Installing EPEL repo on CentOS 7.x

Standard

The EPEL (Extra Packages for Enterprise Linux) repository offers a variety of packages that can enhance your programming experience. These packages compliment and extend the base packages that come with CentOS. Installing EPEL on CentOS 7 is straightforward (the following commands assume you have root privileges):

cd /tmp
wget http://dl.fedoraproject.org/pub/epel/beta/7/x86_64/epel-release-7-1.noarch.rpm
yum install epel-release-7-1.noarch.rpm

That’s it. All the packages in the EPEL repo for CentOS 7.x and Red Hat Enterprise Linux (RHEL) version 7.x are now at your fingertips

Tomcat fresh install on Amazon EC2 Redhat Instance

Standard

This tutorial will demonstrate how to install a fresh version of apache tomcat 7.0.53 from source on an Amazon EC2 Redhat based instance. Including the installation of mysql, vsftpd, ssl (forced for the entire tomcat server), and iptables prerouting.

To begin, login to your EC2 instance and do a quick yum update. This will assure that all of your virtual machine’s libraries are up to date.

yum update 

When prompted, type “yes” to install updates. This update process can last several minutes.

The first library to install will be mysql. Run the following commands to install the server.

yum install mysql
yum install mysql-server
yum install mysql-devel 

Once installed turn on mysql to the chkconfig. This command makes it so mysql will automatically start on server reboot.

chkconfig mysqld on

Now you must configure mysql. Begin by starting the service.

service mysqld start 

It will output the following message:

To start mysqld at boot time you have to copy
support-files/mysql.server to the right place for your system

PLEASE REMEMBER TO SET A PASSWORD FOR THE MySQL root USER !
To do so, start the server, then issue the following commands:

Run the following command to set your new password for root login.

/usr/bin/mysqladmin -u root password 'new-password'

Now login to mysql terminal by typing the following:

mysql -u root -p

It will prompt you for your password that you have just set above. Next step is to set up user permissions. This is accomplished by first creating a user, then assigning them permissions to access a given database.

#Create a new user, with password
CREATE USER 'username'@'%' IDENTIFIED BY 'user_password';

#Set to given database for a user
GRANT ALL PRIVILEGES ON database_name.* TO 'username'@'*' WITH GRANT OPTION;

#List all users and grants
SELECT user,host FROM mysql.user;

Mysql is now ready to use, you now have a user that should have grant permissions to access a given database (if you made one).

The next step is to setup apache tomcat 7.0.52. Navigate to the opt directory of your server. Then download the Tomcat file and extracting it.

cd /opt/
wget http://archive.apache.org/dist/tomcat/tomcat-7/v7.0.53/bin/apache-tomcat-7.0.53.tar.gz
tar -zxvf apache-tomcat-7.0.53.tar.gz
rm apache-tomcat-7.0.53.tar.gz

Tomcat comes loaded will all the files you need. You can test running the server by navigating to the bin directory and running the startup script.

cd /opt/apache-tomcat-7.0.53/bin/
./startup.sh

Note: If tomcat fails to start; check to make sure that java jdk is installed.

java -version
java version "1.7.0_71"
OpenJDK Runtime Environment (rhel-2.5.3.2.el6_6-x86_64 u71-b14)
OpenJDK 64-Bit Server VM (build 24.65-b04, mixed mode)

If no installation of java is found using yum install jdk 1.7

yum install java-1.7.0-openjdk java-1.7.0-openjdk-devel

It would be much nicer if you could start / stop the server like a service ex. “service tomcat start”. If you want tomcat to run as a server read the Tomcat Service Script tutorial.

Now I want tomcat to run on port 80. Port 80 is the standard port for all internet traffic. To direct traffic from port 80 to tomcat please follow my “Running Tomcat port 80” guide.

The next step is to enable SSL for security. In my case I want SSL to be force / required on all requests. Let’s say I have private data being transmitted so this is necessary.

First edit the conf/server.xml file. Note that the tomcat.keystore file should point to the location you placed your keystore file on the webserver. I have placed my in the root of the tomcat server.

<Connector port="8443" enableLookups="false" protocol="HTTP/1.1" proxyPort="443" keystorePass="changeit" keystoreFile="/opt/apache-tomcat-7.0.53/keys/tomcat.keystore" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" Server="My server name" clientAuth="false" sslProtocol="TLS" />

To force SSL on all connections edit the conf/web.xml file. At the end of the file before the closing tag add:

<!-- Require HTTPS for everything except /files and (favicon) and /css. -->
  <security-constraint>
    <web-resource-collection>
      <web-resource-name>HTTPSOnly</web-resource-name>
      <url-pattern>/*</url-pattern>
    </web-resource-collection>
    <user-data-constraint>
      <transport-guarantee>CONFIDENTIAL</transport-guarantee>
    </user-data-constraint>
  </security-constraint>
  <security-constraint>
    <web-resource-collection>
      <web-resource-name>HTTPSOrHTTP</web-resource-name>
      <url-pattern>*.ico</url-pattern>
      <url-pattern>/files/*</url-pattern>
      <url-pattern>/css/*</url-pattern>
    </web-resource-collection>
    <user-data-constraint>
      <transport-guarantee>NONE</transport-guarantee>
    </user-data-constraint>
  </security-constraint>

Tomcat will now force SSL on all incoming connections, it is ready for your war file. To upload a war file we need a ftp client. By default this Redhat instance does not come with the libraries configured. I choose to use vsftpd.

yum install vsftpd
yum install ftp

The next step is to configure permissions.

vi /etc/vsftpd/vsftpd.conf

Look for the following lines and uncomment / modify.

anonymous_enable=NO
local_enable=YES
write_enable=YES
chroot_local_user=YES

After edits are made, restart the service.

service vsftpd restart

Finally, you need to add a user to the system to login as.

adduser ec2-user
passwd ec2-user

Your server should now accept incoming connections via port 21 (FTP).

Once you login you will only have access to your home directory. Hence, you will not be able / have permissions to upload to the tomcat server directory in the opt folder. To fix this add a symbolic link in your home directory to the webapps directory of the tomcat installation.

ln -s /opt/apache-tomcat-8.0.8/webapps/ /home/ec2-user/webapps

Running tomcat port 80

Standard

The Hypertext Transfer Protocol (HTTP) is the foundation of data communication for the web. By default Tomcat does not use port 80 for communication. Tomcat runs on port 8080 instead. UsingĀ iptables all traffic can be pre-routed from port 80 to port 8080, or all traffic from port 443 (SSL) to port 8443 (tomcat SSL port). This walkthrough shows how to setup port 80 forwarding in Centos 6.x.

To do this modify your iptables file and replace the contents with the following.

vi /etc/sysconfig/iptables

Past in the following:

# Generated by iptables-save v1.4.18 on Mon Aug 19 16:38:51 2013
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [8:1088]
-A INPUT -i eth0 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 443 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 8000 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 3306 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 21100:21299 -j ACCEPT
COMMIT
# Completed on Mon Aug 19 16:38:51 2013
# Generated by iptables-save v1.4.18 on Mon Aug 19 16:38:51 2013
*nat
:PREROUTING ACCEPT [2:104]
:OUTPUT ACCEPT [7:558]
:POSTROUTING ACCEPT [7:558]
# These lines direct all traffic to tomcat
-A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8080
-A PREROUTING -i eth0 -p tcp --dport 443 -j REDIRECT --to-port 8443
COMMIT

Finally, restart iptables to apply the changes:

service iptables restart

Apache Archiva 5 min install

Standard

Apache Archiva is a quick and easy solution to set up your own repository management server. In this example I use CentOS 6.x for my OS.

How To Install / Configure:

Start by downloading the standalone version of Archiva. I suggest placing it in the opt directory for reasons listed.

cd /opt
wget http://mirror.cc.columbia.edu/pub/software/apache/archiva/2.0.1/binaries/apache-archiva-2.0.1-bin.tar.gz
tar -xvf apache-archiva-2.0.1-bin.tar.gz

Now you need to specify the port for Archiva to run on. The default port is 8080 which can cause conflicts if you are using Tomcat which also defaults to 8080. I have changed the port to 8081.

/opt/apache-archiva-2.0.1/conf/jetty.xml

   
      
         
            
         
         
            
         
         30000
         2
         false
         8443
         5000
         5000
      
   

Now at this point Archiva is ready to run. You can start Archiva by the following command.

/opt/apache-archiva-2.0.1/bin/archiva start

Archiva can now be accessed by going to http://localhost:8081/ in your browser. A simple GUI will allow you to setup administrative privileges.

Running as a service script

The above installation is great but begs for better integration with CentOS. On Linux, the bin/archiva script is suitable for linking from the /etc/init.d/ directory. Creating a custom service script in this directory will allow you to start / stop / restart Archiva easily. This directory is used to control services within the OS.

Start by creating the archiva service file

vim /etc/init.d/archiva
chmod 0777 archiva

I have chmod the archiva file so we can execute it as root. Then add the file the script below:

#!/bin/bash
#
# Simple service script for Apache Archiva
# chkconfig: 35 20 80
# description: Archiva 2.0.1

ARCHIVA_PATH=/opt/apache-archiva-2.0.1/bin

case "$1" in
start)
${ARCHIVA_PATH}/archiva start
;;
stop)
${ARCHIVA_PATH}/archiva stop
;;
status)
${ARCHIVA_PATH}/archiva status
;;
restart)
${ARCHIVA_PATH}/archiva restart
;;
*)
echo $"Usage: $0 {start|stop|status|restart}"
exit 1
esac

Test the service script above by running the following commands. It should gracefully control the service.

service archiva start
service archiva stop

I don’t like to have to start archiva everytime I restart my server. Add Archiva to the chkconfig so it will automatically start on restart.

chkconfig --add archiva
chkconfig archiva on

Apache Archiva 2.0.1 is now installed on CentOS.

Dropbox repository error on CentOS 6.x

Standard

Installing Dropbox on CentOS 6.x causes a error coming from the repo:

http://linux.dropbox.com/fedora/6/repodata/repomd.xml: 
[Errno 14] PYCURL ERROR 22 - "The requested URL returned error: 404 Not Found"

The repo can be fixed by modifying the /etc/yum.repos.d/dropbox.repo file. Locate on line 3 the variable $releasever and replace it with 19. The end result is below will work with fedora 16, 17, 18, 19, 20.

dropbox.repo

[Dropbox]
name=Dropbox Repository
baseurl=http://linux.dropbox.com/fedora/19/
gpgkey=http://linux.dropbox.com/fedora/rpm-public-key.asc

Test the results using yum

yum install nautilus-dropbox