CentOS Tutorials Archives - Thoai Media
Posted on

Install H264 Streaming Module for Apache & PHP on CentOS Server

Installing the streaming module can be a problem sometimes. This is a simple ins;tall guide which worked fine in a standard CentOS7/cpanel server:

For Cpanel:

yum install ea-apache24-devel

otherwise:

yum install httpd-devel

wget http://h264.code-shop.com/download/apache_mod_h264_streaming-2.2.7.tar.gz
tar -zxvf apache_mod_h264_streaming-2.2.7.tar.gz
cd mod_h264_streaming-2.2.7
./configure
make
make install

Edit /usr/local/apache/conf/httpd.conf
Add the following lines:
LoadModule h264_streaming_module /usr/lib64/httpd/modules/mod_h264_streaming.so
AddHandler h264-streaming.extensions .mp4

Then restart your apache:
service httpd restart

Make sure the module is loaded, you can check using command:
/usr/local/apache/bin/apachectl -t -D DUMP_MODULES | grep h264_streaming_module

then, cd to a public_html which is resolving correctly and run
cd /home/user/public_html
wget -O test.mp4 "http://h264-demo.code-shop.com/demo/apache/trailer2.mp4"

http://your-servers-ip/test.mp4?start=55.5

You will see the opening preview credits in the first link and in the second, it should have the first 55.5 seconds removed from the original video file.

Posted on

How to Install ClamAV on CentOS 7

Install ClamAV

First, install the Epel (Extra Packages for Enterprise Linux) repository and the mailx command with yum. .

yum -y install epel-release

In this step, we will install Clam AntiVirus or ClamAV to get the best scanning results of LMD. ClamAV is available in the Epel repository (that we’ve installed in the first step).

Install ClamAV and ClamAV devel with yum:

yum -y install clamav clamav-devel

After ClamAV has been installed, update the ClamAV virus databases with the freshclam command:

freshclam

Update ClamAV malware database with the freshclam command after Install ClamAV

Posted on

How to install FFmpeg and ffmpeg-php on CentOS Easily

FFmpeg is an amazing collection of open-source tools that can record and stream video and audio. However, it can also transcode video and audio (convert the files to different formats), and that is what has me so excited. There’s also a great PHP package called ffmpeg-phpthat allows for easy use of FFmpeg from inside PHP scripts. Today, I’m going to see if I can’t help you get both of these set up on your system.

Admittedly, it’s been a while since I’ve tried to install FFmpeg, about two years. I recently thought up some ideas on how I’d like to use FFmpeg, so I thought it was time to give it a try yet again. Today, I’m proud to say that installing FFmpeg is so much easier to install compared to the past, that I dare say it’s simple.

Here is my experience with installing FFmpeg on my server and how to fix the pitfalls that I encountered.

Preface

Note that I did all the following steps on a CentOS server. The specific version is CentOS x64 6.7.

These instructions can work for other distros with little or no modifications, but some distros will be completely different. For example, theDAG RPM Repository that I’m using (more info below) has support for the following distros: Red Hat Enterprise Linux, Fedora Core, Yellow Dog Linux, Aurora Linux, CentOS, Scientific Linux (they really need to get a verified SSL cert), TaoLinux, WhiteBox Linux, Lineox, andBLAG. Other distros will need to use a different repository.

If you successfully get FFmpeg running on another distro, please comment your changes here and I’ll update the post (and make sure you get credit of course).

Also note that I experienced some bumps in the road while installing everything. While many of you may not experience these issues, I found it important to document these problems and how I fixed them in case you encounter them.

Preparing

The first thing that you need to do is set up the DAG repository. This repository is an actively-maintained repository that provides a staggering number of packages with current or near current builds. Adding this repository is a great way to run the latest offerings of many packages.

Adding the DAG repository is simple. I’m using yum, so I did the following to add the repository:

  1. Create and open a new file called /etc/yum.repos.d/dag.repo. I ran “vi /etc/yum.repos.d/dag.repo“.
  2. Add the following text to the file:
    [dag]
    name=DAG RPM Repository
    baseurl=http://apt.sw.be/redhat/el$releasever/en/$basearch/dag
    gpgcheck=1
    enabled=1
  3. Finally, save and close the file.

In order to successfully use the DAG repository with tools such as yum, you need to add DAG’s GPG key. Failure to do so will result in an error like the following:

warning: rpmts_HdrFromFdno: Header V3 DSA signature: NOKEY, key ID 6b8d79e6
Public key for faac.x86_64.1.26-1.el5.rf.rpm is not installed

In order to add the GPG key for DAG, run the following:

rpm --import http://apt.sw.be/RPM-GPG-KEY.dag.txt

The DAG: Frequently Asked Questions page has additional instructions on how to get the repository loaded and working on your distro.

Now that DAG is setup, it’s a good idea to update all your packages.

yum update

Depending on the packages you currently have installed, this could potentially upgrade, install, or replace numerous packages that may or may not be very important to you. Make sure you carefully look through that list and do any necessary preparations before telling yum that it can go ahead.

For example, yum told me that it was going to replace my current MySQL interface library for Perl with a new one. I added to my check list a note to verify that my Perl code functioned correctly after the install.

I ran into another hitch when I told yum to go ahead with the update. It informed me that my current version of Subversion conflicted with the new version it wanted to install. When this happens, you need to remove the old package before proceeding. This time, I made backups of all of my repositories and my /etc/sysconfig/svnserve file before proceeding just in case. I then removed Subversion “yum remove subversion“, ran the update process “yum update“, and installed Subversion again “yum install subversion“.

Installing – FFmpeg

Now you are ready to install FFmpeg with yum. I wanted to install all the available FFmpeg packages, so I first asked yum what was available.

yum search ffmpeg

Searching through the results, I found that three packages need to be installed: ffmpeg, ffmpeg-devel, and ffmpeg-libpostproc.

yum install ffmpeg ffmpeg-devel ffmpeg-libpostproc

Note: If you install ffmpeg-libpostproc, the entire FFmpeg software library changes from the LGPL license to the GPL license.

After a couple of minutes, the packages and the packages that they depend on were installed.

I simply ran “ffmpeg” from the command line, and I took the lack of threatening error or warning messages as a good sign that things were working.

Preparing for ffmpeg-php

I often work with programs through command line calls in code, but I wanted something more robust this time, so I looked around and foundffmpeg-php. Based on the API, it looks to be a great tool to interface PHP and FFmpeg.

There are four things that are required to successfully install and run ffmpeg-php; they are:

  • ffmpeg-0.4.9_pre1 or higher
  • php-4.3.0 or higher
  • gd-2.0 or higher
  • php-devel

PHP and FFmpeg should be good to go since at the time of this writing, DAG has PHP version 5.1.6 and FFmpeg version 0.4.9. GD and php-devel can be easily installed by running the following yum command:

yum install php-gd php-devel

In case you are wondering what php-devel is for, it installs the phpize program which is used to install ffmpeg-php.

Installing ffmpeg-php

Now we are ready to install ffmpeg-php. This can be done in six easy steps:

  1. Download the latest ffmpeg-php release
  2. Extract the archive:
    tar -xjf ffmpeg-php-X.x.x.tbz2
  3. cd ffmpeg-php-X.x.x/
  4. phpize
  5. ./configure && make
  6. sudo make install

Finishing Thoughts

This may seem like a lot of work when I earlier described this process as “simple,” but trust me that this is a thousand times easier than when I first tried installing FFmpeg. I think I spent three hours working on installing FFmpeg just to find out that it didn’t work the first time I tried.

Time and time again, package management has proven to be an extremely powerful tool. While I know the value of manually configuring and compiling code, the ease of simply using a package manager can reduce the time needed to install and manage software from hours or days to minutes.

I’m glad to see that FFmpeg has benefited from the use of these package managers and great repositories like the DAG RPM Repository.

Posted on

Install Transmission Client to RHEL / CentOS 6

Torrent Guide – Install Transmission Client to RHEL / CentOS 6

transmission

Transmission Bittorrent Client

Transmission is an open source and extremely lightweight Bittorrent client. It is available for any OS and comes with it’s own GUI interface.

Although Transmission is not as popular as rTorrent/ruTorrent for seedboxes, it is still a strong solid choice as it does not require a web server to be deployed on the OS and has a light memory footprint allowing for it to run in very-low ram VPS environments.

Installing Transmission-BT to CentOS 6

For this guide I will be using CentOS 6, but any RHEL distro should work with similar commands.

Transmission can be installed quite easily through the repositories, however it is not part of the default Red Hat repositories. First we will need to install the EPEL repository to our server:

You can find the lastest EPEL repositories here:

https://fedoraproject.org/wiki/EPEL

For simplicity sake you can always just following my guide with version as of time of this writing, as it will be updated when you do an upgrade anyways.

1
2
wget http://mirror.pnl.gov/epel/6/i386/epel-release-6-8.noarch.rpm
rpm -Uvh epel-release-6-8.noarch.rpm

Now with this repository added we can install Transmission via yum

1
2
yum -y update
yum -y install transmission transmission-daemon

Then start the process:

1
service transmission-daemon start

Test Transmission

Transmission uses port 9091 by default, try it now using your server’s IP or FQDN.

You will either see Transmission load, or you will see an error like this:

Transmission_-_2014-04-21_14.36.17

The reason for this error is because Transmission is setup by default to only accept connections from localhost. If you get this error proceed to the next step…

Configure Transmission For Remote Access

Before we modify the configuration we’ll want to stop the service. This is important!! Transmission will write it’s setting files on shutdown, so if we edit the settings now and “restart” Transmission then our changes just get overwritten.

1
service transmission-daemon stop

Now we can make changes to the settings.json file. Transmission will automatically write it’s config to the user’s home directory. By default the daemon process will be using “Transmission” user which is set to /var/lib/transmission rather then using the /home folders.

If you have trouble finding your settings.json you can always use the findcommand:

1
find / -name settings.json

Edit the settings.json file once you’ve located it:

1
nano /var/lib/transmission/.config/transmission/settings.json

Find the following lines:

    "rpc-whitelist": "127.0.0.1",
    "rpc-whitelist-enabled": true,

Change this according to your preferences. When a “White List” is set it means only those IP addresses can access the software. If you want to use the White List then set the appropriate IP addresses here. Otherwise we can just set the whitelist to false like so:

    "rpc-whitelist": "127.0.0.1",
    "rpc-whitelist-enabled": false,

Start our service back up:

1
service transmission-daemon start

And test:

Transmission_Web_Interface_-_2014-04-21_14.44.55

Success!

Posted on

How to install ffmpeg, ffmpeg-php on CentOS 6/7 (Cpanel Server)

FFmpeg

For EL6:

rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm
rpm -Uvh http://li.nux.ro/download/nux/dextop/el6/x86_64/nux-dextop-release-0-2.el6.nux.noarch.rpm

Install FFMpeg from ATRPMS Repository:

yum -y install ffmpeg ffmpeg-devel

How to check if FFMPEG is working?

Verify the ffmpeg version:

ffmpeg -version
[root@centos:~]ffmpeg -version
ffmpeg version 2.2.1
built on Apr 13 2014 13:00:18 with gcc 4.4.6 (GCC) 20120305 (Red Hat 4.4.6-4)
configuration: --prefix=/usr --libdir=/usr/lib64 --shlibdir=/usr/lib64 --mandir=/usr/share/man --enable-shared --enable-runtime-cpudetect --enable-gpl --enable-version3 --enable-postproc --enable-avfilter --enable-pthreads --enable-x11grab --enable-vdpau --disable-avisynth --enable-frei0r --enable-libopencv --enable-libdc1394 --enable-libgsm --enable-libmp3lame --enable-libnut --enable-libopencore-amrnb --enable-libopencore-amrwb --enable-libopenjpeg --enable-librtmp --enable-libspeex --enable-libtheora --enable-libvorbis --enable-libvpx --enable-libx264 --enable-libxavs --enable-libxvid --extra-cflags='-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic -fPIC' --disable-stripping
libavutil      52. 66.100 / 52. 66.100
libavcodec     55. 52.102 / 55. 52.102
libavformat    55. 33.100 / 55. 33.100
libavdevice    55. 10.100 / 55. 10.100
libavfilter     4.  2.100 /  4.  2.100
libswscale      2.  5.102 /  2.  5.102
libswresample   0. 18.100 /  0. 18.100
libpostproc    52.  3.100 / 52.  3.100

Check the supported formats:

ffmpeg -formats

Test converting videos. Here’s an example from mp4 to h264:

cd /usr/local/src
wget https://archive.org/download/WoodstockFestivalTrailer/Woodstock_Festival_Trailer.avi
ffmpeg -i Woodstock_Festival_Trailer.avi -vcodec libx264 Woodstock_Festival_Trailer-H264.avi

After done, you should see the new H264 file:

-rw-r--r-- 1 root root 20M May 4 2006 Woodstock_Festival_Trailer.avi
-rw-r--r-- 1 root root 15M Jan 30 10:01 Woodstock_Festival_Trailer-H264.avi

How can I work with ffmpeg using PHP?

Simple.  Just install php-ffmpeg extension. First, install REMI repo in order to get your php-ffmpeg package as below:

Let’s download the RPM file for CentOS 5.x and CentOS 6.x:

EPEL repo for  Centos 5.x

wget http://dl.fedoraproject.org/pub/epel/5/x86_64/epel-release-5-4.noarch.rpm
rpm -Uvh epel-release-5*.rpm

EPEL repo for Centos 6.x

wget http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
rpm -Uvh  epel-release-6*.rpm

EPEL repo for Centos 7.x

wget http://download.fedoraproject.org/pub/epel/beta/7/x86_64/epel-release-7-0.2.noarch.rpm
rpm -Uvh  epel-release-6*.rpm

That command will install the EPEL repo inside your /etc/yum.repos.d directory.

then

Manually, install FFmpeg-Php
        cd /usr/local/src
        wget http://sourceforge.net/projects/ffmpeg-php/files/ffmpeg-php/0.6.0/ffmpeg-php-0.6.0.tbz2
        tar jxvf ffmpeg-php-0.6.0.tbz2
        cd ffmpeg-php-0.6.0
        phpize
        ./configure
        make
If you get (error make: *** [ffmpeg_frame.lo] Error 1) do this commands.
sed -i 's/PIX_FMT_RGBA32/PIX_FMT_RGB32/g' ffmpeg_frame.c
 OR
 vi ffmpeg_frame.c
 :%s/PIX_FMT_RGBA32/PIX_FMT_RGB32
:wq
Then rerun "./configure && make" and if all went fine make install make install If no error skil to step 5. Step 5. Now adding to php.ini echo 'extension=ffmpeg.so' >> /usr/local/lib/php.ini Step 6. Now test php with ffmpeg php -r 'phpinfo();' | grep ffmpeg

-i | grep ffmpeg -i

/etc/php.d/ffmpeg.ini,
ffmpeg
ffmpeg-php version => 0.7.0
ffmpeg-php built on => Jan  1 2013 09:50:55
ffmpeg-php gd support  => enabled
ffmpeg libavcodec version => Lavc53.61.100
ffmpeg libavcodec license => GPL version 3 or later
ffmpeg libavformat version => Lavf53.32.100
ffmpeg libavformat license => GPL version 3 or later
ffmpeg swscaler version => SwS2.1.100
ffmpeg swscaler license => GPL version 3 or later

When you run command ./configure if you get error: configure: error: ffmpeg headers not found. Make sure ffmpeg is compiled as shared libraries using the –enable-shared option. Check some library with command:

rpm -ql ffmpeg-devel

In On CentOS 6/7 with nux-dextop installed ffmpeg-devel

locate avio.h avformat.h avcodec.h
/usr/include/ffmpeg/libavcodec/avcodec.h
/usr/include/ffmpeg/libavfilter/avcodec.h
/usr/include/ffmpeg/libavformat/avformat.h
/usr/include/ffmpeg/libavformat/avio.h
/usr/share/doc/ffmpeg/libavcodec.html
/usr/share/doc/ffmpeg/libavformat.html

Now  do command:

[root@centos ffmpeg-php-0.6.0]# strace -f -o /ffmpeg-strace ./configure --with-php-config=/usr/bin/php-config --with-ffmpeg=/usr --includedir=/usr/include/ffmpeg

Then:

cat /ffmpeg-strace | egrep 'avio.h|avformat.h|avcodec.h'

Looks like ffmpeg-devel installed headers at

  • /usr/include/ffmpeg/libavcodec/avcodec.h
  • /usr/include/ffmpeg/libavfilter/avcodec.h
  • /usr/include/ffmpeg/libavformat/libavformat.h
  • /usr/include/ffmpeg/libavformat/avio.h

Problem is specific to avcodec.h, avformat.h, avio.h and swscale.h – so what about symlinking them

ln -s /usr/include/ffmpeg/libavcodec/avcodec.h /usr/include/ffmpeg/avcodec.h
ln -s /usr/include/ffmpeg/libavformat/libavformat.h /usr/include/ffmpeg/libavformat.h
ln -s /usr/include/ffmpeg/libavformat/libavformat.h /usr/include/ffmpeg/libavformat.h
ln -s /usr/include/ffmpeg/libswscale/swscale.h /usr/include/ffmpeg/swscale.h

Then configure and make again:

./configure && make
Posted on

How To Install And Run VLC On CentOS 6/7 As Root

VLC media player (commonly known as VLC) is a portable, free and open-source, cross-platform media player and streaming media server written by the VideoLAN project. VLC media player supports many audio and video compression methods and file formats, including DVD-Video, video CD and streaming protocols. It is able to stream media over computer networks and to transcode multimedia files.

The default distribution of VLC includes a large number of free decoding and encoding libraries, avoiding the need for finding/calibrating proprietary plugins. Many of VLC’s codecs are provided by the libavcodec library from the FFmpeg project, but it uses mainly its own muxer and demuxers and its own protocols implementations. It also gained distinction as the first player to support playback of encrypted DVDs on Linux and OS X by using the libdvdcss DVD decryption library.

For EL7:

Install  EPEL   from   http://www.unixmen.com/install-epel-repository-centos-rhel-7/
rpm -Uvh http://li.nux.ro/download/nux/dextop/el7/x86_64/nux-dextop-release-0-1.el7.nux.noarch.rpm

For EL6:

rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm
rpm -Uvh http://li.nux.ro/download/nux/dextop/el6/x86_64/nux-dextop-release-0-2.el6.nux.noarch.rpm

Now:

yum update
yum  install vlc

vlc

There are not so many ways to make VLC Player work as root, and I have found this way is very easy and fast to make VLC Player Work as root.

Let me make one thing more clear that VLC is not only media player it can do so many things and Running VLC as root is very very risky. So think many times before you run VLC as root.

I have only tested that VLC can open using root user, have not tested other features. So take a note of this.

DO IT AT YOUR OWN RISK.

Before starting it let me tell you that please take a backup of original VLC file so you can recover if anything worst.

Perform following steps to Run VLC Player as root

 

 

1) Install Hexedit Package for your System

[root@vps ~]# yum install hexedit

2) Now Execute Following command take backup of Original VLC Command :-

[root@vps ~]# cp -p /usr/bin/vlc /usr/bin/vlc_original_bin

3) Now Open /usr/bin/vlc into hexeditor, Execute Following command :-

[root@vps ~]# hexedit /usr/bin/vlc

4) Now Press “TAB” Key.

5) Now Press “CTRL + s” to search ASCII String.

6) In Search Box, Now Type “geteuid” and Replace it with “getppid”

7) Now Press “CTRL + x” to Save the file.

8) That’s it. Now You can Open VLC using Command and From Menu too.

 

Posted on

How to Install the latest version of s3cmd tool on Linux

Please install the required packages before installing the s3cmd tool and download the source zip from github:

sudo yum install unzip python-pip
wget https://github.com/s3tools/s3cmd/archive/master.zip

7

Unzip the downloaded source zip file and move to the unzipped directory:

unzip master.zip
cd s3cmd-master/

8

Once you have moved to the unzipped directory then just run this command:

sudo python setup.py install

9

Install the dateutil module, which is powerful extensions to the datetime module that is available in the Python standard library:

sudo pip install python-dateutil

10

Check the installed version of s3cmd tool:

s3cmd --version

s3cmd version

After installation, run the following command in order to configure the s3cmd tools using your AMAZON ACCESS KEY and SECRET KEY.

s3cmd --configure

11

Enjoy

Posted on

Initial Settings after installing the CentOS 7

1) To change the hostname permanently, edit the following file:

sudo vi /etc/hostname

centos7

Here you can simply put the name of your system (in my case, I have assigned it CentOS-7):

centos7 (1)

After that, edit the hosts file:

sudo vi /etc/hosts

centos7 (2)

Here add the same name, that you have added in the /etc/hostname file, after 127.0.0.1:

centos7 (3)

After reboot, it will display the new hostname.

2) After login to the CentOS7 server(minimal installation), you will notice that the system doesn’t have ifconfig command :

centos7 (4)

Install the net-tools package which will include ifconfig:

sudo yum install net-tools

centos7 (5)

Try the ifconfig command once again:

centos7 (6)

3) Change the default network interface name to “eth0″

CentOS7 has a default nic name as “en016…..”, as we can see in above screenshoot. To change it back to the default network device name like “ethX”, edit the grub file:

sudo vi /etc/default/grub

centos7 (7)

Search for the line “GRUB_CMDLINE_LINUX” and append the following: “net.ifnames=0 biosdevname=0

Will look like this:

GRUB_CMDLINE_LINUX="rd.lvm.lv=rootvg/usrlv rd.lvm.lv=rootvg/swaplv crashkernel=auto 
vconsole.keymap=usrd.lvm.lv=rootvg/rootlv vconsole.font=latarcyrheb-sun16 rhgb 
quiet net.ifnames=0 biosdevname=0"

centos7 (8)

Create a new configuration based on the currently running system using grub2-mkconfig command:

sudo grub2-mkconfig -o /boot/grub2/grub.cfg

centos7 (9)

Rename the interface files by renaming the file “/etc/sysconfig/network-scripts/ifcfg-en01…

sudo mv /etc/sysconfig/network-scripts/ifcfg-eno16777736 /etc/sysconfig/network-scripts/ifcfg-eth0

centos7 (10)

Reboot the system:

centos7 (11)

After reboot, check the interface name:

centos7 (12)

4) Configure the static ip on the server:

Edit the interface file under /etc/sysconfig/network-scripts/ directory:

sudo vi /etc/sysconfig/network-scripts/ifcfg-eth0

centos7 (13)

Here is my ifcfg-eth0 file as a sample, please change it according to your requirement:

DEVICE="eth0"
ONBOOT=yes
BOOTPROTO=static
IPADDR=192.168.250.50
NETMASK=255.255.255.0
GATEWAY=192.168.250.2
DNS1=192.168.250.2

centos7 (14)

Stop and disable the NetworkManager service, because we don’t need it on the server:

sudo systemctl stop NetworkManager 
sudo systemctl disable NetworkManager

centos7 (15)

Restart the network service(Be careful, if you are connecting remotely, because you will be disconnected after issue this command):

sudo service network restart

centos7 (16)

Check the newly assigned static ip:

centos7 (17)

5) Disable IPv6:

First check that IPv6 is enabled or not:

lsmod | grep -i ipv6

centos7 (18)

Edit the grub file:

sudo vi /etc/default/grub

centos7 (19)

Search for the line “GRUB_CMDLINE_LINUX” and add the following at the beginning: “ipv6.disable=1

Will look like this:

GRUB_CMDLINE_LINUX="ipv6.disable=1 rd.lvm.lv=rootvg/usrlv...

centos7 (20)

Create a new configuration based on the currently running system using grub2-mkconfig command:

sudo grub2-mkconfig -o /boot/grub2/grub.cfg

centos7 (21)

Reboot the system:

centos7 (22)

Once again, check the IPv6 on the system:

centos7 (23)

6) EPEL repository on Centos 7

To install the EPEL repository, issue the following command:

sudo rpm -Uvh http://dl.fedoraproject.org/pub/epel/beta/7/x86_64/epel-release-7-0.2.noarch.rpm

centos7 (24)

List your new repos:

sudo yum repolist

centos7 (25)

7) Enable iptables services(instead of firewalld):

When you will try to start/restart the iptables on newly install server, will get this error:

centos7 (26)

To fix this error, install the iptables-services package:

sudo yum install iptables-services

centos7 (27)

Re-run the command to restart the iptables:

sudo service iptables restart

centos7 (28)

Hope this will help you!

Posted on

How to Install the latest LEMP Stack on CentOS 6.5

In this tutorial,we’ll learn that how we can install the latest LEMP (Nginx, MySQL & PHP) Stack and it’s initial configuration on CentOS 6.5, because Base and EPEL repo are containing really old version of LEMP Stack.

Please add the required repos by using the following commands:

sudo rpm --import http://ftp.riken.jp/Linux/fedora/epel/RPM-GPG-KEY-EPEL-6
sudo rpm -ivh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
sudo rpm -Uvh http://mirror.webtatic.com/yum/el6/latest.rpm
sudo yum repolist

1

We’ll have mysql55-libs conflicts with mysql-libs error, if we’ll proceed like this. To resolve this conflict, we need to issue these commands:

sudo yum install yum-plugin-replace
sudo yum replace mysql-libs --replace-with mysql55w-libs

2

Now, we can safely issue this command to install the latest version of Nginx, MySQL and PHP with PHP-Fpm:

sudo yum install nginx16 mysql55w mysql55w-server php55w php55w-opcache php55w-fpm

3

Enable Nginx, MySQL and PHP-FPM to automatically begin when the server boot:

sudo chkconfig nginx on
sudo chkconfig mysqld on
sudo chkconfig php-fpm on

3a

Secure the PHP by editing the php.ini file:

sudo vi /etc/php.ini

4

Uncomment the cgi.fix_pathinfo and change it from 1 to 0:

cgi.fix_pathinfo=0

5

Edit the  /etc/php-fpm.d/www.conf  file:

sudo vi /etc/php-fpm.d/www.conf

6

Change the user and group:

user = nginx
group = nginx

7

Next we need to do some modification in default nginx.conf file:

sudo vi /etc/nginx/nginx.conf

8

Increase the worker processes from 1 to 4:

9

Also delete the default server config block to make the file more concise:

10

Move to the /etc/nginx/conf.d/ directory:

cd /etc/nginx/conf.d/

11

Next, we’ll create the virtual host file for our domain (In my case it’s rbgeek.conf):

sudo vi rbgeek.conf

12

This is a basic virtual host config file:

server {
       listen 80;
       server_name rbgeek.com;

       access_log /var/log/nginx/rbgeek_access.log main;
       error_log /var/log/nginx/rbgeek_error.log;
     
   location / {
       root /var/www/rbgeek;
       index index.php index.html index.htm;
   }
   
   # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000

   location ~ .php$ {
       root /var/www/rbgeek;
       fastcgi_pass 127.0.0.1:9000;
       fastcgi_index index.php;
       fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
       include fastcgi_params;
       fastcgi_intercept_errors on;
   }
}

13

Finally, restart the Nginx and PHP-FPM services:

sudo service nginx restart
sudo service php-fpm restart

13a

Create a directory structure for the website under /var/www/.If you have another preference, please update the config files accordingly:

sudo mkdir -p /var/www/rbgeek

14

Adjust the permission:

sudo chgrp -R nginx /var/www/rbgeek
sudo chmod g+s /var/www/rbgeek

15

Create a phpinfo page to verify that the php is working correctly with Nginx:

sudo vi /var/www/rbgeek/info.php

16

Add the following code in it:

<?php
phpinfo();
?>

17

Navigate to the site in web browser and verify that the php information is returned:

http://rbgeek.com/info.php

20

(Optional) Verify that all the packages are updated by using the code in your index page:

19

Hope this will help you!

Posted on

Site-to-Site VPN between AWS VPC and Customer Site using Linux

In this tutorial, we will use the previous scenario on AWS side for the creation of site-to-site vpn between AWS VPC and Local site. On Amazon side, we’ll use Ubuntu 14.04 LTS, which will act as gateway for private subnet(s) plus the vpn gateway, while on the Local site, we’ll use the CentOS 6.5, which will perform the same tasks as of Ubuntu on AWS side (gateway for LAN plus vpn gateway).

modify vpc

Note: Please don’t waste your time in hacking, all these public devices and IP(s) are Temporary, I have destroyed them after finished this tutorial.

VPN Configuration on AWS VPC:

Please add the udp ports 500 & 4500 on NAT instance security group:

1

Also allow the ICMP packet on internal subnet security group from the remote LAN for testing purpose:

2

Now, install the desired package(s) for ipsec:

apt-get install iptables openswan

1

Edit the sysctl.conf file:

vi /etc/sysctl.conf

2

Add the following parameters inside it:

net.ipv4.ip_forward=1

net.ipv4.conf.default.rp_filter = 0
net.ipv4.conf.all.rp_filter = 0

net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.icmp_ignore_bogus_error_responses = 1
net.ipv4.conf.default.log_martians = 0
net.ipv4.conf.all.log_martians = 0

net.ipv4.conf.default.accept_source_route = 0
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.default.accept_redirects = 0

net.ipv4.neigh.default.gc_thresh1 = 1024
net.ipv4.neigh.default.gc_thresh2 = 2048
net.ipv4.neigh.default.gc_thresh3 = 4096

3

Modify the rc.local file:

vi /etc/rc.local

4

Modify the MASQUERADE rule that we had added in the previous tutorial (Please adjust it according to your scenario):

iptables -t nat  -A POSTROUTING -s 10.100.0.0/16 ! -d 172.16.10.0/24 -o eth0 -j MASQUERADE

5Note: Please Reboot your machine once, so that changes will take effect.

Edit the ipsec.conf file:

vi /etc/ipsec.conf

6

Here is mine working ipsec.conf file, please adjust your’s as per your requirement:

version 2.0

config setup
 nat_traversal=yes
 protostack=netkey
 force_keepalive=yes
 keep_alive=60
 oe=off
 nhelpers=0

conn AWS2LocalConnection
 left=10.100.10.10
 leftsubnets=10.100.0.0/16
 leftid=54.219.146.242
 leftsourceip=10.100.10.10
 right=25.109.210.76
 rightsubnets=172.16.10.0/24
 rightid=25.109.210.76
 pfs=no
 forceencaps=yes
 authby=secret
 auto=start

7

Edit the shared secret file:

vi /etc/ipsec.secrets

8

Mine ipsec.secrets file as an example:

9

VPN Configuration on Local Site:

Before beginning the configuration, please verify that the selinux is disabled:

sestatus

2a

Install the openswan on CentOS, along with the desired packages:

yum install wget bind-utils openswan lsof

3

Configure the Openswan to start at boot time:

chkconfig ipsec on

4

Edit the sysctl.conf file on CentOS:

vi /etc/sysctl.conf

5

Add/Edit the following parameters:

net.ipv4.ip_forward = 1
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.all.send_redirects = 0

6

Edit the iptables rule file:

vi /etc/sysconfig/iptables

7

Modify your iptables file according to your scenario, here are the desired iptables rules, please adjust them accordingly:

*nat
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A POSTROUTING -s 172.16.10.0/24 ! -d 10.100.0.0/16 -o eth0 -j MASQUERADE
COMMIT
###########
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -i eth1 -p udp -m udp --sport 67:68 --dport 67:68 -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -p udp -m udp --dport 500 -j ACCEPT
-A INPUT -p udp -m udp --dport 4500 -j ACCEPT
-A INPUT -i eth0 -p esp -j ACCEPT
-A INPUT -p tcp -m tcp --dport 4500 -j ACCEPT
-A FORWARD -i eth0 -o eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i eth1 -o eth0 -j ACCEPT
COMMIT

8Note: Please Reboot your machine once, so that changes will take effect.

Edit the ipsec.conf file:

vi /etc/ipsec.conf

9

Here is mine working ipsec.conf file on Local site, please adjust your’s as per your requirement:

version 2.0

config setup
 nat_traversal=yes
 protostack=netkey
 force_keepalive=yes
 keep_alive=60
 oe=off
 nhelpers=0

conn Local2AWSConnection
 type=tunnel
 left=172.16.10.10
 leftsubnets=172.16.10.0/24
 leftid=25.109.210.76
 leftsourceip=172.16.10.10
 right=54.219.146.242
 rightsubnets=10.100.0.0/16
 rightid=54.219.146.242
 pfs=no
 forceencaps=yes
 authby=secret
 auto=start

10

Edit the shared secret file:

vi /etc/ipsec.secrets

11

Mine ipsec.secrets file as an example on Local Site:

12

Restart the IPSec Service & verify its status on both Sides:

Restart the IPSec service on Ubuntu at AWS VPC:

service ipsec restart

10

Restart the IPSec service on CentOS at Local Site:

service ipsec restart

13

Verify the status of IPSec service on Ubuntu at AWS VPC:

service ipsec status

11

Verify the status of IPSec service on CentOS at Local Site:

service ipsec status

14

Verify the IPSec Tunnel status on both servers:

ipsec whack --status | grep -i established 

11a

14aNote: established means that tunnel is up and traffic will traverse through it

Verify the Route Table on both servers:

route -n

12

15

Verify that the Traffic is passing through the Tunnel:

Ping from the AWS vpn gateway to the machine on Local LAN (I have Win XP machine on local LAN with an ip 172.16.10.100).

14

Ping from AWS VPC private Subnet to Local LAN for verification:

15

Ping from the Local vpn gateway to the machine on VPC Private subnet (I have Webserver on private subnet with an ip 10.100.20.20).

16

Ping from Local LAN  to AWS VPC private Subnet for verification:

17

Testing Without Ping (Using the following reference)

If you don’t have a box to target that should respond to ping, you can try running a port scan to see if you can at least reach the machine.

# nmap -PN <something_on_right_subnet>

Monitoring traffic

While you’re running your ping or nmap, you can view the traffic with tcpdump.

# tcpdump -n host <RIGHT_PUBLIC_IP>

If you don’t see ESP packets in tcpdump, then they aren’t being tunneled. Try:

# tcpdump -n host <something_on_right_subnet>

If that shows ICMP (or other if using nmap) packets, then you’re sending packets around the tunnel.

VERY Useful Tip:

If the Tunnel didn’t come up after the configuration, just restart the server and also start the ping from your LAN host to other side LAN host.

Please Remember me in your prayers!

Enjoy 🙂

References:

1) http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Scenario2.html
2) https://gist.github.com/winhamwr/2871257
3) http://stackoverflow.com/questions/21761830/site-to-site-openswan-vpn-tunnel-issues-with-aws
4) http://clauseriksen.net/2011/02/02/ipsec-on-debianubuntu/
5) http://blog.earth-works.com/2013/02/22/how-to-set-up-openswan-l2tp-vpn-server-on-centos-6/
6)https://raymii.org/s/tutorials/IPSEC_L2TP_vpn_on_CentOS_-_Red_Hat_Enterprise_Linux_or_Scientific_-_Linux_6.html
7)http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch35_:_Configuring_Linux_VPNs#.U1tZZ-aSwuj
8) http://www.whiteboardcoder.com/2012/12/amazon-aws-vpc-iptables-and-nat-route.html