(Globalement obsolète en 2023)
Objet
Cachet is software that improves downtime.
Great companies all over the world are using Cachet to better communicate downtime and system outages to their customers, teams and shareholders.
Cachet est une page de statut des services
Conditions préalables
To run Cachet on your CentOS 7 system you will need a couple of things:
- PHP version 7.1 or greater
- HTTP server with PHP support (eg: Nginx, Apache, Caddy)
- Composer
- A supported database: MySQL, PostgreSQL or SQLiteGit
Exigences
- A CentOS 7 operating system.
- A non-root user with sudo privileges.
Préliminaires
- (A compléter)
Installation – Etape 1
Verify installed version of CentOS :
cat /etc/centos-releaseAjouter votre user en sudoers :
sudo usermod -aG wheel <votreuser>Set up the timezone:
timedatectl list-timezonessudo timedatectl set-timezone 'Region/City'Update your operating system packages (software). This is an important first step because it ensures you have the latest updates and security fixes for your operating system’s default software packages:
sudo yum upgdate -yInstall some essential packages that are necessary for basic administration of the CentOS operating system:
sudo yum install -y curl wget vim git unzip socat bash-completionInstalling PHP on CentOS 8
CentOS 8 is distributed with PHP 7.2. This version supports most of the modern PHP applications, but will no longer be actively maintained as of November 2019. The newer PHP versions are available from the Remi repository.
Enable the Remi repository
If you’re going to install the distro stable PHP version 7.2, skip this step. Otherwise, if you want to install PHP 7.3 or 7.4 enable the Remi repository by running the following command as root or user with sudo privileges:
sudo dnf install dnf-utils http://rpms.remirepo.net/enterprise/remi-release-8.rpmThe command above will also enable the EPEL repository.
Once the installation is complete, run the command below to get a list of all available PHP versions:
sudo dnf module list phpThe output will show a list of all available modules, including the associated stream, version, and installation profiles.
Last metadata expiration check: 0:02:11 ago on Fri 18 Oct 2019 08:31:43 PM UTC.
CentOS-8 - AppStream
Name Stream Profiles Summary
php 7.2 [d][e] common [d], devel, minimal PHP scripting language
Remi's Modular repository for Enterprise Linux 8 - x86_64
Name Stream Profiles Summary
php remi-7.2 common [d], devel, minimal PHP scripting language
php remi-7.3 common [d], devel, minimal PHP scripting language
php remi-7.4 common [d], devel, minimal PHP scripting language
Hint: [d]efault, [e]nabled, [x]disabled, [i]nstalled
The default PHP module is set to PHP 7.2. To install a newer PHP release, enable the appropriate version:
PHP 7.3
sudo dnf module reset phpsudo dnf module enable php:remi-7.3
PHP 7.4
sudo dnf module reset phpsudo dnf module enable php:remi-7.4
You are now ready to install PHP on your CentOS server.
Install PHP
The following command will install PHP and some of the most common PHP modules:
sudo dnf install php php-opcache php-gd php-curl php-mysqlnd php-json php-simplexml php-xml php-mbstring php-tokenizer
FPM is installed as a dependency and used as FastCGI server. Start the FPM service and enable it to automatically start on boot:
sudo systemctl enable --now php-fpmConfiguring PHP to work with Apache
If SELinux is running on your system, you’ll need to update the SELinux security context:
sudo chcon -t httpd_sys_rw_content_t /var/wwwIf you are using Apache as your web server, restart the httpd service using the following command, and you are good to go:
sudo systemctl restart httpdConfiguring PHP to work with Nginx (nouse)
By default, PHP FPM runs as user apache. To avoid permission issues, we’ll change the user to nginx. To do so, edit the lines highlighted in yellow:
sudo nano /etc/php-fpm.d/www.conf/etc/php-fpm.d/www.conf
...
user = nginx
...
group = nginxCopy
Make sure the /var/lib/php directory has the correct ownership:
chown -R root:nginx /var/lib/phpOnce done, restart the PHP FPM service:
sudo systemctl restart php-fpmNext, edit the Nginx virtual host directive, and add the following location block so that Nginx can process PHP files:
server {
# . . . other code
location ~ \.php$ {
try_files $uri =404;
fastcgi_pass unix:/run/php-fpm/www.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}Copy
For the new configuration to take effect, restart the Nginx service:
sudo systemctl restart nginxUpdate the SELinux security context:
sudo chcon -tR httpd_sys_rw_content_t /var/wwwConclusion
PHP 7.2 is available for installation from the default CentOS 8 repositories. If you want to install more recent version you need to enable the Remi repository.
Tests
Add php test page:
echo '<?php phpinfo();' | sudo tee /var/www/html/info.phpBrowse to your server IP on http://localhost/info.php to see php in action.
Enjoy using PHP 7.2 on CentOS 8 / RHEL 8
By default, CentOS 8/RHEL 8 forbids public access to port 80. To allow other computers to access the web page, we need to open port 80 in firewalld, the dynamic firewall manager on RHEL/CentOS. Run the following command to open port 80.
firewall-cmd --permanent --zone=public --add-service=http
If you want to enable HTTPS on Apache later, then you also need to open port 443.
firewall-cmd --permanent --zone=public --add-service=https
The --permanent option will make this firewall rule
persistent across system reboots. Next, reload the firewall daemon for
the change to take effect.
systemctl reload firewalld
Now the Apache web page is accessible publicly.
Finally, we need to make user apache as the owner of web directory. By default it’s owned by the root user.
chown apache:apache /var/www/html -R
Step 2 – Installing MariaDB
Now, it’s time to install the database server
sudo yum install mariadb-server mariadb
When the MariaDB is installed, issue the command below to start it
sudo systemctl start mariadb
Enable auto start at system boot time.
systemctl enable mariadb
Check status:
systemctl status mariadb
output:
● mariadb.service - MariaDB 10.3 database server
Loaded: loaded (/usr/lib/systemd/system/mariadb.service; enabled; vendor preset: disabled)
Active: active (running) since Sat 2019-10-12 09:02:53 UTC; 33s ago
Docs: man:mysqld(8)
https://mariadb.com/kb/en/library/systemd/
Main PID: 18608 (mysqld)
Status: "Taking your SQL requests now..."
Tasks: 30 (limit: 5092)
Memory: 77.0M
CGroup: /system.slice/mariadb.service
└─18608 /usr/libexec/mysqld --basedir=/usr
“Enabled” indicates that auto start at boot time is enabled and we can see that MariaDB server is running. Now we need to run the security script.
mysql_secure_installation
When it asks you to enter MariaDB root password, press Enter key as the root password isn’t set yet. Then enter y to set the root password for MariaDB server.
Next, you can press Enter to answer all remaining questions, which
will remove anonymous user, disable remote root login and remove test
database. This step is a basic requirement for MariaDB database
security. (Note that the letter Y is capitalized, which means it’s the default answer.)
Now you can run the following command and enter MariaDB root password to log into MariaDB shell.
mysql -u root -p
Connect to MariaDB shell as the root user:
sudo mysql -u root -p
# Enter passwordCreate an empty MariaDB database and user for Cachet and remember the credentials:
MariaDB> CREATE DATABASE cachet;
MariaDB> GRANT ALL ON cachet.* TO 'dbuser_cachet' IDENTIFIED BY 'password';
MariaDB> FLUSH PRIVILEGES;To exit, run
exit;
Step 3 – Install Acme.sh client and obtain Let’s Encrypt certificate (optional)
Securing your website with HTTPS is not necessary, but it is a good practice to secure your site traffic. In order to obtain a TLS certificate from Let’s Encrypt we will use acme.sh client. Acme.sh is a pure UNIX shell software for obtaining TLS certificates from Let’s Encrypt with zero dependencies.
Download and install acme.sh:
sudo su - root
git clone https://github.com/Neilpang/acme.sh.git
cd acme.sh
./acme.sh --install --accountemail your_email@example.com
source ~/.bashrccd ~Check acme.sh version:
acme.sh --version
# v2.8.0Obtain RSA and ECC/ECDSA certificates for your domain/hostname:
# RSA 2048
acme.sh --issue --standalone -d example.com --keylength 2048
# ECDSA
acme.sh --issue --standalone -d example.com --keylength ec-256If you want fake certificates for testing you can add --staging flag to the above commands.
After running the above commands, your certificates and keys will be in:
- For RSA:
/home/username/example.comdirectory. - For ECC/ECDSA:
/home/username/example.com_eccdirectory.
To list your issued certs you can run:
acme.sh --listCreate a directory to store your certs. We will use the /etc/letsencrypt directory.
mkdir -p /etc/letsecnrypt/example.comsudo mkdir -p /etc/letsencrypt/example.com_ecc
Install/copy certificates to /etc/letsencrypt directory.
# RSA
acme.sh --install-cert -d example.com --cert-file /etc/letsencrypt/example.com/cert.pem --key-file /etc/letsencrypt/example.com/private.key --fullchain-file /etc/letsencrypt/example.com/fullchain.pem --reloadcmd "sudo systemctl reload nginx.service"
# ECC/ECDSA
acme.sh --install-cert -d example.com --ecc --cert-file /etc/letsencrypt/example.com_ecc/cert.pem --key-file /etc/letsencrypt/example.com_ecc/private.key --fullchain-file /etc/letsencrypt/example.com_ecc/fullchain.pem --reloadcmd "sudo systemctl reload nginx.service"All the certificates will be automatically renewed every 60 days.
After obtaining certs exit from root user and return back to normal sudo user:
exitStep 5 – Install Composer
Install Composer, the PHP dependency manager globally:
php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
php -r "if (hash_file('sha384', 'composer-setup.php') === 'c5b9b6d368201a9db6f74e2611495f369991b72d9c8cbd3ffbc63edff210eb73d46ffbfce88669ad33695ef77dc76976') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); } echo PHP_EOL;"
php composer-setup.php
php -r "unlink('composer-setup.php');"
sudo mv composer.phar /usr/local/bin/composer
If the code above no longer run correctly, go to there : https://getcomposer.org/download/
When instalation is finished, check Composer version:
composer --version
# Composer version 1.8.4 2019-02-11 10:52:10Step 6 – Install Cachet
Create a document root directory where Cachet should reside in:
sudo mkdir -p /var/www/cachetChange ownership of the /var/www/cachet directory to {your_user}:
sudo chown -R {your_user}:{your_user} /var/www/cachetNOTE: Replace {your_user} with your initially created non-root user username.
Navigate to the document root directory:
cd /var/www/cachetDownload the Cachet source code with Git:
git clone -b 2.4 --single-branch https://github.com/cachethq/Cachet.git .Copy .env.example to .env file and configure database and APP_URL settings in .env file:
cp .env.example .env
nano .envInstall Cachet dependencies with Composer:
composer install --no-dev -oUp to 5 minutes of installation….
Ignore errors (!!)
Set up the application key by running:
php artisan key:generateInstall Cachet:
php artisan cachet:installNow, run the command below to generate a new virtualhost for web application:
sudo nano /etc/httpd/conf.d/status.yourdomain.com.conf
Once this file opens, add the content below:
<VirtualHost *:80>
ServerAdmin admin@yourdomain.fr
DocumentRoot"/var/www/cachet/public"
ServerName status.yourdomain.com
ServerAlias www.status.yourdomain.com
<Directory "/var/www/cachet/public">
Options Indexes FollowSymLinks
AllowOverrideAll
Order allow,deny
Allow from all
Requireall granted
</Directory>
ErrorLog"/var/log/httpd/status.yourdomain.com-error_log"
CustomLog"/var/log/httpd/status.yourdomain.com-access_log" combined
</VirtualHost>
Restart Apache :
sudo systemctl restart httpd
Open your site in a web browser and follow the instructions on the screen to finish Cachet installation.
Sources
- https://linuxize.com/post/how-to-install-php-on-centos-8/
- https://hostadvice.com/how-to/how-to-install-cachethq-on-a-centos-7-vps-or-dedicated-server/
- https://www.linuxbabe.com/redhat/install-lamp-stack-centos-8-rhel-8
- https://www.howtoforge.com/how-to-install-cachet-status-page-system-on-centos-7/
- https://www.cloudbooklet.com/install-php-7-4-on-centos-8-or-rhel-8/
- https://computingforgeeks.com/install-and-configure-phpmyadmin-on-rhel-8/
- https://computingforgeeks.com/how-to-configure-ntp-server-using-chrony-on-rhel-8/
- https://www.vultr.com/docs/how-to-install-cachet-on-debian-10