CentOS Server Setup
Posted: April 16, 2020This post was ported from my old blog
In this post I will write the steps I followed to set up a CentOS 7 VPS to host my (old) Django website.
This guide will cover the CentOS setup, then a separate guide will explain Django, NGINX & Gunicorn
Getting a VPS
I chose Scaleway as a VPS provider since the competitive prices, but any VPS will do.
Note from the future:
Working flawlessly for almost 1 year straight. I'm using the DEV1-M plan, which gives me 40GB SSD, 4GB RAM, and 3 vCPUs (AMD EPYC 7281) located in Amsterdam for a total of 10.72€/month.
First access
Once you have your VPS running, in your Scaleway profile you should see a "Credentials" page.
There you can add your PC's public SSH key (usually called id_rsa.pub
), so you can access your VPS without using a password.
Note: on your PC you can use this command to see the public key, then you can copy it.
1cat ~/.ssh/id_rsa.pub
Once done, SSH to your VPS and it should work.
Manage users and access
First of all, if not already done, change the root user's password.
1passwd root
Then create a new user with sudo privileges that will be used for everything from now on. This isn't really necessary, but for security reasons, it's better to not use the root user directly.
1adduser simone # Create user
2passwd simone # Set user password
3gpasswd -a simone wheel # Add user to sudoers
Now copy the authorized SSH keys to the newly created user, to be able to access it over SSH later.
1mkdir /home/simone/.ssh
2cp ~/.ssh/authorized_keys /home/simone/.ssh/
3chown -R simone:simone /home/simone/.ssh
You can now switch to the newly created user.
1su - simone
Now create the folder that will contain all the websites/webapps (in my case I called it "webapps" inside my user's home folder).
1mkdir /home/simone/webapps
Update CentOS
Let's update CentOS.
1sudo yum update -y
Install some packages
Let's install some packages we will need later (at least for Django hosting), if not already present.
1sudo yum install -y epel-release
2sudo yum install -y nano
3
4# Python 3 is required for Django >= 2.0 (and Python 2 is deprecated)
5sudo yum install -y python3
6# NGINX will be used in the next post ("Django, Nginx & Gunicorn")
7sudo yum install -y nginx
8
9sudo pip3 install --upgrade pip
One last important step for your user: if you use Django with NGINX, you need to add your user to the NGINX group and set permission for your home folder, or NGINX will not be able to see your static files.
1# Add your user to NGINX group
2sudo usermod -a -G simone nginx
3
4# Update your home folder permissions
5chmod 710 /home/simone
Setting up SELinux
CentOS uses SELinux with enforcing mode by default, it's a security measure that will block pretty much everything you do.
If you don't do anything stupid in CentOS, or you are just testing, you can just disable it as follows.
Use sudo nano /etc/selinux/config
to open the Selinux config, search for SELINUX and set it to disabled
.
1# This file controls the state of SELinux on the system.
2# SELINUX= can take one of these three values:
3# enforcing - SELinux security policy is enforced.
4# permissive - SELinux prints warnings instead of enforcing.
5# disabled - No SELinux policy is loaded.
6SELINUX=disabled
7# SELINUXTYPE= can take one of these two values:
8# targeted - Targeted processes are protected,
9# mls - Multi Level Security protection.
10SELINUXTYPE=targeted
You will have to reboot your VPS for this change to take effect, so use this command.
On Scaleway you need to use this command:
1halt
Then open your Scaleway profile and reboot it from there.
That's it for the basic CentOS 7 setup.
In the next post, I will show how to set up a Django project and serve it using NGINX and Gunicorn with a Let's Encrypt SSL Certificate.