CentOS Server Setup

This post was ported from my old blog


In this post I will write the steps I followed to set up a CentOS 7 VPS to host my (old) Django website.

This guide will cover the CentOS setup, then a separate guide will explain Django, NGINX & Gunicorn

Getting a VPS

I chose Scaleway as a VPS provider since the competitive prices, but any VPS will do.

Note from the future:
Working flawlessly for almost 1 year straight. I'm using the DEV1-M plan, which gives me 40GB SSD, 4GB RAM, and 3 vCPUs (AMD EPYC 7281) located in Amsterdam for a total of 10.72€/month.

First access

Once you have your VPS running, in your Scaleway profile you should see a "Credentials" page.
There you can add your PC's public SSH key (usually called id_rsa.pub), so you can access your VPS without using a password.

Note: on your PC you can use this command to see the public key, then you can copy it.

1cat ~/.ssh/id_rsa.pub

Once done, SSH to your VPS and it should work.

Manage users and access

First of all, if not already done, change the root user's password.

1passwd root

Then create a new user with sudo privileges that will be used for everything from now on. This isn't really necessary, but for security reasons, it's better to not use the root user directly.

1adduser simone # Create user 
2passwd simone # Set user password 
3gpasswd -a simone wheel # Add user to sudoers

Now copy the authorized SSH keys to the newly created user, to be able to access it over SSH later.

1mkdir /home/simone/.ssh 
2cp ~/.ssh/authorized_keys /home/simone/.ssh/ 
3chown -R simone:simone /home/simone/.ssh

You can now switch to the newly created user.

1su - simone

Now create the folder that will contain all the websites/webapps (in my case I called it "webapps" inside my user's home folder).

1mkdir /home/simone/webapps

Update CentOS

Let's update CentOS.

1sudo yum update -y

Install some packages

Let's install some packages we will need later (at least for Django hosting), if not already present.

1sudo yum install -y epel-release 
2sudo yum install -y nano 
3
4# Python 3 is required for Django >= 2.0 (and Python 2 is deprecated)
5sudo yum install -y python3 
6# NGINX will be used in the next post ("Django, Nginx & Gunicorn") 
7sudo yum install -y nginx 
8
9sudo pip3 install --upgrade pip

One last important step for your user: if you use Django with NGINX, you need to add your user to the NGINX group and set permission for your home folder, or NGINX will not be able to see your static files.

1# Add your user to NGINX group 
2sudo usermod -a -G simone nginx 
3
4# Update your home folder permissions 
5chmod 710 /home/simone

Setting up SELinux

CentOS uses SELinux with enforcing mode by default, it's a security measure that will block pretty much everything you do.
If you don't do anything stupid in CentOS, or you are just testing, you can just disable it as follows.

Use sudo nano /etc/selinux/config to open the Selinux config, search for SELINUX and set it to disabled.

1# This file controls the state of SELinux on the system. 
2# SELINUX= can take one of these three values: 
3#    enforcing - SELinux security policy is enforced. 
4#    permissive - SELinux prints warnings instead of enforcing. 
5#    disabled - No SELinux policy is loaded. 
6SELINUX=disabled 
7# SELINUXTYPE= can take one of these two values: 
8#    targeted - Targeted processes are protected, 
9#    mls - Multi Level Security protection. 
10SELINUXTYPE=targeted

You will have to reboot your VPS for this change to take effect, so use this command.

On Scaleway you need to use this command:

1halt

Then open your Scaleway profile and reboot it from there.

That's it for the basic CentOS 7 setup.

In the next post, I will show how to set up a Django project and serve it using NGINX and Gunicorn with a Let's Encrypt SSL Certificate.