About a month ago I decided to try another Linux distribution instead of Ubuntu
After a little trial and error I settled on Fedora. I have been using Linux is one for or another since 2002 or 2003. Since 2008 I've just used Ubuntu on my desktop as the OS.
My journey with Linux started after a family computer upgrade. I quickly commandeered the decommissioned Pentium 3 500Mhz and installed Mandrake which was quickly replaced with Suse 9.1. Something which is dwarfed in many respects by a RaspberryPi, became a fertile ground to try out new software and learn about libre software.
In my most recent jaunt between distribution, I tried Ubuntu Gnome, Debian, openSUSE and finally settling on Fedora. There was quite a lot of trial and error, but after trying Ubuntu Gnome I quick realised I loved Gnome 3.
Something didn't fit with Ubuntu Gnome, and as it didn't resolve the wireless instability I found with Ubuntu 16.04 I decided to keep searching. Next was Debian - which fell by the wayside quick as I didn't like the vanilla nature of Gnome. Now enter openSuse. This was like trying on an old coat. Familiar and reassuring, but with a smaller a community than I was used too and poor performance on my low powered laptop I decided to try Fedora.
Fedora looks great and has become dependable instantly. Though I still have intermittent wireless grumbles, I've fallen in love with the simplicity and easy from it's implementation of Gnome 3. I've found the migration easy principally because of the community of users and the content they've put online.
Anyway, I should say that despite the instability and wireless frustration with Ubuntu 15.10 onwards I feel that Ubuntu has become rather stale. After a short trial with Gnome 3, I decided it is a more pleasurable experience than Unity 7. While Ubuntu is calmly building the future, for the time being the grass is certainly green this site of the fence.
One frustration of moving system, has resulted in the need for me to rewrite some of the scripts I use to configure machines. As I decided to replace the machine severing this site, it's meant reworking the script I use to setup Apache and Django.
The tutorial below combines a number of articles which I've read and found crucial to helping me configure a new server. Much is familiar but there are certainly difference between Ubuntu and Fedora which stretched me as I navigated the frustrations and pleasure of a hobbyist sysadmin.
I am going to assume that you've already build a new Fedora instance in Digital Ocean or a similar service.
Creating a Standard User Account
To add the user, type:
The provide a password:
Then add the user to the wheel group, which gives it sudo privileges.
gpasswd -a demo wheel
I then copied over my SSH Keys to login without a password from my local machine...
ssh-copy-id -i ~/.ssh/id_rsa.pub <username>@<ip_address>
Locking down Root Login and Password Authentication
In this step, we'll make SSH logins more secure by disabling root logins. To edit configuration files, you'll need to install a text editor. I use nano but you can use whichever is your favourite. First, apply any available updates using:
sudo dnf update -y
Then, to install nano, type:
sudo dnf install -y nano
Now, open the the SSH daemon's configuration file for editing.
sudo nano /etc/ssh/sshd_config
Inside that file, look for the PermitRootLogin directive. You're going to modify it to read as:
Save and exit the file, then reload the configuration to put your changes into place.
sudo systemctl reload sshd
Enabling a Firewall
Apparently a new Fedora server has no active firewall application. In this step, we'll enable the IPTables firewall application and make sure that runtime rules persist after a reboot.
sudo dnf install -y iptables iptables-services
You may then enable IPTables so that it automatically starts on boot.
sudo systemctl enable iptables
Next, start IPTables.
sudo systemctl start iptables
To view the default rules, type:
sudo iptables -L
If you're going to run websites from the machine like me you'll need to allow access via ports 80 (HTTP) and 443 (HTTPS). This is done by adding these additional lines into the configuration file. To open the firewall rules file by typing:
sudo nano /etc/sysconfig/iptables
And add the following lines:
-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT
Then to activate the new ruleset, restart IPTables.
sudo systemctl restart iptables
Finally save the current runtime rules to a file so that they persist after a reboot, type:
sudo /usr/libexec/iptables/iptables.init save
Installing some helpful software
Next I install the following as they are helpful for running my Django sites and maintaining the system.
sudo dnf install -y git python-pip sqlite tree
Installing the required Python software
The next I created a Python Virtual Environment, something which was new. We need to install the virtualenv command to create these environments. We can get this using pip:
sudo pip install virtualenv
With virtualenv installed, we can start forming our project. Create a directory where you wish to keep your project and move into the directory:
mkdir -p ~/website cd ~/website
Within the project directory, create a Python virtual environment by typing:
Then activate the virtual environment:
As a baseline I always ensure these Python packages are available on my machines. I use pip as I find it easier to manage some packages and versions:
pip install arrow Django==1.10.3 django-bootstrap-pagination django-crispy-forms humanize markdown pyyaml requests simplejson sqlite3dbm xmltodict
To exist the virtual python environment type:
Finally it might be worth updating pip.
sudo pip install --upgrade pip
Installing the required Web Server software
sudo dnf install -y httpd mod_wsgi
Now we need to turn off SELinux so that we can server the website... What you need to do is to change is “SELINUX=enforcing” to “SELINUX=disabled” in:
sudo nano /etc/sysconfig/selinux
To configure a Virtual Host in Apache we need to create a new configuration file. Open nano with the following path:
sudo nano /etc/httpd/conf.d/example.com.conf
Example configuration file:
<VirtualHost *:80> ServerName www.example.com ServerAlias www.example.com Redirect / http://example.com/ </VirtualHost> <VirtualHost *:80> ServerName example.com ServerAlias example.com Alias /static /home/demo/website/static Alias /robots.txt /home/demo/website/static/robots.txt <Directory /home/demo/website/static> Require all granted </Directory> <Directory /home/demo/website/website> <Files wsgi.py> Require all granted </Files> </Directory> WSGIDaemonProcess website python-path=/home/demo/website:/home/demo/website/websiteenv/lib/python2.7/site-packages WSGIProcessGroup website WSGIScriptAlias / /home/demo/website/website/wsgi.py </VirtualHost>
Add the apache user to your group with the following command. Substitute your own username for the user in the command:
sudo usermod -a -G demo apache
Now, we can give our user group execute permissions on our home directory. This will allow the Apache process to enter and access content within:
chmod 710 /home/demo chmod 664 ~/website/db.sqlite3 sudo chown :apache ~/website/db.sqlite3 sudo chown :apache ~/website/
Once these steps are done, you are ready to start the Apache service. To do so, type:
sudo systemctl restart httpd
If everything works as expected, you can enable the Apache service so that it starts automatically at boot:
sudo systemctl enable httpd
- Initial Setup of a Fedora 21 Server | DigitalOcean
- Apache vs Nginx: Practical Considerations | DigitalOcean
- How To Serve Django Applications with Apache and mod_wsgi on CentOS 7 | DigitalOcean
- Deploying Python Web Applications with nginx and uWSGI Emperor | Chris Warrick
- Howto- Disable SELinux on Fedora/Centos/RHEL/SL | Unixmen