RHEL 8.3 Linux Installation: Boot from the installation media and select first installation method (“Install Red Hat Enterprise Linux 8.3”)
Choose your language(English US) and continue.
When presented with the following fix the date and time.
Next you have to configure the server’s hostname and network settings. When configured click save and then done.
If you are using DHCP for network control you can simply connect the network interface.
If you want to manually configure the network, you can do this in the “configure” sections.
Select either IPv4 or IPv6 based on your preference. Select Method “Manual” and enter you IP/mask details. Include the DNS server separated by commas and search domain.
Now you can partition your disk, using LVM is preferred. To use LVM click the “I will configure partitioning”, then click done and you’ll be presented with the manual partitioning window ( see below).
You can choose to automatically create partitions by clicking the yellow highlighted text. Alternatively, you can create custom partitions by clicking on “Custom” and specifying the partition structure.
It is highly advised that you Connect to Red Hat. This will ensure that the official Red Hat repositories are added during installation. Alternatively, you can point the ISO to gain the repo for offline use after the installation. See section: Offline Repo Setup
Select the packages that you would like to install. For snapt installation we do not need a server with a GUI. Select the standard server option. No additional software packages are needed for the installation.
Enter the root user password and configure additional Snapt user with administration permissions.
Now click the “begin installation” button and the OS will be configured and installed.
After installation is complete click the “Reboot System” button
You will be presented with a login, login as snapt and su user to root to start configuration.
RHEL 8.3 Configuration:
Hardening / Security
For advanced users it is recommended to only allow the required ports on the firewall instead of disabling it. firewall-cmd --zone=public --permanent --add-port 8080/tcp firewall-cmd --reload
**NOTE: it is a good idea to create a local Snapt user account before performing this step, else the only login method will be via the console using the root account.
Alternatively: Disable the local firewall all together (IPv4 and IPv6) this might make your server vulnerable if there are no other firewalls,
Disable direct root login by changing the following entry in /etc/ssh/sshd_config systemctl stop firewalld Run the following command to keep the firewall disabled after reboots. systemctl disable firewalld
replace:
#PermitRootLogin yes with: PermitRootLogin no
Restart the sshd service for the change to take effect:
[root@snapt /] service sshd restart
DNS Configure DNS by populating the /etc/resolv.conf file as follows.
**NOTE: use the IP addresses for the DNS servers in your network
[root@snapt ~] vi /etc/resolv.conf domain mydomain.co.za nameserver “dnsnameserver1” nameserver “dnsnameserver2” options timeout:1 attempts:1 rotate
Offline RHEL Repo Setup If you registered with RHEL during installation you can skip the rest of this section and continue with “Additional Packages Required”.
Confirm that RHEL repos are populated: yum repolist
If your output does not contain the RHEL streams, you should follow the below steps to add the RHEL repo.
Setup a local package repository using the installation media. (Only use this method if you do not have internet access. Note that additional rpm’s will need to be manually downloaded as listed below.
Mount the Installation Media
[root@snapt /] mkdir /cdrom
[root@snapt /] mount /dev/sr0 /cdrom mount: block device /dev/sr0 is write-protected, mounting read-only [root@snapt /] df -h Filesystem Size Used Avail Use% Mounted on /dev/sr0 3.6G 3.6G 0 100% /cdrom
Disable the existing public repository by renaming the existing file
[root@snapt /] cd /etc/yum.repos.d/ [root@snapt /] mv redhat.repo redhat.repo.old
Copy media.repo file from the mounted directory to /etc/yum.repos.d/
[root@snapt ~] cp -v /cdrom/media.repo /etc/yum.repos.d/rhel8.repo '/cdrom/media.repo' -> '/etc/yum.repos.d/rhel8.repo'
Populate this file with the following text [root@snapt yum.repos.d] vi rhel8.repo [InstallMedia-BaseOS] name=Red Hat Enterprise Linux 8 - BaseOS metadata_expire=-1 gpgcheck=1 enabled=1 baseurl=file:///cdrom/BaseOS/ gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release [InstallMedia-AppStream] name=Red Hat Enterprise Linux 8 - AppStream metadata_expire=-1 gpgcheck=1 enabled=1 baseurl=file:///cdrom/AppStream/ gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
Clean the existing YUM config and refresh the repo-list.
[root@snapt yum.repos.d] yum clean all [root@snapt yum.repos.d] yum repolist
Additional Packages required
Snapt Aria requires pre-requisite packages that is not currently available on the official RHEL repo’s.
Add the below repositories to get access to the GeoIP and Nginx repos.
Nginx Repo:
Create a new repository for the latest Nginx Stable release. cd /etc/yum.repos.d/ vi Nginx.repo
Add the following lines to Nginx.repo and save:
[nginx-stable] name=nginx stable repo baseurl=http://nginx.org/packages/centos/$releasever/$basearch/ gpgcheck=1 enabled=1 gpgkey=https://nginx.org/keys/nginx_signing.key module_hotfixes=true
EPEL Repo:
Create a new repository for the EPEL repo. cd /etc/yum.repos.d/ vi epel.repo
Add the following lines to epel.repo and save: [epel] name=Extra Packages for Enterprise Linux $releasever - $basearch metalink=https://mirrors.fedoraproject.org/metalink?repo=epel-$releasever&arch =$basearch&infra=$infra&content=$contentdir enabled=0 gpgcheck=1 countme=1 gpgkey=https://mirror.marwan.ma/fedora/epel/RPM-GPG-KEY-EPEL-8
Package Installation Install the required base packages for Snapt Aria. yum install nginx haproxy squid -y;
Enable the packages that you will require to run at start-up.
Haproxy if load balance plugin is needed.
Nginx if the Accelerator plugin is needed.
Squid if the cache plugin is needed. systemctl enable haproxy systemctl enable nginx systemctl enable squid
Install Snapt Aria:
Now you will need to download and extract the Snapt Aria bundle using the following steps:
Download:
Directly download to your RHEL server using wget. wget https://shop.snapt.net/download/Snapt-Linux-Redhat-Fedora-CentOS.tar.gz or
Download from the Snapt download page: ( https://downloads.snapt.net/)
Extract the bundle
tar -C / -xvf ./Snapt-Linux-*.tar.gz
Start the program:
If root:
/usr/local/snapt/start.sh
If non-roor user:
sudo /usr/local/snapt/start.sh
Custom compile Nginx, Naxsi and PageSpeed: In the case that you are running Snapt Aria on CentOS, Fedora or Red Hat Linux, you will need to install some additional packages. yum install gcc-c++ pcre-devel zlib-devel make unzip geoip-devel libuuid-devel perl-CGI -y
Once you have these additional packages installed, you can copy and save the script below as:snapt_nginx_builder.sh
#!/bin/bash # SNAPT NGINX BUILD SCRIPT # [email protected]
DIRECTORY=/root/snp_ngx_builder PAGESPEED=1.13.35.2-stable NPS_RELEASE_NUMBER=1.13.35.2 NGINX=1.18.0 NAXSI=1.3 OPENSSL=1.1.1g
COMPILE="--add-module=${DIRECTORY}/naxsi-${NAXSI}/naxsi_src \ --add-module=${DIRECTORY}/incubator-pagespeed-ngx-${PAGESPEED} \ --prefix=/usr/share/nginx \ --conf-path=/etc/nginx/nginx.conf \ --sbin-path=/usr/sbin/nginx \ --http-log-path=/var/log/nginx/access.log \ --error-log-path=/var/log/nginx/error.log \ --lock-path=/var/lock/nginx.lock \ --pid-path=/run/nginx.pid \ --http-client-body-temp-path=/var/lib/nginx/body \ --http-fastcgi-temp-path=/var/lib/nginx/fastcgi \ --http-proxy-temp-path=/var/lib/nginx/proxy \ --http-scgi-temp-path=/var/lib/nginx/scgi \ --http-uwsgi-temp-path=/var/lib/nginx/uwsgi \ --with-pcre-jit \ --without-mail_pop3_module \ --without-mail_imap_module \ --without-mail_smtp_module \ --with-http_ssl_module \ --with-http_v2_module \ --with-stream \ --with-ipv6 \ --with-http_stub_status_module \ --with-http_realip_module \ --with-http_geoip_module \ --with-http_gzip_static_module \ --with-openssl=${DIRECTORY}/openssl-${OPENSSL}" function folder_check_create () { if [ ! -d "${DIRECTORY}" ]; then mkdir -p "${DIRECTORY}" fi
cd ${DIRECTORY} } function get_package_manager () { id=$(cat /etc/*release | grep ID=) idLike=$(cat /etc/*release | grep ID_LIKE=) if [[ $id == "ID=centos" ]] || [[ $idLike =~ "rhel" ]] || [[ $idLike =~ "f edora" ]]; then packageMan="yum" elif [[ $id == "ID=opensuse" ]] || [[ $idLike =~ "suse" ]]; then packageMan="zypper" else packageMan="apt" fi } function dependencies_ubuntu () { if [ $packageMan == "apt" ]; then sudo apt-get update sudo apt-get -y install sudo make wget build-essential zlib1g-dev libp cre3 libpcre3-dev unzip libssl-dev libgeoip-dev uuid-dev fi } function dependencies_centos_rhel () { if [ $packageMan == "yum" ]; then sudo yum install gcc-c++ pcre-devel zlib-devel make unzip geoip-devel libuuid-devel perl-CGI -y fi } function dependencies_suse () { if [ $packageMan == "zypper" ]; then sudo zypper in -y libuuid-devel fi }
function prepare_pagespeed () { if [ ! -d ngx_pagespeed-release-${PAGESPEED} ]; then rm -rf incubator-pagespeed-* wget https://github.com/apache/incubator-pagespeed-ngx/archive/v${ PAGESPEED}.zip unzip v${PAGESPEED}.zip rm v${PAGESPEED}.zip
cd incubator-pagespeed-ngx-${PAGESPEED}/ wget https://dl.google.com/dl/page-speed/psol/${NPS_RELEASE_NUMBER }-x64.tar.gz tar -xzvf ${NPS_RELEASE_NUMBER}-x64.tar.gz rm ${NPS_RELEASE_NUMBER}-x64.tar.gz fi
cd ${DIRECTORY} } function prepare_naxsi () { if [ ! -d naxsi-${NAXSI} ]; then rm -rf naxsi-*; wget https://github.com/nbs-system/naxsi/archive/${NAXSI}.tar.gz; tar -xvzf ${NAXSI}.tar.gz; rm ${NAXSI}.tar.gz; fi; } function prepare_openssl () { if [ ! -d naxsi-${NAXSI} ]; then rm -rf naxsi-*; wget https://www.openssl.org/source/openssl-${OPENSSL}.tar.gz; tar -xvzf openssl-${OPENSSL}.tar.gz; rm openssl-${OPENSSL}.tar.gz; fi; } function prepare_nginx () { if [ ! -d nginx-${NGINX} ]; then rm -rf nginx-*; wget http://nginx.org/download/nginx-${NGINX}.tar.gz; tar -xvzf nginx-${NGINX}.tar.gz; rm nginx-${NGINX}.tar.gz; fi; } function compile () { cd ${DIRECTORY}/nginx-${NGINX} ./configure ${COMPILE} make; sudo make install }
folder_check_create get_package_manager dependencies_ubuntu dependencies_centos_rhel dependencies_suse prepare_openssl prepare_pagespeed prepare_naxsi prepare_nginx compile
Once you have done so, you can execute the script by giving it execution permissions: chmod +x snapt_nginx_builder.sh
Now run the compile script: ./snapt_nginx_builder.sh
Start Snapt Aria:
If root: /usr/local/snapt/start.sh
If non-root user: sudo /usr/local/snapt/start.sh
You may now log in on port 8080 with a web browser (remember to add the port to the firewall rules if the firewall is not disabled.) firewall-cmd --zone=public --permanent --add-port 8080/tcp firewall-cmd --reload
Ensure Aria starts after reboot:
Crontab Edit the below with your preferred editor (vi, nano, etc) as the root user. /etc/crontab
With the following line:
@reboot root /usr/local/snapt/start.sh
Firewall
If the firewall is not disabled (remember to allow access from the listening IP’s to access the balancer)
Example: firewall-cmd --zone=public --permanent --add-port 3001/tcp firewall-cmd --reload
Logging In to Snapt Aria: You should now be able to access the Snapt Management UI if the above start script run without any errors
You can verify this by going to http://{your.server.ip.address}:8080 and you’ll be greeted with the following screen.
On this page, you’ll be required to login with your username and password used during your trial signup/Snapt Shop Account. If you do not have a username and password yet, you can register here.