RHEL 8.3 Linux Installation: Boot from the installation media and select first installation method (“Install Red Hat Enterprise Linux 8.3”) Choose your language(English US) and continue. When presented with the following fix the date and time. Next you have to configure the server’s hostname and network settings. When configured click save and then done. If you are using DHCP for network control you can simply connect the network interface. If you want to manually configure the network, you can do this in the “configure” sections. Select either IPv4 or IPv6 based on your preference. Select Method “Manual” and enter you IP/mask details. Include the DNS server separated by commas and search domain. Now you can partition your disk, using LVM is preferred. To use LVM click the “I will configure partitioning”, then click done and you’ll be presented with the manual partitioning window ( see below). You can choose to automatically create partitions by clicking the yellow highlighted text. Alternatively, you can create custom partitions by clicking on “Custom” and specifying the partition structure. It is highly advised that you Connect to Red Hat. This will ensure that the official Red Hat repositories are added during installation. Alternatively, you can point the ISO to gain the repo for offline use after the installation. See section: Offline Repo Setup Select the packages that you would like to install. For snapt installation we do not need a server with a GUI. Select the standard server option. No additional software packages are needed for the installation. Enter the root user password and configure additional Snapt user with administration permissions. Now click the “begin installation” button and the OS will be configured and installed. After installation is complete click the “Reboot System” button You will be presented with a login, login as snapt and su user to root to start configuration. RHEL 8.3 Configuration: Hardening / Security For advanced users it is recommended to only allow the required ports on the firewall instead of disabling it. firewall-cmd --zone=public --permanent --add-port 8080/tcp firewall-cmd --reload **NOTE: it is a good idea to create a local Snapt user account before performing this step, else the only login method will be via the console using the root account. Alternatively: Disable the local firewall all together (IPv4 and IPv6) this might make your server vulnerable if there are no other firewalls, Disable direct root login by changing the following entry in /etc/ssh/sshd_config systemctl stop firewalld Run the following command to keep the firewall disabled after reboots. ​ systemctl disable firewalld replace: #PermitRootLogin yes with: PermitRootLogin no Restart the sshd service for the change to take effect: [root@snapt /] service sshd restart DNS Configure DNS by populating the /etc/resolv.conf file as follows. **NOTE: use the IP addresses for the DNS servers in your network [root@snapt ~] vi /etc/resolv.conf domain mydomain.co.za nameserver “dnsnameserver1” nameserver “dnsnameserver2” options timeout:1 attempts:1 rotate Offline RHEL Repo Setup If you registered with RHEL during installation you can skip the rest of this section and continue with “Additional Packages Required”. Confirm that RHEL repos are populated: yum repolist If your output does not contain the RHEL streams, you should follow the below steps to add the RHEL repo. Setup a local package repository using the installation media. (Only use this method if you do not have internet access. Note that additional rpm’s will need to be manually downloaded as listed below. Mount the Installation Media [root@snapt /] mkdir /cdrom [root@snapt /] mount /dev/sr0 /cdrom mount: block device /dev/sr0 is write-protected, mounting read-only [root@snapt /] df -h Filesystem Size Used Avail Use% Mounted on /dev/sr0 3.6G 3.6G 0 100% /cdrom Disable the existing public repository by renaming the existing file [root@snapt /] cd /etc/yum.repos.d/ ​ ​ [root@snapt /] mv redhat.repo redhat.repo.old Copy media.repo file from the mounted directory to /etc/yum.repos.d/ [root@snapt ~] cp -v /cdrom/media.repo /etc/yum.repos.d/rhel8.repo '/cdrom/media.repo' -> '/etc/yum.repos.d/rhel8.repo' ​ ​ Populate this file with the following text [root@snapt yum.repos.d] vi rhel8.repo [InstallMedia-BaseOS] name=Red Hat Enterprise Linux 8 - BaseOS metadata_expire=-1 gpgcheck=1 enabled=1 baseurl=file:///cdrom/BaseOS/ gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release [InstallMedia-AppStream] name=Red Hat Enterprise Linux 8 - AppStream metadata_expire=-1 gpgcheck=1 enabled=1 baseurl=file:///cdrom/AppStream/ gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release Clean the existing YUM config and refresh the repo-list. [root@snapt yum.repos.d] yum clean all ​ [root@snapt yum.repos.d] yum repolist Additional Packages required Snapt Aria requires pre-requisite packages that is not currently available on the official RHEL repo’s. Add the below repositories to get access to the GeoIP and Nginx repos. Nginx Repo: Create a new repository for the latest Nginx Stable release. cd /etc/yum.repos.d/ ​ vi Nginx.repo Add the following lines to Nginx.repo and save: [nginx-stable] name=nginx stable repo baseurl=http://nginx.org/packages/centos/$releasever/$basearch/ ​ ​ ​ ​ gpgcheck=1 enabled=1 gpgkey=https://nginx.org/keys/nginx_signing.key module_hotfixes=true EPEL Repo: Create a new repository for the EPEL repo. cd /etc/yum.repos.d/ ​ vi epel.repo Add the following lines to epel.repo and save: [epel] name=Extra Packages for Enterprise Linux $releasever - $basearch ​ ​ ​ ​ ​ metalink=https://mirrors.fedoraproject.org/metalink?repo=epel-$releasever&arch ​ ​ =$basearch&infra=$infra&content=$contentdir ​ ​ ​ ​ ​ enabled=0 gpgcheck=1 countme=1 gpgkey=https://mirror.marwan.ma/fedora/epel/RPM-GPG-KEY-EPEL-8 Package Installation Install the required base packages for Snapt Aria. yum install nginx haproxy squid -y; Enable the packages that you will require to run at start-up. Haproxy if load balance plugin is needed. Nginx if the Accelerator plugin is needed. Squid if the cache plugin is needed. systemctl enable haproxy ​ ​ systemctl enable nginx ​ ​ systemctl enable squid ​ ​ Install Snapt Aria: Now you will need to download and extract the Snapt Aria bundle using the following steps: Download: Directly download to your RHEL server using wget. wget https://shop.snapt.net/download/Snapt-Linux-Redhat-Fedora-CentOS.tar.gz or Download from the Snapt download page: ( https://downloads.snapt.net/) Extract the bundle tar -C / -xvf ./Snapt-Linux-*.tar.gz Start the program: If root: /usr/local/snapt/start.sh If non-roor user: sudo /usr/local/snapt/start.sh Custom compile Nginx, Naxsi and PageSpeed: In the case that you are running Snapt Aria on CentOS, Fedora or Red Hat Linux, you will need to install some additional packages. yum install gcc-c++ pcre-devel zlib-devel make unzip geoip-devel libuuid-devel perl-CGI -y Once you have these additional packages installed, you can copy and save the script below as:snapt_nginx_builder.sh ​ #!/bin/bash # SNAPT NGINX BUILD SCRIPT # [email protected] DIRECTORY=/root/snp_ngx_builder PAGESPEED=1.13.35.2-stable NPS_RELEASE_NUMBER=1.13.35.2 NGINX=1.18.0 NAXSI=1.3 OPENSSL=1.1.1g COMPILE="--add-module=${DIRECTORY}/naxsi-${NAXSI}/naxsi_src \ ​ ​ ​ ​ ​ ​ --add-module=${DIRECTORY}/incubator-pagespeed-ngx-${PAGESPEED} \ ​ ​ ​ ​ ​ --prefix=/usr/share/nginx \ ​ --conf-path=/etc/nginx/nginx.conf \ ​ --sbin-path=/usr/sbin/nginx \ ​ --http-log-path=/var/log/nginx/access.log \ ​ --error-log-path=/var/log/nginx/error.log \ ​ --lock-path=/var/lock/nginx.lock \ ​ --pid-path=/run/nginx.pid \ ​ --http-client-body-temp-path=/var/lib/nginx/body \ ​ --http-fastcgi-temp-path=/var/lib/nginx/fastcgi \ ​ --http-proxy-temp-path=/var/lib/nginx/proxy \ ​ --http-scgi-temp-path=/var/lib/nginx/scgi \ ​ --http-uwsgi-temp-path=/var/lib/nginx/uwsgi \ ​ --with-pcre-jit \ ​ --without-mail_pop3_module \ ​ --without-mail_imap_module \ ​ --without-mail_smtp_module \ ​ --with-http_ssl_module \ ​ --with-http_v2_module \ ​ --with-stream \ ​ --with-ipv6 \ ​ --with-http_stub_status_module \ ​ --with-http_realip_module \ ​ --with-http_geoip_module \ ​ --with-http_gzip_static_module \ ​ --with-openssl=${DIRECTORY}/openssl-${OPENSSL}" ​ ​ ​ ​ function folder_check_create () ​ ​ ​ { if [ ! -d "${DIRECTORY}" ]; then ​ ​ ​ ​ ​ ​ ​ mkdir -p "${DIRECTORY}" ​ ​ ​ fi ​ cd ${DIRECTORY} ​ ​ ​ } function get_package_manager () ​ ​ ​ { id=$(cat /etc/*release | grep ID=) ​ ​ ​ ​ ​ idLike=$(cat /etc/*release | grep ID_LIKE=) ​ ​ ​ ​ ​ if [[ $id == "ID=centos" ]] || [[ $idLike =~ "rhel" ]] || [[ $idLike =~ "f ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ edora" ]]; then ​ ​ packageMan="yum" ​ elif [[ $id == "ID=opensuse" ]] || [[ $idLike =~ "suse" ]]; then ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ packageMan="zypper" ​ else ​ packageMan="apt" ​ fi ​ } function dependencies_ubuntu () ​ ​ ​ { if [ $packageMan == "apt" ]; then ​ ​ ​ ​ ​ ​ ​ sudo apt-get update sudo apt-get -y install sudo make wget build-essential zlib1g-dev libp cre3 libpcre3-dev unzip libssl-dev libgeoip-dev uuid-dev fi ​ } function dependencies_centos_rhel () ​ ​ ​ { if [ $packageMan == "yum" ]; then ​ ​ ​ ​ ​ ​ ​ sudo yum install gcc-c++ pcre-devel zlib-devel make unzip geoip-devel libuuid-devel perl-CGI -y fi ​ } function dependencies_suse () ​ ​ ​ { if [ $packageMan == "zypper" ]; then ​ ​ ​ ​ ​ ​ ​ sudo zypper in -y libuuid-devel ​ ​ fi ​ } function prepare_pagespeed () ​ ​ ​ { if [ ! -d ngx_pagespeed-release-${PAGESPEED} ]; ​ ​ ​ ​ then ​ rm -rf incubator-pagespeed-* wget https://github.com/apache/incubator-pagespeed-ngx/archive/v${