1087/nginx 
 
<img alt="ng5" class="alignnone wp-image-1250" height="47" src="http://linuxgateway.in/wp-content/uploads/2015/05/ng5-300x35.png" width="402" /> 
 
<div class="td_block_wrap td_text_with_title">
<h4 class="block-title">
 </h4>
<h4 class="block-title">
Step 6: If you are using firewall, then you have allow 80 port by iptables rule.</h4>
<h4 class="block-title">
 </h4>
<div class="td_mod_wrap">
Now open /etc/sysconfig/iptables file and add the following line. 
<code class="western">-A INPUT -p tcp --dport 80 -j ACCEPT </code>
Which should be before reject line looks below 
<code class="western">-A INPUT -i lo -j ACCEPT 
</code>-A INPUT –p tcp –dport 80 -j ACCEPT<code class="western"> 
-A INPUT tcp -p tcp --dport 22 -j ACCEPT</code>

and restart iptables service 
[root@nginxserver ~]# <code class="western">service iptables restart</code></div>
</div>
<h4 class="block-title">
 </h4>
<h4 class="block-title">
Step 7» Now open your browser and goto http://serverip ( http://192.168.0.175). you could see the default nginx page like below.</h4>
<h4 class="block-title">
 </h4>
<h4 class="block-title">
<img alt="ng6" class="alignnone wp-image-1251" height="140" src="http://linuxgateway.in/wp-content/uploads/2015/05/ng6-300x100.png" width="420" />  </h4>
<h4 class="block-title">
 </h4>
<div class="td_block_wrap td_text_with_title">
<h4 class="block-title">
 </h4>
<h4 class="block-title">
Mysql installation</h4>
<div class="td_mod_wrap">
 </div>
<div class="td_mod_wrap">
Step 8 » Install mysql server and client using the below command. 
[root@nginxserver ~]# <code class="western">yum install mysql mysql-server -</code><code class="western">y</code>
 
 
Step 9 » Start mysql service and enable automatic start during bootup. 
[root@nginxserver ~]# service mysqld start 
[root@nginxserver~]#chkconfig mysqld on

Step 10 » Use
 below command to secure mysql installation and for creating root 
password. This will prompt to enter current password, just press enter 
and create a new password and proceed the installation by giving yes to 
all. 
<code class="western"> </code> 
<h4 style="text-align: left;">
<code class="western">[root@nginxserver ~]# /usr/bin/mysql_secure_installation </code></h4>
<code class="western">NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MySQL SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY! </code>

<code class="western">In order to log into MySQL to secure it, we'll need the current </code>

<code class="western">password for the root user. If you've just installed MySQL, and </code>

<code class="western">you haven't set the root password yet, the password will be blank, </code>

<code class="western">so you should just press enter here. </code>

<code class="western">Enter current password for root (enter for none): </code>

<code class="western">OK, successfully used password, moving on... </code>

<code class="western">Setting the root password ensures that nobody can log into the MySQL </code>

<code class="western">root user without the proper authorisation. </code>

<code class="western">Set root password? [Y/n] y </code>

<code class="western">New password: </code>

<code class="western">Re-enter new password: </code>

<code class="western">Password updated successfully! </code>

<code class="western">Reloading privilege tables.. </code>

<code class="western"> </code><code class="western">... Success!</code> 
 
<code class="western">  </code></div>
</div>
<div class="td_block_wrap td_text_with_title">
<div class="block-title" style="text-align: left;">
Step 11 » Test your mysql connection using the created password.</div>
<div class="block-title" style="text-align: left;">
 </div>
<div class="td_mod_wrap">
[root@nginxserver ~]# mysql -u root -p
Enter password:

Welcome to the MySQL monitor. Commands end with ; or \g.

Your MySQL connection id is 10

Server version: 5.1.73 Source distribution

Oracle is a registered trademark of Oracle Corporation and/or its

affiliates. Other names may be trademarks of their respective

owners.

Type ‘help;’ or ‘\h’ for help. Type ‘\c’ to clear the current input statement.

mysql>

</div>
</div>
<h4 class="block-title">
PHP installation</h4>
PHP-FPM is an alternative PHP FastCGI implementation .</div>
<div class="td_mod_wrap">
 
 Step 12 » Install php-fpm and php-mysql.
 
 
Step 13 » Open /etc/php-fpm.d/www.conf which is config file for php-fpm and change user and group from apache to nginx.

; Unix user/group of processes

; Note: The user is mandatory. If the group is not set, the default user’s group

; will be used.

; RPM: apache Choosed to be able to access some dir as httpd

user = nginx

; RPM: Keep a group allowed to write in log dir.

group = nginx   
 
 <img alt="ng8" class="alignnone wp-image-1252" height="90" src="http://linuxgateway.in/wp-content/uploads/2015/05/ng8-300x67.png" width="403" />  
 
<div class="td_block_wrap td_text_with_title">
<h4 class="block-title">
 </h4>
<h4 class="block-title">
Step 14 » Start php-fpm service and enable auto start during startup.</h4>
<div class="td_mod_wrap">
[root@nginxserver ~]# service php-fpm start
Starting php-fpm: [ OK ]

[root@nginxserver ~]# chkconfig php-fpm on 
</div>
</div>
<div class="td_block_wrap td_text_with_title">
<h4 class="block-title">
 </h4>
<h4 class="block-title">
Step 15 » Create a virtual host /etc/nginx/conf.d/phptest.conf file and add the below code .</h4>
<div class="td_mod_wrap">
server { 
 listen 8080; # listen port 
 server_name  192.168.0.175; # Server name 
 location / { 
 root /usr/share/nginx/html; # Document root 
 index index.php index.html index.htm; 
 } 
 location ~ \.php$ { 
 root /usr/share/nginx/html; # Document root 
 fastcgi_pass 127.0.0.1:9000; 
 fastcgi_index index.php; 
 fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; 
 include fastcgi_params; 
 } 
 }</div>
<div class="td_mod_wrap">
 </div>
</div>
<div class="td_block_wrap td_text_with_title">
<h4 class="block-title">
Step 16 » Create info.php in the path /usr/share/nginx/html </h4>
<div class="td_mod_wrap">
Create info.php in the path /usr/share/nginx/html
 as mentioned in the Vhost config file and add the below lines .you can 
see that the document root in above file, it is the path where we will 
put above website files.
As

root /usr/share/nginx/html; # Document root

# cd /usr/share/nginx/html 
# vi php.info 
<?php 
phpinfo(); 
?> 
:wq!

Then save the file

# service nginx restart 
 
</div>
</div>
<h4 class="block-title">
Step 17 » Allow port 8080 in the iptables ( Step 4 ) and open your browser</h4>
Open
 your browser and goto http://serverip:8080/info.php ( 
http://192.168.0.175:8080/info.php ) . you could the get PHP info page 
like below.</div>
<div class="td_mod_wrap">
 </div>
<div class="td_mod_wrap">
 </div>
<div class="td_mod_wrap">
 </div>
<div class="td_mod_wrap">
<img alt="ng9" class="alignnone wp-image-1253" height="134" src="http://linuxgateway.in/wp-content/uploads/2015/05/ng9-300x100.png" width="402" />  </div>
<div class="td_mod_wrap">
 </div>
<div class="td_mod_wrap">
<div class="td_block_wrap td_text_with_title">
<h4 class="block-title">
 </h4>
<h4 class="block-title">
Step 18 » Now we can check database connectivity from PHP </h4>
<h4 class="block-title">
 </h4>
<div class="td_mod_wrap">
Now we can check database connectivity from PHP . create another file dbtest.php in the same location and add the below code to the file and replace your mysql password in the code.
<?php 
$con = mysql_connect(“localhost”,”root”,”redhat”); 
if (!$con) 
{ 
die(‘Could not connect: ‘ . mysql_error()); 
} 
else 
{ 
echo “Congrats! connection established successfully”; 
} 
mysql_close($con); 
?></div>
</div>
<h4 class="block-title">
  </h4>
<h4 class="block-title">
Step 19» Now access http://serverip:8080/dbtest.php</h4>
Now access http://serverip:8080/dbtest.php .if everything is perfect you could get “Congrats!” message as stated in the code.  </div>
<div class="td_mod_wrap">
 </div>
<div class="td_mod_wrap">
 </div>
<div class="td_mod_wrap">
<img alt="ng10" class="alignnone wp-image-1254" height="90" src="http://linuxgateway.in/wp-content/uploads/2015/05/ng10-300x66.png" width="409" />  </div>
<div class="td_mod_wrap">
 </div>
<div class="td_mod_wrap">
 
Default root path is:/use/share/nginx/html

main file and first file is index.html. 
You can also put your file for testing and replace any .html with 
oroginal index.html, also save the another file with same index.html. 
You can put with webmin tool, if you are using windows.

Lets have a look .   
 
 
 <img alt="ng11" class="alignnone wp-image-1255" height="153" src="http://linuxgateway.in/wp-content/uploads/2015/05/ng11-300x112.png" width="409" />  
 
 
Now its time to create Self Singned 
cerficate or make our nginx sever more secure.For your understanding , 
we will open our website with <a href="https://192.168.0.175/">https://192.168.0.175</a>  
 
A SSL certificate is a way to encrypt a 
site’s information and create a more secure connection. Additionally, 
the certificate can show the virtual private server’s identification 
information to site visitors. Certificate Authorities can issue SSL 
certificates that verify the server’s details while a self-signed 
certificate has no 3rd party corroboration.

<h2 class="western">
 you can quickly install it with 2 steps.</h2>
<h2 class="western">
 </h2>
<h4 style="text-align: left;">

Step 1: Install the EPEL repository:</h4>
<h2 class="western">
 
#rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel- 
release-6-8.noarch.rpm’</h2>
Install nginx  
 
 
<h4 class="block-title" style="text-align: left;">
Step 2:—Create a Directory for the Certificate</h4>
The
 SSL certificate has 2 parts main parts: the certificate itself and the 
public key. To make all of the relevant files easy to access, we should 
create a directory to store them in: </div>
<div class="td_mod_wrap">
 </div>
<div class="td_mod_wrap">
  <h4 class="block-title" style="text-align: left;">
Step 3:—Create the Server Key and Certificate Signing Request</h4>
Start
 by creating the private server key. During this process, you will be 
asked to enter a specific passphrase. Be sure to note this phrase 
carefully, if you forget it or lose it, you will not be able to access 
the certificate.</div>
<div class="td_mod_wrap">
 </div>
<div class="td_mod_wrap">
 </div>
<div class="td_mod_wrap">
# open ssl genrsa -des3 -out server.key 1024 [root@nginxserver ssl]# openssl genrsa -des3 -out server.key 1024</div>
<div class="td_mod_wrap">
 </div>
<div class="td_mod_wrap">
 </div>
<div class="td_mod_wrap">
<div class="crayon-pre" style="-moz-tab-size: 4; -o-tab-size: 4; -webkit-tab-size: 4; font-size: 15px !important; line-height: 15px !important; tab-size: 4;">
<div class="crayon-line" id="crayon-55c4ac264a558831793360-1">
<span style="font-size: 12pt;">Generating RSA</div>
<div class="crayon-line crayon-striped-line" id="crayon-55c4ac264a558831793360-2">
private key, 1024 bit long modulus</span>  </div>
<div class="crayon-line crayon-striped-line" id="crayon-55c4ac264a558831793360-2">
 </div>
<div class="crayon-line crayon-striped-line" id="crayon-55c4ac264a558831793360-2">
 </div>
</div>
</div>
<div class="td_mod_wrap">
 <div class="crayon-pre" style="-moz-tab-size: 4; -o-tab-size: 4; -webkit-tab-size: 4; font-size: 15px !important; line-height: 15px !important; tab-size: 4;">
<div class="crayon-line" id="crayon-55c4ac264a55f443741569-1">
.........................................................++++++</div>
<div class="crayon-line" id="crayon-55c4ac264a55f443741569-1">
 </div>
<div class="crayon-line" id="crayon-55c4ac264a55f443741569-1">
 </div>
</div>
 <div class="crayon-pre" style="-moz-tab-size: 4; -o-tab-size: 4; -webkit-tab-size: 4; font-size: 15px !important; line-height: 15px !important; tab-size: 4;">
<div class="crayon-line" id="crayon-55c4ac264a566053493885-1">
.............................++++++  </div>
<div class="crayon-line" id="crayon-55c4ac264a566053493885-1">
 </div>
<div class="crayon-line" id="crayon-55c4ac264a566053493885-1">
 <div class="crayon-pre" style="-moz-tab-size: 4; -o-tab-size: 4; -webkit-tab-size: 4; font-size: 15px !important; line-height: 15px !important; tab-size: 4;">
<div class="crayon-line" id="crayon-55c4ac264a56d896379240-1">
e is 65537<div class="crayon-pre" style="-moz-tab-size: 4; -o-tab-size: 4; -webkit-tab-size: 4; font-size: 15px !important; line-height: 15px !important; tab-size: 4;">
<div class="crayon-line" id="crayon-55c4ac264a573240763120-1">
Enter pass phrase</div>
<div class="crayon-line crayon-striped-line" id="crayon-55c4ac264a573240763120-2">
for server.key:</div>
</div>
</div>
<div class="crayon-line crayon-striped-line" id="crayon-55c4ac264a56d896379240-2">
(0x10001)    </div>
<div class="crayon-line crayon-striped-line" id="crayon-55c4ac264a56d896379240-2">
 </div>
<div class="crayon-line crayon-striped-line" id="crayon-55c4ac264a56d896379240-2">
 <div class="crayon-line" id="crayon-55c4ac264a579990335583-1">
Verifying - Enter</div>
<div class="crayon-line crayon-striped-line" id="crayon-55c4ac264a579990335583-2">
pass phrase for server.key </div>
<div class="crayon-line crayon-striped-line" id="crayon-55c4ac264a579990335583-2">
 </div>
<div class="crayon-line crayon-striped-line" id="crayon-55c4ac264a579990335583-2">
 # openssl genrsa -des3 -out server.key 1024</div>
<div class="crayon-line crayon-striped-line" id="crayon-55c4ac264a579990335583-2">
 </div>
<div class="crayon-line crayon-striped-line" id="crayon-55c4ac264a579990335583-2">
Have a look at the criteria of generating key. </div>
<div class="crayon-line crayon-striped-line" id="crayon-55c4ac264a579990335583-2">
 </div>
<div class="crayon-line crayon-striped-line" id="crayon-55c4ac264a579990335583-2">
Genrsra is - practical public-key cryptosystems and is widely <div class="crayon-line crayon-striped-line" id="crayon-55c4ac264a58d922450980-2">
used for secure data transmission.A file with name server. </div>
<div class="crayon-line crayon-striped-line" id="crayon-55c4ac264a58d922450980-2">
 </div>
<div class="crayon-line crayon-striped-line" id="crayon-55c4ac264a58d922450980-2">
  </div>
<div class="crayon-line crayon-striped-line" id="crayon-55c4ac264a58d922450980-2">
# openssl req -new -key server.key -out server.csr  </div>
<div class="crayon-line crayon-striped-line" id="crayon-55c4ac264a58d922450980-2">
 </div>
<div class="crayon-line crayon-striped-line" id="crayon-55c4ac264a58d922450980-2">
 <div class="crayon-pre" style="-moz-tab-size: 4; -o-tab-size: 4; -webkit-tab-size: 4; font-size: 15px !important; line-height: 15px !important; tab-size: 4;">
<div class="crayon-line" id="crayon-55c4ac264a59b884990095-1">
Here all the fields or csr details will be written to file named server.csr.</div>
<div class="crayon-line crayon-striped-line" id="crayon-55c4ac264a59b884990095-2">
 </div>
<div class="crayon-line crayon-striped-line" id="crayon-55c4ac264a59b884990095-4">
When you put this command, it will ask for a key, put thesame paraphase which you had put in server.key.  </div>
<div class="crayon-line crayon-striped-line" id="crayon-55c4ac264a59b884990095-4">
 </div>
<div class="crayon-line crayon-striped-line" id="crayon-55c4ac264a59b884990095-4">
 </div>
<div class="crayon-line crayon-striped-line" id="crayon-55c4ac264a59b884990095-4">
# openssl genrsa -des3 -out server.key 1024  </div>
<div class="crayon-line crayon-striped-line" id="crayon-55c4ac264a59b884990095-4">
 Generating RSAprivate key, 1024 bit long modulus</div>
<div class="crayon-line crayon-striped-line" id="crayon-55c4ac264a59b884990095-4">
 </div>
<div class="crayon-line crayon-striped-line" id="crayon-55c4ac264a59b884990095-4">
 .......................................................  </div>
<div class="crayon-line crayon-striped-line" id="crayon-55c4ac264a59b884990095-4">
 </div>
<div class="crayon-line crayon-striped-line" id="crayon-55c4ac264a59b884990095-4">
 .............................++++++  </div>
<div class="crayon-line crayon-striped-line" id="crayon-55c4ac264a59b884990095-4">
 </div>
<div class="crayon-line crayon-striped-line" id="crayon-55c4ac264a59b884990095-4">
 Enter pass phrasefor server.key</div>
<div class="crayon-line crayon-striped-line" id="crayon-55c4ac264a59b884990095-4">
 </div>
<div class="crayon-line crayon-striped-line" id="crayon-55c4ac264a59b884990095-4">
 </div>
<div class="crayon-line crayon-striped-line" id="crayon-55c4ac264a59b884990095-4">
  Verifying - Enterpass phrase for server.key </div>
<div class="crayon-line crayon-striped-line" id="crayon-55c4ac264a59b884990095-4">
 </div>
<div class="crayon-line crayon-striped-line" id="crayon-55c4ac264a59b884990095-4">
 </div>
<div class="crayon-line crayon-striped-line" id="crayon-55c4ac264a59b884990095-4">
</div>
<div class="crayon-line crayon-striped-line" id="crayon-55c4ac264a59b884990095-4">
</div>
<div class="crayon-line crayon-striped-line" id="crayon-55c4ac264a59b884990095-4">
  </div>
<div class="crayon-line crayon-striped-line" id="crayon-55c4ac264a59b884990095-4">
 [root@nginxserver ssl]#  openssl req -new -key server.key -out server.csr  </div>
<div class="crayon-line crayon-striped-line" id="crayon-55c4ac264a59b884990095-4">
 </div>
<div class="crayon-line crayon-striped-line" id="crayon-55c4ac264a59b884990095-4">
 Enter pass phrase<div class="crayon-line crayon-striped-line" id="crayon-55c4ac264a5d8630601754-2">
for server.key:</div>
<div class="crayon-line crayon-striped-line" id="crayon-55c4ac264a5d8630601754-2">
</div>
<div class="crayon-line crayon-striped-line" id="crayon-55c4ac264a5d8630601754-2">
</div>
</div>
<div class="crayon-line crayon-striped-line" id="crayon-55c4ac264a59b884990095-4">
 </div>
<div class="crayon-line crayon-striped-line" id="crayon-55c4ac264a59b884990095-4">
 </div>
<div class="crayon-line crayon-striped-line" id="crayon-55c4ac264a59b884990095-4">
 You are about to be asked to enter information that will be incorporated  into your certificate request.What you are about to enter is what is called a Distinguished Name or a DN.There are quite a few fields but you can leave some blank For some fields there will be a default value,If you enter '.', the field will be left blank.</div>
<div class="crayon-line crayon-striped-line" id="crayon-55c4ac264a59b884990095-4">
 </div>
<div class="crayon-line crayon-striped-line" id="crayon-55c4ac264a59b884990095-4">
 </div>
<div class="crayon-line crayon-striped-line" id="crayon-55c4ac264a59b884990095-4">
Country Name (2letter code) [XX]:IN</div>
<div class="crayon-line crayon-striped-line" id="crayon-55c4ac264a59b884990095-4">
 </div>
<div class="crayon-line crayon-striped-line" id="crayon-55c4ac264a59b884990095-4">
State or Province Name (full name) []:New Delhi</div>
<div class="crayon-line crayon-striped-line" id="crayon-55c4ac264a59b884990095-4">
 </div>
<div class="crayon-line crayon-striped-line" id="crayon-55c4ac264a59b884990095-4">
Locality Name (eg,city) [Default City]:Mohamadpur </div>
<div class="crayon-line crayon-striped-line" id="crayon-55c4ac264a59b884990095-4">
 </div>
<div class="crayon-line crayon-striped-line" id="crayon-55c4ac264a59b884990095-4">
Organization Name (eg, company) [Default Company Ltd]:KVIT </div>
<div class="crayon-line crayon-striped-line" id="crayon-55c4ac264a59b884990095-4">
 </div>
<div class="crayon-line crayon-striped-line" id="crayon-55c4ac264a59b884990095-4">
Organizational Unit Name (eg, section) []:KVIT Solutions PVt Ltd. </div>
<div class="crayon-line crayon-striped-line" id="crayon-55c4ac264a59b884990095-4">
 </div>
<div class="crayon-line crayon-striped-line" id="crayon-55c4ac264a59b884990095-4">
Common Name (eg,your name or your server's hostname) []:192.168.0.175 </div>
<div class="crayon-line crayon-striped-line" id="crayon-55c4ac264a59b884990095-4">
 </div>
<div class="crayon-line crayon-striped-line" id="crayon-55c4ac264a59b884990095-4">
Email Address []:lalitvohra04@gmail.com</div>
<div class="crayon-line crayon-striped-line" id="crayon-55c4ac264a59b884990095-4">
 </div>
<div class="crayon-line crayon-striped-line" id="crayon-55c4ac264a59b884990095-4">
A challenge password []:redhat </div>
<div class="crayon-line crayon-striped-line" id="crayon-55c4ac264a59b884990095-4">
 </div>
<div class="crayon-line crayon-striped-line" id="crayon-55c4ac264a59b884990095-4">
An optional company name []:KVIT </div>
<div class="crayon-line crayon-striped-line" id="crayon-55c4ac264a59b884990095-4">
 </div>
<div class="crayon-line crayon-striped-line" id="crayon-55c4ac264a59b884990095-4">
Now our csr has been created. </div>
<div class="crayon-line crayon-striped-line" id="crayon-55c4ac264a59b884990095-4">
 </div>
<div class="crayon-line crayon-striped-line" id="crayon-55c4ac264a59b884990095-4">
<h4 class="block-title">
 </h4>
<div class="block-title" style="text-align: left;">
Step 4:Remove the Passphrase</div>
<div class="block-title" style="text-align: left;">
 </div>
We
 are almost finished creating the certificate. However, it would serve 
us to remove the passphrase. Although having the passphrase in place 
does provide heightened security, the issue starts when one tries to 
reload nginx. In the event that nginx crashes or needs to reboot, you 
will always have to re-enter your passphrase to get your entire web 
server back online.
Use this command to remove the passphrase:  
 
 # cp server.key server.key.org  
 
 # openssl rsa -in server.key.org -out server.key  
 
 
<div class="block-title" style="text-align: left;">
Step 5:Sign your SSL Certificate</div>
<div class="block-title" style="text-align: left;">
 </div>
Your
 certificate is all but done, and you just have to sign it. Keep in mind
 that you can specify how long the certificate should remain valid by 
changing the 365 to the number of days you prefer. As it stands, this 
certificate will expire after one year.</div>
<div class="crayon-line crayon-striped-line" id="crayon-55c4ac264a59b884990095-4">
 </div>
<div class="crayon-line crayon-striped-line" id="crayon-55c4ac264a59b884990095-4">
# openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt</div>
<div class="crayon-line crayon-striped-line" id="crayon-55c4ac264a59b884990095-4">
 </div>
<div class="crayon-line crayon-striped-line" id="crayon-55c4ac264a59b884990095-4">
You are now done making your certificate.

[root@nginxserver ssl]# openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

Signature ok

subject=/C=IN/ST=New Delhi/L=Mohamadpur/O=KVIT/OU=KVIT Solutions PVt Ltd./CN=192.168.0.175/emailAddress=lalitvohra04@gmail.com

Getting Private key 
 
 
<img alt="ng16" class="alignnone wp-image-1260" height="42" src="http://linuxgateway.in/wp-content/uploads/2015/05/ng16-300x31.png" width="406" />  
<h4 style="text-align: left;">
 </h4>
<h4 class="block-title" style="text-align: left;">
Step 6: Set Up the Certificate</h4>
<h4 class="block-title">
</h4>
Open up the SSL config file:</div>
<div class="crayon-line crayon-striped-line" id="crayon-55c4ac264a59b884990095-4">
 </div>
<div class="crayon-line crayon-striped-line" id="crayon-55c4ac264a59b884990095-4">
 </div>
<div class="crayon-line crayon-striped-line" id="crayon-55c4ac264a59b884990095-4">
# vi /etc/nginx/conf.d/ssl.conf </div>
<div class="crayon-line crayon-striped-line" id="crayon-55c4ac264a59b884990095-4">
 </div>
<div class="crayon-line crayon-striped-line" id="crayon-55c4ac264a59b884990095-4">
Uncomment within the section under the
 line HTTPS Server. Match your config to the information below, 
replacing the example.com in the “server_name” line with your domain 
name or IP address. If you are just looking to test your certificate, 
the default root there will work.

[root@nginxserver ~]# vi /etc/nginx/conf.d/ssl.conf

# HTTPS server 
server {listen 443; 
server_name example.com; 
ssl on; 
ssl_certificate /etc/nginx/ssl/server.crt; 
ssl_certificate_key /etc/nginx/ssl/server.key; 
root /usr/share/nginx/html; # Document root 
index index.php index.html index.htm; 
}

To view website with ssl, just open the website with <a href="https://192.168.0.175/">https://192.168.0.175 </a> 
 
 
 
 
<img alt="ng17" class="alignnone wp-image-1261" height="207" src="http://linuxgateway.in/wp-content/uploads/2015/05/ng17-300x154.png" width="403" />  
 
 
 
 
Click on advanced and then click on proceed to option.

Your website will be open with ssl or https(secured website.)

For any queries, we will be there to 
help you. And you can mail us at </div>
<div class="crayon-line crayon-striped-line" id="crayon-55c4ac264a59b884990095-4">
 </div>
<div class="crayon-line crayon-striped-line" id="crayon-55c4ac264a59b884990095-4">
lalitvohra04@gmail.com and 
linux@kvit.in .For more intresting linux </div>
<div class="crayon-line crayon-striped-line" id="crayon-55c4ac264a59b884990095-4">
 </div>
<div class="crayon-line crayon-striped-line" id="crayon-55c4ac264a59b884990095-4">
artciles,keep visiting our 
website and do subscribe to get latest information </div>
<div class="crayon-line crayon-striped-line" id="crayon-55c4ac264a59b884990095-4">
 </div>
<div class="crayon-line crayon-striped-line" id="crayon-55c4ac264a59b884990095-4">
through mails </div>
<div class="crayon-line crayon-striped-line" id="crayon-55c4ac264a59b884990095-4">
 </div>
<div class="crayon-line crayon-striped-line" id="crayon-55c4ac264a59b884990095-4">
  
 
     </div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<code class="western"> </code>
</div>
</div>
</div>

How to install Nginx Webserver with ssl

Introduction Nginx pronounced engine-x is a free, open-source, high-performance HTTP server and reverse proxy, as well as an IMAP/POP3 proxy server. Igor Sysoev started development of Nginx in 2…

07 Aug 2015

Create Centralized Storage using iSCSI Target on RHEL/CentOS

Unknown

Link Author

Title: Create Centralized Storage using iSCSI Target on RHEL/CentOS
Author: Unknown
Rating 5 of 5 Des:

Introduction what is iscsi ????? In computing, iSCSI (Listeni/a ɪˈ sk ʌ zi/ eye-SKUZ-ee), is an acronym for Internet Small Computer...

<div dir="ltr" style="text-align: left;" trbidi="on">
 
<h3 style="text-align: left;">
Introduction</h3>
 
 
what is iscsi ????? 
 
In computing, iSCSI (Listeni/a ɪˈ sk ʌ zi/ eye-SKUZ-ee), is an acronym 
for Internet Small Computer System Interface, an Internet Protocol 
(IP)-based storage networking standard for linking data storage 
facilities.

By carrying SCSI commands over IP networks, iSCSI is used to 
facilitate data transfers over intranets and to manage storage over long
 distances. iSCSI can be used to transmit data over local area networks 
(LANs), wide area networks (WANs), or the Internet and can enable 
location- independent data storage and retrieval.

The protocol allows clients (called initiators) to send SCSI commands
 (CDBs) to SCSI storage devices (targets) on remote servers.It is a 
storage area network (SAN) protocol,allowing organizations to 
consolidate storage into data center storage arrays while providing 
hosts (such as database and web servers) with the illusion of locally attached disks. 
 
But here in this practical , we will do iscsi on lan, for an exmaple you
 are linux admin in company , as you have as server of 2 TB and enough 
ram required.You can make this server as an iscsi server or a backup 
server or storage server.

Storage consolidation : 
 
Organizations move disparate storage resources from servers around their
 network to central locations, often in data centres.This allows for 
more efficiency in the allocation of storage, as the storage itself is 
no longer tied to a particular server. In a SAN environment, a server 
can be allocated a new disk volume without any changes to hardware or cabling. 
 
Disaster recovery: 
 
Organizations mirror storage resources from one data centre to a remote 
data center, which can serve as a hot standby in the event of a 
prolonged outage. In particular, iSCSI SANs allow entire  disk arrays to
 be migrated across a WAN with minimal configuration changes, in effect 
making storage “routable” in the same manner as network traffic.

I want to make you understand that here in this practical in our 
company , we are using one machine as a server(iscsi) which we can say 
“target” for better technical understanding or client machine will be 
work as a “initiator” to access storage from target.

Logical unit number 
 
Main article: Logical unit number In SCSI terminology, LUN stands for logical unit number. A LUN 
 
represents an individually addressable (logical) SCSI device that is 
part of a physical SCSI device (target). In an iSCSI environment, LUNs 
are essentially numbered disk drives.Dont be confuse.

iSCSI uses TCP (typically TCP port 3260) for the protocols itself.

iqn is very important while doing this practical, so just we have to 
know this,no need to go in detail.As this is like a name for iscsi 
between target and initiator defined to work in this practical. 
 
Example:which i m showing here, you will get this more while 
ging through practical. 
—————————————————- ——— 
<target iqn.2015-03.target.local:initiator.local>

————————————————————–

Security Authentication : 
 
ISCSI initiators and targets prove their identity to each other using 
the CHAP protocol, which includes a mechanism to prevent cleartext 
passwords from appearing on the wire. By itself, the CHAP protocol is 
vulnerable to dictionary attacks, spoofing, or reflection attacks. If 
followed carefully, the rules for using CHAP within iSCSI prevent most of these attacks. 
 
For more information do check CHAP protocol on web.You will get details.

<div style="text-align: left;">
Step 1: Flush all the firewall rules by .</div>

# iptables -F

#service iptables save

And also check selinux status by sestatus command.

And 
 
# vi /etc/sysconfig/selinux 
 
# This file controls the state of SELinux on the system. 
# SELINUX= can take one of these three values: 
enforcing – SELinux security policy is enforced. 
permissive – SELinux prints warnings instead of enforcing 
disabled – SELinux is fully disabled. 
 
SELINUX=enabled           (keep it disabled here)

Step 2: keep the hostname entries in /etc/hosts file and network file on both target and client.

# vi /etc/hosts

# vi /etc/sysconfig /network

firstly ,here i have access to both the machines. 
 
 
 <img alt="first1" class="alignnone wp-image-402" height="107" src="http://linuxgateway.in/wp-content/uploads/2015/04/first1-300x59.jpeg" width="544" /> 
 
 
  
 Here for storage sharing, i have added harddisk of 20 GB in target to 
share as a LUN by client.If you have physical, you can add or attach 
physical harddisk either you can add virtual hard-disk , if you are 
working vmvare or virtual box.Now we will go to hosts file to keep 
entries of host name of both 
target and client on both sides. 
 
 <img alt="Selection_315" class="alignnone wp-image-387" height="125" src="http://linuxgateway.in/wp-content/uploads/2015/04/Selection_315-300x73.png" width="514" />  
 
 
Step 3: Create partition of added hard disk and format it with file system.You can check the filesystem by df -T command.

[root@server ~]# df -T 
Filesystem    Type   1K-blocks      Used Available Use% Mounted on 
/dev/sda3     ext4     7422920   2771180   4268592  40% / 
/dev/sda1     ext4      194442     11426    172977   7% /boot

#fdisk /dev/sdb1   ( create a new primary partition ) 
#mkfs.ext4  /dev/sdb1  (format it with filesystem) 
 
<img alt="fdisk target" class="alignnone wp-image-404" height="301" src="http://linuxgateway.in/wp-content/uploads/2015/04/fdisk-target-300x189.jpeg" width="478" /> 
 
The above has shown that , on target machine, we have added .You can see /dev/sdb of 22GB has been added.

On SERVER Side:

Step 4: yum install scsi-target-utils -y

step 5:#vi /etc/tgt/targets.conf          ( configuation file at target side) 
just go the end by pressing shift+G. 
<target iqn.2015-03.target.local:initiator.local> 
backing-store /dev/sdb1 
initiator-address 192.168.0.144

incominguser  iscsiadm iscsiadm123 
iscsiadm123 
</target> 
 
 
 <img alt="1503 tgtd" class="alignnone wp-image-405" height="104" src="http://linuxgateway.in/wp-content/uploads/2015/04/1503-tgtd-300x57.jpeg" width="547" /> 
 
 As above target is syntax. 
 
Iqn: ISCSI Qualified Name (IQN) 
 
Then target machine(target.local) host name and after initiator machine(initiator.local) hostname.
Then give the disk of Lun you are sharing, in my case i m sharing /dev/sdb1.
Then initiator client IP address. 
 
Then user name and password on the basis of which our client 
machine authenticate with target. 
Then end the syntax.
 
Step 6: Then start the tgtd service and keep the chkconfig on . 
#/etc/init.d/tgtd start 
 
# chkconfig –levels 235 tgtd on

Step 7:Then open the tcp port 3260 of iscsi on target machine by 
iptable rule, don’t worry if you don’t  understand,but you need to do 
that if you are using firewalls.

[root@server ~]# iptables -A INPUT -p tcp –dport 3260 -j ACCEPT 
[root@server ~]# service iptables save 
 
Saving firewall rules to /etc/sysconfig/iptables:          [  OK  ]

Step 8:Now its time to test, whether upto till now, we have done 
everything right or not.Please go through below command and check 
whether it is showing shared partition or not,because at first time when
 you will do this practical, i m sure you will be amazed to not get this
 .As i also i did not get, but dont worry , try again or check the 
following all , which we have done till now.

Step 9: To check all parameter is correct 
#tgtadm –mode target –op show 
Output would be like >> 
 
<img alt="6" class="alignnone wp-image-389" height="403" src="http://linuxgateway.in/wp-content/uploads/2015/04/61-300x273.jpg" width="443" /> 
 
 
As it is showing in LUN:1 as a shared partition of /dev/sdb1.

That all up to now on target machine.Now our job to configure client(initiator machine IP:192.168.0.144).

ON CLIENT SIDE CONFIGURATION

Step 10: yum -y install iscsi-initiator-utils -y

Now its time to use iqn , which we have done or used in target machine iscsi tgt configuration file,if you remember.

Step 11:Go to  file and do some changes.

#vim  /etc/iscsi/initiatorname.iscsi

InitiatorName=iqn.2015-03.target.local:initiator.local

keep the above entry in above file.You can keep the # symbol on already there or delete it or keep 
another line with required information and save the file.

step 12:  Go to config file .

Now go to main config file on client side. 
 
[root@initiator ~]# vi /etc/iscsi/iscsid.conf 
 
:Here in this you have to some changes as required. 
# To manually startup the session set to “manual”. The default is 
automatic. 
node.startup = automatic 
# To enable CHAP authentication 
node.session.auth.authmethod = CHAP 
# To set a CHAP username and password for initiator 
node.session.auth.username = iscsiadm 
node.session.auth.password = iscsiadm123 
:wq!

Then save the file.

Step 13: And the start the iscsi daemon and keep it chkconfig on 
 
#service iscsid start 
# chkconfig –levels 235 iscsid on

Friends as there is caution , you needs to do that don’t start 
service through init script but do start the service by service 
command,other wise if you do by /etc/init.d/iscsid start, it will not 
start.And after that you have to start service by below command.

step 14: /etc/rc.d/init.d/iscsid force-start 
 
 
 <img alt="10" class="alignnone wp-image-393" height="132" src="http://linuxgateway.in/wp-content/uploads/2015/04/10-300x76.jpeg" width="521" />  
 
 
step 15: Now to test on client side , you have to put below command.

#iscsiadm –mode discovery -t  sendtargets –portal 192.168.0.44   (here 192.168.0.44 is target ip ) 
Output would be like > 
192.168.0.29:3260,1 iqn.2015-03.target.local:initiator.local  
 
 
 
<img alt="123e" class="alignnone wp-image-406" height="65" src="http://linuxgateway.in/wp-content/uploads/2015/04/123e-300x35.jpeg" width="557" />  
 
step 16: Now its time to connect to target,you have to put below 
command, and when you will get this type of output, showing 
successful,it means that you have connected to target from client 
machine and now can that /dev/sdb1 partition on you system as locally.

#iscsiadm –mode discovery -t  sendtargets –portal 192.168.0.44  -l  
 
<img alt="124e" class="alignnone wp-image-407" height="113" src="http://linuxgateway.in/wp-content/uploads/2015/04/124e-300x55.jpeg" width="616" />  
 
 
 
 
Now you have login to target machine and shared partition /dev/sdb1 
is now accessible to you.As you can check this by fdisk -l command.

Now put fdisk -l command , to check shared partition /dev/sdb. 
Yipee!!! i got 
 
 <img alt="fdisk target" class="alignnone wp-image-404" height="323" src="http://linuxgateway.in/wp-content/uploads/2015/04/fdisk-target-300x189.jpeg" width="513" />  
 
 
Step 17:You will get device uid by this command.

#blkid /dev/sdb   
 
<img alt="14" class="alignnone wp-image-395" height="82" src="http://linuxgateway.in/wp-content/uploads/2015/04/14-300x26.jpeg" width="946" />  
 
For permanent mounting, use mount it in /etc/fstab file.

#vim /etc/fstab

UUID=”1e38954b-80df-4060-9ac7-77e335a”   /mnt   ext4   _netdev  0 0 
Where 
• UUID=”1e38954b-80df-4060″ of NAS partition of target Server 
• /mnt is mount point 
 
•Ext3 : file system used 
 
•netdev : device type may be _netdev,rw

_# mount –a 
 
never restart initiator except shutdown 
 
# umount /mnt 
 
# chkconfig netfs on 
 
# service netfs restart

Then you can check this mount by df -H command.

Thats all friends for iscsi topic.For any queries,you can contact us at linux@kvit.in or lalit@kvit.in. 
 
 
 
 
</div>

Create Centralized Storage using iSCSI Target on RHEL/CentOS

Introduction what is iscsi ????? In computing, iSCSI (Listeni/a ɪˈ sk ʌ zi/ eye-SKUZ-ee), is an acronym for Internet Small Computer System Interface, an Internet Protocol (IP)-based storage network…

07 Aug 2015

Setup IT And Asset Management System With GLPI On Centos 6(Ticketing tool)

Unknown

Link Author

Title: Setup IT And Asset Management System With GLPI On Centos 6(Ticketing tool)
Author: Unknown
Rating 5 of 5 Des:

Introduction GLPI is the Information Resource-Manager with an additional Administration Interface. You can use it to build up a ...

<div dir="ltr" style="text-align: left;" trbidi="on">
<h1 class="entry-title" itemprop="name">
</h1>
<h4 class="block-title">
Introduction</h4>
<h4 class="block-title">
 </h4>
<div align="left">
GLPI
 is the Information Resource-Manager with an additional Administration 
Interface. You can use it to build up a database with an inventory for 
your company. It has enhanced functions to make the daily life for the 
administrators easier, like a job-tracking-system with mail-notification
 and methods to build a database with basic information about your 
network-topology.</div>
<div align="left">
 </div>
<div align="left">
<img alt="images" class="alignnone wp-image-1346" height="181" src="http://linuxgateway.in/wp-content/uploads/2015/05/images.jpeg" width="402" /> </div>
<div align="left">
 </div>
<div class="td_block_wrap td_text_with_title">
<h4 class="block-title">
GLPI has the following features.</h4>
<h4 class="block-title">
 </h4>
<div class="td_mod_wrap">
*Inventory of computers, peripherals, network printers etc. 
* Management of 
issues on many environments through creation of tickets, management of 
tickets, assignment, tickets scheduling, etc. 
* Licenses management (ITIL compliant). 
* Assignment of equipment by geographical area to users and groups. 
* Management of business and financial information (purchase, guarantee and extension, damping).  
*Management of applications for assistance of all types of equipment inventory. 
* Interface to allow the user to file a support ticket. Business management, contracts, documents related to inventory items. 
* Equipment booking. 
* FAQ Management. 
* Report generator for hardware, network or interventions.Multi-language support including 41 languages available. 
 
</div>
</div>
<div class="td_block_wrap td_text_with_title">
<h4 class="block-title">
Configuration Of GLPI Server</h4>
<h4 class="block-title">
 </h4>
<div class="td_mod_wrap">
GLPI Server System Details-
Operating System- Centos-6.6 
RequiredPackages- Apache (httpd), php-mysql, php-mbstring, mysql-server, mysql-devel 
Server IP-    192.168.0.175 
Server Hostname- server.glpi.com 
 
First of all, we have to set the host-name of glpi server. 
 
Step-1: Set the hostname 
  
 
[root@localhost ~]# vi /etc/sysconfig/network 
NETWORKING=yes 
 HOSTNAME=glpi.com 
 GATEWAY=192.168.0.254 
[root@localhost ~]# vi /etc/hosts 
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4 
 ::1         localhost localhost.localdomain localhost6 localhost6.localdomain6 
192.168.0.175  server.glpi.com 
 
Step-2: Restart Network Services. 
[root@server ~]# service network restart 
 
Step-3: Check Hostname. 
 
[root@localhost ~]# hostname 
 server.glpi.com</div>
</div>
<div align="left">
 </div>
<div class="td_block_wrap td_text_with_title">
<h4 class="block-title">
Further Steps</h4>
<div class="td_mod_wrap">
Step- 4: Install required Packages.
Apache- 
# yum install httpd httpd-server httpd-devel 
 # yum install php httpd 
 
Mysql- 
# yum install mysql-server mysql-devel 
 # yum install php-mysql php-mbstring 
 
Step- 5: Start the httpd and mysqld services. 
 
# /etc/init.d/httpd   start 
# /etc/init.d/mysqld  start 
 
Step-6: Keep the services chkconfig on after next boot 
#chkconfig httpd on 
#chkconfig mysqld on 
 
Step-7: Generate mysql root password on server. 
[root@localhost ~]# /usr/bin/mysql_secure_installation 
 
 
Output: 
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MySQL 
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY! 
In order to log into MySQL to secure it, we’ll need the current 
password for the root user. If you’ve just installed MySQL, and 
you haven’t set the root password yet, the password will be blank, 
so you should just press enter here 
Enter current password for root (enter for none):   (Hit Enter here if not set) 
OK, successfully used password, moving on… 
Setting the root password ensures that nobody can log into the MySQL 
root user without the proper authorisation. 
Set root password? [Y/n] y 
New password: 
Re-enter new password: 
Password updated successfully! 
Reloading privilege tables.. 
… Success! 
By default, a MySQL installation has an anonymous user, allowing anyone 
to log into MySQL without having to have a user account created for 
them. This is intended only for testing, and to make the installation 
go a bit smoother. You should remove them before moving into a 
production environment. 
Remove anonymous users? [Y/n] y 
… Success! 
Normally, root should only be allowed to connect from ‘localhost’. This 
ensures that someone cannot guess at the root password from the network. 
Disallow root login remotely? [Y/n] y 
… Success! 
By default, MySQL comes with a database named ‘test’ that anyone can 
access. This is also intended only for testing, and should be removed 
before moving into a production environment. 
Remove test database and access to it? [Y/n] y 
– Dropping test database… 
… Success! 
– Removing privileges on test database… 
… Success! 
Reloading the privilege tables will ensure that all changes made so far 
will take effect immediately. 
Reload privilege tables now? [Y/n] y 
… Success! 
Cleaning up… 
All done! If you’ve completed all of the above steps, your MySQL 
installation should now be secure. 
Thanks for using MySQL! 
 
Step-8: Set mysql databse For GLPI 
# mysql -u root -p 
Type ‘help;’ or ‘\h’ for help. Type ‘\c’ to clear the current input statement. 
mysql> create database glpi;      #we are creating a database 
 Query OK, 1 row affected (0.02 sec) 
mysql> grant all privileges on glpi.* to glpi@localhost identified by ‘glpi'; 
 Query OK, 0 rows affected (0.01 sec) 
(Here,
 we are creating a user named glpi with password and at same time with 
one command, we are giving glpi user as all priviledges on glpi 
database.) 
 
mysql> flush privileges; 
Query OK, 0 rows affected (0.00 sec) 
mysql> exit 
 Bye 
 
Step-9:Restart the mysql service. 
 
[root@localhost ~]# /etc/init.d/mysqld restart 
 Stopping mysqld:                                          [  OK  ] 
 Starting mysqld:                                           [  OK  ]</div>
</div>
<div class="td_block_wrap td_text_with_title">
<h4 class="block-title">
 Download and install glpi</h4>
<div class="td_mod_wrap">
Step-10: Set mysql databse For GLPI. 
 # cd /var/www/html 
# wget https://forge.indepnet.net/attachments/download/1615/glpi-0.84.3.tar.gz 
 Extract the tarball using command:
# tar -zxvf glpi-0.84.3.tar.gz 
# cd glpi/ 
# ll 
# chown apache:apache -R files/ 
# chown apache:apache -R config/ 
# chmod -R 777 files/ 
 # chmod -R 777 config/ 
 
Step-11 :Retstart the httpd service 
 
[root@localhost glpi]# service httpd restart 
 Stopping httpd:                                           [  OK  ] 
 Starting httpd:                                            [  OK  ]</div>
</div>
<div align="left">
 </div>
<div class="entry-title" itemprop="name" style="text-align: left;">
 </div>
<div class="entry-title" itemprop="name" style="text-align: left;">
Now install some components to glpi proper functionality</div>
<h1 class="entry-title" itemprop="name">
Open web Browser and type URL..
http://192.168.0.175/gjpi/install/install.php</h1>
Step 1:Select the language you want   
 
 
<a href="http://linuxgateway.in/wp-content/uploads/2015/05/12-300x80.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img alt="1" border="0" class="alignnone size-medium wp-image-1347" height="107" src="http://linuxgateway.in/wp-content/uploads/2015/05/12-300x80.jpg" width="402" /></a> 
 
 
 
 
 
 
 
 
Step-2 :Click on accept the terms and conditions    
 
 
 
 
<img alt="2" class="alignnone wp-image-1348" height="158" src="http://linuxgateway.in/wp-content/uploads/2015/05/22-300x117.jpg" width="405" /> 
 

 
 
Step-3: Click on install   
 
 
 
 
<img alt="3" class="alignnone wp-image-1349" height="125" src="http://linuxgateway.in/wp-content/uploads/2015/05/32-300x93.jpg" width="403" /> 
 
 
 
Step 4 –:Here
 , you have to click on continue, but if there is any errors, you will 
be seen here in red color.And you have to check those errors in case you
 get.

<img alt="4" class="alignnone wp-image-1350" height="216" src="http://linuxgateway.in/wp-content/uploads/2015/05/42-300x161.jpg" width="402" /> 
 
Step-5:Enter the MySQL credentials such as host-name, user and password and click Continue.     
 
 
<img alt="5" class="alignnone wp-image-1351" height="166" src="http://linuxgateway.in/wp-content/uploads/2015/05/52-300x123.jpg" width="405" /> 
 
 
Step-6:If
 you have already created a MySQL database it should have listed in the 
next screen as shown below, else you have to create a new one by 
clicking on the link Create new database. I have already created a 
database called ‘glpi’, hence i selected it.Select the database glpi and
 click on continue   
 
 
<img alt="6" class="alignnone wp-image-1352" height="148" src="http://linuxgateway.in/wp-content/uploads/2015/05/62-300x110.jpg" width="404" /> 
 
 
Step-7:Click Continue.    
 
 
<img alt="7" class="alignnone wp-image-1353" height="108" src="http://linuxgateway.in/wp-content/uploads/2015/05/71-300x80.jpg" width="405" /> 
 
 
 
 
 
 
Step-8:Installation finished.   
 
 
 
<img alt="9" class="alignnone wp-image-1354" height="127" src="http://linuxgateway.in/wp-content/uploads/2015/05/91-300x95.jpg" width="401" /> 
 
 
 
Step-9: Congratulations! We have installed GLPI on our server successfully. 
 
 
 
 
<img alt="10" class="alignleft wp-image-1355" height="111" src="http://linuxgateway.in/wp-content/uploads/2015/05/10-300x114.jpg" width="291" /> 
 
 

 
Step-10:Congratulations,Finally, you are ready to use glpi server on web-panel.From here, you can manage glpi.  
 

 
<img alt="11" class="alignleft size-medium wp-image-1356" height="110" src="http://linuxgateway.in/wp-content/uploads/2015/05/111-300x110.jpg" width="300" />

Finally, you can use it.In our next 
article, we will show how to configure glpi , and manage ticketing 
system for our daily use.I know you will be very eager to know, please 
have patience.For any query and issue related to this article,please 
mail us at linux@kvit.in.We will be surely help you out with this. 
 
 
 </div>

Setup IT And Asset Management System With GLPI On Centos 6(Ticketing tool)

Introduction GLPI is the Information Resource-Manager with an additional Administration Interface. You can use it to build up a database with an inventory for your company. It has enhanced funct…

07 Aug 2015

Load more posts

LinuxGateway

How to install Nginx Webserver with ssl

Create Centralized Storage using iSCSI Target on RHEL/CentOS

Setup IT And Asset Management System With GLPI On Centos 6(Ticketing tool)

Twitter

Facebook

Google+

Contact Form