CentOS 8 web server with php7, node.js and redis

Foreword


It has been 2 days since the new version of the CentOS operating system came out, namely, CentOS 8. And so far there are few articles on the Internet on how something is done in it, so I decided to fill this gap. Moreover, I’ll tell you not only about how to install this pair of programs, but also about how I generally see the installation of Linux in a virtual environment in the modern world for common tasks, including partitioning disks and more.

But in the beginning I want to briefly talk about why you should switch to this version from all the previous ones, and there are two reasons for this:

  1. php7! In the previous version of CentOS, "Orthodox" php5.4 was installed ...

    Well, if a little more serious, then a lot of packages jumped over several versions in bulk. We (fans of redhat-like OS) have finally entered, if not the future, then at least the present. And Ubuntu supporters will no longer laugh at us and poke their fingers at us, well ... at least for a while;).
  2. Transition from yum to dnf. The main difference is that now work with several versions of packages is officially supported. Right here in the figure eight it has never come in handy to me yet, but it sounds promising.

Creating a virtual machine


Hypervisors are different and I have no purpose to sharpen the reader for a specific one, I’ll tell you about general principles.

Memory


First ... To install the CentOS system starting from 7 for sure, and in my opinion at 6 it was like that too (“but it's not accurate”), a minimum of 2 GB of RAM is required. Therefore, I advise you to start and give so much.

But if that, after installation, the amount of memory can be reduced. At 1 GB, the bare system works quite fine, I checked.

Disk


For a normal installation, create a virtual disk of 20-30 GB. This is enough for the system. And a second disk for data. It can be added both at the stage of creating a virtual machine, and after. I usually add later.

CPU


On one core, a bare system does not slow down. And since resources are freely scalable, I don’t see any point in giving more at the installation stage (unless you ideally know the requirements and are too lazy to go into the configurator once again)

The rest can usually be left by default.

Installation itself


So ... We launch the installer ... Personally, I have been putting these services for a long time only in the form of virtual machines, so I won’t describe all the recordings of the distribution kit on a USB flash drive - I just mount the ISO as a CD in my favorite hypervisor, download and drive it.

The basic installation is quite typical, I will focus only on a few points.

Source selection


Since the release of the eighth version, the mirror from Yandex has been lying all day. Well, that is, it rises periodically, and then again starts to show an error. I am sure that the matter is an excessive load on the service. Therefore, to indicate the source, I personally had to, instead of entering the usual address, go here , select the mirror that I like there and manually enter the address in the installer window. It is important to remember that you must specify the path to the folder where the repodata directory is located . For example, mirror.corbina.net/pub/Linux/centos/8/BaseOS/x86_64/os .

Disk breakdown


This question is rather religious in my opinion. Each admin has his own position on this subject. But I still share my point of view on the question.

Yes, in principle, you can allocate the whole place to the root and work, most often it’s even quite good. Why then fence in a garden with different sections? - The main reasons for this, in my opinion 2: quotas and portability.

For example, if something went wrong and errors occurred on the main data section, I want to be able to load the system anyway and carry out resuscitation measures. Therefore, I personally allocate a separate partition under / boot. There lies the kernel and bootloader. Usually a megabyte of 500 is enough, but in rare cases it may take more, and given that we are already used to measuring space with terabytes, I allocate 2GB for this section. And here it is important that it can not be done lvm.

Next comes the root of the system. For a normal installation, I never needed more than 4 GB per system, but during scheduled events I often use the / tmp directory to unpack distributions, and I don’t see the point of highlighting it as a separate section - in modern systems it is cleaned automatically, therefore it does not fill up . So under the root I allocate 8GB.

Swap ... By and large, there is little practical benefit from it. If you have started using swap on your server, today in the real world it only means that the server needs to add more RAM. Otherwise, performance problems are guaranteed (or some program has memory leak). Therefore, this section is for diagnostic purposes only. Therefore, 2 GB is a great number. Yes, no matter how much memory the server has. Yes, I read all the articles where it is written about the ratio of memory to swap volume ... IMHO, they are out of date. For 10 years of practice, this has never been useful to me. 15 years ago I used them, yes.

Everyone can decide whether to allocate / home in a separate section IMHO. If someone actively uses this directory on the server, it is better to highlight. If no one - no reason.

Next, / var. In my opinion, it is necessary to single out it. For starters, you can limit yourself to a 4 GB number, and then how it goes. And yes, by "how it goes," I mean that

  1. Firstly, you can always mount another disk in the / var subdirectory (which I will show later with an example)
  2. Secondly, we have lvm - you can always add. And usually you have to add when too many logs begin to pour in there. But I have never been able to predict this figure in advance, so I start with 2 GB, and then look.

Unallocated space will remain free in the volume group, and then it can always be used.

LVM


It makes sense to make all partitions except / boot in LVM. Yes, including swap. Yes, swap for all the tips should be at the beginning of the disk, and in the case of LVM its location can not be determined in principle. But as I wrote above, your system should not use swap at all. And therefore it does not matter where he is. Well, not in '95 we live, honestly!

Further, in LVM there are several basic entities with which you must be able to live:


Physical volumes are grouped, with each physical volume being in only one group, and the group can be on multiple physical volumes at once.
And logical volumes are each in the same group.

But ... We, damn it, are again the 21st century in the yard. And the servers are virtual. It makes no sense to apply the same mechanisms to them that were applied to physical ones. And for virtual, it is important to have data separate from the system! This is very important in particular for the ability to quickly switch data to another virtual machine (for example, when switching to a new OS) and in general all sorts of useful pluses (separate backups by sections using the hypervisor for example). Therefore, one volume group is used for the system, and necessarily another is used for data! This logical separation helps a lot in life!

If you created only one virtual hard disk when creating a virtual machine, this is the end of the configuration. And if two, then just do not mark the second yet.

We start the installation.

Post installation


So, the freshly installed system finally booted up. The first thing to check is Internet.

ping ya.ru 

Is there an answer? - Great, press Ctrl-C.
If not, go set up the network, there is no life without this, but my article is not about that.

Now, if we are not already under the root, we go under the root, because to type so many commands with sudo I personally vl (and paranoid admins forgive me):

 sudo -i 

Now the first thing we type

 dnf -y update 

And if you read this article in 2019, most likely nothing will happen, but it was worth a try.

Now configure the remaining disk


Suppose we had an xvda partition with a system, then the data disk will be xvdb. OK.

Most tips will start with the words “Launch fdisk and create a partition ...”

So, this is not true !

I’ll repeat the pancake again, because how important it is! In this case, to work with LVM, which occupies one whole, letting a virtual disk create partitions on it is harmful! In this phrase, every word is important. If we work without LVM - it is necessary. If we say on the disk system and data - it is necessary. If for some reason we need to leave half of the disk empty - also necessary. But usually all these assumptions are purely theoretical. Because if we decide to add places to the existing section, then it will be easiest to do this with this configuration. And the ease of administration outweighs so much that we deliberately go to this configuration.

And the convenience is that if you want to expand the data section, you just add space to the virtual section, then expand the group with vgextend and that’s it! In rare cases, something else may be required, but at least you do not have to expand at the beginning the logical one, which is already nice. And then, to expand this volume itself, it is recommended to delete the existing one at the beginning, and then create a new one on top ... Which doesn’t look very nice and cannot be done live, and expansion according to the scenario I specified can be done on the fly without even unmounting the partition.

In total, we create a physical volume, then a group of volumes, including it and then a section for our server:

 pvcreate /dev/xvdb vgcreate data /dev/xvdb lvcreate -n www -L40G data mke2fs -t ext4 /dev/mapper/data-www 

Here, instead of the capital letter “L” (and the size in GB), you can specify a small one and then indicate the relative size instead of the absolute size, for example, to use half the space currently available in the volume group, you must specify "-l + 50% FREE"

And the last command formats the partition in the ext4 file system (which so far, in my practice, shows the greatest stability in case everything breaks, so I prefer it).

Now mount the partition in the right place. To do this, add the correct line to / etc / fstab:

 /dev/mapper/data-www /var/www ext4 defaults 1 2 

And we type

 mount /var/www 

If an error pops up - we sound the alarm! Because it means that we have an error in / etc / fstab. And that at the next reboot we will have very big problems. The system may not boot at all, which is often very sad for cloud services. Therefore, one must either urgently correct the last appended line or delete it altogether! That is why we did not begin to write the mount command manually - then we would not have got such a great opportunity to check the configuration of direct servers.

Now we actually put everything we wanted and open the ports under the web:

 dnf groupinstall "Development Tools" dnf -y install httpd @nodejs @redis php firewall-cmd --add-service http --permanent firewall-cmd --add-service https --permanent 

Optionally, you can also put the database here, but personally, I try to keep it separate from the web server. Although keeping her close is faster, yes. The speed of virtual network adapters is usually in the gigabit region, and when working on the same machine, access occurs almost instantly. But less secure. Here to whom is more important.

Now add the parameter to the configuration file (create a new, modern CentOS ideology like this)

 echo "vm.overcommit_memory = 1"> /etc/sysctl.d/98-sysctl.conf 

Reboot the server.
In the comments I was scolded for advising you to turn off SeLinux, so I’ll fix it and write about the fact that after that you must remember to configure SeLinux.
Actually, profit! :)

Source: https://habr.com/ru/post/469097/


All Articles