FirewalldLAMP

How to Install Newest LAMP on CentOS 7.2 Minimal (4/4) – Configure Daemons and Firewall

Configure MySQL Daemon
[root@test ~]# systemctl status mysqld.service
â— mysqld.service - MySQL Server
   Loaded: loaded (/usr/lib/systemd/system/mysqld.service; enabled; vendor preset: disabled)
   Active: active (running) since Tue 2016-03-22 20:40:37 EDT; 5min ago
  Process: 2158 ExecStart=/usr/sbin/mysqld --daemonize --pid-file=/var/run/mysqld/mysqld.pid $MYSQLD_OPTS (code=exited, status=0/SUCCESS)
  Process: 1620 ExecStartPre=/usr/bin/mysqld_pre_systemd (code=exited, status=0/SUCCESS)
 Main PID: 2814 (mysqld)
   CGroup: /system.slice/mysqld.service
           â””─2814 /usr/sbin/mysqld --daemonize --pid-file=/var/run/mysqld/mys...

Mar 22 20:40:28 test.com systemd[1]: Starting MySQL Server...
Mar 22 20:40:37 test.com systemd[1]: Started MySQL Server.
[root@test ~]# mysql -V
mysql  Ver 14.14 Distrib 5.7.11, for Linux (x86_64) using  EditLine wrapper

Configure Apache Daemon
[root@test ~]# systemctl status httpd.service
â— httpd.service - The Apache HTTP Server
   Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor preset: disabled)
   Active: inactive (dead)
     Docs: man:httpd(8)
           man:apachectl(8)

[root@test ~]# systemctl enable httpd.service
Created symlink from /etc/systemd/system/multi-user.target.wants/httpd.service to /usr/lib/systemd/system/httpd.service.

[root@test ~]# systemctl start httpd.service
[root@test ~]# systemctl status httpd.service
â— httpd.service - The Apache HTTP Server
   Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
   Active: active (running) since Tue 2016-03-22 20:47:03 EDT; 53s ago
     Docs: man:httpd(8)
           man:apachectl(8)
 Main PID: 2890 (httpd)
   Status: "Total requests: 0; Current requests/sec: 0; Current traffic:   0 B/sec"
   CGroup: /system.slice/httpd.service
           â”œâ”€2890 /usr/sbin/httpd -DFOREGROUND
           â”œâ”€2891 /usr/sbin/httpd -DFOREGROUND
           â”œâ”€2892 /usr/sbin/httpd -DFOREGROUND
           â”œâ”€2893 /usr/sbin/httpd -DFOREGROUND
           â”œâ”€2894 /usr/sbin/httpd -DFOREGROUND
           â””─2895 /usr/sbin/httpd -DFOREGROUND

Mar 22 20:46:58 test.com systemd[1]: Starting The Apache HTTP Server...
Mar 22 20:47:00 test.com httpd[2890]: AH00558: httpd: Could not reliably de...ge
Mar 22 20:47:03 test.com systemd[1]: Started The Apache HTTP Server.
Hint: Some lines were ellipsized, use -l to show in full.

If there’s any errors, you can bounce the whole server and check again.
[root@test ~]# httpd -v
Server version: Apache/2.4.6 (CentOS)
Server built:   Nov 19 2015 21:43:13
[root@test ~]# php -v
PHP 7.0.4 (cli) (built: Mar  5 2016 00:55:49) ( NTS )
Copyright (c) 1997-2016 The PHP Group
Zend Engine v3.0.0, Copyright (c) 1998-2016 Zend Technologies
    with Zend OPcache v7.0.6-dev, Copyright (c) 1999-2016, by Zend Technologies

Configure Firewalld
[root@test ~]# systemctl status firewalld
â— firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
   Active: active (running) since Tue 2016-03-22 20:40:16 EDT; 17min ago
 Main PID: 791 (firewalld)
   CGroup: /system.slice/firewalld.service
           â””─791 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid

Mar 22 20:40:11 test.com systemd[1]: Starting firewalld - dynamic firewall .....
Mar 22 20:40:16 test.com systemd[1]: Started firewalld - dynamic firewall d...n.
Hint: Some lines were ellipsized, use -l to show in full.

[root@test ~]# firewall-cmd --state
running
[root@test services]# firewall-cmd --list-all
public (default, active)
  interfaces: eno16777736
  sources:
  services: dhcpv6-client ssh
  ports:
  masquerade: no
  forward-ports:
  icmp-blocks:
  rich rules:

Open service http and https to public.
[root@test services]# firewall-cmd --permanent --add-service=http
success
[root@test services]# firewall-cmd --permanent --add-service=https
success
[root@test services]# firewall-cmd --reload
success
[root@test services]# firewall-cmd --list-all
public (default, active)
  interfaces: eno16777736
  sources:
  services: dhcpv6-client http https ssh
  ports:
  masquerade: no
  forward-ports:
  icmp-blocks:
  rich rules:

Let’s see the zone file.
[root@test ~]# cat /etc/firewalld/zones/public.xml
<?xml version="1.0" encoding="utf-8"?>
<zone>
  <short>Public</short>
  <description>For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.</description>
  <service name="dhcpv6-client"/>
  <service name="http"/>
  <service name="ssh"/>
  <service name="https"/>
</zone>

Test the page: http://www.example.com/ from browsers.

Leave a Reply

Your email address will not be published. Required fields are marked *